Skill

cloudflare-management

Use when working with Cloudflare services (Workers, Pages, R2, D1, KV, DNS, SSL, WAF, Zero Trust, etc.). Provides comprehensive management via Wrangler CLI (primary) and direct REST API access for services not covered by Wrangler (DNS, SSL certificates, load balancers, security rules, analytics). Triggers: "deploy worker", "manage cloudflare", "cloudflare dns", "wrangler setup", "r2 bucket", "d1 database", "cloudflare api", "cf pages", "cloudflare ssl", "waf rules".

Install

npx claudepluginhub joshuarweaver/cascade-code-languages-misc-2 --plugin watzon-claude-code

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Comprehensive Cloudflare service management using **Wrangler CLI** (primary tool) and **REST API** (for advanced/non-Wrangler services).

Supporting Assets

README.mdassets/wrangler.toml.templatereferences/api-surface.mdreferences/authentication.mdreferences/required-permissions.mdreferences/service-guides.mdreferences/wrangler-commands.mdscripts/cf-api.shscripts/cf-security.shscripts/cf-zone-management.sh

SKILL.md

Similar Skills

using-git-worktrees

Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.

superpowers

168.3k

subagent-driven-development

3 files

Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.

superpowers

168.3k

dispatching-parallel-agents

Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.

superpowers

168.3k

Stats

Stars1

Forks0

Last CommitJan 17, 2026

Actions

View Source View Plugin View on GitHub View README

Cloudflare Management

Comprehensive Cloudflare service management using Wrangler CLI (primary tool) and REST API (for advanced/non-Wrangler services).

Tool Selection

Service	Primary Tool	Alternative
Workers, Pages, KV, R2, D1, Queues, AI, Vectorize, Hyperdrive	Wrangler CLI	-
DNS, SSL/TLS, Zones, Load Balancers	REST API scripts	Terraform
WAF, Rate Limiting, Firewall Rules, Bot Management	REST API scripts	Terraform
Zero Trust, Access, Tunnels	cloudflared CLI + REST API	-
Analytics, Logs	GraphQL API + REST API	Dashboard

Decision Flow:

Developer Platform (Workers/Pages/Storage) → Use Wrangler
DNS/Zone/SSL → Use cf-zone-management.sh script
Security (WAF/Firewall) → Use cf-security.sh script
Custom/Advanced → Use cf-api.sh script with REST API

Quick Start

1. Install Wrangler

# Check if installed
which wrangler

# If not installed (or outdated)
npm install -g wrangler@latest

# Verify
wrangler --version

2. Authenticate

Interactive (recommended for local dev):

wrangler login
# Opens browser for OAuth

API Token (recommended for CI/CD):

# Set environment variables (see references/authentication.md for token creation)
export CLOUDFLARE_API_TOKEN="your_token_here"
export CLOUDFLARE_ACCOUNT_ID="your_account_id"

# Verify
wrangler whoami

3. Common Workflows

Deploy a Worker:

# Create new project
npm create cloudflare@latest my-worker

# Or deploy existing
cd my-worker
wrangler deploy

Manage KV Storage:

# Create namespace
wrangler kv namespace create MY_KV

# Add to wrangler.toml, then:
wrangler kv key put --namespace-id=<id> "mykey" "myvalue"
wrangler kv key get --namespace-id=<id> "mykey"

Deploy to Pages:

wrangler pages deploy ./dist

R2 Bucket Operations:

# Create bucket
wrangler r2 bucket create my-bucket

# Upload object
wrangler r2 object put my-bucket/path/file.txt --file=./local-file.txt

# List objects
wrangler r2 object list my-bucket

D1 Database:

# Create database
wrangler d1 create my-database

# Run migrations
wrangler d1 migrations apply my-database

# Execute SQL
wrangler d1 execute my-database --command="SELECT * FROM users"

Architecture

Cloudflare Management Skill
│
├── Wrangler CLI (Primary)
│   ├── Workers & Pages
│   ├── Storage (KV, R2, D1, Queues)
│   ├── AI & Vectorize
│   └── Development tools (dev, tail, secrets)
│
├── REST API Scripts (Secondary)
│   ├── cf-api.sh (generic wrapper)
│   ├── cf-zone-management.sh (DNS, SSL, zones)
│   └── cf-security.sh (WAF, firewall, rate limits)
│
└── References
    ├── api-surface.md (all 14 API categories)
    ├── wrangler-commands.md (comprehensive CLI reference)
    ├── authentication.md (token setup)
    └── service-guides.md (quick-start patterns)

Wrangler Core Commands

Command	Purpose	Example
`wrangler init`	Create new project	`wrangler init my-project`
`wrangler dev`	Local development	`wrangler dev`
`wrangler deploy`	Deploy to production	`wrangler deploy`
`wrangler tail`	Stream logs	`wrangler tail my-worker`
`wrangler secret put`	Add secret	`wrangler secret put API_KEY`
`wrangler publish`	Legacy deploy (use `deploy`)	-
`wrangler whoami`	Check auth	`wrangler whoami`

For complete command reference, see references/wrangler-commands.md.

