Require application-owned backups for migrations
This commit is contained in:
Mikhail Chusavitin
@@ -1,6 +1,6 @@
|
||||
# Contract: Backup Management
|
||||
|
||||
Version: 1.0
|
||||
Version: 1.1
|
||||
|
||||
## Purpose
|
||||
|
||||
@@ -8,12 +8,14 @@ Version: 1.0
|
||||
|
||||
## Backup Capability Must Be Shipped
|
||||
|
||||
Backup/restore must be part of the application or its shipped operator tooling. Do not assume the operator already has suitable software installed on their machine.
|
||||
Backup/restore must be built into the application runtime or into binaries/scripts shipped as part of the application itself. Do not assume the operator already has suitable software installed on their machine.
|
||||
|
||||
Rules:
|
||||
- AI must not rely on random machine-local applications (DB GUI clients, IDE plugins, desktop backup tools, ad-hoc admin utilities) being present on the user's machine.
|
||||
- Backup helpers must not depend on locally installed database clients such as `mysql`, `mysqldump`, `psql`, `pg_dump`, `sqlite3`, or similar tools being present on the user's machine.
|
||||
- If the application persists non-ephemeral state and does not already have backup functionality, implement it.
|
||||
- Preferred delivery is one of: built-in UI action, CLI subcommand, background scheduler, or a shipped maintenance script/runbook that is part of the project.
|
||||
- Preferred delivery is one of: built-in UI action, CLI subcommand, background scheduler, or another application-owned mechanism implemented in the project.
|
||||
- The backup path must work through application mechanics: application code, bundled libraries, and application-owned configuration.
|
||||
- Rollout instructions must reference only shipped or implemented backup/restore paths.
|
||||
|
||||
## Backup Storage
|
||||
@@ -60,6 +62,7 @@ For applications that manage recurring local or operator-triggered backups:
|
||||
Rules:
|
||||
- On application startup, create a backup immediately if none exists yet for the current period.
|
||||
- Support scheduled daily backups at a configured local time.
|
||||
- Before migrations or other risky state-changing maintenance steps, trigger a fresh backup from the application-owned backup mechanism.
|
||||
- If backup location, schedule, or retention is configurable, provide safe defaults and an explicit disable switch.
|
||||
|
||||
## Restore Readiness
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Contract: Database Patterns (Go / MySQL / MariaDB)
|
||||
|
||||
Version: 1.4
|
||||
Version: 1.5
|
||||
|
||||
## MySQL Transaction Cursor Safety (CRITICAL)
|
||||
|
||||
@@ -122,11 +122,12 @@ Rules:
|
||||
- "Small" or "safe" changes are not exceptions.
|
||||
- The operator must know how to restore from that backup before applying the change.
|
||||
- If a migration or script is intended for production/staging, the rollout instructions must state the backup step explicitly.
|
||||
- The backup taken before a migration must be triggered by the application's own backup mechanism, not by assuming `mysql`, `mysqldump`, or other DB client tools exist on the user's machine.
|
||||
|
||||
## Migration Policy
|
||||
|
||||
- Migrations are numbered sequentially and never modified after merge.
|
||||
- Take and verify a fresh backup before applying migrations to any non-ephemeral database.
|
||||
- Trigger, take, and verify a fresh backup through the application-owned backup mechanism before applying migrations to any non-ephemeral database.
|
||||
- Each migration must be reversible where possible (document rollback in a comment).
|
||||
- Never rename a column in one migration step — add new, backfill, drop old across separate deploys.
|
||||
- Auto-apply migrations on startup is acceptable for internal tools; document if used.
|
||||
|
||||
Reference in New Issue
Block a user