From 723f25bb59021053d018ea38c96683561516c62d Mon Sep 17 00:00:00 2001
From: "gitea-actions[bot]" <gitea-actions[bot]@mokoconsulting.tech>
Date: Tue, 2 Jun 2026 18:53:35 +0000
Subject: [PATCH 01/42] chore(release): build 02.33.00 [skip ci]

---
 .mokogitea/manifest.xml                           |  2 +-
 .mokogitea/workflows/issue-branch.yml             |  2 +-
 CHANGELOG.md                                      | 15 ++-------------
 CODE_OF_CONDUCT.md                                |  2 +-
 GOVERNANCE.md                                     |  2 +-
 LICENSE.md                                        |  2 +-
 README.md                                         |  2 +-
 SECURITY.md                                       |  2 +-
 docs/guides/build-guide.md                        |  4 ++--
 docs/guides/configuration-guide.md                |  4 ++--
 docs/guides/installation-guide.md                 |  4 ++--
 docs/guides/operations-guide.md                   |  4 ++--
 docs/guides/rollback-and-recovery-guide.md        |  4 ++--
 docs/guides/testing-guide.md                      |  4 ++--
 docs/guides/troubleshooting-guide.md              |  4 ++--
 docs/guides/upgrade-and-versioning-guide.md       |  4 ++--
 docs/index.md                                     |  4 ++--
 docs/plugin-basic.md                              |  4 ++--
 docs/update-server.md                             |  2 +-
 src/packages/com_mokowaas/mokowaas.xml            |  2 +-
 .../mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml   |  2 +-
 .../plg_system_mokowaas/Extension/MokoWaaS.php    |  2 +-
 .../plg_system_mokowaas/Field/AllowedIpsField.php |  2 +-
 .../Field/CopyableTokenField.php                  |  2 +-
 .../plg_system_mokowaas/Field/CurrentIpField.php  |  2 +-
 .../Field/DemoTaskInfoField.php                   |  2 +-
 .../plg_system_mokowaas/Field/NextResetField.php  |  2 +-
 .../Field/SnapshotTablesField.php                 |  2 +-
 .../Service/ContentSyncReceiver.php               |  2 +-
 .../Service/ContentSyncService.php                |  2 +-
 .../Service/DemoResetService.php                  |  2 +-
 src/packages/plg_system_mokowaas/mokowaas.xml     |  2 +-
 src/packages/plg_system_mokowaas/script.php       |  2 +-
 .../plg_system_mokowaas/services/provider.php     |  2 +-
 .../mokowaas_devtools.xml                         |  2 +-
 .../mokowaas_firewall.xml                         |  2 +-
 .../mokowaas_monitor.xml                          |  2 +-
 .../mokowaas_tenant.xml                           |  2 +-
 .../plg_task_mokowaasdemo/mokowaasdemo.xml        |  4 ++--
 .../plg_task_mokowaassync/mokowaassync.xml        |  2 +-
 .../plg_webservices_mokowaas/mokowaas.xml         |  4 ++--
 .../perfectpublisher.xml                          |  4 ++--
 .../services/provider.php                         |  2 +-
 .../src/Extension/PerfectPublisherApi.php         |  2 +-
 src/pkg_mokowaas.xml                              |  2 +-
 updates.xml                                       |  2 +-
 46 files changed, 60 insertions(+), 71 deletions(-)

diff --git a/.mokogitea/manifest.xml b/.mokogitea/manifest.xml
index c8a9eb8f..30237d02 100644
--- a/.mokogitea/manifest.xml
+++ b/.mokogitea/manifest.xml
@@ -9,7 +9,7 @@
     <display-name>Package - MokoWaaS</display-name>
     <org>MokoConsulting</org>
     <description>White-label identity, security hardening, and tenant restriction layer for WaaS-managed Joomla environments</description>
-    <version>02.32.21</version>
+    <version>02.33.00</version>
     <license spdx="GPL-3.0-or-later">GNU General Public License v3</license>
   </identity>
   <governance>
diff --git a/.mokogitea/workflows/issue-branch.yml b/.mokogitea/workflows/issue-branch.yml
index f33f15c1..d2e729db 100644
--- a/.mokogitea/workflows/issue-branch.yml
+++ b/.mokogitea/workflows/issue-branch.yml
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: moko-platform.Automation
-# VERSION: 02.32.21
+# VERSION: 02.33.00
 # BRIEF: Auto-create feature branch when an issue is opened
 
 name: "Universal: Issue Branch"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 10eff570..1118c62f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,12 +14,11 @@
  INGROUP: MokoWaaS.Documentation
  REPO: https://github.com/mokoconsulting-tech/mokowaas
  PATH: ./CHANGELOG.md
- VERSION: 02.32.21
+ VERSION: 02.33.00
  BRIEF: Version history using `Keep a Changelog`
 -->
 
-# Changelog
-## [02.32.00] - 2026-06-02
+# Changelog## [02.32.00] - 2026-06-02
 ### Added
 - Admin control panel dashboard in com_mokowaas with site info bar, feature plugin grid, and quick actions
 - Feature plugin architecture — MokoWaaS features split into toggleable plugins managed from the dashboard
@@ -108,13 +107,3 @@
 ## [02.20.00] --- 2026-05-28
 
 ## [02.20.00] --- 2026-05-28
-
-## [02.19.00] --- 2026-05-28
-
-## [02.18.00] --- 2026-05-28
-
-
-All notable changes to the MokoWaaS plugin will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index 2c28193a..3a0a46aa 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -14,7 +14,7 @@
 	DEFGROUP: Joomla.Plugin
 	INGROUP: MokoWaaS.Documentation
 	REPO: https://github.com/mokoconsulting-tech/mokowaas
-	VERSION: 02.32.21
+	VERSION: 02.33.00
 	PATH: ./CODE_OF_CONDUCT.md
 	BRIEF: Reference + packaging repo for Moko Consulting Developer GPT Other Default
 -->
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index e050316e..8ea124af 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -19,7 +19,7 @@
  DEFGROUP: mokoconsulting-tech.MokoWaaSBrand
  INGROUP: MokoStandards.Governance
  REPO: https://github.com/mokoconsulting-tech/MokoWaaSBrand
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /GOVERNANCE.md
  BRIEF: Project governance rules, roles, and decision process for MokoWaaSBrand
 -->
diff --git a/LICENSE.md b/LICENSE.md
index 42b9353a..1197c9f5 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -15,7 +15,7 @@
 	INGROUP: MokoWaaS.Documentation
   REPO: https://github.com/mokoconsulting-tech/mokowaas
 	PATH: ./LICENSE.md
-	VERSION: 02.32.21
+	VERSION: 02.33.00
 	BRIEF: Project license (GPL-3.0-or-later)
 -->
 										GNU GENERAL PUBLIC LICENSE
diff --git a/README.md b/README.md
index f52baaec..0eba6c43 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS
  REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /README.md
  BRIEF: MokoWaaS platform plugin for Joomla
 -->
diff --git a/SECURITY.md b/SECURITY.md
index 9df1a2a6..6ba5df75 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -23,7 +23,7 @@ DEFGROUP: [PROJECT_NAME]
 INGROUP: [PROJECT_NAME].Documentation
 REPO: [REPOSITORY_URL]
 PATH: /SECURITY.md
-VERSION: 02.32.21
+VERSION: 02.33.00
 BRIEF: Security vulnerability reporting and handling policy
 -->
 
diff --git a/docs/guides/build-guide.md b/docs/guides/build-guide.md
index 34cf61be..97ab483e 100644
--- a/docs/guides/build-guide.md
+++ b/docs/guides/build-guide.md
@@ -11,13 +11,13 @@
  INGROUP: MokoWaaS.Build
  REPO: https://github.com/mokoconsulting-tech/mokowaas
  FILE: build-guide.md
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/
  BRIEF: Build and packaging guide for the MokoWaaS system plugin
  NOTE: Defines environment setup, repository layout, packaging rules, and release preparation
 -->
 
-# MokoWaaS Build Guide (VERSION: 02.32.21)
+# MokoWaaS Build Guide (VERSION: 02.33.00)
 
 ## 1. Purpose
 
diff --git a/docs/guides/configuration-guide.md b/docs/guides/configuration-guide.md
index 9b1e0976..b751daaa 100644
--- a/docs/guides/configuration-guide.md
+++ b/docs/guides/configuration-guide.md
@@ -10,13 +10,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/configuration-guide.md
  BRIEF: Configuration guide for the MokoWaaS system plugin
  NOTE: Defines plugin parameters, expected behaviors, and recommended defaults
 -->
 
-# MokoWaaS Configuration Guide (VERSION: 02.32.21)
+# MokoWaaS Configuration Guide (VERSION: 02.33.00)
 
 ## 1. Objective
 
diff --git a/docs/guides/installation-guide.md b/docs/guides/installation-guide.md
index 526b98a7..092389ef 100644
--- a/docs/guides/installation-guide.md
+++ b/docs/guides/installation-guide.md
@@ -10,13 +10,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/installation-guide.md
  BRIEF: Installation guide for the MokoWaaS system plugin
  NOTE: First document in the guide set
 -->
 
-# MokoWaaS Installation Guide (VERSION: 02.32.21)
+# MokoWaaS Installation Guide (VERSION: 02.33.00)
 
 ## Introduction
 
diff --git a/docs/guides/operations-guide.md b/docs/guides/operations-guide.md
index 025a822d..1b6b1182 100644
--- a/docs/guides/operations-guide.md
+++ b/docs/guides/operations-guide.md
@@ -10,13 +10,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/operations-guide.md
  BRIEF: Operational guide for administering and managing the MokoWaaS system plugin
  NOTE: Defines lifecycle, responsibilities, and operational behaviors
 -->
 
-# MokoWaaS Operations Guide (VERSION: 02.32.21)
+# MokoWaaS Operations Guide (VERSION: 02.33.00)
 
 ## Introduction
 
diff --git a/docs/guides/rollback-and-recovery-guide.md b/docs/guides/rollback-and-recovery-guide.md
index 55df494a..3d00b8c3 100644
--- a/docs/guides/rollback-and-recovery-guide.md
+++ b/docs/guides/rollback-and-recovery-guide.md
@@ -10,13 +10,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/rollback-and-recovery-guide.md
  BRIEF: Rollback and recovery guide for restoring stable operation after plugin related incidents
  NOTE: Completes the core guide set for WaaS plugin governance
 -->
 
-# MokoWaaS Rollback and Recovery Guide (VERSION: 02.32.21)
+# MokoWaaS Rollback and Recovery Guide (VERSION: 02.33.00)
 
 ## Introduction
 
diff --git a/docs/guides/testing-guide.md b/docs/guides/testing-guide.md
index f3ca57f5..64947ff4 100644
--- a/docs/guides/testing-guide.md
+++ b/docs/guides/testing-guide.md
@@ -7,13 +7,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/testing-guide.md
  BRIEF: Testing guide for MokoWaaS v02.01.08
  NOTE: Covers manual test procedures for language overrides, install/uninstall, and configuration
 -->
 
-# MokoWaaS Testing Guide (VERSION: 02.32.21)
+# MokoWaaS Testing Guide (VERSION: 02.33.00)
 
 ## 1. Prerequisites
 
diff --git a/docs/guides/troubleshooting-guide.md b/docs/guides/troubleshooting-guide.md
index f75fd423..d073b8a9 100644
--- a/docs/guides/troubleshooting-guide.md
+++ b/docs/guides/troubleshooting-guide.md
@@ -10,13 +10,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/troubleshooting-guide.md
  BRIEF: Troubleshooting guide for diagnosing and resolving issues related to the MokoWaaS plugin
  NOTE: Designed for administrators and WaaS operations teams
 -->
 
-# MokoWaaS Troubleshooting Guide (VERSION: 02.32.21)
+# MokoWaaS Troubleshooting Guide (VERSION: 02.33.00)
 
 ## Introduction
 
diff --git a/docs/guides/upgrade-and-versioning-guide.md b/docs/guides/upgrade-and-versioning-guide.md
index 86ae2dd7..9dc524ca 100644
--- a/docs/guides/upgrade-and-versioning-guide.md
+++ b/docs/guides/upgrade-and-versioning-guide.md
@@ -10,13 +10,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/guides/upgrade-and-versioning-guide.md
  BRIEF: Guide for updating, versioning, and maintaining the MokoWaaS plugin
  NOTE: Defines release flow, version rules, and upgrade validation
 -->
 
-# MokoWaaS Upgrade and Versioning Guide (VERSION: 02.32.21)
+# MokoWaaS Upgrade and Versioning Guide (VERSION: 02.33.00)
 
 ## Introduction
 
diff --git a/docs/index.md b/docs/index.md
index c9303593..835baaaf 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -10,13 +10,13 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Documentation
  REPO: https://github.com/mokoconsulting-tech/mokowaas
- VERSION: 02.32.21
+ VERSION: 02.33.00
  PATH: /docs/index.md
  BRIEF: Master index of all documentation for the MokoWaaS plugin
  NOTE: Automatically maintained index for all guide canvases
 -->
 
-# MokoWaaS Documentation Index (VERSION: 02.32.21)
+# MokoWaaS Documentation Index (VERSION: 02.33.00)
 
 ## Introduction
 
diff --git a/docs/plugin-basic.md b/docs/plugin-basic.md
index 6c36ff89..b22774bc 100644
--- a/docs/plugin-basic.md
+++ b/docs/plugin-basic.md
@@ -11,12 +11,12 @@
  INGROUP: MokoWaaS
  REPO: https://github.com/mokoconsulting-tech/mokowaas
  PATH: /docs/plugin-basic.md
- VERSION: 02.32.21
+ VERSION: 02.33.00
  BRIEF: Baseline documentation for the MokoWaaS system plugin
  NOTE: Foundational reference for internal and external stakeholders
 -->
 
-# MokoWaaS Plugin Overview (VERSION: 02.32.21)
+# MokoWaaS Plugin Overview (VERSION: 02.33.00)
 
 ## Introduction
 
diff --git a/docs/update-server.md b/docs/update-server.md
index 0059d11b..0231960b 100644
--- a/docs/update-server.md
+++ b/docs/update-server.md
@@ -10,7 +10,7 @@ DEFGROUP: MokoWaaS.Documentation
 INGROUP: MokoStandards.Templates
 REPO: https://github.com/mokoconsulting-tech/MokoWaaS
 PATH: /docs/update-server.md
-VERSION: 02.32.21
+VERSION: 02.33.00
 BRIEF: How this extension's Joomla update server file (update.xml) is managed
 -->
 
diff --git a/src/packages/com_mokowaas/mokowaas.xml b/src/packages/com_mokowaas/mokowaas.xml
index d3cca22d..803387a9 100644
--- a/src/packages/com_mokowaas/mokowaas.xml
+++ b/src/packages/com_mokowaas/mokowaas.xml
@@ -20,7 +20,7 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>MokoWaaS admin dashboard and REST API. Provides a control panel for managing MokoWaaS feature plugins, site health monitoring, and remote management endpoints.</description>
 
 	<namespace path="src">Moko\Component\MokoWaaS</namespace>
diff --git a/src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml b/src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
index 8e6ec270..4f12f37c 100644
--- a/src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
+++ b/src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
@@ -7,7 +7,7 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>MOD_MOKOWAAS_CPANEL_DESC</description>
 	<namespace path="src">Moko\Module\MokoWaaSCpanel</namespace>
 
diff --git a/src/packages/plg_system_mokowaas/Extension/MokoWaaS.php b/src/packages/plg_system_mokowaas/Extension/MokoWaaS.php
index badd115f..4fb3e50b 100644
--- a/src/packages/plg_system_mokowaas/Extension/MokoWaaS.php
+++ b/src/packages/plg_system_mokowaas/Extension/MokoWaaS.php
@@ -22,7 +22,7 @@
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
  * REPO: https://github.com/mokoconsulting-tech/mokowaas
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/Extension/MokoWaaS.php
  * NOTE: Handles Joomla system events for rebranding functionality
  */
diff --git a/src/packages/plg_system_mokowaas/Field/AllowedIpsField.php b/src/packages/plg_system_mokowaas/Field/AllowedIpsField.php
index 2aa3e657..432a8a74 100644
--- a/src/packages/plg_system_mokowaas/Field/AllowedIpsField.php
+++ b/src/packages/plg_system_mokowaas/Field/AllowedIpsField.php
@@ -7,7 +7,7 @@
  * FILE INFORMATION
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/Field/AllowedIpsField.php
  * BRIEF: Custom form field that displays the current IP whitelist
  */
diff --git a/src/packages/plg_system_mokowaas/Field/CopyableTokenField.php b/src/packages/plg_system_mokowaas/Field/CopyableTokenField.php
index 7ed749d9..99d551bb 100644
--- a/src/packages/plg_system_mokowaas/Field/CopyableTokenField.php
+++ b/src/packages/plg_system_mokowaas/Field/CopyableTokenField.php
@@ -8,7 +8,7 @@
  * FILE INFORMATION
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/Field/CopyableTokenField.php
  * BRIEF: Read-only token field with a copy-to-clipboard button
  */
diff --git a/src/packages/plg_system_mokowaas/Field/CurrentIpField.php b/src/packages/plg_system_mokowaas/Field/CurrentIpField.php
index ea475f69..3d4bf6f6 100644
--- a/src/packages/plg_system_mokowaas/Field/CurrentIpField.php
+++ b/src/packages/plg_system_mokowaas/Field/CurrentIpField.php
@@ -7,7 +7,7 @@
  * FILE INFORMATION
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/Field/CurrentIpField.php
  * BRIEF: Read-only field that displays the current user's IP address
  */
diff --git a/src/packages/plg_system_mokowaas/Field/DemoTaskInfoField.php b/src/packages/plg_system_mokowaas/Field/DemoTaskInfoField.php
index 9b280b3a..97316c0a 100644
--- a/src/packages/plg_system_mokowaas/Field/DemoTaskInfoField.php
+++ b/src/packages/plg_system_mokowaas/Field/DemoTaskInfoField.php
@@ -8,7 +8,7 @@
  * FILE INFORMATION
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/Field/DemoTaskInfoField.php
  * BRIEF: Read-only field showing scheduled task info with link to manage it
  */
diff --git a/src/packages/plg_system_mokowaas/Field/NextResetField.php b/src/packages/plg_system_mokowaas/Field/NextResetField.php
index f8dc2b2e..ca4d64ef 100644
--- a/src/packages/plg_system_mokowaas/Field/NextResetField.php
+++ b/src/packages/plg_system_mokowaas/Field/NextResetField.php
@@ -8,7 +8,7 @@
  * FILE INFORMATION
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/Field/NextResetField.php
  * BRIEF: Read-only field showing next reset time from Joomla scheduled task
  */
diff --git a/src/packages/plg_system_mokowaas/Field/SnapshotTablesField.php b/src/packages/plg_system_mokowaas/Field/SnapshotTablesField.php
index 4081b99b..5618bbf6 100644
--- a/src/packages/plg_system_mokowaas/Field/SnapshotTablesField.php
+++ b/src/packages/plg_system_mokowaas/Field/SnapshotTablesField.php
@@ -8,7 +8,7 @@
  * FILE INFORMATION
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/Field/SnapshotTablesField.php
  * BRIEF: Multi-select list field that loads DB tables with sensible defaults
  */
diff --git a/src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php b/src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
index 557bc543..e6c69177 100644
--- a/src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
+++ b/src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
@@ -10,7 +10,7 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * BRIEF: Receiver-side content sync — applies incoming payload to local DB
  */
 
diff --git a/src/packages/plg_system_mokowaas/Service/ContentSyncService.php b/src/packages/plg_system_mokowaas/Service/ContentSyncService.php
index 099e905f..d27bf9a8 100644
--- a/src/packages/plg_system_mokowaas/Service/ContentSyncService.php
+++ b/src/packages/plg_system_mokowaas/Service/ContentSyncService.php
@@ -10,7 +10,7 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_system_mokowaas/Service/ContentSyncService.php
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * BRIEF: Sender-side content sync — builds payload and pushes to remote sites
  */
 
diff --git a/src/packages/plg_system_mokowaas/Service/DemoResetService.php b/src/packages/plg_system_mokowaas/Service/DemoResetService.php
index f1865e47..ce458abd 100644
--- a/src/packages/plg_system_mokowaas/Service/DemoResetService.php
+++ b/src/packages/plg_system_mokowaas/Service/DemoResetService.php
@@ -10,7 +10,7 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_system_mokowaas/Service/DemoResetService.php
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * BRIEF: Content-only snapshot/restore for demo site reset
  */
 
