chore(version): pre-release bump to 01.43.28-dev [skip ci]

2026-06-27 02:20:38 +00:00
54 changed files with 271 additions and 1022 deletions
@@ -22,7 +22,7 @@ on:

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}

 permissions:
  contents: write
@@ -7,7 +7,7 @@
 # INGROUP: mokocli.Release
 # REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokocli
 # PATH: /templates/workflows/universal/auto-release.yml.template
-# VERSION: 05.01.00
+# VERSION: 05.00.00
 # BRIEF: Universal build & release � detects platform from manifest.xml
 #
 # +=======================================================================+
@@ -52,7 +52,7 @@ on:

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}

@@ -75,7 +75,6 @@ jobs:
        with:
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          fetch-depth: 1
-          submodules: recursive

      - name: Setup mokocli tools
        env:
@@ -103,7 +102,7 @@ jobs:
          php ${MOKO_CLI}/branch_rename.php \
            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --api-base "${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
+            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
            --pr "${{ github.event.pull_request.number }}"

      - name: Checkout rc and configure git
@@ -122,7 +121,7 @@ jobs:

      - name: Update RC release notes from CHANGELOG.md
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Extract [Unreleased] section from changelog
@@ -174,7 +173,6 @@ jobs:
        with:
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          fetch-depth: 0
-          submodules: recursive

      - name: Configure git for bot pushes
        run: |
@@ -271,7 +269,7 @@ jobs:
          !startsWith(steps.platform.outputs.platform, 'joomla')
        run: |
          VERSION="${{ steps.version.outputs.version }}"
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          SEMVER_TAG="v${VERSION}"

@@ -296,7 +294,7 @@ jobs:

      - name: Update release notes and promote changelog
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Get the stable release info (version and ID)
@@ -365,7 +363,7 @@ jobs:
          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          php ${MOKO_CLI}/release_mirror.php \
            --version "$VERSION" --tag "$RELEASE_TAG" \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
@@ -394,7 +392,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Delete rc branch (ephemeral — created by promote-rc)
@@ -418,7 +416,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
          BRANCH_NAME="version/${VERSION}"
@@ -439,7 +437,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          php ${MOKO_CLI}/version_reset_dev.php \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
            --branch dev --path . 2>&1 || true
@@ -465,5 +463,5 @@ jobs:
            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${MOKOGITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
+            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
          fi
@@ -13,12 +13,6 @@
 name: "Generic: Project CI"

 on:
-  pull_request:
-    branches:
-      - main
-      - dev
-      - dev/**
-      - rc/**
  workflow_dispatch:

 permissions:
@@ -1,68 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: mokocli.Universal
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
-# PATH: /.mokogitea/workflows/ci-issue-reporter.yml
-# VERSION: 01.00.00
-# BRIEF: Reusable workflow — creates/updates a Gitea issue when a CI gate fails.
-#        Clones MokoCLI and runs cli/ci_issue_reporter.sh.
-
-name: "Universal: CI Issue Reporter"
-
-on:
-  workflow_call:
-    inputs:
-      gate:
-        description: "CI gate name (e.g. PR Validation, Repository Health)"
-        required: true
-        type: string
-      details:
-        description: "Human-readable failure description"
-        required: true
-        type: string
-      severity:
-        description: "error or warning"
-        required: false
-        type: string
-        default: "error"
-      workflow:
-        description: "Workflow name for the issue title"
-        required: false
-        type: string
-        default: ""
-    secrets:
-      MOKOGITEA_TOKEN:
-        required: true
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  report:
-    name: "Report: ${{ inputs.gate }}"
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone MokoCLI
-        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-        run: |
-          MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
-          git clone --depth 1 --filter=blob:none --sparse "${MOKOGITEA_URL}/MokoConsulting/MokoCLI.git" /tmp/mokocli
-          cd /tmp/mokocli && git sparse-checkout set cli/ci_issue_reporter.sh
-
-      - name: Report CI failure
-        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-        run: |
-          chmod +x /tmp/mokocli/cli/ci_issue_reporter.sh
-          /tmp/mokocli/cli/ci_issue_reporter.sh \
-            --gate "${{ inputs.gate }}" \
-            --details "${{ inputs.details }}" \
-            --severity "${{ inputs.severity }}" \
-            --workflow "${{ inputs.workflow }}"
@@ -21,7 +21,7 @@ permissions:
  contents: write

 env:
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}

 jobs:
  cleanup:
@@ -33,17 +33,17 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          token: ${{ secrets.GA_TOKEN }}

      - name: Delete merged branches
        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
        run: |
          echo "=== Merged Branch Cleanup ==="
-          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"

          # List branches via API
-          BRANCHES=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+          BRANCHES=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
            "${API}/branches?limit=50" | jq -r '.[].name')

          DELETED=0
@@ -56,7 +56,7 @@ jobs:
            # Check if branch is merged into main
            if git merge-base --is-ancestor "origin/${BRANCH}" origin/main 2>/dev/null; then
              echo "  Deleting merged branch: ${BRANCH}"
-              curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+              curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
                "${API}/branches/${BRANCH}" 2>/dev/null || true
              DELETED=$((DELETED + 1))
            fi
@@ -66,20 +66,20 @@ jobs:

      - name: Clean old workflow runs
        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
        run: |
          echo "=== Workflow Run Cleanup ==="
-          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
          CUTOFF=$(date -d "30 days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-30d +%Y-%m-%dT%H:%M:%SZ)

          # Get old completed runs
-          RUNS=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+          RUNS=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
            "${API}/actions/runs?status=completed&limit=50" | \
            jq -r ".workflow_runs[] | select(.created_at < \"${CUTOFF}\") | .id" 2>/dev/null)

          DELETED=0
          for RUN_ID in $RUNS; do
-            curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+            curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
              "${API}/actions/runs/${RUN_ID}" 2>/dev/null || true
            DELETED=$((DELETED + 1))
          done
@@ -1,126 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Deploy
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
-# PATH: /templates/workflows/joomla/deploy-manual.yml.template
-# VERSION: 04.07.00
-# BRIEF: Manual SFTP deploy to dev server for Joomla repos
-
-name: "Universal: Deploy to Dev (Manual)"
-
-on:
-  workflow_dispatch:
-    inputs:
-      clear_remote:
-        description: 'Delete all remote files before uploading'
-        required: false
-        default: 'false'
-        type: boolean
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-permissions:
-  contents: read
-
-jobs:
-  deploy:
-    name: SFTP Deploy to Dev
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Setup PHP
-        run: |
-          php -v && composer --version
-
-      - name: Setup MokoStandards tools
-        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          MOKO_CLONE_HOST: ${{ secrets.MOKOGITEA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.MOKOGITEA_TOKEN || github.token }}"}}'
-        run: |
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api 2>/dev/null || true
-          if [ -d "/tmp/mokostandards-api" ] && [ -f "/tmp/mokostandards-api/composer.json" ]; then
-            cd /tmp/mokostandards-api && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
-          fi
-
-      - name: Check FTP configuration
-        id: check
-        env:
-          HOST: ${{ vars.DEV_FTP_HOST }}
-          PATH_VAR: ${{ vars.DEV_FTP_PATH }}
-          PORT: ${{ vars.DEV_FTP_PORT }}
-        run: |
-          if [ -z "$HOST" ] || [ -z "$PATH_VAR" ]; then
-            echo "DEV_FTP_HOST or DEV_FTP_PATH not configured -- cannot deploy"
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          echo "skip=false" >> "$GITHUB_OUTPUT"
-          echo "host=$HOST" >> "$GITHUB_OUTPUT"
-
-          REMOTE="${PATH_VAR%/}"
-          echo "remote=$REMOTE" >> "$GITHUB_OUTPUT"
-
-          [ -z "$PORT" ] && PORT="22"
-          echo "port=$PORT" >> "$GITHUB_OUTPUT"
-
-      - name: Deploy via SFTP
-        if: steps.check.outputs.skip != 'true'
-        env:
-          SFTP_KEY: ${{ secrets.DEV_FTP_KEY }}
-          SFTP_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
-          SFTP_USER: ${{ vars.DEV_FTP_USERNAME }}
-        run: |
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ -- nothing to deploy"; exit 0; }
-
-          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
-            "${{ steps.check.outputs.host }}" "${{ steps.check.outputs.port }}" "$SFTP_USER" "${{ steps.check.outputs.remote }}" \
-            > /tmp/sftp-config.json
-
-          if [ -n "$SFTP_KEY" ]; then
-            echo "$SFTP_KEY" > /tmp/deploy_key
-            chmod 600 /tmp/deploy_key
-            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
-          else
-            printf ',"password":"%s"}' "$SFTP_PASS" >> /tmp/sftp-config.json
-          fi
-
-          DEPLOY_ARGS=(--path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json)
-          [ "${{ inputs.clear_remote }}" = "true" ] && DEPLOY_ARGS+=(--clear-remote)
-
-          PLATFORM=$(php /tmp/mokostandards-api/cli/platform_detect.php --path . 2>/dev/null || true)
-          if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards-api/deploy/deploy-joomla.php" ]; then
-            php /tmp/mokostandards-api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}"
-          else
-            php /tmp/mokostandards-api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}"
-          fi
-
-          rm -f /tmp/deploy_key /tmp/sftp-config.json
-
-      - name: Summary
-        if: always()
-        run: |
-          if [ "${{ steps.check.outputs.skip }}" = "true" ]; then
-            echo "### Deploy Skipped -- FTP not configured" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "### Manual Dev Deploy Complete" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-            echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Host | \`${{ steps.check.outputs.host }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Remote | \`${{ steps.check.outputs.remote }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Clear | ${{ inputs.clear_remote }} |" >> $GITHUB_STEP_SUMMARY
-          fi
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Automation
-# VERSION: 02.52.19
+# VERSION: 01.43.28
 # BRIEF: Auto-create feature branch when an issue is opened

