# WebWizard - Agent's Project Guide

Welcome! This file provides a high-level overview of the **WebWizard** project to help you understand the architecture, conventions, and workflows.

## 📝 Project Overview
WebWizard is an **AI-driven website concierge** (MVP) that allows users to create static websites through a guided wizard. It collects business information, uses AI (DAIAPI) to generate marketing copy and SEO metadata, and then renders a complete, standalone static website for export.

## 🛠️ Technical Stack
- **Backend:** PHP 8.2+ (Pure PHP, no external frameworks like Laravel or Symfony).
- **Frontend:** Vanilla JavaScript (ES6+), CSS Grid/Flexbox (No UI libraries like Bootstrap).
- **Data Persistence:** File-based JSON storage in the `data/` directory. No database.
- **Autoloading:** Composer (PSR-4, Namespace: `App\`).
- **Indentation:** **STRICTLY TABS** (Global preference).

## 🏗️ Architecture & Workflow
The application follows a linear data-gathering process:

1.  **Wizard (Frontend)**: 8 steps in `public/index.html` managed by `public/js/wizard.js`.
2.  **API Layer**: All communication goes through `public/ajax.php` (POST with JSON payload).
3.  **Actions**: Logic residing in `src/Actions/` (e.g., `ProjectActions`, `TaskActions`).
4.  **AI Queuing**: When wizard finishes, a task is created in `data/llm/`.
5.  **Worker**: `scripts/worker.php` processes the queue, calls `DAIClient`, and stores generated content.
6.  **Renderer**: `src/Services/Renderer.php` combines user data + AI content + PHP templates (`src/Templates/`) into a static site in `exports/<project_id>/`.
7.  **Export**: The final site is zipped for download.

## 📂 Directory Structure
- `public/`: Web root. Contains `index.html`, `ajax.php`, `css/`, and `js/`.
- `src/`: PHP source code (`App\` namespace).
    - `Actions/`: API controllers/handlers.
    - `Services/`: Business logic (FileStorage, Renderer, LLMpool, DAIClient).
    - `Templates/`: PHP šablóny for the generated websites.
    - `Utils/`: Helpers and Configuration loader.
- `data/`: Protected data storage (Users, Projects, Consent, AI tasks). Protected by `.htaccess`.
- `exports/`: Destination for generated websites. Subfolders are project-specific.
- `scripts/`: CLI scripts (e.g., the `worker.php`).
- `tests/`: Debug and connectivity test scripts.

## ⚙️ Configuration
- `.env`: Local environment settings (e.g., `DAIAPI_URL`).
- `Config.php`: Utility to load and access these settings.

## 🔒 Security Principles
- **Protected Data**: Direct web access to `data/` and `exports/` subfolders (except public assets) is blocked.
- **Sanitization**: All output in templates uses the `e()` helper (htmlspecialchars).
- **Exports**: Generated sites use `config.php` (not JSON) to hide SMTP credentials.
- **Passwords**: Local viewer passwords are hashed using `password_hash()`.

## 🤖 AI Integration (DAIAPI)
- Connects to a local/VPN API at `http://10.2.8.1:9001/run` (DEV) or `http://192.168.122.10:9001/run` (PROD).
- Prompt logic is in `src/Prompts/ContentPrompt.php`. It forces JSON output and forbids HTML tags.

## 🚀 Common Commands
- **Run Worker (Continuous)**: `php scripts/worker.php --loop`
- **Test AI Connectivity**: `php tests/debug_dai.php`
- **Regenerate Autoloader**: `composer dump-autoload`

---
*Always respect the "No Frameworks" and "Tabs only" rules. Keep the code surgical and sémantic.*