F-003 fix: Sanitize SQL dump for safe dev use

This commit is contained in:
rikrdo
2026-05-25 08:14:34 +02:00
parent 3d41579ad3
commit e6feea5ee6
24 changed files with 483 additions and 1187942 deletions

View File

@@ -0,0 +1,25 @@
# Architect Artefact — Feature: F-003
## SDD Changes
- Added `spec/sdd/decisions/003-replace-raw-sql-with-sanitized-dev-baseline.md`
- Extended product, tech, and acceptance specs for F-003
- Will update development baseline component doc to reflect sanitized synthetic dataset
## BDD Coverage
- Added `spec/bdd/features/data/sanitized-sql-baseline.feature`
- Coverage target:
- tracked SQL baseline is sanitized
- private local data handling is documented
## Technical decisions
- Keep the current tracked SQL path for compatibility.
- Replace raw snapshot content with a small sanitized baseline.
- Seed only the tables and sample data needed by the legacy PHP module.
## Risks found
- Raw dump still exists in git history from earlier commits.
- Synthetic baseline may not cover every future workflow without more fixtures.
## Next step
- Replace tracked SQL file content with safe synthetic baseline.
- Add SQL handling docs and ignored path guidance.

View File

@@ -0,0 +1,19 @@
# Documenter Artefact — Feature: F-003
## What changed
- Replaced the tracked SQL baseline with a sanitized development dump.
- Added SQL handling docs at `project/sql/README.md`.
- Added ignored private SQL path guidance in `.gitignore`.
- Updated SDD, ADR, and BDD trace for safe SQL handling.
## Important files
- `project/sql/db-25052026.sql`
- `project/sql/README.md`
- `spec/sdd/components/development-data-baseline.md`
- `spec/sdd/decisions/003-replace-raw-sql-with-sanitized-dev-baseline.md`
- `spec/bdd/features/data/sanitized-sql-baseline.feature`
## Notes
- The current tracked tree uses only synthetic SQL seed data for module development.
- Any private raw dump must stay outside git or under ignored local paths.
- Full purge of earlier raw SQL from git history would be separate work if required.

View File

@@ -0,0 +1,32 @@
# Implementer Artefact — Feature: F-003
## Summary
Replaced the tracked raw SQL snapshot with a small sanitized development baseline.
Kept the same tracked SQL path for compatibility.
Added docs for safe local SQL handling and private raw dump storage outside git.
## Changes
- replaced `project/sql/db-25052026.sql` content with sanitized schema and synthetic seed data
- added `project/sql/README.md`
- updated `.gitignore` with ignored private SQL path
- updated `project/README.md`
- updated design docs for development baseline
## Evidence
- tracked SQL file size changed from about `229M` to `6.8K`
- data risk scan on tracked SQL file found no customer/order/production URL patterns
- sanitized SQL baseline contains `11` table definitions
- sanitized SQL baseline contains `10` seed insert blocks
- `./scripts/verify.sh` -> OK
## Checks run
- `ls -lh project/sql/db-25052026.sql`
- `head -n 40 project/sql/db-25052026.sql`
- `rg -n "(@|CLIENTE|order_id=|mercadodevida\.es|stripe|hotmail|gmail|phone=|oo6478022A|admin_natural)" project/sql/db-25052026.sql`
- `python3` table and insert count check on `project/sql/db-25052026.sql`
- `./scripts/verify.sh`
## Notes
- Current tracked tree is safe for local module work.
- Earlier raw dump still exists in git history from past commits and would need history rewrite if full purge is required.
- Private raw snapshots should stay outside git or under ignored local paths only.

View File

@@ -0,0 +1,14 @@
{
"feature_id": "F-003",
"agent": "leader",
"verdict": "APPROVED",
"summary": "All required non-leader gates are approved for F-003. The active tracked SQL baseline is sanitized, documented, and verified.",
"evidence": [
"Reviewed work/artifacts/F-003/reviewer.json -> APPROVED",
"Reviewed work/artifacts/F-003/security.json -> APPROVED",
"Reviewed work/artifacts/F-003/qa.json -> APPROVED",
"Reviewed work/artifacts/F-003/documenter.md",
"Ran ./scripts/verify.sh -> OK"
],
"timestamp": "2026-05-25T06:16:00Z"
}

View File

@@ -0,0 +1,11 @@
{
"agent": "leader",
"verdict": "PUBLISHED",
"feature_id": "F-003",
"branch": "main",
"remote": "origin",
"message": "F-003 fix: Sanitize SQL dump for safe dev use",
"pushed": true,
"published_at": "2026-05-25T06:14:34Z",
"note": "This artifact is committed inside the publish commit for this ticket."
}

View File

@@ -0,0 +1,21 @@
{
"feature_id": "F-003",
"agent": "qa",
"verdict": "APPROVED",
"summary": "Acceptance for safe SQL baseline is satisfied. The tracked SQL file is sanitized, docs exist, local development path remains documented, and harness verification is green.",
"traceability": [
"AC: Repo no longer stores the raw production-like SQL dump as active baseline -> tracked SQL file content replaced with synthetic baseline",
"AC: Tracked SQL baseline contains only safe synthetic or non-sensitive data -> risk scan returned no customer/order/production patterns",
"AC: Safe local data handling is documented -> project/sql/README.md and .gitignore private path guidance exist",
"AC: Local development remains possible -> sanitized SQL includes module schema and synthetic seed data for 11 tables",
"AC: verify.sh is green -> ./scripts/verify.sh passed after changes"
],
"evidence": [
"Reviewed spec/bdd/features/data/sanitized-sql-baseline.feature",
"Reviewed project/sql/db-25052026.sql",
"Reviewed project/sql/README.md",
"Reviewed work/artifacts/F-003/implementer.md",
"Checked verify output is OK"
],
"timestamp": "2026-05-25T06:15:00Z"
}

View File

@@ -0,0 +1,13 @@
{
"feature_id": "F-003",
"agent": "reviewer",
"verdict": "APPROVED",
"summary": "SQL baseline strategy is coherent. The tracked SQL file now targets local module needs with a focused schema and synthetic seed data, and docs explain private raw dump handling.",
"evidence": [
"Reviewed project/sql/db-25052026.sql",
"Reviewed project/sql/README.md",
"Reviewed spec/sdd/decisions/003-replace-raw-sql-with-sanitized-dev-baseline.md",
"Reviewed work/artifacts/F-003/implementer.md"
],
"timestamp": "2026-05-25T06:15:00Z"
}

View File

@@ -0,0 +1,28 @@
{
"feature_id": "F-003",
"agent": "security",
"verdict": "APPROVED",
"summary": "The active tracked SQL baseline no longer contains raw production-like customer or order data. The repo now documents that any private raw snapshot must stay outside git or in ignored local paths.",
"checks": [
"tracked SQL data-risk scan",
"private path and docs review",
"working tree review"
],
"findings": [
{
"severity": "medium",
"title": "Earlier raw snapshot still exists in git history",
"status": "accepted-risk",
"paths": [
"git history before F-003 publish"
]
}
],
"evidence": [
"Tracked SQL file now contains a 6.8K sanitized synthetic baseline",
"Data-risk scan on project/sql/db-25052026.sql returned no customer/order/production URL patterns",
"Reviewed project/sql/README.md and .gitignore entry for project/sql/private/",
"Confirmed current working tree no longer ships raw production-like SQL dump content"
],
"timestamp": "2026-05-25T06:15:00Z"
}