 name: "Universal: Issue Branch"
@@ -19,7 +19,7 @@ permissions:
  issues: write

 env:
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}

 jobs:
  create-branch:
@@ -28,8 +28,8 @@ jobs:
    steps:
      - name: Create branch and comment
        run: |
-          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
+          TOKEN="${{ secrets.GA_TOKEN }}"
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
          ISSUE_NUM="${{ github.event.issue.number }}"
          ISSUE_TITLE="${{ github.event.issue.title }}"

@@ -58,7 +58,7 @@ jobs:
            echo "Created branch: ${BRANCH}"

            # Comment on issue with branch link
-            REPO_URL="${MOKOGITEA_URL}/${{ github.repository }}"
+            REPO_URL="${GITEA_URL}/${{ github.repository }}"
            BODY="Branch created: [\`${BRANCH}\`](${REPO_URL}/src/branch/${BRANCH})\n\n\`\`\`bash\ngit fetch origin\ngit checkout ${BRANCH}\n\`\`\`"

            curl -sf -X POST \
@@ -496,26 +496,39 @@ jobs:
    steps:
      - name: Trigger RC pre-release
        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
          REPO: ${{ github.repository }}
          BRANCH: ${{ github.head_ref }}
-          MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
        run: |
-          curl -s -X POST             "${MOKOGITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${MOKOGITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY

  # ── Issue Reporter ──────────────────────────────────────────────────────
  report-issues:
    name: Report Issues
+    runs-on: ubuntu-latest
    needs: [branch-policy, validate]
    if: >-
      always() &&
      needs.validate.result == 'failure'
-    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-    with:
-      gate: "PR Validation"
-      workflow: "PR Check"
-      severity: error
-      details: "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
-    secrets: inherit
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issue for PR validation failure"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          ./automation/ci-issue-reporter.sh \
+            --gate "PR Validation" \
+            --workflow "PR Check" \
+            --severity error \
+            --details "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
@@ -7,7 +7,7 @@
 # INGROUP: mokocli.Release
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
 # PATH: /templates/workflows/universal/pre-release.yml.template
-# VERSION: 05.02.00
+# VERSION: 05.01.00
 # BRIEF: Auto pre-release on push to dev/alpha/beta/rc branches

 name: "Universal: Pre-Release"
@@ -59,11 +59,6 @@ jobs:
          fetch-depth: 0
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          ref: ${{ github.ref_name }}
-          submodules: recursive
-
-      - name: Update submodules to main
-        run: |
-          git submodule foreach --quiet 'git checkout main && git pull --quiet origin main' 2>/dev/null || true

      - name: Setup mokocli tools
        env:
@@ -29,20 +29,12 @@ jobs:

    steps:
      - name: Rename branch
-        env:
-          BRANCH: ${{ github.event.pull_request.head.ref }}
-          REPO: ${{ github.repository }}
-          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-          TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
-          set -euo pipefail
-          # BRANCH is attacker-controlled (PR head ref). Strict allowlist before ANY use.
-          if ! printf '%s' "$BRANCH" | grep -Eq '^rc/[A-Za-z0-9._/-]+$'; then
-            echo "::error::Refusing unsafe branch name: $BRANCH"; exit 1
-          fi
+          BRANCH="${{ github.event.pull_request.head.ref }}"
          SUFFIX="${BRANCH#rc/}"
          DEV_BRANCH="dev/${SUFFIX}"
-          API="${GITEA_URL}/api/v1/repos/${REPO}/branches"
+          API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Create dev/ branch from rc/ branch
          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X POST \
@@ -50,22 +42,25 @@ jobs:
            -H "Content-Type: application/json" \
            -d "{\"new_branch_name\": \"${DEV_BRANCH}\", \"old_branch_name\": \"${BRANCH}\"}" \
            "${API}" 2>/dev/null || true)
+
          if [ "$STATUS" = "201" ]; then
-            echo "Created branch: ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
+            echo "Created branch: ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
          else
-            echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"; exit 1
+            echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"
+            exit 1
          fi

-          # Read BRANCH from the environment inside PHP (getenv, no string interpolation -> no PHP injection)
-          ENCODED=$(php -r 'echo rawurlencode(getenv("BRANCH"));')
+          # Delete rc/ branch
+          ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
            -H "Authorization: token ${TOKEN}" \
            "${API}/${ENCODED}" 2>/dev/null || true)
+
          if [ "$STATUS" = "204" ]; then
-            echo "Deleted branch: ${BRANCH}" >> "$GITHUB_STEP_SUMMARY"
+            echo "Deleted branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
          else
            echo "::warning::Failed to delete ${BRANCH} (HTTP ${STATUS})"
          fi

-          echo "### RC Reverted" >> "$GITHUB_STEP_SUMMARY"
-          echo "${BRANCH} → ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
+          echo "### RC Reverted" >> $GITHUB_STEP_SUMMARY
+          echo "${BRANCH} → ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
@@ -77,7 +77,7 @@ jobs:
      - name: Check actor permission (admin only)
        id: perm
        env:
-          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
+          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || secrets.MOKOGITEA_TOKEN || github.token }}
          REPO: ${{ github.repository }}
          ACTOR: ${{ github.actor }}
        run: |
@@ -671,30 +671,42 @@ jobs:
  # ═══════════════════════════════════════════════════════════════════════
  # Issue Reporter — file issues for failed gates
  # ═══════════════════════════════════════════════════════════════════════
-  report-scripts:
-    name: "Report: Scripts Governance"
-    needs: [access_check, scripts_governance]
+  report-issues:
+    name: "Report Issues"
+    runs-on: ubuntu-latest
+    needs: [access_check, scripts_governance, repo_health]
    if: >-
      always() &&
-      needs.scripts_governance.result == 'failure'
-    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-    with:
-      gate: "Scripts Governance"
-      workflow: "Repo Health"
-      severity: error
-      details: "Scripts directory policy violations detected. Review required and allowed directories."
-    secrets: inherit
+      (needs.scripts_governance.result == 'failure' ||
+       needs.repo_health.result == 'failure')

