JARVIS UPDATE AND ROLLBACK POLICY v1

STATUS: DRAFT
OWNER: single-owner system
DEFAULT RULE: backup before update, rollback plan before change

PURPOSE

This policy defines safe update and rollback rules for Jarvis Core.

It covers:
- jarvis-db
- jarvis-n8n
- jarvis-public
- docker-compose.yml
- nginx reverse proxy config
- public continuity files

It does not contain:
- secrets
- credentials
- tokens
- database dumps
- private logs
- .env contents

GENERAL UPDATE RULES

Before any update:
1. Confirm current containers are healthy.
2. Run PostgreSQL backup.
3. Confirm backup file was created.
4. Confirm restore-test procedure exists.
5. Save config backup if changing nginx or compose.
6. Make one change at a time.
7. Verify after change.
8. Document result in status file.

DO NOT

- Do not run docker compose down -v unless explicitly approved.
- Do not delete database volumes during update.
- Do not overwrite .env.
- Do not expose .env in chat.
- Do not update multiple critical components at once.
- Do not remove old working configs before testing new configs.

CONTAINER UPDATE RULES

n8n update:
- high risk
- may include database migrations
- requires fresh PostgreSQL backup before update
- verify login after update
- verify /n8n/ route after update
- verify old n8n container remains untouched if still required

PostgreSQL update:
- critical risk
- major version updates require separate migration plan
- never upgrade major version casually
- always backup and restore-test first

nginx update:
- medium risk
- backup nginx config first
- test config with nginx -t before reload

docker-compose.yml update:
- medium/high risk
- copy current compose file before editing
- validate with docker compose config
- do not paste config output if it contains secrets

ROLLBACK RULES

If update fails:
1. Stop changing things.
2. Capture container status.
3. Capture relevant logs.
4. Restore previous config if config change caused failure.
5. Restart only affected service if possible.
6. Use database restore only as last resort.
7. Do not delete data volumes.
8. Record incident and resolution.

ROLLBACK COMMAND PATTERNS

Restore previous nginx config:
- copy backup config back to active nginx config
- run nginx -t
- reload nginx

Restart Jarvis Core:
- cd /volume1/docker/jarvis
- sudo docker compose down
- sudo docker compose up -d

Restart only n8n:
- cd /volume1/docker/jarvis
- sudo docker compose restart n8n

Restart only database:
- cd /volume1/docker/jarvis
- sudo docker compose restart db

CONFIG BACKUP NAMING

Use timestamped config backups:
- docker-compose.yml.bak_YYYYMMDD_HHMMSS
- jarvis-public-default.conf.bak_YYYYMMDD_HHMMSS
- .env.bak_YYYYMMDD_HHMMSS only if stored privately and never published

DATABASE RESTORE RULE

Production database restore requires explicit owner approval.
Restore-test must be preferred before production restore.
Production restore must not be performed from public files or chat instructions alone.

PUBLIC CONTINUITY UPDATE RULE

After a successful update:
- update JARVIS_CORE_STATUS_v0.1.txt or successor status file
- update SYSTEM_SNAPSHOT_v1.txt or create a new snapshot
- update PUBLIC_FILE_INDEX_v1.txt if new public files were created

NEXT ACTION

Use this policy before any image update, compose change, nginx change, or database migration.

END