Skip to content

Cloudflare

Cloudflare (blog.cloudflare.com) is a Tier-1 source on the sysdesign-wiki. Cloudflare operates one of the world's largest edge / CDN networks (≈60 M HTTP req/sec at 2024 scale) and publishes both infrastructure deep-dives (Rust proxy internals, hardware, performance engineering at CPU-core granularity) and developer-platform posts (Workers, Workers AI, AI Gateway, Durable Objects, MCP).

Two recurring shapes on the blog:

  • Hot-path performance engineering — flame-graph-driven micro-optimization, custom data structures for narrow workloads, open-sourcing the result. 2024-09-10 trie-hard is the canonical wiki instance.
  • Dogfooding the platform as internal infra — build your own engineering tooling on Workers + AI Gateway + Durable Objects + D1 + KV, then write it up as a reference architecture. 2026-04-20 AI engineering stack is the canonical wiki instance.
  • Dogfooding the platform as a customer-facing product — build your own first-party product on the same customer primitives (Agents SDK + Workers AI + Durable Objects + MCP) and treat its architecture as a reference for customers building the same shape. 2026-04-15 Agent Lee is the canonical wiki instance (~18K DAU, ~250K tool calls/day at launch) — explicitly positioned as "we built it with the same Cloudflare lego blocks that you have access to." Introduces the credentialed-proxy sandbox pattern and the elicitation gate as productised MCP primitives.
  • Porting existing workloads onto the Developer Platform as reference architectures — take a popular open-source Docker- based workload, port it onto Workers + Sandbox SDK + AI Gateway + Browser Rendering + R2 + Zero Trust Access, publish the repo as a proof-of-concept. Sibling of the internal-dogfooding shape but aimed at external developers. 2026-01-29 Moltworker (port of Moltbot) is the canonical wiki instance — see patterns/middleware-worker-adapter / patterns/mountable-persistent-storage / patterns/cdp-proxy-for-headless-browser / patterns/ai-gateway-provider-abstraction.
  • Open-sourcing acquired security products — post-acquisition donate the code to a neutral foundation rather than keep it proprietary. 2025-03-25 OPKSSH (acquired from BastionZero 2024, donated to OpenPubkey / Linux Foundation) is the current wiki instance.
  • Autonomous edge defence at anycast scale — detection + mitigation runs on every server in every POP; no central scrubbing tier, no human in the loop; anycast turns attacker geographic distribution into per-POP-capacity advantage. 2025-06-20 7.3 Tbps DDoS writeup is the canonical wiki instance.
  • Reviving dormant HTTP primitives for new paid flows — rather than minting a vendor-specific status code, Cloudflare repurposes HTTP 402 Payment Required (reserved since HTTP/1.1, essentially unused in production) as the negotiation primitive for per-request paid-content access, plus RFC 9421 HTTP Message Signatures for verifiable bot identity. Every HTTP intermediary already understands 402 as a 4xx; no infrastructure churn. 2025-07-01 pay-per-crawl is the canonical wiki instance.
  • Public bad-actor attribution with controlled-experiment evidence — when a crawler operator is suspected of evading origin-side directives, Cloudflare's instinct is not a quiet enforcement change; it's to publish a writeup that (a) designs a brand-new unindexed domain experiment to rule out every confounder, (b) names the operator, (c) quantifies the volume, (d) compares against a positive control (a cooperating operator on the same experimental apparatus), (e) documents the enforcement action taken (ML signature + verified-bot delisting + free- tier managed rule), and (f) articulates the operator-norms framework the violation tested. Treats industry-wide cooperative-crawler discipline as a published good. 2025-08-04 Perplexity stealth-crawler investigation is the canonical wiki instance — Perplexity (negative control) vs ChatGPT-User (positive control) on an identical controlled test; patterns/verified-bot-delisting as the enforcement lever. Sibling to the pay-per-crawl post (the monetization half that depends on this enforcement half) and to the 2026-04-21 "Moving past bots vs. humans" framing post (which builds the Web Bot Auth / Privacy Pass architecture on top of the enforcement precedent this post sets).
  • Public alternative-explanation forensics for third-party anomaly narratives — the inverse of the public-attribution shape. When a newsletter, researcher, or news outlet publishes a malicious-intent reading of an observed Internet anomaly (a BGP leak, a traffic-pattern shift, a DNS oddity) that lives on Cloudflare Radar data, Cloudflare's instinct is to publish a long-form deflation post that (a) names the narrative directly, (b) walks through forensic signals (recurrence pattern, AS-relationship context via BGPKIT monocle, direction of traffic-engineering signals, temporal dispersion, timing vs. the alleged trigger), (c) proposes a specific mundane mechanism (usually hygiene failure) consistent with the evidence, (d) addresses the narrative's other technical claims with the correct distinction (e.g. origin-validation vs path-validation), (e) states honestly what it cannot determine, and (f) points forward at the mitigation that would have prevented the event regardless of intent. 2026-01-08 Venezuela BGP-anomaly post is the canonical wiki instance — AS8048/CANTV leak deflated as recurring Type-1 hairpin policy hygiene, not MITM; five-signal forensic argument; ASPA + RFC 9234 OTC + Peerlock named as the forward-looking fix. See patterns/alternative-explanation-forensics. Sibling posture to the Perplexity public-attribution shape — same "public attribution is a published good" stance, opposite direction (deflate vs. make the claim).
  • Clean-reimplementation-of-an-incumbent on Cloudflare primitives, MIT-licensed — rather than writing adapters around an incumbent's output or forking the incumbent's code, Cloudflare reimplements the incumbent's API surface from scratch against a modern foundation that runs on Cloudflare's Developer Platform. The "no original code was used" posture is load-bearing: it unlocks a permissive license and decouples the new project from the incumbent's roadmap and licensing constraints. Two canonical wiki instances: 2026-02-24 vinext — clean reimplementation of the Next.js API surface on Vite, deploys to Workers (written by one engineer + Claude in under a week for ~$1,100 in API tokens); 2026-04-01 EmDash — clean reimplementation of WordPress functionality in TypeScript with an Astro theming model, deploys to workerd or any Node.js server, MIT-licensed. In both cases the reimplementation is also the vehicle for applying a Cloudflare-platform primitive the incumbent cannot (vinext: traffic-aware pre-rendering via zone analytics; EmDash: capability-based sandbox for plugins via Dynamic Workers, and built-in x402 monetisation). The clean-room property is what unlocks both the licensing freedom and the architectural freedom.
  • Policy + architecture framing posts that reshape the industry vocabulary — rather than announcing a new feature, Cloudflare periodically publishes a framing piece that names a failing abstraction and proposes its replacement. The 2026-04-21 "Moving past bots vs. humans" argues the binary bot-vs-human classification is no longer load-bearing and introduces the rate-limit trilemma (decentralized, anonymous, accountable — pick two) as the governing lens. Replaces "infer identity from fingerprints" with "ask the client to prove an attribute" via anonymous attribute proof atop Privacy Pass / ARC / ACT. The post splits web-protection into the identity branch (Web Bot Auth, for clients that value attribution) and the anonymous branch (Privacy Pass successors, for clients that value anonymity), with the Web PKI as the server-side "anonymous + accountable" precedent. The patterns/open-issuer-ecosystem governance guardrail — "anyone should be able to build their own device / browser / OS and access the Web" — is the non-regression test for any proposed scheme.
  • Public post-mortems that name the missing discipline, not just the specific bug — when something breaks, the blog's instinct is to publish a structural RCA that says "this class of bug is possible because our legacy system X doesn't support progressive deployment; we are deprecating X", not "one engineer made a typo". 2025-07-16 1.1.1.1 outage post-mortem is the canonical wiki instance (see systems/cloudflare-1-1-1-1-resolver|1.1.1.1 Resolver + the progressive- config-rollout pattern it's an absence-of-pattern instance of). Extended by the 2025-11-18 and 2025-12-05 outages (three-week-apart structurally-related incidents): 11-18 is the canonical wiki instance of patterns/harden-ingestion-of-internal-config + patterns/global-feature-killswitch as stated-remediation patterns; 12-05's post-mortem explicitly names 11-18's projects as still-incomplete — showing the blog's discipline of treating the remediation backlog as public record and evaluating follow-on incidents against it. Closed by the 2026-05-01 Code Orange: Fail Small is complete post, which is the shipped-remediation companion to the named-discipline posture: six months after the incidents, Cloudflare publishes the catalog of shipped systems (Snapstone, Codex) + primitives (concepts/fail-stale, concepts/traffic-cohort-segmentation) + organisational practices (2026-04-07 engineering-wide drill, dedicated comms team, 18-service backup authorisation) that the incidents motivated. The evaluation sentence — "we have now completed the work that would have avoided the November 18, 2025 and December 5, 2025 global outages" — is the backlog-against- originating-incidents discipline made explicit.
  • Benchmark-response engineering + upstream-the-fix posture — when a public third-party benchmark shows Cloudflare slower than a competitor, Cloudflare responds with a long public post that (a) profiles the benchmark on Cloudflare hardware, (b) enumerates every cause from platform tuning to adapter- layer inefficiencies to methodology bias, (c) ships fixes globally to customer-facing platform knobs, and (d) opens upstream PRs to shared ecosystem projects (V8, Node.js, OpenNext) that benefit the whole ecosystem — even when the upstream fix provides zero benefit to Cloudflare customers ("a bug is a bug and we like making everything faster"). 2025-10-14 cf-vs-vercel-bench response is the canonical wiki instance — see Workers / V8 young-gen retuning / upstream-the-fix pattern.
  • Periodic first-party network-performance update with published methodology — every few months Cloudflare publishes a post reporting "what fraction of the top-N-networks-in-the-world is Cloudflare the fastest in?" alongside the full measurement recipe: APNIC-top-1,000-by- population denominator, RUM probe on Cloudflare-branded error pages, trimean of connection time against a fixed top-5 CDN set (CF + CloudFront + Google + Fastly + Akamai). The post's shape is always the same — headline "X % of networks fastest", average ms gap to next- fastest, a small number of new- PoP deployment anecdotes ("Wroclaw 19 → 12 ms" style), and a software-efficiency narrative (this post: HTTP/3 + congestion-window tuning + CPU/memory wins in SSL/TLS/proxy) — which lets a third-party reviewer run the same recipe and reach compatible rankings. Strategic framing: make the methodology defensible and public, then stand behind the numbers. 2026-04-17 Agents Week update (40 % → 60 % fastest, Sept → Dec 2025) is the canonical wiki instance — see comparative-RUM- benchmarking pattern + PoP-densification pattern as the two orthogonal axes the post frames gains onto.
  • Structural critique of shared web standards by implementers, not committee members — when years of implementation experience across multiple runtimes (Workers + Node.js + Deno
  • Bun) reveal that a W3C / WHATWG API has usability / performance issues that cannot be fixed incrementally, Cloudflare's posture is to publish a long-form post by a hands-on implementer critiquing the design at the level of "the 2014-2016 design choices that made sense pre-ES2018 no longer make sense" — and ship a proof-of-concept alternative so the discussion is concrete. Explicitly framed as a conversation-starter, not a ship-it standard. 2026-02-27 James Snell's Web streams critique + new-streams POC is the canonical wiki instance.
  • Default-on security upgrade at no additional cost — ship transformative security capability as a universal platform behaviour, default-enabled for all customers including the free tier, priced into the base platform. Consistent arc across 2014 Universal SSL (free TLS for every proxied site) → 2022 PQ-for-all (PQ hybrid KEM on by default, now >65 % of human traffic to Cloudflare per Radar) → 2029 full PQ security (encryption + authentication) target. Strategic framing: "making post-quantum security the default is the only way to protect the Internet at scale." The posture systematically reframes security as baseline platform behaviour rather than premium tier, pressuring competitors to follow. 2026-04-07 PQ roadmap is the canonical wiki instance of the pattern being named and articulated across all three milestones — see patterns/default-on-security-upgrade.
  • Q-Day-driven roadmap publication with industry-wide priority-flip guidance — when independent advances compress a threat's timeline, Cloudflare publishes not only its own accelerated roadmap but also a threat-model rewrite for the industry: naming what changed (authentication over HNDL), what's newly required (disable legacy, rotate secrets, third-party assessment), and what the posture should be by audience (businesses / governments / customers). 2026-04-07 2029 PQ-security roadmap is the canonical wiki instance — 2029 target + Mid-2026 ML-DSA Cloudflare→origin + Mid-2027 Merkle Tree Certificates visitor→Cloudflare + Early 2028 Cloudflare One SASE + Q-Day pulled forward by the Google / Oratomic / neutral-atom trio + Scott Aaronson's "public progress will now go dark" framing adopted explicitly.
  • Score-driven standard-adoption tooling — when a cluster of emerging web standards needs adoption and documentation alone won't do it, Cloudflare ships a Lighthouse-style public scoring tool pairing a per-site scanner with per-check actionable prompts, plus population-scale measurement on Cloudflare Radar, plus programmatic access via URL Scanner. The strategic move: make the scorecard free, public, one-click, and embedded in existing Cloudflare surfaces so adoption becomes visible, competitive, and trackable. 2026-04-17 isitagentready.com is the canonical wiki instance — four-dimension rubric over six well-known endpoint standards (API Catalog, MCP Server Card, Agent Skills, OAuth Protected Resource Metadata, Web Bot Auth directory, robots.txt + Content Signals) plus non-scoring agentic-commerce checks — paired with Radar's "Adoption of AI agent standards" dataset (200 k-domain weekly scan). Sibling posture to default-on security upgrade (adoption by being default, no extra cost) at the ecosystem-uplift layer rather than the Cloudflare- customer-tier layer. See patterns/score-driven-standard-adoption.
  • Dogfood the platform at the documentation layer — related to the broader "dogfood the platform as infra/product" shape but applied specifically to Cloudflare's own developer documentation. Refine docs against an agent-audience rubric (here: Agent Readiness Score), publish a comparative benchmark vs. competitor docs, and treat the "our docs are the reference implementation" framing as the product-marketing posture. 2026-04-17 developers.cloudflare.com refinement (split llms.txt, dynamic /index.md via two Transform Rules, hidden agent directives, Redirects for AI Training on deprecated docs) measured **31 % fewer tokens
  • 66 % faster to correct answer** vs the average non-refined technical documentation site on a Kimi-k2.5 / OpenCode benchmark.
  • Absorbing new-protocol coordination cost at the edge — when an IETF standard or web-platform primitive is technically implementable at origin but carries enough coordination cost (per-request state, cache-variant explosion, mid-deploy client-population splits, graceful fallback, lifecycle management) that most zones won't ship it, Cloudflare takes the implementation on. Edge-managed protocol complexity becomes an explicit launch posture ("this is a coordination problem that belongs at the edge"), rolled out as passthrough → managed → auto in three phases so advanced customers can participate early and the long tail is served by the auto-phase. 2026-04-17 Shared Dictionaries launch for RFC 9842 is the canonical wiki instance (open beta 2026-04-30) — the RUM beacon provides the validation loop that makes the auto-phase (auto-infer which URLs are versioned + generate dictionaries without customer config) safe to deploy at scale. Sibling shape to the "autonomous edge defence", "reviving dormant HTTP primitives", and "default-on security upgrade" shapes above — all of which reduce to the same underlying posture: ship the complex thing at the edge so the customer doesn't have to.
  • Systems-level performance engineering on proprietary inference infra + open-source the kernels — when the LLM serving stack on Workers AI runs into a fundamental hardware limit (here: H100 tensor cores ~600× faster than HBM so LLM decode is memory- bandwidth-bound), Cloudflare builds a production solution inside the proprietary Infire engine and ships the novel GPU kernels + a technical paper publicly. 2026-04-17 Unweight is the canonical wiki instance: Huffman coding on BF16 exponent bytes + fused reconstructive matmul feeding tensor cores directly from SMEM; ~22 % model-size reduction (~3 GB VRAM saved per instance) on Llama-3.1-8B, bit-exact lossless by construction; kernels open-sourced at github.com/cloudflareresearch/unweight-kernels. Sibling shape to the 2024-09-10 trie-hard "hot-path performance engineering" and the 2025-10-14 V8 / OpenCode / Node.js "upstream-the-fix" arcs — all three are Cloudflare publishing micro-optimization methodology + kernels / patches / crates for the ecosystem, often with no direct Cloudflare benefit.
  • CI-native AI-agent orchestration as internal engineering resilience — put LLMs in the critical path of developer workflow (code review before merge) but do it with a plugin architecture that fans out to specialised sub-agents, coordinated by a judge pass, backed by circuit-breakers + failback chains + a break-glass escape hatch. Stated as part of Code Orange: Fail Small. 2026-04-20 AI Code Review is the canonical wiki instance — 131,246 review runs across 5,169 repos in first 30 days; median cost $0.98 / review; 85.7% prompt-cache hit rate; break-glass invoked 0.6% of MRs. Introduces the coordinator / sub-reviewer orchestration pattern, the AI-review-risk-tiering pattern, the specialised-reviewer pattern, the remote-config model routing pattern, the JSONL-streaming-child-process pattern, the incremental-AI-re-review pattern, and the "What NOT to flag" / break-glass / AI-thinking-heartbeat / prompt-boundary-sanitization concept cluster. Sibling of the 2026-04-17 Agent Memory coordinator + sub-agent arrangement and the 2026-04-20 internal-AI- engineering-stack dogfood-the-platform shape — same architectural family, applied to the review workflow.
  • Scale-amplified toolchain bug hunting + upstream-the-fix at the codegen layer — Cloudflare's 84 M HTTP req/s across 330 cities means "even the rarest of bugs can show up frequently". The 2025-10-08 Go-arm64-compiler bug retrospective is the canonical wiki instance: ~30 daily fatal panics on arm64 across <10 % of data centers led through weeks of debugging (monitoring → panic/recover mitigation → Go upstream issue pattern-match → production coredump → dlv disass between two specific ADD opcodes → ~35-line stdlib-only isolated reproducer) to a one-instruction race condition in Go's arm64 code generator: split-ADD SP adjustment (concepts/split-instruction-race-window) + async preemption + stack-unwinder invariant violation = crashes at GC time on frames > 4 KiB. Fixed upstream in go1.23.12 / go1.24.6 / go1.25.0 via preemption-safe compiler emit — scratch-register + indivisible register-form ADD. Sibling of the 2025-10-14 V8 / Node.js / OpenNext upstream contributions and the 2026-02-27 Web Streams critique — same fix-it-in-the-ecosystem-primitive posture, applied to the language toolchain rather than the runtime / standard library / framework. Canonical pairing with concepts/compiler-generated-race-condition: by definition, compiler-generated races must be fixed at the toolchain level; no user-code workaround is correct.
  • Absorbing upstream TLD-registry failure via community-coordinated mitigation — when a TLD-level failure makes every child zone unresolvable (signing-pipeline misfire at the TLD, nameservers unreachable, etc.), Cloudflare's systems/cloudflare-1-1-1-1-resolver|1.1.1.1 posture is: (a) fail-closed on spec — a DNSSEC-broken zone must return SERVFAIL on fresh queries, (b) cushion via serve-stale (RFC 8767) which keeps NOERROR rates stable for hours while cached records age out, (c) coordinate via DNS-OARC with the other major resolver operators, (d) deploy a Negative Trust Anchor-equivalent override (RFC 7646) on the affected TLD once the break is widespread + publicly confirmed — deliberately trading DNSSEC validation for availability, (e) apply the same mitigation to the internal origin-resolver for CDN customers, and (f) publish a long-form writeup that names the DNSSEC primer explicitly + self-discloses latent EDE-propagation bugs surfaced by the incident. 2026-05-06 "When DNSSEC goes wrong: how we responded to the .de TLD outage" is the canonical wiki instance — DENIC's routine .de key rollover misfired 2026-05-05 19:30 UTC; 1.1.1.1 deployed the NTA-equivalent at 22:17 UTC; peer operators independently did the same "within an hour"; Big Pineapple named publicly as the resolver software. Sibling posture to the "public post-mortems that name the missing discipline" shape above, but applied to an external failure with internal mitigation (the missing discipline here is native RFC 7646 NTA implementation, not a bug Cloudflare caused). Also sibling to the "default-on security upgrade" shape: the three-way ladder fail-stale → fail-open (NTA) → fail-closed (SERVFAIL) is the DNS-altitude version of the config-deployment three-way ladder in the 2026-05-01 Code Orange: Fail Small is complete post.

