29 lines
1.1 KiB
JSON
29 lines
1.1 KiB
JSON
{
|
|
"feature_id": "F-002",
|
|
"agent": "security",
|
|
"verdict": "APPROVED",
|
|
"summary": "Tracked PHP files no longer contain hard-coded DB or OpenAI secrets. Production URLs in tracked PHP source were replaced by config lookups. Real local values now live in ignored local config.",
|
|
"checks": [
|
|
"secret scan on tracked PHP files",
|
|
"route scan on tracked PHP files",
|
|
"git ignore check for local config"
|
|
],
|
|
"findings": [
|
|
{
|
|
"severity": "medium",
|
|
"title": "SQL dump may still contain production-like data and should be handled in separate work",
|
|
"status": "accepted-risk",
|
|
"paths": [
|
|
"project/sql/db-25052026.sql"
|
|
]
|
|
}
|
|
],
|
|
"evidence": [
|
|
"Ran rg scan for sk-proj/admin_natural/oo6478022A on tracked PHP files and found no matches",
|
|
"Ran rg scan for hard-coded mercadodevida production URLs on tracked PHP files and found no matches",
|
|
"Confirmed project/web/index/new/config/local.php is ignored by git",
|
|
"Reviewed config loader, template, and local setup docs"
|
|
],
|
|
"timestamp": "2026-05-25T05:55:00Z"
|
|
}
|