How to Connect Codex to Cloudflare (and What It Can't Do)
Yes — and Cloudflare is arguably the best-served vendor in the entire MCP ecosystem. Cloudflare runs a whole catalog of official, hosted remote MCP servers — it shipped thirteen in one announcement — covering Workers bindings, observability, DNS analytics, Radar, audit logs, and docs. There’s also a newer API MCP server that exposes Cloudflare’s 2,500+ API endpoints through two tools, search() and execute(). Codex supports MCP, so all of it is reachable from a Codex session. What Codex won’t do is run your Cloudflare estate: no deploy notifications to the team, no scheduled audit-log reviews, no reaction when a Worker starts throwing errors at 2am.
Here’s what works, how to wire it, and where the coding agent hands off to an operations layer.
What Codex can do with Cloudflare
Connect one or more of Cloudflare’s remote MCP servers and Codex can:
- Work your Workers platform mid-task — the Bindings server reads and creates D1 databases, R2 buckets, and KV namespaces while Codex builds a Workers app.
- Pull observability data — query Workers logs and analytics to debug why a deployment is erroring.
- Reach nearly the whole Cloudflare API — the API MCP server wraps 2,500+ endpoints (DNS, Zero Trust, R2, caching, WAF) behind
search()andexecute(), so Codex can look up the right call and make it. - Consult Cloudflare’s docs — the docs MCP server keeps answers grounded in current documentation instead of training data.
- Drive Wrangler locally — separate from MCP, Codex CLI can run
wranglerin your local environment like any other command, so deploys and tail logs are scriptable inside a session.
For a developer shipping on Workers, this is a genuinely strong setup.
How to set it up
- Pick your servers from Cloudflare’s official list — they’re hosted remote servers, connected via OAuth against your Cloudflare account.
- Add them to Codex in
~/.codex/config.toml(or project-scoped.codex/config.toml) as Streamable HTTP servers, per the Codex MCP docs. - Authenticate — each server’s tools are scoped to what your Cloudflare account and token can touch.
Codex itself is now a surface in the unified ChatGPT desktop app (as of July 9, 2026), available on every plan and metered against your plan’s usage allowance.
The limits that actually matter
- Codex acts when you ask, not when Cloudflare does. There’s no standing process. A WAF rule change, a spike in 5xx from a Worker, an expiring custom cert — Codex learns about them only inside a session you started.
- Powerful API access cuts both ways.
execute()over 2,500 endpoints means Codex can change production DNS or purge caches. That’s a reason to scope tokens tightly, and a reason this is developer tooling, not something to hand an ops generalist. - No team surface. Codex won’t tell your Slack channel a deploy went out, email a weekly audit-log summary, or open a ticket when something drifts. Its output lands in your session, full stop.
Codex-plus-Cloudflare is built for “create the D1 schema, deploy the Worker, check the logs” — not for “keep the team informed and react when things break.”
The always-on layer: Carly
The recurring, trigger-driven work around Cloudflare is what Carly handles. Carly is an AI executive assistant that acts on events and schedules across your stack, set up by conversation:
- Tell Carly “every Friday, email me a summary of the week’s Cloudflare audit log changes and post it to the #infra Slack channel” — plain English, no TOML, no MCP server to configure. It interviews you and builds the workflow.
- “When a Cloudflare Workers deployment fails, open a Linear issue and notify the on-call engineer” — Carly fires on the event, 24/7, in the cloud.
- Connects infrastructure events to everything else — email that actually sends (Gmail and Outlook), calendar, task tools, CRM.
Carly integrates with Cloudflare natively, and connects to 200+ tools overall — anything without a native connector works through your own API key. AI agents start at $35/month, and steps in a workflow that don’t use AI run free and unlimited.
Codex + Cloudflare vs Carly
| Codex (Cloudflare MCP) | Carly | |
|---|---|---|
| Purpose | Build and debug on Cloudflare in-session | Run recurring Cloudflare ops |
| Setup | config.toml + OAuth per server | Describe it in plain English |
| Manages Workers, D1, R2, DNS | Yes (via MCP tools) | Yes (native + API key) |
| Reacts to events 24/7 | No | Yes |
| Posts updates to Slack / email | No | Yes (and actually sends) |
| Scheduled reports | No | Yes |
| Built for | Developers | Teams and operators |
| Pricing | ChatGPT plan allowance | AI agents from $35/mo |
Codex-with-Cloudflare is a coding agent with hands on your infrastructure. Carly is the assistant that keeps watch between your sessions.
Frequently Asked Questions
Does OpenAI Codex integrate with Cloudflare?
Yes, via MCP. Cloudflare hosts an official catalog of remote MCP servers — Workers bindings, observability, DNS analytics, audit logs, docs, and a full-API server — and Codex connects to them through its config.toml MCP configuration.
Which Cloudflare MCP server should I connect to Codex?
For building Workers apps, start with the Bindings and Observability servers. For broad account management, the API MCP server covers 2,500+ endpoints through search() and execute(). The full list is in Cloudflare’s docs.
Can Codex monitor my Cloudflare account for problems?
No. Codex has no background presence — it queries Cloudflare only during an active session. For “when X happens in Cloudflare, do Y” automation, use a trigger-based assistant like Carly.
Is it safe to give Codex write access to Cloudflare?
Treat it like any credential: scope the token. The API server can execute real changes (DNS, cache, WAF), so give Codex a token limited to what the task needs and review actions before approving them.
More: Codex + GitHub · Codex + Slack · Codex + Datadog · ChatGPT MCP · Claude + Cloudflare
Ready to automate your busywork?
Carly schedules, researches, and briefs you—so you can focus on what matters.
See what people say
"Before Carly, I relied on a Calendly link, but the whole process felt impersonal and not very professional. Carly changed that by handling all the back-and-forth, so I'm no longer stuck in endless email threads trying to line up schedules.
Now Carly reaches out to candidates, shares my real-time availability, lets them pick a slot, then sends a Zoom link and drops it straight into my calendar. She sends reminders to both of us before each call, which has significantly reduced no-shows and last-minute confusion.
On top of scheduling, Carly acts like a full executive assistant, sending me my schedule the night before so I can prepare for each call. It reminds me of the old x.ai assistant, but Carly is noticeably smarter, faster, and better suited to my healthcare recruitment business."