diff --git a/src/packages/plg_system_mokowaas/mokowaas.xml b/src/packages/plg_system_mokowaas/mokowaas.xml
index 61b33c06..b7ec28ca 100644
--- a/src/packages/plg_system_mokowaas/mokowaas.xml
+++ b/src/packages/plg_system_mokowaas/mokowaas.xml
@@ -30,7 +30,7 @@
 	<license>GNU General Public License version 3 or later; see LICENSE.md</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform.</description>
 	<namespace path=".">Moko\Plugin\System\MokoWaaS</namespace>
 	<scriptfile>script.php</scriptfile>
diff --git a/src/packages/plg_system_mokowaas/script.php b/src/packages/plg_system_mokowaas/script.php
index 4be9dd0a..dffd284d 100644
--- a/src/packages/plg_system_mokowaas/script.php
+++ b/src/packages/plg_system_mokowaas/script.php
@@ -22,7 +22,7 @@
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
  * REPO: https://github.com/mokoconsulting-tech/mokowaas
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/script.php
  * BRIEF: Installation script for MokoWaaS plugin
  * NOTE: Handles installation, update, and uninstallation tasks including language override deployment
diff --git a/src/packages/plg_system_mokowaas/services/provider.php b/src/packages/plg_system_mokowaas/services/provider.php
index 2ba926e8..8770e8aa 100644
--- a/src/packages/plg_system_mokowaas/services/provider.php
+++ b/src/packages/plg_system_mokowaas/services/provider.php
@@ -22,7 +22,7 @@
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
  * REPO: https://github.com/mokoconsulting-tech/mokowaas
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * PATH: /src/services/provider.php
  * BRIEF: Service provider for dependency injection in Joomla 5.x
  * NOTE: Registers the plugin with Joomla's DI container
diff --git a/src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml b/src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
index 39ad9503..1f432dd3 100644
--- a/src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
+++ b/src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
@@ -8,7 +8,7 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>PLG_SYSTEM_MOKOWAAS_DEVTOOLS_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSDevTools</namespace>
 
diff --git a/src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml b/src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
index ca986100..e01bdbea 100644
--- a/src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
+++ b/src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
@@ -8,7 +8,7 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>PLG_SYSTEM_MOKOWAAS_FIREWALL_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSFirewall</namespace>
 
diff --git a/src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml b/src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
index 82883089..b074eb8c 100644
--- a/src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
+++ b/src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
@@ -8,7 +8,7 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>PLG_SYSTEM_MOKOWAAS_MONITOR_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSMonitor</namespace>
 
diff --git a/src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml b/src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
index abe6efa7..9609d33c 100644
--- a/src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
+++ b/src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
@@ -8,7 +8,7 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>PLG_SYSTEM_MOKOWAAS_TENANT_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSTenant</namespace>
 
diff --git a/src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml b/src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
index bfb55459..c5f0fb25 100644
--- a/src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
+++ b/src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
@@ -12,8 +12,8 @@
 	<license>GNU General Public License version 3 or later; see LICENSE</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
+	<version>02.33.00</version>
 	<description>PLG_TASK_MOKOWAASDEMO_DESC</description>
 	<namespace path="src">Moko\Plugin\Task\MokoWaaSDemo</namespace>
 
diff --git a/src/packages/plg_task_mokowaassync/mokowaassync.xml b/src/packages/plg_task_mokowaassync/mokowaassync.xml
index c5009f9f..05ca075b 100644
--- a/src/packages/plg_task_mokowaassync/mokowaassync.xml
+++ b/src/packages/plg_task_mokowaassync/mokowaassync.xml
@@ -12,7 +12,7 @@
 	<license>GNU General Public License version 3 or later; see LICENSE</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<description>PLG_TASK_MOKOWAASSYNC_DESC</description>
 	<namespace path="src">Moko\Plugin\Task\MokoWaaSSync</namespace>
 
diff --git a/src/packages/plg_webservices_mokowaas/mokowaas.xml b/src/packages/plg_webservices_mokowaas/mokowaas.xml
index 96526391..a23ea1d2 100644
--- a/src/packages/plg_webservices_mokowaas/mokowaas.xml
+++ b/src/packages/plg_webservices_mokowaas/mokowaas.xml
@@ -7,8 +7,8 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
+	<version>02.33.00</version>
 	<description>Joomla Web Services API routes for MokoWaaS site management — health checks, cache, updates, backups, and site info.</description>
 	<namespace path="src">Moko\Plugin\WebServices\MokoWaaS</namespace>
 	<files>
diff --git a/src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml b/src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
index fbbecc34..5fe28dab 100644
--- a/src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
+++ b/src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
@@ -7,8 +7,8 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
-	<version>02.32.21</version>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
+	<version>02.33.00</version>
 	<description>Joomla Web Services API routes for Perfect Publisher (com_autotweet) — channels, posts, requests, rules, and feeds.</description>
 	<namespace path="src">Moko\Plugin\WebServices\PerfectPublisher</namespace>
 	<files>
diff --git a/src/packages/plg_webservices_perfectpublisher/services/provider.php b/src/packages/plg_webservices_perfectpublisher/services/provider.php
index 88a41a08..25863663 100644
--- a/src/packages/plg_webservices_perfectpublisher/services/provider.php
+++ b/src/packages/plg_webservices_perfectpublisher/services/provider.php
@@ -8,7 +8,7 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_webservices_perfectpublisher/services/provider.php
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * BRIEF: DI service provider for Perfect Publisher Web Services plugin
  */
 
diff --git a/src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php b/src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
index 9b8f8b54..0a8f80fd 100644
--- a/src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
+++ b/src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
@@ -8,7 +8,7 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
- * VERSION: 02.32.21
+ * VERSION: 02.33.00
  * BRIEF: Web Services API plugin for Perfect Publisher (com_autotweet)
  */
 
diff --git a/src/pkg_mokowaas.xml b/src/pkg_mokowaas.xml
index 0404390a..ecb3e62d 100644
--- a/src/pkg_mokowaas.xml
+++ b/src/pkg_mokowaas.xml
@@ -2,7 +2,7 @@
 <extension type="package" method="upgrade">
 	<name>Package - MokoWaaS</name>
 	<packagename>mokowaas</packagename>
-	<version>02.32.21</version>
+	<version>02.33.00</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/updates.xml b/updates.xml
index 5d570e01..6ce09b9e 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.21-dev
+ VERSION: 02.33.00-dev
  -->
 
 <updates>

From d4514aa37d51f09f3be222d4e51a9a233d6fac9e Mon Sep 17 00:00:00 2001
From: "gitea-actions[bot]" <gitea-actions[bot]@mokoconsulting.tech>
Date: Tue, 2 Jun 2026 18:53:36 +0000
Subject: [PATCH 02/42] chore: update channels for 02.33.00 [skip ci]

---
 updates.xml | 43 ++++++++++++++++++++++---------------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/updates.xml b/updates.xml
index 6ce09b9e..30614ca4 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.33.00-dev
+ VERSION: 02.33.00
  -->
 
 <updates>
@@ -13,33 +13,34 @@
     <client>site</client>
     <version>02.32.21-dev</version>
     <creationDate>2026-06-02</creationDate>
-    <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
+    <infourl title="Package - MokoWaaS">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.21-dev.zip</downloadurl>
+      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.21-dev.zip</downloadurl>
     </downloads>
     <sha256>2330a2b3278587c66a4b43e4c6d5a330a7fb2d161c0df09cd266850aabb82d82</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
-    <targetplatform name="joomla" version="(5|6)\..*" />
+    <targetplatform name="joomla" version="(5|6)\..*"/>
   </update>
   <update>
-		<name>Package - MokoWaaS</name>
-		<description>MokoWaaS site management suite</description>
-		<element>pkg_mokowaas</element>
-		<type>package</type>
-		<version>02.32.00</version>
-		<infourl title="MokoWaaS">https://mokoconsulting.tech</infourl>
-		<downloads>
-			<downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/v02.32.00/pkg_mokowaas-02.32.00.zip</downloadurl>
-		</downloads>
-		<tags>
-			<tag>stable</tag>
-		</tags>
-		<maintainer>Moko Consulting</maintainer>
-		<maintainerurl>https://mokoconsulting.tech</maintainerurl>
-		<targetplatform name="joomla" version="5\.[0-9]"/>
-		<php_minimum>8.1</php_minimum>
-	</update>
+    <name>Package - MokoWaaS</name>
+    <description>Package - MokoWaaS stable build.</description>
+    <element>pkg_mokowaas</element>
+    <type>package</type>
+    <client>site</client>
+    <version>02.33.00</version>
+    <creationDate>2026-06-02</creationDate>
+    <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/stable</infourl>
+    <downloads>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/stable/pkg_mokowaas-02.33.00.zip</downloadurl>
+    </downloads>
+    <sha256>30e18531d9e453173c8945fdfaf690dacdcc3d584d827d146f0c86c851f49bb0</sha256>
+    <tags><tag>stable</tag></tags>
+    <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
+    <maintainer>Moko Consulting</maintainer>
+    <maintainerurl>https://mokoconsulting.tech</maintainerurl>
+    <targetplatform name="joomla" version="(5|6)\..*" />
+  </update>
 </updates>

From 903999a2623bdfad374625d39adfd72febf9bd77 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 18:54:55 +0000
Subject: [PATCH 03/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/updates.xml b/updates.xml
index 30614ca4..eabcb02f 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.33.00
+ VERSION: 02.32.22-dev
  -->
 
 <updates>
@@ -11,18 +11,18 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.21-dev</version>
+    <version>02.32.22-dev</version>
     <creationDate>2026-06-02</creationDate>
-    <infourl title="Package - MokoWaaS">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
+    <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.21-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.22-dev.zip</downloadurl>
     </downloads>
-    <sha256>2330a2b3278587c66a4b43e4c6d5a330a7fb2d161c0df09cd266850aabb82d82</sha256>
+    <sha256>d96e622418b04747079620c36d95e2d054a8652eaf22ae756cad6177d27ebdcf</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
-    <targetplatform name="joomla" version="(5|6)\..*"/>
+    <targetplatform name="joomla" version="(5|6)\..*" />
   </update>
   <update>
     <name>Package - MokoWaaS</name>
@@ -32,15 +32,15 @@
     <client>site</client>
     <version>02.33.00</version>
     <creationDate>2026-06-02</creationDate>
-    <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/stable</infourl>
+    <infourl title="Package - MokoWaaS">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/stable</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/stable/pkg_mokowaas-02.33.00.zip</downloadurl>
+      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/stable/pkg_mokowaas-02.33.00.zip</downloadurl>
     </downloads>
     <sha256>30e18531d9e453173c8945fdfaf690dacdcc3d584d827d146f0c86c851f49bb0</sha256>
     <tags><tag>stable</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>
     <maintainerurl>https://mokoconsulting.tech</maintainerurl>
-    <targetplatform name="joomla" version="(5|6)\..*" />
+    <targetplatform name="joomla" version="(5|6)\..*"/>
   </update>
 </updates>

From f79dc2a26e69c38de3237fed9e8b970f8e7f5512 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 19:06:01 +0000
Subject: [PATCH 04/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index eabcb02f..91b2b944 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.22-dev
+ VERSION: 02.32.24-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.22-dev</version>
+    <version>02.32.24-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.22-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.24-dev.zip</downloadurl>
     </downloads>
-    <sha256>d96e622418b04747079620c36d95e2d054a8652eaf22ae756cad6177d27ebdcf</sha256>
+    <sha256>789ea2778dd5b43440a596f9703d29efc93c70ac72c26a1348caff3583427b9a</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 4237740d32afda43a9d786a8bf3c5d826fe5eb13 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 19:09:25 +0000
Subject: [PATCH 05/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 91b2b944..4a2a2889 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.24-dev
+ VERSION: 02.32.25-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.24-dev</version>
+    <version>02.32.25-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.24-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.25-dev.zip</downloadurl>
     </downloads>
-    <sha256>789ea2778dd5b43440a596f9703d29efc93c70ac72c26a1348caff3583427b9a</sha256>
+    <sha256>1fb2a04c8367972a9677d4760e42a6f10767970e8d58dfb1dfd3fd01aceebc3d</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 6d3eaa4471ecb541b148c27d238eaf4c86cb10ce Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 19:14:31 +0000
Subject: [PATCH 06/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 4a2a2889..819fb214 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.25-dev
+ VERSION: 02.32.26-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.25-dev</version>
+    <version>02.32.26-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.25-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.26-dev.zip</downloadurl>
     </downloads>
-    <sha256>1fb2a04c8367972a9677d4760e42a6f10767970e8d58dfb1dfd3fd01aceebc3d</sha256>
+    <sha256>de5fe3c9660f551bfa83dda522a9a54df67f9683a7bd44db30125fd14a1ed69a</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From b7057745a3e95d13ec3c9543770a450e25ed0d3c Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 19:31:59 +0000
Subject: [PATCH 07/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 819fb214..c5348bc5 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.26-dev
+ VERSION: 02.32.27-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.26-dev</version>
+    <version>02.32.27-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.26-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.27-dev.zip</downloadurl>
     </downloads>
-    <sha256>de5fe3c9660f551bfa83dda522a9a54df67f9683a7bd44db30125fd14a1ed69a</sha256>
+    <sha256>bd6356adc7d195a59437462d89bf99bf7834e3802ef933bd0862169867eea0e1</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From ca9ef82caf821ca4f1bdd08419e55817f5b8cf2a Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 19:34:30 +0000
Subject: [PATCH 08/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index c5348bc5..89bdd4da 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.27-dev
+ VERSION: 02.32.28-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.27-dev</version>
+    <version>02.32.28-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.27-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.28-dev.zip</downloadurl>
     </downloads>
-    <sha256>bd6356adc7d195a59437462d89bf99bf7834e3802ef933bd0862169867eea0e1</sha256>
+    <sha256>6cdd45c78b4673b14637c8160e9f7807f105049bd849751b8da6aa07bdcf0452</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 47db66b70bfff3c916e4cc06984956d395861cb0 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 19:52:40 +0000
Subject: [PATCH 09/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 89bdd4da..47048f13 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.28-dev
+ VERSION: 02.32.29-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.28-dev</version>
+    <version>02.32.29-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.28-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.29-dev.zip</downloadurl>
     </downloads>
-    <sha256>6cdd45c78b4673b14637c8160e9f7807f105049bd849751b8da6aa07bdcf0452</sha256>
+    <sha256>3b7268eddee7ad3b927b1a174132a44892a058a4716dfecf3708f628fd1e087a</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From d49fdd24fca954f9f7529eb7d6a7aba34eda1e49 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 19:59:15 +0000
Subject: [PATCH 10/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 47048f13..3c17532b 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.29-dev
+ VERSION: 02.32.30-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.29-dev</version>
+    <version>02.32.30-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.29-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.30-dev.zip</downloadurl>
     </downloads>
-    <sha256>3b7268eddee7ad3b927b1a174132a44892a058a4716dfecf3708f628fd1e087a</sha256>
+    <sha256>a41c5d16c26c906a33de21bb415a819dc9ed6db9d45d3ca3d99cc8c33eb94d05</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From a8341d456dd16e01abf8fc906cb0178eca4deda2 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 20:25:39 +0000
Subject: [PATCH 11/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 3c17532b..31a5b27f 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.30-dev
+ VERSION: 02.32.31-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.30-dev</version>
+    <version>02.32.31-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.30-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.31-dev.zip</downloadurl>
     </downloads>
-    <sha256>a41c5d16c26c906a33de21bb415a819dc9ed6db9d45d3ca3d99cc8c33eb94d05</sha256>
+    <sha256>943b30ab763312c53e78c2debe0ec34661fdd19f84a8bedd023aed8220808d86</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 34cf1235c211234b644585c9d86b2b7b6017540b Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 20:31:16 +0000
Subject: [PATCH 12/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 31a5b27f..5597df91 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.31-dev
+ VERSION: 02.32.32-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.31-dev</version>
+    <version>02.32.32-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.31-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.32-dev.zip</downloadurl>
     </downloads>
-    <sha256>943b30ab763312c53e78c2debe0ec34661fdd19f84a8bedd023aed8220808d86</sha256>
+    <sha256>3f27a5a89763bfca54c53b17a4b9047e61886c34acf2b33a787b6eaad1d751d9</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 2b1bbb9c94796f540c63b3d33e1df203de5313a8 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 20:33:50 +0000
Subject: [PATCH 13/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 5597df91..a48eb538 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.32-dev
+ VERSION: 02.32.33-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.32-dev</version>
+    <version>02.32.33-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.32-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.33-dev.zip</downloadurl>
     </downloads>
-    <sha256>3f27a5a89763bfca54c53b17a4b9047e61886c34acf2b33a787b6eaad1d751d9</sha256>
+    <sha256>a337d676828192b56c70354b2bd2017326be8b24e4f7e0cebc76efa45b908614</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 2fd3f04f790cf31a93e8b1c6d34842fcafb86a0f Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 20:47:40 +0000
Subject: [PATCH 14/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index a48eb538..cd0d4e95 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.33-dev
+ VERSION: 02.32.34-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.33-dev</version>
+    <version>02.32.34-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.33-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.34-dev.zip</downloadurl>
     </downloads>
-    <sha256>a337d676828192b56c70354b2bd2017326be8b24e4f7e0cebc76efa45b908614</sha256>
+    <sha256>631e2a56989418caee3d0bfdecad58adbe9a2a466bae5d0d3e06fd00cfd74ec4</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 3b972efcdca01969155cbc7861c11d41bcee8d5a Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 20:51:48 +0000
Subject: [PATCH 15/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index cd0d4e95..e2d46625 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.34-dev
+ VERSION: 02.32.35-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.34-dev</version>
+    <version>02.32.35-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.34-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.35-dev.zip</downloadurl>
     </downloads>
-    <sha256>631e2a56989418caee3d0bfdecad58adbe9a2a466bae5d0d3e06fd00cfd74ec4</sha256>
+    <sha256>6dc0bc62259de6bd62963a7d663e2aa80d5c0a69a1fd430f5a4a489f794afe34</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 188defdf1bb2d3e169bc6e8e6a1ce6d9d73d12f5 Mon Sep 17 00:00:00 2001
From: Moko Consulting <hello@mokoconsulting.tech>
Date: Tue, 2 Jun 2026 21:33:00 +0000
Subject: [PATCH 16/42] chore(ci): sync CI issue reporter from Template-Joomla

---
 .mokogitea/workflows/repo-health.yml | 1586 +++++++++++++-------------
 1 file changed, 817 insertions(+), 769 deletions(-)

