Optional extra. This lesson is not part of the core five-module build. It needs a Cloudflare account and matters most before you expose REVIEWBOT publicly. Skip it or come back later, at your own pace.
REVIEWBOT can read repositories and post comments. Shipping that behind a public URL with no auth is asking for trouble. Zero Trust puts identity in front of every connection.
Why gate it
The goal is simple: no anonymous request ever reaches the agent or its MCP endpoint. Instead of trusting the network, we require proof of identity on every call.
Access for humans
A self-hosted Cloudflare Access application sits in front of the Worker and the /mcp path. You add a policy requiring login through your identity provider. People authenticate in the browser, and the Worker only ever sees authenticated traffic.
Service tokens for agents
A coding agent calling /mcp cannot click through a browser login. For machine-to-machine access you create a service token, add a Service Auth policy, and send two headers:
CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID
CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRETNo browser, and no secret baked into source.
Tunnel and the access-oauth skill
For local development, cloudflared exposes your localhost behind the same Access policies, so you never open a port. And if you add the access-oauth skill to AGENTS.md, your coding agent can handle interactive Access logins on its own using standard OAuth with PKCE.
Reference: Authenticate agents to Access.