F-002 fix: Remove secrets and externalize config

This commit is contained in:
rikrdo
2026-05-25 08:00:05 +02:00
parent d3a558352d
commit 3d41579ad3
58 changed files with 1192807 additions and 52 deletions

View File

@@ -0,0 +1,31 @@
# Architect Artefact — Feature: F-001
## SDD Changes
- Added `spec/sdd/architecture.md`
- Added component docs:
- `spec/sdd/components/legacy-web-module.md`
- `spec/sdd/components/bulk-seo-worker.md`
- `spec/sdd/components/development-data-baseline.md`
- Added ADR:
- `spec/sdd/decisions/001-store-legacy-app-under-project-web.md`
## BDD Coverage
- Added `spec/bdd/features/layout/legacy-app-layout.feature`
- Coverage target:
- stable web module path
- stable SQL dump path
- design trace exists
## Technical decisions
- Use `project/web/index/new` as stable repo path for copied legacy web code.
- Use `project/sql/db-25052026.sql` as stable path for local dev dump.
- Keep legacy internal module tree unchanged in this feature.
## Risks found
- Legacy code has hard-coded secrets and production URLs.
- External files `login.php` and `success.php` are not in repo.
- SQL dump may contain production-like data.
## Next step
- Move files with no content change.
- Re-run verify after move.

View File

@@ -0,0 +1,24 @@
# Documenter Artefact — Feature: F-001
## What changed
- Added SDD record for legacy PHP product module.
- Added ADR for stable repo layout.
- Added BDD trace for layout move.
- Moved legacy web code to `project/web/index/new`.
- Moved SQL dump to `project/sql/db-25052026.sql`.
## Files to know
- `spec/sdd/architecture.md`
- `spec/sdd/components/legacy-web-module.md`
- `spec/sdd/components/bulk-seo-worker.md`
- `spec/sdd/components/development-data-baseline.md`
- `spec/sdd/decisions/001-store-legacy-app-under-project-web.md`
- `spec/bdd/features/layout/legacy-app-layout.feature`
- `project/web/index/new/`
- `project/sql/db-25052026.sql`
## Notes for next feature
- Remove secrets from PHP files.
- Externalize DB and API config.
- Replace production-coupled URLs and missing external dependencies.
- Move runtime logs out of web tree.

View File

@@ -0,0 +1,38 @@
# Implementer Artefact — Feature: F-001
## Summary
Moved legacy PHP module into stable ARNES project path.
Moved SQL dump into stable project data path.
Kept legacy module internal tree unchanged.
Updated local project path docs.
## Changes
- moved `project/new` -> `project/web/index/new`
- moved `project/db-25052026.sql` -> `project/sql/db-25052026.sql`
- updated `project/README.md`
- updated `spec/tech.md`
- updated `work/current.md`
## Evidence
- before file count in module: `124`
- after file count in module: `124`
- before size of module: `640K`
- after size of module: `640K`
- SQL dump present after move: `project/sql/db-25052026.sql` (`229M`)
- old path removed: `project/new`
- verify result: `./scripts/verify.sh` OK
## Checks run
- `find project/new -type f | wc -l`
- `du -sh project/new project/db-25052026.sql`
- `mv project/new project/web/index/new`
- `mv project/db-25052026.sql project/sql/db-25052026.sql`
- `find project -maxdepth 4 | sort`
- `find project/web/index/new -type f | wc -l`
- `du -sh project/web/index/new project/sql/db-25052026.sql`
- `./scripts/verify.sh`
## Notes
- No functional refactor done.
- No secret cleanup done.
- External dependencies `login.php` and `success.php` still live outside repo.

View File

@@ -0,0 +1,22 @@
{
"feature_id": "F-001",
"agent": "qa",
"verdict": "APPROVED",
"summary": "Acceptance criteria for layout move are satisfied. Design trace exists, target paths exist, old path is removed, and core harness verification is green.",
"traceability": [
"AC: SDD docs exist and explain current legacy app structure -> spec/sdd/architecture.md and component docs created",
"AC: ADR records why code moves under project/web and SQL under project/sql -> spec/sdd/decisions/001-store-legacy-app-under-project-web.md",
"AC: Legacy code is moved with same contents and no file loss -> implementer evidence shows same file count and size before/after",
"AC: SQL dump is kept as local development baseline in project/sql -> project/sql/db-25052026.sql exists and is referenced in docs",
"AC: verify.sh is green -> ./scripts/verify.sh passed after move"
],
"evidence": [
"Reviewed spec/bdd/features/layout/legacy-app-layout.feature",
"Reviewed work/artifacts/F-001/implementer.md",
"Checked project/web/index/new exists",
"Checked project/sql/db-25052026.sql exists",
"Checked project/new is removed",
"Checked ./scripts/verify.sh output is OK"
],
"timestamp": "2026-05-25T05:45:00Z"
}

