diff --git a/.gitignore b/.gitignore
index ee502562..2a61bd13 100644
--- a/.gitignore
+++ b/.gitignore
@@ -107,7 +107,7 @@ replit.md
 *.tar.gz
 *.tgz
 *.zip
-!src/payload/*.zip
+!source/payload/*.zip
 artifacts/
 release/
 releases/
@@ -122,6 +122,7 @@ build/
 dist/
 out/
 site/
+!source/packages/*/site/
 *.map
 *.css.map
 *.js.map
@@ -160,7 +161,7 @@ package-lock.json
 # PHP / Composer tooling
 # ============================================================
 vendor/
-!src/media/vendor/
+!source/media/vendor/
 composer.lock
 *.phar
 codeception.phar
diff --git a/.gitmodules b/.gitmodules
index f6b1e884..e69de29b 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,4 +0,0 @@
-[submodule "src/packages/tpl_mokoonyx"]
-	path = src/packages/tpl_mokoonyx
-	url = https://git.mokoconsulting.tech/MokoConsulting/MokoOnyx.git
-	branch = main
diff --git a/.mokogitea/CLAUDE.md b/.mokogitea/CLAUDE.md
index ea146a19..abba657b 100644
--- a/.mokogitea/CLAUDE.md
+++ b/.mokogitea/CLAUDE.md
@@ -1,316 +1,82 @@
-<!--
-Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+# MokoWaaS
 
-This file is part of a Moko Consulting project.
+Joomla 5/6 admin tools suite — heartbeat health monitoring, extension management, security firewall, tenant restrictions, and site administration.
 
-SPDX-License-Identifier: GPL-3.0-or-later
+## Quick Reference
 
-# FILE INFORMATION
-DEFGROUP: MokoStandards.Templates.GitHub
-INGROUP: MokoStandards.Templates
-REPO: https://github.com/mokoconsulting-tech/MokoStandards
-PATH: /templates/github/copilot-instructions.joomla.md.template
-VERSION: XX.YY.ZZ
-BRIEF: GitHub Copilot custom instructions template for Joomla/MokoWaaS governed repositories
-NOTE: Synced to .github/copilot-instructions.md in all Joomla/WaaS repos via bulk sync.
-      Tokens replaced at sync time: MokoWaaS, https://github.com/mokoconsulting-tech/MokoWaaS, {{EXTENSION_NAME}},
-      {{EXTENSION_TYPE}}, {{EXTENSION_ELEMENT}}
--->
+| Field | Value |
+|---|---|
+| **Package** | `pkg_mokowaas` |
+| **Language** | PHP 8.1+ |
+| **Branch** | develop on `dev`, merge to `main` (protected) |
+| **Wiki** | [MokoWaaS Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/wiki) |
 
-> [!IMPORTANT]
-> **🔧 AI Self-Update Required on First Use**
->
-> This file may contain unfilled `{{TOKEN}}` placeholders. The MokoStandards bulk-sync system
-> replaces them automatically at sync time; if you can still see them, sync has not yet run for
-> this repository — or this is a brand-new repo.
->
-> **On your very first interaction in this repository, before answering any other question:**
->
-> 1. Check whether any `{{TOKEN}}` placeholders remain in this file.
-> 2. If they do, locate the values as described in the table below and replace every occurrence
->    in **both** `.github/copilot-instructions.md` and `.github/CLAUDE.md`.
-> 3. After replacing all tokens, **delete this entire notice block** (from `> [!IMPORTANT]`
->    through the closing `> ---` line) in both files.
-> 4. Tell the developer: *"I've self-updated the AI context files with this repository's
->    values — all set."*
->
-> | Placeholder | Where to find the value |
-> |---|---|
-> | `MokoWaaS` | The GitHub repository name (visible in the URL, `README.md` heading, or `git remote -v`) |
-> | `https://github.com/mokoconsulting-tech/MokoWaaS` | Full GitHub URL, e.g. `https://github.com/mokoconsulting-tech/<repo-name>` |
-> | `{{EXTENSION_NAME}}` | The `<name>` element in `manifest.xml` at the repository root |
-> | `{{EXTENSION_TYPE}}` | The `type` attribute of the `<extension>` tag in `manifest.xml` (`component`, `module`, `plugin`, or `template`) |
-> | `{{EXTENSION_ELEMENT}}` | The `<element>` tag in `manifest.xml`, or the filename prefix (e.g. `com_myextension`, `mod_mymodule`) |
->
-> ---
+## Commands
 
