F-002 fix: Remove secrets and externalize config

This commit is contained in:
rikrdo
2026-05-25 08:00:05 +02:00
parent d3a558352d
commit 3d41579ad3
58 changed files with 1192807 additions and 52 deletions

View File

@@ -0,0 +1,33 @@
# ADR-001: Store legacy app under project web path
## Status
Accepted
## Context
Legacy PHP code was copied into `project/new`.
That path does not explain app role.
SQL dump also sits beside code in `project/` root.
We need stable layout before deeper refactor.
## Decision
Store legacy web code under `project/web/index/new`.
Store SQL dump under `project/sql/db-25052026.sql`.
Keep internal legacy file tree unchanged inside module.
Do not refactor code in same step.
## Consequences
- Good:
- repo layout shows what is web code and what is data
- ARNES design docs can point to stable paths
- future config and secret cleanup gets easier
- Bad:
- move may require path-aware follow-up in later features
- repo still contains legacy secrets until later cleanup
## Alternatives considered
1. Keep code in `project/new` - rejected because path is temporary and vague.
2. Move code to `project/app` - rejected because this is web module, not service code.
3. Refactor layout and code now - rejected because scope would grow too much.
## Date
2026-05-25

View File

@@ -0,0 +1,33 @@
# ADR-002: Use local config loader for legacy module
## Status
Accepted
## Context
Security gate for F-001 failed.
Legacy PHP files still hold DB credentials, OpenAI keys, and production-coupled URLs.
The module needs one small config mechanism without large refactor.
## Decision
Add `bootstrap.php` to the legacy module root.
Load config from `config/local.php` with fallback to `config/local.example.php`.
Expose shared helper functions for config lookup and DB connection.
Update web pages and worker to read DB, OpenAI, route, and URL values through this helper.
Ignore `config/local.php` in git.
## Consequences
- Good:
- secrets leave tracked PHP source files
- one config shape is reused by web pages and worker
- local setup becomes explicit
- Bad:
- module still depends on local file management
- fallback example config can still fail at runtime until maintainer fills real values
## Alternatives considered
1. Use environment variables only - rejected because this legacy module already expects file-based setup.
2. Keep secrets in PHP constants - rejected because tracked source would still hold sensitive values.
3. Full framework migration - rejected because scope is too large for this fix.
## Date
2026-05-25