diff --git a/.cursor/rules/environment-safety.mdc b/.cursor/rules/environment-safety.mdc new file mode 100644 index 00000000..8310e886 --- /dev/null +++ b/.cursor/rules/environment-safety.mdc @@ -0,0 +1,44 @@ +--- +description: Identify and verify target environment (production vs local dev) before ANY state-changing operation. Never assume; always verify. +alwaysApply: true +--- + +# Environment Safety — Production vs Local Dev + +**The ssh alias `odoo-westin` (192.168.1.40, erp.westinhealthcare.ca) is PRODUCTION.** Do NOT test against it. `docker exec odoo-dev-app ...` via this ssh alias touches PRODUCTION despite the "-dev" in the container name. + +**Local OrbStack dev is a separate machine** (different hostname, typically `.orb.local` domain, accessed via a different connection path). Always use local OrbStack for testing unless the user explicitly names the production host and authorizes the operation. + +## Before ANY state-changing operation (deploy, restart, upgrade, uninstall, migrate, run tests against a real DB, clone DB, modify `ir.config_parameter`), you MUST: + +1. **Read the `odoo.conf` header.** If it contains `PRODUCTION`, stop and confirm with user. +2. **Check the SSH target.** If the host/alias resolves to a public-facing domain (`erp.*`, customer-facing URL) or a LAN IP outside `127.0.0.0/8` and the user hasn't authorized production, stop. +3. **Check the DB name + data scale.** Databases with tens of thousands of `account.move` rows or real client names in `res.company` are production regardless of what the container is called. +4. **Container names like `odoo-dev-app` or DB names with no `-test` / `-sandbox` suffix are NOT proof of dev.** Ignore naming hints. + +## Ask the user before executing if: + +- You're about to run `docker restart`, `docker cp`, `scp`, `-u ` (upgrade), or `--test-tags` against any remote host +- A clone/template DB creation is needed on a shared Postgres cluster +- The environment identity is not 100% explicit from a recent user message + +## Never silently: + +- Restart a remote container +- Deploy code to a remote `/mnt/extra-addons/` +- Run `odoo -u ` or `-i ` on a remote DB +- Start diagnostic Odoo processes inside a remote container (and leave them running) +- Run `pg_dump | psql` pipes into a remote Postgres cluster + +## Approved workflow for testing Phase 1+ (post 2026-04-19 incident): + +1. ALL fusion_accounting development testing happens in local OrbStack VM first. +2. Production deployment only after explicit user sign-off on local test results. +3. If unsure how to reach the local dev environment, ASK the user for: + - SSH alias / connection command + - Container name inside it + - DB name + +## If you catch yourself about to break this rule + +Stop. Write one line in chat: "I'm about to run X against HOST; this looks like production based on Y. Proceed?" Wait for explicit confirmation.