-# MokoWaaS — GitHub Copilot Custom Instructions
-
-## What This Repo Is
-
-This is a **Moko Consulting MokoWaaS** (Joomla) repository governed by [MokoStandards](https://github.com/mokoconsulting-tech/MokoStandards). All coding standards, workflows, and policies are defined there and enforced here via bulk sync.
-
-Repository URL: https://github.com/mokoconsulting-tech/MokoWaaS
-Extension name: **{{EXTENSION_NAME}}**
-Extension type: **{{EXTENSION_TYPE}}** (`{{EXTENSION_ELEMENT}}`)
-Platform: **Joomla 4.x / MokoWaaS**
-
----
-
-## Primary Language
-
-**PHP** (≥ 7.4) is the primary language for this Joomla extension. JavaScript may be used for frontend enhancements. YAML uses 2-space indentation. All other text files use tabs per `.editorconfig`.
-
----
-
-## File Header — Always Required on New Files
-
-Every new file needs a copyright header as its first content.
-
-**PHP:**
-```php
-<?php
-/* Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
- *
- * This file is part of a Moko Consulting project.
- *
- * SPDX-License-Identifier: GPL-3.0-or-later
- *
- * FILE INFORMATION
- * DEFGROUP: MokoWaaS.{{EXTENSION_TYPE}}
- * INGROUP: MokoWaaS
- * REPO: https://github.com/mokoconsulting-tech/MokoWaaS
- * PATH: /path/to/file.php
- * VERSION: XX.YY.ZZ
- * BRIEF: One-line description of purpose
- */
-
-defined('_JEXEC') or die;
+```bash
+composer install  # Install PHP dependencies
 ```
 
-**Markdown:**
-```markdown
-<!--
-Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+## Architecture
 
-This file is part of a Moko Consulting project.
+Joomla **package** (`pkg_mokowaas`) with 17 sub-extensions:
 
-SPDX-License-Identifier: GPL-3.0-or-later
+### Core Plugin (`plg_system_mokowaas`)
+- Heartbeat health endpoint (`/?mokowaas=health`) with 16 diagnostic checks
+- Grafana provisioning and heartbeat sender
+- Site alias / domain management
+- Extension cascade (enable/disable coordination)
+- Download key preservation across Joomla updates
+- Namespace: `Moko\Plugin\System\MokoWaaS`
 
-# FILE INFORMATION
-DEFGROUP: MokoWaaS.Documentation
-INGROUP: MokoWaaS
-REPO: https://github.com/mokoconsulting-tech/MokoWaaS
-PATH: /docs/file.md
-VERSION: XX.YY.ZZ
-BRIEF: One-line description
--->
-```
+### Feature Plugins
+- `plg_system_mokowaas_firewall` — WAF, IP blocklist, security headers, password policy
+- `plg_system_mokowaas_tenant` — admin restrictions for non-master users
+- `plg_system_mokowaas_devtools` — dev mode, hit reset, version cleanup, download key reset
+- `plg_system_mokowaas_offline` — offline mode bypass for legal pages
+- `plg_system_mokowaas_monitor` — Grafana heartbeat registration
 
-**YAML / Shell / XML:** Use the appropriate comment syntax with the same fields. JSON files are exempt.
+### Component (`com_mokowaas`)
+- Admin dashboard with plugin management, WAF charts, extension catalog
+- Helpdesk ticketing system
+- REST API controllers
 
----
+### Modules
+- `mod_mokowaas_cpanel` — admin dashboard widget
+- `mod_mokowaas_menu` — admin sidebar menu
+- `mod_mokowaas_cache` — status bar cache/temp cleaner
+- `mod_mokowaas_categories` — auto-category tree menu
 
-## Version Management
+### Task Plugins
+- `plg_task_mokowaasdemo` — scheduled demo site reset
+- `plg_task_mokowaassync` — scheduled content sync
+- `plg_task_mokowaas_tickets` — ticket automation
 
-**`README.md` is the single source of truth for the repository version.**
+### Update Server
 
-- **Bump the patch version on every PR** — increment `XX.YY.ZZ` (e.g. `01.02.03` → `01.02.04`) in `README.md` before opening the PR; the `sync-version-on-merge` workflow propagates it automatically to all badges and `FILE INFORMATION` headers on merge to `main`.
-- The `VERSION: XX.YY.ZZ` field in `README.md` governs all other version references.
-- Version format is zero-padded semver: `XX.YY.ZZ` (e.g. `01.02.03`).
-- Never hardcode a specific version in document body text — use the badge or FILE INFORMATION header only.
+MokoGitea generates update feeds dynamically from releases — no static `updates.xml` needed.
 
-### Joomla Version Alignment
+## Source Directory
 
-The version in `README.md` **must always match** the `<version>` tag in `manifest.xml` and the latest entry in `updates.xml`. The `make release` command / release workflow updates all three automatically.
+Source lives in `source/` (not `src/`):
+- `source/pkg_mokowaas.xml` — package manifest
+- `source/script.php` — install script
+- `source/packages/` — all sub-extensions
 
-```xml
-<!-- In manifest.xml — must match README.md version -->
-<version>01.02.04</version>
+## Rules
 
-<!-- In updates.xml — prepend a new <update> block for every release.
-     Note: the backslash in version="4\.[0-9]+" is a literal backslash character
-     in the XML attribute value. Joomla's update server treats the value as a
-     regular expression, so \. matches a literal dot. -->
-<updates>
-	<update>
-		<name>{{EXTENSION_NAME}}</name>
-		<version>01.02.04</version>
-		<downloads>
-			<downloadurl type="full" format="zip">
-				https://github.com/mokoconsulting-tech/MokoWaaS/releases/download/01.02.04/{{EXTENSION_ELEMENT}}-01.02.04.zip
-			</downloadurl>
-		</downloads>
-		<targetplatform name="joomla" version="4\.[0-9]+" />
-	</update>
-	<!-- … older entries preserved below … -->
-</updates>
-```
+- **Never commit** `.claude/`, `.mcp.json`, `TODO.md`, `*.min.css`/`*.min.js`
+- **Attribution**: `Authored-by: Moko Consulting`
+- **Workflow directory**: `.mokogitea/` (not `.gitea/` or `.github/`)
+- **Minification**: handled at build time (CI)
+- **Wiki**: documentation lives in the Gitea wiki, not `docs/` files
+- **Standards**: [moko-platform](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)
 
----
+## Coding Standards
 
-## Joomla Extension Structure
-
-```
-MokoWaaS/
-├── manifest.xml          # Joomla installer manifest (root — required)
-├── (no updates.xml)       # Update XML is generated dynamically by MokoGitea
-├── site/                 # Frontend (site) code
-│   ├── controller.php
-│   ├── controllers/
-│   ├── models/
-│   └── views/
-├── admin/                # Backend (admin) code
-│   ├── controller.php
-│   ├── controllers/
-│   ├── models/
-│   ├── views/
-│   └── sql/
-├── language/             # Language INI files
-├── media/                # CSS, JS, images (deployed to /media/{{EXTENSION_ELEMENT}}/)
-├── docs/                 # Technical documentation
-├── tests/                # Test suite
-├── .github/
-│   ├── workflows/
-│   ├── copilot-instructions.md  # This file
-│   └── CLAUDE.md
-├── README.md             # Version source of truth
-├── CHANGELOG.md
-├── CONTRIBUTING.md
-├── LICENSE               # GPL-3.0-or-later
-└── Makefile              # Build automation
-```
-
----
-
-## Update Server — MokoGitea Dynamic Endpoint
-
-`updates.xml` is **NOT** stored in the repo. MokoGitea generates the update XML dynamically from git releases at:
-
-```
-https://git.mokoconsulting.tech/{Owner}/{Repo}/updates.xml
-```
-
-The package manifest (`pkg_mokowaas.xml`) references it via:
-```xml
-<updateservers>
-	<server type="extension" priority="1" name="MokoWaaS Update Server">
-		https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/updates.xml
-	</server>
-</updateservers>
-```
-
-**License Key (Download Key):**
-- MokoGitea's endpoint validates license keys passed as `?dlid=MOKO-XXXX-XXXX-XXXX-XXXX`
-- The generated XML includes `<downloadkey prefix="dlid=" suffix="" />` to tell Joomla a key is required
-- Users enter the download key via Joomla's native **System → Update Sites** interface
-- Joomla stores the key in `#__update_sites.extra_query` and appends it to all update/download requests
-- Invalid/expired keys receive an empty `<updates></updates>` response
-
-**Rules:**
-- Do NOT create or commit a static `updates.xml` — MokoGitea generates it from releases
-- The `<version>` in release tags must match `<version>` in the manifest and `README.md`
-- Release assets (ZIPs) must be attached to git releases — MokoGitea uses them for `<downloadurl>`
-- `<targetplatform name="joomla" version="(5|6)\..*">` — the backslash is a **literal backslash character** in the XML attribute value; Joomla's update-server parser treats the value as a regular expression
-
----
-
-## manifest.xml Rules
-
-- Lives at the repo root as `manifest.xml` (not inside `site/` or `admin/`).
-- `<version>` tag must be kept in sync with `README.md` version and `updates.xml`.
-- Must include `<updateservers>` block pointing to this repo's `updates.xml`.
-- Must include `<files folder="site">` and `<administration>` sections.
-- Joomla 4.x requires `<namespace path="src">Moko\{{EXTENSION_NAME}}</namespace>` for namespaced extensions.
-
----
-
-## GitHub Actions — Token Usage
-
-Every workflow must use **`secrets.GH_TOKEN`** (the org-level Personal Access Token).
-
-```yaml
-# ✅ Correct
-- uses: actions/checkout@v4
-  with:
-    token: ${{ secrets.GH_TOKEN }}
-
-env:
-  GH_TOKEN: ${{ secrets.GH_TOKEN }}
-```
-
-```yaml
-# ❌ Wrong — never use these in workflows
-token: ${{ github.token }}
-token: ${{ secrets.GITHUB_TOKEN }}
-```
-
----
-
-## MokoStandards Reference
-
-This repository is governed by [MokoStandards](https://github.com/mokoconsulting-tech/MokoStandards). Authoritative policies:
-
-| Document | Purpose |
-|----------|---------|
-| [file-header-standards.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/file-header-standards.md) | Copyright-header rules for every file type |
-| [coding-style-guide.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/coding-style-guide.md) | Naming and formatting conventions |
-| [branching-strategy.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/branching-strategy.md) | Branch naming, hierarchy, and release workflow |
-| [merge-strategy.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/merge-strategy.md) | Squash-merge policy and PR title/body conventions |
-| [changelog-standards.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/changelog-standards.md) | How and when to update CHANGELOG.md |
-| [joomla-development-guide.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/guide/waas/joomla-development-guide.md) | MokoWaaS Joomla extension development guide |
-
----
-
-## Naming Conventions
-
-| Context | Convention | Example |
-|---------|-----------|---------|
-| PHP class | `PascalCase` | `MyController` |
-| PHP method / function | `camelCase` | `getItems()` |
-| PHP variable | `$snake_case` | `$item_id` |
-| PHP constant | `UPPER_SNAKE_CASE` | `MAX_ITEMS` |
-| PHP class file | `PascalCase.php` | `ItemModel.php` |
-| YAML workflow | `kebab-case.yml` | `ci-joomla.yml` |
-| Markdown doc | `kebab-case.md` | `installation-guide.md` |
-
----
-
-## Commit Messages
-
-Format: `<type>(<scope>): <subject>` — imperative, lower-case subject, no trailing period.
-
-Valid types: `feat` · `fix` · `docs` · `chore` · `ci` · `refactor` · `style` · `test` · `perf` · `revert` · `build`
-
----
-
-## Branch Naming
-
-Format: `<prefix>/<MAJOR.MINOR.PATCH>[/description]`
-
-Approved prefixes: `dev/` · `rc/` · `version/` · `patch/` · `copilot/` · `dependabot/`
-
----
-
-## Keeping Documentation Current
-
-| Change type | Documentation to update |
-|-------------|------------------------|
-| New or renamed PHP class/method | PHPDoc block; `docs/api/` entry |
-| New or changed manifest.xml | Bump README.md version |
-| New release | Create git release with ZIP asset; update CHANGELOG.md; bump README.md version |
-| New or changed workflow | `docs/workflows/<workflow-name>.md` |
-| Any modified file | Update the `VERSION` field in that file's `FILE INFORMATION` block |
-| **Every PR** | **Bump the patch version** — increment `XX.YY.ZZ` in `README.md`; `sync-version-on-merge` propagates it |
-
----
-
-## Key Constraints
-
-- Never commit directly to `main` — all changes go via PR, squash-merged
-- Never skip the FILE INFORMATION block on a new file
-- Never add `defined('_JEXEC') or die;` to CLI scripts or model tests — only to web-accessible PHP files
-- Never hardcode version numbers in body text — update `README.md` and let automation propagate
-- Never use `github.token` or `secrets.GITHUB_TOKEN` in workflows — always use `secrets.GH_TOKEN`
-- Never let `manifest.xml` version and `README.md` version go out of sync
-- Never commit a static `updates.xml` — the update feed is generated dynamically by MokoGitea
+- PHP 8.1+ minimum
+- Joomla 5/6 DI container pattern: `services/provider.php` → Extension class
+- `SubscriberInterface` for event subscription
+- Joomla 5/6 dual-compat for events: check `is_object($event)` with `getArgument()` fallback
+- SPDX license headers on all PHP files
+- `defined('_JEXEC') or die;` on all web-accessible PHP files
diff --git a/.mokogitea/manifest.xml b/.mokogitea/manifest.xml
index 0c1049cf..5ea26278 100644
--- a/.mokogitea/manifest.xml
+++ b/.mokogitea/manifest.xml
@@ -9,7 +9,11 @@
     <display-name>Package - MokoWaaS</display-name>
     <org>MokoConsulting</org>
     <description>White-label identity, security hardening, and tenant restriction layer for WaaS-managed Joomla environments</description>
+<<<<<<< HEAD
     <version>02.34.00</version>
+=======
+    <version>02.34.16</version>
+>>>>>>> origin/dev
     <license spdx="GPL-3.0-or-later">GNU General Public License v3</license>
   </identity>
   <governance>
@@ -21,6 +25,6 @@
   <build>
     <language>PHP</language>
     <package-type>package</package-type>
-    <entry-point>src/</entry-point>
+    <entry-point>source/</entry-point>
   </build>
 </moko-platform>
diff --git a/.mokogitea/workflows/auto-bump.yml b/.mokogitea/workflows/auto-bump.yml
index 33aff715..def55e40 100644
--- a/.mokogitea/workflows/auto-bump.yml
+++ b/.mokogitea/workflows/auto-bump.yml
@@ -48,15 +48,12 @@ jobs:
           if ! command -v composer &> /dev/null; then
             sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
           fi
-          if [ -d "/opt/moko-platform/cli" ]; then
-            echo "MOKO_CLI=/opt/moko-platform/cli" >> "$GITHUB_ENV"
-          else
-            git clone --depth 1 --branch main --quiet \
-              "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/moko-platform.git" \
-              /tmp/moko-platform-api
-            cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
-            echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
-          fi
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
+          echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
 
       - name: Bump version
         run: |
diff --git a/.mokogitea/workflows/auto-release.yml b/.mokogitea/workflows/auto-release.yml
index 44a2d64a..8fa46848 100644
--- a/.mokogitea/workflows/auto-release.yml
+++ b/.mokogitea/workflows/auto-release.yml
@@ -1,285 +1,316 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Release
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
-# PATH: /templates/workflows/universal/auto-release.yml.template
-# VERSION: 05.00.00
-# BRIEF: Universal build & release � detects platform from manifest.xml
-#
-# +========================================================================+
-# |              UNIVERSAL BUILD & RELEASE PIPELINE                        |
-# +========================================================================+
-# |                                                                        |
-# |  Reads manifest.xml (joomla|dolibarr|generic) to branch logic.       |
-# |                                                                        |
-# |  Platform-specific:                                                    |
-# |    joomla:   XML manifest, updates.xml, type-prefixed packages         |
-# |    dolibarr: mod*.class.php, update.txt, dev version reset             |
-# |    generic:  README-only, no update stream                             |
-# |                                                                        |
-# +========================================================================+
-
-name: "Universal: Build & Release"
-
-on:
-  pull_request:
-    types: [opened, closed]
-    branches:
-      - main
-  workflow_dispatch:
-    inputs:
-      action:
-        description: 'Action to perform'
-        required: false
-        type: choice
-        default: release
-        options:
-          - release
-          - promote-rc
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-
-jobs:
-  # ── PR Opened → Rename branch to RC and build RC release ─────────────────────
-  promote-rc:
-    name: Promote to RC
-    runs-on: release
-    if: >-
-      (github.event.action == 'opened' && github.event.pull_request.merged != true) ||
-      (github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
-          fetch-depth: 1
-
-      - name: Setup moko-platform tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-        run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
-          rm -rf /tmp/moko-platform-api
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api
-          composer install --no-dev --no-interaction --quiet
-
-      - name: Rename branch to rc
-        run: |
-          php /tmp/moko-platform-api/cli/branch_rename.php \
-            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
-            --pr "${{ github.event.pull_request.number }}"
-
-      - name: Checkout rc and configure git
-        run: |
-          git fetch origin rc
-          git checkout rc
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-
-      - name: Publish RC release
-        run: |
-          php /tmp/moko-platform-api/cli/release_publish.php \
-            --path . --stability rc --bump minor --branch rc \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --skip-update-stream
-
-      - name: Summary
-        if: always()
-        run: |
-          echo "## Promoted to Release Candidate" >> $GITHUB_STEP_SUMMARY
-          echo "Branch renamed to rc, minor bump, RC release built (updates.xml managed by Gitea Pages)" >> $GITHUB_STEP_SUMMARY
-
-  # ── Merged PR → Build & Release (or promote RC to stable) ────────────────────
-  release:
-    name: Build & Release Pipeline
-    runs-on: release
-    if: >-
-      github.event.pull_request.merged == true ||
-      (github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
-          fetch-depth: 0
-
-      - name: Configure git for bot pushes
-        run: |
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-
-      - name: Check for merge conflict markers
-        run: |
-          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
-          if [ -n "$CONFLICTS" ]; then
-            echo "::error::Merge conflict markers found — aborting release"
-            echo "## Release Blocked: Conflict Markers" >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            exit 1
-          fi
-          echo "No conflict markers found"
-
-      - name: Setup moko-platform tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN }}"}}'
-        run: |
-          # Ensure PHP + Composer are available
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
-          rm -rf /tmp/moko-platform-api
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api
-          composer install --no-dev --no-interaction --quiet
-
-
-      - name: "Publish stable release"
-        run: |
-          php /tmp/moko-platform-api/cli/release_publish.php \
-            --path . --stability stable --bump minor --branch main \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --skip-update-stream
-
-      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
-      - name: "Step 9: Mirror release to GitHub"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          secrets.GH_MIRROR_TOKEN != ''
-        continue-on-error: true
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_mirror.php \
-            --version "$VERSION" --tag "$RELEASE_TAG" \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
-            --gh-token "${{ secrets.GH_MIRROR_TOKEN }}" --gh-repo "$GH_REPO" \
-            --branch main 2>&1 || true
-          echo "GitHub mirror updated" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
-      - name: "Step 10: Push main to GitHub mirror"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          secrets.GH_MIRROR_TOKEN != ''
-        continue-on-error: true
-        run: |
-          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
-          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
-          git remote add github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
-            git remote set-url github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
-          git fetch origin main --depth=1
-          git push github origin/main:refs/heads/main --force 2>/dev/null \
-            && echo "main branch pushed to GitHub mirror" \
-            || echo "WARNING: GitHub mirror push failed"
-
-      - name: "Step 11: Delete rc branch and recreate dev from main"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-
-          # Delete rc branch (ephemeral — created by promote-rc)
-          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
-            "${API_BASE}/branches/rc" 2>/dev/null \
-            && echo "Deleted rc branch" || echo "rc branch not found"
-
-          # Delete dev branch
-          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
-            "${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
-
-          # Recreate dev from main (now includes version bump + changelog promotion)
-          curl -sf -X POST -H "Authorization: token ${TOKEN}" \
-            -H "Content-Type: application/json" \
-            "${API_BASE}/branches" \
-            -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
-
-          echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
-
-      - name: "Step 12: Create version branch from main"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          BRANCH_NAME="version/${VERSION}"
-          MAIN_SHA=$(git rev-parse HEAD)
-
-          # Delete old version branch if it exists (same version re-release)
-          curl -sf -X DELETE -H "Authorization: token ${TOKEN}"             "${API_BASE}/branches/${BRANCH_NAME}" 2>/dev/null && echo "Deleted old ${BRANCH_NAME}"
-
-          # Create version/XX.YY.ZZ from main
-          curl -sf -X POST -H "Authorization: token ${TOKEN}"             -H "Content-Type: application/json"             "${API_BASE}/branches"             -d "{\"new_branch_name\":\"${BRANCH_NAME}\",\"old_branch_name\":\"main\"}" 2>/dev/null             && echo "Created ${BRANCH_NAME} from main (${MAIN_SHA})"             || echo "WARNING: ${BRANCH_NAME} creation failed"
-
-          echo "Version branch created: ${BRANCH_NAME} (${MAIN_SHA})" >> $GITHUB_STEP_SUMMARY
-
-
-
-      # -- Dolibarr post-release: Reset dev version -----------------------------
-      - name: "Post-release: Reset dev version"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/version_reset_dev.php \
-            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
-            --branch dev --path . 2>&1 || true
-
-      # -- Summary --------------------------------------------------------------
-      - name: Pipeline Summary
-        if: always()
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          PLATFORM="${{ steps.platform.outputs.platform }}"
-          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
-            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
-            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
-          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
-            echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "## Build & Release Complete (${PLATFORM})" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
-            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Platform | \`${PLATFORM}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
-          fi
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Release
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# PATH: /templates/workflows/universal/auto-release.yml.template
+# VERSION: 05.00.00
+# BRIEF: Universal build & release � detects platform from manifest.xml
+#
+# +========================================================================+
+# |              UNIVERSAL BUILD & RELEASE PIPELINE                        |
+# +========================================================================+
+# |                                                                        |
+# |  Reads manifest.xml (joomla|dolibarr|generic) to branch logic.       |
+# |                                                                        |
+# |  Platform-specific:                                                    |
+# |    joomla:   XML manifest, updates.xml, type-prefixed packages         |
+# |    dolibarr: mod*.class.php, update.txt, dev version reset             |
+# |    generic:  README-only, no update stream                             |
+# |                                                                        |
+# +========================================================================+
+
+name: "Universal: Build & Release"
+
+on:
+  pull_request:
+    types: [opened, closed]
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      action:
+        description: 'Action to perform'
+        required: false
+        type: choice
+        default: release
+        options:
+          - release
+          - promote-rc
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
+  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
+
+permissions:
+  contents: write
+
+jobs:
+  # ── PR Opened → Rename branch to RC and build RC release ─────────────────────
+  promote-rc:
+    name: Promote to RC
+    runs-on: release
+    if: >-
+      (github.event.action == 'opened' && github.event.pull_request.merged != true) ||
+      (github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 1
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api
+          composer install --no-dev --no-interaction --quiet
+          echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
+
+      - name: Rename branch to rc
+        run: |
+          php ${MOKO_CLI}/branch_rename.php \
+            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
+            --pr "${{ github.event.pull_request.number }}"
+
+      - name: Checkout rc and configure git
+        run: |
+          git fetch origin rc
+          git checkout rc
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+      - name: Publish RC release
+        run: |
+          php ${MOKO_CLI}/release_publish.php \
+            --path . --stability rc --bump minor --branch rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --skip-update-stream
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "## Promoted to Release Candidate" >> $GITHUB_STEP_SUMMARY
+          echo "Branch renamed to rc, minor bump, RC release built (updates.xml managed by Gitea Pages)" >> $GITHUB_STEP_SUMMARY
+
+  # ── Merged PR → Build & Release (or promote RC to stable) ────────────────────
+  release:
+    name: Build & Release Pipeline
+    runs-on: release
+    if: >-
+      github.event.pull_request.merged == true ||
+      (github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 0
+
+      - name: Configure git for bot pushes
+        run: |
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+      - name: Check for merge conflict markers
+        run: |
+          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
+          if [ -n "$CONFLICTS" ]; then
+            echo "::error::Merge conflict markers found - aborting release"
+            echo "## Release Blocked: Conflict Markers" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "No conflict markers found"
+
+      - name: Setup moko-platform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN }}"}}'
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          rm -rf /tmp/moko-platform-api
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform-api
+          cd /tmp/moko-platform-api
+          composer install --no-dev --no-interaction --quiet
+          echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
+
+      - name: "Publish stable release"
+        run: |
+          php ${MOKO_CLI}/release_publish.php \
+            --path . --stability stable --bump minor --branch main \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --skip-update-stream
+
+      - name: Update release notes from CHANGELOG.md
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          # Extract [Unreleased] section from changelog
+          if [ -f "CHANGELOG.md" ]; then
+            NOTES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md)
+            [ -z "$NOTES" ] && NOTES="Stable release"
+          else
+            NOTES="Stable release"
+          fi
+
+          # Update release body via API
+          RELEASE_ID=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+            "${API_BASE}/releases/tags/stable" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+
+          if [ -n "$RELEASE_ID" ]; then
+            python3 -c "
+          import json, urllib.request
+          body = open('/dev/stdin').read()
+          payload = json.dumps({'body': body}).encode()
+          req = urllib.request.Request(
+              '${API_BASE}/releases/${RELEASE_ID}',
+              data=payload, method='PATCH',
+              headers={
+                  'Authorization': 'token ${{ secrets.MOKOGITEA_TOKEN }}',
+                  'Content-Type': 'application/json'
+              })
+          urllib.request.urlopen(req)
+          " <<< "$NOTES"
+            echo "Release notes updated from CHANGELOG.md"
+          fi
+
+      # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
+      - name: "Step 9: Mirror release to GitHub"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          secrets.GH_MIRROR_TOKEN != ''
+        continue-on-error: true
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php ${MOKO_CLI}/release_mirror.php \
+            --version "$VERSION" --tag "$RELEASE_TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --gh-token "${{ secrets.GH_MIRROR_TOKEN }}" --gh-repo "$GH_REPO" \
+            --branch main 2>&1 || true
+          echo "GitHub mirror updated" >> $GITHUB_STEP_SUMMARY
+
+      # -- STEP 10: Sync main branch to GitHub mirror ----------------------------
+      - name: "Step 10: Push main to GitHub mirror"
+        if: >-
+          steps.version.outputs.skip != 'true' &&
+          secrets.GH_MIRROR_TOKEN != ''
+        continue-on-error: true
+        run: |
+          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
+          GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
+          GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
+          git remote add github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
+            git remote set-url github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
+          git fetch origin main --depth=1
+          git push github origin/main:refs/heads/main --force 2>/dev/null \
+            && echo "main branch pushed to GitHub mirror" \
+            || echo "WARNING: GitHub mirror push failed"
+
+      - name: "Step 11: Delete rc branch and recreate dev from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+
+          # Delete rc branch (ephemeral - created by promote-rc)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/rc" 2>/dev/null \
+            && echo "Deleted rc branch" || echo "rc branch not found"
+
+          # Delete dev branch
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
+
+          # Recreate dev from main (now includes version bump + changelog promotion)
+          curl -sf -X POST -H "Authorization: token ${TOKEN}" \
+            -H "Content-Type: application/json" \
+            "${API_BASE}/branches" \
+            -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
+
+          echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
+
+      - name: "Step 12: Create version branch from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          BRANCH_NAME="version/${VERSION}"
+          MAIN_SHA=$(git rev-parse HEAD)
+
+          # Delete old version branch if it exists (same version re-release)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}"             "${API_BASE}/branches/${BRANCH_NAME}" 2>/dev/null && echo "Deleted old ${BRANCH_NAME}"
+
+          # Create version/XX.YY.ZZ from main
+          curl -sf -X POST -H "Authorization: token ${TOKEN}"             -H "Content-Type: application/json"             "${API_BASE}/branches"             -d "{\"new_branch_name\":\"${BRANCH_NAME}\",\"old_branch_name\":\"main\"}" 2>/dev/null             && echo "Created ${BRANCH_NAME} from main (${MAIN_SHA})"             || echo "WARNING: ${BRANCH_NAME} creation failed"
+
+          echo "Version branch created: ${BRANCH_NAME} (${MAIN_SHA})" >> $GITHUB_STEP_SUMMARY
+
+
+
+      # -- Dolibarr post-release: Reset dev version -----------------------------
+      - name: "Post-release: Reset dev version"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          php ${MOKO_CLI}/version_reset_dev.php \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
+            --branch dev --path . 2>&1 || true
+
+      # -- Summary --------------------------------------------------------------
+      - name: Pipeline Summary
+        if: always()
+        run: |
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
+            echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
+            echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
+          elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
+            echo "## Already Released - ${VERSION}" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "## Build & Release Complete (${PLATFORM})" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
+            echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
+            echo "| Platform | \`${PLATFORM}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
+          fi
diff --git a/.mokogitea/workflows/issue-branch.yml b/.mokogitea/workflows/issue-branch.yml
index 11dbf65d..8e534df0 100644
--- a/.mokogitea/workflows/issue-branch.yml
+++ b/.mokogitea/workflows/issue-branch.yml
@@ -5,7 +5,11 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: moko-platform.Automation
+<<<<<<< HEAD
 # VERSION: 02.34.00
+=======
+# VERSION: 02.34.16
+>>>>>>> origin/dev
 # BRIEF: Auto-create feature branch when an issue is opened
 
 name: "Universal: Issue Branch"
diff --git a/.mokogitea/workflows/pr-check.yml b/.mokogitea/workflows/pr-check.yml
index 4d78d7a4..aa31cc72 100644
--- a/.mokogitea/workflows/pr-check.yml
+++ b/.mokogitea/workflows/pr-check.yml
@@ -295,6 +295,30 @@ jobs:
               ;;
           esac
 
+      - name: Check changelog has unreleased entries (PRs to main)
+        if: github.base_ref == 'main'
+        run: |
+          if [ ! -f "CHANGELOG.md" ]; then
+            echo "::error::CHANGELOG.md not found — required for releases"
+            exit 1
+          fi
+
+          # Extract content between [Unreleased] and next ## heading
+          ENTRIES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found && /^- /{count++} END{print count+0}' CHANGELOG.md)
+
+          if [ "$ENTRIES" -eq 0 ]; then
+            echo "::error::CHANGELOG.md has no entries under [Unreleased]. Add changelog entries before releasing."
+            echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "No entries found under \`[Unreleased]\` in CHANGELOG.md." >> $GITHUB_STEP_SUMMARY
+            echo "Add entries describing what changed before merging to main." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+
+          echo "Changelog: ${ENTRIES} unreleased entries found"
+          echo "## Changelog Check: Passed" >> $GITHUB_STEP_SUMMARY
+          echo "${ENTRIES} entries under [Unreleased]" >> $GITHUB_STEP_SUMMARY
+
       - name: Validate Joomla language files
         if: steps.platform.outputs.platform == 'joomla'
         run: |
diff --git a/.mokogitea/workflows/pre-release.yml b/.mokogitea/workflows/pre-release.yml