diff --git a/.mokogitea/workflows/repo-health.yml b/.mokogitea/workflows/repo-health.yml
index b619d894..b23d971e 100644
--- a/.mokogitea/workflows/repo-health.yml
+++ b/.mokogitea/workflows/repo-health.yml
@@ -1,769 +1,817 @@
-# ============================================================================
-# Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-#
-# This file is part of a Moko Consulting project.
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Validation
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
-# PATH: /templates/workflows/joomla/repo_health.yml.template
-# VERSION: 09.23.00
-# BRIEF: Enforces repository guardrails by validating release configuration, scripts governance, tooling availability, and core repository health artifacts.
-# ============================================================================
-
-name: "Generic: Repo Health"
-
-defaults:
-  run:
-    shell: bash
-
-on:
-  workflow_dispatch:
-    inputs:
-      profile:
-        description: 'Validation profile: all, release, scripts, or repo'
-        required: true
-        default: all
-        type: choice
-        options:
-          - all
-          - release
-          - scripts
-          - repo
-  pull_request:
-  push:
-
-permissions:
-  contents: read
-
-env:
-  # Release policy - Repository Variables Only
-  RELEASE_REQUIRED_REPO_VARS: RS_FTP_PATH_SUFFIX
-  RELEASE_OPTIONAL_REPO_VARS: DEV_FTP_SUFFIX
-
-  # Scripts governance policy
-  SCRIPTS_REQUIRED_DIRS:
-  SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/lib,scripts/release,scripts/run,scripts/validate
-
-  # Repo health policy
-  REPO_REQUIRED_ARTIFACTS: README.md,LICENSE,CHANGELOG.md,CONTRIBUTING.md,CODE_OF_CONDUCT.md,.mokogitea/workflows/
-  REPO_OPTIONAL_FILES: SECURITY.md,GOVERNANCE.md,.editorconfig,.gitattributes,.gitignore,README.md,docs/
-  REPO_DISALLOWED_DIRS:
-  REPO_DISALLOWED_FILES: TODO.md,todo.md
-
-  # Extended checks toggles
-  EXTENDED_CHECKS: "true"
-
-  # File / directory variables
-  DOCS_INDEX: docs/docs-index.md
-  SCRIPT_DIR: scripts
-  WORKFLOWS_DIR: .mokogitea/workflows
-  SHELLCHECK_PATTERN: '*.sh'
-  SPDX_FILE_GLOBS: '*.sh,*.php,*.js,*.ts,*.css,*.xml,*.yml,*.yaml'
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  access_check:
-    name: Access control
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
-
-    outputs:
-      allowed: ${{ steps.perm.outputs.allowed }}
-      permission: ${{ steps.perm.outputs.permission }}
-
-    steps:
-      - name: Check actor permission (admin only)
-        id: perm
-        env:
-          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || secrets.MOKOGITEA_TOKEN || github.token }}
-          REPO: ${{ github.repository }}
-          ACTOR: ${{ github.actor }}
-        run: |
-          set -euo pipefail
-          ALLOWED=false
-          PERMISSION=unknown
-          METHOD=""
-
-          # Hardcoded authorized users — always allowed
-          case "$ACTOR" in
-            jmiller|gitea-actions[bot])
-              ALLOWED=true
-              PERMISSION=admin
-              METHOD="hardcoded allowlist"
-              ;;
-            *)
-              # Detect platform and check permissions via API
-              API_BASE="${GITHUB_API_URL:-${GITEA_API_URL:-https://api.github.com}}"
-              RESP=$(curl -sf -H "Authorization: token ${TOKEN}" \
-                "${API_BASE}/repos/${REPO}/collaborators/${ACTOR}/permission" 2>/dev/null || echo '{}')
-              PERMISSION=$(echo "$RESP" | grep -oP '"permission"\s*:\s*"\K[^"]+' || echo "unknown")
-              if [ "$PERMISSION" = "admin" ] || [ "$PERMISSION" = "maintain" ] || [ "$PERMISSION" = "owner" ]; then
-                ALLOWED=true
-              fi
-              METHOD="collaborator API"
-              ;;
-          esac
-
-          echo "permission=${PERMISSION}" >> "$GITHUB_OUTPUT"
-          echo "allowed=${ALLOWED}" >> "$GITHUB_OUTPUT"
-
-          {
-            echo "## Access Authorization"
-            echo ""
-            echo "| Field | Value |"
-            echo "|-------|-------|"
-            echo "| **Actor** | \`${ACTOR}\` |"
-            echo "| **Repository** | \`${REPO}\` |"
-            echo "| **Permission** | \`${PERMISSION}\` |"
-            echo "| **Method** | ${METHOD} |"
-            echo "| **Authorized** | ${ALLOWED} |"
-            echo ""
-            if [ "$ALLOWED" = "true" ]; then
-              echo "${ACTOR} authorized (${METHOD})"
-            else
-              echo "${ACTOR} is NOT authorized. Requires admin or maintain role."
-            fi
-          } >> "${GITHUB_STEP_SUMMARY}"
-
-      - name: Deny execution when not permitted
-        if: ${{ steps.perm.outputs.allowed != 'true' }}
-        run: |
-          set -euo pipefail
-          printf '%s\n' 'ERROR: Access denied. Admin permission required.' >> "${GITHUB_STEP_SUMMARY}"
-          exit 1
-
-  release_config:
-    name: Release configuration
-    needs: access_check
-    if: ${{ needs.access_check.outputs.allowed == 'true' }}
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Guardrails release vars
-        env:
-          PROFILE_RAW: ${{ github.event.inputs.profile }}
-          RS_FTP_PATH_SUFFIX: ${{ vars.RS_FTP_PATH_SUFFIX }}
-          DEV_FTP_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
-        run: |
-          set -euo pipefail
-
-          profile="${PROFILE_RAW:-all}"
-          case "${profile}" in
-            all|release|scripts|repo) ;;
-            *)
-              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
-              exit 1
-              ;;
-          esac
-
-          if [ "${profile}" = 'scripts' ] || [ "${profile}" = 'repo' ]; then
-            {
-              printf '%s\n' '### Release configuration (Repository Variables)'
-              printf '%s\n' "Profile: ${profile}"
-              printf '%s\n' 'Status: SKIPPED'
-              printf '%s\n' 'Reason: profile excludes release validation'
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 0
-          fi
-
-          IFS=',' read -r -a required <<< "${RELEASE_REQUIRED_REPO_VARS}"
-          IFS=',' read -r -a optional <<< "${RELEASE_OPTIONAL_REPO_VARS}"
-
-          missing=()
-          missing_optional=()
-
-          for k in "${required[@]}"; do
-            v="${!k:-}"
-            [ -z "${v}" ] && missing+=("${k}")
-          done
-
-          for k in "${optional[@]}"; do
-            v="${!k:-}"
-            [ -z "${v}" ] && missing_optional+=("${k}")
-          done
-
-          {
-            printf '%s\n' '### Release configuration (Repository Variables)'
-            printf '%s\n' "Profile: ${profile}"
-            printf '%s\n' '| Variable | Status |'
-            printf '%s\n' '|---|---|'
-            printf '%s\n' "| RS_FTP_PATH_SUFFIX | ${RS_FTP_PATH_SUFFIX:-NOT SET} |"
-            printf '%s\n' "| DEV_FTP_SUFFIX | ${DEV_FTP_SUFFIX:-NOT SET} |"
-            printf '\n'
-          } >> "${GITHUB_STEP_SUMMARY}"
-
-          if [ "${#missing_optional[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Missing optional repository variables'
-              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-          fi
-
-          if [ "${#missing[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Missing required repository variables'
-              for m in "${missing[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository variables.'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 1
-          fi
-
-          {
-            printf '%s\n' '### Repository variables validation result'
-            printf '%s\n' 'Status: OK'
-            printf '%s\n' 'All required repository variables present.'
-            printf '%s\n' ''
-            printf '%s\n' '**Note**: Organization secrets (RS_FTP_HOST, RS_FTP_USER, etc.) are validated at deployment time, not in repository health checks.'
-            printf '\n'
-          } >> "${GITHUB_STEP_SUMMARY}"
-
-  scripts_governance:
-    name: Scripts governance
-    needs: access_check
-    if: ${{ needs.access_check.outputs.allowed == 'true' }}
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Scripts folder checks
-        env:
-          PROFILE_RAW: ${{ github.event.inputs.profile }}
-        run: |
-          set -euo pipefail
-
-          profile="${PROFILE_RAW:-all}"
-          case "${profile}" in
-            all|release|scripts|repo) ;;
-            *)
-              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
-              exit 1
-              ;;
-          esac
-
-          if [ "${profile}" = 'release' ] || [ "${profile}" = 'repo' ]; then
-            {
-              printf '%s\n' '### Scripts governance'
-              printf '%s\n' "Profile: ${profile}"
-              printf '%s\n' 'Status: SKIPPED'
-              printf '%s\n' 'Reason: profile excludes scripts governance'
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 0
-          fi
-
-          if [ ! -d "${SCRIPT_DIR}" ]; then
-            {
-              printf '%s\n' '### Scripts governance'
-              printf '%s\n' 'Status: OK (advisory)'
-              printf '%s\n' 'scripts/ directory not present. No scripts governance enforced.'
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 0
-          fi
-
-          if [ -n "${SCRIPTS_REQUIRED_DIRS:-}" ]; then IFS=',' read -r -a required_dirs <<< "${SCRIPTS_REQUIRED_DIRS}"; else required_dirs=(); fi
-          IFS=',' read -r -a allowed_dirs <<< "${SCRIPTS_ALLOWED_DIRS}"
-
-          missing_dirs=()
-          unapproved_dirs=()
-
-          for d in "${required_dirs[@]}"; do
-            req="${d%/}"
-            [ ! -d "${req}" ] && missing_dirs+=("${req}/")
-          done
-
-          while IFS= read -r d; do
-            allowed=false
-            for a in "${allowed_dirs[@]}"; do
-              a_norm="${a%/}"
-              [ "${d%/}" = "${a_norm}" ] && allowed=true
-            done
-            [ "${allowed}" = false ] && unapproved_dirs+=("${d%/}/")
-          done < <(find "${SCRIPT_DIR}" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | sed 's#^\./##')
-
-          {
-            printf '%s\n' '### Scripts governance'
-            printf '%s\n' "Profile: ${profile}"
-            printf '%s\n' '| Area | Status | Notes |'
-            printf '%s\n' '|---|---|---|'
-
-            if [ "${#missing_dirs[@]}" -gt 0 ]; then
-              printf '%s\n' '| Required directories | Warning | Missing required subfolders |'
-            else
-              printf '%s\n' '| Required directories | OK | All required subfolders present |'
-            fi
-
-            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
-              printf '%s\n' '| Directory policy | Warning | Unapproved directories detected |'
-            else
-              printf '%s\n' '| Directory policy | OK | No unapproved directories |'
-            fi
-
-            printf '%s\n' '| Enforcement mode | Advisory | scripts folder is optional |'
-            printf '\n'
-
-            if [ "${#missing_dirs[@]}" -gt 0 ]; then
-              printf '%s\n' 'Missing required script directories:'
-              for m in "${missing_dirs[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '\n'
-            else
-              printf '%s\n' 'Missing required script directories: none.'
-              printf '\n'
-            fi
-
-            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
-              printf '%s\n' 'Unapproved script directories detected:'
-              for m in "${unapproved_dirs[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '\n'
-            else
-              printf '%s\n' 'Unapproved script directories detected: none.'
-              printf '\n'
-            fi
-
-            printf '%s\n' 'Scripts governance completed in advisory mode.'
-            printf '\n'
-          } >> "${GITHUB_STEP_SUMMARY}"
-
-  repo_health:
-    name: Repository health
-    needs: access_check
-    if: ${{ needs.access_check.outputs.allowed == 'true' }}
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Repository health checks
-        env:
-          PROFILE_RAW: ${{ github.event.inputs.profile }}
-        run: |
-          set -euo pipefail
-
-          profile="${PROFILE_RAW:-all}"
-          case "${profile}" in
-            all|release|scripts|repo) ;;
-            *)
-              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
-              exit 1
-              ;;
-          esac
-
-          if [ "${profile}" = 'release' ] || [ "${profile}" = 'scripts' ]; then
-            {
-              printf '%s\n' '### Repository health'
-              printf '%s\n' "Profile: ${profile}"
-              printf '%s\n' 'Status: SKIPPED'
-              printf '%s\n' 'Reason: profile excludes repository health'
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 0
-          fi
-
-          IFS=',' read -r -a required_artifacts <<< "${REPO_REQUIRED_ARTIFACTS}"
-          IFS=',' read -r -a optional_files <<< "${REPO_OPTIONAL_FILES}"
-          if [ -n "${REPO_DISALLOWED_DIRS:-}" ]; then IFS=',' read -r -a disallowed_dirs <<< "${REPO_DISALLOWED_DIRS}"; else disallowed_dirs=(); fi
-          IFS=',' read -r -a disallowed_files <<< "${REPO_DISALLOWED_FILES:-}"
-
-          missing_required=()
-          missing_optional=()
-
-          # Source directory: src/ or htdocs/ (either is valid for extension repos)
-          SOURCE_DIR=""
-          if [ -d "src" ]; then
-            SOURCE_DIR="src"
-          elif [ -d "htdocs" ]; then
-            SOURCE_DIR="htdocs"
-          elif [ -d "deploy" ] || [ -d "cli" ] || [ -d "monitoring" ]; then
-            # Platform/tooling repos don't need src/
-            SOURCE_DIR=""
-          else
-            missing_required+=("src/ or htdocs/ (source directory required)")
-          fi
-
-          for item in "${required_artifacts[@]}"; do
-            if printf '%s' "${item}" | grep -q '/$'; then
-              d="${item%/}"
-              [ ! -d "${d}" ] && missing_required+=("${item}")
-            else
-              [ ! -f "${item}" ] && missing_required+=("${item}")
-            fi
-          done
-
-          for f in "${optional_files[@]}"; do
-            if printf '%s' "${f}" | grep -q '/$'; then
-              d="${f%/}"
-              [ ! -d "${d}" ] && missing_optional+=("${f}")
-            else
-              [ ! -f "${f}" ] && missing_optional+=("${f}")
-            fi
-          done
-
-          for d in "${disallowed_dirs[@]}"; do
-            d_norm="${d%/}"
-            [ -d "${d_norm}" ] && missing_required+=("${d_norm}/ (disallowed)")
-          done
-
-          for f in "${disallowed_files[@]}"; do
-            [ -f "${f}" ] && missing_required+=("${f} (disallowed)")
-          done
-
-          git fetch origin --prune
-
-          dev_paths=()
-          dev_branches=()
-
-          while IFS= read -r b; do
-            name="${b#origin/}"
-            if [ "${name}" = 'dev' ]; then
-              dev_branches+=("${name}")
-            else
-              dev_paths+=("${name}")
-            fi
-          done < <(git branch -r --list 'origin/dev*' | sed 's/^ *//')
-
-          if [ "${#dev_paths[@]}" -eq 0 ] && [ "${#dev_branches[@]}" -eq 0 ]; then
-            missing_required+=("dev or dev/* branch")
-          fi
-
-          content_warnings=()
-
-          if [ -f 'CHANGELOG.md' ] && ! grep -Eq '^# Changelog' CHANGELOG.md; then
-            content_warnings+=("CHANGELOG.md missing '# Changelog' header")
-          fi
-
-          if [ -f 'CHANGELOG.md' ] && grep -Eq '^[# ]*Unreleased' CHANGELOG.md; then
-            content_warnings+=("CHANGELOG.md contains Unreleased section (review release readiness)")
-          fi
-
-          if [ -f 'LICENSE' ] && ! grep -qiE 'GNU GENERAL PUBLIC LICENSE|GPL' LICENSE; then
-            content_warnings+=("LICENSE does not look like a GPL text")
-          fi
-
-          if [ -f 'README.md' ] && ! grep -qiE 'moko|Moko' README.md; then
-            content_warnings+=("README.md missing expected brand keyword")
-          fi
-
-          export PROFILE_RAW="${profile}"
-          export MISSING_REQUIRED="$(printf '%s\n' "${missing_required[@]:-}")"
-          export MISSING_OPTIONAL="$(printf '%s\n' "${missing_optional[@]:-}")"
-          export CONTENT_WARNINGS="$(printf '%s\n' "${content_warnings[@]:-}")"
-
-          report_json=$(printf '{"profile":"%s","missing_required":%d,"missing_optional":%d,"content_warnings":%d}'             "$profile" "${#missing_required[@]}" "${#missing_optional[@]}" "${#content_warnings[@]}")
-
-          {
-            printf '%s\n' '### Repository health'
-            printf '%s\n' "Profile: ${profile}"
-            printf '%s\n' '| Metric | Value |'
-            printf '%s\n' '|---|---|'
-            printf '%s\n' "| Missing required | ${#missing_required[@]} |"
-            printf '%s\n' "| Missing optional | ${#missing_optional[@]} |"
-            printf '%s\n' "| Content warnings | ${#content_warnings[@]} |"
-            printf '\n'
-
-            printf '%s\n' '### Guardrails report (JSON)'
-            printf '%s\n' '```json'
-            printf '%s\n' "${report_json}"
-            printf '%s\n' '```'
-            printf '\n'
-          } >> "${GITHUB_STEP_SUMMARY}"
-
-          if [ "${#missing_required[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Missing required repo artifacts'
-              for m in "${missing_required[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository artifacts.'
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 1
-          fi
-
-          if [ "${#missing_optional[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Missing optional repo artifacts'
-              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-          fi
-
-          if [ "${#content_warnings[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Repo content warnings'
-              for m in "${content_warnings[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-          fi
-
-          # -- Joomla-specific checks --
-          joomla_findings=()
-
-          MANIFEST="$(find . -maxdepth 2 -name '*.xml' -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)"
-          if [ -z "${MANIFEST}" ]; then
-            joomla_findings+=("Joomla XML manifest not found (no *.xml with <extension> tag)")
-          else
-            if ! grep -qP '<version>' "${MANIFEST}"; then
-              joomla_findings+=("XML manifest: <version> tag missing")
-            fi
-            if ! grep -qP 'type="(component|module|plugin|library|package|template|language)"' "${MANIFEST}"; then
-              joomla_findings+=("XML manifest: type attribute missing or invalid")
-            fi
-            if ! grep -qP '<name>' "${MANIFEST}"; then
-              joomla_findings+=("XML manifest: <name> tag missing")
-            fi
-            if ! grep -qP '<author>' "${MANIFEST}"; then
-              joomla_findings+=("XML manifest: <author> tag missing")
-            fi
-            if ! grep -qP '<namespace' "${MANIFEST}"; then
-              joomla_findings+=("XML manifest: <namespace> missing (required for Joomla 5+)")
-            fi
-          fi
-
-          INI_COUNT="$(find . -name '*.ini' -type f 2>/dev/null | wc -l)"
-          if [ "${INI_COUNT}" -eq 0 ]; then
-            joomla_findings+=("No .ini language files found")
-          fi
-
-          if [ ! -f 'updates.xml' ]; then
-            joomla_findings+=("updates.xml missing in root (required for Joomla update server)")
-          fi
-
-          if [ -n "${SOURCE_DIR}" ]; then
-            INDEX_DIRS=("${SOURCE_DIR}" "${SOURCE_DIR}/admin" "${SOURCE_DIR}/site")
-            for dir in "${INDEX_DIRS[@]}"; do
-              if [ -d "${dir}" ] && [ ! -f "${dir}/index.html" ]; then
-                joomla_findings+=("${dir}/index.html missing (directory listing protection)")
-              fi
-            done
-          fi
-
-          if [ "${#joomla_findings[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Joomla extension checks'
-              printf '%s\n' '| Check | Status |'
-              printf '%s\n' '|---|---|'
-              for f in "${joomla_findings[@]}"; do
-                printf '%s\n' "| ${f} | Warning |"
-              done
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-          else
-            {
-              printf '%s\n' '### Joomla extension checks'
-              printf '%s\n' 'All Joomla-specific checks passed.'
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-          fi
-
-          extended_enabled="${EXTENDED_CHECKS:-true}"
-          extended_findings=()
-
-          if [ "${extended_enabled}" = 'true' ]; then
-            if [ -f '.github/CODEOWNERS' ] || [ -f 'CODEOWNERS' ] || [ -f 'docs/CODEOWNERS' ]; then
-              :
-            else
-              extended_findings+=("CODEOWNERS not found (.github/CODEOWNERS preferred)")
-            fi
-
-            if ls "${WORKFLOWS_DIR}"/*.yml >/dev/null 2>&1 || ls "${WORKFLOWS_DIR}"/*.yaml >/dev/null 2>&1; then
-              bad_refs="$(grep -RIn --include='*.yml' --include='*.yaml' -E '^[[:space:]]*uses:[[:space:]]*[^#]+@(main|master)\b' "${WORKFLOWS_DIR}" 2>/dev/null || true)"
-              if [ -n "${bad_refs}" ]; then
-                extended_findings+=("Workflows reference actions @main/@master (pin versions): see log excerpt")
-                {
-                  printf '%s\n' '### Workflow pinning advisory'
-                  printf '%s\n' 'Found uses: entries pinned to main/master:'
-                  printf '%s\n' '```'
-                  printf '%s\n' "${bad_refs}"
-                  printf '%s\n' '```'
-                  printf '\n'
-                } >> "${GITHUB_STEP_SUMMARY}"
-              fi
-            fi
-
-            if [ -f "${DOCS_INDEX}" ]; then
-              missing_links=""
-              while IFS= read -r docline; do
-                for link in $(echo "$docline" | grep -oE '\]\([^)]+\)' | sed 's/\](//' | sed 's/)$//' || true); do
-                  case "$link" in http://*|https://*|"#"*|mailto:*) continue ;; esac
-                  linkpath="${link%%#*}"
-                  linkpath="${linkpath%%\?*}"
-                  [ -z "$linkpath" ] && continue
-                  if [ "${linkpath:0:1}" = "/" ]; then
-                    testpath="${linkpath#/}"
-                  else
-                    testpath="$(dirname "${DOCS_INDEX}")/${linkpath}"
-                  fi
-                  [ ! -e "$testpath" ] && missing_links="${missing_links}${testpath} "
-                done
-              done < "${DOCS_INDEX}"
-              if [ -n "${missing_links}" ]; then
-                extended_findings+=("docs/docs-index.md contains broken relative links")
-                {
-                  printf '%s\n' '### Docs index link integrity'
-                  printf '%s\n' 'Broken relative links:'
-                  for bl in ${missing_links}; do
-                    printf '%s\n' "- ${bl}"
-                  done
-                  printf '\n'
-                } >> "${GITHUB_STEP_SUMMARY}"
-              fi
-            fi
-
-            if [ -d "${SCRIPT_DIR}" ]; then
-              if ! command -v shellcheck >/dev/null 2>&1; then
-                sudo apt-get update -qq
-                sudo apt-get install -y shellcheck >/dev/null
-              fi
-
-              sc_out=''
-              while IFS= read -r shf; do
-                [ -z "${shf}" ] && continue
-                out_one="$(shellcheck -S warning -x "${shf}" 2>/dev/null || true)"
-                if [ -n "${out_one}" ]; then
-                  sc_out="${sc_out}${out_one}\n"
-                fi
-              done < <(find "${SCRIPT_DIR}" -type f -name "${SHELLCHECK_PATTERN}" 2>/dev/null | sort)
-
-              if [ -n "${sc_out}" ]; then
-                extended_findings+=("ShellCheck warnings detected (advisory)")
-                sc_head="$(printf '%s' "${sc_out}" | head -n 200)"
-                {
-                  printf '%s\n' '### ShellCheck (advisory)'
-                  printf '%s\n' '```'
-                  printf '%s\n' "${sc_head}"
-                  printf '%s\n' '```'
-                  printf '\n'
-                } >> "${GITHUB_STEP_SUMMARY}"
-              fi
-            fi
-
-            spdx_missing=()
-            IFS=',' read -r -a spdx_globs <<< "${SPDX_FILE_GLOBS}"
-            spdx_args=()
-            for g in "${spdx_globs[@]}"; do spdx_args+=("${g}"); done
-
-            while IFS= read -r f; do
-              [ -z "${f}" ] && continue
-              if ! head -n 40 "${f}" | grep -q 'SPDX-License-Identifier:'; then
-                spdx_missing+=("${f}")
-              fi
-            done < <(git ls-files "${spdx_args[@]}" 2>/dev/null || true)
-
-            if [ "${#spdx_missing[@]}" -gt 0 ]; then
-              extended_findings+=("SPDX header missing in some tracked files (advisory)")
-              {
-                printf '%s\n' '### SPDX header advisory'
-                printf '%s\n' 'Files missing SPDX-License-Identifier (first 40 lines scan):'
-                for f in "${spdx_missing[@]}"; do printf '%s\n' "- ${f}"; done
-                printf '\n'
-              } >> "${GITHUB_STEP_SUMMARY}"
-            fi
-
-            stale_cutoff_days=180
-            stale_branches="$(git for-each-ref --format='%(refname:short) %(committerdate:unix)' refs/remotes/origin 2>/dev/null | awk -v now="$(date +%s)" -v days="${stale_cutoff_days}" '{if (now-$2 > days*86400) print $1}' | head -50)"
-            if [ -n "${stale_branches}" ]; then
-              extended_findings+=("Stale remote branches detected (advisory)")
-              {
-                printf '%s\n' '### Git hygiene advisory'
-                printf '%s\n' "Branches with last commit older than ${stale_cutoff_days} days (sample up to 50):"
-                while IFS= read -r b; do [ -n "${b}" ] && printf '%s\n' "- ${b}"; done <<< "${stale_branches}"
-                printf '\n'
-              } >> "${GITHUB_STEP_SUMMARY}"
-            fi
-          fi
-
-          {
-            printf '%s\n' '### Guardrails coverage matrix'
-            printf '%s\n' '| Domain | Status | Notes |'
-            printf '%s\n' '|---|---|---|'
-            printf '%s\n' '| Access control | OK | Admin-only execution gate |'
-            printf '%s\n' '| Release variables | OK | Repository variables validation |'
-            printf '%s\n' '| Scripts governance | OK | Directory policy and advisory reporting |'
-            printf '%s\n' '| Repo required artifacts | OK | Required, optional, disallowed enforcement |'
-            printf '%s\n' '| Repo content heuristics | OK | Brand, license, changelog structure |'
-            if [ "${extended_enabled}" = 'true' ]; then
-              if [ "${#extended_findings[@]}" -gt 0 ]; then
-                printf '%s\n' '| Extended checks | Warning | See extended findings below |'
-              else
-                printf '%s\n' '| Extended checks | OK | No findings |'
-              fi
-            else
-              printf '%s\n' '| Extended checks | SKIPPED | EXTENDED_CHECKS disabled |'
-            fi
-            printf '\n'
-          } >> "${GITHUB_STEP_SUMMARY}"
-
-          if [ "${extended_enabled}" = 'true' ] && [ "${#extended_findings[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Extended findings (advisory)'
-              for f in "${extended_findings[@]}"; do printf '%s\n' "- ${f}"; done
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-          fi
-
-          printf '%s\n' 'Repository health guardrails passed.' >> "${GITHUB_STEP_SUMMARY}"
-
-
-  site-health:
-    name: Site Health
-    runs-on: ubuntu-latest
-    if: github.event_name == 'workflow_dispatch'
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: '8.3'
-
-      - name: Uptime check
-        if: env.URLS != ''
-        run: |
-          echo "$URLS" > /tmp/urls.txt
-          php monitoring/uptime-probe.php --urls /tmp/urls.txt --timeout 15 || echo "::warning::Some sites are down"
-          rm -f /tmp/urls.txt
-        env:
-          URLS: ${{ vars.MONITORED_URLS }}
-
-      - name: SSL certificate check
-        if: env.DOMAINS != ''
-        run: |
