Durable Objects MCP
@spawnbase
Query your Cloudflare Durable Objects from Claude Code, Cursor, and other AI clients. Read-only SQL access to DO SQLite storage via MCP protocol.
Overview
What is Durable Objects MCP?
Durable Objects MCP is an unofficial MCP server that provides structured, read-only access to Cloudflare Durable Object SQLite storage from AI clients (Claude Code, Cursor, Windsurf, etc.). It allows developers to connect once, discover tables, and execute read-only queries against their DO instances directly from their AI coding assistant.
How to use Durable Objects MCP?
After adding a query() method to each Durable Object class and deploying the server as a Cloudflare Worker, you connect your MCP client to the Worker’s URL. Authentication happens via Cloudflare Access (OAuth) on first connect. Once connected, you invoke three tools: list_classes (list queryable DO classes), describe_schema (get tables and columns for a DO instance), and execute_read_query (run read-only SQL against a DO instance).
Key features of Durable Objects MCP
- Read-only SQL guard (blocks all non-SELECT statements)
- Cloudflare Access OAuth authentication with PKCE (S256)
- Explicit namespace scoping via
wrangler.jsoncbindings - No public DO endpoints – only accessible through the MCP server
- Service bindings keep all traffic inside Cloudflare’s network
Use cases of Durable Objects MCP
- Inspect DO database schemas from your AI coding assistant
- Query DO storage for debugging or data exploration without the dashboard
- Retrieve specific rows (e.g., last messages, agent state) during development
- Programmatically audit DO data across thousands of instances
FAQ from Durable Objects MCP
What does this server do that Cloudflare Data Studio does not?
Data Studio only provides manual dashboard access. This MCP server gives AI clients programmatic, read-only SQL query access, enabling automated inspection and debugging directly from your coding environment.
What are the runtime requirements?
You need a Cloudflare Workers Paid plan, SQLite-backed Durable Objects (compatibility date 2024-04-03 or later), and a Cloudflare Zero Trust account for authentication.
Where does the DO data live and how is it accessed?
Data stays entirely within Cloudflare’s internal network. The MCP server uses service bindings (script_name) to call a query() RPC method on each DO instance; there is no public HTTP endpoint to the DOs.
What SQL statements are allowed?
Only SELECT, PRAGMA, EXPLAIN, and WITH statements pass through the server-side SQL guard. All write statements (INSERT, UPDATE, DELETE, etc.) are blocked before reaching the DO.
What transport and authentication does the server use?
It uses HTTP transport with Cloudflare Access (OAuth) authentication. JWT tokens are verified against CF Access JWKS, and PKCE (S256) is enforced on the MCP client side.