diff --git a/.gitea/workflows/auto-release.yml b/.gitea/workflows/auto-release.yml
index 0bc7775a..aa430c1c 100644
--- a/.gitea/workflows/auto-release.yml
+++ b/.gitea/workflows/auto-release.yml
@@ -1,787 +1,958 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Release
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
-# PATH: /templates/workflows/joomla/auto-release.yml.template
-# VERSION: 04.06.00
-# BRIEF: Joomla build & release — ZIP package, updates.xml, SHA-256 checksum
-#
-# +========================================================================+
-# |                    BUILD & RELEASE PIPELINE (JOOMLA)                   |
-# +========================================================================+
-# |                                                                        |
-# |  Triggers on push to main (skips bot commits + [skip ci]):             |
-# |                                                                        |
-# |  Every push:                                                           |
-# |    1. Read version from README.md                                      |
-# |    3. Set platform version (Joomla <version>)                          |
-# |    4. Update [VERSION: XX.YY.ZZ] badges in markdown files              |
-# |    5. Write updates.xml (Joomla update server XML)                      |
-# |    6. Create git tag vXX.YY.ZZ                                        |
-# |    7a. Patch: update existing Gitea Release for this minor             |
-# |    8. Build ZIP, upload asset, write SHA-256 to updates.xml             |
-# |                                                                        |
-# |  Every version change: archives main -> version/XX.YY branch           |
-# |  All patches release (including 00). Patch 00/01 = full pipeline.      |
-# |  First release only (patch == 01):                                     |
-# |    7b. Create new Gitea Release                                        |
-# |                                                                        |
-# |  GitHub mirror: stable/rc releases only (continue-on-error)            |
-# |                                                                        |
-# +========================================================================+
-
-name: Build & Release
-
-on:
-  pull_request:
-    types: [closed]
-    branches:
-      - main
-    paths:
-      - 'src/**'
-      - 'htdocs/**'
-  workflow_dispatch:
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-
-jobs:
-  release:
-    name: Build & Release Pipeline
-    runs-on: release
-    if: >-
-      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.GA_TOKEN }}
-          fetch-depth: 0
-
-      - name: Setup MokoStandards tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN }}"}}'
-        run: |
-          # Ensure PHP + Composer are available
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api
-          cd /tmp/mokostandards-api
-          composer install --no-dev --no-interaction --quiet
-
-      # -- STEP 1: Read version -----------------------------------------------
-      - name: "Step 1: Read version from README.md"
-        id: version
-        run: |
-          VERSION=$(php /tmp/mokostandards-api/cli/version_read.php --path . 2>/dev/null)
-          if [ -z "$VERSION" ]; then
-            echo "No VERSION in README.md — skipping release"
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          # Derive major.minor for branch naming (patches update existing branch)
-          MINOR=$(echo "$VERSION" | awk -F. '{printf "%s.%s", $1, $2}')
-          PATCH=$(echo "$VERSION" | awk -F. '{print $3}')
-
-          MAJOR=$(echo "$VERSION" | awk -F. '{print $1}')
-          MINOR_NUM=$(echo "$VERSION" | awk -F. '{print $2}')
-
-          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
-          echo "branch=version/${MAJOR}" >> "$GITHUB_OUTPUT"
-          echo "minor=$MINOR" >> "$GITHUB_OUTPUT"
-          echo "major=$MAJOR" >> "$GITHUB_OUTPUT"
-          echo "release_tag=stable" >> "$GITHUB_OUTPUT"
-          echo "stability=stable" >> "$GITHUB_OUTPUT"
-          echo "skip=false" >> "$GITHUB_OUTPUT"
-          if [ "$PATCH" = "00" ] || [ "$PATCH" = "01" ]; then
-            echo "is_minor=true" >> "$GITHUB_OUTPUT"
-            echo "Version: $VERSION (first release for this minor — full pipeline)"
-          else
-            echo "is_minor=false" >> "$GITHUB_OUTPUT"
-            echo "Version: $VERSION (patch — platform version + badges only)"
-          fi
-
-      # -- STEP 1b: Bump minor version (stable = minor bump, reset patch) ------
-      - name: "Step 1b: Bump minor version for stable release"
-        if: steps.version.outputs.skip != 'true'
-        id: bump
-        run: |
-          CURRENT=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
-          [ -z "$CURRENT" ] && { echo "skip=true" >> "$GITHUB_OUTPUT"; exit 0; }
-
-          MAJOR=$((10#$(echo "$CURRENT" | cut -d. -f1)))
-          MINOR=$((10#$(echo "$CURRENT" | cut -d. -f2)))
-
-          # Minor bump, reset patch. Rollover if minor > 99
-          MINOR=$((MINOR + 1))
-          if [ $MINOR -gt 99 ]; then
-            MINOR=0
-            MAJOR=$((MAJOR + 1))
-          fi
-
-          VERSION=$(printf "%02d.%02d.00" $MAJOR $MINOR)
-          TODAY=$(date +%Y-%m-%d)
-
-          echo "Stable bump: ${CURRENT} → ${VERSION} (minor)"
-
-          # Update README.md
-          sed -i "s/VERSION:[[:space:]]*${CURRENT}/VERSION: ${VERSION}/" README.md
-
-          # Update manifest
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -n "$MANIFEST" ]; then
-            MANIFEST_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" | head -1)
-            [ -n "$MANIFEST_VER" ] && sed -i "s|<version>${MANIFEST_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
-            sed -i "s|<creationDate>[^<]*</creationDate>|<creationDate>${TODAY}</creationDate>|" "$MANIFEST"
-          fi
-
-          # Commit and push
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git diff --cached --quiet || {
-            git commit -m "chore(version): bump ${CURRENT} → ${VERSION} (minor) [skip ci]"
-            git push origin HEAD:main 2>&1
-          }
-
-          # Override version output for rest of pipeline
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "major=$(printf "%02d" $MAJOR)" >> "$GITHUB_OUTPUT"
-
-      - name: Check if already released
-        if: steps.version.outputs.skip != 'true'
-        id: check
-        run: |
-          TAG="${{ steps.version.outputs.release_tag }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-
-          TAG_EXISTS=false
-          BRANCH_EXISTS=false
-
-          git rev-parse "$TAG" >/dev/null 2>&1 && TAG_EXISTS=true
-          git ls-remote --heads origin "$BRANCH" 2>/dev/null | grep -q "$BRANCH" && BRANCH_EXISTS=true
-
-          echo "tag_exists=$TAG_EXISTS" >> "$GITHUB_OUTPUT"
-          echo "branch_exists=$BRANCH_EXISTS" >> "$GITHUB_OUTPUT"
-
-          # Tag and branch may persist across patch releases — never skip
-          echo "already_released=false" >> "$GITHUB_OUTPUT"
-
-      # -- SANITY CHECKS -------------------------------------------------------
-      - name: "Sanity: Pre-release validation"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          ERRORS=0
-
-          echo "## Pre-Release Sanity Checks (Joomla)" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # -- Version drift check (must pass before release) --------
-          README_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
-          if [ "$README_VER" != "$VERSION" ]; then
-            echo "- Version drift: README says \`${README_VER}\` but releasing \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- Version consistent: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # Check CHANGELOG version matches
-          CL_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' CHANGELOG.md 2>/dev/null | head -1)
-          if [ -n "$CL_VER" ] && [ "$CL_VER" != "$VERSION" ]; then
-            echo "- CHANGELOG drift: \`${CL_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          fi
-
-          # Check composer.json version if present
-          if [ -f "composer.json" ]; then
-            COMP_VER=$(sed -n 's/.*"version"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' composer.json 2>/dev/null | head -1)
-            if [ -n "$COMP_VER" ] && [ "$COMP_VER" != "$VERSION" ]; then
-              echo "- composer.json drift: \`${COMP_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS+1))
-            fi
-          fi
-
-          # Common checks
-          if [ ! -f "LICENSE" ]; then
-            echo "- Missing LICENSE file" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- LICENSE present" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          if [ ! -d "src" ] && [ ! -d "htdocs" ]; then
-            echo "- Warning: No src/ or htdocs/ directory" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "- Source directory present" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          # -- Joomla: manifest version drift --------
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -n "$MANIFEST" ]; then
-            XML_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
-            if [ -n "$XML_VER" ] && [ "$XML_VER" != "$VERSION" ]; then
-              echo "- Manifest drift: \`${XML_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-              ERRORS=$((ERRORS+1))
-            else
-              echo "- Manifest version: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
-            fi
-          fi
-
-          # -- Joomla: XML manifest existence --------
-          if [ -z "$MANIFEST" ]; then
-            echo "- No Joomla XML manifest found" >> $GITHUB_STEP_SUMMARY
-            ERRORS=$((ERRORS+1))
-          else
-            echo "- Manifest: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
-
-            # -- Joomla: extension type check --------
-            TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" 2>/dev/null)
-            echo "- Extension type: ${TYPE:-unknown}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ "$ERRORS" -gt 0 ]; then
-            echo "**${ERRORS} error(s) — release may be incomplete**" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "**All sanity checks passed**" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 2: Create or update version/XX.YY archive branch ---------------
-      # Always runs — every version change on main archives to version/XX.YY
-      - name: "Step 2: Version archive branch"
-        if: steps.check.outputs.already_released != 'true'
-        run: |
-          BRANCH="${{ steps.version.outputs.branch }}"
-          IS_MINOR="${{ steps.version.outputs.is_minor }}"
-          PATCH="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          PATCH_NUM=$(echo "$PATCH" | awk -F. '{print $3}')
-
-          # Check if branch exists
-          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
-            git push origin HEAD:"$BRANCH" --force
