npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@itunified.io/mcp-cloudflare

v2026.3.1-7.3

Published

Slim Cloudflare MCP Server — DNS, Zones, Tunnels, WAF, Zero Trust, Security management via Cloudflare API v4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

itunified-org.ioitunified-org.io

Keywords

mcpcloudflarednswafzero-trusttunnelsmodel-context-protocol

Readme

mcp-cloudflare

GitHub release License: AGPL-3.0 CalVer Node.js TypeScript mcp-cloudflare MCP server

Slim Cloudflare MCP Server for managing DNS, zones, tunnels, WAF, Zero Trust, and security via Cloudflare API v4.

No SSH. No shell execution. API-only. 3 runtime dependencies.

Table of Contents

Features

72 tools across 11 domains:

  • DNS — Record management (A, AAAA, CNAME, MX, TXT, SRV, CAA, NS), batch operations
  • Zones — Zone listing, settings, SSL/TLS configuration, cache management
  • Tunnels — Cloudflare Tunnel creation, configuration, and ingress management
  • WAF — Ruleset management, custom firewall rules, rate limiting
  • Zero Trust — Access application CRUD, policies, identity providers, Gateway status
  • Security — Security event analytics, IP access rules, DDoS configuration, Security Center insights
  • Workers KV — Namespace management, key-value read/write/delete, key listing
  • Workers — Script deployment, route management
  • Worker Secrets — Secret management (names only, values never exposed)
  • Worker Analytics — Invocation metrics, CPU time, error rates via GraphQL
  • R2 Storage — Bucket management, object listing and metadata, custom domains, location hints

Quick Start

npm install
cp .env.example .env   # Edit with your Cloudflare API token
npm run build
node dist/index.js     # stdio transport for MCP

Claude Code Integration

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "cloudflare": {
      "command": "node",
      "args": ["/path/to/mcp-cloudflare/dist/index.js"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your-api-token-here",
        "CLOUDFLARE_ACCOUNT_ID": "your-account-id"
      }
    }
  }
}

Configuration

| Variable | Required | Default | Description | |----------|----------|---------|-------------| | CLOUDFLARE_API_TOKEN | Yes | — | Cloudflare API Token (with appropriate permissions) | | CLOUDFLARE_ACCOUNT_ID | No | — | Cloudflare Account ID (required for account-level operations) | | CLOUDFLARE_TIMEOUT | No | 30000 | Request timeout in milliseconds |

API Token Permissions

Create an API Token at dash.cloudflare.com/profile/api-tokens with the following permissions based on what you need:

  • DNS: Zone > DNS > Edit
  • Zone settings: Zone > Zone Settings > Edit
  • Tunnels: Account > Cloudflare Tunnel > Edit
  • WAF: Zone > Firewall Services > Edit
  • Zero Trust: Account > Access: Apps and Policies > Edit
  • Security events: Zone > Analytics > Read
  • Workers KV: Account > Workers KV Storage > Edit
  • Workers: Account > Worker Scripts > Edit
  • R2: Account > R2 Storage > Edit

Multi-Zone Support

All zone-scoped tools accept a zone_id parameter that can be either:

  • A 32-character hex zone ID (e.g., 00000000000000000000000000000001) — used directly
  • A zone name / domain (e.g., example.com) — resolved automatically via the Cloudflare API

This allows managing multiple zones by name without needing to look up IDs manually.

Tools

Tools documentation is coming in v1 as tool modules are implemented. See docs/api-reference.md for the planned API endpoint mapping.

Skills

Claude Code skills compose MCP tools into higher-level workflows. See .claude/skills/README.md for detailed documentation.

| Skill | Slash Command | Description | |-------|--------------|-------------| | cloudflare-health | /cf-health | Zone health dashboard — DNS, security, tunnels, WAF, DDoS status | | cloudflare-live-test | /cf-test | Live integration test — read + safe writes with cleanup | | cloudflare-dns-management | — | DNS record management — add, list, update, delete across zones | | cloudflare-incident-response | — | DDoS/attack emergency response — detect, assess, mitigate, monitor | | cloudflare-security-audit | — | Security posture audit — WAF, events, IP access, DDoS analytics | | cloudflare-tunnel-management | — | Tunnel management — create, configure ingress, monitor connections | | cloudflare-waf-management | — | WAF management — custom rules, rulesets, IP access, Under Attack | | cloudflare-zero-trust | — | Zero Trust — access apps, policies, identity providers, gateway | | cloudflare-kv-manage | — | Workers KV — namespace and key-value CRUD operations | | cloudflare-worker-deploy | — | Workers — script deployment, routes, secrets, analytics | | cloudflare-r2-manage | — | R2 Storage — bucket and object management, audit workflows |

Development

npm run build      # Compile TypeScript
npm test           # Run unit tests (vitest)
npm run typecheck  # Type check only (no emit)

See CONTRIBUTING.md for contribution guidelines.

License

This project is dual-licensed:

If you use mcp-cloudflare in a proprietary product or SaaS offering, a commercial license is required. Support development by sponsoring us on GitHub.