Init: DEX MCP Server

Author: cf-ml

apps/dex-analysis/.eslintrc.cjs

@@ -0,0 +1,5 @@
+/** @type {import("eslint").Linter.Config} */
+module.exports = {
+	root: true,
+	extends: ['@repo/eslint-config/default.cjs'],
+}

apps/dex-analysis/README.md

@@ -0,0 +1,36 @@
+# Model Context Protocol (MCP) Server + Cloudflare OAuth
+
+This is a [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction) server that supports remote MCP connections, with Cloudflare OAuth built-in.
+
+You should use this as a template to build an MCP server for Cloudflare, provided by Cloudflare at `server-name.mcp.cloudflare.com`. It has a basic set of tools `apps/template-start-here/src/tools/logs.ts` — you can modify these to do what you need
+
+## Getting Started
+
+
+- Set secrets via Wrangler (ask in the `Cloudflare's Own MCP Servers` internal channel to get credentials)
+
+```bash
+wrangler secret put CLOUDFLARE_CLIENT_ID
+wrangler secret put CLOUDFLARE_CLIENT_SECRET
+```
+
+#### Set up a KV namespace
+
+- Create the KV namespace:
+  `wrangler kv:namespace create "OAUTH_KV"`
+- Update the Wrangler file with the KV ID
+
+#### Deploy & Test
+
+Deploy the MCP server to make it available on your workers.dev domain
+` wrangler deploy`
+
+Test the remote server using [Inspector](https://modelcontextprotocol.io/docs/tools/inspector):
+
+```
+npx @modelcontextprotocol/inspector@latest
+```
+
+## Deploying to production
+
+- You will need to liberate the zone (LTZ) for your `<server-name>.mcp.cloudflare.com`

apps/dex-analysis/package.json

@@ -0,0 +1,33 @@
+{
+	"name": "dex-analysis",
+	"version": "0.0.1",
+	"private": true,
+	"scripts": {
+		"check:lint": "run-eslint-workers",
+		"check:types": "run-tsc",
+		"deploy": "wrangler deploy",
+		"dev": "wrangler dev",
+		"start": "wrangler dev",
+		"cf-typegen": "wrangler types",
+		"test": "vitest run"
+	},
+	"dependencies": {
+		"@cloudflare/workers-oauth-provider": "0.0.2",
+		"@hono/zod-validator": "0.4.3",
+		"@modelcontextprotocol/sdk": "1.8.0",
+		"@repo/mcp-common": "workspace:*",
+		"agents": "0.0.49",
+		"cloudflare": "4.2.0",
+		"hono": "4.7.6",
+		"zod": "3.24.2"
+	},
+	"devDependencies": {
+		"@cloudflare/vitest-pool-workers": "0.8.14",
+		"@cloudflare/workers-types": "4.20250410.0",
+		"@types/jsonwebtoken": "9.0.9",
+		"prettier": "3.5.3",
+		"typescript": "5.5.4",
+		"vitest": "3.0.9",
+		"wrangler": "4.10.0"
+	}
+}

apps/dex-analysis/src/api/dex.ts

@@ -0,0 +1,47 @@
+import { fetchCloudflareApi } from '@repo/mcp-common/src/cloudflare-api'
+
+export const fetchDexTestAnalyzation = async ({
+	dexTestId,
+	accountId,
+	accessToken,
+	timeStart,
+	timeEnd,
+}: {
+	dexTestId: string
+	accountId: string
+	accessToken: string
+	timeStart: string
+	timeEnd: string
+}) => {
+	return await fetchCloudflareApi({
+		endpoint: `/dex/test-results/by-quartile?from=${timeStart}&to=${timeEnd}&limit=5&testId=${dexTestId}`,
+		accountId,
+		apiToken: accessToken,
+		options: {
+			method: 'GET',
+			headers: {
+				'Content-Type': 'application/json',
+			},
+		},
+	})
+}
+
+export const fetchDexTests = async ({
+	accountId,
+	accessToken,
+}: {
+	accountId: string
+	accessToken: string
+}) => {
+	return await fetchCloudflareApi({
+		endpoint: '/dex/tests/overview?per_page=50',
+		accountId,
+		apiToken: accessToken,
+		options: {
+			method: 'GET',
+			headers: {
+				'Content-Type': 'application/json',
+			},
+		},
+	})
+}