Key systems

  • systems/cloudflare-security-insightsSecurity Insights scanning platform: scheduler + Kafka + Go checker microservices + Postgres. Scaled from 10 to >120 scans/sec (2026) via batch-parallel consumption, fast/slow lane consumer split, active-passive API failover, and adaptive rate-limited scheduling.
  • systems/cloudflare-vulnerability-validation-systemVulnerability Validation System (VVS): 3-stage triage engine (Dedup → Judgment → Fixing) downstream of the VDH. Runs on a different model from the discovery harness for adversarial cross-checking. Holds 13,841 findings across 145 repos; produced 7,245 actionable findings. Inverted-index deduplication keeps reasoning at O(N); Fixer requires fail→pass flip + human merge gate. Disclosed 2026-06-18.
  • systems/cloudflare-gen12-serverCloudflare Gen12 core-server fleet: ~2,000 bare-metal units running Cloudflare's centralised control plane, billing, and analytics in core data centres (distinct from the globally distributed edge POPs). Boots through a UEFI → PXE → iPXE sequence, with some hardware also supporting native UEFI HTTPS boot. Canonical wiki surface for Cloudflare's bare-metal / firmware-upgrade / OpenBMC team altitude (sibling to the edge fleet and the Developer Platform fleet). Disclosed 2026-06-01 in the "core unit boot time from hours to minutes" post — the fleet's network-boot- interface linear-search regression and the declared- boot-order + state-validation auto-reapply fix that recovered firmware-upgrade automation from 4 hours to 3 minutes.
  • systems/uefiUnified Extensible Firmware Interface (the modern firmware standard initialising hardware and handing off to the OS); HII / IFR forms surface for configuration; supports PXE and native UEFI HTTPS boot. The substrate Cloudflare's fleet automation operates against; also the substrate where the persistence-loss- on-firmware-upgrade and lazy-loaded HII data structure failure modes both manifest. Canonical wiki page added 2026-06-01.

  • systems/ipxeOpen-source network boot firmware (ipxe.org) supporting modern protocols (HTTP/HTTPS/iSCSI/AoE) and turning network boot into a "programmable workflow" with scripting. Substrate for Cloudflare's CfHIIConfig_App tool integration; reads UEFI variables as hex (motivating the hex- comparison flag pattern); endpoint state of the 2026-06-01 fix is "the entire workflow operates from iPXE." Canonical wiki page added 2026-06-01.

  • systems/cloudflare-town-lakeCloudflare's unified data platform. A data lakehouse with "a single SQL interface to everything Cloudflare knows." Apache Trino as the query engine, federating Postgres + ClickHouse + BigQuery + Iceberg on R2 in one plan; R2 Data Catalog (managed Iceberg) as the cold/warm tier; DataHub as the metadata catalog; Lifeguard as the access-control service; Skimmer as the PII detection scanner; Transformer as the ELT engine. Disclosed 2026-05-28; >1B events/sec input scale; 53% of queries are billing-related; 91,760 queries from 324 distinct employees in a recent measurement period. Built end-to-end on Cloudflare's customer Developer Platform primitives (R2 / Workers / Access / Workflows / Durable Objects / D1 / KV / Workers AI). Most comprehensive dogfood-as-reference-architecture instance in the corpus.

