Three new artisan commands modelled on blax-intranet's database
backup/restore pattern, generalised so any project pulling in
laravel-workkit gets them for free:
- workkit:db:backup
mysqldump → xz -9 → Crypt::encryptString → storage/backups/db_<conn>_<ts>.sql.xz.enc
Password is passed via MYSQL_PWD so it doesn't appear in `ps`.
- workkit:db:restore
Picks newest backup (or --file=…), inverts the pipeline, and pipes
the .sql into the mysql CLI. Detects .enc / .xz suffixes so plain
dumps and partially-encoded files work too. Confirms before
overwriting unless --force is set; emits a clear "APP_KEY
mismatch" message when Crypt::decryptString fails.
- workkit:db:prune-backups
Drops backups older than --days (defaults to 30 / config).
--dry-run shows what would go.
Encryption uses Laravel's Crypt facade, so the AES-256 key is
derived from APP_KEY — same key the rest of the app uses for cookies
and encrypted columns. A backup is restorable only by a deployment
that knows the host's APP_KEY.
Shipped config/workkit.php (mergeConfigFrom + publishes) for
overriding the backup directory and retention window without
hard-coding env-specific values in the package.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
