F-002 fix: Remove secrets and externalize config

This commit is contained in:
rikrdo
2026-05-25 08:00:05 +02:00
parent d3a558352d
commit 3d41579ad3
58 changed files with 1192807 additions and 52 deletions

View File

@@ -1,15 +1,49 @@
# Product Spec
## Problema
Describe el problema de negocio.
## Problem
Legacy PHP app lives in temporary path `project/new`.
SQL dump lives mixed with app code.
There is no ARNES design record for this code.
This makes next change work risky and hard to trace.
## Objetivo
Define el resultado esperado del producto.
## Objective
Put legacy app in stable ARNES project layout.
Keep same code and same behavior for now.
Make next work easy to trace, review, and test.
## Usuarios
- Usuario principal:
- Usuario secundario:
## Users
- Primary user: maintainer of legacy PHP app
- Secondary user: architect, implementer, reviewer, qa
## Alcance v1
## Scope v1
- In scope:
- document current legacy app structure
- define target repo layout
- move app code to `project/web/index/new`
- move SQL dump to `project/sql/db-25052026.sql`
- Out of scope:
- auth rewrite
- OpenAI secret cleanup
- production deploy
- feature refactor
## F-002 — Remove secrets and externalize config
### Problem
Legacy PHP files still contain API keys, DB credentials, and production URLs.
This blocks security approval and makes local setup unsafe.
### Objective
Load config from one local source outside versioned code.
Keep page behavior the same while removing hard-coded secrets from tracked PHP files.
### Scope
- In scope:
- one config loader for legacy module
- one local config file shape for DB, OpenAI, URLs, and endpoints
- replace hard-coded values in tracked PHP files
- setup notes for local config
- Out of scope:
- auth redesign
- worker refactor beyond config use
- deploy automation