lex-cloudflare 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 10d4ff73d6d43881671371d6bd41e48eb3ce5b5d27da18df726acfdbe326125d
+  data.tar.gz: e61614b205cf48ac8424c142a56c39cb911e55cf01f7c5a8bf758741044de31a
+SHA512:
+  metadata.gz: 81e7b0e09e2e607f0e02a0b9d1e7b4f8232faf1ad2910ebb26505ca273821691d92d2c98f7bf44f57ffaa53e5bb252ab0cba1420a6708ccbe2489da58a8d8223
+  data.tar.gz: a8364cf22071c1f4b06a084918161212987eaec0501e4d828dc7c5ee7175b9a1da36498f5bb81982f593fe12dc4e9b092f13858ad7c2afcc3fc13216f5f3204a

data/.github/workflows/ci.yml

@@ -0,0 +1,34 @@
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+  schedule:
+    - cron: '0 9 * * 1'
+
+jobs:
+  ci:
+    uses: LegionIO/.github/.github/workflows/ci.yml@main
+
+  lint:
+    uses: LegionIO/.github/.github/workflows/lint-patterns.yml@main
+
+  security:
+    uses: LegionIO/.github/.github/workflows/security-scan.yml@main
+
+  version-changelog:
+    uses: LegionIO/.github/.github/workflows/version-changelog.yml@main
+
+  dependency-review:
+    uses: LegionIO/.github/.github/workflows/dependency-review.yml@main
+
+  stale:
+    if: github.event_name == 'schedule'
+    uses: LegionIO/.github/.github/workflows/stale.yml@main
+
+  release:
+    needs: [ci, lint]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    uses: LegionIO/.github/.github/workflows/release.yml@main
+    secrets:
+      rubygems-api-key: ${{ secrets.RUBYGEMS_API_KEY }}

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+Gemfile.lock
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,66 @@
+AllCops:
+  TargetRubyVersion: 3.4
+  NewCops: enable
+  SuggestExtensions: false
+
+Layout/LineLength:
+  Max: 160
+
+Layout/SpaceAroundEqualsInParameterDefault:
+  EnforcedStyle: space
+
+Layout/HashAlignment:
+  EnforcedHashRocketStyle: table
+  EnforcedColonStyle: table
+
+Metrics/MethodLength:
+  Max: 50
+
+Metrics/ClassLength:
+  Max: 1500
+
+Metrics/ModuleLength:
+  Max: 1500
+
+Metrics/BlockLength:
+  Max: 40
+  Exclude:
+    - 'spec/**/*'
+
+Metrics/AbcSize:
+  Max: 60
+
+Metrics/CyclomaticComplexity:
+  Max: 15
+
+Metrics/PerceivedComplexity:
+  Max: 17
+
+Metrics/ParameterLists:
+  Max: 10
+
+Style/Documentation:
+  Enabled: false
+
+Style/SymbolArray:
+  Enabled: true
+
+Style/FrozenStringLiteralComment:
+  Enabled: true
+  EnforcedStyle: always
+
+Naming/FileName:
+  Enabled: false
+
+Naming/PredicateMethod:
+  Enabled: false
+
+Naming/PredicatePrefix:
+  Enabled: false
+
+Gemspec/DevelopmentDependencies:
+  Enabled: false
+
+Lint/EmptyClass:
+  Exclude:
+    - 'spec/**/*'

data/CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+
+## [Unreleased]
+
+### Added
+- Initial implementation with Dns, DnsFirewall, CustomNameservers, ZeroTrust, Ssl, Vectorize, AiGateway, and Ai sub-modules
+- Dns: DNS records CRUD and DNSSEC management (zone-scoped)
+- DnsFirewall: cluster CRUD, analytics reports, and reverse DNS (account-scoped)
+- CustomNameservers: account-level custom nameserver management
+- ZeroTrust: devices, registrations, DEX tests, and IP profiles
+- Ssl: certificate packs, universal SSL settings, and verification
+- Vectorize: vector index CRUD, vector operations, and metadata indexing
+- AiGateway: gateway CRUD, log management, datasets, and evaluations
+- Ai: model execution, finetune management, model search, and markdown conversion

