chore: sync .mokogitea/workflows/repo-health.yml from moko-platform [skip ci]

# Conflicts:
#	.mokogitea/.mokostandards
#	.mokogitea/CLAUDE.md
#	.mokogitea/ISSUE_TEMPLATE/adr.md
#	.mokogitea/ISSUE_TEMPLATE/bug_report.md
#	.mokogitea/ISSUE_TEMPLATE/config.yml
#	.mokogitea/ISSUE_TEMPLATE/documentation.md
#	.mokogitea/ISSUE_TEMPLATE/feature_request.md
#	.mokogitea/ISSUE_TEMPLATE/joomla_issue.md
#	.mokogitea/ISSUE_TEMPLATE/question.md
#	.mokogitea/ISSUE_TEMPLATE/rfc.md
#	.mokogitea/ISSUE_TEMPLATE/security.md
#	.mokogitea/ISSUE_TEMPLATE/version.md
#	.mokogitea/auto-assign.yml
#	.mokogitea/auto-release.yml
#	.mokogitea/branch-freeze.yml
#	.mokogitea/cascade-dev.yml
#	.mokogitea/changelog-validation.yml
#	.mokogitea/ci-joomla.yml
#	.mokogitea/cleanup.yml
#	.mokogitea/codeql-analysis.yml
#	.mokogitea/deploy-manual.yml
#	.mokogitea/gitleaks.yml
#	.mokogitea/manifest.xml
#	.mokogitea/notify.yml
#	.mokogitea/pr-branch-check.yml
#	.mokogitea/pr-check.yml
#	.mokogitea/pre-release.yml
#	.mokogitea/release.yml
#	.mokogitea/repo-health.yml
#	.mokogitea/repository-cleanup.yml
#	.mokogitea/security-audit.yml
#	.mokogitea/standards-compliance.yml
#	.mokogitea/sync-roadmap-wiki.yml
#	.mokogitea/sync-version-on-merge.yml
#	.mokogitea/update-server.yml
#	.mokogitea/workflows/auto-release.yml
#	.mokogitea/workflows/cascade-dev.yml
#	.mokogitea/workflows/ci-joomla.yml
#	.mokogitea/workflows/cleanup.yml
#	.mokogitea/workflows/deploy-manual.yml
#	.mokogitea/workflows/gitleaks.yml
#	.mokogitea/workflows/notify.yml
#	.mokogitea/workflows/pr-check.yml
#	.mokogitea/workflows/pre-release.yml
#	.mokogitea/workflows/repo-health.yml
#	.mokogitea/workflows/security-audit.yml
#	.mokogitea/workflows/update-server.yml

.claude/settings.local.json

@@ -1,27 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "mcp__gitea-moko__actions_run_read",
-      "mcp__gitea-moko__get_file_contents",
-      "Bash(cd:*)",
-      "Bash(python3:*)",
-      "Bash(base64 -w0)",
-      "Read(//tmp/**)",
-      "WebSearch",
-      "mcp__gitea-moko__actions_run_write",
-      "mcp__joomla-api__joomla_plugins_list",
-      "mcp__joomla-api__joomla_plugin_update",
-      "mcp__joomla-api__joomla_api_request",
-      "Bash(ssh:*)",
-      "Bash(curl:*)",
-      "WebFetch(domain:git.mokoconsulting.tech)",
-      "mcp__gitea-moko__get_repository_tree",
-      "mcp__gitea-moko__create_or_update_file",
-      "Bash(php:*)",
-      "mcp__gitea-moko__list_releases",
-      "mcp__gitea-moko__get_dir_contents",
-      "Bash(rm:*)",
-      "Bash(cp:*)"
-    ]
-  }
-}

.gitea/.moko-platform

@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  MokoStandards Repository Manifest
-  Auto-generated by MokoStandards bulk sync.
-  Manual edits to <governance> and <last-synced> may be overwritten.
-  See: docs/standards/moko-platform-file-spec.md
--->
-<moko-platform xmlns="https://standards.mokoconsulting.tech/moko-platform/1.0" schema-version="1.0">
-  <identity>
-    <name>MokoJGDPC</name>
-    <org>MokoConsulting</org>
-    <description>MokoJGDPC — Joomla system plugin that automatically creates JoomGallery categories when DPCalendar events are created</description>
-    <license spdx="GPL-3.0-or-later">GNU General Public License v3</license>
-  </identity>
-  <governance>
-    <platform>joomla</platform>
-    <standards-version>04.07.00</standards-version>
-    <standards-source>https://git.mokoconsulting.tech/MokoConsulting/MokoStandards</standards-source>
-    <last-synced>2026-05-02T23:06:12+00:00</last-synced>
-  </governance>
-  <build>
-    <language>PHP</language>
-    <runtime>php:&gt;=8.1</runtime>
-    <package-type>joomla-extension</package-type>
-    <entry-point>src/mokojgdpc.xml</entry-point>
-  </build>
-</moko-platform>

.gitea/workflows/auto-release.yml

@@ -1,949 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Release
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
-# PATH: /templates/workflows/joomla/auto-release.yml.template
-# VERSION: 04.06.00
-# BRIEF: Joomla build & release — ZIP package, updates.xml, SHA-256 checksum
-#
-# +========================================================================+
-# |                    BUILD & RELEASE PIPELINE (JOOMLA)                   |
-# +========================================================================+
-# |                                                                        |
-# |  Triggers on push to main (skips bot commits + [skip ci]):             |
-# |                                                                        |
-# |  Every push:                                                           |
-# |    1. Read version from README.md                                      |
-# |    3. Set platform version (Joomla <version>)                          |
-# |    4. Update [VERSION: XX.YY.ZZ] badges in markdown files              |
-# |    5. Write updates.xml (Joomla update server XML)                      |
-# |    6. Create git tag vXX.YY.ZZ                                        |
-# |    7a. Patch: update existing Gitea Release for this minor             |
-# |    8. Build ZIP, upload asset, write SHA-256 to updates.xml             |
-# |                                                                        |
-# |  Every version change: archives main -> version/XX.YY branch           |
-# |  All patches release (including 00). Patch 00/01 = full pipeline.      |
-# |  First release only (patch == 01):                                     |
-# |    7b. Create new Gitea Release                                        |
-# |                                                                        |
-# |  GitHub mirror: stable/rc releases only (continue-on-error)            |
-# |                                                                        |
-# +========================================================================+
-
-name: Build & Release
-
-on:
-  pull_request:
-    types: [closed]
-    branches:
-      - main
-    paths:
-      - 'src/**'
-      - 'htdocs/**'
-  workflow_dispatch:
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-
-jobs:
-  release:
-    name: Build & Release Pipeline
-    runs-on: release
-    if: >-
-      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.GA_TOKEN }}
-          fetch-depth: 0
-
-      - name: Setup MokoStandards tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN }}"}}'
-        run: |
-          # Ensure PHP + Composer are available
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api
-          cd /tmp/mokostandards-api
-          composer install --no-dev --no-interaction --quiet
-
-      # -- STEP 1: Read version -----------------------------------------------
-      - name: "Step 1: Read version from README.md"
-        id: version
-        run: |
-          VERSION=$(php /tmp/mokostandards-api/cli/version_read.php --path . 2>/dev/null)
-          if [ -z "$VERSION" ]; then
-            echo "No VERSION in README.md — skipping release"
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          # Derive major.minor for branch naming (patches update existing branch)
-          MINOR=$(echo "$VERSION" | awk -F. '{printf "%s.%s", $1, $2}')
-          PATCH=$(echo "$VERSION" | awk -F. '{print $3}')
-
-          MAJOR=$(echo "$VERSION" | awk -F. '{print $1}')
-          MINOR_NUM=$(echo "$VERSION" | awk -F. '{print $2}')
-
-          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
-          echo "branch=version/${MAJOR}" >> "$GITHUB_OUTPUT"
-          echo "minor=$MINOR" >> "$GITHUB_OUTPUT"
-          echo "major=$MAJOR" >> "$GITHUB_OUTPUT"
-          echo "release_tag=stable" >> "$GITHUB_OUTPUT"
-          echo "stability=stable" >> "$GITHUB_OUTPUT"
-          echo "skip=false" >> "$GITHUB_OUTPUT"
-          if [ "$PATCH" = "00" ] || [ "$PATCH" = "01" ]; then
-            echo "is_minor=true" >> "$GITHUB_OUTPUT"
-            echo "Version: $VERSION (first release for this minor — full pipeline)"
-          else
-            echo "is_minor=false" >> "$GITHUB_OUTPUT"
-            echo "Version: $VERSION (patch — platform version + badges only)"
-          fi
-
-      # -- STEP 1b: Bump minor version (stable = minor bump, reset patch) ------
-      - name: "Step 1b: Bump minor version for stable release"
-        if: steps.version.outputs.skip != 'true'
-        id: bump
-        run: |
-          CURRENT=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
-          [ -z "$CURRENT" ] && { echo "skip=true" >> "$GITHUB_OUTPUT"; exit 0; }
-
-          MAJOR=$((10#$(echo "$CURRENT" | cut -d. -f1)))
-          MINOR=$((10#$(echo "$CURRENT" | cut -d. -f2)))
-
-          # Minor bump, reset patch. Rollover if minor > 99
-          MINOR=$((MINOR + 1))
-          if [ $MINOR -gt 99 ]; then
-            MINOR=0
-            MAJOR=$((MAJOR + 1))
-          fi
-
-          VERSION=$(printf "%02d.%02d.00" $MAJOR $MINOR)
-          TODAY=$(date +%Y-%m-%d)
-
-          echo "Stable bump: ${CURRENT} → ${VERSION} (minor)"
-
-          # Update README.md
-          sed -i "s/VERSION:[[:space:]]*${CURRENT}/VERSION: ${VERSION}/" README.md
-
-          # Update manifest
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -n "$MANIFEST" ]; then
-            MANIFEST_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" | head -1)
-            [ -n "$MANIFEST_VER" ] && sed -i "s|<version>${MANIFEST_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
-            sed -i "s|<creationDate>[^<]*</creationDate>|<creationDate>${TODAY}</creationDate>|" "$MANIFEST"
-          fi
-
-          # Promote [Unreleased] section in CHANGELOG.md to new version
-          if [ -f "CHANGELOG.md" ] && grep -qi "Unreleased" CHANGELOG.md; then
-            sed -i "s|## \[Unreleased\]|## [${VERSION}] --- ${TODAY}|" CHANGELOG.md
-            sed -i "s|## Unreleased|## [${VERSION}] --- ${TODAY}|" CHANGELOG.md
-            sed -i "2i ## [Unreleased]" CHANGELOG.md
-            sed -i "3i \\ " CHANGELOG.md
-            echo "CHANGELOG promoted to [${VERSION}]"
-          fi
-
-          # Commit and push
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git diff --cached --quiet || {
-            git commit -m "chore(version): bump ${CURRENT} → ${VERSION} [skip ci]"
-            git push origin HEAD:main 2>&1
-          }
-
-          # Override version output for rest of pipeline
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "major=$(printf "%02d" $MAJOR)" >> "$GITHUB_OUTPUT"
-
-      - name: Check if already released
-        if: steps.version.outputs.skip != 'true'
-        id: check
-        run: |
-          TAG="${{ steps.version.outputs.release_tag }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-
-          TAG_EXISTS=false
-          BRANCH_EXISTS=false
-
-          git rev-parse "$TAG" >/dev/null 2>&1 && TAG_EXISTS=true
-          git ls-remote --heads origin "$BRANCH" 2>/dev/null | grep -q "$BRANCH" && BRANCH_EXISTS=true
-
-          echo "tag_exists=$TAG_EXISTS" >> "$GITHUB_OUTPUT"
-          echo "branch_exists=$BRANCH_EXISTS" >> "$GITHUB_OUTPUT"
-
-          # Tag and branch may persist across patch releases — never skip
-          echo "already_released=false" >> "$GITHUB_OUTPUT"
-
-      # -- SANITY CHECKS -------------------------------------------------------
-      - name: "Sanity: Pre-release validation"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          ERRORS=0
-
-          echo "## Pre-Release Sanity Checks (Joomla)" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # -- Version drift check (must pass before release) --------
-          README_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
-          if [ "$README_VER" != "$VERSION" ]; then
-            echo "- Version drift: README says \`${README_VER}\` but releasing \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- Version consistent: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # Check CHANGELOG version matches
-          CL_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' CHANGELOG.md 2>/dev/null | head -1)
-          if [ -n "$CL_VER" ] && [ "$CL_VER" != "$VERSION" ]; then
-            echo "- CHANGELOG drift: \`${CL_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          fi
-
-          # Check composer.json version if present
-          if [ -f "composer.json" ]; then
-            COMP_VER=$(sed -n 's/.*"version"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' composer.json 2>/dev/null | head -1)
-            if [ -n "$COMP_VER" ] && [ "$COMP_VER" != "$VERSION" ]; then
-              echo "- composer.json drift: \`${COMP_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS+1))
-            fi
-          fi
-
-          # Common checks
-          if [ ! -f "LICENSE" ]; then
-            echo "- Missing LICENSE file" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- LICENSE present" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          if [ ! -d "src" ] && [ ! -d "htdocs" ]; then
-            echo "- Warning: No src/ or htdocs/ directory" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "- Source directory present" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # -- Joomla: manifest version drift --------
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -n "$MANIFEST" ]; then
-            XML_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
-            if [ -n "$XML_VER" ] && [ "$XML_VER" != "$VERSION" ]; then
-              echo "- Manifest drift: \`${XML_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS+1))
-            else
-              echo "- Manifest version: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            fi
-          fi
-
-          # -- Joomla: XML manifest existence --------
-          if [ -z "$MANIFEST" ]; then
-            echo "- No Joomla XML manifest found" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- Manifest: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
-
-            # -- Joomla: extension type check --------
-            TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" 2>/dev/null)
-            echo "- Extension type: ${TYPE:-unknown}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ "$ERRORS" -gt 0 ]; then
-            echo "**${ERRORS} error(s) — release may be incomplete**" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "**All sanity checks passed**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 2: Create or update version/XX.YY archive branch ---------------
-      # Always runs — every version change on main archives to version/XX.YY
-      - name: "Step 2: Version archive branch"
-        if: steps.check.outputs.already_released != 'true'
-        run: |
-          BRANCH="${{ steps.version.outputs.branch }}"
-          IS_MINOR="${{ steps.version.outputs.is_minor }}"
-          PATCH="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          PATCH_NUM=$(echo "$PATCH" | awk -F. '{print $3}')
-
-          # Check if branch exists
-          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
-            git push origin HEAD:"$BRANCH" --force
-            echo "Updated archive branch: ${BRANCH} (patch ${PATCH_NUM})" >> $GITHUB_STEP_SUMMARY
-          else
-            git checkout -b "$BRANCH" 2>/dev/null || git checkout "$BRANCH"
-            git push origin "$BRANCH" --force
-            echo "Created archive branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 3: Set platform version ----------------------------------------
-      - name: "Step 3: Set platform version"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          php /tmp/mokostandards-api/cli/version_set_platform.php \
-            --path . --version "$VERSION" --branch main
-
-      # -- STEP 4: Update version badges ----------------------------------------
-      - name: "Step 4: Update version badges"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          find . -name "*.md" ! -path "./.git/*" ! -path "./vendor/*" | while read -r f; do
-            if grep -q '\[VERSION:' "$f" 2>/dev/null; then
-              sed -i "s/\[VERSION:[[:space:]]*[0-9]\{2\}\.[0-9]\{2\}\.[0-9]\{2\}\]/[VERSION: ${VERSION}]/" "$f"
-            fi
-          done
-
-      # -- STEP 5: Write updates.xml (Joomla update server) ---------------------
-      - name: "Step 5: Write updates.xml"
-        id: updates
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          REPO="${{ github.repository }}"
-
-          # -- Parse extension metadata from XML manifest ----------------
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -z "$MANIFEST" ]; then
-            echo "Warning: No Joomla XML manifest found — skipping updates.xml" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-
-          # Extract fields using sed (portable — no grep -P)
-          EXT_NAME=$(sed -n 's/.*<name>\([^<]*\)<\/name>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_CLIENT=$(sed -n 's/.*<extension[^>]*client="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          TARGET_PLATFORM=$(sed -n 's/.*\(<targetplatform[^/]*\/>\).*/\1/p' "$MANIFEST" | head -1)
-          PHP_MINIMUM=$(sed -n 's/.*<php_minimum>\([^<]*\)<\/php_minimum>.*/\1/p' "$MANIFEST" | head -1)
-
-          # If EXT_NAME is a language key (e.g. PLG_SYSTEM_MOKOJGDPC), resolve from .ini
-          if echo "$EXT_NAME" | grep -qE '^[A-Z_]+$'; then
-            INI_NAME=$(find . -name "*.sys.ini" -path "*/en-GB/*" -exec grep -h "^${EXT_NAME}=" {} \; 2>/dev/null | head -1 | cut -d'"' -f2)
-            [ -z "$INI_NAME" ] && INI_NAME=$(find . -name "*.sys.ini" -exec grep -h "^${EXT_NAME}=" {} \; 2>/dev/null | head -1 | cut -d'"' -f2)
-            [ -n "$INI_NAME" ] && EXT_NAME="$INI_NAME"
-          fi
-
-          # Fallbacks
-          [ -z "$EXT_NAME" ] && EXT_NAME="${{ github.event.repository.name }}"
-          [ -z "$EXT_TYPE" ] && EXT_TYPE="component"
-
-          # Derive element if not in manifest:
-          # 1. plugin="xxx" attribute (plugins)
-          # 2. module="xxx" attribute (modules)
-          # 3. XML filename (components, packages)
-          # 4. Repo name fallback (templates, anything else)
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(sed -n 's/.*plugin="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          fi
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(sed -n 's/.*module="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          fi
-          if [ -z "$EXT_ELEMENT" ]; then
-            FNAME=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-            # If filename is generic (templateDetails, manifest), use repo name
-            case "$FNAME" in
-              templatedetails|manifest) EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;;
-              *) EXT_ELEMENT="$FNAME" ;;
-            esac
-          fi
-          # Final fallback
-          [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
-
-          # Save for Steps 7, 8, 8b
-          echo "ext_element=${EXT_ELEMENT}" >> "$GITHUB_OUTPUT"
-          echo "ext_name=${EXT_NAME}" >> "$GITHUB_OUTPUT"
-          echo "ext_type=${EXT_TYPE}" >> "$GITHUB_OUTPUT"
-          echo "ext_folder=${EXT_FOLDER}" >> "$GITHUB_OUTPUT"
-
-          # Build client tag: plugins and frontend modules need <client>site</client>
-          CLIENT_TAG=""
-          if [ -n "$EXT_CLIENT" ]; then
-            CLIENT_TAG="<client>${EXT_CLIENT}</client>"
-          elif [ "$EXT_TYPE" = "module" ] || [ "$EXT_TYPE" = "plugin" ]; then
-            CLIENT_TAG="<client>site</client>"
-          fi
-
-          # Build folder tag for plugins (required for Joomla to match the update)
-          FOLDER_TAG=""
-          if [ -n "$EXT_FOLDER" ] && [ "$EXT_TYPE" = "plugin" ]; then
-            FOLDER_TAG="<folder>${EXT_FOLDER}</folder>"
-          fi
-
-          # Build targetplatform (fallback to Joomla 5 if not in manifest)
-          if [ -z "$TARGET_PLATFORM" ]; then
-            TARGET_PLATFORM=$(printf '<targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" %s>' "/")
-          fi
-
-          # Build php_minimum tag
-          PHP_TAG=""
-          if [ -n "$PHP_MINIMUM" ]; then
-            PHP_TAG="<php_minimum>${PHP_MINIMUM}</php_minimum>"
-          fi
-
-          # Build TYPE_PREFIX for download URL
-          TYPE_PREFIX=""
-          case "${EXT_TYPE}" in
-            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
-            module)    TYPE_PREFIX="mod_" ;;
-            component) TYPE_PREFIX="com_" ;;
-            template)  TYPE_PREFIX="tpl_" ;;
-            library)   TYPE_PREFIX="lib_" ;;
-            package)   TYPE_PREFIX="pkg_" ;;
-          esac
-
-          DOWNLOAD_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/stable/${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.zip"
-          INFO_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/stable"
-
-          # -- Build update entry for a given stability tag
-          build_entry() {
-            local TAG_NAME="$1"
-            printf '%s\n' '  <update>'
-            printf '%s\n' "    <name>${EXT_NAME}</name>"
-            printf '%s\n' "    <description>${EXT_NAME} update</description>"
-            printf '%s\n' "    <element>${EXT_ELEMENT}</element>"
-            printf '%s\n' "    <type>${EXT_TYPE}</type>"
-            printf '%s\n' "    <version>${VERSION}</version>"
-            [ -n "$CLIENT_TAG" ] && printf '%s\n' "    ${CLIENT_TAG}"
-            [ -n "$FOLDER_TAG" ] && printf '%s\n' "    ${FOLDER_TAG}"
-            printf '%s\n' "    <tags><tag>${TAG_NAME}</tag></tags>"
-            printf '%s\n' "    <infourl title=\"${EXT_NAME}\">${INFO_URL}</infourl>"
-            printf '%s\n' '    <downloads>'
-            printf '%s\n' "      <downloadurl type=\"full\" format=\"zip\">${DOWNLOAD_URL}</downloadurl>"
-            printf '%s\n' '    </downloads>'
-            printf '%s\n' "    ${TARGET_PLATFORM}"
-            [ -n "$PHP_TAG" ] && printf '%s\n' "    ${PHP_TAG}"
-            printf '%s\n' '    <maintainer>Moko Consulting</maintainer>'
-            printf '%s\n' '    <maintainerurl>https://mokoconsulting.tech</maintainerurl>'
-            printf '%s\n' '  </update>'
-          }
-
-          # -- Write updates.xml with cascading channels
-          # Stable release updates ALL channels (development, alpha, beta, rc, stable)
-          {
-            printf '%s\n' "<?xml version='1.0' encoding='UTF-8'?>"
-            printf '%s\n' "<!-- Copyright (C) $(date +%Y) Moko Consulting <hello@mokoconsulting.tech>"
-            printf '%s\n' " SPDX-License-Identifier: GPL-3.0-or-later"
-            printf '%s\n' " VERSION: ${VERSION}"
-            printf '%s\n' " -->"
-            printf '%s\n' ""
-            printf '%s\n' '<updates>'
-            build_entry "development"
-            build_entry "alpha"
-            build_entry "beta"
-            build_entry "rc"
-            build_entry "stable"
-            printf '%s\n' '</updates>'
-          } > updates.xml
-
-          echo "updates.xml: ${VERSION} (all channels updated to stable)" >> $GITHUB_STEP_SUMMARY
-
-      # -- Commit all changes ---------------------------------------------------
-      - name: Commit release changes
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          if git diff --quiet && git diff --cached --quiet; then
-            echo "No changes to commit"
-            exit 0
-          fi
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          # Set push URL with token for branch-protected repos
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git commit -m "chore(release): build ${VERSION} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-          git push -u origin HEAD
-
-      # -- STEP 6: Create tag ---------------------------------------------------
-      - name: "Step 6: Create git tag"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.tag_exists != 'true' &&
-          steps.version.outputs.is_minor == 'true'
-        run: |
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          # Only create the major release tag if it doesn't exist yet
-          if ! git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
-            git tag "$RELEASE_TAG"
-            git push origin "$RELEASE_TAG"
-            echo "Tag created: ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "Tag ${RELEASE_TAG} already exists" >> $GITHUB_STEP_SUMMARY
-          fi
-          echo "Tag: ${TAG}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 7: Create or update Gitea Release --------------------------------
-      - name: "Step 7: Gitea Release"
-        if: >-
-          steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-          MAJOR="${{ steps.version.outputs.major }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          # Reuse metadata from Step 5 (single source of truth)
-          EXT_ELEMENT="${{ steps.updates.outputs.ext_element }}"
-          EXT_NAME="${{ steps.updates.outputs.ext_name }}"
-          EXT_TYPE="${{ steps.updates.outputs.ext_type }}"
-          EXT_FOLDER="${{ steps.updates.outputs.ext_folder }}"
-
-          # Fallbacks if Step 5 was skipped
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
-          fi
-          [ -z "$EXT_NAME" ] && EXT_NAME="${GITEA_REPO}"
-
-          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null)
-          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
-
-          # Build release name: "Pretty Name VERSION (type_element-VERSION)"
-          TYPE_PREFIX=""
-          case "${EXT_TYPE}" in
-            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
-            module)    TYPE_PREFIX="mod_" ;;
-            component) TYPE_PREFIX="com_" ;;
-            template)  TYPE_PREFIX="tpl_" ;;
-            library)   TYPE_PREFIX="lib_" ;;
-            package)   TYPE_PREFIX="pkg_" ;;
-          esac
-          RELEASE_NAME="${EXT_NAME} ${VERSION} (${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION})"
-
-          # Delete existing release if present (overwrite, not append)
-          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-          EXISTING_ID=$(echo "$EXISTING" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || true)
-
-          if [ -n "$EXISTING_ID" ]; then
-            curl -sS -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              "${API_BASE}/releases/${EXISTING_ID}" 2>/dev/null || true
-            curl -sS -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              "${API_BASE}/tags/${RELEASE_TAG}" 2>/dev/null || true
-            echo "Deleted previous stable release (id: ${EXISTING_ID})"
-          fi
-
-          # Create fresh release
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/json" \
-            "${API_BASE}/releases" \
-            -d "$(python3 -c "import json; print(json.dumps({
-              'tag_name': '${RELEASE_TAG}',
-              'name': '${RELEASE_NAME}',
-              'body': '''## ${VERSION} ($(date +%Y-%m-%d))\n${NOTES}''',
-              'target_commitish': '${BRANCH}'
-            }))")"
-          echo "Release created: ${RELEASE_NAME}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 8: Build Joomla install ZIP + SHA-256 checksum ------------------
-      - name: "Step 8: Build Joomla package and update checksum"
-        if: >-
-          steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          REPO="${{ github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          # All ZIPs upload to the major release tag (vXX)
-          RELEASE_JSON=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-          RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-          if [ -z "$RELEASE_ID" ]; then
-            echo "No release ${RELEASE_TAG} found — skipping ZIP upload"
-            exit 0
-          fi
-
-          # Find extension element name from manifest
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)
-          [ -z "$MANIFEST" ] && exit 0
-
-          # Reuse element from Step 5, with same fallback chain
-          EXT_ELEMENT="${{ steps.updates.outputs.ext_element }}"
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
-            [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(sed -n 's/.*plugin="\([^"]*\)".*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
-            [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-            [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
-          fi
-          # ZIP name: type_folder_element-VERSION (e.g. plg_system_mokojgdpc-01.01.00.zip)
-          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          TYPE_PREFIX=""
-          case "${EXT_TYPE}" in
-            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
-            module)    TYPE_PREFIX="mod_" ;;
-            component) TYPE_PREFIX="com_" ;;
-            template)  TYPE_PREFIX="tpl_" ;;
-            library)   TYPE_PREFIX="lib_" ;;
-            package)   TYPE_PREFIX="pkg_" ;;
-          esac
-          ZIP_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.zip"
-          TAR_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.tar.gz"
-
-          # -- Build install packages from src/ ----------------------------
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ — skipping package"; exit 0; }
-
-          EXCLUDES=".ftpignore sftp-config* *.ppk *.pem *.key .env*"
-
-          # ZIP package
-          cd "$SOURCE_DIR"
-          zip -r "/tmp/${ZIP_NAME}" . -x $EXCLUDES
-          cd ..
-
-          # tar.gz package
-          tar -czf "/tmp/${TAR_NAME}" -C "$SOURCE_DIR" \
-            --exclude='.ftpignore' --exclude='sftp-config*' \
-            --exclude='*.ppk' --exclude='*.pem' --exclude='*.key' --exclude='.env*' .
-
-          ZIP_SIZE=$(stat -c%s "/tmp/${ZIP_NAME}" 2>/dev/null || stat -f%z "/tmp/${ZIP_NAME}" 2>/dev/null || echo "unknown")
-          TAR_SIZE=$(stat -c%s "/tmp/${TAR_NAME}" 2>/dev/null || stat -f%z "/tmp/${TAR_NAME}" 2>/dev/null || echo "unknown")
-
-          # -- Calculate SHA-256 for both ----------------------------------
-          SHA256_ZIP=$(sha256sum "/tmp/${ZIP_NAME}" | cut -d' ' -f1)
-          SHA256_TAR=$(sha256sum "/tmp/${TAR_NAME}" | cut -d' ' -f1)
-
-          # -- Delete existing assets with same name before uploading ------
-          ASSETS=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets" 2>/dev/null || echo "[]")
-          for ASSET_NAME in "$ZIP_NAME" "$TAR_NAME"; do
-            ASSET_ID=$(echo "$ASSETS" | python3 -c "
-          import sys,json
-          assets = json.load(sys.stdin)
-          for a in assets:
-              if a['name'] == '${ASSET_NAME}':
-                  print(a['id']); break
-          " 2>/dev/null || true)
-            if [ -n "$ASSET_ID" ]; then
-              curl -sf -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets/${ASSET_ID}" 2>/dev/null || true
-            fi
-          done
-
-          # -- Upload both to release tag ----------------------------------
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/octet-stream" \
-            --data-binary @"/tmp/${ZIP_NAME}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${ZIP_NAME}" > /dev/null 2>&1 || true
-
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/octet-stream" \
-            --data-binary @"/tmp/${TAR_NAME}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${TAR_NAME}" > /dev/null 2>&1 || true
-
-          # -- Update updates.xml with both download formats ---------------
-          if [ -f "updates.xml" ]; then
-            ZIP_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}"
-            TAR_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${TAR_NAME}"
-
-            # Use Python to update only the stable entry's downloads + sha256
-            export PY_ZIP_URL="$ZIP_URL" PY_TAR_URL="$TAR_URL" PY_SHA="$SHA256_ZIP"
-            python3 << 'PYEOF'
-          import re, os
-
-          with open("updates.xml") as f:
-              content = f.read()
-
-          zip_url = os.environ["PY_ZIP_URL"]
-          tar_url = os.environ["PY_TAR_URL"]
-          sha = os.environ["PY_SHA"]
-
-          # Find the stable update block and replace its downloads + sha256
-          def replace_stable(m):
-              block = m.group(0)
-              # Replace downloads block
-              new_downloads = (
-                  "    <downloads>\n"
-                  f"      <downloadurl type=\"full\" format=\"zip\">{zip_url}</downloadurl>\n"
-                  "    </downloads>"
-              )
-              block = re.sub(r'    <downloads>.*?</downloads>', new_downloads, block, flags=re.DOTALL)
-              # Add or replace sha256
-              if '<sha256>' in block:
-                  block = re.sub(r'    <sha256>.*?</sha256>', f'    <sha256>{sha}</sha256>', block)
-              else:
-                  block = block.replace('</downloads>', f'</downloads>\n    <sha256>{sha}</sha256>')
-              return block
-
-          content = re.sub(
-              r'  <update>.*?<tag>stable</tag>.*?</update>',
-              replace_stable,
-              content,
-              flags=re.DOTALL
-          )
-
-          with open("updates.xml", "w") as f:
-              f.write(content)
-          PYEOF
-
-            CURRENT_BRANCH="${{ github.ref_name }}"
-            git add updates.xml
-            git commit -m "chore(release): ZIP + tar.gz for ${VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>" || true
-            git push || true
-
-            # Sync updates.xml to main via direct API (always runs — may be on version/XX branch)
-            GA_TOKEN="${{ secrets.GA_TOKEN }}"
-            API="${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}"
-
-            FILE_SHA=$(curl -sf -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/contents/updates.xml?ref=main" | jq -r '.sha // empty')
-
-            if [ -n "$FILE_SHA" ]; then
-              CONTENT=$(base64 -w0 updates.xml)
-              curl -sf -X PUT -H "Authorization: token ${GA_TOKEN}" \
-                -H "Content-Type: application/json" \
-                "${API}/contents/updates.xml" \
-                -d "$(jq -n \
-                  --arg content "$CONTENT" \
-                  --arg sha "$FILE_SHA" \
-                  --arg msg "chore: sync updates.xml ${VERSION} [skip ci]" \
-                  --arg branch "main" \
-                  '{content: $content, sha: $sha, message: $msg, branch: $branch}'
-                )" > /dev/null 2>&1 \
-                && echo "updates.xml synced to main via API" \
-                || echo "WARNING: failed to sync updates.xml to main"
-            else
-              echo "WARNING: could not get updates.xml SHA from main"
-            fi
-          fi
-
-          echo "### Joomla Packages" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Package | Size | SHA-256 |" >> $GITHUB_STEP_SUMMARY
-          echo "|---------|------|---------|" >> $GITHUB_STEP_SUMMARY
-          echo "| \`${ZIP_NAME}\` | ${ZIP_SIZE} | \`${SHA256_ZIP}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| \`${TAR_NAME}\` | ${TAR_SIZE} | \`${SHA256_TAR}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Release | \`${RELEASE_TAG}\` | |" >> $GITHUB_STEP_SUMMARY
-          echo "| Download | [${ZIP_NAME}](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}) |" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 8b: Update release description with changelog + SHA ----------------
-      - name: "Step 8b: Update release body with changelog and SHA"
-        if: steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          EXT_ELEMENT="${{ steps.updates.outputs.ext_element }}"
-          EXT_TYPE="${{ steps.updates.outputs.ext_type }}"
-          EXT_FOLDER="${{ steps.updates.outputs.ext_folder }}"
-
-          # Build TYPE_PREFIX to match Step 8's ZIP naming
-          TYPE_PREFIX=""
-          case "${EXT_TYPE}" in
-            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
-            module)    TYPE_PREFIX="mod_" ;;
-            component) TYPE_PREFIX="com_" ;;
-            template)  TYPE_PREFIX="tpl_" ;;
-            library)   TYPE_PREFIX="lib_" ;;
-            package)   TYPE_PREFIX="pkg_" ;;
-          esac
-          ZIP_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.zip"
-          TAR_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.tar.gz"
-
-          # Get SHA from the built files
-          SHA256_ZIP=""
-          [ -f "/tmp/${ZIP_NAME}" ] && SHA256_ZIP=$(sha256sum "/tmp/${ZIP_NAME}" | cut -d' ' -f1)
-          SHA256_TAR=""
-          [ -f "/tmp/${TAR_NAME}" ] && SHA256_TAR=$(sha256sum "/tmp/${TAR_NAME}" | cut -d' ' -f1)
-
-          # Extract latest changelog entry (strip the ## header to avoid duplicate)
-          CHANGELOG=""
-          if [ -f "CHANGELOG.md" ]; then
-            CHANGELOG=$(sed -n "/^## \[*${VERSION}/,/^## \[*[0-9]/p" CHANGELOG.md | sed '$d' | sed '1d')
-            [ -z "$CHANGELOG" ] && CHANGELOG=$(sed -n '/^## /,/^## /p' CHANGELOG.md | sed '$d' | sed '1d' | head -30)
-          fi
-
-          # Build release body (single header, no duplicate from changelog)
-          BODY="## ${VERSION} ($(date +%Y-%m-%d))\n\n"
-          if [ -n "$CHANGELOG" ]; then
-            BODY="${BODY}${CHANGELOG}\n\n"
-          fi
-          BODY="${BODY}---\n\n### Checksums\n\n"
-          BODY="${BODY}| File | SHA-256 |\n|------|--------|\n"
-          [ -n "$SHA256_ZIP" ] && BODY="${BODY}| \`${ZIP_NAME}\` | \`${SHA256_ZIP}\` |\n"
-          [ -n "$SHA256_TAR" ] && BODY="${BODY}| \`${TAR_NAME}\` | \`${SHA256_TAR}\` |\n"
-
-          # Get release ID and update body
-          RELEASE_ID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null | \
-            python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-
-          if [ -n "$RELEASE_ID" ] && [ "$RELEASE_ID" != "None" ]; then
-            python3 -c "
-          import json, urllib.request
-          body = '''$(printf '%b' "$BODY")'''
-          data = json.dumps({'body': body}).encode()
-          req = urllib.request.Request(
-              '${API_BASE}/releases/${RELEASE_ID}',
-              data=data,
-              headers={'Authorization': 'token ${{ secrets.GA_TOKEN }}', 'Content-Type': 'application/json'},
-              method='PATCH'
-          )
-          urllib.request.urlopen(req)
-          " 2>/dev/null && echo "Release body updated with changelog + SHA" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
-      - name: "Step 9: Mirror release to GitHub"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.version.outputs.stability == 'stable' &&
-          secrets.GH_TOKEN != ''
-        continue-on-error: true
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          MAJOR="${{ steps.version.outputs.major }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-
-          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null || true)
-          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
-          echo "$NOTES" > /tmp/release_notes.md
-
-          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".tag_name // empty" || true)
-
-          if [ -z "$EXISTING" ]; then
-            gh release create "$RELEASE_TAG" \
-              --repo "$GH_REPO" \
-              --title "v${MAJOR} (latest: ${VERSION})" \
-              --notes-file /tmp/release_notes.md \
-              --target "$BRANCH" || true
-          else
-            gh release edit "$RELEASE_TAG" \
-              --repo "$GH_REPO" \
-              --title "v${MAJOR} (latest: ${VERSION})" || true
-          fi
-
-          # Upload assets to GitHub mirror
-          for PKG in /tmp/${EXT_ELEMENT:-pkg}-${VERSION}.*; do
-            if [ -f "$PKG" ]; then
-              _RELID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".id // empty")
-              [ -n "$_RELID" ] && curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" -H "Content-Type: application/octet-stream" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/${_RELID}/assets?name=$(basename $PKG)" --data-binary "@$PKG" > /dev/null 2>&1 || true
-            fi
-          done
-          echo "GitHub mirror updated: ${GH_REPO} ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
-      - name: "Step 10: Push main to GitHub mirror"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          secrets.GH_TOKEN != ''
-        continue-on-error: true
-        run: |
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
-          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
-          git remote add github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
-            git remote set-url github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
-          git fetch origin main --depth=1
-          git push github origin/main:refs/heads/main --force 2>/dev/null \
-            && echo "main branch pushed to GitHub mirror" \
-            || echo "WARNING: GitHub mirror push failed"
-
-      # -- Clean up lesser pre-releases (cascade) ---------------------------------
-      # stable → deletes all | rc → beta,alpha,dev | beta → alpha,dev | alpha → dev
-      - name: "Delete lesser pre-release channels"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-
-          # Stable deletes all pre-release channels
-          TAGS_TO_DELETE="development alpha beta release-candidate"
-
-          DELETED=0
-          for TAG in $TAGS_TO_DELETE; do
-            RELEASE_ID=$(curl -sS -H "Authorization: token ${TOKEN}" \
-              "${API_BASE}/releases/tags/${TAG}" 2>/dev/null | \
-              python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-
-            if [ -n "$RELEASE_ID" ] && [ "$RELEASE_ID" != "None" ]; then
-              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-                "${API_BASE}/releases/${RELEASE_ID}" 2>/dev/null || true
-              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-                "${API_BASE}/tags/${TAG}" 2>/dev/null || true
-              echo "Deleted: ${TAG} (id: ${RELEASE_ID})"
-              DELETED=$((DELETED + 1))
-            fi
-          done
-          echo "Cleaned up ${DELETED} pre-release channel(s)" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 11: Reset dev branch from main ------------------------------------
-      - name: "Step 11: Delete and recreate dev branch from main"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-
-          # Delete dev branch
-          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
-            "${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
-
-          # Recreate dev from main (now includes version bump + changelog promotion)
-          curl -sf -X POST -H "Authorization: token ${TOKEN}" \
-            -H "Content-Type: application/json" \
-            "${API_BASE}/branches" \
-            -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
-
-          echo "Dev branch reset from main (keeps dev ahead after release)" >> $GITHUB_STEP_SUMMARY
-
-      # -- Summary --------------------------------------------------------------
-      - name: Pipeline Summary
-        if: always()
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
-            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
-            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
-          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
-            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "## Build & Release Complete (Joomla)" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
-            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
-          fi

