9.6 KiB
Task D.7.5 – CSV Commit Import Engine
Objective
Implement the CSV Commit Import Engine for ALLA OS Initial Setup.
This task must take a previously validated CSV preview result from D.7.4, verify its previewHash, and commit supported CSV imports safely using transactions and idempotent upsert behavior.
D.7.5 must reuse the D.7.4 preview/validation engine and must not duplicate validation logic.
Review Before Implementation
Review:
- AGENTS.md
- plans/task-d.7.md
- plans/task-d.7.1.md
- plans/task-d.7.2.md
- plans/task-d.7.3.md
- plans/task-d.7.4.md
- docs/setup/seed-matrix.md
- docs/setup/csv-template-spec.md
- docs/setup/import-mapping.md
- docs/setup/setup-wizard-blueprint.md
- docs/setup/verification-matrix.md
- setup/templates/*
- setup/templates/templates.json
- src/features/setup/server/csv-preview.service.ts
- src/features/setup/server/csv/**
- src/app/api/setup/import/preview/route.ts
- src/db/schema.ts
- src/db/seeds/**/*
- Existing CRM/foundation services for organizations, users, master options, document sequences, approval, customers, contacts, leads, opportunities, and quotations.
Implementation Scope
Create:
src/features/setup/server/csv-commit.service.ts
Supporting modules if needed:
src/features/setup/server/csv/commit-builder.ts src/features/setup/server/csv/upsert-executor.ts src/features/setup/server/csv/import-report.ts
Create API:
POST /api/setup/import/commit
Core Rule
D.7.5 must use the exact same parsing, template detection, validation, dependency resolution, and preview report behavior from D.7.4.
Do not create a second validation engine.
Commit flow:
- Receive CSV files and
previewHash. - Re-run preview validation using D.7.4 engine.
- Compare new preview hash with submitted
previewHash. - Reject commit if hashes do not match.
- Reject commit if preview contains blocking errors.
- Commit valid files in dependency/import order.
- Return structured import report.
Input
Accept multipart/form-data.
Required:
- CSV files
previewHash
Optional:
mode:strict | permissiveorganizationIdorganizationCodedryRunallowOptionCreateskipWarningsreplaceExisting
Default behavior:
mode = strictdryRun = falseallowOptionCreate = falseskipWarnings = falsereplaceExisting = false
Commit Rules
General
- Commit only rows classified as
createorupdate. - Do not commit rows classified as
error. - In strict mode, any blocking error prevents the whole commit.
- Warnings do not block commit unless
skipWarnings = falseand the warning is configured as blocking. - Unsupported templates must never commit.
- Unknown templates must never commit.
Transaction
- Use one database transaction for all DB-only writes in the import batch.
- If any DB write fails, rollback the whole batch.
- Storage writes are out of scope for D.7.5.
- Attachments are still unsupported/deferred.
Upsert
Every importer must be idempotent.
Re-running the same CSV should produce either:
updatedskipped- or no-op
Never create duplicate records.
Supported Commit Templates
Implement commit for templates currently supported by D.7.3/D.7.4:
Foundation / Organization:
- users.csv
- organizations.csv
- memberships.csv
- crm-role-assignments.csv
- master-options.csv
- branches.csv
- product-types.csv
- document-sequences.csv
- approval-workflows.csv
- approval-steps.csv
- approval-matrix.csv
Business:
- customers.csv
- contacts.csv
- contact-shares.csv
- leads.csv
- opportunities.csv
- opportunity-parties.csv
- quotations.csv
- quotation-items.csv
- quotation-parties.csv
- quotation-topics.csv
- quotation-topic-items.csv
If a template cannot yet be safely committed because the service contract is unclear, mark it as blocked with a clear reason. Do not fake success.
Required Import Order
Use import order from setup/templates/templates.json.
Commit order must follow resolved dependency order, not upload order.
Importer Responsibilities
Each importer must define:
- template name
- target table or feature service
- business key
- create behavior
- update behavior
- skip behavior
- conflict behavior
- reference resolution
- audit behavior if existing service supports it
Data Mapping
Follow:
docs/setup/import-mapping.md
Important examples:
branches.csv
maps to:
ms_options category = crm_branch
product-types.csv
maps to:
ms_options category = crm_product_type
document-sequences.csv
resolves:
organization_code branch_code product_type_code document_type period prefix
quotation-topic-items.csv
uses topic_key from uploaded batch to resolve committed quotation topic ids.
Security
- API must be protected.
