add scan_url tool

Author: andre-j3sus

apps/radar/.dev.vars.example

@@ -1,2 +1,3 @@
 CLOUDFLARE_CLIENT_ID=
 CLOUDFLARE_CLIENT_SECRET=
+URL_SCANNER_API_TOKEN=

apps/radar/README.md

@@ -12,6 +12,7 @@ Currently available tools:
 - `get_as_details`: Retrieves details of an autonomous system by ASN
 - `get_ip_details`: Provides information about a specific IP address
 - `get_traffic_anomalies`: Lists traffic anomalies (filterable by AS, location, start date, and end date)
+- `scan_url`: Scan a URL using [URL Scanner](https://developers.cloudflare.com/radar/investigate/url-scanner/)
 
 This MCP server is still a work in progress, and we plan to add more tools in the future.
 
@@ -24,6 +25,7 @@ Set secrets via Wrangler (ask in the `Cloudflare's Own MCP Servers` internal cha
 ```bash
 npx wrangler secret put CLOUDFLARE_CLIENT_ID -e <ENVIRONMENT>
 npx wrangler secret put CLOUDFLARE_CLIENT_SECRET -e <ENVIRONMENT>
+npx wrangler secret put URL_SCANNER_API_TOKEN -e <ENVIRONMENT>
 ```
 
 #### Set up a KV namespace
@@ -60,6 +62,7 @@ This will require you to create another OAuth App on Cloudflare:
    ```
    CLOUDFLARE_CLIENT_ID=your_development_cloudflare_client_id
    CLOUDFLARE_CLIENT_SECRET=your_development_cloudflare_client_secret
+   URL_SCANNER_API_TOKEN=your_development_url_scanner_api_token
    ```
 
 2. Start the local development server:
@@ -69,4 +72,4 @@ This will require you to create another OAuth App on Cloudflare:
    ```
 
 3. To test locally, open Inspector, and connect to `http://localhost:8788/sse`.
-Once you follow the prompts, you'll be able to "List Tools".
+   Once you follow the prompts, you'll be able to "List Tools".

apps/radar/src/index.ts

@@ -9,8 +9,7 @@ import {
 } from '@repo/mcp-common/src/cloudflare-oauth-handler'
 
 import { registerRadarTools } from './tools/radar'
-
-// TODO import { registerUrlScannerTools } from "./tools/url-scanner";
+import { registerUrlScannerTools } from './tools/url-scanner'
 
 // Context from the auth process, encrypted & stored in the auth token
 // and provided to the DurableMCP as this.props
@@ -35,7 +34,7 @@ export class RadarMCP extends McpAgent<Env, State, Props> {
 
 	async init() {
 		registerRadarTools(this)
-		// TODO registerUrlScannerTools(this)
+		registerUrlScannerTools(this)
 	}
 }
 

apps/radar/src/tools/url-scanner.ts

@@ -4,6 +4,11 @@ import { UrlParam } from '../types/url-scanner'
 
 import type { RadarMCP } from '../index'
 
+const MAX_WAIT_SECONDS = 30
+const INTERVAL_SECONDS = 2
+
+const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms))
+
 export function registerUrlScannerTools(agent: RadarMCP) {
 	agent.server.tool(
 		'scan_url',
@@ -13,18 +18,54 @@ export function registerUrlScannerTools(agent: RadarMCP) {
 		},
 		async ({ url }) => {
 			try {
-				const accountId = '' // TODO agent.getActiveAccountId()
 				const client = getCloudflareClient(agent.props.accessToken)
-				const scanId = await client.urlScanner.scans.create({ account_id: accountId, url })
+				const account_id = agent.env.ACCOUNT_ID
+				const headers = {
+					Authorization: `Bearer ${agent.env.URL_SCANNER_API_TOKEN}`,
+				}
+
+				// TODO investigate why this does not work
+				// const scan = await (client.urlScanner.scans.create({ account_id, url: "https://www.example.com" }, { headers })).withResponse()
+
+				const res = await fetch(
+					`https://api.cloudflare.com/client/v4/accounts/${account_id}/urlscanner/v2/scan`,
+					{
+						method: 'POST',
+						headers,
+						body: JSON.stringify({ url }),
+					}
+				)
+				if (!res.ok) {
+					throw new Error('Failed to submit scan')
+				}
 
-				// TODO get scan...
+				const scan: any = await res.json()
+				const scanId = scan?.uuid
+
+				let r = null
+				let elapsed = 0
+				while (elapsed < MAX_WAIT_SECONDS) {
+					try {
+						r = await client.urlScanner.scans.get(scanId, { account_id }, { headers })
+					} catch {
+						// Wait
+					}
+					if (r) break
+
+					await sleep(INTERVAL_SECONDS * 1000)
+					elapsed += INTERVAL_SECONDS
+				}
+
+				if (!r) {
+					throw new Error('Scan timed out or still not ready')
+				}
 
 				return {
 					content: [
 						{
 							type: 'text',
 							text: JSON.stringify({
-								result: scanId,
+								result: r,
 							}),
 						},
 					],

apps/radar/src/types/radar.ts

@@ -18,6 +18,8 @@ export const DateRangeParam: z.ZodType<TrafficAnomalyGetParams['dateRange']> = z
 		'Invalid Date Range'
 	)
 
+//TODO use ".describe("...")"
+
 export const DateStartParam: z.ZodType<TrafficAnomalyGetParams['dateStart']> = z.string().datetime()
 export const DateEndParam: z.ZodType<TrafficAnomalyGetParams['dateEnd']> = z.string().datetime()
 

apps/radar/worker-configuration.d.ts

@@ -1,11 +1,13 @@
-// Generated by Wrangler by running `wrangler types` (hash: 76516c74a96893c385d9411bff0cd3a6)
+// Generated by Wrangler by running `wrangler types` (hash: 4c15ae95f0b70565da83b0950cd1543a)
 // Runtime types generated with [email protected] 2025-03-10 nodejs_compat
 declare namespace Cloudflare {
 	interface Env {
 		OAUTH_KV: KVNamespace;
 		ENVIRONMENT: "development" | "staging" | "production";
+		ACCOUNT_ID: "6702657b6aa048cf3081ff3ff3c9c52f";
 		CLOUDFLARE_CLIENT_ID: string;
 		CLOUDFLARE_CLIENT_SECRET: string;
+		URL_SCANNER_API_TOKEN: string;
 		MCP_OBJECT: DurableObjectNamespace<import("./src/index").RadarMCP>;
 	}
 }

apps/radar/wrangler.jsonc

@@ -32,7 +32,8 @@
 		}
 	],
 	"vars": {
-		"ENVIRONMENT": "development"
+		"ENVIRONMENT": "development",
+		"ACCOUNT_ID": "6702657b6aa048cf3081ff3ff3c9c52f"
 	},
 	"dev": {
 		"port": 8976
@@ -59,7 +60,8 @@
 				}
 			],
 			"vars": {
-				"ENVIRONMENT": "staging"
+				"ENVIRONMENT": "staging",
+				"ACCOUNT_ID": "6702657b6aa048cf3081ff3ff3c9c52f"
 			}
 		},
 		"production": {
@@ -81,7 +83,8 @@
 				}
 			],
 			"vars": {
-				"ENVIRONMENT": "production"
+				"ENVIRONMENT": "production",
+				"ACCOUNT_ID": "6702657b6aa048cf3081ff3ff3c9c52f"
 			}
 		}
 	}