.gitea/workflows/ci-joomla.yml

@@ -1,377 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow.Template
-# INGROUP: MokoStandards.CI
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
-# PATH: /templates/workflows/joomla/ci-joomla.yml.template
-# VERSION: 04.06.00
-# BRIEF: CI workflow for Joomla extensions — lint, validate, test
-
-name: Joomla Extension CI
-
-on:
-  pull_request:
-    branches:
-      - main
-      - 'dev/**'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  pull-requests: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  lint-and-validate:
-    name: Lint & Validate
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Setup PHP
-        run: |
-          php -v && composer --version
-
-      - name: Clone MokoStandards
-        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
-          MOKO_CLONE_HOST: ${{ secrets.GA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
-        run: |
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api
-
-      - name: Install dependencies
-        env:
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
-        run: |
-          if [ -f "composer.json" ]; then
-            composer install \
-              --no-interaction \
-              --prefer-dist \
-              --optimize-autoloader
-          else
-            echo "No composer.json found — skipping dependency install"
-          fi
-
-      - name: PHP syntax check
-        run: |
-          ERRORS=0
-          for DIR in src/ htdocs/; do
-            if [ -d "$DIR" ]; then
-              FOUND=1
-              while IFS= read -r -d '' FILE; do
-                OUTPUT=$(php -l "$FILE" 2>&1)
-                if echo "$OUTPUT" | grep -q "Parse error"; then
-                  echo "::error file=${FILE}::${OUTPUT}"
-                  ERRORS=$((ERRORS + 1))
-                fi
-              done < <(find "$DIR" -name "*.php" -print0)
-            fi
-          done
-          echo "### PHP Syntax Check" >> $GITHUB_STEP_SUMMARY
-          if [ "${ERRORS}" -gt 0 ]; then
-            echo "**${ERRORS} syntax error(s) found.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "All PHP files passed syntax check." >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: XML manifest validation
-        run: |
-          echo "### XML Manifest Validation" >> $GITHUB_STEP_SUMMARY
-          ERRORS=0
-
-          # Find the extension manifest (XML with <extension tag)
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 2 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -z "$MANIFEST" ]; then
-            echo "No Joomla extension manifest found (XML file with \`<extension\` tag)." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          else
-            echo "Manifest found: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
-
-            # Validate well-formed XML
-            php -r "
-              \$xml = @simplexml_load_file('$MANIFEST');
-              if (\$xml === false) {
-                echo 'INVALID';
-                exit(1);
-              }
-              echo 'VALID';
-            " > /tmp/xml_result 2>&1
-            XML_RESULT=$(cat /tmp/xml_result)
-            if [ "$XML_RESULT" != "VALID" ]; then
-              echo "Manifest is not well-formed XML." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            else
-              echo "Manifest is well-formed XML." >> $GITHUB_STEP_SUMMARY
-            fi
-
-            # Check required tags: name, version, author, namespace (Joomla 5+)
-            for TAG in name version author namespace; do
-              if ! grep -q "<${TAG}>" "$MANIFEST" 2>/dev/null; then
-                echo "Missing required tag: \`<${TAG}>\`" >> $GITHUB_STEP_SUMMARY
-                ERRORS=$((ERRORS + 1))
-              else
-                echo "Found required tag: \`<${TAG}>\`" >> $GITHUB_STEP_SUMMARY
-              fi
-            done
-          fi
-
-          if [ "${ERRORS}" -gt 0 ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**${ERRORS} manifest issue(s) found.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**Manifest validation passed.**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: Check language files referenced in manifest
-        run: |
-          echo "### Language File Check" >> $GITHUB_STEP_SUMMARY
-          ERRORS=0
-
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 2 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -n "$MANIFEST" ]; then
-            # Extract language file references from manifest
-            LANG_FILES=$(grep -oP 'language\s+tag="[^"]*"[^>]*>\K[^<]+' "$MANIFEST" 2>/dev/null || true)
-            if [ -z "$LANG_FILES" ]; then
-              echo "No language file references found in manifest — skipping." >> $GITHUB_STEP_SUMMARY
-            else
-              while IFS= read -r LANG_FILE; do
-                LANG_FILE=$(echo "$LANG_FILE" | xargs)
-                if [ -z "$LANG_FILE" ]; then
-                  continue
-                fi
-                # Check in common locations
-                FOUND=0
-                for BASE in "." "src" "htdocs"; do
-                  if [ -f "${BASE}/${LANG_FILE}" ]; then
-                    FOUND=1
-                    break
-                  fi
-                done
-                if [ "$FOUND" -eq 0 ]; then
-                  echo "Missing language file: \`${LANG_FILE}\`" >> $GITHUB_STEP_SUMMARY
-                  ERRORS=$((ERRORS + 1))
-                else
-                  echo "Language file present: \`${LANG_FILE}\`" >> $GITHUB_STEP_SUMMARY
-                fi
-              done <<< "$LANG_FILES"
-            fi
-          else
-            echo "No manifest found — skipping language check." >> $GITHUB_STEP_SUMMARY
-          fi
-
-          if [ "${ERRORS}" -gt 0 ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**${ERRORS} missing language file(s).**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**Language file check passed.**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: Check index.html files in directories
-        run: |
-          echo "### Index.html Check" >> $GITHUB_STEP_SUMMARY
-          MISSING=0
-          CHECKED=0
-
-          for DIR in src/ htdocs/; do
-            if [ -d "$DIR" ]; then
-              while IFS= read -r -d '' SUBDIR; do
-                CHECKED=$((CHECKED + 1))
-                if [ ! -f "${SUBDIR}/index.html" ]; then
-                  echo "Missing index.html in: \`${SUBDIR}\`" >> $GITHUB_STEP_SUMMARY
-                  MISSING=$((MISSING + 1))
-                fi
-              done < <(find "$DIR" -type d -print0)
-            fi
-          done
-
-          if [ "${CHECKED}" -eq 0 ]; then
-            echo "No src/ or htdocs/ directories found — skipping." >> $GITHUB_STEP_SUMMARY
-          elif [ "${MISSING}" -gt 0 ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**${MISSING} director(ies) missing index.html out of ${CHECKED} checked.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "All ${CHECKED} directories contain index.html." >> $GITHUB_STEP_SUMMARY
-          fi
-
-  release-readiness:
-    name: Release Readiness Check
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request' && github.base_ref == 'main'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Validate release readiness
-        run: |
-          echo "## Release Readiness" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          ERRORS=0
-
-          # Extract version from README.md
-          README_VERSION=$(grep -oP '^\s*VERSION:\s*\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' README.md | head -1)
-          if [ -z "$README_VERSION" ]; then
-            echo "No VERSION found in README.md FILE INFORMATION block." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          else
-            echo "README version: \`${README_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # Find the extension manifest
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 2 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -z "$MANIFEST" ]; then
-            echo "No Joomla extension manifest found." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          else
-            echo "Manifest: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
-
-            # Check <version> matches README VERSION
-            MANIFEST_VERSION=$(grep -oP '<version>\K[^<]+' "$MANIFEST" | head -1)
-            if [ -z "$MANIFEST_VERSION" ]; then
-              echo "No \`<version>\` tag in manifest." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            elif [ -n "$README_VERSION" ] && [ "$MANIFEST_VERSION" != "$README_VERSION" ]; then
-              echo "Manifest version \`${MANIFEST_VERSION}\` does not match README \`${README_VERSION}\`." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            else
-              echo "Manifest version: \`${MANIFEST_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            fi
-
-            # Check extension type, element, client attributes
-            EXT_TYPE=$(grep -oP '<extension[^>]*\btype="\K[^"]+' "$MANIFEST" | head -1)
-            if [ -z "$EXT_TYPE" ]; then
-              echo "Missing \`type\` attribute on \`<extension>\` tag." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            else
-              echo "Extension type: \`${EXT_TYPE}\`" >> $GITHUB_STEP_SUMMARY
-            fi
-
-            # Element check (component/module/plugin name)
-            HAS_ELEMENT=$(grep -cP '<(element|name)>' "$MANIFEST" 2>/dev/null || echo "0")
-            if [ "$HAS_ELEMENT" -eq 0 ]; then
-              echo "Missing \`<element>\` or \`<name>\` in manifest." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            fi
-
-            # Client attribute for site/admin modules and plugins
-            if echo "$EXT_TYPE" | grep -qP "^(module|plugin)$"; then
-              HAS_CLIENT=$(grep -cP '<extension[^>]*\bclient=' "$MANIFEST" 2>/dev/null || echo "0")
-              if [ "$HAS_CLIENT" -eq 0 ]; then
-                echo "Missing \`client\` attribute for ${EXT_TYPE} extension." >> $GITHUB_STEP_SUMMARY
-                ERRORS=$((ERRORS + 1))
-              fi
-            fi
-          fi
-
-          # Check updates.xml exists
-          if [ -f "updates.xml" ] || [ -f "updates.xml" ]; then
-            echo "Update XML present." >> $GITHUB_STEP_SUMMARY
-          else
-            echo "No updates.xml found." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          fi
-
-          # Check CHANGELOG.md exists
-          if [ -f "CHANGELOG.md" ]; then
-            echo "CHANGELOG.md present." >> $GITHUB_STEP_SUMMARY
-          else
-            echo "No CHANGELOG.md found." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          fi
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ $ERRORS -gt 0 ]; then
-            echo "**${ERRORS} issue(s) must be resolved before release.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "**Extension is ready for release.**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-  test:
-    name: Tests (PHP ${{ matrix.php }})
-    runs-on: ubuntu-latest
-    needs: lint-and-validate
-
-    strategy:
-      fail-fast: false
-      matrix:
-        php: ['8.2', '8.3']
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Setup PHP ${{ matrix.php }}
-        run: |
-          php -v && composer --version
-
-      - name: Install dependencies
-        env:
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
-        run: |
-          if [ -f "composer.json" ]; then
-            composer install \
-              --no-interaction \
-              --prefer-dist \
-              --optimize-autoloader
-          else
-            echo "No composer.json found — skipping dependency install"
-          fi
-
-      - name: Run tests
-        run: |
-          echo "### Test Results (PHP ${{ matrix.php }})" >> $GITHUB_STEP_SUMMARY
-          if [ -f "phpunit.xml" ] || [ -f "phpunit.xml.dist" ]; then
-            vendor/bin/phpunit --testdox 2>&1 | tee /tmp/test-output.log
-            EXIT=${PIPESTATUS[0]}
-            if [ $EXIT -eq 0 ]; then
-              echo "All tests passed." >> $GITHUB_STEP_SUMMARY
-            else
-              echo "Test failures detected — see log." >> $GITHUB_STEP_SUMMARY
-              echo '```' >> $GITHUB_STEP_SUMMARY
-              cat /tmp/test-output.log >> $GITHUB_STEP_SUMMARY
-              echo '```' >> $GITHUB_STEP_SUMMARY
-            fi
-            exit $EXIT
-          else
-            echo "No phpunit.xml found — skipping tests." >> $GITHUB_STEP_SUMMARY
-          fi

.gitea/workflows/cleanup.yml

@@ -1,87 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Maintenance
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /.gitea/workflows/cleanup.yml
-# VERSION: 01.00.00
-# BRIEF: Scheduled cleanup — delete merged branches and old workflow runs
-
-name: Repository Cleanup
-
-on:
-  schedule:
-    - cron: '0 3 * * 0'  # Weekly on Sunday at 03:00 UTC
-  workflow_dispatch:
-
-permissions:
-  contents: write
-
-env:
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-
-jobs:
-  cleanup:
-    name: Clean Merged Branches
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GA_TOKEN }}
-
-      - name: Delete merged branches
-        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN }}
-        run: |
-          echo "=== Merged Branch Cleanup ==="
-          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
-
-          # List branches via API
-          BRANCHES=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
-            "${API}/branches?limit=50" | jq -r '.[].name')
-
-          DELETED=0
-          for BRANCH in $BRANCHES; do
-            # Skip protected branches
-            case "$BRANCH" in
-              main|master|develop|release/*|hotfix/*) continue ;;
-            esac
-
-            # Check if branch is merged into main
-            if git merge-base --is-ancestor "origin/${BRANCH}" origin/main 2>/dev/null; then
-              echo "  Deleting merged branch: ${BRANCH}"
-              curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
-                "${API}/branches/${BRANCH}" 2>/dev/null || true
-              DELETED=$((DELETED + 1))
-            fi
-          done
-
-          echo "Deleted ${DELETED} merged branch(es)"
-
-      - name: Clean old workflow runs
-        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN }}
-        run: |
-          echo "=== Workflow Run Cleanup ==="
-          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
-          CUTOFF=$(date -d "30 days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-30d +%Y-%m-%dT%H:%M:%SZ)
-
-          # Get old completed runs
-          RUNS=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
-            "${API}/actions/runs?status=completed&limit=50" | \
-            jq -r ".workflow_runs[] | select(.created_at < \"${CUTOFF}\") | .id" 2>/dev/null)
-
-          DELETED=0
-          for RUN_ID in $RUNS; do
-            curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/actions/runs/${RUN_ID}" 2>/dev/null || true
-            DELETED=$((DELETED + 1))
-          done
-
-          echo "Deleted ${DELETED} old workflow run(s)"

.gitea/workflows/deploy-manual.yml

@@ -1,126 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Deploy
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
-# PATH: /templates/workflows/joomla/deploy-manual.yml.template
-# VERSION: 04.07.00
-# BRIEF: Manual SFTP deploy to dev server for Joomla repos
-
-name: Deploy to Dev (Manual)
-
-on:
-  workflow_dispatch:
-    inputs:
-      clear_remote:
-        description: 'Delete all remote files before uploading'
-        required: false
-        default: 'false'
-        type: boolean
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-permissions:
-  contents: read
-
-jobs:
-  deploy:
-    name: SFTP Deploy to Dev
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Setup PHP
-        run: |
-          php -v && composer --version
-
-      - name: Setup MokoStandards tools
-        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
-          MOKO_CLONE_HOST: ${{ secrets.GA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
-        run: |
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api 2>/dev/null || true
-          if [ -d "/tmp/mokostandards-api" ] && [ -f "/tmp/mokostandards-api/composer.json" ]; then
-            cd /tmp/mokostandards-api && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
-          fi
-
-      - name: Check FTP configuration
-        id: check
-        env:
-          HOST: ${{ vars.DEV_FTP_HOST }}
-          PATH_VAR: ${{ vars.DEV_FTP_PATH }}
-          PORT: ${{ vars.DEV_FTP_PORT }}
-        run: |
-          if [ -z "$HOST" ] || [ -z "$PATH_VAR" ]; then
-            echo "DEV_FTP_HOST or DEV_FTP_PATH not configured -- cannot deploy"
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          echo "skip=false" >> "$GITHUB_OUTPUT"
-          echo "host=$HOST" >> "$GITHUB_OUTPUT"
-
-          REMOTE="${PATH_VAR%/}"
-          echo "remote=$REMOTE" >> "$GITHUB_OUTPUT"
-
-          [ -z "$PORT" ] && PORT="22"
-          echo "port=$PORT" >> "$GITHUB_OUTPUT"
-
-      - name: Deploy via SFTP
-        if: steps.check.outputs.skip != 'true'
-        env:
-          SFTP_KEY: ${{ secrets.DEV_FTP_KEY }}
-          SFTP_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
-          SFTP_USER: ${{ vars.DEV_FTP_USERNAME }}
-        run: |
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ -- nothing to deploy"; exit 0; }
-
-          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
-            "${{ steps.check.outputs.host }}" "${{ steps.check.outputs.port }}" "$SFTP_USER" "${{ steps.check.outputs.remote }}" \
-            > /tmp/sftp-config.json
-
-          if [ -n "$SFTP_KEY" ]; then
-            echo "$SFTP_KEY" > /tmp/deploy_key
-            chmod 600 /tmp/deploy_key
-            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
-          else
-            printf ',"password":"%s"}' "$SFTP_PASS" >> /tmp/sftp-config.json
-          fi
-
-          DEPLOY_ARGS=(--path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json)
-          [ "${{ inputs.clear_remote }}" = "true" ] && DEPLOY_ARGS+=(--clear-remote)
-
-          PLATFORM=$(php /tmp/mokostandards-api/cli/platform_detect.php --path . 2>/dev/null || true)
-          if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards-api/deploy/deploy-joomla.php" ]; then
-            php /tmp/mokostandards-api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}"
-          else
-            php /tmp/mokostandards-api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}"
-          fi
-
-          rm -f /tmp/deploy_key /tmp/sftp-config.json
-
-      - name: Summary
-        if: always()
-        run: |
-          if [ "${{ steps.check.outputs.skip }}" = "true" ]; then
-            echo "### Deploy Skipped -- FTP not configured" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "### Manual Dev Deploy Complete" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-            echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Host | \`${{ steps.check.outputs.host }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Remote | \`${{ steps.check.outputs.remote }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Clear | ${{ inputs.clear_remote }} |" >> $GITHUB_STEP_SUMMARY
-          fi

.gitea/workflows/gitleaks.yml

@@ -1,96 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Security
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
-# PATH: /templates/workflows/gitleaks.yml.template
-# VERSION: 01.00.00
-# BRIEF: Secret scanning — detect leaked credentials, API keys, and tokens
-#
-# +========================================================================+
-# |                        SECRET SCANNING                                 |
-# +========================================================================+
-# |                                                                        |
-# |  Scans commits for leaked secrets using Gitleaks.                      |
-# |                                                                        |
-# |  - PR scan: only new commits in the PR                                 |
-# |  - Scheduled: full repo scan weekly                                    |
-# |  - Alerts via ntfy on findings                                         |
-# |                                                                        |
-# +========================================================================+
-
-name: Secret Scanning
-
-on:
-  pull_request:
-    branches:
-      - main
-      - 'dev/**'
-  schedule:
-    - cron: '0 5 * * 1'  # Weekly Monday 05:00 UTC
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-env:
-  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
-  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
-
-jobs:
-  gitleaks:
-    name: Gitleaks Secret Scan
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Install Gitleaks
-        run: |
-          GITLEAKS_VERSION="8.21.2"
-          curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
-            | tar -xz -C /usr/local/bin gitleaks
-          gitleaks version
-
-      - name: Scan for secrets
-        id: scan
-        run: |
-          echo "### Secret Scanning" >> $GITHUB_STEP_SUMMARY
-          ARGS="--source . --verbose --report-format json --report-path /tmp/gitleaks-report.json"
-
-          if [ "${{ github.event_name }}" = "pull_request" ]; then
-            # Scan only PR commits
-            ARGS="$ARGS --log-opts=${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}"
-            echo "Scanning PR commits only" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "Full repository scan" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          if gitleaks detect $ARGS 2>&1; then
-            echo "result=clean" >> "$GITHUB_OUTPUT"
-            echo "**No secrets detected.**" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "result=found" >> "$GITHUB_OUTPUT"
-            FINDINGS=$(jq length /tmp/gitleaks-report.json 2>/dev/null || echo "unknown")
-            echo "**${FINDINGS} potential secret(s) detected.**" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "Review the findings and rotate any exposed credentials immediately." >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-
-      - name: Notify on findings
-        if: failure() && steps.scan.outputs.result == 'found'
-        run: |
-          REPO="${{ github.event.repository.name }}"
-          curl -sS \
-            -H "Title: ${REPO} — secrets detected in code" \
-            -H "Tags: rotating_light,key" \
-            -H "Priority: urgent" \
-            -d "Gitleaks found potential secrets. Review and rotate credentials immediately." \
-            "${NTFY_URL}/${NTFY_TOPIC}" || true

.gitea/workflows/notify.yml

@@ -1,70 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Notifications
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /.gitea/workflows/notify.yml
-# VERSION: 01.00.00
-# BRIEF: Push notifications via ntfy on release success or workflow failure
-
-name: Notifications
-
-on:
-  workflow_run:
-    workflows:
-      - "Joomla Build & Release"
-      - "Joomla Extension CI"
-      - "Deploy"
-    types:
-      - completed
-
-permissions:
-  contents: read
-
-env:
-  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
-  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-releases' }}
-
-jobs:
-  notify:
-    name: Send Notification
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.workflow_run.conclusion == 'success' ||
-      github.event.workflow_run.conclusion == 'failure'
-
-    steps:
-      - name: Notify on success (releases only)
-        if: >-
-          github.event.workflow_run.conclusion == 'success' &&
-          contains(github.event.workflow_run.name, 'Release')
-        run: |
-          REPO="${{ github.event.repository.name }}"
-          WORKFLOW="${{ github.event.workflow_run.name }}"
-          URL="${{ github.event.workflow_run.html_url }}"
-
-          curl -sS \
-            -H "Title: ${REPO} released" \
-            -H "Tags: white_check_mark,package" \
-            -H "Priority: default" \
-            -H "Click: ${URL}" \
-            -d "${WORKFLOW} completed successfully." \
-            "${NTFY_URL}/${NTFY_TOPIC}"
-
-      - name: Notify on failure
-        if: github.event.workflow_run.conclusion == 'failure'
-        run: |
-          REPO="${{ github.event.repository.name }}"
-          WORKFLOW="${{ github.event.workflow_run.name }}"
-          URL="${{ github.event.workflow_run.html_url }}"
-
-          curl -sS \
-            -H "Title: ${REPO} workflow failed" \
-            -H "Tags: x,warning" \
-            -H "Priority: high" \
-            -H "Click: ${URL}" \
-            -d "${WORKFLOW} failed. Check the run for details." \
-            "${NTFY_URL}/${NTFY_TOPIC}"

.gitea/workflows/pr-check.yml

@@ -1,106 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.CI
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /.gitea/workflows/pr-check.yml
-# VERSION: 01.00.00
-# BRIEF: PR gate — validates code quality and manifest before merge to main
-
-name: PR Check
-
-on:
-  pull_request:
-    branches:
-      - main
-    types: [opened, synchronize, reopened]
-
-permissions:
-  contents: read
-  pull-requests: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  validate:
-    name: Validate PR
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup PHP
-        run: |
-          if ! command -v php &> /dev/null; then
-            sudo apt-get update -qq
-            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
-          fi
-
-      - name: PHP syntax check
-        run: |
-          echo "=== PHP Lint ==="
-          ERRORS=0
-          while IFS= read -r -d '' file; do
-            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
-              ERRORS=$((ERRORS + 1))
-            fi
-          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
-          echo "Checked files, errors: ${ERRORS}"
-          [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
-
-      - name: Validate Joomla manifest
-        run: |
-          echo "=== Manifest Validation ==="
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -z "$MANIFEST" ]; then
-            echo "::warning::No Joomla manifest found"
-            exit 0
-          fi
-          echo "Manifest: ${MANIFEST}"
-
-          # Check well-formed XML
-          if ! php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}"; then
-            echo "::error::Manifest XML is malformed"
-            exit 1
-          fi
-
-          # Check required elements
-          for ELEMENT in name version description; do
-            if ! grep -q "<${ELEMENT}>" "$MANIFEST"; then
-              echo "::error::Missing <${ELEMENT}> in manifest"
-              exit 1
-            fi
-          done
-          echo "Manifest valid"
-
-      - name: Check updates.xml format
-        run: |
-          if [ ! -f "updates.xml" ]; then
-            echo "No updates.xml — skipping"
-            exit 0
-          fi
-          echo "=== updates.xml Validation ==="
-          if ! php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}"; then
-            echo "::error::updates.xml is malformed"
-            exit 1
-          fi
-          echo "updates.xml valid"
-
-      - name: Verify package builds
-        run: |
-          echo "=== Package Build Test ==="
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          if [ ! -d "$SOURCE_DIR" ]; then
-            echo "::warning::No src/ or htdocs/ directory"
-            exit 0
-          fi
-          # Dry-run: ensure zip would succeed
-          FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
-          echo "Source contains ${FILE_COUNT} files — package will build"
-          [ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }

.gitea/workflows/pre-release.yml

@@ -1,319 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Release
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /.gitea/workflows/pre-release.yml
-# VERSION: 01.00.00
-# BRIEF: Manual pre-release — builds dev/alpha/beta/rc packages from any branch
-
-name: Pre-Release
-
-on:
-  workflow_dispatch:
-    inputs:
-      stability:
-        description: 'Pre-release channel'
-        required: true
-        type: choice
-        options:
-          - development
-          - alpha
-          - beta
-          - release-candidate
-
-permissions:
-  contents: write
-
-env:
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-jobs:
-  build:
-    name: "Build Pre-Release (${{ inputs.stability }})"
-    runs-on: release
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GA_TOKEN }}
-
-      - name: Setup PHP
-        run: |
-          if ! command -v php &> /dev/null; then
-            sudo apt-get update -qq
-            sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip >/dev/null 2>&1
-          fi
-
-      - name: Resolve metadata
-        id: meta
-        run: |
-          STABILITY="${{ inputs.stability }}"
-
-          case "$STABILITY" in
-            development)        SUFFIX="-dev";   TAG="development" ;;
-            alpha)              SUFFIX="-alpha"; TAG="alpha" ;;
-            beta)               SUFFIX="-beta";  TAG="beta" ;;
-            release-candidate)  SUFFIX="-rc";    TAG="release-candidate" ;;
-          esac
-
-          # Read and bump patch version (with rollover)
-          CURRENT=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
-          [ -z "$CURRENT" ] && CURRENT="00.00.00"
-
-          MAJOR=$(echo "$CURRENT" | cut -d. -f1)
-          MINOR=$(echo "$CURRENT" | cut -d. -f2)
-          PATCH=$(echo "$CURRENT" | cut -d. -f3)
-
-          # Patch bump with rollover: ZZ=99 → bump minor, YY=99 → bump major
-          NEW_PATCH=$((10#$PATCH + 1))
-          NEW_MINOR=$((10#$MINOR))
-          NEW_MAJOR=$((10#$MAJOR))
-
-          if [ $NEW_PATCH -gt 99 ]; then
-            NEW_PATCH=0
-            NEW_MINOR=$((NEW_MINOR + 1))
-          fi
-          if [ $NEW_MINOR -gt 99 ]; then
-            NEW_MINOR=0
-            NEW_MAJOR=$((NEW_MAJOR + 1))
-          fi
-
-          VERSION=$(printf "%02d.%02d.%02d" $NEW_MAJOR $NEW_MINOR $NEW_PATCH)
-          TODAY=$(date +%Y-%m-%d)
-
-          echo "Bumping: ${CURRENT} → ${VERSION} (patch)"
-
-          # Update README.md
-          sed -i "s/VERSION:[[:space:]]*${CURRENT}/VERSION: ${VERSION}/" README.md
-
-          # Update manifest
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -n "$MANIFEST" ]; then
-            MANIFEST_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" | head -1)
-            sed -i "s|<version>${MANIFEST_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
-            sed -i "s|<creationDate>[^<]*</creationDate>|<creationDate>${TODAY}</creationDate>|" "$MANIFEST"
-          fi
-
-          # Commit version bump
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git diff --cached --quiet || {
-            git commit -m "chore(version): bump ${CURRENT} → ${VERSION} [skip ci]"
-            git push origin HEAD 2>&1
-          }
-
-          # Auto-detect element from manifest
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          EXT_ELEMENT=""
-          if [ -n "$MANIFEST" ]; then
-            EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
-            if [ -z "$EXT_ELEMENT" ]; then
-              EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-              case "$EXT_ELEMENT" in
-                templatedetails|manifest) EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;;
-              esac
-            fi
-          else
-            EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
-          fi
-
-          ZIP_NAME="${EXT_ELEMENT}-${VERSION}${SUFFIX}.zip"
-
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
-          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
-          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
-          echo "zip_name=${ZIP_NAME}" >> "$GITHUB_OUTPUT"
-          echo "ext_element=${EXT_ELEMENT}" >> "$GITHUB_OUTPUT"
-          echo "manifest=${MANIFEST}" >> "$GITHUB_OUTPUT"
-
-          echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION}${SUFFIX} ==="
-
-      - name: Build package
-        run: |
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          if [ ! -d "$SOURCE_DIR" ]; then
-            echo "::error::No src/ or htdocs/ directory"
-            exit 1
-          fi
-
-          mkdir -p build/package
-          rsync -a \
-            --exclude='sftp-config*' \
-            --exclude='.ftpignore' \
-            --exclude='*.ppk' \
-            --exclude='*.pem' \
-            --exclude='*.key' \
-            --exclude='.env*' \
-            --exclude='*.local' \
-            --exclude='.build-trigger' \
-            "${SOURCE_DIR}/" build/package/
-
-      - name: Create ZIP
-        id: zip
-        run: |
-          ZIP_NAME="${{ steps.meta.outputs.zip_name }}"
-          cd build/package
-          zip -r "../${ZIP_NAME}" .
-          cd ..
-
-          SHA256=$(sha256sum "${ZIP_NAME}" | cut -d' ' -f1)
-          echo "sha256=${SHA256}" >> "$GITHUB_OUTPUT"
-          echo "ZIP: ${ZIP_NAME} (SHA: ${SHA256:0:16}...)"
-
-      - name: Create or replace Gitea release
-        id: release
-        run: |
-          TAG="${{ steps.meta.outputs.tag }}"
-          VERSION="${{ steps.meta.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          SHA256="${{ steps.zip.outputs.sha256 }}"
-          ZIP_NAME="${{ steps.meta.outputs.zip_name }}"
-          EXT_ELEMENT="${{ steps.meta.outputs.ext_element }}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-          API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          BRANCH=$(git branch --show-current)
-
-          BODY="## ${VERSION} ($(date +%Y-%m-%d))
-          **Channel:** ${STABILITY}
-          **SHA-256:** \`${SHA256}\`"
-
-          # Delete existing release
-          EXISTING_ID=$(curl -sS -H "Authorization: token ${TOKEN}" \
-            "${API}/releases/tags/${TAG}" | jq -r '.id // empty' 2>/dev/null)
-          if [ -n "$EXISTING_ID" ]; then
-            curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-              "${API}/releases/${EXISTING_ID}" 2>/dev/null || true
-            curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-              "${API}/tags/${TAG}" 2>/dev/null || true
-          fi
-
-          # Create release
-          RELEASE_ID=$(curl -sS -X POST -H "Authorization: token ${TOKEN}" \
-            -H "Content-Type: application/json" \
-            "${API}/releases" \
-            -d "$(jq -n \
-              --arg tag "$TAG" \
-              --arg target "$BRANCH" \
-              --arg name "${EXT_ELEMENT} ${VERSION} (${STABILITY})" \
-              --arg body "$BODY" \
-              '{tag_name: $tag, target_commitish: $target, name: $name, body: $body, prerelease: true}'
-            )" | jq -r '.id')
-
-          echo "release_id=${RELEASE_ID}" >> "$GITHUB_OUTPUT"
-
-          # Upload ZIP
-          curl -sS -X POST -H "Authorization: token ${TOKEN}" \
-            -H "Content-Type: application/octet-stream" \
-            "${API}/releases/${RELEASE_ID}/assets?name=${ZIP_NAME}" \
-            --data-binary "@build/${ZIP_NAME}"
-
-          echo "Released: ${EXT_ELEMENT} ${VERSION} (${STABILITY})"
-
-      - name: Update updates.xml
-        run: |
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          VERSION="${{ steps.meta.outputs.version }}"
-          SHA256="${{ steps.zip.outputs.sha256 }}"
-          ZIP_NAME="${{ steps.meta.outputs.zip_name }}"
-          TAG="${{ steps.meta.outputs.tag }}"
-          DATE=$(date +%Y-%m-%d)
-
-          if [ ! -f "updates.xml" ]; then
-            echo "No updates.xml — skipping"
-            exit 0
-          fi
-
-          export PY_STABILITY="$STABILITY" PY_VERSION="$VERSION" PY_SHA256="$SHA256" \
-                 PY_ZIP_NAME="$ZIP_NAME" PY_TAG="$TAG" PY_DATE="$DATE" \
-                 PY_GITEA_ORG="$GITEA_ORG" PY_GITEA_REPO="$GITEA_REPO"
-          python3 << 'PYEOF'
-          import re, os
-
-          stability  = os.environ["PY_STABILITY"]
-          version    = os.environ["PY_VERSION"]
-          sha256     = os.environ["PY_SHA256"]
-          zip_name   = os.environ["PY_ZIP_NAME"]
-          tag        = os.environ["PY_TAG"]
-          date       = os.environ["PY_DATE"]
-          gitea_org  = os.environ["PY_GITEA_ORG"]
-          gitea_repo = os.environ["PY_GITEA_REPO"]
-          download_url = f"https://git.mokoconsulting.tech/{gitea_org}/{gitea_repo}/releases/download/{tag}/{zip_name}"
-
-          with open("updates.xml", "r") as f:
-              content = f.read()
-
-          # Map stability to XML tag name
-          tag_map = {"development": "development", "alpha": "alpha", "beta": "beta", "release-candidate": "rc"}
-          xml_tag = tag_map.get(stability, stability)
-
-          pattern = r"(<update>(?:(?!</update>).)*?<tag>" + re.escape(xml_tag) + r"</tag>.*?</update>)"
-          match = re.search(pattern, content, re.DOTALL)
-          if match:
-              block = match.group(1)
-              updated = re.sub(r"<version>[^<]*</version>", f"<version>{version}</version>", block)
-              updated = re.sub(r"<creationDate>[^<]*</creationDate>", f"<creationDate>{date}</creationDate>", updated)
-              if "<sha256>" in updated:
-                  updated = re.sub(r"<sha256>[^<]*</sha256>", f"<sha256>{sha256}</sha256>", updated)
-              else:
-                  updated = updated.replace("</downloads>", f"</downloads>\n    <sha256>{sha256}</sha256>")
-              updated = re.sub(r"(<downloadurl[^>]*>)[^<]*(</downloadurl>)", rf"\g<1>{download_url}\g<2>", updated)
-              content = content.replace(block, updated)
-              print(f"Updated {xml_tag} channel: version={version}")
-          else:
-              print(f"WARNING: No <tag>{xml_tag}</tag> block in updates.xml")
-
-          with open("updates.xml", "w") as f:
-              f.write(content)
-          PYEOF
-
-          # Commit and push
-          if ! git diff --quiet updates.xml 2>/dev/null; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add updates.xml
-            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
-            git push origin HEAD 2>&1 || echo "WARNING: push failed"
-          fi
-
-      - name: "Delete lesser pre-release channels (cascade)"
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-
-          # Cascade: rc → beta,alpha,dev | beta → alpha,dev | alpha → dev | dev → nothing
-          case "$STABILITY" in
-            release-candidate) TAGS_TO_DELETE="beta alpha development" ;;
-            beta)              TAGS_TO_DELETE="alpha development" ;;
-            alpha)             TAGS_TO_DELETE="development" ;;
-            *)                 TAGS_TO_DELETE="" ;;
-          esac
-
-          [ -z "$TAGS_TO_DELETE" ] && exit 0
-
-          for TAG in $TAGS_TO_DELETE; do
-            RELEASE_ID=$(curl -sS -H "Authorization: token ${TOKEN}" \
-              "${API_BASE}/releases/tags/${TAG}" 2>/dev/null | \
-              python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-
-            if [ -n "$RELEASE_ID" ] && [ "$RELEASE_ID" != "None" ]; then
-              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-                "${API_BASE}/releases/${RELEASE_ID}" 2>/dev/null || true
-              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-                "${API_BASE}/tags/${TAG}" 2>/dev/null || true
-              echo "Deleted: ${TAG} (id: ${RELEASE_ID})"
-            fi
-          done

