chore(release): build 05.18.00 [skip ci]

Merge pull request 'fix(updates): default Joomla target to 5/6, correct URL mapping' (#446 ) from dev into main
fix(updates): default Joomla target version to 5/6
2026-06-03 02:59:47 +00:00 · 2026-06-03 02:59:09 +00:00 · 2026-06-02 21:57:03 -05:00 · 2026-06-03 02:56:36 +00:00 · 2026-06-03 02:56:34 +00:00 · 2026-06-03 02:56:05 +00:00
2352 changed files with 20624 additions and 13577 deletions
@@ -44,7 +44,7 @@ linters:
              desc: use os or io instead
            - pkg: golang.org/x/exp
              desc: it's experimental and unreliable
-            - pkg: git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git/internal
+            - pkg: code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git/internal
              desc: do not use the internal package, use AddXxx function instead
            - pkg: gopkg.in/ini.v1
              desc: do not use the ini package, use gitea's config system instead
@@ -56,9 +56,9 @@ linters:
          files:
            - '**/models/migrations/**/*.go'
          deny:
-            - pkg: git.mokoconsulting.tech/MokoConsulting/MokoGitea/models$
+            - pkg: code.mokoconsulting.tech/MokoConsulting/MokoGitea/models$
              desc: migrations must not depend on the models package
-            - pkg: git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/structs
+            - pkg: code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/structs
              desc: migrations must not depend on modules/structs (API structures change over time)
    nolintlint:
      allow-unused: false
@@ -179,7 +179,7 @@ formatters:
      custom-order: true
      sections:
        - standard
-        - prefix(git.mokoconsulting.tech/MokoConsulting/MokoGitea)
+        - prefix(code.mokoconsulting.tech/MokoConsulting/MokoGitea)
        - blank
        - default
    gofumpt:
@@ -8,10 +8,10 @@ contact_links:
    url: https://mokoconsulting.tech/
    about: Get help or ask questions through our website
  - name: 📚 MokoStandards Documentation
-    url: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+    url: https://code.mokoconsulting.tech/MokoConsulting/moko-platform
    about: View our coding standards and best practices
  - name: 🔒 Report a Security Vulnerability
-    url: https://git.mokoconsulting.tech/mokoconsulting-tech/.github-private/security/advisories/new
+    url: https://code.mokoconsulting.tech/mokoconsulting-tech/.github-private/security/advisories/new
    about: Report security vulnerabilities privately (for critical issues)
  - name: 💡 Community Discussions
    url: https://github.com/orgs/mokoconsulting-tech/discussions
@@ -37,7 +37,7 @@ If you have ideas about how this could be implemented, share them here:
 Add any other context, mockups, or screenshots about the feature request here.

 ## Relevant Standards
-Does this relate to any standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)?
+Does this relate to any standards in [MokoStandards](https://code.mokoconsulting.tech/MokoConsulting/MokoStandards)?
 - [ ] Accessibility (WCAG 2.1 AA)
 - [ ] Localization (en_US/en_GB)
 - [ ] Security best practices
@@ -35,7 +35,7 @@ Use this template only for:
 <!-- Describe how this could be addressed -->

 ## Standards Reference
-Does this relate to security standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)?
+Does this relate to security standards in [MokoStandards](https://code.mokoconsulting.tech/MokoConsulting/MokoStandards)?
 - [ ] SPDX license identifiers
 - [ ] Secret management
 - [ ] Dependency security
@@ -3,7 +3,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: moko-platform.Automation
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# REPO: https://code.mokoconsulting.tech/MokoConsulting/moko-platform
 # PATH: /.gitea/workflows/branch-protection.yml
 # BRIEF: Apply standardised branch protection rules to all governed repositories
 #
@@ -42,7 +42,7 @@ on:
        default: ''

 env:
-  GITEA_URL: https://git.mokoconsulting.tech
+  GITEA_URL: https://code.mokoconsulting.tech
  GITEA_ORG: MokoConsulting

 permissions:
@@ -4,13 +4,13 @@
        <name>MokoGitea</name>
        <org>MokoConsulting</org>
        <description>Moko fork of Gitea — adding project board REST API endpoints and custom enhancements</description>
-        <version>05.08.00</version>
+        <version>05.18.00</version>
        <license spdx="GPL-3.0-or-later">GNU General Public License v3</license>
    </identity>
    <governance>
        <platform>go</platform>
        <standards-version>05.00.00</standards-version>
-        <standards-source>https://git.mokoconsulting.tech/MokoConsulting/moko-platform</standards-source>
+        <standards-source>https://code.mokoconsulting.tech/MokoConsulting/moko-platform</standards-source>
    </governance>
    <build>
        <language>Go</language>
@@ -1,66 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Release
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
-# PATH: /.mokogitea/workflows/auto-bump.yml
-# VERSION: 09.02.00
-# BRIEF: Auto patch-bump version on every push to dev (skips merge commits)
-
-name: "Universal: Auto Version Bump"
-
-on:
-  push:
-    branches:
-      - dev
-      - rc
-      - 'feature/**'
-      - 'patch/**'
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-
-permissions:
-  contents: write
-
-jobs:
-  bump:
-    name: Version Bump
-    runs-on: release
-    if: >-
-      !contains(github.event.head_commit.message, '[skip ci]') &&
-      !contains(github.event.head_commit.message, '[skip bump]') &&
-      !startsWith(github.event.head_commit.message, 'Merge pull request')
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
-          fetch-depth: 1
-
-      - name: Setup moko-platform tools
-        run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          if [ -d "/opt/moko-platform/cli" ]; then
-            echo "MOKO_CLI=/opt/moko-platform/cli" >> "$GITHUB_ENV"
-          else
-            git clone --depth 1 --branch main --quiet \
-              "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/moko-platform.git" \
-              /tmp/moko-platform-api
-            cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
-            echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
-          fi
-
-      - name: Bump version
-        run: |
-          php ${MOKO_CLI}/version_auto_bump.php \
-            --path . --branch "${GITHUB_REF_NAME}" \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --repo-url "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
@@ -131,6 +131,19 @@ jobs:
          git config --local user.name "gitea-actions[bot]"
          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"

+      - name: Check for merge conflict markers
+        run: |
+          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
+          if [ -n "$CONFLICTS" ]; then
+            echo "::error::Merge conflict markers found — aborting release"
+            echo "## Release Blocked: Conflict Markers" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "No conflict markers found"
+
      - name: Setup moko-platform tools
        env:
          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: MokoStandards.Universal
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# REPO: https://code.mokoconsulting.tech/MokoConsulting/moko-platform
 # PATH: /.mokogitea/workflows/branch-cleanup.yml
 # VERSION: 01.00.00
 # BRIEF: Delete feature branches after PR merge
@@ -32,7 +32,7 @@ jobs:
      - name: Delete source branch
        run: |
          BRANCH="${{ github.event.pull_request.head.ref }}"
-          API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
+          API="${{ vars.GITEA_URL || 'https://code.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
          ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")

          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
@@ -28,9 +28,9 @@ concurrency:
  cancel-in-progress: false

 env:
-  REGISTRY: git.mokoconsulting.tech
+  REGISTRY: code.mokoconsulting.tech
  IMAGE: mokoconsulting/mokogitea
-  DEPLOY_HOST: git.mokoconsulting.tech
+  DEPLOY_HOST: code.mokoconsulting.tech
  DEPLOY_PORT: 2918
  DEPLOY_USER: mokoconsulting
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
@@ -63,7 +63,7 @@ jobs:
            echo "source_dir=/opt/gitea/source" >> $GITHUB_OUTPUT
            echo "branch=main" >> $GITHUB_OUTPUT
            echo "tag=${VERSION}" >> $GITHUB_OUTPUT
-            echo "instance_url=https://git.mokoconsulting.tech" >> $GITHUB_OUTPUT
+            echo "instance_url=https://code.mokoconsulting.tech" >> $GITHUB_OUTPUT
          else
            echo "compose_dir=/opt/gitea-dev" >> $GITHUB_OUTPUT
            echo "container=mokogitea-dev" >> $GITHUB_OUTPUT
@@ -118,7 +118,7 @@ jobs:
          $SSH_CMD "
            set -e
            if [ ! -d ${SOURCE_DIR}/.git ]; then
-              git clone -b ${BRANCH} https://git.mokoconsulting.tech/MokoConsulting/MokoGitea.git ${SOURCE_DIR}
+              git clone -b ${BRANCH} https://code.mokoconsulting.tech/MokoConsulting/MokoGitea.git ${SOURCE_DIR}
            fi
            cd ${SOURCE_DIR}
            git fetch origin ${BRANCH}
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: moko-platform.Automation
-# VERSION: 05.08.00
+# VERSION: 05.18.00
 # BRIEF: Auto-create feature branch when an issue is opened

 name: "Universal: Issue Branch"
@@ -19,7 +19,7 @@ permissions:
  issues: write

 env:
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://code.mokoconsulting.tech' }}

