vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Initial commit: Cloudflare infrastructure with WAF Intelligence

Browse Source 
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation
This commit is contained in:
Vault Sovereign
2025-12-16 18:31:53 +00:00
commit 37a867c485
123 changed files with 25407 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
README.md Normal file
View File

@@ -0,0 +1,87 @@
# VaultMesh — Cloudflare Infrastructure Automation
**Governed by the [Red Book](RED-BOOK.md)** | **Docs:** ✅ [Invariants enforced](scripts/doc-invariants.sh)
VaultMesh is a proof-based infrastructure platform that manages Cloudflare resources through GitOps, intelligent agents, and cryptographic receipts. Every change leaves a trail; every state is verifiable.
---
## Quick Start
```bash
# 1. Clone and configure
cd /Users/sovereign/Desktop/CLOUDFLARE
cp .env.example .env
# Edit .env with your API tokens
# 2. Initialize Terraform
cd terraform && terraform init && terraform plan
# 3. Validate environment
bash TEST_WORKFLOW.sh quick
# 4. Start OpenCode (interactive)
opencode
```
**First time?** See [FIRST_RUN.md](FIRST_RUN.md) for step-by-step guidance.
---
## Documentation Map
| Need | Document |
|------|----------|
| **Architecture overview** | [STRUCTURE.md](STRUCTURE.md) |
| **Multi-account setup** | [MULTI_ACCOUNT_AUTH.md](MULTI_ACCOUNT_AUTH.md) |
| **AI agent config** | [AGENTS.md](AGENTS.md) |
| **MCP server reference** | [MCP_GUIDE.md](MCP_GUIDE.md) |
| **Production deployment** | [DEPLOYMENT_GUIDE.md](DEPLOYMENT_GUIDE.md) |
| **Security patterns** | [WEB-INFRA-SECURITY-PATTERNS.md](WEB-INFRA-SECURITY-PATTERNS.md) |
| **Incident playbooks** | [playbooks/](playbooks/) |
| **Philosophical doctrine** | [RED-BOOK.md](RED-BOOK.md) |
---
## Core Components
```
terraform/ Infrastructure as Code (Cloudflare zones, DNS, WAF)
gitops/ CI/CD automation, PR bots, drift detection
observatory/ Monitoring, metrics, dashboards
mcp/ MCP tool implementations
scripts/ Standalone utilities
playbooks/ Incident response procedures
```
---
## Security Architecture
- **Zero Trust**: Cloudflare Tunnels replace exposed ports — see [zero_trust_architecture.md](zero_trust_architecture.md)
- **WAF Baseline**: Managed rulesets + custom rules — see [cloudflare_waf_baseline.md](cloudflare_waf_baseline.md)
- **DNS Hardening**: DNSSEC + CAA + SPF/DKIM/DMARC — see [cloudflare_dns_manifest.md](cloudflare_dns_manifest.md)
- **Agent Guardrails**: AI agents operate under strict constraints — see [AGENT_GUARDRAILS.md](AGENT_GUARDRAILS.md)
---
## Governing Doctrine
This project follows the **Red Book** principles:
> *"Nothing evolves unless it is broken, nothing endures unless it is proven, nothing is real until it is sealed."*
All changes flow through the fourfold work: **Nigredo → Albedo → Citrinitas → Rubedo**
See [RED-BOOK.md](RED-BOOK.md) for the complete operational philosophy.
---
## License
See [LICENSE](LICENSE)
---
**Version:** 2.0
**Last Updated:** December 9, 2025