{"slug": "introducing-the-cloudflare-one-stack-agent-powered-deployment", "title": "Introducing the Cloudflare One stack: agent-powered deployment", "summary": "Cloudflare released the Cloudflare One stack, a set of skills for AI agents to automate the deployment and management of Zero Trust network architectures. The stack packages expertise from thousands of customer migrations to help security teams configure, deploy, and manage Cloudflare One, including migration from legacy vendors like Zscaler and Palo Alto Networks.", "body_md": "Adopting or migrating to a Zero Trust network architecture can be a daunting task. Before a single policy changes, teams have to recall how their network is actually built: which applications exist, their authentication and authorization constructs, how traffic flows between them, and any assumptions the current architecture makes. This hands-on process requires practitioners to decode the intent behind every security and routing policy in place.\n\nToday, we’re releasing the Cloudflare One stack, a __set of skills__ you give to your agent to configure, deploy, and manage your Zero Trust environment for you. This toolkit is designed to help automate the process of learning an entirely new security suite and mapping your existing one into Cloudflare.\n\nCloudflare has worked with thousands of customers through exactly this process. That repetition built expertise on where migrations stall, what questions come up every time, and what it takes to move forward. The Cloudflare One stack packages that expertise and makes it more accessible than ever.\n\n### The agent gap in network security\n\nTeams are already using agents to write code, triage alerts, and automate workflows. Organizations are increasingly asking for Cloudflare-provided tooling to help agents execute on security workflows. On their own, agents are not trained on the nuances of an organization's specific network topology or vendor configurations.\n\nBy providing prescriptive and authoritative guidance, organizations can layer this context into their existing toolkit to make better use of the security products they are already deploying.\n\nCloudflare has long been the easiest-to-deploy SASE vendor in the market. The stack extends that philosophy to agents: it gives them the context, tools, and structured reasoning they need to operate on your security infrastructure.\n\n## What is the Cloudflare One stack?\n\nThe Cloudflare One stack is __a collection of skills__ that can be used with any agent. As with __any skill__, you can use them standalone, layer in your own context, or build tooling on top. It was purpose-built to help security practitioners across the entire lifecycle of evaluating, deploying, and managing __Cloudflare One__.\n\nThe stack was built by synthesizing hand-curated knowledge from employees with tens of thousands of hours of experience working with customers on Cloudflare One products. It contains tools for planning, managing, and implementing your user and agent security infrastructure on Cloudflare. It also contains handpicked logic for migrating from legacy vendors like __Zscaler__ and Palo Alto Networks.\n\nWhen used in conjunction with the __Cloudflare code mode MCP server__, the stack gives agents a typed interface to the Cloudflare API. Agents can query your live account, inspect configurations, and make changes through a curated set of Cloudflare-recommended workflows rather than ad-hoc API calls.\n\nThe Cloudflare One stack ships as two lightweight skill files: cloudflare-one and cloudflare-one-migration. Together they cover migrating to, building an implementation for, managing, and troubleshooting your Cloudflare One deployment:\n\n**Remote access and VPN replacement** with Cloudflare Access\n\n**User, network, device, and data security** with Cloudflare Gateway\n\n**Connectivity** with Cloudflare Tunnel, Cloudflare Mesh, and Cloudflare WAN\n\n**Migration guidance** with explicit detail for moving from other SASE vendors\n\n**Network diagram interpretation and generation**, so you can visualize proposed changes to your network in a way that is easy for you and your team to understand\n\n**Vendor concept translation**, which maps concepts between SASE vendors to reduce the barrier to evaluating and switching providers\n\n**Troubleshooting and operations**, with the Digital Experience Monitoring (DEX) toolkit and automated rule recommendations\n\nThe stack is available in the __Cloudflare Skills__ repository. Each skill file contains structured knowledge, decision trees, and tool definitions that agents load automatically when the context matches. Give this to your agent and let it help you set up, configure, and manage your Zero Trust environment:\n\nThe cloudflare-one skill covers general product guidance. For example, if you ask an agent for the best way to replace your VPN infrastructure with Cloudflare Tunnel or Cloudflare Mesh, the skill knows how to:\n\nInventory your existing VPN applications and identify which connectivity model each requires\n\nMap each application to the appropriate Cloudflare primitive — self-hosted Access application, Tunnel-connected service, or Mesh-connected network segment\n\nGenerate a recommended deployment sequence that minimizes disruption during cutover\n\nProduce a configuration summary your team can review before making any changes\n\nThe cloudflare-one-migration skill covers vendor-to-vendor translation. For example, if you ask an agent to migrate your Zscaler Private Access applications to Cloudflare Access, the skill knows how to:\n\nMap Zscaler application definitions to Cloudflare Access application definitions\n\nTransform Zscaler user groups and policies into Cloudflare Access policies\n\nUse the Cloudflare API to create the equivalent resources in your account\n\nGenerate a summary of what was migrated and what requires manual review\n\nThe migration logic in the stack is the same logic used in Cloudflare's __Descaler__ and __Deskope__ programs. Those programs have already moved enterprise customers from Zscaler and Netskope to Cloudflare One in hours rather than months. The stack makes that capability available to any customer or partner, at any time, without waiting for a scheduled engagement.\n\n### More ways to use the stack\n\nThe Cloudflare One stack can also:\n\nRecommend security rules based on traffic seen in your live account\n\nAutomatically migrate your existing Zscaler Private Access applications into self-hosted Cloudflare Access applications\n\nInvestigate anomalies in your secure web gateway HTTP logs and build rules to resolve issues users are seeing\n\nReport on user stability with the DEX toolkit and take actions to improve user latency in key scenarios\n\nWhether you are loading the skill from an agent or building custom tooling on top, the Cloudflare One stack handles all of these use cases and more.\n\nWhile this simplifies ongoing management for customers who have already adopted the Cloudflare One product suite, it is also a tool for the Cloudflare partner network. Partners can use it to help their customers deploy faster, manage more effectively, troubleshoot with increased accuracy, and drive issues to resolution.\n\nYou can start using the Cloudflare One stack today. To get the most out of the stack, pair it with the Cloudflare __code mode MCP server__. The MCP server gives your agent live access to the Cloudflare API through a single, compressed interface that keeps authentication credentials out of the model context.\n\nThe Cloudflare One stack will continue to expand as Cloudflare One products evolve. New skills for additional migration sources and more advanced troubleshooting workflows are already in development.\n\nAs we learn more about how customers and partners utilize these skills files, we plan to build more robust tooling around these skills. If you are a customer or partner and want to share feedback on what the stack should handle next, reach out through your account team or open an issue in the repository.", "url": "https://wpnews.pro/news/introducing-the-cloudflare-one-stack-agent-powered-deployment", "canonical_source": "https://blog.cloudflare.com/cloudflare-one-stack/", "published_at": "2026-06-17 13:00:00+00:00", "updated_at": "2026-06-17 13:53:38.436115+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-infrastructure", "ai-products", "ai-safety"], "entities": ["Cloudflare", "Cloudflare One", "Zscaler", "Palo Alto Networks", "Cloudflare Access", "Cloudflare Gateway", "Cloudflare Tunnel", "Cloudflare Mesh"], "alternates": {"html": "https://wpnews.pro/news/introducing-the-cloudflare-one-stack-agent-powered-deployment", "markdown": "https://wpnews.pro/news/introducing-the-cloudflare-one-stack-agent-powered-deployment.md", "text": "https://wpnews.pro/news/introducing-the-cloudflare-one-stack-agent-powered-deployment.txt", "jsonld": "https://wpnews.pro/news/introducing-the-cloudflare-one-stack-agent-powered-deployment.jsonld"}}