Merge pull request 'feat: health endpoint with 16 diagnostic checks (#54)' (#23) from dev into main

CHANGELOG.md

@@ -31,37 +31,51 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - License/subscription check
 - System email template branding (DB approach)
 
-## [02.01.35] - 2026-05-22
+## [02.01.37] - 2026-05-23
 
 ### Added
-- Health check endpoint at `/?mokowaas=health` with token authentication (#54)
+- Health check endpoint at `/?mokowaas=health` with 16 diagnostic checks (#54)
-- Database connectivity and latency check
+- Core checks: database latency, filesystem writability/size, cache, extensions
-- Filesystem writability and disk space check
+- Backup checks: Akeeba Backup last backup date/status/size, days since, frequency
-- Cache status and extension count checks
+- Security checks: Admin Tools WAF status, blocked requests 24h/7d
-- Auto-generated API token (separate from Joomla user tokens)
+- SSL certificate: expiry date, days left, issuer (degraded <30d, error <7d)
-- Grafana auto-provisioning: Infinity datasource + shared dashboard
+- Scheduled tasks: Joomla task scheduler status, failed tasks 24h
-- Grafana plugin install via API (replaces deprecated CLI)
+- Error log: PHP error log size, recent errors, last error message
-- Dashboard with endpoint dropdown for multi-site monitoring
+- Database size: total MB, table count, top 5 largest tables
-- Provisioning on plugin install/update via script.php postflight
+- Content stats: articles, categories, menu items, modules
-- Error logging for all Grafana heartbeat attempts (HTTP code + cURL error)
+- User activity: total users, active sessions, failed logins 24h, last login
+- Mail system: mailer type, from address, SMTP host, queue count
+- SEO health: robots.txt, sitemap, htaccess, SEF status
+- Template info: site/admin template names, override count
+- Configuration drift: debug mode, error reporting, force SSL, caching
+- Human-readable `reason` field explaining degraded/error status
+- Site size reporting (images, media, tmp, cache, logs directories)
+- Heartbeat provisioning via receiver at bench.mokoconsulting.tech
+- Grafana datasource auto-provisioning via YAML (no API token needed)
+- ntfy notifications on heartbeat registration (mokowaas-heartbeat topic)
+- Grafana dashboard with 9 rows covering all 16 health checks
+- Auto-generated health API token (separate from Joomla user tokens)
 
 ### Changed
 - Health endpoint always enabled — no config toggle needed
-- Grafana credentials hardcoded and obfuscated (XOR+base64)
+- Grafana provisioning uses heartbeat receiver pattern (replaces direct API)
 - Removed config fields: enable_health_endpoint, grafana_url, grafana_api_key
-- Grafana dashboard rebuilt: plugin-only panels, no Prometheus blackbox dependency
 - Migrated .gitea/ to .mokogitea/ directory standard
-- Updated all workflow references from MokoStandards to moko-platform
+- Updated all references from MokoStandards to moko-platform
+- Renamed Gitea references to MokoGitea in docs
 
 ### Fixed
-- SSL certificate verification disabled for Grafana cURL calls (shared hosting compatibility)
+- SSL verification disabled for Grafana cURL calls (shared hosting)
-- cURL follow redirects enabled for Grafana API
+- cURL follow redirects enabled
-- updates.xml download URL uses correct `development` tag (was `dev`)
+- updates.xml download URL uses correct `development` tag
-- Grafana API token upgraded to Admin SA with datasource write permissions
 
 ### Security
-- Grafana API key obfuscated in source (not stored in plain text)
+- Plugin hidden from plugin list for non-master users
-- Token rotated on each stable release cycle
+- Plugin settings restricted to master user only
+- Self-healing lock (enforceLocked) runs every page load
+- Uninstall blocked in preflight
+- Health endpoint requires HTTPS + bearer token
+- Heartbeat shared secret for receiver authentication
 
 ## [02.01.08] - 2026-04-07
 

README.md

@@ -59,7 +59,11 @@ The MokoWaaS plugin operationalizes a unified naming convention, brand-controlle
 - **Joomla 5.x / 6.x Compatible**: Built using modern Joomla plugin architecture with dependency injection
 - **Multi-Language Support**: en-GB and en-US locales
 - **Admin & Frontend Coverage**: Dashboard, footer, login, installer, system info, update component, error pages, and more
-- **Governance Compliant**: Aligned with [MokoStandards](https://github.com/mokoconsulting-tech/MokoStandards)
+- **Health Monitoring**: 16 diagnostic checks via `/?mokowaas=health` — database, filesystem, cache, extensions, Akeeba Backup, Admin Tools, SSL, cron, errors, DB size, content, users, mail, SEO, templates, config
+- **Grafana Integration**: Auto-provisions Infinity datasource via heartbeat receiver — 9-row dashboard with all health metrics
+- **ntfy Notifications**: Heartbeat events pushed to `mokowaas-heartbeat` topic
+- **Plugin Protection**: Hidden from non-super-admins, self-healing lock, uninstall blocked
+- **Governance Compliant**: Aligned with [moko-platform](https://git.mokoconsulting.tech/MokoConsulting/moko-platform)
 
 ## System Requirements