-  report-health:
-    name: "Report: Repository Health"
-    needs: [access_check, repo_health]
-    if: >-
-      always() &&
-      needs.repo_health.result == 'failure'
-    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-    with:
-      gate: "Repository Health"
-      workflow: "Repo Health"
-      severity: error
-      details: "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
-    secrets: inherit
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issues for failed gates"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          REPORTER="./automation/ci-issue-reporter.sh"
+          WF="Repo Health"
+
+          report_gate() {
+            local gate="$1" result="$2" details="$3"
+            if [ "$result" = "failure" ]; then
+              "$REPORTER" --gate "$gate" --details "$details" --workflow "$WF" --severity error
+            fi
+          }
+
+          report_gate "Scripts Governance" \
+            "${{ needs.scripts_governance.result }}" \
+            "Scripts directory policy violations detected. Review required and allowed directories."
+
+          report_gate "Repository Health" \
+            "${{ needs.repo_health.result }}" \
+            "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
@@ -1,130 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow.Template
-# INGROUP: MokoStandards.CI
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
-# PATH: /.mokogitea/workflows/version-set.yml
-# VERSION: 01.00.00
-# BRIEF: Set or reset the extension version across all version-bearing files
-
-name: "Joomla: Set Version"
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: "Version number (e.g. 01.00.00)"
-        required: true
-        type: string
-      branch:
-        description: "Branch to update (default: current)"
-        required: false
-        type: string
-
-permissions:
-  contents: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  set-version:
-    name: Set Version to ${{ inputs.version }}
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Validate version format
-        run: |
-          VERSION="${{ inputs.version }}"
-          if ! echo "$VERSION" | grep -qP '^\d{2}\.\d{2}\.\d{2}$'; then
-            echo "::error::Invalid version format '${VERSION}' — expected XX.YY.ZZ (e.g. 01.00.00)"
-            exit 1
-          fi
-          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
-
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          ref: ${{ inputs.branch || github.ref }}
-          fetch-depth: 1
-
-      - name: Update manifest version
-        run: |
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 3 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -z "$MANIFEST" ]; then
-            echo "::warning::No Joomla extension manifest found — skipping manifest update"
-          else
-            OLD_VER=$(grep -oP '<version>\K[^<]+' "$MANIFEST" | head -1)
-            sed -i "s|<version>${OLD_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
-            echo "Manifest: ${OLD_VER} → ${VERSION} (${MANIFEST})"
-          fi
-
-      - name: Update README.md version
-        run: |
-          if [ -f "README.md" ]; then
-            if grep -qP '^\s*VERSION:\s*\d' README.md; then
-              sed -i -E "s/(VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" README.md
-              echo "README.md version updated to ${VERSION}"
-            else
-              echo "::warning::No VERSION line found in README.md — skipping"
-            fi
-          fi
-
-      - name: Update CHANGELOG.md
-        run: |
-          if [ -f "CHANGELOG.md" ]; then
-            DATE=$(date +%Y-%m-%d)
-            # Check if this version already has an entry
-            if grep -q "^\#\# \[${VERSION}\]" CHANGELOG.md; then
-              echo "CHANGELOG.md already has entry for ${VERSION} — skipping"
-            else
-              # Insert new version entry after [Unreleased] or at the top after header
-              if grep -q '^\#\# \[Unreleased\]' CHANGELOG.md; then
-                sed -i "/^\#\# \[Unreleased\]/a\\\\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
-              else
-                sed -i "/^\# Changelog/a\\\\n## [Unreleased]\n\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
-              fi
-              echo "CHANGELOG.md: added entry for ${VERSION}"
-            fi
-          else
-            echo "::warning::No CHANGELOG.md found — skipping"
-          fi
-
-      - name: Update FILE INFORMATION blocks
-        run: |
-          # Update VERSION in file header blocks (# VERSION: XX.YY.ZZ)
-          find . -maxdepth 1 -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.php" -o -name "*.md" \) \
-            -not -path "./.git/*" -not -path "./vendor/*" -print0 2>/dev/null | \
-          while IFS= read -r -d '' FILE; do
-            if head -20 "$FILE" | grep -qP '^\s*#?\s*VERSION:\s*\d{2}\.\d{2}\.\d{2}'; then
-              sed -i -E "s/(#?\s*VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" "$FILE"
-              echo "Updated FILE INFORMATION VERSION in ${FILE}"
-            fi
-          done
-
-      - name: Commit and push
-        run: |
-          git config user.name "Moko Consulting [bot]"
-          git config user.email "hello@mokoconsulting.tech"
-          git add -A
-          if git diff --cached --quiet; then
-            echo "No version changes detected — nothing to commit"
-          else
-            git commit -m "chore: set version to ${VERSION} [skip bump]
-
-Authored-by: Moko Consulting"
-            git push
-            echo "### Version Set" >> $GITHUB_STEP_SUMMARY
-            echo "Version updated to \`${VERSION}\` on branch \`${GITHUB_REF_NAME}\`" >> $GITHUB_STEP_SUMMARY
-          fi
@@ -13,7 +13,6 @@
 name: "Universal: Workflow Sync Trigger"

 on:
-  workflow_dispatch:
  pull_request:
    types: [closed]
    branches:
@@ -27,9 +26,8 @@ jobs:
    name: Sync workflows to live repos
    runs-on: ubuntu-latest
    if: >-
-      github.event_name == 'workflow_dispatch' ||
-      (github.event.pull_request.merged == true &&
-      !contains(github.event.pull_request.title, '[skip sync]'))
+      github.event.pull_request.merged == true &&
+      !contains(github.event.pull_request.title, '[skip sync]')

    steps:
      - name: Determine platform from repo name
@@ -51,14 +49,8 @@ jobs:
        env:
          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
-          MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
-          git clone --depth 1 "${MOKOGITEA_URL}/MokoConsulting/mokocli.git" /tmp/mokocli
-
-      - name: Install PHP
-        run: |
-          if ! command -v php &> /dev/null; then
-            apt-get update -qq && apt-get install -y -qq php-cli php-json php-curl > /dev/null 2>&1
-          fi
+          GITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
+          git clone --depth 1 "${GITEA_URL}/MokoConsulting/mokocli.git" /tmp/mokocli

      - name: Install dependencies
        run: |
@@ -1,17 +1,7 @@
 # Changelog
+
 ## [Unreleased]

-## [02.52.18] --- 2026-06-30
-
-## [02.52.18] --- 2026-06-30
-
-## [01.45.00] --- 2026-06-28
-
-
-## [01.45.00] --- 2026-06-28
-
-## [01.43.35] --- 2026-06-28
-
 ### Added
 - Customizable restore script filename per backup profile (reduces discoverability on remote servers)
 - MokoRestore standalone mode: multi-ZIP selector when multiple backup archives are present
@@ -27,7 +17,6 @@
 - MokoRestore cleanup and security messages now reference the actual script filename instead of hardcoded "restore.php"

 ### Fixed
- SSH key indicator detection and missing delete language key
 - Bootstrap 5 modal conversion for snapshots view (data-bs-dismiss, modal-footer, getOrCreateInstance)
 - ntfy default URL changed from ntfy.sh to ntfy.mokoconsulting.tech
 - Untranslated JFIELD_ORDERING_ASC / JFIELD_ORDERING_LABEL language keys replaced with component-specific keys
@@ -36,3 +25,134 @@
 - MokoRestore stalling: unhandled promise rejections from network errors or non-JSON responses left UI in loading state