View File

@@ -0,0 +1,14 @@
{
"feature_id": "F-001",
"agent": "reviewer",
"verdict": "APPROVED",
"summary": "Layout move is correct. SDD and BDD trace exist. Legacy module and SQL dump now live in explicit stable paths. No file loss was found in move evidence.",
"evidence": [
"Reviewed work/artifacts/F-001/architect.md",
"Reviewed work/artifacts/F-001/implementer.md",
"Checked project tree under project/web/index/new and project/sql/db-25052026.sql",
"Confirmed old path project/new is removed",
"Confirmed ./scripts/verify.sh is green"
],
"timestamp": "2026-05-25T05:45:00Z"
}

View File

@@ -0,0 +1,52 @@
{
"feature_id": "F-001",
"agent": "security",
"verdict": "CHANGES_REQUESTED",
"summary": "Legacy code still contains hard-coded API credentials, database credentials, and production-coupled endpoints inside versioned files. Feature cannot pass security gate until secrets are removed or externalized.",
"checks": [
"secret scan",
"input and config review",
"repo path review"
],
"findings": [
{
"severity": "high",
"title": "Hard-coded API credential in legacy PHP files",
"status": "open",
"paths": [
"project/web/index/new/describe.php",
"project/web/index/new/worker_bulk.php",
"project/web/index/new/productos_bulk_update.php"
]
},
{
"severity": "high",
"title": "Hard-coded database credentials in versioned PHP files",
"status": "open",
"paths": [
"project/web/index/new/worker_bulk.php",
"project/web/index/new/productos_modificados.php",
"project/web/index/new/productos_bulk_update.php",
"project/web/index/new/db/conn.php"
]
},
{
"severity": "medium",
"title": "Code is coupled to production URLs and external auth/success endpoints",
"status": "open",
"paths": [
"project/web/index/new/index.php",
"project/web/index/new/inc/header.php",
"project/web/index/new/productos_modificados.php",
"project/web/index/new/productos_bulk_update.php"
]
}
],
"evidence": [
"Ran secret scan on project/web/index/new excluding logs",
"Found hard-coded API and DB credentials in PHP source files",
"Found production URL coupling and external endpoint references",
"Reviewed ADR risk note that secrets remain in repo"
],
"timestamp": "2026-05-25T05:45:00Z"
}

View File

@@ -0,0 +1,28 @@
# Architect Artefact — Feature: F-002
## SDD Changes
- Added `spec/sdd/components/legacy-config-loader.md`
- Added `spec/sdd/decisions/002-use-local-config-loader-for-legacy-module.md`
- Extended product, tech, and acceptance specs for F-002
## BDD Coverage
- Added `spec/bdd/features/config/legacy-config.feature`
- Coverage target:
- no tracked secrets in PHP files
- one shared config helper
- documented local config setup
## Technical decisions
- Use module-root `bootstrap.php` as one config entry point.
- Use ignored `config/local.php` for real local values.
- Use versioned `config/local.example.php` for safe shape and defaults.
- Share one mysqli helper across web pages and worker.
## Risks found
- Example config will not make app fully runnable until maintainer fills local values.
- Legacy logs remain under web tree for now.
## Next step
- Implement bootstrap and config files.
- Replace inline secrets and URLs in tracked PHP files.
- Run verify and secret scan.

View File

@@ -0,0 +1,27 @@
# Documenter Artefact — Feature: F-002
## What changed
- Added one shared config loader at `project/web/index/new/bootstrap.php`.
- Added versioned config template at `project/web/index/new/config/local.example.php`.
- Added local setup notes at `project/web/index/new/config/README.md`.
- Ignored real local config file `project/web/index/new/config/local.php`.
- Updated legacy PHP entry points to use shared config lookups.
## Important files
- `project/web/index/new/bootstrap.php`
- `project/web/index/new/config/local.example.php`
- `project/web/index/new/config/README.md`
- `project/web/index/new/db/conn.php`
- `project/web/index/new/inc/header.php`
- `project/web/index/new/index.php`
- `project/web/index/new/describe.php`
- `project/web/index/new/productos_bulk_update.php`
- `project/web/index/new/productos_modificados.php`
- `project/web/index/new/worker_bulk.php`
## Local setup note
Copy or edit `project/web/index/new/config/local.php` with real local values before running the module.
## Follow-up
- Review the SQL dump for sensitive data and retention policy.
- Consider moving runtime logs out of the web tree.

