1.2 KiB
1.2 KiB
ADR-002: Use local config loader for legacy module
Status
Accepted
Context
Security gate for F-001 failed. Legacy PHP files still hold DB credentials, OpenAI keys, and production-coupled URLs. The module needs one small config mechanism without large refactor.
Decision
Add bootstrap.php to the legacy module root.
Load config from config/local.php with fallback to config/local.example.php.
Expose shared helper functions for config lookup and DB connection.
Update web pages and worker to read DB, OpenAI, route, and URL values through this helper.
Ignore config/local.php in git.
Consequences
- Good:
- secrets leave tracked PHP source files
- one config shape is reused by web pages and worker
- local setup becomes explicit
- Bad:
- module still depends on local file management
- fallback example config can still fail at runtime until maintainer fills real values
Alternatives considered
- Use environment variables only - rejected because this legacy module already expects file-based setup.
- Keep secrets in PHP constants - rejected because tracked source would still hold sensitive values.
- Full framework migration - rejected because scope is too large for this fix.
Date
2026-05-25