REST API Access (Non-Wrangler Services)

For services not covered by Wrangler (DNS, SSL, WAF, etc.), use the provided scripts:

Zone Management

# List all zones
bash scripts/cf-zone-management.sh zones list

# Create a new zone
bash scripts/cf-zone-management.sh zones create example.com

# Delete a zone
bash scripts/cf-zone-management.sh zones delete example.com

# Get zone details
bash scripts/cf-zone-management.sh zone get example.com

# Get all zone settings
bash scripts/cf-zone-management.sh zone settings example.com

# Purge zone cache
bash scripts/cf-zone-management.sh zone purge-cache example.com

DNS Management

# List DNS records
bash scripts/cf-zone-management.sh dns list example.com

# Create A record
bash scripts/cf-zone-management.sh dns create example.com A "api" "192.0.2.1"

# Update record
bash scripts/cf-zone-management.sh dns update example.com <record-id> A "api" "192.0.2.2"

# Delete record
bash scripts/cf-zone-management.sh dns delete example.com <record-id>

SSL Certificate Management

# List certificates
bash scripts/cf-zone-management.sh ssl list example.com

# Get SSL settings
bash scripts/cf-zone-management.sh ssl settings example.com

# Update SSL mode (off, flexible, full, strict)
bash scripts/cf-zone-management.sh ssl update example.com strict

Security Rules

# List firewall rules
bash scripts/cf-security.sh firewall list example.com

# Create rate limit rule
bash scripts/cf-security.sh ratelimit create example.com "/api/*" 100

# List WAF rules
bash scripts/cf-security.sh waf list example.com

Generic API Calls

# GET request
bash scripts/cf-api.sh GET zones

# POST request with data
bash scripts/cf-api.sh POST zones/<zone-id>/dns_records '{"type":"A","name":"test","content":"192.0.2.1"}'

# PATCH request
bash scripts/cf-api.sh PATCH zones/<zone-id>/settings/ssl '{"value":"strict"}'

Configuration

wrangler.toml Structure

See assets/wrangler.toml.template for a comprehensive template.

Basic structure:

name = "my-worker"
main = "src/index.ts"
compatibility_date = "2024-01-01"

# KV namespaces
[[kv_namespaces]]
binding = "MY_KV"
id = "your_namespace_id"

# R2 buckets
[[r2_buckets]]
binding = "MY_BUCKET"
bucket_name = "my-bucket"

# D1 databases
[[d1_databases]]
binding = "DB"
database_name = "my-database"
database_id = "your_database_id"

# Environment variables
[vars]
ENVIRONMENT = "production"

# Routes
routes = [
  { pattern = "example.com/*", zone_name = "example.com" }
]

Environment Variables

Required for authentication (see references/authentication.md):

CLOUDFLARE_API_TOKEN=your_token_here
CLOUDFLARE_ACCOUNT_ID=your_account_id
CLOUDFLARE_ZONE_ID=your_zone_id  # For zone-specific operations

Common Patterns

Multi-Environment Deployment

# wrangler.toml
[env.staging]
name = "my-worker-staging"
vars = { ENVIRONMENT = "staging" }

[env.production]
name = "my-worker-production"
vars = { ENVIRONMENT = "production" }

# Deploy to staging
wrangler deploy --env staging

# Deploy to production
wrangler deploy --env production

Secret Management

# Add secret (interactive)
wrangler secret put API_KEY

# Add secret for specific environment
wrangler secret put API_KEY --env production

# List secrets (names only, values never exposed)
wrangler secret list

Local Development with Bindings

# wrangler.toml configured with KV/R2/D1 bindings

# Start local dev server (bindings available locally)
wrangler dev

# Access bindings in code:
# env.MY_KV.get("key")
# env.MY_BUCKET.get("file.txt")
# env.DB.prepare("SELECT * FROM users").all()

