system-integrity-and-backup

---
name: system-integrity-and-backup
description: Encrypted backups, integrity verification, and data retention enforcement for Greek legal requirements (5-20 year retention). AES-256.
version: 1.0.0
author: openclaw-greek-accounting
homepage: https://github.com/satoshistackalotto/openclaw-greek-accounting
tags: ["greek", "accounting", "backup", "integrity", "disaster-recovery"]
metadata: {"openclaw": {"requires": {"bins": ["jq", "openssl", "tar"], "env": ["OPENCLAW_DATA_DIR", "OPENCLAW_ENCRYPTION_KEY"]}, "notes": "Uses openssl for AES-256 backup encryption and SHA-256 integrity hashing. All operations are local to OPENCLAW_DATA_DIR. OPENCLAW_ENCRYPTION_KEY must be provided via environment variable — never stored on disk."}}
---

# System Integrity and Backup

This skill protects everything the OpenClaw Greek Accounting system holds. It runs silently in the background — verifying that data has not been corrupted or unexpectedly deleted, managing encrypted backups to local storage, enforcing the retention obligations that Greek law places on accounting firms, and handling the schema migrations that keep the system consistent as skills evolve.

No accounting firm could professionally deploy a system handling client financial records without this layer. Greek accounting firms are legally obligated to retain certain records for up to 20 years. A backup that has never been tested is not a backup. An integrity system that only runs when something breaks is too late.


## Setup

```bash
export OPENCLAW_DATA_DIR="/data"
export OPENCLAW_ENCRYPTION_KEY="your-256-bit-key"  # Never store on disk
which jq openssl tar || sudo apt install jq openssl tar
mkdir -p $OPENCLAW_DATA_DIR/backups
```

Uses openssl for AES-256 backup encryption and SHA-256 integrity verification. The encryption key must be provided via environment variable — it is never written to disk.


## Core Philosophy

- **Silent Until Needed, Auditable Always**: Integrity checks run on schedule without interrupting accounting operations. Every result — pass or fail — is permanently logged so the firm can demonstrate to a regulator or auditor that the system has been actively monitored
- **Verified Backups, Not Just Created Ones**: A backup is only as good as its last successful restore test. This skill tests backup archives on a regular schedule and flags any that cannot be verified
- **Greek Legal Retention by Default**: The retention schedule is pre-configured for Greek accounting law. Records are not deleted at retention expiry — they are flagged for human review and then archived or deleted only with explicit approval
- **Migrations Are Versioned and Reversible**: When a skill update changes a data structure, the migration is applied as a numbered, logged operation. Every migration can be inspected; failed migrations are rolled back automatically
- **No Silent Failures**: If a backup fails, if an integrity check finds corruption, if a retention flag is triggered — the firm is notified through the dashboard. Nothing fails quietly

---

## OpenClaw Commands

### Integrity Checks
```bash
# Full system integrity check
openclaw integrity check --all
openclaw integrity check --all --verbose

# Check specific data trees
openclaw integrity check --dir /data/clients/
openclaw integrity check --dir /data/compliance/
openclaw integrity check --afm EL123456789    # Single client full check

# Hash registry operations
openclaw integrity hash-update --dir /data/clients/    # Rebuild hash registry after known change
openclaw integrity hash-verify --dir /data/clients/    # Verify current files against registry
openclaw integrity hash-diff --since yesterday          # Show files changed since timestamp

# Audit log
openclaw integrity audit-log --last 30-days
openclaw integrity audit-log --failures-only
openclaw integrity audit-log --afm EL123456789 --last 90-days

# Generate integrity report (suitable for audit/regulatory inspection)
openclaw integrity report --period 2026-01 --format pdf
openclaw integrity report --year 2025 --full --format pdf
openclaw integrity report --format json --output /data/reports/system/
```

### Backup Management
```bash
# Manual backup triggers
openclaw backup run --type full
openclaw backup run --type incremental
openclaw backup run --type clients --afm EL123456789   # Single client snapshot
openclaw backup run --type compliance --period 2026-01  # Post-filing snapshot

# Backup schedule configuration
openclaw backup schedule --full weekly --day sunday --time 02:00
openclaw backup schedule --incremental daily --time 03:00
openclaw backup schedule --event-driven --on submission-complete
openclaw backup schedule --show

# Backup verification (restore test without overwriting live data)
openclaw backup verify --latest
openclaw backup verify --backup-id BACKUP-20260218-001
openclaw backup verify --all --last 30-days
openclaw backup verify --restore-test --target /tmp/verify-restore/  # Full restore to temp

# Backup listing and status
openclaw backup list --all
openclaw backup list --type full --last 10
openclaw backup status --show-verified --show-unverified --show-failed
openclaw backup manifest --update    # Rebuild manifest from actual backup files

# Off-site export (manual — operator copies encrypted files to external media)
openclaw backup export --backup-id BACKUP-20260218-001 --output /mnt/external/
openclaw backup export --latest-full --output /mnt/external/
```

