Bring Cloudflare Tunnel
to VS Code Copilot
Learn how to connect Cloudflare Tunnel to VS Code Copilot and start using 17 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Cloudflare Tunnel MCP Server?
Connect your Cloudflare account to any AI agent to take full control of your Zero Trust connectivity and private network routing through natural conversation.
What you can do
- Tunnel Management — List all tunnels in your account, filter by status (healthy, degraded, down), and fetch detailed metadata for specific tunnels.
- Remote Configuration — Retrieve and update ingress rules and origin settings for remotely-managed tunnels without touching the CLI.
- Network Routing — Manage private network routes (CIDR) and IP-based routing to connect your internal resources securely.
- Connection Monitoring — Inspect active connectors, list tunnel connections, and clean up stale sessions to ensure high availability.
- Lifecycle Actions — Create new tunnels, update secrets, or delete decommissioned tunnels directly from your workspace.
How it works
- Subscribe to this server
- Enter your Cloudflare API Token (with Cloudflare Tunnel permissions)
- Start managing your secure tunnels from Claude, Cursor, or any MCP-compatible client
Who is this for?
- DevOps Engineers — quickly check tunnel health and update ingress rules during deployments without leaving the terminal or IDE.
- Security Teams — audit active tunnels and network routes to ensure compliance with Zero Trust policies.
- System Administrators — automate the cleanup of stale connections and monitor the status of remote connectors across multiple accounts.
Built-in capabilities (17)
If no client_id is provided, all connectors are removed. Clean up Cloudflare Tunnel connections
Create a tunnel route
Create a new Cloudflare Tunnel
Delete a tunnel route
Delete a Cloudflare Tunnel
Get configuration for a remotely-managed tunnel
Get Cloudflare Tunnel connector details
Get a Cloudflare Tunnel management token
Get tunnel route by IP
Get details for a single Cloudflare Tunnel
Get a Cloudflare Tunnel token
List Cloudflare Tunnel connections
List tunnel routes
List and filter Cloudflare Tunnels in an account
Add or update configuration for a remotely-managed tunnel
Update a tunnel route
Update an existing Cloudflare Tunnel
Why VS Code Copilot?
GitHub Copilot Agent mode brings Cloudflare Tunnel data directly into your VS Code workflow. With a project-scoped config, the entire team shares access to 17 tools. Copilot queries live data, generates typed code, and writes tests from actual API responses, all without leaving the editor.
- —
VS Code is used by over 70% of developers. adding MCP tools to Copilot means your team can leverage external data without leaving their primary editor
- —
Project-scoped MCP configs (
.vscode/mcp.json) let you commit server configurations to your repository, ensuring the entire team shares the same tool access - —
Copilot's Agent mode integrates MCP tools seamlessly with file editing, terminal commands, and workspace search in a single agentic loop
- —
GitHub's enterprise compliance and audit features extend to MCP tool usage, providing visibility into how AI interacts with external services
Cloudflare Tunnel in VS Code Copilot
Cloudflare Tunnel and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect Cloudflare Tunnel to VS Code Copilot through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for Cloudflare Tunnel in VS Code Copilot
The Cloudflare Tunnel MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 17 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in VS Code Copilot only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
Cloudflare Tunnel for VS Code Copilot
Every tool call from VS Code Copilot to the Cloudflare Tunnel MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
Can I update the ingress rules for a remotely managed tunnel?
Yes. Use the put_configuration tool to update the ingress rules and origin request settings for any tunnel that is configured for remote management.
How do I check if my tunnels are currently online?
You can use list_tunnels with the status parameter set to 'healthy' to see active tunnels, or use get_tunnel with a specific ID to see its current operational state.
Can I manage private network routes through this integration?
Yes. The server includes tools like list_routes, create_route, and delete_route to manage your Cloudflare Tunnel network routing (WARP-to-Tunnel).
Which VS Code version supports MCP?
MCP support requires VS Code 1.99 or later with the GitHub Copilot extension. Ensure both are updated to the latest version. Older versions of Copilot may not expose the Agent mode toggle.
How do I switch to Agent mode?
Open the Copilot Chat panel and look for two mode options: "Ask" and "Agent". Click "Agent" to enable autonomous tool calling. In Ask mode, Copilot provides conversational answers but cannot invoke MCP tools.
Can I restrict which MCP tools Copilot can access?
Yes. VS Code shows a tool consent dialog before any MCP tool is invoked for the first time. You can also configure tool access policies at the organization level through GitHub Copilot settings.
Does MCP work in VS Code Remote or Codespaces?
Yes. MCP servers configured via .vscode/mcp.json work in Remote SSH, WSL, and GitHub Codespaces environments. The MCP connection is established from the remote host, so ensure the server URL is accessible from that environment.
MCP tools not available
Ensure you are in Agent mode in Copilot Chat. MCP tools only appear in Agent mode.
Explore More MCP Servers
View all →
Structured
9 toolsConnect your AI to Structured. Programmatically manage your daily planner, tasks, and routines seamlessly directly from your terminal.
Couchbase (Vector & NoSQL)
7 toolsManage vector search and NoSQL via Couchbase — execute N1QL queries, perform KNN vector searches, and audit documents directly from any AI agent.
Tinybird Data Platform
10 toolsAnalyze real-time data via Tinybird — manage Data Sources, inspect Pipes, and query endpoints directly.
Groq
8 toolsEmpower LLM applications via Groq — perform ultra-fast LPU-accelerated chat completions, handle audio transcription and translation, and use JSON mode directly from any AI agent.