Exposes Cloudflare DNS, security, WAF rules, page-rule redirects, zone settings, and cache purge functionality through 16 structured tools that allow reading and modifying DNS records, managing firewall rules, creating redirects, and more.
Referenced as a sandbox environment for creating test zones to safely experiment with the Cloudflare MCP server's capabilities without affecting production infrastructure.
Cloudflare MCP Server
Modern Model-Context-Protocol (MCP) server that exposes Cloudflare DNS, security, redirects and zone-settings functionality as structured tools which any compliant AI client (e.g. Claude Desktop) can invoke.
✨ Key Features
Rich Tool Catalog – 16 read & write operations covering DNS records, WAF rules, page-rule redirects, cache purge, zone settings and more.
Plug-and-Play with Claude Desktop – ships with STDIO transport so Claude immediately lists & calls tools; no extra adaptor required.
Type-Safe – written in TypeScript and powered by
@modelcontextprotocol/sdk, with zod schemas for every tool’s params & return value.Non-destructive by Default – destructive certificate-ordering functions are disabled out-of-the-box to prevent accidental cost.
Script Library & Tests – one-shot scripts for manual ops plus Jest integration/unit tests.
Related MCP server: Cloudflare API MCP Server
🚀 Quick Start
Need a sandbox? Cloudflare Workers Free Plan lets you create test zones.
🛠️ Tool Catalog
Category | Tool Name | Description |
General |
| Round-trip text for connectivity testing |
Zones |
| Enumerate zones the token can access |
Zones |
| Return full settings object |
Zones |
| Short settings summary |
DNS |
| Read all DNS RRsets |
DNS |
* | Add a record |
DNS |
* | Modify record |
DNS |
* | Remove record |
Security |
| Read firewall rules |
Security |
* | Add firewall rule |
Security |
* | Edit firewall rule |
Security |
* | Delete firewall rule |
Redirect |
| List redirects/page-rules |
Redirect |
* | Create redirect |
Redirect |
* | Delete redirect |
Cache |
* | Purge URL or everything |
* Destructive operations – use with care.
SSL cert ordering/upload functions are intentionally not registered. Enable them by removing the filter in src/index.ts if required.
🧑💻 Development
Handy demo scripts live under scripts/ (e.g. scripts/list-dns-demo.ts). All accept a --zone flag.
🏗️ Architecture
src/index.ts– entrypoint; merges tool maps and registers them withMcpServer.src/tools/– individual tool modules, each exporting{ tools, description }.src/cloudflare-client.ts– thin wrapper around axios + CF API base URL.tests/– Jest tests (unit + integration).
The server communicates over STDIO using JSON-RPC 2.0 as defined by the MCP SDK. See docs/API.md.
🤝 Contributing
PRs & issues are welcome! Please read REFERENCE.md for coding conventions and style guidelines.
Fork → feature branch → PR.
Ensure
npm testpasses.Describe the tool behaviour or bug clearly.
📜 License
MIT © 2025 Jeff Golden
Made with Windsurf