  • systems/cloudflare-skipperAI data agent on top of Town Lake. Conversational interface that turns natural- language questions into validated SQL against the lakehouse. Five layers of grounded context (concepts/layered-grounded-context-for-data-agent): schema metadata → human annotations → code-derived knowledge → curated data-model pages → runtime introspection. MCP surface via Code Mode (two tools: search, execute, with the model writing JS that calls the full toolset programmatically). Embedded dashboards via single-tag iframe + CSP frame-ancestors + Cloudflare Access + view-time permission re-check (patterns/embedded-dashboard-with-zero-trust-iframe). Security model: runs as the calling user, no privilege escalation; permissions checked at view time, not save time (concepts/security-model-as-data-model).
  • systems/claude-managed-agentsAnthropic's managed agent platform with brain↔hands decoupling, first publicly- named external execution substrate disclosed 2026-05-19. The brain (agent loop, model inference, prompt cache, compaction) runs on Anthropic; the hands (sandbox, file ops, command exec, code execution, browsing) run on Cloudflare's Developer Platform. Cloudflare ships a forkable default template combining a Workers- based control plane, two interchangeable sandbox tiers (Containers microVM tier vs Dynamic Workers + Codemode V8-isolate tier — see concepts/isolate-vs-microvm-for-agent-sandbox), an outbound Worker egress proxy (patterns/outbound-worker-proxy-for-agent-egress) for zero-trust credential injection (concepts/outbound-proxy-credential-injection), Cloudflare Mesh / Workers VPC for private- service connectivity, and a pre-bundled tool surface (browser, email, image generation, custom Zod-typed defineTool blocks via patterns/pluggable-zod-tool-definition).
  • systems/cloudflare-private-originsApplication Services for Private Origins (closed beta June 2026, Enterprise; GA target Q4 2026). Extends the full L7 application-services stack (WAF, bot management, rate limiting, caching, Workers) to origins reachable only via private networks. Integrates the private networking layer directly into the proxy stack; the use_private_routing flag on a DNS record is the sole configuration change. The same routing layer is now shared across DNS-proxied HTTP, Spectrum L4 proxy, and Workers VPC — a unified connectivity layer. No connector software required for WAN/Mesh customers. Canonicalised 2026-06-10.
  • systems/cloudflare-meshPrivate network overlay for connecting Workers (and Cloudflare Developer Platform compute) to internal services on cloud-provider VPCs (AWS, Azure, GCP) or on-premises using post-quantum-encrypted networking "without a VPN or bastion host." First wiki canonicalisation in the 2026-05-19 Claude Managed Agents launch.
  • systems/cloudflare-workers-vpcDirect Workers-to-VPC connectivity for reaching private cloud / on-prem resources from a Worker, post-quantum-encrypted, no VPN / bastion required. Sister product to Cloudflare Mesh. First wiki canonicalisation in the 2026-05-19 launch — the pre-bundled call_service agent tool is the canonical high-level entry point.
  • systems/cloudflare-ready-analyticsCloudflare's internal multi-tenant ClickHouse-based analytics platform built in early 2022 to simplify onboarding for hundreds of internal teams (including billing). One massive 2 PiB table with the standard schema (20 floats, 20 strings, timestamp, indexID), tenants disambiguated by a namespace column, primary key (namespace, indexID, timestamp). Canonical wiki instance of per-tenant retention via partitioning-key extension — migrated PARTITION BY (day)PARTITION BY (namespace, day) in January 2025 to enable per-tenant retention policies (some tenants need years for legal / contractual obligations, others need only days). Runs at 90 % target disk utilisation via max-min- fairness across namespaces. The migration's hidden cost — partition-count growth from thousands to 30k → 160k parts/replica — surfaced as the canonical wiki instance of concepts/lock-contention-in-query-planning when the billing pipeline missed its hard daily deadline two months after rollout. First publicly canonicalised on the wiki via the 2026-05-14 query-plan-contention retrospective. Three-patch upstream-the-fix mitigation stack landed: shared lock + deferred-copy snapshot + binary search on the sorted namespace prefix — Opts 1 + 2 ship as ClickHouse PR #85535 in ClickHouse 25.11. Open second-order problem flagged: "100 GiB ZooKeeper cluster" tracking per-part metadata.
  • systems/quicheCloudflare's open-source Rust implementation of QUIC and HTTP/3 (github.com/cloudflare/quiche). Production-deployed across Cloudflare's edge "in the critical path for a significant share of the traffic we serve"; hosts CUBIC (default), Reno, and an increasingly-deployed BBRv3 implementation via a modular pluggable CCA interface. Canonical wiki instance of concepts/user-space-congestion-control at the Cloudflare edge altitude. Emits qlog events — the IETF-standardised JSON event-log format that makes CCA state-transition bugs diagnosable. First publicly canonicalised on the wiki via the 2026-05-12 CUBIC death-spiral-fix post, which surfaced a six-year- latent minimum-cwnd death spiral caused by a 2020 port of a 2017 Linux-kernel CUBIC optimisation missing its 1-week-later follow-up commit — canonical patterns/userspace-port-of-kernel-primitive-risk instance.
  • systems/cubic-congestion-controlRFC 9438 loss-based CCA; default in Linux TCP and in quiche. Canonical wiki instance via the 2026-05-12 death-spiral post covers the full epoch-state- variable semantics, the 2017 "after idle" Linux kernel fix
  • its 1-week-later follow-up correction, the 2020 quiche port's inherited-bug gap, and the 2026-05-12 three-line fix adding last_ack_time as the secondary idle-delta anchor.
  • systems/bbrv3 — Google's third-generation model-based CCA, now running on quiche's modular pluggable CCA interface "for a growing percentage of our QUIC deployments". Structural alternative to loss-based CCAs (CUBIC, Reno) whose bandwidth-delay-product model avoids both bufferbloat and the corner-case loss-recovery dynamics that produce bugs like the 2026-05-12 minimum-cwnd death spiral.
  • systems/cloudflare-bpf-lsmeBPF-LSM framework for runtime kernel-CVE mitigation without reboots (publicly canonicalised on the wiki via the 2026-05-07 Copy Fail response). Attaches an eBPF program to the relevant LSM hook and denies the hook for every caller except an explicit allow-list of legitimate binaries (patterns/bpf-lsm-allowlist-hook-denial). For CVE-2026-31431 (Copy Fail): socket_bind hook + AF_ALG address family + one legitimate internal-service allow-list; exploit attempts see EPERM. Closes the LTS-backport- latency gap at runtime. Rolled out via patterns/visibility-before-enforcement-rollout — visibility via ebpf_exporter in Phase 1 empirically validates the allow-list, then bpf-lsm program ships in Phase 2 behind a separate gate. Pre-existing public write-up: Live-patch security vulnerabilities with eBPF LSM.
  • systems/cloudflare-edge-reboot-releaseERR pipeline: scheduled kernel-patch rollout via coordinated server reboots on a 4-week cycle (first publicly named on the wiki via the 2026-05-07 Copy Fail post). Three-tempo structure: upstream community LTS → Cloudflare weekly internal build → ERR 4-week edge-reboot cycle. Net effective cadence "biweekly Linux patch updates" once the pipeline flows smoothly. Control plane runs the newest kernel with workload-aware reboot scheduling. For the Copy Fail CVE, decision 2026-04-30 ~17:00 UTC was to "ship a patched build of the previous LTS line through reboot automation; do not accelerate the new LTS; lean on bpf-lsm in the meantime" — canonical articulation of the accept-the-backport-gap-but-cover-with-runtime- mitigation posture.
  • systems/prometheus-ebpf-exporterCloudflare's open-source Prometheus metrics exporter for eBPF- derived telemetry at github.com/cloudflare/ebpf_exporter. Not a Copy Fail-specific artifact; used across the fleet as the general eBPF → Prometheus substrate. Canonical wiki first-class page created via the 2026-05-07 Copy Fail ingest because the tool plays the measurement half of patterns/visibility-before-enforcement-rollout — hooking socket() to track per-binary AF_ALG usage across hundreds of thousands of servers within hours, no kernel changes, salt-gated config push. Validated the allow-list that the bpf-lsm enforcement program depended on.
  • systems/big-pineappleThe resolver software powering systems/cloudflare-1-1-1-1-resolver|1.1.1.1, 1.1.1.1 for Families, Gateway DNS, and DNS Firewall. Named publicly in the 2026-05-06 DNSSEC .de outage post. Implements serve-stale (RFC 8767) which cushioned user impact for ~3 hours during the 2026-05-05 DENIC break. Disclosed two gaps worth remediation: no native RFC 7646 Negative Trust Anchor mechanism (a generic insecure-zone override was used instead), and an EDE-propagation bug that surfaced DNSSEC-Bogus errors as EDE 22 ("No Reachable Authority") instead of EDE 6 ("DNSSEC Bogus").
  • systems/snapstoneConfiguration-deployment system (introduced publicly 2026-05-01 as part of Code Orange: Fail Small is complete). Bundles configuration changes into packages + applies health-mediated progressive rollout + automated rollback by default. Teams "create these configuration units on demand" so any configuration pattern identified as dangerous (risk review, operational experience) can be brought into Snapstone and inherit safe deployment. Directly addresses the 2025-11-18 Bot Management feature-file channel and the 2025-12-05 internal WAF testing-tool disable-flag channel — both detonated on the global configuration system's rapid-fleet-wide-push. Snapstone is the strategic-system complement: rapid threat-response channel still available, but health-mediated deployment is now the default. Canonical wiki instance of patterns/config-deployment-as-code-deployment at the system tier.

  • systems/cloudflare-codexLiving repository of engineering standards (introduced publicly 2026-05-01). Rules authored by domain experts through the RFC process in the format "If you need X, use Y" with link back to the RFC; enforced via AI code review on every MR across the entire codebase without exception. Two named rules at launch: "Do not use .unwrap() outside of tests and build.rs" (addresses concepts/unhandled-rust-panic, would have rejected the 2025-11-18 FL2 MR) and "Services MUST validate that upstream dependencies are in an expected state before processing" (addresses concepts/internally-generated-untrusted-input, would have rejected both 2025-11-18 and 2025-12-05 MRs). The flywheel: "expertise becomes standards, standards become enforcement, enforcement raises the floor for everyone." Canonical wiki instance of concepts/rfc-as-codified-engineering-rule and patterns/codex-enforced-via-ai-code-review; institutional-memory-backed shift-left from "global outage" to "rejected merge request."

  • systems/cloudflare-agent-memoryManaged agent memory service (private beta 2026-04-17). Extracts information from agent conversations at compaction time, stores as classified memories (facts / events / instructions / tasks) outside the context window, retrieves via a five-channel parallel fusion pipeline (RRF over FTS-Porter + fact-key-exact + raw-message-FTS + direct-vector + HyDE-vector). Per-profile Durable Object (SQLite + FTS + supersession chains) + per-profile Vectorize index + Workers AI models (Llama 4 Scout for extraction / verification / classification / query analysis, Nemotron 3 for synthesis). Six-operation deliberately narrow API (getProfile / ingest / remember / recall / forget / list) — the model never burns context on storage strategy. Content-addressed message IDs (SHA-256(sessionId + role + content)[:128 bits] + INSERT OR IGNORE) make re-ingestion idempotent; facts + instructions are keyed + superseded via forward pointer. Extracted memories are vectorised asynchronously with 3-5 classifier-generated search queries prepended to the embedding text, bridging declarative writes / interrogative reads. Session-affinity header routes to memory-profile name for prompt-caching benefit. Positioned as distinct from — and designed to work together with — AI Search: AI Search's substrate is files, Agent Memory's substrate is conversations. Internal dogfood on three workloads: coding-agent memory via OpenCode plugin, agentic code reviewer ("arguably the most useful thing it learned to do was stay quiet"), message-history chat bot. Every memory exportable — vendor-lock-in reduction explicitly named as trust-earning strategic posture. Fifth substrate in the 2026-04 Cloudflare agent-memory stack alongside Project Think Persistent Sessions (episodic), AI Search per-customer instances (semantic), Artifacts per-session Git repos (filesystem + session-history), Email Service thread-plus-DO-state. Canonical wiki instance of the following new patterns: patterns/constrained-memory-api, patterns/multi-stage-extraction-pipeline, patterns/parallel-retrieval-fusion, patterns/agent-driven-benchmark-loop, plus memory-tier instance of patterns/agent-first-storage-primitive / patterns/tool-surface-minimization / patterns/central-proxy-choke-point. (Source: sources/2026-04-17-cloudflare-agents-that-remember-introducing-agent-memory)

  • systems/cloudflare-fl1-proxy / systems/cloudflare-fl2-proxy / systems/cloudflare-rulesets-engine / systems/cloudflare-managed-rulesetEdge proxy + rulesets cluster at the heart of both the 2025-11-18 and 2025-12-05 outages. FL1 is the Lua-on-nginx/OpenResty legacy edge proxy; FL2 is the Rust-based successor. The rulesets engine (filter + action rules with an execute action that triggers sub-ruleset evaluation) runs in both generations — Lua in FL1, Rust in FL2. The killswitch subsystem inside the rulesets engine disables misbehaving rules rapidly via the global config system. On 2025-12-05, a seven-year-old dormant Lua nil-index bug (concepts/nil-index-lua-bug) in FL1's killswitch post-processing path detonated the first time the killswitch was applied to an action=execute rule — HTTP 500 for ~28% of Cloudflare traffic for 25 minutes; FL2 customers were unaffected because Rust's type system structurally prevents the bug class (canonical wiki instance). The Cloudflare Managed Ruleset is the customer-facing deployed configuration that, combined with FL1 traffic, defined the ~28% affected intersection. Running two proxy generations side-by-side is Cloudflare's long-shape dual-system migration; legacy FL1 carries the dormant hazards while FL2 has moved past them, and the stated remediation is to accelerate the migration rather than harden the legacy surface.