 jobs:
  create-branch:
@@ -1,236 +1,277 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.CI
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
-# PATH: /templates/workflows/universal/pr-check.yml.template
-# VERSION: 05.00.00
-# BRIEF: PR gate — branch policy + code validation before merge
-
-name: "Universal: PR Check"
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, edited]
-
-permissions:
-  contents: read
-  pull-requests: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  # ── Branch Policy ──────────────────────────────────────────────────────
-  branch-policy:
-    name: Branch Policy
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check branch merge target
-        run: |
-          HEAD="${{ github.head_ref }}"
-          BASE="${{ github.base_ref }}"
-
-          echo "PR: ${HEAD} → ${BASE}"
-
-          ALLOWED=true
-          REASON=""
-
-          case "$HEAD" in
-            feature/*|feat/*)
-              if [ "$BASE" != "dev" ]; then
-                ALLOWED=false
-                REASON="Feature branches must target 'dev', not '${BASE}'"
-              fi
-              ;;
-            fix/*|bugfix/*)
-              if [ "$BASE" != "dev" ]; then
-                ALLOWED=false
-                REASON="Fix branches must target 'dev', not '${BASE}'"
-              fi
-              ;;
-            patch/*)
-              if [ "$BASE" != "dev" ] && [ "$BASE" != "rc" ]; then
-                ALLOWED=false
-                REASON="Patch branches must target 'dev' or 'rc', not '${BASE}'"
-              fi
-              ;;
-            hotfix/*)
-              if [ "$BASE" != "dev" ] && [ "$BASE" != "main" ]; then
-                ALLOWED=false
-                REASON="Hotfix branches can only target 'dev' or 'main', not '${BASE}'"
-              fi
-              ;;
-            rc)
-              if [ "$BASE" != "main" ]; then
-                ALLOWED=false
-                REASON="RC branch can only merge into 'main', not '${BASE}'"
-              fi
-              ;;
-            dev)
-              if [ "$BASE" != "main" ]; then
-                ALLOWED=false
-                REASON="Dev branch can only merge into 'main', not '${BASE}'"
-              fi
-              ;;
-          esac
-
-          if [ "$ALLOWED" = false ]; then
-            echo "::error::${REASON}"
-            echo "## Branch Policy Violation" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "${REASON}" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "### Allowed merge paths:" >> $GITHUB_STEP_SUMMARY
-            echo "- \`feature/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`fix/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`hotfix/*\` → \`dev\` or \`main\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`dev\` → \`main\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`rc/*\` → \`main\`" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-
-          echo "Branch policy: OK (${HEAD} → ${BASE})"
-          echo "## Branch Policy: Passed" >> $GITHUB_STEP_SUMMARY
-
-  # ── Code Validation ────────────────────────────────────────────────────
-  validate:
-    name: Validate PR
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Detect platform
-        id: platform
-        run: |
-          # Read platform from XML manifest (<platform> tag) or plain text fallback
-          PLATFORM=$(sed -n 's/.*<platform>\([^<]*\)<\/platform>.*/\1/p' .mokogitea/manifest.xml 2>/dev/null | head -1)
-          [ -z "$PLATFORM" ] && PLATFORM=$(cat .mokogitea/manifest.xml 2>/dev/null | tr -d '[:space:]')
-          [ -z "$PLATFORM" ] && PLATFORM="generic"
-          echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
-
-      - name: Setup PHP
-        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
-        run: |
-          if ! command -v php &> /dev/null; then
-            sudo apt-get update -qq
-            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
-          fi
-
-      - name: PHP syntax check
-        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
-        run: |
-          ERRORS=0
-          while IFS= read -r -d '' file; do
-            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
-              ERRORS=$((ERRORS + 1))
-            fi
-          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
-          echo "PHP lint: ${ERRORS} error(s)"
-          [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
-
-      - name: Validate platform manifest
-        run: |
-          PLATFORM="${{ steps.platform.outputs.platform }}"
-          case "$PLATFORM" in
-            joomla)
-              MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-              if [ -z "$MANIFEST" ]; then
-                echo "::warning::No Joomla manifest found (WaaS site)"
-                exit 0
-              fi
-              echo "Manifest: ${MANIFEST}"
-              if command -v php &> /dev/null; then
-                php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::Manifest XML is malformed"; exit 1; }
-              fi
-              for ELEMENT in name version description; do
-                grep -q "<${ELEMENT}>" "$MANIFEST" || { echo "::error::Missing <${ELEMENT}> in manifest"; exit 1; }
-              done
-              echo "Joomla manifest valid"
-              ;;
-            dolibarr)
-              MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1)
-              if [ -z "$MOD_FILE" ]; then
-                echo "::error::No mod*.class.php found"
-                exit 1
-              fi
-              echo "Dolibarr module: ${MOD_FILE}"
-              ;;
-            *)
-              echo "Generic platform — no manifest validation"
-              ;;
-          esac
-
-      - name: Check update stream format
-        run: |
-          PLATFORM="${{ steps.platform.outputs.platform }}"
-          case "$PLATFORM" in
-            joomla)
-              if [ -f "updates.xml" ]; then
-                if command -v php &> /dev/null; then
-                  php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::updates.xml is malformed"; exit 1; }
-                fi
-                echo "updates.xml valid"
-              fi
-              ;;
-            dolibarr)
-              [ -f "update.txt" ] && echo "update.txt present" || echo "::warning::No update.txt"
-              ;;
-          esac
-
-      - name: Check changelog has unreleased entry
-        run: |
-          if [ ! -f "CHANGELOG.md" ]; then
-            echo "::warning::No CHANGELOG.md found"
-            exit 0
-          fi
-          # Check for content under [Unreleased] section
-          if ! grep -q "## \[Unreleased\]" CHANGELOG.md; then
-            echo "::error::CHANGELOG.md missing [Unreleased] section"
-            exit 1
-          fi
-          # Check there's at least one entry (Added/Changed/Fixed/Removed) under Unreleased
-          UNRELEASED_CONTENT=$(sed -n '/## \[Unreleased\]/,/## \[/p' CHANGELOG.md | grep -cE '^\s*-\s' || true)
-          if [ "$UNRELEASED_CONTENT" -eq 0 ]; then
-            echo "::error::CHANGELOG.md [Unreleased] section has no entries. Add a changelog entry describing your changes."
-            echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
-            echo "The \`[Unreleased]\` section in CHANGELOG.md has no entries." >> $GITHUB_STEP_SUMMARY
-            echo "Add a line like \`- Description of your change\` under a heading (\`### Added\`, \`### Changed\`, \`### Fixed\`, etc.)" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-          echo "Changelog: ${UNRELEASED_CONTENT} entry/entries in [Unreleased]"
-
-      - name: Verify package source
-        run: |
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          if [ ! -d "$SOURCE_DIR" ]; then
-            echo "::warning::No src/ or htdocs/ directory"
-            exit 0
-          fi
-          FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
-          echo "Source: ${FILE_COUNT} files"
-          [ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }
-
-  # ── Pre-Release RC Build ─────────────────────────────────────────────────
-  pre-release:
-    name: Build RC Package
-    runs-on: ubuntu-latest
-    needs: [branch-policy, validate]
-
-    steps:
-      - name: Trigger RC pre-release
-        env:
-          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          REPO: ${{ github.repository }}
-          BRANCH: ${{ github.head_ref }}
-          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-        run: |
-          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
-          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
-          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.CI
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/universal/pr-check.yml.template
+# VERSION: 09.23.00
+# BRIEF: PR gate — branch policy + code validation before merge
+
+name: "Universal: PR Check"
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  # ── Branch Policy ──────────────────────────────────────────────────────
+  branch-policy:
+    name: Branch Policy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch merge target
+        run: |
+          HEAD="${{ github.head_ref }}"
+          BASE="${{ github.base_ref }}"
+
+          echo "PR: ${HEAD} → ${BASE}"
+
+          ALLOWED=true
+          REASON=""
+
+          case "$HEAD" in
+            feature/*|feat/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Feature branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            fix/*|bugfix/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Fix branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            patch/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "rc" ]; then
+                ALLOWED=false
+                REASON="Patch branches must target 'dev' or 'rc', not '${BASE}'"
+              fi
+              ;;
+            hotfix/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Hotfix branches can only target 'dev' or 'main', not '${BASE}'"
+              fi
+              ;;
+            rc)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="RC branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+            dev)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Dev branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+          esac
+
+          if [ "$ALLOWED" = false ]; then
+            echo "::error::${REASON}"
+            echo "## Branch Policy Violation" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "${REASON}" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Allowed merge paths:" >> $GITHUB_STEP_SUMMARY
+            echo "- \`feature/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`fix/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`hotfix/*\` → \`dev\` or \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`dev\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`rc/*\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+
+          echo "Branch policy: OK (${HEAD} → ${BASE})"
+          echo "## Branch Policy: Passed" >> $GITHUB_STEP_SUMMARY
+
+  # ── Code Validation ────────────────────────────────────────────────────
+  validate:
+    name: Validate PR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check for merge conflict markers
+        run: |
+          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
+          if [ -n "$CONFLICTS" ]; then
+            echo "::error::Merge conflict markers found in source files"
+            echo "## Conflict Markers Found" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "No conflict markers found"
+
+      - name: Detect platform
+        id: platform
+        run: |
+          # Read platform from XML manifest (<platform> tag) or plain text fallback
+          PLATFORM=$(sed -n 's/.*<platform>\([^<]*\)<\/platform>.*/\1/p' .mokogitea/manifest.xml 2>/dev/null | head -1)
+          [ -z "$PLATFORM" ] && PLATFORM=$(cat .mokogitea/manifest.xml 2>/dev/null | tr -d '[:space:]')
+          [ -z "$PLATFORM" ] && PLATFORM="generic"
+          echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
+
+      - name: Setup PHP
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          if ! command -v php &> /dev/null; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
+          fi
+
+      - name: PHP syntax check
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          ERRORS=0
+          while IFS= read -r -d '' file; do
+            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
+              ERRORS=$((ERRORS + 1))
+            fi
+          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
+          echo "PHP lint: ${ERRORS} error(s)"
+          [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
+
+      - name: Validate platform manifest
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+              if [ -z "$MANIFEST" ]; then
+                echo "::warning::No Joomla manifest found (WaaS site)"
+                exit 0
+              fi
+              echo "Manifest: ${MANIFEST}"
+              if command -v php &> /dev/null; then
+                php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::Manifest XML is malformed"; exit 1; }
+              fi
+              for ELEMENT in name version description; do
+                grep -q "<${ELEMENT}>" "$MANIFEST" || { echo "::error::Missing <${ELEMENT}> in manifest"; exit 1; }
+              done
+              echo "Joomla manifest valid"
+              ;;
+            dolibarr)
+              MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1)
+              if [ -z "$MOD_FILE" ]; then
+                echo "::error::No mod*.class.php found"
+                exit 1
+              fi
+              echo "Dolibarr module: ${MOD_FILE}"
+              ;;
+            *)
+              echo "Generic platform — no manifest validation"
+              ;;
+          esac
+
+      - name: Check update stream format
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              if [ -f "updates.xml" ]; then
+                if command -v php &> /dev/null; then
+                  php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::updates.xml is malformed"; exit 1; }
+                fi
+                echo "updates.xml valid"
+              fi
+              ;;
+            dolibarr)
+              [ -f "update.txt" ] && echo "update.txt present" || echo "::warning::No update.txt"
+              ;;
+          esac
+
+      - name: Check changelog has unreleased entry
+        run: |
+          if [ ! -f "CHANGELOG.md" ]; then
+            echo "::warning::No CHANGELOG.md found"
+            exit 0
+          fi
+          # Check for content under [Unreleased] section
+          if ! grep -q "## \[Unreleased\]" CHANGELOG.md; then
+            echo "::error::CHANGELOG.md missing [Unreleased] section"
+            exit 1
+          fi
+          # Check there's at least one entry (Added/Changed/Fixed/Removed) under Unreleased
+          UNRELEASED_CONTENT=$(sed -n '/## \[Unreleased\]/,/## \[/p' CHANGELOG.md | grep -cE '^\s*-\s' || true)
+          if [ "$UNRELEASED_CONTENT" -eq 0 ]; then
+            echo "::error::CHANGELOG.md [Unreleased] section has no entries. Add a changelog entry describing your changes."
+            echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "The \`[Unreleased]\` section in CHANGELOG.md has no entries." >> $GITHUB_STEP_SUMMARY
+            echo "Add a line like \`- Description of your change\` under a heading (\`### Added\`, \`### Changed\`, \`### Fixed\`, etc.)" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "Changelog: ${UNRELEASED_CONTENT} entry/entries in [Unreleased]"
+
+      - name: Verify package source
+        run: |
+          SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
+          if [ ! -d "$SOURCE_DIR" ]; then
+            echo "::warning::No src/ or htdocs/ directory"
+            exit 0
+          fi
+          FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
+          echo "Source: ${FILE_COUNT} files"
+          [ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }
+
+  # ── Pre-Release RC Build ─────────────────────────────────────────────────
+  pre-release:
+    name: Build RC Package
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+
+    steps:
+      - name: Trigger RC pre-release
+        env:
+          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: ${{ github.head_ref }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
+          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
+
+  # ── Issue Reporter ──────────────────────────────────────────────────────
+  report-issues:
+    name: Report Issues
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+    if: >-
+      always() &&
+      needs.validate.result == 'failure'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issue for PR validation failure"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          ./automation/ci-issue-reporter.sh \
+            --gate "PR Validation" \
+            --workflow "PR Check" \
+            --severity error \
+            --details "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
@@ -10,7 +10,7 @@ on:

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  REGISTRY: git.mokoconsulting.tech
+  REGISTRY: code.mokoconsulting.tech
  IMAGE: mokoconsulting/mokogitea