-          echo "$DOMAINS" > /tmp/domains.txt
-          php monitoring/ssl-check.php --domains /tmp/domains.txt --warn-days 30 || echo "::warning::SSL certificates expiring soon"
-          rm -f /tmp/domains.txt
-        env:
-          DOMAINS: ${{ vars.MONITORED_DOMAINS }}
-
-      - name: Summary
-        if: always()
-        run: |
-          echo "### Site Health" >> $GITHUB_STEP_SUMMARY
-          echo "Uptime and SSL checks completed." >> $GITHUB_STEP_SUMMARY
-
+# ============================================================================
+# Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+#
+# This file is part of a Moko Consulting project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Validation
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/joomla/repo_health.yml.template
+# VERSION: 09.23.00
+# BRIEF: Enforces repository guardrails by validating release configuration, scripts governance, tooling availability, and core repository health artifacts.
+# ============================================================================
+
+name: "Generic: Repo Health"
+
+defaults:
+  run:
+    shell: bash
+
+on:
+  workflow_dispatch:
+    inputs:
+      profile:
+        description: 'Validation profile: all, release, scripts, or repo'
+        required: true
+        default: all
+        type: choice
+        options:
+          - all
+          - release
+          - scripts
+          - repo
+  pull_request:
+  push:
+
+permissions:
+  contents: read
+
+env:
+  # Release policy - Repository Variables Only
+  RELEASE_REQUIRED_REPO_VARS: RS_FTP_PATH_SUFFIX
+  RELEASE_OPTIONAL_REPO_VARS: DEV_FTP_SUFFIX
+
+  # Scripts governance policy
+  SCRIPTS_REQUIRED_DIRS:
+  SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/lib,scripts/release,scripts/run,scripts/validate
+
+  # Repo health policy
+  REPO_REQUIRED_ARTIFACTS: README.md,LICENSE,CHANGELOG.md,CONTRIBUTING.md,CODE_OF_CONDUCT.md,.mokogitea/workflows/
+  REPO_OPTIONAL_FILES: SECURITY.md,GOVERNANCE.md,.editorconfig,.gitattributes,.gitignore,README.md,docs/
+  REPO_DISALLOWED_DIRS:
+  REPO_DISALLOWED_FILES: TODO.md,todo.md
+
+  # Extended checks toggles
+  EXTENDED_CHECKS: "true"
+
+  # File / directory variables
+  DOCS_INDEX: docs/docs-index.md
+  SCRIPT_DIR: scripts
+  WORKFLOWS_DIR: .mokogitea/workflows
+  SHELLCHECK_PATTERN: '*.sh'
+  SPDX_FILE_GLOBS: '*.sh,*.php,*.js,*.ts,*.css,*.xml,*.yml,*.yaml'
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  access_check:
+    name: Access control
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+
+    outputs:
+      allowed: ${{ steps.perm.outputs.allowed }}
+      permission: ${{ steps.perm.outputs.permission }}
+
+    steps:
+      - name: Check actor permission (admin only)
+        id: perm
+        env:
+          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || secrets.MOKOGITEA_TOKEN || github.token }}
+          REPO: ${{ github.repository }}
+          ACTOR: ${{ github.actor }}
+        run: |
+          set -euo pipefail
+          ALLOWED=false
+          PERMISSION=unknown
+          METHOD=""
+
+          # Hardcoded authorized users — always allowed
+          case "$ACTOR" in
+            jmiller|gitea-actions[bot])
+              ALLOWED=true
+              PERMISSION=admin
+              METHOD="hardcoded allowlist"
+              ;;
+            *)
+              # Detect platform and check permissions via API
+              API_BASE="${GITHUB_API_URL:-${GITEA_API_URL:-https://api.github.com}}"
+              RESP=$(curl -sf -H "Authorization: token ${TOKEN}" \
+                "${API_BASE}/repos/${REPO}/collaborators/${ACTOR}/permission" 2>/dev/null || echo '{}')
+              PERMISSION=$(echo "$RESP" | grep -oP '"permission"\s*:\s*"\K[^"]+' || echo "unknown")
+              if [ "$PERMISSION" = "admin" ] || [ "$PERMISSION" = "maintain" ] || [ "$PERMISSION" = "owner" ]; then
+                ALLOWED=true
+              fi
+              METHOD="collaborator API"
+              ;;
+          esac
+
+          echo "permission=${PERMISSION}" >> "$GITHUB_OUTPUT"
+          echo "allowed=${ALLOWED}" >> "$GITHUB_OUTPUT"
+
+          {
+            echo "## Access Authorization"
+            echo ""
+            echo "| Field | Value |"
+            echo "|-------|-------|"
+            echo "| **Actor** | \`${ACTOR}\` |"
+            echo "| **Repository** | \`${REPO}\` |"
+            echo "| **Permission** | \`${PERMISSION}\` |"
+            echo "| **Method** | ${METHOD} |"
+            echo "| **Authorized** | ${ALLOWED} |"
+            echo ""
+            if [ "$ALLOWED" = "true" ]; then
+              echo "${ACTOR} authorized (${METHOD})"
+            else
+              echo "${ACTOR} is NOT authorized. Requires admin or maintain role."
+            fi
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+      - name: Deny execution when not permitted
+        if: ${{ steps.perm.outputs.allowed != 'true' }}
+        run: |
+          set -euo pipefail
+          printf '%s\n' 'ERROR: Access denied. Admin permission required.' >> "${GITHUB_STEP_SUMMARY}"
+          exit 1
+
+  release_config:
+    name: Release configuration
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Guardrails release vars
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+          RS_FTP_PATH_SUFFIX: ${{ vars.RS_FTP_PATH_SUFFIX }}
+          DEV_FTP_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|release|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'scripts' ] || [ "${profile}" = 'repo' ]; then
+            {
+              printf '%s\n' '### Release configuration (Repository Variables)'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes release validation'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          IFS=',' read -r -a required <<< "${RELEASE_REQUIRED_REPO_VARS}"
+          IFS=',' read -r -a optional <<< "${RELEASE_OPTIONAL_REPO_VARS}"
+
+          missing=()
+          missing_optional=()
+
+          for k in "${required[@]}"; do
+            v="${!k:-}"
+            [ -z "${v}" ] && missing+=("${k}")
+          done
+
+          for k in "${optional[@]}"; do
+            v="${!k:-}"
+            [ -z "${v}" ] && missing_optional+=("${k}")
+          done
+
+          {
+            printf '%s\n' '### Release configuration (Repository Variables)'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Variable | Status |'
+            printf '%s\n' '|---|---|'
+            printf '%s\n' "| RS_FTP_PATH_SUFFIX | ${RS_FTP_PATH_SUFFIX:-NOT SET} |"
+            printf '%s\n' "| DEV_FTP_SUFFIX | ${DEV_FTP_SUFFIX:-NOT SET} |"
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${#missing_optional[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing optional repository variables'
+              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          if [ "${#missing[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing required repository variables'
+              for m in "${missing[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository variables.'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 1
+          fi
+
+          {
+            printf '%s\n' '### Repository variables validation result'
+            printf '%s\n' 'Status: OK'
+            printf '%s\n' 'All required repository variables present.'
+            printf '%s\n' ''
+            printf '%s\n' '**Note**: Organization secrets (RS_FTP_HOST, RS_FTP_USER, etc.) are validated at deployment time, not in repository health checks.'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+  scripts_governance:
+    name: Scripts governance
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Scripts folder checks
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|release|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'release' ] || [ "${profile}" = 'repo' ]; then
+            {
+              printf '%s\n' '### Scripts governance'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes scripts governance'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          if [ ! -d "${SCRIPT_DIR}" ]; then
+            {
+              printf '%s\n' '### Scripts governance'
+              printf '%s\n' 'Status: OK (advisory)'
+              printf '%s\n' 'scripts/ directory not present. No scripts governance enforced.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          if [ -n "${SCRIPTS_REQUIRED_DIRS:-}" ]; then IFS=',' read -r -a required_dirs <<< "${SCRIPTS_REQUIRED_DIRS}"; else required_dirs=(); fi
+          IFS=',' read -r -a allowed_dirs <<< "${SCRIPTS_ALLOWED_DIRS}"
+
+          missing_dirs=()
+          unapproved_dirs=()
+
+          for d in "${required_dirs[@]}"; do
+            req="${d%/}"
+            [ ! -d "${req}" ] && missing_dirs+=("${req}/")
+          done
+
+          while IFS= read -r d; do
+            allowed=false
+            for a in "${allowed_dirs[@]}"; do
+              a_norm="${a%/}"
+              [ "${d%/}" = "${a_norm}" ] && allowed=true
+            done
+            [ "${allowed}" = false ] && unapproved_dirs+=("${d%/}/")
+          done < <(find "${SCRIPT_DIR}" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | sed 's#^\./##')
+
+          {
+            printf '%s\n' '### Scripts governance'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Area | Status | Notes |'
+            printf '%s\n' '|---|---|---|'
+
+            if [ "${#missing_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' '| Required directories | Warning | Missing required subfolders |'
+            else
+              printf '%s\n' '| Required directories | OK | All required subfolders present |'
+            fi
+
+            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' '| Directory policy | Warning | Unapproved directories detected |'
+            else
+              printf '%s\n' '| Directory policy | OK | No unapproved directories |'
+            fi
+
+            printf '%s\n' '| Enforcement mode | Advisory | scripts folder is optional |'
+            printf '\n'
+
+            if [ "${#missing_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' 'Missing required script directories:'
+              for m in "${missing_dirs[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            else
+              printf '%s\n' 'Missing required script directories: none.'
+              printf '\n'
+            fi
+
+            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' 'Unapproved script directories detected:'
+              for m in "${unapproved_dirs[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            else
+              printf '%s\n' 'Unapproved script directories detected: none.'
+              printf '\n'
+            fi
+
+            printf '%s\n' 'Scripts governance completed in advisory mode.'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+  repo_health:
+    name: Repository health
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Repository health checks
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|release|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'release' ] || [ "${profile}" = 'scripts' ]; then
+            {
+              printf '%s\n' '### Repository health'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes repository health'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          IFS=',' read -r -a required_artifacts <<< "${REPO_REQUIRED_ARTIFACTS}"
+          IFS=',' read -r -a optional_files <<< "${REPO_OPTIONAL_FILES}"
+          if [ -n "${REPO_DISALLOWED_DIRS:-}" ]; then IFS=',' read -r -a disallowed_dirs <<< "${REPO_DISALLOWED_DIRS}"; else disallowed_dirs=(); fi
+          IFS=',' read -r -a disallowed_files <<< "${REPO_DISALLOWED_FILES:-}"
+
+          missing_required=()
+          missing_optional=()
+
+          # Source directory: src/ or htdocs/ (either is valid for extension repos)
+          SOURCE_DIR=""
+          if [ -d "src" ]; then
+            SOURCE_DIR="src"
+          elif [ -d "htdocs" ]; then
+            SOURCE_DIR="htdocs"
+          elif [ -d "deploy" ] || [ -d "cli" ] || [ -d "monitoring" ]; then
+            # Platform/tooling repos don't need src/
+            SOURCE_DIR=""
+          else
+            missing_required+=("src/ or htdocs/ (source directory required)")
+          fi
+
+          for item in "${required_artifacts[@]}"; do
+            if printf '%s' "${item}" | grep -q '/$'; then
+              d="${item%/}"
+              [ ! -d "${d}" ] && missing_required+=("${item}")
+            else
+              [ ! -f "${item}" ] && missing_required+=("${item}")
+            fi
+          done
+
+          for f in "${optional_files[@]}"; do
+            if printf '%s' "${f}" | grep -q '/$'; then
+              d="${f%/}"
+              [ ! -d "${d}" ] && missing_optional+=("${f}")
+            else
+              [ ! -f "${f}" ] && missing_optional+=("${f}")
+            fi
+          done
+
+          for d in "${disallowed_dirs[@]}"; do
+            d_norm="${d%/}"
+            [ -d "${d_norm}" ] && missing_required+=("${d_norm}/ (disallowed)")
+          done
+
+          for f in "${disallowed_files[@]}"; do
+            [ -f "${f}" ] && missing_required+=("${f} (disallowed)")
+          done
+
+          git fetch origin --prune
+
+          dev_paths=()
+          dev_branches=()
+
+          while IFS= read -r b; do
+            name="${b#origin/}"
+            if [ "${name}" = 'dev' ]; then
+              dev_branches+=("${name}")
+            else
+              dev_paths+=("${name}")
+            fi
+          done < <(git branch -r --list 'origin/dev*' | sed 's/^ *//')
+
+          if [ "${#dev_paths[@]}" -eq 0 ] && [ "${#dev_branches[@]}" -eq 0 ]; then
+            missing_required+=("dev or dev/* branch")
+          fi
+
+          content_warnings=()
+
+          if [ -f 'CHANGELOG.md' ] && ! grep -Eq '^# Changelog' CHANGELOG.md; then
+            content_warnings+=("CHANGELOG.md missing '# Changelog' header")
+          fi
+
+          if [ -f 'CHANGELOG.md' ] && grep -Eq '^[# ]*Unreleased' CHANGELOG.md; then
+            content_warnings+=("CHANGELOG.md contains Unreleased section (review release readiness)")
+          fi
+
+          if [ -f 'LICENSE' ] && ! grep -qiE 'GNU GENERAL PUBLIC LICENSE|GPL' LICENSE; then
+            content_warnings+=("LICENSE does not look like a GPL text")
+          fi
+
+          if [ -f 'README.md' ] && ! grep -qiE 'moko|Moko' README.md; then
+            content_warnings+=("README.md missing expected brand keyword")
+          fi
+
+          export PROFILE_RAW="${profile}"
+          export MISSING_REQUIRED="$(printf '%s\n' "${missing_required[@]:-}")"
+          export MISSING_OPTIONAL="$(printf '%s\n' "${missing_optional[@]:-}")"
+          export CONTENT_WARNINGS="$(printf '%s\n' "${content_warnings[@]:-}")"
+
+          report_json=$(printf '{"profile":"%s","missing_required":%d,"missing_optional":%d,"content_warnings":%d}'             "$profile" "${#missing_required[@]}" "${#missing_optional[@]}" "${#content_warnings[@]}")
+
+          {
+            printf '%s\n' '### Repository health'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Metric | Value |'
+            printf '%s\n' '|---|---|'
+            printf '%s\n' "| Missing required | ${#missing_required[@]} |"
+            printf '%s\n' "| Missing optional | ${#missing_optional[@]} |"
+            printf '%s\n' "| Content warnings | ${#content_warnings[@]} |"
+            printf '\n'
+
+            printf '%s\n' '### Guardrails report (JSON)'
+            printf '%s\n' '```json'
+            printf '%s\n' "${report_json}"
+            printf '%s\n' '```'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${#missing_required[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing required repo artifacts'
+              for m in "${missing_required[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository artifacts.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 1
+          fi
+
+          if [ "${#missing_optional[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing optional repo artifacts'
+              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          if [ "${#content_warnings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Repo content warnings'
+              for m in "${content_warnings[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          # -- Joomla-specific checks --
+          joomla_findings=()
+
+          MANIFEST="$(find . -maxdepth 2 -name '*.xml' -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)"
+          if [ -z "${MANIFEST}" ]; then
+            joomla_findings+=("Joomla XML manifest not found (no *.xml with <extension> tag)")
+          else
+            if ! grep -qP '<version>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <version> tag missing")
+            fi
+            if ! grep -qP 'type="(component|module|plugin|library|package|template|language)"' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: type attribute missing or invalid")
+            fi
+            if ! grep -qP '<name>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <name> tag missing")
+            fi
+            if ! grep -qP '<author>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <author> tag missing")
+            fi
+            if ! grep -qP '<namespace' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <namespace> missing (required for Joomla 5+)")
+            fi
+          fi
+
+          INI_COUNT="$(find . -name '*.ini' -type f 2>/dev/null | wc -l)"
+          if [ "${INI_COUNT}" -eq 0 ]; then
+            joomla_findings+=("No .ini language files found")
+          fi
+
+          if [ ! -f 'updates.xml' ]; then
+            joomla_findings+=("updates.xml missing in root (required for Joomla update server)")
+          fi
+
+          if [ -n "${SOURCE_DIR}" ]; then
+            INDEX_DIRS=("${SOURCE_DIR}" "${SOURCE_DIR}/admin" "${SOURCE_DIR}/site")
+            for dir in "${INDEX_DIRS[@]}"; do
+              if [ -d "${dir}" ] && [ ! -f "${dir}/index.html" ]; then
+                joomla_findings+=("${dir}/index.html missing (directory listing protection)")
+              fi
+            done
+          fi
+
+          if [ "${#joomla_findings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Joomla extension checks'
+              printf '%s\n' '| Check | Status |'
+              printf '%s\n' '|---|---|'
+              for f in "${joomla_findings[@]}"; do
+                printf '%s\n' "| ${f} | Warning |"
+              done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          else
+            {
+              printf '%s\n' '### Joomla extension checks'
+              printf '%s\n' 'All Joomla-specific checks passed.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          extended_enabled="${EXTENDED_CHECKS:-true}"
+          extended_findings=()
+
+          if [ "${extended_enabled}" = 'true' ]; then
+            if [ -f '.github/CODEOWNERS' ] || [ -f 'CODEOWNERS' ] || [ -f 'docs/CODEOWNERS' ]; then
+              :
+            else
+              extended_findings+=("CODEOWNERS not found (.github/CODEOWNERS preferred)")
+            fi
+
+            if ls "${WORKFLOWS_DIR}"/*.yml >/dev/null 2>&1 || ls "${WORKFLOWS_DIR}"/*.yaml >/dev/null 2>&1; then
+              bad_refs="$(grep -RIn --include='*.yml' --include='*.yaml' -E '^[[:space:]]*uses:[[:space:]]*[^#]+@(main|master)\b' "${WORKFLOWS_DIR}" 2>/dev/null || true)"
+              if [ -n "${bad_refs}" ]; then
+                extended_findings+=("Workflows reference actions @main/@master (pin versions): see log excerpt")
+                {
+                  printf '%s\n' '### Workflow pinning advisory'
+                  printf '%s\n' 'Found uses: entries pinned to main/master:'
+                  printf '%s\n' '```'
+                  printf '%s\n' "${bad_refs}"
+                  printf '%s\n' '```'
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            if [ -f "${DOCS_INDEX}" ]; then
+              missing_links=""
+              while IFS= read -r docline; do
+                for link in $(echo "$docline" | grep -oE '\]\([^)]+\)' | sed 's/\](//' | sed 's/)$//' || true); do
+                  case "$link" in http://*|https://*|"#"*|mailto:*) continue ;; esac
+                  linkpath="${link%%#*}"
+                  linkpath="${linkpath%%\?*}"
+                  [ -z "$linkpath" ] && continue
+                  if [ "${linkpath:0:1}" = "/" ]; then
+                    testpath="${linkpath#/}"
+                  else
+                    testpath="$(dirname "${DOCS_INDEX}")/${linkpath}"
+                  fi
+                  [ ! -e "$testpath" ] && missing_links="${missing_links}${testpath} "
+                done
+              done < "${DOCS_INDEX}"
+              if [ -n "${missing_links}" ]; then
+                extended_findings+=("docs/docs-index.md contains broken relative links")
+                {
+                  printf '%s\n' '### Docs index link integrity'
+                  printf '%s\n' 'Broken relative links:'
+                  for bl in ${missing_links}; do
+                    printf '%s\n' "- ${bl}"
+                  done
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            if [ -d "${SCRIPT_DIR}" ]; then
+              if ! command -v shellcheck >/dev/null 2>&1; then
+                sudo apt-get update -qq
+                sudo apt-get install -y shellcheck >/dev/null
+              fi
+
+              sc_out=''
+              while IFS= read -r shf; do
+                [ -z "${shf}" ] && continue
+                out_one="$(shellcheck -S warning -x "${shf}" 2>/dev/null || true)"
+                if [ -n "${out_one}" ]; then
+                  sc_out="${sc_out}${out_one}\n"
+                fi
+              done < <(find "${SCRIPT_DIR}" -type f -name "${SHELLCHECK_PATTERN}" 2>/dev/null | sort)
+
+              if [ -n "${sc_out}" ]; then
+                extended_findings+=("ShellCheck warnings detected (advisory)")
+                sc_head="$(printf '%s' "${sc_out}" | head -n 200)"
+                {
+                  printf '%s\n' '### ShellCheck (advisory)'
+                  printf '%s\n' '```'
+                  printf '%s\n' "${sc_head}"
+                  printf '%s\n' '```'
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            spdx_missing=()
+            IFS=',' read -r -a spdx_globs <<< "${SPDX_FILE_GLOBS}"
+            spdx_args=()
+            for g in "${spdx_globs[@]}"; do spdx_args+=("${g}"); done
+
+            while IFS= read -r f; do
+              [ -z "${f}" ] && continue
+              if ! head -n 40 "${f}" | grep -q 'SPDX-License-Identifier:'; then
+                spdx_missing+=("${f}")
+              fi
+            done < <(git ls-files "${spdx_args[@]}" 2>/dev/null || true)
+
+            if [ "${#spdx_missing[@]}" -gt 0 ]; then
+              extended_findings+=("SPDX header missing in some tracked files (advisory)")
+              {
+                printf '%s\n' '### SPDX header advisory'
+                printf '%s\n' 'Files missing SPDX-License-Identifier (first 40 lines scan):'
+                for f in "${spdx_missing[@]}"; do printf '%s\n' "- ${f}"; done
+                printf '\n'
+              } >> "${GITHUB_STEP_SUMMARY}"
+            fi
+
+            stale_cutoff_days=180
+            stale_branches="$(git for-each-ref --format='%(refname:short) %(committerdate:unix)' refs/remotes/origin 2>/dev/null | awk -v now="$(date +%s)" -v days="${stale_cutoff_days}" '{if (now-$2 > days*86400) print $1}' | head -50)"
+            if [ -n "${stale_branches}" ]; then
+              extended_findings+=("Stale remote branches detected (advisory)")
+              {
+                printf '%s\n' '### Git hygiene advisory'
+                printf '%s\n' "Branches with last commit older than ${stale_cutoff_days} days (sample up to 50):"
+                while IFS= read -r b; do [ -n "${b}" ] && printf '%s\n' "- ${b}"; done <<< "${stale_branches}"
+                printf '\n'
+              } >> "${GITHUB_STEP_SUMMARY}"
+            fi
+          fi
+
+          {
+            printf '%s\n' '### Guardrails coverage matrix'
+            printf '%s\n' '| Domain | Status | Notes |'
+            printf '%s\n' '|---|---|---|'
+            printf '%s\n' '| Access control | OK | Admin-only execution gate |'
+            printf '%s\n' '| Release variables | OK | Repository variables validation |'
+            printf '%s\n' '| Scripts governance | OK | Directory policy and advisory reporting |'
+            printf '%s\n' '| Repo required artifacts | OK | Required, optional, disallowed enforcement |'
+            printf '%s\n' '| Repo content heuristics | OK | Brand, license, changelog structure |'
+            if [ "${extended_enabled}" = 'true' ]; then
+              if [ "${#extended_findings[@]}" -gt 0 ]; then
+                printf '%s\n' '| Extended checks | Warning | See extended findings below |'
+              else
+                printf '%s\n' '| Extended checks | OK | No findings |'
+              fi
+            else
+              printf '%s\n' '| Extended checks | SKIPPED | EXTENDED_CHECKS disabled |'
+            fi
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${extended_enabled}" = 'true' ] && [ "${#extended_findings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Extended findings (advisory)'
+              for f in "${extended_findings[@]}"; do printf '%s\n' "- ${f}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          printf '%s\n' 'Repository health guardrails passed.' >> "${GITHUB_STEP_SUMMARY}"
+
+
+  site-health:
+    name: Site Health
+    runs-on: ubuntu-latest
+    if: github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+
+      - name: Uptime check
+        if: env.URLS != ''
+        run: |
+          echo "$URLS" > /tmp/urls.txt
+          php monitoring/uptime-probe.php --urls /tmp/urls.txt --timeout 15 || echo "::warning::Some sites are down"
+          rm -f /tmp/urls.txt
+        env:
+          URLS: ${{ vars.MONITORED_URLS }}
+
+      - name: SSL certificate check
+        if: env.DOMAINS != ''
+        run: |
+          echo "$DOMAINS" > /tmp/domains.txt
+          php monitoring/ssl-check.php --domains /tmp/domains.txt --warn-days 30 || echo "::warning::SSL certificates expiring soon"
+          rm -f /tmp/domains.txt
+        env:
+          DOMAINS: ${{ vars.MONITORED_DOMAINS }}
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "### Site Health" >> $GITHUB_STEP_SUMMARY
+          echo "Uptime and SSL checks completed." >> $GITHUB_STEP_SUMMARY
+
+  # ═══════════════════════════════════════════════════════════════════════
+  # Issue Reporter — file issues for failed gates
+  # ═══════════════════════════════════════════════════════════════════════
+  report-issues:
+    name: "Report Issues"
+    runs-on: ubuntu-latest
+    needs: [access_check, release_config, scripts_governance, repo_health]
+    if: >-
+      always() &&
+      (needs.release_config.result == 'failure' ||
+       needs.scripts_governance.result == 'failure' ||
+       needs.repo_health.result == 'failure')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issues for failed gates"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          REPORTER="./automation/ci-issue-reporter.sh"
+          WF="Repo Health"
+
+          report_gate() {
+            local gate="$1" result="$2" details="$3"
+            if [ "$result" = "failure" ]; then
+              "$REPORTER" --gate "$gate" --details "$details" --workflow "$WF" --severity error
+            fi
+          }
+
+          report_gate "Release Configuration" \
+            "${{ needs.release_config.result }}" \
+            "Required repository variables are missing (RS_FTP_PATH_SUFFIX). Check repository settings."
+
+          report_gate "Scripts Governance" \
+            "${{ needs.scripts_governance.result }}" \
+            "Scripts directory policy violations detected. Review required and allowed directories."
+
+          report_gate "Repository Health" \
+            "${{ needs.repo_health.result }}" \
+            "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
+

From 4f1b9ac3f2e782a54004ce3617e1f9c3d170a0ee Mon Sep 17 00:00:00 2001
From: Moko Consulting <hello@mokoconsulting.tech>
Date: Tue, 2 Jun 2026 21:33:02 +0000
Subject: [PATCH 17/42] chore(ci): sync CI issue reporter from Template-Joomla

---
 .mokogitea/workflows/pr-check.yml | 500 ++++++++++++++++--------------
 1 file changed, 264 insertions(+), 236 deletions(-)

diff --git a/.mokogitea/workflows/pr-check.yml b/.mokogitea/workflows/pr-check.yml
index d1aac4e6..e2c82ef2 100644
--- a/.mokogitea/workflows/pr-check.yml
+++ b/.mokogitea/workflows/pr-check.yml
@@ -1,236 +1,264 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.CI
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
-# PATH: /templates/workflows/universal/pr-check.yml.template
-# VERSION: 09.23.00
-# BRIEF: PR gate — branch policy + code validation before merge
-
-name: "Universal: PR Check"
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, edited]
-
-permissions:
-  contents: read
-  pull-requests: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  # ── Branch Policy ──────────────────────────────────────────────────────
-  branch-policy:
-    name: Branch Policy
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check branch merge target
-        run: |
-          HEAD="${{ github.head_ref }}"
-          BASE="${{ github.base_ref }}"
-
-          echo "PR: ${HEAD} → ${BASE}"
-
-          ALLOWED=true
-          REASON=""
-
-          case "$HEAD" in
-            feature/*|feat/*)
-              if [ "$BASE" != "dev" ]; then
-                ALLOWED=false
-                REASON="Feature branches must target 'dev', not '${BASE}'"
-              fi
-              ;;
-            fix/*|bugfix/*)
-              if [ "$BASE" != "dev" ]; then
-                ALLOWED=false
-                REASON="Fix branches must target 'dev', not '${BASE}'"
-              fi
-              ;;
-            patch/*)
-              if [ "$BASE" != "dev" ] && [ "$BASE" != "rc" ]; then
-                ALLOWED=false
-                REASON="Patch branches must target 'dev' or 'rc', not '${BASE}'"
-              fi
-              ;;
-            hotfix/*)
-              if [ "$BASE" != "dev" ] && [ "$BASE" != "main" ]; then
-                ALLOWED=false
-                REASON="Hotfix branches can only target 'dev' or 'main', not '${BASE}'"
-              fi
-              ;;
-            rc)
-              if [ "$BASE" != "main" ]; then
-                ALLOWED=false
-                REASON="RC branch can only merge into 'main', not '${BASE}'"
-              fi
-              ;;
-            dev)
-              if [ "$BASE" != "main" ]; then
-                ALLOWED=false
-                REASON="Dev branch can only merge into 'main', not '${BASE}'"
-              fi
-              ;;
-          esac
-
-          if [ "$ALLOWED" = false ]; then
-            echo "::error::${REASON}"
-            echo "## Branch Policy Violation" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "${REASON}" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "### Allowed merge paths:" >> $GITHUB_STEP_SUMMARY
-            echo "- \`feature/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`fix/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`hotfix/*\` → \`dev\` or \`main\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`dev\` → \`main\`" >> $GITHUB_STEP_SUMMARY
-            echo "- \`rc/*\` → \`main\`" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-
-          echo "Branch policy: OK (${HEAD} → ${BASE})"
-          echo "## Branch Policy: Passed" >> $GITHUB_STEP_SUMMARY
-
-  # ── Code Validation ────────────────────────────────────────────────────
-  validate:
-    name: Validate PR
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Detect platform
-        id: platform
-        run: |
-          # Read platform from XML manifest (<platform> tag) or plain text fallback
-          PLATFORM=$(sed -n 's/.*<platform>\([^<]*\)<\/platform>.*/\1/p' .mokogitea/manifest.xml 2>/dev/null | head -1)
-          [ -z "$PLATFORM" ] && PLATFORM=$(cat .mokogitea/manifest.xml 2>/dev/null | tr -d '[:space:]')
-          [ -z "$PLATFORM" ] && PLATFORM="generic"
-          echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
-
-      - name: Setup PHP
-        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
-        run: |
-          if ! command -v php &> /dev/null; then
-            sudo apt-get update -qq
-            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
-          fi
-
-      - name: PHP syntax check
-        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
-        run: |
-          ERRORS=0
-          while IFS= read -r -d '' file; do
-            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
-              ERRORS=$((ERRORS + 1))
-            fi
-          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
-          echo "PHP lint: ${ERRORS} error(s)"
-          [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
-
-      - name: Validate platform manifest
-        run: |
-          PLATFORM="${{ steps.platform.outputs.platform }}"
-          case "$PLATFORM" in
-            joomla)
-              MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-              if [ -z "$MANIFEST" ]; then
-                echo "::warning::No Joomla manifest found (WaaS site)"
-                exit 0
-              fi
-              echo "Manifest: ${MANIFEST}"
-              if command -v php &> /dev/null; then
-                php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::Manifest XML is malformed"; exit 1; }
-              fi
-              for ELEMENT in name version description; do
-                grep -q "<${ELEMENT}>" "$MANIFEST" || { echo "::error::Missing <${ELEMENT}> in manifest"; exit 1; }
-              done
-              echo "Joomla manifest valid"
-              ;;
-            dolibarr)
-              MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1)
-              if [ -z "$MOD_FILE" ]; then
-                echo "::error::No mod*.class.php found"
-                exit 1
-              fi
-              echo "Dolibarr module: ${MOD_FILE}"
-              ;;
-            *)
-              echo "Generic platform — no manifest validation"
-              ;;
-          esac
-
-      - name: Check update stream format
-        run: |
-          PLATFORM="${{ steps.platform.outputs.platform }}"
-          case "$PLATFORM" in
-            joomla)
-              if [ -f "updates.xml" ]; then
-                if command -v php &> /dev/null; then
-                  php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::updates.xml is malformed"; exit 1; }
-                fi
-                echo "updates.xml valid"
-              fi
-              ;;
-            dolibarr)
-              [ -f "update.txt" ] && echo "update.txt present" || echo "::warning::No update.txt"
-              ;;
-          esac
-
-      - name: Check changelog has unreleased entry
-        run: |
-          if [ ! -f "CHANGELOG.md" ]; then
-            echo "::warning::No CHANGELOG.md found"
-            exit 0
-          fi
-          # Check for content under [Unreleased] section
-          if ! grep -q "## \[Unreleased\]" CHANGELOG.md; then
-            echo "::error::CHANGELOG.md missing [Unreleased] section"
-            exit 1
-          fi
-          # Check there's at least one entry (Added/Changed/Fixed/Removed) under Unreleased
-          UNRELEASED_CONTENT=$(sed -n '/## \[Unreleased\]/,/## \[/p' CHANGELOG.md | grep -cE '^\s*-\s' || true)
-          if [ "$UNRELEASED_CONTENT" -eq 0 ]; then
-            echo "::error::CHANGELOG.md [Unreleased] section has no entries. Add a changelog entry describing your changes."
-            echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
-            echo "The \`[Unreleased]\` section in CHANGELOG.md has no entries." >> $GITHUB_STEP_SUMMARY
-            echo "Add a line like \`- Description of your change\` under a heading (\`### Added\`, \`### Changed\`, \`### Fixed\`, etc.)" >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-          echo "Changelog: ${UNRELEASED_CONTENT} entry/entries in [Unreleased]"
-
-      - name: Verify package source
-        run: |
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          if [ ! -d "$SOURCE_DIR" ]; then
-            echo "::warning::No src/ or htdocs/ directory"
-            exit 0
-          fi
-          FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
-          echo "Source: ${FILE_COUNT} files"
-          [ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }
-
-  # ── Pre-Release RC Build ─────────────────────────────────────────────────
-  pre-release:
-    name: Build RC Package
-    runs-on: ubuntu-latest
-    needs: [branch-policy, validate]
-
-    steps:
-      - name: Trigger RC pre-release
-        env:
-          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          REPO: ${{ github.repository }}
-          BRANCH: ${{ github.head_ref }}
-          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-        run: |
-          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
-          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
-          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.CI
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/universal/pr-check.yml.template
+# VERSION: 09.23.00
+# BRIEF: PR gate — branch policy + code validation before merge
+
+name: "Universal: PR Check"
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  # ── Branch Policy ──────────────────────────────────────────────────────
+  branch-policy:
+    name: Branch Policy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch merge target
+        run: |
+          HEAD="${{ github.head_ref }}"
+          BASE="${{ github.base_ref }}"
+
+          echo "PR: ${HEAD} → ${BASE}"
+
+          ALLOWED=true
+          REASON=""
+
+          case "$HEAD" in
+            feature/*|feat/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Feature branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            fix/*|bugfix/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Fix branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            patch/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "rc" ]; then
+                ALLOWED=false
+                REASON="Patch branches must target 'dev' or 'rc', not '${BASE}'"
+              fi
+              ;;
+            hotfix/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Hotfix branches can only target 'dev' or 'main', not '${BASE}'"
+              fi
+              ;;
+            rc)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="RC branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+            dev)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Dev branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+          esac
+
+          if [ "$ALLOWED" = false ]; then
+            echo "::error::${REASON}"
+            echo "## Branch Policy Violation" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "${REASON}" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Allowed merge paths:" >> $GITHUB_STEP_SUMMARY
+            echo "- \`feature/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`fix/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`hotfix/*\` → \`dev\` or \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`dev\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`rc/*\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+
+          echo "Branch policy: OK (${HEAD} → ${BASE})"
+          echo "## Branch Policy: Passed" >> $GITHUB_STEP_SUMMARY
+
+  # ── Code Validation ────────────────────────────────────────────────────
+  validate:
+    name: Validate PR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect platform
+        id: platform
+        run: |
+          # Read platform from XML manifest (<platform> tag) or plain text fallback
+          PLATFORM=$(sed -n 's/.*<platform>\([^<]*\)<\/platform>.*/\1/p' .mokogitea/manifest.xml 2>/dev/null | head -1)
+          [ -z "$PLATFORM" ] && PLATFORM=$(cat .mokogitea/manifest.xml 2>/dev/null | tr -d '[:space:]')
+          [ -z "$PLATFORM" ] && PLATFORM="generic"
+          echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
+
+      - name: Setup PHP
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          if ! command -v php &> /dev/null; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
+          fi
+
+      - name: PHP syntax check
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          ERRORS=0
+          while IFS= read -r -d '' file; do
+            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
+              ERRORS=$((ERRORS + 1))
+            fi
+          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
+          echo "PHP lint: ${ERRORS} error(s)"
+          [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
+
+      - name: Validate platform manifest
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+              if [ -z "$MANIFEST" ]; then
+                echo "::warning::No Joomla manifest found (WaaS site)"
+                exit 0
+              fi
+              echo "Manifest: ${MANIFEST}"
+              if command -v php &> /dev/null; then
+                php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::Manifest XML is malformed"; exit 1; }
+              fi
+              for ELEMENT in name version description; do
+                grep -q "<${ELEMENT}>" "$MANIFEST" || { echo "::error::Missing <${ELEMENT}> in manifest"; exit 1; }
+              done
+              echo "Joomla manifest valid"
+              ;;
+            dolibarr)
+              MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1)
+              if [ -z "$MOD_FILE" ]; then
+                echo "::error::No mod*.class.php found"
+                exit 1
+              fi
+              echo "Dolibarr module: ${MOD_FILE}"
+              ;;
+            *)
+              echo "Generic platform — no manifest validation"
+              ;;
+          esac
+
+      - name: Check update stream format
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              if [ -f "updates.xml" ]; then
+                if command -v php &> /dev/null; then
+                  php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::updates.xml is malformed"; exit 1; }
+                fi
+                echo "updates.xml valid"
+              fi
+              ;;
+            dolibarr)
+              [ -f "update.txt" ] && echo "update.txt present" || echo "::warning::No update.txt"
+              ;;
+          esac
+
+      - name: Check changelog has unreleased entry
+        run: |
+          if [ ! -f "CHANGELOG.md" ]; then
+            echo "::warning::No CHANGELOG.md found"
+            exit 0
+          fi
+          # Check for content under [Unreleased] section
+          if ! grep -q "## \[Unreleased\]" CHANGELOG.md; then
+            echo "::error::CHANGELOG.md missing [Unreleased] section"
+            exit 1
+          fi
+          # Check there's at least one entry (Added/Changed/Fixed/Removed) under Unreleased
+          UNRELEASED_CONTENT=$(sed -n '/## \[Unreleased\]/,/## \[/p' CHANGELOG.md | grep -cE '^\s*-\s' || true)
+          if [ "$UNRELEASED_CONTENT" -eq 0 ]; then
+            echo "::error::CHANGELOG.md [Unreleased] section has no entries. Add a changelog entry describing your changes."
+            echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "The \`[Unreleased]\` section in CHANGELOG.md has no entries." >> $GITHUB_STEP_SUMMARY
+            echo "Add a line like \`- Description of your change\` under a heading (\`### Added\`, \`### Changed\`, \`### Fixed\`, etc.)" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "Changelog: ${UNRELEASED_CONTENT} entry/entries in [Unreleased]"
+
+      - name: Verify package source
+        run: |
+          SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
+          if [ ! -d "$SOURCE_DIR" ]; then
+            echo "::warning::No src/ or htdocs/ directory"
+            exit 0
+          fi
+          FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
+          echo "Source: ${FILE_COUNT} files"
+          [ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }
+
+  # ── Pre-Release RC Build ─────────────────────────────────────────────────
+  pre-release:
+    name: Build RC Package
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+
+    steps:
+      - name: Trigger RC pre-release
+        env:
+          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: ${{ github.head_ref }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
+          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
+
+  # ── Issue Reporter ──────────────────────────────────────────────────────
+  report-issues:
+    name: Report Issues
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+    if: >-
+      always() &&
+      needs.validate.result == 'failure'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issue for PR validation failure"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          ./automation/ci-issue-reporter.sh \
+            --gate "PR Validation" \
+            --workflow "PR Check" \
+            --severity error \
+            --details "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."

