From 81dac4f28b0834eb817dfc7f8cf795a29b1b4a4c Mon Sep 17 00:00:00 2001 From: sjat Date: Wed, 10 Jun 2026 11:20:55 +0200 Subject: [PATCH] docs(backup): gate BACKUP.md in service checklist (ADR-022) --- docs/security/service-checklist.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/security/service-checklist.md b/docs/security/service-checklist.md index ea30151..4184dc7 100644 --- a/docs/security/service-checklist.md +++ b/docs/security/service-checklist.md @@ -47,7 +47,10 @@ This checklist is the generic **bar**. Each service answers it in its own ## Operability (security-adjacent) - [ ] Logs go somewhere reviewable (central aggregation when available) -- [ ] Backup/restore is covered if the service holds state +- [ ] Backup/restore recorded and verifiable (ADR-022): a stateful service carries + `backup__*` data, `roles//BACKUP.md` is rendered, and `/check-backup` + reports the declared paths/dumps captured in the latest snapshot — or the service + sets `backup__state: false` with a reason. Deviations → `docs/security/accepted-risks.md`. - [ ] Passed Level 4 service-UI verification (`/verify-service`) against staging — the service has a populated `roles//VERIFY.md` and its critical journeys verified (ADR-008 Level 4 / ADR-017)