Fix maildesk receive-only sender lifecycle#37
Merged
Conversation
Align the cfctl maildesk-cf lifecycle with the public template contract by making generated and checked-in specs default to disabled outbound sender mode. Disabled/receive-only mode now proves sender readiness without creating sender-provider drift, while provider-enabled specs still exercise DNS and provider readback paths. The contract test splits those cases so Milestone 1 can prove provisioning shape without pretending outbound sending is configured. The only runtime helper change bounds maildesk ack receipt lookup to maildesk envelopes so the blocked ack proof remains fast even with a large evidence directory.
Owner
Author
|
@codex please review the receive-only sender readiness semantics and the bounded maildesk ack receipt lookup. The intent is that |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
cfctl maildesk-cfwith the public maildesk template by defaulting generated and checked-in specs tosender.mode: disabledwith no authenticated sender domains.disabled/receive_onlyas an intentional receive-only sender posture, so provisioning plans no longer emitsender_adapter_receive_onlydrift or sender-provider operations for Milestone 1.Behavioral implications
cfctl maildesk-cf init --domain example.comnow emits a public-template-safe receive-only sender block.cfctl maildesk-cf verify|provision --plancan show template/instance readiness without requiring outbound sender authentication unless the spec enablescloudflare_email_serviceorresend.maildesk-cf provision --ack-plan <operation-id>remains intentionally blocked until component writes are preview-gated.Risk areas and confidence
maildesk-cf-maildesk-cf-*.jsonruntime envelopes to avoid scanning unrelated evidence, with the blocked-ack contract passing.Test plan
./scripts/verify_maildesk_cf_contract.sh./scripts/verify_static_contract.shgit diff --check./cfctl maildesk-cf init --domain example.com | jq '{ok, sender: .result.generated_spec.sender, operation_count: .summary.operation_count}'./cfctl maildesk-cf verify --file /Users/star/dev/maildesk-cf/config/desired-state.example.json | jq '{ok, summary: .summary, drift_classes: .result.drift_classes, sender: .result.checks.sender}'./cfctl maildesk-cf provision --file /Users/star/dev/maildesk-cf/config/desired-state.example.json --plan | jq '{ok, operation_id, summary: .summary, drift_classes: .result.drift_classes, sender: .result.checks.sender}'./cfctl doctor | jq '{ok, summary: .summary}'Remaining blocked outside this checkout
20260701T185539Z-84095-155793269, with drift classes limited tomissing_resource,email_routing_alias_drift, and the informationaloptional_live_send_not_requested; sender mode is ready and no sender-provider operation remains.email.routingenablement is still reported as blocked by ownership policy:resource creation must use the owning primitive cfctl surface or app deploy lane.CI note
cfctl contractGitHub Actions runs onmainand prior PRs are already failing before this branch. Local contract proof for this branch is green.