# Cloudflare MCP for AI Agents MCP

> The Cloudflare MCP gives your AI agents full control over your edge infrastructure, including DNS records, Workers, KV storage, and WAF rules. You can audit CDN performance, deploy configurations, and manage load balancers entirely through natural conversation, eliminating the need to click through dashboards.

## Overview
- **Category:** ship-it
- **Price:** Free
- **Tags:** dns-management, cdn, edge-computing, firewall, serverless, network-security

## Description

Managing a modern web stack means juggling multiple services: DNS changes, updating serverless functions, adjusting firewall policies. This MCP lets your AI agent handle all of it. Instead of opening 10 different tabs in the Cloudflare dashboard, you talk to your client and tell it what needs fixing or changing. It handles everything from listing basic records (A, CNAME, MX) to writing configuration data into KV namespaces for Workers. Need to check if traffic is coming through the CDN? You can run those analytics reports instantly. Want to audit who's calling your services? The agent reviews every firewall rule and even checks which workers are deployed across your account. This level of deep control over DNS, edge computing, and security was once reserved for dedicated DevOps tooling; now you get it right inside any MCP-compatible client through Vinkius. It turns complex infrastructure management into a simple conversation.

## Tools

### get_zone_analytics
Audits CDN performance by retrieving traffic analytics to identify spikes or review threat mitigation statistics.

### create_dns_record
Creates a new DNS record in a zone, allowing you to define the type, hostname, content, and proxy status.

### delete_dns_record
Permanently removes an existing DNS record from the specified cloudflare zone.

### list_dns_records
Retrieves a list of all configured records for a zone, including their type and proxy status.

### list_firewall_rules
Lists every Web Application Firewall rule in a zone, showing its filter expression and defined action (block, challenge, allow).

### get_kv_value
Reads the value associated with a specific key name within a designated KV namespace.

### get_zone
Fetches detailed information about a specific Cloudflare zone using its ID.

### list_cloudflare_ips
Retrieves the official IP address ranges for Cloudflare, useful for setting up origin firewall allow-lists.

### list_kv_namespaces
Lists all available KV namespaces used for edge data and configuration storage within your account.

### list_load_balancers
Displays load balancer details, including target pools and current health status across a zone.

### list_pages_projects
Lists all Cloudflare Pages deployments connected to Git repositories, showing their build status and source branch.

### put_kv_value
Writes or updates a value in a specific KV namespace using the required key name.

### update_dns_record
Modifies existing DNS records by updating fields like content, TTL, or proxy status.

### list_workers
Lists all deployed Worker scripts in your account, showing deployment times and resource usage.

### list_zones
Retrieves a comprehensive list of every domain zone managed by Cloudflare.

## Prompt Examples

**Prompt:** 
```
Show me all my A records and tell me which ones are using the proxy.
```

**Response:** 
```
**DNS Records for example.com**

*   `app`: 203.0.113.10 (Proxied)
*   `api`: 203.0.113.11 (Proxied)
*   `staging`: 203.0.113.20 (DNS only)

Three records found. Do you want to update the proxy status for any of these?
```

**Prompt:** 
```
What are the top three security rules and what do they do?
```

**Response:** 
```
**Active WAF Rules**

The following rules define your current web application firewall policy:

1.  **Block known bots**: Blocks traffic from recognized bad actors (Action: Block, Status: Enabled).
2.  **Rate limit /api**: Challenges IPs hitting the API endpoint over 1000 requests/5min (Action: Challenge, Status: Enabled).
3.  **Allow internal IP range**: Permits your team's IP addresses globally (Action: Allow, Status: Enabled).
```

**Prompt:** 
```
I need to set the feature flag for beta users in my worker.
```

**Response:** 
```
**KV Storage Update**

Namespace `worker-config`:
*   Key: `beta_enabled`<br>*   Value: `true` (Successfully written)<br>

The update is complete. Beta features are now active across your edge network.
```

## Capabilities

### Manage Domain Name System (DNS) Records
You can list, create, update, and delete all types of DNS records while controlling settings like TTL and whether traffic is proxied through the CDN.

