2.1 KiB
Product Spec
Problem
Legacy PHP app lives in temporary path project/new.
SQL dump lives mixed with app code.
There is no ARNES design record for this code.
This makes next change work risky and hard to trace.
Objective
Put legacy app in stable ARNES project layout. Keep same code and same behavior for now. Make next work easy to trace, review, and test.
Users
- Primary user: maintainer of legacy PHP app
- Secondary user: architect, implementer, reviewer, qa
Scope v1
- In scope:
- document current legacy app structure
- define target repo layout
- move app code to
project/web/index/new - move SQL dump to
project/sql/db-25052026.sql
- Out of scope:
- auth rewrite
- OpenAI secret cleanup
- production deploy
- feature refactor
F-002 — Remove secrets and externalize config
Problem
Legacy PHP files still contain API keys, DB credentials, and production URLs. This blocks security approval and makes local setup unsafe.
Objective
Load config from one local source outside versioned code. Keep page behavior the same while removing hard-coded secrets from tracked PHP files.
Scope
- In scope:
- one config loader for legacy module
- one local config file shape for DB, OpenAI, URLs, and endpoints
- replace hard-coded values in tracked PHP files
- setup notes for local config
- Out of scope:
- auth redesign
- worker refactor beyond config use
- deploy automation
F-003 — Sanitize SQL dump for safe dev use
Problem
Current SQL dump in repo looks like a production snapshot. It contains sensitive and production-like data. This is unsafe as a tracked development baseline.
Objective
Replace the raw dump in the working tree with a safe development baseline. Keep local development possible for the legacy PHP module. Document how to handle private data outside git.
Scope
- In scope:
- define safe SQL baseline strategy
- replace current tracked dump with sanitized development dump
- document private local dump handling
- keep module development possible with synthetic seed data
- Out of scope:
- production database changes
- app logic changes
- full OpenCart dataset preservation