Files
arnes/spec/product.md

1.4 KiB

Product Spec

Problem

Legacy PHP app lives in temporary path project/new. SQL dump lives mixed with app code. There is no ARNES design record for this code. This makes next change work risky and hard to trace.

Objective

Put legacy app in stable ARNES project layout. Keep same code and same behavior for now. Make next work easy to trace, review, and test.

Users

  • Primary user: maintainer of legacy PHP app
  • Secondary user: architect, implementer, reviewer, qa

Scope v1

  • In scope:
    • document current legacy app structure
    • define target repo layout
    • move app code to project/web/index/new
    • move SQL dump to project/sql/db-25052026.sql
  • Out of scope:
    • auth rewrite
    • OpenAI secret cleanup
    • production deploy
    • feature refactor

F-002 — Remove secrets and externalize config

Problem

Legacy PHP files still contain API keys, DB credentials, and production URLs. This blocks security approval and makes local setup unsafe.

Objective

Load config from one local source outside versioned code. Keep page behavior the same while removing hard-coded secrets from tracked PHP files.

Scope

  • In scope:
    • one config loader for legacy module
    • one local config file shape for DB, OpenAI, URLs, and endpoints
    • replace hard-coded values in tracked PHP files
    • setup notes for local config
  • Out of scope:
    • auth redesign
    • worker refactor beyond config use
    • deploy automation