Account-level data export and cascade deletion (SEC-003).
Encapsulates the workspace-scoped queries needed for GDPR/CCPA data portability (export) and right-to-erasure (deletion). All DB access goes through this module — route handlers never write raw SQL.
Methods
(static) buildAccountExport(userId) → {Object}
Build a JSON-serialisable export payload for all data owned by a user.
Scope:
- User profile (sensitive fields stripped)
- Workspaces owned by the user
- Workspace memberships
- Projects, tests, runs, activities in owned workspaces
- Notification settings and schedules for owned projects
Parameters:
| Name | Type | Description |
|---|---|---|
userId |
string |
Returns:
- Type
- Object
(static) deleteAccount(userId)
Hard-delete a user account and all owned workspace data in a single transaction. This is the GDPR Article 17 "right to erasure" implementation.
Cascade order:
- Per-project children: notification_settings, schedules, webhook_tokens
- Per-test children: healing_history
- Per-workspace children: activities, run_logs → runs, tests, projects
- Workspace membership and workspace rows
- User-level rows: workspace_members (non-owned), oauth_ids, password_reset_tokens, verification_tokens, users
Parameters:
| Name | Type | Description |
|---|---|---|
userId |
string |
Throws:
-
If the transaction fails (caller should catch and 500).
- Type
- Error
(inner) placeholders(ids) → {string}
Build a comma-separated placeholder string for a parameterised IN clause.
Parameters:
| Name | Type | Description |
|---|---|---|
ids |
Array.<string> |
Returns:
e.g. "?, ?, ?"
- Type
- string