Prismix
Cloudflare Vendor Dev tools

Cloudflare Workers

Deploy + manage Cloudflare Workers + Pages + KV + R2 from inside an agent conversation.

3,904 stars 436 forks Last commit 2d ago Language TypeScript License Apache-2.0
Sign in to like, install, or save to a bundle → View on GitHub → Docs ↗

Install

npx @cloudflare/mcp-server-cloudflare init

Maintainer? Add the badge

Listed on Prismix ← shows on your README, links back here
[![Listed on Prismix](https://prismix.dev/api/badge/mcp/cloudflare-workers.svg)](https://prismix.dev/mcp/cloudflare-workers)

Claude Desktop / Cursor config

Drop into your claude_desktop_config.json or Cursor MCP settings. Replace the ${…} placeholders with your own values. 

{
  "mcpServers": {
    "cloudflare": {
      "command": "npx",
      "args": ["-y", "@cloudflare/mcp-server-cloudflare"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "${CF_TOKEN}",
        "CLOUDFLARE_ACCOUNT_ID": "${CF_ACCOUNT_ID}"
      }
    }
  }
}

About

Cloudflare's official MCP server. Surfaces the Cloudflare API for Workers (list, deploy, tail logs), Pages (project list, deployments, build triggers), KV (list namespaces, read/write keys), R2 (bucket listing, object operations), and DNS records. Auth via API token with the relevant scopes.

Tags #cloudflare #workers #edge #deployment #vendor

Recent releases (5)

All releases →
  • [email protected] Latest Jun 2, 2026 
    ### Minor Changes

-   f625075: Centralize Cloudflare account resolution and remove the account-management tools.

    The `accounts_list` and `set_active_account` tools are removed. Account scoping is now
    resolved automatically by an `AccountManager` (via the new `server.accountTool()`
    registration), in priority order:

    1.  **Auth-pinned account** — an account-scoped API token's account, or an OAuth token with a
        single account, is used automatically (no `account_id` parameter is exposed).
    2.  **`cf-account-id` request header** — for tokens that can access multiple accounts, set this
        header in your MCP client config to pick an account.
    3.  **`account_id` tool argument** — for multi-account tokens, account-scoped tools expose an
        optional `account_id` parameter; when omitted (and no header is set) the tool returns an
        error listing the accounts you can use. Multi-account credentials also list their accounts
        in the server's `initialize` instructions.

    All tool error responses now set `isError: true` so clients can distinguish failures.

### Patch Changes

-   a358e69: Upgrade `@cloudflare/workers-oauth-provider` 0.4.0 → 0.7.0.

    No tool or behavior changes. The only API change affecting this repo is that
    `TokenExchangeCallbackOptions` now carries a required `grantId` field, which only
    touched a test fixture (the provider supplies it at runtime).

-   f625075: Upgrade core dependencies: `agents` 0.2.19 → 0.13.3, `@modelcontextprotocol/sdk` 1.20.2 →
    1.29.0, `zod` 3 → 4, and `ai` 4 → 6.

    No user-facing tool or behavior changes. Internal adjustments for the new versions:

    -   `zod` 4: `z.record(...)` now takes an explicit key schema; `z.string().ip()` replaced with
        `z.ipv4()`/`z.ipv6()` validation; dropped the removed `objectOutputType` helper.
    -   `agents` 0.13: `McpAgent` env generic is constrained to `Cloudflare.Env`.
    -   MCP SDK 1.29: tool `annotations` hints must be flat (`{ title, readOnlyHint, ... }`) — fixes a
        latent bug where nested hints were silently ignored.
    -   `ai` 6: eval tooling updated (`LanguageModel`, `inputSchema`, `stopWhen`/`stepCountIs`, tool-call `input`).
    View on GitHub ↗
  • [email protected] Jun 2, 2026 
    ### Minor Changes

-   f625075: Centralize Cloudflare account resolution and remove the account-management tools.

    The `accounts_list` and `set_active_account` tools are removed. Account scoping is now
    resolved automatically by an `AccountManager` (via the new `server.accountTool()`
    registration), in priority order:

    1.  **Auth-pinned account** — an account-scoped API token's account, or an OAuth token with a
        single account, is used automatically (no `account_id` parameter is exposed).
    2.  **`cf-account-id` request header** — for tokens that can access multiple accounts, set this
        header in your MCP client config to pick an account.
    3.  **`account_id` tool argument** — for multi-account tokens, account-scoped tools expose an
        optional `account_id` parameter; when omitted (and no header is set) the tool returns an
        error listing the accounts you can use. Multi-account credentials also list their accounts
        in the server's `initialize` instructions.

    All tool error responses now set `isError: true` so clients can distinguish failures.

### Patch Changes

-   a358e69: Upgrade `@cloudflare/workers-oauth-provider` 0.4.0 → 0.7.0.

    No tool or behavior changes. The only API change affecting this repo is that
    `TokenExchangeCallbackOptions` now carries a required `grantId` field, which only
    touched a test fixture (the provider supplies it at runtime).

-   f625075: Upgrade core dependencies: `agents` 0.2.19 → 0.13.3, `@modelcontextprotocol/sdk` 1.20.2 →
    1.29.0, `zod` 3 → 4, and `ai` 4 → 6.

    No user-facing tool or behavior changes. Internal adjustments for the new versions:

    -   `zod` 4: `z.record(...)` now takes an explicit key schema; `z.string().ip()` replaced with
        `z.ipv4()`/`z.ipv6()` validation; dropped the removed `objectOutputType` helper.
    -   `agents` 0.13: `McpAgent` env generic is constrained to `Cloudflare.Env`.
    -   MCP SDK 1.29: tool `annotations` hints must be flat (`{ title, readOnlyHint, ... }`) — fixes a
        latent bug where nested hints were silently ignored.
    -   `ai` 6: eval tooling updated (`LanguageModel`, `inputSchema`, `stopWhen`/`stepCountIs`, tool-call `input`).
    View on GitHub ↗
  • [email protected] Jun 2, 2026 
    ### Minor Changes

-   f625075: Centralize Cloudflare account resolution and remove the account-management tools.

