A comprehensive Cloudflare Worker that serves as a secure proxy and management layer over the Cloudflare TypeScript SDK. Features OpenAPI documentation, audit logging, MCP support, RPC endpoints, and an AI agent interface.
- π Secure Authentication: Bearer token authentication with audit logging
- π Comprehensive Audit Logging: All requests logged to D1 database with Analytics Engine integration
- π OpenAPI 3.1 Documentation: Complete API documentation with interactive Swagger UI
- π Model Context Protocol (MCP): Integration with AI assistants (Claude, Cursor, Copilot, etc.)
- π€ AI Agent Interface: Natural language interface for managing infrastructure
- β‘ RPC Endpoints: JSON-RPC 2.0 support for Worker-to-Worker service bindings
- π Workflow Automation: High-level "easy button" flows for common tasks
- ποΈ Full Cloudflare Coverage: Workers, Pages, DNS, Tunnels, Access, Storage (D1, KV, R2), and more
- Wrangler CLI installed
- Cloudflare account with API token
- Node.js 18+ installed
-
Clone the repository
git clone <your-repo-url> cd core-cloudflare-management-api
-
Install dependencies
npm install
-
Create D1 database
wrangler d1 create audit-logs-db
Update
wrangler.tomlwith your database ID:[[d1_databases]] binding = "AUDIT_LOGS_DB" database_name = "audit-logs-db" database_id = "your-database-id-here"
-
Run migrations
npm run db:migrate
-
Set secrets
wrangler secret put CLOUDFLARE_API_TOKEN # Enter your Cloudflare API token wrangler secret put CLOUDFLARE_ACCOUNT_ID # Enter your Cloudflare account ID wrangler secret put WORKER_API_KEY # Enter a secure API key for accessing this proxy API
-
Deploy
npm run deploy
Once deployed, visit:
- Interactive Docs:
https://your-worker.workers.dev/docs - OpenAPI Spec:
https://your-worker.workers.dev/openapi.json - HTML Documentation: Deploy
public/index.htmlto Cloudflare Pages or a CDN
All API requests require a Bearer token in the Authorization header:
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://your-worker.workers.dev/api/cloudflare-sdk/workers/scriptsAll Cloudflare SDK operations are available under /api/cloudflare-sdk/:
- Workers:
/api/cloudflare-sdk/workers/* - Pages:
/api/cloudflare-sdk/pages/* - DNS:
/api/cloudflare-sdk/dns/* - Tunnels:
/api/cloudflare-sdk/tunnels/* - Access:
/api/cloudflare-sdk/access/* - Tokens:
/api/cloudflare-sdk/tokens/* - Zones:
/api/cloudflare-sdk/zones/* - Storage:
/api/cloudflare-sdk/storage/*(D1, KV, R2)
High-level workflows available under /api/flows/:
curl -X POST https://your-worker.workers.dev/api/flows/workers/create_with_github_cicd \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workerName": "my-worker",
"githubOwner": "myorg",
"githubRepo": "my-repo",
"productionBranch": "main",
"buildCommand": "npm run build"
}'curl -X POST https://your-worker.workers.dev/api/flows/advanced/setup-bindings \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"appName": "my-app",
"bindings": ["kv", "d1", "r2", "analytics_engine"]
}'This creates all bindings with consistent naming and returns a ready-to-use wrangler.toml!
Natural language interface at /agent:
curl -X POST https://your-worker.workers.dev/agent \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"prompt": "List all my workers and create a KV namespace called sessions"
}'MCP endpoint at /mcp for integration with AI assistants.
