Skip to content

feat: cloudflare DNS/Zone tool integrations#6658

Merged
bryanadenhq merged 35 commits into
aden-hive:mainfrom
saurabhiiitg:feat/cloudflare-dns-tool
Apr 1, 2026
Merged

feat: cloudflare DNS/Zone tool integrations#6658
bryanadenhq merged 35 commits into
aden-hive:mainfrom
saurabhiiitg:feat/cloudflare-dns-tool

Conversation

@saurabhiiitg

@saurabhiiitg saurabhiiitg commented Mar 20, 2026

Copy link
Copy Markdown
Contributor

Description

Adds a comprehensive Cloudflare tool integration to Aden Tools, enabling agents to inspect and troubleshoot Cloudflare-managed domains and DNS configurations.

This implementation goes beyond the initial read-only MVP and supports 50+ operations across DNS, analytics, security, and account-level APIs.

It enables automated DNS diagnosis, infrastructure validation, and deployment troubleshooting workflows.


Type of Change

  • New feature (non-breaking change that adds functionality)
  • Refactoring (no functional changes)

Related Issues

Closes #6561


Changes Made

  • Added Cloudflare credential support (CLOUDFLARE_API_TOKEN)

  • Implemented Cloudflare tool with 50+ operations:

    • DNS management (list, get, create, update, delete)
    • Zone inspection and configuration
    • Analytics (traffic, performance, HTTP, security)
    • Firewall and security tools
    • Account-level operations
  • Added DNS health diagnosis feature for structured troubleshooting

  • Integrated tool into tools registry

  • Added comprehensive test suite for Cloudflare tools

  • Implemented spec validation and smoke tests

  • Handled inconsistent API responses (list vs dict)


Testing

  • Core tests
    uv run pytest core/tests/
  • Tools tests
    uv run pytest tools/tests/
  • Cloudflare tool tests
    uv run pytest tools/tests/tools/test_cloudflare.py
  • Lint check
    uv run ruff check .
  • Format check
    uv run ruff format --check .
  • Full CI check
    make check
  • Full test suite
    make test

Checklist

  • My code follows the project's style guidelines
  • I have performed a self-review of my code
  • I have commented my code where necessary
  • My changes generate no new warnings
  • I have added tests that prove my feature works
  • New and existing unit tests pass locally with my changes

Screenshots (if applicable)

N/A

@saurabhiiitg

Copy link
Copy Markdown
Contributor Author

hey @bryanadenhq @TimothyZhang7 @RichardTang-Aden Please review this PR.

Happy to make any changes if needed.

thanks!

@levxn levxn left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Address these reviews

Comment thread tools/src/aden_tools/tools/cloudflare_tool/cloudflare_tool.py Outdated
Comment thread tools/src/aden_tools/tools/cloudflare_tool/cloudflare_tool.py Outdated
Comment thread tools/src/aden_tools/tools/cloudflare_tool/cloudflare_tool.py
Comment thread tools/src/aden_tools/tools/cloudflare_tool/cloudflare_tool.py Outdated
Comment thread tools/src/aden_tools/tools/cloudflare_tool/cloudflare_tool.py Outdated
Comment thread tools/src/aden_tools/tools/cloudflare_tool/cloudflare_tool.py Outdated
Comment thread tools/src/aden_tools/tools/cloudflare_tool/README.md Outdated
Comment thread tools/src/aden_tools/tools/cloudflare_tool/__init__.py Outdated
Comment thread tools/tests/tools/test_cloudflare.py
- removed unreachable code
- updated firewall rule handling (rulesets API)
- added validation + error handling
- added missing test coverage
- fixed misleading documentation
@saurabhiiitg
saurabhiiitg requested a review from levxn March 27, 2026 13:59

@levxn levxn left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor fixes, ensure credentials is included properly.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CLOUDFLARE_CREDENTIALS has no health_check_endpoint. can refer other tools (for eg: serpapi.py). Can refer to documentation as well for this.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tools_registry fixture calls register_tools(mcp) with no credentials argument. All 54 tests use monkeypatch.setenv("CLOUDFLARE_API_TOKEN", "test-key"), they only exercise the env var path. There is no test that passes a credentials dict and verifies it is preferred over the env var.

Comment thread tools/tests/tools/test_cloudflare.py Outdated
Comment thread tools/tests/tools/test_cloudflare.py Outdated
Comment thread tools/tests/tools/test_cloudflare.py Outdated
Comment thread tools/tests/tools/test_cloudflare.py Outdated
Comment thread tools/tests/tools/test_cloudflare.py Outdated
Comment thread tools/tests/tools/test_cloudflare.py Outdated
Comment thread tools/tests/tools/test_cloudflare.py Outdated

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The mock always returns {"success": True, "result": []} (a dict), so in practice the assert runs. But if a future change made a tool return a list, the test would pass silently even when broken. Hence the if guard is alone removed

@levxn levxn left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor fixes, ensure credentials is included properly.

saurabhiiitg and others added 22 commits March 27, 2026 22:24
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
saurabhiiitg and others added 9 commits March 27, 2026 22:45
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
@saurabhiiitg
saurabhiiitg requested a review from levxn March 27, 2026 19:31

@levxn levxn left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good to merge @TimothyZhang7

@bryanadenhq

Copy link
Copy Markdown
Collaborator

Hi @saurabhiiitm062, nice work on the comprehensive Cloudflare integration. A few things to address before merging. The cloudflare_get_ddos_protection_settings function makes an API call but discards the result and returns a hardcoded string, so it's effectively a no-op. In cloudflare_list_accounts, the total field returns len(accounts) which is just the current page count, not the actual total from result_info. Also cloudflare_list_custom_hostnames is missing the _validate_zone_id call that every other zone-level tool has. On the test side, every test patches out validation and returns a generic empty success response, then only checks isinstance(result, dict). It would be good to verify correct endpoints are called, params are passed through, and error paths are covered. Finally, wondering why cloudflare was added to KNOWN_EXCEPTIONS in the credential registry test since the spec defines a health_check_endpoint.

@bryanadenhq
bryanadenhq merged commit c8a25a0 into aden-hive:main Apr 1, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Integration]: Cloudflare DNS/Zone Tool

3 participants