- Require
super_adminfor setup-wide import. - Organization admin may be supported later, but D.7.5 can restrict to
super_admin. - Do not return raw SQL, stack traces, password hashes, or secrets.
- Raw
passwordfrom users.csv must be hashed before storage. - Never log raw passwords.
- Empty password must not overwrite existing password.
- Existing user password can be reset only when explicit reset flag exists.
Password Rules
For users.csv:
- New credential user requires either:
password, or- future invitation flow support.
- Existing user:
- empty password = keep existing password
- password + reset_password=true = update password hash
- password + reset_password=false = ignore password with warning
- Never return password or hash in report.
Report Contract
Return:
ImportReport
Fields:
- status: PASS | WARNING | FAIL
- generatedAt
- previewHash
- committedHash
- dryRun
- summary
- files
- errors
- warnings
File report:
- fileName
- template
- status
- imported
- updated
- skipped
- errors
- warnings
Row report:
- row
- action: create | update | skip | error
- businessKey
- entityId if safe
- message
- warnings
- errors
Example:
{ "status": "PASS", "previewHash": "...", "committedHash": "...", "summary": { "imported": 10, "updated": 4, "skipped": 2, "errors": 0, "warnings": 1 }, "files": [] }
Error Contract
Every error must include:
- file
- row
- column
- code
- message
- suggestedFix
Example:
{ "file": "customers.csv", "row": 12, "column": "customer_code", "code": "UPSERT_FAILED", "message": "Customer could not be imported.", "suggestedFix": "Review the customer row and retry after fixing related references." }
Dry Run
Support dryRun=true.
Dry run must:
- re-run preview
- build commit plan
- return planned actions
- not write database
- not run transaction writes
Audit
If existing feature services automatically write audit logs, allow them.
If importing directly with Drizzle because no safe service exists, do not invent audit semantics in D.7.5.
Instead:
- include audit gap warning in report
- document follow-up
Out Of Scope
- CSV preview validation logic duplication
- CSV template creation
- Setup Wizard UI
- Seed manifest persistence
- Setup state persistence
- Rollback after successful commit
- Storage import
- Attachment import
- Email settings import
- Unsupported templates
- Destructive reset
- PDF generation
- Approval workflow execution
- Document artifact creation
Deliverables
Required:
src/features/setup/server/csv-commit.service.ts src/features/setup/server/csv/commit-builder.ts src/features/setup/server/csv/upsert-executor.ts src/features/setup/server/csv/import-report.ts src/app/api/setup/import/commit/route.ts
Optional:
src/features/setup/server/csv/importers/*.ts
Recommended importer organization:
src/features/setup/server/csv/importers/ users.importer.ts organizations.importer.ts memberships.importer.ts crm-role-assignments.importer.ts master-options.importer.ts document-sequences.importer.ts approval.importer.ts customers.importer.ts contacts.importer.ts leads.importer.ts opportunities.importer.ts quotations.importer.ts
Acceptance Criteria
✓ POST /api/setup/import/commit exists.
✓ Commit requires previewHash.
✓ Commit re-runs D.7.4 preview engine.
✓ Commit rejects mismatched preview hash.
✓ Commit rejects preview with blocking errors.
✓ Commit follows dependency/import order from templates.json.
✓ Commit is transaction-safe for DB writes.
✓ Re-running the same valid CSV does not duplicate records.
✓ users.csv password handling is safe.
✓ branches.csv imports into ms_options category crm_branch.
✓ product-types.csv imports into ms_options category crm_product_type.
✓ quotation-topic-items.csv resolves topic_key from committed/imported quotation topics.
✓ Unsupported templates do not commit.
✓ dryRun returns planned actions without writing DB.
✓ Structured import report is returned.
✓ No storage/binary attachment import is implemented.
✓ Typecheck passes or unrelated failures are documented.
Suggested Verification
Run:
npm run typecheck
Run scoped lint:
npx oxlint src/features/setup/server/csv src/features/setup/server/csv-commit.service.ts src/app/api/setup/import/commit
Manual test flow:
- Call POST /api/setup/import/preview with valid CSV batch.
- Copy previewHash.
- Call POST /api/setup/import/commit with same files and previewHash.
- Confirm rows are created/updated.
- Re-run same commit.
- Confirm no duplicates.
- Modify CSV after preview.
- Confirm commit rejects previewHash mismatch.
- Submit CSV with blocking errors.
- Confirm commit fails without partial writes.
Follow-up
After this task:
D.7.6 – Dashboard Setup Wizard UI
D.7.8 – Seed Manifest and Setup State Persistence
D.7.7 – Scoped Reset and Reseed Engine