@wraps.dev/cli 0.1.5 → 0.2.0

package/dist/cli.js

@@ -1285,7 +1285,7 @@ async function findHostedZone(domain, region) {
     return null;
   }
 }
-async function createDNSRecords(hostedZoneId, domain, dkimTokens, region, customTrackingDomain) {
+async function createDNSRecords(hostedZoneId, domain, dkimTokens, region, customTrackingDomain, mailFromDomain) {
   const client = new Route53Client({ region });
   const changes = [];
   for (const token of dkimTokens) {
@@ -1330,6 +1330,28 @@ async function createDNSRecords(hostedZoneId, domain, dkimTokens, region, custom
       }
     });
   }
+  if (mailFromDomain) {
+    changes.push({
+      Action: "UPSERT",
+      ResourceRecordSet: {
+        Name: mailFromDomain,
+        Type: "MX",
+        TTL: 1800,
+        ResourceRecords: [
+          { Value: `10 feedback-smtp.${region}.amazonses.com` }
+        ]
+      }
+    });
+    changes.push({
+      Action: "UPSERT",
+      ResourceRecordSet: {
+        Name: mailFromDomain,
+        Type: "TXT",
+        TTL: 1800,
+        ResourceRecords: [{ Value: '"v=spf1 include:amazonses.com ~all"' }]
+      }
+    });
+  }
   await client.send(
     new ChangeResourceRecordSetsCommand({
       HostedZoneId: hostedZoneId,
@@ -1778,6 +1800,7 @@ async function createSESResources(config) {
   });
   let domainIdentity;
   let dkimTokens;
+  let mailFromDomain;
   if (config.domain) {
     domainIdentity = new aws5.sesv2.EmailIdentity("wraps-email-domain", {
       emailIdentity: config.domain,
@@ -1793,6 +1816,20 @@ async function createSESResources(config) {
     dkimTokens = domainIdentity.dkimSigningAttributes.apply(
       (attrs) => attrs?.tokens || []
     );
+    mailFromDomain = config.mailFromDomain || `mail.${config.domain}`;
+    new aws5.sesv2.EmailIdentityMailFromAttributes(
+      "wraps-email-mail-from",
+      {
+        emailIdentity: config.domain,
+        mailFromDomain,
+        behaviorOnMxFailure: "USE_DEFAULT_VALUE"
+        // Fallback to amazonses.com if MX record fails
+      },
+      {
+        dependsOn: [domainIdentity]
+        // Ensure domain identity exists first
+      }
+    );
   }
   return {
     configSet,
@@ -1802,7 +1839,8 @@ async function createSESResources(config) {
     dkimTokens,
     dnsAutoCreated: false,
     // Will be set after deployment
-    customTrackingDomain: config.trackingConfig?.customRedirectDomain
+    customTrackingDomain: config.trackingConfig?.customRedirectDomain,
+    mailFromDomain
   };
 }
 
@@ -1887,6 +1925,7 @@ async function deployEmailStack(config) {
   if (emailConfig.tracking?.enabled || emailConfig.eventTracking?.enabled) {
     sesResources = await createSESResources({
       domain: emailConfig.domain,
+      mailFromDomain: emailConfig.mailFromDomain,
       region: config.region,
       trackingConfig: emailConfig.tracking,
       eventTypes: emailConfig.eventTracking?.events
@@ -1930,7 +1969,8 @@ async function deployEmailStack(config) {
     eventBusName: sesResources?.eventBus.name,
     queueUrl: sqsResources?.queue.url,
     dlqUrl: sqsResources?.dlq.url,
-    customTrackingDomain: sesResources?.customTrackingDomain
+    customTrackingDomain: sesResources?.customTrackingDomain,
+    mailFromDomain: sesResources?.mailFromDomain
   };
 }
 
