Cloudflare MCP. Full control over edge functions and data lifecycle.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Cloudflare MCP Server manages your entire edge infrastructure via AI agents. Use it to deploy Workers, manage secrets, query D1 databases, and monitor traffic across KV, R2, and CDN—all from natural language commands.
What your AI agents can do
Create deployment
Rolls out a specific Worker version to traffic, allowing you to choose between an immediate switch or a gradual percentage rollout.
Create secret
Creates or updates an encrypted secret for your Worker, useful for storing API keys and passwords securely.
Create tail session
Starts a live log stream (tail session) for debugging production workers and monitoring runtime errors.
Roll out new code versions to your Workers with specified traffic percentages or immediately replace old code.
Read, write, and run SQL queries against key-value pairs (KV) and serverless SQLite databases (D1).
Create or delete encrypted secrets needed by your Workers, like API keys or database passwords.
Define URL patterns (routes) that direct specific traffic to a Worker script.
Fetch analytics on zone traffic, view worker logs in real-time (create_tail_session), or check deployment history.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Cloudflare MCP Server: 25 Tools for Edge Control
These tools give your agent the capability to read, write, deploy, and monitor every component of your Cloudflare edge infrastructure.
019d7574create deployment
Rolls out a specific Worker version to traffic, allowing you to choose between an immediate switch or a gradual percentage rollout.
019d7574create secret
Creates or updates an encrypted secret for your Worker, useful for storing API keys and passwords securely.
019d7574create tail session
Starts a live log stream (tail session) for debugging production workers and monitoring runtime errors.
019d7574create worker route
Sets up a new URL pattern that directs specific traffic to execute your Worker script.
019d7574delete secret
Removes an unused secret from a Worker, revoking the associated credentials immediately.
019d7574delete tail session
Closes an active worker log stream (tail session) when you're done debugging.
019d7574delete worker
Completely removes a Worker script and all its associated resources from your account.
019d7574delete worker route
Stops serving traffic for a specific Worker by removing its defined URL pattern (route).
019d7574get kv key
Retrieves the raw JSON value for a specified key within any KV namespace.
019d7574get worker
Fetches detailed configuration information about an existing Cloudflare Worker script.
019d7574get worker analytics
Returns performance data for a Worker, showing invocation counts and error trends over time.
019d7574get worker version
Gets specific details about a historical code snapshot (version) of your Worker script.
019d7574get zone analytics
Provides aggregated data on traffic patterns and CDN performance for an entire Cloudflare zone over the last 24 hours.
019d7574list d1 databases
Lists all available serverless SQLite databases in your account, providing their IDs and names.
019d7574list deployments
Shows the history of deployments for a Worker, including version IDs and current traffic percentages.
019d7574list kv keys
Lists all key names within a specific KV namespace, useful for auditing stored data before reading values.
019d7574list kv namespaces
Returns a list of existing KV namespaces in your account by their ID and title.
019d7574list r2 buckets
Lists all available object storage buckets (R2) so you know where to manage files.
019d7574list secrets
Retrieves a list of configured secrets for a Worker, showing names and types without exposing values.
019d7574list worker routes
Lists all active URL patterns (routes) that currently point to your Workers, letting you know what's live.
019d7574list worker versions
Provides a full audit trail of every code snapshot deployed for a specific Worker script.
019d7574list workers
Lists all Worker scripts in your account, providing names and modification dates to start management tasks.
019d7574list zones
Returns a list of DNS zones associated with your account, needed for routes or cache purges.
019d7574purge cache
Clears all cached content for an entire zone after you've updated static assets or pushed new code.
019d7574query d1
Executes any standard SQL query (SELECT, INSERT, UPDATE, DELETE) against a specified D1 database.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Cloudflare, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Look, you don't wanna jump between a bunch of dashboards and CLI commands just to manage your edge stuff. This server puts all the Cloudflare core services right where your AI agent can hit 'em with natural language commands. You get programmatic control over everything: Workers, data stores like KV and D1, routes, secrets, and analytics—all through one interface.
