F-002 fix: Remove secrets and externalize config
This commit is contained in:
31
work/artifacts/F-001/architect.md
Normal file
31
work/artifacts/F-001/architect.md
Normal file
@@ -0,0 +1,31 @@
|
||||
# Architect Artefact — Feature: F-001
|
||||
|
||||
## SDD Changes
|
||||
- Added `spec/sdd/architecture.md`
|
||||
- Added component docs:
|
||||
- `spec/sdd/components/legacy-web-module.md`
|
||||
- `spec/sdd/components/bulk-seo-worker.md`
|
||||
- `spec/sdd/components/development-data-baseline.md`
|
||||
- Added ADR:
|
||||
- `spec/sdd/decisions/001-store-legacy-app-under-project-web.md`
|
||||
|
||||
## BDD Coverage
|
||||
- Added `spec/bdd/features/layout/legacy-app-layout.feature`
|
||||
- Coverage target:
|
||||
- stable web module path
|
||||
- stable SQL dump path
|
||||
- design trace exists
|
||||
|
||||
## Technical decisions
|
||||
- Use `project/web/index/new` as stable repo path for copied legacy web code.
|
||||
- Use `project/sql/db-25052026.sql` as stable path for local dev dump.
|
||||
- Keep legacy internal module tree unchanged in this feature.
|
||||
|
||||
## Risks found
|
||||
- Legacy code has hard-coded secrets and production URLs.
|
||||
- External files `login.php` and `success.php` are not in repo.
|
||||
- SQL dump may contain production-like data.
|
||||
|
||||
## Next step
|
||||
- Move files with no content change.
|
||||
- Re-run verify after move.
|
||||
24
work/artifacts/F-001/documenter.md
Normal file
24
work/artifacts/F-001/documenter.md
Normal file
@@ -0,0 +1,24 @@
|
||||
# Documenter Artefact — Feature: F-001
|
||||
|
||||
## What changed
|
||||
- Added SDD record for legacy PHP product module.
|
||||
- Added ADR for stable repo layout.
|
||||
- Added BDD trace for layout move.
|
||||
- Moved legacy web code to `project/web/index/new`.
|
||||
- Moved SQL dump to `project/sql/db-25052026.sql`.
|
||||
|
||||
## Files to know
|
||||
- `spec/sdd/architecture.md`
|
||||
- `spec/sdd/components/legacy-web-module.md`
|
||||
- `spec/sdd/components/bulk-seo-worker.md`
|
||||
- `spec/sdd/components/development-data-baseline.md`
|
||||
- `spec/sdd/decisions/001-store-legacy-app-under-project-web.md`
|
||||
- `spec/bdd/features/layout/legacy-app-layout.feature`
|
||||
- `project/web/index/new/`
|
||||
- `project/sql/db-25052026.sql`
|
||||
|
||||
## Notes for next feature
|
||||
- Remove secrets from PHP files.
|
||||
- Externalize DB and API config.
|
||||
- Replace production-coupled URLs and missing external dependencies.
|
||||
- Move runtime logs out of web tree.
|
||||
38
work/artifacts/F-001/implementer.md
Normal file
38
work/artifacts/F-001/implementer.md
Normal file
@@ -0,0 +1,38 @@
|
||||
# Implementer Artefact — Feature: F-001
|
||||
|
||||
## Summary
|
||||
Moved legacy PHP module into stable ARNES project path.
|
||||
Moved SQL dump into stable project data path.
|
||||
Kept legacy module internal tree unchanged.
|
||||
Updated local project path docs.
|
||||
|
||||
## Changes
|
||||
- moved `project/new` -> `project/web/index/new`
|
||||
- moved `project/db-25052026.sql` -> `project/sql/db-25052026.sql`
|
||||
- updated `project/README.md`
|
||||
- updated `spec/tech.md`
|
||||
- updated `work/current.md`
|
||||
|
||||
## Evidence
|
||||
- before file count in module: `124`
|
||||
- after file count in module: `124`
|
||||
- before size of module: `640K`
|
||||
- after size of module: `640K`
|
||||
- SQL dump present after move: `project/sql/db-25052026.sql` (`229M`)
|
||||
- old path removed: `project/new`
|
||||
- verify result: `./scripts/verify.sh` OK
|
||||
|
||||
## Checks run
|
||||
- `find project/new -type f | wc -l`
|
||||
- `du -sh project/new project/db-25052026.sql`
|
||||
- `mv project/new project/web/index/new`
|
||||
- `mv project/db-25052026.sql project/sql/db-25052026.sql`
|
||||
- `find project -maxdepth 4 | sort`
|
||||
- `find project/web/index/new -type f | wc -l`
|
||||
- `du -sh project/web/index/new project/sql/db-25052026.sql`
|
||||
- `./scripts/verify.sh`
|
||||
|
||||
## Notes
|
||||
- No functional refactor done.
|
||||
- No secret cleanup done.
|
||||
- External dependencies `login.php` and `success.php` still live outside repo.
