F-002 fix: Remove secrets and externalize config
This commit is contained in:
28
work/artifacts/F-002/security.json
Normal file
28
work/artifacts/F-002/security.json
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
"feature_id": "F-002",
|
||||
"agent": "security",
|
||||
"verdict": "APPROVED",
|
||||
"summary": "Tracked PHP files no longer contain hard-coded DB or OpenAI secrets. Production URLs in tracked PHP source were replaced by config lookups. Real local values now live in ignored local config.",
|
||||
"checks": [
|
||||
"secret scan on tracked PHP files",
|
||||
"route scan on tracked PHP files",
|
||||
"git ignore check for local config"
|
||||
],
|
||||
"findings": [
|
||||
{
|
||||
"severity": "medium",
|
||||
"title": "SQL dump may still contain production-like data and should be handled in separate work",
|
||||
"status": "accepted-risk",
|
||||
"paths": [
|
||||
"project/sql/db-25052026.sql"
|
||||
]
|
||||
}
|
||||
],
|
||||
"evidence": [
|
||||
"Ran rg scan for sk-proj/admin_natural/oo6478022A on tracked PHP files and found no matches",
|
||||
"Ran rg scan for hard-coded mercadodevida production URLs on tracked PHP files and found no matches",
|
||||
"Confirmed project/web/index/new/config/local.php is ignored by git",
|
||||
"Reviewed config loader, template, and local setup docs"
|
||||
],
|
||||
"timestamp": "2026-05-25T05:55:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user