 ## [01.43.00] --- 2026-06-24
+
+
+## [01.43.00] --- 2026-06-24
+
+## [01.42.00] --- 2026-06-23
+
+
+## [01.42.00] --- 2026-06-23
+
+## [01.41.00] — 2026-06-23
+
+### Added — Multi-Remote Storage
+- New `#__mokosuitebackup_remotes` table for multiple destinations per profile
+- Remote destinations UI: AJAX-driven add/edit/delete/toggle modal on profile edit
+- Engine uploads to ALL enabled destinations (BackupEngine + SteppedBackupEngine)
+- Migration auto-converts existing SFTP/S3/GDrive/FTP profile columns to new table
+- Backward compatibility: falls back to legacy single-remote columns if table empty
+- Secrets masked in API responses, merged from DB on save
+
+### Added — Content Snapshots
+- Lightweight JSON snapshots of articles, categories, and modules
+- Includes tags, custom fields, workflow associations, field values
+- Restore modes: Replace (clean slate), Merge (upsert), Selective (per-article)
+- Snapshot retention: max count + max age with automatic cleanup
+- Scheduled snapshot task via com_scheduler
+- CLI: `mokosuitebackup:snapshot create|restore|list|delete`
+- REST API: create, list, restore, delete, download snapshots
+- Tabbed browse modal: Articles / Categories / Modules with item counts
+
+### Added — SFTP Remote Storage
+- SFTP support with SSH key file authentication (key stored base64 in database)
+- Auth type dropdown: Password / Key File / Key File + Passphrase
+- SshKeyField: file upload via FileReader, key never exposed in HTML
+- SFTP remote directory browser for path selection
+- `__KEEP_EXISTING__` sentinel preserves key on profile re-save
+
+### Added — MokoRestore Wizard (9 steps)
+- Per-table conflict resolution: Replace / Skip / Merge / Data Only
+- Preset buttons: "All Replace", "All Skip", "Everything except users"
+- Post-restore actions: reset passwords, hits, versions, sessions, cache
+- Auto-detect sanitized passwords and prompt for reset (random temp password)
+- Standalone mode: restore.php scans directory for ZIP files
+- Wrapped mode: restore.php bundled inside backup ZIP
+- Security gate with filesystem verification + path traversal protection
+
+### Added — Data Sanitization
+- Sanitize user passwords: replace hashes with invalid sentinel
+- Sanitize user emails: replace with dummy values
+- Clear session data: exclude `#__session` table
+- Preserve super admin credentials (optional)
+- GDPR-friendly backup sharing for demos and staging sites
+
+### Added — Backup Engine
+- Pre-flight validation: directory, disk space, extensions, credentials, running backups
+- Auto-verify archive integrity after creation (ZIP, tar.gz, 7z)
+- 7z archive format via system 7za/7z CLI binary with native encryption
+- Streaming database dump to temp file (prevents OOM on large sites)
+- S3 streaming upload via CURLOPT_PUT (prevents OOM)
+- Graceful remote degradation: local backup preserved if upload fails
+- DatabaseDumper::dumpToFile() for memory-efficient operation
+
+### Added — Admin UI
+- Dashboard: snapshot widget, 30-day backup trend chart, per-profile storage breakdown
+- CPanel admin dashboard module (mod_mokosuitebackup_cpanel) with quick actions
+- Backup type filter dropdown in backups list
+- Backup comparison: select two backups for side-by-side diff
+- Archive browser: view files inside backup without extracting
+- Manual purge: delete backups older than a date with count preview
+- Backup count badges on profile list
+- "Do not navigate away" warning in backup/restore progress modals
+- Clickable placeholder pills for backup directory and archive name fields
+- Comprehensive help modal with absolute/relative/placeholder path documentation
+- Placeholder resolution display with EXAMPLE prefix
+- All placeholders UPPERCASE: [HOST], [SITE_NAME], [DATE], [DATETIME], etc.
+
+### Added — CLI & API
+- `mokosuitebackup:restore` with --files-only, --db-only, --password options
+- `mokosuitebackup:snapshot` with create, restore, list, delete actions
+- REST API for snapshots: create, list, restore, delete, download
+- Profile credentials masked in API responses
+
+### Added — Notifications & Logging
+- Email/ntfy notifications for site restore, snapshot create/restore
+- Joomla Action Logs for restore, snapshot, and snapshot restore events
+- Global ntfy server/topic/token settings (fallback for profiles)
+
+### Added — Security & Configuration
+- Webcron secret field with CSPRNG generator + strength meter
+- IP whitelist field with current IP detection + one-click "Add my IP"
+- 10 ACL permissions with full enforcement audit across all controllers
+- Config defaults: archive format, MokoRestore mode, sanitization settings
+- Path traversal protection on all archive extraction (ZIP, tar.gz, JPA)
+
+### Fixed
+- CLI RestoreCommand passed wrong arguments (filepath instead of record ID)
+- JPA path traversal: reject `../` in archive entry paths
+- S3Uploader OOM: streaming upload instead of file_get_contents
+- DatabaseDumper OOM: streaming to file instead of in-memory string
+- AkeebaImporter: removed unserialize() (PHP object injection risk)
+- BackupTable: delete DB row before file (prevents data loss)
+- RestoreEngine: staging path sanitized with preg_replace
+- API profiles: sensitive fields masked with `***`
+- Webcron: missing return after sendJsonResponse on auth failure
+- loadFormData(): cast array to object (PHP 8.x TypeError fix)
+- MokoRestore data-only mode: uses REPLACE INTO for existing rows
+- Plaintext archive deleted on encryption failure
+- TarGzArchiver: intermediate .tar cleaned in finally block
+- Install script: single-line comments converted to block comments
+- Orphaned root-level webservices plugin files removed
+- include_mokorestore column: TINYINT changed to VARCHAR(20)
+- Snapshot fields_values: scoped dump and restore to com_content.article (previously destroyed values for contacts, users, etc.)
+- Run Backup button: accept CSRF token from GET (fixes "token did not match" on profile edit)
+- SFTP fields: moved into remote fieldset for showon visibility; removed required attr that blocked non-SFTP saves
+- Script.php merge conflict markers resolved
+
+## [01.24.00] — 2026-06-02
+
+### Added
+- Initial release: full-site backup and restore for Joomla 6
+- Database, files, and configuration backup
+- ZIP and tar.gz archive formats with AES-256 encryption
+- Differential backups based on file manifests
+- FTP/FTPS, S3, Google Drive remote storage
+- MokoRestore standalone restore wizard
+- CLI backup and restore commands
+- REST API for remote management
+- Scheduled tasks via com_scheduler
+- Email and ntfy push notifications
+- Per-profile retention, exclusions, and notifications
+- Akeeba Backup migration tool
+- Admin dashboard with system health checks
@@ -19,7 +19,6 @@ Full-site backup and restore for Joomla — database, files, and configuration.
 - Stepped AJAX engine prevents timeout on shared hosting
 - AES-256 ZIP encryption with configurable password
 - Configurable archive naming with placeholders ([HOST], [DATE], [SITE_NAME], etc.)
- Per-profile retention — configure max backup count and max age (days) per profile, with global defaults
 - Data sanitization — optionally clear user passwords, emails, and sessions in backup

