Files
arnes/spec/product.md

50 lines
1.4 KiB
Markdown

# Product Spec
## Problem
Legacy PHP app lives in temporary path `project/new`.
SQL dump lives mixed with app code.
There is no ARNES design record for this code.
This makes next change work risky and hard to trace.
## Objective
Put legacy app in stable ARNES project layout.
Keep same code and same behavior for now.
Make next work easy to trace, review, and test.
## Users
- Primary user: maintainer of legacy PHP app
- Secondary user: architect, implementer, reviewer, qa
## Scope v1
- In scope:
- document current legacy app structure
- define target repo layout
- move app code to `project/web/index/new`
- move SQL dump to `project/sql/db-25052026.sql`
- Out of scope:
- auth rewrite
- OpenAI secret cleanup
- production deploy
- feature refactor
## F-002 — Remove secrets and externalize config
### Problem
Legacy PHP files still contain API keys, DB credentials, and production URLs.
This blocks security approval and makes local setup unsafe.
### Objective
Load config from one local source outside versioned code.
Keep page behavior the same while removing hard-coded secrets from tracked PHP files.
### Scope
- In scope:
- one config loader for legacy module
- one local config file shape for DB, OpenAI, URLs, and endpoints
- replace hard-coded values in tracked PHP files
- setup notes for local config
- Out of scope:
- auth redesign
- worker refactor beyond config use
- deploy automation