# Rollback Playbooks Rollback should prefer feature flags over destructive database rollback. ## Finance 1. Disable `finance.modular_payments.enabled` or `finance.modular_file_access.enabled`. 2. Preserve audit/idempotency logs. 3. Run finance reconciliation. 4. Review payment/invoice deltas with finance owner. 5. Apply forward-fix migration if production writes occurred. ## Attendance 1. Disable attendance scanner/manual override flags. 2. Preserve scan logs. 3. Run duplicate/missing attendance reconciliation. 4. Notify operations if scanner behavior changed. ## Students 1. Disable modular creation/enrollment flags. 2. Run student/guardian/enrollment count validation. 3. Check identifier uniqueness and collision logs. 4. Repair only through audited scripts. ## Communication 1. Disable modular send flag. 2. Stop scheduled send queues if needed. 3. Check idempotency and message logs before retrying anything. 4. Verify no duplicate sends are pending. ## Reporting 1. Disable modular report flag. 2. Disable scheduled reports if sensitive exports are affected. 3. Preserve report snapshot/export audit logs. ## Islamic Sunday School Extension 1. Disable extension flag only if extension workflows are unsafe. 2. Preserve sensitive access audit logs. 3. Validate profile/report access permissions before re-enable.