-            echo "Updated archive branch: ${BRANCH} (patch ${PATCH_NUM})" >> $GITHUB_STEP_SUMMARY
-          else
-            git checkout -b "$BRANCH" 2>/dev/null || git checkout "$BRANCH"
-            git push origin "$BRANCH" --force
-            echo "Created archive branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 3: Set platform version ----------------------------------------
-      - name: "Step 3: Set platform version"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          php /tmp/mokostandards-api/cli/version_set_platform.php \
-            --path . --version "$VERSION" --branch main
-
-      # -- STEP 4: Update version badges ----------------------------------------
-      - name: "Step 4: Update version badges"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          find . -name "*.md" ! -path "./.git/*" ! -path "./vendor/*" | while read -r f; do
-            if grep -q '\[VERSION:' "$f" 2>/dev/null; then
-              sed -i "s/\[VERSION:[[:space:]]*[0-9]\{2\}\.[0-9]\{2\}\.[0-9]\{2\}\]/[VERSION: ${VERSION}]/" "$f"
-            fi
-          done
-
-      # -- STEP 5: Write updates.xml (Joomla update server) ---------------------
-      - name: "Step 5: Write updates.xml"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          REPO="${{ github.repository }}"
-
-          # -- Parse extension metadata from XML manifest ----------------
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -z "$MANIFEST" ]; then
-            echo "Warning: No Joomla XML manifest found — skipping updates.xml" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-
-          # Extract fields using sed (portable — no grep -P)
-          EXT_NAME=$(sed -n 's/.*<name>\([^<]*\)<\/name>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_CLIENT=$(sed -n 's/.*<extension[^>]*client="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          TARGET_PLATFORM=$(sed -n 's/.*\(<targetplatform[^/]*\/>\).*/\1/p' "$MANIFEST" | head -1)
-          PHP_MINIMUM=$(sed -n 's/.*<php_minimum>\([^<]*\)<\/php_minimum>.*/\1/p' "$MANIFEST" | head -1)
-
-          # Fallbacks
-          [ -z "$EXT_NAME" ] && EXT_NAME="${{ github.event.repository.name }}"
-          [ -z "$EXT_TYPE" ] && EXT_TYPE="component"
-
-          # Derive element if not in manifest:
-          # 1. Try XML filename (e.g. mokowaas.xml → mokowaas)
-          # 2. Fall back to repo name (lowercased)
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-            # If filename is generic (templateDetails, manifest), use repo name
-            case "$EXT_ELEMENT" in
-              templatedetails|manifest|*.xml) EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;;
-            esac
-          fi
-
-          # Build client tag: plugins and frontend modules need <client>site</client>
-          CLIENT_TAG=""
-          if [ -n "$EXT_CLIENT" ]; then
-            CLIENT_TAG="<client>${EXT_CLIENT}</client>"
-          elif [ "$EXT_TYPE" = "module" ] || [ "$EXT_TYPE" = "plugin" ]; then
-            CLIENT_TAG="<client>site</client>"
-          fi
-
-          # Build folder tag for plugins (required for Joomla to match the update)
-          FOLDER_TAG=""
-          if [ -n "$EXT_FOLDER" ] && [ "$EXT_TYPE" = "plugin" ]; then
-            FOLDER_TAG="<folder>${EXT_FOLDER}</folder>"
-          fi
-
-          # Build targetplatform (fallback to Joomla 5 if not in manifest)
-          if [ -z "$TARGET_PLATFORM" ]; then
-            TARGET_PLATFORM=$(printf '<targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" %s>' "/")
-          fi
-
-          # Build php_minimum tag
-          PHP_TAG=""
-          if [ -n "$PHP_MINIMUM" ]; then
-            PHP_TAG="<php_minimum>${PHP_MINIMUM}</php_minimum>"
-          fi
-
-          DOWNLOAD_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/stable/${EXT_ELEMENT}-${VERSION}.zip"
-          INFO_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/stable"
-
-          # -- Build update entry for a given stability tag
-          build_entry() {
-            local TAG_NAME="$1"
-            printf '%s\n' '  <update>'
-            printf '%s\n' "    <name>${EXT_NAME}</name>"
-            printf '%s\n' "    <description>${EXT_NAME} update</description>"
-            printf '%s\n' "    <element>${EXT_ELEMENT}</element>"
-            printf '%s\n' "    <type>${EXT_TYPE}</type>"
-            printf '%s\n' "    <version>${VERSION}</version>"
-            [ -n "$CLIENT_TAG" ] && printf '%s\n' "    ${CLIENT_TAG}"
-            [ -n "$FOLDER_TAG" ] && printf '%s\n' "    ${FOLDER_TAG}"
-            printf '%s\n' "    <tags><tag>${TAG_NAME}</tag></tags>"
-            printf '%s\n' "    <infourl title=\"${EXT_NAME}\">${INFO_URL}</infourl>"
-            printf '%s\n' '    <downloads>'
-            printf '%s\n' "      <downloadurl type=\"full\" format=\"zip\">${DOWNLOAD_URL}</downloadurl>"
-            printf '%s\n' '    </downloads>'
-            printf '%s\n' "    ${TARGET_PLATFORM}"
-            [ -n "$PHP_TAG" ] && printf '%s\n' "    ${PHP_TAG}"
-            printf '%s\n' '    <maintainer>Moko Consulting</maintainer>'
-            printf '%s\n' '    <maintainerurl>https://mokoconsulting.tech</maintainerurl>'
-            printf '%s\n' '  </update>'
-          }
-
-          # -- Write updates.xml with cascading channels
-          # Stable release updates ALL channels (development, alpha, beta, rc, stable)
-          {
-            printf '%s\n' "<?xml version='1.0' encoding='UTF-8'?>"
-            printf '%s\n' "<!-- Copyright (C) $(date +%Y) Moko Consulting <hello@mokoconsulting.tech>"
-            printf '%s\n' " SPDX-License-Identifier: GPL-3.0-or-later"
-            printf '%s\n' " VERSION: ${VERSION}"
-            printf '%s\n' " -->"
-            printf '%s\n' ""
-            printf '%s\n' '<updates>'
-            build_entry "development"
-            build_entry "alpha"
-            build_entry "beta"
-            build_entry "rc"
-            build_entry "stable"
-            printf '%s\n' '</updates>'
-          } > updates.xml
-
-          echo "updates.xml: ${VERSION} (all channels updated to stable)" >> $GITHUB_STEP_SUMMARY
-
-      # -- Commit all changes ---------------------------------------------------
-      - name: Commit release changes
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          if git diff --quiet && git diff --cached --quiet; then
-            echo "No changes to commit"
-            exit 0
-          fi
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          # Set push URL with token for branch-protected repos
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git commit -m "chore(release): build ${VERSION} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-          git push -u origin HEAD
-
-      # -- STEP 6: Create tag ---------------------------------------------------
-      - name: "Step 6: Create git tag"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.tag_exists != 'true' &&
-          steps.version.outputs.is_minor == 'true'
-        run: |
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          # Only create the major release tag if it doesn't exist yet
-          if ! git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
-            git tag "$RELEASE_TAG"
-            git push origin "$RELEASE_TAG"
-            echo "Tag created: ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "Tag ${RELEASE_TAG} already exists" >> $GITHUB_STEP_SUMMARY
-          fi
-          echo "Tag: ${TAG}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 7: Create or update Gitea Release --------------------------------
-      - name: "Step 7: Gitea Release"
-        if: >-
-          steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-          MAJOR="${{ steps.version.outputs.major }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          # Auto-detect extension element for release naming
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          EXT_ELEMENT=""
-          if [ -n "$MANIFEST" ]; then
-            EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
-            [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-            case "$EXT_ELEMENT" in templatedetails|manifest) EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;; esac
-          else
-            EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
-          fi
-
-          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null)
-          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
-
-          RELEASE_NAME="${EXT_ELEMENT} ${VERSION} (stable)"
-
-          # Delete existing release if present (overwrite, not append)
-          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-          EXISTING_ID=$(echo "$EXISTING" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || true)
-
-          if [ -n "$EXISTING_ID" ]; then
-            curl -sS -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              "${API_BASE}/releases/${EXISTING_ID}" 2>/dev/null || true
-            curl -sS -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              "${API_BASE}/tags/${RELEASE_TAG}" 2>/dev/null || true
-            echo "Deleted previous stable release (id: ${EXISTING_ID})"
-          fi
-
-          # Create fresh release
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/json" \
-            "${API_BASE}/releases" \
-            -d "$(python3 -c "import json; print(json.dumps({
-              'tag_name': '${RELEASE_TAG}',
-              'name': '${RELEASE_NAME}',
-              'body': '''## ${VERSION} ($(date +%Y-%m-%d))\n${NOTES}''',
-              'target_commitish': '${BRANCH}'
-            }))")"
-          echo "Release created: ${RELEASE_NAME}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 8: Build Joomla install ZIP + SHA-256 checksum ------------------
-      - name: "Step 8: Build Joomla package and update checksum"
-        if: >-
-          steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          REPO="${{ github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          # All ZIPs upload to the major release tag (vXX)
-          RELEASE_JSON=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-          RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-          if [ -z "$RELEASE_ID" ]; then
-            echo "No release ${RELEASE_TAG} found — skipping ZIP upload"
-            exit 0
-          fi
-
-          # Find extension element name from manifest
-          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)
-          [ -z "$MANIFEST" ] && exit 0
-
-          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1 || basename "$MANIFEST" .xml)
-          ZIP_NAME="${EXT_ELEMENT}-${VERSION}.zip"
-          TAR_NAME="${EXT_ELEMENT}-${VERSION}.tar.gz"
-
-          # -- Build install packages from src/ ----------------------------
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ — skipping package"; exit 0; }
-
-          EXCLUDES=".ftpignore sftp-config* *.ppk *.pem *.key .env*"
-
-          # ZIP package
-          cd "$SOURCE_DIR"
-          zip -r "/tmp/${ZIP_NAME}" . -x $EXCLUDES
-          cd ..