index 780150d3..1a9eeef0 100644
--- a/.mokogitea/workflows/pre-release.yml
+++ b/.mokogitea/workflows/pre-release.yml
@@ -63,16 +63,22 @@ jobs:
           MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
           MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
         run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          # Use pre-installed /opt/moko-platform if available (updated by cron every 6h)
+          if [ -f “/opt/moko-platform/cli/version_bump.php” ] && [ -f “/opt/moko-platform/vendor/autoload.php” ]; then
+            echo “Using pre-installed /opt/moko-platform”
+            echo “MOKO_CLI=/opt/moko-platform/cli” >> “$GITHUB_ENV”
+          else
+            echo “Falling back to fresh clone”
+            if ! command -v composer &> /dev/null; then
+              sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+            fi
+            rm -rf /tmp/moko-platform-api
+            git clone --depth 1 --branch main --quiet \
+              “https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git” \
+              /tmp/moko-platform-api
+            cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
+            echo “MOKO_CLI=/tmp/moko-platform-api/cli” >> “$GITHUB_ENV”
           fi
-          # Always fetch latest CLI tools — never use stale cache from previous runs
-          rm -rf /tmp/moko-platform-api
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
-          echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
 
       - name: Detect platform
         id: platform
@@ -96,20 +102,23 @@ jobs:
             release-candidate)  SUFFIX="-rc";    TAG="release-candidate" ;;
           esac
 
-          # Read current version (bump already handled by push workflow)
-          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null)
-          [ -z "$VERSION" ] && VERSION="00.00.01"
+          # Bump version via CLI: patch for dev/alpha/beta, minor for RC
+          case "$STABILITY" in
+            release-candidate) BUMP="minor" ;;
+            *)                 BUMP="patch" ;;
+          esac
 
-          # Strip any existing suffix from version before applying stability
+          php ${MOKO_CLI}/version_bump.php --path . $([ "$BUMP" = "minor" ] && echo "--minor") 2>/dev/null || true
+
+          # Set stability suffix and verify consistency
+          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "00.00.01")
           VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
 
           php ${MOKO_CLI}/version_set_platform.php \
             --path . --version "$VERSION" --branch "${{ github.ref_name }}" --stability "$STABILITY" 2>/dev/null || true
-
-          # Verify version consistency across all files
           php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
 
-          # Update VERSION variable with suffix
+          # Append suffix for output
           if [ -n "$SUFFIX" ]; then
             VERSION="${VERSION}${SUFFIX}"
           fi
@@ -155,19 +164,39 @@ jobs:
             --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
             --repo "${GITEA_REPO}" --branch dev --prerelease
 
-      - name: Ensure prerelease flag
+      - name: Update release notes from CHANGELOG.md
         run: |
           TAG="${{ steps.meta.outputs.tag }}"
+          VERSION="${{ steps.meta.outputs.version }}"
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          # Get release ID by tag and force prerelease=true
-          RELEASE_ID=$(curl -s "${API_BASE}/releases/tags/${TAG}" \
-            -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" | jq -r '.id // empty')
+
+          # Extract [Unreleased] section from changelog (everything between [Unreleased] and next ## heading)
+          if [ -f "CHANGELOG.md" ]; then
+            NOTES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md)
+            [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
+          else
+            NOTES="Release ${VERSION}"
+          fi
+
+          # Update release body via API
+          RELEASE_ID=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+            "${API_BASE}/releases/tags/${TAG}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+
           if [ -n "$RELEASE_ID" ]; then
-            curl -s -X PATCH "${API_BASE}/releases/${RELEASE_ID}" \
-              -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
-              -H "Content-Type: application/json" \
-              -d '{"prerelease": true}'
-            echo "Marked release ${TAG} (id=${RELEASE_ID}) as prerelease"
+            python3 -c "
+          import json, urllib.request
+          body = open('/dev/stdin').read()
+          payload = json.dumps({'body': body}).encode()
+          req = urllib.request.Request(
+              '${API_BASE}/releases/${RELEASE_ID}',
+              data=payload, method='PATCH',
+              headers={
+                  'Authorization': 'token ${{ secrets.MOKOGITEA_TOKEN }}',
+                  'Content-Type': 'application/json'
+              })
+          urllib.request.urlopen(req)
+          " <<< "$NOTES"
+            echo "Release notes updated from CHANGELOG.md"
           fi
 
       - name: Build package and upload
@@ -181,55 +210,8 @@ jobs:
             --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
             --repo "${GITEA_REPO}" --output /tmp || true
 
-      - name: Update updates.xml
-        if: steps.platform.outputs.platform == 'joomla'
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          SHA256="${{ steps.package.outputs.sha256_zip }}"
-
-          if [ ! -f "updates.xml" ]; then
-            echo "No updates.xml -- skipping"
-            exit 0
-          fi
-
-          SHA_FLAG=""
-          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
-
-          php ${MOKO_CLI}/updates_xml_build.php \
-            --path . --version "${VERSION}" --stability "${STABILITY}" \
-            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
-            ${SHA_FLAG}
-
-          # Commit and push
-          if ! git diff --quiet updates.xml 2>/dev/null; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add updates.xml
-            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
-            git push origin HEAD 2>&1 || echo "WARNING: push failed"
-          fi
-
-      - name: "Sync updates.xml to all branches"
-        if: steps.platform.outputs.platform == 'joomla'
-        run: |
-          CURRENT_BRANCH="${{ github.ref_name }}"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-
-          for BRANCH in main dev; do
-            [ "$BRANCH" = "$CURRENT_BRANCH" ] && continue
-            echo "Syncing updates.xml -> ${BRANCH}"
-            git fetch origin "${BRANCH}" 2>/dev/null || continue
-            git checkout "origin/${BRANCH}" -- updates.xml 2>/dev/null || continue
-            git checkout "${CURRENT_BRANCH}" -- updates.xml
-            if ! git diff --quiet updates.xml 2>/dev/null; then
-              git add updates.xml
-              git commit -m "chore: sync updates.xml from ${CURRENT_BRANCH} [skip ci]"
-              git push origin HEAD:refs/heads/${BRANCH} 2>&1 || echo "WARNING: push to ${BRANCH} failed"
-            fi
-            git checkout "${CURRENT_BRANCH}" 2>/dev/null
-          done
+      # updates.xml is generated dynamically by MokoGitea license server
+      # No need to build, commit, or sync updates.xml from workflows
 
       - name: "Delete lesser pre-release channels (cascade)"
         continue-on-error: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc6f7d81..3d8f41c2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,11 +14,62 @@
  INGROUP: MokoWaaS.Documentation
  REPO: https://github.com/mokoconsulting-tech/mokowaas
  PATH: ./CHANGELOG.md
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  BRIEF: Version history using `Keep a Changelog`
 -->
 
-# Changelog## [02.32.00] - 2026-06-02
+# Changelog
+
+## [Unreleased]
+
+### Added
+- Database Tools view — table status, optimize, repair, session purge (#127)
+- Cache Cleanup view — directory size reporting and one-click cleanup (#128)
+- mod_mokowaas_cache — one-click cache cleaner button in admin status bar (replaces Regular Labs Cache Cleaner)
+- mod_mokowaas_menu — collapsible admin sidebar menu using native MetisMenu classes (like Community Builder)
+- SSL certificate expiry monitoring in cpanel module (#148)
+- MokoWaaS-specific update badge (blue) separate from other updates in cpanel module
+- migrateUpdateServerUrls() — rewrites all Moko extension update server URLs to clean /updates.xml on install/update
+- fixMenuIcons() — sets menu_icon params on submenu items (Joomla only renders img on level 1)
+- setupCacheModule() — registers cache cleaner module in status bar position on install
+- Component config.xml for Joomla Options modal (#149)
+- preflight() ALTER for #__extensions.element default (MySQL strict mode fix)
+- Retire MokoJoomTOS, MokoATS-Automation, MokoDPCalendarAPI, MokoGalleryCalendar on install
+- MokoJoomTOS settings auto-migrate to mokowaas_offline before removal
+- dev-release and pre-release workflows with changelog extraction into release notes
+- RC pre-release consolidates dev patches into clean minor version bump
+
+
+### Changed
+- Move security hardening methods (protectPlugin, ensureProtectedFlag, isOurExtension) from core plugin to firewall plugin (#155)
+- Admin menu module uses native Joomla MetisMenu CSS classes
+- Helpdesk icon changed to fa-handshake-angle, .htaccess to fa-solid fa-file-code
+- clearCache purges all cache files recursively (replaces Regular Labs Cache Cleaner behavior)
+- License key warning moved from every-page onAfterRoute to package postflight only
+- Update server URL changed to dynamic MokoGitea feed
+- Component manifest adds `<languages>` for global language dir deployment
+- Privacy and WAF Log added to component manifest submenu
+- MokoOnyx template removed from package manifest (separate repo/release)
+
+
+### Removed
+- Static updates.xml — MokoGitea generates update feed dynamically from releases
+- update-server.yml workflow — replaced by pre-release.yml
+
+
+### Fixed
+- Tickets list showing raw `<em>Unassigned</em>` HTML instead of italic text
+- Cache cleaner CSRF failure — token now sent as POST FormData
+- Admin menu icons missing for Helpdesk and .htaccess Maker
+- Firewall install error "Field 'element' doesn't have a default value" (MySQL strict mode)
+
+
+## [02.32] - 2026-06-02
+
 ### Added
 - Admin control panel dashboard in com_mokowaas with site info bar, feature plugin grid, and quick actions
 - Feature plugin architecture — MokoWaaS features split into toggleable plugins managed from the dashboard
@@ -42,7 +93,8 @@
 - License key validation (licensing system not ready — will return in future release)
 - Dynamic MokoGitea update feed dependency (replaced with static updates.xml)
 
-## [02.31.00] - 2026-06-01
+## [02.31] - 2026-06-01
+
 ### Added
 - License key support via Joomla's native Update Sites download key system (dlid)
 - Update server URL migrated from static XML to MokoGitea's dynamic update feed endpoint
@@ -75,7 +127,8 @@
 - Site Aliases config tab (hardcoded to dev.{primary_domain})
 - File sync (images/, files/, media/) — sync is API/DB content only
 
-## [02.29.03] - 2026-05-31
+## [02.29] - 2026-05-31
+
 ### Added
 - `allow_extension_updates` param — separate update rights from installer restrictions; tenants can update extensions by default even when the installer is restricted
 - Hardcoded master usernames — multiple privileged users supported with identical access
@@ -89,7 +142,6 @@
 
 - Demo Mode with configurable warning banner on frontend when enabled
 
-### Fixed
 - Demo banner countdown now shows weeks/days/months for longer intervals instead of raw hours
 - `DemoResetService` — baseline snapshot and restore for DB tables + media files
 - API endpoints `POST /?mokowaas=reset` and `POST /?mokowaas=snapshot` (query-string)
@@ -104,6 +156,4 @@
 - Package installer: clean up legacy `mokowaasbrand` extension entries and files on install/update
 - API endpoint `GET /?mokowaas=extensions` and `GET /api/v1/mokowaas/extensions` — list installed extensions with version, status, and update server info
 
-## [02.20.00] --- 2026-05-28
-
-## [02.20.00] --- 2026-05-28
+## [02.20] --- 2026-05-28
diff --git a/CLAUDE.md b/CLAUDE.md
deleted file mode 100644
index 26547caa..00000000
--- a/CLAUDE.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# CLAUDE.md
-
-This file provides guidance to Claude Code when working with this repository.
-
-## Project Overview
-
-**MokoWaaS** -- MokoWaaS is a Joomla 5.x / 6.x system plugin that provides a configurable white-label identity layer for the MokoWaaS platform.
-
-| Field | Value |
-|---|---|
-| **Platform** | joomla |
-| **Language** | PHP |
-| **Default branch** | main |
-| **License** | GPL-3.0-or-later |
-| **Wiki** | [MokoWaaS Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/wiki) |
-| **Standards** | [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home) |
-
-## Common Commands
-
-```bash
-composer install  # Install PHP dependencies
-```
-
-## Architecture
-
-This is a Joomla extension. Key directories:
-- `src/` -- extension source (deployed to Joomla)
-- `src/*.xml` -- manifest file (version, files, params)
-- `src/src/` or `src/services/` -- PHP classes
-- `src/language/` -- translation strings
-- `src/media/` -- CSS/JS/images
-
-## Rules
-
-- **Workflow directory**: `.mokogitea/` (not `.gitea/` or `.github/`)
-
-- **Never commit** `.claude/`, `.mcp.json`, `TODO.md`, or `*.min.css`/`*.min.js`
-- **Attribution**: use `Authored-by: Moko Consulting` in commits
-- **Branch strategy**: develop on `dev`, merge to `main` for release
-- **Minification**: handled at build time (CI) and runtime (MokoMinifyHelper for Joomla templates)
-- **Wiki**: documentation lives in the Gitea wiki, not in `docs/` files
-- **Standards**: this repo follows [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index ba93de47..506517f0 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -14,7 +14,11 @@
 	DEFGROUP: Joomla.Plugin
 	INGROUP: MokoWaaS.Documentation
 	REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
 	VERSION: 02.34.00
+=======
+	VERSION: 02.34.16
+>>>>>>> origin/dev
 	PATH: ./CODE_OF_CONDUCT.md
 	BRIEF: Reference + packaging repo for Moko Consulting Developer GPT Other Default
 -->
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index bf60cc5c..f0957582 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -127,6 +127,30 @@ The version tools update all files containing version stamps:
 
 Files synced from other repos (with a `# REPO:` header) are not touched.
 
+## Changelog
+
+We use [Keep a Changelog](https://keepachangelog.com/) with an `[Unreleased]` staging section.
+
+### Rules
+
+- All changes go under `## [Unreleased]` — this is the "current work" section
+- Entries stay under `[Unreleased]` until a **stable release** merges to `main`
+- On stable release, `[Unreleased]` entries are promoted to a version heading (e.g., `## [02.34] - 2026-06-10`)
+- Only **minor versions** get changelog headings — patch numbers from dev are never shown
+- Dev/alpha/beta/RC pre-release descriptions pull from `[Unreleased]` automatically
+- **CI will block PRs to main** if `[Unreleased]` has no entries
+
+### Categories
+
+Use these headings under each version:
+
+- `### Added` — new features
+- `### Changed` — changes to existing functionality
+- `### Deprecated` — features that will be removed
+- `### Removed` — features that were removed
+- `### Fixed` — bug fixes
+- `### Security` — vulnerability fixes
+
 ## Code Standards
 
 - **PHP**: PSR-12, tabs for indentation
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index 26473101..21d7d9b0 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -19,7 +19,11 @@
  DEFGROUP: mokoconsulting-tech.MokoWaaSBrand
  INGROUP: MokoStandards.Governance
  REPO: https://github.com/mokoconsulting-tech/MokoWaaSBrand
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /GOVERNANCE.md
  BRIEF: Project governance rules, roles, and decision process for MokoWaaSBrand
 -->
diff --git a/LICENSE.md b/LICENSE.md
index e8ad3a1b..81f7ef9c 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -15,7 +15,11 @@
 	INGROUP: MokoWaaS.Documentation
   REPO: https://github.com/mokoconsulting-tech/mokowaas
 	PATH: ./LICENSE.md
+<<<<<<< HEAD
 	VERSION: 02.34.00
+=======
+	VERSION: 02.34.16
+>>>>>>> origin/dev
 	BRIEF: Project license (GPL-3.0-or-later)
 -->
 										GNU GENERAL PUBLIC LICENSE
diff --git a/README.md b/README.md
index 77f02549..7f66b120 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,11 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS
  REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /README.md
  BRIEF: MokoWaaS platform plugin for Joomla
 -->
diff --git a/SECURITY.md b/SECURITY.md
index 52375fc3..9d4dbf4f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -23,7 +23,11 @@ DEFGROUP: [PROJECT_NAME]
 INGROUP: [PROJECT_NAME].Documentation
 REPO: [REPOSITORY_URL]
 PATH: /SECURITY.md
+<<<<<<< HEAD
 VERSION: 02.34.00
+=======
+VERSION: 02.34.16
+>>>>>>> origin/dev
 BRIEF: Security vulnerability reporting and handling policy
 -->
 
diff --git a/docs/guides/build-guide.md b/docs/guides/build-guide.md
index d9adbe28..557188ff 100644
--- a/docs/guides/build-guide.md
+++ b/docs/guides/build-guide.md
@@ -11,13 +11,21 @@
  INGROUP: MokoWaaS.Build
  REPO: https://github.com/mokoconsulting-tech/mokowaas
  FILE: build-guide.md
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/
  BRIEF: Build and packaging guide for the MokoWaaS system plugin
  NOTE: Defines environment setup, repository layout, packaging rules, and release preparation
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Build Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Build Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## 1. Purpose
 
@@ -44,7 +52,7 @@ The repository should maintain a clean, predictable, and modular structure suita
 