  • systems/cloudflare-bot-management / systems/perplexity-ai / systems/perplexitybot / systems/perplexity-user / systems/chatgpt-userAI-crawler enforcement cluster documented in the 2025-08-04 Perplexity stealth-crawler post. Cloudflare's Bot Management scores every request; the Verified Bots directory is the known-good allowlist. Cloudflare de-listed Perplexity from Verified Bots (2025-08-04) after confirming via a brand-new-domain experiment that Perplexity runs an undeclared stealth crawler with generic Chrome UA, unlisted IPs, and rotating ASNs — bypassing customer blocks of its declared crawlers. ML + network- signal fingerprinting produces a stealth signature that survives rotation; block signatures shipped to the managed AI-bots ruleset for all customers including free tier. ChatGPT-User is the positive control in the same experiment: fetched robots.txt, honored Disallow, stopped, no alternate-UA follow-up; ChatGPT Agent signs via Web Bot Auth. Canonical instance of the two-sided verified-bots program: published-identity requirement (patterns/signed-bot-request) + origin- directive-honoring requirement (concepts/robots-txt-compliance), with patterns/verified-bot-delisting as the enforcement lever.
  • systems/privacy-pass / systems/arc-anonymous-rate-limit-credentials / systems/act-anonymous-credit-tokensIETF-standardized anonymous-credential suite (RFC 9576 architecture; RFC 9578 issuance; ARC + ACT IETF drafts as successors). Cloudflare has deployed base Privacy Pass since 2019 and runs it at billions of tokens per day, primarily via iCloud Private Relay. The 2026-04-21 "Moving past bots vs. humans" post positions the suite as the cryptographic substrate for web protection that is anonymous + accountable + decentralized — the third corner of the rate-limit trilemma — preserving the open Web against a drift toward required-login walls and device-attestation-only access. Cloudflare is co-developing both ARC (rate-limit extension) and ACT (credit-token / multi-presentation extension) in the IETF Privacy Pass WG. Complementary to Web Bot Auth as the anonymous branch of the post-bot-vs-human architecture.
  • systems/cloudflare-ai-code-review / systems/opencode — Cloudflare's CI-native AI code-review orchestration system (2026-04-20). GitLab CI component that spawns OpenCode as a child-process coordinator which fans out to up to seven specialised sub-reviewers (security, performance, code quality, documentation, release, AGENTS.md, engineering- codex). Plugin architecture — @opencode-reviewer/gitlab + cloudflare + codex + braintrust + agents-md + reviewer-config + telemetry + local. Coordinator runs on Opus 4.7 / GPT-5.4 (reserved for judge pass); sub-reviewers on Sonnet 4.6 / GPT-5.3 Codex for heavy-lifting domains and Kimi K2.5 on Workers AI for text-heavy domains. Risk tiering (trivial / lite / full) scales agent count to diff size + security-path sensitivity; trivial avg $0.20, full avg $1.68. Hystrix-style circuit breaker per model tier + failback chains (opus-4-7 → opus-4-6; sonnet-4-6 → sonnet-4-5) + coordinator-level failback via hot-swap of opencode.json. KV-backed Worker for live re-routing in 5 seconds. Prompt-boundary sanitization strips <mr_body>/<mr_details>/etc. from user-controlled MR content. Shared-context file + per-file patches on disk → 85.7% prompt-cache hit rate. "What NOT to Flag" prompts named as the primary signal-to-noise lever. "Model is thinking..." heartbeat every 30s. break glass human override tracked in telemetry (288 / 0.6% of MRs in first 30 days). Incremental re-review with awareness of prior DiffNotes + user replies

  • won't fix / acknowledged / I disagree state-transition rules. Production scale (first 30 days): 131,246 review runs, 48,095 MRs, 5,169 repos, median 3m 39s, median cost $0.98, ~120 B tokens, 159,103 findings. 45+ upstream OpenCode PRs. Canonical wiki instance of the full patterns/coordinator-sub-reviewer-orchestration + patterns/specialized-reviewer-agents + patterns/ai-review-risk-tiering + patterns/jsonl-streaming-child-process + patterns/incremental-ai-rereview cluster.

  • systems/unweight / systems/unweight-kernels — Cloudflare's lossless LLM weight compression for H100 inference (2026-04-17). Huffman coding on the redundant BF16 exponent byte + a custom reconstructive matmul kernel that loads compressed bytes from HBM, reconstructs BF16 in SMEM, and feeds tensor cores directly — the uncompressed representation never touches HBM. Four execution pipelines (full decode / exponent-only / palette transcode / direct palette) autotuned per (weight matrix, batch size) via patterns/autotuned-execution-pipeline-selection. Llama-3.1-8B: ~22 % model-size reduction (distribution), ~13 % (inference, gate + up only), ~3 GB VRAM saved per instance. Throughput overhead 30-40 % at current optimization level, narrows at larger batches. Open-source kernels at github.com/cloudflareresearch/unweight-kernels; technical paper. Complement to Infire's activation-memory discipline — Unweight on weights, Infire on activations, savings additive into KV-cache headroom. Canonical wiki instance of fused decompression + matmul + lossless weight compression + SM-partitioned producer / consumer kernel split.

  • systems/cloudflare-shared-dictionariesRFC 9842 shared-dictionary compression on the edge: the previously cached version of a resource becomes the compression dictionary for the next version. Three-phase rollout — Phase 1 passthrough (open beta 2026-04-30; forward Use-As-Dictionary + Available-Dictionary headers + dcb/dcz encodings, extend cache keys to vary on Available-Dictionary + Accept-Encoding), Phase 2 managed (customer names which assets are dictionaries; CF stores bytes + compresses + serves variants), Phase 3 automatic (CF auto-detects versioned-URL patterns, generates dictionaries, validates via RUM beacon before serving). Lab numbers: 272 KB JS bundle → 2.6 KB DCZ (97 % over gzip); canicompress.com demo: 94 KB SPA → ~159 bytes DCZ (99.5 %). Canonical wiki instance of edge- managed protocol complexity + [[patterns/phased-cdn- rollout-passthrough-managed-auto|passthrough→managed→auto CDN rollout]]. Successor to Google's 2008-2017 SDCH which was un-shipped from Chrome in 2017 after CRIME/BREACH

