From 01e47d0890ec6fd39388670099310159477ee1c9 Mon Sep 17 00:00:00 2001 From: sjat Date: Wed, 10 Jun 2026 11:21:56 +0200 Subject: [PATCH] docs(backup): add BACKUP.md step to new-role runbook (ADR-022) Co-Authored-By: Claude Opus 4.8 (1M context) --- docs/runbooks/new-role.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/runbooks/new-role.md b/docs/runbooks/new-role.md index 037dc2c..714e1fe 100644 --- a/docs/runbooks/new-role.md +++ b/docs/runbooks/new-role.md @@ -103,7 +103,18 @@ rendered from that data; the admin-API path must `firewall_ref` an entry in the `/check-access ` proves the documented paths are live — part of the service-clearance gate (`docs/security/service-checklist.md`). -### 12. Commit +### 12. Write the per-service backup record (stateful services) + +For a **stateful** service role, copy `docs/backup/service-backup-template.md` to +`roles//BACKUP.md` and populate the role's `backup__*` data (`backup__service`, +`backup__paths`, `backup__dumps` — `cmd` + `dest` per logical dump — and `backup__quiesce`; +ADR-022). Prefer logical dumps (`pg_dump`/`mysqldump`) over file-level DB copies. `BACKUP.md` +is rendered from that data. A **stateless** service sets `backup__state: false` with a +reason and gets no `BACKUP.md`. Once the backup node exists, `/check-backup ` +proves the declared state is captured — part of the service-clearance gate +(`docs/security/service-checklist.md`). + +### 13. Commit ```bash git checkout -b role/