Files
arnes/work/artifacts/F-002/security.json

29 lines
1.1 KiB
JSON

{
"feature_id": "F-002",
"agent": "security",
"verdict": "APPROVED",
"summary": "Tracked PHP files no longer contain hard-coded DB or OpenAI secrets. Production URLs in tracked PHP source were replaced by config lookups. Real local values now live in ignored local config.",
"checks": [
"secret scan on tracked PHP files",
"route scan on tracked PHP files",
"git ignore check for local config"
],
"findings": [
{
"severity": "medium",
"title": "SQL dump may still contain production-like data and should be handled in separate work",
"status": "accepted-risk",
"paths": [
"project/sql/db-25052026.sql"
]
}
],
"evidence": [
"Ran rg scan for sk-proj/admin_natural/oo6478022A on tracked PHP files and found no matches",
"Ran rg scan for hard-coded mercadodevida production URLs on tracked PHP files and found no matches",
"Confirmed project/web/index/new/config/local.php is ignored by git",
"Reviewed config loader, template, and local setup docs"
],
"timestamp": "2026-05-25T05:55:00Z"
}