feat: security advisory aggregator, manifest API rewrite, namespace rename #284

2026-06-21T01:22:54Z

jmiller commented

2026-06-21 01:22:54 +00:00

Summary

#150: Add security:advisories command — cross-repo CVE scanner via composer audit with checkpoint resumability, severity filtering, and auto-issue creation
#283: Rewrite manifest:read to use Gitea manifest API as primary source with auto-detection fallback (no more manifest.xml dependency)
Rename MokoStandards / MokoEnterprise namespaces → MokoCli across 294 files
Rename MokoStandardsParser class → ManifestParser
Fix composer.json autoload paths: src/ → source/

Test plan

php -l passes on all modified PHP files
composer dump-autoload succeeds with new namespace mappings
php bin/moko list shows security:advisories and manifest:read
manifest:read --json returns metadata via API for repos with GA_TOKEN set
manifest:read --json auto-detects Joomla platform for repos without manifest.xml
No remaining MokoStandards or MokoEnterprise references outside vendor/

Closes #150, closes #283

## Summary - **#150**: Add `security:advisories` command — cross-repo CVE scanner via `composer audit` with checkpoint resumability, severity filtering, and auto-issue creation - **#283**: Rewrite `manifest:read` to use Gitea manifest API as primary source with auto-detection fallback (no more `manifest.xml` dependency) - Rename `MokoStandards` / `MokoEnterprise` namespaces → `MokoCli` across 294 files - Rename `MokoStandardsParser` class → `ManifestParser` - Fix `composer.json` autoload paths: `src/` → `source/` ## Test plan - [ ] `php -l` passes on all modified PHP files - [ ] `composer dump-autoload` succeeds with new namespace mappings - [ ] `php bin/moko list` shows `security:advisories` and `manifest:read` - [ ] `manifest:read --json` returns metadata via API for repos with `GA_TOKEN` set - [ ] `manifest:read --json` auto-detects Joomla platform for repos without `manifest.xml` - [ ] No remaining `MokoStandards` or `MokoEnterprise` references outside vendor/ Closes #150, closes #283

jmiller added 1 commit 2026-06-21 01:25:19 +00:00

feat: security advisory aggregator, manifest API rewrite, namespace rename (#150 , #283 )

Generic: Repo Health / Scripts governance (push) Blocked by required conditions

Details

Generic: Repo Health / Repository health (push) Blocked by required conditions

Details

Generic: Repo Health / Report Issues (push) Blocked by required conditions

Details

Platform: mokoplatform CI / Gate 2: Unit Tests (8.1) (pull_request) Blocked by required conditions

Details

Platform: mokoplatform CI / Gate 2: Unit Tests (8.2) (pull_request) Blocked by required conditions

Details

Platform: mokoplatform CI / Gate 2: Unit Tests (8.3) (pull_request) Blocked by required conditions

Details

Platform: mokoplatform CI / Gate 3: Self-Health Check (pull_request) Blocked by required conditions

Details

Platform: mokoplatform CI / Gate 4: Governance (pull_request) Blocked by required conditions

Details

Platform: mokoplatform CI / Gate 5: Template Integrity (pull_request) Blocked by required conditions

Details

Platform: mokoplatform CI / CI Summary (pull_request) Blocked by required conditions

Details

Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions

Details

Universal: PR Check / Report Issues (pull_request) Blocked by required conditions

Details

Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions

Details

Generic: Repo Health / Repository health (pull_request) Blocked by required conditions

Details

Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions

Details

Generic: Repo Health / Site Health (push) Has been skipped

Details

Generic: Repo Health / Access control (push) Successful in 1s

Details

Generic: Repo Health / Site Health (pull_request) Has been skipped

Details

Universal: PR Check / Branch Policy (pull_request) Failing after 2s

Details

Generic: Repo Health / Access control (pull_request) Successful in 2s

Details

Universal: PR Check / Validate PR (pull_request) Failing after 7s

Details

Universal: Security Audit / Dependency Audit (pull_request) Successful in 7s

Details

Universal: Auto Version Bump / Version Bump (push) Successful in 14s

Details

Platform: mokoplatform CI / Gate 1: Code Quality (pull_request) Failing after 1m8s

Details

033e948c79

- Add `security:advisories` command — cross-repo CVE scanner via composer audit
  with checkpoint resumability, severity filtering, and auto-issue creation
- Rewrite `manifest:read` to use Gitea manifest API as primary source with
  auto-detection fallback from source tree (no more manifest.xml dependency)
- Rename MokoStandards namespace → MokoCli across all files
- Rename MokoEnterprise namespace → MokoCli across all files
- Rename MokoStandardsParser class → ManifestParser
- Fix composer.json autoload paths: src/ → source/

jmiller force-pushed feature/150-security-advisory-aggregator from fac905adb5 to 033e948c79

2026-06-21 01:25:19 +00:00

Compare

jmiller added 1 commit 2026-06-21 01:25:37 +00:00

chore(version): auto-bump patch 09.29.02-dev [skip ci]

RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped

Details

Branch Cleanup / Delete merged branch (pull_request) Successful in 1s

Details

Universal: Build & Release / Promote to RC (pull_request) Has been skipped

Details

Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 21s

Details

Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 4m3s

Details

79c853354b

jmiller merged commit a0cc0953c7 into main

2026-06-21 01:26:11 +00:00

jmiller deleted branch feature/150-security-advisory-aggregator

2026-06-21 01:26:12 +00:00

Sign in to join this conversation.

Priority -

Type -

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoCLI#284