Initial commit: Cloudflare infrastructure with WAF Intelligence

- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation

scripts/infra-invariants.sh

@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+# ============================================================================
+# INFRA INVARIANTS CHECKER
+# ============================================================================
+# Enforces infrastructure law for VaultMesh.
+# Run from repo root: bash scripts/infra-invariants.sh
+#
+# Exit codes:
+#   0 = All invariants pass
+#   1 = One or more invariants violated
+#
+# Governed by: RED-BOOK.md
+# ============================================================================
+
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$REPO_ROOT"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m'
+
+echo "============================================"
+echo "  VaultMesh Infrastructure Invariants Check"
+echo "============================================"
+echo ""
+
+FAILED=0
+
+# ============================================================================
+# 1. TERRAFORM FORMAT CHECK
+# ============================================================================
+
+echo "── 1. Terraform Formatting ──"
+
+cd terraform
+if terraform fmt -check -recursive > /dev/null 2>&1; then
+    echo -e "${GREEN}✓${NC} 1.1 All .tf files are properly formatted"
+else
+    echo -e "${RED}✗${NC} 1.1 Terraform files need formatting"
+    echo "    Run: cd terraform && terraform fmt -recursive"
+    FAILED=1
+fi
+
+# ============================================================================
+# 2. TERRAFORM VALIDATE
+# ============================================================================
+
+echo ""
+echo "── 2. Terraform Validation ──"
+
+terraform init -backend=false > /dev/null 2>&1
+if terraform validate > /dev/null 2>&1; then
+    echo -e "${GREEN}✓${NC} 2.1 Terraform configuration is valid"
+else
+    echo -e "${RED}✗${NC} 2.1 Terraform validation failed"
+    terraform validate
+    FAILED=1
+fi
+
+cd "$REPO_ROOT"
+
+# ============================================================================
+# 3. REQUIRED FILES
+# ============================================================================
+
+echo ""
+echo "── 3. Required Terraform Files ──"
+
+REQUIRED_TF_FILES=(
+    "terraform/main.tf"
+    "terraform/variables.tf"
+)
+
+for tf in "${REQUIRED_TF_FILES[@]}"; do
+    if [[ -f "$tf" ]]; then
+        echo -e "${GREEN}✓${NC} 3.1 $tf exists"
+    else
+        echo -e "${RED}✗${NC} 3.1 Missing required file: $tf"
+        FAILED=1
+    fi
+done
+
+# ============================================================================
+# SUMMARY
+# ============================================================================
+
+echo ""
+echo "============================================"
+echo "  Summary"
+echo "============================================"
+
+if [[ $FAILED -gt 0 ]]; then
+    echo -e "${RED}Infra invariants violated. Fix before merging.${NC}"
+    exit 1
+else
+    echo -e "${GREEN}All infra invariants pass. ✓${NC}"
+    exit 0
+fi