# Backup Service Documentation Welcome to the backup-service documentation. This service is responsible for securely storing MPC backup shares (Party 2/3) for the RWA Durian platform. ## Documentation Index | Document | Description | |----------|-------------| | [ARCHITECTURE.md](./ARCHITECTURE.md) | DDD + Hexagonal architecture, design patterns, directory structure, domain layer details | | [API.md](./API.md) | API endpoints reference, authentication, request/response formats, SDK examples | | [DEVELOPMENT.md](./DEVELOPMENT.md) | Development setup, environment configuration, adding features, debugging | | [TESTING.md](./TESTING.md) | Unit tests, E2E tests, test utilities, running tests, writing good tests | | [DEPLOYMENT.md](./DEPLOYMENT.md) | Docker, Kubernetes deployment, environment variables, security, monitoring | ## Quick Links ### Getting Started 1. [Development Setup](./DEVELOPMENT.md#quick-start) 2. [Environment Variables](./DEVELOPMENT.md#environment-variables) 3. [Running Tests](./TESTING.md#running-tests) ### API Reference 1. [Store Backup Share](./API.md#1-store-backup-share) 2. [Retrieve Backup Share](./API.md#2-retrieve-backup-share) 3. [Revoke Backup Share](./API.md#3-revoke-backup-share) 4. [Health Endpoints](./API.md#4-health-check) ### Architecture 1. [Hexagonal Architecture](./ARCHITECTURE.md#ddd--hexagonal-architecture) 2. [Domain Layer](./ARCHITECTURE.md#domain-layer-details) 3. [Database Schema](./ARCHITECTURE.md#database-schema) 4. [Key Decisions](./ARCHITECTURE.md#key-architectural-decisions) ### Deployment 1. [Docker Deployment](./DEPLOYMENT.md#docker-deployment) 2. [Kubernetes Deployment](./DEPLOYMENT.md#kubernetes-deployment) 3. [Security Considerations](./DEPLOYMENT.md#security-considerations) ## Service Overview **Purpose:** Securely store and manage MPC backup shares (Party 2) for account recovery **Key Features:** - Double encryption (AES-256-GCM) - Service-to-service JWT authentication - Rate limiting (3 retrieves per user per day) - Comprehensive audit logging - Physical server isolation from identity-service **Technology Stack:** - NestJS 11.x (TypeScript) - Prisma 7.x ORM - PostgreSQL 15 - Docker / Kubernetes ## Test Summary | Category | Tests | |----------|-------| | Unit Tests | 37 | | Mock E2E Tests | 21 | | Real DB E2E Tests | 20 | | **Total** | **78** | ## Critical Security Note The backup-service MUST be deployed on a **physically separate server** from identity-service. This is mandatory for maintaining MPC security: - Party 0 (Server Share): identity-service (Server A) - Party 1 (Client Share): User device - Party 2 (Backup Share): backup-service (Server B) If only one server is compromised, attackers can only obtain 1 of 3 shares, making key reconstruction impossible (2-of-3 threshold).