cf_* — Cloudflare
The Cloudflare tool namespace — zones, DNS records, SSL/TLS mode, zone settings, and cache purge — plus the nested params wrapper and the flexible-SSL redirect-loop gotcha.
The cf_* family manages the Cloudflare account that fronts every public
SuperHiTech hostname — DNS, SSL mode, zone settings, and cache. It governs the
load-bearing tunnel hostnames (mcp.super-ht.com /
leif.super-ht.com) and the docs-site DNS, so changes here have real blast
radius.
Zones
cf_list_zones
cf_list_zones()All zones on the account, each with id, name, status, name_servers,
plan. The zone id from here feeds nearly every other cf_* tool.
cf_get_zone
cf_get_zone(params={"domain": "<domain>"})Look up a single zone by exact domain name — the quick path to a zone ID when you know the domain.
cf_get_zone_settings / cf_set_zone_setting
cf_get_zone_settings(params={"zone_id": "<id>"})
cf_set_zone_setting(params={"zone_id": "<id>", "setting_id": "<id>", "value": <value>})get returns all configurable settings as {id, value, editable}. Common
setting_id values: always_use_https (on/off), security_level
(off…under_attack), cache_level (aggressive/basic/simplified),
development_mode, rocket_loader, automatic_https_rewrites, and minify
({"css":"on","html":"on","js":"on"}).
DNS
cf_list_dns_records
cf_list_dns_records(params={"zone_id": "<id>", "record_type": None, "name": None})Records with id, type, name, content, ttl, proxied. Optionally
filter by record_type (A, AAAA, CNAME, MX, TXT, …) or name. This is where
you get the record_id the update/delete tools need.
cf_create_dns_record
cf_create_dns_record(params={
"zone_id": "<id>", "record_type": "A", "name": "www",
"content": "<ip-or-host>", "ttl": 1, "proxied": False, "priority": None})ttl: 1 means automatic. proxied: True is the orange-cloud (route through
Cloudflare); priority is for MX/SRV.
cf_update_dns_record
cf_update_dns_record(params={
"zone_id": "<id>", "record_id": "<rid>", "record_type": "A",
"name": "www", "content": "<new-value>", "ttl": 1, "proxied": False})Full replacement — record_type, name, and content are all required
even if unchanged. Pull the current record with cf_list_dns_records first and
resend the complete set.
cf_delete_dns_record
cf_delete_dns_record(params={"zone_id": "<id>", "record_id": "<rid>"})Destructive and irreversible. Confirm the record_id against
cf_list_dns_records before deleting.
SSL / TLS
cf_get_ssl_mode / cf_set_ssl_mode
cf_get_ssl_mode(params={"zone_id": "<id>"})
cf_set_ssl_mode(params={"zone_id": "<id>", "mode": "<off|flexible|full|strict>"})| Mode | Meaning |
|---|---|
off | HTTP only |
flexible | SSL visitor↔Cloudflare, HTTP to origin |
full | End-to-end SSL; origin cert may be self-signed |
strict | End-to-end SSL; origin cert must be valid/trusted |
Cache
cf_purge_cache
cf_purge_cache(params={"zone_id": "<id>", "purge_everything": False, "files": [...]})Either set purge_everything: True to clear the whole zone, or pass a files
list of specific URLs for a targeted purge.
Related pages
- Service Map — the Cloudflare edge / DNS rows and the tunnel
- Hosts — the load-bearing tunnel hostnames
cf_*governs - Cloudflare Pages Deploys — how the docs site deploys behind this edge