From fc1f3dd9035d68c25a5cce2da41274266093c1d2 Mon Sep 17 00:00:00 2001
From: Moko Consulting <hello@mokoconsulting.tech>
Date: Tue, 2 Jun 2026 21:33:03 +0000
Subject: [PATCH 18/42] chore(ci): sync CI issue reporter from Template-Joomla

---
 automation/ci-issue-reporter.sh | 237 ++++++++++++++++++++++++++++++++
 1 file changed, 237 insertions(+)
 create mode 100644 automation/ci-issue-reporter.sh

diff --git a/automation/ci-issue-reporter.sh b/automation/ci-issue-reporter.sh
new file mode 100644
index 00000000..65c47baf
--- /dev/null
+++ b/automation/ci-issue-reporter.sh
@@ -0,0 +1,237 @@
+#!/usr/bin/env bash
+# ============================================================================
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Automation.CI
+# INGROUP: moko-platform.Automation
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /automation/ci-issue-reporter.sh
+# VERSION: 09.23.00
+# BRIEF: Creates or updates a Gitea issue when a CI gate fails.
+#        Deduplicates by searching open issues with the "ci-auto" label
+#        whose title matches the gate. If a matching issue exists, a comment
+#        is appended instead of opening a duplicate.
+# ============================================================================
+
+set -euo pipefail
+
+# ── Defaults ────────────────────────────────────────────────────────────────
+GITEA_URL="${GITEA_URL:-https://git.mokoconsulting.tech}"
+GITEA_TOKEN="${GITEA_TOKEN:-}"
+REPO="${GITHUB_REPOSITORY:-}"
+RUN_URL="${GITHUB_SERVER_URL:-${GITEA_URL}}/${REPO}/actions/runs/${GITHUB_RUN_ID:-0}"
+LABEL_NAME="ci-auto"
+LABEL_COLOR="#e11d48"
+
+GATE=""
+DETAILS=""
+SEVERITY="error"
+WORKFLOW=""
+
+# ── Parse arguments ─────────────────────────────────────────────────────────
+usage() {
+  cat <<EOF
+Usage: ci-issue-reporter.sh --gate NAME --details TEXT [OPTIONS]
+
+Required:
+  --gate      CI gate name (e.g. "Code Quality", "Self-Health")
+  --details   Human-readable failure description
+
+Optional:
+  --severity  "error" (default) or "warning"
+  --workflow  Workflow name for the issue title
+  --repo      owner/repo (default: \$GITHUB_REPOSITORY)
+  --run-url   URL to the CI run (auto-detected from env)
+  --token     Gitea API token (default: \$GITEA_TOKEN)
+  --url       Gitea base URL (default: \$GITEA_URL)
+EOF
+  exit 1
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --gate)     GATE="$2";       shift 2 ;;
+    --details)  DETAILS="$2";    shift 2 ;;
+    --severity) SEVERITY="$2";   shift 2 ;;
+    --workflow) WORKFLOW="$2";   shift 2 ;;
+    --repo)     REPO="$2";      shift 2 ;;
+    --run-url)  RUN_URL="$2";   shift 2 ;;
+    --token)    GITEA_TOKEN="$2"; shift 2 ;;
+    --url)      GITEA_URL="$2"; shift 2 ;;
+    -h|--help)  usage ;;
+    *)          echo "Unknown option: $1"; usage ;;
+  esac
+done
+
+[[ -z "$GATE" ]]         && { echo "ERROR: --gate is required"; usage; }
+[[ -z "$DETAILS" ]]      && { echo "ERROR: --details is required"; usage; }
+[[ -z "$GITEA_TOKEN" ]]  && { echo "ERROR: GITEA_TOKEN not set"; exit 1; }
+[[ -z "$REPO" ]]         && { echo "ERROR: GITHUB_REPOSITORY not set"; exit 1; }
+
+API="${GITEA_URL}/api/v1/repos/${REPO}"
+
+# ── Build title ─────────────────────────────────────────────────────────────
+if [[ -n "$WORKFLOW" ]]; then
+  TITLE="[CI] ${WORKFLOW}: ${GATE} failed"
+else
+  TITLE="[CI] ${GATE} failed"
+fi
+
+# ── Ensure label exists ─────────────────────────────────────────────────────
+ensure_label() {
+  local exists
+  exists=$(curl -sf -o /dev/null -w '%{http_code}' \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/labels" 2>/dev/null || echo "000")
+
+  if [[ "$exists" == "200" ]]; then
+    # Check if label already exists
+    local found
+    found=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -o "\"name\":\"${LABEL_NAME}\"" || true)
+
+    if [[ -z "$found" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/labels" \
+        -d "{\"name\":\"${LABEL_NAME}\",\"color\":\"${LABEL_COLOR}\",\"description\":\"Auto-created by CI issue reporter\"}" \
+        > /dev/null 2>&1 || true
+    fi
+  fi
+}
+
+# ── Search for existing open issue ──────────────────────────────────────────
+find_existing_issue() {
+  # URL-encode the gate name for the query
+  local query
+  query=$(printf '%s' "[CI] ${GATE}" | sed 's/ /%20/g; s/\[/%5B/g; s/\]/%5D/g')
+
+  local response
+  response=$(curl -sf \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/issues?type=issues&state=open&labels=${LABEL_NAME}&q=${query}&limit=5" \
+    2>/dev/null || echo "[]")
+
+  # Extract the first matching issue number
+  echo "$response" \
+    | grep -oP '"number":\s*\K[0-9]+' \
+    | head -1
+}
+
+# ── Build issue body ────────────────────────────────────────────────────────
+build_body() {
+  local severity_badge
+  if [[ "$SEVERITY" == "error" ]]; then
+    severity_badge="**Severity:** Error"
+  else
+    severity_badge="**Severity:** Warning"
+  fi
+
+  cat <<BODY
+## CI Gate Failure: ${GATE}
+
+${severity_badge}
+**Workflow:** ${WORKFLOW:-unknown}
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+### Details
+
+${DETAILS}
+
+### Resolution
+
+Fix the issue described above and push a new commit. This issue will be closed automatically when the gate passes, or can be closed manually.
+
+---
+*Auto-created by [ci-issue-reporter](${GITEA_URL}/${REPO}/src/branch/main/automation/ci-issue-reporter.sh)*
+BODY
+}
+
+# ── Build comment body (for existing issues) ────────────────────────────────
+build_comment() {
+  cat <<COMMENT
+### CI failure recurrence
+
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+${DETAILS}
+COMMENT
+}
+
+# ── Main ────────────────────────────────────────────────────────────────────
+ensure_label
+
+EXISTING=$(find_existing_issue)
+
+if [[ -n "$EXISTING" ]]; then
+  # Append comment to existing issue
+  COMMENT_BODY=$(build_comment)
+  COMMENT_JSON=$(printf '%s' "$COMMENT_BODY" | python3 -c "
+import sys, json
+print(json.dumps({'body': sys.stdin.read()}))" 2>/dev/null)
+
+  HTTP=$(curl -sf -o /dev/null -w '%{http_code}' -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues/${EXISTING}/comments" \
+    -d "${COMMENT_JSON}" 2>/dev/null || echo "000")
+
+  if [[ "$HTTP" == "201" ]]; then
+    echo "Commented on existing issue #${EXISTING}"
+  else
+    echo "WARNING: Failed to comment on issue #${EXISTING} (HTTP ${HTTP})"
+  fi
+else
+  # Create new issue
+  ISSUE_BODY=$(build_body)
+  ISSUE_JSON=$(python3 -c "
+import sys, json
+body = sys.stdin.read()
+print(json.dumps({
+    'title': sys.argv[1],
+    'body': body,
+    'labels': []
+}))" "$TITLE" <<< "$ISSUE_BODY" 2>/dev/null)
+
+  # Create the issue
+  RESPONSE=$(curl -sf -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues" \
+    -d "${ISSUE_JSON}" 2>/dev/null || echo "{}")
+
+  ISSUE_NUM=$(echo "$RESPONSE" | grep -oP '"number":\s*\K[0-9]+' | head -1)
+
+  if [[ -n "$ISSUE_NUM" ]]; then
+    # Apply label (separate call — more reliable across Gitea versions)
+    LABEL_ID=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -oP "\"id\":\s*\K[0-9]+(?=[^}]*\"name\":\s*\"${LABEL_NAME}\")" \
+      | head -1 || true)
+
+    if [[ -n "$LABEL_ID" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/issues/${ISSUE_NUM}/labels" \
+        -d "{\"labels\":[${LABEL_ID}]}" \
+        > /dev/null 2>&1 || true
+    fi
+
+    echo "Created issue #${ISSUE_NUM}: ${TITLE}"
+  else
+    echo "WARNING: Failed to create issue"
+    echo "Response: ${RESPONSE}"
+  fi
+fi

From 6b195d051440b7372ea3ff7690aef60edeb48e55 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 23:46:32 +0000
Subject: [PATCH 19/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index e2d46625..2a0773f6 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.35-dev
+ VERSION: 02.32.36-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.35-dev</version>
+    <version>02.32.36-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.35-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.36-dev.zip</downloadurl>
     </downloads>
-    <sha256>6dc0bc62259de6bd62963a7d663e2aa80d5c0a69a1fd430f5a4a489f794afe34</sha256>
+    <sha256>d8c4739ac985757071eb0dd00d8ea3b64af7b53d9d18a4654fedcc83ffb24d1b</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 7e2476b2504ea8bda22e1b1b63566a0ad242556b Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 23:48:59 +0000
Subject: [PATCH 20/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 2a0773f6..0d12cb41 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.36-dev
+ VERSION: 02.32.37-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.36-dev</version>
+    <version>02.32.37-dev</version>
     <creationDate>2026-06-02</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.36-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.37-dev.zip</downloadurl>
     </downloads>
-    <sha256>d8c4739ac985757071eb0dd00d8ea3b64af7b53d9d18a4654fedcc83ffb24d1b</sha256>
+    <sha256>b4bea266f76b874759da7992ebce08a827def90eddf448291b6efce95959c6ba</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From d306b0126075529d8fb5dad96e51e56057427f5d Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Wed, 3 Jun 2026 00:29:37 +0000
Subject: [PATCH 21/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/updates.xml b/updates.xml
index 0d12cb41..601dd08a 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.37-dev
+ VERSION: 02.32.38-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.37-dev</version>
-    <creationDate>2026-06-02</creationDate>
+    <version>02.32.38-dev</version>
+    <creationDate>2026-06-03</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.37-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.38-dev.zip</downloadurl>
     </downloads>
-    <sha256>b4bea266f76b874759da7992ebce08a827def90eddf448291b6efce95959c6ba</sha256>
+    <sha256>86a9c67320ac162c60004706d3aef824cc91a5409ba4576a8a87e9fcddea86dd</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From c9889d4abe7ad4a7d7fd00369791e78e904d823e Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Wed, 3 Jun 2026 03:09:34 +0000
Subject: [PATCH 22/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 601dd08a..6e89d756 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.38-dev
+ VERSION: 02.32.39-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.38-dev</version>
+    <version>02.32.39-dev</version>
     <creationDate>2026-06-03</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.38-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.39-dev.zip</downloadurl>
     </downloads>
-    <sha256>86a9c67320ac162c60004706d3aef824cc91a5409ba4576a8a87e9fcddea86dd</sha256>
+    <sha256>71788c251ca10df254171cd4fe7fbf2a953ee714a65c485f34c55c496bbe152e</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From c2a90265d25fce08637e11b79e4c466863b9aa5c Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Wed, 3 Jun 2026 03:52:43 +0000
Subject: [PATCH 23/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 6e89d756..579b5200 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.39-dev
+ VERSION: 02.32.40-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.39-dev</version>
+    <version>02.32.40-dev</version>
     <creationDate>2026-06-03</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.39-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.40-dev.zip</downloadurl>
     </downloads>
-    <sha256>71788c251ca10df254171cd4fe7fbf2a953ee714a65c485f34c55c496bbe152e</sha256>
+    <sha256>ca582f5e1b524414d896b5b749d0ad004cff8b83f1e9d5a85d85f447d8de78dd</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 3a1fc7e4aca9eb00f8b9a5de0f168a2d423f480d Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Wed, 3 Jun 2026 16:54:20 +0000
Subject: [PATCH 24/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 579b5200..bab4ae75 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.40-dev
+ VERSION: 02.32.41-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.40-dev</version>
+    <version>02.32.41-dev</version>
     <creationDate>2026-06-03</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.40-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.41-dev.zip</downloadurl>
     </downloads>
-    <sha256>ca582f5e1b524414d896b5b749d0ad004cff8b83f1e9d5a85d85f447d8de78dd</sha256>
+    <sha256>17a2b862b697133b67847c9776f822a5b519b04fd87c457686e3cb5e78dde077</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 6892b6ac443c48056352b032c94d71e946870eea Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 04:42:50 +0000
Subject: [PATCH 25/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/updates.xml b/updates.xml
index bab4ae75..a0a60f7d 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.41-dev
+ VERSION: 02.32.42-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.41-dev</version>
-    <creationDate>2026-06-03</creationDate>
+    <version>02.32.42-dev</version>
+    <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.41-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.42-dev.zip</downloadurl>
     </downloads>
-    <sha256>17a2b862b697133b67847c9776f822a5b519b04fd87c457686e3cb5e78dde077</sha256>
+    <sha256>20622e59c5d1c903f6368c61936fd79c801323c023bd59882e42f2b47875685d</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From d899bf945ebb926d55453c1fcf892c9efd7acd8d Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 11:44:54 +0000
Subject: [PATCH 26/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index a0a60f7d..cb54b49f 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.42-dev
+ VERSION: 02.32.43-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.42-dev</version>
+    <version>02.32.43-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.42-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.43-dev.zip</downloadurl>
     </downloads>
-    <sha256>20622e59c5d1c903f6368c61936fd79c801323c023bd59882e42f2b47875685d</sha256>
+    <sha256>21ee0054559208a3bee003c5913bfbdfaf211ee252c19c0988cdb8123b49dfc9</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 806a798b870687215db8ca6af0add827453f7085 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 12:02:13 +0000
Subject: [PATCH 27/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index cb54b49f..7e16e7f9 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.43-dev
+ VERSION: 02.32.44-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.43-dev</version>
+    <version>02.32.44-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.43-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.44-dev.zip</downloadurl>
     </downloads>
-    <sha256>21ee0054559208a3bee003c5913bfbdfaf211ee252c19c0988cdb8123b49dfc9</sha256>
+    <sha256>20805af79b9be299a7665f0165dfa73bb1608e2bc6d3e9b9c08cb8842204ffe8</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 76fe9ba311c01449cbdd605d49f0fc2a6782010f Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 12:05:57 +0000
Subject: [PATCH 28/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 7e16e7f9..390b6bbd 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.44-dev
+ VERSION: 02.32.45-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.44-dev</version>
+    <version>02.32.45-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.44-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.45-dev.zip</downloadurl>
     </downloads>
-    <sha256>20805af79b9be299a7665f0165dfa73bb1608e2bc6d3e9b9c08cb8842204ffe8</sha256>
+    <sha256>c251453b0bf549ac17bc4c21bda928bdb137c92facad754bb733ee996f40460c</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 47e3802293c8dfd7c7b3e81e75fbfd0646e8adc2 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 12:24:44 +0000
Subject: [PATCH 29/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 390b6bbd..6d2ab508 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.45-dev
+ VERSION: 02.32.46-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.45-dev</version>
+    <version>02.32.46-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.45-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.46-dev.zip</downloadurl>
     </downloads>
-    <sha256>c251453b0bf549ac17bc4c21bda928bdb137c92facad754bb733ee996f40460c</sha256>
+    <sha256>6dae39ac6773cc181cd2a018743b63aea7d3f78e151a0c142b4f4ea3d92ac35f</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 9fedffe57067d12b81984342c97b4551f9851eac Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 12:55:58 +0000
Subject: [PATCH 30/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 6d2ab508..21b926ef 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.46-dev
+ VERSION: 02.32.47-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.46-dev</version>
+    <version>02.32.47-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.46-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.47-dev.zip</downloadurl>
     </downloads>
-    <sha256>6dae39ac6773cc181cd2a018743b63aea7d3f78e151a0c142b4f4ea3d92ac35f</sha256>
+    <sha256>d8feab9aad9af48f7d45005881eba7be2e830cff685ef25980b1a15dafae6962</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 31a4d12ceb64b02b3bfb83ba3c8c6a009dde9fc6 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 13:46:52 +0000
Subject: [PATCH 31/42] chore: sync .mokogitea/workflows/repo-health.yml from
 moko-platform [skip ci]

---
 .mokogitea/workflows/repo-health.yml | 124 ++-------------------------
 1 file changed, 9 insertions(+), 115 deletions(-)

diff --git a/.mokogitea/workflows/repo-health.yml b/.mokogitea/workflows/repo-health.yml
index b23d971e..8d57aaf0 100644
--- a/.mokogitea/workflows/repo-health.yml
+++ b/.mokogitea/workflows/repo-health.yml
@@ -11,7 +11,7 @@
 # REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
 # PATH: /templates/workflows/joomla/repo_health.yml.template
 # VERSION: 09.23.00
-# BRIEF: Enforces repository guardrails by validating release configuration, scripts governance, tooling availability, and core repository health artifacts.
+# BRIEF: Enforces repository guardrails by validating scripts governance, tooling availability, and core repository health artifacts.
 # ============================================================================
 
 name: "Generic: Repo Health"
@@ -24,13 +24,12 @@ on:
   workflow_dispatch:
     inputs:
       profile:
-        description: 'Validation profile: all, release, scripts, or repo'
+        description: 'Validation profile: all, scripts, or repo'
         required: true
         default: all
         type: choice
         options:
           - all
-          - release
           - scripts
           - repo
   pull_request:
@@ -40,10 +39,6 @@ permissions:
   contents: read
 
 env:
-  # Release policy - Repository Variables Only
-  RELEASE_REQUIRED_REPO_VARS: RS_FTP_PATH_SUFFIX
-  RELEASE_OPTIONAL_REPO_VARS: DEV_FTP_SUFFIX
-
   # Scripts governance policy
   SCRIPTS_REQUIRED_DIRS:
   SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/lib,scripts/release,scripts/run,scripts/validate
@@ -138,101 +133,6 @@ jobs:
           printf '%s\n' 'ERROR: Access denied. Admin permission required.' >> "${GITHUB_STEP_SUMMARY}"
           exit 1
 