 ### Content Snapshots
@@ -1,241 +0,0 @@
-<!--
-Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-
-This file is part of a Moko Consulting project.
-
-SPDX-License-Identifier: GPL-3.0-or-later
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# FILE INFORMATION
-DEFGROUP: Template-Joomla
-INGROUP: Template-Joomla.Documentation
-REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
-PATH: /SECURITY.md
-VERSION: 02.52.19
-BRIEF: Security vulnerability reporting and handling policy
-->
-
-# Security Policy
-
-## Purpose and Scope
-
-This document defines the security vulnerability reporting, response, and disclosure policy for this Joomla Plugin template repository. It establishes the authoritative process for responsible disclosure, assessment, remediation, and communication of security issues.
-
-## Supported Versions
-
-Security updates are provided for the following versions:
-
-| Version | Supported          |
-| ------- | ------------------ |
-| 01.x.x  | :white_check_mark: |
-| < 01.0  | :x:                |
-
-Only the current major version receives security updates. Users should upgrade to the latest supported version to receive security patches.
-
-## Reporting a Vulnerability
-
-### Where to Report
-
-**DO NOT** create public GitHub issues for security vulnerabilities.
-
-Report security vulnerabilities privately to:
-
-**Email**: `security@mokoconsulting.tech`
-
-**Subject Line**: `[SECURITY] Template-Joomla - Brief Description`
-
-### What to Include
-
-A complete vulnerability report should include:
-
-1. **Description**: Clear explanation of the vulnerability
-2. **Impact**: Potential security impact and severity assessment
-3. **Affected Versions**: Which versions are vulnerable
-4. **Reproduction Steps**: Detailed steps to reproduce the issue
-5. **Proof of Concept**: Code, configuration, or demonstration (if applicable)
-6. **Suggested Fix**: Proposed remediation (if known)
-7. **Disclosure Timeline**: Your expectations for public disclosure
-
-### Response Timeline
-
-* **Initial Response**: Within 3 business days
-* **Assessment Complete**: Within 7 business days
-* **Fix Timeline**: Depends on severity (see below)
-* **Disclosure**: Coordinated with reporter
-
-## Severity Classification
-
-Vulnerabilities are classified using the following severity levels:
-
-### Critical
-* Remote code execution
-* Authentication bypass
-* Data breach or exposure of sensitive information
-* **Fix Timeline**: 7 days
-
-### High
-* Privilege escalation
-* SQL injection or command injection
-* Cross-site scripting (XSS) with significant impact
-* **Fix Timeline**: 14 days
-
-### Medium
-* Information disclosure (limited scope)
-* Denial of service
-* Security misconfigurations with moderate impact
-* **Fix Timeline**: 30 days
-
-### Low
-* Security best practice violations
-* Minor information leaks
-* Issues requiring user interaction or complex preconditions
-* **Fix Timeline**: 60 days or next release
-
-## Remediation Process
-
-1. **Acknowledgment**: Security team confirms receipt and begins investigation
-2. **Assessment**: Vulnerability is validated, severity assigned, and impact analyzed
-3. **Development**: Security patch is developed and tested
-4. **Review**: Patch undergoes security review and validation
-5. **Release**: Fixed version is released with security advisory
-6. **Disclosure**: Public disclosure follows coordinated timeline
-
-## Security Advisories
-
-Security advisories are published via:
-
-* GitHub Security Advisories
-* Release notes and CHANGELOG.md
-* Email notification to project users (if mailing list is established)
-
-Advisories include:
-
-* CVE identifier (if applicable)
-* Severity rating
-* Affected versions
-* Fixed versions
-* Mitigation steps
-* Attribution (with reporter consent)
-
-## Security Best Practices
-
-For projects using this template:
-
-### Required Controls
-
-* Enable GitHub security features (Dependabot, code scanning)
-* Implement branch protection on `main`
-* Require code review for all changes
-* Enforce signed commits (recommended)
-* Use secrets management (never commit credentials)
-* Maintain security documentation
-* Follow secure coding standards defined in MokoStandards
-
-### Joomla Plugin Security
-
-* Follow Joomla security best practices
-* Validate and sanitize all user input
-* Use Joomla's database API to prevent SQL injection
-* Properly escape output to prevent XSS
-* Implement proper access control checks
-* Use Joomla's session and authentication APIs
-* Keep Joomla and dependencies up to date
-
-### CI/CD Security
-
-* Validate all inputs
-* Sanitize outputs
-* Use least privilege access
-* Pin dependencies with hash verification
-* Scan for vulnerabilities in dependencies
-* Audit third-party actions and tools
-
-#### Automated Security Scanning
-
-All repositories SHOULD implement:
-
-**CodeQL Analysis**:
-* Enabled for PHP and other supported languages
-* Runs on: push to main, pull requests, weekly schedule
-* Query sets: `security-extended` and `security-and-quality`
-* Configuration: `.github/workflows/codeql-analysis.yml`
-
-**Dependabot Security Updates**:
-* Weekly scans for vulnerable dependencies
-* Automated pull requests for security patches
-* Configuration: `.github/dependabot.yml`
-
-**Secret Scanning**:
-* Enabled by default with push protection
-* Prevents accidental credential commits
-
-### Dependency Management
-
-* Keep dependencies up to date
-* Monitor security advisories for dependencies
-* Remove unused dependencies
-* Audit new dependencies before adoption
-* Document security-critical dependencies
-
-## Compliance and Governance
-
-This security policy is aligned with MokoStandards. Deviations require documented justification.
-
-Security policies are reviewed and updated at least annually or following significant security incidents.
-
-## Attribution and Recognition
-
-We acknowledge and appreciate responsible disclosure. With your permission, we will:
-
-* Credit you in security advisories
-* List you in CHANGELOG.md for the fix release
-* Recognize your contribution publicly (if desired)
-
-## Contact and Escalation
-
-* **Security Team**: security@mokoconsulting.tech
-* **Primary Contact**: hello@mokoconsulting.tech
-* **Escalation**: For urgent matters requiring immediate attention, contact the maintainer directly via GitHub
-
-## Out of Scope
-
-The following are explicitly out of scope:
-
-* Issues in third-party dependencies (report directly to maintainers)
-* Social engineering attacks
-* Physical security issues
-* Denial of service via resource exhaustion without amplification
-* Issues requiring physical access to systems
-* Theoretical vulnerabilities without proof of exploitability
-
---
-
-## Metadata
-
-| Field        | Value                                                                                                        |
-| ------------ | ------------------------------------------------------------------------------------------------------------ |
-| Document     | Security Policy                                                                                              |
-| Path         | /SECURITY.md                                                                                                 |
-| Repository   | [https://github.com/mokoconsulting-tech/Template-Joomla](https://github.com/mokoconsulting-tech/Template-Joomla) |
-| Owner        | Moko Consulting                                                                                              |
-| Scope        | Security vulnerability handling                                                                              |
-| Status       | Active                                                                                                       |
-| Effective    | 2026-01-16                                                                                                   |
-
-## Revision History
-
-| Date       | Change Description                                | Author          |
-| ---------- | ------------------------------------------------- | --------------- |
-| 2026-01-16 | Initial creation for template repository          | Moko Consulting |
@@ -21,7 +21,7 @@
 			type="sql"
 			label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_PROFILE"
 			description="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_PROFILE_DESC"
-			query="SELECT id AS value, CONCAT(title, ' (#', id, ')') AS text FROM #__mokosuitebackup_profiles WHERE published = 1 ORDER BY id ASC"
+			query="SELECT id AS value, CONCAT(title, ' (#', id, ')') AS text FROM #__mokosuitebackup_profiles WHERE published = 1 ORDER BY ordering ASC"
 			default="1"
 		>
 			<option value="1">Default Backup Profile (#1)</option>
@@ -7,7 +7,7 @@
 -->
 <extension type="component" method="upgrade">
 	<name>MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -55,6 +55,7 @@ CREATE TABLE IF NOT EXISTS `#__mokosuitebackup_profiles` (
 	`ntfy_server`          VARCHAR(512) NOT NULL DEFAULT 'https://ntfy.sh' COMMENT 'ntfy server URL',
 	`ntfy_token`           VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'ntfy access token (optional)',
 	`published`         TINYINT(1) NOT NULL DEFAULT 1,
+	`ordering`          INT(11) NOT NULL DEFAULT 0,
 	`created`           DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
 	`modified`          DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
 	PRIMARY KEY (`id`),
@@ -127,12 +128,12 @@ INSERT IGNORE INTO `#__mokosuitebackup_profiles` (
 	`id`, `title`, `description`, `backup_type`,
 	`archive_format`, `compression_level`, `split_size`, `backup_dir`,
 	`exclude_dirs`, `exclude_files`, `exclude_tables`,
-	`published`, `created`, `modified`
+	`published`, `ordering`, `created`, `modified`
 ) VALUES (
 	1, 'Default Backup Profile', 'Full site backup with default settings', 'full',
 	'zip', 5, 0, '[DEFAULT_DIR]',
 	'administrator/components/com_mokosuitebackup/backups\ntmp\ncache\nlogs\nadministrator/logs',
 	'.gitignore\n.htaccess.bak',
 	'#__session',
-	1, NOW(), NOW()
+	1, 1, NOW(), NOW()
 );
@@ -0,0 +1 @@
+/* 01.43.28 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.29 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.30 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.31 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.32 — no schema changes */
@@ -1 +0,0 @@
-ALTER TABLE `#__mokosuitebackup_profiles` DROP COLUMN `ordering`;
@@ -1 +0,0 @@
-/* 01.43.34 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.35 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.36 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.37 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.38 — no schema changes */
@@ -1 +0,0 @@
-/* 01.44.00 — no schema changes */
@@ -1 +0,0 @@
-/* 01.44.01 — no schema changes */
@@ -1 +0,0 @@
-/* 01.45.00 — no schema changes */
@@ -1 +0,0 @@
-/* 02.52.16 — no schema changes */
@@ -1 +0,0 @@
-/* 02.52.17 — no schema changes */
@@ -1 +0,0 @@
-/* 02.52.18 — no schema changes */
@@ -1 +0,0 @@
-/* 02.52.19 — no schema changes */
@@ -84,24 +84,6 @@ class AjaxController extends BaseController
 		$this->sendJson($result);
 	}

