πŸ“¦ cloudflare / mcp

MCP server for the Cloudflare API

β˜… 118 stars β‘‚ 11 forks πŸ‘ 118 watching βš–οΈ Apache License 2.0
cloudflarecloudflare-workersmcpmcp-server
mcp
πŸ“₯ Clone https://github.com/cloudflare/mcp.git
HTTPS git clone https://github.com/cloudflare/mcp.git
SSH git clone git@github.com:cloudflare/mcp.git
CLI gh repo clone cloudflare/mcp
ZIP Desktop VS Code
dependabot[bot] dependabot[bot] build(deps): bump devalue from 5.6.2 to 5.6.3 in /site (#27) bd32f32 2 days ago πŸ“ History
πŸ“‚ main View all commits β†’
πŸ“ .github
πŸ“ scripts
πŸ“ site
πŸ“ src
πŸ“„ .env_example
πŸ“„ .gitignore
πŸ“„ .oxfmtrc.json
πŸ“„ LICENSE
πŸ“„ package-lock.json
πŸ“„ package.json
πŸ“„ README.md
πŸ“„ tsconfig.json
πŸ“„ vitest.config.ts
πŸ“„ worker-configuration.d.ts
πŸ“„ wrangler.jsonc
πŸ“„ README.md

Cloudflare MCP Server

A token-efficient MCP server for the entire Cloudflare API. 2500 endpoints in 1k tokens, powered by Code Mode.

Token Comparison

ApproachToolsToken costContext used (200K)
Raw OpenAPI spec in promptβ€”~2,000,000977%
Native MCP (full schemas)2,5941,170,523585%
Native MCP (minimal β€” required params only)2,594244,047122%
Code mode21,0690.5%

Get Started

MCP URL: https://mcp.cloudflare.com/mcp

Option 1: OAuth (Recommended)

Just connect to the MCP server URL - you'll be redirected to Cloudflare to authorize and select permissions.

Example JSON Configuration

{
  "mcpServers": {
    "cloudflare-api": {
      "url": "https://mcp.cloudflare.com/mcp"
    }
  }
}

Option 2: API Token

For CI/CD, automation, or if you prefer managing tokens yourself.

Create a Cloudflare API token with the permissions you need. Both user tokens and account tokens are supported. For account tokens, include the Account Resources : Read permission so the server can auto-detect your account ID.

Add to Agent

SettingValue
MCP URLhttps://mcp.cloudflare.com/mcp
Bearer TokenYour Cloudflare API Token

The Problem

The Cloudflare OpenAPI spec is 2 million tokens. Even with native MCP tools using minimal schemas, it's still ~244k tokens. Traditional MCP servers that expose every endpoint as a tool leak this entire context to the main agent.

This server solves the problem by using code execution in a Code Mode pattern - the spec lives on the server, and only the result of the code execution is returned to the agent.

Tools

Agent writes code to search the spec and execute API calls.

ToolDescription
searchWrite JavaScript to query spec.paths and find endpoints
executeWrite JavaScript to call cloudflare.request() with the discovered endpoints
Agent                         MCP Server
  β”‚                               β”‚
  β”œβ”€β”€search({code: "..."})───────►│ Execute code against spec.json
  │◄──[matching endpoints]────────│
  β”‚                               β”‚
  β”œβ”€β”€execute({code: "..."})──────►│ Execute code against Cloudflare API
  │◄──[API response]──────────────│

Supported Products

Workers, KV, R2, D1, Pages, DNS, Firewall, Load Balancers, Stream, Images, AI Gateway, Vectorize, Access, Gateway, and more. See the full Cloudflare API schemas.

Usage

Once configured, just ask your agent to do things with Cloudflare:

  • "List all my Workers"
  • "Create a KV namespace called 'my-cache'"
  • "Add an A record for api.example.com pointing to 192.0.2.1"
The agent will search for the right endpoints and execute the API calls. Here's what happens behind the scenes:

// 1. Search for endpoints
search({
  code: `async () => {
    const results = [];
    for (const [path, methods] of Object.entries(spec.paths)) {
      for (const [method, op] of Object.entries(methods)) {
        if (op.tags?.some(t => t.toLowerCase() === 'workers')) {
          results.push({ method: method.toUpperCase(), path, summary: op.summary });
        }
      }
    }
    return results;
  }`,
});

// 2. Execute API call (user token - account_id required)
execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "GET",
      path: \`/accounts/\${accountId}/workers/scripts\`
    });
    return response.result;
  }`,
  account_id: "your-account-id",
});

// 2. Execute API call (account token - account_id auto-detected)
execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "GET",
      path: \`/accounts/\${accountId}/workers/scripts\`
    });
    return response.result;
  }`,
});

GraphQL Analytics API

The server automatically detects and handles Cloudflare's GraphQL Analytics API endpoints. GraphQL queries work seamlessly through the same execute tool:

execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "POST",
      path: "/client/v4/graphql",
      body: {
        query: \`query {
          viewer {
            zones(filter: { zoneTag: "\${accountId}" }) {
              httpRequests1dGroups(limit: 7, orderBy: [date_ASC]) {
                dimensions {
                  date
                }
                sum {
                  requests
                  bytes
                  cachedBytes
                }
              }
            }
          }
        }\`,
        variables: {}
      }
    });
    return response.result;
  }`,
  account_id: "your-account-id",
});

Build a Code Mode MCP Server

Code execution uses Cloudflare's Dynamic Worker Loader API to run generated code in isolated Workers, following the Code Mode pattern.

Read the Code Mode SDK docs for more info.

Resources