Cloudflare MCP. Control edge deployment, data, and secrets via agent.

Q: How do I check if a worker is actually running with the Cloudflare MCP?

Use listworkers to see all scripts deployed in your account. You can then use getworkeranalytics to get real-time performance data on its invocations.

Q: What is the best way to audit my secrets? (listsecrets)

Run listsecrets. This shows every secret name configured for a worker, letting you confirm what credentials exist without revealing their actual values.

Q: If I need to audit general traffic spikes or CDN performance across my whole site, how do I use getzoneanalytics?

You run getzoneanalytics to pull aggregated data for the last 24 hours. This gives you a high-level view of total traffic and overall zone health, helping identify usage spikes or regional issues.

Q: Before rolling out code changes, how can I use listdeployments to audit my rollout status?

Use listdeployments to see every deployment ID and version ID. This shows the current strategy (immediate or gradual) and exactly what percentage of traffic is hitting which worker version.

Q: I need to know all available key-value data containers before writing data, so how do I use listkvnamespaces?

Call listkvnamespaces first. It returns the IDs and titles of every key-value store in your account, letting you map out all the storage areas before attempting to read or write any keys.

Q: How do I use listworkerroutes to audit which URLs currently trigger my Cloudflare Workers?

Run listworkerroutes to see every route pattern and its associated script name. This is critical for knowing exactly what URLs are hitting your workers before you change or remove any paths.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Just plug in your AI agents and start using Vinkius.

Cloudflare MCP gives your agent full control over edge infrastructure. Manage serverless functions, update secrets, query databases, and monitor performance across Workers, KV, D1, and R2—all via natural language commands.

What your AI agents can do

Create deployment

Rolls out a specific worker version to traffic, allowing immediate or gradual percentage-based rollouts.

Create secret

Creates or updates an encrypted environment secret, like an API key or password, for a worker.

Create tail session

Starts a live log stream connection to debug a running worker in production.

+ 22 more capabilities included

Manage Deployments

Roll out worker versions with specific traffic percentages or instantly revert to previous stable states.

Secure Credentials

Create, read, and delete encrypted runtime secrets for your edge functions.

Control Traffic Routing

Direct specific URL paths or domains to a designated worker script.

Read/Write Key-Value Data

Access configuration settings or cached data stored in KV namespaces.

Execute SQL Queries

Run structured SELECT, INSERT, UPDATE, and DELETE commands against your D1 database.

Monitor Performance Metrics

Retrieve zone traffic data or specific worker invocation statistics to find bottlenecks.

Ask AI about this MCP

Ask ChatGPT

Ask Claude

Ask Perplexity

Supported MCP Clients

OAuth 2.0 Compatible

Claude

ChatGPT

Cursor

Gemini

VS Code

JetBrains

Vercel

Zendesk

+ other MCP clients

Free for Subscribers

Waiting for input…

AI Agent

Cloudflare: 25 Tools for Infrastructure Management

These tools give you granular access to every part of the Cloudflare platform, allowing your agent to manage deployment states, query data stores, and control networking routes.

Make your AI actually useful.

Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.

Start using Cloudflare on Vinkius

create019d7574

create deployment

Rolls out a specific worker version to traffic, allowing immediate or gradual percentage-based rollouts.

create019d7574

create secret

Creates or updates an encrypted environment secret, like an API key or password, for a worker.

create019d7574

create tail session

Starts a live log stream connection to debug a running worker in production.

create019d7574

create worker route

Assigns a specific URL pattern or domain to point traffic directly at your worker script.

delete019d7574

delete secret

Removes an unused secret from a worker, revoking access to that credential.

delete019d7574

delete tail session

Ends a live log streaming session when debugging is finished.

delete019d7574

delete worker

Permanently removes an entire worker script and all associated resources.

delete019d7574

delete worker route

Stops a specific URL pattern from pointing to your worker, effectively unpublishing it at that path.

get019d7574

get kv key

Reads the raw value of a single key stored within a KV namespace.

get019d7574

get worker

Retrieves detailed configuration information about an existing worker script.

get019d7574

get worker analytics

Pulls performance data for a worker, showing recent invocations and error rates.

get019d7574

get worker version

Fetches detailed metadata about a specific version snapshot of a worker script.

get019d7574

get zone analytics

Gathers aggregated traffic data for an entire DNS zone over the last 24 hours.

list019d7574

list d1 databases

Provides a list of all available SQLite databases you can run queries against.