data/CLAUDE.md

@@ -0,0 +1,119 @@
+# lex-cloudflare: Cloudflare Integration for LegionIO
+
+**Repository Level 3 Documentation**
+- **Parent**: `/Users/miverso2/rubymine/legion/extensions-other/CLAUDE.md`
+- **Grandparent**: `/Users/miverso2/rubymine/legion/CLAUDE.md`
+
+## Purpose
+
+Monolith Legion Extension connecting LegionIO to Cloudflare services. Implements 8 sub-modules covering DNS, network security, Zero Trust, SSL, Vectorize, and AI via the Cloudflare REST API v4.
+
+**GitHub**: https://github.com/LegionIO/lex-cloudflare
+**License**: MIT
+**Version**: 0.1.0
+
+## Architecture
+
+```
+Legion::Extensions::Cloudflare
+├── Dns/                          # Zone-scoped DNS management
+│   ├── Helpers::Client           # Bearer token auth, base URL
+│   ├── Runners::Records          # DNS record CRUD (21 types: A, AAAA, CNAME, MX, etc.)
+│   ├── Runners::Dnssec           # DNSSEC get/edit/delete
+│   └── Client                   # initialize(api_token:)
+├── DnsFirewall/                  # Account-scoped DNS Firewall cluster management
+│   ├── Helpers::Client
+│   ├── Runners::Clusters         # Cluster CRUD
+│   ├── Runners::Analytics        # Report, by-time report, reverse DNS
+│   └── Client
+├── CustomNameservers/            # Account-scoped custom nameserver management
+│   ├── Helpers::Client
+│   ├── Runners::Nameservers      # List, add, delete
+│   └── Client
+├── ZeroTrust/                    # Account-scoped Zero Trust device management
+│   ├── Helpers::Client
+│   ├── Runners::Devices          # Physical device list/get/delete/revoke
+│   ├── Runners::Registrations    # WARP registration management
+│   ├── Runners::DexTests         # DEX test CRUD
+│   ├── Runners::IpProfiles       # IP profile CRUD
+│   └── Client
+├── Ssl/                          # Zone-scoped SSL/TLS certificate management
+│   ├── Helpers::Client
+│   ├── Runners::CertificatePacks # Pack CRUD, order, quota
+│   ├── Runners::Universal        # Universal SSL settings, recommendations, verification
+│   └── Client
+├── Vectorize/                    # Account-scoped Vectorize index management
+│   ├── Helpers::Client
+│   ├── Runners::Indexes          # Index CRUD, info, metadata indexing
+│   ├── Runners::Vectors          # Insert, upsert, query, get_by_ids, delete_by_ids
+│   └── Client
+├── AiGateway/                    # Account-scoped AI Gateway management
+│   ├── Helpers::Client
+│   ├── Runners::Gateways         # Gateway CRUD
+│   ├── Runners::Logs             # Log list/get/patch/delete, request/response retrieval
+│   ├── Runners::Datasets         # Dataset CRUD
