Skip to main content
A CLI wrapper for Cloudflare’s Wrangler, providing controlled access to Workers, D1 databases, KV namespaces, R2 buckets, Pages, and more.

Features

  • Per-agent authentication - Each agent can have its own Cloudflare API token
  • Allowlist/denylist - Fine-grained command permissions at any depth
  • Prefix matching - Block or allow entire command hierarchies
  • Auto binary detection - Uses local node_modules/.bin/wrangler when available

Configuration

Add to your agent’s config:

Config Options

Permission Model

Command paths are extracted from all non-flag arguments:
Prefix matching - "d1" matches all d1 commands, "d1 database destroy" matches only that command. Evaluation order:
  1. denyCommands checked first → blocked if matched
  2. allowCommands checked second → blocked if set and not matched
  3. If neither is configured, all commands are permitted

Examples

Read-only D1 access

Full access except destructive operations

Deploy-only

Installation

Wrangler must be installed on the gateway host:

Usage