Cloudflare Tunnel MCP for AI Agents. Manage Zero Trust network routing and private infrastructure connections
Cloudflare Tunnel MCP lets your AI agent manage Zero Trust connectivity and private network routing for Cloudflare Tunnels. You can list tunnels, create new routes, update ingress rules, and monitor connections—all through natural conversation without touching the CLI.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
The agent returns a consolidated report showing the operational health of every tunnel in your environment.
You can define new rules that direct external traffic to specific internal services via updated routing records.
The agent applies core changes to a tunnel's properties, ensuring the connection remains robust and up-to-date.
You can initiate the creation of new tunnels or fully decommission old ones, maintaining strict control over your network footprint.
The tool provides a clean way to list active connectors and run cleanup actions to remove stale sessions safely.
Ask an AI about this
Waiting for input…
What AI agents can do with Manage 17 Cloudflare Tunnels Routes for Network Security
Use these tools to query, fetch, update, or delete tunnel routes, configurations, and connections for secure network access.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Cloudflare Tunnel MCPCleanup Connections
Removes specified Cloudflare Tunnel connectors from your account to maintain a clean connection list.
Create Route
Creates a new network route for an existing tunnel, directing specific traffic...
Create Tunnel
Initializes and creates a brand-new Cloudflare Tunnel within your account.
Delete Route
Removes an existing tunnel route when the associated network path is no longer...
Delete Tunnel
Decommissions and deletes a Cloudflare Tunnel completely from your service.
Get Configuration
Retrieves the full configuration details for any remotely-managed tunnel.
Get Connector
Fetches specific details about a Cloudflare Tunnel connector instance.
Get Management Token
Generates the necessary token required to manage your tunnels programmatically.
Get Route By Ip
Looks up a specific tunnel route using an associated IP address.
Get Tunnel Token
Retrieves the necessary token needed to run and connect a Cloudflare Tunnel client.
Get Tunnel
Pulls all specific details for one designated Cloudflare Tunnel ID.
List Connections
Returns a comprehensive list of active and inactive Cloudflare Tunnel connections.
List Routes
Lists all defined network routes across your entire set of tunnels.
List Tunnels
Provides a filtered list of all Cloudflare Tunnels, allowing you to check health...
Put Configuration
Adds or overwrites the configuration details for a specific remotely-managed tunnel.
Update Route
Modifies an existing network route, changing its destination or ruleset.
Update Tunnel
Updates core properties of a Cloudflare Tunnel that are not covered by simple...
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Cloudflare Tunnel MCP for AI Agents integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Cloudflare Tunnel, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cloudflare Tunnel. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Cloudflare Tunnel and Zero Trust: Managing Network Paths with this MCP
Today, managing your network access means jumping between the Cloudflare dashboard, running `cf` commands in a terminal, and updating firewall rules manually. If you need to change an ingress rule for a staging site, it's tedious: copy the current settings, edit them locally, then paste everything back into the command line.
With this MCP, you just tell your agent what needs fixing. You ask it to 'Update the API routes for my staging environment.' The agent handles fetching the existing configuration and applying the precise changes using tools like `put_configuration`. You get immediate confirmation that the network path is correct.
Cloudflare Tunnel and Infrastructure: Streamlining Tunnel Connections with this MCP
The biggest time sink is tracking down stale or unnecessary tunnels. Developers often spin up temporary test tunnels, and then forget to delete them, leading to security bloat. Manually listing and checking the status of dozens of these connectors is a nightmare.
Now, you just ask your agent to 'Clean up all unused connections.' The MCP runs `cleanup_connections`, identifies the stale sessions, and removes them safely. You've kept your network clean without ever leaving the chat window.
What Cloudflare Tunnel MCP for AI Agents MCP does for your AI
Managing cloud infrastructure usually means juggling a console here and a command line there. This MCP changes that. It gives your AI client direct control over Cloudflare Tunnels, letting you handle Zero Trust connectivity purely through chat. You can list every tunnel in your account to check their health status or retrieve detailed metadata for troubleshooting.
Need to update an ingress rule? You can modify origin settings and routes remotely without ever typing cf into the terminal. It's a massive time saver for security teams auditing network paths, or DevOps engineers quickly patching routing issues during deployments. Because this MCP is part of Vinkius, you get access to hundreds of other industry-leading tools alongside your Cloudflare setup, keeping all your infrastructure management in one place.
019e3879-92e4-70fb-a221-3cc2005dd61a 
How to set up Cloudflare Tunnel MCP for AI Agents MCP
The bottom line is that your AI client acts as a single pane of glass, letting you manage complex network routing tasks without needing to memorize specific CLI commands.
First, subscribe to this MCP on Vinkius and provide your Cloudflare API Token with the necessary Tunnel permissions.
Next, ask your AI client a specific question, like 'List all tunnels in my production environment,' or 'Update the ingress rules for web-app'.
