<IfModule mod_rewrite.c>
    RewriteEngine on
    
    # Security: Block direct access to sensitive files and folders
    RewriteRule ^\.env$ - [F,L]
    RewriteRule ^app/ - [F,L]
    RewriteRule ^database/ - [F,L]

    # Auto-routing: Rewrite all root requests to the /public directory
    # so that the app runs directly from the domain root.
    RewriteCond %{REQUEST_URI} !^/public/
    RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
