underpost 2.92.0 → 2.95.1

package/scripts/disk-clean.sh

@@ -0,0 +1,216 @@
+#!/usr/bin/env bash
+# disk-clean.sh
+# Safe, interactive disk cleanup for Rocky/RHEL-like systems.
+
+set -u # Detect undefined variables (removed -e to handle errors manually where it matters)
+IFS=$'\n\t'
+
+AUTO_YES=0
+LXD_FLAG=0
+VACUUM_SIZE="500M"
+TMP_AGE_DAYS=7
+LOG_GZ_AGE_DAYS=90
+ROOT_CACHE_AGE_DAYS=30
+AGGRESSIVE=0
+
+# Colors for better readability
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+usage() {
+  cat <<EOF
+Usage: $0 [--yes] [--aggressive] [--lxd] [--vacuum-size SIZE]
+
+Options:
+  --yes            run destructive actions without asking
+  --aggressive     clean user caches (npm, pip, conda, root .cache)
+  --lxd            enable lxc image prune
+  --vacuum-size X  set journalctl --vacuum-size (default: $VACUUM_SIZE)
+  -h, --help       show this help
+EOF
+}
+
+# Parse args
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --yes) AUTO_YES=1; shift;;
+    --aggressive) AGGRESSIVE=1; shift;;
+    --lxd) LXD_FLAG=1; shift;;
+    --vacuum-size) VACUUM_SIZE="$2"; shift 2;;
+    -h|--help) usage; exit 0;;
+    *) echo "Unknown argument: $1"; usage; exit 2;;
+  esac
+done
+
+log() { echo -e "${GREEN}[INFO]${NC} $*"; }
+warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
+error() { echo -e "${RED}[ERROR]${NC} $*"; }
+
+run() {
+  # Runs the command safely
+  echo "+ $*"
+  # Execute the command passed as arguments, preserving quotes/spaces
+  "$@" || {
+      warn "Command failed (non-critical): $*"
+      return 0
+  }
+}
+
+confirm() {
+  if [[ $AUTO_YES -eq 1 ]]; then
+    return 0
+  fi
+  # Use </dev/tty to ensure we read from user even inside a pipe loop
+  read -r -p "$1 [y/N]: " ans </dev/tty
+  case "$ans" in
+    [Yy]|[Yy][Ee][Ss]) return 0;;
+    *) return 1;;
+  esac
+}
+
+require_root() {
+  if [[ $EUID -ne 0 ]]; then
+    error "This script must be run as root."
+    exit 1
+  fi
+}
+
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+require_root
+
+log "Starting cleanup (aggressive=$AGGRESSIVE)"
+
+# 1) Package Manager (DNF)
+if command_exists dnf; then
+  log "Cleaning DNF caches"
+  run dnf clean all
+  run rm -rf /var/cache/dnf
+  if confirm "Run 'dnf autoremove -y' for orphan packages?"; then
+    run dnf autoremove -y
+  else
+    log "Skipped dnf autoremove"
+  fi
+else
+  warn "dnf not found"
+fi
+
+# 2) Journal logs
+if command_exists journalctl; then
+  log "Current Journal disk usage:"
+  journalctl --disk-usage || true
+
+  if confirm "Run 'journalctl --vacuum-size=$VACUUM_SIZE'?"; then
+    run journalctl --vacuum-size="$VACUUM_SIZE"
+  else
+    log "Skipped journal vacuum"
+  fi
+fi
+
+# 3) /var/tmp
+if [[ -d /var/tmp ]]; then
+  if confirm "Delete files in /var/tmp older than $TMP_AGE_DAYS days?"; then
+    find /var/tmp -mindepth 1 -mtime +$TMP_AGE_DAYS -delete
+  fi
+fi
+
+# 4) Old compressed logs
+if [[ -d /var/log ]]; then