  • SOP violations; RFC 9842 closes the gaps with a same-origin dictionary-scope constraint.
  • systems/cloudflare-email-service — bidirectional email primitive on the developer platform: Email Routing (free, inbound, long-available) + Email Sending (public beta from 2026-04-16, outbound). Native Workers EMAIL binding (env.EMAIL.send({...})) alongside REST API + TS/Python/Go SDKs, wrangler email send CLI, and a new Email MCP server on the Cloudflare MCP surface. SPF / DKIM / DMARC auto-configured on domain attach. Integrates with the Agents SDK via onEmail + sendEmail + routeAgentEmail + createAddressBasedEmailResolver — address-based routing maps support@domain / support+ticket-123@domain to distinct DO instances (concepts/address-based-agent-routing, patterns/sub-addressed-agent-instance); HMAC-SHA256-signed inReplyTo headers route replies back to the exact originating DO instance (patterns/signed-reply-routing-header). Canonical wiki instance of concepts/email-as-agent-interface
  • concepts/asynchronous-reply-email + patterns/inbound-classify-persist-reply-pipeline.
  • systems/agentic-inbox — open-source reference email client-plus-agent (github.com/cloudflare/agentic-inbox) stitching Email Routing inbound + Email Sending outbound + Workers AI classification + R2 attachments + Agents SDK stateful logic; built-in MCP server lets external agents draft emails for human review before send (email-tier analog of Agent Lee's elicitation gate). Fifth instance of the 2026-04 "dogfood the platform as a customer-facing product" shape after Agent Lee, Project Think, AI Search, and Artifacts.
  • systems/cloudflare-artifacts — distributed versioned filesystem that speaks Git (private beta 2026-04-16, public beta early May 2026). One Durable Object per repo hosts a ~100 KB pure-Zig Wasm Git server + embedded SQLite (Git objects chunked across 2 MB rows) + raw-delta-alongside- resolved-object storage; pack-file snapshots in R2; auth tokens in KV; Worker as stateless front-end. Canonical wiki instance of patterns/git-protocol-as-api, patterns/do-backed-git-server, concepts/agent-first-storage-primitive, concepts/wasm-git-server, concepts/repo-per-agent-session (Cloudflare uses Artifacts internally to persist per-session filesystem + prompt history). $0.15/1 k ops + $0.50/GB-month, 10 k ops + 1 GB free.
  • systems/artifact-fs — sibling open-source FS driver (github.com/cloudflare/artifact-fs) that mounts any Git remote with blobless-clone + agent-aware-priority background hydration. "Git clone but async." Works with any Git remote, not Artifacts-exclusive. Canonical wiki instance of concepts/async-clone-hydration / patterns/blobless-clone-lazy-hydrate.
  • systems/cloudflare-ai-search — managed hybrid (BM25 + vector) search primitive for AI agents, rebranded from AutoRAG (2026-04-16). Runtime-provisioned ai_search_namespaces binding: create() / delete() / list() / search() at the namespace level, one instance per customer / agent / language, built-in R2 storage + Vectorize index. Canonical wiki instance of patterns/runtime-provisioned-per-tenant-search-index, patterns/cross-index-unified-retrieval, patterns/metadata-boost-at-query-time, and patterns/upload-then-poll-indexing. Cloudflare's own blog search dogfoods it.
  • systems/cloudflare-agents-sdk — SDK + AIChatAgent / Agent base classes + routeAgentRequest helper for building agents on Workers + Durable Objects. Positioned as the predecessor of Project Think ("the next generation of the Agents SDK") and the host of the 2026-04-16 AI Search support-agent worked example.
  • systems/workers-ai — managed LLM + embedding + reranker platform on the @cf/… namespace. Hosts Kimi K2.5, BGE reranker base, embedding models. Billed separately from AI Search during AI Search's open beta. Serving architecture (2026-04-16 deep dive): PD-disaggregated prefill + decode tiers with a custom token-aware load balancer that rewrites SSE responses across the stage boundary; client- signalled x-session-affinity header for cross-cluster warm-cache routing (peak input-cache hit 60% → 80%); cluster-wide KV sharing over RDMA ( Mooncake Transfer Engine + Mooncake Store + LMCache / SGLang HiCache); speculative decoding with NVIDIA EAGLE-3 drafter on Kimi K2.5; Infire proprietary Rust inference engine with multi-GPU tensor + pipeline
  • expert parallelism. Measured: p90 TTFT dropped, p90 intertoken latency ~100 ms → 20-30 ms (3×), same GPU count with higher request volume.
  • systems/infire — Cloudflare's proprietary Rust inference engine (Birthday Week 2025 launch, 2026-04 multi-GPU extension). Runs on both PD tiers of Workers AI. Lower activation-memory overhead than vLLM — fits Llama 4 Scout on 2× H200 with >56 GiB KV room (~1.2M tokens); fits Kimi K2.5 on 8× H100 (not H200) with >30 GiB KV room. Sub-20s cold boot, +20% tokens/sec vs baseline on unconstrained systems. "In both cases you would have trouble even booting vLLM in the first place."
  • systems/mooncake-transfer-engine — Moonshot AI's (kvcache-ai/Mooncake) RDMA KV-transfer framework consumed externally by Workers AI for intra-node (NVLink) + inter-node (NVMe-oF) KV block movement; companion to systems/mooncake-store (NVMe cache tier). Same origin as Kimi K2.5 — Moonshot's serving infrastructure ships with the model.
  • systems/mooncake-store — Moonshot's NVMe cold tier for KV cache; extends session residency beyond HBM + DRAM so x-session-affinity hits survive long idle windows.
  • systems/lmcache — open-source cluster-wide KV-cache software layer paired with Mooncake; exposes shared cache to the serving engine so different replicas can reuse the same pre-filled prefix.
  • systems/eagle-3 — NVIDIA's speculative-decoding drafter model, target-model-specific; Workers AI uses nvidia/Kimi-K2.5-Thinking-Eagle3. Shines on agentic tool-call
  • JSON-structured-output workloads.
  • systems/cloudflare-vectorize — managed vector database. Pre-AI-Search a customer-visible primitive; for the AI Search workflow, an implementation detail inside every instance.
  • systems/kimi-k2-5 — Moonshot AI's open-weight LLM served as @cf/moonshotai/kimi-k2.5; chat model in the 2026-04-16 AI Search support-agent example.
  • systems/replicate-cogReplicate's open-source ML-model containerisation format (cog.run) — cog.yaml + predict.py:Predictor
  • cog build. As of 2026-04-16, the Workers AI BYO-model substrate: customers package a fine-tuned or custom model as a Cog container, push it to Workers AI, and it surfaces in the AI Gateway unified catalog alongside @cf/… + third-party models. Currently Enterprise
  • design-partner access; roadmap includes customer-facing push APIs, wrangler commands, and GPU-snapshotting-based faster cold starts. The Replicate team has officially joined the Cloudflare AI Platform team. Canonical wiki instance of patterns/byo-model-via-container.
  • systems/project-think"Next generation of the Agents SDK" (@cloudflare/think, 2026-04-15 preview). Six primitives (durable fibers, sub-agents via Facets, tree-structured Sessions with FTS5 search, sandboxed code execution, execution ladder Tiers 0-4, self- authored extensions) + the opinionated Think base class that wires them together. Built on the same customer-visible primitives (DO + Workers + R2 + Browser Rendering + Sandbox SDK). Internal production use: "we're already using it internally to build our own background agent infrastructure." Canonical wiki instance of concepts/one-to-one-agent-instance, concepts/durable-execution, concepts/capability-based-sandbox, concepts/execution-ladder, and concepts/self-authored-extension.
  • systems/dynamic-workers — per-request V8-isolate sandbox that starts in milliseconds with a few MB of memory — ~100× faster, up to 100× more memory-efficient than a container. Capability-model posture by default: "almost no ambient authority (globalOutbound: null); developer grants capabilities explicitly through bindings." The substrate at Tiers 1-3 of Project Think's execution ladder; the execution tier for every Code Mode generated program.
  • systems/emdashOpen-source TypeScript CMS (v0.1.0 preview, 2026-04-01), positioned as "the spiritual successor to WordPress." Each plugin runs as a Dynamic Worker with a capability manifest declaring exactly which hooks and capabilities it needs — applies the same capability-based sandbox primitive Project Think uses for LLM-generated code to third-party CMS plugins. Plugins can have any license; plugin code can be "trusted without being seen" (patterns/license-independent-sandboxed-plugins). Breaks the marketplace-lock-in dynamic that WordPress's 800+-plugin-review-queue exemplifies. Astro-themed; workerd scale-to-zero hosting (or any Node.js server); built-in x402 / HTTP 402 for per-request content monetisation; built-in MCP server + in-tree Agent Skills + passkey-default auth. First wiki instance of MCP as a CMS primitive and Agent Skills shipped inside a product. MIT licensed; clean reimplementation of WordPress functionality ("no WordPress code was used"), sibling shape to vinext's Next.js clean reimplementation.
  • systems/wordpress — the structural counter-example. 40%+ of the web; 24-year-old architecture predating modern sandboxing + serverless primitives; canonical instance of the plugin-marketplace- lock-in dynamic Cloudflare's EmDash argues against.
  • systems/workerdCloudflare's open-source V8-isolate Workers runtime (Apache 2.0; C++ + V8 + Cap'n Proto). Portable runtime behind Cloudflare Workers; the scale-to-zero isolate substrate EmDash is built to run on anywhere ("EmDash is different: it's built to run on serverless platforms, and make the most out of the v8 isolate architecture of Cloudflare's open source runtime workerd").
  • systems/x402-protocolOpen Internet-native payment standard on top of HTTP 402, governed by the x402 Foundation (Cloudflare + Coinbase co-founded). Built into every EmDash site out of the box. Evolves the pay-per-crawl 402 primitive from single-vendor header set → open standard → CMS primitive.
  • systems/agent-lee — first-party in-dashboard AI assistant (beta, 2026-04-15); ~18K DAU / ~250K tool calls/day at launch. Built on Agents SDK + Workers AI + Durable Objects + MCP. Canonical wiki instance of Code Mode as an agent consumption layer + credentialed proxy + elicitation gate + dynamic UI generation on an adaptive grid.
  • systems/code-mode — Cloudflare's pattern of exposing MCP tools as a TypeScript API and asking the model to write code against it, not pick tools. Fits ~3,000 Cloudflare API operations into <1,000 context tokens; the core consumption layer behind Agent Lee and Cloudflare's internal MCP Server Portal.
  • systems/pingora — Cloudflare's in-house Rust-based HTTP proxy framework and the heart of their Rust proxy services; open-sourced
  • Backbone of pingora-origin and other edge services.
  • systems/cf-cli — next-generation Wrangler CLI (Technical Preview, 2026-04-13): npx cf / npm install -g cf. Single CLI for all Cloudflare products (~100 products, ~3,000 HTTP API operations), generated from a unified TypeScript schema together with Workers bindings, SDKs, Terraform provider, MCP Code Mode server, Agent Skills, and wrangler.jsonc configuration. Convention rules (get not info, --json everywhere) enforced at the schema layer.
  • systems/wrangler-cli — the existing Workers CLI being evolved into cf; hosts wrangler dev local loop, deploy, bindings management, wrangler.jsonc configuration.
  • systems/cloudflare-local-explorer — 2026-04-13 open-beta introspection GUI + local mirror of the Cloudflare API at /cdn-cgi/explorer/api on any Wrangler or Vite-plugin-powered app; unifies local / remote resource management for agents. See patterns/local-mirror-of-remote-api.
  • systems/miniflare — Cloudflare's local-dev emulator running the same V8 Workers runtime as production + local SQLite / on-disk state for every binding (KV, R2, D1, Durable Objects, Workflows). Local Explorer is the introspection layer on top of Miniflare's state.
  • systems/cloudflare-d1 / systems/cloudflare-kv / systems/cloudflare-durable-objects / systems/cloudflare-workflows — developer-platform storage and orchestration primitives that bind to Workers and are now locally introspectable through Local Explorer.
  • systems/cloudflare-vite-plugin — the companion to Wrangler for Vite-powered projects; also hosts Local Explorer's endpoint.
  • systems/pingora-origin — the pingora-based service that performs the last outbound hop to customer origins: strips internal headers, enforces routing / measurement / optimization, then forwards. Runs at 35 M req/sec on ~40,000 saturated CPU cores globally (2024).
  • systems/trie-hard — open-source Rust crate (2024-09-10) implementing a trie optimized for high-throughput read-heavy membership checks over a static key set: node relationships packed into the bits of unsigned integers, whole tree held in a contiguous memory chunk. Production-deployed since July 2024 to strip Cloudflare internal headers in pingora-origin.
  • systems/criterion-rust — the Rust statistical microbenchmark crate Cloudflare uses for per-function perf measurement; nanosecond resolution, regression tracking.
  • systems/cloudflare-ai-gateway — Cloudflare's LLM routing / caching / logging gateway; core of the internal AI stack + the provider- swap point in Moltworker.
  • systems/workers-ai — Cloudflare's same-network model-inference platform (runs alongside Workers / DO / KV / D1).
  • systems/mcp-server-portal — Cloudflare's MCP server aggregation layer with Code Mode tool collapsing.
  • systems/backstage — self-hosted OSS service catalog exposed via MCP to internal agents; Cloudflare runs 2,055 services, 228 APIs, 1,302 DBs, 544 systems across 45 domains in it.
  • systems/opencode — terminal-based agentic coding client with .well-known-driven config bootstrap.
  • systems/agents-sdk — Cloudflare's Agents SDK (McpAgent etc.).
  • systems/cloudflare-sandbox-sdk — higher-level SDK for driving Cloudflare Containers from Workers; Moltworker + Dynamic Workers sandboxed agent-generated code exec.
  • systems/cloudflare-containers — the ephemeral-by-design Docker- container runtime Sandbox SDK wraps. DO-enabled Containers (open beta 2025) gained Browser Run as a Customer-Zero workload via its 2026-05-13 migration off shared BISO infra, which surfaced + drove fixes for "light on documentation, light on observability, light on colleagues in an overlapping timezone" platform-interface gaps and canonicalised DO-Container cross-region placement decoupling + regional pre-warmed DO+Container-pair pools as a substrate-level pattern.
  • systems/cloudflare-browser-rendering — managed headless-Chromium tier with Puppeteer / Playwright / Stagehand / MCP adapters. 2026-04-16 rebranded from "Browser Rendering" to "Browser Run". 2026-05-13 migrated off shared BISO infrastructure onto Cloudflare Containers — 60 browsers/min via Workers binding, 120 concurrent (4× previous), >50% Quick Action latency reduction, WebGL + WebMCP unblocked.
  • systems/cloudflare-browser-isolation2026-05-13 first canonical wiki entry for Cloudflare's remote-browser Zero Trust product (BISO). The page documents BISO primarily as the prior shared substrate that Browser Run migrated off, with the three workload-shape mismatches (image size / POP distribution / long-steady-vs-short-spiky session shape) canonicalised as a "shared infra is cheaper until your workload shape diverges" failure mode.
  • systems/cloudflare-queues2026-05-13 first canonical wiki entry for Cloudflare's Workers-platform messaging primitive. Browser Run's container-state-tracking pipeline is the canonical instance: per-container 5-second state-update writes go through a per-region Queue (production-core-containers-queue-weur etc.) at max_batch_size: 100, max_batch_timeout: 1 to amortise D1's per-row write cost — D1 batch-write P95 0.1 ms lifts the per-location ceiling from 5,000 → 500,000 containers (100× headroom) at <2-second steady-state queue lag. Canonical Cloudflare-platform substrate for patterns/queue-batching-amortizes-db-write-throughput + patterns/region-fallback-on-queue-backlog.
  • systems/cloudflare-r2 — S3-compatible object storage with egress-free pricing; sandbox.mountBucket() presents R2 as a filesystem partition to ephemeral containers.
  • systems/cloudflare-zero-trust-access — identity-aware application proxy gating internal + Developer-Platform applications; JWT-signed requests to origin Workers.
  • systems/moltbot — open-source self-hosted personal AI agent (formerly Clawdbot, renamed OpenClaw 2026-01-30); the reference workload ported to Cloudflare via Moltworker.
  • systems/moltworker — Cloudflare's open-source proof-of-concept port of Moltbot onto the Developer Platform (Workers + Sandbox SDK + Browser Rendering + AI Gateway + R2 + Zero Trust Access).
  • systems/chrome-devtools-protocol — the browser-automation wire protocol Browser Rendering exposes; the proxy point in Moltworker's headless-browser integration.
  • systems/cloudflare-workflows — Cloudflare Workflows (durable execution). 2026-05-01 disclosed Workflows V2 capacity: 50k concurrent instances / 300 new-per-second per account.
  • systems/dynamic-workers — Cloudflare's per-request isolate- spawning Workers tier for agent-generated code.
  • systems/cloudflare-dynamic-workflows — 2026-05-01 library that bridges Workflows with Dynamic Workers to let each tenant ship their own run(event, step) class dispatched on demand. Canonical wiki instance of patterns/dynamic-binding-over-static-binding at the durable-execution layer and concepts/per-tenant-dynamic-code-dispatch.
  • systems/durable-object-facets — 2026-04 dynamic-binding counterpart to Durable Objects (per-tenant SQLite database spun up on demand with the platform as supervisor). Storage- tier sibling to Dynamic Workers (compute) and Dynamic Workflows (durable execution).

Internal data / dashboard infrastructure (2025-11-18 disclosure)

  • systems/clickhouse — Cloudflare's internal ClickHouse cluster hosts Bot Management telemetry + feature data. Sharded across nodes; default-database distributed tables fan out to r0.* shard tables. The 2025-11-18 incident disclosed the cluster's role and the per-user-distributed-query migration (explicit r0.* grants so distributed subqueries run under the initiating user's account) that silently doubled system.columns query results for the Bot Management feature-file generator. Canonical wiki instance of concepts/clickhouse-distributed-query and concepts/database-permission-migration-risk.
  • systems/turnstile — Cloudflare's privacy-preserving challenge widget (CAPTCHA replacement). Embedded on customer login flows + Cloudflare's own Dashboard login. 2025-11-18 disclosure: Turnstile depends on the core proxy; when the proxy returned 5xx, Turnstile couldn't load, and every dashboard login that required a new auth failed.
  • systems/cloudflare-dashboard — the web control plane. 2025-11-18 disclosure: two impact windows (11:30–13:10 via Workers KV dependency; 14:40–15:30 via login-retry backlog after Turnstile recovery). Existing sessions unaffected.

Managed relational storage (partner-integrated)

  • systems/hyperdrive — Cloudflare's database connectivity service for Workers talking to central SQL databases. Manages connection pools + query caching in front of any Postgres / MySQL origin; exposed to customer code as a first-class Workers binding (hyperdrive: [{ binding: "DATABASE", id }]) so a standard pg or MySQL client works unchanged over env.DATABASE.connectionString. Primary beneficiary: SQL-heavy request paths from the edge to a central DB, where naive per-invocation connections would exhaust the DB's connection budget and pay TLS + handshake cost every request.
  • systems/planetscalepartner-integrated managed relational database offering both Postgres and MySQL (Vitess) engines, announced as a Cloudflare partnership in September 2025. As of 2026-04-16 customers can provision PlanetScale databases directly from the Cloudflare dashboard / API and (from "next month") be billed through their Cloudflare account — including redemption of Cloudflare credits (startup programme, committed spend) against PlanetScale usage. Full PlanetScale feature + SKU + pricing surface preserved (query insights, AI-agent tooling, database branching, $5/month starter node). Canonical wiki instance of patterns/partner-managed-service-as-native-binding + storage-tier instance of patterns/unified-billing-across-providers. Worker co-location with the DB region via placement hints (placement: { region: "aws:us-east-1" }) resolves concepts/edge-to-origin-database-latency — with auto-placement named as forward-looking ("single digit milliseconds" target).

