vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
bee801694aa5c22cc8fa363e33717a649cd18051
vm-cloudflare/CAPABILITY_REGISTRY.md
Vault Sovereign f0b8d962de
Some checks failed
WAF Intelligence Guardrail / waf-intel (push) Waiting to run
Details
Cloudflare Registry Validation / validate-registry (push) Has been cancelled
Details
chore: pre-migration snapshot 
Layer0, MCP servers, Terraform consolidation
2025-12-27 01:52:27 +00:00

2.7 KiB
Raw Blame History

Cloudflare Control Plane Capability Registry

Generated: 2025-12-18T02:19:38.165161+00:00
Version: 1.0.0

MCP Servers

cloudflare_safe

Module: cloudflare.mcp.cloudflare_safe
Purpose: Secure Cloudflare API operations

Capabilities:

  • dns_record_management
  • waf_rule_configuration
  • tunnel_health_monitoring
  • zone_analytics_query
  • terraform_state_synchronization

waf_intelligence

Module: cloudflare.mcp.waf_intelligence
Purpose: WAF rule analysis and synthesis

Capabilities:

  • waf_config_analysis
  • threat_intelligence_integration
  • compliance_mapping
  • rule_gap_identification
  • terraform_ready_rule_generation

oracle_answer

Module: cloudflare.mcp.oracle_answer
Purpose: Security decision support

Capabilities:

  • security_classification
  • routing_decision_support
  • threat_assessment
  • pre_execution_screening

Terraform Resources

dns_management

Files: dns.tf

Capabilities:

  • automated_dns_provisioning
  • spf_dmarc_mx_configuration
  • tunnel_based_routing
  • proxied_record_management

waf_security

Files: waf.tf

Capabilities:

  • custom_waf_rules
  • managed_ruleset_integration
  • bot_management
  • rate_limiting
  • country_blocking

tunnel_infrastructure

Files: tunnels.tf

Capabilities:

  • multi_service_tunnel_routing
  • ingress_rule_management
  • health_monitoring
  • credential_rotation

GitOps Tools

waf_rule_proposer

File: gitops/waf_rule_proposer.py
Purpose: Automated WAF rule generation

Capabilities:

  • threat_intel_driven_rules
  • gitlab_ci_integration
  • automated_mr_creation
  • compliance_mapping

invariant_checker

File: scripts/invariant_checker_py.py
Purpose: Real-time state validation

Capabilities:

  • dns_integrity_checks
  • waf_compliance_validation
  • tunnel_health_monitoring
  • drift_detection

drift_guardian

File: scripts/drift_guardian_py.py
Purpose: Automated remediation

Capabilities:

  • state_reconciliation
  • auto_remediation
  • ops_notification

Security Framework

layer0

Components: entrypoint.py, shadow_classifier.py, preboot_logger.py

Capabilities:

  • pre_execution_security_classification
  • threat_assessment
  • security_event_logging
  • routing_decision_support

Classification Levels:

  • catastrophic
  • forbidden
  • ambiguous
  • blessed

Operational Tools

systemd_services

Services: autonomous-remediator, drift-guardian, tunnel-rotation

Capabilities:

  • continuous_monitoring
  • automated_remediation
  • scheduled_operations

test_suites

Test Suites: layer0_validation, mcp_integration, cloudflare_safe_ingress

Capabilities:

  • security_classification_testing
  • mcp_server_validation
  • api_integration_testing
Reference in New Issue View Git Blame Copy Permalink