Agents can now create Cloudflare accounts, buy domains, and deploy

The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.

It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.

I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.

I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.

I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.

I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.

Maybe it's me.

That is ironic. Four years ago, cloudflare didn’t let human me have an account / buy domains because I signed up, never used a single service but didn’t respond to a request to verify my drivers license

> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.

(Yes that’s really it. Sincerely. No “but I also abused X”)

The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.

While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.

It can also be used to make art.

One of the well-kept secrets about Cloudflare is:

You can have a zero-cost inbox.

Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)

but with this method, I get unlimited aliases, domains, and mailboxes:

Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.

This uses an email -> webworker workflow.

I use an API to fetch my emails.

This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.

The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.

I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.

The funniest thing is I am receiving zero spam? As if other email providers sell my email?

This might hurt the ones like vercel etc... or even smaller hosting services like tiiny etc...

I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...

I prefer to delegate as much as possible to AI services once I have a mature process that is easy to validate. Buying a domain name feels pretty mature to me etc, so I don't get where all the hate is coming from?

(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)

[flagged]

This is an API. They now allow users to create accounts, buy domains and deploy from their api instead of going on the website. That's great. I am not sure I understand why all this complex protocol is needed though, especially now that you can generate a cli with a prompt.

I recently started migrating my DNS to a DNSSEC-enabled provider.

This involves copy-pasting DNSSEC properties from one web interface into another.

Pretty much everything but this step has been automated in my website creation process: Picking a git template for my site, creating the git repository remotely on my self-hosted Forgejo, setting up the webserver and the DNS using external-dns. Only the domain creation and initial pointing of NS and DNSSEC records is something I sit and do.

I'm not willing to switch to Cloudflare for this feature.

But it reminds me there's more to automate.

I'm sure nothing bad will come of this idea.

If the genius who came up with this idea is reading this: Nobody asked for this feature.

A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.

I wonder if this means I can now also buy a domain via the API?

*update* - seems so, but with some limitations: https://developers.cloudflare.com/registrar/registrar-api/#b...

Industry really went from "prove you are not a robot", to "but also if you are, this way please"

Most of the sysadmin and devops team have been downsized in India because of AI.

Basically, now it's trivial for any new devops guy to run such a query in Claude Code:

“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”

Devops and sysadmins can no longer withhold information to maintain job security.

Boom, 80% of the team gone.

I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.

I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.

A further step towards the destruction of the internet (for humans).

Ps. Agents can also sell and delete domains.

I was pleasantly surprised when I read the headline a few days ago. But it's only accessible through Stripe right? I'm simultanenously very concerned about the centralized control that Stripe gains (it's not going to be just access to Cloudflare) and also amazed at how Stripe is shaping to be. It was just a payment processor.

I was wondering if someone was going to allow payments through CLI at some point.

But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.

if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.

why does cloudflare not allow existing users to create new accounts? you basically need to use a burner email and transfer it afterward. makes it awkward to use this on new projects that you want independent of your existing accounts.

As a user of the internet I can only imagine this worsening my experience by allowing even more slop to permeate the network's every orifice.

Also, when an agent sets up a domain, who is the domain owner? Who responds to takedown requests? What if it then decides to host illegal content at the domain (generated or otherwise). Who is responsible? Agents aren't (yet) legal persons, so it must be the person who owns the agent, but if that person never even sees the legal agreement being agreed to how would it hold up in court? If the person didn't direct the creation or hosting of illegal content, what then?

Claude has been buying domains and deploying to Vercel for me using aws cli, vercel cli, and gh cli since December. Personally I prefer a cli to an MCP server for this type of thing.

This probably started because of Andrej Karpathy's complaint about deployment being more painful than coding itself.

These days, website or service “usability” means that Claude code can do it for you.

They can doesn't mean they should. Letting an unsupervised agent register domains and build websites exposed to the public is yet another recipe for a disaster waiting to happen.

Fascinating. This is through Stripe rather than wrangler or anything. Coding agents were pretty good at handling the Cloudflare API already with an API key, but I think this thing that Stripe is doing by being the central hub through which all agent stuff goes by integrating with their CLI is a pretty good move for them.

And CloudFlare engineers sleep comfily at night knowing that they just produced 800 lbs of carbon emissions to generate a static "Hello World" HTML page.

I see the amount of work that gets put into these workflows and it boggles my mind that anyone thinks that it's faster or easier or more convinient or more cost efffective than installing a LAMP stack on one of the 6 laptops they have stuffed in a closet. God forbid anyone have any native local capability.

I literally hate it every time I try to visit a website and face Cloudflare bot verification. And now, they’re letting bots create accounts and buy domains. Double-standard hypocrisy.

Genius! Automate the flow for making customers spend money.

Can I make a bot to buy the domain at the best price, transfer that domain to Cloudflare instead?

I clicked through the $100k credits link and didn’t see Cloudflare listed as an Atlas partner? (Maybe not updated?)

This looks interesting nonetheless.

Skynet - and so it begins ...

don't even supricezed - I've done it before even without agents

Who goes to websites these days?

> At the end, the agent has deployed to production, and the app runs on the newly registered domain:

Soft scammers, fraudsters and defamers are celebrating in copying websites for malicious intent.

For sure this is going to get abused.

Thank god, this is what we've been missing on our quest to make software better for our users.

I mean couldn’t they already do that? Isn’t it the whole per pose of agents to do whatever any person can do on a machine?

So does this mean banned sites can now come back as long as they have an agent make an account instead of the banned user.

Soooo they built.... an API?

So they made it possible for agents to spend people's money buying their services.

Why didn't Amazon think of that?

Nice. Another step closer to the "dream" of filling the web with trash at scale

> buy

good luck

[flagged]