Features
- Per-agent authentication - Each agent can have its own Cloudflare API token
- Allowlist/denylist - Fine-grained command permissions at any depth
- Prefix matching - Block or allow entire command hierarchies
- Auto binary detection - Uses local
node_modules/.bin/wranglerwhen available
Configuration
Add to your agent’s config:Config Options
Permission Model
Command paths are extracted from all non-flag arguments:"d1" matches all d1 commands, "d1 database destroy" matches only that command.
Evaluation order:
denyCommandschecked first → blocked if matchedallowCommandschecked second → blocked if set and not matched- If neither is configured, all commands are permitted
