docs: align vm-cloudflare paths

.github/workflows/registry_validation.yml

@@ -3,11 +3,11 @@ name: Cloudflare Registry Validation
 on:
   push:
     paths:
-      - 'cloudflare/**'
+      - '**/*'
       - '.github/workflows/registry_validation.yml'
   pull_request:
     paths:
-      - 'cloudflare/**'
+      - '**/*'
       - '.github/workflows/registry_validation.yml'
   schedule:
     # Daily validation to catch drift
@@ -36,22 +36,18 @@ jobs:
       
     - name: Run Tool Name Parity Check
       run: |
-        cd cloudflare
         python3 ci_check_tool_names.py
         
     - name: Run Entrypoint Sanity Check
       run: |
-        cd cloudflare
         python3 ci_check_entrypoints.py
         
     - name: Generate Fresh Registry
       run: |
-        cd cloudflare
         python3 generate_capability_registry_v2.py
         
     - name: Validate Registry Format
       run: |
-        cd cloudflare
         python3 -c "
         import json
         with open('capability_registry_v2.json', 'r') as f:
@@ -66,7 +62,6 @@ jobs:
     - name: Check for Registry Changes
       id: registry_changes
       run: |
-        cd cloudflare
         # Check if registry changed during validation
         if git diff --name-only capability_registry_v2.json; then
           echo "changes_detected=true" >> $GITHUB_OUTPUT
@@ -80,5 +75,5 @@ jobs:
       uses: actions/upload-artifact@v4
       with:
         name: capability-registry
-        path: cloudflare/capability_registry_v2.json
+        path: capability_registry_v2.json
         retention-days: 30

ASSURANCE.md

@@ -21,7 +21,7 @@ These are the *operator-safe, auditor-grade* checks expected to pass on every sw
 
 ### 1) WAF Intel regression + CLI sanity
 
-From `cloudflare/`:
+From `vm-cloudflare/`:
 
 ```bash
 # Install dev deps (once)
@@ -44,7 +44,7 @@ Acceptance:
 
 ### 2) Terraform hardening correctness (empty-list safety + plan gates)
 
-From `cloudflare/terraform/`:
+From `vm-cloudflare/terraform/`:
 
 ```bash
 terraform fmt -recursive