{"ok":true,"meta":{"generatedAt":"2026-06-30T13:19:10.197Z"},"data":{"version":"tzv3-cloudflare-policy-v1","endpoint":"/api/infrastructure/cloudflare/policy","provider":"policy-only","configured":false,"requiredEnvironment":["CLOUDFLARE_ACCOUNT_ID","CLOUDFLARE_ZONE_ID","CLOUDFLARE_API_TOKEN"],"optionalEnvironment":["MIRROR_DOMAINS","PRIMARY_DOMAIN_CHECK_URL","MIRROR_TELEGRAM_ALERT_URL"],"dns":{"required":true,"proxyMode":"orange-cloud","tlsMode":"Full (strict)","redirects":["http-to-https","apex-to-canonical-if-needed"]},"waf":{"mode":"managed-rules-plus-custom-rules","requiredRules":[{"id":"block-known-scrapers","action":"block","expression":"(http.user_agent contains \"scrapy\") or (http.user_agent contains \"python-requests\")"},{"id":"challenge-api-bursts","action":"managed_challenge","expression":"(http.request.uri.path contains \"/api/\") and cf.threat_score gt 20"},{"id":"protect-admin","action":"managed_challenge","expression":"http.request.uri.path contains \"/admin\""}]},"rateLimits":[{"id":"public-api","scope":"/api/*","limit":"120 requests per minute per IP","action":"managed_challenge"},{"id":"webhook","scope":"/api/webhooks/*","limit":"30 requests per minute per IP","action":"block-after-threshold"},{"id":"admin","scope":"/api/admin/*","limit":"60 requests per minute per IP","action":"managed_challenge"}],"cacheRules":[{"id":"static-assets","expression":"http.request.uri.path contains \"/_next/static/\" or http.request.uri.path contains \"/models/\" or http.request.uri.path contains \"/videos/\"","ttl":"30 days","cacheStatus":"eligible"},{"id":"api-no-store","expression":"http.request.uri.path contains \"/api/\"","ttl":"respect-origin-no-store","cacheStatus":"bypass"}],"headers":{"originHeaders":["X-Content-Type-Options","X-Frame-Options","Referrer-Policy","Permissions-Policy"],"cloudflareManaged":["Strict-Transport-Security after TLS verification","Bot Fight Mode or WAF managed rules"]},"monitoring":{"mirrorAlertsConfigured":false,"mirrorPolicyEndpoint":"/api/infrastructure/mirrors/policy","mirrorCheckEndpoint":"/api/infrastructure/mirrors/check","requiredBeforeLaunch":["canonical domain reachable","HTTPS certificate valid","WAF rules active","rate limits active"]},"verification":["npm run cloudflare:audit","curl -I https://your-domain.example","curl -s -A Scrapy/2.11 https://your-domain.example/api/profiles","curl -s https://your-domain.example/api/security/policy","curl -s https://your-domain.example/api/infrastructure/cloudflare/policy","curl -s https://your-domain.example/api/infrastructure/mirrors/check"],"productionBoundary":"This policy is a machine-readable setup contract. Actual DNS, WAF, cache, and rate-limit changes must be applied and verified inside Cloudflare."}}