.gitea/workflows/release.yml

@@ -1,514 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoJGDPC.Release
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoJGDPC
-# PATH: /.gitea/workflows/release.yml
-# VERSION: 01.00.00
-# BRIEF: Joomla plugin release — build ZIP, publish to Gitea, update updates.xml
-
-name: Create Release
-
-on:
-  push:
-    tags:
-      - '[0-9][0-9].[0-9][0-9].[0-9][0-9]'
-  workflow_dispatch:
-    inputs:
-      version:
-        description: 'Release version (e.g., 01.00.00)'
-        required: true
-        type: string
-      prerelease:
-        description: 'Mark as pre-release'
-        required: false
-        type: boolean
-        default: false
-      stability:
-        description: 'Stability tag (development, alpha, beta, rc, stable)'
-        required: false
-        type: string
-        default: 'development'
-
-permissions:
-  contents: write
-
-env:
-  GITEA_URL: https://git.mokoconsulting.tech
-  GITEA_ORG: MokoConsulting
-  GITEA_REPO: MokoJGDPC
-  EXT_ELEMENT: mokojgdpc
-
-jobs:
-  build:
-    name: Build Release Package
-    runs-on: release
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Setup PHP
-        run: |
-          if ! command -v php &> /dev/null; then
-            sudo apt-get update -qq
-            sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-
-      - name: Get version and stability
-        id: meta
-        run: |
-          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
-            VERSION="${{ inputs.version }}"
-            STABILITY="${{ inputs.stability }}"
-            PRERELEASE="${{ inputs.prerelease }}"
-          else
-            VERSION=${GITHUB_REF#refs/tags/}
-            STABILITY="stable"
-            PRERELEASE="false"
-          fi
-
-          # Derive suffix and tag from stability
-          case "$STABILITY" in
-            development) SUFFIX="-dev";   TAG_NAME="development" ;;
-            alpha)       SUFFIX="-alpha"; TAG_NAME="alpha" ;;
-            beta)        SUFFIX="-beta";  TAG_NAME="beta" ;;
-            rc)          SUFFIX="-rc";    TAG_NAME="release-candidate" ;;
-            stable)      SUFFIX="";       TAG_NAME="stable" ;;
-            *)           SUFFIX="-dev";   TAG_NAME="development" ;;
-          esac
-
-          ZIP_NAME="${EXT_ELEMENT}-${VERSION}${SUFFIX}.zip"
-
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
-          echo "prerelease=${PRERELEASE}" >> "$GITHUB_OUTPUT"
-          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
-          echo "tag_name=${TAG_NAME}" >> "$GITHUB_OUTPUT"
-          echo "zip_name=${ZIP_NAME}" >> "$GITHUB_OUTPUT"
-          echo "Building: ${ZIP_NAME} (${STABILITY})"
-
-      - name: Auto-bump patch version
-        id: bump
-        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN }}
-          INPUT_VERSION: ${{ steps.meta.outputs.version }}
-          INPUT_STABILITY: ${{ steps.meta.outputs.stability }}
-          INPUT_SUFFIX: ${{ steps.meta.outputs.suffix }}
-        run: |
-          set -euo pipefail
-          BRANCH="${{ github.ref_name }}"
-          GITEA_API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
-
-          # Read current version from README.md
-          CURRENT=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
-          if [ -z "$CURRENT" ]; then
-            echo "No VERSION in README.md — using input version"
-            echo "version=${INPUT_VERSION}" >> "$GITHUB_OUTPUT"
-            echo "zip_name=${EXT_ELEMENT}-${INPUT_VERSION}${INPUT_SUFFIX}.zip" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          # Bump patch: XX.YY.ZZ → XX.YY.(ZZ+1)
-          MAJOR=$(echo "$CURRENT" | cut -d. -f1)
-          MINOR=$(echo "$CURRENT" | cut -d. -f2)
-          PATCH=$(echo "$CURRENT" | cut -d. -f3)
-          NEW_PATCH=$(printf "%02d" $((10#$PATCH + 1)))
-          NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}"
-
-          echo "Bumping: ${CURRENT} → ${NEW_VERSION}"
-
-          # Update README.md
-          sed -i "s/VERSION:[[:space:]]*${CURRENT}/VERSION: ${NEW_VERSION}/" README.md
-
-          # Update plugin manifest
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -n "$MANIFEST" ]; then
-            sed -i "s|<version>${CURRENT}</version>|<version>${NEW_VERSION}</version>|" "$MANIFEST"
-            # Update creationDate in manifest
-            sed -i "s|<creationDate>[^<]*</creationDate>|<creationDate>$(date +%Y-%m-%d)</creationDate>|" "$MANIFEST"
-          fi
-
-          # Update only the matching stability channel in updates.xml
-          if [ -f "updates.xml" ]; then
-            export PY_OLD="$CURRENT" PY_NEW="$NEW_VERSION" PY_STABILITY="$INPUT_STABILITY"
-            python3 << 'PYEOF'
-          import re, os, datetime
-          old = os.environ["PY_OLD"]
-          new = os.environ["PY_NEW"]
-          stability = os.environ["PY_STABILITY"]
-          with open("updates.xml") as f:
-              content = f.read()
-          pattern = r"(<update>(?:(?!</update>).)*?<tag>" + re.escape(stability) + r"</tag>.*?</update>)"
-          match = re.search(pattern, content, re.DOTALL)
-          if match:
-              block = match.group(1)
-              updated = block.replace(old, new)
-              today = datetime.date.today().isoformat()
-              updated = re.sub(r"<creationDate>[^<]*</creationDate>", f"<creationDate>{today}</creationDate>", updated)
-              content = content.replace(block, updated)
-          with open("updates.xml", "w") as f:
-              f.write(content)
-          print(f"Updated {stability} channel: {old} -> {new}")
-          PYEOF
-          fi
-
-          # Commit bump to current branch
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://jmiller:${GA_TOKEN}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git diff --cached --quiet || {
-            git commit -m "chore(version): bump ${CURRENT} → ${NEW_VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-            git push
-          }
-
-          # For stable releases from dev: merge dev → main via Gitea API
-          if [ "$INPUT_STABILITY" = "stable" ] && [ "$BRANCH" != "main" ]; then
-            echo "Merging ${BRANCH} → main via Gitea API..."
-            MERGE_PAYLOAD=$(jq -n \
-              --arg base "main" \
-              --arg head "${BRANCH}" \
-              --arg msg "chore(release): merge ${BRANCH} for stable ${NEW_VERSION} [skip ci]" \
-              '{base: $base, head: $head, merge_message_field: $msg}')
-            echo "Merge payload: ${MERGE_PAYLOAD}"
-            HTTP_CODE=$(curl -sS -o /tmp/merge_response.json -w "%{http_code}" \
-              -X POST -H "Authorization: token ${GA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "${GITEA_API}/merges" \
-              -d "$MERGE_PAYLOAD")
-            echo "Merge API response (HTTP ${HTTP_CODE}):"
-            cat /tmp/merge_response.json
-            if [ "$HTTP_CODE" -ge 400 ]; then
-              echo "::warning::Merge API call failed (HTTP ${HTTP_CODE}) — may need manual merge"
-            fi
-          fi
-
-          echo "version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
-          echo "zip_name=${EXT_ELEMENT}-${NEW_VERSION}${INPUT_SUFFIX}.zip" >> "$GITHUB_OUTPUT"
-
-      - name: Install dependencies
-        env:
-          COMPOSER_AUTH: '{"http-basic":{"git.mokoconsulting.tech":{"username":"token","password":"${{ secrets.GA_TOKEN }}"}}}'
-        run: |
-          if [ -f "composer.json" ]; then
-            composer install --no-dev --optimize-autoloader --no-interaction
-          fi
-
-      - name: Create package
-        run: |
-          mkdir -p build/package
-          rsync -av \
-            --exclude='sftp-config*' \
-            --exclude='.ftpignore' \
-            --exclude='*.ppk' \
-            --exclude='*.pem' \
-            --exclude='*.key' \
-            --exclude='.env*' \
-            --exclude='*.local' \
-            src/ build/package/
-
-      - name: Build ZIP
-        id: zip
-        run: |
-          ZIP_NAME="${{ steps.bump.outputs.zip_name }}"
-          cd build/package
-          zip -r "../${ZIP_NAME}" .
-          cd ..
-
-          SHA256=$(sha256sum "${ZIP_NAME}" | cut -d' ' -f1)
-          SIZE=$(stat -c%s "${ZIP_NAME}")
-
-          echo "sha256=${SHA256}" >> "$GITHUB_OUTPUT"
-          echo "size=${SIZE}" >> "$GITHUB_OUTPUT"
-          echo "SHA-256: ${SHA256}"
-          echo "Size: ${SIZE} bytes"
-
-      # ── Gitea Release (PRIMARY) ──────────────────────────────────────
-      - name: "Gitea: Delete existing release"
-        run: |
-          set -euo pipefail
-          TAG="${{ steps.meta.outputs.tag_name }}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-          API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          echo "Checking for existing release with tag: ${TAG}"
-          RELEASE_RESPONSE=$(curl -sS -w "\n%{http_code}" \
-            -H "Authorization: token ${TOKEN}" \
-            "${API}/releases/tags/${TAG}" 2>&1) || true
-          HTTP_CODE=$(echo "$RELEASE_RESPONSE" | tail -1)
-          RELEASE_BODY=$(echo "$RELEASE_RESPONSE" | sed '$d')
-          echo "Lookup response (HTTP ${HTTP_CODE}): ${RELEASE_BODY}"
-
-          RELEASE_ID=$(echo "$RELEASE_BODY" | jq -r '.id // empty' 2>/dev/null)
-
-          if [ -n "$RELEASE_ID" ]; then
-            echo "Deleting existing release id=${RELEASE_ID}..."
-            DEL_CODE=$(curl -sS -o /tmp/del_release.json -w "%{http_code}" \
-              -X DELETE -H "Authorization: token ${TOKEN}" \
-              "${API}/releases/${RELEASE_ID}")
-            echo "Delete release response (HTTP ${DEL_CODE}):"
-            cat /tmp/del_release.json 2>/dev/null; echo
-          else
-            echo "No existing release found for tag ${TAG}"
-          fi
-
-          echo "Attempting to delete tag: ${TAG}"
-          TAG_DEL_CODE=$(curl -sS -o /tmp/del_tag.json -w "%{http_code}" \
-            -X DELETE -H "Authorization: token ${TOKEN}" \
-            "${API}/tags/${TAG}")
-          echo "Delete tag response (HTTP ${TAG_DEL_CODE}):"
-          cat /tmp/del_tag.json 2>/dev/null; echo
-
-      - name: "Gitea: Create release"
-        id: gitea_release
-        run: |
-          set -euo pipefail
-          TAG="${{ steps.meta.outputs.tag_name }}"
-          VERSION="${{ steps.bump.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          SHA256="${{ steps.zip.outputs.sha256 }}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-          API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          echo "=== Create Release Debug ==="
-          echo "TAG=${TAG}"
-          echo "VERSION=${VERSION}"
-          echo "STABILITY=${STABILITY}"
-          echo "SHA256=${SHA256}"
-          echo "API=${API}"
-          echo "TOKEN length=${#TOKEN}"
-
-          BODY="## ${EXT_ELEMENT} ${VERSION} (${STABILITY})
-
-          ### SHA-256
-          \`${SHA256}\`"
-
-          if [ -f "CHANGELOG.md" ]; then
-            NOTES=$(awk "/## \[${VERSION}\]/,/## \[/{if(/## \[${VERSION}\]/)next;if(/## \[/)exit;print}" CHANGELOG.md)
-            if [ -n "$NOTES" ]; then
-              BODY="## ${EXT_ELEMENT} ${VERSION} (${STABILITY})
-
-          ${NOTES}
-
-          ### SHA-256
-          \`${SHA256}\`"
-            fi
-          fi
-
-          IS_PRE="true"
-          [ "$STABILITY" = "stable" ] && IS_PRE="false"
-
-          PAYLOAD=$(jq -n \
-            --arg tag "$TAG" \
-            --arg target "${{ github.ref_name }}" \
-            --arg name "${EXT_ELEMENT} ${VERSION} ${STABILITY^}" \
-            --arg body "$BODY" \
-            --argjson pre "$IS_PRE" \
-            '{tag_name: $tag, target_commitish: $target, name: $name, body: $body, prerelease: $pre}')
-          echo "Request payload:"
-          echo "$PAYLOAD" | jq .
-
-          HTTP_CODE=$(curl -sS -o /tmp/create_release.json -w "%{http_code}" \
-            -X POST -H "Authorization: token ${TOKEN}" \
-            -H "Content-Type: application/json" \
-            "${API}/releases" \
-            -d "$PAYLOAD")
-
-          echo "Create release response (HTTP ${HTTP_CODE}):"
-          cat /tmp/create_release.json | jq . 2>/dev/null || cat /tmp/create_release.json
-          echo
-
-          if [ "$HTTP_CODE" -ge 400 ]; then
-            echo "::error::Failed to create Gitea release (HTTP ${HTTP_CODE})"
-            exit 1
-          fi
-
-          RELEASE_ID=$(jq -r '.id' /tmp/create_release.json)
-          if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
-            echo "::error::Release created but no ID returned"
-            cat /tmp/create_release.json
-            exit 1
-          fi
-
-          echo "release_id=${RELEASE_ID}" >> "$GITHUB_OUTPUT"
-          echo "Gitea release created: id=${RELEASE_ID}, tag=${TAG}"
-
-      - name: "Gitea: Upload ZIP"
-        run: |
-          set -euo pipefail
-          RELEASE_ID="${{ steps.gitea_release.outputs.release_id }}"
-          ZIP_NAME="${{ steps.bump.outputs.zip_name }}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-          API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          echo "Uploading ${ZIP_NAME} to release ${RELEASE_ID}..."
-          echo "File size: $(stat -c%s "build/${ZIP_NAME}") bytes"
-
-          HTTP_CODE=$(curl -sS -o /tmp/upload_response.json -w "%{http_code}" \
-            -X POST \
-            -H "Authorization: token ${TOKEN}" \
-            -H "Content-Type: application/octet-stream" \
-            "${API}/releases/${RELEASE_ID}/assets?name=${ZIP_NAME}" \
-            --data-binary "@build/${ZIP_NAME}")
-
-          echo "Upload response (HTTP ${HTTP_CODE}):"
-          cat /tmp/upload_response.json | jq . 2>/dev/null || cat /tmp/upload_response.json
-          echo
-
-          if [ "$HTTP_CODE" -ge 400 ]; then
-            echo "::error::Failed to upload ZIP (HTTP ${HTTP_CODE})"
-            exit 1
-          fi
-
-          echo "Uploaded ${ZIP_NAME} to Gitea release ${RELEASE_ID}"
-
-      # ── Update updates.xml ──────────────────────────────────────────
-      - name: "Update updates.xml for this channel"
-        run: |
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          VERSION="${{ steps.bump.outputs.version }}"
-          SHA256="${{ steps.zip.outputs.sha256 }}"
-          ZIP_NAME="${{ steps.bump.outputs.zip_name }}"
-          TAG="${{ steps.meta.outputs.tag_name }}"
-          DATE=$(date +%Y-%m-%d)
-
-          if [ ! -f "updates.xml" ] || [ -z "$SHA256" ]; then
-            echo "No updates.xml or no SHA — skipping"
-            exit 0
-          fi
-
-          export PY_STABILITY="$STABILITY" PY_VERSION="$VERSION" PY_SHA256="$SHA256" \
-                 PY_ZIP_NAME="$ZIP_NAME" PY_TAG="$TAG" PY_DATE="$DATE" \
-                 PY_GITEA_ORG="$GITEA_ORG" PY_GITEA_REPO="$GITEA_REPO"
-          python3 << 'PYEOF'
-          import re, os
-
-          stability  = os.environ["PY_STABILITY"]
-          version    = os.environ["PY_VERSION"]
-          sha256     = os.environ["PY_SHA256"]
-          zip_name   = os.environ["PY_ZIP_NAME"]
-          tag        = os.environ["PY_TAG"]
-          date       = os.environ["PY_DATE"]
-          gitea_org  = os.environ["PY_GITEA_ORG"]
-          gitea_repo = os.environ["PY_GITEA_REPO"]
-
-          xml_tag = {"development": "development", "alpha": "alpha", "beta": "beta", "rc": "rc", "stable": "stable"}.get(stability, "development")
-
-          with open("updates.xml", "r") as f:
-              content = f.read()
-
-          block_pattern = r"(<update>(?:(?!</update>).)*?<tag>" + re.escape(xml_tag) + r"</tag>.*?</update>)"
-          match = re.search(block_pattern, content, re.DOTALL)
-
-          if not match:
-              print(f"No <update> block found for <tag>{xml_tag}</tag>")
-              exit(0)
-
-          block = match.group(1)
-          original_block = block
-
-          block = re.sub(r"<version>[^<]*</version>", f"<version>{version}</version>", block)
-          block = re.sub(r"<creationDate>[^<]*</creationDate>", f"<creationDate>{date}</creationDate>", block)
-          block = re.sub(r"<sha256>[^<]*</sha256>", f"<sha256>{sha256}</sha256>", block)
-
-          gitea_url = f"https://git.mokoconsulting.tech/{gitea_org}/{gitea_repo}/releases/download/{tag}/{zip_name}"
-          block = re.sub(
-              r"(<downloadurl[^>]*>)https://git\.mokoconsulting\.tech/[^<]*(</downloadurl>)",
-              rf"\g<1>{gitea_url}\g<2>",
-              block
-          )
-
-          content = content.replace(original_block, block)
-
-          with open("updates.xml", "w") as f:
-              f.write(content)
-
-          print(f"Updated {xml_tag} channel: version={version}, sha={sha256[:16]}..., date={date}")
-          PYEOF
-
-      - name: "Commit updates.xml to current branch and sync to main"
-        run: |
-          if git diff --quiet updates.xml 2>/dev/null; then
-            echo "No changes to updates.xml"
-            exit 0
-          fi
-
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          VERSION="${{ steps.bump.outputs.version }}"
-
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git add updates.xml
-          git commit -m "chore: update ${STABILITY} SHA-256 for ${VERSION} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git push || true
-
-          # Sync updates.xml to main via Gitea API
-          GA_TOKEN="${{ secrets.GA_TOKEN }}"
-          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
-
-          echo "Fetching updates.xml SHA from main branch..."
-          SHA_CODE=$(curl -sS -o /tmp/file_sha.json -w "%{http_code}" \
-            -H "Authorization: token ${GA_TOKEN}" \
-            "${API}/contents/updates.xml?ref=main")
-          echo "File SHA response (HTTP ${SHA_CODE}):"
-          cat /tmp/file_sha.json | jq . 2>/dev/null || cat /tmp/file_sha.json
-          echo
-
-          FILE_SHA=$(jq -r '.sha // empty' /tmp/file_sha.json 2>/dev/null)
-
-          if [ -n "$FILE_SHA" ]; then
-            echo "Syncing updates.xml to main (sha=${FILE_SHA})..."
-            CONTENT=$(base64 -w0 updates.xml)
-            SYNC_PAYLOAD=$(jq -n \
-              --arg content "$CONTENT" \
-              --arg sha "$FILE_SHA" \
-              --arg msg "chore: sync updates.xml ${STABILITY} ${VERSION} [skip ci]" \
-              --arg branch "main" \
-              '{content: $content, sha: $sha, message: $msg, branch: $branch}')
-            SYNC_CODE=$(curl -sS -o /tmp/sync_response.json -w "%{http_code}" \
-              -X PUT -H "Authorization: token ${GA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "${API}/contents/updates.xml" \
-              -d "$SYNC_PAYLOAD")
-            echo "Sync response (HTTP ${SYNC_CODE}):"
-            cat /tmp/sync_response.json | jq . 2>/dev/null || cat /tmp/sync_response.json
-            echo
-            if [ "$SYNC_CODE" -ge 400 ]; then
-              echo "::warning::Failed to sync updates.xml to main (HTTP ${SYNC_CODE})"
-            else
-              echo "updates.xml synced to main"
-            fi
-          else
-            echo "::warning::Could not find updates.xml on main branch (HTTP ${SHA_CODE})"
-          fi
-
-      - name: Summary
-        run: |
-          VERSION="${{ steps.bump.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          ZIP_NAME="${{ steps.bump.outputs.zip_name }}"
-          SHA256="${{ steps.zip.outputs.sha256 }}"
-          TAG="${{ steps.meta.outputs.tag_name }}"
-
-          echo "### Release Created" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-          echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Stability | ${STABILITY} |" >> $GITHUB_STEP_SUMMARY
-          echo "| Tag | \`${TAG}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Package | \`${ZIP_NAME}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| SHA-256 | \`${SHA256}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Gitea | [Release](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${TAG}) |" >> $GITHUB_STEP_SUMMARY

.gitea/workflows/security-audit.yml

@@ -1,82 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Security
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /.gitea/workflows/security-audit.yml
-# VERSION: 01.00.00
-# BRIEF: Dependency vulnerability scanning for composer and npm packages
-
-name: Security Audit
-
-on:
-  schedule:
-    - cron: '0 6 * * 1'  # Weekly on Monday at 06:00 UTC
-  pull_request:
-    branches:
-      - main
-    paths:
-      - 'composer.json'
-      - 'composer.lock'
-      - 'package.json'
-      - 'package-lock.json'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-env:
-  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
-  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
-
-jobs:
-  audit:
-    name: Dependency Audit
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Composer audit
-        if: hashFiles('composer.lock') != ''
-        run: |
-          echo "=== Composer Security Audit ==="
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq
-            sudo apt-get install -y -qq php-cli composer >/dev/null 2>&1
-          fi
-          composer audit --format=plain 2>&1 | tee /tmp/composer-audit.txt
-          RESULT=$?
-          if [ $RESULT -ne 0 ]; then
-            echo "::warning::Composer vulnerabilities found"
-            echo "composer_vulnerable=true" >> "$GITHUB_ENV"
-          else
-            echo "No known vulnerabilities in composer dependencies"
-          fi
-
-      - name: NPM audit
-        if: hashFiles('package-lock.json') != ''
-        run: |
-          echo "=== NPM Security Audit ==="
-          npm audit --production 2>&1 | tee /tmp/npm-audit.txt || true
-          if npm audit --production 2>&1 | grep -q "found 0 vulnerabilities"; then
-            echo "No known vulnerabilities in npm dependencies"
-          else
-            echo "::warning::NPM vulnerabilities found"
-            echo "npm_vulnerable=true" >> "$GITHUB_ENV"
-          fi
-
-      - name: Notify on vulnerabilities
-        if: env.composer_vulnerable == 'true' || env.npm_vulnerable == 'true'
-        run: |
-          REPO="${{ github.event.repository.name }}"
-          curl -sS \
-            -H "Title: ${REPO} has vulnerable dependencies" \
-            -H "Tags: lock,warning" \
-            -H "Priority: high" \
-            -d "Security audit found vulnerabilities. Review dependency updates." \
-            "${NTFY_URL}/${NTFY_TOPIC}" || true

.gitea/workflows/sync-roadmap-wiki.yml

@@ -1,193 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-# SPDX-License-Identifier: GPL-3.0-or-later
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Workflows
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
-# PATH: /templates/workflows/sync-roadmap-wiki.yml.template
-# VERSION: 04.06.00
-# BRIEF: Syncs project board state to a Roadmap wiki page
-
-name: Sync Roadmap to Wiki
-
-on:
-  # Run when project issues change
-  issues:
-    types: [opened, closed, reopened, labeled, unlabeled, milestoned, demilestoned]
-
-  # Run on milestone changes
-  milestone:
-    types: [created, closed, opened, edited, deleted]
-
-  # Manual trigger
-  workflow_dispatch:
-
-  # Weekly refresh to catch any drift
-  schedule:
-    - cron: '0 6 * * 1'
-
-permissions:
-  contents: write
-  issues: read
-
-jobs:
-  sync-roadmap:
-    name: Generate Roadmap Wiki
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Generate Roadmap from Projects
-        env:
-          GITEA_TOKEN: ${{ secrets.GA_TOKEN }}
-          GITEA_URL: ${{ github.server_url }}
-          REPO_OWNER: ${{ github.repository_owner }}
-          REPO_NAME: ${{ github.event.repository.name }}
-        run: |
-          set -euo pipefail
-
-          API="${GITEA_URL}/api/v1"
-          AUTH="Authorization: token ${GITEA_TOKEN}"
-          REPO="${REPO_OWNER}/${REPO_NAME}"
-
-          # Fetch milestones (open + closed)
-          MILESTONES_OPEN=$(curl -sf -H "$AUTH" "${API}/repos/${REPO}/milestones?state=open&limit=50" || echo "[]")
-          MILESTONES_CLOSED=$(curl -sf -H "$AUTH" "${API}/repos/${REPO}/milestones?state=closed&limit=50" || echo "[]")
-
-          # Fetch all open issues
-          ISSUES_OPEN=$(curl -sf -H "$AUTH" "${API}/repos/${REPO}/issues?state=open&type=issues&limit=50" || echo "[]")
-          ISSUES_CLOSED=$(curl -sf -H "$AUTH" "${API}/repos/${REPO}/issues?state=closed&type=issues&limit=50&sort=updated&direction=desc" || echo "[]")
-
-          # Fetch labels for categorization
-          LABELS=$(curl -sf -H "$AUTH" "${API}/repos/${REPO}/labels?limit=50" || echo "[]")
-
-          # Build the roadmap markdown
-          cat > /tmp/roadmap.md << 'HEADER'
-          # Roadmap
-
-          > Auto-generated from project milestones and issues.
-          > Last updated: TIMESTAMP
-
-          HEADER
-          sed -i "s|TIMESTAMP|$(date -u '+%Y-%m-%d %H:%M UTC')|" /tmp/roadmap.md
-
-          # --- Active Milestones ---
-          echo "## Active Milestones" >> /tmp/roadmap.md
-          echo "" >> /tmp/roadmap.md
-
-          MILESTONE_COUNT=$(echo "$MILESTONES_OPEN" | jq 'length')
-          if [ "$MILESTONE_COUNT" -eq 0 ]; then
-            echo "_No active milestones._" >> /tmp/roadmap.md
-            echo "" >> /tmp/roadmap.md
-          else
-            echo "$MILESTONES_OPEN" | jq -r '.[] | @base64' | while read -r ms; do
-              _jq() { echo "$ms" | base64 -d | jq -r "$1"; }
-              TITLE=$(_jq '.title')
-              DESC=$(_jq '.description // ""')
-              DUE=$(_jq '.due_on // ""')
-              OPEN=$(_jq '.open_issues')
-              CLOSED=$(_jq '.closed_issues')
-              TOTAL=$((OPEN + CLOSED))
-
-              if [ "$TOTAL" -gt 0 ]; then
-                PCT=$((CLOSED * 100 / TOTAL))
-              else
-                PCT=0
-              fi
-
-              echo "### ${TITLE}" >> /tmp/roadmap.md
-              if [ -n "$DUE" ] && [ "$DUE" != "null" ] && [ "$DUE" != "0001-01-01T00:00:00Z" ]; then
-                DUE_FMT=$(date -d "$DUE" '+%B %d, %Y' 2>/dev/null || echo "$DUE")
-                echo "**Due:** ${DUE_FMT}" >> /tmp/roadmap.md
-              fi
-              if [ -n "$DESC" ] && [ "$DESC" != "null" ]; then
-                echo "" >> /tmp/roadmap.md
-                echo "$DESC" >> /tmp/roadmap.md
-              fi
-              echo "" >> /tmp/roadmap.md
-              echo "**Progress:** ${CLOSED}/${TOTAL} (${PCT}%)" >> /tmp/roadmap.md
-              echo "" >> /tmp/roadmap.md
-
-              # List issues in this milestone
-              MS_ID=$(_jq '.id')
-              MS_ISSUES=$(echo "$ISSUES_OPEN" | jq --arg id "$MS_ID" '[.[] | select(.milestone.id == ($id | tonumber))]')
-              MS_DONE=$(echo "$ISSUES_CLOSED" | jq --arg id "$MS_ID" '[.[] | select(.milestone.id == ($id | tonumber))]')
-
-              if [ "$(echo "$MS_DONE" | jq 'length')" -gt 0 ]; then
-                echo "$MS_DONE" | jq -r '.[] | "- [x] " + .title + " (#" + (.number | tostring) + ")"' >> /tmp/roadmap.md
-              fi
-              if [ "$(echo "$MS_ISSUES" | jq 'length')" -gt 0 ]; then
-                echo "$MS_ISSUES" | jq -r '.[] | "- [ ] " + .title + " (#" + (.number | tostring) + ")"' >> /tmp/roadmap.md
-              fi
-              echo "" >> /tmp/roadmap.md
-            done
-          fi
-
-          # --- Backlog (issues without milestones) ---
-          BACKLOG=$(echo "$ISSUES_OPEN" | jq '[.[] | select(.milestone == null)]')
-          BACKLOG_COUNT=$(echo "$BACKLOG" | jq 'length')
-
-          if [ "$BACKLOG_COUNT" -gt 0 ]; then
-            echo "## Backlog" >> /tmp/roadmap.md
-            echo "" >> /tmp/roadmap.md
-            echo "_Issues not yet assigned to a milestone._" >> /tmp/roadmap.md
-            echo "" >> /tmp/roadmap.md
-
-            # Group by label if possible
-            echo "$BACKLOG" | jq -r '.[] | "- [ ] " + .title + " (#" + (.number | tostring) + ")" + (if (.labels | length) > 0 then " `" + (.labels | map(.name) | join("`, `")) + "`" else "" end)' >> /tmp/roadmap.md
-            echo "" >> /tmp/roadmap.md
-          fi
-
-          # --- Completed Milestones ---
-          CLOSED_COUNT=$(echo "$MILESTONES_CLOSED" | jq 'length')
-          if [ "$CLOSED_COUNT" -gt 0 ]; then
-            echo "## Completed" >> /tmp/roadmap.md
-            echo "" >> /tmp/roadmap.md
-            echo "$MILESTONES_CLOSED" | jq -r '.[] | "- ~~" + .title + "~~ ✓ (" + (.closed_issues | tostring) + " issues)"' >> /tmp/roadmap.md
-            echo "" >> /tmp/roadmap.md
-          fi
-
-          echo "---" >> /tmp/roadmap.md
-          echo "_Generated by [sync-roadmap-wiki](${GITEA_URL}/${REPO}/actions) workflow._" >> /tmp/roadmap.md
-
-          echo "=== Generated Roadmap ==="
-          cat /tmp/roadmap.md
-
-      - name: Push Roadmap to Wiki
-        env:
-          GITEA_TOKEN: ${{ secrets.GA_TOKEN }}
-          GITEA_URL: ${{ github.server_url }}
-          REPO_OWNER: ${{ github.repository_owner }}
-          REPO_NAME: ${{ github.event.repository.name }}
-        run: |
-          API="${GITEA_URL}/api/v1"
-          AUTH="Authorization: token ${GITEA_TOKEN}"
-          REPO="${REPO_OWNER}/${REPO_NAME}"
-
-          CONTENT_B64=$(base64 -w0 /tmp/roadmap.md)
-
-          # Check if Roadmap wiki page exists
-          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -H "$AUTH" "${API}/repos/${REPO}/wiki/page/Roadmap" || echo "404")
-
-          if [ "$STATUS" = "200" ]; then
-            # Update existing page
-            curl -sf -X PATCH -H "$AUTH" -H "Content-Type: application/json" \
-              "${API}/repos/${REPO}/wiki/page/Roadmap" \
-              -d "{\"title\": \"Roadmap\", \"content_base64\": \"${CONTENT_B64}\", \"message\": \"chore: sync roadmap from project board\"}" \
-              && echo "Roadmap wiki page updated"
-          else
-            # Create new page
-            curl -sf -X POST -H "$AUTH" -H "Content-Type: application/json" \
-              "${API}/repos/${REPO}/wiki/new" \
-              -d "{\"title\": \"Roadmap\", \"content_base64\": \"${CONTENT_B64}\", \"message\": \"chore: create roadmap from project board\"}" \
-              && echo "Roadmap wiki page created"
-          fi
-
-      - name: Summary
-        if: always()
-        run: |
-          echo "## Roadmap Sync" >> $GITHUB_STEP_SUMMARY
-          echo "Roadmap wiki page synced from milestones and issues." >> $GITHUB_STEP_SUMMARY
-          echo "View it at: ${{ github.server_url }}/${{ github.repository }}/wiki/Roadmap" >> $GITHUB_STEP_SUMMARY

.github/.mokostandards

@@ -1 +0,0 @@
-platform: waas-component

.github/CLAUDE.md

@@ -1,198 +0,0 @@
-# MokoJGDPC — Claude Code Instructions
-
-## What This Repo Is
-
-This is a **Moko Consulting MokoWaaS** (Joomla) repository governed by [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards). All coding standards, workflows, and policies are defined there and enforced here via bulk sync.
-
-Repository URL: https://git.mokoconsulting.tech/MokoConsulting/MokoJGDPC
-Extension name: **MokoJGDPC**
-Extension type: **plugin** (`plg_system_mokojgdpc`)
-Plugin group: **system**
-Platform: **Joomla 5.x / 6.x / MokoWaaS**
-Purpose: Bridge DPCalendar events to JoomGallery categories
-
----
-
-## Primary Language
-
-**PHP** (≥ 8.1) is the primary language for this Joomla plugin. YAML uses 2-space indentation. All other text files use tabs per `.editorconfig`.
-
----
-
-## File Header — Always Required on New Files
-
-Every new file needs a copyright header as its first content.
-
-**PHP:**
-```php
-<?php
-/* Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
- *
- * This file is part of a Moko Consulting project.
- *
- * SPDX-License-Identifier: GPL-3.0-or-later
- *
- * FILE INFORMATION
- * DEFGROUP: MokoJGDPC.System
- * INGROUP: MokoJGDPC
- * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoJGDPC
- * PATH: /path/to/file.php
- * VERSION: XX.YY.ZZ
- * BRIEF: One-line description of purpose
- */
-
-defined('_JEXEC') or die;
-```
-
-**Markdown:**
-```markdown
-<!--
-Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-
-This file is part of a Moko Consulting project.
-
-SPDX-License-Identifier: GPL-3.0-or-later
-
-# FILE INFORMATION
-DEFGROUP: MokoJGDPC.Documentation
-INGROUP: MokoJGDPC
-REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoJGDPC
-PATH: /docs/file.md
-VERSION: XX.YY.ZZ
-BRIEF: One-line description
--->
-```
-
-**YAML / Shell / XML:** Use the appropriate comment syntax with the same fields. JSON files are exempt.
-
----
-
-## Version Management
-
-**`README.md` is the single source of truth for the repository version.**
-
-- **Patch version is auto-bumped by the release workflow** — `release.yml` reads the current version from `README.md`, increments the patch (`XX.YY.ZZ` → `XX.YY.(ZZ+1)`), updates `README.md`, `mokojgdpc.xml`, and the matching channel in `updates.xml`, commits, pushes, then builds the ZIP. Manual bumping is no longer required.
-- The `VERSION: XX.YY.ZZ` field in `README.md` governs all other version references.
-- Version format is zero-padded semver: `XX.YY.ZZ` (e.g. `01.00.05`).
-- Never hardcode a specific version in document body text — use the badge or FILE INFORMATION header only.
-
-### Joomla Version Alignment
-
-The version in `README.md` **must always match** the `<version>` tag in `mokojgdpc.xml` and the matching channel entry in `updates.xml`. The release workflow updates all three automatically.
-
-### Multi-Channel updates.xml
-
-`updates.xml` contains separate `<update>` blocks per stability channel (development, alpha, beta, rc, stable). Each release workflow only modifies its own channel using targeted Python regex replacement — other channels are preserved untouched. Joomla filters by the user's "Minimum Stability" setting.
-
-**Key rules:**
-- SHA-256 must be raw hex (no `sha256:` prefix)
-- Version format must be `XX.YY.ZZ`, not tag names like `v01`
-- Download URLs must point to Gitea (not GitHub) for all pre-release channels
-- **Always push updates.xml to main** — Joomla sites read from main, not dev
-- Plugin entries require `<folder>system</folder>` for Joomla to match the update
-
----
-
-## Plugin Architecture
-
-MokoJGDPC uses the modern Joomla 5/6 namespace-based plugin pattern:
-
-- **`services/provider.php`** — Dependency injection container registration
-- **`src/Extension/MokoJGDPC.php`** — Main plugin class implementing `SubscriberInterface`
-- **`script.php`** — Install/update/uninstall script (creates `#__mokojgdpc_map` table, seeds existing events)
-
-### Event Hooks
-
-| Event | Purpose |
-|-------|---------|
-| `onContentAfterSave` | Create/update JoomGallery category when DPCalendar event is saved |
-| `onContentAfterDelete` | Optionally delete JoomGallery category when event is removed |
-
-### Database
-
-| Table | Purpose |
-|-------|---------|
-| `#__mokojgdpc_map` | Maps `event_id` (DPCalendar) → `category_id` (JoomGallery) |
-
----
-
-## Plugin Structure
-
-```
-MokoJGDPC/
-├── src/
-│   ├── mokojgdpc.xml          # Joomla installer manifest
-│   ├── script.php             # Install/update script (table + seed)
-│   ├── services/
-│   │   └── provider.php       # DI service provider
-│   ├── src/Extension/
-│   │   └── MokoJGDPC.php     # Main plugin class
-│   └── language/              # Language INI files (en-GB, en-US)
-├── updates.xml                # Update server manifest (root — required)
-├── .github/workflows/         # GitHub/Gitea Actions workflows
-├── docs/                      # Documentation
-├── README.md                  # Version source of truth
-├── CHANGELOG.md
-└── LICENSE
-```
-
----
-
-## Gitea Actions — Token Usage
-
-Every workflow must use **`secrets.GA_TOKEN`** (the org-level Personal Access Token).
-
-```yaml
-# Correct
-- uses: actions/checkout@v4
-  with:
-    token: ${{ secrets.GA_TOKEN }}
-```
-
-```yaml
-# Wrong
-token: ${{ github.token }}
-token: ${{ secrets.GITHUB_TOKEN }}
-```
-
----
-
-## Naming Conventions
-
-| Context | Convention | Example |
-|---------|-----------|---------|
-| PHP class | `PascalCase` | `MokoJGDPC` |
-| PHP method / function | `camelCase` | `onContentAfterSave()` |
-| PHP variable | `$snake_case` | `$event_id` |
-| PHP constant | `UPPER_SNAKE_CASE` | `DPCALENDAR_CONTEXT` |
-| PHP class file | `PascalCase.php` | `MokoJGDPC.php` |
-| YAML workflow | `kebab-case.yml` | `ci-joomla.yml` |
-| Markdown doc | `kebab-case.md` | `quick-start.md` |
-
----
-
-## Commit Messages
-
-Format: `<type>(<scope>): <subject>` — imperative, lower-case subject, no trailing period.
-
-Valid types: `feat` · `fix` · `docs` · `chore` · `ci` · `refactor` · `style` · `test` · `perf` · `revert` · `build`
-
----
-
-## Branch Naming
-
-Format: `<prefix>/<MAJOR.MINOR.PATCH>[/description]`
-
-Approved prefixes: `dev/` · `rc/` · `version/` · `patch/` · `copilot/` · `dependabot/`
-
----
-
-## Key Constraints
-
-- Never commit directly to `main` — all changes go via PR, squash-merged
-- Never skip the FILE INFORMATION block on a new file
-- Never add `defined('_JEXEC') or die;` to CLI scripts or model tests — only to web-accessible PHP files
-- Never hardcode version numbers in body text — update `README.md` and let automation propagate
-- Never use `github.token` or `secrets.GITHUB_TOKEN` in workflows — always use `secrets.GA_TOKEN`
-- Never let `mokojgdpc.xml` version, `updates.xml` version, and `README.md` version go out of sync
-- Always push `updates.xml` to main after updating on dev (Joomla reads from main)