-  release_config:
-    name: Release configuration
-    needs: access_check
-    if: ${{ needs.access_check.outputs.allowed == 'true' }}
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Guardrails release vars
-        env:
-          PROFILE_RAW: ${{ github.event.inputs.profile }}
-          RS_FTP_PATH_SUFFIX: ${{ vars.RS_FTP_PATH_SUFFIX }}
-          DEV_FTP_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
-        run: |
-          set -euo pipefail
-
-          profile="${PROFILE_RAW:-all}"
-          case "${profile}" in
-            all|release|scripts|repo) ;;
-            *)
-              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
-              exit 1
-              ;;
-          esac
-
-          if [ "${profile}" = 'scripts' ] || [ "${profile}" = 'repo' ]; then
-            {
-              printf '%s\n' '### Release configuration (Repository Variables)'
-              printf '%s\n' "Profile: ${profile}"
-              printf '%s\n' 'Status: SKIPPED'
-              printf '%s\n' 'Reason: profile excludes release validation'
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 0
-          fi
-
-          IFS=',' read -r -a required <<< "${RELEASE_REQUIRED_REPO_VARS}"
-          IFS=',' read -r -a optional <<< "${RELEASE_OPTIONAL_REPO_VARS}"
-
-          missing=()
-          missing_optional=()
-
-          for k in "${required[@]}"; do
-            v="${!k:-}"
-            [ -z "${v}" ] && missing+=("${k}")
-          done
-
-          for k in "${optional[@]}"; do
-            v="${!k:-}"
-            [ -z "${v}" ] && missing_optional+=("${k}")
-          done
-
-          {
-            printf '%s\n' '### Release configuration (Repository Variables)'
-            printf '%s\n' "Profile: ${profile}"
-            printf '%s\n' '| Variable | Status |'
-            printf '%s\n' '|---|---|'
-            printf '%s\n' "| RS_FTP_PATH_SUFFIX | ${RS_FTP_PATH_SUFFIX:-NOT SET} |"
-            printf '%s\n' "| DEV_FTP_SUFFIX | ${DEV_FTP_SUFFIX:-NOT SET} |"
-            printf '\n'
-          } >> "${GITHUB_STEP_SUMMARY}"
-
-          if [ "${#missing_optional[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Missing optional repository variables'
-              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '\n'
-            } >> "${GITHUB_STEP_SUMMARY}"
-          fi
-
-          if [ "${#missing[@]}" -gt 0 ]; then
-            {
-              printf '%s\n' '### Missing required repository variables'
-              for m in "${missing[@]}"; do printf '%s\n' "- ${m}"; done
-              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository variables.'
-            } >> "${GITHUB_STEP_SUMMARY}"
-            exit 1
-          fi
-
-          {
-            printf '%s\n' '### Repository variables validation result'
-            printf '%s\n' 'Status: OK'
-            printf '%s\n' 'All required repository variables present.'
-            printf '%s\n' ''
-            printf '%s\n' '**Note**: Organization secrets (RS_FTP_HOST, RS_FTP_USER, etc.) are validated at deployment time, not in repository health checks.'
-            printf '\n'
-          } >> "${GITHUB_STEP_SUMMARY}"
-
   scripts_governance:
     name: Scripts governance
     needs: access_check
@@ -256,14 +156,14 @@ jobs:
 
           profile="${PROFILE_RAW:-all}"
           case "${profile}" in
-            all|release|scripts|repo) ;;
+            all|scripts|repo) ;;
             *)
               printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
               exit 1
               ;;
           esac
 
-          if [ "${profile}" = 'release' ] || [ "${profile}" = 'repo' ]; then
+          if [ "${profile}" = 'repo' ]; then
             {
               printf '%s\n' '### Scripts governance'
               printf '%s\n' "Profile: ${profile}"
@@ -370,14 +270,14 @@ jobs:
 
           profile="${PROFILE_RAW:-all}"
           case "${profile}" in
-            all|release|scripts|repo) ;;
+            all|scripts|repo) ;;
             *)
               printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
               exit 1
               ;;
           esac
 
-          if [ "${profile}" = 'release' ] || [ "${profile}" = 'scripts' ]; then
+          if [ "${profile}" = 'scripts' ]; then
             {
               printf '%s\n' '### Repository health'
               printf '%s\n' "Profile: ${profile}"
@@ -704,7 +604,7 @@ jobs:
             printf '%s\n' '| Domain | Status | Notes |'
             printf '%s\n' '|---|---|---|'
             printf '%s\n' '| Access control | OK | Admin-only execution gate |'
-            printf '%s\n' '| Release variables | OK | Repository variables validation |'
+            printf '%s\n' '| Release policy | N/A | Releases handled by MokoGitea |'
             printf '%s\n' '| Scripts governance | OK | Directory policy and advisory reporting |'
             printf '%s\n' '| Repo required artifacts | OK | Required, optional, disallowed enforcement |'
             printf '%s\n' '| Repo content heuristics | OK | Brand, license, changelog structure |'
@@ -773,11 +673,10 @@ jobs:
   report-issues:
     name: "Report Issues"
     runs-on: ubuntu-latest
-    needs: [access_check, release_config, scripts_governance, repo_health]
+    needs: [access_check, scripts_governance, repo_health]
     if: >-
       always() &&
-      (needs.release_config.result == 'failure' ||
-       needs.scripts_governance.result == 'failure' ||
+      (needs.scripts_governance.result == 'failure' ||
        needs.repo_health.result == 'failure')
 
     steps:
@@ -803,10 +702,6 @@ jobs:
             fi
           }
 
-          report_gate "Release Configuration" \
-            "${{ needs.release_config.result }}" \
-            "Required repository variables are missing (RS_FTP_PATH_SUFFIX). Check repository settings."
-
           report_gate "Scripts Governance" \
             "${{ needs.scripts_governance.result }}" \
             "Scripts directory policy violations detected. Review required and allowed directories."
@@ -814,4 +709,3 @@ jobs:
           report_gate "Repository Health" \
             "${{ needs.repo_health.result }}" \
             "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
-

From b8083203e9b1c3ad3f6765357b51512cb5266663 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 14:10:24 +0000
Subject: [PATCH 32/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 21b926ef..f2e7f4b3 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.47-dev
+ VERSION: 02.32.48-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.47-dev</version>
+    <version>02.32.48-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.47-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.48-dev.zip</downloadurl>
     </downloads>
-    <sha256>d8feab9aad9af48f7d45005881eba7be2e830cff685ef25980b1a15dafae6962</sha256>
+    <sha256>384220b2bd69865e7343d618cb728c1c3acbac0252f4d1edfb92d71af283f8c2</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 3243ecba4ae1f43d41fde852c87923c31a71cad5 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 14:21:50 +0000
Subject: [PATCH 33/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index f2e7f4b3..1118cac7 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.48-dev
+ VERSION: 02.32.49-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.48-dev</version>
+    <version>02.32.49-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.48-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.49-dev.zip</downloadurl>
     </downloads>
-    <sha256>384220b2bd69865e7343d618cb728c1c3acbac0252f4d1edfb92d71af283f8c2</sha256>
+    <sha256>77eb1565ba41e251941435e4b954ccd94c5958d436f99c01de018fc587171134</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From ef873bda3b313db5945562a9955151a9a9e18bcd Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 14:23:05 +0000
Subject: [PATCH 34/42] chore: sync .mokogitea/workflows/auto-release.yml from
 moko-platform [skip ci]

---
 .mokogitea/workflows/auto-release.yml | 557 +++++++++++++-------------
 1 file changed, 285 insertions(+), 272 deletions(-)

diff --git a/.mokogitea/workflows/auto-release.yml b/.mokogitea/workflows/auto-release.yml
index 0b771b67..44a2d64a 100644
--- a/.mokogitea/workflows/auto-release.yml
+++ b/.mokogitea/workflows/auto-release.yml
@@ -1,272 +1,285 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Release
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
-# PATH: /templates/workflows/universal/auto-release.yml.template
-# VERSION: 09.23.00
-# BRIEF: Universal build & release � detects platform from manifest.xml
-#
-# +========================================================================+
-# |              UNIVERSAL BUILD & RELEASE PIPELINE                        |
-# +========================================================================+
-# |                                                                        |
-# |  Reads manifest.xml (joomla|dolibarr|generic) to branch logic.       |
-# |                                                                        |
-# |  Platform-specific:                                                    |
-# |    joomla:   XML manifest, updates.xml, type-prefixed packages         |
-# |    dolibarr: mod*.class.php, update.txt, dev version reset             |
-# |    generic:  README-only, no update stream                             |
-# |                                                                        |
-# +========================================================================+
-
-name: "Universal: Build & Release"
-
-on:
-  pull_request:
-    types: [opened, closed]
-    branches:
-      - main
-  workflow_dispatch:
-    inputs:
-      action:
-        description: 'Action to perform'
-        required: false
-        type: choice
-        default: release
-        options:
-          - release
-          - promote-rc
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-
-jobs:
-  # ── PR Opened → Rename branch to RC and build RC release ─────────────────────
-  promote-rc:
-    name: Promote to RC
-    runs-on: release
-    if: >-
-      (github.event.action == 'opened' && github.event.pull_request.merged != true) ||
-      (github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
-          fetch-depth: 1
-          submodules: recursive
-
-      - name: Setup moko-platform tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-        run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
-          rm -rf /tmp/moko-platform-api
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api
-          composer install --no-dev --no-interaction --quiet
-
-      - name: Rename branch to rc
-        run: |
-          php /tmp/moko-platform-api/cli/branch_rename.php \
-            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
-            --pr "${{ github.event.pull_request.number }}"
-
-      - name: Checkout rc and configure git
-        run: |
-          git fetch origin rc
-          git checkout rc
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-
-      - name: Publish RC release
-        run: |
-          php /tmp/moko-platform-api/cli/release_publish.php \
-            --path . --stability rc --bump minor --branch rc \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}"
-
-      - name: Summary
-        if: always()
-        run: |
-          echo "## Promoted to Release Candidate" >> $GITHUB_STEP_SUMMARY
-          echo "Branch renamed to rc, minor bump, RC + lesser stream releases built, updates.xml synced" >> $GITHUB_STEP_SUMMARY
-
-  # ── Merged PR → Build & Release (or promote RC to stable) ────────────────────
-  release:
-    name: Build & Release Pipeline
-    runs-on: release
-    if: >-
-      github.event.pull_request.merged == true ||
-      (github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
-          fetch-depth: 0
-          submodules: recursive
-
-      - name: Configure git for bot pushes
-        run: |
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-
-      - name: Setup moko-platform tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN }}"}}'
-        run: |
-          # Ensure PHP + Composer are available
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
-          rm -rf /tmp/moko-platform-api
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api
-          composer install --no-dev --no-interaction --quiet
-
-
-      - name: "Publish stable release"
-        run: |
-          php /tmp/moko-platform-api/cli/release_publish.php \
-            --path . --stability stable --bump minor --branch main \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}"
-
-      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
-      - name: "Step 9: Mirror release to GitHub"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          secrets.GH_MIRROR_TOKEN != ''
-        continue-on-error: true
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_mirror.php \
-            --version "$VERSION" --tag "$RELEASE_TAG" \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
-            --gh-token "${{ secrets.GH_MIRROR_TOKEN }}" --gh-repo "$GH_REPO" \
-            --branch main 2>&1 || true
-          echo "GitHub mirror updated" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
-      - name: "Step 10: Push main to GitHub mirror"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          secrets.GH_MIRROR_TOKEN != ''
-        continue-on-error: true
-        run: |
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
-          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
-          git remote add github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
-            git remote set-url github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
-          git fetch origin main --depth=1
-          git push github origin/main:refs/heads/main --force 2>/dev/null \
-            && echo "main branch pushed to GitHub mirror" \
-            || echo "WARNING: GitHub mirror push failed"
-
-      - name: "Step 11: Delete rc branch and recreate dev from main"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-
-          # Delete rc branch (ephemeral — created by promote-rc)
-          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
-            "${API_BASE}/branches/rc" 2>/dev/null \
-            && echo "Deleted rc branch" || echo "rc branch not found"
-
-          # Delete dev branch
-          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
-            "${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
-
-          # Recreate dev from main (now includes version bump + changelog promotion)
-          curl -sf -X POST -H "Authorization: token ${TOKEN}" \
-            -H "Content-Type: application/json" \
-            "${API_BASE}/branches" \
-            -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
-
-          echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
-
-      - name: "Step 12: Create version branch from main"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          BRANCH_NAME="version/${VERSION}"
-          MAIN_SHA=$(git rev-parse HEAD)
-
-          # Delete old version branch if it exists (same version re-release)
-          curl -sf -X DELETE -H "Authorization: token ${TOKEN}"             "${API_BASE}/branches/${BRANCH_NAME}" 2>/dev/null && echo "Deleted old ${BRANCH_NAME}"
-
-          # Create version/XX.YY.ZZ from main
-          curl -sf -X POST -H "Authorization: token ${TOKEN}"             -H "Content-Type: application/json"             "${API_BASE}/branches"             -d "{\"new_branch_name\":\"${BRANCH_NAME}\",\"old_branch_name\":\"main\"}" 2>/dev/null             && echo "Created ${BRANCH_NAME} from main (${MAIN_SHA})"             || echo "WARNING: ${BRANCH_NAME} creation failed"
-
-          echo "Version branch created: ${BRANCH_NAME} (${MAIN_SHA})" >> $GITHUB_STEP_SUMMARY
-
-
-
-      # -- Dolibarr post-release: Reset dev version -----------------------------
-      - name: "Post-release: Reset dev version"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/version_reset_dev.php \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
-            --branch dev --path . 2>&1 || true
-
-      # -- Summary --------------------------------------------------------------
-      - name: Pipeline Summary
-        if: always()
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          PLATFORM="${{ steps.platform.outputs.platform }}"
-          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
-            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
-            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
-          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
-            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "## Build & Release Complete (${PLATFORM})" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
-            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Platform | \`${PLATFORM}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
-          fi
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Release
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/universal/auto-release.yml.template
+# VERSION: 05.00.00
+# BRIEF: Universal build & release � detects platform from manifest.xml
+#
+# +========================================================================+
+# |              UNIVERSAL BUILD & RELEASE PIPELINE                        |
+# +========================================================================+
+# |                                                                        |
+# |  Reads manifest.xml (joomla|dolibarr|generic) to branch logic.       |
+# |                                                                        |
+# |  Platform-specific:                                                    |
+# |    joomla:   XML manifest, updates.xml, type-prefixed packages         |
+# |    dolibarr: mod*.class.php, update.txt, dev version reset             |
+# |    generic:  README-only, no update stream                             |
+# |                                                                        |
+# +========================================================================+
+
+name: "Universal: Build & Release"
+
+on:
+  pull_request:
+    types: [opened, closed]
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      action:
+        description: 'Action to perform'
+        required: false
+        type: choice
+        default: release
+        options:
+          - release
+          - promote-rc
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
+  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
+
+permissions:
+  contents: write
+
+jobs:
+  # ── PR Opened → Rename branch to RC and build RC release ─────────────────────
+  promote-rc:
+    name: Promote to RC
+    runs-on: release
+    if: >-
+      (github.event.action == 'opened' && github.event.pull_request.merged != true) ||
+      (github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 1
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          # Always fetch latest CLI tools — never use stale cache from previous runs
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api
+          composer install --no-dev --no-interaction --quiet
+
+      - name: Rename branch to rc
+        run: |
+          php /tmp/moko-platform-api/cli/branch_rename.php \
+            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
+            --pr "${{ github.event.pull_request.number }}"
+
+      - name: Checkout rc and configure git
+        run: |
+          git fetch origin rc
+          git checkout rc
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+      - name: Publish RC release
+        run: |
+          php /tmp/moko-platform-api/cli/release_publish.php \
+            --path . --stability rc --bump minor --branch rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --skip-update-stream
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "## Promoted to Release Candidate" >> $GITHUB_STEP_SUMMARY
+          echo "Branch renamed to rc, minor bump, RC release built (updates.xml managed by Gitea Pages)" >> $GITHUB_STEP_SUMMARY
+
+  # ── Merged PR → Build & Release (or promote RC to stable) ────────────────────
+  release:
+    name: Build & Release Pipeline
+    runs-on: release
+    if: >-
+      github.event.pull_request.merged == true ||
+      (github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 0
+
+      - name: Configure git for bot pushes
+        run: |
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+      - name: Check for merge conflict markers
+        run: |
+          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
+          if [ -n "$CONFLICTS" ]; then
+            echo "::error::Merge conflict markers found — aborting release"
+            echo "## Release Blocked: Conflict Markers" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "No conflict markers found"
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN }}"}}'
+        run: |
+          # Ensure PHP + Composer are available
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          # Always fetch latest CLI tools — never use stale cache from previous runs
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api
+          composer install --no-dev --no-interaction --quiet
+
+
+      - name: "Publish stable release"
+        run: |
+          php /tmp/moko-platform-api/cli/release_publish.php \
+            --path . --stability stable --bump minor --branch main \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --skip-update-stream
+
+      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
+      - name: "Step 9: Mirror release to GitHub"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          secrets.GH_MIRROR_TOKEN != ''
+        continue-on-error: true
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php /tmp/moko-platform-api/cli/release_mirror.php \
+            --version "$VERSION" --tag "$RELEASE_TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --gh-token "${{ secrets.GH_MIRROR_TOKEN }}" --gh-repo "$GH_REPO" \
+            --branch main 2>&1 || true
+          echo "GitHub mirror updated" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
+      - name: "Step 10: Push main to GitHub mirror"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          secrets.GH_MIRROR_TOKEN != ''
+        continue-on-error: true
+        run: |
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
+          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
+          git remote add github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
+            git remote set-url github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
+          git fetch origin main --depth=1
+          git push github origin/main:refs/heads/main --force 2>/dev/null \
+            && echo "main branch pushed to GitHub mirror" \
+            || echo "WARNING: GitHub mirror push failed"
+
+      - name: "Step 11: Delete rc branch and recreate dev from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+
+          # Delete rc branch (ephemeral — created by promote-rc)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/rc" 2>/dev/null \
+            && echo "Deleted rc branch" || echo "rc branch not found"
+
+          # Delete dev branch
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
+
+          # Recreate dev from main (now includes version bump + changelog promotion)
+          curl -sf -X POST -H "Authorization: token ${TOKEN}" \
+            -H "Content-Type: application/json" \
+            "${API_BASE}/branches" \
+            -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
+
+          echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
+
+      - name: "Step 12: Create version branch from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          BRANCH_NAME="version/${VERSION}"
+          MAIN_SHA=$(git rev-parse HEAD)
+
+          # Delete old version branch if it exists (same version re-release)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}"             "${API_BASE}/branches/${BRANCH_NAME}" 2>/dev/null && echo "Deleted old ${BRANCH_NAME}"
+
+          # Create version/XX.YY.ZZ from main
+          curl -sf -X POST -H "Authorization: token ${TOKEN}"             -H "Content-Type: application/json"             "${API_BASE}/branches"             -d "{\"new_branch_name\":\"${BRANCH_NAME}\",\"old_branch_name\":\"main\"}" 2>/dev/null             && echo "Created ${BRANCH_NAME} from main (${MAIN_SHA})"             || echo "WARNING: ${BRANCH_NAME} creation failed"
+
+          echo "Version branch created: ${BRANCH_NAME} (${MAIN_SHA})" >> $GITHUB_STEP_SUMMARY
+
+
+
+      # -- Dolibarr post-release: Reset dev version -----------------------------
+      - name: "Post-release: Reset dev version"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php /tmp/moko-platform-api/cli/version_reset_dev.php \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
+            --branch dev --path . 2>&1 || true
+
+      # -- Summary --------------------------------------------------------------
+      - name: Pipeline Summary
+        if: always()
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
+            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
+            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
+          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
+            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "## Build & Release Complete (${PLATFORM})" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
+            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
+            echo "| Platform | \`${PLATFORM}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
+          fi

From 0fccd3f1a403024b47b5dde3abdaf55bfc89dd66 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 14:39:03 +0000
Subject: [PATCH 35/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 1118cac7..30edbd21 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.49-dev
+ VERSION: 02.32.50-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.49-dev</version>
+    <version>02.32.50-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.49-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.50-dev.zip</downloadurl>
     </downloads>
-    <sha256>77eb1565ba41e251941435e4b954ccd94c5958d436f99c01de018fc587171134</sha256>
+    <sha256>f59ce3908085efa34c5d9ab86d597800a46cf31c71a9203e8a3d5e0126319906</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 99179ad245c39fb93553844b60aae85ea11f85ae Mon Sep 17 00:00:00 2001
From: "gitea-actions[bot]" <gitea-actions[bot]@mokoconsulting.tech>
Date: Thu, 4 Jun 2026 14:45:41 +0000
Subject: [PATCH 36/42] =?UTF-8?q?chore:=20sync=20pre-release=20workflow=20?=
 =?UTF-8?q?=E2=80=94=20auto=20RC=20on=20PR=20to=20main=20[skip=20ci]?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .mokogitea/workflows/pre-release.yml | 53 +++++++++++++++++++---------
 1 file changed, 36 insertions(+), 17 deletions(-)

diff --git a/.mokogitea/workflows/pre-release.yml b/.mokogitea/workflows/pre-release.yml
index 81b4cce8..68e5f705 100644
--- a/.mokogitea/workflows/pre-release.yml
+++ b/.mokogitea/workflows/pre-release.yml
@@ -7,7 +7,7 @@
 # INGROUP: moko-platform.Release
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
 # PATH: /templates/workflows/universal/pre-release.yml.template
-# VERSION: 09.23.00
+# VERSION: 05.01.00
 # BRIEF: Manual pre-release -- builds dev/alpha/beta/rc packages from any branch
 
 name: "Universal: Pre-Release"
@@ -17,6 +17,10 @@ on:
     types: [closed]
     branches:
       - dev
+  pull_request_target:
+    types: [synchronize, opened, reopened]
+    branches:
+      - main
   workflow_dispatch:
     inputs:
       stability:
@@ -43,7 +47,8 @@ jobs:
     runs-on: release
     if: >-
       github.event_name == 'workflow_dispatch' ||
-      (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'dev')
+      (github.event_name == 'pull_request' && github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'dev') ||
+      (github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == 'main')
 
     steps:
       - name: Checkout
@@ -51,7 +56,7 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.MOKOGITEA_TOKEN }}
-          submodules: recursive
+          ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || '' }}
 
