{ "metadata": { "generated_at": "2025-12-18T02:19:38.165161+00:00", "version": "1.0.0", "scope": "Cloudflare Control Plane" }, "mcp_servers": { "cloudflare_safe": { "module": "cloudflare.mcp.cloudflare_safe", "purpose": "Secure Cloudflare API operations", "capabilities": [ "dns_record_management", "waf_rule_configuration", "tunnel_health_monitoring", "zone_analytics_query", "terraform_state_synchronization" ], "security": { "token_redaction": true, "error_handling": true, "rate_limiting": true } }, "waf_intelligence": { "module": "cloudflare.mcp.waf_intelligence", "purpose": "WAF rule analysis and synthesis", "capabilities": [ "waf_config_analysis", "threat_intelligence_integration", "compliance_mapping", "rule_gap_identification", "terraform_ready_rule_generation" ], "intelligence": { "ml_classification": true, "threat_intel": true, "compliance_frameworks": [ "PCI-DSS 6.6", "OWASP-ASVS 13" ] } }, "oracle_answer": { "module": "cloudflare.mcp.oracle_answer", "purpose": "Security decision support", "capabilities": [ "security_classification", "routing_decision_support", "threat_assessment", "pre_execution_screening" ], "integration": { "layer0_framework": true, "shadow_classifier": true, "preboot_logging": true } } }, "terraform_resources": { "dns_management": { "files": [ "dns.tf" ], "resources": [ "cloudflare_record", "cloudflare_zone" ], "capabilities": [ "automated_dns_provisioning", "spf_dmarc_mx_configuration", "tunnel_based_routing", "proxied_record_management" ] }, "waf_security": { "files": [ "waf.tf" ], "resources": [ "cloudflare_ruleset", "cloudflare_bot_management" ], "capabilities": [ "custom_waf_rules", "managed_ruleset_integration", "bot_management", "rate_limiting", "country_blocking" ] }, "tunnel_infrastructure": { "files": [ "tunnels.tf" ], "resources": [ "cloudflare_tunnel", "cloudflare_tunnel_config" ], "capabilities": [ "multi_service_tunnel_routing", "ingress_rule_management", "health_monitoring", "credential_rotation" ] } }, "gitops_tools": { "waf_rule_proposer": { "file": "gitops/waf_rule_proposer.py", "purpose": "Automated WAF rule generation", "capabilities": [ "threat_intel_driven_rules", "gitlab_ci_integration", "automated_mr_creation", "compliance_mapping" ] }, "invariant_checker": { "file": "scripts/invariant_checker_py.py", "purpose": "Real-time state validation", "capabilities": [ "dns_integrity_checks", "waf_compliance_validation", "tunnel_health_monitoring", "drift_detection" ] }, "drift_guardian": { "file": "scripts/drift_guardian_py.py", "purpose": "Automated remediation", "capabilities": [ "state_reconciliation", "auto_remediation", "ops_notification" ] } }, "security_framework": { "layer0": { "components": [ "entrypoint.py", "shadow_classifier.py", "preboot_logger.py" ], "capabilities": [ "pre_execution_security_classification", "threat_assessment", "security_event_logging", "routing_decision_support" ], "classification_levels": [ "catastrophic", "forbidden", "ambiguous", "blessed" ] } }, "operational_tools": { "systemd_services": { "services": [ "autonomous-remediator", "drift-guardian", "tunnel-rotation" ], "capabilities": [ "continuous_monitoring", "automated_remediation", "scheduled_operations" ] }, "test_suites": { "suites": [ "layer0_validation", "mcp_integration", "cloudflare_safe_ingress" ], "capabilities": [ "security_classification_testing", "mcp_server_validation", "api_integration_testing" ] } } }