F-002 fix: Remove secrets and externalize config
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
# ADR-002: Use local config loader for legacy module
|
||||
|
||||
## Status
|
||||
Accepted
|
||||
|
||||
## Context
|
||||
Security gate for F-001 failed.
|
||||
Legacy PHP files still hold DB credentials, OpenAI keys, and production-coupled URLs.
|
||||
The module needs one small config mechanism without large refactor.
|
||||
|
||||
## Decision
|
||||
Add `bootstrap.php` to the legacy module root.
|
||||
Load config from `config/local.php` with fallback to `config/local.example.php`.
|
||||
Expose shared helper functions for config lookup and DB connection.
|
||||
Update web pages and worker to read DB, OpenAI, route, and URL values through this helper.
|
||||
Ignore `config/local.php` in git.
|
||||
|
||||
## Consequences
|
||||
- Good:
|
||||
- secrets leave tracked PHP source files
|
||||
- one config shape is reused by web pages and worker
|
||||
- local setup becomes explicit
|
||||
- Bad:
|
||||
- module still depends on local file management
|
||||
- fallback example config can still fail at runtime until maintainer fills real values
|
||||
|
||||
## Alternatives considered
|
||||
1. Use environment variables only - rejected because this legacy module already expects file-based setup.
|
||||
2. Keep secrets in PHP constants - rejected because tracked source would still hold sensitive values.
|
||||
3. Full framework migration - rejected because scope is too large for this fix.
|
||||
|
||||
## Date
|
||||
2026-05-25
|
||||
Reference in New Issue
Block a user