feat: implement subscription disaster recovery plan (#251)

[rindicomfort]

Summary

Implements comprehensive disaster recovery infrastructure for SubTrackr as described in issue #251.

Changes

backend/dr/DisasterRecoveryService.ts

• RTO/RPO targets — RTO_SECONDS = 300 (5 min), RPO_SECONDS = 3600 (1 hour), enforced in code
• Backup pipeline — createBackup() snapshots all AsyncStorage app keys into a versioned manifest with djb2 checksum; bulkIndex of subtrackr-subscriptions, subtrackr-wallet, subtrackr-tx-queue
• Backup verification — verifyBackup() checks checksum integrity, schema version, and RPO age
• Failover procedure — failover() auto-iterates backups newest-first, verifies each, restores first valid
• Manual restore — restoreBackup(id) with integrity gate before any write to storage
• Retention management — configurable max backups (default 5), auto-prune on every backup
• DR drill — runDrDrill() runs backup → verify → restore cycle and asserts RTO compliance

backend/dr/__tests__/DisasterRecoveryService.test.ts

• 15 tests covering all 6 acceptance criteria

docs/DISASTER_RECOVERY_RUNBOOK.md

• RTO/RPO targets table
• Backup, verification, and failover procedures with code examples
• 4 recovery runbooks: corrupted data, wallet loss, full device wipe, checksum failure
• Regular DR testing guide with CI integration instructions
• Escalation matrix

Test Results

PASS backend/dr/__tests__/DisasterRecoveryService.test.ts
  DisasterRecoveryService
    ✓ defines RTO_SECONDS
    ✓ defines RPO_SECONDS
    ✓ creates a backup and returns a manifest
    ✓ lists backups newest first
    ✓ prunes backups beyond retention limit
    ✓ verifies a valid backup as valid
    ✓ detects a missing backup
    ✓ detects checksum tampering
    ✓ restores data from a backup
    ✓ refuses to restore a tampered backup
    ✓ failover restores from most recent valid backup
    ✓ failover returns failure when no backups exist
    ✓ deletes a backup
    ✓ passes a full DR drill
    ✓ drill reports RTO compliance

Tests: 15 passed, 15 total

Acceptance Criteria

• Define RTO and RPO targets (RTO_SECONDS=300, RPO_SECONDS=3600)
• Implement database backups (createBackup, manifest index, retention pruning)
• Add backup verification (checksum, version, RPO age checks)
• Implement failover procedures (failover(), restoreBackup() with integrity gate)
• Document recovery runbooks (docs/DISASTER_RECOVERY_RUNBOOK.md — 4 scenarios)
• Test DR procedures regularly (runDrDrill() with RTO compliance assertion)

Closes #251

[drips-wave]

@rindicomfort Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits