Data Safety
Your tickets, your disk, your rules.
Where your data lives
Section titled “Where your data lives”flowchart LR
A[Orkestra Server] -->|writes| B[(SQLite WAL<br/>DB_PATH)]
A -->|VACUUM INTO| C[(Backups<br/>BACKUP_DIR)]
B -.->|never leaves| D[Your machine]
C -.->|never leaves| D
No telemetry. No phone-home. No cloud sync. The only network surface is the MCP HTTP listener you point your agents at.
Backups
Section titled “Backups”Orkestra runs a periodic VACUUM INTO to a timestamped file in BACKUP_DIR, keeping the last BACKUP_KEEP snapshots.
| Variable | Default | Purpose |
|---|---|---|
BACKUP_DIR | /data/backups | Where snapshots land |
BACKUP_KEEP | 24 | How many to retain (oldest pruned) |
BACKUP_INTERVAL | 1h | How often to snapshot |
flowchart TD
A[Tick: every BACKUP_INTERVAL] --> B[VACUUM INTO<br/>BACKUP_DIR/orkestra-TIMESTAMP.db]
B --> C{Count<br/>> BACKUP_KEEP?}
C -->|yes| D[Delete oldest]
C -->|no| E[Done]
D --> E
Restore is a file copy: stop the server, replace DB_PATH with the snapshot, start again.
Durability
Section titled “Durability”- WAL mode — concurrent reads while one writer commits
- Single writer —
SetMaxOpenConns(1)preventsSQLITE_BUSYthrash - Soft delete —
archived_atinstead of row deletion; nothing is truly gone unless youVACUUM
Testing
Section titled “Testing”go test ./... # unit + integrationgo test -tags e2e ./test/e2e # end-to-end via real HTTPgo test -race ./... # race detectorCI runs all three on every push to every branch — see .github/workflows/ci.yml.
Building
Section titled “Building”# Local binarygo build -o orkestra ./cmd/server
# Docker (scratch image, ~20 MB)docker build -t orkestra .docker compose up -dThe image is FROM scratch — no shell, no package manager, nothing to exploit beyond the Go binary itself.