+  if confirm "Delete compressed logs (.gz) in /var/log older than $LOG_GZ_AGE_DAYS days?"; then
+    find /var/log -type f -name '*.gz' -mtime +$LOG_GZ_AGE_DAYS -delete
+  fi
+fi
+
+# 5) Snap: disabled revisions
+if command_exists snap; then
+  log "Searching for old Snap revisions"
+  # Save to variable only if successful
+  disabled_snaps=$(snap list --all 2>/dev/null | awk '/disabled/ {print $1, $3}') || disabled_snaps=""
+
+  if [[ -n "$disabled_snaps" ]]; then
+    echo "Disabled snap revisions found:"
+    echo "$disabled_snaps"
+    if confirm "Remove all disabled revisions?"; then
+      while read -r pkg rev; do
+        [[ -z "$pkg" ]] && continue
+        log "Removing snap $pkg (revision $rev)"
+        run snap remove "$pkg" --revision="$rev"
+      done <<< "$disabled_snaps"
+
+      log "Setting snap retention to 2"
+      run snap set system refresh.retain=2
+    fi
+  else
+    log "No disabled snap revisions found."
+  fi
+fi
+
+# 6) LXD
+if command_exists lxc; then
+  if [[ $LXD_FLAG -eq 1 ]]; then
+    if confirm "Run 'lxc image prune'?"; then
+      run lxc image prune -f
+    fi
+  else
+     log "Skipping LXD (use --lxd to enable)"
+  fi
+fi
+
+# 7) Docker / Containerd
+if command_exists docker; then
+  if confirm "Run 'docker system prune -a --volumes'? (WARNING: Removes stopped containers)"; then
+    run docker system prune -a --volumes -f
+  fi
+elif command_exists crictl; then
+  if confirm "Attempt to remove images with crictl?"; then
+    run crictl rmi --prune
+  fi
+fi
+
+# 8) Large Files (>1G) - Completely rewritten logic
+log "Scanning for files larger than 1G (this may take a while)..."
+
+# Use while loop with find -print0 to handle filenames with spaces safely
+FOUND_LARGE=0
+# Note: find does not modify filesystem here, safe to run always
+while IFS= read -r -d '' file; do
+  FOUND_LARGE=1
+  # Get readable size to show user
+  filesize=$(du -h "$file" | cut -f1)
+
+  echo -e "Large file found: ${YELLOW}$file${NC} (Size: $filesize)"
+
+  if confirm "  -> Delete this file?"; then
+    run rm -vf "$file"
+  else
+    log "Skipped: $file"
+  fi
+done < <(find / -xdev -type f -size +1G -print0 2>/dev/null)
+
+if [[ $FOUND_LARGE -eq 0 ]]; then
+  log "No files >1G found in /"
+fi
+
+# 9) Aggressive Caches
+if [[ $AGGRESSIVE -eq 1 ]]; then
+  log "Aggressive mode enabled"
+  command_exists npm && confirm "Run 'npm cache clean --force'?" && run npm cache clean --force
+  command_exists pip && confirm "Run 'pip cache purge'?" && run pip cache purge
+  command_exists conda && confirm "Run 'conda clean --all -y'?" && run conda clean --all -y
+
+  if [[ -d /root/.cache ]]; then
+    if confirm "Delete /root/.cache (> $ROOT_CACHE_AGE_DAYS days)?"; then
+       find /root/.cache -type f -mtime +$ROOT_CACHE_AGE_DAYS -delete
+    fi
+  fi
+fi
+
+# 10) Final
+log "Final disk usage:"
+df -h --total | grep total || df -h /
+
+log "Cleanup finished."

