m/paliad
1
0
Fork 0
Code Issues 146 Pull Requests 8 Actions 1 Packages Projects Releases Wiki Activity

Backup Mode: admin-level full-data Excel export (inventor design) #77

New Issue
Open
opened 2026-05-25 11:23:27 +00:00 by mAi · 0 comments
mAi commented 2026-05-25 11:23:27 +00:00
Collaborator
Copy Link

m's report (2026-05-25 12:40)

That being said: we should investigate a regular Backup Mode so all Data is exported into an "Admin Excel" where we have sensible data out of the box / right from the export.

Phase: inventor design (READ-ONLY)

Inventor → coder gate per project CLAUDE.md.

Context

Distinct from the per-project Daten Exportieren tab. This is a system-wide admin-facing backup that produces a single "Admin Excel" workbook with sensible data right from export — usable as a regular snapshot of the whole platform state.

Open design questions (R = recommended default — escalate only material picks)

  1. Frequency / trigger — scheduled cron (e.g. nightly) vs. on-demand button? (R) both: scheduled nightly to a known location AND an on-demand button on a new admin page.
  2. Scope of "all data" — which paliad.* tables?
    • (R) projects (tree + path + status), parties (+ party assignments to projects), deadlines (+ rules + actuals), appointments, notes (incl. polymorphic notes that landed), audit/events feed, team memberships, custom views, checklist instances, submission drafts.
    • Exclude: encrypted CalDAV credentials, paliadin chat history (sensitive), submission template bytes (those live in mWorkRepo).
  3. Workbook structure — one Excel file, one sheet per table? With:
    • A README sheet (export timestamp, FIRM_NAME, paliad version SHA, row counts per sheet)
    • Lookup sheets for enums (proceeding_type, event_type) so foreign keys are human-readable
    • (R) yes — separate sheets, README first, lookup sheets last. Foreign-key columns annotated with the human-readable label in parentheses where useful.
  4. Visibility / RLS — backup is admin-only by definition, so bypass can_see_project via service role. (R) yes — but the admin role gate is enforced at the handler.
  5. Storage — where do scheduled backups land?
    • (R) Supabase Storage bucket paliad-backups, dated key (backup-YYYY-MM-DD.xlsx), retention via Supabase lifecycle rule (90 days). On-demand path streams the file directly to the user.
  6. File format.xlsx (via xuri/excelize or tealeg/xlsx) vs CSV-per-table-zipped?
    • (R) .xlsx — m said "Admin Excel" explicitly. Single file beats a zip for the daily-snapshot use case.
  7. Sensitive data redaction — what gets redacted in the export?
    • (R) nothing for the admin role; this is an internal backup, not a sharable artifact.
  8. UI surface — new admin page (e.g. /admin/backups) listing past backups + a "Backup jetzt erstellen" button? (R) yes — basic admin page with a chronological list + download link per backup + on-demand button.
  9. Audit trail — log every backup creation/download in paliad.events. (R) yes — kind = backup-created / backup-downloaded, includes admin user and timestamp.
  10. Dependencies — Go xlsx library. xuri/excelize is the de-facto choice. Approve dep addition as part of the design? Flag for m.

Deliverable

docs/design-backup-mode-2026-05-25.md on branch mai/<inventor>/backup-mode-design. Sections:

  • §0 TL;DR
  • §1 Premises verified live (current export surface, schema enumeration)
  • §2 m's decisions (filled post head → m round-trip; inventor proposes R, head escalates picks)
  • §3 Architecture (scheduler, storage, handler, admin UI)
  • §4 Schema additions (none expected; possibly a paliad.backups table for the index)
  • §5 Service layer (BackupService, generation pipeline)
  • §6 UI surface (/admin/backups page mockup)
  • §7 Workbook layout (sheet list + column contract)
  • §8 Permissions + audit
  • §9 Slice plan (A: on-demand + workbook generator; B: scheduler + storage; C: admin UI polish)
  • §10 Out of scope
  • §11 Open questions for m (only the picks the inventor couldn't default with R)

Hard rules

  • READ-ONLY design phase. No code, no migrations.
  • Head answers questions — NO AskUserQuestion. Inventor uses mai instruct head. Defaults to (R); escalate to head only on material picks.
  • Verify current paliad export surfaces live before designing (read internal/handlers/exports.go or equivalent + frontend/src/client/projects-detail.ts Daten Exportieren section).

When done

Push design doc + mai report completed with "DESIGN READY FOR REVIEW". Inventor stays parked. Head gates coder shift.

