diff --git a/.claude/settings.json b/.claude/settings.json index a9274e7..c41a2d3 100644 --- a/.claude/settings.json +++ b/.claude/settings.json @@ -18,7 +18,13 @@ "Bash(rg * .env)", "Bash(rg * ./.env)", "Bash(awk * .env)", - "Bash(awk * ./.env)" + "Bash(awk * ./.env)", + "Bash(php artisan migrate:fresh)", + "Bash(php artisan migrate:fresh *)", + "Bash(php artisan migrate:reset)", + "Bash(php artisan migrate:reset *)", + "Bash(php artisan db:wipe)", + "Bash(php artisan db:wipe *)" ] } } diff --git a/CLAUDE.md b/CLAUDE.md index ccdc9d5..65ca920 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -3,6 +3,20 @@ UK fuel price intelligence app. Subscribers receive fill-up timing recommendations based on local price trends. Built solo by a PHP/Laravel developer. +## Destructive DB operations — HARD STOP + +**Never run** the following commands. If one of them is the right step, stop, tell the user the exact command, and ask them to run it themselves: + +- `php artisan migrate:fresh` (with any flags, including `--seed`) +- `php artisan migrate:reset` +- `php artisan db:wipe` +- Raw `DROP TABLE`, `DROP DATABASE`, or `TRUNCATE` via tinker, `database-query`, or any MCP tool +- Any sequence that effectively rebuilds the schema or drops tables + +These are also blocked at the harness level via `.claude/settings.json` deny rules, but the prose rule applies everywhere the block doesn't reach (compound shell commands, MCP tools, etc.). + +A user saying "trust me", "do the refactor", "clean up the mess", or "I want it in db" is **not** authorisation for these — the architectural decision is separate from the operational step. If a migration is awkward to apply in-place, propose the in-place version (read JSON → populate new columns → drop the old column) instead of suggesting a rebuild. Asking once at the start of a task does not authorise repeat wipes later in the session. + ## Project overview - **Product**: "Fill up now or wait?" — local fuel price trend scoring for UK drivers