Personal_AI_Infrastructure Cloudflare

Deploy and manage Cloudflare Workers, Pages, and services via Code Mode MCP (API queries) + wrangler (deploys). OAuth auth for wrangler (tokens lack Pages perms). USE WHEN Cloudflare, worker, deploy, Pages, MCP server, wrangler, DNS, KV, R2, D1, Vectorize.

install

source · Clone the upstream repo

git clone https://github.com/danielmiessler/Personal_AI_Infrastructure

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/danielmiessler/Personal_AI_Infrastructure "$T" && mkdir -p ~/.claude/skills && cp -r "$T/Packs/Utilities/src/Cloudflare" ~/.claude/skills/danielmiessler-personal-ai-infrastructure-cloudflare && rm -rf "$T"

manifest: Packs/Utilities/src/Cloudflare/SKILL.md

source content

Customization

Before executing, check for user customizations at:

~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/Cloudflare/

If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.

MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)

You MUST send this notification BEFORE doing anything else when this skill is invoked.

Send voice notification:

curl -s -X POST http://localhost:8888/notify \
  -H "Content-Type: application/json" \
  -d '{"message": "Running the WORKFLOWNAME workflow in the Cloudflare skill to ACTION"}' \
  > /dev/null 2>&1 &

Output text notification:

Running the **WorkflowName** workflow in the **Cloudflare** skill to ACTION...

This is not optional. Execute this curl command immediately upon skill invocation.

Cloudflare Skill

Deploy and manage Cloudflare Workers, Pages, and services. Uses two complementary tools:

Code Mode MCP (primary for API operations) —
```
search()
```
+
```
execute()
```
for querying workers, managing KV/R2/D1, checking deployments, DNS, analytics. ~1,069 tokens vs 1.17M for traditional MCP.
Wrangler (deploy/dev only) —
```
wrangler deploy
```
,
```
wrangler dev
```
,
```
wrangler pages deploy
```
for deploying from local files.

Dual-Mode Reference

Operation	Tool	Why
Deploy Worker	`wrangler deploy`	Needs local files + wrangler.toml
Deploy Pages	`wrangler pages deploy`	Needs dist/ directory
Local dev	`wrangler dev`	Local server
List Workers	MCP `execute()`	API query, no local files needed
Check deployment status	MCP `execute()`	API query
Read/write KV	MCP `execute()`	API operation
Manage DNS	MCP `execute()`	API operation
View logs	MCP `execute()`	API query
Inspect R2/D1/Vectorize	MCP `execute()`	API operations
View analytics	MCP `execute()`	API query

Workflow Routing

When executing a workflow, output this notification directly:

Running the **WorkflowName** workflow in the **Cloudflare** skill to ACTION...

Create Worker or MCP server →
```
Workflows/Create.md
```
Troubleshoot deployment issues →
```
Workflows/Troubleshoot.md
```
Query Cloudflare state (list workers, check KV, DNS, analytics) →
```
Workflows/Query.md
```

Code Mode MCP Reference

The Cloudflare Code Mode MCP server (

https://mcp.cloudflare.com/mcp

) exposes the entire Cloudflare API through 2 tools:

search()

— Discover endpoints

Find API endpoints by keyword. Use this when you don't know the exact path.

// Example: Find all Workers-related endpoints
search("workers scripts")

// Example: Find KV namespace operations
search("KV namespace")

// Example: Find DNS record endpoints
search("DNS records")

execute()

— Call the API

Execute any Cloudflare API endpoint directly. Handles auth automatically via OAuth.

// Example: List all Workers scripts
execute("GET /accounts/{account_id}/workers/scripts")

// Example: Read a KV value
execute("GET /accounts/{account_id}/storage/kv/namespaces/{namespace_id}/values/{key_name}")

// Example: List DNS records
execute("GET /zones/{zone_id}/dns_records")

MCP Auth

Code Mode MCP handles authentication via OAuth — no tokens needed. On first use, it will prompt for Cloudflare login. After that, auth is cached.

Quick Reference

Account ID: Set via
```
CF_ACCOUNT_ID
```
environment variable

Worker URL format:

https://[worker-name].[your-subdomain].workers.dev

Deployment Commands

Workers Deployment

# Unset tokens that interfere with wrangler login-based auth
(unset CF_API_TOKEN && unset CLOUDFLARE_API_TOKEN && wrangler deploy)

Pages Deployment

CRITICAL: ALL env tokens lack Pages permissions. MUST unset them to use OAuth:

# ALWAYS unset tokens for Pages - OAuth login works, tokens don't
(unset CF_API_TOKEN && unset CLOUDFLARE_API_TOKEN && bunx wrangler pages deploy dist --project-name=PROJECT_NAME --commit-dirty=true)

Critical Notes

Workers: Unset
```
CF_API_TOKEN
```
and
```
CLOUDFLARE_API_TOKEN
```
before deploying - they interfere with wrangler login-based auth
Pages: UNSET ALL TOKENS - None of the API tokens have Pages permissions. OAuth-based wrangler login is the ONLY method that works.
API queries: Use Code Mode MCP instead of manual
```
curl
```
or
```
fetch()
```
to
```
api.cloudflare.com
```
Wrangler stays for: deploy, dev, pages deploy, and local config only

Examples

Example 1: Deploy a Worker

User: "deploy the MCP server to Cloudflare"
-> Invokes CREATE workflow
-> Unsets env tokens, runs wrangler deploy
-> Verifies via MCP execute() that worker is live
-> "Deployed to https://mcp-server.[subdomain].workers.dev"

Example 2: Query Cloudflare state

User: "list all my workers"
-> Invokes QUERY workflow
-> MCP search("workers scripts") to find endpoint
-> MCP execute("GET /accounts/{id}/workers/scripts")
-> Returns list of all deployed workers

Example 3: Fix deployment error

User: "Cloudflare deploy is failing with auth error"
-> Invokes TROUBLESHOOT workflow
-> MCP execute() to check deployment status and logs
-> Identifies token interference
-> "Fixed - tokens were overriding OAuth. Redeployed successfully."

Example 4: Check DNS records

User: "what DNS records does example.com have?"
-> Invokes QUERY workflow
-> MCP search("DNS records") + execute() to list records
-> Returns full DNS record table