-
-          # tar.gz package
-          tar -czf "/tmp/${TAR_NAME}" -C "$SOURCE_DIR" \
-            --exclude='.ftpignore' --exclude='sftp-config*' \
-            --exclude='*.ppk' --exclude='*.pem' --exclude='*.key' --exclude='.env*' .
-
-          ZIP_SIZE=$(stat -c%s "/tmp/${ZIP_NAME}" 2>/dev/null || stat -f%z "/tmp/${ZIP_NAME}" 2>/dev/null || echo "unknown")
-          TAR_SIZE=$(stat -c%s "/tmp/${TAR_NAME}" 2>/dev/null || stat -f%z "/tmp/${TAR_NAME}" 2>/dev/null || echo "unknown")
-
-          # -- Calculate SHA-256 for both ----------------------------------
-          SHA256_ZIP=$(sha256sum "/tmp/${ZIP_NAME}" | cut -d' ' -f1)
-          SHA256_TAR=$(sha256sum "/tmp/${TAR_NAME}" | cut -d' ' -f1)
-
-          # -- Delete existing assets with same name before uploading ------
-          ASSETS=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets" 2>/dev/null || echo "[]")
-          for ASSET_NAME in "$ZIP_NAME" "$TAR_NAME"; do
-            ASSET_ID=$(echo "$ASSETS" | python3 -c "
-          import sys,json
-          assets = json.load(sys.stdin)
-          for a in assets:
-              if a['name'] == '${ASSET_NAME}':
-                  print(a['id']); break
-          " 2>/dev/null || true)
-            if [ -n "$ASSET_ID" ]; then
-              curl -sf -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets/${ASSET_ID}" 2>/dev/null || true
-            fi
-          done
-
-          # -- Upload both to release tag ----------------------------------
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/octet-stream" \
-            --data-binary @"/tmp/${ZIP_NAME}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${ZIP_NAME}" > /dev/null 2>&1 || true
-
-          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            -H "Content-Type: application/octet-stream" \
-            --data-binary @"/tmp/${TAR_NAME}" \
-            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${TAR_NAME}" > /dev/null 2>&1 || true
-
-          # -- Update updates.xml with both download formats ---------------
-          if [ -f "updates.xml" ]; then
-            ZIP_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}"
-            TAR_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${TAR_NAME}"
-
-            # Use Python to update only the stable entry's downloads + sha256
-            export PY_ZIP_URL="$ZIP_URL" PY_TAR_URL="$TAR_URL" PY_SHA="$SHA256_ZIP"
-            python3 << 'PYEOF'
-          import re, os
-
-          with open("updates.xml") as f:
-              content = f.read()
-
-          zip_url = os.environ["PY_ZIP_URL"]
-          tar_url = os.environ["PY_TAR_URL"]
-          sha = os.environ["PY_SHA"]
-
-          # Find the stable update block and replace its downloads + sha256
-          def replace_stable(m):
-              block = m.group(0)
-              # Replace downloads block
-              new_downloads = (
-                  "    <downloads>\n"
-                  f"      <downloadurl type=\"full\" format=\"zip\">{zip_url}</downloadurl>\n"
-                  "    </downloads>"
-              )
-              block = re.sub(r'    <downloads>.*?</downloads>', new_downloads, block, flags=re.DOTALL)
-              # Add or replace sha256
-              if '<sha256>' in block:
-                  block = re.sub(r'    <sha256>.*?</sha256>', f'    <sha256>{sha}</sha256>', block)
-              else:
-                  block = block.replace('</downloads>', f'</downloads>\n    <sha256>{sha}</sha256>')
-              return block
-
-          content = re.sub(
-              r'  <update>.*?<tag>stable</tag>.*?</update>',
-              replace_stable,
-              content,
-              flags=re.DOTALL
-          )
-
-          with open("updates.xml", "w") as f:
-              f.write(content)
-          PYEOF
-
-            CURRENT_BRANCH="${{ github.ref_name }}"
-            git add updates.xml
-            git commit -m "chore(release): ZIP + tar.gz for ${VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>" || true
-            git push || true
-
-            # Sync updates.xml to main via direct API (always runs — may be on version/XX branch)
-            GA_TOKEN="${{ secrets.GA_TOKEN }}"
-            API="${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}"
-
-            FILE_SHA=$(curl -sf -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/contents/updates.xml?ref=main" | jq -r '.sha // empty')
-
-            if [ -n "$FILE_SHA" ]; then
-              CONTENT=$(base64 -w0 updates.xml)
-              curl -sf -X PUT -H "Authorization: token ${GA_TOKEN}" \
-                -H "Content-Type: application/json" \
-                "${API}/contents/updates.xml" \
-                -d "$(jq -n \
-                  --arg content "$CONTENT" \
-                  --arg sha "$FILE_SHA" \
-                  --arg msg "chore: sync updates.xml ${VERSION} [skip ci]" \
-                  --arg branch "main" \
-                  '{content: $content, sha: $sha, message: $msg, branch: $branch}'
-                )" > /dev/null 2>&1 \
-                && echo "updates.xml synced to main via API" \
-                || echo "WARNING: failed to sync updates.xml to main"
-            else
-              echo "WARNING: could not get updates.xml SHA from main"
-            fi
-          fi
-
-          echo "### Joomla Packages" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "| Package | Size | SHA-256 |" >> $GITHUB_STEP_SUMMARY
-          echo "|---------|------|---------|" >> $GITHUB_STEP_SUMMARY
-          echo "| \`${ZIP_NAME}\` | ${ZIP_SIZE} | \`${SHA256_ZIP}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| \`${TAR_NAME}\` | ${TAR_SIZE} | \`${SHA256_TAR}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Release | \`${RELEASE_TAG}\` | |" >> $GITHUB_STEP_SUMMARY
-          echo "| Download | [${ZIP_NAME}](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}) |" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
-      - name: "Step 9: Mirror release to GitHub"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.version.outputs.stability == 'stable' &&
-          secrets.GH_TOKEN != ''
-        continue-on-error: true
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          MAJOR="${{ steps.version.outputs.major }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-
-          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null || true)
-          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
-          echo "$NOTES" > /tmp/release_notes.md
-
-          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".tag_name // empty" || true)
-
-          if [ -z "$EXISTING" ]; then
-            gh release create "$RELEASE_TAG" \
-              --repo "$GH_REPO" \
-              --title "v${MAJOR} (latest: ${VERSION})" \
-              --notes-file /tmp/release_notes.md \
-              --target "$BRANCH" || true
-          else
-            gh release edit "$RELEASE_TAG" \
-              --repo "$GH_REPO" \
-              --title "v${MAJOR} (latest: ${VERSION})" || true
-          fi
-
-          # Upload assets to GitHub mirror
-          for PKG in /tmp/${EXT_ELEMENT:-pkg}-${VERSION}.*; do
-            if [ -f "$PKG" ]; then
-              _RELID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".id // empty")
-              [ -n "$_RELID" ] && curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" -H "Content-Type: application/octet-stream" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/${_RELID}/assets?name=$(basename $PKG)" --data-binary "@$PKG" > /dev/null 2>&1 || true
-            fi
-          done
-          echo "GitHub mirror updated: ${GH_REPO} ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
-      - name: "Step 10: Push main to GitHub mirror"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          secrets.GH_TOKEN != ''
-        continue-on-error: true
-        run: |
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
-          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
-          git remote add github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
-            git remote set-url github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
-          git fetch origin main --depth=1
-          git push github origin/main:refs/heads/main --force 2>/dev/null \
-            && echo "main branch pushed to GitHub mirror" \
-            || echo "WARNING: GitHub mirror push failed"
-
-      # -- Clean up lesser pre-releases (cascade) ---------------------------------
-      # stable → deletes all | rc → beta,alpha,dev | beta → alpha,dev | alpha → dev
-      - name: "Delete lesser pre-release channels"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
-
-          # Stable deletes all pre-release channels
-          TAGS_TO_DELETE="development alpha beta release-candidate"
-
-          DELETED=0
