chore: add environment-safety cursor rule
Never again touch production without explicit confirmation. This rule codifies the hard-won lesson from 2026-04-19: ssh odoo-westin goes to PRODUCTION (192.168.1.40, erp.westinhealthcare.ca), not dev, despite the container being named odoo-dev-app. alwaysApply: true. Made-with: Cursor
This commit is contained in:
gsinghpal
44
.cursor/rules/environment-safety.mdc
Normal file
44
.cursor/rules/environment-safety.mdc
Normal file
@@ -0,0 +1,44 @@
|
|||||||
|
---
|
||||||
|
description: Identify and verify target environment (production vs local dev) before ANY state-changing operation. Never assume; always verify.
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
# Environment Safety — Production vs Local Dev
|
||||||
|
|
||||||
|
**The ssh alias `odoo-westin` (192.168.1.40, erp.westinhealthcare.ca) is PRODUCTION.** Do NOT test against it. `docker exec odoo-dev-app ...` via this ssh alias touches PRODUCTION despite the "-dev" in the container name.
|
||||||
|
|
||||||
|
**Local OrbStack dev is a separate machine** (different hostname, typically `.orb.local` domain, accessed via a different connection path). Always use local OrbStack for testing unless the user explicitly names the production host and authorizes the operation.
|
||||||
|
|
||||||
|
## Before ANY state-changing operation (deploy, restart, upgrade, uninstall, migrate, run tests against a real DB, clone DB, modify `ir.config_parameter`), you MUST:
|
||||||
|
|
||||||
|
1. **Read the `odoo.conf` header.** If it contains `PRODUCTION`, stop and confirm with user.
|
||||||
|
2. **Check the SSH target.** If the host/alias resolves to a public-facing domain (`erp.*`, customer-facing URL) or a LAN IP outside `127.0.0.0/8` and the user hasn't authorized production, stop.
|
||||||
|
3. **Check the DB name + data scale.** Databases with tens of thousands of `account.move` rows or real client names in `res.company` are production regardless of what the container is called.
|
||||||
|
4. **Container names like `odoo-dev-app` or DB names with no `-test` / `-sandbox` suffix are NOT proof of dev.** Ignore naming hints.
|
||||||
|
|
||||||
|
## Ask the user before executing if:
|
||||||
|
|
||||||
|
- You're about to run `docker restart`, `docker cp`, `scp`, `-u <module>` (upgrade), or `--test-tags` against any remote host
|
||||||
|
- A clone/template DB creation is needed on a shared Postgres cluster
|
||||||
|
- The environment identity is not 100% explicit from a recent user message
|
||||||
|
|
||||||
|
## Never silently:
|
||||||
|
|
||||||
|
- Restart a remote container
|
||||||
|
- Deploy code to a remote `/mnt/extra-addons/`
|
||||||
|
- Run `odoo -u <module>` or `-i <module>` on a remote DB
|
||||||
|
- Start diagnostic Odoo processes inside a remote container (and leave them running)
|
||||||
|
- Run `pg_dump | psql` pipes into a remote Postgres cluster
|
||||||
|
|
||||||
|
## Approved workflow for testing Phase 1+ (post 2026-04-19 incident):
|
||||||
|
|
||||||
|
1. ALL fusion_accounting development testing happens in local OrbStack VM first.
|
||||||
|
2. Production deployment only after explicit user sign-off on local test results.
|
||||||
|
3. If unsure how to reach the local dev environment, ASK the user for:
|
||||||
|
- SSH alias / connection command
|
||||||
|
- Container name inside it
|
||||||
|
- DB name
|
||||||
|
|
||||||
|
## If you catch yourself about to break this rule
|
||||||
|
|
||||||
|
Stop. Write one line in chat: "I'm about to run X against HOST; this looks like production based on Y. Proceed?" Wait for explicit confirmation.
|
||||||
Reference in New Issue
Block a user