Cloudflare Pro
FreeNot checkedA local stdio MCP server that provides 69 tools for Cloudflare REST API v4, including DNS, Zones, Workers, KV, R2, D1, Pages, Queues, Tunnels, SSL, WAF, Email R
About
A local stdio MCP server that provides 69 tools for Cloudflare REST API v4, including DNS, Zones, Workers, KV, R2, D1, Pages, Queues, Tunnels, SSL, WAF, Email Routing, Logpush and Workers AI, authenticated by a single API token.
README
MCP server for the Cloudflare REST API v4 — 69 tools across DNS, Zones, Workers, KV, R2, D1, Pages, Queues, Tunnels, SSL, WAF, Email Routing, Logpush and Workers AI in a single local stdio server authenticated by API token.
npm version License: MIT GitHub Stars GitHub Forks GitHub Issues Glama Quality
TypeScript Node.js MCP Claude Code Cursor Claude Desktop
Instagram YouTube LinkedIn Buy Me A Coffee Strat Academy
Unlike the official Cloudflare MCP offering (13 separate remote, OAuth-based servers), cloudflare-mcp-pro runs locally over stdio, authenticates with a single API token, and consolidates the most-used Cloudflare operations into one server with consistent verb_object tool names — ideal for Claude Code, CI, and scripted automation.
Features
- DNS — list/create/update/delete records, DNSSEC, BIND zone-file export
- Zones — list/get/create/delete, settings (SSL mode, HTTPS, min TLS…), cache purge, GraphQL analytics
- Workers — deploy (ES module), routes, secrets, cron triggers, list/get/delete
- KV / R2 / D1 — namespaces + key CRUD, bucket management, databases + SQL queries
- Pages / Queues / Tunnels — list/get projects, queue management, tunnel inspection
- Security — WAF rulesets, IP/ASN/country access rules, page rules, SSL certificate packs, custom hostnames (SaaS), Turnstile widgets
- Email Routing — rules + destination addresses
- Logpush — list/create jobs (zone or account scoped)
- Workers AI — model catalog + inference (text generation, embeddings, classification)
- Human-approval gate — every mutating tool requires
confirm: true; without it the tool returns a non-executing preview (with secrets redacted) instead of acting (see below) - MCP annotations — every tool carries readOnly/destructive/idempotent hints so clients can gate dangerous actions
- Auto-pagination —
fetch_all: trueon list tools follows every page - Single API-token auth, automatic retry + rate-limit (429/5xx) handling, and actionable error messages
Installation
npm install
npm run build
Or run directly once published:
npx -y cloudflare-mcp-pro
Configuration
Copy .env.example to .env and fill in:
| Variable | Required | Description |
|---|---|---|
CLOUDFLARE_API_TOKEN |
✅ | API token from https://dash.cloudflare.com/profile/api-tokens |
CLOUDFLARE_ACCOUNT_ID |
optional | Default account ID used when a tool doesn't receive account_id |
CLOUDFLARE_API_BASE |
optional | Override the API base URL |
Token scopes depend on what you use, e.g.: Zone:Read, DNS:Edit, Workers Scripts:Edit, Workers KV Storage:Edit, Workers R2 Storage:Edit, D1:Edit, Pages:Edit, Account Analytics:Read. Run the verify_token tool to confirm your token works.
Testing
Run the automated test suite (no network — fetch is mocked):
npm test
It covers the human-approval gate, secret redaction, the security validations (hex IDs, path-segment encoding, model-id allowlist, purge mutual-exclusion, analytics hour-alignment), the API client (query serialization, 429 retry, error mapping, pagination + clamp, GraphQL non-JSON guard) and the Zod→JSON-Schema converter.
Interactive testing with the MCP inspector:
npx @modelcontextprotocol/inspector dist/index.js
Add to Claude Code
In .claude/settings.json → mcpServers:
{
"mcpServers": {
"cloudflare-mcp-pro": {
"command": "node",
"args": ["projects/cloudflare-mcp-pro/dist/index.js"],
"env": {
"CLOUDFLARE_API_TOKEN": "your-token",
"CLOUDFLARE_ACCOUNT_ID": "your-account-id"
}
}
}
}
Add to Claude Desktop
- Mac:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"cloudflare-mcp-pro": {
"command": "node",
"args": ["/absolute/path/projects/cloudflare-mcp-pro/dist/index.js"],
"env": {
"CLOUDFLARE_API_TOKEN": "your-token",
"CLOUDFLARE_ACCOUNT_ID": "your-account-id"
}
}
}
}
Human-approval gate
Every mutating tool (any create_*, update_*, delete_*, deploy_*, put_*, edit_*, purge_cache, query_d1, run_ai, …) is gated server-side. Read-only tools (list_*, get_*, verify_token, export_dns_records, analytics) are never gated.
