AI AGENTS

Slack Command Runbook Executor for Cloudflare WAF

An on-call engineer types a remediation request in Slack; the agent maps it to a documented runbook, executes the Cloudflare WAF change after confirmation.

CategoryAI Agents

Enginepaperclip

Difficultyintermediate

Triggerchat

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerSlack remediation command receivedSlack
ActionMatch request to runbook and propose exact WAF changeCustom MCP server
LogicWait for in-thread confirmation or cancel
ActionApply confirmed Cloudflare WAF rule changeCloudflare
OutputReply in-thread with diff, rule ID, and rollback commandSlack

What it does

Lets on-call engineers run documented WAF remediations from Slack in plain language. The agent interprets the request, finds the matching runbook, asks for confirmation on the exact change, applies it to Cloudflare, and reports back in the same thread.

When to use it

Use it when you want a human-in-the-loop remediation path: the engineer decides what to do, but the agent handles the runbook lookup and the precise Cloudflare API call so nobody fat-fingers a rule under pressure. Great for ad-hoc incidents that do not start from an automated alert.

How it works

1An engineer posts a remediation request via a Slack slash command or mention.
2The agent matches the request to a runbook pulled from the MCP server and proposes the exact WAF change.
3A logic step waits for the engineer to confirm or cancel in-thread.
4On confirmation, the agent applies the Cloudflare WAF rule change.
5It replies in-thread with the diff, the rule ID, and a rollback command.

Set it up

What you configure once, before turning it on.

1
Connect SlackChannels, DMs, threads, mentions.
2
Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
3
Connect Custom MCP serverConnect any MCP-compatible tool you own.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More AI Agents workflows

Custom Metrics Cardinality Spike Pager

A webhook from a Datadog monitor fires when custom-metric cardinality jumps; an agent pinpoints the offending metric and tag, estimates the added cost.

Sentry-to-Confluence Runbook Updater

When a Sentry issue is resolved, the agent finds the matching Confluence runbook page and proposes an inline update with the verified fix.

Stale Doc-PR Chaser for Runbook Gaps

On a daily schedule the agent finds runbook doc PRs that were opened from resolved incidents but never reviewed, summarizes what each one fixes.

Resolved Incident to Public Troubleshooting Doc

For customer-facing errors resolved in Sentry, the agent drafts a sanitized troubleshooting entry and opens a PR to your ReadMe documentation.

On-Call Runbook Gap Closer: Resolved Sentry Issues to Doc PRs

An agent reads each newly resolved Sentry issue, compares the actual fix against your existing runbook, and opens a GitHub PR adding the missing remediation steps.

Weekly On-Call Doc-Gap Digest

Each week the agent reviews every Sentry issue resolved in the last 7 days, ranks the ones whose runbook coverage is missing or thin.

Browse all AI Agents →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →