dx(poc): migrate to satteri md processor

[colbywhite]

Rebased version of #31522.

Note: This is not really meant to be public. But CI only runs when you open a PR so here we are. All tagged reviewers should ignore.

[github-actions]

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
*.ts	@cloudflare/content-engineering, @kodster28
package.json	@cloudflare/content-engineering
*	@cloudflare/product-owners
*.astro	@cloudflare/content-engineering, @kodster28
/src/content/changelog/	@cloudflare/pm-changelogs, @cloudflare/product-owners
/src/content/changelog/security-center/	@alexmoraru7, @cloudflare/appsec-reviewers, @elithrar, @danielegm, @cloudflare/pm-changelogs, @cloudflare/product-owners, @davejbax, @zrkn, @hemanthk1099, @bseel-cfone
/src/content/changelog/waf/	@cloudflare/firewall, @vs-mg, @fb1337, @cloudflare/pm-changelogs, @cloudflare/appsec-reviewers, @elithrar, @cloudflare/product-owners, @hsaxenaCF, @danielegm, @ay-cf
/src/content/docs/api-shield/	@patriciasantaana, @cloudflare/appsec-reviewers, @elithrar, @xmflsct, @danielegm, @cloudflare/product-owners
/src/content/docs/cloudflare-one/	@ranbel, @Maddy-Cloudflare, @codyanthony850, @cloudflare/cf1-reviewers, @elithrar, @cloudflare/product-owners
/src/content/docs/d1/	@elithrar, @rita3ko, @irvinebroque, @vy-ton, @ivoryibu, @rts-rob, @joshthoward, @lambrospetrou, @oxyjun, @cloudflare/product-owners
/src/content/docs/ddos-protection/	@patriciasantaana, @cloudflare/appsec-reviewers, @elithrar, @alpdot, @cloudflare/product-owners, @anita-tenjarla, @cjdoucette, @sbohrer, @vcfxb, @danielegm
/src/content/docs/learning-paths/	@cloudflare/product-owners
/src/content/docs/log-explorer/	@angelampcosta, @dcpena, @cloudflare/product-owners
/src/content/docs/logs/	@soheiokamoto, @angelampcosta, @rianvdm, @dcpena, @cloudflare/product-owners
/src/content/docs/speed/	@cloudflare/product-owners, @ack-cf
/src/content/docs/waiting-room/	@angelampcosta, @dcpena, @cloudflare/product-owners, @hsaxenaCF, @danielegm

[ask-bonk]

This POC migrates the markdown pipeline from Astro's native remark/rehype to @astrojs/markdown-satteri. 3 issues need attention before merge: a noisy lockfile downgrade, an unrelated changelog edit, and a potential content-loss bug in the title-figure plugin.

Issues

• HIGH pnpm-lock.yaml downgrades many unrelated transitive dependencies (esbuild 0.28.1 → 0.28.0, rollup 4.62.0 → 4.61.0, undici 6.27.0 → 6.26.0, etc.). Adding a new package should not roll back unrelated deps. Regenerate with pnpm install --frozen-lockfile.
• HIGH astro.config.ts hardcodes RUN_LINK_CHECK = false. Acceptable for a POC branch, but ensure there is a tracking TODO/issue so it is not forgotten if this ever targets production.
• MEDIUM src/plugins/satteri/title-figure.ts can silently drop non-image paragraph children when images are mixed with text or other elements. The original rehype-title-figure only processed paragraphs that contained exclusively images.
• LOW src/content/changelog/waf/2026-05-04-waf-release.mdx contains only whitespace changes unrelated to the migration. Revert to keep the diff focused.

[ask-bonk]

Add a tracking prefix so this does not get lost:

Suggested change

	// Temporarily disabled during the satteri migration; re-enable once link validation is green.
	// TODO(satteri): Temporarily disabled during the satteri migration; re-enable once link validation is green.

