A Model Context Protocol (MCP) server that exposes Cloudflare’s APIs as tools for AI assistants (Claude Desktop, Cursor, custom agents). It uses the official cloudflare TypeScript SDK and stdio transport.
- Node.js 18+
- A Cloudflare API token with permissions for the services you plan to use
Example file: .env.example (this server does not load .env automatically unless you wrap the process with something that injects env vars).
| Variable | Required | Description |
|---|---|---|
CF_API_TOKEN |
Yes | API token (or use CLOUDFLARE_API_TOKEN) |
CF_ACCOUNT_ID |
For most tools | 32-character hex account ID |
CF_ZONE_ID |
Optional default | Default zone for DNS/cache/route tools |
CF_WORKERS_TELEMETRY_QUERY_ID |
Optional | Saved Workers Observability query id for workers_get_logs |
The token is never logged or echoed in tool output.
Create a Custom token in the Cloudflare dashboard → Create Token → Create Custom Token. Scope Account to the account that holds your zones/resources, and All zones (or pick zones) for DNS/cache tools.
Use this as a checklist—only include rows for tools you will use:
| If you use… | Permission (UI path) | Access |
|---|---|---|
dns_list_zones, dns_get_zone |
Zone · Zone · Read | All zones (or selected) |
dns_* records |
Zone · DNS · Edit | Same zones |
dns_purge_cache |
Zone · Cache Purge · Purge | Same zones |
workers_* |
Account · Workers Scripts · Edit | One account |
kv_* |
Account · Workers KV Storage · Edit | One account |
r2_* |
Account · R2 Storage · Edit | One account |
d1_* |
Account · D1 · Edit | One account |
pages_* |
Account · Cloudflare Pages · Edit | One account |
tunnel_* |
Account · Cloudflare Tunnel · Edit | One account |
Read-only variant: use Read instead of Edit where the dashboard allows it (e.g. Zone DNS Read-only) for listing only; write tools will return 403 until you widen the token.
Workers Observability (workers_get_logs): if queries stay unauthorized, add the Observability-related permissions your account shows for Workers (names vary by plan); the tool also needs a saved query id (CF_WORKERS_TELEMETRY_QUERY_ID or query_id).
npm install
npm run buildAdd to your MCP config (e.g. %APPDATA%\Claude\claude_desktop_config.json on Windows):
{
"mcpServers": {
"cloudflare": {
"command": "node",
"args": ["D:/path/to/cloudflare-mcp-server/dist/index.js"],
"env": {
"CF_API_TOKEN": "your-token",
"CF_ACCOUNT_ID": "your-account-id",
"CF_ZONE_ID": "optional-default-zone-id"
}
}
}
}Use Settings → MCP and add a server with the same command, args, and env.
npm run build— compile TypeScript todist/npm start— run the compiled server (stdio)npm run dev— run withtsx(no build)npm test— Vitest unit tests
docker build -t cloudflare-mcp-server .
docker run --rm -i -e CF_API_TOKEN -e CF_ACCOUNT_ID cloudflare-mcp-server40 tools across DNS, Workers, KV, R2, D1, Pages, and Cloudflare Tunnels. See TOOLS.md for names, parameters, and notes.
- TOOLS.md — tool reference
- CONTRIBUTING.md — adding new services