 permissions:
@@ -1,233 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Release
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
-# PATH: /templates/workflows/universal/pre-release.yml.template
-# VERSION: 05.01.00
-# BRIEF: Manual pre-release -- builds dev/alpha/beta/rc packages from any branch
-
-name: "Universal: Pre-Release"
-
-on:
-  pull_request:
-    types: [closed]
-    branches:
-      - dev
-  workflow_dispatch:
-    inputs:
-      stability:
-        description: 'Pre-release channel'
-        required: true
-        type: choice
-        options:
-          - development
-          - alpha
-          - beta
-          - release-candidate
-
-permissions:
-  contents: write
-
-env:
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-jobs:
-  build:
-    name: "Build Pre-Release (${{ inputs.stability || 'development' }})"
-    runs-on: release
-    if: >-
-      github.event_name == 'workflow_dispatch' ||
-      (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'dev')
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
-
-      - name: Setup moko-platform tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-        run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
-          rm -rf /tmp/moko-platform-api
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
-          echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
-
-      - name: Detect platform
-        id: platform
-        run: |
-          php ${MOKO_CLI}/manifest_read.php --path . --github-output
-
-      - name: Resolve metadata and bump version
-        id: meta
-        run: |
-          STABILITY="${{ inputs.stability || 'development' }}"
-
-          case "$STABILITY" in
-            development)        SUFFIX="-dev";   TAG="development" ;;
-            alpha)              SUFFIX="-alpha"; TAG="alpha" ;;
-            beta)               SUFFIX="-beta";  TAG="beta" ;;
-            release-candidate)  SUFFIX="-rc";    TAG="release-candidate" ;;
-          esac
-
-          # Read current version (bump already handled by push workflow)
-          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null)
-          [ -z "$VERSION" ] && VERSION="00.00.01"
-
-          # Strip any existing suffix from version before applying stability
-          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
-
-          php ${MOKO_CLI}/version_set_platform.php \
-            --path . --version "$VERSION" --branch "${{ github.ref_name }}" --stability "$STABILITY" 2>/dev/null || true
-
-          # Verify version consistency across all files
-          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
-
-          # Update VERSION variable with suffix
-          if [ -n "$SUFFIX" ]; then
-            VERSION="${VERSION}${SUFFIX}"
-          fi
-
-          # Commit version bump
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git diff --cached --quiet || {
-            git commit -m "chore(version): pre-release bump to ${VERSION} [skip ci]"
-            git push origin HEAD 2>&1
-          }
-
-          # Auto-detect element via manifest_element.php
-          php ${MOKO_CLI}/manifest_element.php \
-            --path . --version "$VERSION" --stability "$STABILITY" \
-            --repo "${GITEA_REPO}" --github-output
-
-          # Read back element outputs
-          EXT_ELEMENT=$(grep '^ext_element=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
-          ZIP_NAME=$(grep '^zip_name=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
-          [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
-          [ -z "$ZIP_NAME" ] && ZIP_NAME="${EXT_ELEMENT}-${VERSION}.zip"
-
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
-          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
-          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
-          echo "zip_name=${ZIP_NAME}" >> "$GITHUB_OUTPUT"
-          echo "ext_element=${EXT_ELEMENT}" >> "$GITHUB_OUTPUT"
-
-          echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION}${SUFFIX} ==="
-
-      - name: Create release
-        id: release
-        run: |
-          TAG="${{ steps.meta.outputs.tag }}"
-          VERSION="${{ steps.meta.outputs.version }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php ${MOKO_CLI}/release_create.php \
-            --path . --version "$VERSION" --tag "$TAG" \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
-            --repo "${GITEA_REPO}" --branch dev --prerelease
-
-      - name: Build package and upload
-        id: package
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          TAG="${{ steps.meta.outputs.tag }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php ${MOKO_CLI}/release_package.php \
-            --path . --version "$VERSION" --tag "$TAG" \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
-            --repo "${GITEA_REPO}" --output /tmp || true
-
-      - name: Update updates.xml
-        if: steps.platform.outputs.platform == 'joomla'
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          SHA256="${{ steps.package.outputs.sha256_zip }}"
-
-          if [ ! -f "updates.xml" ]; then
-            echo "No updates.xml -- skipping"
-            exit 0
-          fi
-
-          SHA_FLAG=""
-          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
-
-          php ${MOKO_CLI}/updates_xml_build.php \
-            --path . --version "${VERSION}" --stability "${STABILITY}" \
-            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
-            ${SHA_FLAG}
-
-          # Commit and push
-          if ! git diff --quiet updates.xml 2>/dev/null; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add updates.xml
-            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
-            git push origin HEAD 2>&1 || echo "WARNING: push failed"
-          fi
-
-      - name: "Sync updates.xml to all branches"
-        if: steps.platform.outputs.platform == 'joomla'
-        run: |
-          CURRENT_BRANCH="${{ github.ref_name }}"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-
-          for BRANCH in main dev; do
-            [ "$BRANCH" = "$CURRENT_BRANCH" ] && continue
-            echo "Syncing updates.xml -> ${BRANCH}"
-            git fetch origin "${BRANCH}" 2>/dev/null || continue
-            git checkout "origin/${BRANCH}" -- updates.xml 2>/dev/null || continue
-            git checkout "${CURRENT_BRANCH}" -- updates.xml
-            if ! git diff --quiet updates.xml 2>/dev/null; then
-              git add updates.xml
-              git commit -m "chore: sync updates.xml from ${CURRENT_BRANCH} [skip ci]"
-              git push origin HEAD:refs/heads/${BRANCH} 2>&1 || echo "WARNING: push to ${BRANCH} failed"
-            fi
-            git checkout "${CURRENT_BRANCH}" 2>/dev/null
-          done
-
-      - name: "Delete lesser pre-release channels (cascade)"
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-
-          php ${MOKO_CLI}/release_cascade.php \
-            --stability "${{ steps.meta.outputs.stability }}" \
-            --token "${TOKEN}" \
-            --api-base "${API_BASE}"
-
-      - name: Summary
-        if: always()
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          ZIP_NAME="${{ steps.meta.outputs.zip_name }}"
-          SHA256="${{ steps.package.outputs.sha256_zip }}"
-          echo "## Pre-Release Complete" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-          echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Channel | ${STABILITY} |" >> $GITHUB_STEP_SUMMARY
-          echo "| Package | \`${ZIP_NAME}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| SHA-256 | \`${SHA256:-n/a}\` |" >> $GITHUB_STEP_SUMMARY
@@ -0,0 +1,817 @@
+# ============================================================================
+# Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+#
+# This file is part of a Moko Consulting project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Validation
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/joomla/repo_health.yml.template
+# VERSION: 09.23.00
+# BRIEF: Enforces repository guardrails by validating release configuration, scripts governance, tooling availability, and core repository health artifacts.
+# ============================================================================
+
+name: "Generic: Repo Health"
+
+defaults:
+  run:
+    shell: bash
+
+on:
+  workflow_dispatch:
+    inputs:
+      profile:
+        description: 'Validation profile: all, release, scripts, or repo'
+        required: true
+        default: all
+        type: choice
+        options:
+          - all
+          - release
+          - scripts
+          - repo
+  pull_request:
+  push:
+
+permissions:
+  contents: read
+
+env:
+  # Release policy - Repository Variables Only
+  RELEASE_REQUIRED_REPO_VARS: RS_FTP_PATH_SUFFIX
+  RELEASE_OPTIONAL_REPO_VARS: DEV_FTP_SUFFIX
+
+  # Scripts governance policy
+  SCRIPTS_REQUIRED_DIRS:
+  SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/lib,scripts/release,scripts/run,scripts/validate
+
+  # Repo health policy
+  REPO_REQUIRED_ARTIFACTS: README.md,LICENSE,CHANGELOG.md,CONTRIBUTING.md,CODE_OF_CONDUCT.md,.mokogitea/workflows/
+  REPO_OPTIONAL_FILES: SECURITY.md,GOVERNANCE.md,.editorconfig,.gitattributes,.gitignore,README.md,docs/
+  REPO_DISALLOWED_DIRS:
+  REPO_DISALLOWED_FILES: TODO.md,todo.md
+
+  # Extended checks toggles
+  EXTENDED_CHECKS: "true"
+
+  # File / directory variables
+  DOCS_INDEX: docs/docs-index.md
+  SCRIPT_DIR: scripts
+  WORKFLOWS_DIR: .mokogitea/workflows
+  SHELLCHECK_PATTERN: '*.sh'
+  SPDX_FILE_GLOBS: '*.sh,*.php,*.js,*.ts,*.css,*.xml,*.yml,*.yaml'
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  access_check:
+    name: Access control
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+
+    outputs:
+      allowed: ${{ steps.perm.outputs.allowed }}
+      permission: ${{ steps.perm.outputs.permission }}
+
+    steps:
+      - name: Check actor permission (admin only)
+        id: perm
+        env:
+          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || secrets.MOKOGITEA_TOKEN || github.token }}
+          REPO: ${{ github.repository }}
+          ACTOR: ${{ github.actor }}
+        run: |
+          set -euo pipefail
+          ALLOWED=false
+          PERMISSION=unknown
+          METHOD=""
+
+          # Hardcoded authorized users — always allowed
+          case "$ACTOR" in
+            jmiller|gitea-actions[bot])
+              ALLOWED=true
+              PERMISSION=admin
+              METHOD="hardcoded allowlist"
+              ;;
+            *)
+              # Detect platform and check permissions via API
+              API_BASE="${GITHUB_API_URL:-${GITEA_API_URL:-https://api.github.com}}"
+              RESP=$(curl -sf -H "Authorization: token ${TOKEN}" \
+                "${API_BASE}/repos/${REPO}/collaborators/${ACTOR}/permission" 2>/dev/null || echo '{}')
+              PERMISSION=$(echo "$RESP" | grep -oP '"permission"\s*:\s*"\K[^"]+' || echo "unknown")
+              if [ "$PERMISSION" = "admin" ] || [ "$PERMISSION" = "maintain" ] || [ "$PERMISSION" = "owner" ]; then
+                ALLOWED=true
+              fi
+              METHOD="collaborator API"
+              ;;
+          esac
+
+          echo "permission=${PERMISSION}" >> "$GITHUB_OUTPUT"
+          echo "allowed=${ALLOWED}" >> "$GITHUB_OUTPUT"
+
+          {
+            echo "## Access Authorization"
+            echo ""
+            echo "| Field | Value |"
+            echo "|-------|-------|"
+            echo "| **Actor** | \`${ACTOR}\` |"
+            echo "| **Repository** | \`${REPO}\` |"
+            echo "| **Permission** | \`${PERMISSION}\` |"
+            echo "| **Method** | ${METHOD} |"
+            echo "| **Authorized** | ${ALLOWED} |"
+            echo ""
+            if [ "$ALLOWED" = "true" ]; then
+              echo "${ACTOR} authorized (${METHOD})"
+            else
+              echo "${ACTOR} is NOT authorized. Requires admin or maintain role."
+            fi
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+      - name: Deny execution when not permitted
+        if: ${{ steps.perm.outputs.allowed != 'true' }}
+        run: |
+          set -euo pipefail
+          printf '%s\n' 'ERROR: Access denied. Admin permission required.' >> "${GITHUB_STEP_SUMMARY}"
+          exit 1
+
+  release_config:
+    name: Release configuration
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Guardrails release vars
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+          RS_FTP_PATH_SUFFIX: ${{ vars.RS_FTP_PATH_SUFFIX }}
+          DEV_FTP_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|release|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'scripts' ] || [ "${profile}" = 'repo' ]; then
+            {
+              printf '%s\n' '### Release configuration (Repository Variables)'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes release validation'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          IFS=',' read -r -a required <<< "${RELEASE_REQUIRED_REPO_VARS}"
+          IFS=',' read -r -a optional <<< "${RELEASE_OPTIONAL_REPO_VARS}"
+
+          missing=()
+          missing_optional=()
+
+          for k in "${required[@]}"; do
+            v="${!k:-}"
+            [ -z "${v}" ] && missing+=("${k}")
+          done
+
+          for k in "${optional[@]}"; do
+            v="${!k:-}"
+            [ -z "${v}" ] && missing_optional+=("${k}")
+          done
+
+          {
+            printf '%s\n' '### Release configuration (Repository Variables)'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Variable | Status |'
+            printf '%s\n' '|---|---|'
+            printf '%s\n' "| RS_FTP_PATH_SUFFIX | ${RS_FTP_PATH_SUFFIX:-NOT SET} |"
+            printf '%s\n' "| DEV_FTP_SUFFIX | ${DEV_FTP_SUFFIX:-NOT SET} |"
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${#missing_optional[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing optional repository variables'
+              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          if [ "${#missing[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing required repository variables'
+              for m in "${missing[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository variables.'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 1
+          fi
+
+          {
+            printf '%s\n' '### Repository variables validation result'
+            printf '%s\n' 'Status: OK'
+            printf '%s\n' 'All required repository variables present.'
+            printf '%s\n' ''
+            printf '%s\n' '**Note**: Organization secrets (RS_FTP_HOST, RS_FTP_USER, etc.) are validated at deployment time, not in repository health checks.'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+  scripts_governance:
+    name: Scripts governance
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Scripts folder checks
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|release|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'release' ] || [ "${profile}" = 'repo' ]; then
+            {
+              printf '%s\n' '### Scripts governance'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes scripts governance'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          if [ ! -d "${SCRIPT_DIR}" ]; then
+            {
+              printf '%s\n' '### Scripts governance'
+              printf '%s\n' 'Status: OK (advisory)'
+              printf '%s\n' 'scripts/ directory not present. No scripts governance enforced.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          if [ -n "${SCRIPTS_REQUIRED_DIRS:-}" ]; then IFS=',' read -r -a required_dirs <<< "${SCRIPTS_REQUIRED_DIRS}"; else required_dirs=(); fi
+          IFS=',' read -r -a allowed_dirs <<< "${SCRIPTS_ALLOWED_DIRS}"
+
+          missing_dirs=()
+          unapproved_dirs=()
+
+          for d in "${required_dirs[@]}"; do
+            req="${d%/}"
+            [ ! -d "${req}" ] && missing_dirs+=("${req}/")
+          done
+
+          while IFS= read -r d; do
+            allowed=false
+            for a in "${allowed_dirs[@]}"; do
+              a_norm="${a%/}"
+              [ "${d%/}" = "${a_norm}" ] && allowed=true
+            done
+            [ "${allowed}" = false ] && unapproved_dirs+=("${d%/}/")
+          done < <(find "${SCRIPT_DIR}" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | sed 's#^\./##')
+
+          {
+            printf '%s\n' '### Scripts governance'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Area | Status | Notes |'
+            printf '%s\n' '|---|---|---|'
+
+            if [ "${#missing_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' '| Required directories | Warning | Missing required subfolders |'
+            else
+              printf '%s\n' '| Required directories | OK | All required subfolders present |'
+            fi
+
+            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' '| Directory policy | Warning | Unapproved directories detected |'
+            else
+              printf '%s\n' '| Directory policy | OK | No unapproved directories |'
+            fi
+
+            printf '%s\n' '| Enforcement mode | Advisory | scripts folder is optional |'
+            printf '\n'
+
+            if [ "${#missing_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' 'Missing required script directories:'
+              for m in "${missing_dirs[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            else
+              printf '%s\n' 'Missing required script directories: none.'
+              printf '\n'
+            fi
+
+            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' 'Unapproved script directories detected:'
+              for m in "${unapproved_dirs[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            else
+              printf '%s\n' 'Unapproved script directories detected: none.'
+              printf '\n'
+            fi
+
+            printf '%s\n' 'Scripts governance completed in advisory mode.'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+  repo_health:
+    name: Repository health
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Repository health checks
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|release|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'release' ] || [ "${profile}" = 'scripts' ]; then
+            {
+              printf '%s\n' '### Repository health'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes repository health'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          IFS=',' read -r -a required_artifacts <<< "${REPO_REQUIRED_ARTIFACTS}"
+          IFS=',' read -r -a optional_files <<< "${REPO_OPTIONAL_FILES}"
+          if [ -n "${REPO_DISALLOWED_DIRS:-}" ]; then IFS=',' read -r -a disallowed_dirs <<< "${REPO_DISALLOWED_DIRS}"; else disallowed_dirs=(); fi
+          IFS=',' read -r -a disallowed_files <<< "${REPO_DISALLOWED_FILES:-}"
+
+          missing_required=()
+          missing_optional=()
+
+          # Source directory: src/ or htdocs/ (either is valid for extension repos)
+          SOURCE_DIR=""
+          if [ -d "src" ]; then
+            SOURCE_DIR="src"
+          elif [ -d "htdocs" ]; then
+            SOURCE_DIR="htdocs"
+          elif [ -d "deploy" ] || [ -d "cli" ] || [ -d "monitoring" ]; then
+            # Platform/tooling repos don't need src/
+            SOURCE_DIR=""
+          else
+            missing_required+=("src/ or htdocs/ (source directory required)")
+          fi
+
+          for item in "${required_artifacts[@]}"; do
+            if printf '%s' "${item}" | grep -q '/$'; then
+              d="${item%/}"
+              [ ! -d "${d}" ] && missing_required+=("${item}")
+            else
+              [ ! -f "${item}" ] && missing_required+=("${item}")
+            fi
+          done
+
+          for f in "${optional_files[@]}"; do
+            if printf '%s' "${f}" | grep -q '/$'; then
+              d="${f%/}"
+              [ ! -d "${d}" ] && missing_optional+=("${f}")
+            else
+              [ ! -f "${f}" ] && missing_optional+=("${f}")
+            fi
+          done
+
+          for d in "${disallowed_dirs[@]}"; do
+            d_norm="${d%/}"
+            [ -d "${d_norm}" ] && missing_required+=("${d_norm}/ (disallowed)")
+          done
+
+          for f in "${disallowed_files[@]}"; do
+            [ -f "${f}" ] && missing_required+=("${f} (disallowed)")
+          done
+
+          git fetch origin --prune
+
+          dev_paths=()
+          dev_branches=()
+
+          while IFS= read -r b; do
+            name="${b#origin/}"
+            if [ "${name}" = 'dev' ]; then
+              dev_branches+=("${name}")
+            else
+              dev_paths+=("${name}")
+            fi
+          done < <(git branch -r --list 'origin/dev*' | sed 's/^ *//')
+
+          if [ "${#dev_paths[@]}" -eq 0 ] && [ "${#dev_branches[@]}" -eq 0 ]; then
+            missing_required+=("dev or dev/* branch")
+          fi
+
+          content_warnings=()
+
+          if [ -f 'CHANGELOG.md' ] && ! grep -Eq '^# Changelog' CHANGELOG.md; then
+            content_warnings+=("CHANGELOG.md missing '# Changelog' header")
+          fi
+
+          if [ -f 'CHANGELOG.md' ] && grep -Eq '^[# ]*Unreleased' CHANGELOG.md; then
+            content_warnings+=("CHANGELOG.md contains Unreleased section (review release readiness)")
+          fi
+
+          if [ -f 'LICENSE' ] && ! grep -qiE 'GNU GENERAL PUBLIC LICENSE|GPL' LICENSE; then
+            content_warnings+=("LICENSE does not look like a GPL text")
+          fi
+
+          if [ -f 'README.md' ] && ! grep -qiE 'moko|Moko' README.md; then
+            content_warnings+=("README.md missing expected brand keyword")
+          fi
+
+          export PROFILE_RAW="${profile}"
+          export MISSING_REQUIRED="$(printf '%s\n' "${missing_required[@]:-}")"
+          export MISSING_OPTIONAL="$(printf '%s\n' "${missing_optional[@]:-}")"
+          export CONTENT_WARNINGS="$(printf '%s\n' "${content_warnings[@]:-}")"
+
+          report_json=$(printf '{"profile":"%s","missing_required":%d,"missing_optional":%d,"content_warnings":%d}'             "$profile" "${#missing_required[@]}" "${#missing_optional[@]}" "${#content_warnings[@]}")
+
+          {
+            printf '%s\n' '### Repository health'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Metric | Value |'
+            printf '%s\n' '|---|---|'
+            printf '%s\n' "| Missing required | ${#missing_required[@]} |"
+            printf '%s\n' "| Missing optional | ${#missing_optional[@]} |"
+            printf '%s\n' "| Content warnings | ${#content_warnings[@]} |"
+            printf '\n'
+
+            printf '%s\n' '### Guardrails report (JSON)'
+            printf '%s\n' '```json'
+            printf '%s\n' "${report_json}"
+            printf '%s\n' '```'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${#missing_required[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing required repo artifacts'
+              for m in "${missing_required[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository artifacts.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 1
+          fi
+
+          if [ "${#missing_optional[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing optional repo artifacts'
+              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          if [ "${#content_warnings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Repo content warnings'
+              for m in "${content_warnings[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          # -- Joomla-specific checks --
+          joomla_findings=()
+
+          MANIFEST="$(find . -maxdepth 2 -name '*.xml' -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)"
+          if [ -z "${MANIFEST}" ]; then
+            joomla_findings+=("Joomla XML manifest not found (no *.xml with <extension> tag)")
+          else
+            if ! grep -qP '<version>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <version> tag missing")
+            fi
+            if ! grep -qP 'type="(component|module|plugin|library|package|template|language)"' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: type attribute missing or invalid")
+            fi
+            if ! grep -qP '<name>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <name> tag missing")
+            fi
+            if ! grep -qP '<author>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <author> tag missing")
+            fi
+            if ! grep -qP '<namespace' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <namespace> missing (required for Joomla 5+)")
+            fi
+          fi
+
+          INI_COUNT="$(find . -name '*.ini' -type f 2>/dev/null | wc -l)"
+          if [ "${INI_COUNT}" -eq 0 ]; then
+            joomla_findings+=("No .ini language files found")
+          fi
+
+          if [ ! -f 'updates.xml' ]; then
+            joomla_findings+=("updates.xml missing in root (required for Joomla update server)")
+          fi
+
+          if [ -n "${SOURCE_DIR}" ]; then
+            INDEX_DIRS=("${SOURCE_DIR}" "${SOURCE_DIR}/admin" "${SOURCE_DIR}/site")
+            for dir in "${INDEX_DIRS[@]}"; do
+              if [ -d "${dir}" ] && [ ! -f "${dir}/index.html" ]; then
+                joomla_findings+=("${dir}/index.html missing (directory listing protection)")
+              fi
+            done
+          fi
+
+          if [ "${#joomla_findings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Joomla extension checks'
+              printf '%s\n' '| Check | Status |'
+              printf '%s\n' '|---|---|'
+              for f in "${joomla_findings[@]}"; do
+                printf '%s\n' "| ${f} | Warning |"
+              done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          else
+            {
+              printf '%s\n' '### Joomla extension checks'
+              printf '%s\n' 'All Joomla-specific checks passed.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          extended_enabled="${EXTENDED_CHECKS:-true}"
+          extended_findings=()
+
+          if [ "${extended_enabled}" = 'true' ]; then
+            if [ -f '.github/CODEOWNERS' ] || [ -f 'CODEOWNERS' ] || [ -f 'docs/CODEOWNERS' ]; then
+              :
+            else
+              extended_findings+=("CODEOWNERS not found (.github/CODEOWNERS preferred)")
+            fi
+
+            if ls "${WORKFLOWS_DIR}"/*.yml >/dev/null 2>&1 || ls "${WORKFLOWS_DIR}"/*.yaml >/dev/null 2>&1; then
+              bad_refs="$(grep -RIn --include='*.yml' --include='*.yaml' -E '^[[:space:]]*uses:[[:space:]]*[^#]+@(main|master)\b' "${WORKFLOWS_DIR}" 2>/dev/null || true)"
+              if [ -n "${bad_refs}" ]; then
+                extended_findings+=("Workflows reference actions @main/@master (pin versions): see log excerpt")
+                {
+                  printf '%s\n' '### Workflow pinning advisory'
+                  printf '%s\n' 'Found uses: entries pinned to main/master:'
+                  printf '%s\n' '```'
+                  printf '%s\n' "${bad_refs}"
+                  printf '%s\n' '```'
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            if [ -f "${DOCS_INDEX}" ]; then
+              missing_links=""
+              while IFS= read -r docline; do
+                for link in $(echo "$docline" | grep -oE '\]\([^)]+\)' | sed 's/\](//' | sed 's/)$//' || true); do
+                  case "$link" in http://*|https://*|"#"*|mailto:*) continue ;; esac
+                  linkpath="${link%%#*}"
+                  linkpath="${linkpath%%\?*}"
+                  [ -z "$linkpath" ] && continue
+                  if [ "${linkpath:0:1}" = "/" ]; then
+                    testpath="${linkpath#/}"
+                  else
+                    testpath="$(dirname "${DOCS_INDEX}")/${linkpath}"
+                  fi
+                  [ ! -e "$testpath" ] && missing_links="${missing_links}${testpath} "
+                done
+              done < "${DOCS_INDEX}"
+              if [ -n "${missing_links}" ]; then
+                extended_findings+=("docs/docs-index.md contains broken relative links")
+                {
+                  printf '%s\n' '### Docs index link integrity'
+                  printf '%s\n' 'Broken relative links:'
+                  for bl in ${missing_links}; do
+                    printf '%s\n' "- ${bl}"
+                  done
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            if [ -d "${SCRIPT_DIR}" ]; then
+              if ! command -v shellcheck >/dev/null 2>&1; then
+                sudo apt-get update -qq
+                sudo apt-get install -y shellcheck >/dev/null
+              fi
+
+              sc_out=''
+              while IFS= read -r shf; do
+                [ -z "${shf}" ] && continue
+                out_one="$(shellcheck -S warning -x "${shf}" 2>/dev/null || true)"
+                if [ -n "${out_one}" ]; then
+                  sc_out="${sc_out}${out_one}\n"
+                fi
+              done < <(find "${SCRIPT_DIR}" -type f -name "${SHELLCHECK_PATTERN}" 2>/dev/null | sort)
+
+              if [ -n "${sc_out}" ]; then
+                extended_findings+=("ShellCheck warnings detected (advisory)")
+                sc_head="$(printf '%s' "${sc_out}" | head -n 200)"
+                {
+                  printf '%s\n' '### ShellCheck (advisory)'
+                  printf '%s\n' '```'
+                  printf '%s\n' "${sc_head}"
+                  printf '%s\n' '```'
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            spdx_missing=()
+            IFS=',' read -r -a spdx_globs <<< "${SPDX_FILE_GLOBS}"
+            spdx_args=()
+            for g in "${spdx_globs[@]}"; do spdx_args+=("${g}"); done
+
+            while IFS= read -r f; do
+              [ -z "${f}" ] && continue
+              if ! head -n 40 "${f}" | grep -q 'SPDX-License-Identifier:'; then
+                spdx_missing+=("${f}")
+              fi
+            done < <(git ls-files "${spdx_args[@]}" 2>/dev/null || true)
+
+            if [ "${#spdx_missing[@]}" -gt 0 ]; then
+              extended_findings+=("SPDX header missing in some tracked files (advisory)")
+              {
+                printf '%s\n' '### SPDX header advisory'
+                printf '%s\n' 'Files missing SPDX-License-Identifier (first 40 lines scan):'
+                for f in "${spdx_missing[@]}"; do printf '%s\n' "- ${f}"; done
+                printf '\n'
+              } >> "${GITHUB_STEP_SUMMARY}"
+            fi
+
+            stale_cutoff_days=180
+            stale_branches="$(git for-each-ref --format='%(refname:short) %(committerdate:unix)' refs/remotes/origin 2>/dev/null | awk -v now="$(date +%s)" -v days="${stale_cutoff_days}" '{if (now-$2 > days*86400) print $1}' | head -50)"
+            if [ -n "${stale_branches}" ]; then
+              extended_findings+=("Stale remote branches detected (advisory)")
+              {
+                printf '%s\n' '### Git hygiene advisory'
+                printf '%s\n' "Branches with last commit older than ${stale_cutoff_days} days (sample up to 50):"
+                while IFS= read -r b; do [ -n "${b}" ] && printf '%s\n' "- ${b}"; done <<< "${stale_branches}"
+                printf '\n'
+              } >> "${GITHUB_STEP_SUMMARY}"
+            fi
+          fi
+
+          {
+            printf '%s\n' '### Guardrails coverage matrix'
+            printf '%s\n' '| Domain | Status | Notes |'
+            printf '%s\n' '|---|---|---|'
+            printf '%s\n' '| Access control | OK | Admin-only execution gate |'
+            printf '%s\n' '| Release variables | OK | Repository variables validation |'
+            printf '%s\n' '| Scripts governance | OK | Directory policy and advisory reporting |'
+            printf '%s\n' '| Repo required artifacts | OK | Required, optional, disallowed enforcement |'
+            printf '%s\n' '| Repo content heuristics | OK | Brand, license, changelog structure |'
+            if [ "${extended_enabled}" = 'true' ]; then
+              if [ "${#extended_findings[@]}" -gt 0 ]; then
+                printf '%s\n' '| Extended checks | Warning | See extended findings below |'
+              else
+                printf '%s\n' '| Extended checks | OK | No findings |'
+              fi
+            else
+              printf '%s\n' '| Extended checks | SKIPPED | EXTENDED_CHECKS disabled |'
+            fi
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${extended_enabled}" = 'true' ] && [ "${#extended_findings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Extended findings (advisory)'
+              for f in "${extended_findings[@]}"; do printf '%s\n' "- ${f}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          printf '%s\n' 'Repository health guardrails passed.' >> "${GITHUB_STEP_SUMMARY}"
+
+
+  site-health:
+    name: Site Health
+    runs-on: ubuntu-latest
+    if: github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+
+      - name: Uptime check
+        if: env.URLS != ''
+        run: |
+          echo "$URLS" > /tmp/urls.txt
+          php monitoring/uptime-probe.php --urls /tmp/urls.txt --timeout 15 || echo "::warning::Some sites are down"
+          rm -f /tmp/urls.txt
+        env:
+          URLS: ${{ vars.MONITORED_URLS }}
+
+      - name: SSL certificate check
+        if: env.DOMAINS != ''
+        run: |
+          echo "$DOMAINS" > /tmp/domains.txt
+          php monitoring/ssl-check.php --domains /tmp/domains.txt --warn-days 30 || echo "::warning::SSL certificates expiring soon"
+          rm -f /tmp/domains.txt
+        env:
+          DOMAINS: ${{ vars.MONITORED_DOMAINS }}
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "### Site Health" >> $GITHUB_STEP_SUMMARY
+          echo "Uptime and SSL checks completed." >> $GITHUB_STEP_SUMMARY
+
+  # ═══════════════════════════════════════════════════════════════════════
+  # Issue Reporter — file issues for failed gates
+  # ═══════════════════════════════════════════════════════════════════════
+  report-issues:
+    name: "Report Issues"
+    runs-on: ubuntu-latest
+    needs: [access_check, release_config, scripts_governance, repo_health]
+    if: >-
+      always() &&
+      (needs.release_config.result == 'failure' ||
+       needs.scripts_governance.result == 'failure' ||
+       needs.repo_health.result == 'failure')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issues for failed gates"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          REPORTER="./automation/ci-issue-reporter.sh"
+          WF="Repo Health"
+
+          report_gate() {
+            local gate="$1" result="$2" details="$3"
+            if [ "$result" = "failure" ]; then
+              "$REPORTER" --gate "$gate" --details "$details" --workflow "$WF" --severity error
+            fi
+          }
+
+          report_gate "Release Configuration" \
+            "${{ needs.release_config.result }}" \
+            "Required repository variables are missing (RS_FTP_PATH_SUFFIX). Check repository settings."
+
+          report_gate "Scripts Governance" \
+            "${{ needs.scripts_governance.result }}" \
+            "Scripts directory policy violations detected. Review required and allowed directories."
+
+          report_gate "Repository Health" \
+            "${{ needs.repo_health.result }}" \
+            "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
+
@@ -1,312 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Universal
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
-# PATH: /templates/workflows/update-server.yml
-# VERSION: 05.00.00
-# BRIEF: Pre-release build + update server XML for dev/alpha/beta/rc branches
-#
-# Thin wrapper around moko-platform CLI tools.
-# Builds packages, updates updates.xml, and optionally deploys via SFTP.
-#
-# Joomla filters update entries by the user's "Minimum Stability" setting.
-
-name: "Update Server"
-
-on:
-  push:
-    branches:
-      - 'dev'
-      - 'dev/**'
-      - 'alpha/**'
-      - 'beta/**'
-      - 'rc/**'
-    paths:
-      - 'src/**'
-      - 'htdocs/**'
-  pull_request:
-    types: [closed]
-    branches:
-      - 'dev'
-      - 'dev/**'
-      - 'alpha/**'
-      - 'beta/**'
-      - 'rc/**'
-    paths:
-      - 'src/**'
-      - 'htdocs/**'
-  workflow_dispatch:
-    inputs:
-      stability:
-        description: 'Stability tag'
-        required: true
-        default: 'development'
-        type: choice
-        options:
-          - development
-          - alpha
-          - beta
-          - rc
-          - stable
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-
-jobs:
-  update-xml:
-    name: Update Server
-    runs-on: release
-    if: >-
-      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' || github.event_name == 'push'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
-          fetch-depth: 0
-
-      - name: Setup moko-platform tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"http-basic":{"git.mokoconsulting.tech":{"username":"token","password":"${{ secrets.MOKOGITEA_TOKEN }}"}}}'
-        run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
-          rm -rf /tmp/moko-platform
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform 2>/dev/null || true
-          if [ -d "/tmp/moko-platform" ] && [ -f "/tmp/moko-platform/composer.json" ]; then
-            cd /tmp/moko-platform && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
-          fi
-          echo "MOKO_CLI=/tmp/moko-platform/cli" >> "$GITHUB_ENV"
-
-      - name: Detect platform
-        id: platform
-        run: php ${MOKO_CLI}/manifest_read.php --path . --github-output
-
-      - name: Resolve stability and bump version
-        id: meta
-        run: |
-          BRANCH="${{ github.ref_name }}"
-
-          # Configure git for bot pushes
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-
-          # Auto-bump patch version
-          php ${MOKO_CLI}/version_bump.php --path . 2>/dev/null || true
-
-          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "0.0.0")
-
-          # Strip any existing suffix before applying stability
-          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
-
-          # Determine stability from branch or manual input
-          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
-            STABILITY="${{ inputs.stability }}"
-          elif [[ "$BRANCH" == rc/* ]]; then
-            STABILITY="rc"
-          elif [[ "$BRANCH" == beta/* ]]; then
-            STABILITY="beta"
-          elif [[ "$BRANCH" == alpha/* ]]; then
-            STABILITY="alpha"
-          else
-            STABILITY="development"
-          fi
-
-          # Version suffix per stability stream
-          case "$STABILITY" in
-            development) SUFFIX="-dev";  TAG="development" ;;
-            alpha)       SUFFIX="-alpha"; TAG="alpha" ;;
-            beta)        SUFFIX="-beta";  TAG="beta" ;;
-            rc)          SUFFIX="-rc";    TAG="release-candidate" ;;
-            *)           SUFFIX="";       TAG="stable" ;;
-          esac
-
-          # Propagate version with stability suffix to all manifest files
-          php ${MOKO_CLI}/version_set_platform.php \
-            --path . --version "$VERSION" --branch "$BRANCH" --stability "$STABILITY" 2>/dev/null || true
-          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
-
-          # Re-read version (now includes suffix from version_set_platform)
-          if [ -n "$SUFFIX" ]; then
-            VERSION="${VERSION}${SUFFIX}"
-          fi
-
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
-          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
-          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
-          echo "display_version=${VERSION}" >> "$GITHUB_OUTPUT"
-
-          # Commit version bump if changed
-          git add -A
-          git diff --cached --quiet || {
-            git commit -m "chore(version): auto-bump ${VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-            git push
-          }
-
-      - name: Create release and upload package
-        id: package
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          TAG="${{ steps.meta.outputs.tag }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          # Create or update Gitea release
-          php ${MOKO_CLI}/release_create.php \
-            --path . --version "$VERSION" --tag "$TAG" \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
-            --repo "${GITEA_REPO}" --branch "${{ github.ref_name }}" --prerelease
-
-          # Build package and upload
-          php ${MOKO_CLI}/release_package.php \
-            --path . --version "$VERSION" --tag "$TAG" \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
-            --repo "${GITEA_REPO}" --output /tmp || true
-
-      - name: Update updates.xml
-        if: steps.platform.outputs.platform == 'joomla'
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          SHA256="${{ steps.package.outputs.sha256_zip }}"
-
-          if [ ! -f "updates.xml" ]; then
-            echo "No updates.xml — skipping"
-            exit 0
-          fi
-
-          SHA_FLAG=""
-          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
-
-          php ${MOKO_CLI}/updates_xml_build.php \
-            --path . --version "${VERSION}" --stability "${STABILITY}" \
-            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
-            ${SHA_FLAG}
-
-          # Commit and push updates.xml
-          git add updates.xml
-          git diff --cached --quiet || {
-            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
-            git push
-          }
-
-      - name: Sync updates.xml to main
-        if: github.ref_name != 'main' && steps.platform.outputs.platform == 'joomla'
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          GITEA_TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-
-          FILE_SHA=$(curl -sf -H "Authorization: token ${GITEA_TOKEN}" \
-            "${API_BASE}/contents/updates.xml?ref=main" | python3 -c "import sys,json; print(json.load(sys.stdin).get('sha',''))" 2>/dev/null || true)
-
-          if [ -n "$FILE_SHA" ] && [ -f "updates.xml" ]; then
-            python3 -c "
-          import base64, json, urllib.request, sys
-          with open('updates.xml', 'rb') as f:
-              content = base64.b64encode(f.read()).decode()
-          payload = json.dumps({
-              'content': content,
-              'sha': '${FILE_SHA}',
-              'message': 'chore: sync updates.xml from ${{ steps.meta.outputs.stability }} [skip ci]',
-              'branch': 'main'
-          }).encode()
-          req = urllib.request.Request(
-              '${API_BASE}/contents/updates.xml',
-              data=payload, method='PUT',
-              headers={
-                  'Authorization': 'token ${GITEA_TOKEN}',
-                  'Content-Type': 'application/json'
-              })
-          try:
-              urllib.request.urlopen(req)
-              print('updates.xml synced to main')
-          except Exception as e:
-              print(f'WARNING: sync to main failed: {e}', file=sys.stderr)
-          "
-          fi
-
-      - name: SFTP deploy to dev server
-        if: contains(github.ref, 'dev/') || github.ref == 'refs/heads/dev'
-        env:
-          DEV_HOST: ${{ vars.DEV_FTP_HOST }}
-          DEV_PATH: ${{ vars.DEV_FTP_PATH }}
-          DEV_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
-          DEV_USER: ${{ vars.DEV_FTP_USERNAME }}
-          DEV_PORT: ${{ vars.DEV_FTP_PORT }}
-          DEV_KEY: ${{ secrets.DEV_FTP_KEY }}
-          DEV_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
-        run: |
-          # Permission check: admin or maintain role required
-          ACTOR="${{ github.actor }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
-            "${API_BASE}/collaborators/${ACTOR}/permission" 2>/dev/null | \
-            python3 -c "import sys,json; print(json.load(sys.stdin).get('permission','read'))" 2>/dev/null || echo "read")
-          case "$PERMISSION" in
-            admin|maintain|write) ;;
-            *)
-              echo "Deploy denied: ${ACTOR} has '${PERMISSION}' — requires admin, maintain, or write"
-              exit 0
-              ;;
-          esac
-
-          [ -z "$DEV_HOST" ] || [ -z "$DEV_PATH" ] && { echo "DEV FTP not configured — skipping SFTP"; exit 0; }
-
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && exit 0
-
-          PORT="${DEV_PORT:-22}"
-          REMOTE="${DEV_PATH%/}"
-          [ -n "$DEV_SUFFIX" ] && REMOTE="${REMOTE}/${DEV_SUFFIX#/}"
-
-          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
-            "$DEV_HOST" "$PORT" "$DEV_USER" "$REMOTE" > /tmp/sftp-config.json
-          if [ -n "$DEV_KEY" ]; then
-            echo "$DEV_KEY" > /tmp/deploy_key && chmod 600 /tmp/deploy_key
-            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
-          else
-            printf ',"password":"%s"}' "$DEV_PASS" >> /tmp/sftp-config.json
-          fi
-
-          PLATFORM=$(php ${MOKO_CLI}/platform_detect.php --path . 2>/dev/null || true)
-          if [ "$PLATFORM" = "waas-component" ] && [ -f "${MOKO_CLI}/../deploy/deploy-joomla.php" ]; then
-            php ${MOKO_CLI}/../deploy/deploy-joomla.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
-          elif [ -f "${MOKO_CLI}/../deploy/deploy-sftp.php" ]; then
-            php ${MOKO_CLI}/../deploy/deploy-sftp.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
-          fi
-          rm -f /tmp/deploy_key /tmp/sftp-config.json
-          echo "SFTP deploy to dev complete" >> $GITHUB_STEP_SUMMARY
-
-      - name: Summary
-        if: always()
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          DISPLAY="${{ steps.meta.outputs.display_version }}"
-          echo "## Update Server" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-          echo "| Stability | \`${STABILITY}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Version | \`${DISPLAY}\` |" >> $GITHUB_STEP_SUMMARY
@@ -25,7 +25,7 @@ jobs:
        env:
          GH_TOKEN: ${{ secrets.GH_MIRROR_TOKEN }}
          MOKOGITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
-          MOKOGITEA_URL: https://git.mokoconsulting.tech
+          MOKOGITEA_URL: https://code.mokoconsulting.tech
          MOKOGITEA_REPO: MokoConsulting/MokoGitea
          UPSTREAM_BRANCH: release/v1.26
          DAYS_BACK: ${{ github.event.inputs.days_back || '7' }}
@@ -2,7 +2,108 @@

