Initial commit: Cloudflare infrastructure with WAF Intelligence

- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access) - WAF Intelligence MCP server with threat analysis and ML classification - GitOps automation with PR workflows and drift detection - Observatory monitoring stack with Prometheus/Grafana - IDE operator rules for governed development - Security playbooks and compliance frameworks - Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00
commit 37a867c485
123 changed files with 25407 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,93 @@
+# OpenCode Environment Variables
+# Copy to .env and fill in real values
+# IMPORTANT: Never commit .env to git
+
+# ============================================================================
+# GITHUB (Already Configured)
+# ============================================================================
+# Get from: https://github.com/settings/tokens
+# Scopes: repo, read:org
+export GITHUB_TOKEN="ghp_your_github_token_here"
+
+# Optional: Add additional GitHub accounts with unique variable names
+# export GITHUB_TOKEN_SECONDARY="ghp_another_token_here"
+# export GITHUB_TOKEN_WORK="ghp_work_account_token"
+
+# ============================================================================
+# GITLAB (NEW - GitLab Integration)
+# ============================================================================
+# Get from: https://gitlab.com/-/user_settings/personal_access_tokens
+# For self-hosted: https://your-gitlab/(-/user_settings/personal_access_tokens
+# Scopes: api, read_user, read_repository, write_repository
+export GITLAB_TOKEN="glpat_your_gitlab_token_here"
+export GITLAB_URL="https://gitlab.com"  # Or your self-hosted URL
+
+# ============================================================================
+# CLOUDFLARE API (NEW - Cloudflare Infrastructure)
+# ============================================================================
+# API Token: https://dash.cloudflare.com/profile/api-tokens
+# Account ID: https://dash.cloudflare.com/ (right sidebar)
+export CLOUDFLARE_API_TOKEN="your_cloudflare_api_token_here"
+export CLOUDFLARE_ACCOUNT_ID="your_account_id_here"
+# Optional (for specific zone queries):
+export CLOUDFLARE_ZONE_ID="your_zone_id_here"
+
+# Optional: Add additional Cloudflare accounts with unique variable names
+# export CLOUDFLARE_API_TOKEN_PRODUCTION="prod_token_here"
+# export CLOUDFLARE_ACCOUNT_ID_PRODUCTION="prod_account_id"
+# export CLOUDFLARE_API_TOKEN_STAGING="staging_token_here"
+# export CLOUDFLARE_ACCOUNT_ID_STAGING="staging_account_id"
+
+# ============================================================================
+# OPTIONAL: Additional MCPs (if you enable them)
+# ============================================================================
+
+# Context7 (Documentation Search)
+# Get from: https://context7.com
+# export CONTEXT7_API_KEY="your_context7_key"
+
+# Database (PostgreSQL Audit Logs)
+# export DATABASE_URL="postgresql://user:pass@host:5432/dbname"
+
+# AWS (if using AWS resources)
+# export AWS_ACCESS_KEY_ID="AKIA..."
+# export AWS_SECRET_ACCESS_KEY="..."
+# export AWS_REGION="us-east-1"
+
+# Slack (if sending notifications)
+# export SLACK_BOT_TOKEN="xoxb-..."
+
+# Linear (if using Linear for issue tracking)
+# export LINEAR_API_KEY="lin_..."
+
+# Google Maps (if geolocation features)
+# export GOOGLE_MAPS_API_KEY="..."
+
+# ============================================================================
+# MULTI-ACCOUNT CONFIGURATION (See MULTI_ACCOUNT_AUTH.md)
+# ============================================================================
+
+# Multiple GitHub accounts
+# export GITHUB_TOKEN_WORK="ghp_work_account_token"
+# export GITHUB_TOKEN_PERSONAL="ghp_personal_account_token"
+# export GITHUB_TOKEN_CLIENT="ghp_client_account_token"
+
+# Multiple Cloudflare accounts/environments
+# export CLOUDFLARE_API_TOKEN_PRODUCTION="prod_token"
+# export CLOUDFLARE_ACCOUNT_ID_PRODUCTION="prod_account_id"
+# export CLOUDFLARE_API_TOKEN_STAGING="staging_token"
+# export CLOUDFLARE_ACCOUNT_ID_STAGING="staging_account_id"
+# export CLOUDFLARE_API_TOKEN_DEV="dev_token"
+# export CLOUDFLARE_ACCOUNT_ID_DEV="dev_account_id"
+
+# Multiple GitLab instances
+# export GITLAB_TOKEN_INTERNAL="glpat_internal_token"
+# export GITLAB_URL_INTERNAL="https://gitlab.internal.company.com"
+# export GITLAB_TOKEN_EXTERNAL="glpat_external_token"
+# export GITLAB_URL_EXTERNAL="https://gitlab.com"
+
+# ============================================================================
+# LOAD THIS FILE BEFORE RUNNING OPENCODE
+# ============================================================================
+# source .env
+# opencode