package/scripts/ssh-cluster-info.sh

@@ -3,12 +3,13 @@ set -euo pipefail
 
 REMOTE_USER=$(node bin config get --plain DEFAULT_SSH_USER)
 REMOTE_HOST=$(node bin config get --plain DEFAULT_SSH_HOST)
+REMOTE_PORT=$(node bin config get --plain DEFAULT_SSH_PORT)
 SSH_KEY=$(node bin config get --plain DEFAULT_SSH_KEY_PATH)
 
 chmod 600 "$SSH_KEY"
 
-ssh -i "$SSH_KEY" -o BatchMode=yes "${REMOTE_USER}@${REMOTE_HOST}" sh <<EOF
+ssh -i "$SSH_KEY" -o BatchMode=yes "${REMOTE_USER}@${REMOTE_HOST}" -p ${REMOTE_PORT} sh <<EOF
 cd /home/dd/engine
-node bin deploy dd production --status
-kubectl get pods -A
+sudo -n -- /bin/bash -lc "node bin deploy dd production --status"
+sudo -n -- /bin/bash -lc "kubectl get pods -A"
 EOF

package/src/cli/cluster.js

@@ -558,7 +558,7 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
       }
 
       if (kubeconfigPath) {
-        shellExec(`sudo -E cp -i ${kubeconfigPath} ~/.kube/config`);
+        shellExec(`sudo -E cp -i -f ${kubeconfigPath} ~/.kube/config`);
         shellExec(`sudo -E chown $(id -u):$(id -g) ~/.kube/config`);
       } else if (clusterType === 'kind') {
         // For Kind, the kubeconfig is usually merged automatically or can be explicitly exported

package/src/cli/db.js

@@ -49,7 +49,6 @@ const KUBECTL_TIMEOUT = 300000; // 5 minutes
  * @property {string} [paths=''] - Comma-separated list of paths to include
  * @property {string} [labelSelector=''] - Kubernetes label selector for pods
  * @property {boolean} [allPods=false] - Flag to target all matching pods
- * @property {boolean} [dryRun=false] - Flag to simulate operations without executing
  * @property {boolean} [primaryPod=false] - Flag to automatically detect and use MongoDB primary pod
  * @property {boolean} [stats=false] - Flag to display collection/table statistics
  */
@@ -171,17 +170,11 @@ class UnderpostDB {
      * @private
      * @param {string} command - kubectl command to execute
      * @param {Object} options - Execution options
-     * @param {boolean} [options.dryRun=false] - Dry run mode
      * @param {string} [options.context=''] - Command context for logging
      * @returns {string|null} Command output or null on error
      */
     _executeKubectl(command, options = {}) {
-      const { dryRun = false, context = '' } = options;
-
-      if (dryRun) {
-        logger.info(`[DRY RUN] Would execute: ${command}`, { context });
-        return null;
-      }
+      const { context = '' } = options;
 
       try {
         logger.info(`Executing kubectl command`, { command, context });
@@ -200,13 +193,12 @@ class UnderpostDB {
      * @param {string} params.podName - Target pod name
      * @param {string} params.namespace - Pod namespace
      * @param {string} params.destPath - Destination path in pod
-     * @param {boolean} [params.dryRun=false] - Dry run mode
      * @returns {boolean} Success status
      */
-    _copyToPod({ sourcePath, podName, namespace, destPath, dryRun = false }) {
+    _copyToPod({ sourcePath, podName, namespace, destPath }) {
       try {
         const command = `sudo kubectl cp ${sourcePath} ${namespace}/${podName}:${destPath}`;
-        UnderpostDB.API._executeKubectl(command, { dryRun, context: `copy to pod ${podName}` });
+        UnderpostDB.API._executeKubectl(command, { context: `copy to pod ${podName}` });
         return true;
       } catch (error) {
         logger.error('Failed to copy file to pod', { sourcePath, podName, destPath, error: error.message });
@@ -222,13 +214,12 @@ class UnderpostDB {
      * @param {string} params.namespace - Pod namespace
      * @param {string} params.sourcePath - Source path in pod
      * @param {string} params.destPath - Destination file path
-     * @param {boolean} [params.dryRun=false] - Dry run mode
      * @returns {boolean} Success status
      */
-    _copyFromPod({ podName, namespace, sourcePath, destPath, dryRun = false }) {
+    _copyFromPod({ podName, namespace, sourcePath, destPath }) {
       try {
         const command = `sudo kubectl cp ${namespace}/${podName}:${sourcePath} ${destPath}`;
-        UnderpostDB.API._executeKubectl(command, { dryRun, context: `copy from pod ${podName}` });
+        UnderpostDB.API._executeKubectl(command, { context: `copy from pod ${podName}` });
         return true;
       } catch (error) {
         logger.error('Failed to copy file from pod', { podName, sourcePath, destPath, error: error.message });
@@ -243,13 +234,12 @@ class UnderpostDB {
      * @param {string} params.podName - Pod name
      * @param {string} params.namespace - Pod namespace
      * @param {string} params.command - Command to execute
-     * @param {boolean} [params.dryRun=false] - Dry run mode
      * @returns {string|null} Command output or null
      */
-    _execInPod({ podName, namespace, command, dryRun = false }) {
+    _execInPod({ podName, namespace, command }) {
       try {
         const kubectlCmd = `sudo kubectl exec -n ${namespace} -i ${podName} -- sh -c "${command}"`;
-        return UnderpostDB.API._executeKubectl(kubectlCmd, { dryRun, context: `exec in pod ${podName}` });
+        return UnderpostDB.API._executeKubectl(kubectlCmd, { context: `exec in pod ${podName}` });
       } catch (error) {
         logger.error('Failed to execute command in pod', { podName, command, error: error.message });
         throw error;
@@ -286,7 +276,9 @@ class UnderpostDB {
           case 'pull':
             if (fs.existsSync(repoPath)) {
               shellExec(`cd ${repoPath} && git checkout . && git clean -f -d`);
-              shellExec(`cd ${repoPath} && underpost pull . ${username}/${repoName}`);
+              shellExec(`cd ${repoPath} && underpost pull . ${username}/${repoName}`, {
+                silent: true,
+              });
               logger.info(`Pulled repository: ${repoName}`);
             }
             break;
@@ -301,7 +293,7 @@ class UnderpostDB {
 