.github/workflows/auto-assign.yml

@@ -1,76 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Workflows.Shared
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /.github/workflows/auto-assign.yml
-# VERSION: 04.06.00
-# BRIEF: Auto-assign jmiller to unassigned issues and PRs every 15 minutes
-
-name: Auto-Assign Issues & PRs
-
-on:
-  issues:
-    types: [opened]
-  pull_request_target:
-    types: [opened]
-  schedule:
-    - cron: '0 */12 * * *'
-  workflow_dispatch:
-
-permissions:
-  issues: write
-  pull-requests: write
-
-jobs:
-  auto-assign:
-    name: Assign unassigned issues and PRs
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Assign unassigned issues
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          REPO="${{ github.repository }}"
-          ASSIGNEE="jmiller"
-
-          echo "## 🏷️ Auto-Assign Report" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          ASSIGNED_ISSUES=0
-          ASSIGNED_PRS=0
-
-          # Assign unassigned open issues
-          ISSUES=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues?state=open&per_page=100&assignee=none" | jq -r '.[].number' 2>/dev/null || true)
-          for NUM in $ISSUES; do
-            # Skip PRs (the issues endpoint returns PRs too)
-            IS_PR=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues/$NUM" | jq -r '.pull_request // empty' 2>/dev/null || true)
-            if [ -z "$IS_PR" ]; then
-              curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues/$NUM/assignees" 2>/dev/null -X POST -f "assignees[]=$ASSIGNEE" --silent 2>/dev/null && {
-                ASSIGNED_ISSUES=$((ASSIGNED_ISSUES + 1))
-                echo "  Assigned issue #$NUM"
-              } || true
-            fi
-          done
-
-          # Assign unassigned open PRs
-          PRS=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/pulls?state=open&per_page=100" | jq -r '.[] | select(.assignees | length == 0) | .number' 2>/dev/null || true)
-          for NUM in $PRS; do
-            curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues/$NUM/assignees" 2>/dev/null -X POST -f "assignees[]=$ASSIGNEE" --silent 2>/dev/null && {
-              ASSIGNED_PRS=$((ASSIGNED_PRS + 1))
-              echo "  Assigned PR #$NUM"
-            } || true
-          done
-
-          echo "| Type | Assigned |" >> $GITHUB_STEP_SUMMARY
-          echo "|------|----------|" >> $GITHUB_STEP_SUMMARY
-          echo "| Issues | $ASSIGNED_ISSUES |" >> $GITHUB_STEP_SUMMARY
-          echo "| Pull Requests | $ASSIGNED_PRS |" >> $GITHUB_STEP_SUMMARY
-
-          if [ "$ASSIGNED_ISSUES" -eq 0 ] && [ "$ASSIGNED_PRS" -eq 0 ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "✅ All issues and PRs already have assignees" >> $GITHUB_STEP_SUMMARY
-          fi

.github/workflows/auto-release.yml

@@ -1,695 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Release
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
-# PATH: /templates/workflows/joomla/auto-release.yml.template
-# VERSION: 04.06.00
-# BRIEF: Joomla build & release — ZIP package, updates.xml, SHA-256 checksum
-#
-# +========================================================================+
-# |                    BUILD & RELEASE PIPELINE (JOOMLA)                   |
-# +========================================================================+
-# |                                                                        |
-# |  Triggers on push to main (skips bot commits + [skip ci]):             |
-# |                                                                        |
-# |  Every push:                                                           |
-# |    1. Read version from README.md                                      |
-# |    3. Set platform version (Joomla <version>)                          |
-# |    4. Update [VERSION: XX.YY.ZZ] badges in markdown files              |
-# |    5. Write updates.xml (Joomla update server XML)                      |
-# |    6. Create git tag vXX.YY.ZZ                                        |
-# |    7a. Patch: update existing Gitea Release for this minor             |
-# |    8. Build ZIP, upload asset, write SHA-256 to updates.xml             |
-# |                                                                        |
-# |  Every version change: archives main -> version/XX.YY branch           |
-# |  All patches release (including 00). Patch 00/01 = full pipeline.      |
-# |  First release only (patch == 01):                                     |
-# |    7b. Create new Gitea Release                                        |
-# |                                                                        |
-# |  GitHub mirror: stable/rc releases only (continue-on-error)            |
-# |                                                                        |
-# +========================================================================+
-
-name: Build & Release
-
-on:
-  pull_request:
-    types: [closed]
-    branches:
-      - main
-    paths:
-      - 'src/**'
-      - 'htdocs/**'
-  workflow_dispatch:
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-
-jobs:
-  release:
-    name: Build & Release Pipeline
-    runs-on: release
-    if: >-
-      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.GA_TOKEN }}
-          fetch-depth: 0
-
-      - name: Setup MokoStandards tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN }}"}}'
-        run: |
-          # Ensure PHP + Composer are available
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api
-          cd /tmp/mokostandards-api
-          composer install --no-dev --no-interaction --quiet
-
-      # -- STEP 1: Read version -----------------------------------------------
-      - name: "Step 1: Read version from README.md"
-        id: version
-        run: |
-          VERSION=$(php /tmp/mokostandards-api/cli/version_read.php --path . 2>/dev/null)
-          if [ -z "$VERSION" ]; then
-            echo "No VERSION in README.md — skipping release"
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          # Derive major.minor for branch naming (patches update existing branch)
-          MINOR=$(echo "$VERSION" | awk -F. '{printf "%s.%s", $1, $2}')
-          PATCH=$(echo "$VERSION" | awk -F. '{print $3}')
-
-          MAJOR=$(echo "$VERSION" | awk -F. '{print $1}')
-          MINOR_NUM=$(echo "$VERSION" | awk -F. '{print $2}')
-
-          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
-          echo "branch=version/${MAJOR}" >> "$GITHUB_OUTPUT"
-          echo "minor=$MINOR" >> "$GITHUB_OUTPUT"
-          echo "major=$MAJOR" >> "$GITHUB_OUTPUT"
-          echo "release_tag=stable" >> "$GITHUB_OUTPUT"
-          echo "stability=stable" >> "$GITHUB_OUTPUT"
-          echo "skip=false" >> "$GITHUB_OUTPUT"
-          if [ "$PATCH" = "00" ] || [ "$PATCH" = "01" ]; then
-            echo "is_minor=true" >> "$GITHUB_OUTPUT"
-            echo "Version: $VERSION (first release for this minor — full pipeline)"
-          else
-            echo "is_minor=false" >> "$GITHUB_OUTPUT"
-            echo "Version: $VERSION (patch — platform version + badges only)"
-          fi
-
-      - name: Check if already released
-        if: steps.version.outputs.skip != 'true'
-        id: check
-        run: |
-          TAG="${{ steps.version.outputs.release_tag }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-
-          TAG_EXISTS=false
-          BRANCH_EXISTS=false
-
-          git rev-parse "$TAG" >/dev/null 2>&1 && TAG_EXISTS=true
-          git ls-remote --heads origin "$BRANCH" 2>/dev/null | grep -q "$BRANCH" && BRANCH_EXISTS=true
-
-          echo "tag_exists=$TAG_EXISTS" >> "$GITHUB_OUTPUT"
-          echo "branch_exists=$BRANCH_EXISTS" >> "$GITHUB_OUTPUT"
-
-          # Tag and branch may persist across patch releases — never skip
-          echo "already_released=false" >> "$GITHUB_OUTPUT"
-
-      # -- SANITY CHECKS -------------------------------------------------------
-      - name: "Sanity: Pre-release validation"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          ERRORS=0
-
-          echo "## Pre-Release Sanity Checks (Joomla)" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # -- Version drift check (must pass before release) --------
-          README_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
-          if [ "$README_VER" != "$VERSION" ]; then
-            echo "- Version drift: README says \`${README_VER}\` but releasing \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- Version consistent: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # Check CHANGELOG version matches
-          CL_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' CHANGELOG.md 2>/dev/null | head -1)
-          if [ -n "$CL_VER" ] && [ "$CL_VER" != "$VERSION" ]; then
-            echo "- CHANGELOG drift: \`${CL_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          fi
-
-          # Check composer.json version if present
-          if [ -f "composer.json" ]; then
-            COMP_VER=$(sed -n 's/.*"version"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' composer.json 2>/dev/null | head -1)
-            if [ -n "$COMP_VER" ] && [ "$COMP_VER" != "$VERSION" ]; then
-              echo "- composer.json drift: \`${COMP_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS+1))
-            fi
-          fi
-
-          # Common checks
-          if [ ! -f "LICENSE" ]; then
-            echo "- Missing LICENSE file" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- LICENSE present" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          if [ ! -d "src" ] && [ ! -d "htdocs" ]; then
-            echo "- Warning: No src/ or htdocs/ directory" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "- Source directory present" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # -- Joomla: manifest version drift --------
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -n "$MANIFEST" ]; then
-            XML_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
-            if [ -n "$XML_VER" ] && [ "$XML_VER" != "$VERSION" ]; then
-              echo "- Manifest drift: \`${XML_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS+1))
-            else
-              echo "- Manifest version: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            fi
-          fi
-
-          # -- Joomla: XML manifest existence --------
-          if [ -z "$MANIFEST" ]; then
-            echo "- No Joomla XML manifest found" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- Manifest: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
-
-            # -- Joomla: extension type check --------
-            TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" 2>/dev/null)
-            echo "- Extension type: ${TYPE:-unknown}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ "$ERRORS" -gt 0 ]; then
-            echo "**${ERRORS} error(s) — release may be incomplete**" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "**All sanity checks passed**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 2: Create or update version/XX.YY archive branch ---------------
-      # Always runs — every version change on main archives to version/XX.YY
-      - name: "Step 2: Version archive branch"
-        if: steps.check.outputs.already_released != 'true'
-        run: |
-          BRANCH="${{ steps.version.outputs.branch }}"
-          IS_MINOR="${{ steps.version.outputs.is_minor }}"
-          PATCH="${{ steps.version.outputs.version }}"
-          PATCH_NUM=$(echo "$PATCH" | awk -F. '{print $3}')
-
-          # Check if branch exists
-          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
-            git push origin HEAD:"$BRANCH" --force
-            echo "Updated archive branch: ${BRANCH} (patch ${PATCH_NUM})" >> $GITHUB_STEP_SUMMARY
-          else
-            git checkout -b "$BRANCH" 2>/dev/null || git checkout "$BRANCH"
-            git push origin "$BRANCH" --force
-            echo "Created archive branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 3: Set platform version ----------------------------------------
-      - name: "Step 3: Set platform version"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          php /tmp/mokostandards-api/cli/version_set_platform.php \
-            --path . --version "$VERSION" --branch main
-
-      # -- STEP 4: Update version badges ----------------------------------------
-      - name: "Step 4: Update version badges"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          find . -name "*.md" ! -path "./.git/*" ! -path "./vendor/*" | while read -r f; do
-            if grep -q '\[VERSION:' "$f" 2>/dev/null; then
-              sed -i "s/\[VERSION:[[:space:]]*[0-9]\{2\}\.[0-9]\{2\}\.[0-9]\{2\}\]/[VERSION: ${VERSION}]/" "$f"
-            fi
-          done
-
-      # -- STEP 5: Write updates.xml (Joomla update server) ---------------------
-      - name: "Step 5: Write updates.xml"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          REPO="${{ github.repository }}"
-
-          # -- Parse extension metadata from XML manifest ----------------
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -z "$MANIFEST" ]; then
-            echo "Warning: No Joomla XML manifest found — skipping updates.xml" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-
-          # Extract fields using sed (portable — no grep -P)
-          EXT_NAME=$(sed -n 's/.*<name>\([^<]*\)<\/name>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_CLIENT=$(sed -n 's/.*<extension[^>]*client="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          TARGET_PLATFORM=$(sed -n 's/.*\(<targetplatform[^/]*\/>\).*/\1/p' "$MANIFEST" | head -1)
-          PHP_MINIMUM=$(sed -n 's/.*<php_minimum>\([^<]*\)<\/php_minimum>.*/\1/p' "$MANIFEST" | head -1)
-
-          # Fallbacks
-          [ -z "$EXT_NAME" ] && EXT_NAME="${{ github.event.repository.name }}"
-          [ -z "$EXT_TYPE" ] && EXT_TYPE="component"
-
-          # Derive element if not in manifest:
-          # 1. Try XML filename (e.g. mokowaas.xml → mokowaas)
-          # 2. Fall back to repo name (lowercased)
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-            # If filename is generic (templateDetails, manifest), use repo name
-            case "$EXT_ELEMENT" in
-              templatedetails|manifest|*.xml) EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;;
-            esac
-          fi
-
-          # Build client tag: plugins and frontend modules need <client>site</client>
-          CLIENT_TAG=""
-          if [ -n "$EXT_CLIENT" ]; then
-            CLIENT_TAG="<client>${EXT_CLIENT}</client>"
-          elif [ "$EXT_TYPE" = "module" ] || [ "$EXT_TYPE" = "plugin" ]; then
-            CLIENT_TAG="<client>site</client>"
-          fi
-
-          # Build folder tag for plugins (required for Joomla to match the update)
-          FOLDER_TAG=""
-          if [ -n "$EXT_FOLDER" ] && [ "$EXT_TYPE" = "plugin" ]; then
-            FOLDER_TAG="<folder>${EXT_FOLDER}</folder>"
-          fi
-
-          # Build targetplatform (fallback to Joomla 5 if not in manifest)
-          if [ -z "$TARGET_PLATFORM" ]; then
-            TARGET_PLATFORM=$(printf '<targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" %s>' "/")
-          fi
-
-          # Build php_minimum tag
-          PHP_TAG=""
-          if [ -n "$PHP_MINIMUM" ]; then
-            PHP_TAG="<php_minimum>${PHP_MINIMUM}</php_minimum>"
-          fi
-
-          DOWNLOAD_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/stable/${EXT_ELEMENT}-${VERSION}.zip"
-          INFO_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/stable"
-
-          # -- Build update entry for a given stability tag
-          CREATION_DATE=$(date +%Y-%m-%d)
-
-          build_entry() {
-            local TAG_NAME="$1"
-            printf '%s\n' '  <update>'
-            printf '%s\n' "    <name>${EXT_NAME}</name>"
-            printf '%s\n' "    <description>${EXT_NAME} update</description>"
-            printf '%s\n' "    <element>${EXT_ELEMENT}</element>"
-            printf '%s\n' "    <type>${EXT_TYPE}</type>"
-            printf '%s\n' "    <version>${VERSION}</version>"
-            printf '%s\n' "    <creationDate>${CREATION_DATE}</creationDate>"
-            [ -n "$CLIENT_TAG" ] && printf '%s\n' "    ${CLIENT_TAG}"
-            [ -n "$FOLDER_TAG" ] && printf '%s\n' "    ${FOLDER_TAG}"
-            printf '%s\n' "    <tags><tag>${TAG_NAME}</tag></tags>"
-            printf '%s\n' "    <infourl title=\"${EXT_NAME}\">${INFO_URL}</infourl>"
-            printf '%s\n' '    <downloads>'
-            printf '%s\n' "      <downloadurl type=\"full\" format=\"zip\">${DOWNLOAD_URL}</downloadurl>"
-            printf '%s\n' '    </downloads>'
-            printf '%s\n' "    ${TARGET_PLATFORM}"
-            [ -n "$PHP_TAG" ] && printf '%s\n' "    ${PHP_TAG}"
-            printf '%s\n' '    <maintainer>Moko Consulting</maintainer>'
-            printf '%s\n' '    <maintainerurl>https://mokoconsulting.tech</maintainerurl>'
-            printf '%s\n' '  </update>'
-          }
-
-          # -- Write updates.xml with cascading channels
-          # Stable release updates ALL channels (development, alpha, beta, rc, stable)
-          {
-            printf '%s\n' "<?xml version='1.0' encoding='UTF-8'?>"
-            printf '%s\n' "<!-- Copyright (C) $(date +%Y) Moko Consulting <hello@mokoconsulting.tech>"
-            printf '%s\n' " SPDX-License-Identifier: GPL-3.0-or-later"
-            printf '%s\n' " VERSION: ${VERSION}"
-            printf '%s\n' " -->"
-            printf '%s\n' ""
-            printf '%s\n' '<updates>'
-            build_entry "development"
-            build_entry "alpha"
-            build_entry "beta"
-            build_entry "rc"
-            build_entry "stable"
-            printf '%s\n' '</updates>'
-          } > updates.xml
-
-          echo "updates.xml: ${VERSION} (all channels updated to stable)" >> $GITHUB_STEP_SUMMARY
-
-      # -- Commit all changes ---------------------------------------------------
-      - name: Commit release changes
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          if git diff --quiet && git diff --cached --quiet; then
-            echo "No changes to commit"
-            exit 0
-          fi
-          VERSION="${{ steps.version.outputs.version }}"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          # Set push URL with token for branch-protected repos
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git commit -m "chore(release): build ${VERSION} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-          git push -u origin HEAD
-
-      # -- STEP 6: Create tag ---------------------------------------------------
-      - name: "Step 6: Create git tag"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.tag_exists != 'true' &&
-          steps.version.outputs.is_minor == 'true'
-        run: |
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          # Only create the major release tag if it doesn't exist yet
-          if ! git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
-            git tag "$RELEASE_TAG"
-            git push origin "$RELEASE_TAG"
-            echo "Tag created: ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "Tag ${RELEASE_TAG} already exists" >> $GITHUB_STEP_SUMMARY
-          fi
-          echo "Tag: ${TAG}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 7: Create or update Gitea Release --------------------------------
-      - name: "Step 7: Gitea Release"
-        if: >-
-          steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-          MAJOR="${{ steps.version.outputs.major }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null)
-          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
-
-          # Check if the major release already exists
-          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-          EXISTING_ID=$(echo "$EXISTING" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || true)
-
-          if [ -z "$EXISTING_ID" ]; then
-            # First release for this major
-            curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              -H "Content-Type: application/json" \
-              "${API_BASE}/releases" \
-              -d "$(python3 -c "import json; print(json.dumps({
-                'tag_name': '${RELEASE_TAG}',
-                'name': 'v${MAJOR} (latest: ${VERSION})',
-                'body': '''${NOTES}''',
-                'target_commitish': '${BRANCH}'
-              }))")"
-            echo "Release created: ${RELEASE_TAG} (${VERSION})" >> $GITHUB_STEP_SUMMARY
-          else
-            # Append version notes to existing major release
-            CURRENT_BODY=$(echo "$EXISTING" | python3 -c "import sys,json; print(json.load(sys.stdin).get('body',''))" 2>/dev/null || true)
-            UPDATED_BODY="${CURRENT_BODY}
-
-          ---
-          ### ${VERSION}
-
-          ${NOTES}"
-
-            curl -sf -X PATCH -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              -H "Content-Type: application/json" \
-              "${API_BASE}/releases/${EXISTING_ID}" \
-              -d "$(python3 -c "import json,sys; print(json.dumps({
-                'name': 'v${MAJOR} (latest: ${VERSION})',
-                'body': sys.stdin.read()
-              }))" <<< "$UPDATED_BODY")"
-            echo "Release updated: ${RELEASE_TAG} -> ${VERSION}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 8: Build Joomla install ZIP + SHA-256 checksum ------------------
-      - name: "Step 8: Build Joomla package and update checksum"
-        if: >-
-          steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          REPO="${{ github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          # All ZIPs upload to the major release tag (vXX)
-          RELEASE_JSON=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-          RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-          if [ -z "$RELEASE_ID" ]; then
-            echo "No release ${RELEASE_TAG} found — skipping ZIP upload"
-            exit 0
-          fi
-
-          # Find extension element name from manifest
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)
-          [ -z "$MANIFEST" ] && exit 0
-
-          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1 || basename "$MANIFEST" .xml)
-          ZIP_NAME="${EXT_ELEMENT}-${VERSION}.zip"
-          TAR_NAME="${EXT_ELEMENT}-${VERSION}.tar.gz"
-
-          # -- Build install packages from src/ ----------------------------
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ — skipping package"; exit 0; }
-
-          EXCLUDES=".ftpignore sftp-config* *.ppk *.pem *.key .env*"
-
-          # ZIP package
-          cd "$SOURCE_DIR"
-          zip -r "/tmp/${ZIP_NAME}" . -x $EXCLUDES
-          cd ..
-
-          # tar.gz package
-          tar -czf "/tmp/${TAR_NAME}" -C "$SOURCE_DIR" \
-            --exclude='.ftpignore' --exclude='sftp-config*' \
-            --exclude='*.ppk' --exclude='*.pem' --exclude='*.key' --exclude='.env*' .
-
-          ZIP_SIZE=$(stat -c%s "/tmp/${ZIP_NAME}" 2>/dev/null || stat -f%z "/tmp/${ZIP_NAME}" 2>/dev/null || echo "unknown")
-          TAR_SIZE=$(stat -c%s "/tmp/${TAR_NAME}" 2>/dev/null || stat -f%z "/tmp/${TAR_NAME}" 2>/dev/null || echo "unknown")
-
-          # -- Calculate SHA-256 for both ----------------------------------
-          SHA256_ZIP=$(sha256sum "/tmp/${ZIP_NAME}" | cut -d' ' -f1)
-          SHA256_TAR=$(sha256sum "/tmp/${TAR_NAME}" | cut -d' ' -f1)
-
-          # -- Delete existing assets with same name before uploading ------
-          ASSETS=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets" 2>/dev/null || echo "[]")
-          for ASSET_NAME in "$ZIP_NAME" "$TAR_NAME"; do
-            ASSET_ID=$(echo "$ASSETS" | python3 -c "
-          import sys,json
-          assets = json.load(sys.stdin)
-          for a in assets:
-              if a['name'] == '${ASSET_NAME}':
-                  print(a['id']); break
-          " 2>/dev/null || true)
-            if [ -n "$ASSET_ID" ]; then
-              curl -sf -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets/${ASSET_ID}" 2>/dev/null || true
-            fi
-          done
-
-          # -- Upload both to release tag ----------------------------------
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/octet-stream" \
-            --data-binary @"/tmp/${ZIP_NAME}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${ZIP_NAME}" > /dev/null 2>&1 || true
-
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/octet-stream" \
-            --data-binary @"/tmp/${TAR_NAME}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${TAR_NAME}" > /dev/null 2>&1 || true
-
-          # -- Update updates.xml with both download formats ---------------
-          if [ -f "updates.xml" ]; then
-            ZIP_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}"
-            TAR_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${TAR_NAME}"
-
-            # Use Python to update only the stable entry's downloads + sha256
-            export PY_ZIP_URL="$ZIP_URL" PY_TAR_URL="$TAR_URL" PY_SHA="$SHA256_ZIP"
-            python3 << 'PYEOF'
-          import re, os
-
-          with open("updates.xml") as f:
-              content = f.read()
-
-          zip_url = os.environ["PY_ZIP_URL"]
-          tar_url = os.environ["PY_TAR_URL"]
-          sha = os.environ["PY_SHA"]
-
-          # Find the stable update block and replace its downloads + sha256
-          def replace_stable(m):
-              block = m.group(0)
-              # Replace downloads block
-              new_downloads = (
-                  "    <downloads>\n"
-                  f"      <downloadurl type=\"full\" format=\"zip\">{zip_url}</downloadurl>\n"
-                  "    </downloads>"
-              )
-              block = re.sub(r'    <downloads>.*?</downloads>', new_downloads, block, flags=re.DOTALL)
-              # Add or replace sha256
-              if '<sha256>' in block:
-                  block = re.sub(r'    <sha256>.*?</sha256>', f'    <sha256>{sha}</sha256>', block)
-              else:
-                  block = block.replace('</downloads>', f'</downloads>\n    <sha256>{sha}</sha256>')
-              return block
-
-          content = re.sub(
-              r'  <update>.*?<tag>stable</tag>.*?</update>',
-              replace_stable,
-              content,
-              flags=re.DOTALL
-          )
-
-          with open("updates.xml", "w") as f:
-              f.write(content)
-          PYEOF
-
-            CURRENT_BRANCH="${{ github.ref_name }}"
-            git add updates.xml
-            git commit -m "chore(release): ZIP + tar.gz for ${VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>" || true
-            git push || true
-
-            # Sync updates.xml to main via direct API (always runs — may be on version/XX branch)
-            GA_TOKEN="${{ secrets.GA_TOKEN }}"
-            API="${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}"
-
-            FILE_SHA=$(curl -sf -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/contents/updates.xml?ref=main" | jq -r '.sha // empty')
-
-            if [ -n "$FILE_SHA" ]; then
-              CONTENT=$(base64 -w0 updates.xml)
-              curl -sf -X PUT -H "Authorization: token ${GA_TOKEN}" \
-                -H "Content-Type: application/json" \
-                "${API}/contents/updates.xml" \
-                -d "$(jq -n \
-                  --arg content "$CONTENT" \
-                  --arg sha "$FILE_SHA" \
-                  --arg msg "chore: sync updates.xml ${VERSION} [skip ci]" \
-                  --arg branch "main" \
-                  '{content: $content, sha: $sha, message: $msg, branch: $branch}'
-                )" > /dev/null 2>&1 \
-                && echo "updates.xml synced to main via API" \
-                || echo "WARNING: failed to sync updates.xml to main"
-            else
-              echo "WARNING: could not get updates.xml SHA from main"
-            fi
-          fi
-
-          echo "### Joomla Packages" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Package | Size | SHA-256 |" >> $GITHUB_STEP_SUMMARY
-          echo "|---------|------|---------|" >> $GITHUB_STEP_SUMMARY
-          echo "| \`${ZIP_NAME}\` | ${ZIP_SIZE} | \`${SHA256_ZIP}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| \`${TAR_NAME}\` | ${TAR_SIZE} | \`${SHA256_TAR}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Release | \`${RELEASE_TAG}\` | |" >> $GITHUB_STEP_SUMMARY
-          echo "| Download | [${ZIP_NAME}](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}) |" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
-      - name: "Step 9: Mirror release to GitHub"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.version.outputs.stability == 'stable' &&
-          secrets.GH_TOKEN != ''
-        continue-on-error: true
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          MAJOR="${{ steps.version.outputs.major }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-
-          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null || true)
-          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
-          echo "$NOTES" > /tmp/release_notes.md
-
-          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".tag_name // empty" || true)
-
-          if [ -z "$EXISTING" ]; then
-            gh release create "$RELEASE_TAG" \
-              --repo "$GH_REPO" \
-              --title "v${MAJOR} (latest: ${VERSION})" \
-              --notes-file /tmp/release_notes.md \
-              --target "$BRANCH" || true
-          else
-            gh release edit "$RELEASE_TAG" \
-              --repo "$GH_REPO" \
-              --title "v${MAJOR} (latest: ${VERSION})" || true
-          fi
-
-          # Upload assets to GitHub mirror
-          for PKG in /tmp/${EXT_ELEMENT:-pkg}-${VERSION}.*; do
-            if [ -f "$PKG" ]; then
-              _RELID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".id // empty")
-              [ -n "$_RELID" ] && curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" -H "Content-Type: application/octet-stream" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/${_RELID}/assets?name=$(basename $PKG)" --data-binary "@$PKG" > /dev/null 2>&1 || true
-            fi
-          done
-          echo "GitHub mirror updated: ${GH_REPO} ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
-
-      # -- Summary --------------------------------------------------------------
-      - name: Pipeline Summary
-        if: always()
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
-            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
-            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
-          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
-            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "## Build & Release Complete (Joomla)" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
-            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
-          fi

.github/workflows/branch-freeze.yml

@@ -1,114 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Automation
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /templates/workflows/shared/branch-freeze.yml.template
-# VERSION: 04.06.00
-# BRIEF: Freeze or unfreeze any branch via ruleset — manual workflow_dispatch
-
-name: Branch Freeze
-
-on:
-  workflow_dispatch:
-    inputs:
-      branch:
-        description: 'Branch to freeze/unfreeze (e.g., version/04, dev/feature)'
-        required: true
-        type: string
-      action:
-        description: 'Action to perform'
-        required: true
-        type: choice
-        options:
-          - freeze
-          - unfreeze
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-permissions:
-  contents: read
-
-jobs:
-  manage-freeze:
-    name: "${{ inputs.action }} branch: ${{ inputs.branch }}"
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check permissions
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          ACTOR="${{ github.actor }}"
-          REPO="${{ github.repository }}"
-          PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}/permission" 2>/dev/null \
-            2>/dev/null | jq -r '.permission' || echo "read")
-          if [ "$PERMISSION" != "admin" ]; then
-            echo "Denied: only admins can freeze/unfreeze branches (${ACTOR} has ${PERMISSION})"
-            exit 1
-          fi
-
-      - name: "${{ inputs.action }} branch"
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          BRANCH="${{ inputs.branch }}"
-          ACTION="${{ inputs.action }}"
-          REPO="${{ github.repository }}"
-          RULESET_NAME="FROZEN: ${BRANCH}"
-
-          echo "## Branch Freeze" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          if [ "$ACTION" = "freeze" ]; then
-            # Check if ruleset already exists
-            EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/rulesets" 2>/dev/null \
-              | jq -r ".[] | select(.name == \"${RULESET_NAME}\") | .id" 2>/dev/null || true)
-
-            if [ -n "$EXISTING" ]; then
-              echo "Branch \`${BRANCH}\` is already frozen (ruleset #${EXISTING})" >> $GITHUB_STEP_SUMMARY
-              exit 0
-            fi
-
-            # Create freeze ruleset — blocks all updates except admin bypass
-            printf '{"name":"%s","target":"branch","enforcement":"active",' "${RULESET_NAME}" > /tmp/ruleset.json
-            printf '"bypass_actors":[{"actor_id":5,"actor_type":"RepositoryRole","bypass_mode":"always"}],' >> /tmp/ruleset.json
-            printf '"conditions":{"ref_name":{"include":["refs/heads/%s"],"exclude":[]}},' "${BRANCH}" >> /tmp/ruleset.json
-            printf '"rules":[{"type":"update"},{"type":"deletion"},{"type":"non_fast_forward"}]}' >> /tmp/ruleset.json
-
-            RESULT=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/rulesets" 2>/dev/null -X POST -d @/tmp/ruleset.json 2>&1 | jq -r '.id') || true
-
-            if echo "$RESULT" | grep -qE '^[0-9]+$'; then
-              echo "Frozen \`${BRANCH}\` — ruleset #${RESULT}" >> $GITHUB_STEP_SUMMARY
-              echo "" >> $GITHUB_STEP_SUMMARY
-              echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-              echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-              echo "| Branch | \`${BRANCH}\` |" >> $GITHUB_STEP_SUMMARY
-              echo "| Ruleset | #${RESULT} |" >> $GITHUB_STEP_SUMMARY
-              echo "| Rules | No updates, no deletion, no force push |" >> $GITHUB_STEP_SUMMARY
-              echo "| Bypass | Repository admins only |" >> $GITHUB_STEP_SUMMARY
-            else
-              echo "Failed to freeze: ${RESULT}" >> $GITHUB_STEP_SUMMARY
-              exit 1
-            fi
-
-          elif [ "$ACTION" = "unfreeze" ]; then
-            # Find and delete the freeze ruleset
-            RULESET_ID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/rulesets" 2>/dev/null \
-              | jq -r ".[] | select(.name == \"${RULESET_NAME}\") | .id" 2>/dev/null || true)
-
-            if [ -z "$RULESET_ID" ]; then
-              echo "Branch \`${BRANCH}\` is not frozen (no ruleset found)" >> $GITHUB_STEP_SUMMARY
-              exit 0
-            fi
-
-            curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/rulesets/${RULESET_ID}" 2>/dev/null -X DELETE --silent 2>/dev/null
-
-            echo "Unfrozen \`${BRANCH}\` — ruleset #${RULESET_ID} deleted" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          rm -f /tmp/ruleset.json

.github/workflows/changelog-validation.yml

@@ -1,99 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow.Template
-# INGROUP: MokoStandards.CI
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /templates/workflows/shared/changelog-validation.yml.template
-# VERSION: 04.06.00
-# BRIEF: Validates CHANGELOG.md format and version consistency
-# NOTE: Deployed to .github/workflows/changelog-validation.yml in governed repos.
-
-name: Changelog Validation
-
-on:
-  pull_request:
-    branches:
-      - main
-      - 'dev/**'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  validate-changelog:
-    name: Validate CHANGELOG.md
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Check CHANGELOG.md exists
-        run: |
-          echo "### Changelog Validation" >> $GITHUB_STEP_SUMMARY
-          if [ ! -f "CHANGELOG.md" ]; then
-            echo "CHANGELOG.md not found in repository root." >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-          echo "CHANGELOG.md exists." >> $GITHUB_STEP_SUMMARY
-
-      - name: Check VERSION header matches README.md
-        run: |
-          # Extract version from README.md FILE INFORMATION block
-          README_VERSION=$(grep -oP '^\s*VERSION:\s*\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' README.md | head -1)
-          if [ -z "$README_VERSION" ]; then
-            echo "No VERSION found in README.md FILE INFORMATION block." >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-
-          # Check that CHANGELOG.md has a matching version header
-          CHANGELOG_VERSION=$(grep -oP '^\#\#\s*\[\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' CHANGELOG.md | head -1)
-          if [ -z "$CHANGELOG_VERSION" ]; then
-            echo "No version header found in CHANGELOG.md (expected \`## [XX.YY.ZZ] - YYYY-MM-DD\`)." >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-
-          if [ "$CHANGELOG_VERSION" != "$README_VERSION" ]; then
-            echo "CHANGELOG latest version \`${CHANGELOG_VERSION}\` does not match README VERSION \`${README_VERSION}\`." >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-
-          echo "CHANGELOG version \`${CHANGELOG_VERSION}\` matches README VERSION." >> $GITHUB_STEP_SUMMARY
-
-      - name: Validate conventional changelog format
-        run: |
-          ERRORS=0
-
-          # Check that version entries follow ## [XX.YY.ZZ] - YYYY-MM-DD format
-          while IFS= read -r LINE; do
-            if ! echo "$LINE" | grep -qP '^\#\#\s*\[[0-9]{2}\.[0-9]{2}\.[0-9]{2}\]\s*-\s*[0-9]{4}-[0-9]{2}-[0-9]{2}'; then
-              echo "Malformed version header: \`${LINE}\`" >> $GITHUB_STEP_SUMMARY
-              echo "  Expected format: \`## [XX.YY.ZZ] - YYYY-MM-DD\`" >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            fi
-          done < <(grep -P '^\#\#\s*\[' CHANGELOG.md)
-
-          ENTRY_COUNT=$(grep -cP '^\#\#\s*\[' CHANGELOG.md || echo "0")
-          if [ "$ENTRY_COUNT" -eq 0 ]; then
-            echo "No version entries found in CHANGELOG.md." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          else
-            echo "Found ${ENTRY_COUNT} version entr(ies) in CHANGELOG.md." >> $GITHUB_STEP_SUMMARY
-          fi
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ "${ERRORS}" -gt 0 ]; then
-            echo "**${ERRORS} format issue(s) found.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "**Changelog format validation passed.**" >> $GITHUB_STEP_SUMMARY
-          fi

