Strengthen backup and secret handling contracts
This commit is contained in:
Mikhail Chusavitin
@@ -1,6 +1,6 @@
|
||||
# Contract: Backup Management
|
||||
|
||||
Version: 1.1
|
||||
Version: 1.2
|
||||
|
||||
## Purpose
|
||||
|
||||
@@ -26,6 +26,8 @@ Rules:
|
||||
- Never write backups into the git repository tree.
|
||||
- Backup files must never be staged or committed to git.
|
||||
- Every application must have an explicit backup root outside the repository.
|
||||
- Before creating, rotating, or restoring backups, the application must verify that the backup root resolves outside the git worktree.
|
||||
- Before creating, rotating, or restoring backups, the application must verify again that the target backup files are not tracked or staged in git.
|
||||
- Default local-app location: store backups next to the user config, for example `~/.config/<appname>/backups/`.
|
||||
- Default server/centralized location: store backups in an application-owned path outside the repository, for example `/appdata/<appname>/backups/` or `/var/backups/<appname>/`.
|
||||
- Keep retention tiers in separate directories: `daily/`, `weekly/`, `monthly/`, `yearly/`.
|
||||
@@ -63,6 +65,7 @@ Rules:
|
||||
- On application startup, create a backup immediately if none exists yet for the current period.
|
||||
- Support scheduled daily backups at a configured local time.
|
||||
- Before migrations or other risky state-changing maintenance steps, trigger a fresh backup from the application-owned backup mechanism.
|
||||
- Before migrations or other risky state-changing maintenance steps, double-check that backup output is outside the git tree so it cannot be pushed to a remote by accident.
|
||||
- If backup location, schedule, or retention is configurable, provide safe defaults and an explicit disable switch.
|
||||
|
||||
## Restore Readiness
|
||||
|
||||
Reference in New Issue
Block a user