feat: cloudflare DNS/Zone tool integrations#6658
Conversation
|
hey @bryanadenhq @TimothyZhang7 @RichardTang-Aden Please review this PR. Happy to make any changes if needed. thanks! |
- removed unreachable code - updated firewall rule handling (rulesets API) - added validation + error handling - added missing test coverage - fixed misleading documentation
levxn
left a comment
There was a problem hiding this comment.
minor fixes, ensure credentials is included properly.
There was a problem hiding this comment.
CLOUDFLARE_CREDENTIALS has no health_check_endpoint. can refer other tools (for eg: serpapi.py). Can refer to documentation as well for this.
There was a problem hiding this comment.
The tools_registry fixture calls register_tools(mcp) with no credentials argument. All 54 tests use monkeypatch.setenv("CLOUDFLARE_API_TOKEN", "test-key"), they only exercise the env var path. There is no test that passes a credentials dict and verifies it is preferred over the env var.
There was a problem hiding this comment.
The mock always returns {"success": True, "result": []} (a dict), so in practice the assert runs. But if a future change made a tool return a list, the test would pass silently even when broken. Hence the if guard is alone removed
levxn
left a comment
There was a problem hiding this comment.
minor fixes, ensure credentials is included properly.
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
Co-authored-by: Levin <105410870+levxn@users.noreply.github.com>
levxn
left a comment
There was a problem hiding this comment.
good to merge @TimothyZhang7
|
Hi @saurabhiiitm062, nice work on the comprehensive Cloudflare integration. A few things to address before merging. The cloudflare_get_ddos_protection_settings function makes an API call but discards the result and returns a hardcoded string, so it's effectively a no-op. In cloudflare_list_accounts, the total field returns len(accounts) which is just the current page count, not the actual total from result_info. Also cloudflare_list_custom_hostnames is missing the _validate_zone_id call that every other zone-level tool has. On the test side, every test patches out validation and returns a generic empty success response, then only checks isinstance(result, dict). It would be good to verify correct endpoints are called, params are passed through, and error paths are covered. Finally, wondering why cloudflare was added to KNOWN_EXCEPTIONS in the credential registry test since the spec defines a health_check_endpoint. |
Description
Adds a comprehensive Cloudflare tool integration to Aden Tools, enabling agents to inspect and troubleshoot Cloudflare-managed domains and DNS configurations.
This implementation goes beyond the initial read-only MVP and supports 50+ operations across DNS, analytics, security, and account-level APIs.
It enables automated DNS diagnosis, infrastructure validation, and deployment troubleshooting workflows.
Type of Change
Related Issues
Closes #6561
Changes Made
Added Cloudflare credential support (
CLOUDFLARE_API_TOKEN)Implemented Cloudflare tool with 50+ operations:
Added DNS health diagnosis feature for structured troubleshooting
Integrated tool into tools registry
Added comprehensive test suite for Cloudflare tools
Implemented spec validation and smoke tests
Handled inconsistent API responses (list vs dict)
Testing
uv run pytest core/tests/uv run pytest tools/tests/uv run pytest tools/tests/tools/test_cloudflare.pyuv run ruff check .uv run ruff format --check .make checkmake testChecklist
Screenshots (if applicable)
N/A