Add preview-gated sender-domain enable#30
Merged
Conversation
Maildesk provisioning could detect sender-domain drift but left it permanently blocked because cfctl had only read inventory for Email Sending sender domains. That made the private maildesk plan unable to express the next operator-safe step even though Cloudflare exposes an Email Sending subdomain creation endpoint that can be wrapped behind the existing cfctl preview/ack contract. Add sender_domain apply metadata for an enable operation, a cf_mutate_sender_domain.sh backend that prepares POST /zones/:zone_id/email/sending/subdomains and verifies by reading the sender-domain list after an acknowledged apply, and dispatch wiring from cfctl apply. Add Email Sending Write to the deploy/full-operator permission catalog so bootstrap guidance is explicit about the new write path. Maildesk sender-domain drift now emits cfctl apply sender_domain enable --zone <domain> --name <domain> --plan as a component preview command while preserving mail_ready=false until authentication is actually applied and read back. Provider-readback-unavailable remains blocked. Risk is bounded to a new preview-gated Cloudflare mutation surface; existing tests cover catalog shape, permission fixture drift, bash syntax, maildesk readiness behavior, and a live plan-only dry run.
Owner
Author
|
@codex Please review the new |
Owner
Author
|
Local proof completed because GitHub Actions did not start: the static contract check annotation says the account is locked due to a billing issue. Proof run locally on branch
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
sender_domain enableas a preview-gated cfctl apply operation backed by Cloudflare Email Sending sender-subdomain API planning and acknowledged-apply verification.Email Sending Writeto deploy/full-operator bootstrap permission guidance and refresh generated capabilities docs.Behavioral Changes
cfctl apply sender_domain enable --zone <zone> --name <domain> --plannow prepares the sender-domain creation/re-enable request without mutating Cloudflare.cfctl maildesk-cf provision --planpreservesmail_ready=falsefor unauthenticated sender domains, but component operations now carry preview commands when provider readback exists.Proof
./scripts/verify_maildesk_cf_contract.sh./scripts/verify_static_contract.shpython3 scripts/verify_permission_catalog.py --cfctl ./cfctlgit diff --checksender_domain enablepreview returnedok=true,plan_mode=true, no verification apply.ok=true; sender-domain drift operations had preview commands and no component blockers whileedge_ready=false/mail_ready=falseremained honest.Risk / Confidence
Email Sending Write, but live permission-group drift should be watched in environments with older token profiles.Next Steps
--planpath and only then decide whether to acknowledge any sender-domain operations.