Files
alla-allaos-fullstack/docs/setup/reset-reseed-matrix.md
phaichayon 0ae4ae3e38 task-d.7.2
2026-07-02 13:42:09 +07:00

4.8 KiB

Reset and Reseed Matrix

All reset operations must be blocked in production unless an explicit product decision introduces a safe production-specific reset path. Existing reset guards in scripts/db/reset-database.ts and scripts/seed-reset.ts must be preserved.

Scope Tables Affected Data Retained Data Deleted Safety Guard Requires Confirmation Allowed Environment Transaction Behavior Storage Cleanup Behavior Audit Behavior Recommended Command/API
foundation_reset ms_options, document_sequences, crm_approval_workflows, crm_approval_steps, crm_approval_matrices, document template/library/report/notification foundation rows Users, organizations, memberships, business data where compatible Foundation rows for target organization only Block production destructive mode; require target org yes local, test, staging with flag Single DB transaction where possible Document library storage cleanup must be planned and reported; do not delete approved artifacts Audit setup reset action POST /api/setup/reset with scope
organization_reset organizations, memberships, CRM role assignments/profiles for target org, organization-scoped foundation rows Global users unless explicitly selected Target organization and tenant-scoped rows Require exact organization code/name confirmation yes local/test/staging with flag Transaction for DB rows Cleanup only setup-owned storage prefix; report leftovers Audit setup reset action future setup reset service
business_reset customers, contacts, contact shares, leads, opportunities, quotations, related parties/items/topics/followups, business attachments metadata Organization, users, memberships, foundation rows Business records for target organization Require target org and business reset phrase yes local/test/staging with flag Transaction for DB rows Delete only non-approved setup/business import files when explicitly selected Audit reset summary future setup reset service
demo_uat_reset UAT users, UAT memberships, UAT CRM role assignments, UAT-seeded CRM business/runtime fixture rows Production foundation rows and non-UAT business data Rows tagged/deterministically known from uat-users.seed.ts and crm-uat.seed.ts Require demo/UAT mode and seed tag yes local/test/staging Transaction for DB rows Remove demo-generated storage objects under demo prefix only Audit reset summary extend scripts/seed-uat.ts/future API
full_reset Entire public/drizzle schemas through existing reset script Nothing in target database All DB data Existing --allow-db-reset; production blocked; unsafe host/db blocked yes local/test only by default Drop/recreate schema Storage cleanup is out-of-band and must be explicit Console/report only before setup audit exists npm run db:reset -- --allow-db-reset
csv_import_rollback Rows from one import manifest Data outside import manifest Imported/updated rows when reversible metadata exists Requires seed manifest item checksums yes local/test/staging; production only if designed later Transaction if rollback immediately after failed commit; compensating actions otherwise Cleanup files imported by same manifest only Audit rollback action future setup import rollback service
setup_run_reset proposed setup_runs, setup_run_steps, seed_manifests, seed_manifest_items Actual business/foundation data unless separate scope selected Setup run metadata Require setup run id yes all non-production; production only metadata reset by super admin later Transaction No storage cleanup Audit metadata reset future setup state service

General Reset Rules

  • Never rely on client-side confirmation alone.
  • Require exact typed confirmation for destructive scopes.
  • Refuse reset when NODE_ENV=production unless a future ADR defines an allowed production maintenance workflow.
  • Use organization-scoped deletes whenever possible.
  • Runtime generated approved artifacts must not be deleted by business_reset unless they are demo/UAT artifacts and the scope explicitly includes them.
  • Storage cleanup must be best-effort with a compensation report because storage providers do not participate in DB transactions.
  • Reset reports must list retained data, deleted data, skipped data, warnings, and errors.

Reseed Behavior

  • Foundation reseed must be idempotent.
  • Demo/UAT reseed must be deterministic and isolated from production seed.
  • Same seed version and checksum should skip unless force is explicitly set.
  • Same seed version with changed checksum should warn or block.
  • Newer compatible seed versions may apply.
  • Older versions should block unless rollback mode exists.