# AI DEVELOPMENT RULES – MEDORIA PROJECT ## PROJECT OVERVIEW This is a custom AI Content Automation System built as a standalone PHP application. It is NOT a Joomla component. The application: - fetches articles from predefined sources - allows admin to Accept / Reject - translates content using low-cost AI model - allows editing and finalizing with a stronger AI model - generates: - title - full article content - alias (Joomla style) - tags - meta description - transfers articles to Joomla via secure API endpoint (bridge) --- ## TECH STACK - PHP 8.3 (NO frameworks) - MySQL (utf8mb3_general_ci) - cPanel hosting (LiteSpeed) - Vanilla JavaScript (NO frameworks) - AJAX for async operations - OpenAI API for AI processing --- ## DATABASE RULES - Database schema is defined externally in `/sql/schema.sql` - NEVER modify database schema unless explicitly instructed - ALWAYS use prepared statements - ALWAYS validate and sanitize inputs - NEVER assume fields that are not defined in schema --- ## ARCHITECTURE RULES The application must follow a modular structure: Pages → AJAX Controllers → Services → Repositories → Database Separation of concerns is mandatory: - Pages = UI only - AJAX = request handling - Services = business logic - Repositories = database queries only --- ## SECURITY RULES (CRITICAL) - ALWAYS use prepared statements - NEVER expose API keys in frontend - ALWAYS validate all input data - ALWAYS escape output - IMPLEMENT CSRF protection for all forms and AJAX - ADMIN access only (no public access) - USE password_hash / password_verify for authentication - NO direct database interaction with Joomla - Joomla integration ONLY via secure API endpoint --- ## DEVELOPMENT APPROACH We work STRICTLY step-by-step. DO NOT: - generate large multi-file systems at once - change unrelated parts of the code - refactor working code without reason DO: - implement ONE feature at a time - provide FULL file code (not snippets) - keep code clean and readable - write debugging-friendly code - follow existing structure strictly Each step must end with: DONE --- ## PROJECT STRUCTURE (REFERENCE) Root structure: /admin /ajax /includes /services /repositories /templates /assets /storage /sql /docs --- ## CONFIGURATION RULES - All environment settings must be centralized - Database credentials must NOT be hardcoded across files - Must support easy switching between dev and production - Application must support deployment in subfolder or root path - Domain and base path must never be hardcoded - All base URLs, filesystem paths, and endpoint URLs must be configurable - Current development environment paths are not permanent and must not be assumed as final --- ## AI INTEGRATION RULES - AI logic must be isolated in services layer - Prompts must be configurable (via settings) - Different models: - search / translation - finalize - Always validate AI responses before saving --- ## JOOMLA INTEGRATION RULES - Communication via secure bridge endpoint ONLY - NEVER direct insert into Joomla database - Payload must include: - title - alias - content - meta description - tags - source URL - category - author - Articles must be created as UNPUBLISHED --- ## FINAL RULE If something is unclear: DO NOT GUESS. Follow existing structure and ask for clarification.