Security / identity (post-BastionZero)

  • systems/opkssh — open-source SSH tool that uses SSO (OpenID Connect) to issue ephemeral 24h SSH keys. Originally built by BastionZero; Cloudflare acquired the company in 2024 and donated the code to the OpenPubkey Linux Foundation project (Apache 2.0, 2025-03-25). No protocol or binary changes required to OpenSSH.
  • systems/openpubkey — the underlying protocol (Linux Foundation, 2023) adding public keys to OIDC ID Tokens, producing PK Tokens. OPKSSH is the production-complete application of OpenPubkey to SSH.
  • systems/bastionzero — the zero-trust infrastructure-access company Cloudflare acquired in 2024; historical origin of OPKSSH.

Network defence / DDoS mitigation

  • systems/magic-transit — Cloudflare's IP-network-level DDoS protection product: customer prefixes advertised via anycast from the full POP fleet; L3 scrubbing on every server; GRE tunnel to origin. Defended the 7.3 Tbps / 4.8 Bpps / 37.4 TB in 45 seconds attack of May 2025 — largest DDoS attack ever reported at the time — fully autonomously across 477 data centres / 293 locations.
  • systems/dosd — Cloudflare's per-server user-space denial-of-service daemon: reads packet samples from XDP/eBPF, enumerates fingerprint permutations, picks the most-selective match via a data-streaming algorithm, compiles the fingerprint back to an eBPF program that drops matching packets in XDP; top fingerprints gossiped within-POP and globally. Exposed to customers as the DDoS Protection Managed Rulesets.
  • systems/ebpf — not Cloudflare-owned, but XDP + eBPF is the kernel drop plane for this stack; the 2025-06-20 writeup is the first wiki instance of XDP as a DDoS data plane.

Public DNS & anycast reliability

  • systems/cloudflare-1-1-1-1-resolver — Cloudflare's free public DNS Resolver (2018); global anycast of prefixes 1.1.1.0/24, 1.0.0.0/24, 2606:4700:4700::/48 and related over UDP / TCP / DoT. DoH via cloudflare-dns.com uses a different IP set — a load-bearing availability-architecture detail exposed by the 2025-07-14 incident, where DoH-via-hostname traffic stayed mostly up while bare-IP UDP/TCP/DoT traffic to 1.1.1.1 was globally unreachable for 62 minutes.
  • systems/cloudflare-data-localization-suite (DLS) — the Cloudflare product line that constrains services to customer- selected regions via a per-service service topology (explicit list of POPs the service is allowed to run in). 2025-07-14: a 38-day dormant-misconfig on a not-yet-live DLS service topology was the surface on which the 1.1.1.1 outage detonated.

BGP / routing forensics (Venezuela route-leak post)

  • systems/aspaAutonomous System Provider Authorization (IETF SIDROPS draft). RPKI-signed objects declaring each AS's authorized upstream providers; enables path validation to detect and reject route leaks at any BGP vantage point. Tier-1 networks use the AS0 member to declare "no upstream providers." Cloudflare's forward-looking mitigation pick in the 2026-01-08 Venezuela post; would have prevented the 01-02 Type-1 hairpin leak.
  • systems/peerlock / Peerlock-lite — operator-side BGP-filter recipes (Junos + NANOG) that reject customer- learned routes containing known Tier-1 ASNs in the path. Near-term leak mitigation before full ASPA adoption.
  • systems/cantv-as8048 (Venezuela, state ISP) / systems/sparkle-as6762 (Italy, Tier-1) / systems/vtal-globenet-as52320 (Colombia) / systems/dayco-telecom-as21980 (Venezuela) — the four ASes in the 2026-01-02 leak event Cloudflare dissects. AS8048 is the leaker (hygiene failure); AS6762 is the Tier-1 upstream the routes came from; AS52320 is the other provider they were leaked to; AS21980 is the customer whose prefixes were the subject matter.

Internet-disruption observability (Radar Q1 2026 review)

Workers / V8 / Node.js performance stack

  • systems/cloudflare-workers — V8-isolate-based serverless compute; 330+ POPs; CPU-time billing (not wall-clock); 128 MB default isolate memory. In 2025-10 Cloudflare re-tuned two knobs: concepts/warm-isolate-routing (biases CPU-bound bursts toward new isolates while keeping I/O-bound coalescing) and concepts/v8-young-generation (removed a stale 2017-era young-gen cap → ~25 % benchmark improvement globally, small memory increase).
  • systems/opennext — OSS Next.js portability adapter layer (Workers, AWS Lambda, Netlify, …). 2025-10 profiling surfaced allocation / copy / buffering inefficiencies (50× unused Buffer per pipeThrough, per-chunk output copy, Buffer.concat(chunks).length discard pattern, Node↔Web-streams double-buffer, value-oriented ReadableStream with highWaterMark: 1); Cloudflare shipped upstream PRs.
  • systems/v8-javascript-engine — Cloudflare employs multiple V8 core contributors; the company ships ecosystem fixes as V8 patches that compound across Node.js / Chrome / Deno / Workers. Canonical 2025-10 instance: ~33 % JSON.parse(text, reviver) speedup (Chromium CL 7027411, ships V8 14.3 / Chrome 143).
  • systems/nextjs — target framework for OpenNext; profiled in the 2025-10 post (reviver-heavy paths, rendering-pipeline allocation patterns).
  • systems/nodejs — sibling V8-embedder; governance-adjacent via Snell's TSC seat; the runtime whose Web-streams performance gap (Vercel's 12× measurement vs Node's own pipeline()) motivated the 2026-02-27 critique.
  • systems/web-streams-api — the WHATWG Streams Standard; Workers-preferred streaming API. Canonical wiki instance of the 2026-02-27 structural critique (readers+locks, advisory-only backpressure, push-based TransformStream, promise-allocation cost, BYOB-without-payoff).
  • systems/new-streams — Snell's 2026-02-27 proof-of-concept alternative streaming API (async-iterable + pull + explicit backpressure policies + batched chunks + sync fast paths); 2×-120× faster than Web streams in every tested runtime. Not a ship-it standard, explicitly a conversation-starter.
  • systems/react — first-party consumer inside Next.js; value-oriented ReadableStreams + heavy JSON.parse(text, reviver) usage; default-dev-mode when NODE_ENV unset was one of the 2025-10 methodology biases.

Post-quantum cryptography stack

  • systems/cloudflare-universal-ssl — 2014 free-TLS-for-all program; the historical precedent and rhetorical anchor for Cloudflare's default-on / no-extra-cost posture that the 2026 PQ roadmap invokes explicitly ("Free TLS helped encrypt the web. Free post-quantum cryptography will help secure it for what comes next.").
  • systems/cloudflare-magic-wan-ipsec — 2026-04-30 GA of hybrid ML-KEM for Cloudflare IPsec per draft-ietf-ipsecme-ikev2-mlkem. The third canonical default-on-security-upgrade instance after 2014 Universal SSL + 2022 TLS PQ-for-all; extends PQ-KEM coverage from web-TLS into enterprise site-to-site networking. Interop verified with Cisco 8000 Series 26.1.1+ + Fortinet FortiOS 7.6.6+ branch connectors; reference implementation via strongswan. Palo Alto Networks' RFC 9370-based early implementation does not yet interoperate — canonical ciphersuite-bloat case study.
  • systems/cloudflare-one-sase — the SASE / zero-trust suite flagged as the Early-2028 milestone: fully PQ-authenticated Cloudflare One completes the enterprise-network side of the 2029 target. Already PQ-encrypted (2022 hybrid KEM rollout on tunnel traffic + 2026-04-30 IPsec PQ-KEM GA).
  • systems/ikev2-protocol — the IPsec handshake layer receiving hybrid ML-KEM; IKE_INTERMEDIATE (RFC 9242) as the extension point carrying the PQ half of the hybrid.
  • systems/ml-kem — NIST FIPS 203 PQ KEM algorithm (Kyber lineage). Already running in TLS hybrid X25519MLKEM768 at

    65 % of human traffic; now also running in Cloudflare IPsec's IKEv2 hybrid per draft-ietf-ipsecme-ikev2-mlkem.

  • systems/strongswan — open-source IPsec / IKEv2 reference implementation; test harness for Cloudflare's pre-GA closed- beta interoperability testing of hybrid ML-KEM.
  • systems/cisco-8000-series-secure-routers — enterprise branch-connector hardware supporting the PQ IPsec draft from version 26.1.1.
  • systems/fortinet-fortios — enterprise branch-connector OS supporting the PQ IPsec draft from version 7.6.6.
  • systems/palo-alto-networks-ipsec — the canonical non- interoperable case: shipped under RFC 9370 before the named standard existed.
  • systems/ml-dsa-signature — NIST FIPS 204 PQ signature algorithm (Dilithium lineage). Named as the Mid-2026 Cloudflare→origin authentication primitive; general-purpose lattice-based signature suited for TLS cert chains + code signing + federation.
  • systems/merkle-tree-certificates — Mid-2027 milestone mechanism for visitor→Cloudflare PQ authentication. Batches PQ-signed cert commitments under a Merkle root signed once and distributed out-of-band; per-handshake cost reduced from a full PQ signature (15-50 kB cert chain) to logarithmic inclusion-proof material.
  • systems/pq-hsts — browser-side downgrade-protection mechanism being worked on in Chromium; named as one of the two feasible-for-federated-systems answers to "attackers with CRQCs forge transcript signatures so negotiation alone doesn't defeat downgrade."
  • systems/certificate-transparency — sibling downgrade- protection surface; same Merkle-tree-backed public-audit infrastructure as existing CT repurposed as evidence-that- PQ-certs-exist for downgrade detection; Bas Westerbaan (Cloudflare Research) authored the 2026 RWPQC framing.

Content monetization / verified bots

  • systems/pay-per-crawl — 2025-07-01 private-beta feature letting publishers monetize AI-crawler access per request: Allow / Charge (flat per-request USD, delivered as HTTP 402 + crawler-price) / Block. Rules engine runs after existing WAF + bot management — monetization layered on top, never overriding a security decision. Cloudflare is the Merchant of Record aggregating N×M billing into N+M enrollments.
  • systems/web-bot-auth — Cloudflare's cryptographic bot-identity proposal: Ed25519 keypair + hosted JWK directory + per-request RFC 9421 HTTP Message Signatures (signature-agent + signature-input + signature headers, tag web-bot-auth). Replaces IP allowlists / reverse-DNS as bot verification. Identity substrate pay-per-crawl requires before it can bill.
  • systems/cloudflare-waf — existing edge L7 firewall; relevant here only as the pipeline stage that runs before pay-per-crawl.

Agent-readiness tooling (2026-04-17)

  • systems/isitagentready — Cloudflare's public Lighthouse- style agent-readiness scanner; grades any URL on the four-dimension rubric (Agent Discovery / Content for LLMs / Access Rules / Agent Actions) plus non-scoring Agentic Commerce. Self- referential — publishes its own MCP server at /.well-known/mcp.json + Agent Skills index at /.well-known/agent-skills/index.json. Canonical wiki instance of patterns/score-driven-standard-adoption.
  • systems/cloudflare-url-scanner — existing public URL-analysis product; 2026-04-17 gained an Agent Readiness tab + options: {"agentReadiness": true} API option embedding the same four-dimension rubric.
  • systems/cloudflare-developer-documentationdevelopers.cloudflare.com as the reference implementation of agent-ready documentation. Five refinements: dynamic /index.md fallback via two Transform Rules; split llms.txt per top-level product directory; hidden agent directives in HTML; Redirects for AI Training on deprecated docs (Wrangler v1, Workers Sites); afdocs-compliant sidebar with "LLM Resources" entries. Benchmark: 31 % fewer tokens + 66 % faster to correct answer vs average non-refined technical docs site (Kimi-k2.5 via OpenCode) — patterns/comparative-documentation-benchmark canonical instance.
  • systems/cloudflare-transform-rules — URL Rewrite Rule + Request Header Transform Rule composition backing the dynamic /index.md fallback without static content duplication.
  • systems/redirects-for-ai-training — classify AI-training crawlers + redirect them away from deprecated content; fixes future LLM answers at training-data time rather than inference time.
  • systems/agent-skills — Cloudflare-authored RFC for an /.well-known/agent-skills/index.json standard listing agent-consumable skill documents.
  • systems/mcp-server-card — draft MCP #1649 standard for pre-connect MCP-server discovery at /.well-known/mcp/server-card.json.
  • systems/api-catalog-rfc-9727 — IETF RFC 9727 standard for /.well-known/api-catalog; scored check under Agent Actions.

  • systems/cloudflare-access — Cloudflare's zero-trust access product; 2026 Agents Week added full support for RFC 9728 OAuth Protected Resource Metadata so agents can drive humans through proper OAuth consent flows rather than reusing a logged-in browser session.