Out of scope

  • Restore-from-backup tooling (separate phase).
  • Multi-tenant / per-firm separation (paliad is single-firm today).
  • Encrypted backups at rest (Supabase Storage handles encryption at the bucket level; we don't need a second layer for v1).
## m's report (2026-05-25 12:40) > That being said: we should investigate a regular Backup Mode so all Data is exported into an "Admin Excel" where we have sensible data out of the box / right from the export. ## Phase: inventor design (READ-ONLY) Inventor → coder gate per project CLAUDE.md. ## Context Distinct from the per-project Daten Exportieren tab. This is a system-wide admin-facing backup that produces a single "Admin Excel" workbook with sensible data right from export — usable as a regular snapshot of the whole platform state. ## Open design questions (R = recommended default — escalate only material picks) 1. **Frequency / trigger** — scheduled cron (e.g. nightly) vs. on-demand button? **(R) both**: scheduled nightly to a known location AND an on-demand button on a new admin page. 2. **Scope of "all data"** — which paliad.* tables? - **(R)** projects (tree + path + status), parties (+ party assignments to projects), deadlines (+ rules + actuals), appointments, notes (incl. polymorphic notes that landed), audit/events feed, team memberships, custom views, checklist instances, submission drafts. - Exclude: encrypted CalDAV credentials, paliadin chat history (sensitive), submission template bytes (those live in mWorkRepo). 3. **Workbook structure** — one Excel file, one sheet per table? With: - A README sheet (export timestamp, FIRM_NAME, paliad version SHA, row counts per sheet) - Lookup sheets for enums (proceeding_type, event_type) so foreign keys are human-readable - **(R)** yes — separate sheets, README first, lookup sheets last. Foreign-key columns annotated with the human-readable label in parentheses where useful. 4. **Visibility / RLS** — backup is admin-only by definition, so bypass `can_see_project` via service role. **(R)** yes — but the admin role gate is enforced at the handler. 5. **Storage** — where do scheduled backups land? - **(R)** Supabase Storage bucket `paliad-backups`, dated key (`backup-YYYY-MM-DD.xlsx`), retention via Supabase lifecycle rule (90 days). On-demand path streams the file directly to the user. 6. **File format** — `.xlsx` (via `xuri/excelize` or `tealeg/xlsx`) vs CSV-per-table-zipped? - **(R)** `.xlsx` — m said "Admin Excel" explicitly. Single file beats a zip for the daily-snapshot use case. 7. **Sensitive data redaction** — what gets redacted in the export? - **(R)** nothing for the admin role; this is an internal backup, not a sharable artifact. 8. **UI surface** — new admin page (e.g. `/admin/backups`) listing past backups + a "Backup jetzt erstellen" button? **(R)** yes — basic admin page with a chronological list + download link per backup + on-demand button. 9. **Audit trail** — log every backup creation/download in `paliad.events`. **(R)** yes — `kind = backup-created` / `backup-downloaded`, includes admin user and timestamp. 10. **Dependencies** — Go xlsx library. `xuri/excelize` is the de-facto choice. Approve dep addition as part of the design? Flag for m. ## Deliverable `docs/design-backup-mode-2026-05-25.md` on branch `mai/<inventor>/backup-mode-design`. Sections: - §0 TL;DR - §1 Premises verified live (current export surface, schema enumeration) - §2 m's decisions (filled post head → m round-trip; inventor proposes R, head escalates picks) - §3 Architecture (scheduler, storage, handler, admin UI) - §4 Schema additions (none expected; possibly a `paliad.backups` table for the index) - §5 Service layer (BackupService, generation pipeline) - §6 UI surface (`/admin/backups` page mockup) - §7 Workbook layout (sheet list + column contract) - §8 Permissions + audit - §9 Slice plan (A: on-demand + workbook generator; B: scheduler + storage; C: admin UI polish) - §10 Out of scope - §11 Open questions for m (only the picks the inventor couldn't default with R) ## Hard rules - READ-ONLY design phase. No code, no migrations. - **Head answers questions** — NO AskUserQuestion. Inventor uses `mai instruct head`. Defaults to (R); escalate to head only on material picks. - Verify current paliad export surfaces live before designing (read `internal/handlers/exports.go` or equivalent + `frontend/src/client/projects-detail.ts` Daten Exportieren section). ## When done Push design doc + `mai report completed` with "DESIGN READY FOR REVIEW". Inventor stays parked. Head gates coder shift. ## Out of scope - Restore-from-backup tooling (separate phase). - Multi-tenant / per-firm separation (paliad is single-firm today). - Encrypted backups at rest (Supabase Storage handles encryption at the bucket level; we don't need a second layer for v1).
mAi self-assigned this 2026-05-25 11:23:27 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
deferred
Parked — not pursuing now, may un-park later
done
Work completed by an agent; awaiting m to close
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
mAi m
No Assignees mAi
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: m/paliad#77
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?