@@ -2149,6 +2189,14 @@ Verification should complete within a few minutes.`,
         pc2.bold("DMARC Record (TXT):"),
         `  ${pc2.cyan(`_dmarc.${domain}`)} ${pc2.dim("TXT")} "v=DMARC1; p=quarantine; rua=mailto:postmaster@${domain}"`
       );
+      if (outputs.mailFromDomain) {
+        dnsLines.push(
+          "",
+          pc2.bold("MAIL FROM Domain Records (for DMARC alignment):"),
+          `  ${pc2.cyan(outputs.mailFromDomain)} ${pc2.dim("MX")} "10 feedback-smtp.${outputs.region}.amazonses.com"`,
+          `  ${pc2.cyan(outputs.mailFromDomain)} ${pc2.dim("TXT")} "v=spf1 include:amazonses.com ~all"`
+        );
+      }
     }
     clack2.note(dnsLines.join("\n"), "DNS Records to add:");
   }
@@ -2201,7 +2249,14 @@ function displayStatus(status2) {
     const domainStrings = status2.domains.map((d) => {
       const statusIcon = d.status === "verified" ? "\u2713" : d.status === "pending" ? "\u23F1" : "\u2717";
       const statusColor = d.status === "verified" ? pc2.green : d.status === "pending" ? pc2.yellow : pc2.red;
-      return `    ${d.domain} ${statusColor(`${statusIcon} ${d.status}`)}`;
+      let domainLine = `    ${d.domain} ${statusColor(`${statusIcon} ${d.status}`)}`;
+      if (d.mailFromDomain) {
+        const mailFromStatusIcon = d.mailFromStatus === "SUCCESS" ? "\u2713" : "\u23F1";
+        const mailFromColor = d.mailFromStatus === "SUCCESS" ? pc2.green : pc2.yellow;
+        domainLine += `
+      ${pc2.dim("MAIL FROM:")} ${d.mailFromDomain} ${mailFromColor(mailFromStatusIcon)}`;
+      }
+      return domainLine;
     });
     infoLines.push(`${pc2.bold("Domains:")}
 ${domainStrings.join("\n")}`);
@@ -2260,13 +2315,14 @@ ${domainStrings.join("\n")}`);
     );
   }
   clack2.note(resourceLines.join("\n"), "Resources");
-  const pendingDomains = status2.domains.filter(
-    (d) => d.status === "pending" && d.dkimTokens
+  const domainsNeedingDNS = status2.domains.filter(
+    (d) => d.status === "pending" && d.dkimTokens || d.mailFromDomain && d.mailFromStatus !== "SUCCESS"
   );
-  if (pendingDomains.length > 0) {
-    for (const domain of pendingDomains) {
-      if (domain.dkimTokens && domain.dkimTokens.length > 0) {
-        const dnsLines = [
+  if (domainsNeedingDNS.length > 0) {
+    for (const domain of domainsNeedingDNS) {
+      const dnsLines = [];
+      if (domain.status === "pending" && domain.dkimTokens && domain.dkimTokens.length > 0) {
+        dnsLines.push(
           pc2.bold("DKIM Records (CNAME):"),
           ...domain.dkimTokens.map(
             (token) => `  ${pc2.cyan(`${token}._domainkey.${domain.domain}`)} ${pc2.dim("CNAME")} "${token}.dkim.amazonses.com"`
@@ -2277,11 +2333,21 @@ ${domainStrings.join("\n")}`);
           "",
           pc2.bold("DMARC Record (TXT):"),
           `  ${pc2.cyan(`_dmarc.${domain.domain}`)} ${pc2.dim("TXT")} "v=DMARC1; p=quarantine; rua=mailto:postmaster@${domain.domain}"`
-        ];
+        );
+      }
+      if (domain.mailFromDomain && domain.mailFromStatus !== "SUCCESS") {
+        if (dnsLines.length > 0) dnsLines.push("");
+        dnsLines.push(
+          pc2.bold("MAIL FROM Domain Records (for DMARC alignment):"),
+          `  ${pc2.cyan(domain.mailFromDomain)} ${pc2.dim("MX")} "10 feedback-smtp.${status2.region}.amazonses.com"`,
+          `  ${pc2.cyan(domain.mailFromDomain)} ${pc2.dim("TXT")} "v=spf1 include:amazonses.com ~all"`
+        );
+      }
+      if (dnsLines.length > 0) {
         clack2.note(dnsLines.join("\n"), `DNS Records for ${domain.domain}`);
       }
     }
-    const exampleDomain = pendingDomains[0].domain;
+    const exampleDomain = domainsNeedingDNS[0].domain;
     console.log(
       `
 ${pc2.dim("Run:")} ${pc2.yellow(`wraps verify --domain ${exampleDomain}`)} ${pc2.dim(
@@ -4168,7 +4234,8 @@ async function init(options) {
           outputs.domain,
           outputs.dkimTokens,
           region,
-          outputs.customTrackingDomain
+          outputs.customTrackingDomain,
+          outputs.mailFromDomain
         );
         progress.succeed("DNS records created in Route53");
         dnsAutoCreated = true;
@@ -4195,7 +4262,8 @@ async function init(options) {
     tableName: outputs.tableName,
     dnsRecords: dnsRecords.length > 0 ? dnsRecords : void 0,
     dnsAutoCreated,
-    domain: outputs.domain
+    domain: outputs.domain,
+    mailFromDomain: outputs.mailFromDomain
   });
 }
 
@@ -4345,13 +4413,17 @@ Run ${pc9.cyan("wraps init")} to deploy infrastructure.
         return {
           domain: d.domain,
           status: d.verified ? "verified" : "pending",
-          dkimTokens: identity2.DkimAttributes?.Tokens || []
+          dkimTokens: identity2.DkimAttributes?.Tokens || [],
+          mailFromDomain: identity2.MailFromAttributes?.MailFromDomain,
+          mailFromStatus: identity2.MailFromAttributes?.MailFromDomainStatus
         };
       } catch (_error) {
         return {
           domain: d.domain,
           status: d.verified ? "verified" : "pending",
-          dkimTokens: void 0
+          dkimTokens: void 0,
+          mailFromDomain: void 0,
+          mailFromStatus: void 0
         };
       }
     })
@@ -5048,6 +5120,7 @@ async function verify(options) {
   const sesClient = new SESv2Client3({ region });
   let identity;
   let dkimTokens = [];
+  let mailFromDomain;
   try {
     identity = await progress.execute(
       "Checking SES verification status",
@@ -5059,6 +5132,7 @@ async function verify(options) {
       }
     );
     dkimTokens = identity.DkimAttributes?.Tokens || [];
+    mailFromDomain = identity.MailFromAttributes?.MailFromDomain;
   } catch (_error) {
     progress.stop();
     clack12.log.error(`Domain ${options.domain} not found in SES`);
@@ -5070,6 +5144,7 @@ Run ${pc12.cyan(`wraps init --domain ${options.domain}`)} to add this domain.
     process.exit(1);
   }
   const resolver = new Resolver();
+  resolver.setServers(["8.8.8.8", "1.1.1.1"]);
   const dnsResults = [];
   for (const token of dkimTokens) {
     const dkimRecord = `${token}._domainkey.${options.domain}`;
@@ -5124,17 +5199,60 @@ Run ${pc12.cyan(`wraps init --domain ${options.domain}`)} to add this domain.
       status: "missing"
     });
   }
+  if (mailFromDomain) {
+    try {
+      const mxRecords = await resolver.resolveMx(mailFromDomain);
+      const expectedMx = `feedback-smtp.${region}.amazonses.com`;
+      const hasMx = mxRecords.some(
+        (r) => r.exchange === expectedMx || r.exchange === `${expectedMx}.`
+      );
+      dnsResults.push({
+        name: mailFromDomain,
+        type: "MX",
+        status: hasMx ? "verified" : mxRecords.length > 0 ? "incorrect" : "missing",
+        records: mxRecords.map((r) => `${r.priority} ${r.exchange}`)
+      });
+    } catch (_error) {
+      dnsResults.push({
+        name: mailFromDomain,
+        type: "MX",
+        status: "missing"
+      });
+    }
+    try {
+      const records = await resolver.resolveTxt(mailFromDomain);
+      const spfRecord = records.flat().find((r) => r.startsWith("v=spf1"));
+      const hasAmazonSES = spfRecord?.includes("include:amazonses.com");
+      dnsResults.push({
+        name: mailFromDomain,
+        type: "TXT (SPF)",
+        status: hasAmazonSES ? "verified" : spfRecord ? "incorrect" : "missing",
+        records: spfRecord ? [spfRecord] : void 0
+      });
+    } catch (_error) {
+      dnsResults.push({
+        name: mailFromDomain,
+        type: "TXT (SPF)",
+        status: "missing"
+      });
+    }
+  }
   progress.stop();
   const verificationStatus = identity.VerifiedForSendingStatus ? "verified" : "pending";
   const dkimStatus = identity.DkimAttributes?.Status || "PENDING";
-  clack12.note(
-    [
-      `${pc12.bold("Domain:")} ${options.domain}`,
-      `${pc12.bold("Verification Status:")} ${verificationStatus === "verified" ? pc12.green("\u2713 Verified") : pc12.yellow("\u23F1 Pending")}`,
-      `${pc12.bold("DKIM Status:")} ${dkimStatus === "SUCCESS" ? pc12.green("\u2713 Success") : pc12.yellow(`\u23F1 ${dkimStatus}`)}`
-    ].join("\n"),
-    "SES Status"
-  );
+  const mailFromStatus = identity.MailFromAttributes?.MailFromDomainStatus || "NOT_CONFIGURED";
+  const statusLines = [
+    `${pc12.bold("Domain:")} ${options.domain}`,
+    `${pc12.bold("Verification Status:")} ${verificationStatus === "verified" ? pc12.green("\u2713 Verified") : pc12.yellow("\u23F1 Pending")}`,
+    `${pc12.bold("DKIM Status:")} ${dkimStatus === "SUCCESS" ? pc12.green("\u2713 Success") : pc12.yellow(`\u23F1 ${dkimStatus}`)}`
+  ];
+  if (mailFromDomain) {
+    statusLines.push(
+      `${pc12.bold("MAIL FROM Domain:")} ${mailFromDomain}`,
+      `${pc12.bold("MAIL FROM Status:")} ${mailFromStatus === "SUCCESS" ? pc12.green("\u2713 Success") : mailFromStatus === "NOT_CONFIGURED" ? pc12.yellow("\u23F1 Not Configured") : pc12.yellow(`\u23F1 ${mailFromStatus}`)}`
+    );
+  }
+  clack12.note(statusLines.join("\n"), "SES Status");
   const dnsLines = dnsResults.map((record) => {
     let statusIcon;
     let statusColor;