{ "project": "template-project", "description": "Template ARNES agnóstico para cualquier proyecto", "rules": { "one_feature_at_a_time": true, "require_review_gate": true, "require_security_gate": true, "require_qa_gate": true, "valid_status": [ "pending", "in_progress", "blocked", "done" ], "valid_types": [ "feature", "fix", "bug", "chore" ] }, "template_feature_schema": { "id": "F-001", "type": "feature", "title": "Short ticket title", "problem": "Need change", "goal": "Make flow better", "scope_in": [ "Core flow" ], "scope_out": [ "No redesign" ], "priority": "med", "risk": "low", "description": "Problem: ... Goal: ... Scope IN: ... Scope OUT: ... Type: ... Priority: ... Risk: ...", "acceptance": [ "Flow works end to end", "No break old behavior" ], "status": "pending", "created_at": "YYYY-MM-DD", "gates": { "review": false, "security": false, "qa": false } }, "features": [ { "id": "F-001", "type": "feature", "title": "Document and move legacy PHP app into ARNES project layout", "problem": "Legacy PHP app lives in temporary folder and has no ARNES design record", "goal": "Create SDD record and move code and SQL into stable project layout", "scope_in": [ "SDD docs", "ADR for layout", "move project/new to project/web/index/new", "move SQL dump to project/sql" ], "scope_out": [ "No functional refactor", "No production deploy", "No OpenAI or auth rewrite yet" ], "priority": "high", "risk": "med", "description": "Problem: Legacy PHP app lives in temporary folder and has no ARNES design record. Goal: Create SDD record and move code and SQL into stable project layout. Scope IN: SDD docs, ADR for layout, move project/new to project/web/index/new, move SQL dump to project/sql. Scope OUT: No functional refactor, No production deploy, No OpenAI or auth rewrite yet. Type: feature. Priority: high. Risk: med.", "acceptance": [ "SDD docs exist and explain current legacy app structure", "ADR records why code moves under project/web and SQL under project/sql", "Legacy code is moved with same contents and no file loss", "SQL dump is kept as local development baseline in project/sql", "verify.sh is green" ], "status": "blocked", "created_at": "2026-05-25", "gates": { "review": false, "security": false, "qa": false } }, { "id": "F-002", "type": "fix", "title": "Remove secrets and externalize config", "problem": "Secrets live in repo and prod URLs live in code", "goal": "Move secrets and config out of source files", "scope_in": [ "config loader", "replace hardcoded DB and OpenAI values", "centralize base URLs and external endpoints", "setup docs" ], "scope_out": [ "No business logic refactor", "No deploy automation", "No auth redesign" ], "priority": "high", "risk": "high", "description": "Problem: Secrets live in repo and prod URLs live in code. Goal: Move secrets and config out of source files. Scope IN: config loader, replace hardcoded DB and OpenAI values, centralize base URLs and external endpoints, setup docs. Scope OUT: No business logic refactor, No deploy automation, No auth redesign. Type: fix. Priority: high. Risk: high.", "acceptance": [ "No hard-coded API or DB secrets stay in versioned PHP files", "Config values load from one local config source", "Prod URLs and external endpoints are configurable", "Legacy pages still point to valid local config keys after change", "verify.sh is green" ], "status": "done", "created_at": "2026-05-25", "gates": { "review": false, "security": false, "qa": false } }, { "id": "F-003", "type": "fix", "title": "Sanitize SQL dump for safe dev use", "problem": "Repo keeps production-like SQL dump with sensitive data risk", "goal": "Keep dev database baseline without sensitive live data in repo", "scope_in": [ "review dump scope", "define safe replacement strategy", "remove or redact sensitive data", "document local data handling" ], "scope_out": [ "No app logic change", "No production DB changes", "No schema redesign" ], "priority": "high", "risk": "high", "description": "Problem: Repo keeps production-like SQL dump with sensitive data risk. Goal: Keep dev database baseline without sensitive live data in repo. Scope IN: review dump scope, define safe replacement strategy, remove or redact sensitive data, document local data handling. Scope OUT: No app logic change, No production DB changes, No schema redesign. Type: fix. Priority: high. Risk: high.", "acceptance": [ "Repo no longer stores raw sensitive production-like SQL dump as current dev baseline", "Safe dev data handling is documented", "Replacement dump or import path keeps local development possible", "Security risk note for SQL data is addressed", "verify.sh is green" ], "status": "done", "created_at": "2026-05-25", "gates": { "review": false, "security": false, "qa": false } } ] }