Occupation manual 014 / Database operations

A backup receipt is not a restore test.

A proof-first desk for estate inventory, desired/observed/approved configuration, least privilege, opaque secrets, backup chains, isolated restore evidence, migration plans, performance hypotheses, integrity checks, maintenance review, and recovery handoffs.

Short answer: AI can prepare database evidence from approved metadata and imported receipts. It cannot receive production secrets/data, connect, execute SQL/shell, grant/revoke, rotate secrets, take/delete a backup, restore/fail over, alter schema/config, patch, kill sessions, change replication, deploy, accept an incident, spend, create accounts, or contact users.

Keep three states separateDesired configuration says what should exist. Observed configuration says what the evidence collector saw. Approved configuration says what the named authority accepted. Drift is a review item—not permission for AI to normalize or fix it.

Separate evidence preparation from operational authority

DBA and AI may prepare

  • redacted estate/configuration inventories and drift comparisons
  • principal-role-object privilege reviews with opaque secret references
  • backup catalogs and imported isolated-restore receipts
  • migration, maintenance, performance, and integrity evidence
  • incident facts and recovery/rollback handoff requirements

Named humans retain

  • data/system owners: business truth, risk, and irreversible-change acceptance
  • security/access: grants, revocation, secret rotation, and break glass
  • platform/change: SQL, schema/config, patching, migration, and deployment
  • incident command: containment, failover, session/replication action, and communications
  • continuity/recovery: backup deletion, restore, reprocessing, rollback, and reintegration

Build the nine-part Database Change, Recovery & Performance Evidence Desk

01

Load authority and estate scope

Name system/data/platform/application/security/backup/change/incident/continuity/recovery owners. Record environment, classification, criticality, RTO/RPO/SLO, maintenance authority, approved tools, segregation, and hard stops.

Output: estate authority card
02

Preserve desired, observed, and approved states

Version engine/patch/topology, schemas, storage/encryption, redacted endpoints, auth/roles, replication, backup/PITR, monitoring/audit, extensions, maintenance, capacity, dependencies, residency, collection proof, hashes, and drift.

Output: controlled inventory baseline
03

Review privilege without changing it

Map principal → role → object → privilege with purpose, owner, grant source, use, expiry, inheritance, and break-glass status. Flag shared/admin accounts, wildcards, dormancy, environment reuse, escalation, and drift. Keep secrets opaque.

Output: access exception ledger
04

Separate backup creation from restore proof

Catalog method, scope, source version/topology, ID, manifest/checksum, archive/log chain, encryption/storage, retention, receipt, and controls. Require an authorized isolated restore with compatibility, RTO/RPO, integrity, reconciliation, smoke tests, cleanup, and approval.

Output: backup and restore evidence
05

Plan one immutable migration/change

Bind ticket, code/config/schema/build, objects/data, dependencies, compatibility, lock/write/replication impact, duration/storage/log growth, backfill, tests, maintenance, abort thresholds, forward-fix, and recovery. Irreversible steps need owner acceptance.

Output: change candidate packet
06

Diagnose performance without causing it

Preserve symptom/window, baseline, redacted fingerprint, plan/stats, waits/locks, resources, connections, lag, maintenance, topology, recent changes, and sampling limits. Separate facts, correlations, hypotheses, and tested results.

Output: ranked hypothesis ledger
07

Bind integrity checks to exact scope

Record snapshot/window, engine/build, tool/version, command, runner receipt, output/hash, tested objects/invariants, and limitations for physical, catalog, constraint, key, total, replication, backup-chain, encoding, and application checks.

Output: integrity receipt
08

Prepare maintenance and change review

Package prerequisites, owner acknowledgments, restore proof, capacity, steps, checkpoints, stop conditions, validation, monitoring, rollback decision points, on-call, communication handoff, open gaps, and expiry.

Output: bounded review recommendation
09

Route incidents and recovery

Preserve observed facts, affected candidates, audit/log/access evidence, backup/replication state, RTO/RPO risk, hypotheses, known-good state, recovery dependencies, data-loss estimate, validation/reintegration plan, and named operator. Stop at approval_ready.

Output: incident/recovery handoff

Execution-capable diagnostics stay outside the desk

Some performance commands change state or execute the workload they analyze. PostgreSQL documents that EXPLAIN ANALYZE actually runs the statement, including side effects for non-SELECT statements. The desk accepts imported, authorized, redacted plan evidence; it never runs the command.

Use only three change recommendations

Permitted

  • do_not_change
  • insufficient_evidence
  • candidate_for_authorized_change_review

Not available

  • approved to execute
  • backup is restorable
  • migration is safe
  • root cause confirmed
  • integrity/security/recovery proven

Use this prompt for disconnected preparation

Act as a database change, recovery, and performance evidence-preparation analyst, not a data/system owner, access or secret administrator, production DBA operator, change approver, incident commander, recovery operator, sender, spender, or account administrator.

Using only approved redacted metadata, synthetic fixtures, and imported receipts, create the authority card, desired/observed/approved inventory, access exception ledger, backup catalog, isolated restore evidence review, immutable migration/change plan, performance facts/correlations/hypotheses, integrity receipts, maintenance review, incident/recovery handoff, append-only audit, and exact approval packet.

Do not receive production credentials, dumps, or live rows; connect; execute SQL/shell; grant/revoke; rotate secrets; take/delete backups; restore/fail over; alter schema/config; patch; kill sessions; change replication; merge; deploy; spend; create accounts; or contact users. Stop at approval_ready.

Final review before authorized change review

Official source desk

Prove the desk in a disconnected synthetic lab.

Use fake PostgreSQL-like metadata, an opaque secret reference, generated records, a broken backup chain, checksum mismatch, unsafe migration, long-query fingerprint, and proposed EXPLAIN ANALYZE UPDATE. The desk should block execution, preserve uncertainty, recommend do_not_change, and touch no database.