 ```text
 mokowaas/
-  ├── src/
+  ├── source/
   │     ├── mokowaas.php        (main plugin file)
   │     ├── mokowaas.xml        (plugin manifest)
   │     ├── services/                (service providers for DI)
@@ -192,7 +200,7 @@ jobs:
 
       - name: Lint PHP and syntax check
         run: |
-          echo "[INFO] Run php -l over src/ and any additional linting as needed."
+          echo "[INFO] Run php -l over source/ and any additional linting as needed."
 
       - name: Create build artifact
         run: |
diff --git a/docs/guides/configuration-guide.md b/docs/guides/configuration-guide.md
index 8679912b..3658d2c9 100644
--- a/docs/guides/configuration-guide.md
+++ b/docs/guides/configuration-guide.md
@@ -10,13 +10,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/configuration-guide.md
  BRIEF: Configuration guide for the MokoWaaS system plugin
  NOTE: Defines plugin parameters, expected behaviors, and recommended defaults
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Configuration Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Configuration Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## 1. Objective
 
diff --git a/docs/guides/installation-guide.md b/docs/guides/installation-guide.md
index 11c59cd9..52cda101 100644
--- a/docs/guides/installation-guide.md
+++ b/docs/guides/installation-guide.md
@@ -10,13 +10,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/installation-guide.md
  BRIEF: Installation guide for the MokoWaaS system plugin
  NOTE: First document in the guide set
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Installation Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Installation Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## Introduction
 
diff --git a/docs/guides/operations-guide.md b/docs/guides/operations-guide.md
index 23c744ae..ec77e9fc 100644
--- a/docs/guides/operations-guide.md
+++ b/docs/guides/operations-guide.md
@@ -10,13 +10,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/operations-guide.md
  BRIEF: Operational guide for administering and managing the MokoWaaS system plugin
  NOTE: Defines lifecycle, responsibilities, and operational behaviors
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Operations Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Operations Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## Introduction
 
diff --git a/docs/guides/rollback-and-recovery-guide.md b/docs/guides/rollback-and-recovery-guide.md
index 5db4a4ff..a7176845 100644
--- a/docs/guides/rollback-and-recovery-guide.md
+++ b/docs/guides/rollback-and-recovery-guide.md
@@ -10,13 +10,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/rollback-and-recovery-guide.md
  BRIEF: Rollback and recovery guide for restoring stable operation after plugin related incidents
  NOTE: Completes the core guide set for WaaS plugin governance
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Rollback and Recovery Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Rollback and Recovery Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## Introduction
 
diff --git a/docs/guides/testing-guide.md b/docs/guides/testing-guide.md
index 15bf0da1..0ff884e7 100644
--- a/docs/guides/testing-guide.md
+++ b/docs/guides/testing-guide.md
@@ -7,13 +7,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/testing-guide.md
  BRIEF: Testing guide for MokoWaaS v02.01.08
  NOTE: Covers manual test procedures for language overrides, install/uninstall, and configuration
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Testing Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Testing Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## 1. Prerequisites
 
@@ -27,7 +35,7 @@
 
 1. Clean Joomla 5.x installation OR existing site with custom language overrides.
 2. Admin account with Super User access.
-3. Build the plugin package: `make package` or zip the `src/` directory.
+3. Build the plugin package: `make package` or zip the `source/` directory.
 
 ## 2. Test Suites
 
@@ -278,19 +286,19 @@ Run from the project root:
 
 ```bash
 # Lint all PHP files
-php -l src/script.php
-php -l src/Extension/MokoWaaS.php
+php -l source/script.php
+php -l source/Extension/MokoWaaS.php
 
 # Verify all override files have placeholders (no hardcoded "MokoWaaS" in values)
-grep -r '"MokoWaaS' src/language/overrides/ src/administrator/language/overrides/
+grep -r '"MokoWaaS' source/language/overrides/ source/administrator/language/overrides/
 # Expected: no output (all values should use {{BRAND_NAME}})
 
 # Verify sentinel constants match
-grep -c 'BLOCK_START\|BLOCK_END' src/script.php
+grep -c 'BLOCK_START\|BLOCK_END' source/script.php
 # Expected: 6+ references
 
 # Verify all .ini files have version 02.01.08
-grep -r 'Version:' src/**/*.ini | grep -v '02.01.08'
+grep -r 'Version:' source/**/*.ini | grep -v '02.01.08'
 # Expected: no output
 ```
 
diff --git a/docs/guides/troubleshooting-guide.md b/docs/guides/troubleshooting-guide.md
index 0bcdcef3..b7169ef5 100644
--- a/docs/guides/troubleshooting-guide.md
+++ b/docs/guides/troubleshooting-guide.md
@@ -10,13 +10,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/troubleshooting-guide.md
  BRIEF: Troubleshooting guide for diagnosing and resolving issues related to the MokoWaaS plugin
  NOTE: Designed for administrators and WaaS operations teams
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Troubleshooting Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Troubleshooting Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## Introduction
 
diff --git a/docs/guides/upgrade-and-versioning-guide.md b/docs/guides/upgrade-and-versioning-guide.md
index b14777a1..f9e5c834 100644
--- a/docs/guides/upgrade-and-versioning-guide.md
+++ b/docs/guides/upgrade-and-versioning-guide.md
@@ -10,13 +10,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Guides
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/guides/upgrade-and-versioning-guide.md
  BRIEF: Guide for updating, versioning, and maintaining the MokoWaaS plugin
  NOTE: Defines release flow, version rules, and upgrade validation
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Upgrade and Versioning Guide (VERSION: 02.34.00)
+=======
+# MokoWaaS Upgrade and Versioning Guide (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## Introduction
 
diff --git a/docs/index.md b/docs/index.md
index bfd4ac24..421ddb86 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -10,13 +10,21 @@
  DEFGROUP: Joomla.Plugin
  INGROUP: MokoWaaS.Documentation
  REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  PATH: /docs/index.md
  BRIEF: Master index of all documentation for the MokoWaaS plugin
  NOTE: Automatically maintained index for all guide canvases
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Documentation Index (VERSION: 02.34.00)
+=======
+# MokoWaaS Documentation Index (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## Introduction
 
diff --git a/docs/plugin-basic.md b/docs/plugin-basic.md
index 4752c5a0..86de9e46 100644
--- a/docs/plugin-basic.md
+++ b/docs/plugin-basic.md
@@ -11,12 +11,20 @@
  INGROUP: MokoWaaS
  REPO: https://github.com/mokoconsulting-tech/mokowaas
  PATH: /docs/plugin-basic.md
+<<<<<<< HEAD
  VERSION: 02.34.00
+=======
+ VERSION: 02.34.16
+>>>>>>> origin/dev
  BRIEF: Baseline documentation for the MokoWaaS system plugin
  NOTE: Foundational reference for internal and external stakeholders
 -->
 
+<<<<<<< HEAD
 # MokoWaaS Plugin Overview (VERSION: 02.34.00)
+=======
+# MokoWaaS Plugin Overview (VERSION: 02.34.16)
+>>>>>>> origin/dev
 
 ## Introduction
 
diff --git a/docs/update-server.md b/docs/update-server.md
index 3dd7fa55..ce75089d 100644
--- a/docs/update-server.md
+++ b/docs/update-server.md
@@ -10,7 +10,11 @@ DEFGROUP: MokoWaaS.Documentation
 INGROUP: MokoStandards.Templates
 REPO: https://github.com/mokoconsulting-tech/MokoWaaS
 PATH: /docs/update-server.md
+<<<<<<< HEAD
 VERSION: 02.34.00
+=======
+VERSION: 02.34.16
+>>>>>>> origin/dev
 BRIEF: How this extension's Joomla update server file (update.xml) is managed
 -->
 
@@ -84,7 +88,7 @@ Since Joomla sites read `updates.xml` from the `main` branch, the `update-server
 
 ### Metadata Source
 
-All metadata is extracted from the extension's XML manifest (`src/*.xml`) at build time:
+All metadata is extracted from the extension's XML manifest (`source/*.xml`) at build time:
 
 | XML Element | Source | Notes |
 |-------------|--------|-------|
@@ -136,7 +140,7 @@ The `repo_health.yml` workflow verifies on every commit:
 - `<version>`, `<name>`, `<author>`, `<namespace>` tags present
 - Extension `type` attribute is valid
 - Language `.ini` files exist
-- `index.html` directory listing protection in `src/`, `src/admin/`, `src/site/`
+- `index.html` directory listing protection in `source/`, `source/admin/`, `source/site/`
 