           case 'push':
             if (fs.existsSync(repoPath)) {
-              shellExec(`cd ${repoPath} && underpost push . ${username}/${repoName}`, { disableLog: true });
+              shellExec(`cd ${repoPath} && underpost push . ${username}/${repoName}`, { silent: true });
               logger.info(`Pushed repository: ${repoName}`);
             }
             break;
@@ -376,10 +368,9 @@ class UnderpostDB {
      * @param {string} params.user - Database user
      * @param {string} params.password - Database password
      * @param {string} params.sqlPath - SQL file path
-     * @param {boolean} [params.dryRun=false] - Dry run mode
      * @returns {boolean} Success status
      */
-    _importMariaDB({ pod, namespace, dbName, user, password, sqlPath, dryRun = false }) {
+    _importMariaDB({ pod, namespace, dbName, user, password, sqlPath }) {
       try {
         const podName = pod.NAME;
         const containerSqlPath = `/${dbName}.sql`;
@@ -391,7 +382,6 @@ class UnderpostDB {
           podName,
           namespace,
           command: `rm -rf ${containerSqlPath}`,
-          dryRun,
         });
 
         // Copy SQL file to pod
@@ -401,7 +391,6 @@ class UnderpostDB {
             podName,
             namespace,
             destPath: containerSqlPath,
-            dryRun,
           })
         ) {
           return false;
@@ -410,12 +399,12 @@ class UnderpostDB {
         // Create database if it doesn't exist
         UnderpostDB.API._executeKubectl(
           `kubectl exec -n ${namespace} -i ${podName} -- mariadb -p${password} -e 'CREATE DATABASE IF NOT EXISTS ${dbName};'`,
-          { dryRun, context: `create database ${dbName}` },
+          { context: `create database ${dbName}` },
         );
 
