Files
arnes/spec/sdd/decisions/002-use-local-config-loader-for-legacy-module.md

1.2 KiB

ADR-002: Use local config loader for legacy module

Status

Accepted

Context

Security gate for F-001 failed. Legacy PHP files still hold DB credentials, OpenAI keys, and production-coupled URLs. The module needs one small config mechanism without large refactor.

Decision

Add bootstrap.php to the legacy module root. Load config from config/local.php with fallback to config/local.example.php. Expose shared helper functions for config lookup and DB connection. Update web pages and worker to read DB, OpenAI, route, and URL values through this helper. Ignore config/local.php in git.

Consequences

  • Good:
    • secrets leave tracked PHP source files
    • one config shape is reused by web pages and worker
    • local setup becomes explicit
  • Bad:
    • module still depends on local file management
    • fallback example config can still fail at runtime until maintainer fills real values

Alternatives considered

  1. Use environment variables only - rejected because this legacy module already expects file-based setup.
  2. Keep secrets in PHP constants - rejected because tracked source would still hold sensitive values.
  3. Full framework migration - rejected because scope is too large for this fix.

Date

2026-05-25