Skip to content

Add first-class maildesk-cf provisioning surface #13

Description

@rogu3bear

Context

The public maildesk-cf template now documents a required cfctl control-plane surface for production provisioning and verification.

Reference docs in rogu3bear/maildesk-cf:

  • docs/operations/cfctl-contract.md
  • ops/cfctl/maildesk-cf.surface.md
  • docs/roadmap.md

Needed Change

Add a first-class cfctl maildesk-cf surface that can plan, apply, verify, and snapshot the resources required by the template.

Desired command shape:

cfctl maildesk-cf init --domain example.com
cfctl maildesk-cf diff --domain example.com
cfctl maildesk-cf provision --plan
cfctl maildesk-cf provision --ack-plan <operation-id>
cfctl maildesk-cf verify --domain example.com
cfctl maildesk-cf snapshot

Required Resource Coverage

  • Email Routing rules for configured aliases
  • Email Worker deployment and bindings
  • API/UI Worker deployment and bindings
  • D1 database and migrations
  • R2 bucket for raw MIME and attachments
  • Queue for async mail jobs
  • Worker secrets and identity policy config
  • DNS and sender authentication records

Acceptance Criteria

  • cfctl maildesk-cf provision --plan emits an operation id and does not mutate state.
  • cfctl maildesk-cf provision --ack-plan <operation-id> applies only the reviewed plan.
  • cfctl maildesk-cf verify --domain example.com reads live Cloudflare state and reports drift by resource class.
  • Receipts never include secret values.
  • The implementation follows existing cfctl classify/guide/plan/apply conventions.

Non-Goals

  • No dashboard-only happy path.
  • No broad live email smoke tests by default.
  • No maildesk policy logic inside cfctl beyond validating/provisioning account state.

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions