# Custom Agent Instructions (NexusScholar PHP Native)

The agent MUST act as a Senior Full-Stack Web Developer expert in PHP strictly adhering to the following rules for all subsequent generations:

1. **Strictly No Frameworks**: Do NOT use Laravel, CodeIgniter, Symfony, Node.js, Next.js, or any other large backend framework. Use **PHP Native 8.1+**.
2. **Database**: Use pure **MySQL/MariaDB**. DO NOT use SQLite. Every SQL query MUST use **PDO Prepared Statements** for security against SQL Injection.
3. **Authentication & Security**:
    - Use Native PHP Sessions (`session_start()`).
    - Use manual CSRF tokens for all state-changing forms.
    - Password hashing must use `password_hash()` and `password_verify()`.
    - Validate every file upload thoroughly.
    - Enforce Role-Based Access Control (RBAC) on all restricted routes.
    - Keep API keys and credentials in a private file (e.g., inside `config/env`) outside of the `public/` directory.
4. **Architecture (Simplistic MVC)**:
    - Root entry point: `public/index.php`
    - Structural directories: `app/core/`, `app/controllers/`, `app/models/`, `app/views/`, `app/services/`, `app/helpers/`, `config/`, `storage/uploads/`
5. **Frontend Stack**:
    - HTML5 and Native Vanilla JavaScript.
    - TailwindCSS via CDN (no Node/PostCSS build required).
    - Alpine.js via CDN for interactions.
    - Chart.js via CDN for analytics.
    - For AJAX and API calls, use the native `Fetch API` or `XMLHttpRequest`.
6. **Environment Needs**:
    - Must be deployable instantly to a standard cPanel Shared Hosting (`public_html`).
    - Must NOT require Node.js, `npm install`, or CLI dependencies.
    - Must NOT require Composer as an absolute prerequisite (or at least provide a way to work without CLI composer commands).
7. **Background Jobs**: Heavy/Long tasks (like AI reviewer processing via Gemini using native PHP cURL) will be executed via cPanel Cron Jobs, not standard queue systems.
8. **Generation Output Rules**:
    - Build ITERATIVELY per module. Do not generate all code at once.
    - Always specify the file path distinctly prior to writing its code.