diff --git a/CLAUDE.md b/CLAUDE.md index d6d69f1..5e0d134 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -14,6 +14,10 @@ Cross-repo planning and documentation lives in a dedicated git repo: `github.com Work in this project is typically cross-repo. Always read/update the plan in the shared docs repo, not a per-repo copy. Commit docs changes via PR to `sirerun/docs` independently from code PRs. +## Staging Environment — HIBERNATED + +`sire-staging.run` is temporarily hibernated (E3 in the shared docs/plan.md) to reduce cloud costs until funding closes. Do not deploy or test against staging. Tests target production using dedicated `qa+bot@sire.run` accounts in sandboxed workspaces. Hibernated (deleted): staging Cloud SQL, Redis, GKE. Preserved: secrets, Artifact Registry, DNS, KMS, IAM, Pulumi state. Revival: revert E3 gates and `pulumi up --stack staging`. + ## No Manual DevOps — IaC + Release Pipeline Only Production and staging are managed exclusively through IaC and the CI/CD release pipeline. Banned: `kubectl set/edit/scale/patch/delete` and `kubectl apply` against staging/prod, `gcloud secrets create/add/delete` and other imperative `gcloud` mutations, direct prod DB writes, hot-patching pods, re-tagging or force-pushing. Required path: edit IaC → PR → CI → rebase merge → tag release → deploy workflow → verify via workflow checks. Read-only diagnostics (`kubectl get/describe/logs`, `gcloud ... list/access`, `gh run view`) are fine. Agents: never run mutating commands against live infra; open a PR.