The Problem: The UI Hasn't Changed Since the 90s
For decades, interacting with a technical platform meant clicking through endless menus, cross-referencing logs across browser tabs, and hunting for hidden toggles. Cloudflare's new AI assistant, Agent Lee, aims to replace that entire workflow with a single prompt.
Agent Lee is not a chatbot that answers FAQs. It's an in-dashboard agent that understands your account's resources—Workers, zones, DNS, error rates—and can take real action. It has been running in active beta, serving ~18,000 daily users and executing ~250,000 tool calls per day across DNS, Workers, SSL/TLS, R2, and more.
How Agent Lee Works: Codemode + MCP Architecture
Instead of feeding raw MCP tool definitions to the LLM, Agent Lee uses Codemode: it converts tools into a TypeScript API and asks the model to write code that calls it. LLMs are far more accurate with real-world TypeScript than with abstract tool call formats. For multi-step tasks, the model chains calls into a single script and returns only the final result, reducing round-trips.
// Example: Agent Lee generated code for debugging a 503 error
import { fetchAccountResources, getWorkerErrors } from '@cloudflare/agent-sdk';
async function debugWorker503(workerName: string) {
const errors = await getWorkerErrors({ workerName, timeRange: '24h' });
const topErrors = errors.slice(0, 5);
console.log('Top 5 errors:', topErrors);
return topErrors;
}
const result = await debugWorker503('my-worker');
The generated code is sent to an upstream Cloudflare MCP server for sandboxed execution, but it goes through a Durable Object that acts as a credentialed proxy. The DO classifies code as read or write by inspecting the method and body. Read operations pass directly; write operations are blocked until you explicitly approve them. API keys are never exposed in the generated code.
This security boundary is not just a sandbox—it's a permission architecture that structurally prevents writes without your approval.
Limitations and Security Considerations
Agent Lee is still in beta, and you may encounter edge cases or unexpected limitations. The write approval gate (elicitations) is mandatory and cannot be skipped—this is a structural enforcement layer, not a UX courtesy.
- Read vs Write: Only read operations are automatic. Any change to your account requires explicit approval.
- Context: The agent knows your account configuration but does not yet have long-term memory of past sessions.
- Scope: Currently limited to Cloudflare dashboard interactions. CLI and mobile interfaces are on the roadmap.
What This Means for Developers
Every primitive Agent Lee is built on is available to you: Agents SDK, Workers AI, Durable Objects, and the same MCP infrastructure. Cloudflare didn't build internal-only tools—they used the same building blocks you can use. This is a strong signal that the platform is ready for you to build your own AI agents on top of it.
Conclusion: The Future of Platform Interaction
Agent Lee is a significant step toward a future where interacting with a platform feels like collaborating with an expert. It dynamically generates UI components (charts, tables, architecture maps) alongside text responses, turning your chat history into a living dashboard.
If you're on a Free plan, you can try Agent Lee today by logging into your Cloudflare dashboard and clicking "Ask AI" in the upper right corner.
Next steps for learning:
- Explore the Cloudflare Agents SDK to build your own AI assistants.
- Study the MCP protocol and how Codemode improves LLM accuracy for tool usage.
- Look into Durable Objects for building secure, stateful proxy layers in your own applications.
Recommended reading: