Enterprise Backup v3 — Self-Discovering Architecture

Core Design

Enterprise backup upgraded from whitelist-based (v2) to fully self-discovering (v3). Zero manual updates needed when VPS evolves.

Auto-Discovery Mechanisms

• Workspaces: ~/*/CLAUDE.md or ~/*/. claude/ → auto-captured
• Project memories: ~/.claude/projects/*/memory/ wildcard loop
• Databases: All containers matching postgres|pgvector|timescale|postgis image patterns → auto-dumped
• .env files: find /opt -maxdepth 3 -name '.env' → auto-templated + encrypted
• Drift detector: Any new /opt/*/ dir not in known categories → auto-captured to discovered/ + flagged in commit

Key Gotchas (from build session)

1. .gitignore blanket data/ silently blocks Python src/*/data/ packages — use targeted exclusions
2. Docker --filter ancestor=postgres misses derivative images (pgvector, timescale) — grep image column instead
3. psql -U user fails without -d dbname if user’s default DB doesn’t exist — try system DBs first
4. SSH key auth (GIT_SSH_COMMAND) works across all repos; PAT may be repo-scoped
5. tar czf dir/out.tar.gz -C dir/ . self-includes — write to mktemp first

Files

• Script: /opt/enterprise-backup/sync.sh
• Repo: ARJ999/enterprise-backup (private)
• Cron: 30 18 * * * (midnight IST) in root crontab
• Encryption key: /opt/enterprise-backup/.backup-key (AES-256-CBC)

Related

• per-subdomain-a-records-instead-of-wildcard-dns
• agent-permission-self-modification-security-boundary