# Safety Policy

This helper is designed for DeFCoN node and masternode operators. It must protect operator data first.

## Hard Rules

- Do not delete `wallet.dat`.
- Do not delete `wallets/`.
- Do not delete chain data automatically.
- Do not overwrite `defcon.conf` without a timestamped backup.
- Do not expose RPC publicly.
- Run dry-run before upgrade actions.
- Create a timestamped backup before changing an existing node.
- Require explicit confirmation before upgrade.

## Backup Location

Backups are stored under:

```text
/opt/defcon/backups/YYYY-MM-DD-HHMMSS
```

Default backups copy critical operator data:

- `/opt/defcon/config`
- `/opt/defcon/compose`
- `/opt/defcon/data/defcon.conf`
- `/opt/defcon/data/masternode.conf`
- `/opt/defcon/data/wallet.dat`
- `/opt/defcon/data/wallets`

Chain data is preserved in place. Use `backup --include-chain` only when the VPS has enough free disk space for a full chain-data copy.

## RPC Exposure

The generated config binds RPC to loopback only:

```text
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
```

Docker Compose maps RPC to host loopback only:

```text
127.0.0.1:8193:8193/tcp
```

The helper refuses configs that bind RPC to `0.0.0.0`, `*`, or allow `0.0.0.0/0`.