vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

chore: pre-migration snapshot
Some checks failed
WAF Intelligence Guardrail / waf-intel (push) Waiting to run
Details
Cloudflare Registry Validation / validate-registry (push) Has been cancelled
Details

Browse Source 
Layer0, MCP servers, Terraform consolidation
This commit is contained in:
Vault Sovereign
2025-12-27 01:52:27 +00:00
parent 7f2e60e1c5
commit f0b8d962de
67 changed files with 14887 additions and 650 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
capability_registry.json Normal file
View File

@@ -0,0 +1,185 @@
{
"metadata": {
"generated_at": "2025-12-18T02:19:38.165161+00:00",
"version": "1.0.0",
"scope": "Cloudflare Control Plane"
},
"mcp_servers": {
"cloudflare_safe": {
"module": "cloudflare.mcp.cloudflare_safe",
"purpose": "Secure Cloudflare API operations",
"capabilities": [
"dns_record_management",
"waf_rule_configuration",
"tunnel_health_monitoring",
"zone_analytics_query",
"terraform_state_synchronization"
],
"security": {
"token_redaction": true,
"error_handling": true,
"rate_limiting": true
}
},
"waf_intelligence": {
"module": "cloudflare.mcp.waf_intelligence",
"purpose": "WAF rule analysis and synthesis",
"capabilities": [
"waf_config_analysis",
"threat_intelligence_integration",
"compliance_mapping",
"rule_gap_identification",
"terraform_ready_rule_generation"
],
"intelligence": {
"ml_classification": true,
"threat_intel": true,
"compliance_frameworks": [
"PCI-DSS 6.6",
"OWASP-ASVS 13"
]
}
},
"oracle_answer": {
"module": "cloudflare.mcp.oracle_answer",
"purpose": "Security decision support",
"capabilities": [
"security_classification",
"routing_decision_support",
"threat_assessment",
"pre_execution_screening"
],
"integration": {
"layer0_framework": true,
"shadow_classifier": true,
"preboot_logging": true
}
}
},
"terraform_resources": {
"dns_management": {
"files": [
"dns.tf"
],
"resources": [
"cloudflare_record",
"cloudflare_zone"
],
"capabilities": [
"automated_dns_provisioning",
"spf_dmarc_mx_configuration",
"tunnel_based_routing",
"proxied_record_management"
]
},
"waf_security": {
"files": [
"waf.tf"
],
"resources": [
"cloudflare_ruleset",
"cloudflare_bot_management"
],
"capabilities": [
"custom_waf_rules",
"managed_ruleset_integration",
"bot_management",
"rate_limiting",
"country_blocking"
]
},
"tunnel_infrastructure": {
"files": [
"tunnels.tf"
],
"resources": [
"cloudflare_tunnel",
"cloudflare_tunnel_config"
],
"capabilities": [
"multi_service_tunnel_routing",
"ingress_rule_management",
"health_monitoring",
"credential_rotation"
]
}
},
"gitops_tools": {
"waf_rule_proposer": {
"file": "gitops/waf_rule_proposer.py",
"purpose": "Automated WAF rule generation",
"capabilities": [
"threat_intel_driven_rules",
"gitlab_ci_integration",
"automated_mr_creation",
"compliance_mapping"
]
},
"invariant_checker": {
"file": "scripts/invariant_checker_py.py",
"purpose": "Real-time state validation",
"capabilities": [
"dns_integrity_checks",
"waf_compliance_validation",
"tunnel_health_monitoring",
"drift_detection"
]
},
"drift_guardian": {
"file": "scripts/drift_guardian_py.py",
"purpose": "Automated remediation",
"capabilities": [
"state_reconciliation",
"auto_remediation",
"ops_notification"
]
}
},
"security_framework": {
"layer0": {
"components": [
"entrypoint.py",
"shadow_classifier.py",
"preboot_logger.py"
],
"capabilities": [
"pre_execution_security_classification",
"threat_assessment",
"security_event_logging",
"routing_decision_support"
],
"classification_levels": [
"catastrophic",
"forbidden",
"ambiguous",
"blessed"
]
}
},
"operational_tools": {
"systemd_services": {
"services": [
"autonomous-remediator",
"drift-guardian",
"tunnel-rotation"
],
"capabilities": [
"continuous_monitoring",
"automated_remediation",
"scheduled_operations"
]
},
"test_suites": {
"suites": [
"layer0_validation",
"mcp_integration",
"cloudflare_safe_ingress"
],
"capabilities": [
"security_classification_testing",
"mcp_server_validation",
"api_integration_testing"
]
}
}
}