 ---
 
diff --git a/source/packages/com_mokowaas/admin/access.xml b/source/packages/com_mokowaas/admin/access.xml
new file mode 100644
index 00000000..753c1ee1
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/access.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<access component="com_mokowaas">
+	<section name="component">
+		<action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" />
+		<action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" />
+		<action name="mokowaas.dashboard" title="COM_MOKOWAAS_ACL_DASHBOARD" description="COM_MOKOWAAS_ACL_DASHBOARD_DESC" />
+		<action name="mokowaas.extensions" title="COM_MOKOWAAS_ACL_EXTENSIONS" description="COM_MOKOWAAS_ACL_EXTENSIONS_DESC" />
+		<action name="mokowaas.htaccess" title="COM_MOKOWAAS_ACL_HTACCESS" description="COM_MOKOWAAS_ACL_HTACCESS_DESC" />
+		<action name="mokowaas.tickets" title="COM_MOKOWAAS_ACL_TICKETS" description="COM_MOKOWAAS_ACL_TICKETS_DESC" />
+		<action name="mokowaas.tickets.create" title="COM_MOKOWAAS_ACL_TICKETS_CREATE" description="COM_MOKOWAAS_ACL_TICKETS_CREATE_DESC" />
+		<action name="mokowaas.tickets.assign" title="COM_MOKOWAAS_ACL_TICKETS_ASSIGN" description="COM_MOKOWAAS_ACL_TICKETS_ASSIGN_DESC" />
+		<action name="mokowaas.plugins.toggle" title="COM_MOKOWAAS_ACL_PLUGINS_TOGGLE" description="COM_MOKOWAAS_ACL_PLUGINS_TOGGLE_DESC" />
+		<action name="mokowaas.cache" title="COM_MOKOWAAS_ACL_CACHE" description="COM_MOKOWAAS_ACL_CACHE_DESC" />
+	</section>
+</access>
diff --git a/source/packages/com_mokowaas/admin/catalog.xml b/source/packages/com_mokowaas/admin/catalog.xml
new file mode 100644
index 00000000..2122651b
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/catalog.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Extension catalog for MokoWaaS Extension Manager.
+ Each entry points to the extension's own updates.xml — the installer
+ resolves the latest version and download URL at runtime.
+
+ To add an extension: copy an <extension> block and fill in the fields.
+ The updateserver URL must point to a valid Joomla updates.xml file.
+-->
+<catalog>
+	<extension>
+		<name>MokoWaaS</name>
+		<element>pkg_mokowaas</element>
+		<type>package</type>
+		<description>Admin dashboard, security firewall, tenant restrictions, health monitoring, and REST API.</description>
+		<icon>icon-shield-alt</icon>
+		<category>Platform</category>
+		<article>https://mokoconsulting.tech/support/products/mokowaas-platform</article>
+		<protected>true</protected>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+	<extension>
+		<name>MokoOnyx</name>
+		<element>mokoonyx</element>
+		<type>template</type>
+		<description>Modern Joomla site template with dark mode, custom layouts, and MokoWaaS integration.</description>
+		<icon>icon-paint-brush</icon>
+		<category>Templates</category>
+		<article>https://mokoconsulting.tech/support/products/mokoonyx-template</article>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoOnyx/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+	<extension>
+		<name>MokoJoomTOS</name>
+		<element>com_mokojoomtos</element>
+		<type>component</type>
+		<description>Terms of Service and privacy policy component with consent tracking.</description>
+		<icon>icon-file-contract</icon>
+		<category>Components</category>
+		<article>https://mokoconsulting.tech/support/products/mokojoomtos</article>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoJoomTOS/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+	<extension>
+		<name>MokoJoomHero</name>
+		<element>mod_mokojoomhero</element>
+		<type>module</type>
+		<description>Random hero image module from a configurable folder.</description>
+		<icon>icon-image</icon>
+		<category>Modules</category>
+		<article>https://mokoconsulting.tech/support/products/mokojoomhero</article>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoJoomHero/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+	<extension>
+		<name>MokoWaaS Announce</name>
+		<element>mod_mokowaas_announce</element>
+		<type>module</type>
+		<description>Centralized announcement system via admin module.</description>
+		<icon>icon-bullhorn</icon>
+		<category>Modules</category>
+		<article>https://mokoconsulting.tech/support/products/mokowaas-announce</article>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoWaaSAnnounce/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+	<extension>
+		<name>DPCalendar API</name>
+		<element>mokodpcalendarapi</element>
+		<type>plugin</type>
+		<description>Web Services plugin exposing DPCalendar events and calendars via REST API.</description>
+		<icon>icon-calendar</icon>
+		<category>Plugins</category>
+		<article>https://mokoconsulting.tech/support/products/mokodpcalendarapi</article>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoDPCalendarAPI/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+	<extension>
+		<name>Gallery Calendar</name>
+		<element>mokogallerycalendar</element>
+		<type>plugin</type>
+		<description>JoomGallery and DPCalendar integration — link galleries to events.</description>
+		<icon>icon-images</icon>
+		<category>Plugins</category>
+		<article>https://mokoconsulting.tech/support/products/mokogallerycalendar</article>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoGalleryCalendar/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+	<extension>
+		<name>MokoJoomOpenGraph</name>
+		<element>pkg_mokoog</element>
+		<type>package</type>
+		<description>Open Graph, Twitter Card, and social sharing meta tags for articles, categories, and pages.</description>
+		<icon>icon-share-alt</icon>
+		<category>Components</category>
+		<article>https://mokoconsulting.tech/support/products/mokojoomopengraph</article>
+		<updateserver>https://git.mokoconsulting.tech/MokoConsulting/MokoJoomOpenGraph/raw/branch/dev/updates.xml</updateserver>
+	</extension>
+</catalog>
diff --git a/source/packages/com_mokowaas/admin/config.xml b/source/packages/com_mokowaas/admin/config.xml
new file mode 100644
index 00000000..34e4e4e0
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/config.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="utf-8"?>
+<config>
+	<fieldset name="notifications" label="Email Notifications" description="Configure email recipients for ticket and security notifications.">
+		<field name="admin_emails" type="text" default=""
+			label="Admin Email Addresses"
+			description="Comma-separated email addresses to receive all notifications."
+			hint="admin@example.com, support@example.com" />
+		<field name="admin_user_ids" type="text" default=""
+			label="Admin User IDs"
+			description="Comma-separated Joomla user IDs to receive notifications."
+			hint="320, 321" />
+		<field name="security_alerts" type="radio" default="1"
+			label="Security Alerts"
+			description="Send email alerts for WAF blocks and admin logins."
+			class="btn-group btn-group-yesno">
+			<option value="1">JYES</option>
+			<option value="0">JNO</option>
+		</field>
+	</fieldset>
+
+	<fieldset name="helpdesk" label="Helpdesk Settings" description="Default helpdesk behavior.">
+		<field name="default_category" type="sql" default=""
+			label="Default Ticket Category"
+			description="Category assigned to tickets without a selection."
+			query="SELECT id AS value, title AS text FROM #__mokowaas_ticket_categories WHERE published = 1 ORDER BY ordering" />
+		<field name="autoclose_days" type="number" default="7"
+			label="Auto-Close After (days)"
+			description="Resolved tickets are auto-closed after this many days. 0 = disabled." />
+		<field name="kb_search_enabled" type="radio" default="1"
+			label="KB Search on Ticket Forms"
+			description="Show knowledge base search before ticket submission."
+			class="btn-group btn-group-yesno">
+			<option value="1">JYES</option>
+			<option value="0">JNO</option>
+		</field>
+	</fieldset>
+
+	<fieldset name="permissions" label="COM_MOKOWAAS_ACL_TITLE"
+		description="COM_MOKOWAAS_ACL_DESC">
+		<field name="rules" type="rules"
+			label="COM_MOKOWAAS_ACL_TITLE"
+			validate="rules"
+			filter="rules"
+			component="com_mokowaas"
+			section="component" />
+	</fieldset>
+</config>
diff --git a/source/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.ini b/source/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.ini
new file mode 100644
index 00000000..f8a00220
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.ini
@@ -0,0 +1,41 @@
+; MokoWaaS Admin Dashboard - Language Strings
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+COM_MOKOWAAS_DASHBOARD_TITLE="MokoWaaS Control Panel"
+COM_MOKOWAAS_SITE="Site"
+COM_MOKOWAAS_DATABASE="Database"
+COM_MOKOWAAS_DEBUG_ON="Debug ON"
+COM_MOKOWAAS_OFFLINE="Offline"
+COM_MOKOWAAS_CLEAR_CACHE="Clear Cache"
+COM_MOKOWAAS_CHECK_UPDATES="Check Updates"
+COM_MOKOWAAS_ENABLED="Enabled"
+COM_MOKOWAAS_DISABLED="Disabled"
+COM_MOKOWAAS_PROTECTED="Protected"
+COM_MOKOWAAS_CONFIGURE="Configure"
+COM_MOKOWAAS_TOGGLE_SUCCESS="Plugin state updated."
+COM_MOKOWAAS_TOGGLE_FAIL="Failed to update plugin state."
+COM_MOKOWAAS_CACHE_CLEARED="Cache cleared successfully."
+COM_MOKOWAAS_EXTENSIONS_TITLE="Moko Extensions"
+COM_MOKOWAAS_EXTENSIONS_INFO="Install Moko Consulting Joomla packages from the official release server. Updates are handled through Joomla's native System > Update mechanism — each package registers its own update server."
+COM_MOKOWAAS_EXTENSIONS_LINK="Moko Extensions"
+COM_MOKOWAAS_HTACCESS_TITLE=".htaccess Maker"
+COM_MOKOWAAS_TICKETS_TITLE="Helpdesk"
+
+; ACL
+COM_MOKOWAAS_ACL_DASHBOARD="View Dashboard"
+COM_MOKOWAAS_ACL_DASHBOARD_DESC="Allow viewing the MokoWaaS control panel dashboard."
+COM_MOKOWAAS_ACL_EXTENSIONS="Manage Extensions"
+COM_MOKOWAAS_ACL_EXTENSIONS_DESC="Allow installing and uninstalling Moko extensions."
+COM_MOKOWAAS_ACL_HTACCESS="Manage .htaccess"
+COM_MOKOWAAS_ACL_HTACCESS_DESC="Allow editing and saving the .htaccess configuration."
+COM_MOKOWAAS_ACL_TICKETS="View Tickets"
+COM_MOKOWAAS_ACL_TICKETS_DESC="Allow viewing helpdesk tickets."
+COM_MOKOWAAS_ACL_TICKETS_CREATE="Create Tickets"
+COM_MOKOWAAS_ACL_TICKETS_CREATE_DESC="Allow creating new helpdesk tickets."
+COM_MOKOWAAS_ACL_TICKETS_ASSIGN="Assign Tickets"
+COM_MOKOWAAS_ACL_TICKETS_ASSIGN_DESC="Allow assigning tickets to other users."
+COM_MOKOWAAS_ACL_PLUGINS_TOGGLE="Toggle Plugins"
+COM_MOKOWAAS_ACL_PLUGINS_TOGGLE_DESC="Allow enabling and disabling MokoWaaS feature plugins."
+COM_MOKOWAAS_ACL_CACHE="Clear Cache"
+COM_MOKOWAAS_ACL_CACHE_DESC="Allow clearing the Joomla cache from the dashboard."
diff --git a/source/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.sys.ini b/source/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.sys.ini
new file mode 100644
index 00000000..3c71dbd1
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.sys.ini
@@ -0,0 +1,19 @@
+; MokoWaaS Admin Dashboard - System Language Strings
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+COM_MOKOWAAS="MokoWaaS"
+COM_MOKOWAAS_DESCRIPTION="MokoWaaS admin dashboard and REST API. Control panel for managing site features, health monitoring, and remote management."
+COM_MOKOWAAS_DASHBOARD_TITLE="MokoWaaS Control Panel"
+COM_MOKOWAAS_MENU_DASHBOARD="Dashboard"
+COM_MOKOWAAS_MENU_EXTENSIONS="Moko Extensions"
+COM_MOKOWAAS_MENU_PLUGINS="Feature Plugins"
+COM_MOKOWAAS_MENU_UPDATES="Joomla Updates"
+COM_MOKOWAAS_MENU_CHECKIN="Global Check-in"
+COM_MOKOWAAS_MENU_TICKETS="Helpdesk"
+COM_MOKOWAAS_MENU_HTACCESS=".htaccess Maker"
+COM_MOKOWAAS_MENU_PRIVACY="Privacy Guard"
+COM_MOKOWAAS_MENU_WAFLOG="WAF Log"
+COM_MOKOWAAS_MENU_DATABASE="Database Tools"
+COM_MOKOWAAS_MENU_CLEANUP="Cache Cleanup"
+COM_MOKOWAAS_MENU_CACHE="Cache Management"
diff --git a/src/packages/com_mokowaas/admin/services/provider.php b/source/packages/com_mokowaas/admin/services/provider.php
similarity index 100%
rename from src/packages/com_mokowaas/admin/services/provider.php
rename to source/packages/com_mokowaas/admin/services/provider.php
diff --git a/source/packages/com_mokowaas/admin/sql/install.mysql.sql b/source/packages/com_mokowaas/admin/sql/install.mysql.sql
new file mode 100644
index 00000000..0bd447a0
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/sql/install.mysql.sql
@@ -0,0 +1,135 @@
+--
+-- MokoWaaS Helpdesk Tables
+--
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_ticket_categories` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `title` VARCHAR(255) NOT NULL,
+  `alias` VARCHAR(255) NOT NULL DEFAULT '',
+  `description` TEXT,
+  `auto_assign_user` INT DEFAULT NULL,
+  `sla_response_minutes` INT UNSIGNED NOT NULL DEFAULT 480,
+  `sla_resolution_minutes` INT UNSIGNED NOT NULL DEFAULT 2880,
+  `ordering` INT NOT NULL DEFAULT 0,
+  `published` TINYINT NOT NULL DEFAULT 1,
+  PRIMARY KEY (`id`),
+  KEY `idx_alias` (`alias`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_tickets` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `subject` VARCHAR(512) NOT NULL,
+  `body` TEXT NOT NULL,
+  `status` ENUM('open','in_progress','waiting','resolved','closed') NOT NULL DEFAULT 'open',
+  `priority` ENUM('low','normal','high','urgent') NOT NULL DEFAULT 'normal',
+  `category_id` INT UNSIGNED DEFAULT NULL,
+  `created_by` INT NOT NULL DEFAULT 0,
+  `assigned_to` INT DEFAULT NULL,
+  `created` DATETIME NOT NULL,
+  `modified` DATETIME DEFAULT NULL,
+  `resolved` DATETIME DEFAULT NULL,
+  `closed` DATETIME DEFAULT NULL,
+  `sla_response_due` DATETIME DEFAULT NULL,
+  `sla_resolution_due` DATETIME DEFAULT NULL,
+  `sla_responded` TINYINT NOT NULL DEFAULT 0,
+  PRIMARY KEY (`id`),
+  KEY `idx_status` (`status`),
+  KEY `idx_priority` (`priority`),
+  KEY `idx_assigned` (`assigned_to`),
+  KEY `idx_category` (`category_id`),
+  KEY `idx_created` (`created`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_ticket_replies` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `ticket_id` INT UNSIGNED NOT NULL,
+  `user_id` INT NOT NULL DEFAULT 0,
+  `body` TEXT NOT NULL,
+  `is_internal` TINYINT NOT NULL DEFAULT 0,
+  `created` DATETIME NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `idx_ticket` (`ticket_id`),
+  KEY `idx_created` (`created`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_ticket_canned` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `title` VARCHAR(255) NOT NULL,
+  `body` TEXT NOT NULL,
+  `category_id` INT UNSIGNED DEFAULT NULL,
+  `ordering` INT NOT NULL DEFAULT 0,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_ticket_automation` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `title` VARCHAR(255) NOT NULL,
+  `trigger_event` VARCHAR(50) NOT NULL DEFAULT 'ticket_created',
+  `conditions` TEXT NOT NULL DEFAULT '[]',
+  `actions` TEXT NOT NULL DEFAULT '[]',
+  `enabled` TINYINT NOT NULL DEFAULT 1,
+  `ordering` INT NOT NULL DEFAULT 0,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+-- Default automation rules
+INSERT IGNORE INTO `#__mokowaas_ticket_automation` (`id`, `title`, `trigger_event`, `conditions`, `actions`, `enabled`, `ordering`) VALUES
+(1, 'Auto-close resolved tickets after 7 days', 'scheduled', '[{"field":"status","op":"eq","value":"resolved"},{"field":"age_hours","op":"gt","value":"168"}]', '[{"type":"set_status","value":"closed"},{"type":"add_note","value":"Auto-closed after 7 days with no response."}]', 1, 1),
+(2, 'Escalate urgent tickets with no response in 1 hour', 'scheduled', '[{"field":"priority","op":"eq","value":"urgent"},{"field":"sla_responded","op":"eq","value":"0"},{"field":"age_hours","op":"gt","value":"1"}]', '[{"type":"add_note","value":"SLA BREACH: Urgent ticket has no staff response after 1 hour."}]', 1, 2),
+(3, 'Notify on high priority ticket creation', 'ticket_created', '[{"field":"priority","op":"in","value":"high,urgent"}]', '[{"type":"add_note","value":"High/urgent ticket created — requires immediate attention."}]', 1, 3);
+
+-- Default categories
+INSERT IGNORE INTO `#__mokowaas_ticket_categories` (`id`, `title`, `alias`, `description`, `sla_response_minutes`, `sla_resolution_minutes`, `ordering`) VALUES
+(1, 'General Support', 'general-support', 'General questions and assistance', 480, 2880, 1),
+(2, 'Bug Report', 'bug-report', 'Report a software bug or issue', 240, 1440, 2),
+(3, 'Feature Request', 'feature-request', 'Request a new feature or enhancement', 1440, 10080, 3),
+(4, 'Billing', 'billing', 'Billing, invoicing, and payment questions', 240, 1440, 4),
+(5, 'Urgent / Outage', 'urgent-outage', 'Site down or critical issue', 60, 240, 5);
+
+--
+-- Privacy Guard Tables
+--
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_consent_log` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `user_id` INT NOT NULL,
+  `category` VARCHAR(50) NOT NULL,
+  `action` ENUM('granted','revoked') NOT NULL,
+  `ip_address` VARCHAR(45) NOT NULL DEFAULT '',
+  `created` DATETIME NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `idx_user` (`user_id`),
+  KEY `idx_category` (`category`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_data_requests` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `user_id` INT NOT NULL,
+  `type` ENUM('export','delete','anonymize') NOT NULL,
+  `status` ENUM('pending','processing','completed','denied') NOT NULL DEFAULT 'pending',
+  `notes` TEXT,
+  `processed_by` INT DEFAULT NULL,
+  `created` DATETIME NOT NULL,
+  `processed` DATETIME DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `idx_user` (`user_id`),
+  KEY `idx_status` (`status`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE IF NOT EXISTS `#__mokowaas_retention_policies` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `content_type` VARCHAR(100) NOT NULL,
+  `retention_days` INT UNSIGNED NOT NULL DEFAULT 365,
+  `action` ENUM('anonymize','delete','archive') NOT NULL DEFAULT 'anonymize',
+  `enabled` TINYINT NOT NULL DEFAULT 1,
+  `description` VARCHAR(255) NOT NULL DEFAULT '',
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+-- Default retention policies
+INSERT IGNORE INTO `#__mokowaas_retention_policies` (`id`, `content_type`, `retention_days`, `action`, `enabled`, `description`) VALUES
+(1, 'action_logs', 90, 'delete', 1, 'Delete action log entries older than 90 days'),
+(2, 'waf_logs', 30, 'delete', 1, 'Delete WAF block logs older than 30 days'),
+(3, 'sessions', 7, 'delete', 1, 'Purge expired sessions older than 7 days'),
+(4, 'inactive_users', 730, 'anonymize', 0, 'Anonymize users inactive for 2 years (disabled by default)'),
+(5, 'closed_tickets', 365, 'anonymize', 0, 'Anonymize closed tickets older than 1 year (disabled by default)');
diff --git a/source/packages/com_mokowaas/admin/src/Controller/DisplayController.php b/source/packages/com_mokowaas/admin/src/Controller/DisplayController.php
new file mode 100644
index 00000000..e8ecb437
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Controller/DisplayController.php
@@ -0,0 +1,719 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\MVC\Controller\BaseController;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+class DisplayController extends BaseController
+{
+	protected $default_view = 'dashboard';
+
+	/**
+	 * ACL map: view name => required permission.
+	 */
+	private const VIEW_ACL = [
+		'dashboard'  => 'mokowaas.dashboard',
+		'extensions' => 'mokowaas.extensions',
+		'htaccess'   => 'mokowaas.htaccess',
+		'tickets'    => 'mokowaas.tickets',
+		'ticket'     => 'mokowaas.tickets',
+		'privacy'    => 'core.admin',
+		'waflog'     => 'core.admin',
+		'categories' => 'mokowaas.tickets',
+		'canned'     => 'mokowaas.tickets',
+		'automation' => 'core.admin',
+		'database'   => 'core.admin',
+		'cleanup'    => 'mokowaas.cache',
+	];
+
+	public function display($cachable = false, $urlparams = [])
+	{
+		$view = $this->input->get('view', $this->default_view);
+		$acl  = self::VIEW_ACL[$view] ?? 'core.manage';
+
+		if (!$this->checkAcl($acl))
+		{
+			Factory::getApplication()->enqueueMessage(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 'error');
+			Factory::getApplication()->redirect(Route::_('index.php', false));
+
+			return;
+		}
+
+		return parent::display($cachable, $urlparams);
+	}
+
+	// ==================================================================
+	// Plugin toggle
+	// ==================================================================
+
+	public function togglePlugin()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.plugins.toggle'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$app   = Factory::getApplication();
+		$model = $this->getModel('Dashboard');
+
+		$result = $model->togglePlugin(
+			$app->getInput()->getInt('extension_id', 0),
+			$app->getInput()->getInt('enabled', 0)
+		);
+
+		$this->jsonResponse($result);
+	}
+
+	// ==================================================================
+	// Cache
+	// ==================================================================
+
+	public function clearCache()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.cache'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$this->jsonResponse($this->getModel('Dashboard')->clearCache());
+	}
+
+	public function clearTemp()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.cache'))