Worker Control & Deployment
It's simple to manage your worker lifecycle. Use list_workers to see a list of every script you have running in your account, including when they were last modified. Need more detail? Run get_worker to fetch the full configuration for an existing Worker script. You can check out historical code snapshots using list_worker_versions, or get specific details on one version with get_worker_version.
To see what's been deployed, run list_deployments, which shows you a history of deployments, including version IDs and current traffic percentages.
When it comes to pushing new code live, you control the rollout with create_deployment. You can roll out a specific Worker version either immediately or by setting a gradual percentage increase. If you need to know what's going on right now, list_deployments shows that history. To check if your script is running correctly in real-time, start a live log stream using create_tail_session; when you’re done debugging, use delete_tail_session to close the session.
If a Worker's function changes or needs removal, use delete_worker to completely wipe out the script and all its resources. You can also manage traffic routing by defining URL patterns with create_worker_route, which directs specific traffic to your Worker script; when you're done with that route, use delete_worker_route to stop serving traffic for it.
Data Storage and Queries (KV/D1)
For data persistence, you've got two main options. First, there are KV namespaces, which store key-value pairs. Use list_kv_namespaces to get a list of all available namespaces by ID and title. To see what keys exist inside one of those, run list_kv_keys. When you're ready for the data, use get_kv_key to retrieve the raw JSON value for any specified key.
For structured data, there are D1 databases—serverless SQLite. Start by running list_d1_databases to list all available databases in your account, getting their IDs and names. You execute standard SQL queries (SELECT, INSERT, UPDATE, DELETE) against a specific database using the query_d1 tool.
Object storage is handled through R2 buckets; use list_r2_buckets to see all available object buckets so you know where your files live. Finally, for zone management, run list_zones to get a list of DNS zones associated with your account. If you change static assets or push new code and need the cache cleared everywhere, use purge_cache on an entire zone.
Security and Observability
Keeping things secure means managing credentials properly. Use list_secrets to get a list of all configured secrets for a Worker, showing you names and types without revealing any values. When your app needs a new API key or password, use create_secret to create it or update an existing one; if the secret is no longer needed, run delete_secret.
To track performance, start with general traffic patterns: get_zone_analytics provides aggregated data on CDN performance and traffic for a whole zone over the last 24 hours. For deep worker insights, get_worker_analytics returns metrics like invocation counts and error trends. You can also check out the full deployment history using list_worker_versions, which gives you an audit trail of every code snapshot deployed for a Worker script.
It's all designed to keep your hands on the controls, letting you manage everything from worker deployments and data reads to traffic routing and performance monitoring.
How Cloudflare MCP Works
- 1 First, generate a Cloudflare API token granting necessary permissions for Workers, KV, D1, R2, and Analytics.
- 2 Next, provide your AI agent with the Account ID. The agent then uses natural language to execute complex operations—like 'Deploy version 3 of Worker X with 10% traffic'—instead of manual CLI steps.
- 3 The tool returns the status or data (e.g., a list of active secrets, the query result set) that you can use for your next action.
The bottom line is: It lets your AI agent treat your entire Cloudflare setup like one big API endpoint, eliminating manual dashboard navigation and complex scripting.
Who Is Cloudflare MCP For?
This is for the Platform Engineer tired of manually juggling Wrangler CLI commands and multiple dashboards. If you’re responsible for keeping a production edge application running 24/7—and failing means money gets lost—you need this. It turns infrastructure management into conversation.
Uses the tool to automate deployment rollouts (create_deployment), manage resource cleanup, and enforce secret rotation policies without writing custom automation scripts.
Deploys new features by setting up create_worker_route patterns, querying data with query_d1, and ensuring necessary credentials are managed via create_secret.
Monitors system health using get_worker_analytics and debugging live issues by creating a real-time log session with create_tail_session.
