Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Cloudflare Pro

FreeNot checked

A local stdio MCP server that provides 69 tools for Cloudflare REST API v4, including DNS, Zones, Workers, KV, R2, D1, Pages, Queues, Tunnels, SSL, WAF, Email R

GitHubEmbed

About

A local stdio MCP server that provides 69 tools for Cloudflare REST API v4, including DNS, Zones, Workers, KV, R2, D1, Pages, Queues, Tunnels, SSL, WAF, Email Routing, Logpush and Workers AI, authenticated by a single API token.

README

MCP server for the Cloudflare REST API v469 tools across DNS, Zones, Workers, KV, R2, D1, Pages, Queues, Tunnels, SSL, WAF, Email Routing, Logpush and Workers AI in a single local stdio server authenticated by API token.

npm version License: MIT GitHub Stars GitHub Forks GitHub Issues Glama Quality

TypeScript Node.js MCP Claude Code Cursor Claude Desktop

Instagram YouTube LinkedIn Buy Me A Coffee Strat Academy

Unlike the official Cloudflare MCP offering (13 separate remote, OAuth-based servers), cloudflare-mcp-pro runs locally over stdio, authenticates with a single API token, and consolidates the most-used Cloudflare operations into one server with consistent verb_object tool names — ideal for Claude Code, CI, and scripted automation.

Features

  • DNS — list/create/update/delete records, DNSSEC, BIND zone-file export
  • Zones — list/get/create/delete, settings (SSL mode, HTTPS, min TLS…), cache purge, GraphQL analytics
  • Workers — deploy (ES module), routes, secrets, cron triggers, list/get/delete
  • KV / R2 / D1 — namespaces + key CRUD, bucket management, databases + SQL queries
  • Pages / Queues / Tunnels — list/get projects, queue management, tunnel inspection
  • Security — WAF rulesets, IP/ASN/country access rules, page rules, SSL certificate packs, custom hostnames (SaaS), Turnstile widgets
  • Email Routing — rules + destination addresses
  • Logpush — list/create jobs (zone or account scoped)
  • Workers AI — model catalog + inference (text generation, embeddings, classification)
  • Human-approval gate — every mutating tool requires confirm: true; without it the tool returns a non-executing preview (with secrets redacted) instead of acting (see below)
  • MCP annotations — every tool carries readOnly/destructive/idempotent hints so clients can gate dangerous actions
  • Auto-paginationfetch_all: true on list tools follows every page
  • Single API-token auth, automatic retry + rate-limit (429/5xx) handling, and actionable error messages

Installation

npm install
npm run build

Or run directly once published:

npx -y cloudflare-mcp-pro

Configuration

Copy .env.example to .env and fill in:

Variable Required Description
CLOUDFLARE_API_TOKEN API token from https://dash.cloudflare.com/profile/api-tokens
CLOUDFLARE_ACCOUNT_ID optional Default account ID used when a tool doesn't receive account_id
CLOUDFLARE_API_BASE optional Override the API base URL

Token scopes depend on what you use, e.g.: Zone:Read, DNS:Edit, Workers Scripts:Edit, Workers KV Storage:Edit, Workers R2 Storage:Edit, D1:Edit, Pages:Edit, Account Analytics:Read. Run the verify_token tool to confirm your token works.

Testing

Run the automated test suite (no network — fetch is mocked):

npm test

It covers the human-approval gate, secret redaction, the security validations (hex IDs, path-segment encoding, model-id allowlist, purge mutual-exclusion, analytics hour-alignment), the API client (query serialization, 429 retry, error mapping, pagination + clamp, GraphQL non-JSON guard) and the Zod→JSON-Schema converter.