apps/dex-analysis/src/index.ts

@@ -0,0 +1,85 @@
+import OAuthProvider from '@cloudflare/workers-oauth-provider'
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
+import { McpAgent } from 'agents/mcp'
+import { env } from 'cloudflare:workers'
+
+import {
+	createAuthHandlers,
+	handleTokenExchangeCallback,
+} from '@repo/mcp-common/src/cloudflare-oauth-handler'
+import { registerAccountTools } from '@repo/mcp-common/src/tools/account'
+
+import { registerDEXTools } from './tools/dex'
+
+import type { AccountSchema, UserSchema } from '@repo/mcp-common/src/cloudflare-oauth-handler'
+
+// Context from the auth process, encrypted & stored in the auth token
+// and provided to the DurableMCP as this.props
+export type Props = {
+	accessToken: string
+	user: UserSchema['result']
+	accounts: AccountSchema['result']
+}
+
+export type State = { activeAccountId: string | null }
+
+export class MyMCP extends McpAgent<Env, State, Props> {
+	server = new McpServer({
+		name: 'Remote MCP Server with Cloudflare DEX Analysis',
+		version: '1.0.0',
+	})
+
+	initialState: State = {
+		activeAccountId: null,
+	}
+
+	async init() {
+		registerAccountTools(this)
+
+		// EXAMPLE TOOLS — register your own here
+		registerDEXTools(this)
+	}
+
+	getActiveAccountId() {
+		// TODO: Figure out why this fail sometimes, and why we need to wrap this in a try catch
+		try {
+			return this.state.activeAccountId ?? null
+		} catch (e) {
+			return null
+		}
+	}
+
+	setActiveAccountId(accountId: string) {
+		// TODO: Figure out why this fail sometimes, and why we need to wrap this in a try catch
+		try {
+			this.setState({
+				...this.state,
+				activeAccountId: accountId,
+			})
+		} catch (e) {
+			return null
+		}
+	}
+}
+
+const DexScopes = {
+	'account:read': 'See your account info such as account details, analytics, and memberships.',
+	'user:read': 'See your user info such as name, email address, and account memberships.',
+	'teams:read': 'See Cloudflare Cloudflare Zero Trust data for your account', // TODO: Finalize configuration for this.
+	offline_access: 'Grants refresh tokens for long-lived access.',
+} as const
+
+export default new OAuthProvider({
+	apiRoute: '/sse',
+	// @ts-ignore
+	apiHandler: MyMCP.mount('/sse'),
+	// @ts-ignore
+	defaultHandler: createAuthHandlers({ scopes: DexScopes }),
+	authorizeEndpoint: '/oauth/authorize',
+	tokenEndpoint: '/token',
+	tokenExchangeCallback: (options) =>
+		handleTokenExchangeCallback(options, env.CLOUDFLARE_CLIENT_ID, env.CLOUDFLARE_CLIENT_SECRET),
+	// Cloudflare access token TTL
+	accessTokenTTL: 3600,
+	clientRegistrationEndpoint: '/register',
+})

apps/dex-analysis/src/tools/dex.ts

@@ -0,0 +1,130 @@
+import { z } from 'zod'
+
+import { fetchDexTestAnalyzation, fetchDexTests } from '../api/dex'
+
+import type { MyMCP } from '../index'
+
+// Worker logs parameter schema
+const dexTestIdParam = z.string().describe('The DEX Test ID to analyze details of.')
+const dexTestTimeStart = z
+	.string()
+	.describe(
+		'The datetime of the beginning point of time range for DEX test analyzation. Must be in ISO 8601 datetime string in the extended format with UTC time (e.g, 2025-04-21T18:00:00Z).'
+	)
+const dexTestTimeEnd = z
+	.string()
+	.describe(
+		'The datetime of the ending point of time range for DEX test analyzation. Must be in ISO 8601 datetime string in the extended format with UTC time (e.g, 2025-04-22T00:00:00Z).'
+	)
+
+/**
+ * Registers the dex analysis tool with the MCP server
+ * @param server The MCP server instance
+ * @param accountId Cloudflare account ID
+ * @param apiToken Cloudflare API token
+ */
+
+export function registerDEXTools(agent: MyMCP) {
+	// Register the dex test analysis tool by test id
+	agent.server.tool(
+		'dex_test_statistics',
+		'Analyze Cloudflare DEX Test Results given a Test ID',
+		{
+			dexTestId: dexTestIdParam,
+			timeStart: dexTestTimeStart,
+			timeEnd: dexTestTimeEnd,
+		},
+		async (params) => {
+			const accountId = agent.getActiveAccountId()
+			if (!accountId) {
+				return {
+					content: [
+						{
+							type: 'text',
+							text: 'No currently active accountId. Try listing your accounts (accounts_list) and then setting an active account (set_active_account)',
+						},
+					],
+				}
+			}
+			try {
+				const { dexTestId, timeStart, timeEnd } = params
+				const accessToken = agent.props.accessToken
+				const data = await fetchDexTestAnalyzation({
+					dexTestId,
+					accountId,
+					accessToken,
+					timeStart,
+					timeEnd,
+				})
+				return {
+					content: [
+						{
+							type: 'text',
+							text: JSON.stringify({
+								data,
+								llmContext:
+									"The quartiles are sorted by 'resource fetch time' from LEAST performant in quartile 1 to MOST performant in quartile 4. For each quartile-based entry, it provides extensive information about the up-to-20 specific test results that are within that quartile of performance.",
+							}),
+						},
+					],
+				}
+			} catch (error) {
+				return {
+					content: [
+						{
+							type: 'text',
+							text: JSON.stringify({
+								error: `Error retreiving DEX HTTP Tests: ${error instanceof Error && error.message}`,
+							}),
+						},
+					],
+				}
+			}
+		}
+	)
+
+	// Register the dex test analysis tool by test id
+	agent.server.tool(
+		'dex_list_tests',
+		'Retrieve a list of all Cloudflare DEX Tests configured.',
+		{},
+		async () => {
+			const accountId = agent.getActiveAccountId()
+			if (!accountId) {
+				return {
+					content: [
+						{
+							type: 'text',
+							text: 'No currently active accountId. Try listing your accounts (accounts_list) and then setting an active account (set_active_account)',
+						},
+					],
+				}
+			}
+			try {
+				const accessToken = agent.props.accessToken
+				const data = await fetchDexTests({ accountId, accessToken })
+				return {
+					content: [
+						{
+							type: 'text',
+							text: JSON.stringify({
+								data,
+							}),
+						},
+					],
+				}
+			} catch (error) {
+				return {
+					content: [
+						{
+							type: 'text',
+							text: JSON.stringify({
+								error: `Error retreiving DEX Tests: ${error instanceof Error && error.message}`,
+							}),
+						},
+					],
+				}
+			}
+		}
+	)
+}

apps/dex-analysis/tsconfig.json

@@ -0,0 +1,3 @@
+{
+	"extends": "@repo/typescript-config/workers.json"
+}

apps/dex-analysis/types.d.ts

@@ -0,0 +1,5 @@
+import type { TestEnv } from './vitest.config'
+
+declare module 'cloudflare:test' {
+	interface ProvidedEnv extends TestEnv {}
+}

apps/dex-analysis/vitest.config.ts

@@ -0,0 +1,22 @@
+import { defineWorkersConfig } from '@cloudflare/vitest-pool-workers/config'
+
+export interface TestEnv extends Env {
+	CLOUDFLARE_MOCK_ACCOUNT_ID: string
+	CLOUDFLARE_MOCK_API_TOKEN: string
+}
+
+export default defineWorkersConfig({
+	test: {
+		poolOptions: {
+			workers: {
+				wrangler: { configPath: `${__dirname}/wrangler.jsonc` },
+				miniflare: {
+					bindings: {
+						CLOUDFLARE_MOCK_ACCOUNT_ID: 'mock-account-id',
+						CLOUDFLARE_MOCK_API_TOKEN: 'mock-api-token',
+					} satisfies Partial<TestEnv>,
+				},
+			},
+		},
+	},
+})