Cloudflare

Cloudflare API · Live

Debug your Workers in the thread.

Paste a Cloudflare API token and the agent can list Workers, pull invocation stats (requests, errors, CPU/wall time percentiles), and query recent logs from Workers Observability.

Connect CloudflareHow it worksLive
Auth
API token + Account ID
Access
Read-only
Plan
Every plan
Freshness
Live — every call hits the Cloudflare API
Available on
Every plan

Examples

Questions teams actually ask.

The tools it pulls from are shown inline — every answer in Lumen cites the underlying records it read.

On-call

Which Worker is throwing errors right now, and what's in the last 50 log lines?

pullsworkersworkerStatsrecentLogs
Engineering

What's the p99 CPU time on the `api-agent` worker over the last hour vs the last 24?

pullsworkerStats
Debug

Find every log line for `api-agent` with level=error in the last 30 minutes and group them by message.

pullsrecentLogs
Capacity

Rank our Workers by request count in the last hour.

pullsworkersworkerStats
Release

When was the last deploy of `marketing-edge`, and how has its error rate moved since?

pullsworkersworkerStats

Preview

See what the answer looks like.

Toggle the tools Lumen is allowed to use. The plan, answer, and cited sources update to match.

Tools
Read-only
You

Why is the api-agent worker failing?

Plan
  1. cloudflare.workerStats — scriptName=api-agent, since=1h ago
  2. cloudflare.recentLogs — scriptName=api-agent, level=error, sinceMinutes=30, limit=50
  3. group log messages, surface top stack traces
Answer

api-agent is throwing on 4.2% of requests (up from 0.1% yesterday). p99 CPU time jumped to 45ms. 38 of 50 error logs are the same trace: `TypeError: Cannot read properties of undefined (reading 'id')` at `lib/auth/guards.ts:47`. Full log entries with request IDs inlined.

Sources
  • [1]cloudflare.workerStats — 1-hour window, 84,210 requests, 3,571 errors
  • [2]cloudflare.recentLogs — 50 entries, 38 grouped to one error signature

Scope

What Lumen sees. What it can change.

Read is on by default. Every write is a separate toggle, capped per user, and logged.

Read

What Lumen reads

Lumen calls the Cloudflare REST API (for Workers and logs) and the GraphQL Analytics API (for stats). Everything is scoped to the Account ID you configured.

  • List Workers

    Every Worker script in the account, with created/modified timestamps

  • Worker invocation stats

    Requests, errors, error rate, subrequests, CPU + wall time p50/p99 over a time window

  • Recent logs

    Workers Observability log stream (requires the feature to be enabled on the Worker). Level filtering supported

Write · opt-in

What Lumen can write

Lumen does not write to Cloudflare. No deploys, no WAF rules, no DNS, no cache purges. Read-only by design.

    Every read is logged with user, operation, script name, and time window. Exportable as CSV.

    Install

    Connect in under a minute.

    No keys, no call, no app marketplace fine print.

    1. Generate a token
      01

      Create a Cloudflare API token

      At dash.cloudflare.com/profile/api-tokens, create a token with `Account:Workers Scripts:Read`, `Account:Workers Observability:Read`, and `Account:Analytics:Read` — or use the `Workers Scripts Read` template as a start.

    2. Connect
      02

      Paste the token and Account ID

      In Settings → Integrations → Cloudflare, paste the token and your Account ID (32-char hex from the dashboard sidebar). Both are stored encrypted.

    3. Ask
      03

      Try a warm-up question

      Start with "List every Worker in this account." or "What's the p99 CPU time on my busiest Worker this hour?" — the agent will pick up the account automatically.

    Questions

    Frequently asked.

    Does Lumen deploy or modify Workers?
    No. It only reads. There's no deploy, redeploy, route-change, WAF-rule, DNS, or cache-purge operation.
    Do I need Workers Observability enabled?
    For `recentLogs`, yes. If a Worker doesn't have Observability on, Lumen returns a clean result with `apiAvailable: false` and a note telling you to enable it in the Cloudflare dashboard.
    What scopes does the API token need?
    Read access to Workers Scripts (for `listWorkers`), Analytics (for `workerStats`), and Workers Observability (for `recentLogs`). You can generate a restricted token from the dashboard — Lumen never needs write scopes.
    How granular are the stats?
    Adaptive. Cloudflare picks the bucket size based on the time window. Lumen aggregates p50/p99 CPU and wall time across the window and reports request / error / subrequest totals.
    Can Lumen tail logs in real time?
    Not yet. `recentLogs` is pull-based: the agent asks, Cloudflare returns up to 200 entries from the last `sinceMinutes` window. Streaming tail is a roadmap item.
    Does this work with Pages, R2, D1, KV?
    Today the integration is Workers-focused. Pages, R2 metrics, D1 query stats, and KV analytics are on the roadmap — email us if one's blocking you.

    Pairs with

    Better together.

    Connect Cloudflare. See every Worker.

    API token + Account ID. Read-only.

    Connect CloudflareBack to all integrations