Context
The public maildesk-cf template now documents a required cfctl control-plane surface for production provisioning and verification.
Reference docs in rogu3bear/maildesk-cf:
docs/operations/cfctl-contract.md
ops/cfctl/maildesk-cf.surface.md
docs/roadmap.md
Needed Change
Add a first-class cfctl maildesk-cf surface that can plan, apply, verify, and snapshot the resources required by the template.
Desired command shape:
cfctl maildesk-cf init --domain example.com
cfctl maildesk-cf diff --domain example.com
cfctl maildesk-cf provision --plan
cfctl maildesk-cf provision --ack-plan <operation-id>
cfctl maildesk-cf verify --domain example.com
cfctl maildesk-cf snapshot
Required Resource Coverage
- Email Routing rules for configured aliases
- Email Worker deployment and bindings
- API/UI Worker deployment and bindings
- D1 database and migrations
- R2 bucket for raw MIME and attachments
- Queue for async mail jobs
- Worker secrets and identity policy config
- DNS and sender authentication records
Acceptance Criteria
cfctl maildesk-cf provision --plan emits an operation id and does not mutate state.
cfctl maildesk-cf provision --ack-plan <operation-id> applies only the reviewed plan.
cfctl maildesk-cf verify --domain example.com reads live Cloudflare state and reports drift by resource class.
- Receipts never include secret values.
- The implementation follows existing cfctl classify/guide/plan/apply conventions.
Non-Goals
- No dashboard-only happy path.
- No broad live email smoke tests by default.
- No maildesk policy logic inside cfctl beyond validating/provisioning account state.
Context
The public
maildesk-cftemplate now documents a requiredcfctlcontrol-plane surface for production provisioning and verification.Reference docs in
rogu3bear/maildesk-cf:docs/operations/cfctl-contract.mdops/cfctl/maildesk-cf.surface.mddocs/roadmap.mdNeeded Change
Add a first-class
cfctl maildesk-cfsurface that can plan, apply, verify, and snapshot the resources required by the template.Desired command shape:
Required Resource Coverage
Acceptance Criteria
cfctl maildesk-cf provision --planemits an operation id and does not mutate state.cfctl maildesk-cf provision --ack-plan <operation-id>applies only the reviewed plan.cfctl maildesk-cf verify --domain example.comreads live Cloudflare state and reports drift by resource class.Non-Goals