    The `accounts_list` and `set_active_account` tools are removed. Account scoping is now
    resolved automatically by an `AccountManager` (via the new `server.accountTool()`
    registration), in priority order:

    1.  **Auth-pinned account** — an account-scoped API token's account, or an OAuth token with a
        single account, is used automatically (no `account_id` parameter is exposed).
    2.  **`cf-account-id` request header** — for tokens that can access multiple accounts, set this
        header in your MCP client config to pick an account.
    3.  **`account_id` tool argument** — for multi-account tokens, account-scoped tools expose an
        optional `account_id` parameter; when omitted (and no header is set) the tool returns an
        error listing the accounts you can use. Multi-account credentials also list their accounts
        in the server's `initialize` instructions.

    All tool error responses now set `isError: true` so clients can distinguish failures.

### Patch Changes

-   a358e69: Upgrade `@cloudflare/workers-oauth-provider` 0.4.0 → 0.7.0.

    No tool or behavior changes. The only API change affecting this repo is that
    `TokenExchangeCallbackOptions` now carries a required `grantId` field, which only
    touched a test fixture (the provider supplies it at runtime).

-   f625075: Upgrade core dependencies: `agents` 0.2.19 → 0.13.3, `@modelcontextprotocol/sdk` 1.20.2 →
    1.29.0, `zod` 3 → 4, and `ai` 4 → 6.

    No user-facing tool or behavior changes. Internal adjustments for the new versions:

    -   `zod` 4: `z.record(...)` now takes an explicit key schema; `z.string().ip()` replaced with
        `z.ipv4()`/`z.ipv6()` validation; dropped the removed `objectOutputType` helper.
    -   `agents` 0.13: `McpAgent` env generic is constrained to `Cloudflare.Env`.
    -   MCP SDK 1.29: tool `annotations` hints must be flat (`{ title, readOnlyHint, ... }`) — fixes a
        latent bug where nested hints were silently ignored.
    -   `ai` 6: eval tooling updated (`LanguageModel`, `inputSchema`, `stopWhen`/`stepCountIs`, tool-call `input`).
    View on GitHub ↗
  • [email protected] Jun 2, 2026 
    ### Minor Changes

-   f625075: Centralize Cloudflare account resolution and remove the account-management tools.

    The `accounts_list` and `set_active_account` tools are removed. Account scoping is now
    resolved automatically by an `AccountManager` (via the new `server.accountTool()`
    registration), in priority order:

    1.  **Auth-pinned account** — an account-scoped API token's account, or an OAuth token with a
        single account, is used automatically (no `account_id` parameter is exposed).
    2.  **`cf-account-id` request header** — for tokens that can access multiple accounts, set this
        header in your MCP client config to pick an account.
    3.  **`account_id` tool argument** — for multi-account tokens, account-scoped tools expose an
        optional `account_id` parameter; when omitted (and no header is set) the tool returns an
        error listing the accounts you can use. Multi-account credentials also list their accounts
        in the server's `initialize` instructions.

    All tool error responses now set `isError: true` so clients can distinguish failures.

### Patch Changes

-   a358e69: Upgrade `@cloudflare/workers-oauth-provider` 0.4.0 → 0.7.0.

    No tool or behavior changes. The only API change affecting this repo is that
    `TokenExchangeCallbackOptions` now carries a required `grantId` field, which only
    touched a test fixture (the provider supplies it at runtime).

-   f625075: Upgrade core dependencies: `agents` 0.2.19 → 0.13.3, `@modelcontextprotocol/sdk` 1.20.2 →
    1.29.0, `zod` 3 → 4, and `ai` 4 → 6.

    No user-facing tool or behavior changes. Internal adjustments for the new versions:

    -   `zod` 4: `z.record(...)` now takes an explicit key schema; `z.string().ip()` replaced with
        `z.ipv4()`/`z.ipv6()` validation; dropped the removed `objectOutputType` helper.
    -   `agents` 0.13: `McpAgent` env generic is constrained to `Cloudflare.Env`.
    -   MCP SDK 1.29: tool `annotations` hints must be flat (`{ title, readOnlyHint, ... }`) — fixes a
        latent bug where nested hints were silently ignored.
    -   `ai` 6: eval tooling updated (`LanguageModel`, `inputSchema`, `stopWhen`/`stepCountIs`, tool-call `input`).
    View on GitHub ↗
  • [email protected] Jun 2, 2026 
    ### Patch Changes

-   af70c87: Add a `deleted_classes: ["UserDetails"]` Durable Object migration to the graphql server.

    \#384 removed the `UserDetails` Durable Object (and its bindings) from every server, and added the
    required delete-class migration to the two servers that _own_ the class (`workers-observability`,
    `workers-builds`). The graphql worker's already-deployed version still depends on `UserDetails`, so
    `wrangler deploy` rejected the new version with `code: 10064` ("New version of script does not export
    class 'UserDetails' which is depended on by existing Durable Objects"), which aborted the staging and
    production deploys. Adding the delete-class migration lets graphql deploy and releases the binding that
    was blocking `workers-observability` from applying its own `deleted_classes` migration (`code: 10061`).

    Validated on staging: graphql + observability deploy cleanly and the staging `UserDetails` namespace is
    removed.
    View on GitHub ↗

Discussion (0)

Sign in to comment →

No comments yet. Sign in to start the discussion.

More Dev tools servers