What Changes When You Connect
- Automate Rollouts: Stop manually configuring traffic splits. Use
create_deploymentto execute canary releases or full rollbacks via a simple command, managing version history without touching the dashboard. - Deep Debugging Visibility: Never guess why a worker failed. Run
create_tail_sessionto stream live logs from production, or useget_worker_analyticsto track error rates and performance dips instantly. - Centralized Data Management: Don't write separate scripts for every data read. Use
query_d1to run full SQL against your serverless database, orget_kv_keyfor quick configuration lookups. - Secure Credentials Lifecycle: Handle secrets correctly. Use
create_secretwhen you add a key, anddelete_secretwhen it expires—all auditable vialist_secrets. - Infrastructure Auditing: Need to know what's running? Start with
list_workers, then checklist_worker_routesto see exactly which URLs are pointing to those scripts. It builds a full map.
Real-World Use Cases
Rolling out a critical update safely
The dev team finishes Worker v2. Instead of manually setting up traffic routing, they ask the agent to run create_deployment using a gradual rollout strategy (e.g., 5% traffic). The agent manages the version ID and ensures the old code handles remaining traffic until testing confirms stability.
Investigating sudden performance drops
Traffic suddenly spikes, but latency is high. An SRE runs get_worker_analytics to confirm the error rate increase, then uses create_tail_session on the affected Worker to get real-time logs and pinpoint the exact line of code causing the issue.
Migrating user configuration data
The team needs to read all old user settings stored in KV. They first run list_kv_namespaces to find the right store, then use get_kv_key repeatedly (or via a batch script) to pull all records before running a migration query using query_d1.
Deprecating an old API endpoint
The team needs to shut down Worker X at /api/v1. Instead of deleting the code, they first run list_worker_routes to confirm the route ID, then execute delete_worker_route using the specific Zone ID and Route ID.
The Tradeoffs
Manual cleanup after testing
Finished debugging a Worker in production. The agent leaves an active log session running (create_tail_session), which costs money and clutters the logs.
→
Always remember to run delete_tail_session immediately when your debugging is complete, passing the original script name and tail ID.
Deploying a new feature without testing traffic
A developer runs create_deployment instantly (100% traffic) on a risky feature, causing an outage before performance monitoring is complete.
→
Always start with a gradual rollout. Use the strategy parameter in create_deployment to send only 5% or 10% of traffic first. Then check get_worker_analytics.
Changing data structure without backup
Running a complex UPDATE query via query_d1 against the production database and breaking the schema because no pre-check was done.
→
First, list all databases using list_d1_databases. Before querying, run test SELECT statements. Never assume data integrity; always validate with a read operation first.
When It Fits, When It Doesn't
Use this MCP Server if your workflow involves multiple, interconnected Cloudflare services (Workers, D1, KV, Routes) and requires state management—meaning one action depends on the output of another. You need to deploy, monitor, update credentials, and query data in sequence. Don't use it if you only need simple read-only checks (e.g., 'What is the current worker name?'). In that case, a basic list_workers call might suffice. However, if your goal involves making changes—like setting up a route (create_worker_route) or changing data (query_d1)—this server's orchestration capability is mandatory.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cloudflare. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 25 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Debugging an edge function shouldn't require five different tabs and three copy-pastes.
Right now, when Worker X throws a 500 error in production, you have to jump into the dashboard. You find the specific zone ID, then locate the Worker name, manually start a log stream, watch it buffer for minutes, and finally copy the stack trace out so your teammate can read it. It's tedious.
With this MCP server, you just tell your agent: 'Show me the last 50 lines of logs for Worker X.' The agent handles finding the zone ID, starting the stream (`create_tail_session`), and presenting the clean stack trace right back to you.
Cloudflare MCP Server: Full control over edge functions and data lifecycle
Previously, if you deployed a Worker update that changed how it read user settings, you'd have to manually confirm the secret was updated, then verify the route pattern still worked, and finally purge the cache. It’s a multi-step checklist.
