PostgreSQL dump artifacts
Cotton can periodically create PostgreSQL dumps and store the resulting backup artifacts through its own storage pipeline. That means backup bytes are not a separate mystery folder beside the product model.
- Backup artifacts are stored through Cotton's chunk pipeline.
- The same storage model can protect backup bytes and normal file bytes.
- The database remains the source of truth for live product metadata.
Manifest and latest pointer
Backup discovery depends on metadata, not filename guessing. Cotton can keep manifest and pointer records for the latest backup so startup restore can find the intended artifact.
- The latest backup pointer identifies the current candidate.
- The backup manifest describes chunks that make up the dump.
- Pointer and manifest data are part of the protected backup surface.
Manual checkpoint
Admins can trigger a backup job on demand through the server API when they want an immediate checkpoint before a risky maintenance step or upgrade.
Empty database auto-restore
When restore-if-empty mode is explicitly configured, Cotton can check at startup whether the database is empty, find the latest backup manifest, rebuild the dump from stored chunks, verify hash and size integrity, and restore automatically.
Verification before trust
The restore path should not blindly stream whatever bytes exist. Cotton can verify backup size and hash before restoring so corruption is a recovery signal instead of a silent partial import.
Admin notification
After auto-restore, Cotton can ensure required PostgreSQL extensions and send high-priority admin notifications with backup metadata. Operators should know that recovery ran and which artifact was used.
Recovery path proof
The backup flow is concrete: PostgreSQL dump, chunked storage artifact, latest pointer, backup manifest, hash/size verification, empty-database startup restore, extension check, and high-priority admin notification.
Recovery belongs in the product
Cotton is easier to operate when recovery is not a README footnote. Database backups are visible as an operating model, tied to the same storage discipline that protects normal content.
Still not your whole backup strategy
Storage-native database restore is useful, but it is not a replacement for tested off-box backups. Full host loss, broken storage, wrong key custody, operator mistakes, ransomware, and disaster recovery still need an external backup plan.