How we use Abstract Syntax Trees (ASTs) to turn Workflows code into visual diagrams

Cloudflare Workflows is a durable execution engine that lets you chain steps, retry on failure, and persist state across long-running processes. Developers use Workflows to power background agents, manage data pipelines, build human-in-the-loop approval systems, and more.

Last month, we announced that every workflow deployed to Cloudflare now has a complete visual diagram in the dashboard.

We built this because being able to visualize your applications is more important now than ever before. Coding agents are writing code that you may or may not be reading. However, the shape of what gets built still matters: how the steps connect, where they branch, and what's actually happening.

If you've seen diagrams from visual workflow builders before, those are usually working from something declarative: JSON configs, YAML, drag-and-drop. However, Cloudflare Workflows are just code. They can include Promises, Promise.all, loops, conditionals, and/or be nested in functions or classes. This dynamic execution model makes rendering a diagram a bit more complicated.

We use Abstract Syntax Trees (ASTs) to statically derive the graph, tracking Promise and await relationships to understand what runs in parallel, what blocks, and how the pieces connect. 

Keep reading to learn how we built these diagrams, or deploy Continue reading

A one-line Kubernetes fix that saved 600 hours a year

Every time we restarted Atlantis, the tool we use to plan and apply Terraform changes, we’d be stuck for 30 minutes waiting for it to come back up. No plans, no applies, no infrastructure changes for any repository managed by Atlantis. With roughly 100 restarts a month for credential rotations and unboarding, that added up to over 50 hours of blocked engineering time every month, and paged the on-call engineer every time.

This was ultimately caused by a safe default in Kubernetes that had silently become a bottleneck as the persistent volume used by Atlantis grew to millions of files. Here’s how we tracked it down and fixed it with a one-line change.

Mysteriously slow restarts

We manage dozens of Terraform projects with GitLab merge requests (MRs) using Atlantis, which handles planning and applying. It enforces locking to ensure that only one MR can modify a project at a time. 

It runs on Kubernetes as a singleton StatefulSet and relies on a Kubernetes PersistentVolume (PV) to keep track of repository state on disk. Whenever a Terraform project needs to be onboarded or offboarded, or credentials used by Terraform are updated, we have to restart Atlantis to pick Continue reading

Worth Reading: Securing NTP and the Origins of Time

Geoff Huston published an article supposedly describing the challenge of securing NTP, but as is usually the case, he couldn’t skip the prior art going all the way back (almost) to the formation of Earth.

Before coming to the how do we secure NTP section, you’ll learn everything about the wobbly Earth rotation, the changes in the Earth’s angular speed, the impact of tides, the smearing of leap seconds, the differences between UT1 and UTC, why we use quasars to measure time, and everything there is to know about NTP. Have fun!

TCG072: AI and the Automation Engineer – When Your Scripts Start Writing Themselves

William Collins and Eyvonne Sharp invite Skylar Sands, Senior Automation Engineer at World Wide Technology, to discuss what it means to integrate AI into the daily workflow in a meaningful way. Together they break down the shift in the automation engineer’s role now that AI can instantly generate the “toolkit” of Python, Ansible, and Bash,... Read more »

D2DO298: Spacelift Intelligence: Infrastructure Keeping Pace with AI-Enhanced Development (Sponsored)

On today’s sponsored episode, Ned Bellavance and Kyler Middleton welcome guest Marcin Wyszynski, Head of R&D at Spacelift to guide them through the potential future of IaC and how AI is changing the landscape of developer productivity, especially around infrastructure. They discuss two of Spacelift’s products, Spacelift Intent and Spacelift Intelligence. Spacelift Intent is an... Read more »

Worth Reading 032526


For organizations in telecommunications, financial services, healthcare, and public infrastructure, the driver for running inference at the edge is not to reduce milliseconds. It is because the data cannot legally leave the building, the country, or the jurisdiction.

 


Internet number resources are not political property. They are operator-held assets embedded in functioning networks.

 


Just over half of U.S. teens say they have used chatbots for help with schoolwork, and 12% say they’ve gotten emotional support. More teens think AI will be positive for them than negative

 


You’ll use AI and like it too – if you work for PwC. Paul Griggs, US chief executive of the global professional services giant, has made clear there is no room at the corporation for AI skeptics.

 


For some time, I have been looking after a routing analysis report called the “CIDR Report”. Here I’d like to explain the reasons for this report, and what is in the report and share some thoughts as to its usefulness today to the Internet routing community.

PP102: What’s Driving SASE Adoption?

Spending on SASE, which combines SD-WAN and cloud-delivered security, is forecast to nearly triple over the next few years, according to Dell’Oro Group. Today on Packet Protector we talk with that forecast’s author about what’s driving that spending. We also explore how SASE vendors are differentiating, architectural considerations for SASE deployments, pros and cons of... Read more »

Talking About Pulumi and Network Automation

Heard about Pulumi, but aren’t sure what it is? Maybe you know a little bit about Pulumi—like that it does infrastructure as code (IaC), but using general purpose programming languages—and you’re wondering where it fits in a larger automation framework? Or maybe you’re a network engineer just starting to dabble in network automation, and you’re wondering if this Pulumi thing is something you should check out. If any of these apply to you, then the latest Network Automagic podcast episode is right up your alley.

I recently had the opportunity to join Steinn Bjarnarson and Urs Baumann for an episode of Network Automagic. The focus of our discussion—although I will say we diverged a bit here and there—was on Pulumi, what it is, and whether it fits into a larger network automation framework. After all, if you can use general purpose programming languages like Python with Pulumi, why not just use Pulumi in a Python program that also does network automation stuff?

All in all, recording the podcast with Steinn and Urs was great fun, and I hope that the final product ends up being helpful for folks. There’s a variety of ways to listen in on the episode:

Continue reading

Sandboxing AI agents, 100x faster

Last September we introduced Code Mode, the idea that agents should perform tasks not by making tool calls, but instead by writing code that calls APIs. We've shown that simply converting an MCP server into a TypeScript API can cut token usage by 81%. We demonstrated that Code Mode can also operate behind an MCP server instead of in front of it, creating the new Cloudflare MCP server that exposes the entire Cloudflare API with just two tools and under 1,000 tokens.

But if an agent (or an MCP server) is going to execute code generated on-the-fly by AI to perform tasks, that code needs to run somewhere, and that somewhere needs to be secure. You can't just eval() AI-generated code directly in your app: a malicious user could trivially prompt the AI to inject vulnerabilities.

You need a sandbox: a place to execute code that is isolated from your application and from the rest of the world, except for the specific capabilities the code is meant to access.

Sandboxing is a hot topic in the AI industry. For this task, most people are reaching for containers. Using a Linux-based container, you can start up any sort of Continue reading

Worth Reading: Why We’ve Tried to Replace Developers Every Decade

The never-ending “we will replace developers” (or networking engineers) pipe dream didn’t start with the latest bout of AI hype (or SDN). As Stephan Schwab explains in his Why We’ve Tried to Replace Developers Every Decade article, it started with COBOL, the magic high-level programming language that businesspeople would use to write their own programs.

At least some of us know how well that ended. I was also unfortunate to be there for the 5GL hype, the forms-driven programming hype, the “everyone will solve every problem out there with Excel macros” (it does work for networking inventory, doesn’t it?), and a few others. So please excuse me if I remain a bit skeptical about the latest fad, even though I find it (like all the previous ones) very useful when used conservatively in limited domains.

Pura Segara Kidul: Jejak Spiritual dan Kearifan Budaya di Pesisir Selatan Bali

Sejarah dan Latar Belakang Pura Segara Kidul

Pura Segara Kidul berdiri sebagai simbol kuat hubungan manusia dan alam laut. Pura ini berkembang dari tradisi leluhur Bali. Masyarakat pesisir membangun pura sebagai bentuk penghormatan spiritual. Selain itu, pura ini terhubung erat dengan konsep Tri Hita Karana.

Pada awalnya, masyarakat memanfaatkan pura sebagai tempat memohon keselamatan. Oleh karena itu, para nelayan sering melakukan persembahyangan sebelum melaut. Seiring waktu, peran pura semakin luas. Bahkan, pura menjadi pusat kegiatan keagamaan penting. Dengan demikian, Pura Segara Kidul memiliki nilai sejarah dan spiritual tinggi.

Makna Spiritual dan Filosofi Sakral

Makna spiritual Pura Segara Kidul sangat mendalam. Pura ini melambangkan keseimbangan antara manusia dan kekuatan laut. Selain itu, pura juga mencerminkan rasa syukur terhadap anugerah alam. Karena itu, umat Hindu rutin menggelar upacara khusus.

Selanjutnya, masyarakat meyakini laut sebagai sumber kehidupan. Oleh sebab itu, pura mengajarkan sikap hormat terhadap alam. Bahkan, filosofi ini menanamkan kesadaran lingkungan. Dengan kata lain, Pura Continue reading

1 2 3 3,857