Preview maildesk storage setup commands#28
Merged
Conversation
The maildesk-cf lifecycle could identify missing D1, R2, and Queue resources, but it emitted generic blocked rows even though cfctl already has a preview-gated Wrangler wrapper for those create operations. That made the live maildesk plan less actionable than it needed to be without crossing the protected apply boundary. Map missing maildesk storage resources to cfctl wrangler create commands with --plan: D1 databases, R2 buckets, and Queues. The composite maildesk apply path remains blocked; this only teaches the plan to expose component preview commands that still require their own ack-plan before mutation. Contract coverage now asserts the missing-resource fixture produces unblocked preview commands for both D1 databases, both R2 buckets, and the Queue. Verified with the focused maildesk contract, static contract, permission catalog check, git diff --check, and a private desired-state plan-only readback.
Owner
Author
|
@codex Please review the lifecycle bridge in this PR, especially whether using |
Owner
Author
|
Local proof for this PR is green; GitHub static contract did not execute code. The check run has no runner/steps and its only annotation is: "The job was not started because your account is locked due to a billing issue." Proof run locally on 2026-06-30:
No Cloudflare mutation was performed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Behavioral changes
cfctl maildesk-cf provision --plan.cfctl wrangler d1 create <name> --plan.cfctl wrangler r2 bucket create <name> --plan.cfctl wrangler queues create <name> --plan.maildesk-cf provision --ack-planpath remains blocked; this does not create resources or weaken apply gates.Why
The maildesk lifecycle already identifies missing D1/R2/Queue resources, and cfctl already has a preview-gated Wrangler wrapper for the underlying create commands. Emitting generic blocked rows made the plan less actionable than necessary while still stopping before mutation.
Proof
./scripts/verify_maildesk_cf_contract.shpassed./scripts/verify_static_contract.shpassedpython3 scripts/verify_permission_catalog.py --cfctl ./cfctlpassedgit diff --checkpassedcfctl wrangler ... --plan; all five emitted plan-only wrapper receipts withrequires_ack=trueImplications and risk
Next steps
cfctl maildesk-cf provision --planagainst the private desired state and keep the resulting Worker, Email Routing, and storage previews together for operator approval.