|
||||
22
work/artifacts/F-001/qa.json
Normal file
22
work/artifacts/F-001/qa.json
Normal file
@@ -0,0 +1,22 @@
|
||||
{
|
||||
"feature_id": "F-001",
|
||||
"agent": "qa",
|
||||
"verdict": "APPROVED",
|
||||
"summary": "Acceptance criteria for layout move are satisfied. Design trace exists, target paths exist, old path is removed, and core harness verification is green.",
|
||||
"traceability": [
|
||||
"AC: SDD docs exist and explain current legacy app structure -> spec/sdd/architecture.md and component docs created",
|
||||
"AC: ADR records why code moves under project/web and SQL under project/sql -> spec/sdd/decisions/001-store-legacy-app-under-project-web.md",
|
||||
"AC: Legacy code is moved with same contents and no file loss -> implementer evidence shows same file count and size before/after",
|
||||
"AC: SQL dump is kept as local development baseline in project/sql -> project/sql/db-25052026.sql exists and is referenced in docs",
|
||||
"AC: verify.sh is green -> ./scripts/verify.sh passed after move"
|
||||
],
|
||||
"evidence": [
|
||||
"Reviewed spec/bdd/features/layout/legacy-app-layout.feature",
|
||||
"Reviewed work/artifacts/F-001/implementer.md",
|
||||
"Checked project/web/index/new exists",
|
||||
"Checked project/sql/db-25052026.sql exists",
|
||||
"Checked project/new is removed",
|
||||
"Checked ./scripts/verify.sh output is OK"
|
||||
],
|
||||
"timestamp": "2026-05-25T05:45:00Z"
|
||||
}
|
||||
14
work/artifacts/F-001/reviewer.json
Normal file
14
work/artifacts/F-001/reviewer.json
Normal file
@@ -0,0 +1,14 @@
|
||||
{
|
||||
"feature_id": "F-001",
|
||||
"agent": "reviewer",
|
||||
"verdict": "APPROVED",
|
||||
"summary": "Layout move is correct. SDD and BDD trace exist. Legacy module and SQL dump now live in explicit stable paths. No file loss was found in move evidence.",
|
||||
"evidence": [
|
||||
"Reviewed work/artifacts/F-001/architect.md",
|
||||
"Reviewed work/artifacts/F-001/implementer.md",
|
||||
"Checked project tree under project/web/index/new and project/sql/db-25052026.sql",
|
||||
"Confirmed old path project/new is removed",
|
||||
"Confirmed ./scripts/verify.sh is green"
|
||||
],
|
||||
"timestamp": "2026-05-25T05:45:00Z"
|
||||
}
|
||||
52
work/artifacts/F-001/security.json
Normal file
52
work/artifacts/F-001/security.json
Normal file
@@ -0,0 +1,52 @@
|
||||
{
|
||||
"feature_id": "F-001",
|
||||
"agent": "security",
|
||||
"verdict": "CHANGES_REQUESTED",
|
||||
"summary": "Legacy code still contains hard-coded API credentials, database credentials, and production-coupled endpoints inside versioned files. Feature cannot pass security gate until secrets are removed or externalized.",
|
||||
"checks": [
|
||||
"secret scan",
|
||||
"input and config review",
|
||||
"repo path review"
|
||||
],
|
||||
"findings": [
|
||||
{
|
||||
"severity": "high",
|
||||
"title": "Hard-coded API credential in legacy PHP files",
|
||||
"status": "open",
|
||||
"paths": [
|
||||
"project/web/index/new/describe.php",
|
||||
"project/web/index/new/worker_bulk.php",
|
||||
"project/web/index/new/productos_bulk_update.php"
|
||||
]
|
||||
},
|
||||
{
|
||||
"severity": "high",
|
||||
"title": "Hard-coded database credentials in versioned PHP files",
|
||||
"status": "open",
|
||||
"paths": [
|
||||
"project/web/index/new/worker_bulk.php",
|
||||
"project/web/index/new/productos_modificados.php",
|
||||
"project/web/index/new/productos_bulk_update.php",
|
||||
"project/web/index/new/db/conn.php"
|
||||
]
|
||||
},
|
||||
{
|
||||
"severity": "medium",
|
||||
"title": "Code is coupled to production URLs and external auth/success endpoints",
|
||||
"status": "open",
|
||||
"paths": [
|
||||
"project/web/index/new/index.php",
|
||||
"project/web/index/new/inc/header.php",
|
||||
"project/web/index/new/productos_modificados.php",
|
||||
"project/web/index/new/productos_bulk_update.php"
|
||||
]
|
||||
}
|
||||
],
|
||||
"evidence": [
|
||||
"Ran secret scan on project/web/index/new excluding logs",
|
||||
"Found hard-coded API and DB credentials in PHP source files",
|
||||
"Found production URL coupling and external endpoint references",
|
||||
"Reviewed ADR risk note that secrets remain in repo"
|
||||
],
|
||||
"timestamp": "2026-05-25T05:45:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user