/ Каталог / Песочница / Cloudflare
← Все серверы ↗ GitHub
● Официальный cloudflare 🔑 Нужен свой ключ

Cloudflare

автор cloudflare · cloudflare/mcp-server-cloudflare

Official Cloudflare MCP — deploy Workers, query D1, manage R2 and KV, read logs and analytics, all from chat.

Cloudflare's official MCP (actually a family, served remotely at *.mcp.cloudflare.com). Covers Workers deploys and logs, D1 SQL, KV/R2 storage, DNS zones, and Radar analytics. OAuth-based — no manual API token juggling.

▶ Смотреть демо 📦 Установить 💡 Сценарии

Зачем использовать

Ключевые функции

Живое демо

Как выглядит на практике

cloudflare.replay ▶ готово
0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "cloudflare": {
      "command": "npx",
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ]
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "cloudflare": {
      "command": "npx",
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ]
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "cloudflare": {
      "command": "npx",
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ]
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "cloudflare": {
      "command": "npx",
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ]
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "cloudflare",
      "command": "npx",
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json
{
  "context_servers": {
    "cloudflare": {
      "command": {
        "path": "npx",
        "args": [
          "-y",
          "@cloudflare/mcp-server-cloudflare"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add cloudflare -- npx -y @cloudflare/mcp-server-cloudflare

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: Cloudflare

Debug a Worker that's throwing 500s in production

👤 Cloudflare Workers developers on call ⏱ ~15 min intermediate

Когда использовать: Your Worker's error rate spiked. You want logs, recent deploys, and a diff of what changed — without opening the dashboard.

Предварительные требования
  • Cloudflare account OAuth-connected to your MCP client — First tool call triggers OAuth; grant the 'Workers Observability' and 'Workers Bindings' scopes
Поток
  1. Tail recent Worker logs filtered by error
    Tail logs for Worker 'api-edge' in the last 15 minutes. Filter to status >= 500. Group by the first 100 chars of the error message.✓ Скопировано
    → Top error templates with counts and timestamps
  2. List recent deployments
    List the last 5 deployments of 'api-edge'. Show deploy time, author, and the version hash.✓ Скопировано
    → Deploy timeline — correlate with error onset
  3. Roll back if needed
    The error spike starts after the deploy at 14:22. Roll 'api-edge' back to the previous version. Ask me before confirming.✓ Скопировано
    → Confirmation prompt before destructive action

Итог: A restored production Worker, with a clear 'deploy X caused errors Y' postmortem note.

Подводные камни
  • Log tail is real-time only; can miss a burst that already passed — For historical windows, use the Logpush or Analytics Engine MCP tools instead of tail
  • Rollback doesn't migrate D1/KV state — If the bad deploy ran migrations, rolling the Worker alone isn't enough — you may need a D1 restore too
Сочетать с: github · sentry

Run ad-hoc analytics against a D1 database

👤 Developers using D1 for app data ⏱ ~10 min beginner

Когда использовать: You want signup-conversion or usage stats from your D1, without writing a dashboard.

Поток
  1. Find the right database and list schema
    List my D1 databases. For the one called 'prod-app', show all tables and their columns.✓ Скопировано
    → Database inventory plus schemas
  2. Run the analytics query
    In D1 'prod-app', count users who signed up in the last 30 days grouped by week. Show only users who have at least one event in the events table.✓ Скопировано
    → Per-week counts, valid SQL
  3. Iterate
    Break it down further by signup source. Which source has the best 7-day activation rate?✓ Скопировано
    → Per-source comparison with rates

Итог: Decision-ready numbers with the SQL shown.

Подводные камни
  • D1 has per-query row and execution-time limits — For large aggregations, pre-aggregate into a summary table on a schedule instead of scanning raw events each time
Сочетать с: notion

Audit and clean up a bloated KV namespace

👤 Engineers whose Workers cache has drifted ⏱ ~20 min intermediate

Когда использовать: Your KV bill is up; you suspect stale keys or misconfigured TTLs.

Поток
  1. Survey the namespace
    For KV namespace 'session-cache', list the first 1000 keys. Sample 10 values and tell me their structure.✓ Скопировано
    → Key pattern distribution, sample value shapes
  2. Identify stale entries
    For keys matching session:*, how many haven't been accessed in >30 days? (Use metadata if present; otherwise sample and check timestamps in values.)✓ Скопировано
    → Stale key estimate plus criteria used
  3. Delete safely
    Delete keys matching session:expired:* in batches of 100. Show me the first batch before proceeding.✓ Скопировано
    → Batch preview before any deletion

Итог: A cleaner KV namespace with lower storage cost.

Подводные камни
  • KV is eventually consistent — deletes can appear to un-delete briefly from edge POPs — Don't rely on immediate consistency after bulk delete; verify state after a minute

Review DNS records before a domain migration

👤 Ops engineers migrating domains between providers ⏱ ~15 min beginner

Когда использовать: You're about to change nameservers and you want to inventory every record so you don't drop MX, DMARC, or a forgotten subdomain.

Поток
  1. Dump every record
    List all DNS records for zone example.com. Group by type. Include priorities for MX and weights for SRV.✓ Скопировано
    → Complete record inventory
  2. Flag critical records
    Highlight any that would break email (MX, SPF in TXT, DKIM, DMARC), plus any A/AAAA/CNAME pointing at third-party services (Stripe, HubSpot, status page).✓ Скопировано
    → Critical-record list with rationale
  3. Produce a migration checklist
    Turn this into a checklist I can run on the new provider — each record with its destination, TTL, and 'test after migration' step.✓ Скопировано
    → Copy-paste runbook

Итог: A migration-day runbook that leaves no record behind.