  • systems/capnweb — Cloudflare's pure-TypeScript object-capability RPC library (2025-09-22, open-sourced MIT, <10 kB minify+gzip, zero dependencies, written by Cap'n Proto author Kenton Varda). Spiritual sibling of Cap'n Proto that keeps the object-capability model and promise pipelining while dropping the .capnp schema language in favour of TypeScript-interface-as-schema + a JSON-based human-readable wire format. Symmetric / [[concepts/ bidirectional-rpc|bidirectional]] (either peer can call the other), four message types (push/pull/resolve/ reject), predictable positive export-table IDs enable pipelining-before-first-response. Three transports built in: HTTP batch, WebSocket, postMessage(). Runs in every major browser + Workers + Node.js. Novel record-replay DSL for .map() over promised arrays — the "DSL" turns out to be the RPC protocol itself. First production consumer: Wrangler remote bindings (GA 2025-09-16) so local workerd test instances can speak RPC to production services. Canonical wiki instance of concepts/object-capability-rpc + [[concepts/ promise-pipelining]] + concepts/bidirectional-rpc + patterns/capability-returning-authenticate + patterns/record-replay-dsl; positioned as a GraphQL alternative for the waterfall problem at the RPC layer. 643 HN points.

Feature-flag infrastructure (2026-04-17 Agents Week)

  • systems/cloudflare-flagshipnative feature-flag service, private beta launched 2026-04-17, built on OpenFeature and on Cloudflare's own developer-platform primitives ( Workers, Durable Objects, Workers KV). Architecture: per-app DO = source of truth (SQLite- backed, single-writer, holds flag config + changelog) → Workers KV = edge-replicated read tier (sync "within seconds") → evaluation engine runs in-isolate in the same V8 isolate already serving the request, reading flag config from edge-local KV — "both the data and the logic live at the edge — nothing is sent elsewhere to be evaluated." Worker binding on env.FLAGS via wrangler.jsonc: { flagship: [{ binding, app_id }] }; typed accessors for boolean / string / number / full JSON object variations + *Details() returning value + variant + reason. OpenFeature SDK works across Workers, Node.js, Bun, Deno, browser. Rules compose via AND/OR nested up to 5 levels deep + priority (first-match wins). Percentage rollouts use consistent hashing on a chosen context attribute (userId canonical) so ramps are monotonic — stable bucketing across the 5% → 10% → 50% → 100% sequence (concepts/percentage-rollout). Full audit trail with field-level diffs. Launch thesis (the post's lede, not the architecture): flags are the bounded-blast-radius primitive for agent-controlled deployment"the human doesn't need to be in the loop for every step — they set the boundaries, and the flag controls the blast radius." Canonical wiki instance of patterns/do-plus-kv-edge-config-distribution and patterns/in-isolate-rule-evaluation. Source code public at github.com/cloudflare/flagship; SDK npm i @cloudflare/flagship.
  • systems/openfeature — the CNCF open standard for feature-flag evaluation that Flagship implements as a Provider. Positioned as "the same relationship OpenTelemetry has to observability" — vendor-neutral API so "you write your evaluation code once against the standard, and swap providers by changing a single line of configuration." Canonical wiki instance of concepts/vendor-neutral-evaluation-api.

As third-party cosigner + audit-log operator for other companies (2026-05-01 Meta E2EE-backup post)

  • Role not a Cloudflare system but a Cloudflare role — Cloudflare serves as the third-party signer + public audit-log operator for Meta's HSM-based Backup Key Vault fleet-key distribution to Messenger clients. Fleet public keys for new HSM deployments arrive over the air inside a validation bundle signed by Cloudflare and counter-signed by Meta; Cloudflare also maintains an audit log of every validation bundle it has signed, making any undisclosed signing event externally observable. Canonical wiki instance of the new patterns/third-party-countersignature-for-trust-anchor pattern and the new concepts/audit-log-as-transparency-artifact concept. Canonical wiki instance of Cloudflare acting as the second trust-root in another company's trust chain rather than as a primary service operator — structurally different from the Cloudflare-as-first-party-substrate posture visible elsewhere on this page (Workers, AI Gateway, etc.). See sources/2026-05-01-meta-strengthening-end-to-end-encrypted-backups and systems/messenger for the full deployment shape. Meta's framing: "signed by Cloudflare and counter-signed by Meta, providing independent cryptographic proof of their authenticity."

Key patterns / concepts

  • patterns/flip-lookup-direction — when two sets meet at a membership check, iterate the smaller set and probe the other; pingora-origin header-stripping canonical instance (100 internal vs 10-30 request headers, 2.39× speedup from the direction flip alone).
  • patterns/custom-data-structure-for-hot-path — when crates.io / stdlib containers are tuned for a different workload, writing a purpose-built structure is legitimate engineering at CDN-scale CPU budgets; trie-hard canonical instance (radix_trie a full µs slower than HashMap before the custom write).
  • patterns/measurement-driven-micro-optimization — start with a flame graph / stack-trace sampling, pick the function by CPU share, benchmark against the real workload; trie-hard canonical instance (1.71 %-CPU target → 0.43 % via criterion + production sampling closing the loop).
  • concepts/trie-data-structure — tree-prefix structure with O(log L) miss behaviour, O(L) hit; the right shape for mostly-miss membership checks on short keys.
  • concepts/big-o-over-key-length — the hidden cost that HashMap<String, V> reads are O(L) because every byte of the key goes into the hash; asymptotic-over-table-size intuition misleads at the µs scale.
  • concepts/stack-trace-sampling-profiling — production profiling by sampling the stack periodically and estimating per-function CPU share as sample-containment percentage; turned a one-line helper into a 680-core optimization target.
  • concepts/hot-pathany code that runs per-request at tens of millions of requests per second — the unit of optimization attention at CDN scale.
  • patterns/central-proxy-choke-point — AI Gateway proxy Worker pattern: all LLM requests flow through a single choke point that validates auth, strips client keys, tags metadata; mirrors pingora-origin's role as the egress choke point for upstream requests.

Workers / V8 / Node.js performance patterns and concepts

  • concepts/v8-young-generation — V8 GC young-space size as an embedder-tunable knob; Cloudflare's 2017 manual cap (V8-guidance for 512 MB envs, Workers defaults to 128 MB) didn't age well as V8's GC evolved. Removing the manual tune → ~25 % benchmark improvement globally.
  • concepts/warm-isolate-routing — routing-heuristic primitive for V8-isolate serverless runtimes. I/O-bound vs CPU-bound workloads want opposite coalescing behaviours; the 2025-10 Cloudflare fix detects CPU sustain and biases fresh- isolate spin-up while preserving I/O-bound coalescing.
  • concepts/benchmark-methodology-bias — correlated noise + client-side latency + hardware-gen lottery + multitenancy + TTFB/TTLB skew + unset NODE_ENV: six distinct bias classes catalogued in one of the clearest published enumerations.
  • concepts/stream-adapter-overhead — Node ⇆ Web ReadableStream adapter double-buffering cost; value-oriented vs byte-oriented ReadableStream default-highWaterMark pitfall; canonical skip-the-adapter fix (ReadableStream.from(chunks)).
  • concepts/backpressure — the slow-consumer-signals-fast- producer control primitive. Canonical wiki instance of the 2026-02-27 Cloudflare critique that Web streams' backpressure is advisory-only (controller.enqueue() always succeeds regardless of desiredSize; producers routinely ignore writer.ready); enforced four-policy alternative in new-streams.
  • concepts/async-iteration — the ES2018 for await…of protocol the WHATWG Streams Standard predates (2014-2016) and was retrofitted with post-hoc. Canonical wiki argument that this 2-year timing mismatch is the root design flaw behind Web streams' readers+locks+controllers machinery.
  • concepts/pull-vs-push-streams — evaluation-model axis. Web streams is push-oriented; TransformStream.transform() runs eagerly on write, cascading data through intermediate buffers before the consumer pulls. Pull-based designs (Unix pipes, async generators, systems/new-streams) have implicit backpressure and cancellation as consequences of the model.
  • concepts/promise-allocation-overhead — the dominant per-request cost in Web streams hot paths. Vercel measurement: 12× gap between ReadableStream.pipeThrough() and Node stream.pipeline() attributed almost entirely to promise + object allocation overhead. Cloudflare internal fix: up to 200× fewer promises in one Workers data pipeline. Per- request GC reaching 50 %+ of CPU in streaming SSR.
  • concepts/byob-reads — bring-your-own-buffer reads in Web streams. Canonical wiki instance of the 2026-02 critique that BYOB ships dual-path implementation complexity for both consumers and producers despite seeing little real-world adoption.
  • patterns/upstream-the-fix — fix in the ecosystem primitive (V8 JSON.parse(reviver), Node.js trig compile flag, OpenNext adapter allocations, benchmark-repo bugs, Node.js Web-streams fast-webstreams) not just in one's own platform. Canonical 2025-10-14 four-PR instance + 2026-02-27 Vercel-collaboration second instance (Snell-as-Node-TSC accelerating competitor-originated work).
  • patterns/explicit-backpressure-policy — design pattern of requiring the producer to pick one of four bounded-buffer responses (strict / block / drop-oldest / drop-newest) at stream-creation time, with strict as the default. The structural response to advisory-backpressure failure modes.
  • patterns/lazy-pull-pipeline — pipeline stages execute only when the consumer iterates; no eager background pumping; no intermediate-buffer cascade; stopping iteration stops the pipeline. The engineering pattern for composing pull-based transforms (async generators, Stream.pull() in systems/new-streams).

Security / identity patterns and concepts

Network defence patterns and concepts

  • patterns/autonomous-distributed-mitigation — detection + mitigation on every server of the fleet with no central scrubbing tier and no human in the loop; 7.3 Tbps attack across 477 data centres canonical instance; pairs with concepts/anycast for delivery and patterns/gossip-fingerprint-propagation for cross-POP intelligence sharing.
  • patterns/gossip-fingerprint-propagation — each server's top attack fingerprints multicast/gossiped within-POP and globally; peer servers get threat-intel without a central control-plane service; avoids creating a DDoS target out of the threat-sharing mechanism.
  • concepts/anycast — the same IP advertised from every POP; BGP best-path selection routes each source's packets to the nearest POP. Canonical DDoS-defence primitive: attacker geographic distribution becomes per-POP-capacity advantage.
  • concepts/udp-reflection-amplification — three-property exploit (UDP spoofable + responsive reflector + query<reply amplification) used for QOTD / Echo / NTP / Portmap / RIPv1 / Memcached / DNS / SSDP / CLDAP vectors. 2025-06-20 attack used 6 of these alongside direct UDP flood + Mirai.

Content monetization / verified-bots patterns and concepts

  • concepts/http-402-payment-required — the long-dormant HTTP status code Cloudflare resurrected as the per-request paid-content negotiation primitive. Defined in HTTP/1.1, effectively unused until pay-per-crawl.
  • concepts/http-message-signatures — RFC 9421; per-request cryptographic signatures over canonical HTTP covered-fields. Carries Web Bot Auth's bot identity.
  • concepts/verified-bots — general problem domain (distinguish legitimate automated clients from imposters); Cloudflare's cryptographic answer is signed-request-per-request rather than IP / reverse-DNS / API key.
  • concepts/agentic-paywall — the stated end-state: AI agents programmatically hitting 402s with a spending budget, paying per-resource without human-in-the-loop. Pay-per-crawl is the substrate.
  • patterns/price-header-negotiation — reactive (discover price via 402, retry with crawler-exact-price) and preemptive (crawler-max-price up front, single round trip) HTTP-header flows.
  • patterns/signed-bot-request — Ed25519 keypair + JWK directory + per-request RFC 9421 signature; the canonical recipe for cryptographic bot identity.
  • patterns/merchant-of-record-aggregation — collapse N×M bilateral billing contracts into N+M enrollments via a trusted intermediary that's the legal counter-party for all transactions.
  • concepts/stealth-crawler / concepts/declared-crawler / concepts/undeclared-crawler — the three-way crawler- identity taxonomy the 2025-08-04 Perplexity post establishes. Declared + compliant is the cooperative baseline (ChatGPT); undeclared + ignoring directives is the failure mode (Perplexity); undeclared ⊂ stealth when the evasion is deliberate.
  • concepts/user-agent-rotation / concepts/asn-rotation / concepts/ip-rotation-as-evasion — stealth-crawler evasion tactics and why none of them survive ML bot fingerprinting over content-independent request features.
  • concepts/robots-txt-compliance — operator-side discipline of fetching and honoring robots.txt; the 2025-08-04 post binary-splits ChatGPT (full compliance) vs Perplexity stealth crawler (non-compliance at the operator level, even if individual declared crawlers comply).
  • concepts/ml-bot-fingerprinting — ML classifier over TLS + HTTP/2 + timing features producing a bot score that survives IP + ASN + UA rotation; the structural answer to stealth-crawler evasion.
  • patterns/brand-new-domain-experiment — methodology pattern for zero-confounder crawler-attribution claims. Cloudflare purchases never-registered domains, publishes a blanket robots.txt Disallow, and queries the suspected crawler's product about the content — any retrieval is proof of direct fetch in violation. Canonical 2025-08-04 Perplexity instance.
  • patterns/stealth-crawler-detection-fingerprint — ML + network-signal fingerprinting pattern that produces a stealth signature durable against identity rotation; ships as customer-deployable managed-ruleset block signatures.
  • patterns/stealth-on-block-fallback — the documented anti-pattern of running a stealth crawler as a fallback when the declared one is blocked. Escalation signature (reactive rotation; answer-specificity degradation under successful stealth block) and why it fails against ML fingerprinting + verified-bot delisting.
  • patterns/verified-bot-delisting — enforcement lever that moves a violating operator out of the known-good allowlist; activates bot-management scoring + withdraws downstream- feature privileges (pay-per-crawl, default-allow); paired with public attribution as the reputational side of enforcement. Canonical 2025-08-04 Perplexity instance.