+│   ├── Runners::Evaluations      # Evaluation CRUD
+│   └── Client
+└── Ai/                           # Account-scoped Workers AI
+    ├── Helpers::Client
+    ├── Runners::Models           # Model execution, search, schema, markdown conversion
+    ├── Runners::Finetunes        # Finetune management, public listing
+    └── Client
+```
+
+## Key Files
+
+| Path | Purpose |
+|------|---------|
+| `lib/legion/extensions/cloudflare.rb` | Entry point, loads all sub-modules |
+| `lib/legion/extensions/cloudflare/dns/client.rb` | DNS client: `initialize(api_token:)` |
+| `lib/legion/extensions/cloudflare/vectorize/client.rb` | Vectorize client: `initialize(api_token:)` |
+| `lib/legion/extensions/cloudflare/ai/client.rb` | AI client: `initialize(api_token:)` |
+
+## Auth Pattern
+
+All sub-modules use Bearer token authentication:
+```ruby
+conn.headers['Authorization'] = "Bearer #{api_token}"
+```
+Base URL: `https://api.cloudflare.com/client/v4`
+
+## Resource Scoping
+
+| Scope | Sub-modules | Path pattern |
+|-------|-------------|--------------|
+| Zone | Dns, Ssl | `/zones/{zone_id}/...` |
+| Account | DnsFirewall, CustomNameservers, ZeroTrust, Vectorize, AiGateway, Ai | `/accounts/{account_id}/...` |
+
+## API Coverage
+
+| Sub-module | Runners | Key Methods |
+|-----------|---------|-------------|
+| Dns | Records, Dnssec | `list`, `get`, `create`, `update`, `delete`, `get_dnssec`, `edit_dnssec` |
+| DnsFirewall | Clusters, Analytics | `list`, `get`, `create`, `update`, `delete`, `report`, `report_by_time`, `get_reverse_dns` |
+| CustomNameservers | Nameservers | `list`, `add`, `delete` |
+| ZeroTrust | Devices, Registrations, DexTests, IpProfiles | `list_devices`, `revoke_device`, `list_registrations`, `list_dex_tests`, `list_ip_profiles` |
+| Ssl | CertificatePacks, Universal | `list_packs`, `order_pack`, `quota`, `get_universal_settings`, `list_verification` |
+| Vectorize | Indexes, Vectors | `list_indexes`, `create_index`, `query`, `insert`, `upsert`, `get_by_ids`, `list_metadata_indexes` |
+| AiGateway | Gateways, Logs, Datasets, Evaluations | `list_gateways`, `create_gateway`, `list_logs`, `patch_log`, `list_datasets`, `list_evaluations` |
+| Ai | Models, Finetunes | `run`, `search_models`, `model_schema`, `to_markdown`, `list_finetunes`, `create_finetune` |
+
+## Dependencies
+
+| Gem | Purpose |
+|-----|---------|
+| `faraday` (>= 2.0) | HTTP client for all Cloudflare REST API calls |
+
+## Development
+
+120 specs total (0 failures).
+
+```bash
+bundle install
+bundle exec rspec
+bundle exec rubocop
+```
+
+---
+
+**Maintained By**: Matthew Iverson (@Esity)

data/Dockerfile

@@ -0,0 +1,6 @@
+FROM legionio/legion
+
+COPY . /usr/src/app/lex-cloudflare
+
+WORKDIR /usr/src/app/lex-cloudflare
+RUN bundle install

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+gemspec
+
+group :test do
+  gem 'rake'
+  gem 'rspec'
+  gem 'rspec_junit_formatter'
+  gem 'rubocop'
+  gem 'simplecov'
+end

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2026 Esity
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,98 @@
+# lex-cloudflare
+
+Cloudflare integration for [LegionIO](https://github.com/LegionIO/LegionIO). Provides runners for DNS, DNS Firewall, Custom Nameservers, Zero Trust, SSL, Vectorize, AI Gateway, and Workers AI via the Cloudflare REST API.
+
+## Installation
+
+```bash
+gem install lex-cloudflare
+```
+
+## Sub-modules
+
+### Dns
+DNS records and DNSSEC management for a zone.
+
+```ruby
+client = Legion::Extensions::Cloudflare::Dns::Client.new(api_token: 'your-token')
+client.list(zone_id: 'abc123')
+client.create(zone_id: 'abc123', body: { type: 'A', name: 'example.com', content: '1.2.3.4', ttl: 3600 })
+client.get_dnssec(zone_id: 'abc123')
+```
+
+### DnsFirewall
+DNS Firewall cluster management and analytics (account-scoped).
+
+```ruby
+client = Legion::Extensions::Cloudflare::DnsFirewall::Client.new(api_token: 'your-token')
+client.list(account_id: 'acct123')
+client.create(account_id: 'acct123', name: 'my-cluster', upstream_ips: ['1.2.3.4'])
+client.report(account_id: 'acct123', dns_firewall_id: 'fw123')
+```
+
+### CustomNameservers
+Account-level custom nameserver management.
+
+```ruby
+client = Legion::Extensions::Cloudflare::CustomNameservers::Client.new(api_token: 'your-token')
+client.list(account_id: 'acct123')
+client.add(account_id: 'acct123', ns_name: 'ns1.example.com')
+```
+
+### ZeroTrust
+Devices, registrations, DEX tests, and IP profiles.
+
+```ruby
+client = Legion::Extensions::Cloudflare::ZeroTrust::Client.new(api_token: 'your-token')
+client.list_devices(account_id: 'acct123')
+client.list_registrations(account_id: 'acct123')
+client.list_dex_tests(account_id: 'acct123')
+```
+
+### Ssl
+Certificate packs, universal SSL settings, and verification.
+
+```ruby
+client = Legion::Extensions::Cloudflare::Ssl::Client.new(api_token: 'your-token')
+client.list_packs(zone_id: 'zone123')
+client.get_universal_settings(zone_id: 'zone123')
+```
+
+### Vectorize
+Vector index management and vector operations.
+
+```ruby
+client = Legion::Extensions::Cloudflare::Vectorize::Client.new(api_token: 'your-token')
+client.list_indexes(account_id: 'acct123')
+client.create_index(account_id: 'acct123', name: 'my-index', config: { dimensions: 1536, metric: 'cosine' })
+client.query(account_id: 'acct123', index_name: 'my-index', vector: [0.1, 0.2, ...], top_k: 5)
+```
+
+### AiGateway
+AI Gateway management, log inspection, datasets, and evaluations.
+
+```ruby
+client = Legion::Extensions::Cloudflare::AiGateway::Client.new(api_token: 'your-token')
+client.list_gateways(account_id: 'acct123')
+client.list_logs(account_id: 'acct123', gateway_id: 'gw123')
+```
+
+### Ai
+Workers AI model execution, finetune management, and model search.
+
+```ruby
+client = Legion::Extensions::Cloudflare::Ai::Client.new(api_token: 'your-token')
+client.run(account_id: 'acct123', model_name: '@cf/meta/llama-3-8b-instruct', body: { prompt: 'Hello' })
+client.list_finetunes(account_id: 'acct123')
+client.search_models(account_id: 'acct123', search: 'llama')
+```
+
+## Requirements
+
+- Ruby >= 3.4
+- [LegionIO](https://github.com/LegionIO/LegionIO) framework
+- Cloudflare API token with appropriate permissions
+
+## License
+
+MIT

data/lex-cloudflare.gemspec

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require_relative 'lib/legion/extensions/cloudflare/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'lex-cloudflare'
+  spec.version       = Legion::Extensions::Cloudflare::VERSION
+  spec.authors       = ['Esity']
+  spec.email         = ['matthewdiverson@gmail.com']
+
+  spec.summary       = 'LEX Cloudflare'
+  spec.description   = 'Connects LegionIO to Cloudflare services'
+  spec.homepage      = 'https://github.com/LegionIO/lex-cloudflare'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = '>= 3.4'
+
+  spec.metadata['homepage_uri']        = spec.homepage
+  spec.metadata['source_code_uri']     = 'https://github.com/LegionIO/lex-cloudflare'
+  spec.metadata['documentation_uri']   = 'https://github.com/LegionIO/lex-cloudflare'
+  spec.metadata['changelog_uri']       = 'https://github.com/LegionIO/lex-cloudflare/blob/main/CHANGELOG.md'
+  spec.metadata['bug_tracker_uri']     = 'https://github.com/LegionIO/lex-cloudflare/issues'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'faraday', '>= 2.0'
+end