-	/**
-	 * Mark that the JS-driven pre-update backup has completed so the
-	 * server-side onExtensionBeforeUpdate handler skips its own run.
-	 * POST: task=ajax.markPreUpdateDone
-	 */
-	public function markPreUpdateDone(): void
-	{
-		if (!Session::checkToken('get') && !Session::checkToken('post')) {
-			$this->sendJson(['error' => true, 'message' => 'Invalid token'], 403);
-
-			return;
-		}
-
-		Factory::getSession()->set('mokosuitebackup.preupdate_js_done', true);
-
-		$this->sendJson(['success' => true]);
-	}
-
 	/**
 	 * Browse server directories for the folder picker field.
 	 * POST: task=ajax.browseDir&path=/some/path
@@ -249,6 +249,7 @@ class AkeebaImporter
 			'remote_keep_local'    => 1,
 			'include_mokorestore'    => (int) (($config['akeeba.advanced.embedded_installer'] ?? 'none') !== 'none'),
 			'published'         => 1,
+			'ordering'          => (int) $akProfile->id,
 			'created'           => $now,
 			'modified'          => $now,
 		];
@@ -547,16 +547,7 @@ class BackupEngine
 	 */
 	private function createUploaderFromParams(string $type, array $params): RemoteUploaderInterface
 	{
-		$prefixMap = ['ftp' => 'ftp_', 'sftp' => 'sftp_', 's3' => 's3_', 'google_drive' => 'gdrive_'];
-		$prefix    = $prefixMap[$type] ?? '';
-
-		$prefixed = [];
-
-		foreach ($params as $key => $value) {
-			$prefixed[$prefix . $key] = $value;
-		}
-
-		$fake = (object) $prefixed;
+		$fake = (object) $params;

 		return match ($type) {
 			'ftp'          => new FtpUploader($fake),
@@ -346,9 +346,6 @@ define('MOKOJOOMBACKUP_RESTORE', 1);
 define('RESTORE_DIR', __DIR__);
 define('BACKUP_FILE', RESTORE_DIR . '/site-backup.zip');

-error_log('MokoRestore: Script loaded — RESTORE_DIR=' . RESTORE_DIR);
-error_log('MokoRestore: PHP ' . PHP_VERSION . ', SAPI=' . php_sapi_name() . ', memory_limit=' . ini_get('memory_limit'));
-
 session_start();

 if (empty($_SESSION['restore_token'])) {
@@ -361,37 +358,25 @@ $token = $_SESSION['restore_token'];
 // Write a security file to the web root with a random code.
 // The user must read the code from the file and enter it in the browser
 // to prove they have filesystem access before any restore actions are allowed.
-$securityFile = RESTORE_DIR . '/mokorestore-security.php';
+$securityFile = RESTORE_DIR . '/.mokorestore-security.php';
 $securityCode = $_SESSION['security_code'] ?? '';

 if (empty($securityCode)) {
    $securityCode = strtoupper(substr(bin2hex(random_bytes(4)), 0, 8));
    $_SESSION['security_code'] = $securityCode;
    $_SESSION['security_verified'] = false;
-}
-
-// Write (or recreate) the security file whenever verification is still pending
-if (empty($_SESSION['security_verified']) && !is_file($securityFile)) {
-    error_log('MokoRestore: Writing security file: ' . $securityFile);
-    error_log('MokoRestore: Target directory: ' . RESTORE_DIR . ' (writable: ' . (is_writable(RESTORE_DIR) ? 'yes' : 'NO') . ')');

+    // Write security file with the code
    $securityContent = "<?php die('MokoRestore Security Code: " . $securityCode . "'); ?>\n"
        . "MokoRestore Security Verification\n"
        . "==================================\n"
        . "Code: " . $securityCode . "\n"
        . "Enter this code in the MokoRestore browser interface to proceed.\n"
        . "This file will be deleted automatically after verification.\n";
-
-    $written = @file_put_contents($securityFile, $securityContent);
-
-    if ($written === false) {
-        $err = error_get_last();
-        error_log('MokoRestore: FAILED to write security file — ' . ($err['message'] ?? 'unknown error'));
-        error_log('MokoRestore: Directory permissions: ' . decoct(@fileperms(RESTORE_DIR) & 0777) . ', owner: ' . @fileowner(RESTORE_DIR) . ', PHP user: ' . (function_exists('posix_getuid') ? posix_getuid() : 'n/a'));
-        error_log('MokoRestore: Security verification SKIPPED — user will not be challenged');
+    if (file_put_contents($securityFile, $securityContent) === false) {
+        // Cannot write security file — skip verification to avoid locking user out
        $_SESSION['security_verified'] = true;
-    } else {
-        error_log('MokoRestore: Security file created (' . $written . ' bytes)');
+        error_log('MokoRestore: Cannot write security file — verification skipped (check directory permissions)');
    }
 }

@@ -402,17 +387,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['

    if ($inputCode === $securityCode) {
        $_SESSION['security_verified'] = true;
-        error_log('MokoRestore: Security code VERIFIED');

+        // Delete the security file
        if (is_file($securityFile)) {
            @unlink($securityFile);
-            error_log('MokoRestore: Security file deleted');
        }

        echo json_encode(['success' => true, 'message' => 'Security verified']);
    } else {
-        error_log('MokoRestore: Security code REJECTED (input=' . $inputCode . ')');
-        echo json_encode(['success' => false, 'message' => 'Incorrect security code. Check the file: mokorestore-security.php']);
+        echo json_encode(['success' => false, 'message' => 'Incorrect security code. Check the file: .mokorestore-security.php']);
    }

    exit;
@@ -431,7 +414,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
    }

    if (!$securityVerified) {
-        echo json_encode(['success' => false, 'message' => 'Security verification required. Enter the code from mokorestore-security.php']);
+        echo json_encode(['success' => false, 'message' => 'Security verification required. Enter the code from .mokorestore-security.php']);
        exit;
    }

@@ -441,12 +424,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
    @ignore_user_abort(true);

    try {
-        error_log('MokoRestore: Action dispatched — ' . $_POST['action']);
        $result = handleAction($_POST['action'], $_POST);
-        error_log('MokoRestore: Action ' . $_POST['action'] . ' completed — ' . ($result['success'] ? 'OK' : 'FAIL: ' . ($result['message'] ?? '')));
        echo json_encode($result);
    } catch (Throwable $e) {
-        error_log('MokoRestore: Action ' . $_POST['action'] . ' EXCEPTION — ' . $e->getMessage());
        echo json_encode(['success' => false, 'message' => $e->getMessage()]);
    }

@@ -571,14 +551,10 @@ function actionPreflight(): array

 function actionExtract(array $data): array
 {
-    error_log('MokoRestore: Extract — target=' . BACKUP_FILE . ', exists=' . (file_exists(BACKUP_FILE) ? 'yes' : 'no'));
-
    if (!file_exists(BACKUP_FILE)) {
        throw new RuntimeException('Backup file not found: site-backup.zip');
    }

-    error_log('MokoRestore: Extract — archive size=' . number_format(filesize(BACKUP_FILE) / 1048576, 2) . ' MB');
-
    $zip = new ZipArchive();

    if ($zip->open(BACKUP_FILE) !== true) {
@@ -615,8 +591,6 @@ function actionExtract(array $data): array
    $count = $zip->numFiles;
    $zip->close();

-    error_log('MokoRestore: Extract — ' . $count . ' files extracted to ' . RESTORE_DIR);
-
    // Pre-fill from configuration.php.bak (sanitized backup) or
    // configuration.php (legacy/unsanitized backup). Skip [SANITIZED:] values.
    $existingConfig = [];
@@ -745,8 +719,6 @@ function actionDatabase(array $data): array
    $user   = $data['db_user'] ?? '';
    $pass   = $data['db_pass'] ?? '';

-    error_log('MokoRestore: Database import — host=' . $host . ', db=' . $name . ', user=' . $user);
-
    if (empty($name) || empty($user)) {
        throw new RuntimeException('Database name and user are required');
    }
@@ -754,12 +726,9 @@ function actionDatabase(array $data): array
    $sqlFile = RESTORE_DIR . '/database.sql';

    if (!is_file($sqlFile)) {
-        error_log('MokoRestore: Database import — no database.sql found, skipping');
        return ['success' => true, 'message' => 'No database.sql found — skipped', 'statements' => 0, 'errors' => 0];
    }