-          for TAG in $TAGS_TO_DELETE; do
-            RELEASE_ID=$(curl -sS -H "Authorization: token ${TOKEN}" \
-              "${API_BASE}/releases/tags/${TAG}" 2>/dev/null | \
-              python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-
-            if [ -n "$RELEASE_ID" ] && [ "$RELEASE_ID" != "None" ]; then
-              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-                "${API_BASE}/releases/${RELEASE_ID}" 2>/dev/null || true
-              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
-                "${API_BASE}/tags/${TAG}" 2>/dev/null || true
-              echo "Deleted: ${TAG} (id: ${RELEASE_ID})"
-              DELETED=$((DELETED + 1))
-            fi
-          done
-          echo "Cleaned up ${DELETED} pre-release channel(s)" >> $GITHUB_STEP_SUMMARY
-
-      # -- Summary --------------------------------------------------------------
-      - name: Pipeline Summary
-        if: always()
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
-            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
-            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
-          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
-            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "## Build & Release Complete (Joomla)" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
-            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
-          fi
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Release
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
+# PATH: /templates/workflows/joomla/auto-release.yml.template
+# VERSION: 04.06.00
+# BRIEF: Joomla build & release — ZIP package, updates.xml, SHA-256 checksum
+#
+# +========================================================================+
+# |                    BUILD & RELEASE PIPELINE (JOOMLA)                   |
+# +========================================================================+
+# |                                                                        |
+# |  Triggers on push to main (skips bot commits + [skip ci]):             |
+# |                                                                        |
+# |  Every push:                                                           |
+# |    1. Read version from README.md                                      |
+# |    3. Set platform version (Joomla <version>)                          |
+# |    4. Update [VERSION: XX.YY.ZZ] badges in markdown files              |
+# |    5. Write updates.xml (Joomla update server XML)                      |
+# |    6. Create git tag vXX.YY.ZZ                                        |
+# |    7a. Patch: update existing Gitea Release for this minor             |
+# |    8. Build ZIP, upload asset, write SHA-256 to updates.xml             |
+# |                                                                        |
+# |  Every version change: archives main -> version/XX.YY branch           |
+# |  All patches release (including 00). Patch 00/01 = full pipeline.      |
+# |  First release only (patch == 01):                                     |
+# |    7b. Create new Gitea Release                                        |
+# |                                                                        |
+# |  GitHub mirror: stable/rc releases only (continue-on-error)            |
+# |                                                                        |
+# +========================================================================+
+
+name: Build & Release
+
+on:
+  pull_request:
+    types: [closed]
+    branches:
+      - main
+    paths:
+      - 'src/**'
+      - 'htdocs/**'
+  workflow_dispatch:
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
+  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Build & Release Pipeline
+    runs-on: release
+    if: >-
+      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.GA_TOKEN }}
+          fetch-depth: 0
+
+      - name: Setup MokoStandards tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN }}"}}'
+        run: |
+          # Ensure PHP + Composer are available
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
+            /tmp/mokostandards-api
+          cd /tmp/mokostandards-api
+          composer install --no-dev --no-interaction --quiet
+
+      # -- STEP 1: Read version -----------------------------------------------
+      - name: "Step 1: Read version from README.md"
+        id: version
+        run: |
+          VERSION=$(php /tmp/mokostandards-api/cli/version_read.php --path . 2>/dev/null)
+          if [ -z "$VERSION" ]; then
+            echo "No VERSION in README.md — skipping release"
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+          # Derive major.minor for branch naming (patches update existing branch)
+          MINOR=$(echo "$VERSION" | awk -F. '{printf "%s.%s", $1, $2}')
+          PATCH=$(echo "$VERSION" | awk -F. '{print $3}')
+
+          MAJOR=$(echo "$VERSION" | awk -F. '{print $1}')
+          MINOR_NUM=$(echo "$VERSION" | awk -F. '{print $2}')
+
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "branch=version/${MAJOR}" >> "$GITHUB_OUTPUT"
+          echo "minor=$MINOR" >> "$GITHUB_OUTPUT"
+          echo "major=$MAJOR" >> "$GITHUB_OUTPUT"
+          echo "release_tag=stable" >> "$GITHUB_OUTPUT"
+          echo "stability=stable" >> "$GITHUB_OUTPUT"
+          echo "skip=false" >> "$GITHUB_OUTPUT"
+          if [ "$PATCH" = "00" ] || [ "$PATCH" = "01" ]; then
+            echo "is_minor=true" >> "$GITHUB_OUTPUT"
+            echo "Version: $VERSION (first release for this minor — full pipeline)"
+          else
+            echo "is_minor=false" >> "$GITHUB_OUTPUT"
+            echo "Version: $VERSION (patch — platform version + badges only)"
+          fi
+
+      # -- STEP 1b: Bump minor version (stable = minor bump, reset patch) ------
+      - name: "Step 1b: Bump minor version for stable release"
+        if: steps.version.outputs.skip != 'true'
+        id: bump
+        run: |
+          CURRENT=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
+          [ -z "$CURRENT" ] && { echo "skip=true" >> "$GITHUB_OUTPUT"; exit 0; }
+
+          MAJOR=$((10#$(echo "$CURRENT" | cut -d. -f1)))
+          MINOR=$((10#$(echo "$CURRENT" | cut -d. -f2)))
+
+          # Minor bump, reset patch. Rollover if minor > 99
+          MINOR=$((MINOR + 1))
+          if [ $MINOR -gt 99 ]; then
+            MINOR=0
+            MAJOR=$((MAJOR + 1))
+          fi
+
+          VERSION=$(printf "%02d.%02d.00" $MAJOR $MINOR)
+          TODAY=$(date +%Y-%m-%d)
+
+          echo "Stable bump: ${CURRENT} → ${VERSION} (minor)"
+
+          # Update README.md
+          sed -i "s/VERSION:[[:space:]]*${CURRENT}/VERSION: ${VERSION}/" README.md
+
+          # Update manifest
+          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+          if [ -n "$MANIFEST" ]; then
+            MANIFEST_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" | head -1)
+            [ -n "$MANIFEST_VER" ] && sed -i "s|<version>${MANIFEST_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
+            sed -i "s|<creationDate>[^<]*</creationDate>|<creationDate>${TODAY}</creationDate>|" "$MANIFEST"
+          fi
+
+          # Promote [Unreleased] section in CHANGELOG.md to new version
+          if [ -f "CHANGELOG.md" ] && grep -qi "Unreleased" CHANGELOG.md; then
+            sed -i "s|## \[Unreleased\]|## [${VERSION}] --- ${TODAY}|" CHANGELOG.md
+            sed -i "s|## Unreleased|## [${VERSION}] --- ${TODAY}|" CHANGELOG.md
+            sed -i "2i ## [Unreleased]" CHANGELOG.md
+            sed -i "3i \\ " CHANGELOG.md
+            echo "CHANGELOG promoted to [${VERSION}]"
+          fi
+
+          # Commit and push
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+          git add -A
+          git diff --cached --quiet || {
+            git commit -m "chore(version): bump ${CURRENT} → ${VERSION} [skip ci]"
+            git push origin HEAD:main 2>&1
+          }
+
+          # Override version output for rest of pipeline
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+          echo "major=$(printf "%02d" $MAJOR)" >> "$GITHUB_OUTPUT"
+
+      - name: Check if already released
+        if: steps.version.outputs.skip != 'true'
+        id: check
+        run: |
+          TAG="${{ steps.version.outputs.release_tag }}"
+          BRANCH="${{ steps.version.outputs.branch }}"
+
+          TAG_EXISTS=false
+          BRANCH_EXISTS=false
+
+          git rev-parse "$TAG" >/dev/null 2>&1 && TAG_EXISTS=true
+          git ls-remote --heads origin "$BRANCH" 2>/dev/null | grep -q "$BRANCH" && BRANCH_EXISTS=true
+
+          echo "tag_exists=$TAG_EXISTS" >> "$GITHUB_OUTPUT"
+          echo "branch_exists=$BRANCH_EXISTS" >> "$GITHUB_OUTPUT"
+
+          # Tag and branch may persist across patch releases — never skip