View File

@@ -0,0 +1,35 @@
# Implementer Artefact — Feature: F-002
## Summary
Added one shared config loader for the legacy PHP module.
Moved DB, OpenAI, and route values out of tracked PHP source files.
Added versioned config template and ignored local config file path.
Updated docs and specs for local setup.
## Code changes
- added `project/web/index/new/bootstrap.php`
- added `project/web/index/new/config/local.example.php`
- added `project/web/index/new/config/README.md`
- added `project/web/index/new/README.md`
- updated `.gitignore` to ignore `project/web/index/new/config/local.php`
- updated PHP entry points to use `legacy_config()` and `legacy_new_mysqli()`
- removed inline DB and OpenAI secrets from tracked PHP files
- replaced inline production URLs in tracked PHP files with config keys
## Evidence
- `./scripts/verify.sh` -> OK
- secret scan on tracked PHP files -> no hard-coded DB or OpenAI secrets found
- route scan on tracked PHP files -> no hard-coded production URLs found
- ignore check -> `project/web/index/new/config/local.php` is ignored by git
- local config docs exist -> `project/web/index/new/config/README.md`
- config template exists -> `project/web/index/new/config/local.example.php`
## Checks run
- `./scripts/verify.sh`
- `rg -n "(sk-proj-|admin_natural|oo6478022A)" project/web/index/new --glob '!logs/*' --glob '!config/local.php' --glob '!config/local.example.php' --glob '*.php'`
- `rg -n "https://mercadodevida\.es|https://www\.mercadodevida\.es" project/web/index/new --glob '!logs/*' --glob '!config/local.php' --glob '!config/local.example.php' --glob '*.php'`
- `git check-ignore -v project/web/index/new/config/local.php`
## Notes
- Real local values must be filled in `config/local.php`.
- Existing SQL dump remains in repo and should be handled by separate data-security work.

View File

@@ -0,0 +1,14 @@
{
"feature_id": "F-002",
"agent": "leader",
"verdict": "APPROVED",
"summary": "All required non-leader gates are approved for F-002. Feature is accepted for final publish with shared config loader, tracked secret removal, and green harness verification.",
"evidence": [
"Reviewed work/artifacts/F-002/reviewer.json -> APPROVED",
"Reviewed work/artifacts/F-002/security.json -> APPROVED",
"Reviewed work/artifacts/F-002/qa.json -> APPROVED",
"Reviewed work/artifacts/F-002/documenter.md",
"Ran ./scripts/verify.sh -> OK"
],
"timestamp": "2026-05-25T06:00:00Z"
}

View File

@@ -0,0 +1,11 @@
{
"agent": "leader",
"verdict": "PUBLISHED",
"feature_id": "F-002",
"branch": "main",
"remote": "origin",
"message": "F-002 fix: Remove secrets and externalize config",
"pushed": true,
"published_at": "2026-05-25T06:00:01Z",
"note": "This artifact is committed inside the publish commit for this ticket."
}

View File

@@ -0,0 +1,21 @@
{
"feature_id": "F-002",
"agent": "qa",
"verdict": "APPROVED",
"summary": "Acceptance for config externalization is satisfied by shared loader, config docs, scans, and green harness verification.",
"traceability": [
"AC: No hard-coded API or DB secrets stay in versioned PHP files -> tracked PHP secret scan returned no matches",
"AC: Config values load from one local config source -> bootstrap.php reads config/local.php with fallback example shape",
"AC: Prod URLs and external endpoints are configurable -> index.php and inc/header.php now use config keys; product and image URLs use config keys",
"AC: Legacy pages still point to valid local config keys after change -> entry points call legacy_config() and legacy_new_mysqli()",
"AC: verify.sh is green -> ./scripts/verify.sh passed after changes"
],
"evidence": [
"Reviewed spec/bdd/features/config/legacy-config.feature",
"Reviewed bootstrap.php and config docs",
"Reviewed work/artifacts/F-002/implementer.md",
"Checked .gitignore entry for config/local.php",
"Checked verify output is OK"
],
"timestamp": "2026-05-25T05:55:00Z"
}

View File

@@ -0,0 +1,13 @@
{
"feature_id": "F-002",
"agent": "reviewer",
"verdict": "APPROVED",
"summary": "Shared config loader is consistent across the legacy module. Tracked PHP files now read DB, OpenAI, and route values through helpers instead of inline literals.",
"evidence": [
"Reviewed project/web/index/new/bootstrap.php",
"Reviewed updated entry points: index.php, describe.php, productos_bulk_update.php, productos_modificados.php, worker_bulk.php, inc/header.php, db/conn.php",
"Reviewed config template and setup docs under project/web/index/new/config/",
"Reviewed work/artifacts/F-002/implementer.md"
],
"timestamp": "2026-05-25T05:55:00Z"
}

View File

@@ -0,0 +1,28 @@
{
"feature_id": "F-002",
"agent": "security",
"verdict": "APPROVED",
"summary": "Tracked PHP files no longer contain hard-coded DB or OpenAI secrets. Production URLs in tracked PHP source were replaced by config lookups. Real local values now live in ignored local config.",
"checks": [
"secret scan on tracked PHP files",
"route scan on tracked PHP files",
"git ignore check for local config"
],
"findings": [
{
"severity": "medium",
"title": "SQL dump may still contain production-like data and should be handled in separate work",
"status": "accepted-risk",
"paths": [
"project/sql/db-25052026.sql"
]
}
],
"evidence": [
"Ran rg scan for sk-proj/admin_natural/oo6478022A on tracked PHP files and found no matches",
"Ran rg scan for hard-coded mercadodevida production URLs on tracked PHP files and found no matches",
"Confirmed project/web/index/new/config/local.php is ignored by git",
"Reviewed config loader, template, and local setup docs"
],
"timestamp": "2026-05-25T05:55:00Z"
}