 This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
-been added to each release, please refer to the [blog](https://blog.gitea.com).
+been added to each release, please refer to the [blog](https://blog.gitea.com).## [v1.26.1-moko.06.02.00] - 2026-06-02
+
+* FEATURES
+  * feat(licenses): full commercial license management system
+    * Package archiving with soft-delete and collapsible archived section
+    * Search keys by customer, domain, key number, email, or payment ref
+    * Download gating (none/prerelease/all modes)
+    * Domain lock grace period (DomainLockHours)
+    * RepoScope enforcement — packages scoped to specific repos
+    * Configurable license key prefix per organization
+    * Manual release-to-stream mapping with UI selector
+    * Joomla changelog XML endpoint (/changelog.xml)
+    * SHA256 checksums from sidecar files in Joomla updates.xml
+    * Joomla-standard tag values (dev/alpha/beta/rc/stable)
+    * Double confirmation modals for permanent deletion
+    * Combolist channel picker (replaces checkboxes)
+    * Extension metadata in repo settings (per-repo override)
+    * API: package CRUD, key revoke, key renew, settings GET/PUT
+    * API: purchase webhook with PaymentRef idempotency
+    * API: public validation endpoint (no auth)
+    * Migration v340-v342: all new columns synced
+  * feat(updates): 7 platform update feeds
+    * Joomla XML with downloadkey, SHA256, changelog URL
+    * Dolibarr JSON with channel filtering
+    * WordPress PUC-compatible JSON (plugin-update-checker)
+    * Composer packages.json
+    * PrestaShop module update XML
+    * Drupal update status XML
+    * WHMCS module update JSON
+  * feat(updates): feed always public — downloads gated separately
+  * feat(updates): stream-name tags supported alongside version tags
+  * feat(updates): version extraction via regex from release titles
+  * feat(updates): infourl defaults to release listing / support URL
+  * feat(updates): downloadkey prefix matches Akeeba pattern (dlid=)
+  * feat(orgs): enterprise sub-org hierarchy with parent-child relationships
+  * feat(repos): three-level visibility — Public (200), Private (403), Hidden (404)
+  * feat(settings): separate licensing settings page (/settings/licensing)
+  * feat(settings): advanced settings on dedicated page (/settings/advanced)
+  * feat(settings): section headers with dividers and icons
+  * feat(ui): icons on all settings navbars (repo, org, user, admin)
+  * feat(ui): styled 403 Access Denied page with inline login form
+  * feat(ui): open-in-new-tab button on feed URLs
+* SECURITY
+  * fix(security): ownership guards on all API handlers (cross-org prevention)
+  * fix(security): RepoScope JSON parsing (substring matching bug)
+  * fix(security): CSRF tokens in delete confirmation modals
+  * fix(security): XSS escaping in WordPress changelog HTML
+  * fix(security): require login for licenses and actions pages
+  * fix(security): 403 for all users on private repos (not 404)
+  * fix(security): licensed private repos allow release viewing for signed-in users
+  * fix(security): anonymous download access respects download_gating setting
+* FIXES
+  * fix(licenses): expanded delete permissions to org owners + site admins
+  * fix(licenses): explicit xorm column names for UpdateStreamConfig fields
+  * fix(licenses): feed always public when licensing enabled
+  * fix(build): permanent fixes for AI migration, feed/file.go, unused imports
+
+## [v1.26.1-moko.05.15.00] - 2026-05-31
+
+* BREAKING CHANGES
+  * Deprecated Issue.Ref branch selector UI (#307)
+    * Removed branch/tag selector from issue sidebar and new issue form
+    * Removed ref badge from issue lists
+    * Removed POST /ref web route and UpdateIssueRef handler
+    * DB column and commit-close logic preserved for backward compatibility
+    * API create/edit still accept `ref` field (no-op) for backward compat
+* FEATURES
+  * feat(ui): add generic combo-multiselect component (#361)
+    * Reusable dropdown with search, checkable items, and selected-items display
+    * Template: `shared/combolist.tmpl` — accepts Items, Name, Title, SelectedValues
+    * Decoupled from issue sidebar — works in any form context
+  * feat(updates): extension metadata settings for update feed generation
+  * feat(licenses): platform enforcement, key deletion, expired key cleanup
+  * feat(licenses): store keys in plaintext, show full key with copy button
+* TECH DEBT
+  * chore: full namespace migration from git.mokoconsulting.tech to code.mokoconsulting.tech (#336, #337, #344)
+    * Go module path, all imports, template URLs, workflow configs (2,276 files)
+  * fix(blame): set HasSourceRenderedToggle for renderable files (#344)
+  * fix(settings): translate team permission strings via data-locale attributes (#344)
+  * fix(dropzone): use relative path for non-image attachment markdown links (#344)
+  * fix(templates): add required validation to issue dropdown fields (#350)
+  * refactor(ts): remove redundant `handled` field from MarkdownHandleIndentionResult (#350)
+  * refactor(go): rename HasOrgOrUserVisible to IsOwnerVisibleToDoer (#350)
+  * refactor(go): replace ValuesRepository with maps.Values (Go 1.21+) (#357)
+  * refactor(go): remove CanEnableEditor wrapper, use CanContentChange directly (#357)
+  * fix(ts): parseIssueHref now uses URL pathname and trims appSubUrl (#360)
+  * fix(actions): enforce MaxJobNumPerRun (256) limit when creating jobs (#360)
+  * fix(css): use calc(infinity * 1px) for --border-radius-full (#361)
+  * fix(css): remove legacy .center class from 2015, replace with tw-text-center (#361)
+  * chore: remove stale TODO from OAuth2 regenerate secret (already implemented) (#332)
+  * chore: remove stale pull request test stub TODOs (#328)
+  * chore: remove stale GetProjectsMode TODO
+  * chore: remove stale mustNotBeArchived/mustEnableEditor FIXME from API
+  * fix(routes): remove dead legacy /cherry-pick/{sha} route (replaced by /_cherrypick/)
+  * fix(feed): use full ref name instead of ShortName for file feed revision
+* BUGFIXES
+  * fix(build): use slices.Collect for maps.Values (Go 1.23+ compat)
+  * fix(licenses): remove duplicate DeleteLicenseKey declaration
+  * fix(licenses): only show licenses tab when licensing is enabled
+  * fix(licenses): show feed URLs based on repo update platform setting
+  * fix(updates): correct dlid prefix and align XML with Joomla standard
+
 ## [v1.26.1-moko.05.06.00] - 2026-05-30

