Clanker Docs

Appearance

Cloudflare

Clanker provides deep integration with Cloudflare, including specialized subagents for DNS, WAF/security, Workers, Analytics, and Zero Trust.

Authentication

Cloudflare authentication requires an API token. Optionally, an account ID can be provided for operations that require it.

Obtaining a token

  1. Log in to the Cloudflare dashboard.
  2. Navigate to My Profile > API Tokens.
  3. Create a token with the appropriate permissions for the resources you want to query.

Configuration

Add your credentials to ~/.clanker.yaml:

yaml
cloudflare:
  api_token: ""
  account_id: ""
  default_zone: example.com

Alternatively, use environment variables:

bash
export CLOUDFLARE_API_TOKEN="abc123..."
export CLOUDFLARE_ACCOUNT_ID="def456..."

Token resolution order

  1. cloudflare.api_token in the config file
  2. CLOUDFLARE_API_TOKEN environment variable
  3. CF_API_TOKEN environment variable

Account ID resolution order

  1. cloudflare.account_id in the config file
  2. CLOUDFLARE_ACCOUNT_ID environment variable
  3. CF_ACCOUNT_ID environment variable

Querying Cloudflare

Explicit flag

bash
clanker ask --cloudflare "List all DNS records for example.com"

Dedicated command

bash
clanker cf ask "What zones are in my account?"

Automatic routing

If your question mentions Cloudflare-specific terms, Clanker routes to Cloudflare automatically:

bash
clanker ask "Show me Cloudflare DNS records for example.com"

Subagents

Clanker routes Cloudflare queries to specialized subagents based on the content of your question:

DNS

Handles queries about zones, DNS records, CNAME, A, MX, TXT, and nameserver configurations.

bash
clanker ask --cloudflare "List all DNS records for example.com"
clanker ask --cloudflare "What A records point to 1.2.3.4?"

WAF / Security

Handles queries about firewall rules, WAF policies, rate limiting, security levels, DDoS protection, and bot management.

bash
clanker ask --cloudflare "Show me all firewall rules"
clanker ask --cloudflare "What is the current security level?"

Workers

Handles queries about Cloudflare Workers, KV namespaces, D1 databases, R2 buckets, Pages projects, and Durable Objects.

bash
clanker ask --cloudflare "List all Workers"
clanker ask --cloudflare "Show me R2 bucket sizes"

Analytics

Handles queries about traffic, bandwidth, requests, visitors, page views, and performance metrics.

bash
clanker ask --cloudflare "Show me traffic analytics for the last 7 days"
clanker ask --cloudflare "What is the bandwidth usage?"

Zero Trust

Handles queries about Cloudflare Tunnels, Access applications, Access policies, WARP, and Zero Trust configurations.

bash
clanker ask --cloudflare "List all tunnels"
clanker ask --cloudflare "Show me Zero Trust access policies"

Maker Pipeline

The maker feature supports Cloudflare infrastructure changes:

bash
# Generate a plan
clanker ask --maker --cloudflare "Add a CNAME record api.example.com pointing to api-backend.example.com"

# Apply the plan
clanker ask --apply --plan-file plan.json

Cloudflare maker plans require the API token during execution. The account ID is also needed for account-scoped operations (Workers, R2, Zero Trust).

Deploy Commands

Clanker includes dedicated deploy commands for Cloudflare:

bash
clanker cf deploy          # Deploy Cloudflare resources

Backend Credentials

Cloudflare credentials can be stored and retrieved through the Clanker backend:

bash
clanker credentials store cloudflare
clanker ask --api-key ck_live_abc123 --cloudflare "List DNS records"