CFShare — Cloudflare Quick Tunnel Exposure
Expose local services, ports, files, or directories as temporary public https://*.trycloudflare.com links.
Standard Workflow
- •
env_check()— Always call first to verifycloudflaredis available and see current policy defaults. - •Create exposure:
- •Have a running local service? →
expose_port(port, opts?) - •Need to share/preview files or directories? →
expose_files(paths, opts?)
- •Have a running local service? →
- •After creation succeeds: Present
public_urlandexpires_atto the user. Remind them to callexposure_stopwhen finished. - •Inspect / monitor:
exposure_get(id)with optionalprobe_public: trueto verify end-to-end reachability. - •Troubleshoot:
exposure_logs(id)when something goes wrong. - •Cleanup:
exposure_stop(id)orexposure_stop(id="all").
Tool Reference
1. env_check
Check that cloudflared is installed, resolve its version, and return effective policy defaults.
2. expose_port
Expose an already-running local service via Cloudflare Quick Tunnel. The tool probes 127.0.0.1:<port> before proceeding and rejects blocked ports.
Errors: "invalid port", "port blocked by policy: <N>", "local service is not reachable on 127.0.0.1:<N>".
3. expose_files
Copy files/directories into a temporary workspace, start a read-only static file server, and tunnel it publicly.
File Serving Behavior
Mode: normal
- •Single file → served directly at the root URL.
- •Multiple files or a directory → displayed in an intuitive file explorer interface.
Mode: zip
- •All files are packaged into a ZIP archive.
Presentation
- •Default behaviors: download | preview | raw
- •Behavior can be overridden via query parameters.
- •download → forces browser file save.
- •preview → renders inline (images, PDF, Markdown, audio/video, HTML, text, etc.).
- •raw → serves original content without any wrapper.
- •If a file type is not previewable, preview automatically falls back to raw, then to download.
4. exposure_list
List all tracked sessions (both active and recently-stopped within-process).
5. exposure_get
Get detailed information about one or more sessions. Supports three selection modes (mutually exclusive input shapes via union schema):
6. exposure_stop
Stop one, several, or all exposures. Terminates cloudflared process, shuts down origin/proxy servers, and deletes temporary workspace files.
7. exposure_logs
Fetch merged logs from cloudflared tunnel and origin server components.
8. maintenance
Lifecycle management operations.
Action details:
- •
start_guard— Start the TTL expiration reaper (runs periodically; usually auto-started). - •
run_gc— Clean up orphaned workspace directories and stale processes not tracked by any active session. - •
set_policy— Persist a policy change to disk and reload. Requires at least one ofopts.policyoropts.ignore_patterns.
9. audit_query
Search audit event log.
10. audit_export
Export filtered audit events to a local JSONL file.
Security & Policy Defaults
Policy priority (highest wins): policy JSON file > plugin config > built-in defaults.
Response Behavior Rules
When presenting results to the user, the LLM must:
- •Always display
public_urlandexpires_atafter creating an exposure. - •Present timestamps in the user’s local time zone using a human-readable format (
yyyy-mm-dd HH:MM:SS). Never include timezone indicators or raw ISO strings. - •Warn when
accessmode is"none"— the link is publicly accessible without authentication. - •Include cleanup instructions — include
exposure_stopguidance after successful sharing. - •On error, suggest
exposure_logs(id)for diagnostics. - •For security — if user intent is ambiguous or potentially sensitive, request confirmation before creating exposure.