Now, your agent handles the entire sequence. You ask it to 'Update the payment Worker secrets and deploy v3.' The server manages `create_secret`, coordinates with `list_worker_versions` for the new code, runs `create_deployment`, and even hits `purge_cache` if necessary. It's one command.
Common Questions About Cloudflare MCP
How do I check which Workers are currently running on my domain using list_workers? +
Run list_workers. This gives you the names and modification dates for every script in your account, allowing you to identify the ones associated with your specific endpoints.
What is the difference between get_kv_key and query_d1? +
Use get_kv_key when data is stored as simple key-value pairs (like a setting). Use query_d1 for structured, relational data that requires SQL commands like SELECT or INSERT.
How do I safely delete an old Worker without affecting my site? (delete_worker) +
Before deleting with delete_worker, always run list_worker_routes and confirm that no live traffic routes depend on that script. This prevents breaking your site.
Can I check the performance of my entire website, not just one worker? (get_zone_analytics) +
Yes, use get_zone_analytics. This tool aggregates data for the whole zone over 24 hours, giving you metrics on overall traffic and CDN health.
I need to update a secret. Should I use create_secret or list_secrets first? +
Always start with list_secrets to confirm the exact name of the secret you're managing. This prevents calling create_secret with the wrong name, which could fail.
How do I monitor real-time errors or debug a running script using create_tail_session? +
You start the session by calling create_tail_session. This tool gives you a WebSocket URL and tail ID, allowing your AI agent to stream logs and exceptions directly from a Worker in production. Use this when debugging live code behavior.
If I change my Worker's functionality, how do I safely roll out the new version using create_deployment? +
create_deployment manages your rollout strategy. You can choose an immediate 100% traffic deployment or a gradual percentage-based canary release to test the new code before full activation.
I need to point my Worker at a new URL path; how do I use create_worker_route? +
You call create_worker_route providing the zone ID, the specific URL pattern (e.g., /api/v2/*), and your script name. This tells Cloudflare exactly which paths should trigger that particular Worker.
Can I deploy new Worker scripts directly through the AI agent? +
Yes! You can orchestrate deployments natively mapping source code variables seamlessly without touching Wrangler.
Does it interact with specific D1 Serverless SQL definitions? +
Absolutely. Ask your agent to parse complex D1 databases and query tables instantly utilizing precise analytical calls.
How are environment variables and secrets handled? +
All add_secret queries execute symmetrically securely masking output variables while committing seamlessly inside Cloudflare matrices.
Multi-server workflows that include Cloudflare MCP
Detect Infrastructure Drift Early Using MCP
Someone clicked 'apply' in the Cloudflare dashboard and your Terraform state no longer matches reality , your agent finds the drift
MCP Servers for Global Edge Performance
Cache hit ratios monitored, edge latency tracked, WAF threats counted, performance reports delivered , run your edge infrastructure from one prompt
MCP Servers to Find Your Most Expensive APIs
API traffic metered, cache savings calculated, origin load measured, cost projections generated , optimize your API infrastructure costs with data
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Midjourney AI (Generative Image Arts)
Generate professional AI art via Midjourney — use 'imagine' for text-to-image, upscale grids, and perform camera edits.
Groq
Run large language models at unprecedented speed with custom LPU hardware that delivers real-time AI inference at massive scale.
NVIDIA API Catalog
Cloud Engine proxy running native foundational completions natively utilizing active Nemotron and Llama3 architectures.
You might also like
TransportAPI Alternative
UK public transport intelligence — live departures, journey planning, train fares, timetables, and postcode-based station search via AI.
BL.INK
Manage enterprise links via BL.INK — shorten URLs, track analytics, and manage branded domains directly from any AI agent.
OpenAQ
Access global air quality data — monitor PM2.5, O3, NO2 levels and track pollution via AI.