.github/workflows/ci-joomla.yml

@@ -1,376 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow.Template
-# INGROUP: MokoStandards.CI
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /templates/workflows/joomla/ci-joomla.yml.template
-# VERSION: 04.06.00
-# BRIEF: CI workflow for Joomla extensions — lint, validate, test
-# NOTE: Deployed to .github/workflows/ci-joomla.yml in governed Joomla extension repos.
-
-name: Joomla Extension CI
-
-on:
-  pull_request:
-    branches:
-      - main
-      - 'dev/**'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  pull-requests: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  lint-and-validate:
-    name: Lint & Validate
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Setup PHP
-        run: |
-          php -v && composer --version
-
-      - name: Clone MokoStandards
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          git clone --depth 1 --branch version/04 --quiet \
-            "https://x-access-token:${GH_TOKEN}@git.mokoconsulting.tech/MokoConsulting/MokoStandards.git" \
-            /tmp/mokostandards
-
-      - name: Install dependencies
-        env:
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
-        run: |
-          if [ -f "composer.json" ]; then
-            composer install \
-              --no-interaction \
-              --prefer-dist \
-              --optimize-autoloader
-          else
-            echo "No composer.json found — skipping dependency install"
-          fi
-
-      - name: PHP syntax check
-        run: |
-          ERRORS=0
-          for DIR in src/ htdocs/; do
-            if [ -d "$DIR" ]; then
-              FOUND=1
-              while IFS= read -r -d '' FILE; do
-                OUTPUT=$(php -l "$FILE" 2>&1)
-                if echo "$OUTPUT" | grep -q "Parse error"; then
-                  echo "::error file=${FILE}::${OUTPUT}"
-                  ERRORS=$((ERRORS + 1))
-                fi
-              done < <(find "$DIR" -name "*.php" -print0)
-            fi
-          done
-          echo "### PHP Syntax Check" >> $GITHUB_STEP_SUMMARY
-          if [ "${ERRORS}" -gt 0 ]; then
-            echo "**${ERRORS} syntax error(s) found.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "All PHP files passed syntax check." >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: XML manifest validation
-        run: |
-          echo "### XML Manifest Validation" >> $GITHUB_STEP_SUMMARY
-          ERRORS=0
-
-          # Find the extension manifest (XML with <extension tag)
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 2 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -z "$MANIFEST" ]; then
-            echo "No Joomla extension manifest found (XML file with \`<extension\` tag)." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          else
-            echo "Manifest found: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
-
-            # Validate well-formed XML
-            php -r "
-              \$xml = @simplexml_load_file('$MANIFEST');
-              if (\$xml === false) {
-                echo 'INVALID';
-                exit(1);
-              }
-              echo 'VALID';
-            " > /tmp/xml_result 2>&1
-            XML_RESULT=$(cat /tmp/xml_result)
-            if [ "$XML_RESULT" != "VALID" ]; then
-              echo "Manifest is not well-formed XML." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            else
-              echo "Manifest is well-formed XML." >> $GITHUB_STEP_SUMMARY
-            fi
-
-            # Check required tags: name, version, author, namespace (Joomla 5+)
-            for TAG in name version author namespace; do
-              if ! grep -q "<${TAG}>" "$MANIFEST" 2>/dev/null; then
-                echo "Missing required tag: \`<${TAG}>\`" >> $GITHUB_STEP_SUMMARY
-                ERRORS=$((ERRORS + 1))
-              else
-                echo "Found required tag: \`<${TAG}>\`" >> $GITHUB_STEP_SUMMARY
-              fi
-            done
-          fi
-
-          if [ "${ERRORS}" -gt 0 ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**${ERRORS} manifest issue(s) found.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**Manifest validation passed.**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: Check language files referenced in manifest
-        run: |
-          echo "### Language File Check" >> $GITHUB_STEP_SUMMARY
-          ERRORS=0
-
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 2 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -n "$MANIFEST" ]; then
-            # Extract language file references from manifest
-            LANG_FILES=$(grep -oP 'language\s+tag="[^"]*"[^>]*>\K[^<]+' "$MANIFEST" 2>/dev/null || true)
-            if [ -z "$LANG_FILES" ]; then
-              echo "No language file references found in manifest — skipping." >> $GITHUB_STEP_SUMMARY
-            else
-              while IFS= read -r LANG_FILE; do
-                LANG_FILE=$(echo "$LANG_FILE" | xargs)
-                if [ -z "$LANG_FILE" ]; then
-                  continue
-                fi
-                # Check in common locations
-                FOUND=0
-                for BASE in "." "src" "htdocs"; do
-                  if [ -f "${BASE}/${LANG_FILE}" ]; then
-                    FOUND=1
-                    break
-                  fi
-                done
-                if [ "$FOUND" -eq 0 ]; then
-                  echo "Missing language file: \`${LANG_FILE}\`" >> $GITHUB_STEP_SUMMARY
-                  ERRORS=$((ERRORS + 1))
-                else
-                  echo "Language file present: \`${LANG_FILE}\`" >> $GITHUB_STEP_SUMMARY
-                fi
-              done <<< "$LANG_FILES"
-            fi
-          else
-            echo "No manifest found — skipping language check." >> $GITHUB_STEP_SUMMARY
-          fi
-
-          if [ "${ERRORS}" -gt 0 ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**${ERRORS} missing language file(s).**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**Language file check passed.**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: Check index.html files in directories
-        run: |
-          echo "### Index.html Check" >> $GITHUB_STEP_SUMMARY
-          MISSING=0
-          CHECKED=0
-
-          for DIR in src/ htdocs/; do
-            if [ -d "$DIR" ]; then
-              while IFS= read -r -d '' SUBDIR; do
-                CHECKED=$((CHECKED + 1))
-                if [ ! -f "${SUBDIR}/index.html" ]; then
-                  echo "Missing index.html in: \`${SUBDIR}\`" >> $GITHUB_STEP_SUMMARY
-                  MISSING=$((MISSING + 1))
-                fi
-              done < <(find "$DIR" -type d -print0)
-            fi
-          done
-
-          if [ "${CHECKED}" -eq 0 ]; then
-            echo "No src/ or htdocs/ directories found — skipping." >> $GITHUB_STEP_SUMMARY
-          elif [ "${MISSING}" -gt 0 ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**${MISSING} director(ies) missing index.html out of ${CHECKED} checked.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "All ${CHECKED} directories contain index.html." >> $GITHUB_STEP_SUMMARY
-          fi
-
-  release-readiness:
-    name: Release Readiness Check
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request' && github.base_ref == 'main'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Validate release readiness
-        run: |
-          echo "## Release Readiness" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          ERRORS=0
-
-          # Extract version from README.md
-          README_VERSION=$(grep -oP '^\s*VERSION:\s*\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' README.md | head -1)
-          if [ -z "$README_VERSION" ]; then
-            echo "No VERSION found in README.md FILE INFORMATION block." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          else
-            echo "README version: \`${README_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # Find the extension manifest
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 2 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -z "$MANIFEST" ]; then
-            echo "No Joomla extension manifest found." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          else
-            echo "Manifest: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
-
-            # Check <version> matches README VERSION
-            MANIFEST_VERSION=$(grep -oP '<version>\K[^<]+' "$MANIFEST" | head -1)
-            if [ -z "$MANIFEST_VERSION" ]; then
-              echo "No \`<version>\` tag in manifest." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            elif [ -n "$README_VERSION" ] && [ "$MANIFEST_VERSION" != "$README_VERSION" ]; then
-              echo "Manifest version \`${MANIFEST_VERSION}\` does not match README \`${README_VERSION}\`." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            else
-              echo "Manifest version: \`${MANIFEST_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            fi
-
-            # Check extension type, element, client attributes
-            EXT_TYPE=$(grep -oP '<extension[^>]*\btype="\K[^"]+' "$MANIFEST" | head -1)
-            if [ -z "$EXT_TYPE" ]; then
-              echo "Missing \`type\` attribute on \`<extension>\` tag." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            else
-              echo "Extension type: \`${EXT_TYPE}\`" >> $GITHUB_STEP_SUMMARY
-            fi
-
-            # Element check (component/module/plugin name)
-            HAS_ELEMENT=$(grep -cP '<(element|name)>' "$MANIFEST" 2>/dev/null || echo "0")
-            if [ "$HAS_ELEMENT" -eq 0 ]; then
-              echo "Missing \`<element>\` or \`<name>\` in manifest." >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS + 1))
-            fi
-
-            # Client attribute for site/admin modules and plugins
-            if echo "$EXT_TYPE" | grep -qP "^(module|plugin)$"; then
-              HAS_CLIENT=$(grep -cP '<extension[^>]*\bclient=' "$MANIFEST" 2>/dev/null || echo "0")
-              if [ "$HAS_CLIENT" -eq 0 ]; then
-                echo "Missing \`client\` attribute for ${EXT_TYPE} extension." >> $GITHUB_STEP_SUMMARY
-                ERRORS=$((ERRORS + 1))
-              fi
-            fi
-          fi
-
-          # Check updates.xml exists
-          if [ -f "updates.xml" ] || [ -f "updates.xml" ]; then
-            echo "Update XML present." >> $GITHUB_STEP_SUMMARY
-          else
-            echo "No updates.xml found." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          fi
-
-          # Check CHANGELOG.md exists
-          if [ -f "CHANGELOG.md" ]; then
-            echo "CHANGELOG.md present." >> $GITHUB_STEP_SUMMARY
-          else
-            echo "No CHANGELOG.md found." >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS + 1))
-          fi
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ $ERRORS -gt 0 ]; then
-            echo "**${ERRORS} issue(s) must be resolved before release.**" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          else
-            echo "**Extension is ready for release.**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-  test:
-    name: Tests (PHP ${{ matrix.php }})
-    runs-on: ubuntu-latest
-    needs: lint-and-validate
-
-    strategy:
-      fail-fast: false
-      matrix:
-        php: ['8.2', '8.3']
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Setup PHP ${{ matrix.php }}
-        run: |
-          php -v && composer --version
-
-      - name: Install dependencies
-        env:
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
-        run: |
-          if [ -f "composer.json" ]; then
-            composer install \
-              --no-interaction \
-              --prefer-dist \
-              --optimize-autoloader
-          else
-            echo "No composer.json found — skipping dependency install"
-          fi
-
-      - name: Run tests
-        run: |
-          echo "### Test Results (PHP ${{ matrix.php }})" >> $GITHUB_STEP_SUMMARY
-          if [ -f "phpunit.xml" ] || [ -f "phpunit.xml.dist" ]; then
-            vendor/bin/phpunit --testdox 2>&1 | tee /tmp/test-output.log
-            EXIT=${PIPESTATUS[0]}
-            if [ $EXIT -eq 0 ]; then
-              echo "All tests passed." >> $GITHUB_STEP_SUMMARY
-            else
-              echo "Test failures detected — see log." >> $GITHUB_STEP_SUMMARY
-              echo '```' >> $GITHUB_STEP_SUMMARY
-              cat /tmp/test-output.log >> $GITHUB_STEP_SUMMARY
-              echo '```' >> $GITHUB_STEP_SUMMARY
-            fi
-            exit $EXIT
-          else
-            echo "No phpunit.xml found — skipping tests." >> $GITHUB_STEP_SUMMARY
-          fi

.github/workflows/codeql-analysis.yml

@@ -1,108 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow.Template
-# INGROUP: MokoStandards.Security
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /templates/workflows/generic/codeql-analysis.yml.template
-# VERSION: 03.09.03
-# BRIEF: CodeQL security scanning workflow (generic — all repo types)
-# NOTE: Deployed to .github/workflows/codeql-analysis.yml in governed repos.
-#       CodeQL does not support PHP directly; JavaScript scans JSON/YAML/shell.
-#       For PHP-specific security scanning see standards-compliance.yml.
-
-name: CodeQL Security Scanning
-
-on:
-  push:
-    branches:
-      - main
-      - version/*
-  schedule:
-    # Weekly on Monday at 06:00 UTC
-    - cron: '0 6 * * 1'
-  workflow_dispatch:
-
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-  pull-requests: read
-
-jobs:
-  analyze:
-    name: Analyze (${{ matrix.language }})
-    runs-on: ubuntu-latest
-    timeout-minutes: 360
-
-    strategy:
-      fail-fast: false
-      matrix:
-        # CodeQL does not support PHP. Use 'javascript' to scan JSON, YAML,
-        # and shell scripts. Add 'actions' to scan GitHub Actions workflows.
-        language: ['javascript', 'actions']
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: ${{ matrix.language }}
-          queries: security-extended,security-and-quality
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:${{ matrix.language }}"
-          upload: true
-          output: sarif-results
-          wait-for-processing: true
-
-      - name: Upload SARIF results
-        if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.5.0
-        with:
-          name: codeql-results-${{ matrix.language }}
-          path: sarif-results
-          retention-days: 30
-
-      - name: Step summary
-        if: always()
-        run: |
-          echo "### 🔍 CodeQL — ${{ matrix.language }}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          URL="https://github.com/${{ github.repository }}/security/code-scanning"
-          echo "See the [Security tab]($URL) for findings." >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Severity | SLA |" >> $GITHUB_STEP_SUMMARY
-          echo "|----------|-----|" >> $GITHUB_STEP_SUMMARY
-          echo "| Critical | 7 days |" >> $GITHUB_STEP_SUMMARY
-          echo "| High     | 14 days |" >> $GITHUB_STEP_SUMMARY
-          echo "| Medium   | 30 days |" >> $GITHUB_STEP_SUMMARY
-          echo "| Low      | 60 days / next release |" >> $GITHUB_STEP_SUMMARY
-
-  summary:
-    name: Security Scan Summary
-    runs-on: ubuntu-latest
-    needs: analyze
-    if: always()
-
-    steps:
-      - name: Summary
-        run: |
-          echo "### 🛡️ CodeQL Complete" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "**Trigger:** ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
-          echo "**Branch:** ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY
-          SECURITY_URL="https://github.com/${{ github.repository }}/security"
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "📊 [View all security alerts]($SECURITY_URL)" >> $GITHUB_STEP_SUMMARY

.github/workflows/repository-cleanup.yml

@@ -1,525 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Maintenance
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /templates/workflows/shared/repository-cleanup.yml.template
-# VERSION: 04.06.00
-# BRIEF: Recurring repository maintenance — labels, branches, workflows, logs, doc indexes
-# NOTE: Synced via bulk-repo-sync to .github/workflows/repository-cleanup.yml in all governed repos.
-#       Runs on the 1st and 15th of each month at 6:00 AM UTC, and on manual dispatch.
-
-name: Repository Cleanup
-
-on:
-  schedule:
-    - cron: '0 6 1,15 * *'
-  workflow_dispatch:
-    inputs:
-      reset_labels:
-        description: 'Delete ALL existing labels and recreate the standard set'
-        type: boolean
-        default: false
-      clean_branches:
-        description: 'Delete old chore/sync-mokostandards-* branches'
-        type: boolean
-        default: true
-      clean_workflows:
-        description: 'Delete orphaned workflow runs (cancelled, stale)'
-        type: boolean
-        default: true
-      clean_logs:
-        description: 'Delete workflow run logs older than 30 days'
-        type: boolean
-        default: true
-      fix_templates:
-        description: 'Strip copyright comment blocks from issue templates'
-        type: boolean
-        default: true
-      rebuild_indexes:
-        description: 'Rebuild docs/ index files'
-        type: boolean
-        default: true
-      delete_closed_issues:
-        description: 'Delete issues that have been closed for more than 30 days'
-        type: boolean
-        default: false
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-permissions:
-  contents: write
-  issues: write
-  actions: write
-
-jobs:
-  cleanup:
-    name: Repository Maintenance
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.GA_TOKEN || github.token }}
-          fetch-depth: 0
-
-      - name: Check actor permission
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          ACTOR="${{ github.actor }}"
-          # Schedule triggers use gitea-actions[bot]
-          if [ "${{ github.event_name }}" = "schedule" ]; then
-            echo "✅ Scheduled run — authorized"
-            exit 0
-          fi
-          AUTHORIZED_USERS="jmiller gitea-actions[bot]"
-          for user in $AUTHORIZED_USERS; do
-            if [ "$ACTOR" = "$user" ]; then
-              echo "✅ ${ACTOR} authorized"
-              exit 0
-            fi
-          done
-          PERMISSION=$(gh api "repos/${{ github.repository }}/collaborators/${ACTOR}/permission" \
-            2>/dev/null | jq -r '.permission')
-          case "$PERMISSION" in
-            admin|maintain) echo "✅ ${ACTOR} has ${PERMISSION}" ;;
-            *) echo "❌ Admin or maintain required"; exit 1 ;;
-          esac
-
-      # ── Determine which tasks to run ─────────────────────────────────────
-      # On schedule: run all tasks with safe defaults (labels NOT reset)
-      # On dispatch: use input toggles
-      - name: Set task flags
-        id: tasks
-        run: |
-          if [ "${{ github.event_name }}" = "schedule" ]; then
-            echo "reset_labels=false" >> $GITHUB_OUTPUT
-            echo "clean_branches=true" >> $GITHUB_OUTPUT
-            echo "clean_workflows=true" >> $GITHUB_OUTPUT
-            echo "clean_logs=true" >> $GITHUB_OUTPUT
-            echo "fix_templates=true" >> $GITHUB_OUTPUT
-            echo "rebuild_indexes=true" >> $GITHUB_OUTPUT
-            echo "delete_closed_issues=false" >> $GITHUB_OUTPUT
-          else
-            echo "reset_labels=${{ inputs.reset_labels }}" >> $GITHUB_OUTPUT
-            echo "clean_branches=${{ inputs.clean_branches }}" >> $GITHUB_OUTPUT
-            echo "clean_workflows=${{ inputs.clean_workflows }}" >> $GITHUB_OUTPUT
-            echo "clean_logs=${{ inputs.clean_logs }}" >> $GITHUB_OUTPUT
-            echo "fix_templates=${{ inputs.fix_templates }}" >> $GITHUB_OUTPUT
-            echo "rebuild_indexes=${{ inputs.rebuild_indexes }}" >> $GITHUB_OUTPUT
-            echo "delete_closed_issues=${{ inputs.delete_closed_issues }}" >> $GITHUB_OUTPUT
-          fi
-
-      # ── DELETE RETIRED WORKFLOWS (always runs) ────────────────────────────
-      - name: Delete retired workflow files
-        run: |
-          echo "## 🗑️ Retired Workflow Cleanup" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          RETIRED=(
-            ".github/workflows/build.yml"
-            ".github/workflows/code-quality.yml"
-            ".github/workflows/release-cycle.yml"
-            ".github/workflows/release-pipeline.yml"
-            ".github/workflows/branch-cleanup.yml"
-            ".github/workflows/auto-update-changelog.yml"
-            ".github/workflows/enterprise-issue-manager.yml"
-            ".github/workflows/flush-actions-cache.yml"
-            ".github/workflows/mokostandards-script-runner.yml"
-            ".github/workflows/unified-ci.yml"
-            ".github/workflows/unified-platform-testing.yml"
-            ".github/workflows/reusable-build.yml"
-            ".github/workflows/reusable-ci-validation.yml"
-            ".github/workflows/reusable-deploy.yml"
-            ".github/workflows/reusable-php-quality.yml"
-            ".github/workflows/reusable-platform-testing.yml"
-            ".github/workflows/reusable-project-detector.yml"
-            ".github/workflows/reusable-release.yml"
-            ".github/workflows/reusable-script-executor.yml"
-            ".github/workflows/rebuild-docs-indexes.yml"
-            ".github/workflows/setup-project-v2.yml"
-            ".github/workflows/sync-docs-to-project.yml"
-            ".github/workflows/release.yml"
-            ".github/workflows/sync-changelogs.yml"
-            ".github/workflows/version_branch.yml"
-            "update.json"
-            ".github/workflows/auto-version-branch.yml"
-            ".github/workflows/publish-to-mokodolibarr.yml"
-            ".github/workflows/ci.yml"
-            ".github/workflows/deploy-rs.yml"
-            "sftp-config.json"
-            "sftp-config.json.template"
-            "scripts/sftp-config"
-          )
-
-          DELETED=0
-          for wf in "${RETIRED[@]}"; do
-            if [ -f "$wf" ]; then
-              git rm "$wf" 2>/dev/null || rm -f "$wf"
-              echo "  Deleted: \`$(basename $wf)\`" >> $GITHUB_STEP_SUMMARY
-              DELETED=$((DELETED+1))
-            fi
-          done
-
-          if [ "$DELETED" -gt 0 ]; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add -A
-            git commit -m "chore: delete ${DELETED} retired workflow file(s) [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-            git push
-            echo "✅ ${DELETED} retired workflow(s) deleted" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "✅ No retired workflows found" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # ── LABEL RESET ──────────────────────────────────────────────────────
-      - name: Reset labels to standard set
-        if: steps.tasks.outputs.reset_labels == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          REPO="${{ github.repository }}"
-          echo "## 🏷️ Label Reset" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/labels?per_page=100" 2>/dev/null | jq -r '.[].name' | while read -r label; do
-            ENCODED=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$label', safe=''))")
-            gh api -X DELETE "repos/${REPO}/labels/${ENCODED}" --silent 2>/dev/null || true
-          done
-
-          while IFS='|' read -r name color description; do
-            [ -z "$name" ] && continue
-            curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/labels" 2>/dev/null \
-              -f name="$name" -f color="$color" -f description="$description" \
-              --silent 2>/dev/null || true
-          done << 'LABELS'
-          joomla|7F52FF|Joomla extension or component
-          dolibarr|FF6B6B|Dolibarr module or extension
-          generic|808080|Generic project or library
-          php|4F5D95|PHP code changes
-          javascript|F7DF1E|JavaScript code changes
-          typescript|3178C6|TypeScript code changes
-          python|3776AB|Python code changes
-          css|1572B6|CSS/styling changes
-          html|E34F26|HTML template changes
-          documentation|0075CA|Documentation changes
-          ci-cd|000000|CI/CD pipeline changes
-          docker|2496ED|Docker configuration changes
-          tests|00FF00|Test suite changes
-          security|FF0000|Security-related changes
-          dependencies|0366D6|Dependency updates
-          config|F9D0C4|Configuration file changes
-          build|FFA500|Build system changes
-          automation|8B4513|Automated processes or scripts
-          mokostandards|B60205|MokoStandards compliance
-          needs-review|FBCA04|Awaiting code review
-          work-in-progress|D93F0B|Work in progress, not ready for merge
-          breaking-change|D73A4A|Breaking API or functionality change
-          priority: critical|B60205|Critical priority, must be addressed immediately
-          priority: high|D93F0B|High priority
-          priority: medium|FBCA04|Medium priority
-          priority: low|0E8A16|Low priority
-          type: bug|D73A4A|Something isn't working
-          type: feature|A2EEEF|New feature or request
-          type: enhancement|84B6EB|Enhancement to existing feature
-          type: refactor|F9D0C4|Code refactoring
-          type: chore|FEF2C0|Maintenance tasks
-          type: version|0E8A16|Version-related change
-          status: pending|FBCA04|Pending action or decision
-          status: in-progress|0E8A16|Currently being worked on
-          status: blocked|B60205|Blocked by another issue or dependency
-          status: on-hold|D4C5F9|Temporarily on hold
-          status: wontfix|FFFFFF|This will not be worked on
-          size/xs|C5DEF5|Extra small change (1-10 lines)
-          size/s|6FD1E2|Small change (11-30 lines)
-          size/m|F9DD72|Medium change (31-100 lines)
-          size/l|FFA07A|Large change (101-300 lines)
-          size/xl|FF6B6B|Extra large change (301-1000 lines)
-          size/xxl|B60205|Extremely large change (1000+ lines)
-          health: excellent|0E8A16|Health score 90-100
-          health: good|FBCA04|Health score 70-89
-          health: fair|FFA500|Health score 50-69
-          health: poor|FF6B6B|Health score below 50
-          standards-update|B60205|MokoStandards sync update
-          standards-drift|FBCA04|Repository drifted from MokoStandards
-          sync-report|0075CA|Bulk sync run report
-          sync-failure|D73A4A|Bulk sync failure requiring attention
-          push-failure|D73A4A|File push failure requiring attention
-          health-check|0E8A16|Repository health check results
-          version-drift|FFA500|Version mismatch detected
-          deploy-failure|CC0000|Automated deploy failure tracking
-          template-validation-failure|D73A4A|Template workflow validation failure
-          version|0E8A16|Version bump or release
-          LABELS
-
-          echo "✅ Standard labels created" >> $GITHUB_STEP_SUMMARY
-
-      # ── BRANCH CLEANUP ───────────────────────────────────────────────────
-      - name: Delete old sync branches
-        if: steps.tasks.outputs.clean_branches == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          REPO="${{ github.repository }}"
-          CURRENT="chore/sync-mokostandards-v04.05"
-          echo "## 🌿 Branch Cleanup" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          FOUND=false
-          curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/branches?per_page=100" | jq -r '.[].name' 2>/dev/null | \
-            grep "^chore/sync-mokostandards" | \
-            grep -v "^${CURRENT}$" | while read -r branch; do
-              gh pr list --repo "$REPO" --head "$branch" --state open --json number 2>/dev/null | jq -r '.[].number' | while read -r pr; do
-                gh pr close "$pr" --repo "$REPO" --comment "Superseded by \`${CURRENT}\`" 2>/dev/null || true
-                echo "  Closed PR #${pr}" >> $GITHUB_STEP_SUMMARY
-              done
-              gh api -X DELETE "repos/${REPO}/git/refs/heads/${branch}" --silent 2>/dev/null || true
-              echo "  Deleted: \`${branch}\`" >> $GITHUB_STEP_SUMMARY
-              FOUND=true
-          done
-
-          if [ "$FOUND" != "true" ]; then
-            echo "✅ No old sync branches found" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # ── WORKFLOW RUN CLEANUP ─────────────────────────────────────────────
-      - name: Clean up workflow runs
-        if: steps.tasks.outputs.clean_workflows == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          REPO="${{ github.repository }}"
-          echo "## 🔄 Workflow Run Cleanup" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          DELETED=0
-          # Delete cancelled and stale workflow runs
-          for status in cancelled stale; do
-            curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/actions/runs?status=${status}&per_page=100" 2>/dev/null \
-              2>/dev/null | jq -r '.workflow_runs[].id' | while read -r run_id; do
-                gh api -X DELETE "repos/${REPO}/actions/runs/${run_id}" --silent 2>/dev/null || true
-                DELETED=$((DELETED+1))
-            done
-          done
-
-          echo "✅ Cleaned cancelled/stale workflow runs" >> $GITHUB_STEP_SUMMARY
-
-      # ── LOG CLEANUP ──────────────────────────────────────────────────────
-      - name: Delete old workflow run logs
-        if: steps.tasks.outputs.clean_logs == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          REPO="${{ github.repository }}"
-          CUTOFF=$(date -u -d '30 days ago' +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -u -v-30d +%Y-%m-%dT%H:%M:%SZ)
-          echo "## 📋 Log Cleanup" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "Deleting logs older than: ${CUTOFF}" >> $GITHUB_STEP_SUMMARY
-
-          DELETED=0
-          curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/actions/runs?created=<${CUTOFF}&per_page=100" 2>/dev/null \
-            2>/dev/null | jq -r '.workflow_runs[].id' | while read -r run_id; do
-              gh api -X DELETE "repos/${REPO}/actions/runs/${run_id}/logs" --silent 2>/dev/null || true
-              DELETED=$((DELETED+1))
-          done
-
-          echo "✅ Cleaned old workflow run logs" >> $GITHUB_STEP_SUMMARY
-
-      # ── ISSUE TEMPLATE FIX ──────────────────────────────────────────────
-      - name: Strip copyright headers from issue templates
-        if: steps.tasks.outputs.fix_templates == 'true'
-        run: |
-          echo "## 📋 Issue Template Cleanup" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          FIXED=0
-          for f in .github/ISSUE_TEMPLATE/*.md; do
-            [ -f "$f" ] || continue
-            if grep -q '^<!--$' "$f"; then
-              sed -i '/^<!--$/,/^-->$/d' "$f"
-              echo "  Cleaned: \`$(basename $f)\`" >> $GITHUB_STEP_SUMMARY
-              FIXED=$((FIXED+1))
-            fi
-          done
-
-          if [ "$FIXED" -gt 0 ]; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add .github/ISSUE_TEMPLATE/
-            git commit -m "fix: strip copyright comment blocks from issue templates [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-            git push
-            echo "✅ ${FIXED} template(s) cleaned and committed" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "✅ No templates need cleaning" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # ── REBUILD DOC INDEXES ─────────────────────────────────────────────
-      - name: Rebuild docs/ index files
-        if: steps.tasks.outputs.rebuild_indexes == 'true'
-        run: |
-          echo "## 📚 Documentation Index Rebuild" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          if [ ! -d "docs" ]; then
-            echo "⏭️ No docs/ directory — skipping" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-
-          UPDATED=0
-          # Generate index.md for each docs/ subdirectory
-          find docs -type d | while read -r dir; do
-            INDEX="${dir}/index.md"
-            FILES=$(find "$dir" -maxdepth 1 -name "*.md" ! -name "index.md" -printf "- [%f](./%f)\n" 2>/dev/null | sort)
-            if [ -z "$FILES" ]; then
-              continue
-            fi
-
-            cat > "$INDEX" << INDEXEOF
-            # $(basename "$dir")
-
-            ## Documents
-
-            ${FILES}
-
-            ---
-            *Auto-generated by repository-cleanup workflow*
-          INDEXEOF
-            # Dedent
-            sed -i 's/^            //' "$INDEX"
-            UPDATED=$((UPDATED+1))
-          done
-
-          if [ "$UPDATED" -gt 0 ]; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add docs/
-            if ! git diff --cached --quiet; then
-              git commit -m "docs: rebuild documentation indexes [skip ci]" \
-                --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-              git push
-              echo "✅ ${UPDATED} index file(s) rebuilt and committed" >> $GITHUB_STEP_SUMMARY
-            else
-              echo "✅ All indexes already up to date" >> $GITHUB_STEP_SUMMARY
-            fi
-          else
-            echo "✅ No indexes to rebuild" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # ── VERSION DRIFT DETECTION ──────────────────────────────────────────
-      - name: Check for version drift
-        run: |
-          echo "## 📦 Version Drift Check" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          if [ ! -f "README.md" ]; then
-            echo "⏭️ No README.md — skipping" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-
-          README_VERSION=$(grep -oP '^\s*VERSION:\s*\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' README.md 2>/dev/null | head -1)
-          if [ -z "$README_VERSION" ]; then
-            echo "⚠️ No VERSION found in README.md FILE INFORMATION block" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-
-          echo "**README version:** \`${README_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          DRIFT=0
-          CHECKED=0
-
-          # Check all files with FILE INFORMATION blocks
-          while IFS= read -r -d '' file; do
-            FILE_VERSION=$(grep -oP '^\s*\*?\s*VERSION:\s*\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' "$file" 2>/dev/null | head -1)
-            [ -z "$FILE_VERSION" ] && continue
-            CHECKED=$((CHECKED+1))
-            if [ "$FILE_VERSION" != "$README_VERSION" ]; then
-              echo "  ⚠️ \`${file}\`: \`${FILE_VERSION}\` (expected \`${README_VERSION}\`)" >> $GITHUB_STEP_SUMMARY
-              DRIFT=$((DRIFT+1))
-            fi
-          done < <(find . -maxdepth 4 -type f \( -name "*.php" -o -name "*.md" -o -name "*.yml" \) ! -path "./.git/*" ! -path "./vendor/*" ! -path "./node_modules/*" -print0 2>/dev/null)
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ "$DRIFT" -gt 0 ]; then
-            echo "⚠️ **${DRIFT}** file(s) out of ${CHECKED} have version drift" >> $GITHUB_STEP_SUMMARY
-            echo "Run \`sync-version-on-merge\` workflow or update manually" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "✅ All ${CHECKED} file(s) match README version \`${README_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # ── PROTECT CUSTOM WORKFLOWS ────────────────────────────────────────
-      - name: Ensure custom workflow directory exists
-        run: |
-          echo "## 🔧 Custom Workflows" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          if [ ! -d ".github/workflows/custom" ]; then
-            mkdir -p .github/workflows/custom
-            cat > .github/workflows/custom/README.md << 'CWEOF'
-          # Custom Workflows
-
-          Place repo-specific workflows here. Files in this directory are:
-          - **Never overwritten** by MokoStandards bulk sync
-          - **Never deleted** by the repository-cleanup workflow
-          - Safe for custom CI, notifications, or repo-specific automation
-
-          Synced workflows live in `.github/workflows/` (parent directory).
-          CWEOF
-            sed -i 's/^          //' .github/workflows/custom/README.md
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add .github/workflows/custom/
-            if ! git diff --cached --quiet; then
-              git commit -m "chore: create .github/workflows/custom/ for repo-specific workflows [skip ci]" \
-                --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-              git push
-              echo "✅ Created \`.github/workflows/custom/\` directory" >> $GITHUB_STEP_SUMMARY
-            fi
-          else
-            CUSTOM_COUNT=$(find .github/workflows/custom -name "*.yml" -o -name "*.yaml" 2>/dev/null | wc -l)
-            echo "✅ Custom workflow directory exists (${CUSTOM_COUNT} workflow(s))" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # ── DELETE CLOSED ISSUES ──────────────────────────────────────────────
-      - name: Delete old closed issues
-        if: steps.tasks.outputs.delete_closed_issues == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-        run: |
-          REPO="${{ github.repository }}"
-          CUTOFF=$(date -u -d '30 days ago' +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -u -v-30d +%Y-%m-%dT%H:%M:%SZ)
-          echo "## 🗑️ Closed Issue Cleanup" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "Deleting issues closed before: ${CUTOFF}" >> $GITHUB_STEP_SUMMARY
-
-          DELETED=0
-          curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues?state=closed&since=1970-01-01T00:00:00Z&per_page=100&sort=updated&direction=asc" 2>/dev/null \
-            | jq -r ".[] | select(.closed_at < \"${CUTOFF}\") | .number" 2>/dev/null | while read -r num; do
-              # Lock and close with "not_planned" to mark as cleaned up
-              curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues/${num}/lock" 2>/dev/null -X PUT -f lock_reason="resolved" --silent 2>/dev/null || true
-              echo "  Locked issue #${num}" >> $GITHUB_STEP_SUMMARY
-              DELETED=$((DELETED+1))
-          done
-
-          if [ "$DELETED" -eq 0 ] 2>/dev/null; then
-            echo "✅ No old closed issues found" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "✅ Locked ${DELETED} old closed issue(s)" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: Summary
-        if: always()
-        run: |
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "---" >> $GITHUB_STEP_SUMMARY
-          echo "*Run by @${{ github.actor }} — trigger: ${{ github.event_name }}*" >> $GITHUB_STEP_SUMMARY

