cd /news/ai-tools/foura-digest-jun-26-to-jul-3-2026 · home topics ai-tools article
[ARTICLE · art-47306] src=foura.ai ↗ pub= topic=ai-tools verified=true sentiment=↑ positive

FourA Digest — Jun 26 to Jul 3, 2026

FourA launched Auto, a cost-aware endpoint that selects the optimal product for URL fetching and handles Cloudflare challenges, and expanded language support from 7 to 13 languages across its blog, docs, and updates portal. The company also improved Cloudflare handling, added an MCP tool, and tightened security with a kernel-level egress firewall.

read4 min views1 publishedJul 3, 2026
FourA Digest — Jun 26 to Jul 3, 2026
Image: Foura (auto-discovered)

Highlights #

Auto shipped to production this week. Point it at any URL and it walks a cost-aware ladder (probe, find an exit, browser solve, cheap replay) and returns the content plus the session that got it. A cold Cloudflare Turnstile solve on minfin.bg takes about 5 seconds through Auto; the next call replays through Single at 2 credits. We also added 6 languages across the blog, docs, and updates portal, taking us from 7 to 13.

What's New #

Auto: one endpoint, four products, cost-aware

POST /api/auto

is live. You hand it a URL and it picks the right product (Single, Proxy Finder, or Browser), handles Cloudflare challenges when they show up, and hands back the response plus a session

object with the proxy ID, cookies, and user agent that worked. Reuse the returned session on the next call and Auto replays through Single at 2 credits instead of grinding through a fresh solve.

Every response now carries a meta

trace so you can see which rung won, whether a defense was solved, how many sub-calls it took, and the total credits spent. Bring your own validate

rules and Auto enforces them on every rung, not just the last one, so a geo-block page returned with transport 200 no longer counts as success the way it used to.

The Dashboard playground got an Auto tab with timeout_ms

, ignoreProxies

, returnSession

, and forceProxy

wired up, so you can drive Auto from a form before wiring it into code.

6 new languages

Spanish, French, Japanese, Korean, Brazilian Portuguese, and Russian joined the blog, docs, and updates portal, taking us from 7 to 13 languages across our public sites. Content is translated by a role-aware pipeline: nav labels get a brevity-over-literal prompt so the sidebar stays short, post bodies get a preserve-markdown prompt so code blocks and headings survive intact.

The language switcher got rebuilt too. Flags are gone (Spain's flag alienates the other 20 Spanish-speaking countries, and the same logic applies to Portuguese, Arabic, and English). Native names carry the signal now, and each option also shows its name in the active UI language, so you can find "Deutsch" as "немски" from a Bulgarian browser. Type in the search box at the top to filter 13 locales down to the one you want, use arrow keys to move, hit enter to switch. Each option is a real <a href>

with hreflang

and lang

, so search engines and AI crawlers can follow every language version.

Cloudflare handling: what actually got fixed

Auto now handles four Cloudflare situations that used to leak the wrong response:

  • The "Just a moment" interstitial served with transport 200 no longer counts as a success. Auto escalates to a solve rung instead of handing you the challenge page.
  • Non-interactive challenges (marathonbet's "Checking your browser" auto-pass) render client-side after clearance. Browser polls the live DOM and finalizes the moment cf_clearance

lands, instead of timing out on an empty top-level response. - The real post-clearance status is honoured. A geo-block that Cloudflare serves after the challenge passes returns 451, not 200 with a suspicious body.

  • Interactive Turnstile (minfin.bg) solves end-to-end. Auto tries a direct-egress browser solve first (a trusted egress endpoint passes Turnstile where free datacenter exits get the challenge escalated), then falls back to the proxy grind if that fails.

MCP: foura_auto

and public discovery

The MCP server picked up a foura_auto

tool that mirrors /api/auto

. Hand it a URL, get content and a session back. Discovery (tools, prompts, capabilities) is now unauthenticated so agents can browse before authenticating, and the /llms.txt

map is proxied at the root. The landing moved to foura.ai/mcp for link equity, and the subdomain 301s browsers there.

Under the Hood #

We tightened the SSRF boundary around the fetchers. A kernel-level egress firewall blocks the two request-issuing services from opening connections to private, CGNAT, link-local, and cloud metadata ranges. The app-level check already covered the URL, now the lower-level paths can't slip anything past either. The proxy

field on a request gets the same treatment: a client-supplied proxy host that resolves to a private address is rejected before the request goes out.

The Activity log never stores a raw proxy URL anymore, even when a client sent one. The response you see always carries the opaque base36 proxy ID, and the stored payload matches. We also stripped the x-powered-by

header from every API response.

Numbers #

  • The interactive Turnstile solve on minfin.bg: 200 with ministry content in about 5 seconds, then 2 credits per replay through the cached session.
  • On a rate-limited target under concurrent load, Auto now spreads across multiple exits (4 distinct exits used on a fixed-exit host, 21 of 24 replays at 2 credits) instead of piling every request onto one exit.
  • 13 languages live across blog, docs, and updates.

Auto is the shape of the API we've been building toward all quarter. Point at a URL, get the response, keep the session. The interesting work now is on the edges: measuring how well the cost-aware ladder amortizes on your real traffic, and finding the validate patterns that catch the false-positive success cases nobody thinks about.

── more in #ai-tools 4 stories · sorted by recency
── more on @foura 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/foura-digest-jun-26-…] indexed:0 read:4min 2026-07-03 ·