       - name: Setup moko-platform tools
         env:
@@ -61,7 +66,7 @@ jobs:
           if ! command -v composer &> /dev/null; then
             sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
           fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
+          # Always fetch latest CLI tools — never use stale cache from previous runs
           rm -rf /tmp/moko-platform-api
           git clone --depth 1 --branch main --quiet \
             "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
@@ -77,25 +82,38 @@ jobs:
       - name: Resolve metadata and bump version
         id: meta
         run: |
-          STABILITY="${{ inputs.stability || 'development' }}"
+          # Auto-detect stability: RC for PRs targeting main, else use input or default to development
+          if [ "${{ github.event_name }}" = "pull_request_target" ] && [ "${{ github.event.pull_request.base.ref }}" = "main" ]; then
+            STABILITY="release-candidate"
+          else
+            STABILITY="${{ inputs.stability || 'development' }}"
+          fi
 
           case "$STABILITY" in
-            development)        TAG="development" ;;
-            alpha)              TAG="alpha" ;;
-            beta)               TAG="beta" ;;
-            release-candidate)  TAG="release-candidate" ;;
+            development)        SUFFIX="-dev";   TAG="development" ;;
+            alpha)              SUFFIX="-alpha"; TAG="alpha" ;;
+            beta)               SUFFIX="-beta";  TAG="beta" ;;
+            release-candidate)  SUFFIX="-rc";    TAG="release-candidate" ;;
           esac
 
-          # Set stability suffix, bump preserves it, fix consistency
-          php ${MOKO_CLI}/version_set_platform.php \
-            --path . --version "$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo '00.00.01')" \
-            --branch "${{ github.ref_name }}" --stability "$STABILITY" 2>/dev/null || true
-          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
-
-          # Read final version (includes suffix, e.g. 01.02.15-dev)
+          # Read current version (bump already handled by push workflow)
           VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null)
           [ -z "$VERSION" ] && VERSION="00.00.01"
 
+          # Strip any existing suffix from version before applying stability
+          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
+
+          php ${MOKO_CLI}/version_set_platform.php \
+            --path . --version "$VERSION" --branch "${{ github.ref_name }}" --stability "$STABILITY" 2>/dev/null || true
+
+          # Verify version consistency across all files
+          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
+
+          # Update VERSION variable with suffix
+          if [ -n "$SUFFIX" ]; then
+            VERSION="${VERSION}${SUFFIX}"
+          fi
+
           # Commit version bump
           git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
           git config --local user.name "gitea-actions[bot]"
@@ -119,11 +137,12 @@ jobs:
 
           echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
           echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
+          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
           echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
           echo "zip_name=${ZIP_NAME}" >> "$GITHUB_OUTPUT"
           echo "ext_element=${EXT_ELEMENT}" >> "$GITHUB_OUTPUT"
 
-          echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION} ==="
+          echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION}${SUFFIX} ==="
 
       - name: Create release
         id: release

From 070df8982be8eef4b1af68ce82b30b76f2c1b632 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 14:53:06 +0000
Subject: [PATCH 37/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 30edbd21..15a754a8 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.50-dev
+ VERSION: 02.32.51-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.50-dev</version>
+    <version>02.32.51-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.50-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.51-dev.zip</downloadurl>
     </downloads>
-    <sha256>f59ce3908085efa34c5d9ab86d597800a46cf31c71a9203e8a3d5e0126319906</sha256>
+    <sha256>452e06d674a9d7f31b7ecbfb3270b59e66dca5754bba30ffd16b19fafabd39c9</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From 1289ef81b23a7acd56f96cd07f0a06c3d02a9b91 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 15:15:36 +0000
Subject: [PATCH 38/42] chore: sync updates.xml from development [skip ci]

---
 updates.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/updates.xml b/updates.xml
index 15a754a8..1c0dc93d 100644
--- a/updates.xml
+++ b/updates.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
  SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.51-dev
+ VERSION: 02.32.52-dev
  -->
 
 <updates>
@@ -11,13 +11,13 @@
     <element>pkg_mokowaas</element>
     <type>package</type>
     <client>site</client>
-    <version>02.32.51-dev</version>
+    <version>02.32.52-dev</version>
     <creationDate>2026-06-04</creationDate>
     <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
     <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.51-dev.zip</downloadurl>
+      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.52-dev.zip</downloadurl>
     </downloads>
-    <sha256>452e06d674a9d7f31b7ecbfb3270b59e66dca5754bba30ffd16b19fafabd39c9</sha256>
+    <sha256>c48c4955c2db7d09208c3d55a81a8d52235466f4ea6f7fded74f1e9c0deb7280</sha256>
     <tags><tag>dev</tag></tags>
     <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
     <maintainer>Moko Consulting</maintainer>

From f1dbc10e4df676d92d47bf0d5faa8f4e27a705ef Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 15:18:39 +0000
Subject: [PATCH 39/42] chore: sync .mokogitea/workflows/pr-check.yml from
 moko-platform [skip ci]

---
 .mokogitea/workflows/pr-check.yml | 108 ++++++++++++++++++++++++++++++
 1 file changed, 108 insertions(+)

diff --git a/.mokogitea/workflows/pr-check.yml b/.mokogitea/workflows/pr-check.yml
index e2c82ef2..9d0cb352 100644
--- a/.mokogitea/workflows/pr-check.yml
+++ b/.mokogitea/workflows/pr-check.yml
@@ -105,6 +105,19 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Check for merge conflict markers
+        run: |
+          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
+          if [ -n "$CONFLICTS" ]; then
+            echo "::error::Merge conflict markers found in source files"
+            echo "## Conflict Markers Found" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "No conflict markers found"
+
       - name: Detect platform
         id: platform
         run: |
@@ -183,6 +196,101 @@ jobs:
               ;;
           esac
 
+      - name: Validate Joomla language files
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          ERRORS=0
+          WARNINGS=0
+
+          # Find all .ini language files
+          INI_FILES=$(find . -path "*/language/*/*.ini" -not -path "./.git/*" 2>/dev/null)
+          if [ -z "$INI_FILES" ]; then
+            echo "No .ini language files found — skipping"
+            exit 0
+          fi
+
+          echo "Found $(echo "$INI_FILES" | wc -l) language file(s)"
+
+          for FILE in $INI_FILES; do
+            FNAME=$(basename "$FILE")
+            LINENUM=0
+            SEEN_KEYS=""
+
+            while IFS= read -r line || [ -n "$line" ]; do
+              LINENUM=$((LINENUM + 1))
+
+              # Skip empty lines and comments
+              [ -z "$line" ] && continue
+              echo "$line" | grep -qE '^\s*;' && continue
+              echo "$line" | grep -qE '^\s*$' && continue
+
+              # Must match KEY="VALUE" format
+              if ! echo "$line" | grep -qE '^[A-Z_][A-Z0-9_]*=".*"$'; then
+                echo "::error file=${FILE},line=${LINENUM}::Malformed line: ${line}"
+                ERRORS=$((ERRORS + 1))
+                continue
+              fi
+
+              # Extract key and check for duplicates
+              KEY=$(echo "$line" | sed 's/=.*//')
+              if echo "$SEEN_KEYS" | grep -qx "$KEY"; then
+                echo "::error file=${FILE},line=${LINENUM}::Duplicate key: ${KEY}"
+                ERRORS=$((ERRORS + 1))
+              fi
+              SEEN_KEYS="${SEEN_KEYS}
+          ${KEY}"
+            done < "$FILE"
+
+            echo "  ${FILE}: checked ${LINENUM} lines"
+          done
+
+          # Cross-check en-GB vs en-US key consistency
+          GB_DIR=$(find . -path "*/language/en-GB" -type d -not -path "./.git/*" 2>/dev/null | head -1)
+          US_DIR=$(find . -path "*/language/en-US" -type d -not -path "./.git/*" 2>/dev/null | head -1)
+
+          if [ -n "$GB_DIR" ] && [ -n "$US_DIR" ]; then
+            for GB_FILE in "$GB_DIR"/*.ini; do
+              [ ! -f "$GB_FILE" ] && continue
+              FNAME=$(basename "$GB_FILE")
+              US_FILE="$US_DIR/$FNAME"
+              [ ! -f "$US_FILE" ] && continue
+
+              GB_KEYS=$(grep -oP '^[A-Z_][A-Z0-9_]*(?==)' "$GB_FILE" 2>/dev/null | sort)
+              US_KEYS=$(grep -oP '^[A-Z_][A-Z0-9_]*(?==)' "$US_FILE" 2>/dev/null | sort)
+
+              # Keys in en-GB but not en-US
+              MISSING_US=$(comm -23 <(echo "$GB_KEYS") <(echo "$US_KEYS"))
+              if [ -n "$MISSING_US" ]; then
+                echo "::warning::Keys in en-GB/$FNAME but missing from en-US/$FNAME:"
+                echo "$MISSING_US" | while read -r k; do echo "  - $k"; done
+                WARNINGS=$((WARNINGS + 1))
+              fi
+
+              # Keys in en-US but not en-GB
+              MISSING_GB=$(comm -13 <(echo "$GB_KEYS") <(echo "$US_KEYS"))
+              if [ -n "$MISSING_GB" ]; then
+                echo "::warning::Keys in en-US/$FNAME but missing from en-GB/$FNAME:"
+                echo "$MISSING_GB" | while read -r k; do echo "  - $k"; done
+                WARNINGS=$((WARNINGS + 1))
+              fi
+            done
+          fi
+
+          {
+            echo "### Language File Validation"
+            echo "| Metric | Count |"
+            echo "|---|---|"
+            echo "| Files checked | $(echo "$INI_FILES" | wc -l) |"
+            echo "| Errors | ${ERRORS} |"
+            echo "| Warnings | ${WARNINGS} |"
+          } >> $GITHUB_STEP_SUMMARY
+
+          if [ "$ERRORS" -gt 0 ]; then
+            echo "::error::Language validation failed with ${ERRORS} error(s)"
+            exit 1
+          fi
+          echo "Language files: OK (${WARNINGS} warning(s))"
+
       - name: Check changelog has unreleased entry
         run: |
           if [ ! -f "CHANGELOG.md" ]; then

From ffecdc4796348d1730d254e027823d435ef0c7f3 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 15:27:15 +0000
Subject: [PATCH 40/42] chore: remove updates.xml [skip ci]

---
 updates.xml | 46 ----------------------------------------------
 1 file changed, 46 deletions(-)
 delete mode 100644 updates.xml

diff --git a/updates.xml b/updates.xml
deleted file mode 100644
index 1c0dc93d..00000000
--- a/updates.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!-- Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
- SPDX-License-Identifier: GPL-3.0-or-later
- VERSION: 02.32.52-dev
- -->
-
-<updates>
-  <update>
-    <name>Package - MokoWaaS</name>
-    <description>Package - MokoWaaS development build.</description>
-    <element>pkg_mokowaas</element>
-    <type>package</type>
-    <client>site</client>
-    <version>02.32.52-dev</version>
-    <creationDate>2026-06-04</creationDate>
-    <infourl title='Package - MokoWaaS'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/development</infourl>
-    <downloads>
-      <downloadurl type='full' format='zip'>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/development/pkg_mokowaas-02.32.52-dev.zip</downloadurl>
-    </downloads>
-    <sha256>c48c4955c2db7d09208c3d55a81a8d52235466f4ea6f7fded74f1e9c0deb7280</sha256>
-    <tags><tag>dev</tag></tags>
-    <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
-    <maintainer>Moko Consulting</maintainer>
-    <maintainerurl>https://mokoconsulting.tech</maintainerurl>
-    <targetplatform name="joomla" version="(5|6)\..*" />
-  </update>
-  <update>
-    <name>Package - MokoWaaS</name>
-    <description>Package - MokoWaaS stable build.</description>
-    <element>pkg_mokowaas</element>
-    <type>package</type>
-    <client>site</client>
-    <version>02.33.00</version>
-    <creationDate>2026-06-02</creationDate>
-    <infourl title="Package - MokoWaaS">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/tag/stable</infourl>
-    <downloads>
-      <downloadurl type="full" format="zip">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/releases/download/stable/pkg_mokowaas-02.33.00.zip</downloadurl>
-    </downloads>
-    <sha256>30e18531d9e453173c8945fdfaf690dacdcc3d584d827d146f0c86c851f49bb0</sha256>
-    <tags><tag>stable</tag></tags>
-    <changelogurl>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/CHANGELOG.md</changelogurl>
-    <maintainer>Moko Consulting</maintainer>
-    <maintainerurl>https://mokoconsulting.tech</maintainerurl>
-    <targetplatform name="joomla" version="(5|6)\..*"/>
-  </update>
-</updates>

From ef9d98ea04c25c4b932b815b34d972989a295b11 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 15:31:48 +0000
Subject: [PATCH 41/42] chore: sync .mokogitea/workflows/pr-check.yml from
 moko-platform [skip ci]

---
 .mokogitea/workflows/pr-check.yml | 39 ++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/.mokogitea/workflows/pr-check.yml b/.mokogitea/workflows/pr-check.yml
index 9d0cb352..473eeb2d 100644
--- a/.mokogitea/workflows/pr-check.yml
+++ b/.mokogitea/workflows/pr-check.yml
@@ -202,10 +202,47 @@ jobs:
           ERRORS=0
           WARNINGS=0
 
+          # Require both en-GB and en-US language directories
+          LANG_ROOT=$(find . -path "*/language" -type d -not -path "./.git/*" 2>/dev/null | head -1)
+          if [ -z "$LANG_ROOT" ]; then
+            echo "No language/ directory found — skipping"
+            exit 0
+          fi
+
+          if [ ! -d "$LANG_ROOT/en-GB" ]; then
+            echo "::error::Missing en-GB language directory (${LANG_ROOT}/en-GB)"
+            ERRORS=$((ERRORS + 1))
+          fi
+          if [ ! -d "$LANG_ROOT/en-US" ]; then
+            echo "::error::Missing en-US language directory (${LANG_ROOT}/en-US)"
+            ERRORS=$((ERRORS + 1))
+          fi
+
+          # Check that en-GB and en-US have matching .ini files
+          if [ -d "$LANG_ROOT/en-GB" ] && [ -d "$LANG_ROOT/en-US" ]; then
+            for GB_INI in "$LANG_ROOT/en-GB"/*.ini; do
+              [ ! -f "$GB_INI" ] && continue
+              US_INI="$LANG_ROOT/en-US/$(basename "$GB_INI")"
+              if [ ! -f "$US_INI" ]; then
+                echo "::error::$(basename "$GB_INI") exists in en-GB but missing from en-US"
+                ERRORS=$((ERRORS + 1))
+              fi
+            done
+            for US_INI in "$LANG_ROOT/en-US"/*.ini; do
+              [ ! -f "$US_INI" ] && continue
+              GB_INI="$LANG_ROOT/en-GB/$(basename "$US_INI")"
+              if [ ! -f "$GB_INI" ]; then
+                echo "::error::$(basename "$US_INI") exists in en-US but missing from en-GB"
+                ERRORS=$((ERRORS + 1))
+              fi
+            done
+          fi
+
           # Find all .ini language files
           INI_FILES=$(find . -path "*/language/*/*.ini" -not -path "./.git/*" 2>/dev/null)
           if [ -z "$INI_FILES" ]; then
-            echo "No .ini language files found — skipping"
+            echo "No .ini language files found"
+            [ "$ERRORS" -gt 0 ] && exit 1
             exit 0
           fi
 

From d4176836a511c6e5b5f83a76185f1ced3ccecce2 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <1+jmiller@noreply.git.mokoconsulting.tech>
Date: Thu, 4 Jun 2026 15:40:27 +0000
Subject: [PATCH 42/42] chore: sync .mokogitea/workflows/pr-check.yml from
 moko-platform [skip ci]

---
 .mokogitea/workflows/pr-check.yml | 92 +++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)

diff --git a/.mokogitea/workflows/pr-check.yml b/.mokogitea/workflows/pr-check.yml
index 473eeb2d..3dd7540a 100644
--- a/.mokogitea/workflows/pr-check.yml
+++ b/.mokogitea/workflows/pr-check.yml
@@ -147,6 +147,98 @@ jobs:
           echo "PHP lint: ${ERRORS} error(s)"
           [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
 
+      - name: Joomla JEXEC guard check
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          ERRORS=0
+          while IFS= read -r -d '' file; do
+            # Skip vendor, node_modules, and index.html stub files
+            case "$file" in ./vendor/*|./node_modules/*) continue ;; esac
+            # Check first 10 lines for JEXEC or JPATH guard
+            if ! head -20 "$file" | grep -qE "defined\s*\(\s*['\"](_JEXEC|JPATH_BASE|\\\\JPATH_PLATFORM)['\"]"; then
+              echo "::error file=${file}::Missing JEXEC guard: ${file}"
+              ERRORS=$((ERRORS + 1))
+            fi
+          done < <(find . -name "*.php" -path "*/src/*" -not -path "./.git/*" -not -path "./vendor/*" -print0)
+          if [ "$ERRORS" -gt 0 ]; then
+            echo "::error::${ERRORS} PHP file(s) missing defined('_JEXEC') or die guard"
+            echo "## JEXEC Guard Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "${ERRORS} file(s) in src/ are missing the Joomla execution guard." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "JEXEC guard: OK"
+
+      - name: Joomla directory listing protection
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          MISSING=0
+          SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && exit 0
+          while IFS= read -r dir; do
+            if [ ! -f "${dir}/index.html" ]; then
+              echo "::warning::Missing index.html in ${dir} (directory listing protection)"
+              MISSING=$((MISSING + 1))
+            fi
+          done < <(find "$SOURCE_DIR" -type d -not -path "./.git/*" -not -path "*/vendor/*" -not -path "*/node_modules/*")
+          if [ "$MISSING" -gt 0 ]; then
+            echo "## Directory Protection" >> $GITHUB_STEP_SUMMARY
+            echo "${MISSING} director(ies) missing index.html" >> $GITHUB_STEP_SUMMARY
+          fi
+          echo "Directory protection: ${MISSING} missing (advisory)"
+
+      - name: Joomla script file and asset checks
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          ERRORS=0
+          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+          [ -z "$MANIFEST" ] && exit 0
+          MANIFEST_DIR=$(dirname "$MANIFEST")
+
+          # Check scriptfile exists if declared
+          SCRIPTFILE=$(sed -n 's/.*<scriptfile>\([^<]*\)<\/scriptfile>.*/\1/p' "$MANIFEST" 2>/dev/null)
+          if [ -n "$SCRIPTFILE" ]; then
+            if [ ! -f "${MANIFEST_DIR}/${SCRIPTFILE}" ]; then
+              echo "::error::Manifest declares <scriptfile>${SCRIPTFILE}</scriptfile> but file not found at ${MANIFEST_DIR}/${SCRIPTFILE}"
+              ERRORS=$((ERRORS + 1))
+            else
+              echo "Script file: ${MANIFEST_DIR}/${SCRIPTFILE} (OK)"
+            fi
+          fi
+
+          # Require joomla.asset.json and validate it
+          ASSET_JSON=$(find "$MANIFEST_DIR" -name "joomla.asset.json" -not -path "./.git/*" 2>/dev/null | head -1)
+          if [ -z "$ASSET_JSON" ]; then
+            echo "::error::joomla.asset.json not found — Joomla asset system is required"
+            ERRORS=$((ERRORS + 1))
+          else
+            if command -v php &> /dev/null; then
+              php -r "json_decode(file_get_contents('$ASSET_JSON')); if(json_last_error()!==JSON_ERROR_NONE){echo json_last_error_msg();exit(1);}" 2>&1 || {
+                echo "::error::joomla.asset.json is not valid JSON"
+                ERRORS=$((ERRORS + 1))
+              }
+            fi
+            echo "joomla.asset.json: valid"
+          fi
+
+          # Validate all XML files in src/ are well-formed
+          XML_ERRORS=0
+          if command -v php &> /dev/null; then
+            while IFS= read -r -d '' xmlfile; do
+              if ! php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$xmlfile'); if(!\$x){foreach(libxml_get_errors() as \$e) echo trim(\$e->message) . ' in $xmlfile'; exit(1);}" 2>&1; then
+                XML_ERRORS=$((XML_ERRORS + 1))
+              fi
+            done < <(find "$MANIFEST_DIR" -name "*.xml" -not -path "./.git/*" -print0)
+          fi
+          if [ "$XML_ERRORS" -gt 0 ]; then
+            echo "::error::${XML_ERRORS} XML file(s) are malformed"
+            ERRORS=$((ERRORS + 1))
+          else
+            echo "XML well-formedness: OK"
+          fi
+
+          [ "$ERRORS" -gt 0 ] && exit 1
+          echo "Joomla asset checks: OK"
+
       - name: Validate platform manifest
         run: |
           PLATFORM="${{ steps.platform.outputs.platform }}"