+          echo "already_released=false" >> "$GITHUB_OUTPUT"
+
+      # -- SANITY CHECKS -------------------------------------------------------
+      - name: "Sanity: Pre-release validation"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          steps.check.outputs.already_released != 'true'
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          ERRORS=0
+
+          echo "## Pre-Release Sanity Checks (Joomla)" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          # -- Version drift check (must pass before release) --------
+          README_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' README.md 2>/dev/null | head -1)
+          if [ "$README_VER" != "$VERSION" ]; then
+            echo "- Version drift: README says \`${README_VER}\` but releasing \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
+            ERRORS=$((ERRORS+1))
+          else
+            echo "- Version consistent: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          # Check CHANGELOG version matches
+          CL_VER=$(sed -n 's/.*VERSION:[[:space:]]*\([0-9][0-9]\.[0-9][0-9]\.[0-9][0-9]\).*/\1/p' CHANGELOG.md 2>/dev/null | head -1)
+          if [ -n "$CL_VER" ] && [ "$CL_VER" != "$VERSION" ]; then
+            echo "- CHANGELOG drift: \`${CL_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
+            ERRORS=$((ERRORS+1))
+          fi
+
+          # Check composer.json version if present
+          if [ -f "composer.json" ]; then
+            COMP_VER=$(sed -n 's/.*"version"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' composer.json 2>/dev/null | head -1)
+            if [ -n "$COMP_VER" ] && [ "$COMP_VER" != "$VERSION" ]; then
+              echo "- composer.json drift: \`${COMP_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
+              ERRORS=$((ERRORS+1))
+            fi
+          fi
+
+          # Common checks
+          if [ ! -f "LICENSE" ]; then
+            echo "- Missing LICENSE file" >> $GITHUB_STEP_SUMMARY
+            ERRORS=$((ERRORS+1))
+          else
+            echo "- LICENSE present" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          if [ ! -d "src" ] && [ ! -d "htdocs" ]; then
+            echo "- Warning: No src/ or htdocs/ directory" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "- Source directory present" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          # -- Joomla: manifest version drift --------
+          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+          if [ -n "$MANIFEST" ]; then
+            XML_VER=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
+            if [ -n "$XML_VER" ] && [ "$XML_VER" != "$VERSION" ]; then
+              echo "- Manifest drift: \`${XML_VER}\` != \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
+              ERRORS=$((ERRORS+1))
+            else
+              echo "- Manifest version: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
+            fi
+          fi
+
+          # -- Joomla: XML manifest existence --------
+          if [ -z "$MANIFEST" ]; then
+            echo "- No Joomla XML manifest found" >> $GITHUB_STEP_SUMMARY
+            ERRORS=$((ERRORS+1))
+          else
+            echo "- Manifest: \`${MANIFEST}\`" >> $GITHUB_STEP_SUMMARY
+
+            # -- Joomla: extension type check --------
+            TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" 2>/dev/null)
+            echo "- Extension type: ${TYPE:-unknown}" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          echo "" >> $GITHUB_STEP_SUMMARY
+          if [ "$ERRORS" -gt 0 ]; then
+            echo "**${ERRORS} error(s) — release may be incomplete**" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "**All sanity checks passed**" >> $GITHUB_STEP_SUMMARY
+          fi
+
+      # -- STEP 2: Create or update version/XX.YY archive branch ---------------
+      # Always runs — every version change on main archives to version/XX.YY
+      - name: "Step 2: Version archive branch"
+        if: steps.check.outputs.already_released != 'true'
+        run: |
+          BRANCH="${{ steps.version.outputs.branch }}"
+          IS_MINOR="${{ steps.version.outputs.is_minor }}"
+          PATCH="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          PATCH_NUM=$(echo "$PATCH" | awk -F. '{print $3}')
+
+          # Check if branch exists
+          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
+            git push origin HEAD:"$BRANCH" --force
+            echo "Updated archive branch: ${BRANCH} (patch ${PATCH_NUM})" >> $GITHUB_STEP_SUMMARY
+          else
+            git checkout -b "$BRANCH" 2>/dev/null || git checkout "$BRANCH"
+            git push origin "$BRANCH" --force
+            echo "Created archive branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
+          fi
+
+      # -- STEP 3: Set platform version ----------------------------------------
+      - name: "Step 3: Set platform version"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          steps.check.outputs.already_released != 'true'
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          php /tmp/mokostandards-api/cli/version_set_platform.php \
+            --path . --version "$VERSION" --branch main
+
+      # -- STEP 4: Update version badges ----------------------------------------
+      - name: "Step 4: Update version badges"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          steps.check.outputs.already_released != 'true'
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          find . -name "*.md" ! -path "./.git/*" ! -path "./vendor/*" | while read -r f; do
+            # Update [VERSION: XX.YY.ZZ] badges
+            if grep -q '\[VERSION:' "$f" 2>/dev/null; then
+              sed -i "s/\[VERSION:[[:space:]]*[0-9]\{2\}\.[0-9]\{2\}\.[0-9]\{2\}\]/[VERSION: ${VERSION}]/" "$f"
+            fi
+            # Update | **Version** | XX.YY.ZZ | table rows
+            if grep -q '| \*\*Version\*\*' "$f" 2>/dev/null; then
+              sed -i "s/| \*\*Version\*\* | [0-9]\{2\}\.[0-9]\{2\}\.[0-9]\{2\}/| **Version** | ${VERSION}/" "$f"
+            fi
+            # Update VERSION: XX.YY.ZZ in file headers
+            if grep -q '^VERSION:' "$f" 2>/dev/null; then
+              sed -i "s/^VERSION:[[:space:]]*[0-9]\{2\}\.[0-9]\{2\}\.[0-9]\{2\}/VERSION: ${VERSION}/" "$f"
+            fi
+          done
+
+      # -- STEP 5: Write updates.xml (Joomla update server) ---------------------
+      - name: "Step 5: Write updates.xml"
+        id: updates
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          steps.check.outputs.already_released != 'true'
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          REPO="${{ github.repository }}"
+
+          # -- Parse extension metadata from XML manifest ----------------
+          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+          if [ -z "$MANIFEST" ]; then
+            echo "Warning: No Joomla XML manifest found — skipping updates.xml" >> $GITHUB_STEP_SUMMARY
+            exit 0
+          fi
+
+          # Extract fields using sed (portable — no grep -P)
+          EXT_NAME=$(sed -n 's/.*<name>\([^<]*\)<\/name>.*/\1/p' "$MANIFEST" | head -1)
+          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
+          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" | head -1)
+          EXT_CLIENT=$(sed -n 's/.*<extension[^>]*client="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
+          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
+          TARGET_PLATFORM=$(sed -n 's/.*\(<targetplatform[^/]*\/>\).*/\1/p' "$MANIFEST" | head -1)
+          PHP_MINIMUM=$(sed -n 's/.*<php_minimum>\([^<]*\)<\/php_minimum>.*/\1/p' "$MANIFEST" | head -1)
+
+          # If EXT_NAME is a language key (e.g. PLG_SYSTEM_MOKOJGDPC), resolve from .ini
+          if echo "$EXT_NAME" | grep -qE '^[A-Z_]+$'; then
+            INI_NAME=$(find . -name "*.sys.ini" -path "*/en-GB/*" -exec grep -h "^${EXT_NAME}=" {} \; 2>/dev/null | head -1 | cut -d'"' -f2)
+            [ -z "$INI_NAME" ] && INI_NAME=$(find . -name "*.sys.ini" -exec grep -h "^${EXT_NAME}=" {} \; 2>/dev/null | head -1 | cut -d'"' -f2)
+            [ -n "$INI_NAME" ] && EXT_NAME="$INI_NAME"
+          fi
+
+          # Fallbacks
+          [ -z "$EXT_NAME" ] && EXT_NAME="${{ github.event.repository.name }}"
+          [ -z "$EXT_TYPE" ] && EXT_TYPE="component"
+
+          # Derive element if not in manifest:
+          # 1. plugin="xxx" attribute (plugins)
+          # 2. module="xxx" attribute (modules)
+          # 3. XML filename (components, packages)
+          # 4. Repo name fallback (templates, anything else)
+          if [ -z "$EXT_ELEMENT" ]; then
+            EXT_ELEMENT=$(sed -n 's/.*plugin="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
+          fi