list019d7574

list deployments

Lists every deployment attempt, including the strategy and current traffic split for a worker.

list019d7574

list kv keys

Provides an index of key names within a KV namespace before you read any data.

list019d7574

list kv namespaces

Lists all existing KV namespaces to determine where your configuration data is stored.

list019d7574

list r2 buckets

Shows the names and locations of all object storage buckets (R2) in your account.

list019d7574

list secrets

Lists configured secrets for a worker, showing their name and type without revealing the value.

list019d7574

list worker routes

Shows all active URL patterns that currently point to your workers.

list019d7574

list worker versions

Lists every historical code snapshot of a worker, allowing you to audit its deployment history.

list019d7574

list workers

Lists all active and inactive worker scripts across your account by name and status.

list019d7574

list zones

Returns a list of all DNS zones managed under your Cloudflare account ID.

purge019d7574

purge cache

Forces the clearing of cached content for an entire zone, ensuring fresh data is served immediately.

query019d7574

query d1

Executes a structured SQL query against a specific D1 database instance.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with Cloudflare, then connect any of our 4,800+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 4,800+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cloudflare. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

Your data is protected. See how we built it.

Works with Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This server provides 25 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.

Managing edge infrastructure used to feel like a scavenger hunt across five different dashboards.

Today, updating a single feature requires you to jump between Git, the Wrangler CLI, the secrets management UI, and the routing tab. You write a deployment script, run it locally, copy a new secret value into an environment variable file, then manually update the route pattern to point to the staging domain, and finally trigger a cache purge. It's tedious, error-prone, and takes half a day.

With this MCP, you just tell your agent: 'Deploy version 5 of Worker X, use the new secret stored in Y, and route it gradually to 10% traffic.' The agent handles the necessary sequence of calls—creating the deployment, ensuring the secrets are set via `create_secret`, updating the routes with `create_worker_route`, and even calling `purge_cache`—all without you lifting a finger. You get operational consistency.

The Cloudflare MCP gives you direct control over your workers, data, and secrets.

You no longer need to write boilerplate API calls or worry about the exact sequence of commands. Instead of manually checking deployment states using `list_deployments`, you ask your agent for a status report. The agent understands that 'check status' means calling multiple internal tools and synthesizing one coherent answer.

It changes everything. You stop managing infrastructure by clicking buttons; you start directing complex operations via natural language. It’s reliable, auditable, and fast.

Support 24/7 support@vinkius.com ↗

Security Vinkius Trust Center ↗

SLA Service Level Agreement ↗

Report Listing Send Report ↗

What you can do with this MCP connector

This connector lets you treat Cloudflare's entire platform like a single API endpoint accessible through conversation. Instead of running complex CLI scripts or clicking through multiple dashboards to update your edge application, you simply tell your agent what needs doing. You can manage everything from deploying new worker versions and routing traffic patterns to querying internal key-value stores (KV) and executing structured SQL against D1 databases.

It’s about operational control at scale; your agent handles the sequence of steps required for continuous deployment, secret rotation, and debugging. Because credentials pass through a zero-trust proxy on Vinkius, your keys never sit on a disk—they're only used in transit. This means you get deep platform access without compromising security.

You’ll gain visibility into every call via Vinkius AI Analytics, knowing exactly what data flowed and how the budget is being spent.

Built · Hosted · Managed by Vinkius Cloudflare MCP - Manage Edge Functions & Data Server ID 019d7574-1eda-704c-b226-9019c82c8dc7

Vinkius Inspector

Compliance Grade A+

Score 98.33/100

Report View Report ↗

Who Is Cloudflare MCP For?

Anyone running production workloads on Cloudflare. This isn't for hobbyists; it's for the DevOps engineer tired of context-switching between CLI, dashboard tabs, and Git commits when a simple rollback is needed at 2 AM.

Site Reliability Engineer (SRE)

Manages continuous deployment cycles, ensuring that create_deployment rollouts are gradual and reversible. They rely on monitoring tools like get_worker_analytics to confirm stability.

Full-Stack Developer

Needs to test new features quickly by deploying workers and checking the results of database queries using query_d1 before pushing code live.

Platform Architect

Responsible for maintaining secrets, ensuring that old credentials are removed via delete_secret, and managing worker routes with create_worker_route.

