Building a CLI for all of Cloudflare

Original Article ↗ Hacker News Discussion ↗

Language and Implementation Choices

  • Extensive debate about TypeScript as the basis for the CLI and as “lingua franca.”
  • Critiques: controlled by Microsoft; tied to Node/npm ecosystem; poor for high‑performance tools (parsers/formatters); dynamic web domain makes types less beneficial; type system seen as “build-your-own” rather than opinionated and sound.
  • Defenses: open source and forkable; huge ecosystem and momentum; language itself is “fine,” main pain is npm; Deno/Bun make TS scripting pleasant; bun’s speed shows runtime can be fast enough for a CLI.
  • Several users prefer CLIs in compiled languages (Go, Rust, C) for single static binaries, richer standard libraries, better FFI, and reduced supply-chain risk.

CLI Scope, Design, and Consistency

  • Many welcome a unified Cloudflare CLI to replace a mix of Wrangler, dashboard clicks, and raw API calls.
  • Concerns about one giant monolithic CLI: complexity, version pinning, and past experience with slow bug/feature turnaround.
  • Strong emphasis on consistency: standardized subcommand naming, --json behavior, and help output to reduce both human confusion and LLM hallucinations.
  • Discussion around help behavior: some want -h vs --help to vary in verbosity; others insist short/long flags must be identical to avoid surprises.
  • Some argue CLIs are essentially “new programming languages” and should be designed as such; one commenter prefers higher-level orchestrators like executor.sh over many bespoke CLIs.

AI Agents as Users

  • Multiple reports of successfully using LLMs with Cloudflare APIs and other CLIs (gh, gcloud).
  • Thread notes agents are good at calling CLIs but poor at diagnosing failures; clear, actionable error messages and consistent help are seen as critical.
  • Mixed feelings that AI hype was needed to prioritize better CLI tooling, but most agree agent-friendly CLIs also improve human UX.

Auth, Permissions, and Security

  • Very strong desire for better token and permission management:
    • Commands like cf permissions check / “doctor” to show required scopes and missing access.
    • Ability to auto-create narrowly scoped, short-lived tokens, possibly per resource ID and action.
    • Ideas for proxy modes that delegate limited permissions to containers/agents.
  • Current API token model at Cloudflare is described as confusing and fragmented.
  • Concerns about agents or humans accidentally damaging production due to coarse-grained permissions; calls for resource groups or multi-account/organization models.

Ecosystem, Tooling, and Other Requests

  • Terraform provider v5 is widely criticized as unreliable; hurts confidence in Cloudflare tooling.
  • Requests for:
    • Single-binary distribution instead of npm install.
    • Better environment management for Workers/Pages/Astro.
    • CLI “preview” of UI actions, bulk operations across domains.
    • Real-time billing APIs with limits/notifications aligned with analytics.
  • Some confusion and curiosity about Cloudflare’s internal TypeScript-based schema system and how it compares to tools like TypeSpec/OpenAPI-driven CLIs.