+          if [ -z "$EXT_ELEMENT" ]; then
+            EXT_ELEMENT=$(sed -n 's/.*module="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
+          fi
+          if [ -z "$EXT_ELEMENT" ]; then
+            FNAME=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
+            # If filename is generic (templateDetails, manifest), use repo name
+            case "$FNAME" in
+              templatedetails|manifest) EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;;
+              *) EXT_ELEMENT="$FNAME" ;;
+            esac
+          fi
+          # Final fallback
+          [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
+
+          # Save for Steps 7, 8, 8b
+          echo "ext_element=${EXT_ELEMENT}" >> "$GITHUB_OUTPUT"
+          echo "ext_name=${EXT_NAME}" >> "$GITHUB_OUTPUT"
+          echo "ext_type=${EXT_TYPE}" >> "$GITHUB_OUTPUT"
+          echo "ext_folder=${EXT_FOLDER}" >> "$GITHUB_OUTPUT"
+
+          # Build client tag: plugins and frontend modules need <client>site</client>
+          CLIENT_TAG=""
+          if [ -n "$EXT_CLIENT" ]; then
+            CLIENT_TAG="<client>${EXT_CLIENT}</client>"
+          elif [ "$EXT_TYPE" = "module" ] || [ "$EXT_TYPE" = "plugin" ]; then
+            CLIENT_TAG="<client>site</client>"
+          fi
+
+          # Build folder tag for plugins (required for Joomla to match the update)
+          FOLDER_TAG=""
+          if [ -n "$EXT_FOLDER" ] && [ "$EXT_TYPE" = "plugin" ]; then
+            FOLDER_TAG="<folder>${EXT_FOLDER}</folder>"
+          fi
+
+          # Build targetplatform (fallback to Joomla 5 if not in manifest)
+          if [ -z "$TARGET_PLATFORM" ]; then
+            TARGET_PLATFORM=$(printf '<targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" %s>' "/")
+          fi
+
+          # Build php_minimum tag
+          PHP_TAG=""
+          if [ -n "$PHP_MINIMUM" ]; then
+            PHP_TAG="<php_minimum>${PHP_MINIMUM}</php_minimum>"
+          fi
+
+          # Build TYPE_PREFIX for download URL
+          TYPE_PREFIX=""
+          case "${EXT_TYPE}" in
+            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
+            module)    TYPE_PREFIX="mod_" ;;
+            component) TYPE_PREFIX="com_" ;;
+            template)  TYPE_PREFIX="tpl_" ;;
+            library)   TYPE_PREFIX="lib_" ;;
+            package)   TYPE_PREFIX="pkg_" ;;
+          esac
+
+          DOWNLOAD_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/stable/${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.zip"
+          INFO_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/stable"
+
+          # -- Build update entry for a given stability tag
+          build_entry() {
+            local TAG_NAME="$1"
+            printf '%s\n' '  <update>'
+            printf '%s\n' "    <name>${EXT_NAME}</name>"
+            printf '%s\n' "    <description>${EXT_NAME} update</description>"
+            printf '%s\n' "    <element>${EXT_ELEMENT}</element>"
+            printf '%s\n' "    <type>${EXT_TYPE}</type>"
+            printf '%s\n' "    <version>${VERSION}</version>"
+            [ -n "$CLIENT_TAG" ] && printf '%s\n' "    ${CLIENT_TAG}"
+            [ -n "$FOLDER_TAG" ] && printf '%s\n' "    ${FOLDER_TAG}"
+            printf '%s\n' "    <tags><tag>${TAG_NAME}</tag></tags>"
+            printf '%s\n' "    <infourl title=\"${EXT_NAME}\">${INFO_URL}</infourl>"
+            printf '%s\n' '    <downloads>'
+            printf '%s\n' "      <downloadurl type=\"full\" format=\"zip\">${DOWNLOAD_URL}</downloadurl>"
+            printf '%s\n' '    </downloads>'
+            printf '%s\n' "    ${TARGET_PLATFORM}"
+            [ -n "$PHP_TAG" ] && printf '%s\n' "    ${PHP_TAG}"
+            printf '%s\n' '    <maintainer>Moko Consulting</maintainer>'
+            printf '%s\n' '    <maintainerurl>https://mokoconsulting.tech</maintainerurl>'
+            printf '%s\n' '  </update>'
+          }
+
+          # -- Write updates.xml with cascading channels
+          # Stable release updates ALL channels (development, alpha, beta, rc, stable)
+          {
+            printf '%s\n' "<?xml version='1.0' encoding='UTF-8'?>"
+            printf '%s\n' "<!-- Copyright (C) $(date +%Y) Moko Consulting <hello@mokoconsulting.tech>"
+            printf '%s\n' " SPDX-License-Identifier: GPL-3.0-or-later"
+            printf '%s\n' " VERSION: ${VERSION}"
+            printf '%s\n' " -->"
+            printf '%s\n' ""
+            printf '%s\n' '<updates>'
+            build_entry "development"
+            build_entry "alpha"
+            build_entry "beta"
+            build_entry "rc"
+            build_entry "stable"
+            printf '%s\n' '</updates>'
+          } > updates.xml
+
+          echo "updates.xml: ${VERSION} (all channels updated to stable)" >> $GITHUB_STEP_SUMMARY
+
+      # -- Commit all changes ---------------------------------------------------
+      - name: Commit release changes
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          steps.check.outputs.already_released != 'true'
+        run: |
+          if git diff --quiet && git diff --cached --quiet; then
+            echo "No changes to commit"
+            exit 0
+          fi
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          # Set push URL with token for branch-protected repos
+          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+          git add -A
+          git commit -m "chore(release): build ${VERSION} [skip ci]" \
+            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
+          git push -u origin HEAD
+
+      # -- STEP 6: Create tag ---------------------------------------------------
+      - name: "Step 6: Create git tag"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          steps.check.outputs.tag_exists != 'true' &&
+          steps.version.outputs.is_minor == 'true'
+        run: |
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          # Only create the major release tag if it doesn't exist yet
+          if ! git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
+            git tag "$RELEASE_TAG"
+            git push origin "$RELEASE_TAG"
+            echo "Tag created: ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "Tag ${RELEASE_TAG} already exists" >> $GITHUB_STEP_SUMMARY
+          fi
+          echo "Tag: ${TAG}" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 7: Create or update Gitea Release --------------------------------
+      - name: "Step 7: Gitea Release"
+        if: >-
+          steps.version.outputs.skip != 'true'
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          BRANCH="${{ steps.version.outputs.branch }}"
+          MAJOR="${{ steps.version.outputs.major }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          # Reuse metadata from Step 5 (single source of truth)
+          EXT_ELEMENT="${{ steps.updates.outputs.ext_element }}"
+          EXT_NAME="${{ steps.updates.outputs.ext_name }}"
+          EXT_TYPE="${{ steps.updates.outputs.ext_type }}"
+          EXT_FOLDER="${{ steps.updates.outputs.ext_folder }}"
+
+          # Fallbacks if Step 5 was skipped
+          if [ -z "$EXT_ELEMENT" ]; then
+            EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
+          fi
+          [ -z "$EXT_NAME" ] && EXT_NAME="${GITEA_REPO}"
+
+          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null)
+          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
+
+          # Build release name: "Pretty Name VERSION (type_element-VERSION)"
+          TYPE_PREFIX=""
+          case "${EXT_TYPE}" in
+            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
+            module)    TYPE_PREFIX="mod_" ;;
+            component) TYPE_PREFIX="com_" ;;
+            template)  TYPE_PREFIX="tpl_" ;;
+            library)   TYPE_PREFIX="lib_" ;;
+            package)   TYPE_PREFIX="pkg_" ;;
+          esac
+          RELEASE_NAME="${EXT_NAME} ${VERSION} (${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION})"
+
+          # Delete existing release if present (overwrite, not append)
+          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
+          EXISTING_ID=$(echo "$EXISTING" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || true)
+
+          if [ -n "$EXISTING_ID" ]; then
+            curl -sS -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+              "${API_BASE}/releases/${EXISTING_ID}" 2>/dev/null || true
+            curl -sS -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+              "${API_BASE}/tags/${RELEASE_TAG}" 2>/dev/null || true
+            echo "Deleted previous stable release (id: ${EXISTING_ID})"
+          fi
+
+          # Create fresh release
+          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            "${API_BASE}/releases" \
+            -d "$(python3 -c "import json; print(json.dumps({