Reliability / incident post-mortems

  • concepts/feature-file-size-limit — preallocated fixed-size cap on internally-generated config files; load-bearing invariant that fails-closed on violation without a fail-open path. Canonical wiki instance: the FL2 bots module's 200-feature cap breached on 2025-11-18 by a doubled ClickHouse metadata query result → .unwrap() panic → ~3 hours core-traffic outage.
  • concepts/preallocated-memory-budget — the hot-path optimization (no runtime alloc, no GC, cache locality) that creates the size cap. Legitimate performance choice; becomes a hazard when the inbound payload can grow without matching ingest validation.
  • concepts/internally-generated-untrusted-input — the trust-boundary-confusion failure class. "We generate it, so it's trusted" is the wrong model when the generator's output depends transitively on upstream systems (database grants, schema migrations, library updates). Cloudflare's 2025-11-18 stated #1 remediation names this discipline explicitly.
  • concepts/database-permission-migration-risk — the transitive-dependency failure class: a correct, defensive database permission change (fine-grained grants for per-user distributed-query accounting) silently changes the row count returned by a downstream consumer's metadata query. Neither team catches it at code-review time because the bug surfaces at the intersection.
  • concepts/clickhouse-distributed-query — the upstream primitive whose migration was the 2025-11-18 trigger.
  • concepts/unhandled-rust-panic — the Rust-side crash shape. Rust's type system prevents nil-index-class bugs but not .unwrap() on an error path the programmer didn't handle. Canonical wiki instance on FL2.
  • concepts/nil-index-lua-bug — the Lua-side crash shape. Canonical wiki instance on FL1 (2025-12-05).
  • concepts/intermittent-failure-signal-confusion — why 2025-11-18's failure shape (5-minute oscillation driven by gradual ClickHouse-grant rollout) mimicked an external DDoS attack. The status-page coincidence reinforced the misdirection. Canonical wiki instance.
  • concepts/global-configuration-system — Cloudflare's name for the fleet-wide config-delivery channel that propagates every edit in seconds with no canary. Named explicitly on 2025-12-05 as "under review following the outage we experienced on November 18" — review incomplete when the same system delivered the 12-05 trigger.
  • concepts/fail-open-vs-fail-closed — the design-choice discipline. Named as a stated remediation on both 2025-11-18 and 2025-12-05. Two outages, same underlying absence.
  • concepts/cdn-as-critical-internet-infrastructure — framing for why Cloudflare's public post-mortems are longer, deeper, and published same-day — CDN outages are front-page news and the remediation backlog is public record.
  • patterns/harden-ingestion-of-internal-config — stated #1 remediation on 2025-11-18. Treat internally-generated config as untrusted input; validate size / shape / invariants before loading into the hot-path buffer; fall back to known-good on violation.
  • patterns/global-feature-killswitch — stated #2 remediation on 2025-11-18. An orthogonal fast-off lever that disables a feature consuming bad config in seconds, independent of the config-cleanup path. Compositional companion to progressive-rollout.
  • patterns/global-configuration-push — the antipattern framing of the rapid-global-delivery channel itself. Not wrong to have; dangerous to have as the only option.
  • patterns/rust-replacement-of-dynamic-language-hot-path — the Rust rewrite pattern. Prevents one bug class (nil-index / type-coercion) but not the fail-open / ingest-validation classes. 2025-12-05 is the canonical pattern-works instance (FL2 structurally immune to the Lua bug); 2025-11-18 is the canonical pattern-has-limits instance (FL2 still panicked).
  • concepts/bgp-route-withdrawal — the single-action global- outage primitive for anycast services: because the same IP is advertised from every POP, unadvertising it anywhere-and- everywhere is an Internet-speed global event. Two distinct causes produce identical wire behaviour — external BGP hijack (2024-06-27 incident) and self-inflicted withdrawal (2025-07-14 incident) — and incident responders have to disambiguate them.
  • concepts/service-topology — the configuration abstraction deciding where each service's IP is allowed to be advertised from; the edit surface where the 06-06 latent misconfig lived and the 07-14 trigger fired.
  • concepts/latent-misconfiguration — dormant bug pattern: referentially-wrong config gated by a precondition that happens not to hold, activated by an unrelated change to the same surface. Canonical wiki instance is the 38-day dormant 1.1.1.1-prefix-linked-to-DLS-topology bug that detonated on 07-14.
  • patterns/progressive-configuration-rollout — control-plane canary / staged deployment applied to config rather than code; the discipline the legacy Cloudflare addressing system lacks and the stated remediation is built around. Sibling of patterns/staged-rollout for the config plane.
  • patterns/dual-system-sync-during-migration — legacy-and- strategic-in-parallel posture during long migrations; the structural context in which the 06-06 bug was introduced (on the legacy surface that lacks progressive deployment), and for which the stated remediation is to shorten the window by accelerating legacy deprecation.

Post-quantum patterns and concepts

  • concepts/q-day — the operational-threshold concept for a CRQC breaking deployed asymmetric cryptography. Canonical wiki instance is Cloudflare's 2026-04 reassessment: Q-Day pulled forward from "2035+" to "as early as 2029" by the three-front compounding (Google's undisclosed P-256 speed-up
  • Oratomic's 10,000-qubit neutral-atom estimate + 3-4 physical- to-logical-qubit ratio). Scott Aaronson's "public estimates are now going dark" framing explicitly adopted.
  • concepts/cryptographically-relevant-quantum-computer — the capability Q-Day names the threshold of; three independent engineering fronts (hardware + error correction + software) whose progress compounds.
  • concepts/harvest-now-decrypt-later — the historical primary PQ threat; addressed by Cloudflare's 2022 PQ-KEM-by- default rollout; >65 % of human traffic now PQ-encrypted. Extended into site-to-site / IPsec layer via the 2026-04-30 Cloudflare IPsec PQ GA.
  • concepts/post-quantum-authentication — the newly-urgent 2026 threat axis. Impersonation / signature forgery rather than retroactive decryption; Q-Day-near-term implies this is where migration urgency concentrates; Cloudflare canonical articulation of the priority flip. Also the flagged remaining gap for IPsec standards post 2026-04-30 IPsec PQ-KEM GA.
  • concepts/downgrade-attack — why enabling PQ is not sufficient. Active CRQC attacker forges transcript signatures, forcing selection of classical primitives; needs disable-legacy-before- rotate + PQ HSTS / CT downgrade protection.
  • concepts/long-lived-key-risk — root CAs + code-signing certs + federation trust anchors + API auth keys first in the migration priority order. Persistent-access keys are the natural first target under scarce/expensive early-CRQC conditions and remain the largest exposure surface under scalable-CRQC covert-attack scenarios (Sophie Schmieg's Enigma analogy).
  • concepts/hybrid-key-encapsulation — the transition-era deployment shape combining PQ KEM with a classical KEM. Canonical wiki instances: TLS 1.3 X25519MLKEM768 (2022), SSH sntrup761x25519-sha512 (2025), IPsec hybrid ML-KEM per draft-ietf-ipsecme-ikev2-mlkem (2026-04-30 Cloudflare IPsec GA).
  • concepts/ciphersuite-bloat — NIST SP 800-52r2 warning canonicalised via the RFC 9370 experience. Generic extension mechanism without named canonical ciphersuite → vendor- specific implementations → cross-vendor non-interop. Palo Alto Networks' RFC 9370-based early PQ IPsec implementation is the canonical case study.
  • concepts/internet-scale-interoperability — the design bar PQC clears and QKD does not; the property ciphersuite bloat destroys even after a standard exists.
  • concepts/quantum-key-distribution-qkd — the hardware-based alternative Cloudflare explicitly rejects as "will not operate at Internet scale". Cited as a distraction that delayed IPsec PQ rollout by ~four years vs TLS.
  • patterns/standards-convergence-over-vendor-extension — the discipline RFC 9370 violated and draft-ietf-ipsecme- ikev2-mlkem fixes. Name the canonical ciphersuite at standards-publication time; don't let vendors fill the gap with incompatible choices.
  • patterns/tls-first-pqc-rollout-as-blueprint — the meta- pattern of rolling out PQ to sibling protocols by reusing TLS's construction, negotiation mechanism, and ciphersuite convergence. IPsec's 2026-04-30 GA is the canonical sibling instance; SSH (2025 GitHub deployment) is the other.
  • concepts/zero-knowledge-proof — the novel 2026 disclosure shape: Google proved possession of its P-256 quantum-attack speed-up without publishing the algorithm. New epistemic position for the industry — trust-in-a-proof-of-a-secret drives timeline compression.
  • patterns/disable-legacy-before-rotate — the three-step PQ migration discipline: enable PQ → disable classical → rotate every secret that ever crossed a classical session. Cloudflare canonical articulation that rotation takes years, not months.
  • patterns/third-party-dependency-quantum-assessment — scope expansion: direct cryptographic counterparties and indirect critical-business dependencies (financial services, utilities) must be included in procurement + migration planning.
  • patterns/default-on-security-upgrade — the three-instance recurring Cloudflare posture (2014 Universal SSL → 2022 PQ- for-all → 2029 full PQ-security) where security is priced into the platform across all customer tiers.

Posture

  • Rust-first on performance-critical services — Pingora, trie-hard, proxy stack. Cloudflare was an early production voice on "Rust plus microsecond-level profiling works."
  • Cares about single-digit-percent CPU. Most orgs don't profile 1.71 % of a single helper. At 40,000 cores it's 680 cores, which justifies writing a new crate and publishing the result.
  • Measurement → design → measurement. Criterion microbench numbers are cross-checked against production stack-trace sampling in both published posts; they don't land either alone.
  • Open-source reflex. Trie-hard, Pingora, AI Gateway bits, workers-oauth-provider, Agents SDK — the blog is also an advertising channel for the OSS ecosystem around the products.
  • Cross-platform agent-autonomy protocol design. Rather than build a one-off integration with a single partner, Cloudflare co-designs a generic protocol with a peer platform (Stripe) for agent-driven provisioning + payment
  • identity attestation across providers — then explicitly frames any signed-in-user platform as a drop-in orchestrator candidate, and plans a formal specification to follow. 2026- 04-30 agents can now create Cloudflare accounts, buy domains, and deploy is the canonical wiki instance — the three-component discovery + authorization + payment pattern (patterns/agent-provisioning-protocol) and the orchestrator-provider-agent trust triangle it assumes; composes with Code Mode on the API-call altitude and Agent Skills on the task altitude.
  • Coordinated CVE response with runtime bpf-lsm mitigation + scheduled LTS patching in parallel — when an unprivileged Linux-kernel vulnerability drops, Cloudflare's instinct is not a single workstream; it's five in parallel: blast-radius mapping, detection- coverage validation, retroactive threat-hunting of 48h of fleet-wide logs (patterns/fleet-wide-retroactive-threat-hunt), runtime-mitigation engineering via bpf-lsm while the patched LTS kernel is still in backport, and scheduled patched-kernel rollout via the ERR pipeline once backport lands. The posture is: behavioural detection provides vulnerability-agnostic coverage before any CVE- specific rule is written; bpf-lsm provides surgical runtime mitigation that covers the LTS- backport-latency gap; ERR closes the window permanently. Two-phase bpf-lsm rollout — visibility via ebpf_exporter first to validate the allow-list, then enforcement via bpf-lsm behind a separate gate. First-attempt mitigation failures are expected and designed-for: Cloudflare's staging layer is explicitly the fault-domain boundary for "attempt a mitigation you haven't fully characterised yet." Entire posture runs under assume-compromise until proven otherwise. 2026-05-07 Copy Fail response is the canonical wiki instance — CVE-2026-31431, 5-day disclosure-to-fully-mitigated window, 48-hour retroactive threat hunt (clean), first-attempt modprobe blacklist algif_aead broke in staging, surgical socket_bind bpf-lsm allow-list denial shipped fleet-wide within 30 hours. Named follow-ups: "better visibility into kernel-API dependencies", "better runtime mitigation", "reduce attack surface of Linux Kernel" (at build time, canonical concepts/kernel-attack-surface lever).

Recent articles

Last updated · 542 distilled / 1,571 read