.github/workflows/sync-version-on-merge.yml

@@ -1,133 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Automation
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
-# PATH: /templates/workflows/shared/sync-version-on-merge.yml.template
-# VERSION: 04.06.00
-# BRIEF: Auto-bump patch version on every push to main and propagate to all file headers
-# NOTE: Synced via bulk-repo-sync to .github/workflows/sync-version-on-merge.yml in all governed repos.
-#       README.md is the single source of truth for the repository version.
-
-name: Sync Version from README
-
-on:
-  pull_request:
-    types: [closed]
-    branches:
-      - main
-  workflow_dispatch:
-    inputs:
-      dry_run:
-        description: 'Dry run (preview only, no commit)'
-        type: boolean
-        default: false
-
-permissions:
-  contents: write
-  issues: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  sync-version:
-    name: Propagate README version
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.GA_TOKEN || github.token }}
-          fetch-depth: 0
-
-      - name: Set up PHP
-        run: |
-          php -v && composer --version
-
-      - name: Setup MokoStandards tools
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
-        run: |
-          git clone --depth 1 --branch version/04 --quiet \
-            "https://x-access-token:${GH_TOKEN}@git.mokoconsulting.tech/MokoConsulting/MokoStandards.git" \
-            /tmp/mokostandards
-          cd /tmp/mokostandards
-          composer install --no-dev --no-interaction --quiet
-
-      - name: Auto-bump patch version
-        if: ${{ github.event_name != 'workflow_dispatch' && github.actor != 'gitea-actions[bot]' }}
-        run: |
-          if git diff --name-only HEAD~1 HEAD 2>/dev/null | grep -q '^README\.md$'; then
-            echo "README.md changed in this push — skipping auto-bump"
-            exit 0
-          fi
-
-          RESULT=$(php /tmp/mokostandards/api/cli/version_bump.php --path .) || {
-            echo "⚠️ Could not bump version — skipping"
-            exit 0
-          }
-          echo "Auto-bumping patch: $RESULT"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git add README.md
-          git commit -m "chore(version): auto-bump patch ${RESULT} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-          git push
-
-      - name: Extract version from README.md
-        id: readme_version
-        run: |
-          git pull --ff-only 2>/dev/null || true
-          VERSION=$(php /tmp/mokostandards/api/cli/version_read.php --path . 2>/dev/null)
-          if [ -z "$VERSION" ]; then
-            echo "⚠️ No VERSION in README.md — skipping propagation"
-            echo "skip=true" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-          echo "skip=false" >> $GITHUB_OUTPUT
-          echo "✅ README.md version: $VERSION"
-
-      - name: Run version sync
-        if: ${{ steps.readme_version.outputs.skip != 'true' && inputs.dry_run != true }}
-        run: |
-          php /tmp/mokostandards/api/maintenance/update_version_from_readme.php \
-            --path . \
-            --create-issue \
-            --repo "${{ github.repository }}"
-        env:
-          GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
-
-      - name: Commit updated files
-        if: ${{ steps.readme_version.outputs.skip != 'true' && inputs.dry_run != true }}
-        run: |
-          git pull --ff-only 2>/dev/null || true
-          if git diff --quiet; then
-            echo "ℹ️ No version changes needed — already up to date"
-            exit 0
-          fi
-          VERSION="${{ steps.readme_version.outputs.version }}"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git add -A
-          git commit -m "chore(version): sync badges and headers to ${VERSION} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-          git push
-
-      - name: Summary
-        run: |
-          VERSION="${{ steps.readme_version.outputs.version }}"
-          echo "## 📦 Version Sync — ${VERSION}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "**Source:** \`README.md\` FILE INFORMATION block" >> $GITHUB_STEP_SUMMARY
-          echo "**Version:** \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY

.github/workflows/update-server.yml

@@ -1,495 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Joomla
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
-# PATH: /templates/workflows/joomla/update-server.yml.template
-# VERSION: 04.06.00
-# BRIEF: Update Joomla update server XML feed with stable/rc/dev entries
-#
-# Writes updates.xml with multiple <update> entries:
-#   - <tag>stable</tag>     on push to main (from auto-release)
-#   - <tag>rc</tag>         on push to rc/**
-#   - <tag>development</tag> on push to dev or dev/**
-#
-# Joomla filters by user's "Minimum Stability" setting.
-
-name: Update Joomla Update Server XML Feed
-
-on:
-  push:
-    branches:
-      - 'dev'
-      - 'dev/**'
-      - 'alpha/**'
-      - 'beta/**'
-      - 'rc/**'
-    paths:
-      - 'src/**'
-      - 'htdocs/**'
-  pull_request:
-    types: [closed]
-    branches:
-      - 'dev'
-      - 'dev/**'
-      - 'alpha/**'
-      - 'beta/**'
-      - 'rc/**'
-    paths:
-      - 'src/**'
-      - 'htdocs/**'
-  workflow_dispatch:
-    inputs:
-      stability:
-        description: 'Stability tag'
-        required: true
-        default: 'development'
-        type: choice
-        options:
-          - development
-          - alpha
-          - beta
-          - rc
-          - stable
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-
-jobs:
-  update-xml:
-    name: Update updates.xml
-    runs-on: release
-    if: >-
-      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' || github.event_name == 'push'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.GA_TOKEN }}
-          fetch-depth: 0
-
-      - name: Setup MokoStandards tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN }}"}}'
-        run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api 2>/dev/null || true
-          if [ -d "/tmp/mokostandards-api" ] && [ -f "/tmp/mokostandards-api/composer.json" ]; then
-            cd /tmp/mokostandards-api && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
-          fi
-
-      - name: Generate updates.xml entry
-        id: update
-        run: |
-          BRANCH="${{ github.ref_name }}"
-          REPO="${{ github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          VERSION=$(php /tmp/mokostandards-api/cli/version_read.php --path . 2>/dev/null || echo "0.0.0")
-
-          # Auto-bump patch on all branches (dev, alpha, beta, rc)
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          BUMPED=$(php /tmp/mokostandards-api/cli/version_bump.php --path . 2>/dev/null || true)
-          if [ -n "$BUMPED" ]; then
-            VERSION=$(php /tmp/mokostandards-api/cli/version_read.php --path . 2>/dev/null || echo "$VERSION")
-            git add -A
-            git commit -m "chore(version): auto-bump patch ${VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>" 2>/dev/null || true
-            git push 2>/dev/null || true
-          fi
-
-          # Determine stability from branch or input
-          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
-            STABILITY="${{ inputs.stability }}"
-          elif [[ "$BRANCH" == rc/* ]]; then
-            STABILITY="rc"
-          elif [[ "$BRANCH" == beta/* ]]; then
-            STABILITY="beta"
-          elif [[ "$BRANCH" == alpha/* ]]; then
-            STABILITY="alpha"
-          elif [[ "$BRANCH" == dev/* ]] || [[ "$BRANCH" == "dev" ]]; then
-            STABILITY="development"
-          else
-            STABILITY="stable"
-          fi
-
-          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
-
-          # Parse manifest (portable — no grep -P)
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -z "$MANIFEST" ]; then
-            echo "No Joomla manifest found — skipping"
-            exit 0
-          fi
-
-          # Extract fields using sed (works on all runners)
-          EXT_NAME=$(sed -n 's/.*<name>\([^<]*\)<\/name>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_CLIENT=$(sed -n 's/.*<extension[^>]*client="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_VERSION=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" | head -1)
-          TARGET_PLATFORM=$(sed -n 's/.*\(<targetplatform[^/]*\/>\).*/\1/p' "$MANIFEST" | head -1)
-          PHP_MINIMUM=$(sed -n 's/.*<php_minimum>\([^<]*\)<\/php_minimum>.*/\1/p' "$MANIFEST" | head -1)
-
-          # Fallbacks
-          [ -z "$EXT_NAME" ] && EXT_NAME="${{ github.event.repository.name }}"
-          [ -z "$EXT_TYPE" ] && EXT_TYPE="component"
-
-          # Derive element if not in manifest: try XML filename, then repo name
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-            case "$EXT_ELEMENT" in
-              templatedetails|manifest|*.xml) EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;;
-            esac
-          fi
-
-          # Use manifest version if README version is empty
-          [ "$VERSION" = "0.0.0" ] && [ -n "$EXT_VERSION" ] && VERSION="$EXT_VERSION"
-
-          [ -z "$TARGET_PLATFORM" ] && TARGET_PLATFORM=$(printf '<targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" %s>' "/")
-
-          CLIENT_TAG=""
-          [ -n "$EXT_CLIENT" ] && CLIENT_TAG="<client>${EXT_CLIENT}</client>"
-          [ -z "$CLIENT_TAG" ] && ([ "$EXT_TYPE" = "module" ] || [ "$EXT_TYPE" = "plugin" ]) && CLIENT_TAG="<client>site</client>"
-
-          FOLDER_TAG=""
-          [ -n "$EXT_FOLDER" ] && [ "$EXT_TYPE" = "plugin" ] && FOLDER_TAG="<folder>${EXT_FOLDER}</folder>"
-
-          PHP_TAG=""
-          [ -n "$PHP_MINIMUM" ] && PHP_TAG="<php_minimum>${PHP_MINIMUM}</php_minimum>"
-
-          # Version suffix for non-stable
-          DISPLAY_VERSION="$VERSION"
-          case "$STABILITY" in
-            development) DISPLAY_VERSION="${VERSION}-dev" ;;
-            alpha)       DISPLAY_VERSION="${VERSION}-alpha" ;;
-            beta)        DISPLAY_VERSION="${VERSION}-beta" ;;
-            rc)          DISPLAY_VERSION="${VERSION}-rc" ;;
-          esac
-
-          MAJOR=$(echo "$VERSION" | awk -F. '{print $1}')
-
-          # Each stability level has its own release tag
-          case "$STABILITY" in
-            development) RELEASE_TAG="development" ;;
-            alpha)       RELEASE_TAG="alpha" ;;
-            beta)        RELEASE_TAG="beta" ;;
-            rc)          RELEASE_TAG="release-candidate" ;;
-            *)           RELEASE_TAG="v${MAJOR}" ;;
-          esac
-
-          PACKAGE_NAME="${EXT_ELEMENT}-${DISPLAY_VERSION}.zip"
-          DOWNLOAD_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${PACKAGE_NAME}"
-          INFO_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}"
-
-          # -- Build install packages (ZIP + tar.gz) --------------------
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          if [ -d "$SOURCE_DIR" ]; then
-            EXCLUDES=".ftpignore sftp-config* *.ppk *.pem *.key .env*"
-            TAR_NAME="${EXT_ELEMENT}-${DISPLAY_VERSION}.tar.gz"
-
-            cd "$SOURCE_DIR"
-            zip -r "/tmp/${PACKAGE_NAME}" . -x $EXCLUDES
-            cd ..
-            tar -czf "/tmp/${TAR_NAME}" -C "$SOURCE_DIR" \
-              --exclude='.ftpignore' --exclude='sftp-config*' \
-              --exclude='*.ppk' --exclude='*.pem' --exclude='*.key' --exclude='.env*' .
-
-            SHA256=$(sha256sum "/tmp/${PACKAGE_NAME}" | cut -d' ' -f1)
-
-            # Ensure release exists on Gitea
-            RELEASE_JSON=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-            RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-
-            if [ -z "$RELEASE_ID" ]; then
-              # Create release
-              RELEASE_JSON=$(curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                -H "Content-Type: application/json" \
-                "${API_BASE}/releases" \
-                -d "$(python3 -c "import json; print(json.dumps({
-                  'tag_name': '${RELEASE_TAG}',
-                  'name': '${RELEASE_TAG} (${DISPLAY_VERSION})',
-                  'body': '${STABILITY} release',
-                  'prerelease': True,
-                  'target_commitish': 'main'
-                }))")" 2>/dev/null || true)
-              RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-            fi
-
-            if [ -n "$RELEASE_ID" ]; then
-              # Delete existing assets with same name before uploading
-              ASSETS=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets" 2>/dev/null || echo "[]")
-              for ASSET_FILE in "$PACKAGE_NAME" "$TAR_NAME"; do
-                ASSET_ID=$(echo "$ASSETS" | python3 -c "
-          import sys,json
-          assets = json.load(sys.stdin)
-          for a in assets:
-              if a['name'] == '${ASSET_FILE}':
-                  print(a['id']); break
-          " 2>/dev/null || true)
-                if [ -n "$ASSET_ID" ]; then
-                  curl -sf -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                    "${API_BASE}/releases/${RELEASE_ID}/assets/${ASSET_ID}" 2>/dev/null || true
-                fi
-              done
-
-              # Upload both formats
-              curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                -H "Content-Type: application/octet-stream" \
-                --data-binary @"/tmp/${PACKAGE_NAME}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets?name=${PACKAGE_NAME}" > /dev/null 2>&1 || true
-
-              curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                -H "Content-Type: application/octet-stream" \
-                --data-binary @"/tmp/${TAR_NAME}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets?name=${TAR_NAME}" > /dev/null 2>&1 || true
-            fi
-
-            echo "Packages: ${PACKAGE_NAME} + ${TAR_NAME} (SHA: ${SHA256})" >> $GITHUB_STEP_SUMMARY
-          else
-            SHA256=""
-          fi
-
-          # -- Build the new entry -----------------------------------------
-          NEW_ENTRY=""
-          NEW_ENTRY="${NEW_ENTRY}  <update>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <name>${EXT_NAME}</name>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <description>${EXT_NAME} (${STABILITY})</description>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <element>${EXT_ELEMENT}</element>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <type>${EXT_TYPE}</type>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <version>${DISPLAY_VERSION}</version>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <creationDate>$(date +%Y-%m-%d)</creationDate>\n"
-          [ -n "$CLIENT_TAG" ] && NEW_ENTRY="${NEW_ENTRY}    ${CLIENT_TAG}\n"
-          [ -n "$FOLDER_TAG" ] && NEW_ENTRY="${NEW_ENTRY}    ${FOLDER_TAG}\n"
-          NEW_ENTRY="${NEW_ENTRY}    <tags>\n"
-          NEW_ENTRY="${NEW_ENTRY}      <tag>${STABILITY}</tag>\n"
-          NEW_ENTRY="${NEW_ENTRY}    </tags>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <infourl title=\"${EXT_NAME}\">${INFO_URL}</infourl>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <downloads>\n"
-          NEW_ENTRY="${NEW_ENTRY}      <downloadurl type=\"full\" format=\"zip\">${DOWNLOAD_URL}</downloadurl>\n"
-          NEW_ENTRY="${NEW_ENTRY}    </downloads>\n"
-          [ -n "$SHA256" ] && NEW_ENTRY="${NEW_ENTRY}    <sha256>${SHA256}</sha256>\n"
-          NEW_ENTRY="${NEW_ENTRY}    ${TARGET_PLATFORM}\n"
-          [ -n "$PHP_TAG" ] && NEW_ENTRY="${NEW_ENTRY}    ${PHP_TAG}\n"
-          NEW_ENTRY="${NEW_ENTRY}    <maintainer>Moko Consulting</maintainer>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <maintainerurl>https://mokoconsulting.tech</maintainerurl>\n"
-          NEW_ENTRY="${NEW_ENTRY}  </update>"
-
-          # -- Write new entry to temp file --------------------------------
-          printf '%b' "$NEW_ENTRY" > /tmp/new_entry.xml
-
-          # -- Merge into updates.xml (only update this stability channel) -
-          # Cascading update: each stability level updates itself and all lower levels
-          # stable → all | rc → rc,beta,alpha,dev | beta → beta,alpha,dev | alpha → alpha,dev | dev → dev
-          CASCADE_MAP="stable:development,alpha,beta,rc,stable rc:development,alpha,beta,rc beta:development,alpha,beta alpha:development,alpha development:development"
-          TARGETS=""
-          for entry in $CASCADE_MAP; do
-            key="${entry%%:*}"
-            vals="${entry#*:}"
-            if [ "$key" = "${STABILITY}" ]; then
-              TARGETS="$vals"
-              break
-            fi
-          done
-          [ -z "$TARGETS" ] && TARGETS="${STABILITY}"
-
-          if [ ! -f "updates.xml" ]; then
-            printf '%s\n' "<?xml version='1.0' encoding='UTF-8'?>" > updates.xml
-            printf '%s\n' "<!-- Copyright (C) $(date +%Y) Moko Consulting <hello@mokoconsulting.tech>" >> updates.xml
-            printf '%s\n' " SPDX-License-Identifier: GPL-3.0-or-later" >> updates.xml
-            printf '%s\n' " VERSION: ${VERSION}" >> updates.xml
-            printf '%s\n' " -->" >> updates.xml
-            printf '%s\n' "" >> updates.xml
-            printf '%s\n' '<updates>' >> updates.xml
-            cat /tmp/new_entry.xml >> updates.xml
-            printf '\n%s\n' '</updates>' >> updates.xml
-          else
-            # Replace each cascading channel with the new entry (different tag)
-            export PY_TARGETS="$TARGETS"
-            python3 << PYEOF
-          import re, os
-          targets = os.environ["PY_TARGETS"].split(",")
-          stability = "${STABILITY}"
-          with open("updates.xml") as f:
-              content = f.read()
-          with open("/tmp/new_entry.xml") as f:
-              new_entry_template = f.read()
-          for tag in targets:
-              tag = tag.strip()
-              # Build entry with this tag
-              new_entry = re.sub(r"<tag>[^<]*</tag>", f"<tag>{tag}</tag>", new_entry_template)
-              # Remove existing entry for this tag
-              pattern = r"  <update>.*?<tag>" + re.escape(tag) + r"</tag>.*?</update>\n?"
-              content = re.sub(pattern, "", content, flags=re.DOTALL)
-              # Insert before </updates>
-              content = content.replace("</updates>", new_entry + "\n</updates>")
-          content = re.sub(r"\n{3,}", "\n\n", content)
-          with open("updates.xml", "w") as f:
-              f.write(content)
-          PYEOF
-            if [ $? -ne 0 ]; then
-              # Fallback: rebuild keeping other stability entries
-              {
-                printf '%s\n' "<?xml version='1.0' encoding='UTF-8'?>"
-                printf '%s\n' "<!-- Copyright (C) $(date +%Y) Moko Consulting <hello@mokoconsulting.tech>"
-                printf '%s\n' " SPDX-License-Identifier: GPL-3.0-or-later"
-                printf '%s\n' " VERSION: ${VERSION}"
-                printf '%s\n' " -->"
-                printf '%s\n' ""
-                printf '%s\n' '<updates>'
-                for TAG in stable rc development; do
-                  [ "$TAG" = "${STABILITY}" ] && continue
-                  if grep -q "<tag>${TAG}</tag>" updates.xml 2>/dev/null; then
-                    sed -n "/<update>/,/<\/update>/{ /<tag>${TAG}<\/tag>/p; }" updates.xml
-                  fi
-                done
-                cat /tmp/new_entry.xml
-                printf '\n%s\n' '</updates>'
-              } > /tmp/updates_new.xml
-              mv /tmp/updates_new.xml updates.xml
-            fi
-          fi
-
-          # Commit
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git add updates.xml
-          git diff --cached --quiet || {
-            git commit -m "chore: update updates.xml (${STABILITY}: ${DISPLAY_VERSION}) [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-            git push
-          }
-
-      # -- Sync updates.xml to main (for non-main branches) ----------------------
-      - name: Sync updates.xml to main
-        if: github.ref_name != 'main'
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          GA_TOKEN="${{ secrets.GA_TOKEN }}"
-
-          FILE_SHA=$(curl -sf -H "Authorization: token ${GA_TOKEN}" \
-            "${API_BASE}/contents/updates.xml?ref=main" | python3 -c "import sys,json; print(json.load(sys.stdin).get('sha',''))" 2>/dev/null || true)
-
-          if [ -n "$FILE_SHA" ] && [ -f "updates.xml" ]; then
-            CONTENT=$(base64 -w0 updates.xml)
-            curl -sf -X PUT -H "Authorization: token ${GA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "${API_BASE}/contents/updates.xml" \
-              -d "$(python3 -c "import json; print(json.dumps({
-                'content': '${CONTENT}',
-                'sha': '${FILE_SHA}',
-                'message': 'chore: sync updates.xml from ${STABILITY} [skip ci]',
-                'branch': 'main'
-              }))")" > /dev/null 2>&1 \
-              && echo "updates.xml synced to main (${STABILITY})" >> $GITHUB_STEP_SUMMARY \
-              || echo "WARNING: failed to sync updates.xml to main" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "WARNING: could not get updates.xml SHA from main" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- Mirror to GitHub (stable and rc only) --------------------------------
-      - name: Mirror release to GitHub
-        if: >-
-          (steps.update.outputs.stability == 'stable' || steps.update.outputs.stability == 'rc') &&
-          secrets.GH_TOKEN != ''
-        continue-on-error: true
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: |
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          STABILITY="${{ steps.update.outputs.stability }}"
-          echo "GitHub mirror sync for ${STABILITY} — ${GH_REPO}" >> $GITHUB_STEP_SUMMARY
-          # Mirror packages if they exist
-          for PKG in /tmp/*.zip /tmp/*.tar.gz; do
-            if [ -f "$PKG" ]; then
-              _RELID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/${RELEASE_TAG}" 2>/dev/null | jq -r ".id // empty")
-              [ -n "$_RELID" ] && curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" -H "Content-Type: application/octet-stream" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/${_RELID}/assets?name=$(basename $PKG)" --data-binary "@$PKG" > /dev/null 2>&1 || true
-            fi
-          done
-
-      - name: SFTP deploy to dev server
-        if: contains(github.ref, 'dev/') || github.ref == 'refs/heads/dev'
-        env:
-          DEV_HOST: ${{ vars.DEV_FTP_HOST }}
-          DEV_PATH: ${{ vars.DEV_FTP_PATH }}
-          DEV_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
-          DEV_USER: ${{ vars.DEV_FTP_USERNAME }}
-          DEV_PORT: ${{ vars.DEV_FTP_PORT }}
-          DEV_KEY: ${{ secrets.DEV_FTP_KEY }}
-          DEV_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
-        run: |
-          # -- Permission check: admin or maintain role required --------
-          ACTOR="${{ github.actor }}"
-          REPO="${{ github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/collaborators/${ACTOR}/permission" 2>/dev/null | \
-            python3 -c "import sys,json; print(json.load(sys.stdin).get('permission','read'))" 2>/dev/null || echo "read")
-          case "$PERMISSION" in
-            admin|maintain|write) ;;
-            *)
-              echo "Deploy denied: ${ACTOR} has '${PERMISSION}' — requires admin, maintain, or write"
-              exit 0
-              ;;
-          esac
-
-          [ -z "$DEV_HOST" ] || [ -z "$DEV_PATH" ] && { echo "DEV FTP not configured — skipping SFTP"; exit 0; }
-
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && exit 0
-
-          PORT="${DEV_PORT:-22}"
-          REMOTE="${DEV_PATH%/}"
-          [ -n "$DEV_SUFFIX" ] && REMOTE="${REMOTE}/${DEV_SUFFIX#/}"
-
-          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
-            "$DEV_HOST" "$PORT" "$DEV_USER" "$REMOTE" > /tmp/sftp-config.json
-          if [ -n "$DEV_KEY" ]; then
-            echo "$DEV_KEY" > /tmp/deploy_key && chmod 600 /tmp/deploy_key
-            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
-          else
-            printf ',"password":"%s"}' "$DEV_PASS" >> /tmp/sftp-config.json
-          fi
-
-          PLATFORM=$(php /tmp/mokostandards-api/cli/platform_detect.php --path . 2>/dev/null || true)
-          if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards-api/deploy/deploy-joomla.php" ]; then
-            php /tmp/mokostandards-api/deploy/deploy-joomla.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
-          elif [ -f "/tmp/mokostandards-api/deploy/deploy-sftp.php" ]; then
-            php /tmp/mokostandards-api/deploy/deploy-sftp.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
-          fi
-          rm -f /tmp/deploy_key /tmp/sftp-config.json
-          echo "SFTP deploy to dev complete" >> $GITHUB_STEP_SUMMARY
-
-      - name: Summary
-        if: always()
-        run: |
-          echo "## Joomla Update Server" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-          echo "| Stability | \`${STABILITY}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Version | \`${DISPLAY_VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Element | \`${EXT_ELEMENT}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Download | [ZIP](${DOWNLOAD_URL}) |" >> $GITHUB_STEP_SUMMARY

.mcp.json

@@ -1,25 +0,0 @@
-{
-    "mcpServers": {
-        "ssh": {
-            "type": "stdio",
-            "command": "node",
-            "args": [
-                "A:/ssh-mcp/src/index.js"
-            ]
-        },
-        "wiki": {
-            "type": "stdio",
-            "command": "node",
-            "args": [
-                "A:/wiki-mcp/dist/index.js"
-            ]
-        },
-        "project": {
-            "type": "stdio",
-            "command": "node",
-            "args": [
-                "A:/project-mcp/dist/index.js"
-            ]
-        }
-    }
-}

.mokogitea/branch-protection.yml

@@ -0,0 +1,251 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+# SPDX-License-Identifier: GPL-3.0-or-later
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Automation
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /.gitea/workflows/branch-protection.yml
+# BRIEF: Apply standardised branch protection rules to all governed repositories
+#
+# +========================================================================+
+# |                   BRANCH PROTECTION SETUP                              |
+# +========================================================================+
+# |                                                                        |
+# |  Applies protection rules for: main, dev, rc, beta, alpha       |
+# |                                                                        |
+# |  main  — Require PR, block rejected reviews, no force push             |
+# |  dev   — Allow push, no force push, no delete                          |
+# |  rc  — Allow push, no force push, no delete                          |
+# |  beta — Allow push, no force push, no delete                         |
+# |  alpha — Allow push, no force push, no delete                        |
+# |                                                                        |
+# |  jmiller has override authority on all branches.                       |
+# |                                                                        |
+# +========================================================================+
+
+name: Branch Protection Setup
+
+on:
+  schedule:
+    - cron: '0 2 * * 1'  # Weekly Monday 02:00 UTC
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Preview mode (no changes)'
+        required: false
+        type: boolean
+        default: false
+      repos:
+        description: 'Comma-separated repo names (empty = all governed repos)'
+        required: false
+        type: string
+        default: ''
+
+env:
+  GITEA_URL: https://git.mokoconsulting.tech
+  GITEA_ORG: MokoConsulting
+
+permissions:
+  contents: read
+
+jobs:
+  protect:
+    name: Apply Branch Protection Rules
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Determine target repos
+        id: repos
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+        run: |
+          API="${GITEA_URL}/api/v1"
+
+          # Platform/standards/infra repos to exclude
+          EXCLUDE="gitea-org-config org-profile gitea-private .mokogitea-private MokoStandards moko-platform MokoTesting"
+          EXCLUDE="$EXCLUDE MokoStandards-Template-Client MokoStandards-Template-Dolibarr MokoStandards-Template-Generic MokoStandards-Template-Joomla MokoDoliProjTemplate"
+
+          if [ -n "${{ inputs.repos }}" ]; then
+            # User-specified repos
+            REPOS=$(echo "${{ inputs.repos }}" | tr ',' ' ')
+          else
+            # Fetch all org repos
+            PAGE=1
+            REPOS=""
+            while true; do
+              BATCH=$(curl -sS \
+                -H "Authorization: token ${GA_TOKEN}" \
+                "${API}/orgs/${GITEA_ORG}/repos?page=${PAGE}&limit=50" \
+                | jq -r '.[].name // empty')
+              [ -z "$BATCH" ] && break
+              REPOS="$REPOS $BATCH"
+              PAGE=$((PAGE + 1))
+            done
+
+            # Filter out excluded repos
+            FILTERED=""
+            for REPO in $REPOS; do
+              SKIP=false
+              for EX in $EXCLUDE; do
+                if [ "$REPO" = "$EX" ]; then
+                  SKIP=true
+                  break
+                fi
+              done
+              if [ "$SKIP" = "false" ]; then
+                FILTERED="$FILTERED $REPO"
+              fi
+            done
+            REPOS="$FILTERED"
+          fi
+
+          echo "repos=$REPOS" >> "$GITHUB_OUTPUT"
+          COUNT=$(echo "$REPOS" | wc -w)
+          echo "📋 Target repos (${COUNT}): $REPOS"
+
+      - name: Apply protection rules
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+          DRY_RUN: ${{ inputs.dry_run || 'false' }}
+        run: |
+          API="${GITEA_URL}/api/v1"
+          REPOS="${{ steps.repos.outputs.repos }}"
+
+          SUCCESS=0
+          FAILED=0
+          SKIPPED=0
+
+          # ── Rule definitions ──────────────────────────────────────
+          # Only the CI bot (jmiller token) can push directly.
+          # All human contributors must use PRs.
+          # Force push disabled on all branches.
+
+          RULE_MAIN='{
+            "rule_name": "main",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "dismiss_stale_approvals": true,
+            "block_on_rejected_reviews": true,
+            "block_on_outdated_branch": false,
+            "priority": 1
+          }'
+
+          RULE_DEV='{
+            "rule_name": "dev",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 2
+          }'
+
+          RULE_RC='{
+            "rule_name": "rc",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 3
+          }'
+
+          RULE_BETA='{
+            "rule_name": "beta",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 4
+          }'
+
+          RULE_ALPHA='{
+            "rule_name": "alpha",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 5
+          }'
+
+          RULES=("$RULE_MAIN" "$RULE_DEV" "$RULE_RC" "$RULE_BETA" "$RULE_ALPHA")
+          RULE_NAMES=("main" "dev" "rc" "beta" "alpha")
+
+          # ── Apply rules to each repo ──────────────────────────────
+          for REPO in $REPOS; do
+            echo ""
+            echo "═══ ${REPO} ═══"
+
+            for i in "${!RULES[@]}"; do
+              RULE="${RULES[$i]}"
+              NAME="${RULE_NAMES[$i]}"
+
+              if [ "$DRY_RUN" = "true" ]; then
+                echo "  [DRY RUN] Would apply rule: ${NAME}"
+                SKIPPED=$((SKIPPED + 1))
+                continue
+              fi
+
+              # Delete existing rule if present (idempotent recreate)
+              ENCODED_NAME=$(echo "$NAME" | sed 's|/|%2F|g')
+              curl -sS -o /dev/null -w "" \
+                -X DELETE \
+                -H "Authorization: token ${GA_TOKEN}" \
+                "${API}/repos/${GITEA_ORG}/${REPO}/branch_protections/${ENCODED_NAME}" 2>/dev/null || true
+
+              # Create rule
+              RESPONSE=$(curl -sS -w "\n%{http_code}" \
+                -X POST \
+                -H "Authorization: token ${GA_TOKEN}" \
+                -H "Content-Type: application/json" \
+                -d "$RULE" \
+                "${API}/repos/${GITEA_ORG}/${REPO}/branch_protections")
+
+              HTTP=$(echo "$RESPONSE" | tail -1)
+              BODY=$(echo "$RESPONSE" | sed '$d')
+
+              if [ "$HTTP" = "201" ]; then
+                echo "  ✅ ${NAME}"
+                SUCCESS=$((SUCCESS + 1))
+              else
+                echo "  ❌ ${NAME} (HTTP ${HTTP}): $(echo "$BODY" | jq -r '.message // .' 2>/dev/null | head -1)"
+                FAILED=$((FAILED + 1))
+              fi
+            done
+          done
+
+          # ── Summary ───────────────────────────────────────────────
+          echo ""
+          echo "════════════════════════════════════════"
+          echo "  ✅ Success: ${SUCCESS}"
+          echo "  ❌ Failed:  ${FAILED}"
+          echo "  ⏭️  Skipped: ${SKIPPED}"
+          echo "════════════════════════════════════════"
+
+          if [ "$FAILED" -gt 0 ]; then
+            echo "::warning::${FAILED} rule(s) failed to apply"
+          fi

.mokogitea/workflows/auto-bump.yml

@@ -0,0 +1,66 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Release
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /.mokogitea/workflows/auto-bump.yml
+# VERSION: 09.02.00
+# BRIEF: Auto patch-bump version on every push to dev (skips merge commits)
+
+name: "Universal: Auto Version Bump"
+
+on:
+  push:
+    branches:
+      - dev
+      - rc
+      - 'feature/**'
+      - 'patch/**'
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+
+permissions:
+  contents: write
+
+jobs:
+  bump:
+    name: Version Bump
+    runs-on: release
+    if: >-
+      !contains(github.event.head_commit.message, '[skip ci]') &&
+      !contains(github.event.head_commit.message, '[skip bump]') &&
+      !startsWith(github.event.head_commit.message, 'Merge pull request')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 1
+
+      - name: Setup moko-platform tools
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          if [ -d "/opt/moko-platform/cli" ]; then
+            echo "MOKO_CLI=/opt/moko-platform/cli" >> "$GITHUB_ENV"
+          else
+            git clone --depth 1 --branch main --quiet \
+              "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/moko-platform.git" \
+              /tmp/moko-platform-api
+            cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
+            echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
+          fi
+
+      - name: Bump version
+        run: |
+          php ${MOKO_CLI}/version_auto_bump.php \
+            --path . --branch "${GITHUB_REF_NAME}" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --repo-url "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"

.mokogitea/workflows/auto-release.yml

@@ -0,0 +1,270 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Release
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/universal/auto-release.yml.template
+# VERSION: 05.00.00
+# BRIEF: Universal build & release � detects platform from manifest.xml
+#
+# +========================================================================+
+# |              UNIVERSAL BUILD & RELEASE PIPELINE                        |
+# +========================================================================+
+# |                                                                        |
+# |  Reads manifest.xml (joomla|dolibarr|generic) to branch logic.       |
+# |                                                                        |
+# |  Platform-specific:                                                    |
+# |    joomla:   XML manifest, updates.xml, type-prefixed packages         |
+# |    dolibarr: mod*.class.php, update.txt, dev version reset             |
+# |    generic:  README-only, no update stream                             |
+# |                                                                        |
+# +========================================================================+
+
+name: "Universal: Build & Release"
+
+on:
+  pull_request:
+    types: [opened, closed]
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      action:
+        description: 'Action to perform'
+        required: false
+        type: choice
+        default: release
+        options:
+          - release
+          - promote-rc
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
+  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
+
+permissions:
+  contents: write
+
+jobs:
+  # ── PR Opened → Rename branch to RC and build RC release ─────────────────────
+  promote-rc:
+    name: Promote to RC
+    runs-on: release
+    if: >-
+      (github.event.action == 'opened' && github.event.pull_request.merged != true) ||
+      (github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 1
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          # Always fetch latest CLI tools — never use stale cache from previous runs
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api
+          composer install --no-dev --no-interaction --quiet
+
+      - name: Rename branch to rc
+        run: |
+          php /tmp/moko-platform-api/cli/branch_rename.php \
+            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
+            --pr "${{ github.event.pull_request.number }}"
+
+      - name: Checkout rc and configure git
+        run: |
+          git fetch origin rc
+          git checkout rc
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+      - name: Publish RC release
+        run: |
+          php /tmp/moko-platform-api/cli/release_publish.php \
+            --path . --stability rc --bump minor --branch rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}"
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "## Promoted to Release Candidate" >> $GITHUB_STEP_SUMMARY
+          echo "Branch renamed to rc, minor bump, RC + lesser stream releases built, updates.xml synced" >> $GITHUB_STEP_SUMMARY
+
+  # ── Merged PR → Build & Release (or promote RC to stable) ────────────────────
+  release:
+    name: Build & Release Pipeline
+    runs-on: release
+    if: >-
+      github.event.pull_request.merged == true ||
+      (github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 0
+
+      - name: Configure git for bot pushes
+        run: |
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN }}"}}'
+        run: |
+          # Ensure PHP + Composer are available
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          # Always fetch latest CLI tools — never use stale cache from previous runs
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api
+          composer install --no-dev --no-interaction --quiet
+
+
+      - name: "Publish stable release"
+        run: |
+          php /tmp/moko-platform-api/cli/release_publish.php \
+            --path . --stability stable --bump minor --branch main \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}"
+
+      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
+      - name: "Step 9: Mirror release to GitHub"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          secrets.GH_MIRROR_TOKEN != ''
+        continue-on-error: true
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php /tmp/moko-platform-api/cli/release_mirror.php \
+            --version "$VERSION" --tag "$RELEASE_TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --gh-token "${{ secrets.GH_MIRROR_TOKEN }}" --gh-repo "$GH_REPO" \
+            --branch main 2>&1 || true
+          echo "GitHub mirror updated" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
+      - name: "Step 10: Push main to GitHub mirror"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          secrets.GH_MIRROR_TOKEN != ''
+        continue-on-error: true
+        run: |
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
+          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
+          git remote add github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
+            git remote set-url github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
+          git fetch origin main --depth=1
+          git push github origin/main:refs/heads/main --force 2>/dev/null \
+            && echo "main branch pushed to GitHub mirror" \
+            || echo "WARNING: GitHub mirror push failed"
+
+      - name: "Step 11: Delete rc branch and recreate dev from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+
+          # Delete rc branch (ephemeral — created by promote-rc)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/rc" 2>/dev/null \
+            && echo "Deleted rc branch" || echo "rc branch not found"
+
+          # Delete dev branch
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
+
+          # Recreate dev from main (now includes version bump + changelog promotion)
+          curl -sf -X POST -H "Authorization: token ${TOKEN}" \
+            -H "Content-Type: application/json" \
+            "${API_BASE}/branches" \
+            -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
+
+          echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
+
+      - name: "Step 12: Create version branch from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          BRANCH_NAME="version/${VERSION}"
+          MAIN_SHA=$(git rev-parse HEAD)
+
+          # Delete old version branch if it exists (same version re-release)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}"             "${API_BASE}/branches/${BRANCH_NAME}" 2>/dev/null && echo "Deleted old ${BRANCH_NAME}"
+
+          # Create version/XX.YY.ZZ from main
+          curl -sf -X POST -H "Authorization: token ${TOKEN}"             -H "Content-Type: application/json"             "${API_BASE}/branches"             -d "{\"new_branch_name\":\"${BRANCH_NAME}\",\"old_branch_name\":\"main\"}" 2>/dev/null             && echo "Created ${BRANCH_NAME} from main (${MAIN_SHA})"             || echo "WARNING: ${BRANCH_NAME} creation failed"
+
+          echo "Version branch created: ${BRANCH_NAME} (${MAIN_SHA})" >> $GITHUB_STEP_SUMMARY
+
+
+
+      # -- Dolibarr post-release: Reset dev version -----------------------------
+      - name: "Post-release: Reset dev version"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php /tmp/moko-platform-api/cli/version_reset_dev.php \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
+            --branch dev --path . 2>&1 || true
+
+      # -- Summary --------------------------------------------------------------
+      - name: Pipeline Summary
+        if: always()
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
+            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
+            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
+          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
+            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "## Build & Release Complete (${PLATFORM})" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
+            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
+            echo "| Platform | \`${PLATFORM}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
+          fi