+              'tag_name': '${RELEASE_TAG}',
+              'name': '${RELEASE_NAME}',
+              'body': '''## ${VERSION} ($(date +%Y-%m-%d))\n${NOTES}''',
+              'target_commitish': '${BRANCH}'
+            }))")"
+          echo "Release created: ${RELEASE_NAME}" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 8: Build Joomla install ZIP + SHA-256 checksum ------------------
+      - name: "Step 8: Build Joomla package and update checksum"
+        if: >-
+          steps.version.outputs.skip != 'true'
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          REPO="${{ github.repository }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          # All ZIPs upload to the major release tag (vXX)
+          RELEASE_JSON=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
+          RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+          if [ -z "$RELEASE_ID" ]; then
+            echo "No release ${RELEASE_TAG} found — skipping ZIP upload"
+            exit 0
+          fi
+
+          # Find extension element name from manifest
+          MANIFEST=$(find . -maxdepth 2 -name "*.xml" -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)
+          [ -z "$MANIFEST" ] && exit 0
+
+          # Reuse element from Step 5, with same fallback chain
+          EXT_ELEMENT="${{ steps.updates.outputs.ext_element }}"
+          if [ -z "$EXT_ELEMENT" ]; then
+            EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
+            [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(sed -n 's/.*plugin="\([^"]*\)".*/\1/p' "$MANIFEST" 2>/dev/null | head -1)
+            [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
+            [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
+          fi
+          # ZIP name: type_folder_element-VERSION (e.g. plg_system_mokojgdpc-01.01.00.zip)
+          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
+          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
+          TYPE_PREFIX=""
+          case "${EXT_TYPE}" in
+            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
+            module)    TYPE_PREFIX="mod_" ;;
+            component) TYPE_PREFIX="com_" ;;
+            template)  TYPE_PREFIX="tpl_" ;;
+            library)   TYPE_PREFIX="lib_" ;;
+            package)   TYPE_PREFIX="pkg_" ;;
+          esac
+          ZIP_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.zip"
+          TAR_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.tar.gz"
+
+          # -- Build install packages from src/ ----------------------------
+          SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
+          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ — skipping package"; exit 0; }
+
+          EXCLUDES=".ftpignore sftp-config* *.ppk *.pem *.key .env*"
+
+          # ZIP package
+          cd "$SOURCE_DIR"
+          zip -r "/tmp/${ZIP_NAME}" . -x $EXCLUDES
+          cd ..
+
+          # tar.gz package
+          tar -czf "/tmp/${TAR_NAME}" -C "$SOURCE_DIR" \
+            --exclude='.ftpignore' --exclude='sftp-config*' \
+            --exclude='*.ppk' --exclude='*.pem' --exclude='*.key' --exclude='.env*' .
+
+          ZIP_SIZE=$(stat -c%s "/tmp/${ZIP_NAME}" 2>/dev/null || stat -f%z "/tmp/${ZIP_NAME}" 2>/dev/null || echo "unknown")
+          TAR_SIZE=$(stat -c%s "/tmp/${TAR_NAME}" 2>/dev/null || stat -f%z "/tmp/${TAR_NAME}" 2>/dev/null || echo "unknown")
+
+          # -- Calculate SHA-256 for both ----------------------------------
+          SHA256_ZIP=$(sha256sum "/tmp/${ZIP_NAME}" | cut -d' ' -f1)
+          SHA256_TAR=$(sha256sum "/tmp/${TAR_NAME}" | cut -d' ' -f1)
+
+          # -- Delete existing assets with same name before uploading ------
+          ASSETS=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+            "${API_BASE}/releases/${RELEASE_ID}/assets" 2>/dev/null || echo "[]")
+          for ASSET_NAME in "$ZIP_NAME" "$TAR_NAME"; do
+            ASSET_ID=$(echo "$ASSETS" | python3 -c "
+          import sys,json
+          assets = json.load(sys.stdin)
+          for a in assets:
+              if a['name'] == '${ASSET_NAME}':
+                  print(a['id']); break
+          " 2>/dev/null || true)
+            if [ -n "$ASSET_ID" ]; then
+              curl -sf -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+                "${API_BASE}/releases/${RELEASE_ID}/assets/${ASSET_ID}" 2>/dev/null || true
+            fi
+          done
+
+          # -- Upload both to release tag ----------------------------------
+          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+            -H "Content-Type: application/octet-stream" \
+            --data-binary @"/tmp/${ZIP_NAME}" \
+            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${ZIP_NAME}" > /dev/null 2>&1 || true
+
+          curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+            -H "Content-Type: application/octet-stream" \
+            --data-binary @"/tmp/${TAR_NAME}" \
+            "${API_BASE}/releases/${RELEASE_ID}/assets?name=${TAR_NAME}" > /dev/null 2>&1 || true
+
+          # -- Update updates.xml with both download formats ---------------
+          if [ -f "updates.xml" ]; then
+            ZIP_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}"
+            TAR_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${TAR_NAME}"
+
+            # Use Python to update only the stable entry's downloads + sha256
+            export PY_ZIP_URL="$ZIP_URL" PY_TAR_URL="$TAR_URL" PY_SHA="$SHA256_ZIP"
+            python3 << 'PYEOF'
+          import re, os
+
+          with open("updates.xml") as f:
+              content = f.read()
+
+          zip_url = os.environ["PY_ZIP_URL"]
+          tar_url = os.environ["PY_TAR_URL"]
+          sha = os.environ["PY_SHA"]
+
+          # Find the stable update block and replace its downloads + sha256
+          def replace_stable(m):
+              block = m.group(0)
+              # Replace downloads block
+              new_downloads = (
+                  "    <downloads>\n"
+                  f"      <downloadurl type=\"full\" format=\"zip\">{zip_url}</downloadurl>\n"
+                  "    </downloads>"
+              )
+              block = re.sub(r'    <downloads>.*?</downloads>', new_downloads, block, flags=re.DOTALL)
+              # Add or replace sha256
+              if '<sha256>' in block:
+                  block = re.sub(r'    <sha256>.*?</sha256>', f'    <sha256>{sha}</sha256>', block)
+              else:
+                  block = block.replace('</downloads>', f'</downloads>\n    <sha256>{sha}</sha256>')
+              return block
+
+          content = re.sub(
+              r'  <update>.*?<tag>stable</tag>.*?</update>',
+              replace_stable,
+              content,
+              flags=re.DOTALL
+          )
+
+          with open("updates.xml", "w") as f:
+              f.write(content)
+          PYEOF
+
+            CURRENT_BRANCH="${{ github.ref_name }}"
+            git add updates.xml
+            git commit -m "chore(release): ZIP + tar.gz for ${VERSION} [skip ci]" \
+              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>" || true
+            git push || true
+
+            # Sync updates.xml to main via direct API (always runs — may be on version/XX branch)
+            GA_TOKEN="${{ secrets.GA_TOKEN }}"
+            API="${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}"
+
+            FILE_SHA=$(curl -sf -H "Authorization: token ${GA_TOKEN}" \
+              "${API}/contents/updates.xml?ref=main" | jq -r '.sha // empty')
+
+            if [ -n "$FILE_SHA" ]; then
+              CONTENT=$(base64 -w0 updates.xml)
+              curl -sf -X PUT -H "Authorization: token ${GA_TOKEN}" \
+                -H "Content-Type: application/json" \
+                "${API}/contents/updates.xml" \
+                -d "$(jq -n \
+                  --arg content "$CONTENT" \
+                  --arg sha "$FILE_SHA" \
+                  --arg msg "chore: sync updates.xml ${VERSION} [skip ci]" \
+                  --arg branch "main" \
+                  '{content: $content, sha: $sha, message: $msg, branch: $branch}'
+                )" > /dev/null 2>&1 \
+                && echo "updates.xml synced to main via API" \
+                || echo "WARNING: failed to sync updates.xml to main"
+            else
+              echo "WARNING: could not get updates.xml SHA from main"
+            fi
+          fi
+
+          echo "### Joomla Packages" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Package | Size | SHA-256 |" >> $GITHUB_STEP_SUMMARY
+          echo "|---------|------|---------|" >> $GITHUB_STEP_SUMMARY
