RxSpot State Sync (No-Data-Loss)
Mission
Provide a repeatable, operator-safe workflow to keep:
- •local developer state aligned with production runtime data, and
- •production protected from accidental overwrites.
This skill is intentionally conservative: it prefers read-only pulls and requires explicit confirmation tokens for any destructive restore action.
Golden Rules
- •Never deploy or upload
auth/data/**,auth/sessions/**, oruploads/**as part of code deploys. - •Never “replace prod DB from local” as a normal workflow.
- •Always take a pre-restore snapshot before any production restore.
Fetch (Mirror Production Locally)
Option A: Direct from Bluehost over FTP (most current)
Runs a production snapshot pull and refreshes local dev DB.
powershell
./scripts/data/sync-local-from-prod.ps1
Required env vars (or pass as flags):
- •
FTP_SERVER - •
FTP_USERNAME - •
FTP_PASSWORD
Option B: From GitHub encrypted offsite backup (no FTP creds)
Pulls latest encrypted backup published by GitHub Actions.
powershell
$env:BACKUP_PASSPHRASE = "<passphrase>" ./scripts/data/pull-bluehost-backup.ps1 -Extract
Render Postgres backup pull:
powershell
$env:BACKUP_PASSPHRASE = "<passphrase>" ./scripts/data/pull-render-backup.ps1
Push (Deploy Code Changes)
- •
git pushtomaintriggers.github/workflows/deploy.yml. - •Deploy workflow uses
server-dir: ./and excludes all runtime dirs to prevent data loss.
Push Gitignored Config (.env)
If you need to update production .env (gitignored by design), use the explicit-confirmation script:
powershell
$env:RXSPOT_PUSH_CONFIRM = "UPLOAD_ENV" ./scripts/data/push-bluehost-env.ps1 -FtpServer $env:FTP_SERVER -FtpUsername $env:FTP_USERNAME -FtpPassword $env:FTP_PASSWORD
Recovery (If Something Gets Wiped)
Bluehost SQLite Restore (explicit confirmation)
This is destructive and requires a confirmation token.
powershell
$env:RXSPOT_RESTORE_CONFIRM = "RESTORE_BLUEHOST_DB" ./scripts/data/restore-bluehost-sqlite.ps1 ` -FtpServer $env:FTP_SERVER ` -FtpUsername $env:FTP_USERNAME ` -FtpPassword $env:FTP_PASSWORD ` -LocalBackupDbPath "path\\to\\app.db"
Render Postgres Restore (explicit confirmation)
See docs/RENDER_BACKUPS.md and scripts/data/restore-render-postgres.sh.
Setup (Secrets)
To enable encrypted GitHub backups:
powershell
$env:BACKUP_PASSPHRASE = "<passphrase>" $env:RENDER_POSTGRES_BACKUP_URL = "<postgres connection string>" ./scripts/data/set-github-backup-secrets.ps1
What This Skill Avoids
- •Writing secrets into repo files.
- •Creating new production data from local state.
- •“Blind” deploys into the wrong Bluehost folder (multi-site drift).