.mokogitea/workflows/branch-cleanup.yml

@@ -0,0 +1,48 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Universal
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /.mokogitea/workflows/branch-cleanup.yml
+# VERSION: 01.00.00
+# BRIEF: Delete feature branches after PR merge
+
+name: "Branch Cleanup"
+
+on:
+  pull_request:
+    types: [closed]
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  cleanup:
+    name: Delete merged branch
+    runs-on: ubuntu-latest
+    if: >-
+      github.event.pull_request.merged == true &&
+      github.event.pull_request.head.ref != 'dev' &&
+      github.event.pull_request.head.ref != 'main'
+
+    steps:
+      - name: Delete source branch
+        run: |
+          BRANCH="${{ github.event.pull_request.head.ref }}"
+          API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
+          ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
+
+          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
+            -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+            "${API}/${ENCODED}" 2>/dev/null || true)
+
+          if [ "$STATUS" = "204" ]; then
+            echo "Deleted branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
+          elif [ "$STATUS" = "404" ]; then
+            echo "Branch already deleted: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "::warning::Failed to delete branch ${BRANCH} (HTTP ${STATUS})"
+          fi

.mokogitea/workflows/cascade-dev.yml

@@ -0,0 +1,10 @@
+# DISABLED — auto-release Step 11 recreates dev from main after every release.
+# Cascade-dev is redundant and causes version conflicts when both main and dev
+# have different version numbers in templateDetails.xml / manifest.xml.
+name: "Cascade Main → Dev (DISABLED)"
+on: workflow_dispatch
+jobs:
+  noop:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Cascade disabled — auto-release handles dev recreation"

.mokogitea/workflows/issue-branch.yml

@@ -0,0 +1,73 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Automation
+# VERSION: 01.00.00
+# BRIEF: Auto-create feature branch when an issue is opened
+
+name: "Universal: Issue Branch"
+
+on:
+  issues:
+    types: [opened]
+
+permissions:
+  contents: write
+  issues: write
+
+env:
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+
+jobs:
+  create-branch:
+    name: Create feature branch
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create branch and comment
+        run: |
+          TOKEN="${{ secrets.GA_TOKEN }}"
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
+          ISSUE_NUM="${{ github.event.issue.number }}"
+          ISSUE_TITLE="${{ github.event.issue.title }}"
+
+          # Build slug from title: lowercase, replace non-alnum with dash, trim
+          SLUG=$(echo "${ISSUE_TITLE}" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g' | sed 's/--*/-/g' | sed 's/^-//;s/-$//' | cut -c1-40)
+          BRANCH="feature/${ISSUE_NUM}-${SLUG}"
+
+          # Check dev branch exists
+          DEV_EXISTS=$(curl -sf -o /dev/null -w '%{http_code}' \
+            -H "Authorization: token ${TOKEN}" \
+            "${API}/branches/dev" 2>/dev/null || echo "000")
+
+          if [ "${DEV_EXISTS}" != "200" ]; then
+            echo "No dev branch -- skipping"
+            exit 0
+          fi
+
+          # Create branch from dev
+          HTTP=$(curl -sf -o /dev/null -w '%{http_code}' -X POST \
+            -H "Authorization: token ${TOKEN}" \
+            -H "Content-Type: application/json" \
+            "${API}/branches" \
+            -d "{\"new_branch_name\":\"${BRANCH}\",\"old_branch_name\":\"dev\"}" 2>/dev/null || echo "000")
+
+          if [ "${HTTP}" = "201" ]; then
+            echo "Created branch: ${BRANCH}"
+
+            # Comment on issue with branch link
+            REPO_URL="${GITEA_URL}/${{ github.repository }}"
+            BODY="Branch created: [\`${BRANCH}\`](${REPO_URL}/src/branch/${BRANCH})\n\n\`\`\`bash\ngit fetch origin\ngit checkout ${BRANCH}\n\`\`\`"
+
+            curl -sf -X POST \
+              -H "Authorization: token ${TOKEN}" \
+              -H "Content-Type: application/json" \
+              "${API}/issues/${ISSUE_NUM}/comments" \
+              -d "{\"body\":\"${BODY}\"}" > /dev/null 2>&1
+
+            echo "Commented on issue #${ISSUE_NUM}"
+          else
+            echo "Failed to create branch (HTTP ${HTTP}) -- may already exist"
+          fi

.mokogitea/workflows/pr-check.yml

@@ -0,0 +1,264 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.CI
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/universal/pr-check.yml.template
+# VERSION: 09.23.00
+# BRIEF: PR gate — branch policy + code validation before merge
+
+name: "Universal: PR Check"
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  # ── Branch Policy ──────────────────────────────────────────────────────
+  branch-policy:
+    name: Branch Policy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch merge target
+        run: |
+          HEAD="${{ github.head_ref }}"
+          BASE="${{ github.base_ref }}"
+
+          echo "PR: ${HEAD} → ${BASE}"
+
+          ALLOWED=true
+          REASON=""
+
+          case "$HEAD" in
+            feature/*|feat/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Feature branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            fix/*|bugfix/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Fix branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            patch/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "rc" ]; then
+                ALLOWED=false
+                REASON="Patch branches must target 'dev' or 'rc', not '${BASE}'"
+              fi
+              ;;
+            hotfix/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Hotfix branches can only target 'dev' or 'main', not '${BASE}'"
+              fi
+              ;;
+            rc)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="RC branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+            dev)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Dev branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+          esac
+
+          if [ "$ALLOWED" = false ]; then
+            echo "::error::${REASON}"
+            echo "## Branch Policy Violation" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "${REASON}" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Allowed merge paths:" >> $GITHUB_STEP_SUMMARY
+            echo "- \`feature/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`fix/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`hotfix/*\` → \`dev\` or \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`dev\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`rc/*\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+
+          echo "Branch policy: OK (${HEAD} → ${BASE})"
+          echo "## Branch Policy: Passed" >> $GITHUB_STEP_SUMMARY
+
+  # ── Code Validation ────────────────────────────────────────────────────
+  validate:
+    name: Validate PR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect platform
+        id: platform
+        run: |
+          # Read platform from XML manifest (<platform> tag) or plain text fallback
+          PLATFORM=$(sed -n 's/.*<platform>\([^<]*\)<\/platform>.*/\1/p' .mokogitea/manifest.xml 2>/dev/null | head -1)
+          [ -z "$PLATFORM" ] && PLATFORM=$(cat .mokogitea/manifest.xml 2>/dev/null | tr -d '[:space:]')
+          [ -z "$PLATFORM" ] && PLATFORM="generic"
+          echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
+
+      - name: Setup PHP
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          if ! command -v php &> /dev/null; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
+          fi
+
+      - name: PHP syntax check
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          ERRORS=0
+          while IFS= read -r -d '' file; do
+            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
+              ERRORS=$((ERRORS + 1))
+            fi
+          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
+          echo "PHP lint: ${ERRORS} error(s)"
+          [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
+
+      - name: Validate platform manifest
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+              if [ -z "$MANIFEST" ]; then
+                echo "::warning::No Joomla manifest found (WaaS site)"
+                exit 0
+              fi
+              echo "Manifest: ${MANIFEST}"
+              if command -v php &> /dev/null; then
+                php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::Manifest XML is malformed"; exit 1; }
+              fi
+              for ELEMENT in name version description; do
+                grep -q "<${ELEMENT}>" "$MANIFEST" || { echo "::error::Missing <${ELEMENT}> in manifest"; exit 1; }
+              done
+              echo "Joomla manifest valid"
+              ;;
+            dolibarr)
+              MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1)
+              if [ -z "$MOD_FILE" ]; then
+                echo "::error::No mod*.class.php found"
+                exit 1
+              fi
+              echo "Dolibarr module: ${MOD_FILE}"
+              ;;
+            *)
+              echo "Generic platform — no manifest validation"
+              ;;
+          esac
+
+      - name: Check update stream format
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              if [ -f "updates.xml" ]; then
+                if command -v php &> /dev/null; then
+                  php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::updates.xml is malformed"; exit 1; }
+                fi
+                echo "updates.xml valid"
+              fi
+              ;;
+            dolibarr)
+              [ -f "update.txt" ] && echo "update.txt present" || echo "::warning::No update.txt"
+              ;;
+          esac
+
+      - name: Check changelog has unreleased entry
+        run: |
+          if [ ! -f "CHANGELOG.md" ]; then
+            echo "::warning::No CHANGELOG.md found"
+            exit 0
+          fi
+          # Check for content under [Unreleased] section
+          if ! grep -q "## \[Unreleased\]" CHANGELOG.md; then
+            echo "::error::CHANGELOG.md missing [Unreleased] section"
+            exit 1
+          fi
+          # Check there's at least one entry (Added/Changed/Fixed/Removed) under Unreleased
+          UNRELEASED_CONTENT=$(sed -n '/## \[Unreleased\]/,/## \[/p' CHANGELOG.md | grep -cE '^\s*-\s' || true)
+          if [ "$UNRELEASED_CONTENT" -eq 0 ]; then
+            echo "::error::CHANGELOG.md [Unreleased] section has no entries. Add a changelog entry describing your changes."
+            echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "The \`[Unreleased]\` section in CHANGELOG.md has no entries." >> $GITHUB_STEP_SUMMARY
+            echo "Add a line like \`- Description of your change\` under a heading (\`### Added\`, \`### Changed\`, \`### Fixed\`, etc.)" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "Changelog: ${UNRELEASED_CONTENT} entry/entries in [Unreleased]"
+
+      - name: Verify package source
+        run: |
+          SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
+          if [ ! -d "$SOURCE_DIR" ]; then
+            echo "::warning::No src/ or htdocs/ directory"
+            exit 0
+          fi
+          FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
+          echo "Source: ${FILE_COUNT} files"
+          [ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }
+
+  # ── Pre-Release RC Build ─────────────────────────────────────────────────
+  pre-release:
+    name: Build RC Package
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+
+    steps:
+      - name: Trigger RC pre-release
+        env:
+          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: ${{ github.head_ref }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
+          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
+
+  # ── Issue Reporter ──────────────────────────────────────────────────────
+  report-issues:
+    name: Report Issues
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+    if: >-
+      always() &&
+      needs.validate.result == 'failure'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issue for PR validation failure"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          ./automation/ci-issue-reporter.sh \
+            --gate "PR Validation" \
+            --workflow "PR Check" \
+            --severity error \
+            --details "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."

.mokogitea/workflows/pre-release.yml

@@ -0,0 +1,233 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Release
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /templates/workflows/universal/pre-release.yml.template
+# VERSION: 05.01.00
+# BRIEF: Manual pre-release -- builds dev/alpha/beta/rc packages from any branch
+
+name: "Universal: Pre-Release"
+
+on:
+  pull_request:
+    types: [closed]
+    branches:
+      - dev
+  workflow_dispatch:
+    inputs:
+      stability:
+        description: 'Pre-release channel'
+        required: true
+        type: choice
+        options:
+          - development
+          - alpha
+          - beta
+          - release-candidate
+
+permissions:
+  contents: write
+
+env:
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
+  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
+
+jobs:
+  build:
+    name: "Build Pre-Release (${{ inputs.stability || 'development' }})"
+    runs-on: release
+    if: >-
+      github.event_name == 'workflow_dispatch' ||
+      (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'dev')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          # Always fetch latest CLI tools — never use stale cache from previous runs
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
+          echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
+
+      - name: Detect platform
+        id: platform
+        run: |
+          php ${MOKO_CLI}/manifest_read.php --path . --github-output
+
+      - name: Resolve metadata and bump version
+        id: meta
+        run: |
+          STABILITY="${{ inputs.stability || 'development' }}"
+
+          case "$STABILITY" in
+            development)        SUFFIX="-dev";   TAG="development" ;;
+            alpha)              SUFFIX="-alpha"; TAG="alpha" ;;
+            beta)               SUFFIX="-beta";  TAG="beta" ;;
+            release-candidate)  SUFFIX="-rc";    TAG="release-candidate" ;;
+          esac
+
+          # Read current version (bump already handled by push workflow)
+          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null)
+          [ -z "$VERSION" ] && VERSION="00.00.01"
+
+          # Strip any existing suffix from version before applying stability
+          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
+
+          php ${MOKO_CLI}/version_set_platform.php \
+            --path . --version "$VERSION" --branch "${{ github.ref_name }}" --stability "$STABILITY" 2>/dev/null || true
+
+          # Verify version consistency across all files
+          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
+
+          # Update VERSION variable with suffix
+          if [ -n "$SUFFIX" ]; then
+            VERSION="${VERSION}${SUFFIX}"
+          fi
+
+          # Commit version bump
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+          git add -A
+          git diff --cached --quiet || {
+            git commit -m "chore(version): pre-release bump to ${VERSION} [skip ci]"
+            git push origin HEAD 2>&1
+          }
+
+          # Auto-detect element via manifest_element.php
+          php ${MOKO_CLI}/manifest_element.php \
+            --path . --version "$VERSION" --stability "$STABILITY" \
+            --repo "${GITEA_REPO}" --github-output
+
+          # Read back element outputs
+          EXT_ELEMENT=$(grep '^ext_element=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
+          ZIP_NAME=$(grep '^zip_name=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
+          [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
+          [ -z "$ZIP_NAME" ] && ZIP_NAME="${EXT_ELEMENT}-${VERSION}.zip"
+
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
+          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
+          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "zip_name=${ZIP_NAME}" >> "$GITHUB_OUTPUT"
+          echo "ext_element=${EXT_ELEMENT}" >> "$GITHUB_OUTPUT"
+
+          echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION}${SUFFIX} ==="
+
+      - name: Create release
+        id: release
+        run: |
+          TAG="${{ steps.meta.outputs.tag }}"
+          VERSION="${{ steps.meta.outputs.version }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php ${MOKO_CLI}/release_create.php \
+            --path . --version "$VERSION" --tag "$TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --repo "${GITEA_REPO}" --branch dev --prerelease
+
+      - name: Build package and upload
+        id: package
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          TAG="${{ steps.meta.outputs.tag }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php ${MOKO_CLI}/release_package.php \
+            --path . --version "$VERSION" --tag "$TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --repo "${GITEA_REPO}" --output /tmp || true
+
+      - name: Update updates.xml
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          STABILITY="${{ steps.meta.outputs.stability }}"
+          SHA256="${{ steps.package.outputs.sha256_zip }}"
+
+          if [ ! -f "updates.xml" ]; then
+            echo "No updates.xml -- skipping"
+            exit 0
+          fi
+
+          SHA_FLAG=""
+          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
+
+          php ${MOKO_CLI}/updates_xml_build.php \
+            --path . --version "${VERSION}" --stability "${STABILITY}" \
+            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
+            ${SHA_FLAG}
+
+          # Commit and push
+          if ! git diff --quiet updates.xml 2>/dev/null; then
+            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+            git config --local user.name "gitea-actions[bot]"
+            git add updates.xml
+            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
+            git push origin HEAD 2>&1 || echo "WARNING: push failed"
+          fi
+
+      - name: "Sync updates.xml to all branches"
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          CURRENT_BRANCH="${{ github.ref_name }}"
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+
+          for BRANCH in main dev; do
+            [ "$BRANCH" = "$CURRENT_BRANCH" ] && continue
+            echo "Syncing updates.xml -> ${BRANCH}"
+            git fetch origin "${BRANCH}" 2>/dev/null || continue
+            git checkout "origin/${BRANCH}" -- updates.xml 2>/dev/null || continue
+            git checkout "${CURRENT_BRANCH}" -- updates.xml
+            if ! git diff --quiet updates.xml 2>/dev/null; then
+              git add updates.xml
+              git commit -m "chore: sync updates.xml from ${CURRENT_BRANCH} [skip ci]"
+              git push origin HEAD:refs/heads/${BRANCH} 2>&1 || echo "WARNING: push to ${BRANCH} failed"
+            fi
+            git checkout "${CURRENT_BRANCH}" 2>/dev/null
+          done
+
+      - name: "Delete lesser pre-release channels (cascade)"
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+
+          php ${MOKO_CLI}/release_cascade.php \
+            --stability "${{ steps.meta.outputs.stability }}" \
+            --token "${TOKEN}" \
+            --api-base "${API_BASE}"
+
+      - name: Summary
+        if: always()
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          STABILITY="${{ steps.meta.outputs.stability }}"
+          ZIP_NAME="${{ steps.meta.outputs.zip_name }}"
+          SHA256="${{ steps.package.outputs.sha256_zip }}"
+          echo "## Pre-Release Complete" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| Channel | ${STABILITY} |" >> $GITHUB_STEP_SUMMARY
+          echo "| Package | \`${ZIP_NAME}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| SHA-256 | \`${SHA256:-n/a}\` |" >> $GITHUB_STEP_SUMMARY

.mokogitea/workflows/update-server.yml

@@ -0,0 +1,312 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Universal
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /templates/workflows/update-server.yml
+# VERSION: 05.00.00
+# BRIEF: Pre-release build + update server XML for dev/alpha/beta/rc branches
+#
+# Thin wrapper around moko-platform CLI tools.
+# Builds packages, updates updates.xml, and optionally deploys via SFTP.
+#
+# Joomla filters update entries by the user's "Minimum Stability" setting.
+
+name: "Update Server"
+
+on:
+  push:
+    branches:
+      - 'dev'
+      - 'dev/**'
+      - 'alpha/**'
+      - 'beta/**'
+      - 'rc/**'
+    paths:
+      - 'src/**'
+      - 'htdocs/**'
+  pull_request:
+    types: [closed]
+    branches:
+      - 'dev'
+      - 'dev/**'
+      - 'alpha/**'
+      - 'beta/**'
+      - 'rc/**'
+    paths:
+      - 'src/**'
+      - 'htdocs/**'
+  workflow_dispatch:
+    inputs:
+      stability:
+        description: 'Stability tag'
+        required: true
+        default: 'development'
+        type: choice
+        options:
+          - development
+          - alpha
+          - beta
+          - rc
+          - stable
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
+  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
+
+permissions:
+  contents: write
+
+jobs:
+  update-xml:
+    name: Update Server
+    runs-on: release
+    if: >-
+      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' || github.event_name == 'push'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 0
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+          COMPOSER_AUTH: '{"http-basic":{"git.mokoconsulting.tech":{"username":"token","password":"${{ secrets.MOKOGITEA_TOKEN }}"}}}'
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          # Always fetch latest CLI tools — never use stale cache from previous runs
+          rm -rf /tmp/moko-platform
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform 2>/dev/null || true
+          if [ -d "/tmp/moko-platform" ] && [ -f "/tmp/moko-platform/composer.json" ]; then
+            cd /tmp/moko-platform && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
+          fi
+          echo "MOKO_CLI=/tmp/moko-platform/cli" >> "$GITHUB_ENV"
+
+      - name: Detect platform
+        id: platform
+        run: php ${MOKO_CLI}/manifest_read.php --path . --github-output
+
+      - name: Resolve stability and bump version
+        id: meta
+        run: |
+          BRANCH="${{ github.ref_name }}"
+
+          # Configure git for bot pushes
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+          # Auto-bump patch version
+          php ${MOKO_CLI}/version_bump.php --path . 2>/dev/null || true
+
+          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "0.0.0")
+
+          # Strip any existing suffix before applying stability
+          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
+
+          # Determine stability from branch or manual input
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            STABILITY="${{ inputs.stability }}"
+          elif [[ "$BRANCH" == rc/* ]]; then
+            STABILITY="rc"
+          elif [[ "$BRANCH" == beta/* ]]; then
+            STABILITY="beta"
+          elif [[ "$BRANCH" == alpha/* ]]; then
+            STABILITY="alpha"
+          else
+            STABILITY="development"
+          fi
+
+          # Version suffix per stability stream
+          case "$STABILITY" in
+            development) SUFFIX="-dev";  TAG="development" ;;
+            alpha)       SUFFIX="-alpha"; TAG="alpha" ;;
+            beta)        SUFFIX="-beta";  TAG="beta" ;;
+            rc)          SUFFIX="-rc";    TAG="release-candidate" ;;
+            *)           SUFFIX="";       TAG="stable" ;;
+          esac
+
+          # Propagate version with stability suffix to all manifest files
+          php ${MOKO_CLI}/version_set_platform.php \
+            --path . --version "$VERSION" --branch "$BRANCH" --stability "$STABILITY" 2>/dev/null || true
+          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
+
+          # Re-read version (now includes suffix from version_set_platform)
+          if [ -n "$SUFFIX" ]; then
+            VERSION="${VERSION}${SUFFIX}"
+          fi
+
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
+          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
+          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "display_version=${VERSION}" >> "$GITHUB_OUTPUT"
+
+          # Commit version bump if changed
+          git add -A
+          git diff --cached --quiet || {
+            git commit -m "chore(version): auto-bump ${VERSION} [skip ci]" \
+              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
+            git push
+          }
+
+      - name: Create release and upload package
+        id: package
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          TAG="${{ steps.meta.outputs.tag }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          # Create or update Gitea release
+          php ${MOKO_CLI}/release_create.php \
+            --path . --version "$VERSION" --tag "$TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --repo "${GITEA_REPO}" --branch "${{ github.ref_name }}" --prerelease
+
+          # Build package and upload
+          php ${MOKO_CLI}/release_package.php \
+            --path . --version "$VERSION" --tag "$TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --repo "${GITEA_REPO}" --output /tmp || true
+
+      - name: Update updates.xml
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          STABILITY="${{ steps.meta.outputs.stability }}"
+          SHA256="${{ steps.package.outputs.sha256_zip }}"
+
+          if [ ! -f "updates.xml" ]; then
+            echo "No updates.xml — skipping"
+            exit 0
+          fi
+
+          SHA_FLAG=""
+          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
+
+          php ${MOKO_CLI}/updates_xml_build.php \
+            --path . --version "${VERSION}" --stability "${STABILITY}" \
+            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
+            ${SHA_FLAG}
+
+          # Commit and push updates.xml
+          git add updates.xml
+          git diff --cached --quiet || {
+            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
+            git push
+          }
+
+      - name: Sync updates.xml to main
+        if: github.ref_name != 'main' && steps.platform.outputs.platform == 'joomla'
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          GITEA_TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+
+          FILE_SHA=$(curl -sf -H "Authorization: token ${GITEA_TOKEN}" \
+            "${API_BASE}/contents/updates.xml?ref=main" | python3 -c "import sys,json; print(json.load(sys.stdin).get('sha',''))" 2>/dev/null || true)
+
+          if [ -n "$FILE_SHA" ] && [ -f "updates.xml" ]; then
+            python3 -c "
+          import base64, json, urllib.request, sys
+          with open('updates.xml', 'rb') as f:
+              content = base64.b64encode(f.read()).decode()
+          payload = json.dumps({
+              'content': content,
+              'sha': '${FILE_SHA}',
+              'message': 'chore: sync updates.xml from ${{ steps.meta.outputs.stability }} [skip ci]',
+              'branch': 'main'
+          }).encode()
+          req = urllib.request.Request(
+              '${API_BASE}/contents/updates.xml',
+              data=payload, method='PUT',
+              headers={
+                  'Authorization': 'token ${GITEA_TOKEN}',
+                  'Content-Type': 'application/json'
+              })
+          try:
+              urllib.request.urlopen(req)
+              print('updates.xml synced to main')
+          except Exception as e:
+              print(f'WARNING: sync to main failed: {e}', file=sys.stderr)
+          "
+          fi
+
+      - name: SFTP deploy to dev server
+        if: contains(github.ref, 'dev/') || github.ref == 'refs/heads/dev'
+        env:
+          DEV_HOST: ${{ vars.DEV_FTP_HOST }}
+          DEV_PATH: ${{ vars.DEV_FTP_PATH }}
+          DEV_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
+          DEV_USER: ${{ vars.DEV_FTP_USERNAME }}
+          DEV_PORT: ${{ vars.DEV_FTP_PORT }}
+          DEV_KEY: ${{ secrets.DEV_FTP_KEY }}
+          DEV_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
+        run: |
+          # Permission check: admin or maintain role required
+          ACTOR="${{ github.actor }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+            "${API_BASE}/collaborators/${ACTOR}/permission" 2>/dev/null | \
+            python3 -c "import sys,json; print(json.load(sys.stdin).get('permission','read'))" 2>/dev/null || echo "read")
+          case "$PERMISSION" in
+            admin|maintain|write) ;;
+            *)
+              echo "Deploy denied: ${ACTOR} has '${PERMISSION}' — requires admin, maintain, or write"
+              exit 0
+              ;;
+          esac
+
+          [ -z "$DEV_HOST" ] || [ -z "$DEV_PATH" ] && { echo "DEV FTP not configured — skipping SFTP"; exit 0; }
+
+          SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
+          [ ! -d "$SOURCE_DIR" ] && exit 0
+
+          PORT="${DEV_PORT:-22}"
+          REMOTE="${DEV_PATH%/}"
+          [ -n "$DEV_SUFFIX" ] && REMOTE="${REMOTE}/${DEV_SUFFIX#/}"
+
+          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
+            "$DEV_HOST" "$PORT" "$DEV_USER" "$REMOTE" > /tmp/sftp-config.json
+          if [ -n "$DEV_KEY" ]; then
+            echo "$DEV_KEY" > /tmp/deploy_key && chmod 600 /tmp/deploy_key
+            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
+          else
+            printf ',"password":"%s"}' "$DEV_PASS" >> /tmp/sftp-config.json
+          fi
+
+          PLATFORM=$(php ${MOKO_CLI}/platform_detect.php --path . 2>/dev/null || true)
+          if [ "$PLATFORM" = "waas-component" ] && [ -f "${MOKO_CLI}/../deploy/deploy-joomla.php" ]; then
+            php ${MOKO_CLI}/../deploy/deploy-joomla.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
+          elif [ -f "${MOKO_CLI}/../deploy/deploy-sftp.php" ]; then
+            php ${MOKO_CLI}/../deploy/deploy-sftp.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
+          fi
+          rm -f /tmp/deploy_key /tmp/sftp-config.json
+          echo "SFTP deploy to dev complete" >> $GITHUB_STEP_SUMMARY
+
+      - name: Summary
+        if: always()
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          STABILITY="${{ steps.meta.outputs.stability }}"
+          DISPLAY="${{ steps.meta.outputs.display_version }}"
+          echo "## Update Server" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| Stability | \`${STABILITY}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| Version | \`${DISPLAY}\` |" >> $GITHUB_STEP_SUMMARY

CHANGELOG.md

@@ -1,10 +1,23 @@
 # Changelog
 ## [Unreleased]
- 
+
+### Changed
+- Migrated all workflow and template paths from `.github/` to `.mokogitea/`
+- Template source paths updated: `templates/gitea/` to `templates/mokogitea/`
+- HCL definition files removed -- Template repos are now the canonical source
+
+### Added
+- `branch-cleanup.yml`: auto-delete merged feature branches after PR merge
+
+### Fixed
+- Hardcode name and description in XML manifest (language variables don't resolve during install)
 
 ## [01.02.00] --- 2026-05-10
 
 ### Added
+- Copy DPCalendar event description to JoomGallery category description
+- Sync description on event update (alongside title sync)
+- Event-specific permissions override template permissions on gallery categories
 - Auto-create "DPCalendar Events" template category in JoomGallery on install
 - Plugin parent_category param auto-set to template category
 - Post-install instructions in extension description

CLAUDE.md

@@ -0,0 +1,42 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code when working with this repository.
+
+## Project Overview
+
+**MokoGalleryCalendar** -- JoomGallery and DPCalendar integration — link photo galleries to calendar events
+
+| Field | Value |
+|---|---|
+| **Platform** | joomla |
+| **Language** | PHP |
+| **Default branch** | main |
+| **License** | GPL-3.0-or-later |
+| **Wiki** | [MokoGalleryCalendar Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki) |
+| **Standards** | [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home) |
+
+## Common Commands
+
+```bash
+composer install  # Install PHP dependencies
+```
+
+## Architecture
+
+This is a Joomla extension. Key directories:
+- `src/` -- extension source (deployed to Joomla)
+- `src/*.xml` -- manifest file (version, files, params)
+- `src/src/` or `src/services/` -- PHP classes
+- `src/language/` -- translation strings
+- `src/media/` -- CSS/JS/images
+
+## Rules
+
+- **Workflow directory**: `.mokogitea/` (not `.gitea/` or `.github/`)
+
+- **Never commit** `.claude/`, `.mcp.json`, `TODO.md`, or `*.min.css`/`*.min.js`
+- **Attribution**: use `Authored-by: Moko Consulting` in commits
+- **Branch strategy**: develop on `dev`, merge to `main` for release
+- **Minification**: handled at build time (CI) and runtime (MokoMinifyHelper for Joomla templates)
+- **Wiki**: documentation lives in the Gitea wiki, not in `docs/` files
+- **Standards**: this repo follows [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)

CONTRIBUTING.md

@@ -1,145 +1,161 @@
-<!--
- Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-
- This file is part of a Moko Consulting project.
-
- SPDX-License-Identifier: GPL-3.0-or-later
-
- # FILE INFORMATION
- DEFGROUP: Joomla.Template
- INGROUP: MokoOnyx.Governance
- REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoOnyx
- FILE: CONTRIBUTING.md
- VERSION: 03.09.03
- BRIEF: Contribution guidelines for the MokoOnyx project.
- PATH: /CONTRIBUTING.md
- NOTE: This document defines contribution workflow, standards, and governance alignment.
--->
-
-## Contributing
-
-This document defines how to contribute to the MokoOnyx project. The goal is to ensure changes are reviewable, auditable, and aligned with project governance and release processes.
-
-## Scope
-
-These guidelines apply to all contributions, including:
-
-* Source code changes
-* Documentation updates
-* Bug reports and enhancement proposals
-
-## Prerequisites
-
-Contributors are expected to:
-
-* Have a working understanding of Joomla template structure.
-* Be familiar with Git and GitHub pull request workflows.
-* Review repository governance documents prior to submitting changes.
-* Set up the development environment using the provided tools.
-
-### Quick Setup
-
-For first-time contributors:
-
-```bash
-# Clone the repository
-git clone https://git.mokoconsulting.tech/MokoConsulting/MokoOnyx.git
-cd MokoOnyx
-```
-
-See [docs/QUICK_START.md](./docs/QUICK_START.md) for detailed setup instructions.
-
-## Development Tools
-
-The repository provides several tools to streamline development:
-
-* **Pre-commit Hooks**: Automatic local validation before commits
-
-## Contribution Workflow
-
-1. Fork the repository.
-2. Create a branch from the active development branch.
-3. Make focused, minimal changes that address a single concern.
-4. Submit a pull request with a clear description of intent and impact.
-
-Direct commits to protected branches are not permitted.
-
-## Branching and Versioning
-
-* Development work occurs on designated development branches.
-* Releases are produced from versioned branches following repository standards.
-* Contributors should not bump version numbers unless explicitly requested.
-
-## Coding and Formatting Standards
-
-All contributions must:
-
-* Follow Joomla coding standards where applicable.
-* Conform to Moko Consulting repository standards for headers, metadata, and file structure.
-* Avoid introducing tabs, inconsistent path separators, or non portable assumptions.
-
-Automated checks may reject changes that do not meet these requirements.
-
-## Documentation Standards
-
-Documentation changes must:
-
-* Include required metadata and revision history sections.
-* Avoid embedding version numbers in revision history tables.
-* Preserve existing structure unless a structural change is explicitly proposed.
-
-## Commit Messages
-
-Commit messages should:
-
-* Be concise and descriptive.
-* Focus on what changed and why.
-* Avoid referencing internal issue trackers unless required.
-
-## Reporting Issues
-
-Bug reports and enhancement requests should be filed as GitHub issues and include:
-
-* Clear reproduction steps or use cases.
-* Expected versus actual behavior.
-* Relevant environment details.
-
-Security related issues must follow the process defined in SECURITY.md and must not be reported publicly.
-
-## Review Process
-
-All pull requests are subject to review. Review criteria include:
-
-* Technical correctness
-* Alignment with project goals
-* Maintainability and clarity
-* Risk introduced to release and update processes
-
-Maintainers may request changes prior to approval.
-
-## License
-
-By contributing, you agree that your contributions will be licensed under GPL-3.0-or-later, consistent with the rest of the project.
-
-## Code of Conduct
-
-Participation in this project is governed by the Code of Conduct. Unacceptable behavior may result in contribution restrictions.
-
----
-
-## Metadata
-
-* **Document:** CONTRIBUTING.md
-* **Repository:** [https://git.mokoconsulting.tech/MokoConsulting/MokoOnyx](https://git.mokoconsulting.tech/MokoConsulting/MokoOnyx)
-* **Path:** /CONTRIBUTING.md
-* **Owner:** Moko Consulting
-* **Version:** 03.06.00
-* **Status:** Active
-* **Effective Date:** 2025-12-18
-* **Last Reviewed:** 2025-12-18
-
-## Revision History
-
-| Date       | Change Summary                                                            | Author          |
-| ---------- | ------------------------------------------------------------------------- | --------------- |
-| 2025-12-18 | Initial publication of contribution guidelines and workflow expectations. | Moko Consulting |
+# Contributing to Moko Consulting Projects
+
+Thank you for your interest in contributing. All Moko Consulting repositories follow this universal workflow and version policy.
+
+## Branching Workflow
+
+```
+feature/* ──PR──> dev ──draft PR──> (renamed to rc) ──merge──> main
+```
+
+### Step by step
+
+1. **Create a feature branch** from `dev`:
+   ```bash
+   git checkout dev && git pull
+   git checkout -b feature/my-change
+   ```
+
+2. **Work and commit** on your feature branch. Push to origin.
+
+3. **Open a PR**: `feature/my-change` → `dev`. After review and checks, merge it.
+
+4. **When ready for release**, open a **draft PR**: `dev` → `main`.
+   - This automatically renames the source branch to `rc` (release candidate)
+   - An RC pre-release is built and uploaded
+
+5. **Alpha and beta branches** are created by manually renaming the branch before the RC stage:
+   - Rename `dev` to `alpha` for early testing → alpha pre-release is built
+   - Rename `alpha` to `beta` for feature-complete testing → beta pre-release is built
+   - When the draft PR is created, the branch is renamed to `rc`
+
+6. **Once PR checks pass** on the `rc` branch, mark the PR as ready and merge to `main`.
+
+7. **Merging to main** triggers the stable release pipeline:
+   - Minor version bump (e.g., `02.09.xx` → `02.10.00`)
+   - Stability suffix stripped (clean version)
+   - Gitea release created with ZIP/tar.gz packages
+   - `updates.xml` updated (Joomla extensions)
+   - `dev` branch recreated from `main`
+
+### Branch summary
+
+| Branch | Purpose | Created by |
+|--------|---------|-----------|
+| `feature/*` | New features and fixes | Developer |
+| `dev` | Integration branch | Auto-recreated after release |
+| `alpha` | Alpha pre-release testing | Manual rename from `dev` |
+| `beta` | Beta pre-release testing | Manual rename from `alpha` |
+| `rc` | Release candidate | Auto-renamed on draft PR to main |
+| `main` | Stable releases | Protected, merge only |
+| `version/XX.YY.ZZ` | Archived release snapshots | Auto-created by CI |
+
+### Protected branches
+
+| Branch | Direct push | Merge via |
+|--------|------------|-----------|
+| `main` | Blocked (CI bot whitelisted) | PR merge only |
+| `dev` | Blocked (CI bot whitelisted) | PR merge from feature/* |
+| `rc` | Blocked (CI bot whitelisted) | Auto-created on draft PR |
+| `alpha` | Blocked (CI bot whitelisted) | Manual rename |
+| `beta` | Blocked (CI bot whitelisted) | Manual rename |
+| `feature/*` | Open | N/A (source branch) |
+
+## Version Policy
+
+### Format
+
+All versions use `XX.YY.ZZ` — three two-digit segments, zero-padded:
+
+- **XX** — Major version (breaking changes)
+- **YY** — Minor version (new features, bumped on release to main)
+- **ZZ** — Patch version (auto-incremented on every push to dev/feature branches)
+
+Rollover: patch `99` → `00` increments minor; minor `99` → `00` increments major.
+
+### Stability suffixes
+
+Each branch appends a suffix to indicate stability:
+
+| Branch | Suffix | Example |
+|--------|--------|---------|
+| `main` | (none) | `02.09.00` |
+| `dev` | `-dev` | `02.09.01-dev` |
+| `feature/*` | `-dev` | `02.09.01-dev` |
+| `alpha` | `-alpha` | `02.09.01-alpha` |
+| `beta` | `-beta` | `02.09.01-beta` |
+| `rc` | `-rc` | `02.09.01-rc` |
+
+### Auto version bump
+
+On every push to `dev`, `feature/*`, or `patch/*`:
+
+1. Patch version incremented
+2. Stability suffix `-dev` applied
+3. All version-bearing files updated (manifests, CHANGELOG, PHP headers, etc.)
+4. Commit created with `[skip ci]` to avoid loops
+
+### Release version flow
+
+Version bumps happen at specific release events:
+
+| Event | Bump | Example |
+|-------|------|---------|
+| Feature merged to dev | Patch bump after dev release | `02.09.01-dev` → release → `02.09.02-dev` |
+| Dev promoted to RC | Minor bump | `02.09.02-dev` → `02.10.00-rc` |
+| RC merged to main | Minor bump | `02.10.00-rc` → `02.11.00` (stable) |
+| Dev recreated from main | Patch bump | `02.11.00` → `02.11.01-dev` |
+
+### Release stream copies
+
+When a higher-stability release is published, copies are created for all lesser streams with the same base version:
+
+- **RC `02.10.00-rc`** also creates: `02.10.00-dev`, `02.10.00-alpha`, `02.10.00-beta`
+- **Stable `02.11.00`** also creates: `02.11.00-dev`, `02.11.00-alpha`, `02.11.00-beta`, `02.11.00-rc`
+
+This ensures Joomla sites on ANY stability channel see the update (Joomla only shows versions higher than what's installed).
+
+### Version files
+
+The version tools update all files containing version stamps:
+
+- `.mokogitea/manifest.xml` (canonical source)
+- Joomla XML manifests (`<version>` tag)
+- `README.md`, `CHANGELOG.md` (`VERSION:` pattern)
+- `package.json`, `pyproject.toml`
+- Any text file with a `VERSION: XX.YY.ZZ` label
+
+Files synced from other repos (with a `# REPO:` header) are not touched.
+
+## Code Standards
+
+- **PHP**: PSR-12, tabs for indentation
+- **Copyright**: all files must include the Moko Consulting copyright header
+- **License**: SPDX identifier `GPL-3.0-or-later` (or as specified per repo)
+- **Attribution**: use `Authored-by: Moko Consulting` in commits, not individual names
+
+## Commit Messages
+
+Use conventional commit format:
+
+```
+type(scope): short description
+
+Optional body with context.
+
+Authored-by: Moko Consulting
+```
+
+Types: `feat`, `fix`, `chore`, `docs`, `style`, `refactor`, `test`, `ci`
+
+Special flags in commit messages:
+- `[skip ci]` — skip all CI workflows
+- `[skip bump]` — skip auto version bump only
+
+## Reporting Issues
+
+Use the repository's issue tracker with the appropriate template.
+
+---
+
+*Moko Consulting <hello@mokoconsulting.tech>*

README.md

@@ -1,132 +1,92 @@
-<!--
-Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+# MokoGalleryCalendar
 
-This file is part of a Moko Consulting project.
+JoomGallery and DPCalendar integration -- automatically creates a JoomGallery photo-gallery category for every DPCalendar event.
 
