Skip to main content

title: CLI Production Safety description: Guardrails for destructive operations in production.

CLI Production Safety

Goal

  • Prevent accidental destructive operations in production.
  • Keep operator intent explicit for high-risk commands.

Production guard contract

Destructive commands require the following when APP_ENV=production or NODE_ENV=production:
  • ELOQUENT_ALLOW_PROD_DESTRUCTIVE=true
  • --force
  • --yes

Choosing APP_ENV

Use APP_ENV to describe where the process is running.
  • APP_ENV=development
    • local development
    • local test harnesses
    • non-production integration work
    • normal day-to-day CLI use on a developer machine
  • APP_ENV=production
    • real deployed environments
    • production app servers
    • controlled production migration jobs
    • maintenance or release pipelines that touch production data
Do not set APP_ENV=production on your local machine unless you are intentionally validating production safety behavior.

Local development app

APP_ENV=development
ELOQUENT_DB_ROLE=runtime

Local development migration run

APP_ENV=development
ELOQUENT_DB_ROLE=migration

Production app runtime

APP_ENV=production
ELOQUENT_DB_ROLE=runtime

Production migration or maintenance job

APP_ENV=production
ELOQUENT_DB_ROLE=migration
This keeps the deployed app on least-privilege runtime credentials while letting a dedicated migration job use migration credentials.

Destructive commands (guarded)

  • make:model
  • make:registry
  • make:controller
  • make:service
  • make:seed
  • make:factory
  • make:scenario
  • make:migration
  • migrate:fresh
  • migrate:reset
  • db:seed:fresh

Safe commands

  • migrate:status
  • db:seed (except precheck requirements for --all-connections)
  • db:seed:precheck
  • factory:status
  • cache:stats
  • list

Seed all-connections precheck

When running: 
eloquent db:seed --all-connections --class UserSeeder
the CLI runs a bootstrap precheck for migration and connection consistency. If precheck fails:
  1. Run migrations first (migrate:run or migrate:run --test).
  2. Retry db:seed.
Manual precheck: 
eloquent db:seed:precheck --all-connections

Controlled production example

export APP_ENV=production
export ELOQUENT_DB_ROLE=migration
export ELOQUENT_ALLOW_PROD_DESTRUCTIVE=true
eloquent migrate:reset --all-connections --all-migrations --force --yes
  1. Run migrate:status before destructive commands.
  2. Keep migration and seed operations inside CI/CD jobs.
  3. Use least-privilege credentials for runtime vs migration roles.
  4. Keep audit logs enabled around migration/seed windows.

Cache operations checklist

Use these commands during operational diagnosis or after destructive data resets: 
eloquent cache:stats
eloquent cache:clear
Recommended use:
  1. inspect cache behavior with cache:stats
  2. clear cache after fresh rebuilds, restore tests, or seed resets if stale reads are suspected