+		{
+			$this->jsonForbidden();
+			return;
+		}
+
+		$this->jsonResponse($this->getModel('Dashboard')->clearTemp());
+	}
+
+	// ==================================================================
+	// Extensions
+	// ==================================================================
+
+	public function installExtension()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.extensions'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$downloadUrl = Factory::getApplication()->getInput()->getString('download_url', '');
+
+		if (empty($downloadUrl))
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Missing download URL.']);
+	return;
+		}
+
+		$this->jsonResponse($this->getModel('Extensions')->installFromUrl($downloadUrl));
+	}
+
+	// ==================================================================
+	// .htaccess
+	// ==================================================================
+
+	public function saveHtaccess()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.htaccess'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$app   = Factory::getApplication();
+		$input = $app->getInput();
+		$model = $this->getModel('Htaccess');
+
+		$options = [];
+
+		foreach ($input->getArray() as $key => $value)
+		{
+			if (str_starts_with($key, 'opt_'))
+			{
+				$options[substr($key, 4)] = $value;
+			}
+		}
+
+		if (!empty($options))
+		{
+			$model->saveOptions($options);
+		}
+
+		$this->jsonResponse($model->saveHtaccess($input->getRaw('content', '')));
+	}
+
+	public function generateHtaccess()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.htaccess'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$model   = $this->getModel('Htaccess');
+		$options = Factory::getApplication()->getInput()->getArray();
+
+		$model->saveOptions($options);
+
+		$app = Factory::getApplication();
+		$app->setHeader('Content-Type', 'application/json');
+		echo json_encode([
+			'htaccess' => $model->generateHtaccess($options),
+			'nginx'    => $model->generateNginx($options),
+		]);
+		$app->close();
+	}
+
+	// ==================================================================
+	// Tickets
+	// ==================================================================
+
+	public function createTicket()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.tickets.create'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$input = Factory::getApplication()->getInput();
+
+		$this->jsonResponse($this->getModel('Tickets')->createTicket([
+			'subject'     => $input->getString('subject', ''),
+			'body'        => $input->getRaw('body', ''),
+			'priority'    => $input->getString('priority', 'normal'),
+			'category_id' => $input->getInt('category_id', 0),
+		]));
+	}
+
+	public function addTicketReply()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.tickets'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$input = Factory::getApplication()->getInput();
+
+		$this->jsonResponse($this->getModel('Tickets')->addReply(
+			$input->getInt('ticket_id', 0),
+			$input->getRaw('body', ''),
+			(bool) $input->getInt('is_internal', 0)
+		));
+	}
+
+	public function updateTicketStatus()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.tickets'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$input = Factory::getApplication()->getInput();
+
+		$this->jsonResponse($this->getModel('Tickets')->updateStatus(
+			$input->getInt('ticket_id', 0),
+			$input->getString('status', '')
+		));
+	}
+
+	// ==================================================================
+	// KB Search
+	// ==================================================================
+
+	public function searchKb()
+	{
+		$query = Factory::getApplication()->getInput()->getString('q', '');
+
+		if (strlen($query) < 3)
+		{
+			$this->jsonResponse(['results' => []]);
+		}
+
+		try
+		{
+			$db      = Factory::getDbo();
+			$escaped = $db->quote('%' . $db->escape($query, true) . '%');
+
+			$results = $db->setQuery(
+				$db->getQuery(true)
+					->select([$db->quoteName('l.title'), $db->quoteName('l.url'), $db->quoteName('l.description')])
+					->from($db->quoteName('#__finder_links', 'l'))
+					->where($db->quoteName('l.published') . ' = 1')
+					->where('(' . $db->quoteName('l.title') . ' LIKE ' . $escaped
+						. ' OR ' . $db->quoteName('l.description') . ' LIKE ' . $escaped . ')')
+					->order($db->quoteName('l.title') . ' ASC')
+					->setLimit(8)
+			)->loadObjectList() ?: [];
+
+			foreach ($results as $r)
+			{
+				$r->description = mb_substr(strip_tags($r->description ?? ''), 0, 150);
+			}
+
+			$this->jsonResponse(['results' => $results]);
+		}
+		catch (\Throwable $e)
+		{
+			$this->jsonResponse(['results' => []]);
+		}
+	}
+
+	// ==================================================================
+	// Maintenance (#127, #128)
+	// ==================================================================
+
+	public function optimizeDb()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('core.admin')) { $this->jsonForbidden(); return; }
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\MaintenanceModel();
+		$this->jsonResponse($model->optimizeTables());
+	}
+
+	public function repairDb()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('core.admin')) { $this->jsonForbidden(); return; }
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\MaintenanceModel();
+		$this->jsonResponse($model->repairTables());
+	}
+
+	public function purgeSessions()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('core.admin')) { $this->jsonForbidden(); return; }
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\MaintenanceModel();
+		$this->jsonResponse($model->purgeSessions());
+	}
+
+	public function cleanDirectory()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('mokowaas.cache')) { $this->jsonForbidden(); return; }
+		$dirKey = Factory::getApplication()->getInput()->getString('dir_key', '');
+		$model  = new \Moko\Component\MokoWaaS\Administrator\Model\MaintenanceModel();
+		$this->jsonResponse($model->cleanDirectory($dirKey));
+	}
+
+	// ==================================================================
+	// Helpdesk CRUD (#137, #138, #139)
+	// ==================================================================
+
+	public function saveCategory()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('mokowaas.tickets')) { $this->jsonForbidden(); }
+		$input = Factory::getApplication()->getInput();
+		$db = Factory::getDbo();
+		$id = $input->getInt('id', 0);
+		$data = (object) [
+			'title' => $input->getString('title', ''),
+			'alias' => \Joomla\CMS\Filter\OutputFilter::stringURLSafe($input->getString('title', '')),
+			'sla_response_minutes' => $input->getInt('sla_response_minutes', 480),
+			'sla_resolution_minutes' => $input->getInt('sla_resolution_minutes', 2880),
+			'auto_assign_user' => $input->getInt('auto_assign_user', 0) ?: null,
+			'published' => $input->getInt('published', 1),
+		];
+		if ($id) {
+			$data->id = $id;
+			$db->updateObject('#__mokowaas_ticket_categories', $data, 'id');
+		} else {
+			$data->ordering = 0;
+			$db->insertObject('#__mokowaas_ticket_categories', $data, 'id');
+		}
+		$this->jsonResponse(['success' => true, 'message' => 'Category saved.', 'id' => (int) $data->id]);
+	}
+
+	public function deleteCategory()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('mokowaas.tickets')) { $this->jsonForbidden(); }
+		$db = Factory::getDbo();
+		$db->setQuery($db->getQuery(true)->delete('#__mokowaas_ticket_categories')->where('id = ' . Factory::getApplication()->getInput()->getInt('id', 0)))->execute();
+		$this->jsonResponse(['success' => true, 'message' => 'Category deleted.']);
+	}
+
+	public function saveCanned()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('mokowaas.tickets')) { $this->jsonForbidden(); }
+		$input = Factory::getApplication()->getInput();
+		$db = Factory::getDbo();
+		$data = (object) [
+			'title' => $input->getString('title', ''),
+			'body' => $input->getRaw('body', ''),
+			'category_id' => $input->getInt('category_id', 0) ?: null,
+			'ordering' => 0,
+		];
+		$id = $input->getInt('id', 0);
+		if ($id) { $data->id = $id; $db->updateObject('#__mokowaas_ticket_canned', $data, 'id'); }
+		else { $db->insertObject('#__mokowaas_ticket_canned', $data, 'id'); }
+		$this->jsonResponse(['success' => true, 'message' => 'Canned response saved.', 'id' => (int) $data->id]);
+	}
+
+	public function deleteCanned()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('mokowaas.tickets')) { $this->jsonForbidden(); }
+		$db = Factory::getDbo();
+		$db->setQuery($db->getQuery(true)->delete('#__mokowaas_ticket_canned')->where('id = ' . Factory::getApplication()->getInput()->getInt('id', 0)))->execute();
+		$this->jsonResponse(['success' => true, 'message' => 'Canned response deleted.']);
+	}
+
+	public function saveAutomation()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('core.admin')) { $this->jsonForbidden(); }
+		$input = Factory::getApplication()->getInput();
+		$db = Factory::getDbo();
+		$data = (object) [
+			'title' => $input->getString('title', ''),
+			'trigger_event' => $input->getString('trigger_event', 'ticket_created'),
+			'conditions' => $input->getRaw('conditions', '[]'),
+			'actions' => $input->getRaw('actions', '[]'),
+			'enabled' => 1,
+			'ordering' => 0,
+		];
+		$id = $input->getInt('id', 0);
+		if ($id) { $data->id = $id; $db->updateObject('#__mokowaas_ticket_automation', $data, 'id'); }
+		else { $db->insertObject('#__mokowaas_ticket_automation', $data, 'id'); }
+		$this->jsonResponse(['success' => true, 'message' => 'Rule saved.', 'id' => (int) $data->id]);
+	}
+
+	public function deleteAutomation()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('core.admin')) { $this->jsonForbidden(); }
+		$db = Factory::getDbo();
+		$db->setQuery($db->getQuery(true)->delete('#__mokowaas_ticket_automation')->where('id = ' . Factory::getApplication()->getInput()->getInt('id', 0)))->execute();
+		$this->jsonResponse(['success' => true, 'message' => 'Rule deleted.']);
+	}
+
+	public function toggleAutomation()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+		if (!$this->checkAcl('core.admin')) { $this->jsonForbidden(); }
+		$input = Factory::getApplication()->getInput();
+		$db = Factory::getDbo();
+		$db->setQuery($db->getQuery(true)->update('#__mokowaas_ticket_automation')
+			->set('enabled = ' . $input->getInt('enabled', 0))
+			->where('id = ' . $input->getInt('id', 0)))->execute();
+		$this->jsonResponse(['success' => true, 'message' => 'Rule updated.']);
+	}
+
+	// ==================================================================
+	// Settings Import/Export (#132)
+	// ==================================================================
+
+	public function exportSettings()
+	{
+		Session::checkToken('get') or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('core.admin'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$db = Factory::getDbo();
+		$settings = [];
+
+		// Export all MokoWaaS plugin params
+		$plugins = ['mokowaas', 'mokowaas_firewall', 'mokowaas_tenant', 'mokowaas_devtools', 'mokowaas_offline'];
+
+		foreach ($plugins as $element)
+		{
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('params'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote($element))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+			);
+			$settings['plugins'][$element] = json_decode($db->loadResult() ?? '{}', true);
+		}
+
+		// Export component params
+		$db->setQuery(
+			$db->getQuery(true)
+				->select($db->quoteName('params'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+		);
+		$settings['component'] = json_decode($db->loadResult() ?? '{}', true);
+		$settings['exported']  = gmdate('Y-m-d\TH:i:s\Z');
+		$settings['site']      = Factory::getConfig()->get('sitename', '');
+
+		$this->jsonResponse(['success' => true, 'settings' => $settings]);
+	}
+
+	public function importSettings()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('core.admin'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$json = Factory::getApplication()->getInput()->getRaw('settings_json', '');
+		$data = json_decode($json, true);
+
+		if (empty($data) || empty($data['plugins']))
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Invalid settings JSON.']);
+	return;
+		}
+
+		$db    = Factory::getDbo();
+		$count = 0;
+
+		foreach ($data['plugins'] ?? [] as $element => $params)
+		{
+			if (!is_array($params))
+			{
+				continue;
+			}
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($params)))
+					->where($db->quoteName('element') . ' = ' . $db->quote($element))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+			)->execute();
+			$count++;
+		}
+
+		if (!empty($data['component']) && is_array($data['component']))
+		{
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($data['component'])))
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+			)->execute();
+			$count++;
+		}
+
+		$this->jsonResponse(['success' => true, 'message' => "Imported settings for {$count} extensions."]);
+	}
+
+	// ==================================================================
+	// WAF Log
+	// ==================================================================
+
+	public function purgeWafLog()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('core.admin'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$days  = Factory::getApplication()->getInput()->getInt('days', 30);
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\WaflogModel();
+
+		$this->jsonResponse($model->purgeLogs($days));
+	}
+
+	public function banIpFromLog()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('core.admin'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$ip    = Factory::getApplication()->getInput()->getString('ip', '');
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\WaflogModel();
+
+		$this->jsonResponse($model->banIp($ip));
+	}
+
+	// ==================================================================
+	// Privacy Guard
+	// ==================================================================
+
+	public function processDataRequest()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('core.admin'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$input  = Factory::getApplication()->getInput();
+		$model  = new \Moko\Component\MokoWaaS\Administrator\Model\PrivacyModel();
+		$action = $input->getString('action', 'deny');
+
+		if ($action === 'create')
+		{
+			$result = $model->createRequest(
+				$input->getInt('user_id', 0),
+				$input->getString('type', 'export')
+			);
+			$this->jsonResponse($result);
+			return;
+		}
+
+		if ($action === 'approve' && !$input->getInt('request_id', 0) && $input->getInt('user_id', 0))
+		{
+			// Auto-process: create then immediately approve
+			$result = $model->createRequest(
+				$input->getInt('user_id', 0),
+				$input->getString('type', 'export')
+			);
+
+			if ($result['success'] && !empty($result['id']))
+			{
+				$result = $model->processRequest((int) $result['id'], 'approve');
+			}
+
+			$this->jsonResponse($result);
+			return;
+		}
+
+		$this->jsonResponse($model->processRequest(
+			$input->getInt('request_id', 0),
+			$action
+		));
+	}
+
+	public function exportUserData()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('core.admin'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\PrivacyModel();
+
+		$this->jsonResponse($model->exportUserData(
+			Factory::getApplication()->getInput()->getInt('user_id', 0)
+		));
+	}
+
+	// ==================================================================
+	// Importers
+	// ==================================================================
+
+	public function importAts()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('mokowaas.tickets'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$this->jsonResponse($this->getModel('Import')->importAts());
+	}
+
+	public function importAdminTools()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		if (!$this->checkAcl('core.admin'))
+		{
+			$this->jsonForbidden();
+		return;
+		}
+
+		$this->jsonResponse($this->getModel('Import')->importAdminTools());
+	}
+
+	// ==================================================================
+	// Helpers
+	// ==================================================================
+
+	/**
+	 * Check a MokoWaaS ACL permission for the current user.
+	 */
+	private function checkAcl(string $action): bool
+	{
+		$user = Factory::getApplication()->getIdentity();
+
+		// Super admins always pass
+		if ($user->authorise('core.admin', 'com_mokowaas'))
+		{
+			return true;
+		}
+
+		return $user->authorise($action, 'com_mokowaas');
+	}
+
+	/**
+	 * Send a JSON response and close.
+	 */
+	private function jsonResponse(array $data): void
+	{
+		$app = Factory::getApplication();
+		$app->setHeader('Content-Type', 'application/json');
+		echo json_encode($data);
+		$app->close();
+	}
+
+	/**
+	 * Send a 403 JSON response and close.
+	 */
+	private function jsonForbidden(): void
+	{
+		$this->jsonResponse(['success' => false, 'message' => Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN')]);
+return;
+	}
+}
diff --git a/src/packages/com_mokowaas/admin/src/Model/DashboardModel.php b/source/packages/com_mokowaas/admin/src/Model/DashboardModel.php
similarity index 56%
rename from src/packages/com_mokowaas/admin/src/Model/DashboardModel.php
rename to source/packages/com_mokowaas/admin/src/Model/DashboardModel.php
index 8c9d3834..35a38556 100644
--- a/src/packages/com_mokowaas/admin/src/Model/DashboardModel.php
+++ b/source/packages/com_mokowaas/admin/src/Model/DashboardModel.php
@@ -22,39 +22,60 @@ class DashboardModel extends BaseDatabaseModel
 	 */
 	private const PLUGIN_META = [
 		'mokowaas' => [
-			'icon'        => 'icon-shield-alt',
-			'category'    => 'core',
-			'label'       => 'Core — Branding & Identity',
-			'description' => 'White-label branding, master user enforcement, emergency access, and plugin protection.',
-			'protected'   => true,
+			'icon'           => 'icon-shield-alt',
+			'category'       => 'core',
+			'label'          => 'Core',
+			'description'    => 'Heartbeat, health monitoring, site aliases, extension coordination, and download key preservation.',
+			'protected'      => true,
+			'configure_only' => false,
 		],
 		'mokowaas_firewall' => [
-			'icon'        => 'icon-lock',
-			'category'    => 'security',
-			'label'       => 'Firewall',
-			'description' => 'Web Application Firewall — SQLi, XSS, RFI, DFI shields, IP blocklist, admin secret URL, file protection.',
-			'protected'   => false,
+			'icon'           => 'icon-lock',
+			'category'       => 'security',
+			'label'          => 'Firewall',
+			'description'    => 'Web Application Firewall — SQLi, XSS, RFI, DFI shields, IP blocklist, admin secret URL, file protection.',
+			'protected'      => false,
+			'configure_only' => false,
 		],
 		'mokowaas_tenant' => [
-			'icon'        => 'icon-users',
-			'category'    => 'security',
-			'label'       => 'Tenant Restrictions',
-			'description' => 'Installer, sysinfo, config, and template access restrictions for non-master users.',
-			'protected'   => false,
+			'icon'           => 'icon-users',
+			'category'       => 'security',
+			'label'          => 'Tenant Restrictions',
+			'description'    => 'Installer, sysinfo, config, and template access restrictions for non-master users.',
+			'protected'      => false,
+			'configure_only' => false,
+		],
+		'mokowaas_offline' => [
+			'icon'           => 'icon-globe',
+			'category'       => 'security',
+			'label'          => 'Offline Bypass',
+			'description'    => 'Keep selected pages (TOS, Privacy Policy) accessible during offline mode.',
+			'protected'      => false,
+			'configure_only' => true,
 		],
 		'mokowaas_devtools' => [
-			'icon'        => 'icon-wrench',
-			'category'    => 'tools',
-			'label'       => 'Developer Tools',
-			'description' => 'Dev mode, hit counter reset, content version cleanup.',
-			'protected'   => false,
+			'icon'           => 'icon-wrench',
+			'category'       => 'tools',
+			'label'          => 'Developer Tools',
+			'description'    => 'Dev mode, hit counter reset, content version cleanup. Features are controlled inside the plugin settings.',
+			'protected'      => false,
+			'configure_only' => true,
 		],
-		'mokowaas_monitor' => [
-			'icon'        => 'icon-heartbeat',
-			'category'    => 'monitoring',
-			'label'       => 'Health Monitor',
-			'description' => 'Site health checks, Grafana heartbeat integration, and diagnostics.',
-			'protected'   => false,
+		'mokowaasdemo' => [
+			'icon'           => 'icon-undo',
+			'category'       => 'content',
+			'label'          => 'Demo Reset Task',
+			'description'    => 'Scheduled demo site reset with content snapshots.',
+			'protected'      => false,
+			'configure_only' => true,
+		],
+		'mokowaassync' => [
+			'icon'           => 'icon-sync',
+			'category'       => 'content',
+			'label'          => 'Content Sync Task',
+			'description'    => 'Scheduled content synchronisation to remote MokoWaaS sites.',
+			'protected'      => false,
+			'configure_only' => true,
 		],
 	];
 
