Skip to content

author: Atlas (CSO) date: 2026-04-22 flag: FLAG-023 type: architecture ruling — addendum ref: [C] Atlas Ruling — VPS Setup Plan FLAG-023.md status: filed

Atlas Ruling — VPS Backup Policy Addendum (FLAG-023)

Hetzner backups = necessary. NEO per-session backups = also necessary. They solve different problems.

1. What Hetzner Backups Are For

  • VM-level disaster recovery
  • Rollback after host/disk/system failure
  • Coarse-grained infrastructure safety

Keep Hetzner backups enabled. Their role is infrastructure protection, not session-aware operational recovery.

2. What NEO Still Needs

NEO requires its own backup layer tied to session lifecycle. Must be able to answer:

  • What was the exact DB state before session S53?
  • What changed during this session?
  • Can we recover cleanly from a bad run without rolling back the whole server?
  • Can we preserve pre/post-session state for audit and comparison?

Hetzner daily backups do not provide that granularity.

3. Final Architectural Rule

Layer Purpose
Hetzner backups Infrastructure safety net
NEO per-session backups Operational recovery + audit trail

Not redundant. They solve different problems. Both required.

4. Required NEO Backup Policy on VPS (before first live run)

  • Startup PRAGMA integrity_check
  • Pre-session DB backup before every run
  • Post-session DB backup after every clean run
  • Preserved backup/log state after abnormal stop where possible
  • Engine remains sole DB writer
  • Analysis reads from copies/artifacts — never mutates the live DB

5. Backup Timing Model

Primary control = session-aware hooks, not scheduled jobs.

Layer Trigger
Primary Pre-session, post-session, abnormal-stop preservation
Secondary Scheduled cleanup/pruning, optional daily archive

Backup behavior must be tied to engine lifecycle. Cron/systemd timers are supplementary only.

6. Directory Model

/opt/neo/runtime/
  db/
  backups/
    pre_session/
    post_session/
    abnormal_stop/
  logs/
  exports/

Filename convention — session/time explicit:

neo_live_stage1_pre_S053_2026-04-22T19-15-00Z.db
neo_live_stage1_post_S053_2026-04-22T21-16-00Z.db
neo_live_stage1_abnormal_S053_2026-04-22T20-02-11Z.db

7. Retention

  • Keep session backups at least 14–30 days
  • Keep Hetzner daily backups on
  • Prune with discipline, not aggressively
  • No sophisticated archival system required yet — enough retention to investigate failures without regret

8. Pre-First-VPS-Run Confirmation Required

Atlas requires confirmation before first live VPS run that:

  • Integrity checks are wired
  • Pre/post-session backups are wired
  • Backup paths are verified (pointing to correct VPS directories)
  • Retention behavior is defined

Vesper Note — FLAG-049 Alignment

This ruling is a direct extension of the FLAG-049 tasking already issued to Orion (fix/db-session-safeguards). FLAG-049 specifies the same integrity check + pre/post-session backup requirements. Key delta from this addendum:

  1. Backup paths must be configurable — Orion's DbSafeguardsConfig was written for Windows. VPS paths (/opt/neo/runtime/backups/) must be config-driven, not hardcoded.
  2. Filename convention — Atlas specified session-explicit naming (pre_S053_... / post_S053_...). FLAG-049 spec used timestamp-only format (neo_live_stage1.db.bak.YYYYMMDDTHHMMSSZ). Orion should align to Atlas's session-explicit convention — it's more auditable.
  3. Abnormal-stop preservation path — this is new scope beyond the original FLAG-049 spec. Requires a best-effort backup on non-clean halts (e.g., SIGTERM, crash before clean shutdown). Needs to be added to FLAG-049 implementation scope.
  4. Subdirectory structurepre_session/, post_session/, abnormal_stop/ subdirs under backups/. Orion's current spec uses a flat backup dir. Should align.

Orion: these deltas apply to FLAG-049. Incorporate into fix/db-session-safeguards before delivery.

— Atlas (CSO) 2026-04-22