Skip to content

Expose maildesk lifecycle in cfctl registry#26

Merged
rogu3bear merged 1 commit into
mainfrom
build/maildesk-cf-surface-registry
Jun 30, 2026
Merged

Expose maildesk lifecycle in cfctl registry#26
rogu3bear merged 1 commit into
mainfrom
build/maildesk-cf-surface-registry

Conversation

@rogu3bear

Copy link
Copy Markdown
Owner

Summary

  • Register maildesk-cf as a catalog-backed cfctl lifecycle surface with standards metadata.
  • Teach generic cfctl classify maildesk-cf provision and cfctl guide maildesk-cf provision to point at the real composite preview path.
  • Keep composite ack explicitly blocked until component writes are preview-gated, and add file selector readiness for file-backed lifecycle operations.

Behavioral changes

  • cfctl standards maildesk-cf now returns the maildesk lifecycle standards and runtime metadata.
  • cfctl classify maildesk-cf provision --file ... now reports preview-required readiness instead of unsupported_surface.
  • cfctl guide maildesk-cf provision --file ... now emits cfctl maildesk-cf verify, cfctl maildesk-cf provision --plan, and an apply_blocked ack command with explicit caution.
  • cfctl surfaces and docs/capabilities.md now show maildesk-cf as a desired-state-backed, non-generic-apply lifecycle surface.

Implications

  • This closes the public-control-plane gap where the composite maildesk command existed but the generic preflight verbs could not reason about it.
  • It does not mutate Cloudflare resources, enable broad live mail smoke tests, or make cfctl apply maildesk-cf provision available.
  • Mail routing still requires component provisioning through preview-gated surfaces and targeted verification after the protected apply boundary is explicitly crossed.

Risk areas and confidence

  • Generic classify/guide compatibility: medium risk, high confidence from targeted command readback.
  • Surface catalog semantics: medium risk, medium-high confidence. maildesk-cf is intentionally non-apply even though it is desired-state-backed.
  • Live public contract: blocked because CFCTL_PUBLIC_CONTRACT_ZONE is not set in this shell; no live DNS/token smoke was attempted.

Test plan

  • cfctl doctor readback: degraded only by expired previews, with healthy dev/global lanes and no secret leaks
  • ./scripts/verify_maildesk_cf_contract.sh
  • ./scripts/verify_static_contract.sh
  • ./cfctl surfaces | jq ... maildesk-cf ...
  • ./cfctl explain maildesk-cf
  • ./cfctl standards maildesk-cf
  • ./cfctl classify maildesk-cf provision --file state/maildesk-cf/example.json
  • ./cfctl guide maildesk-cf provision --file state/maildesk-cf/example.json
  • git diff --check
  • New-diff privacy scan for local paths, emails, and token names
  • ./scripts/verify_public_contract.sh blocked: CFCTL_PUBLIC_CONTRACT_ZONE must be set for live DNS/token smoke tests

Review focus

  • Confirm maildesk-cf should remain non-apply in catalog/surfaces.json while still being standards/classify/guide visible.
  • Confirm the guide output is clear enough that operators use the composite cfctl maildesk-cf provision --plan path and do not infer a generic apply surface.

The maildesk lifecycle command already existed, but standards/classify/guide could not see it because the surface was absent from the catalogs. Add maildesk-cf as a non-apply lifecycle surface, teach classify and guide to point at the real composite preview path, and keep ack explicitly blocked until component writes are preview-gated. Also add file selector readiness so file-backed lifecycle operations can prove their required selector.
@rogu3bear

Copy link
Copy Markdown
Owner Author

@codex please review the lifecycle surface semantics: maildesk-cf is now visible to standards/classify/guide, but it intentionally remains non-apply in catalog/surfaces.json. Focus on whether the guide/classify output prevents operators from inferring a generic cfctl apply maildesk-cf provision path while still giving enough preflight structure for the maildesk provisioning lane.

@rogu3bear

Copy link
Copy Markdown
Owner Author

CI blocker note:

The rerun of static contract did not execute repository steps. The Check Run annotation for job 84326733087 reports: The job was not started because your account is locked due to a billing issue.

Local proof on branch build/maildesk-cf-surface-registry at fe187d1:

  • ./scripts/verify_static_contract.sh passed
  • python3 scripts/verify_permission_catalog.py --cfctl ./cfctl passed
  • clean clone with empty CF_*/CLOUDFLARE_*/CFCTL_* env: ./scripts/verify_static_contract.sh passed

I am not merging this PR while the required GitHub runner check is blocked by account billing state.

@rogu3bear

Copy link
Copy Markdown
Owner Author

Fresh local proof on build/maildesk-cf-surface-registry at fe187d1:

  • ./scripts/verify_maildesk_cf_contract.sh passed
  • python3 scripts/verify_permission_catalog.py --cfctl ./cfctl passed
  • serial ./scripts/verify_static_contract.sh passed
  • git diff --check origin/main...HEAD passed

The GitHub static contract check still did not run repository steps; its Check Run annotation remains: The job was not started because your account is locked due to a billing issue.

@rogu3bear rogu3bear merged commit de7da5d into main Jun 30, 2026
2 of 4 checks passed
@rogu3bear rogu3bear deleted the build/maildesk-cf-surface-registry branch June 30, 2026 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant