> ## Documentation Index
> Fetch the complete documentation index at: https://alphaconsultings.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Production safety

title: CLI Production Safety
description: Guardrails for destructive operations in production.
-----------------------------------------------------------------

# CLI Production Safety

## Goal

* Prevent accidental destructive operations in production.
* Keep operator intent explicit for high-risk commands.

## Production guard contract

Destructive commands require the following when `APP_ENV=production` or `NODE_ENV=production`:

* `ELOQUENT_ALLOW_PROD_DESTRUCTIVE=true`
* `--force`
* `--yes`

## Choosing `APP_ENV`

Use `APP_ENV` to describe where the process is running.

* `APP_ENV=development`
  * local development
  * local test harnesses
  * non-production integration work
  * normal day-to-day CLI use on a developer machine
* `APP_ENV=production`
  * real deployed environments
  * production app servers
  * controlled production migration jobs
  * maintenance or release pipelines that touch production data

Do not set `APP_ENV=production` on your local machine unless you are intentionally validating production safety behavior.

## Recommended combinations

### Local development app

```env theme={null}
APP_ENV=development
ELOQUENT_DB_ROLE=runtime
```

### Local development migration run

```env theme={null}
APP_ENV=development
ELOQUENT_DB_ROLE=migration
```

### Production app runtime

```env theme={null}
APP_ENV=production
ELOQUENT_DB_ROLE=runtime
```

### Production migration or maintenance job

```env theme={null}
APP_ENV=production
ELOQUENT_DB_ROLE=migration
```

This keeps the deployed app on least-privilege runtime credentials while letting a dedicated migration job use migration credentials.

## Destructive commands (guarded)

* `make:model`
* `make:registry`
* `make:controller`
* `make:service`
* `make:seed`
* `make:factory`
* `make:scenario`
* `make:migration`
* `migrate:fresh`
* `migrate:reset`
* `db:seed:fresh`

## Safe commands

* `migrate:status`
* `db:seed` (except precheck requirements for `--all-connections`)
* `db:seed:precheck`
* `factory:status`
* `cache:stats`
* `list`

## Seed all-connections precheck

When running:

```bash theme={null}
eloquent db:seed --all-connections --class UserSeeder
```

the CLI runs a bootstrap precheck for migration and connection consistency.

If precheck fails:

1. Run migrations first (`migrate:run` or `migrate:run --test`).
2. Retry `db:seed`.

Manual precheck:

```bash theme={null}
eloquent db:seed:precheck --all-connections
```

## Controlled production example

```bash theme={null}
export APP_ENV=production
export ELOQUENT_DB_ROLE=migration
export ELOQUENT_ALLOW_PROD_DESTRUCTIVE=true
eloquent migrate:reset --all-connections --all-migrations --force --yes
```

## Recommended operational flow

1. Run `migrate:status` before destructive commands.
2. Keep migration and seed operations inside CI/CD jobs.
3. Use least-privilege credentials for runtime vs migration roles.
4. Keep audit logs enabled around migration/seed windows.

## Cache operations checklist

Use these commands during operational diagnosis or after destructive data resets:

```bash theme={null}
eloquent cache:stats
eloquent cache:clear
```

Recommended use:

1. inspect cache behavior with `cache:stats`
2. clear cache after fresh rebuilds, restore tests, or seed resets if stale reads are suspected