 * FEATURES
@@ -72,425 +173,3 @@ been added to each release, please refer to the [blog](https://blog.gitea.com).
  * Reopened 9 closed issues lacking documented testing proof (#3, #5, #38, #41, #70, #74, #75, #76, #78)
  * Created `pending: testing` label for features awaiting verification
  * Established policy: issues must not be closed without documented testing proof
-
-## [1.26.1](https://github.com/go-gitea/gitea/releases/tag/v1.26.1) - 2026-04-21
-
-* BUGFIXES
-  * Add event.schedule context for schedule actions task (#37320) (#37348)
-  * Fix an issue where changing an organization's visibility caused problems when users had forked its repositories. (#37324) (#37344)
-  * Use modern "git update-index --cacheinfo" syntax to support more file names (#37338) (#37343)
-  * Fix URL related escaping for oauth2 (#37334) (#37340)
-  * When the requested arch rpm is missing fall back to noarch (#37236) (#37339)
-  * Fix actions concurrency groups cross-branch leak (#37311) (#37331)
-  * Fix bug when accessing user badges (#37321) (#37329)
-  * Fix AppFullLink (#37325) (#37328)
-  * Fix container auth for public instance (#37290) (#37294)
-  * Enhance GetActionWorkflow to support fallback references (#37189) (#37283)
-  * Fix vite manifest update masking build errors (#37279) (#37310)
-  * Fix Mermaid diagrams failing when node labels contain line breaks (#37296) (#37299)
-  * Use TriggerEvent instead of Event in workflow runs API response for scheduled runs (#37288) #37360
-  * Add URL to Learn more about blocking a user. (#37355) #37367
-  * Fix button layout shift when collapsing file tree in editor (#37363) #37375
-  * Fix org team assignee/reviewer lookups for team member permissions (#37365) #37391
-  * Fix repo init README EOL (#37388) #37399
-  * Fix: dump with default zip type produces uncompressed zip (#37401)#37402
-
-## [1.26.0](https://github.com/go-gitea/gitea/releases/tag/v1.26.0) - 2026-04-17
-
-* BREAKING
-  * Correct swagger annotations for enums, status codes, and notification state (#37030)
-  * Remove GET API registration-token (#36801)
-  * Support Actions `concurrency` syntax (#32751)
-  * Make PUBLIC_URL_DETECTION default to "auto" (#36955)
-* SECURITY
-  * Bound PageSize in `ListUnadoptedRepositories` (#36884)
-* FEATURES
-  * Support Actions `concurrency` syntax (#32751)
-  * Add terraform state registry (#36710)
-  * Instance-wide (global) info banner and maintenance mode (#36571)
-  * Support rendering OpenAPI spec (#36449)
-  * Add keyboard shortcuts for repository file and code search (#36416)
-  * Add support for archive-upload rpc (#36391)
-  * Add ability to download subpath archive (#36371)
-  * Add workflow dependencies visualization (#26062) (#36248) & Restyle Workflow Graph (#36912)
-  * Automatic generation of release notes (#35977)
-  * Add "Go to file", "Delete Directory" to repo file list page (#35911)
-  * Introduce "config edit-ini" sub command to help maintaining INI config file (#35735)
-  * Add button to re-run failed jobs in Actions (#36924)
-  * Support actions and reusable workflows from private repos (#32562)
-  * Add summary to action runs view (#36883)
-  * Add user badges (#36752)
-  * Add configurable permissions for Actions automatic tokens (#36173)
-  * Add per-runner "Disable/Pause"  (#36776)
-  * Feature non-zipped actions artifacts (action v7 / nodejs / npm v6.2.0) (#36786)
-* PERFORMANCE
-  * WorkflowDispatch API optionally return runid (#36706)
-  * Add render cache for SVG icons (#36863)
-  * Load `mentionValues` asynchronously (#36739)
-  * Lazy-load some Vue components, fix heatmap chunk loading on every page (#36719)
-  * Load heatmap data asynchronously (#36622)
-  * Use prev/next pagination for user profile activities page to speed up (#36642)
-  * Refactor cat-file batch operations and support `--batch-command` approach (#35775)
-  * Use merge tree to detect conflicts when possible (#36400)
-* ENHANCEMENTS
-  * Implement logout redirection for reverse proxy auth setups (#36085) (#37171)
-  * Adds option to force update new branch in contents routes (#35592)
-  * Add viewer controller for mermaid (zoom, drag) (#36557)
-  * Add code editor setting dropdowns (#36534)
-  * Add `elk` layout support to mermaid (#36486)
-  * Add resolve/unresolve review comment API endpoints (#36441)
-  * Allow configuring default PR base branch (fixes #36412) (#36425)
-  * Add support for RPM Errata (updateinfo.xml) (#37125)
-  * Require additional user confirmation for making repo private (#36959)
-  * Add `actions.WORKFLOW_DIRS` setting (#36619)
-  * Avoid opening new tab when downloading actions logs (#36740)
-  * Implements OIDC RP-Initiated Logout (#36724)
-  * Show workflow link (#37070)
-  * Desaturate dark theme background colors (#37056)
-  * Refactor "org teams" page and help new users to "add member" to an org (#37051)
-  * Add webhook name field to improve webhook identification (#37025) (#37040)
-  * Make task list checkboxes clickable in the preview tab (#37010)
-  * Improve severity labels in Actions logs and tweak colors (#36993)
-  * Linkify URLs in Actions workflow logs (#36986)
-  * Allow text selection on checkbox labels (#36970)
-  * Support dark/light theme images in markdown (#36922)
-  * Enable native dark mode for swagger-ui (#36899)
-  * Rework checkbox styling, remove `input` border hover effect (#36870)
-  * Refactor storage content-type handling of ServeDirectURL (#36804)
-  * Use "Enable Gravatar" but not "Disable" (#36771)
-  * Use case-insensitive matching for Git error "Not a valid object name" (#36728)
-  * Add "Copy Source" to markup comment menu (#36726)
-  * Change image transparency grid to CSS (#36711)
-  * Add "Run" prefix for unnamed action steps (#36624)
-  * Persist actions log time display settings in `localStorage` (#36623)
-  * Use first commit title for multi-commit PRs and fix auto-focus title field (#36606)
-  * Improve BuildCaseInsensitiveLike with lowercase (#36598)
-  * Improve diff highlighting (#36583)
-  * Exclude cancelled runs from failure-only email notifications (#36569)
-  * Use full-file highlighting for diff sections (#36561)
-  * Color command/error logs in Actions log (#36538)
-  * Add paging headers (#36521)
-  * Improve timeline entries for WIP prefix changes in pull requests (#36518)
-  * Add FOLDER_ICON_THEME configuration option (#36496)
-  * Normalize guessed languages for code highlighting (#36450)
-  * Add chunked transfer encoding support for LFS uploads (#36380)
-  * Indicate when only optional checks failed (#36367)
-  * Add 'allow_maintainer_edit' API option for creating a pull request (#36283)
-  * Support closing keywords with URL references (#36221)
-  * Improve diff file headers (#36215)
-  * Fix and enhance comment editor monospace toggle (#36181)
-  * Add git.DIFF_RENAME_SIMILARITY_THRESHOLD option (#36164)
-  * Add matching pair insertion to markdown textarea (#36121)
-  * Add sorting/filtering to admin user search API endpoint (#36112)
-  * Allow action user have read permission in public repo like other user (#36095)
-  * Disable matchBrackets in monaco (#36089)
-  * Use GitHub-style commit message for squash merge (#35987)
-  * Make composer registry support tar.gz and tar.bz2 and fix bugs (#35958)
-  * Add GITEA_PR_INDEX env variable to githooks (#35938)
-  * Add proper error message if session provider can not be created (#35520)
-  * Add button to copy file name in PR files (#35509)
-  * Move `X_FRAME_OPTIONS` setting from `cors` to `security` section (#30256)
-  * Add placeholder content for empty content page (#37114)
-  * Add `DEFAULT_DELETE_BRANCH_AFTER_MERGE` setting (#36917)
-  * Redirect to the only OAuth2 provider when no other login methods and fix various problems (#36901)
-  * Add admin badge to navbar avatar (#36790)
-  * Add `never` option to `PUBLIC_URL_DETECTION` configuration (#36785)
-  * Add background and run count to actions list page (#36707)
-  * Add icon to buttons "Close with Comment", "Close Pull Request", "Close Issue" (#36654)
-  * Add support for in_progress event in workflow_run webhook (#36979)
-  * Report commit status for pull_request_review events (#36589)
-  * Render merged pull request title as such in dashboard feed (#36479)
-  * Feature to be able to filter project boards by milestones (#36321)
-  * Use user id in noreply emails (#36550)
-  * Enable pagination on GiteaDownloader.getIssueReactions() (#36549)
-  * Remove striped tables in UI (#36509)
-  * Improve control char rendering and escape button styling (#37094)
-  * Support legacy run/job index-based URLs and refactor migration 326 (#37008)
-  * Add date to "No Contributions" tooltip (#36190)
-  * Show edit page confirmation dialog on tree view file change (#36130)
-  * Mention proc-receive in text for dashboard.resync_all_hooks func (#35991)
-  * Reuse selectable style for wiki (#35990)
-  * Support blue yellow colorblind theme (#35910)
-  * Support selecting theme on the footer (#35741)
-  * Improve online runner check (#35722)
-  * Add quick approve button on PR page (#35678)
-  * Enable commenting on expanded lines in PR diffs (#35662)
-  * Print PR-Title into tooltip for actions (#35579)
-  * Use explicit, stronger defaults for newly generated repo signing keys for Debian (#36236)
-  * Improve the compare page (#36261)
-  * Unify repo names in system notices (#36491)
-  * Move package settings to package instead of being tied to version (#37026)
-  * Add Actions API rerun endpoints for runs and jobs (#36768)
-  * Add branch_count to repository API (#35351) (#36743)
-  * Add created_by filter to SearchIssues (#36670)
-  * Allow admins to rename non-local users (#35970)
-  * Support updating branch via API (#35951)
-  * Add an option to automatically verify SSH keys from LDAP (#35927)
-  * Make "update file" API can create a new file when SHA is not set (#35738)
-  * Update issue.go with labels documentation (labels content, not ids) (#35522)
-  * Expose content_version for optimistic locking on issue and PR edits (#37035)
-  * Pass ServeHeaderOptions by value instead of pointer, fine tune httplib tests (#36982)
-* BUGFIXES
-  * Frontend iframe renderer framework: 3D models, OpenAPI (#37233) (#37273)
-  * Fix CODEOWNERS absolute path matching. (#37244) (#37264)
-  * Swift registry metadata: preserve more JSON fields and accept empty metadata (#37254) (#37261)
-  * Fix user ssh key exporting and tests (#37256) (#37258)
-  * Fix team member avatar size and add tooltip (#37253)
-  * Fix commit title rendering in action run and blame (#37243) (#37251)
-  * Fix corrupted JSON caused by goccy library (#37214) (#37220)
-  * Add test for "fetch redirect", add CSS value validation for external render (#37207) (#37216)
-  * Fix incorrect concurrency check (#37205) (#37215)
-  * Fix handle missing base branch in PR commits API (#37193) (#37203)
-  * Fix encoding for Matrix Webhooks (#37190) (#37201)
-  * Fix handle fork-only commits in compare API (#37185) (#37199)
-  * Indicate form field readonly via background, fix RunUser config (#37175, #37180) (#37178)
-  * Report structurally invalid workflows to users (#37116) (#37164)
-  * Fix API not persisting pull request unit config when has_pull_requests is not set (#36718)
-  * Rename CSS variables and improve colorblind themes (#36353)
-  * Hide `add-matcher` and `remove-matcher` from actions job logs (#36520)
-  * Prevent navigation keys from triggering actions during IME composition (#36540)
-  * Fix vertical alignment of `.commit-sign-badge` children (#36570)
-  * Fix duplicate startup warnings in admin panel (#36641)
-  * Fix CODEOWNERS review request attribution using comment metadata (#36348)
-  * Fix HTML tags appearing in wiki table of contents (#36284)
-  * Fix various bugs (#37096)
-  * Fix various legacy problems (#37092)
-  * Fix RPM Registry 404 when package name contains 'package' (#37087)
-  * Merge some standalone Vite entries into index.js (#37085)
-  * Fix various problems (#37077)
-  * Fix issue label deletion with Actions tokens (#37013)
-  * Hide delete branch or tag buttons in mirror or archived repositories. (#37006)
-  * Fix org contact email not clearable once set (#36975)
-  * Fix a bug when forking a repository in an organization (#36950)
-  * Preserve sort order of exclusive labels from template repo (#36931)
-  * Make container registry support Apple Container (basic auth) (#36920)
-  * Fix the wrong push commits in the pull request when force push (#36914)
-  * Add class "list-header-filters" to the div for projects (#36889)
-  * Fix dbfs error handling (#36844)
-  * Fix incorrect viewed files counter if reverted change was viewed (#36819)
-  * Refactor avatar package, support default avatar fallback (#36788)
-  * Fix README symlink resolution in subdirectories like .github (#36775)
-  * Fix CSS stacking context issue in actions log (#36749)
-  * Add gpg signing for merge rebase and update by rebase (#36701)
-  * Delete non-exist branch should return 404 (#36694)
-  * Fix `TestActionsCollaborativeOwner` (#36657)
-  * Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646)
-  * Fix linguist-detectable attribute being ignored for configuration files (#36640)
-  * Fix state desync in ComboMarkdownEditor (#36625)
-  * Unify DEFAULT_SHOW_FULL_NAME output in templates and dropdown (#36597)
-  * Pull Request Pusher should be the author of the merge (#36581)
-  * Fix various version parsing problems (#36553)
-  * Fix highlight diff result (#36539)
-  * Fix mirror sync parser and fix mirror messages (#36504)
-  * Fix bug when list pull request commits (#36485)
-  * Fix various bugs (#36446)
-  * Fix issue filter menu layout (#36426)
-  * Restrict branch naming when new change matches with protection rules (#36405)
-  * Fix link/origin referrer and login redirect (#36279)
-  * Generate IDs for HTML headings without id attribute (#36233)
-  * Use a migration test instead of a wrong test which populated the meta test repositories and fix a migration bug (#36160)
-  * Fix issue close timeline icon (#36138)
-  * Fix diff blob excerpt expansion (#35922)
-  * Fix external render (#35727)
-  * Fix review request webhook bug (#35339) (#35723)
-  * Fix shutdown waitgroup panic (#35676)
-  * Cleanup ActionRun creation (#35624)
-  * Fix possible bug when migrating issues/pull requests (#33487)
-  * Various fixes (#36697)
-  * Apply notify/register mail flags during install load (#37120)
-  * Repair duration display for bad stopped timestamps (#37121)
-  * Fix(upgrade.sh): use HTTPS for GPG key import and restore SELinux context after upgrade (#36930)
-  * Fix various trivial problems (#36921)
-  * Fix various trivial problems (#36953)
-  * Fix NuGet package upload error handling (#37074)
-  * Fix CodeQL code scanning alerts (#36858)
-  * Refactor issue sidebar and fix various problems (#37045)
-  * Fix various problems (#37029)
-  * Fix relative-time RangeError (#37021)
-  * Fix chroma lexer mapping (#36629)
-  * Fix typos and grammar in English locale (#36751)
-  * Fix milestone/project text overflow in issue sidebar (#36741)
-  * Fix `no-content` message not rendering after comment edit (#36733)
-  * Fix theme loading in development (#36605)
-  * Fix workflow run jobs API returning null steps (#36603)
-  * Fix timeline event layout overflow with long content (#36595)
-  * Fix minor UI issues in runner edit page (#36590)
-  * Fix incorrect vendored detections (#36508)
-  * Fix editorconfig not respected in PR Conversation view (#36492)
-  * Don't create self-references in merged PRs (#36490)
-  * Fix potential incorrect runID in run status update (#36437)
-  * Fix file-tree ui error when adding files to repo without commits (#36312)
-  * Improve image captcha contrast for dark mode (#36265)
-  * Fix panic in blame view when a file has only a single commit (#36230)
-  * Fix spelling error in migrate-storage cmd utility (#36226)
-  * Fix code highlighting on blame page (#36157)
-  * Fix nilnil in onedev downloader (#36154)
-  * Fix actions lint (#36029)
-  * Fix oauth2 session gob register (#36017)
-  * Fix Arch repo pacman.conf snippet (#35825)
-  * Fix a number of `strictNullChecks`-related issues (#35795)
-  * Fix URLJoin, markup render link reoslving, sign-in/up/linkaccount page common data (#36861)
-  * Hide delete directory button for mirror or archive repository and disable the menu item if user have no permission (#36384)
-  * Update message severity colors, fix navbar double border (#37019)
-  * Inline and lazy-load EasyMDE CSS, fix border colors (#36714)
-  * Closed milestones with no issues now show as 100% completed (#36220)
-  * Add test for ExtendCommentTreePathLength migration and fix bugs (#35791)
-  * Only turn links to current instance into hash links (#36237)
-  * Fix typos in code comments: doesnt, dont, wont (#36890)
-* REFACTOR
-  * Clean up and improve non-gitea js error filter (#37148) (#37155)
-  * Always show owner/repo name in compare page dropdowns (#37172) (#37200)
-  * Remove dead CSS rules (#37173) (#37177)
-  * Replace Monaco with CodeMirror (#36764)
-  * Replace CSRF cookie with `CrossOriginProtection` (#36183)
-  * Replace index with id in actions routes (#36842)
-  * Remove unnecessary function parameter (#35765)
-  * Move jobparser from act repository to Gitea (#36699)
-  * Refactor compare router param parse (#36105)
-  * Optimize 'refreshAccesses' to perform update without removing then adding (#35702)
-  * Clean up checkbox cursor styles (#37016)
-  * Remove undocumented support of signing key in the repository git configuration file (#36143)
-  * Switch `cmd/` to use constructor functions. (#36962)
-  * Use `relative-time` to render absolute dates (#36238)
-  * Some refactors about GetMergeBase (#36186)
-  * Some small refactors (#36163)
-  * Use gitRepo as parameter instead of repopath when invoking sign functions (#36162)
-  * Move blame to gitrepo (#36161)
-  * Move some functions to gitrepo package to reduce RepoPath reference directly (#36126)
-  * Use gitrepo's clone and push when possible (#36093)
-  * Remove mermaid margin workaround (#35732)
-  * Move some functions to gitrepo package (#35543)
-  * Move GetDiverging functions to gitrepo (#35524)
-  * Use global lock instead of status pool for cron lock (#35507)
-  * Use explicit mux instead of DefaultServeMux (#36276)
-  * Use gitrepo's push function (#36245)
-  * Pass request context to generateAdditionalHeadersForIssue (#36274)
-  * Move assign project when creating pull request to the same database transaction (#36244)
-  * Move catfile batch to a sub package of git module (#36232)
-  * Use gitrepo.Repository instead of wikipath (#35398)
-  * Use experimental go json v2 library (#35392)
-  * Refactor template render (#36438)
-  * Refactor GetRepoRawDiffForFile to avoid unnecessary pipe or goroutine (#36434)
-  * Refactor text utility classes to Tailwind CSS (#36703)
-  * Refactor git command stdio pipe (#36422)
-  * Refactor git command context & pipeline (#36406)
-  * Refactor git command stdio pipe (#36393)
-  * Remove unused functions (#36672)
-  * Refactor Actions Token Access (#35688)
-  * Move commit related functions to gitrepo package (#35600)
-  * Move archive function to repo_model and gitrepo (#35514)
-  * Move some functions to gitrepo package (#35503)
-  * Use git model to detect whether branch exist instead of gitrepo method (#35459)
-  * Some refactor for repo path (#36251)
-  * Extract helper functions from SearchIssues (#36158)
-  * Refactor merge conan and container auth preserve actions taskID (#36560)
-  * Refactor Nuget Auth to reuse Basic Auth Token Validation (#36558)
-  * Refactor ActionsTaskID (#36503)
-  * Refactor auth middleware (#36848)
-  * Refactor code render and render control chars (#37078)
-  * Clean up AppURL, remove legacy origin-url webcomponent (#37090)
-  * Remove `util.URLJoin` and replace all callers with direct path concatenation (#36867)
-  * Replace legacy tw-flex utility classes with flex-text-block/inline (#36778)
-  * Mark unused&immature activitypub as "not implemented" (#36789)
-* TESTING
-  * Add e2e tests for server push events (#36879)
-  * Rework e2e tests (#36634)
-  * Add e2e reaction test, improve accessibility, enable parallel testing (#37081)
-  * Increase e2e test timeouts on CI to fix flaky tests (#37053)
-* BUILD
-  * Upgrade go-git to v5.18.0 (#37269)
-  * Replace rollup-plugin-license with rolldown-license-plugin (#37130) (#37158)
-  * Bump min go version to 1.26.2 (#37139) (#37143)
-  * Convert locale files from ini to json format (#35489)
-  * Bump golangci-lint to 2.7.2, enable modernize stringsbuilder (#36180)
-  * Port away from `flake-utils` (#35675)
-  * Remove nolint (#36252)
-  * Update the Unlicense copy to latest version (#36636)
-  * Update to go 1.26.0 and golangci-lint 2.9.0 (#36588)
-  * Replace `google/go-licenses` with custom generation (#36575)
-  * Update go dependencies (#36548)
-  * Bump appleboy/git-push-action from 1.0.0 to 1.2.0 (#36306)
-  * Remove fomantic form module (#36222)
-  * Bump setup-node to v6, re-enable cache (#36207)
-  * Bump crowdin/github-action from 1 to 2 (#36204)
-  * Revert "Bump alpine to 3.23 (#36185)" (#36202)
-  * Update chroma to v2.21.1 (#36201)
-  * Bump astral-sh/setup-uv from 6 to 7 (#36198)
-  * Bump docker/build-push-action from 5 to 6 (#36197)
-  * Bump aws-actions/configure-aws-credentials from 4 to 5 (#36196)
-  * Bump dev-hanz-ops/install-gh-cli-action from 0.1.0 to 0.2.1 (#36195)
-  * Add JSON linting (#36192)
-  * Enable dependabot for actions (#36191)
-  * Bump alpine to 3.23 (#36185)
-  * Update chroma to v2.21.0 (#36171)
-  * Update JS deps and eslint enhancements (#36147)
-  * Update JS deps (#36091)
-  * update golangci-lint to v2.7.0 (#36079)
-  * Update JS deps, fix deprecations (#36040)
-  * Update JS deps (#35978)
-  * Add toolchain directive to go.mod (#35901)
-  * Move `gitea-vet` to use `go tool` (#35878)
-  * Update to go 1.25.4 (#35877)
-  * Enable TypeScript `strictNullChecks` (#35843)
-  * Enable `vue/require-typed-ref` eslint rule (#35764)
-  * Update JS dependencies (#35759)
-  * Move `codeformat` folder to tools (#35758)
-  * Update dependencies (#35733)
-  * Bump happy-dom from 20.0.0 to 20.0.2 (#35677)
-  * Bump setup-go to v6 (#35660)
-  * Update JS deps, misc tweaks (#35643)
-  * Bump happy-dom from 19.0.2 to 20.0.0 (#35625)
-  * Use bundled version of spectral (#35573)
-  * Update JS and PY deps (#35565)
-  * Bump github.com/wneessen/go-mail from 0.6.2 to 0.7.1 (#35557)
-  * Migrate from webpack to vite (#37002)
-  * Update JS dependencies and misc tweaks (#37064)
-  * Update to eslint 10 (#36925)
-  * Optimize Docker build with dependency layer caching (#36864)
-  * Update JS deps (#36850)
-  * Update tool dependencies and fix new lint issues (#36702)
-  * Remove redundant linter rules (#36658)
-  * Move Fomantic dropdown CSS to custom module (#36530)
-  * Remove and forbid `@ts-expect-error` (#36513)
-  * Refactor git command stderr handling (#36402)
-  * Enable gocheckcompilerdirectives linter (#36156)
-  * Replace `lint-go-gopls` with additional `govet` linters (#36028)
-  * Update golangci-lint to v2.6.0 (#35801)
-  * Misc tool tweaks (#35734)
-  * Add cache to container build (#35697)
-  * Upgrade vite (#37126)
-  * Update `setup-uv` to v8.0.0 (#37101)
-  * Upgrade `go-git` to v5.17.2 and related dependencies (#37060)
-  * Raise minimum Node.js version to 22.18.0 (#37058)
-  * Upgrade `golang.org/x/image` to v0.38.0 (#37054)
-  * Update minimum go version to 1.26.1, golangci-lint to 2.11.2, fix test style (#36876)
-  * Enable eslint concurrency (#36878)
-  * Vendor relative-time-element as local web component (#36853)
-  * Update material-icon-theme v5.32.0 (#36832)
-  * Update Go dependencies (#36781)
-  * Upgrade minimatch (#36760)
-  * Remove i18n backport tool at the moment because of translation format changed (#36643)
-  * Update emoji data for Unicode 16 (#36596)
-  * Update JS dependencies, adjust webpack config, misc fixes (#36431)
-  * Update material-icon-theme to v5.31.0 (#36427)
-  * Update JS and PY deps (#36383)
-  * Bump alpine to 3.23, add platforms to `docker-dryrun` (#36379)
-  * Update JS deps (#36354)
-  * Update goldmark to v1.7.16 (#36343)
-  * Update chroma to v2.22.0 (#36342)
-* DOCS
-  * Update AI Contribution Policy (#37022)
-  * Update AGENTS.md with additional guidelines (#37018)
-  * Add missing cron tasks to example ini (#37012)
-  * Add AI Contribution Policy to CONTRIBUTING.md (#36651)
-  * Minor punctuation improvement in CONTRIBUTING.md (#36291)
-  * Add documentation for markdown anchor post-processing (#36443)
-* MISC
-  * Correct spelling (#36783)
-  * Update Nix flake (#37110)
-  * Update Nix flake (#37024)
-  * Add valid github scopes (#36977)
-  * Update Nix flake (#36943)
-  * Update Nix flake (#36902)
-  * Update Nix flake (#36857)
-  * Update Nix flake (#36787)
@@ -21,7 +21,7 @@ RUN apk --no-cache add \
    build-base \
    git