         // Import SQL file
         const importCmd = `mariadb -u ${user} -p${password} ${dbName} < ${containerSqlPath}`;
-        UnderpostDB.API._execInPod({ podName, namespace, command: importCmd, dryRun });
+        UnderpostDB.API._execInPod({ podName, namespace, command: importCmd });
 
         logger.info('Successfully imported MariaDB database', { podName, dbName });
         return true;
@@ -435,10 +424,9 @@ class UnderpostDB {
      * @param {string} params.user - Database user
      * @param {string} params.password - Database password
      * @param {string} params.outputPath - Output file path
-     * @param {boolean} [params.dryRun=false] - Dry run mode
      * @returns {boolean} Success status
      */
-    async _exportMariaDB({ pod, namespace, dbName, user, password, outputPath, dryRun = false }) {
+    async _exportMariaDB({ pod, namespace, dbName, user, password, outputPath }) {
       try {
         const podName = pod.NAME;
         const containerSqlPath = `/home/${dbName}.sql`;
@@ -450,12 +438,11 @@ class UnderpostDB {
           podName,
           namespace,
           command: `rm -rf ${containerSqlPath}`,
-          dryRun,
         });
 
         // Dump database
         const dumpCmd = `mariadb-dump --user=${user} --password=${password} --lock-tables ${dbName} > ${containerSqlPath}`;
-        UnderpostDB.API._execInPod({ podName, namespace, command: dumpCmd, dryRun });
+        UnderpostDB.API._execInPod({ podName, namespace, command: dumpCmd });
 
         // Copy SQL file from pod
         if (
@@ -464,14 +451,13 @@ class UnderpostDB {
             namespace,
             sourcePath: containerSqlPath,
             destPath: outputPath,
-            dryRun,
           })
         ) {
           return false;
         }
 
         // Split file if it exists
-        if (!dryRun && fs.existsSync(outputPath)) {
+        if (fs.existsSync(outputPath)) {
           await splitFileFactory(dbName, outputPath);
         }
 
@@ -493,10 +479,9 @@ class UnderpostDB {
      * @param {string} params.bsonPath - BSON directory path
      * @param {boolean} params.drop - Whether to drop existing database
      * @param {boolean} params.preserveUUID - Whether to preserve UUIDs
-     * @param {boolean} [params.dryRun=false] - Dry run mode
      * @returns {boolean} Success status
      */
-    _importMongoDB({ pod, namespace, dbName, bsonPath, drop, preserveUUID, dryRun = false }) {
+    _importMongoDB({ pod, namespace, dbName, bsonPath, drop, preserveUUID }) {
       try {
         const podName = pod.NAME;
         const containerBsonPath = `/${dbName}`;
@@ -508,7 +493,6 @@ class UnderpostDB {
           podName,
           namespace,
           command: `rm -rf ${containerBsonPath}`,
-          dryRun,
         });
 
         // Copy BSON directory to pod
@@ -518,7 +502,6 @@ class UnderpostDB {
             podName,
             namespace,
             destPath: containerBsonPath,
-            dryRun,
           })
         ) {
           return false;
@@ -528,7 +511,7 @@ class UnderpostDB {
         const restoreCmd = `mongorestore -d ${dbName} ${containerBsonPath}${drop ? ' --drop' : ''}${
           preserveUUID ? ' --preserveUUID' : ''
         }`;
-        UnderpostDB.API._execInPod({ podName, namespace, command: restoreCmd, dryRun });
+        UnderpostDB.API._execInPod({ podName, namespace, command: restoreCmd });
 
         logger.info('Successfully imported MongoDB database', { podName, dbName });
         return true;
@@ -547,10 +530,9 @@ class UnderpostDB {
      * @param {string} params.dbName - Database name
      * @param {string} params.outputPath - Output directory path
      * @param {string} [params.collections=''] - Comma-separated collection list
-     * @param {boolean} [params.dryRun=false] - Dry run mode
      * @returns {boolean} Success status
      */
-    _exportMongoDB({ pod, namespace, dbName, outputPath, collections = '', dryRun = false }) {
+    _exportMongoDB({ pod, namespace, dbName, outputPath, collections = '' }) {
       try {
         const podName = pod.NAME;
         const containerBsonPath = `/${dbName}`;
@@ -562,7 +544,6 @@ class UnderpostDB {
           podName,
           namespace,
           command: `rm -rf ${containerBsonPath}`,
-          dryRun,
         });
 
