F-002 fix: Remove secrets and externalize config

This commit is contained in:
rikrdo
2026-05-25 08:00:05 +02:00
parent d3a558352d
commit 3d41579ad3
58 changed files with 1192807 additions and 52 deletions

View File

@@ -0,0 +1,28 @@
{
"feature_id": "F-002",
"agent": "security",
"verdict": "APPROVED",
"summary": "Tracked PHP files no longer contain hard-coded DB or OpenAI secrets. Production URLs in tracked PHP source were replaced by config lookups. Real local values now live in ignored local config.",
"checks": [
"secret scan on tracked PHP files",
"route scan on tracked PHP files",
"git ignore check for local config"
],
"findings": [
{
"severity": "medium",
"title": "SQL dump may still contain production-like data and should be handled in separate work",
"status": "accepted-risk",
"paths": [
"project/sql/db-25052026.sql"
]
}
],
"evidence": [
"Ran rg scan for sk-proj/admin_natural/oo6478022A on tracked PHP files and found no matches",
"Ran rg scan for hard-coded mercadodevida production URLs on tracked PHP files and found no matches",
"Confirmed project/web/index/new/config/local.php is ignored by git",
"Reviewed config loader, template, and local setup docs"
],
"timestamp": "2026-05-25T05:55:00Z"
}