-WORKDIR ${GOPATH}/src/git.mokoconsulting.tech/MokoConsulting/MokoGitea
+WORKDIR ${GOPATH}/src/code.mokoconsulting.tech/MokoConsulting/MokoGitea
 COPY go.mod go.sum ./
 RUN go mod download
 # Use COPY instead of bind mount as read-only one breaks makefile state tracking
@@ -43,7 +43,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
              /tmp/local/etc/s6/gitea/* \
              /tmp/local/etc/s6/openssh/* \
              /tmp/local/etc/s6/.s6-svscan/* \
-              /go/src/git.mokoconsulting.tech/MokoConsulting/MokoGitea/gitea
+              /go/src/code.mokoconsulting.tech/MokoConsulting/MokoGitea/gitea

 FROM docker.io/library/alpine:3.23 AS gitea

@@ -75,7 +75,10 @@ RUN addgroup \
  echo "git:*" | chpasswd -e

 COPY --from=build-env /tmp/local /
-COPY --from=build-env /go/src/git.mokoconsulting.tech/MokoConsulting/MokoGitea/gitea /app/gitea/gitea
+COPY --from=build-env /go/src/code.mokoconsulting.tech/MokoConsulting/MokoGitea/gitea /app/gitea/gitea
+
+# Disable openssh s6 service — we use external SSH (port 2222 via host).
+RUN printf '#!/bin/sh\nexec sleep infinity\n' > /etc/s6/openssh/run && chmod 755 /etc/s6/openssh/run

 ENV USER=git
 ENV GITEA_CUSTOM=/data/gitea
@@ -11,14 +11,14 @@ Custom Gitea fork with Project Board API

 ## Pages

- [Branding](https://git.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki/Branding)
- [Deployment](https://git.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki/Deployment)
+- [Branding](https://code.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki/Branding)
+- [Deployment](https://code.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki/Deployment)
 - [Project API](Project API)
- [roadmap](https://git.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki/roadmap)
+- [roadmap](https://code.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki/roadmap)

 ---

-**Category:** Infrastructure | **Platform:** [moko-platform wiki](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki)
+**Category:** Infrastructure | **Platform:** [moko-platform wiki](https://code.mokoconsulting.tech/MokoConsulting/moko-platform/wiki)

 ---

@@ -28,7 +28,7 @@ Custom Gitea fork with Project Board API

 ## Documentation

-Full documentation is available on the [Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki).
+Full documentation is available on the [Wiki](https://code.mokoconsulting.tech/MokoConsulting/MokoGitea/wiki).

 ## Contributing

@@ -40,4 +40,4 @@ This project is licensed under the GNU General Public License v3.0 or later -- s

 ---

-*[Moko Consulting](https://mokoconsulting.tech) -- [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)*
+*[Moko Consulting](https://mokoconsulting.tech) -- [MokoStandards](https://code.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)*
@@ -0,0 +1,237 @@
+#!/usr/bin/env bash
+# ============================================================================
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Automation.CI
+# INGROUP: moko-platform.Automation
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /automation/ci-issue-reporter.sh
+# VERSION: 09.23.00
+# BRIEF: Creates or updates a Gitea issue when a CI gate fails.
+#        Deduplicates by searching open issues with the "ci-auto" label
+#        whose title matches the gate. If a matching issue exists, a comment
+#        is appended instead of opening a duplicate.
+# ============================================================================
+
+set -euo pipefail
+
+# ── Defaults ────────────────────────────────────────────────────────────────
+GITEA_URL="${GITEA_URL:-https://git.mokoconsulting.tech}"
+GITEA_TOKEN="${GITEA_TOKEN:-}"
+REPO="${GITHUB_REPOSITORY:-}"
+RUN_URL="${GITHUB_SERVER_URL:-${GITEA_URL}}/${REPO}/actions/runs/${GITHUB_RUN_ID:-0}"
+LABEL_NAME="ci-auto"
+LABEL_COLOR="#e11d48"
+
+GATE=""
+DETAILS=""
+SEVERITY="error"
+WORKFLOW=""
+
+# ── Parse arguments ─────────────────────────────────────────────────────────
+usage() {
+  cat <<EOF
+Usage: ci-issue-reporter.sh --gate NAME --details TEXT [OPTIONS]
+
+Required:
+  --gate      CI gate name (e.g. "Code Quality", "Self-Health")
+  --details   Human-readable failure description
+
+Optional:
+  --severity  "error" (default) or "warning"
+  --workflow  Workflow name for the issue title
+  --repo      owner/repo (default: \$GITHUB_REPOSITORY)
+  --run-url   URL to the CI run (auto-detected from env)
+  --token     Gitea API token (default: \$GITEA_TOKEN)
+  --url       Gitea base URL (default: \$GITEA_URL)
+EOF
+  exit 1
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --gate)     GATE="$2";       shift 2 ;;
+    --details)  DETAILS="$2";    shift 2 ;;
+    --severity) SEVERITY="$2";   shift 2 ;;
+    --workflow) WORKFLOW="$2";   shift 2 ;;
+    --repo)     REPO="$2";      shift 2 ;;
+    --run-url)  RUN_URL="$2";   shift 2 ;;
+    --token)    GITEA_TOKEN="$2"; shift 2 ;;
+    --url)      GITEA_URL="$2"; shift 2 ;;
+    -h|--help)  usage ;;
+    *)          echo "Unknown option: $1"; usage ;;
+  esac
+done
+
+[[ -z "$GATE" ]]         && { echo "ERROR: --gate is required"; usage; }
+[[ -z "$DETAILS" ]]      && { echo "ERROR: --details is required"; usage; }
+[[ -z "$GITEA_TOKEN" ]]  && { echo "ERROR: GITEA_TOKEN not set"; exit 1; }
+[[ -z "$REPO" ]]         && { echo "ERROR: GITHUB_REPOSITORY not set"; exit 1; }
+
+API="${GITEA_URL}/api/v1/repos/${REPO}"
+
+# ── Build title ─────────────────────────────────────────────────────────────
+if [[ -n "$WORKFLOW" ]]; then
+  TITLE="[CI] ${WORKFLOW}: ${GATE} failed"
+else
+  TITLE="[CI] ${GATE} failed"
+fi
+
+# ── Ensure label exists ─────────────────────────────────────────────────────
+ensure_label() {
+  local exists
+  exists=$(curl -sf -o /dev/null -w '%{http_code}' \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/labels" 2>/dev/null || echo "000")
+
+  if [[ "$exists" == "200" ]]; then
+    # Check if label already exists
+    local found
+    found=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -o "\"name\":\"${LABEL_NAME}\"" || true)
+
+    if [[ -z "$found" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/labels" \
+        -d "{\"name\":\"${LABEL_NAME}\",\"color\":\"${LABEL_COLOR}\",\"description\":\"Auto-created by CI issue reporter\"}" \
+        > /dev/null 2>&1 || true
+    fi
+  fi
+}
+
+# ── Search for existing open issue ──────────────────────────────────────────
+find_existing_issue() {
+  # URL-encode the gate name for the query
+  local query
+  query=$(printf '%s' "[CI] ${GATE}" | sed 's/ /%20/g; s/\[/%5B/g; s/\]/%5D/g')
+
+  local response
+  response=$(curl -sf \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/issues?type=issues&state=open&labels=${LABEL_NAME}&q=${query}&limit=5" \
+    2>/dev/null || echo "[]")
+
+  # Extract the first matching issue number
+  echo "$response" \
+    | grep -oP '"number":\s*\K[0-9]+' \
+    | head -1
+}
+
+# ── Build issue body ────────────────────────────────────────────────────────
+build_body() {
+  local severity_badge
+  if [[ "$SEVERITY" == "error" ]]; then
+    severity_badge="**Severity:** Error"
+  else
+    severity_badge="**Severity:** Warning"
+  fi
+
+  cat <<BODY
+## CI Gate Failure: ${GATE}
+
+${severity_badge}
+**Workflow:** ${WORKFLOW:-unknown}
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+### Details
+
+${DETAILS}
+
+### Resolution
+
+Fix the issue described above and push a new commit. This issue will be closed automatically when the gate passes, or can be closed manually.
+
+---
+*Auto-created by [ci-issue-reporter](${GITEA_URL}/${REPO}/src/branch/main/automation/ci-issue-reporter.sh)*
+BODY
+}
+
+# ── Build comment body (for existing issues) ────────────────────────────────
+build_comment() {
+  cat <<COMMENT
+### CI failure recurrence
+
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+${DETAILS}
+COMMENT
+}
+
+# ── Main ────────────────────────────────────────────────────────────────────
+ensure_label
+
+EXISTING=$(find_existing_issue)
+
+if [[ -n "$EXISTING" ]]; then
+  # Append comment to existing issue
+  COMMENT_BODY=$(build_comment)
+  COMMENT_JSON=$(printf '%s' "$COMMENT_BODY" | python3 -c "
+import sys, json
+print(json.dumps({'body': sys.stdin.read()}))" 2>/dev/null)
+
+  HTTP=$(curl -sf -o /dev/null -w '%{http_code}' -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues/${EXISTING}/comments" \
+    -d "${COMMENT_JSON}" 2>/dev/null || echo "000")
+
+  if [[ "$HTTP" == "201" ]]; then
+    echo "Commented on existing issue #${EXISTING}"
+  else
+    echo "WARNING: Failed to comment on issue #${EXISTING} (HTTP ${HTTP})"
+  fi
+else
+  # Create new issue
+  ISSUE_BODY=$(build_body)
+  ISSUE_JSON=$(python3 -c "
+import sys, json
+body = sys.stdin.read()
+print(json.dumps({
+    'title': sys.argv[1],
+    'body': body,
+    'labels': []
+}))" "$TITLE" <<< "$ISSUE_BODY" 2>/dev/null)
+
+  # Create the issue
+  RESPONSE=$(curl -sf -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues" \
+    -d "${ISSUE_JSON}" 2>/dev/null || echo "{}")
+
+  ISSUE_NUM=$(echo "$RESPONSE" | grep -oP '"number":\s*\K[0-9]+' | head -1)
+
+  if [[ -n "$ISSUE_NUM" ]]; then
+    # Apply label (separate call — more reliable across Gitea versions)
+    LABEL_ID=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -oP "\"id\":\s*\K[0-9]+(?=[^}]*\"name\":\s*\"${LABEL_NAME}\")" \
+      | head -1 || true)
+
+    if [[ -n "$LABEL_ID" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/issues/${ISSUE_NUM}/labels" \
+        -d "{\"labels\":[${LABEL_ID}]}" \
+        > /dev/null 2>&1 || true
+    fi
+
+    echo "Created issue #${ISSUE_NUM}: ${TITLE}"
+  else
+    echo "WARNING: Failed to create issue"
+    echo "Response: ${RESPONSE}"
+  fi
+fi
@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"os"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/assetfs"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/assetfs"
 )