         // Dump database or specific collections
@@ -570,11 +551,11 @@ class UnderpostDB {
           const collectionList = collections.split(',').map((c) => c.trim());
           for (const collection of collectionList) {
             const dumpCmd = `mongodump -d ${dbName} --collection ${collection} -o /`;
-            UnderpostDB.API._execInPod({ podName, namespace, command: dumpCmd, dryRun });
+            UnderpostDB.API._execInPod({ podName, namespace, command: dumpCmd });
           }
         } else {
           const dumpCmd = `mongodump -d ${dbName} -o /`;
-          UnderpostDB.API._execInPod({ podName, namespace, command: dumpCmd, dryRun });
+          UnderpostDB.API._execInPod({ podName, namespace, command: dumpCmd });
         }
 
         // Copy BSON directory from pod
@@ -584,7 +565,6 @@ class UnderpostDB {
             namespace,
             sourcePath: containerBsonPath,
             destPath: outputPath,
-            dryRun,
           })
         ) {
           return false;
@@ -782,33 +762,26 @@ class UnderpostDB {
      * database connections, backup storage, and optional Git integration for version control.
      * Supports targeting multiple specific pods, nodes, and namespaces with advanced filtering.
      * @param {string} [deployList='default'] - Comma-separated list of deployment IDs
-     * @param {DatabaseOptions} [options] - Database operation options
-     * @returns {Promise<void>}
+     * @param {Object} options - Backup options
+     * @param {boolean} [options.import=false] - Whether to perform import operation
+     * @param {boolean} [options.export=false] - Whether to perform export operation
+     * @param {string} [options.podName=''] - Comma-separated pod name patterns to target
+     * @param {string} [options.nodeName=''] - Comma-separated node names to target
+     * @param {string} [options.ns='default'] - Kubernetes namespace
+     * @param {string} [options.collections=''] - Comma-separated MongoDB collections for export
+     * @param {string} [options.outPath=''] - Output path for backups
+     * @param {boolean} [options.drop=false] - Whether to drop existing database on import
+     * @param {boolean} [options.preserveUUID=false] - Whether to preserve UUIDs on MongoDB import
+     * @param {boolean} [options.git=false] - Whether to use Git for backup versioning
+     * @param {string} [options.hosts=''] - Comma-separated list of hosts to filter databases
+     * @param {string} [options.paths=''] - Comma-separated list of paths to filter databases
+     * @param {string} [options.labelSelector=''] - Label selector for pod filtering
+     * @param {boolean} [options.allPods=false] - Whether to target all pods in deployment
+     * @param {boolean} [options.primaryPod=false] - Whether to target MongoDB primary pod only
+     * @param {boolean} [options.stats=false] - Whether to display database statistics
+     * @param {number} [options.macroRollbackExport=1] - Number of commits to rollback in macro export
+     * @returns {Promise<void>} Resolves when operation is complete
      * @memberof UnderpostDB
-     * @example
-     * // Export database from specific pods
-     * await UnderpostDB.API.callback('dd-myapp', {
-     *   export: true,
-     *   podName: 'mariadb-statefulset-0,mariadb-statefulset-1',
-     *   ns: 'production'
-     * });
-     *
-     * @example
-     * // Import database to all matching pods on specific nodes
-     * await UnderpostDB.API.callback('dd-myapp', {
-     *   import: true,
-     *   nodeName: 'node-1,node-2',
-     *   allPods: true,
-     *   ns: 'staging'
-     * });
-     *
-     * @example
-     * // Import to MongoDB primary pod only
-     * await UnderpostDB.API.callback('dd-myapp', {
-     *   import: true,
-     *   primaryPod: true,
-     *   ns: 'production'
-     * });
      */
     async callback(
       deployList = 'default',
@@ -827,9 +800,9 @@ class UnderpostDB {
         paths: '',
         labelSelector: '',
         allPods: false,
-        dryRun: false,
         primaryPod: false,
         stats: false,
+        macroRollbackExport: 1,
       },
     ) {
       const newBackupTimestamp = new Date().getTime();
@@ -841,12 +814,13 @@ class UnderpostDB {
         throw new Error(`Invalid namespace: ${namespace}`);
       }
 