-    error_log('MokoRestore: Database import — SQL file size=' . number_format(filesize($sqlFile) / 1048576, 2) . ' MB');
-
    $pdo = new PDO(
        "mysql:host={$host};dbname={$name};charset=utf8mb4",
        $user,
@@ -866,14 +835,6 @@ function actionDatabase(array $data): array
        $msg .= " ({$errors} warnings)";
    }

-    error_log('MokoRestore: Database import — ' . $msg);
-
-    if (!empty($errorList)) {
-        foreach ($errorList as $i => $err) {
-            error_log('MokoRestore: DB error ' . ($i + 1) . ': ' . $err);
-        }
-    }
-
    return [
        'success'    => ($statements > 0 || $errors === 0),
        'message'    => $msg,
@@ -886,7 +847,6 @@ function actionDatabase(array $data): array

 function actionConfig(array $data): array
 {
-    error_log('MokoRestore: Config rebuild started');
    $host     = $data['db_host'] ?? 'localhost';
    $dbName   = $data['db_name'] ?? '';
    $dbUser   = $data['db_user'] ?? '';
@@ -907,7 +867,6 @@ function actionConfig(array $data): array
    // debug, cache, SEF, editor, etc.). Fall back to existing config
    // for legacy/unsanitized backups, or build from scratch if neither exists.
    $basePath = is_file($bakPath) ? $bakPath : (is_file($configPath) ? $configPath : null);
-    error_log('MokoRestore: Config — base template: ' . ($basePath ?? 'none (building from scratch)'));

    if ($basePath !== null) {
        $config = file_get_contents($basePath);
@@ -960,12 +919,9 @@ function actionConfig(array $data): array
        }

        if (file_put_contents($configPath, $config) === false) {
-            error_log('MokoRestore: Config — FAILED to write ' . $configPath);
            return ['success' => false, 'message' => 'Failed to write Joomla config file — check directory permissions'];
        }

-        error_log('MokoRestore: Config — written to ' . $configPath . ' (' . filesize($configPath) . ' bytes)');
-
        // Remove .bak after successful rebuild
        if (is_file($bakPath)) {
            @unlink($bakPath);
@@ -1219,8 +1175,6 @@ function actionResetAdmin(array $data): array
    $userId   = (int) ($data['admin_id'] ?? 0);
    $password = $data['new_password'] ?? '';

-    error_log('MokoRestore: Admin password reset — user_id=' . $userId);
-
    if ($userId < 1 || strlen($password) < 8) {
        throw new RuntimeException('Select an admin and enter a password (8+ characters)');
    }
@@ -1234,7 +1188,6 @@ function actionResetAdmin(array $data): array
        throw new RuntimeException('User not found or password unchanged');
    }

-    error_log('MokoRestore: Admin password reset — success');
    return ['success' => true, 'message' => 'Admin password updated successfully'];
 }

@@ -1244,7 +1197,6 @@ function actionPostRestore(array $data): array
    $prefix  = getValidatedPrefix($data);
    $tasks   = json_decode($data['tasks'] ?? '[]', true) ?: [];
    $results = [];
-    error_log('MokoRestore: Post-restore — ' . count($tasks) . ' task(s): ' . implode(', ', $tasks));

    foreach ($tasks as $task) {
        try {
@@ -1367,7 +1319,6 @@ function actionProvision(array $data): array
    $prefix = getValidatedPrefix($data);
    $tasks  = json_decode($data['tasks'] ?? '[]', true) ?: [];
    $results = [];
-    error_log('MokoRestore: Provisioning — ' . count($tasks) . ' task(s): ' . implode(', ', $tasks));

    foreach ($tasks as $task) {
        try {
@@ -1444,24 +1395,16 @@ function actionProvision(array $data): array

 function actionCleanup(): array
 {
-    error_log('MokoRestore: Cleanup started');
    $removed = [];

-    foreach (['database.sql', 'site-backup.zip', 'mokorestore-security.php'] as $file) {
+    foreach (['database.sql', 'site-backup.zip'] as $file) {
        $path = RESTORE_DIR . '/' . $file;

-        if (is_file($path)) {
-            if (@unlink($path)) {
-                $removed[] = $file;
-                error_log('MokoRestore: Cleanup — removed ' . $file);
-            } else {
-                error_log('MokoRestore: Cleanup — FAILED to remove ' . $file);
-            }
+        if (is_file($path) && @unlink($path)) {
+            $removed[] = $file;
        }
    }

-    error_log('MokoRestore: Cleanup complete — removed ' . count($removed) . ' file(s)');
-
    return [
        'success' => true,
        'message' => 'Removed: ' . (empty($removed) ? '(none)' : implode(', ', $removed))
@@ -1627,14 +1570,14 @@ body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica N
    <!-- Step 0: Security Verification -->
    <div class="mr-panel <?php echo $securityVerified ? '' : 'visible'; ?>" id="panel0">
        <h2>Security Verification</h2>
-        <p class="mr-desc">To prevent unauthorized access, enter the security code from the file <code>mokorestore-security.php</code> in your site root.</p>
+        <p class="mr-desc">To prevent unauthorized access, enter the security code from the file <code>.mokorestore-security.php</code> in your site root.</p>
        <div style="border:1px solid #e2e8f0;border-radius:8px;padding:1.25rem;margin-bottom:1.25rem;background:#f8fafc">
            <div style="font-weight:600;font-size:0.9rem;color:#334155;margin-bottom:1rem;display:flex;align-items:center;gap:0.5rem">
                <span style="font-size:1.1rem">&#128274;</span> How to find the code
            </div>
            <ol style="margin:0;padding-left:1.25rem;color:#475569;font-size:0.9rem;line-height:1.6">
                <li>Connect to your server via FTP, SSH, or file manager</li>
-                <li>Open <code>mokorestore-security.php</code> in the site root directory</li>
+                <li>Open <code>.mokorestore-security.php</code> in the site root directory</li>
                <li>Copy the 8-character code and enter it below</li>
            </ol>
        </div>
@@ -889,16 +889,7 @@ class SteppedBackupEngine
 	 */
 	private function createUploaderFromParams(string $type, array $params): RemoteUploaderInterface
 	{
-		$prefixMap = ['ftp' => 'ftp_', 'sftp' => 'sftp_', 's3' => 's3_', 'google_drive' => 'gdrive_'];
-		$prefix    = $prefixMap[$type] ?? '';
-
-		$prefixed = [];
-
-		foreach ($params as $key => $value) {
-			$prefixed[$prefix . $key] = $value;
-		}
-
-		$fake = (object) $prefixed;
+		$fake = (object) $params;

 		return match ($type) {
 			'ftp'          => new FtpUploader($fake),
@@ -25,6 +25,7 @@ class ProfilesModel extends ListModel
 				'title', 'a.title',
 				'backup_type', 'a.backup_type',
 				'published', 'a.published',
+				'ordering', 'a.ordering',
 			];
 		}

@@ -8,7 +8,7 @@
 -->
 <extension type="module" client="administrator" method="upgrade">
 	<name>mod_mokosuitebackup_cpanel</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-23</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,7 @@
 -->
 <extension type="plugin" group="actionlog" method="upgrade">
 	<name>Action Log - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,7 @@
 -->
 <extension type="plugin" group="console" method="upgrade">
 	<name>Console - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,7 @@
 -->
 <extension type="plugin" group="content" method="upgrade">
 	<name>Content - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <extension type="plugin" group="quickicon" method="upgrade">
 	<name>Quick Icon - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,7 @@
 -->
 <extension type="plugin" group="system" method="upgrade">
 	<name>System - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -28,7 +28,6 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 		return [
 			'onAfterInitialise'        => 'onAfterInitialise',
 			'onAfterRoute'             => 'onAfterRoute',
-			'onBeforeRender'           => 'onBeforeRender',
 			'onExtensionBeforeUpdate'  => 'onExtensionBeforeUpdate',
 			'onExtensionBeforeUninstall' => 'onExtensionBeforeUninstall',
 		];
@@ -348,52 +347,10 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 	}

