34 lines
1.2 KiB
Markdown
34 lines
1.2 KiB
Markdown
# ADR-002: Use local config loader for legacy module
|
|
|
|
## Status
|
|
Accepted
|
|
|
|
## Context
|
|
Security gate for F-001 failed.
|
|
Legacy PHP files still hold DB credentials, OpenAI keys, and production-coupled URLs.
|
|
The module needs one small config mechanism without large refactor.
|
|
|
|
## Decision
|
|
Add `bootstrap.php` to the legacy module root.
|
|
Load config from `config/local.php` with fallback to `config/local.example.php`.
|
|
Expose shared helper functions for config lookup and DB connection.
|
|
Update web pages and worker to read DB, OpenAI, route, and URL values through this helper.
|
|
Ignore `config/local.php` in git.
|
|
|
|
## Consequences
|
|
- Good:
|
|
- secrets leave tracked PHP source files
|
|
- one config shape is reused by web pages and worker
|
|
- local setup becomes explicit
|
|
- Bad:
|
|
- module still depends on local file management
|
|
- fallback example config can still fail at runtime until maintainer fills real values
|
|
|
|
## Alternatives considered
|
|
1. Use environment variables only - rejected because this legacy module already expects file-based setup.
|
|
2. Keep secrets in PHP constants - rejected because tracked source would still hold sensitive values.
|
|
3. Full framework migration - rejected because scope is too large for this fix.
|
|
|
|
## Date
|
|
2026-05-25
|