Cloudflare MCP

CALL ANY TOOL

API key scoped per engineer. Every Workers deploy and DNS change attributed to the authorizing user.

cloudflare_worker_deploy

Deploy worker

Deploy or update a Cloudflare Worker script to production with specified routes, bindings, and environment variables.

Parameters

Name

Type

Required

Description

script_name

string

Required

Worker script name

script_content

string

Required

Worker JavaScript source code

routes

array

Optional

Array of route patterns to bind the worker to

env_vars

object

Optional

Environment variable key-value pairs

cloudflare_kv_operations

KV operations

cloudflare_r2_operations

R2 operations

cloudflare_dns_records_manage

Manage DNS records

cloudflare_cache_purge

Purge cache

Build your Agent

Drop the toolkit in, point it at the authorized engineer, and your agent can deploy and manage Cloudflare Workers from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["linearmcp"], toolNames: ["linear_issues_search", "linear_issue_create", "linear_cycles_list"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["linearmcp"], toolNames: ["linear_issues_search", "linear_issue_create", "linear_cycles_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["linearmcp"], toolNames: ["linear_issues_search", "linear_issue_create", "linear_cycles_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/linearmcp",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your infrastructure agent to start managing Cloudflare Workers and DNS from Cloudflare MCP.

Search & recall

Copy the prompt

Copied

List all DNS records for [domain].

Copy the prompt

Copied

Show all Workers deployed in my account and their status.

Copy the prompt

Copied

Get the current firewall rules for zone [zone-id].

Action & deploy

Copy the prompt

Copied

Deploy [worker-name] to production with the latest script version.

Copy the prompt

Copied

Add a CNAME record pointing [subdomain] to [target] for zone [zone-id].

Copy the prompt

Copied

Purge the cache for [domain] and confirm purge status.

SEE HOW AUTH WORKS

Engineers authorize Cloudflare once. Their API key stays vaulted, every call is scoped to their account permissions, and every deployment is logged.

1

Authorize

Your user connects

Cloudflare MCP

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Cloudflare MCP

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Cloudflare MCP

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Cloudflare MCP

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other developer tool and infrastructure connectors.

No items found.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

One vault for every infra connector. Cloudflare today, Vercel and PagerDuty tomorrow.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Cloudflare MCP today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent use a shared Cloudflare API token or per-engineer tokens?

Per-engineer tokens. Each developer provisions their own Cloudflare API token with appropriate zone and account permissions, and Scalekit vaults it under their identity. Infrastructure changes are attributed to the engineer, not a shared bot credential.

Where is the Cloudflare API key stored?

In Scalekit's AES-256 vault, namespaced per tenant. Keys resolve at request time and never appear in prompts, logs, or LLM completions.

Can I restrict the agent to read-only Cloudflare operations?

Yes. Use listScopedTools to allow KV reads and Worker listing but block deploy and DNS mutations for users who should have read-only access. Cloudflare token permissions provide an additional enforcement layer.

What happens when an engineer's Cloudflare token is revoked?

The next tool call fails closed for that engineer. Other users in the tenant remain unaffected. Revocation is logged with a timestamp for audit.

Can the infra agent combine Cloudflare with GitHub or PagerDuty in one workflow?

Yes. A single agent can deploy a Worker from a GitHub commit and create a PagerDuty incident if the deploy fails, all in one workflow. Each connector resolves under the same engineer identity with its own vaulted credential.

Tools your infrastructure agent reaches for on Cloudflare, scoped per engineer.