Add to ~/Library/Application Support/Claude/config.json:
{
"mcpServers": {
"cloudflare": {
"url": "https://your-worker.workers.dev/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Add to Cursor settings (Settings β MCP):
{
"mcp.servers": {
"cloudflare": {
"url": "https://your-worker.workers.dev/mcp",
"apiKey": "YOUR_API_KEY"
}
}
}In repository settings, add to .github/copilot-mcp.json:
{
"servers": [{
"name": "cloudflare",
"url": "https://your-worker.workers.dev/mcp",
"auth": {
"type": "bearer",
"token": "$CLOUDFLARE_API_KEY"
}
}]
}JSON-RPC 2.0 endpoint at /rpc/:method:
curl -X POST https://your-worker.workers.dev/rpc/workers.list \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"jsonrpc": "2.0", "id": 1}'# wrangler.toml
[[services]]
binding = "CLOUDFLARE_API"
service = "core-cloudflare-manager-api"// Your Worker code
export default {
async fetch(request: Request, env: Env) {
const workers = await env.CLOUDFLARE_API.listWorkers();
return Response.json(workers);
}
}All API requests are automatically logged to D1 and Analytics Engine. Query logs via:
curl -X GET "https://your-worker.workers.dev/api/audit-logs?page=1&limit=50" \
-H "Authorization: Bearer YOUR_API_KEY"// Create all bindings for your app
const response = await fetch('https://your-worker.workers.dev/api/flows/advanced/setup-bindings', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({
appName: 'todo-app',
bindings: ['kv', 'd1', 'r2']
})
});
const { wranglerToml } = await response.json();
// Copy wranglerToml to your project!curl -X POST https://your-worker.workers.dev/api/flows/workers/create_with_github_cicd \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workerName": "api-gateway",
"githubOwner": "mycompany",
"githubRepo": "api-gateway",
"productionBranch": "production",
"buildCommand": "npm run build",
"rootDir": "/"
}'curl -X POST https://your-worker.workers.dev/agent \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"prompt": "Create a D1 database called users-db, a KV namespace called sessions, and an R2 bucket called uploads"
}'core-cloudflare-management-api/
βββ src/
β βββ index.ts # Main entry point
β βββ types.ts # Shared types and schemas
β βββ middleware/
β β βββ auth.ts # Bearer token authentication
β β βββ auditLog.ts # Audit logging middleware
β βββ routes/
β βββ agent.ts # AI agent endpoint
β βββ sdk/
β β βββ index.ts # SDK router
β β βββ workers.ts # Workers management
β β βββ pages.ts # Pages management
β β βββ dns.ts # DNS management
β β βββ tunnels.ts # Tunnels management
β β βββ tokens.ts # API tokens management
β β βββ access.ts # Zero Trust Access
β β βββ zones.ts # Zones management
β β βββ storage.ts # D1, KV, R2 management
β βββ flows/
β βββ index.ts # Basic workflows
β βββ advanced.ts # Advanced workflows
βββ migrations/
β βββ 0001_create_audit_logs.sql # D1 migration
βββ public/
β βββ index.html # Documentation landing page
βββ wrangler.toml # Worker configuration
βββ package.json
βββ tsconfig.json
βββ README.md
This project uses a git submodule to maintain a link to the official Cloudflare API schemas repository. The schemas are located in api-schemas-main/.
Initial Setup (for new clones):
# Clone with submodules
git clone --recurse-submodules <repo-url>
# Or if already cloned, initialize submodules
git submodule update --init --recursiveUpdate to Latest Schemas:
# Update to latest version from Cloudflare's repository
# This automatically backs up the previous version with a date stamp
npm run update:schemas
# Or manually:
git submodule update --remote api-schemas-main
git add api-schemas-main api-schemas-backups
git commit -m "chore: Update Cloudflare API schemas"Version Backups:
When updating schemas, the previous version is automatically backed up to api-schemas-backups/ with a timestamp:
- Format:
api-schemas-backups/api-schemas-YYYY-MM-DD_HH-MM-SS/ - Each backup includes a
.backup-metadata.txtfile with commit information - This allows you to reference or restore previous schema versions if needed
Using the Schemas: The OpenAPI schemas are available at:
api-schemas-main/openapi.json- Full OpenAPI 3.1 specification (current version)api-schemas-main/openapi.yaml- YAML format (current version)api-schemas-main/common.yaml- Common schema definitions (current version)api-schemas-backups/- Historical versions with date stamps
npm run devAccess the API at http://localhost:8787
npm run db:migratenpm run type-checkThe API logs detailed metrics to:
- D1 Database: Full request/response audit trail
- Analytics Engine: Performance metrics and observability data
Query Analytics Engine via Cloudflare's GraphQL API or dashboard.
- Authentication: Bearer token required for all endpoints (except
/health) - Audit Logging: Every request logged with timestamp, IP, headers, body, and response
- Secrets Management: All sensitive data stored in Worker secrets
- CORS: Configurable CORS headers
- Input Validation: Zod schemas for all requests
- Durable Objects for agent conversation state
- Workflows for multi-step operations
- Queues for async task processing
- Workers AI integration for enhanced agent capabilities
- WebSocket support for real-time updates
- GraphQL API layer
- Rate limiting and quotas
- Multi-account support
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
MIT License - see LICENSE file for details
Built with:
- Hono - Web framework
- Zod - Schema validation
- Cloudflare TypeScript SDK
- @hono/zod-openapi - OpenAPI support
- @hono/swagger-ui - Swagger UI
- Documentation:
https://your-worker.workers.dev/docs - Issues: GitHub Issues
- Cloudflare Docs: https://developers.cloudflare.com/
Made with β€οΈ for the Cloudflare Developer Community