Cloudflare MCP Pro ☁️

MCP server for the Cloudflare REST API v4 — 69 tools across DNS, Zones, Workers, KV, R2, D1, Pages, Queues, Tunnels, SSL, WAF, Email Routing, Logpush and Workers AI in a single local stdio server authenticated by API token.

Unlike the official Cloudflare MCP offering (13 separate remote, OAuth-based servers), cloudflare-mcp-pro runs locally over stdio, authenticates with a single API token, and consolidates the most-used Cloudflare operations into one server with consistent verb_object tool names — ideal for Claude Code, CI, and scripted automation.

Features

• DNS — list/create/update/delete records, DNSSEC, BIND zone-file export

• Zones — list/get/create/delete, settings (SSL mode, HTTPS, min TLS…), cache purge, GraphQL analytics

• Workers — deploy (ES module), routes, secrets, cron triggers, list/get/delete

• KV / R2 / D1 — namespaces + key CRUD, bucket management, databases + SQL queries

• Pages / Queues / Tunnels — list/get projects, queue management, tunnel inspection

• Security — WAF rulesets, IP/ASN/country access rules, page rules, SSL certificate packs, custom hostnames (SaaS), Turnstile widgets

• Email Routing — rules + destination addresses

• Logpush — list/create jobs (zone or account scoped)

• Workers AI — model catalog + inference (text generation, embeddings, classification)

• Human-approval gate — every mutating tool requires confirm: true; without it the tool returns a non-executing preview (with secrets redacted) instead of acting (see below)

• MCP annotations — every tool carries readOnly/destructive/idempotent hints so clients can gate dangerous actions

• Auto-pagination — fetch_all: true on list tools follows every page

• Single API-token auth, automatic retry + rate-limit (429/5xx) handling, and actionable error messages

Related MCP server: mcp-server-cloudflare

Installation

npm install
npm run build

Or run directly once published:

npx -y cloudflare-mcp-pro

Configuration

Copy .env.example to .env and fill in:

Token scopes depend on what you use, e.g.: Zone:Read, DNS:Edit, Workers Scripts:Edit, Workers KV Storage:Edit, Workers R2 Storage:Edit, D1:Edit, Pages:Edit, Account Analytics:Read. Run the verify_token tool to confirm your token works.

Testing

Run the automated test suite (no network — fetch is mocked):

npm test

It covers the human-approval gate, secret redaction, the security validations (hex IDs, path-segment encoding, model-id allowlist, purge mutual-exclusion, analytics hour-alignment), the API client (query serialization, 429 retry, error mapping, pagination + clamp, GraphQL non-JSON guard) and the Zod→JSON-Schema converter.

Interactive testing with the MCP inspector:

npx @modelcontextprotocol/inspector dist/index.js

Add to Claude Code

In .claude/settings.json → mcpServers:

{
  "mcpServers": {
    "cloudflare-mcp-pro": {
      "command": "node",
      "args": ["projects/cloudflare-mcp-pro/dist/index.js"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your-token",
        "CLOUDFLARE_ACCOUNT_ID": "your-account-id"
      }
    }
  }
}

Add to Claude Desktop

• Mac: ~/Library/Application Support/Claude/claude_desktop_config.json

• Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "cloudflare-mcp-pro": {
      "command": "node",
      "args": ["/absolute/path/projects/cloudflare-mcp-pro/dist/index.js"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your-token",
        "CLOUDFLARE_ACCOUNT_ID": "your-account-id"
      }
    }
  }
}

Human-approval gate

Every mutating tool (any create_*, update_*, delete_*, deploy_*, put_*, edit_*, purge_cache, query_d1, run_ai, …) is gated server-side. Read-only tools (list_*, get_*, verify_token, export_dns_records, analytics) are never gated.

• Calling a mutating tool without confirm: true returns a confirmation_required preview describing the tool, the risk level, and the (secret-redacted) arguments — and does not execute.

• Re-call the same tool with "confirm": true to actually perform it, after a human has approved.

This gate is enforced in the server regardless of the MCP client, and works alongside the MCP annotations (destructiveHint) that prompt the human in compatible clients like Claude Code. Secret values (e.g. Worker secret text) are redacted from previews and never appear in error messages.

// 1) preview (no confirm) → nothing happens
delete_zone { "zone_id": "..." }
// → { "status": "confirmation_required", "risk": "DESTRUCTIVE — ...", ... }

// 2) after human approval
delete_zone { "zone_id": "...", "confirm": true }   // actually deletes

Tools (69)

List tools accept fetch_all: true to follow pagination. Mutating tools accept confirm: true (see the gate above). Every tool advertises MCP annotations (readOnlyHint / destructiveHint / idempotentHint).

Account — verify_token, list_accounts

Zones & settings — list_zones, get_zone, create_zone, delete_zone, purge_cache, get_zone_analytics, get_zone_setting, update_zone_setting

DNS — list_dns_records, create_dns_record, update_dns_record, delete_dns_record, get_dnssec, edit_dnssec, export_dns_records

Workers — list_workers, get_worker, deploy_worker, delete_worker, list_worker_routes, create_worker_route, delete_worker_route, put_worker_secret, delete_worker_secret, update_worker_cron

KV — list_kv_namespaces, create_kv_namespace, kv_list_keys, kv_get, kv_put, kv_delete

R2 — list_r2_buckets, create_r2_bucket, delete_r2_bucket

D1 — list_d1_databases, create_d1_database, query_d1

Pages — list_pages_projects, get_pages_project

WAF & firewall — list_firewall_rulesets, get_ruleset, list_access_rules, create_access_rule, delete_access_rule

Page rules — list_page_rules, create_page_rule, delete_page_rule

SSL/TLS — list_certificate_packs, get_ssl_verification, order_certificate_pack

Custom hostnames (SaaS) — list_custom_hostnames, create_custom_hostname, delete_custom_hostname

Email Routing — list_email_rules, create_email_rule, list_email_destinations

Queues — list_queues, create_queue, delete_queue

Tunnels — list_tunnels, get_tunnel

Turnstile — list_turnstile_widgets, create_turnstile_widget

Workers AI — list_ai_models, run_ai

Logpush — list_logpush_jobs, create_logpush_job

Author

Helbert Paranhos / Strat Academy — stratacademy.com.br

• GitHub: @helbertparanhos

• Instagram: @helbertparanhos

• YouTube: @stratacademy

• LinkedIn: helbert-paranhos

License

MIT — see LICENSE.