Introducing the Cloudflare One stack: agent-powered deployment<br>Adopting or migrating to a Zero Trust network architecture can be a daunting task. Before a single policy changes, teams have to recall how their network is actually built: which applications exist, their authentication and authorization constructs, how traffic flows between them, and any assumptions the current architecture makes. This hands-on process requires practitioners to decode the intent behind every security and routing policy in place.Today, we’re releasing the Cloudflare One stack, a set of skills you give to your agent to configure, deploy, and manage your Zero Trust environment for you. This toolkit is designed to help automate the process of learning an entirely new security suite and mapping your existing one into Cloudflare.Cloudflare has worked with thousands of customers through exactly this process. That repetition built expertise on where migrations stall, what questions come up every time, and what it takes to move forward. The Cloudflare One stack packages that expertise and makes it more accessible than ever. \n \n The agent gap in network security\n \n \n \n \n Teams are already using agents to write code, triage alerts, and automate workflows. Organizations are increasingly asking for Cloudflare-provided tooling to help agents execute on security workflows. On their own, agents are not trained on the nuances of an organization&#39;s specific network topology or vendor configurations.By providing prescriptive and authoritative guidance, organizations can layer this context into their existing toolkit to make better use of the security products they are already deploying.Cloudflare has long been the easiest-to-deploy SASE vendor in the market. The stack extends that philosophy to agents: it gives them the context, tools, and structured reasoning they need to operate on your security infrastructure.\n \n What is the Cloudflare One stack?\n \n \n \n \n The Cloudflare One stack is a collection of skills that can be used with any agent. As with any skill, you can use them standalone, layer in your own context, or build tooling on top. It was purpose-built to help security practitioners across the entire lifecycle of evaluating, deploying, and managing Cloudflare One.The stack was built by synthesizing hand-curated knowledge from employees with tens of thousands of hours of experience working with customers on Cloudflare One products. It contains tools for planning, managing, and implementing your user and agent security infrastructure on Cloudflare. It also contains handpicked logic for migrating from legacy vendors like Zscaler and Palo Alto Networks.When used in conjunction with the Cloudflare code mode MCP server, the stack gives agents a typed interface to the Cloudflare API. Agents can query your live account, inspect configurations, and make changes through a curated set of Cloudflare-recommended workflows rather than ad-hoc API calls.\n \n What’s in the stack?\n \n \n \n \n The Cloudflare One stack ships as two lightweight skill files: cloudflare-one and cloudflare-one-migration. Together they cover migrating to, building an implementation for, managing, and troubleshooting your Cloudflare One deployment:Remote access and VPN replacement with Cloudflare AccessUser, network, device, and data security with Cloudflare GatewayConnectivity with Cloudflare Tunnel, Cloudflare Mesh, and Cloudflare WANMigration guidance with explicit detail for moving from other SASE vendorsNetwork diagram interpretation and generation, so you can visualize proposed changes to your network in a way that is easy for you and your team to understandVendor concept translation, which maps concepts between SASE vendors to reduce the barrier to evaluating and switching providersTroubleshooting and operations, with the Digital Experience Monitoring (DEX) toolkit and automated rule recommendations\n \n How it works\n \n \n \n \n The stack is available in the Cloudflare Skills repository. Each skill file contains structured knowledge, decision trees, and tool definitions that agents load automatically when the context matches. Give this to your agent and let it help you set up, configure, and manage your Zero Trust environment:\n\n\n \n \n html, body {\n margin: 0;\n padding: 0;\n background: transparent;\n overflow: hidden;\n }\n .prompt-container {\n border: 1px solid #e0e0e0;\n border-radius: 8px;\n padding: 16px;\n background: #ffffff;\n box-shadow: 0 1px 3px rgba(0,0,0,0.05);\n box-sizing: border-box;\n margin: 2px 2px 6px 2px; /* Gives space for the bottom border and shadow */\n }\n .prompt-text {\n font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n font-size: 14px;\n line-height: 1.5;\n color: #2b2b2b;\n margin-bottom: 12px;\n font-weight: 500;\n }\n .copy-btn {\n font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n background-color: #1a73e8;\n color: white;\n border: none;\n padding: 8px...