[ask-bonk]

Add a guard so paragraphs with mixed content are not stripped of their non-image children:

Suggested change

	(child): child is Element =>
	child.type === "element" && child.tagName === "img",
	);
	if (images.length === 0) {
	return;
	}
	if (images.length !== node.children.length) {
	return;
	}

[ask-bonk]

Posted a review on PR #31680 and added the do-not-merge-yet label.

What the PR does
Migrates the site's markdown pipeline from Astro's native remark/rehype to @astrojs/markdown-satteri. It introduces new Sätteri-based plugins (autolink-headings, external-links, heading-slugs, mermaid, shift-headings, title-figure, validate-images) and wires them into astro.config.ts. Shared constants were extracted to src/plugins/shared.ts to avoid duplication with the legacy rehype plugins.

Flagged issues

• HIGH — pnpm-lock.yaml downgrades unrelated transitive dependencies (esbuild, rollup, undici, etc.). Suggested regenerating with pnpm install --frozen-lockfile.
• HIGH — RUN_LINK_CHECK is hardcoded to false in astro.config.ts. Added an inline suggestion to prefix the comment with TODO(satteri): so it doesn't get forgotten.
• MEDIUM — src/plugins/satteri/title-figure.ts can silently drop non-image children in a paragraph. Posted an inline suggestion to add a guard (images.length !== node.children.length) so only paragraphs that contain exclusively images are processed.
• LOW — src/content/changelog/waf/2026-05-04-waf-release.mdx contains unrelated whitespace-only changes. Recommended reverting to keep the diff focused.

No commits were pushed.

github run

[github-actions]

Preview URL: https://20c8a48b.preview.developers.cloudflare.com
Preview Branch URL: https://satteri.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/changelog/post/2026-04-08-threat-events-notification/	https://satteri.preview.developers.cloudflare.com/changelog/post/2026-04-08-threat-events-notification/
https://developers.cloudflare.com/changelog/post/2025-10-02-deepgram-flux/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-10-02-deepgram-flux/
https://developers.cloudflare.com/changelog/post/2026-05-04-waf-release/	https://satteri.preview.developers.cloudflare.com/changelog/post/2026-05-04-waf-release/
https://developers.cloudflare.com/changelog/post/2025-11-25-flux-2-dev-workers-ai/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-11-25-flux-2-dev-workers-ai/
https://developers.cloudflare.com/api-shield/reference/terraform/	https://satteri.preview.developers.cloudflare.com/api-shield/reference/terraform/
https://developers.cloudflare.com/changelog/post/2025-07-28-spam-domain-category-introduced/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-07-28-spam-domain-category-introduced/
https://developers.cloudflare.com/changelog/post/2025-07-18-brand-protection-api/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-07-18-brand-protection-api/
https://developers.cloudflare.com/logs/logpush/logpush-job/filters/	https://satteri.preview.developers.cloudflare.com/logs/logpush/logpush-job/filters/
https://developers.cloudflare.com/changelog/post/2025-10-01-confidence-intervals/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-10-01-confidence-intervals/
https://developers.cloudflare.com/changelog/post/2025-10-30-member-management-improvements/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-10-30-member-management-improvements/
https://developers.cloudflare.com/changelog/post/2025-08-15-static-assets-redirect-url/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-08-15-static-assets-redirect-url/
https://developers.cloudflare.com/changelog/post/2025-09-19-ratelimit-workers-ga/	https://satteri.preview.developers.cloudflare.com/changelog/post/2025-09-19-ratelimit-workers-ga/
https://developers.cloudflare.com/cloudflare-one/email-security/settings/detection-settings/allow-policies/	https://satteri.preview.developers.cloudflare.com/cloudflare-one/email-security/settings/detection-settings/allow-policies/
https://developers.cloudflare.com/d1/tutorials/d1-and-prisma-orm/	https://satteri.preview.developers.cloudflare.com/d1/tutorials/d1-and-prisma-orm/
https://developers.cloudflare.com/ddos-protection/advanced-ddos-systems/how-to/add-prefix-allowlist/	https://satteri.preview.developers.cloudflare.com/ddos-protection/advanced-ddos-systems/how-to/add-prefix-allowlist/