Remote MCP endpoint for R2 object access

Use your Cloudflare R2 bucket from compatible AI clients.

A self-hosted remote MCP server that lets ChatGPT or compatible AI clients read and manage objects in your own Cloudflare R2 bucket through a Cloudflare Worker.

View GitHub Read Setup

How it works

The client talks to a Worker-hosted MCP endpoint, not to a local filesystem.

AI client to remote MCP endpoint to GitHub OAuth access check to Cloudflare Worker to your R2 bucket

What it enables

A narrow operational surface for R2 objects.

The project is for controlled object access from remote MCP clients. It is not a general personal cloud interface and it is not full R2 account administration.

Read

List objects, inspect metadata, and read text-like objects from the configured bucket surface.

Write

Write text objects, upload base64 payloads, copy objects, move objects, and rename objects.

Delete

Delete object keys through guarded destructive tools that require explicit confirmation.

Optional

Enable read-only account visibility or presigned URLs only when that deployment needs them.

Security boundary

Public endpoint, explicit access boundary.

Public deployments use GitHub OAuth allowlisting. Authless mode is for local development or endpoints protected by another access layer.

Exposed

Object operations for the configured R2 binding.

Optional

Read-only account visibility and temporary presigned URLs.

Not exposed

Bucket creation, bucket deletion, CORS mutation, lifecycle mutation, domain mutation, and notification mutation.

Deployment pieces

Small deployment surface.

Cloudflare Worker
R2 bucket binding
GitHub OAuth App for public deployments
KV namespace for OAuth state
Optional R2 S3 credentials for presigned URLs