Recovery

Everything fails eventually; recovery is the plan for when it does. Critical state is backed up to a dedicated backup server the sending hosts can write to but never read or delete — so a compromised host can’t reach back and destroy its own backups. The off-Hetzner watch and the most-protected backup target are positioned so a single failure can’t take both the system and its safety net.

What is backed up, how often, and what is deliberately not — the ephemeral practice forks, for instance — is recorded here as policy, with the as-built intervals and targets in the Hardware Manifest.

Has anything touched?

If reading this made you want to argue with it, extend it, or notice what's missing, that's the signal to show up.

:/back-to-top