Initial commit: Cloudflare infrastructure with WAF Intelligence

- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access) - WAF Intelligence MCP server with threat analysis and ML classification - GitOps automation with PR workflows and drift detection - Observatory monitoring stack with Prometheus/Grafana - IDE operator rules for governed development - Security playbooks and compliance frameworks - Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00
commit 37a867c485
123 changed files with 25407 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -0,0 +1,59 @@
+# ============================================================================
+# VaultMesh GitLab CI/CD Pipeline
+# ============================================================================
+# Governed by: RED-BOOK.md
+# ============================================================================
+
+stages:
+  - validate
+  - test
+
+# ============================================================================
+# DOC INVARIANTS
+# ============================================================================
+# Enforces documentation law on every push touching docs/doctrine/playbooks.
+
+doc_invariants:
+  stage: validate
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache bash grep findutils
+  script:
+    - bash scripts/doc-invariants.sh
+  rules:
+    - changes:
+        - "*.md"
+        - "playbooks/**/*"
+        - "scripts/doc-invariants.sh"
+
+# ============================================================================
+# INFRA INVARIANTS
+# ============================================================================
+# Validates Terraform formatting + syntax on infrastructure changes.
+
+infra_invariants:
+  stage: validate
+  image: hashicorp/terraform:latest
+  script:
+    - bash scripts/infra-invariants.sh
+  rules:
+    - changes:
+        - "terraform/**/*"
+        - "scripts/infra-invariants.sh"
+
+# ============================================================================
+# PYTHON SYNTAX CHECK
+# ============================================================================
+# Basic Python syntax validation for scripts and MCP tools.
+
+python_check:
+  stage: test
+  image: python:3.11-slim
+  script:
+    - python -m py_compile oracle_runner.py oracle_answer_mcp.py mcp/oracle_answer/tool.py
+    - python -c "from mcp.oracle_answer import OracleAnswerTool; print('✓ Import OK')"
+  rules:
+    - changes:
+        - "*.py"
+        - "mcp/**/*.py"
+        - "scripts/*.py"