F-002 fix: Remove secrets and externalize config

This commit is contained in:
rikrdo
2026-05-25 08:00:05 +02:00
parent d3a558352d
commit 3d41579ad3
58 changed files with 1192807 additions and 52 deletions

View File

@@ -0,0 +1,20 @@
@F-002 @smoke @security @regression
Feature: Legacy module reads config from one local source
As a maintainer
I want secrets and URLs outside tracked PHP files
So I can run the legacy module without storing sensitive values in source
Scenario: Entry points use shared config helper
Given the legacy PHP module has multiple web and CLI entry points
When feature F-002 is applied
Then tracked PHP files do not contain hard-coded DB credentials
And tracked PHP files do not contain hard-coded OpenAI credentials
And DB and route values are loaded through a shared config helper
Scenario: Local config shape is documented
Given a maintainer needs to set local credentials
When feature F-002 is applied
Then the repo contains a versioned local config example
And the repo ignores the real local config file
And setup notes explain how to create the local config