### Audit Network Security and Firewall Rules
Review every Web Application Firewall (WAF) rule, checking filter expressions, actions, and enabled status to keep your site secure.

### Control Edge Computing Workers
List all deployed serverless Worker scripts across your account, including their last deployment time and resource bindings.

### Handle Key-Value (KV) Data Storage
Browse KV namespaces or read and write specific key-value pairs needed for feature flags, configuration settings, or cached data.

### Monitor CDN Performance Analytics
View comprehensive traffic data, including request counts, bandwidth usage, threat mitigation efforts, and cache ratios.

### Inspect Load Balancer Configurations
Check the health status of load balancers, reviewing origin pools and traffic steering policies to ensure high availability.

## Use Cases

### Debugging DNS Failures
A developer notices a service is unreachable. Instead of checking multiple records, they ask their agent to run `list_dns_records` for the zone and compare the result against the expected setup, pinpointing which record type or proxy status needs fixing.

### Responding to Security Alerts
The security team gets a warning about potential bot traffic. They prompt their agent to run `list_firewall_rules` and check the current WAF action, then use `update_dns_record` to implement an immediate block if needed.

### Updating Worker Feature Flags
The product manager needs to activate a new feature flag for testing. They ask their agent to read the current namespace via `list_kv_namespaces`, and then use `put_kv_value` to flip the required boolean switch.

### Initial Infrastructure Audit
A new team member takes over a project. They ask their agent to run `list_zones` first, and then gather all active Workers using `list_workers`, getting a full inventory of the current edge setup.

## Benefits

- Audit your entire network stack without leaving the chat window. You can view everything from `list_dns_records` to `list_firewall_rules`, all in one go.
- Speed up deployment cycles by automating changes. Use `create_dns_record` or `update_dns_record` instantly instead of manually logging into a web dashboard.
- Keep your edge secure and compliant. Review WAF settings using `list_firewall_rules` to ensure all security policies are correctly implemented at the source.
- Manage configuration data reliably. Quickly read or write feature flags and cached content using `get_kv_value` and `put_kv_value` for Workers.
- Understand traffic flow instantly. View detailed CDN metrics via `list_zone_analytics`, giving you clear data on performance and threat mitigation.

## How It Works

The bottom line is that your AI client uses your API credentials to speak directly with Cloudflare services and execute infrastructure changes on your behalf.

1. Subscribe to this MCP on Vinkius and provide your Cloudflare API Token.
2. Connect the token via any MCP-compatible client (like Cursor or Claude).
3. Ask your agent for the specific action, like 'List all A records for my main domain' or 'Update the rate limit rule'.

## Frequently Asked Questions

**How can I check my DNS records using the Cloudflare MCP for AI Agents?**
You simply ask your agent to list all records or filter by type. It will show you every A, CNAME, and MX record currently configured in your zone, letting you confirm pointers are correct without manually visiting the dashboard.

**Can this MCP help me manage my Workers configuration?**
Yes. You can list all deployed workers to see their status, or use KV functions to read and write feature flags and configuration data used by those worker scripts.

**Does the Cloudflare MCP for AI Agents help with security auditing?**
It's perfect for security. You can review every single firewall rule, see who is blocked or challenged, and audit your CDN analytics to spot unusual traffic spikes or threat activity.

**What if I need to change a DNS record? Is it safe?**
The agent allows you to update specific records by providing the necessary IDs. It's highly controlled, letting you only modify fields like TTL or content, minimizing the risk of breaking your site.

**Is this MCP for AI Agents compatible with my current development environment?**
Since it runs through Vinkius and utilizes the open Model Context Protocol (MCP), it connects to any client that speaks the standard language, including Cursor, Claude, or VS Code extensions.