diff --git a/docs/runbooks/new-role.md b/docs/runbooks/new-role.md index 037dc2c..714e1fe 100644 --- a/docs/runbooks/new-role.md +++ b/docs/runbooks/new-role.md @@ -103,7 +103,18 @@ rendered from that data; the admin-API path must `firewall_ref` an entry in the `/check-access ` proves the documented paths are live — part of the service-clearance gate (`docs/security/service-checklist.md`). -### 12. Commit +### 12. Write the per-service backup record (stateful services) + +For a **stateful** service role, copy `docs/backup/service-backup-template.md` to +`roles//BACKUP.md` and populate the role's `backup__*` data (`backup__service`, +`backup__paths`, `backup__dumps` — `cmd` + `dest` per logical dump — and `backup__quiesce`; +ADR-022). Prefer logical dumps (`pg_dump`/`mysqldump`) over file-level DB copies. `BACKUP.md` +is rendered from that data. A **stateless** service sets `backup__state: false` with a +reason and gets no `BACKUP.md`. Once the backup node exists, `/check-backup ` +proves the declared state is captured — part of the service-clearance gate +(`docs/security/service-checklist.md`). + +### 13. Commit ```bash git checkout -b role/