+      if (deployList === 'dd') deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8');
+
       logger.info('Starting database operation', {
         deployList,
         namespace,
         import: options.import,
         export: options.export,
-        dryRun: options.dryRun,
       });
 
       for (const _deployId of deployList.split(',')) {
@@ -895,6 +869,27 @@ class UnderpostDB {
           UnderpostDB.API._manageGitRepo({ repoName, operation: 'pull' });
         }
 
+        if (options.macroRollbackExport) {
+          UnderpostDB.API._manageGitRepo({ repoName, operation: 'clone' });
+          UnderpostDB.API._manageGitRepo({ repoName, operation: 'pull' });
+
+          const nCommits = parseInt(options.macroRollbackExport);
+          const repoPath = `../${repoName}`;
+          const username = process.env.GITHUB_USERNAME;
+
+          if (fs.existsSync(repoPath) && username) {
+            logger.info('Executing macro rollback export', { repoName, nCommits });
+            shellExec(`cd ${repoPath} && underpost cmt . reset ${nCommits}`);
+            shellExec(`cd ${repoPath} && git reset`);
+            shellExec(`cd ${repoPath} && git checkout .`);
+            shellExec(`cd ${repoPath} && git clean -f -d`);
+            shellExec(`cd ${repoPath} && underpost push . ${username}/${repoName} -f`);
+          } else {
+            if (!username) logger.error('GITHUB_USERNAME environment variable not set');
+            logger.warn('Repository not found for macro rollback', { repoPath });
+          }
+        }
+
         // Process each database provider
         for (const provider of Object.keys(dbs)) {
           for (const dbName of Object.keys(dbs[provider])) {
@@ -1040,7 +1035,6 @@ class UnderpostDB {
                       user,
                       password,
                       sqlPath: toSqlPath,
-                      dryRun: options.dryRun,
                     });
                   }
 
@@ -1053,7 +1047,6 @@ class UnderpostDB {
                       user,
                       password,
                       outputPath,
-                      dryRun: options.dryRun,
                     });
                   }
                   break;
@@ -1080,7 +1073,6 @@ class UnderpostDB {
                       bsonPath,
                       drop: options.drop,
                       preserveUUID: options.preserveUUID,
-                      dryRun: options.dryRun,
                     });
                   }
 
@@ -1092,7 +1084,6 @@ class UnderpostDB {
                       dbName,
                       outputPath,
                       collections: options.collections,
-                      dryRun: options.dryRun,
                     });
                   }
                   break;
@@ -1136,9 +1127,9 @@ class UnderpostDB {
       host = process.env.DEFAULT_DEPLOY_HOST,
       path = process.env.DEFAULT_DEPLOY_PATH,
     ) {
-      deployId = deployId ?? process.env.DEFAULT_DEPLOY_ID;
-      host = host ?? process.env.DEFAULT_DEPLOY_HOST;
-      path = path ?? process.env.DEFAULT_DEPLOY_PATH;
+      deployId = deployId ? deployId : process.env.DEFAULT_DEPLOY_ID;
+      host = host ? host : process.env.DEFAULT_DEPLOY_HOST;
+      path = path ? path : process.env.DEFAULT_DEPLOY_PATH;
 
       logger.info('Creating cluster metadata', { deployId, host, path });
 
@@ -1322,9 +1313,9 @@ class UnderpostDB {
         crons: false,
       },
     ) {
-      deployId = deployId ?? process.env.DEFAULT_DEPLOY_ID;
-      host = host ?? process.env.DEFAULT_DEPLOY_HOST;
-      path = path ?? process.env.DEFAULT_DEPLOY_PATH;
+      deployId = deployId ? deployId : process.env.DEFAULT_DEPLOY_ID;
+      host = host ? host : process.env.DEFAULT_DEPLOY_HOST;
+      path = path ? path : process.env.DEFAULT_DEPLOY_PATH;
 
       logger.info('Starting cluster metadata backup operation', {
         deployId,