-SPDX-License-Identifier: GPL-3.0-or-later
-
-# FILE INFORMATION
-DEFGROUP: MokoGalleryCalendar.Documentation
-INGROUP: MokoGalleryCalendar
-REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar
-FILE: ./README.md
-VERSION: 01.02.00
-BRIEF: Documentation for Moko Gallery Calendar plugin
--->
-
-# Moko Gallery Calendar
-
-> **Moko Gallery Calendar** is a Joomla system plugin that automatically creates a JoomGallery category whenever a DPCalendar event's start date arrives. Link your events to photo galleries without manual setup.
-
-**DPCalendar + JoomGallery Bridge**
-
-[![Version](https://img.shields.io/gitea/v/release/MokoConsulting/MokoGalleryCalendar?gitea_url=https%3A%2F%2Fgit.mokoconsulting.tech&logo=gitea&logoColor=white&label=version)](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/stable)
-[![License](https://img.shields.io/badge/license-GPL--3.0--or--later-green.svg?logo=gnu&logoColor=white)](LICENSE)
-[![Joomla](https://img.shields.io/badge/Joomla-5.x%20%7C%206.x-red.svg?logo=joomla&logoColor=white)](https://www.joomla.org)
-[![PHP](https://img.shields.io/badge/PHP-8.1%2B-777BB4.svg?logo=php&logoColor=white)](https://www.php.net)
-
-## Features
-
-- **Deferred category creation** — gallery categories are created when the event date arrives, not when the event is first saved
-- **Joomla Task Scheduler** — runs daily via `com_scheduler` (Joomla 4.1+); auto-registered on install
-- **Frontend fallback** — if the scheduled task hasn't run in 7 days, the next site visit triggers processing
-- **Configurable permissions** — set a default access level and copy ACL rules from a template category
-- **Title sync** — renames the gallery category when the event title changes
-- **Clean deletion** — optionally removes the gallery category and its asset record when the event is deleted
-- **Recurring event aware** — only the original event gets a gallery; recurring instances are skipped
-- **Unique aliases** — automatically deduplicates category URL aliases
-- **Seed on install** — existing DPCalendar events get mapped on first install
-- **Auto-creates template category** — creates "DPCalendar Events" parent category in JoomGallery on install
-
-## Requirements
-
-- Joomla 5.x or 6.x
-- PHP 8.1+
-- [DPCalendar](https://joomla.digital-peak.com/products/dpcalendar) (installed and enabled)
-- [JoomGallery 4](https://www.joomgalleryfriends.net/) (installed and enabled)
-
-## Installation
-
-1. Download the latest release ZIP from the [releases page](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/stable)
-2. Install via **System > Install > Extensions** in your Joomla administrator
-3. Enable the plugin at **System > Manage > Plugins** (search for "Moko Gallery Calendar")
-4. Configure the plugin settings (see below)
-5. Verify the scheduled task is registered at **System > Scheduled Tasks**
-
-## Configuration
-
-| Parameter | Description | Default |
-|-----------|-------------|---------|
-| **Parent Category** | JoomGallery category ID under which event galleries are created | `1` (root) |
-| **Delete on Event Remove** | Remove gallery category when the DPCalendar event is trashed/deleted | No |
-| **Sync Title Changes** | Rename gallery category when the event title changes | Yes |
-| **Default Access Level** | Joomla access level assigned to new gallery categories (Public, Registered, etc.) | Public |
-| **Permissions Template Category** | JoomGallery category ID whose ACL rules are copied to new categories. Set to `0` to inherit from parent. | `0` |
-
-### Permissions Template
-
-Instead of manually configuring JSON ACL rules, point the plugin at an existing JoomGallery category that already has the permissions you want. The plugin copies that category's `rules` to every new gallery it creates.
-
-1. Create a "template" category in JoomGallery (e.g., "Event Gallery Template")
-2. Set its permissions via JoomGallery's Permissions tab (who can create, edit, delete images)
-3. Enter that category's ID in the **Permissions Template Category** field
-4. All future event galleries will inherit those exact rules
-
-## How It Works
-
-### Lifecycle
-
-```
-Event created in DPCalendar
-  └─ onContentAfterSave fires
-       ├─ Event date is today or past → create category immediately
-       └─ Event date is in the future → store pending mapping (category_id = 0)
-
-Daily (Task Scheduler or fallback)
-  └─ Query pending mappings where event_date <= today
-       └─ Create gallery categories + asset records for each
-
-Event deleted in DPCalendar
-  └─ onContentAfterDelete fires
-       ├─ Delete gallery category + asset record (if configured)
-       └─ Remove mapping row
-```
-
-### Category Creation Triggers
-
-| Trigger | When | Condition |
-|---------|------|-----------|
-| **Task Scheduler** | Daily at 2:00 AM | Primary — runs via `com_scheduler` |
-| **Frontend fallback** | Any page load | Only if task hasn't run in 7+ days |
-| **Immediate** | On event save | Only if event date is today or past |
-
-### Database
-
-The plugin creates one table:
-
-**`#__mokojgdpc_map`**
-
-| Column | Type | Description |
-|--------|------|-------------|
-| `id` | INT AUTO_INCREMENT | Primary key |
-| `event_id` | INT UNSIGNED | DPCalendar event ID (unique) |
-| `category_id` | INT UNSIGNED | JoomGallery category ID (`0` = pending) |
-| `event_date` | DATE | Event start date — category created when this date arrives |
-| `created` | DATETIME | Row creation timestamp |
-
-## Uninstall
-
-Uninstalling the plugin:
-- Drops the `#__mokojgdpc_map` table
-- Removes the scheduled task from `#__scheduler_tasks`
-- Deletes the `/tmp/mokojgdpc_lastrun` cache file
-
-**Note:** Gallery categories and their asset records created by the plugin are **not** removed on uninstall. They become standalone JoomGallery categories.
-
-## License
-
-GNU General Public License version 3 or later. See [LICENSE](LICENSE) for the full text.
+![PHP](https://img.shields.io/badge/PHP-8.1+-777BB4?style=flat-square&logo=php&logoColor=white) ![Joomla](https://img.shields.io/badge/Joomla-5.x%20%7C%206.x-F44321?style=flat-square&logo=joomla&logoColor=white) ![License](https://img.shields.io/badge/license-GPL--3.0--or--later-green?style=flat-square) ![Version](https://img.shields.io/badge/version-01.02.00-blue?style=flat-square) ![Wiki](https://img.shields.io/badge/wiki-MokoGalleryCalendar-blue?style=flat-square)
 
 ---
 
-**Moko Consulting** | [mokoconsulting.tech](https://mokoconsulting.tech)
+## Features
+
+- **Automatic gallery categories** -- a JoomGallery category is created for each DPCalendar event, giving every event its own photo gallery.
+- **Deferred creation** -- categories for future events are queued and created automatically when the event date arrives, via Joomla Task Scheduler or a 7-day frontend fallback.
+- **Title sync** -- renaming a DPCalendar event updates the linked gallery category title and alias.
+- **Cascade delete** -- optionally removes the gallery category and its Joomla asset when the event is deleted.
+- **ACL permissions template** -- copy permission rules from a template category so every new gallery inherits consistent access control.
+- **Configurable access level** -- set the Joomla viewing access level (Public, Registered, etc.) for new categories.
+- **Existing event seeding** -- on first install, all published DPCalendar events are scanned and mapped automatically.
+- **Recurring event awareness** -- only the parent event gets a gallery; recurring instances are skipped.
+- **Joomla update server** -- one-click updates via **System > Update > Extensions**.
+
+## Requirements
+
+| Dependency | Version |
+|---|---|
+| Joomla | 5.x or 6.x |
+| PHP | 8.1+ |
+| DPCalendar | Any current version |
+| JoomGallery | 4.x |
+
+Both DPCalendar and JoomGallery must be installed and enabled before installing MokoGalleryCalendar.
+
+## Installation
+
+1. Download the latest ZIP from the [releases page](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases)
+2. In Joomla admin, go to **System > Install > Extensions**
+3. Upload the ZIP and install
+4. Go to **System > Manage > Plugins**, search for "MokoJGDPC", and enable it
+
+The install script automatically creates the mapping table, seeds existing events, and registers a daily scheduled task.
+
+See the [Installation Guide](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/installation) for full details.
+
+## Configuration
+
+All settings are in **System > Manage > Plugins > MokoJGDPC**.
+
+| Parameter | Default | Description |
+|---|---|---|
+| Parent Gallery Category | `1` (root) | JoomGallery category under which event galleries are created |
+| Delete on Event Remove | No | Also delete the gallery category when a DPCalendar event is deleted |
+| Sync Title Changes | Yes | Keep the gallery category name in sync with the event title |
+| Default Access Level | Public | Joomla viewing access level for new categories |
+| Permissions Template Category | `0` (inherit) | Copy ACL rules from this JoomGallery category to new galleries |
+
+See the [Configuration Guide](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/configuration) for detailed descriptions of each parameter.
+
+## Usage
+
+Once enabled, the plugin works automatically:
+
+1. **Create a DPCalendar event** -- if the event date is today or earlier, a JoomGallery category is created immediately. If the event is in the future, a pending mapping is stored.
+2. **Pending categories are created** when the event date arrives, either by the daily scheduled task (2:00 AM) or the frontend fallback.
+3. **Edit an event title** -- the linked gallery category title and alias update automatically (if Sync Title is enabled).
+4. **Delete an event** -- the mapping is always removed. The gallery category is also deleted if Delete on Event Remove is enabled.
+
+### Scheduled Task
+
+The plugin registers a Joomla Task Scheduler entry: **MokoJGDPC: Process pending gallery categories**. This runs daily and creates categories for any events whose start date has arrived. Joomla's Task Scheduler requires either a server cron job or the "Lazy Scheduling" (Web Cron) option enabled.
+
+## Documentation
+
+Full documentation is available on the [Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki):
+
+| Page | Description |
+|---|---|
+| [Installation](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/installation) | Install, update, uninstall, and auto-update server |
+| [Configuration](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/configuration) | All plugin parameters explained |
+| [Architecture](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/architecture) | File structure, data flow, database schema, nested set operations |
+| [Development](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/development) | Local setup, building, CI/CD workflows, key methods |
+| [Troubleshooting](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/troubleshooting) | Common issues, log locations, database inspection queries |
+
+## Contributing
+
+See the [CONTRIBUTING](CONTRIBUTING.md) guidelines and the [Development](https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/wiki/development) wiki page.
+
+## License
+
+This project is licensed under the GNU General Public License v3.0 or later -- see the [LICENSE](LICENSE) file.
+
+---
+
+*[Moko Consulting](https://mokoconsulting.tech) -- [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)*

automation/ci-issue-reporter.sh

@@ -0,0 +1,237 @@
+#!/usr/bin/env bash
+# ============================================================================
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Automation.CI
+# INGROUP: moko-platform.Automation
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /automation/ci-issue-reporter.sh
+# VERSION: 09.23.00
+# BRIEF: Creates or updates a Gitea issue when a CI gate fails.
+#        Deduplicates by searching open issues with the "ci-auto" label
+#        whose title matches the gate. If a matching issue exists, a comment
+#        is appended instead of opening a duplicate.
+# ============================================================================
+
+set -euo pipefail
+
+# ── Defaults ────────────────────────────────────────────────────────────────
+GITEA_URL="${GITEA_URL:-https://git.mokoconsulting.tech}"
+GITEA_TOKEN="${GITEA_TOKEN:-}"
+REPO="${GITHUB_REPOSITORY:-}"
+RUN_URL="${GITHUB_SERVER_URL:-${GITEA_URL}}/${REPO}/actions/runs/${GITHUB_RUN_ID:-0}"
+LABEL_NAME="ci-auto"
+LABEL_COLOR="#e11d48"
+
+GATE=""
+DETAILS=""
+SEVERITY="error"
+WORKFLOW=""
+
+# ── Parse arguments ─────────────────────────────────────────────────────────
+usage() {
+  cat <<EOF
+Usage: ci-issue-reporter.sh --gate NAME --details TEXT [OPTIONS]
+
+Required:
+  --gate      CI gate name (e.g. "Code Quality", "Self-Health")
+  --details   Human-readable failure description
+
+Optional:
+  --severity  "error" (default) or "warning"
+  --workflow  Workflow name for the issue title
+  --repo      owner/repo (default: \$GITHUB_REPOSITORY)
+  --run-url   URL to the CI run (auto-detected from env)
+  --token     Gitea API token (default: \$GITEA_TOKEN)
+  --url       Gitea base URL (default: \$GITEA_URL)
+EOF
+  exit 1
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --gate)     GATE="$2";       shift 2 ;;
+    --details)  DETAILS="$2";    shift 2 ;;
+    --severity) SEVERITY="$2";   shift 2 ;;
+    --workflow) WORKFLOW="$2";   shift 2 ;;
+    --repo)     REPO="$2";      shift 2 ;;
+    --run-url)  RUN_URL="$2";   shift 2 ;;
+    --token)    GITEA_TOKEN="$2"; shift 2 ;;
+    --url)      GITEA_URL="$2"; shift 2 ;;
+    -h|--help)  usage ;;
+    *)          echo "Unknown option: $1"; usage ;;
+  esac
+done
+
+[[ -z "$GATE" ]]         && { echo "ERROR: --gate is required"; usage; }
+[[ -z "$DETAILS" ]]      && { echo "ERROR: --details is required"; usage; }
+[[ -z "$GITEA_TOKEN" ]]  && { echo "ERROR: GITEA_TOKEN not set"; exit 1; }
+[[ -z "$REPO" ]]         && { echo "ERROR: GITHUB_REPOSITORY not set"; exit 1; }
+
+API="${GITEA_URL}/api/v1/repos/${REPO}"
+
+# ── Build title ─────────────────────────────────────────────────────────────
+if [[ -n "$WORKFLOW" ]]; then
+  TITLE="[CI] ${WORKFLOW}: ${GATE} failed"
+else
+  TITLE="[CI] ${GATE} failed"
+fi
+
+# ── Ensure label exists ─────────────────────────────────────────────────────
+ensure_label() {
+  local exists
+  exists=$(curl -sf -o /dev/null -w '%{http_code}' \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/labels" 2>/dev/null || echo "000")
+
+  if [[ "$exists" == "200" ]]; then
+    # Check if label already exists
+    local found
+    found=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -o "\"name\":\"${LABEL_NAME}\"" || true)
+
+    if [[ -z "$found" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/labels" \
+        -d "{\"name\":\"${LABEL_NAME}\",\"color\":\"${LABEL_COLOR}\",\"description\":\"Auto-created by CI issue reporter\"}" \
+        > /dev/null 2>&1 || true
+    fi
+  fi
+}
+
+# ── Search for existing open issue ──────────────────────────────────────────
+find_existing_issue() {
+  # URL-encode the gate name for the query
+  local query
+  query=$(printf '%s' "[CI] ${GATE}" | sed 's/ /%20/g; s/\[/%5B/g; s/\]/%5D/g')
+
+  local response
+  response=$(curl -sf \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/issues?type=issues&state=open&labels=${LABEL_NAME}&q=${query}&limit=5" \
+    2>/dev/null || echo "[]")
+
+  # Extract the first matching issue number
+  echo "$response" \
+    | grep -oP '"number":\s*\K[0-9]+' \
+    | head -1
+}
+
+# ── Build issue body ────────────────────────────────────────────────────────
+build_body() {
+  local severity_badge
+  if [[ "$SEVERITY" == "error" ]]; then
+    severity_badge="**Severity:** Error"
+  else
+    severity_badge="**Severity:** Warning"
+  fi
+
+  cat <<BODY
+## CI Gate Failure: ${GATE}
+
+${severity_badge}
+**Workflow:** ${WORKFLOW:-unknown}
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+### Details
+
+${DETAILS}
+
+### Resolution
+
+Fix the issue described above and push a new commit. This issue will be closed automatically when the gate passes, or can be closed manually.
+
+---
+*Auto-created by [ci-issue-reporter](${GITEA_URL}/${REPO}/src/branch/main/automation/ci-issue-reporter.sh)*
+BODY
+}
+
+# ── Build comment body (for existing issues) ────────────────────────────────
+build_comment() {
+  cat <<COMMENT
+### CI failure recurrence
+
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+${DETAILS}
+COMMENT
+}
+
+# ── Main ────────────────────────────────────────────────────────────────────
+ensure_label
+
+EXISTING=$(find_existing_issue)
+
+if [[ -n "$EXISTING" ]]; then
+  # Append comment to existing issue
+  COMMENT_BODY=$(build_comment)
+  COMMENT_JSON=$(printf '%s' "$COMMENT_BODY" | python3 -c "
+import sys, json
+print(json.dumps({'body': sys.stdin.read()}))" 2>/dev/null)
+
+  HTTP=$(curl -sf -o /dev/null -w '%{http_code}' -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues/${EXISTING}/comments" \
+    -d "${COMMENT_JSON}" 2>/dev/null || echo "000")
+
+  if [[ "$HTTP" == "201" ]]; then
+    echo "Commented on existing issue #${EXISTING}"
+  else
+    echo "WARNING: Failed to comment on issue #${EXISTING} (HTTP ${HTTP})"
+  fi
+else
+  # Create new issue
+  ISSUE_BODY=$(build_body)
+  ISSUE_JSON=$(python3 -c "
+import sys, json
+body = sys.stdin.read()
+print(json.dumps({
+    'title': sys.argv[1],
+    'body': body,
+    'labels': []
+}))" "$TITLE" <<< "$ISSUE_BODY" 2>/dev/null)
+
+  # Create the issue
+  RESPONSE=$(curl -sf -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues" \
+    -d "${ISSUE_JSON}" 2>/dev/null || echo "{}")
+
+  ISSUE_NUM=$(echo "$RESPONSE" | grep -oP '"number":\s*\K[0-9]+' | head -1)
+
+  if [[ -n "$ISSUE_NUM" ]]; then
+    # Apply label (separate call — more reliable across Gitea versions)
+    LABEL_ID=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -oP "\"id\":\s*\K[0-9]+(?=[^}]*\"name\":\s*\"${LABEL_NAME}\")" \
+      | head -1 || true)
+
+    if [[ -n "$LABEL_ID" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/issues/${ISSUE_NUM}/labels" \
+        -d "{\"labels\":[${LABEL_ID}]}" \
+        > /dev/null 2>&1 || true
+    fi
+
+    echo "Created issue #${ISSUE_NUM}: ${TITLE}"
+  else
+    echo "WARNING: Failed to create issue"
+    echo "Response: ${RESPONSE}"
+  fi
+fi

renovate.json

@@ -1 +0,0 @@
-{"$schema":"https://docs.renovatebot.com/renovate-schema.json","extends":["config:recommended"]}

src/language/en-GB/plg_system_mokojgdpc.sys.ini

@@ -2,5 +2,5 @@
 ; SPDX-License-Identifier: GPL-3.0-or-later
 ; VERSION: 01.00.00
 
-PLG_SYSTEM_MOKOJGDPC="Moko Gallery Calendar"
-PLG_SYSTEM_MOKOJGDPC_DESCRIPTION="Automatically creates a JoomGallery category when a DPCalendar event is created. Links events to photo galleries.<br><br><strong>After Install:</strong><br>1. Go to System → Manage → Plugins, search 'Moko Gallery Calendar'<br>2. Edit plugin parameters — set the parent JoomGallery category (auto-created as 'DPCalendar Events')<br>3. In JoomGallery → Categories, set permissions on 'DPCalendar Events' category for user access levels<br>4. New events will automatically get a photo gallery sub-category"
+PLG_SYSTEM_MOKOJGDPC="System - Moko Gallery Calendar"
+PLG_SYSTEM_MOKOJGDPC_DESCRIPTION="Automatically creates a JoomGallery category when a DPCalendar event is created. Links events to photo galleries.<br><br><strong>After Install:</strong><br>1. Go to System → Manage → Plugins, search 'System - Moko Gallery Calendar'<br>2. Edit plugin parameters — set the parent JoomGallery category (auto-created as 'DPCalendar Events')<br>3. In JoomGallery → Categories, set permissions on 'DPCalendar Events' category for user access levels<br>4. New events will automatically get a photo gallery sub-category"

src/language/en-US/plg_system_mokojgdpc.sys.ini

@@ -2,5 +2,5 @@
 ; SPDX-License-Identifier: GPL-3.0-or-later
 ; VERSION: 01.00.00
 
-PLG_SYSTEM_MOKOJGDPC="Moko Gallery Calendar"
-PLG_SYSTEM_MOKOJGDPC_DESCRIPTION="Automatically creates a JoomGallery category when a DPCalendar event is created. Links events to photo galleries.<br><br><strong>After Install:</strong><br>1. Go to System → Manage → Plugins, search 'Moko Gallery Calendar'<br>2. Edit plugin parameters — set the parent JoomGallery category (auto-created as 'DPCalendar Events')<br>3. In JoomGallery → Categories, set permissions on 'DPCalendar Events' category for user access levels<br>4. New events will automatically get a photo gallery sub-category"
+PLG_SYSTEM_MOKOJGDPC="System - Moko Gallery Calendar"
+PLG_SYSTEM_MOKOJGDPC_DESCRIPTION="Automatically creates a JoomGallery category when a DPCalendar event is created. Links events to photo galleries.<br><br><strong>After Install:</strong><br>1. Go to System → Manage → Plugins, search 'System - Moko Gallery Calendar'<br>2. Edit plugin parameters — set the parent JoomGallery category (auto-created as 'DPCalendar Events')<br>3. In JoomGallery → Categories, set permissions on 'DPCalendar Events' category for user access levels<br>4. New events will automatically get a photo gallery sub-category"

src/mokojgdpc.xml

@@ -14,7 +14,7 @@ VERSION: 01.00.00
 BRIEF: Plugin manifest XML file for MokoJGDPC
 -->
 <extension type="plugin" group="system" method="upgrade">
-	<name>PLG_SYSTEM_MOKOJGDPC</name>
+	<name>System - Moko Gallery Calendar</name>
 	<version>01.02.00</version>
 	<creationDate>2026-05-10</creationDate>
 	<author>Jonathan Miller || Moko Consulting</author>
@@ -22,7 +22,7 @@ BRIEF: Plugin manifest XML file for MokoJGDPC
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
 	<copyright>(C) 2026 Moko Consulting. All rights reserved.</copyright>
 	<license>GNU General Public License version 3 or later</license>
-	<description>PLG_SYSTEM_MOKOJGDPC_DESCRIPTION</description>
+	<description>Automatically creates a JoomGallery category when a DPCalendar event is created. Links events to photo galleries.</description>
 
 	<namespace path="src">MokoConsulting\Plugin\System\MokoJGDPC</namespace>
 

src/src/Extension/MokoJGDPC.php

@@ -94,6 +94,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 
 		$eventId    = (int) $article->id;
 		$eventTitle = trim($article->title ?? '');
+		$eventDesc  = trim($article->description ?? '');
 
 		if ($eventId <= 0 || $eventTitle === '') {
 			return;
@@ -115,7 +116,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 			$existingCatId = (int) $mapping->category_id;
 
 			if ($existingCatId > 0 && !$isNew && (int) $this->params->get('sync_title', 1) === 1) {
-				$this->updateCategoryTitle($existingCatId, $eventTitle);
+				$this->updateCategoryTitle($existingCatId, $eventTitle, $eventDesc);
 			}
 
 			if (($mapping->event_date ?? '') !== $eventDate) {
@@ -131,7 +132,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 
 		if ($createNow) {
 			$parentId = (int) $this->params->get('parent_category', 1);
-			$newCatId = $this->createGalleryCategory($eventTitle, $parentId);
+			$newCatId = $this->createGalleryCategory($eventTitle, $parentId, $eventDesc, $eventId);
 
 			if ($newCatId <= 0) {
 				Log::add(
@@ -247,6 +248,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 			->select([
 				$db->quoteName('e.id', 'event_id'),
 				$db->quoteName('e.title'),
+				$db->quoteName('e.description'),
 				'COALESCE(' . $db->quoteName('e.start_date') . ', ' . $db->quoteName('e.publish_up') . ') AS event_start',
 			])
 			->from($db->quoteName('#__dpcalendar_events', 'e'))
@@ -281,7 +283,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 			$catId     = 0;
 
 			if ($createNow) {
-				$catId = $this->createGalleryCategory(trim($row->title), $parentId);
+				$catId = $this->createGalleryCategory(trim($row->title), $parentId, trim($row->description ?? ''), (int) $row->event_id);
 			}
 
 			$map = (object) [
@@ -348,7 +350,8 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 				continue;
 			}
 
-			$catId = $this->createGalleryCategory($title, $parentId);
+			$desc  = $this->getEventDescription((int) $row->event_id);
+			$catId = $this->createGalleryCategory($title, $parentId, $desc, (int) $row->event_id);
 
 			if ($catId <= 0) {
 				Log::add(
@@ -488,6 +491,20 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 		return trim((string) $db->loadResult());
 	}
 
+	private function getEventDescription(int $eventId): string
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select($db->quoteName('description'))
+			->from($db->quoteName('#__dpcalendar_events'))
+			->where($db->quoteName('id') . ' = :eventId')
+			->bind(':eventId', $eventId, \Joomla\Database\ParameterType::INTEGER);
+
+		$db->setQuery($query);
+
+		return trim((string) $db->loadResult());
+	}
+
 	private function getMapping(int $eventId): ?object
 	{
 		$db    = $this->getDatabase();
@@ -540,7 +557,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 
 	// ── Category CRUD ─────────────────────────────────────────────────
 
-	private function createGalleryCategory(string $title, int $parentId): int
+	private function createGalleryCategory(string $title, int $parentId, string $description = '', int $eventId = 0): int
 	{
 		$db   = $this->getDatabase();
 		$user = $this->getApplication()->getIdentity();
@@ -600,7 +617,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 				'level'         => $newLevel,
 				'title'         => $title,
 				'alias'         => $alias,
-				'description'   => '',
+				'description'   => $description,
 				'published'     => 1,
 				'access'        => $access,
 				'language'      => '*',
@@ -625,7 +642,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 			return 0;
 		}
 
-		$this->createCategoryAsset($newId, $title, $parentId);
+		$this->createCategoryAsset($newId, $title, $parentId, $eventId);
 
 		return $newId;
 	}
@@ -662,17 +679,34 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 		return $baseAlias . '-' . time();
 	}
 
-	private function resolvePermissionRules(): string
+	private function resolvePermissionRules(int $eventId = 0): string
 	{
+		$db = $this->getDatabase();
+
+		// Check event-specific permissions first (priority over template)
+		if ($eventId > 0) {
+			$eventAssetName = 'com_dpcalendar.event.' . $eventId;
+			$query = $db->getQuery(true)
+				->select($db->quoteName('rules'))
+				->from($db->quoteName('#__assets'))
+				->where($db->quoteName('name') . ' = :assetName')
+				->bind(':assetName', $eventAssetName);
+
+			$db->setQuery($query);
+			$eventRules = $db->loadResult();
+
+			if ($eventRules && $eventRules !== '{}') {
+				return $eventRules;
+			}
+		}
+
+		// Fall back to template category permissions
 		$templateId = (int) $this->params->get('permissions_template_category', 0);
 
 		if ($templateId <= 0) {
 			return '{}';
 		}
 
-		$db = $this->getDatabase();
-
-		// JoomGallery stores permissions in #__assets, not on the category row
 		$assetName = 'com_joomgallery.category.' . $templateId;
 		$query     = $db->getQuery(true)
 			->select($db->quoteName('rules'))
@@ -696,10 +730,10 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 		return '{}';
 	}
 
-	private function createCategoryAsset(int $catId, string $title, int $parentId): void
+	private function createCategoryAsset(int $catId, string $title, int $parentId, int $eventId = 0): void
 	{
 		$db    = $this->getDatabase();
-		$rules = $this->resolvePermissionRules();
+		$rules = $this->resolvePermissionRules($eventId);
 
 		$parentAssetName = 'com_joomgallery.category.' . $parentId;
 		$query = $db->getQuery(true)
@@ -760,7 +794,7 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 		}
 	}
 
-	private function updateCategoryTitle(int $catId, string $title): void
+	private function updateCategoryTitle(int $catId, string $title, string $description = ''): void
 	{
 		$db    = $this->getDatabase();
 		$alias = \Joomla\CMS\Filter\OutputFilter::stringURLSafe($title);
@@ -769,10 +803,12 @@ class MokoJGDPC extends CMSPlugin implements SubscriberInterface
 			->update($db->quoteName('#__joomgallery_categories'))
 			->set($db->quoteName('title') . ' = :title')
 			->set($db->quoteName('alias') . ' = :alias')
+			->set($db->quoteName('description') . ' = :description')
 			->set($db->quoteName('modified_time') . ' = :now')
 			->where($db->quoteName('id') . ' = :catId')
 			->bind(':title', $title)
 			->bind(':alias', $alias)
+			->bind(':description', $description)
 			->bind(':catId', $catId, \Joomla\Database\ParameterType::INTEGER);
 
 		$now = (new \DateTime('now', new \DateTimeZone('UTC')))->format('Y-m-d H:i:s');

updates.xml

@@ -6,93 +6,97 @@
 
 <updates>
   <update>
-    <name>plg_system_mokojgdpc</name>
-    <description>plg_system_mokojgdpc update</description>
+    <name>System - Moko Gallery Calendar</name>
+    <description>System - Moko Gallery Calendar development build.</description>
     <element>mokojgdpc</element>
     <type>plugin</type>
-    <version>01.01.00</version>
     <client>site</client>
     <folder>system</folder>
+    <version>01.02.01</version>
+    <creationDate>2026-05-28</creationDate>
+    <infourl title='System - Moko Gallery Calendar'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/development</infourl>
+    <downloads>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/development/mokojgdpc-01.02.01-dev.zip</downloadurl>
+    </downloads>
     <tags><tag>development</tag></tags>
-    <infourl title="plg_system_mokojgdpc">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/stable</infourl>
-    <downloads>
-      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/stable/mokojgdpc-01.01.00.zip</downloadurl>
-    </downloads>
-    <sha256>ae7f485ad9469c5bb231ace49393f0d5dee4b0250d1beca165d5c77620edc0f0</sha256>
-    <targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" />
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
+    <targetplatform name='joomla' version='(5|6).*'/>
   </update>
   <update>
-    <name>plg_system_mokojgdpc</name>
-    <description>plg_system_mokojgdpc update</description>
+    <name>PLG_SYSTEM_MOKOJGDPC</name>
+    <description>PLG_SYSTEM_MOKOJGDPC stable build.</description>
     <element>mokojgdpc</element>
     <type>plugin</type>
-    <version>01.01.00</version>
     <client>site</client>
     <folder>system</folder>
+    <version>01.02.00</version>
+    <creationDate>2026-05-12</creationDate>
+    <infourl title='PLG_SYSTEM_MOKOJGDPC'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/v01</infourl>
+    <downloads>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/v01/mokojgdpc-01.02.00.zip</downloadurl>
+    </downloads>
+    <sha256>6cc6fd25d467c610187a61bbfeeb0c28cc25d98f36f8dbe75a4fe27b0b7c532b</sha256>
     <tags><tag>alpha</tag></tags>
-    <infourl title="plg_system_mokojgdpc">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/stable</infourl>
-    <downloads>
-      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/stable/mokojgdpc-01.01.00.zip</downloadurl>
-    </downloads>
-    <sha256>ae7f485ad9469c5bb231ace49393f0d5dee4b0250d1beca165d5c77620edc0f0</sha256>
-    <targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" />
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
+    <targetplatform name='joomla' version='(5|6).*'/>
   </update>
   <update>
-    <name>plg_system_mokojgdpc</name>
-    <description>plg_system_mokojgdpc update</description>
+    <name>PLG_SYSTEM_MOKOJGDPC</name>
+    <description>PLG_SYSTEM_MOKOJGDPC stable build.</description>
     <element>mokojgdpc</element>
     <type>plugin</type>
-    <version>01.01.00</version>
     <client>site</client>
     <folder>system</folder>
+    <version>01.02.00</version>
+    <creationDate>2026-05-12</creationDate>
+    <infourl title='PLG_SYSTEM_MOKOJGDPC'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/v01</infourl>
+    <downloads>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/v01/mokojgdpc-01.02.00.zip</downloadurl>
+    </downloads>
+    <sha256>6cc6fd25d467c610187a61bbfeeb0c28cc25d98f36f8dbe75a4fe27b0b7c532b</sha256>
     <tags><tag>beta</tag></tags>
-    <infourl title="plg_system_mokojgdpc">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/stable</infourl>
-    <downloads>
-      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/stable/mokojgdpc-01.01.00.zip</downloadurl>
-    </downloads>
-    <sha256>ae7f485ad9469c5bb231ace49393f0d5dee4b0250d1beca165d5c77620edc0f0</sha256>
-    <targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" />
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
+    <targetplatform name='joomla' version='(5|6).*'/>
   </update>
   <update>
-    <name>plg_system_mokojgdpc</name>
-    <description>plg_system_mokojgdpc update</description>
+    <name>PLG_SYSTEM_MOKOJGDPC</name>
+    <description>PLG_SYSTEM_MOKOJGDPC stable build.</description>
     <element>mokojgdpc</element>
     <type>plugin</type>
-    <version>01.01.00</version>
     <client>site</client>
     <folder>system</folder>
+    <version>01.02.00</version>
+    <creationDate>2026-05-12</creationDate>
+    <infourl title='PLG_SYSTEM_MOKOJGDPC'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/v01</infourl>
+    <downloads>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/v01/mokojgdpc-01.02.00.zip</downloadurl>
+    </downloads>
+    <sha256>6cc6fd25d467c610187a61bbfeeb0c28cc25d98f36f8dbe75a4fe27b0b7c532b</sha256>
     <tags><tag>rc</tag></tags>
-    <infourl title="plg_system_mokojgdpc">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/stable</infourl>
-    <downloads>
-      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/stable/mokojgdpc-01.01.00.zip</downloadurl>
-    </downloads>
-    <sha256>ae7f485ad9469c5bb231ace49393f0d5dee4b0250d1beca165d5c77620edc0f0</sha256>
-    <targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" />
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
+    <targetplatform name='joomla' version='(5|6).*'/>
   </update>
   <update>
-    <name>plg_system_mokojgdpc</name>
-    <description>plg_system_mokojgdpc update</description>
+    <name>PLG_SYSTEM_MOKOJGDPC</name>
+    <description>PLG_SYSTEM_MOKOJGDPC stable build.</description>
     <element>mokojgdpc</element>
     <type>plugin</type>
-    <version>01.01.00</version>
     <client>site</client>
     <folder>system</folder>
-    <tags><tag>stable</tag></tags>
-    <infourl title="plg_system_mokojgdpc">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/stable</infourl>
+    <version>01.02.00</version>
+    <creationDate>2026-05-12</creationDate>
+    <infourl title='PLG_SYSTEM_MOKOJGDPC'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/tag/v01</infourl>
     <downloads>
-      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/stable/mokojgdpc-01.01.00.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/releases/download/v01/mokojgdpc-01.02.00.zip</downloadurl>
     </downloads>
-    <sha256>ae7f485ad9469c5bb231ace49393f0d5dee4b0250d1beca165d5c77620edc0f0</sha256>
-    <targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" />
+    <sha256>6cc6fd25d467c610187a61bbfeeb0c28cc25d98f36f8dbe75a4fe27b0b7c532b</sha256>
+    <tags><tag>stable</tag></tags>
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
+    <targetplatform name='joomla' version='(5|6).*'/>
   </update>
 </updates>