Interactive testing with the MCP inspector:

npx @modelcontextprotocol/inspector dist/index.js

Add to Claude Code

In .claude/settings.jsonmcpServers:

{
  "mcpServers": {
    "cloudflare-mcp-pro": {
      "command": "node",
      "args": ["projects/cloudflare-mcp-pro/dist/index.js"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your-token",
        "CLOUDFLARE_ACCOUNT_ID": "your-account-id"
      }
    }
  }
}

Add to Claude Desktop

  • Mac: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "cloudflare-mcp-pro": {
      "command": "node",
      "args": ["/absolute/path/projects/cloudflare-mcp-pro/dist/index.js"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your-token",
        "CLOUDFLARE_ACCOUNT_ID": "your-account-id"
      }
    }
  }
}

Human-approval gate

Every mutating tool (any create_*, update_*, delete_*, deploy_*, put_*, edit_*, purge_cache, query_d1, run_ai, …) is gated server-side. Read-only tools (list_*, get_*, verify_token, export_dns_records, analytics) are never gated.

  • Calling a mutating tool without confirm: true returns a confirmation_required preview describing the tool, the risk level, and the (secret-redacted) arguments — and does not execute.
  • Re-call the same tool with "confirm": true to actually perform it, after a human has approved.

This gate is enforced in the server regardless of the MCP client, and works alongside the MCP annotations (destructiveHint) that prompt the human in compatible clients like Claude Code. Secret values (e.g. Worker secret text) are redacted from previews and never appear in error messages.

// 1) preview (no confirm) → nothing happens
delete_zone { "zone_id": "..." }
// → { "status": "confirmation_required", "risk": "DESTRUCTIVE — ...", ... }

// 2) after human approval
delete_zone { "zone_id": "...", "confirm": true }   // actually deletes

Tools (69)

List tools accept fetch_all: true to follow pagination. Mutating tools accept confirm: true (see the gate above). Every tool advertises MCP annotations (readOnlyHint / destructiveHint / idempotentHint).

Accountverify_token, list_accounts

Zones & settingslist_zones, get_zone, create_zone, delete_zone, purge_cache, get_zone_analytics, get_zone_setting, update_zone_setting

DNSlist_dns_records, create_dns_record, update_dns_record, delete_dns_record, get_dnssec, edit_dnssec, export_dns_records

Workerslist_workers, get_worker, deploy_worker, delete_worker, list_worker_routes, create_worker_route, delete_worker_route, put_worker_secret, delete_worker_secret, update_worker_cron

KVlist_kv_namespaces, create_kv_namespace, kv_list_keys, kv_get, kv_put, kv_delete

R2list_r2_buckets, create_r2_bucket, delete_r2_bucket

D1list_d1_databases, create_d1_database, query_d1

Pageslist_pages_projects, get_pages_project

WAF & firewalllist_firewall_rulesets, get_ruleset, list_access_rules, create_access_rule, delete_access_rule

Page ruleslist_page_rules, create_page_rule, delete_page_rule

SSL/TLSlist_certificate_packs, get_ssl_verification, order_certificate_pack

Custom hostnames (SaaS)list_custom_hostnames, create_custom_hostname, delete_custom_hostname

Email Routinglist_email_rules, create_email_rule, list_email_destinations

Queueslist_queues, create_queue, delete_queue

Tunnelslist_tunnels, get_tunnel

Turnstilelist_turnstile_widgets, create_turnstile_widget

Workers AIlist_ai_models, run_ai

Logpushlist_logpush_jobs, create_logpush_job

Author

Helbert Paranhos / Strat Academystratacademy.com.br

License

MIT — see LICENSE.

from github.com/helbertparanhos/cloudflare-mcp-pro

Install Cloudflare Pro in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install cloudflare-mcp-pro

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add cloudflare-mcp-pro -- npx -y cloudflare-mcp-pro

FAQ

Is Cloudflare Pro MCP free?

Yes, Cloudflare Pro MCP is free — one-click install via Unyly at no cost.

Does Cloudflare Pro need an API key?

No, Cloudflare Pro runs without API keys or environment variables.

Is Cloudflare Pro hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install Cloudflare Pro in Claude Desktop, Claude Code or Cursor?

Open Cloudflare Pro on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Cloudflare Pro with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All communication MCPs