Maintain a reusable Core PHP 8.5 starter for DreamHost shared hosting with predictable, LLM-friendly structure.
- No PHP frameworks.
/publicis the only webroot; keep app logic outside it.- Use a single stylesheet at
/public/assets/css/site.cssonly. - Alpine.js via CDN; use HTMX only when full refresh is not possible.
- Keep code simple and explicit; prefer small functions/classes.
- Escape output in views; avoid inline CSS.
- Do not commit secrets or
.envfiles.
- DreamHost release layout:
/releases/<timestamp>/with/currentsymlink and webroot/current/public/. - MySQL via PDO; migrations must run automatically in CD.
- Auth: signup/login/logout, email verification, password reset via DreamHost
mail(). - Session auth + CSRF; roles Super Admin/Staff/User; workspace roles Workspace Owner/Workspace Admin/Workspace Member; RBAC with permissions.
- Admin panel skeleton (users + audit log) and uploads stored under
/storage. - Log to PHP error log and
/storage/logs/app.logwith rotation and >30-day cleanup. - Debug: show locally, hide in prod by default; allow admin-only or global override.
- Add or update tests for every feature.
- Add or update Playwright E2E tests for user-facing features.
- Append user-facing changes to
CHANGELOG.md. - Keep docs in
/docsaligned with code changes.
- Follow prompt packs in order; finish the current prompt before advancing.
- When a runbook specifies output contracts, comply for that step.
- Add routes in
routes/web.phpwith middleware as needed. - Add controller under
app/Controllersand keep actions small. - Add view(s) under
views/and escape output withe(). - Add DB tables/migrations in
app/Database/Migrationsif needed. - Add tests in
tests/(including Playwright E2E for user-facing flows) and updateCHANGELOG.md.
- Do not introduce a framework or add heavy dependencies.
- Do not put secrets or
.envfiles in the repo. - Do not serve files from
/storagedirectly via/public. - Do not bypass CSRF or auth checks on POST routes.
- Do not change the release layout (
/releases,/current). - Do not delete existing code or comments which are unrelated to the current task or change.