Files
arnes/spec/product.md
2026-05-25 08:14:34 +02:00

73 lines
2.1 KiB
Markdown

# Product Spec
## Problem
Legacy PHP app lives in temporary path `project/new`.
SQL dump lives mixed with app code.
There is no ARNES design record for this code.
This makes next change work risky and hard to trace.
## Objective
Put legacy app in stable ARNES project layout.
Keep same code and same behavior for now.
Make next work easy to trace, review, and test.
## Users
- Primary user: maintainer of legacy PHP app
- Secondary user: architect, implementer, reviewer, qa
## Scope v1
- In scope:
- document current legacy app structure
- define target repo layout
- move app code to `project/web/index/new`
- move SQL dump to `project/sql/db-25052026.sql`
- Out of scope:
- auth rewrite
- OpenAI secret cleanup
- production deploy
- feature refactor
## F-002 — Remove secrets and externalize config
### Problem
Legacy PHP files still contain API keys, DB credentials, and production URLs.
This blocks security approval and makes local setup unsafe.
### Objective
Load config from one local source outside versioned code.
Keep page behavior the same while removing hard-coded secrets from tracked PHP files.
### Scope
- In scope:
- one config loader for legacy module
- one local config file shape for DB, OpenAI, URLs, and endpoints
- replace hard-coded values in tracked PHP files
- setup notes for local config
- Out of scope:
- auth redesign
- worker refactor beyond config use
- deploy automation
## F-003 — Sanitize SQL dump for safe dev use
### Problem
Current SQL dump in repo looks like a production snapshot.
It contains sensitive and production-like data.
This is unsafe as a tracked development baseline.
### Objective
Replace the raw dump in the working tree with a safe development baseline.
Keep local development possible for the legacy PHP module.
Document how to handle private data outside git.
### Scope
- In scope:
- define safe SQL baseline strategy
- replace current tracked dump with sanitized development dump
- document private local dump handling
- keep module development possible with synthetic seed data
- Out of scope:
- production database changes
- app logic changes
- full OpenCart dataset preservation