chore: pre-migration snapshot

Layer0, MCP servers, Terraform consolidation

tests/test_waf_intelligence_analyzer.py

@@ -0,0 +1,43 @@
+from mcp.waf_intelligence.analyzer import WAFRuleAnalyzer
+
+
+def test_analyzer_detects_managed_waf_ruleset():
+    analyzer = WAFRuleAnalyzer()
+
+    tf = """
+resource "cloudflare_ruleset" "managed_waf" {
+  name  = "Managed WAF"
+  kind  = "zone"
+  phase = "http_request_firewall_managed"
+
+  rules {
+    action = "execute"
+    action_parameters {
+      id = "efb7b8c949ac4650a09736fc376e9aee"
+    }
+    expression  = "true"
+    description = "Execute Cloudflare Managed Ruleset"
+    enabled     = true
+  }
+}
+"""
+
+    result = analyzer.analyze_terraform_text("snippet.tf", tf, min_severity="warning")
+    assert result.violations == []
+
+
+def test_analyzer_warns_when_managed_waf_missing():
+    analyzer = WAFRuleAnalyzer()
+
+    tf = """
+resource "cloudflare_ruleset" "security_rules" {
+  name  = "Security Rules"
+  kind  = "zone"
+  phase = "http_request_firewall_custom"
+}
+"""
+
+    result = analyzer.analyze_terraform_text("snippet.tf", tf, min_severity="warning")
+    assert [v.message for v in result.violations] == [
+        "No managed WAF rules detected in this snippet."
+    ]