SYSTEM Cited by 1 source
Agent Lee¶
Agent Lee is Cloudflare's first-party in-dashboard AI assistant — launched 2026-04-15 in open beta — that understands a user's Cloudflare account and can both troubleshoot and apply changes across the entire platform (DNS, Workers, SSL/TLS, R2, Registrar, Cache, Cloudflare Tunnel, API Shield, and more) from a single natural-language prompt, rendering real-data visualisations (charts, tables, architecture maps) inline on an adaptive grid.
Scale at launch¶
Reported in the launch post after an active beta (Source: sources/2026-04-15-cloudflare-introducing-agent-lee):
- ~18,000 daily users
- ~250,000 tool calls / day
- Products covered: DNS, Workers, SSL/TLS, R2, Registrar, Cache, Cloudflare Tunnel, API Shield, and more.
- Free-plan availability — entry point is Ask AI in the Cloudflare dashboard.
Architecture¶
Agent Lee is built on primitives Cloudflare ships to customers:
- Agents SDK — runtime.
- Workers AI / Workers — compute and model hosting.
- Durable Objects — the permission + credentialed-proxy layer (see below).
- MCP — tool-description surface for Cloudflare's API.
The MCP surface Agent Lee consumes is two tools, not 3,000: "a search tool for querying API endpoints and an execute tool for writing code that performs API requests." All ~3,000 Cloudflare HTTP API operations are reachable through the execute tool via Code Mode (canonical patterns/tool-surface-minimization).
Code Mode, not direct tool calls¶
"Rather than presenting MCP tool definitions directly to the model, Agent Lee uses Code Mode to convert the tools into a TypeScript API and asks the model to write code that calls it instead."
Two explicit quantitative rationales in the launch post:
- LLMs have seen a vast amount of real-world TypeScript but few tool-call examples → higher accuracy on multi-step invocations.
- Multi-step tasks chain into a single generated script whose intermediate results stay inside the sandbox — no per-step round-trips between planner and tool.
See patterns/code-generation-over-tool-calls and systems/code-mode.
The Durable Object is the enforcement layer¶
The generated code is dispatched to an upstream Cloudflare MCP server for sandboxed execution. But it travels through a Durable Object that acts as a credentialed proxy. The DO:
- Classifies the generated code as read or write by inspecting the method and body before any call leaves.
- Proxies reads directly.
- Blocks writes until explicit approval via an elicitation gate — "Agent Lee cannot skip this step. The permission model is the enforcement layer, and the confirmation prompt you see is not a UX courtesy. It's the gate."
- Holds API keys — keys are never present in the generated code, so the sandbox cannot exfiltrate them. They're injected server-side when the upstream call is made.
Load-bearing structural framing: "The security boundary isn't just a sandbox that gets thrown away; it's a permission architecture that structurally prevents writes from happening without your approval."
See patterns/credentialed-proxy-sandbox.
Dynamic UI, not just text¶
"The platform dynamically generates UI components alongside textual responses." Blocks in today's library:
- Dynamic tables.
- Interactive charts (e.g. error-rate-over-24h rendered from real traffic, inline — not a link out to Analytics).
- Architecture maps.
- More in development.
Users interact via an adaptive grid: click-and-drag to carve out a tile, describe what should go in it in natural language, and Agent Lee populates it. "Transforms your chat history into a living dashboard."
See patterns/dynamic-ui-generation.
Quality + safety posture¶
Continuous measurement ("keeping users in control"):
- Evals on conversation success + information accuracy.
- User feedback (thumbs up / down).
- Tool-call execution-success rate + hallucination scorers.
- Per-product conversation-performance breakdown.
Roadmap (stated in the launch post)¶
- Surface-agnostic — CLI next, phone later. "The surface you use shouldn't matter."
- Proactive — watches Workers / traffic / error thresholds and reaches out when something warrants attention.
- Accumulated context — already knows account config; will know past conversations, current page, last week's debugging.
Caveats¶
- In beta. Post explicitly warns of "unexpected limitations or edge cases." Today's scale figures are a snapshot.
- Latency / approval-abandonment / per-tool success rates not disclosed.
- Underlying Code Mode sandbox substrate (isolate reuse, timeout model) lives in a separate Cloudflare Code Mode post (blog.cloudflare.com/code-mode/), not in the Agent Lee announcement itself.
Seen in¶
- sources/2026-04-15-cloudflare-introducing-agent-lee — the launch + architecture post, 18K DAU / 250K tool calls/day.