# Cloudflare Control Plane Capability Registry

Generated: 2025-12-18T02:19:38.165161+00:00  
Version: 1.0.0

## MCP Servers

### cloudflare_safe
**Module**: `cloudflare.mcp.cloudflare_safe`  
**Purpose**: Secure Cloudflare API operations  

**Capabilities**:
- dns_record_management
- waf_rule_configuration
- tunnel_health_monitoring
- zone_analytics_query
- terraform_state_synchronization

### waf_intelligence
**Module**: `cloudflare.mcp.waf_intelligence`  
**Purpose**: WAF rule analysis and synthesis  

**Capabilities**:
- waf_config_analysis
- threat_intelligence_integration
- compliance_mapping
- rule_gap_identification
- terraform_ready_rule_generation

### oracle_answer
**Module**: `cloudflare.mcp.oracle_answer`  
**Purpose**: Security decision support  

**Capabilities**:
- security_classification
- routing_decision_support
- threat_assessment
- pre_execution_screening

## Terraform Resources

### dns_management
**Files**: dns.tf  

**Capabilities**:
- automated_dns_provisioning
- spf_dmarc_mx_configuration
- tunnel_based_routing
- proxied_record_management

### waf_security
**Files**: waf.tf  

**Capabilities**:
- custom_waf_rules
- managed_ruleset_integration
- bot_management
- rate_limiting
- country_blocking

### tunnel_infrastructure
**Files**: tunnels.tf  

**Capabilities**:
- multi_service_tunnel_routing
- ingress_rule_management
- health_monitoring
- credential_rotation

## GitOps Tools

### waf_rule_proposer
**File**: gitops/waf_rule_proposer.py  
**Purpose**: Automated WAF rule generation  

**Capabilities**:
- threat_intel_driven_rules
- gitlab_ci_integration
- automated_mr_creation
- compliance_mapping

### invariant_checker
**File**: scripts/invariant_checker_py.py  
**Purpose**: Real-time state validation  

**Capabilities**:
- dns_integrity_checks
- waf_compliance_validation
- tunnel_health_monitoring
- drift_detection

### drift_guardian
**File**: scripts/drift_guardian_py.py  
**Purpose**: Automated remediation  

**Capabilities**:
- state_reconciliation
- auto_remediation
- ops_notification

## Security Framework

### layer0
**Components**: entrypoint.py, shadow_classifier.py, preboot_logger.py  

**Capabilities**:
- pre_execution_security_classification
- threat_assessment
- security_event_logging
- routing_decision_support

**Classification Levels**:
- catastrophic
- forbidden
- ambiguous
- blessed

## Operational Tools

### systemd_services
**Services**: autonomous-remediator, drift-guardian, tunnel-rotation  

**Capabilities**:
- continuous_monitoring
- automated_remediation
- scheduled_operations

### test_suites
**Test Suites**: layer0_validation, mcp_integration, cloudflare_safe_ingress  

**Capabilities**:
- security_classification_testing
- mcp_server_validation
- api_integration_testing