Phase 10: document retention enforcement
Two-phase retention so accidental data loss is recoverable:
1. Flag rows past the effective retention horizon
(workspace.retention_days, falling through to
org_settings.retention_days; 0 = keep forever) are
marked with pending_deletion_at.
2. Hard delete rows still flagged after
org_settings.retention_grace_days (default 7) are
removed; document storage objects unlinked then.
Schema (0017_retention.sql) adds pending_deletion_at to documents,
chats, tabular_reviews and a retention_grace_days column on
org_settings. Both phases write audit events
(retention.flag / retention.hard_delete) with row counts.
backend/src/lib/retention.ts owns the SQL and a setInterval(24h)
boot scheduler, disable with RETENTION_DISABLED=true. The user
list/get surfaces (single-docs, project docs, chats, project chats,
tabular review list) hide pending-deletion rows so the UI reflects
the flag immediately.
Admin endpoints for visibility and recovery:
GET /admin/retention/pending
POST /admin/retention/restore { kind, id }
POST /admin/retention/run
| Repository | cpatpa/PIP |
|---|---|
| Author | Claude <noreply@anthropic.com> |
| Authored | |
| Parents | 0e619c23 |
| Stats | 10 files changed , +510 , -19 |
| Part of | Phase 10 - document retention enforcement |
Capture this commit into my fork
Download a Markdown prompt that tells Claude how to port this
exact commit into your working tree. Run it via
claude -p < capture-commit-490f8271.md
from inside the repo you want the change in.