vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
f0b8d962de8f3d8a98b33d43419fa3bcb53eee58
vm-cloudflare/CAPABILITY_REGISTRY.md
Vault Sovereign f0b8d962de
Some checks failed
WAF Intelligence Guardrail / waf-intel (push) Waiting to run
Details
Cloudflare Registry Validation / validate-registry (push) Has been cancelled
Details
chore: pre-migration snapshot 
Layer0, MCP servers, Terraform consolidation
2025-12-27 01:52:27 +00:00

136 lines
2.7 KiB
Markdown
Raw Blame History

# Cloudflare Control Plane Capability Registry
Generated: 2025-12-18T02:19:38.165161+00:00
Version: 1.0.0
## MCP Servers
### cloudflare_safe
**Module**: `cloudflare.mcp.cloudflare_safe`
**Purpose**: Secure Cloudflare API operations
**Capabilities**:
- dns_record_management
- waf_rule_configuration
- tunnel_health_monitoring
- zone_analytics_query
- terraform_state_synchronization
### waf_intelligence
**Module**: `cloudflare.mcp.waf_intelligence`
**Purpose**: WAF rule analysis and synthesis
**Capabilities**:
- waf_config_analysis
- threat_intelligence_integration
- compliance_mapping
- rule_gap_identification
- terraform_ready_rule_generation
### oracle_answer
**Module**: `cloudflare.mcp.oracle_answer`
**Purpose**: Security decision support
**Capabilities**:
- security_classification
- routing_decision_support
- threat_assessment
- pre_execution_screening
## Terraform Resources
### dns_management
**Files**: dns.tf
**Capabilities**:
- automated_dns_provisioning
- spf_dmarc_mx_configuration
- tunnel_based_routing
- proxied_record_management
### waf_security
**Files**: waf.tf
**Capabilities**:
- custom_waf_rules
- managed_ruleset_integration
- bot_management
- rate_limiting
- country_blocking
### tunnel_infrastructure
**Files**: tunnels.tf
**Capabilities**:
- multi_service_tunnel_routing
- ingress_rule_management
- health_monitoring
- credential_rotation
## GitOps Tools
### waf_rule_proposer
**File**: gitops/waf_rule_proposer.py
**Purpose**: Automated WAF rule generation
**Capabilities**:
- threat_intel_driven_rules
- gitlab_ci_integration
- automated_mr_creation
- compliance_mapping
### invariant_checker
**File**: scripts/invariant_checker_py.py
**Purpose**: Real-time state validation
**Capabilities**:
- dns_integrity_checks
- waf_compliance_validation
- tunnel_health_monitoring
- drift_detection
### drift_guardian
**File**: scripts/drift_guardian_py.py
**Purpose**: Automated remediation
**Capabilities**:
- state_reconciliation
- auto_remediation
- ops_notification
## Security Framework
### layer0
**Components**: entrypoint.py, shadow_classifier.py, preboot_logger.py
**Capabilities**:
- pre_execution_security_classification
- threat_assessment
- security_event_logging
- routing_decision_support
**Classification Levels**:
- catastrophic
- forbidden
- ambiguous
- blessed
## Operational Tools
### systemd_services
**Services**: autonomous-remediator, drift-guardian, tunnel-rotation
**Capabilities**:
- continuous_monitoring
- automated_remediation
- scheduled_operations
### test_suites
**Test Suites**: layer0_validation, mcp_integration, cloudflare_safe_ingress
**Capabilities**:
- security_classification_testing
- mcp_server_validation
- api_integration_testing
Reference in New Issue View Git Blame Copy Permalink