- Calling a mutating tool without
confirm: truereturns aconfirmation_requiredpreview describing the tool, the risk level, and the (secret-redacted) arguments — and does not execute. - Re-call the same tool with
"confirm": trueto actually perform it, after a human has approved.
This gate is enforced in the server regardless of the MCP client, and works alongside the MCP annotations (destructiveHint) that prompt the human in compatible clients like Claude Code. Secret values (e.g. Worker secret text) are redacted from previews and never appear in error messages.
// 1) preview (no confirm) → nothing happens
delete_zone { "zone_id": "..." }
// → { "status": "confirmation_required", "risk": "DESTRUCTIVE — ...", ... }
// 2) after human approval
delete_zone { "zone_id": "...", "confirm": true } // actually deletes
Tools (69)
List tools accept fetch_all: true to follow pagination. Mutating tools accept confirm: true (see the gate above). Every tool advertises MCP annotations (readOnlyHint / destructiveHint / idempotentHint).
Account — verify_token, list_accounts
Zones & settings — list_zones, get_zone, create_zone, delete_zone, purge_cache, get_zone_analytics, get_zone_setting, update_zone_setting
DNS — list_dns_records, create_dns_record, update_dns_record, delete_dns_record, get_dnssec, edit_dnssec, export_dns_records
Workers — list_workers, get_worker, deploy_worker, delete_worker, list_worker_routes, create_worker_route, delete_worker_route, put_worker_secret, delete_worker_secret, update_worker_cron
KV — list_kv_namespaces, create_kv_namespace, kv_list_keys, kv_get, kv_put, kv_delete
R2 — list_r2_buckets, create_r2_bucket, delete_r2_bucket
D1 — list_d1_databases, create_d1_database, query_d1
Pages — list_pages_projects, get_pages_project
WAF & firewall — list_firewall_rulesets, get_ruleset, list_access_rules, create_access_rule, delete_access_rule
Page rules — list_page_rules, create_page_rule, delete_page_rule
SSL/TLS — list_certificate_packs, get_ssl_verification, order_certificate_pack
Custom hostnames (SaaS) — list_custom_hostnames, create_custom_hostname, delete_custom_hostname
Email Routing — list_email_rules, create_email_rule, list_email_destinations
Queues — list_queues, create_queue, delete_queue
Tunnels — list_tunnels, get_tunnel
Turnstile — list_turnstile_widgets, create_turnstile_widget
Workers AI — list_ai_models, run_ai
Logpush — list_logpush_jobs, create_logpush_job
Author
Helbert Paranhos / Strat Academy — stratacademy.com.br
- GitHub: @helbertparanhos
- Instagram: @helbertparanhos
- YouTube: @stratacademy
- LinkedIn: helbert-paranhos
License
MIT — see LICENSE.
Install Cloudflare Pro in Claude Desktop, Claude Code & Cursor
unyly install cloudflare-mcp-proInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add cloudflare-mcp-pro -- npx -y cloudflare-mcp-proFAQ
Is Cloudflare Pro MCP free?
Yes, Cloudflare Pro MCP is free — one-click install via Unyly at no cost.
Does Cloudflare Pro need an API key?
No, Cloudflare Pro runs without API keys or environment variables.
Is Cloudflare Pro hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Cloudflare Pro in Claude Desktop, Claude Code or Cursor?
Open Cloudflare Pro on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Gmail
Read, send and search emails from Claude
by GoogleSlack
Send, search and summarize Slack messages
by SlackRunbear
No-code MCP client for team chat platforms, such as Slack, Microsoft Teams, and Discord.
Discord Server
A community discord server dedicated to MCP by [Frank Fiegel](https://github.com/punkpeye)
Compare Cloudflare Pro with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All communication MCPs
