Skip to content

Align cfctl verification with maildesk-cf preflight and drift states #14

Description

@rogu3bear

Context

maildesk-cf now has split preflight modes:

  • bun run preflight:template: no secrets, public checkout health
  • bun run preflight:production: private instance readiness before Cloudflare mutation

The template also defines readiness terms in docs/architecture/template-standard.md:

  • template-ready
  • instance-ready
  • edge-ready
  • mail-ready

Needed Change

Add cfctl verification output that maps cleanly onto those readiness states instead of returning one generic success/failure blob.

Drift Classes To Report

  • missing resource
  • wrong binding
  • DNS/authentication drift
  • Email Routing alias drift
  • sender-domain drift
  • policy/config drift
  • optional live-send proof not requested

Acceptance Criteria

  • cfctl maildesk-cf verify can distinguish edge readiness from mail readiness.
  • Verification avoids broad live sends unless explicitly requested.
  • Verification output is machine-readable enough for maildesk-cf docs/scripts to cite.
  • Failure states give agents a concrete next action without exposing secret values.
  • The implementation can consume the same desired-state/policy shape described in maildesk-cf docs.

References

  • rogu3bear/maildesk-cf:docs/operations/preflight.md
  • rogu3bear/maildesk-cf:docs/architecture/template-standard.md
  • rogu3bear/maildesk-cf:docs/architecture/runtime-contract.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions