Add Radar MCP server

Author: andre-j3sus

.gitignore

@@ -48,5 +48,6 @@ yarn-error.log*
 .sentryclirc.lock/
 tmp.json
 tmp.ts
+.idea
 
-apps/sandbox-container/workdir
+apps/sandbox-container/workdir

README.md

@@ -55,6 +55,7 @@ Some features may require a paid Cloudflare Workers plan. Ensure your Cloudflare
 ### Apps
 
 - [workers-observability](apps/workers-observability/): The Workers Observability MCP server
+- [radar](apps/radar/): The Cloudflare Radar MCP server
 
 ### Packages
 

apps/radar/.dev.vars.example

@@ -0,0 +1,3 @@
+CLOUDFLARE_CLIENT_ID=
+CLOUDFLARE_CLIENT_SECRET=
+URL_SCANNER_API_TOKEN=

apps/radar/.eslintrc.cjs

@@ -0,0 +1,5 @@
+/** @type {import("eslint").Linter.Config} */
+module.exports = {
+	root: true,
+	extends: ['@repo/eslint-config/default.cjs'],
+}

apps/radar/README.md

@@ -0,0 +1,91 @@
+# Cloudflare Radar MCP Server 📡
+
+This is a [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction) server that supports remote MCP
+connections, with Cloudflare OAuth built-in.
+
+It integrates tools powered by the [Cloudflare Radar API](https://developers.cloudflare.com/radar/) to provide global
+Internet traffic insights, trends and other utilities.
+
+## 🔨 Available Tools
+
+Currently available tools:
+
+| **Category**           | **Tool**                  | **Description**                                                                                                           |
+| ---------------------- | ------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| **HTTP Requests**      | `get_http_requests_data`  | Fetches HTTP request data (timeseries, summaries, and grouped timeseries across dimensions like `deviceType`, `botClass`) |
+| **Autonomous Systems** | `list_autonomous_systems` | Lists ASes; filter by location and sort by population size                                                                |
+|                        | `get_as_details`          | Retrieves detailed info for a specific ASN                                                                                |
+| **IP Addresses**       | `get_ip_details`          | Provides details about a specific IP address                                                                              |
+| **Traffic Anomalies**  | `get_traffic_anomalies`   | Lists traffic anomalies; filter by AS, location, start date, and end date                                                 |
+| **URL Scanner**        | `scan_url`                | Scans a URL via [Cloudflare’s URL Scanner](https://developers.cloudflare.com/radar/investigate/url-scanner/)              |
+
+This MCP server is still a work in progress, and we plan to add more tools in the future.
+
+### Prompt Examples
+
+- `What are the most used operating systems?`
+- `What are the top 5 ASes in Portugal?`
+- `Get information about ASN 13335.`
+- `What are the details of IP address 1.1.1.1?`
+- `List me traffic anomalies in Brazil over the last year.`
+- `Scan https://example.com.`
+
+## Getting Started
+
+#### Secrets
+
+Set secrets via Wrangler:
+
+```bash
+npx wrangler secret put CLOUDFLARE_CLIENT_ID -e <ENVIRONMENT>
+npx wrangler secret put CLOUDFLARE_CLIENT_SECRET -e <ENVIRONMENT>
+npx wrangler secret put URL_SCANNER_API_TOKEN -e <ENVIRONMENT>
+```
+
+#### Set up a KV namespace
+
+Create the KV namespace:
+
+```bash
+npx wrangler kv namespace create "OAUTH_KV"
+```
+
+Then, update the Wrangler file with the generated KV namespace ID.
+
+#### Deploy & Test
+
+Deploy the MCP server to make it available on your workers.dev domain:
+
+```bash
+npx wrangler deploy -e <ENVIRONMENT>
+```
+
+Test the remote server using [Inspector](https://modelcontextprotocol.io/docs/tools/inspector):
+
+```
+npx @modelcontextprotocol/inspector@latest
+```
+
+## Local Development
+
+If you'd like to iterate and test your MCP server, you can do so in local development.
+This will require you to create another OAuth App on Cloudflare:
+
+1. Create a `.dev.vars` file in your project root with:
+
+   ```
+   CLOUDFLARE_CLIENT_ID=your_development_cloudflare_client_id
+   CLOUDFLARE_CLIENT_SECRET=your_development_cloudflare_client_secret
+   URL_SCANNER_API_TOKEN=your_development_url_scanner_api_token
+   ```
+
+2. Start the local development server:
+
+   ```bash
+   npx wrangler dev
+   ```
+
+3. To test locally, open Inspector, and connect to `http://localhost:8788/sse`.
+   Once you follow the prompts, you'll be able to "List Tools".
+
+   You can also connect to Claude Desktop.

apps/radar/package.json

@@ -0,0 +1,34 @@
+{
+	"name": "cloudflare-radar-mcp-server",
+	"version": "0.0.1",
+	"private": true,
+	"scripts": {
+		"check:lint": "run-eslint-workers",
+		"check:types": "run-tsc",
+		"deploy": "run-wrangler-deploy",
+		"dev": "wrangler dev",
+		"start": "wrangler dev",
+		"cf-typegen": "wrangler types",
+		"test": "vitest run"
+	},
+	"dependencies": {
+		"@cloudflare/workers-oauth-provider": "0.0.2",
+		"@hono/zod-validator": "0.4.3",
+		"@modelcontextprotocol/sdk": "1.9.0",
+		"@repo/mcp-common": "workspace:*",
+		"@repo/mcp-observability": "workspace:*",
+		"agents": "0.0.62",
+		"cloudflare": "4.2.0",
+		"hono": "4.7.6",
+		"zod": "3.24.2"
+	},
+	"devDependencies": {
+		"@cloudflare/vitest-pool-workers": "0.8.14",
+		"@cloudflare/workers-types": "4.20250410.0",
+		"@types/node": "^22.14.1",
+		"prettier": "3.5.3",
+		"typescript": "5.5.4",
+		"vitest": "3.0.9",
+		"wrangler": "4.10.0"
+	}
+}

apps/radar/src/index.ts

@@ -0,0 +1,78 @@
+import OAuthProvider from '@cloudflare/workers-oauth-provider'
+import { McpAgent } from 'agents/mcp'
+import { env } from 'cloudflare:workers'
+
+import {
+	createAuthHandlers,
+	handleTokenExchangeCallback,
+} from '@repo/mcp-common/src/cloudflare-oauth-handler'
+import { CloudflareMCPServer } from '@repo/mcp-common/src/server'
+import { MetricsTracker } from '@repo/mcp-observability'
+
+import { registerRadarTools } from './tools/radar'
+import { registerUrlScannerTools } from './tools/url-scanner'
+
+import type { UserSchema } from '@repo/mcp-common/src/cloudflare-oauth-handler'
+
+const metrics = new MetricsTracker(env.MCP_METRICS, {
+	name: env.MCP_SERVER_NAME,
+	version: env.MCP_SERVER_VERSION,
+})
+
+// Context from the auth process, encrypted & stored in the auth token
+// and provided to the DurableMCP as this.props
+export type Props = {
+	accessToken: string
+	user: UserSchema['result']
+}
+
+export type State = never
+
+export class RadarMCP extends McpAgent<Env, State, Props> {
+	_server: CloudflareMCPServer | undefined
+	set server(server: CloudflareMCPServer) {
+		this._server = server
+	}
+
+	get server(): CloudflareMCPServer {
+		if (!this._server) {
+			throw new Error('Tried to access server before it was initialized')
+		}
+
+		return this._server
+	}
+
+	constructor(ctx: DurableObjectState, env: Env) {
+		super(ctx, env)
+	}
+
+	async init() {
+		this.server = new CloudflareMCPServer(this.props.user.id, this.env.MCP_METRICS, {
+			name: this.env.MCP_SERVER_NAME,
+			version: this.env.MCP_SERVER_VERSION,
+		})
+
+		registerRadarTools(this)
+		registerUrlScannerTools(this)
+	}
+}
+
+const RadarScopes = {
+	'user:read': 'See your user info such as name, email address, and account memberships.',
+	offline_access: 'Grants refresh tokens for long-lived access.',
+} as const
+
+export default new OAuthProvider({
+	apiRoute: '/sse',
+	// @ts-ignore
+	apiHandler: RadarMCP.mount('/sse'),
+	// @ts-ignore
+	defaultHandler: createAuthHandlers({ scopes: RadarScopes, metrics }),
+	authorizeEndpoint: '/oauth/authorize',
+	tokenEndpoint: '/token',
+	tokenExchangeCallback: (options) =>
+		handleTokenExchangeCallback(options, env.CLOUDFLARE_CLIENT_ID, env.CLOUDFLARE_CLIENT_SECRET),
+	// Cloudflare access token TTL
+	accessTokenTTL: 3600,
+	clientRegistrationEndpoint: '/register',
+})