- Add runtime_config.php: credential store backed by runtime_config.json
(gitignored). Falls back to .env values so existing envs need no migration.
- Add admin_api.php: status / test_kling / update_kling endpoints gated
behind ADMIN_EMAILS allowlist. Accepts Bearer idToken when SSO enabled;
uses mock dev@localhost when SSO disabled.
- config.php: replace KLING_ACCESS_KEY/SECRET_KEY defines with ADMIN_EMAILS
- kling_api.php: read credentials via getKlingCredentials() on every request
so rotations take effect immediately without a server restart
- All .env templates: add ADMIN_EMAILS= (dev@localhost populated in .env.local)
- AdminSettings.jsx: modal with masked status, Test Connection, Save Credentials
- AppContent.jsx: admin status check on mount; Settings gear shown to admins
- Fix production URL in .env.production/.env.example (optical-prod.oliver.solutions)
- .gitignore: exclude backend/runtime_config.json
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
All backend PHP files require config.php as their first include.
It was gitignored and missing, causing PHP fatal errors that produced
empty responses — breaking JSON parsing in the frontend.
The new config.php has no hardcoded secrets; it reads all values
(GEMINI_API_KEY, KLING_ACCESS_KEY, KLING_SECRET_KEY, SSO_*) from
the .env file via env_loader.php.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
