Velox Data Repository TODO
Static review performed on 2026-07-05.
Scope:
- Reviewed SQL Server schema scripts, upgrade scripts, functions, triggers, and database documentation.
- Did not modify schema or data scripts.
- Did not execute scripts against a database.
- Stability focus was on upgrade safety, destructive operations, repeatability, and operational maintainability.
High Risk
Base database scripts are destructive if run against an existing customer database
Files:
1. Database\_Master.sql1. Database\Table_*.sql1. Database\Function_DropConstraints.sql
Evidence:
_Master.sqlis a SQLCMD include script that runs table, function, trigger, and index scripts in sequence.- Many table scripts use drop/recreate patterns.
Function_DropConstraints.sqliterates constraints and executes dynamic drop statements.
Risk:
- Running the base build scripts against the wrong database can delete customer data.
- Constraint removal before table rebuilds increases blast radius.
- The script is suitable for fresh database creation, but it needs strong guardrails if operators can access it.
Suggested direction:
- Clearly label base scripts as fresh-build only.
- Add preflight checks that verify database name, environment, expected empty state, and operator intent.
- Keep production upgrades separate from destructive rebuild scripts.
Upgrade scripts are not transactionally safe
Folder:
2. Upgrades
Evidence:
- Upgrade scripts contain many batches separated by
GO. - The reviewed scripts do not use a consistent transaction,
XACT_ABORT, or failure-handling wrapper. - Version updates can appear near the start of a script, such as
Upgrade v1.15 - EDI2.sql.
Risk:
- A failed upgrade can leave the schema partially changed.
- If the version row is updated before all changes complete, future upgrade detection can believe the database is newer than it really is.
- Partial upgrades are especially risky for Velox because services and web front ends depend on stable shared schema.
Suggested direction:
- Add an upgrade runner or convention that records start/end state, failures, and required manual steps.
- Move version stamping to the end of each successful upgrade where practical.
- Add idempotency and preflight checks around destructive or data-migration steps.
Upgrade scripts include destructive drops and large structural changes
Folder:
2. Upgrades
Evidence:
- Several upgrade scripts drop tables or rebuild areas of the model.
- Examples include webhook, shipment issue, POD/tracking, event type, party code, and mapping-related upgrades.
Risk:
- Dropped tables may contain customer data that needs migration, archival, or explicit confirmation.
- Re-running an upgrade after a partial failure can fail or cause additional data loss.
Suggested direction:
- Document whether each dropped object is temporary, obsolete, or migrated elsewhere.
- Add data-preservation notes to the upgrade scripts.
- For high-risk changes, include verification queries before and after the upgrade.
Medium Risk
Manual upgrade prerequisites are embedded in comments
Files:
2. Upgrades\Upgrade v1.15 - EDI2.sql- Other large upgrade scripts with comment-led instructions
Evidence:
- Some upgrade scripts include notes for manual configuration or operational steps.
- Those notes are not enforced by the script itself.
Risk:
- Operators can miss required setup steps.
- Services may start against a schema that is structurally upgraded but operationally incomplete.
Suggested direction:
- Move manual prerequisites into an upgrade checklist.
- Add preflight queries where possible.
- Make missing prerequisites fail early with a clear error.
Dynamic SQL and cursor-based constraint cleanup are broad
File:
1. Database\Function_DropConstraints.sql
Evidence:
- The script uses a cursor over constraints and executes generated SQL.
- It does not appear to be scoped to a single subsystem.
Risk:
- Broad cleanup can remove more than intended if run in the wrong database.
- Cursor/dynamic SQL behavior can be hard to review and hard to reverse.
Suggested direction:
- Keep the script restricted to fresh-build workflows.
- Add explicit object/schema filters if the script must remain available.
Large table scripts are difficult to review safely
Files:
1. Database\Table_Issue.sql1. Database\Table_Shipment.sql1. Database\Table_Order.sql1. Database\Table_Party.sql- Large upgrade scripts under
2. Upgrades
Evidence:
- Several table and upgrade scripts are hundreds to thousands of lines long.
- Schema, indexes, defaults, constraints, and occasionally migration logic live together.
Risk:
- Important changes can be missed during review.
- Merge conflicts can be hard to resolve.
- Small schema edits have a high chance of affecting web, service, and reporting behavior.
Suggested direction:
- Keep logical object boundaries clear.
- Add generated schema diff artifacts or review checklists for large upgrades.
- Cross-reference affected application areas in upgrade comments.
SQLCMD path assumptions are environment-specific
File:
1. Database\_Master.sql
Evidence:
_Master.sqldefines a hard-coded directory variable such asC:\ProgramData\Velox\Data\Velox\Database\.
Risk:
- Running scripts from a different checkout or server layout can fail or include the wrong files.
- Installation/update scripts must keep paths synchronized.
Suggested direction:
- Document expected execution directory and SQLCMD usage.
- Prefer relative include paths where possible.
Low Risk
To-do and demo SQL files create search noise
Folders/files:
1. Database\To do2. Upgrades\zzz TO DO.sql- Demo/manual cleanup scripts
Evidence:
- The repository contains scripts that appear unfinished, experimental, or operator-specific.
Risk:
- Maintainers may confuse draft SQL with production upgrade SQL.
- Search results include obsolete ideas.
Suggested direction:
- Clearly mark draft scripts as non-production.
- Move historical notes into documentation if they should not be executable.
Runtime thread safety is mostly outside this repository
Evidence:
- This repository contains database scripts rather than long-running application code.
Risk:
- No in-process thread safety issue was identified here.
- Database concurrency still matters because Velox services and web apps can execute against the schema concurrently.
Suggested direction:
- Document transaction expectations for tables touched by service actions and web workflows.
- Add indexes and constraints based on observed concurrent workloads.
Duplicate Code Areas
- Repeated table drop/create boilerplate.
- Repeated upgrade patterns for object recreation.
- Repeated version and reference-data changes across upgrade scripts.
- Similar event/type/status table patterns.
Dead Code / Stub Areas
2. Upgrades\zzz TO DO.sqlappears non-production.1. Database\To doappears to contain draft or planning SQL.- Any demo/manual delete scripts should remain clearly separated from installable upgrade scripts.
Thread Safety / Concurrency Concerns
- Database concurrency is the main concern rather than application thread safety.
- Upgrade scripts should not run while VeloxService, VeloxAPIService, or web front ends are active unless explicitly designed for online migration.
- Tables used by file/message processing need careful locking, indexing, and transaction design, but static SQL review alone does not prove runtime behavior.
32-bit / 64-bit Concerns
- No direct pointer-size issue exists in SQL scripts.
- Operational bitness still matters through SQL Server drivers used by Velox binaries.
- Scripts should document required SQL Server version/features so 32-bit/64-bit client differences do not hide compatibility problems.
Performance Concerns
- Large upgrades can hold locks for long periods.
- Rebuilding tables or dropping constraints can block production services.
- Cursor/dynamic SQL cleanup can be slow on large databases.
- Missing preflight row counts and timing estimates make maintenance-window planning difficult.
Areas Difficult to Maintain
- Large monolithic upgrade scripts.
- Fresh-build scripts that are destructive by design.
- Manual upgrade instructions embedded in comments.
- Schema shared by Delphi services, API service, and web applications.
Open Questions
- Is there an official upgrade runner, or are scripts executed manually?
- Are base database scripts ever run on customer databases after first install?
- What rollback strategy is expected after a failed upgrade?
- Which SQL Server versions are supported?
- Are services always stopped before upgrades?