37a867c485
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access) - WAF Intelligence MCP server with threat analysis and ML classification - GitOps automation with PR workflows and drift detection - Observatory monitoring stack with Prometheus/Grafana - IDE operator rules for governed development - Security playbooks and compliance frameworks - Autonomous remediation and state reconciliation
2.6 KiB
2.6 KiB
VaultMesh — Cloudflare Infrastructure Automation
Governed by the Red Book | Docs: ✅ Invariants enforced
VaultMesh is a proof-based infrastructure platform that manages Cloudflare resources through GitOps, intelligent agents, and cryptographic receipts. Every change leaves a trail; every state is verifiable.
Quick Start
# 1. Clone and configure
cd /Users/sovereign/Desktop/CLOUDFLARE
cp .env.example .env
# Edit .env with your API tokens
# 2. Initialize Terraform
cd terraform && terraform init && terraform plan
# 3. Validate environment
bash TEST_WORKFLOW.sh quick
# 4. Start OpenCode (interactive)
opencode
First time? See FIRST_RUN.md for step-by-step guidance.
Documentation Map
| Need | Document |
|---|---|
| Architecture overview | STRUCTURE.md |
| Multi-account setup | MULTI_ACCOUNT_AUTH.md |
| AI agent config | AGENTS.md |
| MCP server reference | MCP_GUIDE.md |
| Production deployment | DEPLOYMENT_GUIDE.md |
| Security patterns | WEB-INFRA-SECURITY-PATTERNS.md |
| Incident playbooks | playbooks/ |
| Philosophical doctrine | RED-BOOK.md |
Core Components
terraform/ Infrastructure as Code (Cloudflare zones, DNS, WAF)
gitops/ CI/CD automation, PR bots, drift detection
observatory/ Monitoring, metrics, dashboards
mcp/ MCP tool implementations
scripts/ Standalone utilities
playbooks/ Incident response procedures
Security Architecture
- Zero Trust: Cloudflare Tunnels replace exposed ports — see zero_trust_architecture.md
- WAF Baseline: Managed rulesets + custom rules — see cloudflare_waf_baseline.md
- DNS Hardening: DNSSEC + CAA + SPF/DKIM/DMARC — see cloudflare_dns_manifest.md
- Agent Guardrails: AI agents operate under strict constraints — see AGENT_GUARDRAILS.md
Governing Doctrine
This project follows the Red Book principles:
"Nothing evolves unless it is broken, nothing endures unless it is proven, nothing is real until it is sealed."
All changes flow through the fourfold work: Nigredo → Albedo → Citrinitas → Rubedo
See RED-BOOK.md for the complete operational philosophy.
License
See LICENSE
Version: 2.0
Last Updated: December 9, 2025