4.8 KiB
4.8 KiB
Reset and Reseed Matrix
All reset operations must be blocked in production unless an explicit product decision introduces a safe production-specific reset path. Existing reset guards in scripts/db/reset-database.ts and scripts/seed-reset.ts must be preserved.
| Scope | Tables Affected | Data Retained | Data Deleted | Safety Guard | Requires Confirmation | Allowed Environment | Transaction Behavior | Storage Cleanup Behavior | Audit Behavior | Recommended Command/API |
|---|---|---|---|---|---|---|---|---|---|---|
foundation_reset |
ms_options, document_sequences, crm_approval_workflows, crm_approval_steps, crm_approval_matrices, document template/library/report/notification foundation rows |
Users, organizations, memberships, business data where compatible | Foundation rows for target organization only | Block production destructive mode; require target org | yes | local, test, staging with flag | Single DB transaction where possible | Document library storage cleanup must be planned and reported; do not delete approved artifacts | Audit setup reset action | POST /api/setup/reset with scope |
organization_reset |
organizations, memberships, CRM role assignments/profiles for target org, organization-scoped foundation rows |
Global users unless explicitly selected | Target organization and tenant-scoped rows | Require exact organization code/name confirmation | yes | local/test/staging with flag | Transaction for DB rows | Cleanup only setup-owned storage prefix; report leftovers | Audit setup reset action | future setup reset service |
business_reset |
customers, contacts, contact shares, leads, opportunities, quotations, related parties/items/topics/followups, business attachments metadata | Organization, users, memberships, foundation rows | Business records for target organization | Require target org and business reset phrase | yes | local/test/staging with flag | Transaction for DB rows | Delete only non-approved setup/business import files when explicitly selected | Audit reset summary | future setup reset service |
demo_uat_reset |
UAT users, UAT memberships, UAT CRM role assignments, UAT-seeded CRM business/runtime fixture rows | Production foundation rows and non-UAT business data | Rows tagged/deterministically known from uat-users.seed.ts and crm-uat.seed.ts |
Require demo/UAT mode and seed tag | yes | local/test/staging | Transaction for DB rows | Remove demo-generated storage objects under demo prefix only | Audit reset summary | extend scripts/seed-uat.ts/future API |
full_reset |
Entire public/drizzle schemas through existing reset script | Nothing in target database | All DB data | Existing --allow-db-reset; production blocked; unsafe host/db blocked |
yes | local/test only by default | Drop/recreate schema | Storage cleanup is out-of-band and must be explicit | Console/report only before setup audit exists | npm run db:reset -- --allow-db-reset |
csv_import_rollback |
Rows from one import manifest | Data outside import manifest | Imported/updated rows when reversible metadata exists | Requires seed manifest item checksums | yes | local/test/staging; production only if designed later | Transaction if rollback immediately after failed commit; compensating actions otherwise | Cleanup files imported by same manifest only | Audit rollback action | future setup import rollback service |
setup_run_reset |
proposed setup_runs, setup_run_steps, seed_manifests, seed_manifest_items |
Actual business/foundation data unless separate scope selected | Setup run metadata | Require setup run id | yes | all non-production; production only metadata reset by super admin later | Transaction | No storage cleanup | Audit metadata reset | future setup state service |
General Reset Rules
- Never rely on client-side confirmation alone.
- Require exact typed confirmation for destructive scopes.
- Refuse reset when
NODE_ENV=productionunless a future ADR defines an allowed production maintenance workflow. - Use organization-scoped deletes whenever possible.
- Runtime generated approved artifacts must not be deleted by
business_resetunless they are demo/UAT artifacts and the scope explicitly includes them. - Storage cleanup must be best-effort with a compensation report because storage providers do not participate in DB transactions.
- Reset reports must list retained data, deleted data, skipped data, warnings, and errors.
Reseed Behavior
- Foundation reseed must be idempotent.
- Demo/UAT reseed must be deterministic and isolated from production seed.
- Same seed version and checksum should skip unless
forceis explicitly set. - Same seed version with changed checksum should warn or block.
- Newer compatible seed versions may apply.
- Older versions should block unless rollback mode exists.