AgentSkillsCN

Rxspot State Sync

Rxspot 状态同步

SKILL.md

RxSpot State Sync (No-Data-Loss)

Mission

Provide a repeatable, operator-safe workflow to keep:

  • local developer state aligned with production runtime data, and
  • production protected from accidental overwrites.

This skill is intentionally conservative: it prefers read-only pulls and requires explicit confirmation tokens for any destructive restore action.

Golden Rules

  • Never deploy or upload auth/data/**, auth/sessions/**, or uploads/** as part of code deploys.
  • Never “replace prod DB from local” as a normal workflow.
  • Always take a pre-restore snapshot before any production restore.

Fetch (Mirror Production Locally)

Option A: Direct from Bluehost over FTP (most current)

Runs a production snapshot pull and refreshes local dev DB.

powershell
./scripts/data/sync-local-from-prod.ps1

Required env vars (or pass as flags):

  • FTP_SERVER
  • FTP_USERNAME
  • FTP_PASSWORD

Option B: From GitHub encrypted offsite backup (no FTP creds)

Pulls latest encrypted backup published by GitHub Actions.

powershell
$env:BACKUP_PASSPHRASE = "<passphrase>"
./scripts/data/pull-bluehost-backup.ps1 -Extract

Render Postgres backup pull:

powershell
$env:BACKUP_PASSPHRASE = "<passphrase>"
./scripts/data/pull-render-backup.ps1

Push (Deploy Code Changes)

  • git push to main triggers .github/workflows/deploy.yml.
  • Deploy workflow uses server-dir: ./ and excludes all runtime dirs to prevent data loss.

Push Gitignored Config (.env)

If you need to update production .env (gitignored by design), use the explicit-confirmation script:

powershell
$env:RXSPOT_PUSH_CONFIRM = "UPLOAD_ENV"
./scripts/data/push-bluehost-env.ps1 -FtpServer $env:FTP_SERVER -FtpUsername $env:FTP_USERNAME -FtpPassword $env:FTP_PASSWORD

Recovery (If Something Gets Wiped)

Bluehost SQLite Restore (explicit confirmation)

This is destructive and requires a confirmation token.

powershell
$env:RXSPOT_RESTORE_CONFIRM = "RESTORE_BLUEHOST_DB"
./scripts/data/restore-bluehost-sqlite.ps1 `
  -FtpServer $env:FTP_SERVER `
  -FtpUsername $env:FTP_USERNAME `
  -FtpPassword $env:FTP_PASSWORD `
  -LocalBackupDbPath "path\\to\\app.db"

Render Postgres Restore (explicit confirmation)

See docs/RENDER_BACKUPS.md and scripts/data/restore-render-postgres.sh.

Setup (Secrets)

To enable encrypted GitHub backups:

powershell
$env:BACKUP_PASSPHRASE = "<passphrase>"
$env:RENDER_POSTGRES_BACKUP_URL = "<postgres connection string>"
./scripts/data/set-github-backup-secrets.ps1

What This Skill Avoids

  • Writing secrets into repo files.
  • Creating new production data from local state.
  • “Blind” deploys into the wrong Bluehost folder (multi-site drift).