Skip to content

feat(radar): add new Radar and URL Scanner tools #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
andre-j3sus merged 4 commits into from
Jan 7, 2026
Merged

feat(radar): add new Radar and URL Scanner tools #273

andre-j3sus merged 4 commits into from
Jan 7, 2026

Conversation

@andre-j3sus
Copy link
Collaborator

@andre-j3sus andre-j3sus commented Jan 6, 2026
edited
Loading

This PR significantly expands the Cloudflare Radar MCP server capabilities, adding 35 new tools across 15 categories to provide comprehensive Internet traffic insights, BGP routing analysis, security monitoring, and infrastructure observability.

Summary

  • 52 total tools now available (up from ~17)
  • 15 new tool categories added
  • Refactored URL Scanner into 5 focused, API-aligned tools
  • Enhanced geolocation support with ADM1 (state/province) filtering via geoId

New Tool Categories

Cloud Observatory

Monitor performance metrics for major cloud providers (AWS, GCP, Azure, OCI):

Tool Description
list_origins List all hyperscalers and their available regions
get_origin_details Get details for a specific cloud provider
get_origins_data Retrieve performance metrics (TCP RTT, TLS handshake, connection failures, etc.)

BGP Routing & Security

Comprehensive BGP monitoring and analysis:

Tool Description
get_bgp_hijacks Detect BGP hijack events with confidence scoring
get_bgp_leaks Monitor route leak events
get_bgp_route_stats Routing table statistics
get_bgp_timeseries BGP updates over time (announcements/withdrawals)
get_bgp_top_ases Top ASes by update count
get_bgp_top_prefixes Top prefixes by update count
get_bgp_moas Multi-Origin AS prefix detection
get_bgp_pfx2as Prefix-to-ASN mapping with RPKI validation status

Bots & Crawlers

Analyze bot traffic and crawler behavior:

Tool Description
get_bots_data Bot traffic by name, operator, category, and kind
list_bots List known bots (AI crawlers, search engines, monitoring bots)
get_bot_details Detailed info for a specific bot
get_bots_crawlers_data Crawler HTTP request patterns by industry/vertical

Robots.txt Analysis

Tool Description
get_robots_txt_data Analyze how websites configure crawler access rules, especially for AI crawlers

Certificate Transparency

Monitor SSL/TLS certificate issuance:

Tool Description
get_certificate_transparency_data CT log trends by CA, validation level, algorithm
list_ct_authorities List tracked Certificate Authorities
get_ct_authority_details CA details by slug
list_ct_logs List CT logs
get_ct_log_details CT log details

NetFlows

Tool Description
get_netflows_data Network traffic patterns with ADM1 geolocation support

AS112 DNS Sink Hole

Tool Description
get_as112_data Reverse DNS lookup data for private IP addresses (RFC 1918)

Geolocations

Granular geographic filtering:

Tool Description
list_geolocations List ADM1 regions (states/provinces) with GeoNames IDs
get_geolocation_details Details for a specific geolocation

TCP Quality

Tool Description
get_tcp_resets_timeouts_data Connection quality metrics (resets and timeouts)

Leaked Credentials

Tool Description
get_leaked_credentials_data HTTP auth request trends and compromised credential detection

Annotations & Outages

Tool Description
get_annotations Internet events, outages, and anomalies from Cloudflare data sources
get_outages Detected connectivity issues and outages

Autonomous Systems (Extended)

Tool Description
get_as_set IRR AS-SETs membership
get_as_relationships Peer, upstream, and downstream relationships

Refactored Tools

URL Scanner

Replaced the single scan_url tool with 5 focused, API-aligned tools:

Tool Description
search_url_scans Search scans using ElasticSearch-like query syntax
create_url_scan Submit a URL to scan, returns scan UUID
get_url_scan Get scan results (verdicts, page info, stats)
get_url_scan_screenshot Get screenshot URL for a completed scan
get_url_scan_har Get HAR (HTTP Archive) data for network analysis

Renamed Tools

Old Name New Name Reason
get_dns_data get_dns_queries_data Clearer naming to distinguish from other DNS tools

Enhanced Features

GeoID Filtering

Added geoId parameter support for granular geographic filtering at the ADM1 level (states/provinces):

  • get_http_data - Filter HTTP traffic by region
  • get_netflows_data - Filter network flows by region
    Example: Get HTTP traffic for Lisbon, Portugal using geoId: "2267056"

TownLake and others added 2 commits January 6, 2026 14:49
@TownLake
feat(radar): add Cloud Observatory / Origins tools for hyperscaler pe…
54b22c4 
…rformance metrics

Add 5 new MCP tools for the Cloud Observatory feature that provides
performance insights for major cloud providers (AWS, GCP, Azure, OCI):

- list_origins: List all hyperscalers and their available regions
- get_origin_details: Get details for a specific cloud provider
- get_origins_timeseries: Time series performance metrics
- get_origins_summary: Aggregated metrics by dimension (region/success_rate/percentile)
- get_origins_timeseries_groups: Time series grouped by dimension

Metrics available: TCP_RTT, TCP_HANDSHAKE_DURATION, TLS_HANDSHAKE_DURATION,
RESPONSE_HEADER_RECEIVE_DURATION, CONNECTION_FAILURES, REQUESTS
@andre-j3sus
feat(radar): add new Radar categories + refresh URL Scanner tools
d0ed573 
Add new Radar tool categories:
- BGP: hijacks, leaks, and route stats
- Bots: traffic by category, operator, kind
- Certificate Transparency: certificate issuance trends
- NetFlows: network traffic patterns
- Cloud Observatory: add origin listing, details, and performance metric tools

Refactor URL Scanner tools:
- Replace the old scan tool with API-aligned tools (search, create, get result, screenshot, HAR)

Update existing tools:
- Rename get_dns_data to get_dns_queries_data
- Add geoId filtering support
@andre-j3sus andre-j3sus self-assigned this Jan 6, 2026
@andre-j3sus
fix(radar): use snake_case for bots dimension parameters
11cf027 
The Radar API uses snake_case (bot_kind, bot_operator, bot_category)
instead of camelCase for the bots endpoint dimension parameters.
@andre-j3sus
feat(radar): add new tools for robots.txt, crawlers, bots, AS112, geo…
7bc21e5 
…locations, TCP quality, outages, CT, BGP, and AS relationships

New tools added:
- robots.txt: get_robots_txt_data for crawler access rules analysis
- bots/crawlers: list_bots, get_bot_details, get_bots_crawlers_data
- leaked credentials: get_leaked_credentials_data
- AS112: get_as112_data for DNS sink hole data
- geolocations: list_geolocations, get_geolocation_details
- TCP quality: get_tcp_resets_timeouts_data
- annotations/outages: get_annotations, get_outages
- CT: list_ct_authorities, get_ct_authority_details, list_ct_logs, get_ct_log_details
- BGP: get_bgp_timeseries, get_bgp_top_ases, get_bgp_top_prefixes, get_bgp_moas, get_bgp_pfx2as
- AS: get_as_set, get_as_relationships

Updated README with comprehensive tool list and prompt examples.
@andre-j3sus andre-j3sus mentioned this pull request Jan 7, 2026
Closed
@andre-j3sus andre-j3sus marked this pull request as ready for review January 7, 2026 16:44
@devandrepascoa
Copy link

devandrepascoa commented Jan 7, 2026

lgtm

@andre-j3sus andre-j3sus merged commit 7ee34b3 into main Jan 7, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@andre-j3sus andre-j3sus

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andre-j3sus @devandrepascoa @TownLake