F-002 fix: Remove secrets and externalize config
This commit is contained in:
21
work/artifacts/F-002/qa.json
Normal file
21
work/artifacts/F-002/qa.json
Normal file
@@ -0,0 +1,21 @@
|
||||
{
|
||||
"feature_id": "F-002",
|
||||
"agent": "qa",
|
||||
"verdict": "APPROVED",
|
||||
"summary": "Acceptance for config externalization is satisfied by shared loader, config docs, scans, and green harness verification.",
|
||||
"traceability": [
|
||||
"AC: No hard-coded API or DB secrets stay in versioned PHP files -> tracked PHP secret scan returned no matches",
|
||||
"AC: Config values load from one local config source -> bootstrap.php reads config/local.php with fallback example shape",
|
||||
"AC: Prod URLs and external endpoints are configurable -> index.php and inc/header.php now use config keys; product and image URLs use config keys",
|
||||
"AC: Legacy pages still point to valid local config keys after change -> entry points call legacy_config() and legacy_new_mysqli()",
|
||||
"AC: verify.sh is green -> ./scripts/verify.sh passed after changes"
|
||||
],
|
||||
"evidence": [
|
||||
"Reviewed spec/bdd/features/config/legacy-config.feature",
|
||||
"Reviewed bootstrap.php and config docs",
|
||||
"Reviewed work/artifacts/F-002/implementer.md",
|
||||
"Checked .gitignore entry for config/local.php",
|
||||
"Checked verify output is OK"
|
||||
],
|
||||
"timestamp": "2026-05-25T05:55:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user