Remote Development (Wrangler v4+)

# Use REMOTE bindings instead of local stubs
wrangler dev --remote

# Useful for testing with production data

Service-Specific Guides

For detailed quick-start patterns for each service:

references/service-guides.md - Workers, Pages, R2, D1, KV, Queues, AI

For complete API surface coverage:

references/api-surface.md - All 14 API categories

Rate Limits & Quotas

Wrangler operations: Subject to account tier limits (Free/Pro/Business/Enterprise)

API operations:

Client API per user/account token: 1,200 requests per 5 minutes
Client API per IP: 200 requests per second
GraphQL: 320 requests per 5 minutes (variable by query cost)

Best practices:

Use Wrangler for bulk operations (built-in rate limit handling)
For direct API calls, implement exponential backoff on 429 responses
Cache API responses where appropriate (zone configs, etc.)

Troubleshooting

Common Issues

Authentication fails:

# Check token validity
wrangler whoami

# Re-authenticate
wrangler login

# Verify environment variables
echo $CLOUDFLARE_API_TOKEN
echo $CLOUDFLARE_ACCOUNT_ID

Deploy fails:

# Check syntax
wrangler deploy --dry-run

# View detailed logs
wrangler tail my-worker

# Check wrangler.toml syntax
wrangler config

KV/R2/D1 not accessible:

# Verify bindings in wrangler.toml
# Verify namespace/bucket/database exists
wrangler kv namespace list
wrangler r2 bucket list
wrangler d1 list

Script errors:

# Ensure CLOUDFLARE_API_TOKEN is set
export CLOUDFLARE_API_TOKEN="your_token"

# Ensure jq is installed (scripts use it for JSON parsing)
which jq || brew install jq  # or apt-get install jq

Migration from Legacy Tools

From `cf-cli` or `flarectl`

Both are deprecated. Migrate to:

Wrangler for Workers/Pages/Storage
REST API scripts (this skill) for DNS/SSL/Security
Terraform provider for infrastructure-as-code

From Cloudflare Dashboard

Export existing configs:

# DNS records
bash scripts/cf-zone-management.sh dns export example.com > dns-records.json

# Firewall rules
bash scripts/cf-security.sh firewall export example.com > firewall-rules.json

Resources

Wrangler Docs: https://developers.cloudflare.com/workers/wrangler/
API Docs: https://developers.cloudflare.com/api/
Workers Examples: https://developers.cloudflare.com/workers/examples/
Community Discord: https://discord.gg/cloudflaredev

Next Steps

Install Wrangler: npm install -g wrangler@latest
Authenticate: wrangler login
Create your first Worker: npm create cloudflare@latest
Explore service guides: references/service-guides.md
Review API surface: references/api-surface.md

cloudflare-management

Install

Tool Access

Preview

Supporting Assets

SKILL.md

Similar Skills

cloudflare-management

Install

Tool Access

Preview

Supporting Assets

SKILL.md

Cloudflare Management

Tool Selection

Quick Start

1. Install Wrangler

2. Authenticate

3. Common Workflows

Architecture

Wrangler Core Commands

REST API Access (Non-Wrangler Services)

Zone Management

DNS Management

SSL Certificate Management

Security Rules

Generic API Calls

Configuration

wrangler.toml Structure

Environment Variables

Common Patterns

Multi-Environment Deployment

Secret Management

Local Development with Bindings

Remote Development (Wrangler v4+)

Service-Specific Guides

Rate Limits & Quotas

Troubleshooting

Common Issues

Migration from Legacy Tools

From cf-cli or flarectl

From Cloudflare Dashboard

Resources

Next Steps

Similar Skills

Cloudflare Management

Tool Selection

Quick Start

1. Install Wrangler

2. Authenticate

3. Common Workflows

Architecture

Wrangler Core Commands

REST API Access (Non-Wrangler Services)

Zone Management

DNS Management

SSL Certificate Management

Security Rules

Generic API Calls

Configuration

wrangler.toml Structure

Environment Variables

Common Patterns

Multi-Environment Deployment

Secret Management

Local Development with Bindings

Remote Development (Wrangler v4+)

Service-Specific Guides

Rate Limits & Quotas

Troubleshooting

Common Issues

Migration from Legacy Tools

From cf-cli or flarectl

From Cloudflare Dashboard

Resources

Next Steps

From `cf-cli` or `flarectl`

From `cf-cli` or `flarectl`