+          echo "| \`${ZIP_NAME}\` | ${ZIP_SIZE} | \`${SHA256_ZIP}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| \`${TAR_NAME}\` | ${TAR_SIZE} | \`${SHA256_TAR}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| Release | \`${RELEASE_TAG}\` | |" >> $GITHUB_STEP_SUMMARY
+          echo "| Download | [${ZIP_NAME}](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${ZIP_NAME}) |" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 8b: Update release description with changelog + SHA ----------------
+      - name: "Step 8b: Update release body with changelog and SHA"
+        if: steps.version.outputs.skip != 'true'
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          EXT_ELEMENT="${{ steps.updates.outputs.ext_element }}"
+          EXT_TYPE="${{ steps.updates.outputs.ext_type }}"
+          EXT_FOLDER="${{ steps.updates.outputs.ext_folder }}"
+
+          # Build TYPE_PREFIX to match Step 8's ZIP naming
+          TYPE_PREFIX=""
+          case "${EXT_TYPE}" in
+            plugin)    TYPE_PREFIX="plg_${EXT_FOLDER}_" ;;
+            module)    TYPE_PREFIX="mod_" ;;
+            component) TYPE_PREFIX="com_" ;;
+            template)  TYPE_PREFIX="tpl_" ;;
+            library)   TYPE_PREFIX="lib_" ;;
+            package)   TYPE_PREFIX="pkg_" ;;
+          esac
+          ZIP_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.zip"
+          TAR_NAME="${TYPE_PREFIX}${EXT_ELEMENT}-${VERSION}.tar.gz"
+
+          # Get SHA from the built files
+          SHA256_ZIP=""
+          [ -f "/tmp/${ZIP_NAME}" ] && SHA256_ZIP=$(sha256sum "/tmp/${ZIP_NAME}" | cut -d' ' -f1)
+          SHA256_TAR=""
+          [ -f "/tmp/${TAR_NAME}" ] && SHA256_TAR=$(sha256sum "/tmp/${TAR_NAME}" | cut -d' ' -f1)
+
+          # Extract latest changelog entry (strip the ## header to avoid duplicate)
+          CHANGELOG=""
+          if [ -f "CHANGELOG.md" ]; then
+            CHANGELOG=$(sed -n "/^## \[*${VERSION}/,/^## \[*[0-9]/p" CHANGELOG.md | sed '$d' | sed '1d')
+            [ -z "$CHANGELOG" ] && CHANGELOG=$(sed -n '/^## /,/^## /p' CHANGELOG.md | sed '$d' | sed '1d' | head -30)
+          fi
+
+          # Build release body (single header, no duplicate from changelog)
+          BODY="## ${VERSION} ($(date +%Y-%m-%d))\n\n"
+          if [ -n "$CHANGELOG" ]; then
+            BODY="${BODY}${CHANGELOG}\n\n"
+          fi
+          BODY="${BODY}---\n\n### Checksums\n\n"
+          BODY="${BODY}| File | SHA-256 |\n|------|--------|\n"
+          [ -n "$SHA256_ZIP" ] && BODY="${BODY}| \`${ZIP_NAME}\` | \`${SHA256_ZIP}\` |\n"
+          [ -n "$SHA256_TAR" ] && BODY="${BODY}| \`${TAR_NAME}\` | \`${SHA256_TAR}\` |\n"
+
+          # Get release ID and update body
+          RELEASE_ID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+            "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null | \
+            python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+
+          if [ -n "$RELEASE_ID" ] && [ "$RELEASE_ID" != "None" ]; then
+            python3 -c "
+          import json, urllib.request
+          body = '''$(printf '%b' "$BODY")'''
+          data = json.dumps({'body': body}).encode()
+          req = urllib.request.Request(
+              '${API_BASE}/releases/${RELEASE_ID}',
+              data=data,
+              headers={'Authorization': 'token ${{ secrets.GA_TOKEN }}', 'Content-Type': 'application/json'},
+              method='PATCH'
+          )
+          urllib.request.urlopen(req)
+          " 2>/dev/null && echo "Release body updated with changelog + SHA" >> $GITHUB_STEP_SUMMARY
+          fi
+
+      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
+      - name: "Step 9: Mirror release to GitHub"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          steps.version.outputs.stability == 'stable' &&
+          secrets.GH_TOKEN != ''
+        continue-on-error: true
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          MAJOR="${{ steps.version.outputs.major }}"
+          BRANCH="${{ steps.version.outputs.branch }}"
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+
+          NOTES=$(php /tmp/mokostandards-api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null || true)
+          [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
+          echo "$NOTES" > /tmp/release_notes.md
+
+          EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".tag_name // empty" || true)
+
+          if [ -z "$EXISTING" ]; then
+            gh release create "$RELEASE_TAG" \
+              --repo "$GH_REPO" \
+              --title "v${MAJOR} (latest: ${VERSION})" \
+              --notes-file /tmp/release_notes.md \
+              --target "$BRANCH" || true
+          else
+            gh release edit "$RELEASE_TAG" \
+              --repo "$GH_REPO" \
+              --title "v${MAJOR} (latest: ${VERSION})" || true
+          fi
+
+          # Upload assets to GitHub mirror
+          for PKG in /tmp/${EXT_ELEMENT:-pkg}-${VERSION}.*; do
+            if [ -f "$PKG" ]; then
+              _RELID=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/tags/$RELEASE_TAG" 2>/dev/null | jq -r ".id // empty")
+              [ -n "$_RELID" ] && curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" -H "Content-Type: application/octet-stream" "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${{ github.repository }}/releases/${_RELID}/assets?name=$(basename $PKG)" --data-binary "@$PKG" > /dev/null 2>&1 || true
+            fi
+          done
+          echo "GitHub mirror updated: ${GH_REPO} ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
+      - name: "Step 10: Push main to GitHub mirror"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          secrets.GH_TOKEN != ''
+        continue-on-error: true
+        run: |
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
+          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
+          git remote add github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
+            git remote set-url github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
+          git fetch origin main --depth=1
+          git push github origin/main:refs/heads/main --force 2>/dev/null \
+            && echo "main branch pushed to GitHub mirror" \
+            || echo "WARNING: GitHub mirror push failed"
+
+      # -- Clean up lesser pre-releases (cascade) ---------------------------------
+      # stable → deletes all | rc → beta,alpha,dev | beta → alpha,dev | alpha → dev
+      - name: "Delete lesser pre-release channels"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.GA_TOKEN }}"
+
+          # Stable deletes all pre-release channels
+          TAGS_TO_DELETE="development alpha beta release-candidate"
+
+          DELETED=0
+          for TAG in $TAGS_TO_DELETE; do
+            RELEASE_ID=$(curl -sS -H "Authorization: token ${TOKEN}" \
+              "${API_BASE}/releases/tags/${TAG}" 2>/dev/null | \
+              python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+
+            if [ -n "$RELEASE_ID" ] && [ "$RELEASE_ID" != "None" ]; then
+              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
+                "${API_BASE}/releases/${RELEASE_ID}" 2>/dev/null || true
+              curl -sS -X DELETE -H "Authorization: token ${TOKEN}" \
+                "${API_BASE}/tags/${TAG}" 2>/dev/null || true
+              echo "Deleted: ${TAG} (id: ${RELEASE_ID})"
+              DELETED=$((DELETED + 1))
+            fi
+          done
+          echo "Cleaned up ${DELETED} pre-release channel(s)" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 11: Reset dev branch from main ------------------------------------
+      - name: "Step 11: Delete and recreate dev branch from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.GA_TOKEN }}"
+
+          # Delete dev branch
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
+
+          # Recreate dev from main (now includes version bump + changelog promotion)
+          curl -sf -X POST -H "Authorization: token ${TOKEN}" \
+            -H "Content-Type: application/json" \
+            "${API_BASE}/branches" \
+            -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
+
+          echo "Dev branch reset from main (keeps dev ahead after release)" >> $GITHUB_STEP_SUMMARY
+
+      # -- Summary --------------------------------------------------------------
+      - name: Pipeline Summary
+        if: always()
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
+            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
+            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
+          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
+            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "## Build & Release Complete (Joomla)" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
+            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
+            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
+          fi