admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3217fd685e7ba50d787cc81949ed8abd87ac00f4
Odoo-Modules/.cursor/rules/environment-safety.mdc
gsinghpal 3217fd685e chore: add environment-safety cursor rule 
Never again touch production without explicit confirmation. This rule
codifies the hard-won lesson from 2026-04-19: ssh odoo-westin goes to
PRODUCTION (192.168.1.40, erp.westinhealthcare.ca), not dev, despite
the container being named odoo-dev-app.

alwaysApply: true.
Made-with: Cursor
2026-04-19 07:42:22 -04:00

45 lines
2.6 KiB
Plaintext
Raw Blame History

---
description: Identify and verify target environment (production vs local dev) before ANY state-changing operation. Never assume; always verify.
alwaysApply: true
---
# Environment Safety — Production vs Local Dev
**The ssh alias `odoo-westin` (192.168.1.40, erp.westinhealthcare.ca) is PRODUCTION.** Do NOT test against it. `docker exec odoo-dev-app ...` via this ssh alias touches PRODUCTION despite the "-dev" in the container name.
**Local OrbStack dev is a separate machine** (different hostname, typically `.orb.local` domain, accessed via a different connection path). Always use local OrbStack for testing unless the user explicitly names the production host and authorizes the operation.
## Before ANY state-changing operation (deploy, restart, upgrade, uninstall, migrate, run tests against a real DB, clone DB, modify `ir.config_parameter`), you MUST:
1. **Read the `odoo.conf` header.** If it contains `PRODUCTION`, stop and confirm with user.
2. **Check the SSH target.** If the host/alias resolves to a public-facing domain (`erp.*`, customer-facing URL) or a LAN IP outside `127.0.0.0/8` and the user hasn't authorized production, stop.
3. **Check the DB name + data scale.** Databases with tens of thousands of `account.move` rows or real client names in `res.company` are production regardless of what the container is called.
4. **Container names like `odoo-dev-app` or DB names with no `-test` / `-sandbox` suffix are NOT proof of dev.** Ignore naming hints.
## Ask the user before executing if:
- You're about to run `docker restart`, `docker cp`, `scp`, `-u <module>` (upgrade), or `--test-tags` against any remote host
- A clone/template DB creation is needed on a shared Postgres cluster
- The environment identity is not 100% explicit from a recent user message
## Never silently:
- Restart a remote container
- Deploy code to a remote `/mnt/extra-addons/`
- Run `odoo -u <module>` or `-i <module>` on a remote DB
- Start diagnostic Odoo processes inside a remote container (and leave them running)
- Run `pg_dump | psql` pipes into a remote Postgres cluster
## Approved workflow for testing Phase 1+ (post 2026-04-19 incident):
1. ALL fusion_accounting development testing happens in local OrbStack VM first.
2. Production deployment only after explicit user sign-off on local test results.
3. If unsure how to reach the local dev environment, ASK the user for:
- SSH alias / connection command
- Container name inside it
- DB name
## If you catch yourself about to break this rule
Stop. Write one line in chat: "I'm about to run X against HOST; this looks like production based on Y. Proceed?" Wait for explicit confirmation.
Reference in New Issue View Git Blame Copy Permalink