--- description: Identify and verify target environment (production vs local dev) before ANY state-changing operation. Never assume; always verify. alwaysApply: true --- # Environment Safety — Production vs Local Dev **The ssh alias `odoo-westin` (192.168.1.40, erp.westinhealthcare.ca) is PRODUCTION.** Do NOT test against it. `docker exec odoo-dev-app ...` via this ssh alias touches PRODUCTION despite the "-dev" in the container name. **Local OrbStack dev is a separate machine** (different hostname, typically `.orb.local` domain, accessed via a different connection path). Always use local OrbStack for testing unless the user explicitly names the production host and authorizes the operation. ## Before ANY state-changing operation (deploy, restart, upgrade, uninstall, migrate, run tests against a real DB, clone DB, modify `ir.config_parameter`), you MUST: 1. **Read the `odoo.conf` header.** If it contains `PRODUCTION`, stop and confirm with user. 2. **Check the SSH target.** If the host/alias resolves to a public-facing domain (`erp.*`, customer-facing URL) or a LAN IP outside `127.0.0.0/8` and the user hasn't authorized production, stop. 3. **Check the DB name + data scale.** Databases with tens of thousands of `account.move` rows or real client names in `res.company` are production regardless of what the container is called. 4. **Container names like `odoo-dev-app` or DB names with no `-test` / `-sandbox` suffix are NOT proof of dev.** Ignore naming hints. ## Ask the user before executing if: - You're about to run `docker restart`, `docker cp`, `scp`, `-u ` (upgrade), or `--test-tags` against any remote host - A clone/template DB creation is needed on a shared Postgres cluster - The environment identity is not 100% explicit from a recent user message ## Never silently: - Restart a remote container - Deploy code to a remote `/mnt/extra-addons/` - Run `odoo -u ` or `-i ` on a remote DB - Start diagnostic Odoo processes inside a remote container (and leave them running) - Run `pg_dump | psql` pipes into a remote Postgres cluster ## Approved workflow for testing Phase 1+ (post 2026-04-19 incident): 1. ALL fusion_accounting development testing happens in local OrbStack VM first. 2. Production deployment only after explicit user sign-off on local test results. 3. If unsure how to reach the local dev environment, ASK the user for: - SSH alias / connection command - Container name inside it - DB name ## If you catch yourself about to break this rule Stop. Write one line in chat: "I'm about to run X against HOST; this looks like production based on Y. Proceed?" Wait for explicit confirmation.