What Changes When You Connect

Instead of manually checking list_workers to see what's running, your agent can get detailed worker information using get_worker, giving you a quick status check without digging through dashboards.
When you update credentials, you don't have to remember the name; simply tell your agent to create or delete secrets, and it handles the call via create_secret or delete_secret.
Need to roll back code? You can list versions with list_worker_versions, then use get_worker_version to pick the exact snapshot ID before calling create_deployment.
Debugging complex paths is simple. Instead of guessing, you first run list_worker_routes and then tell your agent which specific route pattern needs a new worker assigned using create_worker_route.
Data integrity checks are easier than ever. You can query available databases with list_d1_databases, then execute a precise data retrieval or migration command using query_d1.
When you deploy content changes, remember to use the agent's ability to purge the cache via purge_cache. This ensures users see fresh origin data immediately.

Real-World Use Cases

Rolling out a critical fix with confidence

A developer pushes code and needs it live. They ask their agent to deploy the new version using create_deployment with a gradual rollout (5% traffic). The agent monitors initial error rates via get_worker_analytics, confirms stability, and then completes the full 100% rollout.

Debugging a production failure

The site starts failing. Instead of guessing, they tell their agent to create a tail session (create_tail_session). The agent streams real-time logs back to the chat interface until the root cause is found.

Auditing data access before migration

An SRE needs to know what's stored in a specific area. They run list_kv_namespaces first, then check for keys using list_kv_keys, allowing them to safely pull the required config via get_kv_key.

Cleaning up old infrastructure

The platform has several abandoned worker scripts. The architect uses list_workers to find all inactive resources, then confirms their status before using delete_worker on the unused ones.

The Tradeoffs

Deleting without confirmation

Telling the agent simply: 'Remove Worker X and its routes.' This risks deleting critical infrastructure or stopping traffic entirely.

→ First, use list_worker_routes to confirm all associated paths are accounted for. Then, delete the worker using delete_worker, ensuring you've checked if any active routes depend on it.

Manual data checking

Manually logging into the Cloudflare dashboard just to see what keys exist in a namespace.

→ Use list_kv_namespaces first, then run list_kv_keys to get a full audit index. This allows your agent to read the specific value using get_kv_key.

Over-relying on single deployments

Assuming that running one deployment is enough, without checking if traffic was successfully routed.

→ Always check the current state by calling list_deployments. This shows exactly what percentage of traffic is hitting which version before you call create_deployment.

When It Fits, When It Doesn't

Use this MCP when your job involves complex, multi-step infrastructure operations: rolling back code, updating credentials, or moving data. You need deep control over the entire worker lifecycle. Don't use it if all you need is to check a simple status—for instance, if you just want to see if a zone has traffic, get_zone_analytics works fine on its own. However, if your job requires chaining multiple actions, like 'Update secret X, then redeploy worker Y, and finally purge the cache,' this MCP is essential because it handles that entire sequence. The core value here is the depth of control over resource lifecycles.

Common Questions About Cloudflare MCP

How do I check if a worker is actually running with the Cloudflare MCP? +

Use list_workers to see all scripts deployed in your account. You can then use get_worker_analytics to get real-time performance data on its invocations.

Can I query my database without writing a CLI command? (query_d1) +

Yes, you pass the exact SQL query string directly to your agent. The MCP handles connecting to the D1 database and executing the query_d1 operation for you.

What is the best way to audit my secrets? (list_secrets) +

Run list_secrets. This shows every secret name configured for a worker, letting you confirm what credentials exist without revealing their actual values.

How do I make sure users see my changes instantly? (purge_cache) +

After deploying or updating static assets, you must use the purge_cache tool. This forces Cloudflare to clear old cached content for that zone and pull fresh data.

If I need to audit general traffic spikes or CDN performance across my whole site, how do I use `get_zone_analytics`? +

You run get_zone_analytics to pull aggregated data for the last 24 hours. This gives you a high-level view of total traffic and overall zone health, helping identify usage spikes or regional issues.

Before rolling out code changes, how can I use `list_deployments` to audit my rollout status? +

Use list_deployments to see every deployment ID and version ID. This shows the current strategy (immediate or gradual) and exactly what percentage of traffic is hitting which worker version.

I need to know all available key-value data containers before writing data, so how do I use `list_kv_namespaces`? +

Call list_kv_namespaces first. It returns the IDs and titles of every key-value store in your account, letting you map out all the storage areas before attempting to read or write any keys.

How do I use `list_worker_routes` to audit which URLs currently trigger my Cloudflare Workers? +

Run list_worker_routes to see every route pattern and its associated script name. This is critical for knowing exactly what URLs are hitting your workers before you change or remove any paths.

View all recipes →