vm-cloudflare/FIRST_RUN.md

First Live Run: Cloudflare-Ops Reconnaissance Mission

This guide walks you through testing the OpenCode MCP stack with a real cloudflare-ops mission.

Step 1: Prep Your Shell (Outside OpenCode)

cd /Users/sovereign/Desktop/CLOUDFLARE

# Essential - GitHub integration (REQUIRED)
# Get real token from: https://github.com/settings/tokens
export GITHUB_TOKEN="ghp_your_real_token_here"

# Optional - Documentation search (nice to have)
# export CONTEXT7_API_KEY="your_context7_key"

✅ Verify environment is set:

echo $GITHUB_TOKEN

Should output: ghp_... (your token prefix)

---

Step 2: Launch OpenCode

opencode

Wait for the OpenCode TUI to load.

Inside OpenCode, initialize project:

/init

This will:

• Load project context
• Initialize MCP servers
• Prepare all agents

---

Step 3: Sanity-Check MCP Wiring

Inside OpenCode, verify MCPs are loaded:

/mcp list

You should see output like:

✅ filesystem - loaded
✅ git - loaded
✅ github - loaded
✅ gh_grep - loaded
⚠️  postgres - disabled
...

Check individual MCPs:

/mcp status filesystem
/mcp status git
/mcp status github
/mcp status gh_grep

Each should report "ready" or "healthy".

If any fail: Copy-paste error message and share.

---

Step 4: First Cloudflare-Ops Mission

Inside OpenCode, invoke the agent:

/agent cloudflare-ops

Now give it this prompt:

I want to do a quick infrastructure reconnaissance:
1. Use the filesystem MCP to list the terraform/ directory tree.
2. Use the git MCP to show the last 5 commits touching terraform/.
3. Summarize what parts of the Cloudflare setup (DNS/WAF/SSL/etc.) are already defined in code vs likely still manual.

Only PLAN first, then show me the actions you'd take.

OpenCode will respond with:

• Analysis of your Terraform structure
• Recent git changes
• Assessment of what's codified vs manual
• A plan for next steps

Important: When OpenCode asks to apply/edit, respond:

That plan looks good. Proceed with the non-destructive steps only (listing, reading, summarizing). Do not modify any files yet.

---

Step 5: GitHub Pattern Search

Still in cloudflare-ops mode, ask:

Use the gh_grep MCP to search for public examples of:
- Cloudflare Terraform modules for WAF and rate limiting
- Best-practice HTTPS/redirect patterns

Summarize 3–5 good patterns and map each one to where it would fit in this repo (filenames or new files).

OpenCode will:

• Search GitHub for Cloudflare patterns
• Return real code examples
• Suggest where they fit in your repo

---

Step 6: Exit & Commit

Exit OpenCode:

<Ctrl+C>

Check git status (in normal shell):

cd /Users/sovereign/Desktop/CLOUDFLARE
git status

Should show no unexpected changes (only the config files we added).

Commit if ready:

git add opencode.jsonc AGENTS.md MCP_GUIDE.md OPENCODE_SETUP.txt .opencode_checklist.txt FIRST_RUN.md
git commit -m "Wire up OpenCode MCP stack and agents for Cloudflare infra"

---

What You Should See

After /init:

• Project context loaded
• 14 MCPs initialized
• 3 agents available

After cloudflare-ops reconnaissance:

• Directory tree of terraform/
• Last 5 commits to terraform/
• Assessment of what's codified
• Suggestions for next steps

After gh_grep search:

• 3-5 Terraform patterns
• Code snippets
• Mapping to your repo structure

---

Troubleshooting

MCP Not Loading

/mcp list
/mcp status <mcp_name>

If error: Share the full error message.

GitHub MCP Complains

export GITHUB_TOKEN="ghp_your_real_token"

Then restart OpenCode.

Context Limit Hit

Some MCPs add many tokens. If you get context warnings:

1. Disable heavy MCPs in AGENTS.md
2. Restart OpenCode
3. Try again with lighter set

---

Next Steps (I'll Drive)

Once you've completed steps 1-5, I'll:

✅ Turn cloudflare-ops into a repeatable "DNS/WAF change playbook" ✅ Add security-audit flow that checks PCI-DSS compliance ✅ Design data-engineer queries once DATABASE_URL is live

For now, just run steps 1-5 and paste the output here.

---

Ready? Start at Step 1.