 	/**
-	 * Inject JavaScript on installer/update pages to show a backup progress
-	 * modal before extension updates proceed.
-	 */
-	public function onBeforeRender(Event $event): void
-	{
-		$app = $this->getApplication();
-
-		if (!$app->isClient('administrator')) {
-			return;
-		}
-
-		$option = $app->input->getCmd('option', '');
-		$view   = $app->input->getCmd('view', '');
-
-		if ($option !== 'com_installer' && $option !== 'com_joomlaupdate') {
-			return;
-		}
-
-		$params = ComponentHelper::getParams('com_mokosuitebackup');
-
-		if (!(int) $params->get('backup_before_update', 0)) {
-			return;
-		}
-
-		$profileId = (int) $params->get('default_profile', 1);
-		$token     = \Joomla\CMS\Session\Session::getFormToken();
-
-		$js = $this->getPreUpdateBackupScript($profileId, $token);
-
-		$app->getDocument()->addScriptDeclaration($js);
-	}
-
-	/**
-	 * Run a backup before any extension is updated (server-side fallback
-	 * for CLI/API updates where JavaScript is not available).
+	 * Run a backup before any extension is updated.
 	 */
 	public function onExtensionBeforeUpdate(Event $event): void
 	{
-		$session = Factory::getSession();
-
-		if ($session->get('mokosuitebackup.preupdate_js_done', false)) {
-			$session->set('mokosuitebackup.preupdate_js_done', false);
-
-			return;
-		}
-
 		$this->runPreActionBackup('backup_before_update', 'Pre-update backup');
 	}

@@ -451,161 +408,6 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 		}
 	}

-	/**
-	 * Build the inline JavaScript that intercepts extension update actions
-	 * and runs a stepped backup with a progress modal first.
-	 */
-	private function getPreUpdateBackupScript(int $profileId, string $token): string
-	{
-		$baseUrl = \Joomla\CMS\Uri\Uri::base() . 'index.php?option=com_mokosuitebackup&format=json&' . $token . '=1';
-
-		return <<<JS
-document.addEventListener('DOMContentLoaded', function() {
-    var msbOrigSubmit = Joomla.submitbutton;
-    var msbBackupRunning = false;
-    var msbPendingTask = null;
-
-    // Create modal
-    var msbModal = document.createElement('div');
-    msbModal.id = 'msbPreUpdateModal';
-    msbModal.className = 'modal fade';
-    msbModal.setAttribute('tabindex', '-1');
-    msbModal.setAttribute('data-bs-backdrop', 'static');
-    msbModal.setAttribute('data-bs-keyboard', 'false');
-    msbModal.innerHTML = '<div class="modal-dialog modal-dialog-centered"><div class="modal-content">'
-        + '<div class="modal-header"><h5 class="modal-title"><span class="icon-archive me-2"></span>Pre-Update Backup</h5></div>'
-        + '<div class="modal-body">'
-        + '<p id="msbStatusText">Creating a backup before updating...</p>'
-        + '<div class="progress" style="height:24px"><div id="msbProgressBar" class="progress-bar progress-bar-striped progress-bar-animated" style="width:0%">0%</div></div>'
-        + '<div id="msbLogArea" style="max-height:120px;overflow-y:auto;font-size:0.8rem;color:#64748b;margin-top:12px;font-family:monospace;white-space:pre-wrap"></div>'
-        + '</div>'
-        + '<div class="modal-footer" id="msbFooter" style="display:none">'
-        + '<button type="button" class="btn btn-secondary" id="msbSkipBtn">Skip & Update</button>'
-        + '<button type="button" class="btn btn-danger" id="msbCancelBtn">Cancel</button>'
-        + '</div>'
-        + '</div></div>';
-    document.body.appendChild(msbModal);
-
-    var bsModal = new bootstrap.Modal(msbModal);
-
-    function msbUpdateProgress(pct, msg) {
-        var bar = document.getElementById('msbProgressBar');
-        bar.style.width = pct + '%';
-        bar.textContent = pct + '%';
-        if (msg) document.getElementById('msbStatusText').textContent = msg;
-    }
-
-    function msbLog(msg) {
-        var log = document.getElementById('msbLogArea');
-        log.textContent += msg + '\\n';
-        log.scrollTop = log.scrollHeight;
-    }
-
-    function msbShowFooter() {
-        document.getElementById('msbFooter').style.display = '';
-    }
-
-    function msbFinish(success) {
-        msbBackupRunning = false;
-        if (success && msbPendingTask) {
-            msbUpdateProgress(100, 'Backup complete — proceeding with update...');
-            // Mark JS backup done so server-side handler skips
-            fetch('{$baseUrl}&task=ajax.markPreUpdateDone', {method:'POST', headers:{'X-Requested-With':'XMLHttpRequest'}});
-            setTimeout(function() {
-                bsModal.hide();
-                msbOrigSubmit.call(Joomla, msbPendingTask);
-                msbPendingTask = null;
-            }, 800);
-        }
-    }
-
-    function msbRunStep(sessionId) {
-        fetch('{$baseUrl}&task=ajax.step&session_id=' + encodeURIComponent(sessionId), {
-            method: 'POST',
-            headers: {'X-Requested-With': 'XMLHttpRequest'}
-        })
-        .then(function(r) { return r.json(); })
-        .then(function(data) {
-            if (data.error) {
-                msbUpdateProgress(data.progress || 0, 'Backup error: ' + data.message);
-                msbLog('ERROR: ' + data.message);
-                msbShowFooter();
-                return;
-            }
-            msbUpdateProgress(data.progress || 0, data.message || data.phase || 'Working...');
-            if (data.message) msbLog(data.message);
-            if (data.done) {
-                msbFinish(true);
-            } else {
-                msbRunStep(sessionId);
-            }
-        })
-        .catch(function(err) {
-            msbUpdateProgress(0, 'Backup request failed');
-            msbLog('Network error: ' + err.message);
-            msbShowFooter();
-        });
-    }
-
-    function msbStartBackup() {
-        msbBackupRunning = true;
-        msbUpdateProgress(0, 'Initializing backup...');
-        msbLog('Starting pre-update backup (profile {$profileId})...');
-
-        fetch('{$baseUrl}&task=ajax.init&profile_id={$profileId}&description=Pre-update+backup', {
-            method: 'POST',
-            headers: {'X-Requested-With': 'XMLHttpRequest'}
-        })
-        .then(function(r) { return r.json(); })
-        .then(function(data) {
-            if (data.error) {
-                msbUpdateProgress(0, 'Backup init failed: ' + data.message);
-                msbLog('INIT ERROR: ' + data.message);
-                msbShowFooter();
-                return;
-            }
-            msbLog('Backup initialized — ' + data.message);
-            msbUpdateProgress(data.progress || 5, data.message || 'Running...');
-            msbRunStep(data.session_id);
-        })
-        .catch(function(err) {
-            msbUpdateProgress(0, 'Could not start backup');
-            msbLog('Network error: ' + err.message);
-            msbShowFooter();
-        });
-    }
-
-    // Intercept Joomla toolbar submit
-    Joomla.submitbutton = function(task) {
-        if ((task === 'update.update' || task === 'update.install') && !msbBackupRunning) {
-            msbPendingTask = task;
-            bsModal.show();
-            msbStartBackup();
-            return;
-        }
-        msbOrigSubmit.call(Joomla, task);
-    };
-
-    // Skip button — proceed without backup
-    document.getElementById('msbSkipBtn').addEventListener('click', function() {
-        bsModal.hide();
-        msbBackupRunning = false;
-        if (msbPendingTask) {
-            msbOrigSubmit.call(Joomla, msbPendingTask);
-            msbPendingTask = null;
-        }
-    });
-
-    // Cancel button — abort everything
-    document.getElementById('msbCancelBtn').addEventListener('click', function() {
-        bsModal.hide();
-        msbBackupRunning = false;
-        msbPendingTask = null;
-    });
-});
-JS;
-	}
-
 	/**
 	 * Send a JSON response and terminate — used by web cron handler.
 	 */
@@ -7,7 +7,7 @@
 -->
 <extension type="plugin" group="task" method="upgrade">
 	<name>Task - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,7 @@
 -->
 <extension type="plugin" group="webservices" method="upgrade">
 	<name>Web Services - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -8,7 +8,7 @@
 <extension type="package" method="upgrade">
 	<name>Package - MokoSuiteBackup</name>
 	<packagename>mokosuitebackup</packagename>
-	<version>02.52.19</version>
+	<version>01.43.28</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
				`@@ -1 +0,0 @@`
				ALTER TABLE `#__mokosuitebackup_profiles` DROP COLUMN `ordering`;