Skip to content

Read sender-domain status for maildesk#29

Merged
rogu3bear merged 1 commit into
mainfrom
build/maildesk-sender-domain-readback
Jun 30, 2026
Merged

Read sender-domain status for maildesk#29
rogu3bear merged 1 commit into
mainfrom
build/maildesk-sender-domain-readback

Conversation

@rogu3bear

Copy link
Copy Markdown
Owner

Behavioral changes

  • Adds a read-only sender_domain cfctl surface backed by Cloudflare Email Sending subdomain readback.
  • Supports cfctl list|get|verify sender_domain --zone <zone> with id/name selectors.
  • Adds Email Sending Read permission metadata to read/deploy operator profiles.
  • Wires maildesk-cf live evidence collection to read sender-domain status per configured sender domain.
  • Distinguishes unavailable provider readback from successful readback that contains no verified sender domain: the latter is now sender_domain_drift.

Why

Maildesk provisioning could already plan Workers, storage, and Email Routing, but outbound readiness still collapsed into provider_status_unavailable because cfctl had no sender-domain readback surface. Current Cloudflare Email Sending APIs expose zone-scoped sender subdomains, so cfctl can make that blocker precise without adding any mutation path.

Proof

  • ./scripts/verify_maildesk_cf_contract.sh passed
  • ./scripts/verify_static_contract.sh passed
  • python3 scripts/verify_permission_catalog.py --cfctl ./cfctl passed
  • git diff --check passed
  • Live readback: CF_TOKEN_LANE=global ./cfctl list sender_domain --zone <private-zone> returned ok with count 0
  • Private desired-state maildesk-cf provision --plan now reports sender_domain_drift, not provider_status_unavailable, for sender domains missing from readback

Safety

  • No Cloudflare mutation is added or performed.
  • sender_domain.apply remains unsupported.
  • Composite maildesk-cf --ack-plan remains blocked.
  • The remaining outbound blocker is now explicit sender-domain authentication, not missing provider visibility.

Next steps

  • After merge, rerun the private maildesk plan and keep the nine prepared Worker/storage/Email Routing previews separate from sender-domain authentication.
  • A future lane can add preview-gated sender-domain authentication if Cloudflare exposes a safe create/verify control-plane path through cfctl.

maildesk-cf could prove Workers, storage, and Email Routing plans, but outbound readiness still collapsed into provider_status_unavailable because cfctl had no read-only Email Sending sender-domain surface. That made the remaining blocker less precise than the live account evidence allowed.

Add a read-only sender_domain surface backed by Cloudflare Email Sending subdomain readback. Wire it into cfctl list/get/verify, permission/profile metadata, capabilities rendering, and the maildesk lifecycle evidence collector. Empty successful readback now reports sender_domain_drift instead of provider_status_unavailable; verified fixture readback can make mail_ready true.

No mutation path is added. sender_domain apply remains unsupported, and maildesk composite ack remains blocked. Verified with maildesk contract, static contract, permission catalog check, git diff --check, live sender_domain readback, and private desired-state maildesk provision --plan.
@rogu3bear

Copy link
Copy Markdown
Owner Author

@codex Please review the new read-only sender_domain surface, especially the mapping from Cloudflare Email Sending subdomain enabled readback to verified/status in cfctl output, and confirm that no mutation path is exposed. Also check the maildesk drift distinction between provider_status_unavailable and sender_domain_drift.

@rogu3bear

Copy link
Copy Markdown
Owner Author

Local proof for this PR is green; GitHub static contract did not execute code. The check run has no runner/steps and its only annotation is: "The job was not started because your account is locked due to a billing issue."

Proof run locally on 2026-06-30:

  • ./scripts/verify_maildesk_cf_contract.sh passed
  • ./scripts/verify_static_contract.sh passed
  • python3 scripts/verify_permission_catalog.py --cfctl ./cfctl passed
  • git diff --check passed
  • CF_TOKEN_LANE=global ./cfctl list sender_domain --zone <private-zone> returned ok with count 0
  • Private desired-state maildesk-cf provision --plan reports sender_domain_drift, not provider_status_unavailable

No Cloudflare mutation was performed.

@rogu3bear rogu3bear merged commit 8ef260f into main Jun 30, 2026
1 of 2 checks passed
@rogu3bear rogu3bear deleted the build/maildesk-sender-domain-readback branch June 30, 2026 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant