agent hive
Join the Waitlist

AI AGENTS

Nightly WAF Drift Audit Against Runbook Baseline

On a nightly schedule, an agent compares live Cloudflare WAF rules to the runbook-approved baseline and opens a Linear issue for any unreviewed drift.

CategoryAI Agents
Enginesim
Difficultyintermediate
Triggerschedule
Steps6
Setup~15 min

How it runs

The automated pipeline, trigger to output.

  • TriggerNightly schedule fires
  • ActionRead current Cloudflare WAF ruleset per zoneCloudflareCloudflare
  • ActionLoad runbook-approved baseline from MCP serverCustom MCP server
  • LogicDiff live rules against baseline, isolate unreviewed drift
  • ActionOpen Linear issue itemizing each deviationLinearLinear
  • OutputPost drift summary to Slack (silent if clean)Slack

What it does

Catches WAF configuration drift before it becomes an incident. Each night an agent reads the live Cloudflare WAF ruleset, compares it to the approved baseline defined in your runbooks, and flags any rule that was added, disabled, or loosened without a corresponding runbook entry.

When to use it

Use it when multiple people (and other automations) can change WAF rules and you need a daily reconciliation so emergency overrides do not silently become permanent. A safety net for teams running the auto-remediation agents in this collection.

How it works

  1. 1A scheduled trigger runs the audit nightly.
  2. 2The agent reads the current Cloudflare WAF ruleset for each managed zone.
  3. 3It loads the runbook-approved baseline from the MCP server.
  4. 4A logic step diffs live rules against the baseline and isolates unreviewed drift.
  5. 5If drift is found, it opens a Linear issue itemizing each deviation with the suspected source.
  6. 6It posts a one-line drift summary to Slack; if clean, it stays silent.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
  2. 2
    Connect LinearIssues, projects, cycles, triage.
  3. 3
    Connect Custom MCP serverConnect any MCP-compatible tool you own.
  4. 4
    Connect SlackChannels, DMs, threads, mentions.
  5. 5
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  6. 6
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  7. 7
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More AI Agents workflows

Custom Metrics Cardinality Spike Pager

A webhook from a Datadog monitor fires when custom-metric cardinality jumps; an agent pinpoints the offending metric and tag, estimates the added cost.

Sentry-to-Confluence Runbook Updater

When a Sentry issue is resolved, the agent finds the matching Confluence runbook page and proposes an inline update with the verified fix.

Stale Doc-PR Chaser for Runbook Gaps

On a daily schedule the agent finds runbook doc PRs that were opened from resolved incidents but never reviewed, summarizes what each one fixes.

Resolved Incident to Public Troubleshooting Doc

For customer-facing errors resolved in Sentry, the agent drafts a sanitized troubleshooting entry and opens a PR to your ReadMe documentation.

On-Call Runbook Gap Closer: Resolved Sentry Issues to Doc PRs

An agent reads each newly resolved Sentry issue, compares the actual fix against your existing runbook, and opens a GitHub PR adding the missing remediation steps.

Weekly On-Call Doc-Gap Digest

Each week the agent reviews every Sentry issue resolved in the last 7 days, ranks the ones whose runbook coverage is missing or thin.

Browse all AI Agents

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows