Retention and Stress Governance
Admin and operator guide for safe data retention, stress-test datasets, cleanup manifests, and governance validation
Use this page before deleting operational data, generating stress data, or running governance checks in QA.
Retention Model
Retention is allowlisted and evidence-aware. The repo includes Data_Retention_Policy__mdt, Data_Retention_Run__c, OrgDataRetentionService, OrgDataRetentionBatch, and OrgDataRetentionScheduler.
Retention policies should identify:
| Policy field | Meaning |
|---|---|
Policy_Key__c | Stable policy identifier. |
Target_Object__c | Object being scanned. |
Retention_Days__c | Normal retention window. |
Failure_Retention_Days__c | Failure/evidence retention window when supported. |
Batch_Size__c | Batch execution size. |
Max_Records_Per_Run__c | Operational safety cap. |
Run_Order__c | Execution ordering across policies. |
Active__c | Whether the policy is live. |
Retention runs should leave Data_Retention_Run__c evidence with status, job id, scanned, updated, deleted, and failed counts.
Safe Candidates
Safe candidates are typically high-volume operational records that do not form customer, finance, payment, fulfillment, or audit evidence after their retention window.
Examples that can be considered with explicit policy:
| Candidate | Notes |
|---|---|
| API request/runtime logs | Keep failure windows longer than success noise. |
| Runtime request history | Keep enough history for incident analysis. |
| Sync history past retention windows | Preserve failures and linked operational evidence. |
| Inventory and fulfillment snapshots | Preserve reporting windows and current state. |
| Duplicate overview snapshots | Keep enough trend history for admin reporting. |
| Sandbox generated data | Use run labels and manifests for cleanup. |
Do Not Purge Without Separate Approval
Do not include these in general retention cleanup:
| Data | Reason |
|---|---|
| Payment transactions, attempts, receipts, processor events, settlement lines | Financial and processor evidence. |
| Invoices and invoice lines | AR, customer, tax, and accounting evidence. |
| Inventory transactions and PO receipts | Stock and purchasing audit. |
| Sales order audit, delete audit, financial audit | Operational and governance evidence. |
| Tracking and shipment evidence | Customer service and fulfillment evidence. |
| Credit/RMA-related evidence | Finance and customer adjustment context. |
| GL account/default records | Accounting configuration and posting readiness. |
Stress Tooling
The repo uses local stress operator scripts rather than depending on an in-org Stress Lab runtime. Relevant scripts include:
node scripts/stress/salesforce-stress-preflight.mjs --target-org vesper
node scripts/stress/salesforce-stress-generate.mjs --target-org vesper
node scripts/stress/salesforce-stress-cleanup.mjs --target-org vesper --manifest path/to/manifest.jsonUse stress data only in sandbox environments. Keep generated run labels, manifests, and cleanup commands with the test evidence.
Stress Preflight
Before generating stress data:
- Confirm target org is sandbox.
- Confirm Salesforce authentication.
- Confirm provider references or target warehouse assumptions.
- Confirm the run label.
- Confirm the expected record volume.
- Confirm cleanup manifest location.
If preflight fails, fix the environment before generating data.
Cleanup Rules
Cleanup should be manifest-backed. Do not rely on broad name matching if a manifest exists.
Cleanup evidence should include:
| Evidence | Why it matters |
|---|---|
| Target org | Prevents wrong-org assumptions. |
| Run label | Ties generated records together. |
| Manifest path | Makes cleanup repeatable. |
| Deleted/failed counts | Shows what happened. |
| Failed record list | Drives follow-up repair. |
Governance Commands
Use focused validation for the slice you changed, then broader governance when risk justifies it.
Common commands:
npm run permissions:audit
npm run permissions:policy
npm run architecture:retirement:audit
npm run verify:governance:fullFor docs-only changes, Salesforce governance commands are normally unnecessary. For Salesforce metadata, permission sets, payment, 3PL, warehouse, or RMA boundary changes, run focused tests plus governance checks before claiming readiness.
Last updated on