 func main() {
@@ -20,7 +20,7 @@ import (
 	"strings"
 	"unicode/utf8"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
 )

 const (
@@ -15,7 +15,7 @@ import (
 	"path/filepath"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
 )

 func main() {
@@ -30,7 +30,7 @@ var primaryLicenseRe = regexp.MustCompile(`^(?i)(LICEN[SC]E|COPYING)$`)
 // ignoredNames are LicenseEntry.Name values to exclude from the output.
 var ignoredNames = map[string]bool{
 	"code.gitea.io/gitea":                 true,
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/options/license": true,
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/options/license": true,
 }

 var excludedExt = map[string]bool{
@@ -25,7 +25,7 @@ import (
 	"sort"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/build/openapi3gen"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/build/openapi3gen"

 	"github.com/getkin/kin-openapi/openapi3"
 )
@@ -8,7 +8,7 @@ import (
 	"regexp"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"

 	"github.com/getkin/kin-openapi/openapi2"
 	"github.com/getkin/kin-openapi/openapi2conv"
@@ -7,8 +7,8 @@ import (
 	"context"
 	"fmt"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -8,12 +8,12 @@ import (
 	"context"
 	"fmt"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/gitrepo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	repo_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/repository"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/gitrepo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	repo_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/repository"

 	"github.com/urfave/cli/v3"
 )
@@ -10,9 +10,9 @@ import (
 	"os"
 	"text/tabwriter"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	auth_service "git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	auth_service "code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth"

 	"github.com/urfave/cli/v3"
 )
@@ -8,9 +8,9 @@ import (
 	"fmt"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/ldap"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/ldap"

 	"github.com/urfave/cli/v3"
 )
@@ -7,9 +7,9 @@ import (
 	"context"
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/test"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/ldap"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/test"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/ldap"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
@@ -9,9 +9,9 @@ import (
 	"fmt"
 	"net/url"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/oauth2"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/oauth2"

 	"github.com/urfave/cli/v3"
 )
@@ -7,8 +7,8 @@ import (
 	"context"
 	"testing"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/oauth2"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/oauth2"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
@@ -8,9 +8,9 @@ import (
 	"errors"
 	"strings"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/smtp"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/smtp"

 	"github.com/urfave/cli/v3"
 )
@@ -7,8 +7,8 @@ import (
 	"context"
 	"testing"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/smtp"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/auth/source/smtp"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
@@ -6,9 +6,9 @@ package cmd
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
-	asymkey_service "git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/asymkey"
-	repo_service "git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/repository"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
+	asymkey_service "code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/asymkey"
+	repo_service "code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/repository"

 	"github.com/urfave/cli/v3"
 )
@@ -8,11 +8,11 @@ import (
 	"errors"
 	"fmt"

-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/auth/password"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	user_service "git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/user"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/auth/password"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	user_service "code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/user"

 	"github.com/urfave/cli/v3"
 )
@@ -7,9 +7,9 @@ import (
 	"io"
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -9,12 +9,12 @@ import (
 	"fmt"
 	"strings"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	pwd "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/auth/password"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	pwd "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/auth/password"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -8,10 +8,10 @@ import (
 	"strings"
 	"testing"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -9,10 +9,10 @@ import (
 	"fmt"
 	"strings"

-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
-	user_service "git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/user"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
+	user_service "code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/user"

 	"github.com/urfave/cli/v3"
 )
@@ -8,10 +8,10 @@ import (
 	"strings"
 	"testing"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"

 	"github.com/stretchr/testify/require"
 )
@@ -8,8 +8,8 @@ import (
 	"errors"
 	"fmt"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"

 	"github.com/urfave/cli/v3"
 )
@@ -9,7 +9,7 @@ import (
 	"os"
 	"text/tabwriter"

-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"

 	"github.com/urfave/cli/v3"
 )
@@ -8,8 +8,8 @@ import (
 	"errors"
 	"fmt"

-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -6,9 +6,9 @@ package cmd
 import (
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -15,11 +15,11 @@ import (
 	"strings"
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/cmd"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/test"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/cmd"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/test"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"os"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -12,13 +12,13 @@ import (
 	"strings"
 	"text/tabwriter"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/migrations"
-	migrate_base "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/migrations/base"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/doctor"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/migrations"
+	migrate_base "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/migrations/base"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/doctor"

 	"github.com/urfave/cli/v3"
 	"xorm.io/xorm"
@@ -7,9 +7,9 @@ import (
 	"context"
 	"fmt"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -7,8 +7,8 @@ import (
 	"context"
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/doctor"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/doctor"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
@@ -11,13 +11,13 @@ import (
 	"path/filepath"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/dump"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/dump"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	"gitea.com/go-chi/session"
 	"github.com/urfave/cli/v3"
@@ -10,14 +10,14 @@ import (
 	"os"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	base "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/migration"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/structs"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/convert"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/migrations"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	base "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/migration"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/structs"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/convert"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/migrations"

 	"github.com/urfave/cli/v3"
 )
@@ -11,14 +11,14 @@ import (
 	"path/filepath"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/assetfs"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/glob"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/options"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/public"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/templates"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/assetfs"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/glob"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/options"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/public"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/templates"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	"github.com/urfave/cli/v3"
 )
@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"os"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/generate"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/generate"

 	"github.com/mattn/go-isatty"
 	"github.com/urfave/cli/v3"
@@ -15,9 +15,9 @@ import (
 	"strings"
 	"syscall"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -14,12 +14,12 @@ import (
 	"strings"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git/gitcmd"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
-	repo_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/repository"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git/gitcmd"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	repo_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/repository"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -9,8 +9,8 @@ import (
 	"fmt"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"

 	"github.com/urfave/cli/v3"
 )
@@ -7,8 +7,8 @@ import (
 	"context"
 	"fmt"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -10,8 +10,8 @@ import (
 	"os"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -7,7 +7,7 @@ import (
 	"context"
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
@@ -8,7 +8,7 @@ import (
 	"os"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"

 	"github.com/urfave/cli/v3"
 )
@@ -9,8 +9,8 @@ import (
 	"fmt"
 	"os"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"

 	"github.com/urfave/cli/v3"
 )
@@ -6,10 +6,10 @@ package cmd
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/versioned_migration"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/versioned_migration"

 	"github.com/urfave/cli/v3"
 )
@@ -10,17 +10,17 @@ import (
 	"io/fs"
 	"strings"

-	actions_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/actions"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	git_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/git"
-	packages_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/packages"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	packages_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/packages"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/versioned_migration"
+	actions_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/actions"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	git_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/git"
+	packages_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/packages"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	packages_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/packages"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/versioned_migration"

 	"github.com/urfave/cli/v3"
 )
@@ -8,13 +8,13 @@ import (
 	"strings"
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/packages"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	packages_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/packages"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
-	packages_service "git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/packages"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/packages"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	packages_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/packages"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/storage"
+	packages_service "code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/packages"

 	"github.com/stretchr/testify/assert"
 )
@@ -7,8 +7,8 @@ import (
 	"context"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/urfave/cli/v3"
 )
@@ -15,21 +15,21 @@ import (
 	"strings"
 	"unicode"

-	asymkey_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/asymkey"
-	git_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/git"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/perm"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git/gitcmd"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/lfstransfer"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/pprof"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/process"
-	repo_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/repository"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/services/lfs"
+	asymkey_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/asymkey"
+	git_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/git"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/perm"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git/gitcmd"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/lfstransfer"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/pprof"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/private"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/process"
+	repo_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/repository"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/services/lfs"

 	"github.com/kballard/go-shellquote"
 	"github.com/urfave/cli/v3"
@@ -15,17 +15,17 @@ import (
 	"strings"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/gtprof"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/process"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/public"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/templates"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/routers"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/routers/install"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/gtprof"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/process"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/public"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/templates"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/routers"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/routers/install"

 	"github.com/felixge/fgprof"
 	"github.com/urfave/cli/v3"
@@ -13,11 +13,11 @@ import (
 	"strconv"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/process"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/process"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	"github.com/caddyserver/certmagic"
 )
@@ -9,9 +9,9 @@ import (
 	"net/http/fcgi"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
 )

 func runHTTP(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
@@ -9,9 +9,9 @@ import (
 	"os"
 	"strings"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/graceful"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	"github.com/klauspost/cpuid/v2"
 )
@@ -1,4 +1,4 @@
-module git.mokoconsulting.tech/MokoConsulting/MokoGitea
+module code.mokoconsulting.tech/MokoConsulting/MokoGitea

 go 1.26.3

@@ -10,16 +10,16 @@ import (
 	"strings"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/cmd"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/cmd"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"

 	// register supported doc types
-	_ "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/asciicast"
-	_ "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/console"
-	_ "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/csv"
-	_ "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/markdown"
-	_ "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/orgmode"
+	_ "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/asciicast"
+	_ "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/console"
+	_ "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/csv"
+	_ "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/markdown"
+	_ "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/markup/orgmode"

 	"github.com/urfave/cli/v3"
 )
@@ -11,10 +11,10 @@ import (
 	"errors"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	"xorm.io/builder"
 )
@@ -6,11 +6,11 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/perm"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/perm"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	"xorm.io/xorm/convert"
 )
@@ -6,7 +6,7 @@ package actions
 import (
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
 )

 func TestMain(m *testing.M) {
@@ -11,17 +11,17 @@ import (
 	"strings"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	api "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/structs"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
-	webhook_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/webhook"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	api "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/structs"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	webhook_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/webhook"

 	"xorm.io/builder"
 )
@@ -9,11 +9,11 @@ import (
 	"slices"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
 )

 // ActionRunAttempt represents a single execution attempt of an ActionRun.
@@ -6,9 +6,9 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
 )

 type ActionRunAttemptList []*ActionRunAttempt
@@ -9,18 +9,17 @@ import (
 	"slices"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/actions/jobparser"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/actions/jobparser"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	"xorm.io/builder"
 )

 // MaxJobNumPerRun is the maximum number of jobs in a single run.
 // https://docs.github.com/en/actions/reference/limits#existing-system-limits
-// TODO: check this limit when creating jobs
 const MaxJobNumPerRun = 256

 // ActionRunJob represents a job of a run
@@ -6,11 +6,11 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"

 	"xorm.io/builder"
 )
@@ -6,12 +6,12 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/translation"
-	webhook_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/webhook"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/translation"
+	webhook_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/webhook"

 	"xorm.io/builder"
 )
@@ -7,10 +7,10 @@ import (
 	"testing"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"

 	"github.com/stretchr/testify/assert"
 )
@@ -10,16 +10,16 @@ import (
 	"strings"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/shared/types"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/translation"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/shared/types"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/optional"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/translation"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
 	"xorm.io/builder"
@@ -6,10 +6,10 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
 )

 type RunnerList []*ActionRunner
@@ -7,11 +7,11 @@ import (
 	"context"
 	"fmt"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
 )

 // ActionRunnerToken represents runner tokens
@@ -6,7 +6,7 @@ package actions
 import (
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unittest"

 	"github.com/stretchr/testify/assert"
 )
@@ -8,12 +8,12 @@ import (
 	"fmt"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
-	webhook_module "git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/webhook"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	user_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	webhook_module "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/webhook"
 )

 // ActionSchedule represents a schedule of a workflow file
@@ -4,7 +4,7 @@
 package actions

 import (
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"

 	"xorm.io/builder"
 )
@@ -8,9 +8,9 @@ import (
 	"strings"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"

 	"github.com/robfig/cron/v3"
 )
@@ -6,9 +6,9 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	repo_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"

 	"xorm.io/builder"
 )
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/test"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/test"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -6,7 +6,7 @@ package actions
 import (
 	"slices"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/translation"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/translation"

 	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
 )
@@ -11,14 +11,14 @@ import (
 	"strings"
 	"time"

-	auth_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unit"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/actions/jobparser"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
+	auth_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/auth"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/unit"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/actions/jobparser"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/log"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/setting"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"

 	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
 	lru "github.com/hashicorp/golang-lru/v2"
@@ -6,9 +6,9 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/container"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"

 	"xorm.io/builder"
 )
@@ -6,7 +6,7 @@ package actions
 import (
 	"context"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
 )

 // ActionTaskOutput represents an output of ActionTask.
@@ -7,8 +7,8 @@ import (
 	"context"
 	"time"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/db"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/timeutil"
 )

 // ActionTaskStep represents a step of ActionTask
@@ -7,7 +7,7 @@ import (
 	"strings"
 	"testing"

-	"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/actions/jobparser"
+	"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/actions/jobparser"

 	"github.com/stretchr/testify/assert"
 )
--- a/Show More
+++ b/Show More