### Retention Management
```bash
# Check retention status
openclaw retention check --all-clients
openclaw retention check --afm EL123456789 --verbose
openclaw retention flagged --show-all    # Records past retention date awaiting action

# Retention schedule management
openclaw retention schedule-view         # Show current retention rules
openclaw retention schedule-update --record-type financial-statements --years 10

# Archiving and deletion (always requires explicit approval)
openclaw retention archive --afm EL123456789 --record-type invoices --older-than 7-years --approved-by "yannis.k"
openclaw retention delete --afm EL123456789 --record-type payroll-detail --older-than 5-years --approved-by "yannis.k" --confirm
openclaw retention report --period 2026-01 --records-archived --records-deleted
```

### Schema Migration
```bash
# Migration status
openclaw migrate status           # Current schema version and pending migrations
openclaw migrate list --pending   # Migrations not yet applied
openclaw migrate list --applied   # Applied migrations with dates

# Apply migrations
openclaw migrate run --next       # Apply next pending migration
openclaw migrate run --all        # Apply all pending migrations
openclaw migrate run --id v2.1_20260301_add-financial-statements-index

# Rollback
openclaw migrate rollback --last  # Rollback the most recent migration
openclaw migrate rollback --to v2.0

# Migration inspection
openclaw migrate diff --migration v2.1_20260301_add-financial-statements-index
openclaw migrate dry-run --next   # Show what would change without applying
```

### Health Dashboard Feed
```bash
# Status outputs consumed by the dashboard
openclaw integrity health-status   # Single-call summary: backup age, last check, any failures
openclaw backup age                 # Time since last successful full backup
openclaw retention due              # Records due for retention action this month
```

---

## Integrity Check Design

### What Is Checked

```yaml
Integrity_Check_Scope:

  file_existence:
    description: "Every file referenced in index files and registries actually exists on disk"
    checks:
      - "/data/clients/_index.json entries → /data/clients/{AFM}/ directories exist"
      - "/data/clients/{AFM}/documents/registry.json entries → files exist"
      - "/data/compliance/submissions/ receipts → referenced filing XML files exist"
      - "/data/clients/{AFM}/financial-statements/index.json → statement files exist"

  hash_verification:
    description: "SHA256 hash of every canonical data file matches the registered hash"
    hash_registry: "/data/system/integrity/hash-registry.json"
    when_hash_registered: "On every write to a canonical file (all skills call openclaw integrity hash-update on write)"
    on_mismatch: "Flag as CORRUPTION. Alert immediately. Do not proceed with accounting operations on affected client until resolved."
    on_new_file_not_in_registry: "Flag as UNREGISTERED_WRITE. Log for investigation."

  structural_validation:
    description: "Key JSON files conform to expected schema"
    files_validated:
      - "/data/clients/{AFM}/profile.json"
      - "/data/clients/{AFM}/compliance/filings.json"
      - "/data/clients/_index.json"
      - "/data/system/skill-versions.json"
    on_schema_mismatch: "Flag as SCHEMA_DRIFT. Usually indicates a migration is pending."

  referential_integrity:
    description: "Cross-references between files are consistent"
    checks:
      - "Every AFM in _index.json has a corresponding directory"
      - "Every filing in filings.json has a corresponding submission receipt"
      - "Every financial statement in the index actually exists as a file"
      - "No orphaned files in /data/compliance/ without a corresponding client"

  storage_health:
    description: "Disk usage and growth rate"
    checks:
      - "Total /data/ usage against configured storage limit"
      - "Growth rate per directory — flag if growing faster than baseline"
      - "Memory directory size against configured maximum"
```

### Check Scheduling

```yaml
Integrity_Schedule:
  full_check:
    frequency: "Weekly — Sunday 04:00 Athens time (after backup)"
    scope: "All directories, all files, all cross-references"
    duration_estimate: "5-15 minutes depending on data volume"

  quick_check:
    frequency: "Daily — 05:00 Athens time"
    scope: "Hash verification of client and compliance directories only"
    duration_estimate: "1-3 minutes"

  event_driven:
    triggers:
      - "After any government submission (verify submission rec

... (truncated)