Подводные камни
  • Forgotten DKIM records break email silently 24h later — Specifically list every _domainkey.<selector> record — they're the easiest to miss
Сочетать с: filesystem

Check Cloudflare Radar for an internet incident affecting users

👤 Incident responders, support leads ⏱ ~10 min intermediate

Когда использовать: Users are reporting your site is down in Brazil. Could be you, could be the internet.

Поток
  1. Query Radar for the country
    Cloudflare Radar: is there any notable internet disruption in Brazil in the last 6 hours? Include BGP anomalies, ISP outages, attack traffic.✓ Скопировано
    → Known events list or 'nothing anomalous'
  2. Cross-check with your traffic
    For my zone example.com, traffic from BR in the last 6 hours — volume, HTTP status breakdown, top user agents.✓ Скопировано
    → BR-specific traffic profile
  3. Conclude
    Based on Radar + my traffic, is this a general Brazil-internet issue or specific to my site?✓ Скопировано
    → Clear verdict with the supporting evidence

Итог: A defensible 'not our fault, it's <ISP X> issue' or 'it IS our fault, here's what' answer.

Подводные камни
  • Radar data has ~1h lag — For ultra-fresh incidents, pair with your own RUM data
Сочетать с: sentry

Комбинации

Сочетайте с другими MCP — эффект x10

cloudflare + github

Correlate a Workers rollback with the GitHub PR that introduced the regression

Worker 'api-edge' is failing since deploy at 14:22. Find the GitHub PR whose merge corresponds to that deploy and summarize its changes.✓ Скопировано
cloudflare + sentry

Sentry reports Worker-origin errors; Cloudflare MCP pulls the Worker-side logs for the same requestId

Sentry issue EDGE-441 has CF-Ray 8abc123. Tail Worker 'api-edge' for that ray and show the matching log line.✓ Скопировано
cloudflare + filesystem

Edit Worker source locally, deploy via wrangler, verify via Cloudflare MCP logs

Fix the bug in src/index.ts at line 44, deploy, then tail 'api-edge' logs to confirm no more 500s.✓ Скопировано

Инструменты

Что предоставляет этот MCP

ИнструментВходные данныеКогда вызыватьСтоимость
workers_tail script_name: str, filter?: object Real-time Worker log tailing free (within plan limits)
workers_list_deployments script_name: str Review recent versions of a Worker free
workers_rollback script_name: str, version_id: str Revert to a prior version — gated, destructive free
d1_list_databases none Inventory your D1 databases free
d1_query database_id: str, sql: str, params?: [] Run SELECT or mutating SQL — writes require explicit prompt confirmation D1 pricing per rows read/written
kv_list_keys namespace_id: str, prefix?: str, limit?: int, cursor?: str Enumerate keys for audit KV read pricing
kv_get_value / kv_put_value / kv_delete namespace_id, key, value?, ttl? Read/write/delete specific keys KV op pricing
r2_list_buckets / r2_list_objects bucket?, prefix? R2 inventory R2 read ops
r2_get_object / r2_put_object bucket, key, body? Read/write R2 objects R2 op pricing
dns_list_records zone_id: str Zone inventory free
dns_create_record / update_record / delete_record zone_id, record params Zone mutations — gated free
radar_get_http_timeseries / radar_get_attacks timeframe, region filters Global internet health context free
analytics_engine_query sql: str Custom Workers Analytics Engine queries analytics engine read ops

Стоимость и лимиты

Во что обходится

Квота API
Per-plan Workers/D1/KV/R2 limits apply; MCP calls count against your regular usage
Токенов на вызов
200-2000 tokens typical; log tails can be very large — always filter
Деньги
MCP is free; your Cloudflare services bill as usual
Совет
D1 and KV bill by row-read and op-count. Bulk list/scan can be surprisingly expensive — paginate with modest page sizes and stop early.

Безопасность

Права, секреты, радиус поражения

Минимальные скоупы: Workers:Read D1:Read KV:Read
Хранение учётных данных: OAuth tokens managed by your MCP client; no long-lived API tokens in env
Исходящий трафик: All calls to Cloudflare API; OAuth flow goes through dash.cloudflare.com
Никогда не давайте: Account:Admin unless absolutely needed Zone:DNS:Edit on live zones without a staging test first

Устранение неполадок

Частые ошибки и исправления

OAuth flow didn't complete

Your MCP client may not support OAuth redirects. Check its docs (Claude Desktop, Cursor, etc. all support it differently). Try re-connecting the remote MCP from the client UI.

Workers tail disconnects after a minute

Tail sessions are time-bounded. Restart the tail, or for longer windows use Logpush and query via Analytics Engine instead.

D1 query returns 'Too many rows read'

D1 caps rows-scanned per query by plan. Add a WHERE clause that uses an index, or paginate with LIMIT.

permission denied on a DNS tool

The OAuth scope for Zone:DNS:Edit wasn't granted. Reconnect the MCP and approve the additional scope.

Альтернативы

Cloudflare в сравнении

АльтернативаКогда использоватьКомпромисс
AWS MCP (awslabs)You're on AWS, not CloudflareDifferent cloud surface; not a drop-in
Vercel MCPYour deploy target is Vercel (edge functions, KV, blobs)Similar remote MCP model; narrower feature set
wrangler CLI directly via shellYou want full wrangler power (config edits, secrets) not just the MCP surfaceNo agent ergonomics; wider blast radius if scripted wrong

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills