Spec: PF-90-disaster-recovery-business-continuity
Status: 📋 Specification
Last Updated: 2026-03-23
Overview
PF-90 defines application-layer backup orchestration, tenant-scoped restore workflows, DR drill automation, and compliance evidence generation. It builds on PF-44 for export-oriented data extraction patterns and PF-04 for audit trails. No direct core-to-core dependencies; all consumption is PF-internal or external storage (S3-compatible).Dependencies
API / Edge Functions (planned)
Contracts (request/response shapes, error codes) to be finalized in implementation tasks; must enforce
organization_id on all mutations and sanitize errors per platform patterns.
Edge implementation checklist (PF-90 / .cursor/rules/edge-functions.md): getCorsHeaders(req.headers.get('origin')), createLogger from _shared/logger.ts, verifyOrgAccess / verifyOrgRole for JWT paths; no PHI in logs or error surfaces.
Event / Audit Contracts (PF-04)
Permission Keys
See spec Security Considerations —pf.backup.*, pf.dr-drill.*. Seed via pf_module_permissions in migration tasks when UI ships.