diff --git a/TODO.md b/TODO.md
index 22ff7c8..514bf25 100644
--- a/TODO.md
+++ b/TODO.md
@@ -410,7 +410,7 @@ Goal: rename the tables and column to the canonical M2M pattern (`tags`, `thesis
       future API endpoint) a partial failure leaves orphaned rows. Wrap the body in
       `BEGIN … COMMIT / ROLLBACK` (check `$this->pdo->inTransaction()` to avoid nesting).
 
-- [ ] **DB config auto-detection is fragile** — `src/config.php` switches to `test.db` whenever the
+- [x] **DB config auto-detection is fragile** — `src/config.php` switches to `test.db` whenever the
       file exists locally, which means a developer who ran tests and forgot to delete `test.db` will
       silently hit test data on a local production-mirror. Make the default `prod`; require explicit
       `DB_ENV=test` to use the test database.
diff --git a/justfile b/justfile
index c9c6ff7..4f7c4bd 100644
--- a/justfile
+++ b/justfile
@@ -84,20 +84,20 @@ deploy-db:
 
 [group('test')]
 test:
-    @php tests/run-tests.php
+    @DB_ENV=test php tests/run-tests.php
 
 [group('test')]
 test-unit:
-    @php tests/Unit/DatabaseTest.php
-    @php tests/Unit/RateLimitTest.php
+    @DB_ENV=test php tests/Unit/DatabaseTest.php
+    @DB_ENV=test php tests/Unit/RateLimitTest.php
 
 [group('test')]
 test-integration:
-    @php tests/Integration/SearchTest.php
+    @DB_ENV=test php tests/Integration/SearchTest.php
 
 [group('test')]
 test-security:
-    @php tests/Security/SecurityTest.php
+    @DB_ENV=test php tests/Security/SecurityTest.php
 
 [group('test')]
 syntax:
diff --git a/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json b/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json
index be25078..fc1eee3 100644
--- a/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json
+++ b/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json
@@ -1 +1 @@
-[1774701325]
\ No newline at end of file
+[1774701765]
\ No newline at end of file
diff --git a/src/config.php b/src/config.php
index 70fbda4..0a117c6 100644
--- a/src/config.php
+++ b/src/config.php
@@ -15,35 +15,23 @@ define('DB_TEST_PATH', DB_ROOT . '/storage/test.db');
 define('DB_PROD_PATH', DB_ROOT . '/storage/posterg.db');
 
 /**
- * Determine which database to use
- * Checks environment variable DB_ENV, defaults to auto-detection
+ * Determine which database to use.
  *
- * Set DB_ENV in your environment:
- * - export DB_ENV=test     # Force test database
- * - export DB_ENV=prod     # Force production database
+ * Always defaults to the production database.
+ * Set DB_ENV=test explicitly to use the test database.
  *
- * Auto-detection logic:
- * - If test.db exists, use it (development)
- * - Otherwise use posterg.db (production)
+ *   export DB_ENV=test   # use storage/test.db
+ *   export DB_ENV=prod   # use storage/posterg.db (default)
+ *
+ * The old file-existence auto-detection has been removed: a leftover
+ * test.db on a developer machine no longer silently redirects all
+ * requests to test data.
  */
-function getDatabasePath() {
-    // Allow explicit override via environment variable
-    $env = getenv('DB_ENV');
-
-    if ($env === 'test') {
+function getDatabasePath(): string {
+    if (getenv('DB_ENV') === 'test') {
         return DB_TEST_PATH;
     }
 
-    if ($env === 'prod') {
-        return DB_PROD_PATH;
-    }
-
-    // Auto-detect: prefer test database if it exists
-    if (file_exists(DB_TEST_PATH)) {
-        return DB_TEST_PATH;
-    }
-
-    // Default to production database
     return DB_PROD_PATH;
 }
 
diff --git a/storage/test.db b/storage/test.db
index 3cfd596..843b8cc 100644
Binary files a/storage/test.db and b/storage/test.db differ
diff --git a/tests/Integration/SearchTest.php b/tests/Integration/SearchTest.php
index 7adac27..6fcea12 100644
--- a/tests/Integration/SearchTest.php
+++ b/tests/Integration/SearchTest.php
@@ -4,6 +4,8 @@
  * Tests search queries and results
  */
 
+putenv('DB_ENV=test');
+
 require_once __DIR__ . '/../../src/Database.php';
 
 echo "Search Functionality Test\n";
diff --git a/tests/Security/SecurityTest.php b/tests/Security/SecurityTest.php
index d25163d..a696e33 100644
--- a/tests/Security/SecurityTest.php
+++ b/tests/Security/SecurityTest.php
@@ -4,6 +4,8 @@
  * Tests SQL injection protection and input sanitization
  */
 
+putenv('DB_ENV=test');
+
 require_once __DIR__ . '/../../src/Database.php';
 
 echo "Security Test Suite\n";
diff --git a/tests/Unit/DatabaseTest.php b/tests/Unit/DatabaseTest.php
index e6661b9..091c114 100644
--- a/tests/Unit/DatabaseTest.php
+++ b/tests/Unit/DatabaseTest.php
@@ -4,6 +4,9 @@
  * Tests basic database connectivity and query functionality
  */
 
+// Must be set before Database.php is required so getDatabasePath() picks it up.
+putenv('DB_ENV=test');
+
 require_once __DIR__ . '/../../src/Database.php';
 
 echo "Database Connection Test\n";
diff --git a/tests/run-tests.php b/tests/run-tests.php
index 9027710..f271469 100755
--- a/tests/run-tests.php
+++ b/tests/run-tests.php
@@ -5,6 +5,10 @@
  * Runs all tests in the tests/ directory
  */
 
+// Tests always run against the test database; require an explicit opt-in so
+// that a stray test.db on disk never silently redirects a production session.
+putenv('DB_ENV=test');
+
 echo "╔════════════════════════════════════════════╗\n";
 echo "║         Post-ERG Test Suite                ║\n";
 echo "╚════════════════════════════════════════════╝\n\n";