data/lib/legion/extensions/cloudflare/ai/client.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require_relative 'helpers/client'
+require_relative 'runners/models'
+require_relative 'runners/finetunes'
+
+module Legion
+  module Extensions
+    module Cloudflare
+      module Ai
+        class Client
+          include Helpers::Client
+          include Runners::Models
+          include Runners::Finetunes
+
+          attr_reader :opts
+
+          def initialize(api_token:, **extra)
+            @opts = { api_token: api_token, **extra }.compact
+          end
+
+          def client(**override)
+            super(**@opts, **override)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/cloudflare/ai/helpers/client.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'faraday'
+
+module Legion
+  module Extensions
+    module Cloudflare
+      module Ai
+        module Helpers
+          module Client
+            def client(api_token:, **)
+              Faraday.new(url: 'https://api.cloudflare.com/client/v4') do |conn|
+                conn.request :json
+                conn.response :json, content_type: /\bjson$/
+                conn.headers['Content-Type'] = 'application/json'
+                conn.headers['Authorization'] = "Bearer #{api_token}"
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/cloudflare/ai/runners/finetunes.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Cloudflare
+      module Ai
+        module Runners
+          module Finetunes
+            extend Legion::Extensions::Cloudflare::Ai::Helpers::Client
+
+            def list_finetunes(account_id:, **)
+              response = client(**).get("/accounts/#{account_id}/ai/finetunes")
+              { result: response.body, status: response.status }
+            end
+
+            def create_finetune(account_id:, model:, name:, description: nil, public: nil, **)
+              body = { model: model, name: name, description: description, public: public }.compact
+              response = client(**).post("/accounts/#{account_id}/ai/finetunes", body)
+              { result: response.body, status: response.status }
+            end
+
+            def upload_finetune_asset(account_id:, finetune_id:, body:, **)
+              response = client(**).post("/accounts/#{account_id}/ai/finetunes/#{finetune_id}/finetune-assets", body)
+              { result: response.body, status: response.status }
+            end
+
+            def list_public_finetunes(account_id:, limit: nil, offset: nil, **)
+              params = { limit: limit, offset: offset }.compact
+              response = client(**).get("/accounts/#{account_id}/ai/finetunes/public", params)
+              { result: response.body, status: response.status }
+            end
+
+            include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                        Legion::Extensions::Helpers.const_defined?(:Lex)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/cloudflare/ai/runners/models.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Cloudflare
+      module Ai
+        module Runners
+          module Models
+            extend Legion::Extensions::Cloudflare::Ai::Helpers::Client
+
+            def run(account_id:, model_name:, body:, **)
+              response = client(**).post("/accounts/#{account_id}/ai/run/#{model_name}", body)
+              { result: response.body, status: response.status }
+            end
+
+            def search_models(account_id:, search: nil, author: nil, task: nil, page: nil, per_page: nil, **)
+              params = { search: search, author: author, task: task, page: page, per_page: per_page }.compact
+              response = client(**).get("/accounts/#{account_id}/ai/models/search", params)
+              { result: response.body, status: response.status }
+            end
+
+            def model_schema(account_id:, model:, **)
+              response = client(**).get("/accounts/#{account_id}/ai/models/schema", { model: model })
+              { result: response.body, status: response.status }
+            end
+
+            def to_markdown(account_id:, body:, **)
+              response = client(**).post("/accounts/#{account_id}/ai/tomarkdown", body)
+              { result: response.body, status: response.status }
+            end
+
+            def supported_markdown_formats(account_id:, **)
+              response = client(**).get("/accounts/#{account_id}/ai/tomarkdown/supported")
+              { result: response.body, status: response.status }
+            end
+
+            include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                        Legion::Extensions::Helpers.const_defined?(:Lex)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/cloudflare/ai.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/cloudflare/ai/helpers/client'
+require 'legion/extensions/cloudflare/ai/runners/models'
+require 'legion/extensions/cloudflare/ai/runners/finetunes'
+require 'legion/extensions/cloudflare/ai/client'
+
+module Legion
+  module Extensions
+    module Cloudflare
+      module Ai
+      end
+    end
+  end
+end

data/lib/legion/extensions/cloudflare/ai_gateway/client.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require_relative 'helpers/client'
+require_relative 'runners/gateways'
+require_relative 'runners/logs'
+require_relative 'runners/datasets'
+require_relative 'runners/evaluations'
+
+module Legion
+  module Extensions
+    module Cloudflare
+      module AiGateway
+        class Client
+          include Helpers::Client
+          include Runners::Gateways
+          include Runners::Logs
+          include Runners::Datasets
+          include Runners::Evaluations
+
+          attr_reader :opts
+
+          def initialize(api_token:, **extra)
+            @opts = { api_token: api_token, **extra }.compact
+          end
+
+          def client(**override)
+            super(**@opts, **override)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/cloudflare/ai_gateway/helpers/client.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'faraday'
+
+module Legion
+  module Extensions
+    module Cloudflare
+      module AiGateway
+        module Helpers
+          module Client
+            def client(api_token:, **)
+              Faraday.new(url: 'https://api.cloudflare.com/client/v4') do |conn|
+                conn.request :json
+                conn.response :json, content_type: /\bjson$/
+                conn.headers['Content-Type'] = 'application/json'
+                conn.headers['Authorization'] = "Bearer #{api_token}"
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end