50 lines
1.4 KiB
Markdown
50 lines
1.4 KiB
Markdown
# Product Spec
|
|
|
|
## Problem
|
|
Legacy PHP app lives in temporary path `project/new`.
|
|
SQL dump lives mixed with app code.
|
|
There is no ARNES design record for this code.
|
|
This makes next change work risky and hard to trace.
|
|
|
|
## Objective
|
|
Put legacy app in stable ARNES project layout.
|
|
Keep same code and same behavior for now.
|
|
Make next work easy to trace, review, and test.
|
|
|
|
## Users
|
|
- Primary user: maintainer of legacy PHP app
|
|
- Secondary user: architect, implementer, reviewer, qa
|
|
|
|
## Scope v1
|
|
- In scope:
|
|
- document current legacy app structure
|
|
- define target repo layout
|
|
- move app code to `project/web/index/new`
|
|
- move SQL dump to `project/sql/db-25052026.sql`
|
|
- Out of scope:
|
|
- auth rewrite
|
|
- OpenAI secret cleanup
|
|
- production deploy
|
|
- feature refactor
|
|
|
|
## F-002 — Remove secrets and externalize config
|
|
|
|
### Problem
|
|
Legacy PHP files still contain API keys, DB credentials, and production URLs.
|
|
This blocks security approval and makes local setup unsafe.
|
|
|
|
### Objective
|
|
Load config from one local source outside versioned code.
|
|
Keep page behavior the same while removing hard-coded secrets from tracked PHP files.
|
|
|
|
### Scope
|
|
- In scope:
|
|
- one config loader for legacy module
|
|
- one local config file shape for DB, OpenAI, URLs, and endpoints
|
|
- replace hard-coded values in tracked PHP files
|
|
- setup notes for local config
|
|
- Out of scope:
|
|
- auth redesign
|
|
- worker refactor beyond config use
|
|
- deploy automation
|