vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
main
vm-cloudflare/FIRST_RUN.md
Vault Sovereign 37a867c485 Initial commit: Cloudflare infrastructure with WAF Intelligence 
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00

211 lines
4.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# First Live Run: Cloudflare-Ops Reconnaissance Mission
This guide walks you through testing the OpenCode MCP stack with a real cloudflare-ops mission.
## Step 1: Prep Your Shell (Outside OpenCode)
```bash
cd /Users/sovereign/Desktop/CLOUDFLARE
# Essential - GitHub integration (REQUIRED)
# Get real token from: https://github.com/settings/tokens
export GITHUB_TOKEN="ghp_your_real_token_here"
# Optional - Documentation search (nice to have)
# export CONTEXT7_API_KEY="your_context7_key"
```
✅ Verify environment is set:
```bash
echo $GITHUB_TOKEN
```
Should output: `ghp_...` (your token prefix)
---
## Step 2: Launch OpenCode
```bash
opencode
```
Wait for the OpenCode TUI to load.
Inside OpenCode, initialize project:
```
/init
```
This will:
- Load project context
- Initialize MCP servers
- Prepare all agents
---
## Step 3: Sanity-Check MCP Wiring
Inside OpenCode, verify MCPs are loaded:
```
/mcp list
```
You should see output like:
```
✅ filesystem - loaded
✅ git - loaded
✅ github - loaded
✅ gh_grep - loaded
⚠️ postgres - disabled
...
```
Check individual MCPs:
```
/mcp status filesystem
/mcp status git
/mcp status github
/mcp status gh_grep
```
Each should report "ready" or "healthy".
**If any fail:** Copy-paste error message and share.
---
## Step 4: First Cloudflare-Ops Mission
Inside OpenCode, invoke the agent:
```
/agent cloudflare-ops
```
Now give it this prompt:
```
I want to do a quick infrastructure reconnaissance:
1. Use the filesystem MCP to list the terraform/ directory tree.
2. Use the git MCP to show the last 5 commits touching terraform/.
3. Summarize what parts of the Cloudflare setup (DNS/WAF/SSL/etc.) are already defined in code vs likely still manual.
Only PLAN first, then show me the actions you'd take.
```
OpenCode will respond with:
- Analysis of your Terraform structure
- Recent git changes
- Assessment of what's codified vs manual
- A plan for next steps
**Important:** When OpenCode asks to apply/edit, respond:
```
That plan looks good. Proceed with the non-destructive steps only (listing, reading, summarizing). Do not modify any files yet.
```
---
## Step 5: GitHub Pattern Search
Still in cloudflare-ops mode, ask:
```
Use the gh_grep MCP to search for public examples of:
- Cloudflare Terraform modules for WAF and rate limiting
- Best-practice HTTPS/redirect patterns
Summarize 35 good patterns and map each one to where it would fit in this repo (filenames or new files).
```
OpenCode will:
- Search GitHub for Cloudflare patterns
- Return real code examples
- Suggest where they fit in your repo
---
## Step 6: Exit & Commit
Exit OpenCode:
```
<Ctrl+C>
```
Check git status (in normal shell):
```bash
cd /Users/sovereign/Desktop/CLOUDFLARE
git status
```
Should show no unexpected changes (only the config files we added).
Commit if ready:
```bash
git add opencode.jsonc AGENTS.md MCP_GUIDE.md OPENCODE_SETUP.txt .opencode_checklist.txt FIRST_RUN.md
git commit -m "Wire up OpenCode MCP stack and agents for Cloudflare infra"
```
---
## What You Should See
### After /init:
- Project context loaded
- 14 MCPs initialized
- 3 agents available
### After cloudflare-ops reconnaissance:
- Directory tree of terraform/
- Last 5 commits to terraform/
- Assessment of what's codified
- Suggestions for next steps
### After gh_grep search:
- 3-5 Terraform patterns
- Code snippets
- Mapping to your repo structure
---
## Troubleshooting
### MCP Not Loading
```
/mcp list
/mcp status <mcp_name>
```
If error: Share the full error message.
### GitHub MCP Complains
```
export GITHUB_TOKEN="ghp_your_real_token"
```
Then restart OpenCode.
### Context Limit Hit
Some MCPs add many tokens. If you get context warnings:
1. Disable heavy MCPs in AGENTS.md
2. Restart OpenCode
3. Try again with lighter set
---
## Next Steps (I'll Drive)
Once you've completed steps 1-5, I'll:
✅ Turn cloudflare-ops into a repeatable "DNS/WAF change playbook"
✅ Add security-audit flow that checks PCI-DSS compliance
✅ Design data-engineer queries once DATABASE_URL is live
For now, just run steps 1-5 and paste the output here.
---
**Ready?** Start at Step 1.
Reference in New Issue View Git Blame Copy Permalink