Read sender-domain status for maildesk#29
Merged
Conversation
maildesk-cf could prove Workers, storage, and Email Routing plans, but outbound readiness still collapsed into provider_status_unavailable because cfctl had no read-only Email Sending sender-domain surface. That made the remaining blocker less precise than the live account evidence allowed. Add a read-only sender_domain surface backed by Cloudflare Email Sending subdomain readback. Wire it into cfctl list/get/verify, permission/profile metadata, capabilities rendering, and the maildesk lifecycle evidence collector. Empty successful readback now reports sender_domain_drift instead of provider_status_unavailable; verified fixture readback can make mail_ready true. No mutation path is added. sender_domain apply remains unsupported, and maildesk composite ack remains blocked. Verified with maildesk contract, static contract, permission catalog check, git diff --check, live sender_domain readback, and private desired-state maildesk provision --plan.
Owner
Author
|
@codex Please review the new read-only |
Owner
Author
|
Local proof for this PR is green; GitHub static contract did not execute code. The check run has no runner/steps and its only annotation is: "The job was not started because your account is locked due to a billing issue." Proof run locally on 2026-06-30:
No Cloudflare mutation was performed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Behavioral changes
sender_domaincfctl surface backed by Cloudflare Email Sending subdomain readback.cfctl list|get|verify sender_domain --zone <zone>with id/name selectors.Email Sending Readpermission metadata to read/deploy operator profiles.maildesk-cflive evidence collection to read sender-domain status per configured sender domain.sender_domain_drift.Why
Maildesk provisioning could already plan Workers, storage, and Email Routing, but outbound readiness still collapsed into
provider_status_unavailablebecause cfctl had no sender-domain readback surface. Current Cloudflare Email Sending APIs expose zone-scoped sender subdomains, so cfctl can make that blocker precise without adding any mutation path.Proof
./scripts/verify_maildesk_cf_contract.shpassed./scripts/verify_static_contract.shpassedpython3 scripts/verify_permission_catalog.py --cfctl ./cfctlpassedgit diff --checkpassedCF_TOKEN_LANE=global ./cfctl list sender_domain --zone <private-zone>returned ok with count 0maildesk-cf provision --plannow reportssender_domain_drift, notprovider_status_unavailable, for sender domains missing from readbackSafety
sender_domain.applyremains unsupported.maildesk-cf --ack-planremains blocked.Next steps