The agent executes the request against Cloudflare's infrastructure and returns actionable data, allowing you to confirm status changes or retrieve updated configurations.
Who uses Cloudflare Tunnel MCP for AI Agents MCP
This MCP is critical for DevOps Engineers who get frustrated having to switch between their IDE and the terminal just to check tunnel health. It's also essential for Security Teams that need to audit network routes against Zero Trust policy in real-time, without manually running multiple commands.
Using this MCP to quickly update ingress rules or list tunnel connections during a deployment hotfix, avoiding manual CLI interaction.
Auditing active tunnels and network routes across multiple accounts to ensure zero-trust compliance before an audit deadline hits.
Automating the cleanup of stale connections or creating new tunnels for temporary testing environments without leaving their primary workspace.
Benefits of connecting Cloudflare Tunnel MCP for AI Agents MCP
Instead of running five different cf commands, you simply ask your agent to 'List all tunnels' using the list_tunnels tool. It gets you a consolidated view instantly.
You can update complex ingress rules—like setting up a new API endpoint route—by calling put_configuration, which handles the syntax for you.
Need to check if an old connection is still active? Use cleanup_connections and let your agent safely prune stale sessions, ensuring high availability without manual auditing.
The ability to retrieve full tunnel details via get_tunnel means deep-diving into specific tunnels' metadata without leaving the chat interface.
When building a new service connection, you can use create_tunnel and immediately follow up with get_tunnel_token, all in one conversation.
Cloudflare Tunnel MCP for AI Agents MCP use cases
Auditing Compliance After an Incident
A security analyst needs to prove that no unauthorized tunnels exist. They ask the agent to 'List and filter all tunnels by status.' The agent runs list_tunnels and provides a clean report, ensuring compliance with Zero Trust policies.
Deploying a New Backend Service
A DevOps engineer needs to expose a new internal microservice. They instruct the agent to 'Create a tunnel for my staging environment' (create_tunnel), and then use create_route to direct traffic to it.
Fixing Broken API Access
The main website suddenly can't reach its database. The agent checks the routes by calling get_route_by_ip, identifies the broken path, and uses update_route to fix it immediately.
Cleaning Up Old Infrastructure
A team decommissioned a project last month. Instead of manually deleting resources, they ask the agent to 'Clean up all connections for Project X,' triggering cleanup_connections and freeing up resources safely.
Cloudflare Tunnel MCP for AI Agents MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Over-relying on CLI scripting
A user copies a massive, multi-step deployment script into their terminal session, making it hard to read or debug the network path changes.
Instead of running long scripts, use your AI client to manage infrastructure state. Ask the agent to list_routes first, then tell it exactly which routes need changing using update_route. This keeps the conversation focused and traceable.
Manually managing tokens
A user has to manually copy API keys and ensure they have the correct permissions for every single action, risking security leaks.
Let your agent handle credentials. You can ask it to get_management_token and use that token within the chat context. The MCP handles the secure credential flow.
Forgetting dependencies
A user tries to update a tunnel's configuration without first confirming if the required connector is still active, causing failure.
Always audit first. Use list_connections or get_connector before attempting any write action like put_configuration or update_tunnel. Check the status first.
When to use Cloudflare Tunnel MCP for AI Agents MCP
Use this MCP if your workflow involves routine network auditing, rapid route adjustments, or managing a large number of Zero Trust tunnels. If you frequently find yourself checking tunnel health, updating ingress rules, or listing connections across multiple environments, this is for you. Don't use it if all you need to do is read documentation; the agent can summarize that faster. Furthermore, don't try to manage resources outside of Cloudflare Tunnel using these tools—you'll need a different type of MCP designed for those specific services.
Frequently asked questions about Cloudflare Tunnel MCP for AI Agents MCP
How can I use the Cloudflare Tunnel MCP to manage my Zero Trust policies? +
You can audit your entire tunnel infrastructure by listing all tunnels and connections. This allows you to verify that every active network path adheres strictly to your company's defined Zero Trust rules.
Does the Cloudflare Tunnel MCP let me update ingress rules without using the command line? +
Yes, absolutely. You can tell your agent exactly which traffic should go where—for example, directing api.example.com to a new internal port—and it will handle updating those complex rules for you.
What if I forget about temporary tunnels? Can the MCP clean them up? +
Yes. You can instruct your agent to run cleanup actions, which safely identifies and removes stale tunnel connections and unused resources from your account.
Is this Cloudflare Tunnel MCP suitable for DevOps deployment tasks? +
It's ideal for DevOps workflows. Instead of multiple manual steps, you can ask the agent to create a new tunnel and immediately establish the necessary network routes needed for testing or production.
I need to check if my internal resource is exposed properly. How do I use this MCP? +
You can use the MCP to list all defined tunnel routes, allowing you to verify that your specific IP addresses and resources are connected via the correct network paths.