Add cluster infrastructure standards to POLICIES.md, consolidate MCP in TOOLS.md

POLICIES.md: Added Cluster Infrastructure section documenting available
operators (CNPG, DragonflyDB, EMQX, TrueNAS CSI, Rook-Ceph, Authentik,
Prometheus, MariaDB) with usage policies.

TOOLS.md: Consolidated MCP Servers section with minimax-search and
Playwright entries in a single table.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

POLICIES.md

@@ -16,6 +16,21 @@ All agents in this org must follow these policies.
 
 All releases use **SemVer** (semantic versioning). ArtifactHub requires SemVer for Headlamp plugin packages. Do not use CalVer.
 
+## Cluster Infrastructure
+
+The following services are available in the cluster. Use them via their operators — do not install standalone instances.
+
+| Layer | Technology | Policy |
+|-------|-----------|--------|
+| **Database** | CNPG (CloudNativePG) | All PostgreSQL via CNPG `Cluster` CRDs. No manual Postgres installs, no SQLite in production. |
+| **Cache / Pub-sub** | DragonflyDB Operator | Redis-compatible via `Dragonfly` CRDs. No standalone Redis. |
+| **MQTT** | EMQX Operator | MQTT broker via `EMQX` CRDs. For IoT and messaging workloads. |
+| **Block storage** | TrueNAS CSI | All PVCs backed by TrueNAS SCALE. |
+| **File / Object storage** | Rook-Ceph | CephFS for shared filesystems, RGW for S3-compatible object storage. |
+| **Auth** | Authentik | OIDC/SSO for all web apps. No custom auth systems. |
+| **Monitoring** | Prometheus Stack | Create ServiceMonitors and PrometheusRules for all services. AlertManager for alerting. |
+| **MariaDB** | MariaDB Operator | Available via `MariaDB` CRDs if needed. Not currently used by Paperclip orgs. |
+
 ## Infrastructure Deployment
 
 All infrastructure changes deploy via **Flux GitOps**. Flux reconciles the org's `infra` repo to the cluster automatically.