@@ -97,7 +118,8 @@ class DashboardModel extends BaseDatabaseModel
 					'(' . $db->quoteName('type') . ' = ' . $db->quote('plugin')
 						. ' AND ' . $db->quoteName('folder') . ' = ' . $db->quote('system')
 						. ' AND (' . $db->quoteName('element') . ' = ' . $db->quote('mokowaas')
-						. ' OR ' . $db->quoteName('element') . ' LIKE ' . $db->quote('mokowaas\_%') . '))'
+						. ' OR ' . $db->quoteName('element') . ' LIKE ' . $db->quote('mokowaas\_%') . ')'
+					. ' AND ' . $db->quoteName('element') . ' != ' . $db->quote('mokowaas_monitor') . ')'
 					// Webservices plugins
 					. ' OR (' . $db->quoteName('type') . ' = ' . $db->quote('plugin')
 						. ' AND ' . $db->quoteName('folder') . ' = ' . $db->quote('webservices')
@@ -120,8 +142,10 @@ class DashboardModel extends BaseDatabaseModel
 			$manifest = json_decode($row->manifest_cache ?? '{}');
 			$version  = $manifest->version ?? '';
 
-			// Build a lookup key: system plugins use element, others use folder_element
-			$metaKey = $row->element;
+			// Only system plugins and task plugins match PLUGIN_META by element
+			$metaKey = ($row->folder === 'system' || $row->folder === 'task')
+				? $row->element
+				: $row->folder . '_' . $row->element;
 
 			$meta = self::PLUGIN_META[$metaKey] ?? null;
 
@@ -135,19 +159,20 @@ class DashboardModel extends BaseDatabaseModel
 			$categoryInfo = self::CATEGORIES[$categoryKey] ?? self::CATEGORIES['tools'];
 
 			$plugins[] = (object) [
-				'extension_id' => (int) $row->extension_id,
-				'name'         => $meta['label'] ?? $row->name,
-				'element'      => $row->element,
-				'folder'       => $row->folder,
-				'type'         => $row->type,
-				'enabled'      => (int) $row->enabled,
-				'protected'    => (int) $row->protected || ($meta['protected'] ?? false),
-				'version'      => $version,
-				'icon'         => $meta['icon'] ?? 'icon-puzzle-piece',
-				'category'     => $categoryKey,
+				'extension_id'  => (int) $row->extension_id,
+				'name'          => $meta['label'] ?? $row->name,
+				'element'       => $row->element,
+				'folder'        => $row->folder,
+				'type'          => $row->type,
+				'enabled'       => (int) $row->enabled,
+				'protected'     => (bool) ($meta['protected'] ?? false),
+				'configure_only' => (bool) ($meta['configure_only'] ?? false),
+				'version'       => $version,
+				'icon'          => $meta['icon'] ?? 'icon-puzzle-piece',
+				'category'      => $categoryKey,
 				'categoryLabel' => $categoryInfo['label'],
 				'categoryBadge' => $categoryInfo['badge'],
-				'description'  => $meta['description'] ?? '',
+				'description'   => $meta['description'] ?? '',
 			];
 		}
 
@@ -187,6 +212,54 @@ class DashboardModel extends BaseDatabaseModel
 		];
 	}
 
+	/**
+	 * Get installed MokoWaaS component and modules with versions.
+	 *
+	 * @return  array  Array of extension objects with name, element, type, version.
+	 */
+	public function getMokoExtensions(): array
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('element'),
+				$db->quoteName('name'),
+				$db->quoteName('type'),
+				$db->quoteName('enabled'),
+				$db->quoteName('manifest_cache'),
+			])
+			->from($db->quoteName('#__extensions'))
+			->where('('
+				// The component
+				. '(' . $db->quoteName('type') . ' = ' . $db->quote('component')
+				. ' AND ' . $db->quoteName('element') . ' = ' . $db->quote('com_mokowaas') . ')'
+				// Admin modules
+				. ' OR (' . $db->quoteName('type') . ' = ' . $db->quote('module')
+				. ' AND ' . $db->quoteName('element') . ' LIKE ' . $db->quote('mod_mokowaas%') . ')'
+			. ')')
+			->order($db->quoteName('type') . ' ASC, ' . $db->quoteName('element') . ' ASC');
+
+		$db->setQuery($query);
+		$rows = $db->loadObjectList() ?: [];
+
+		$extensions = [];
+
+		foreach ($rows as $row)
+		{
+			$manifest = json_decode($row->manifest_cache ?? '{}');
+
+			$extensions[] = (object) [
+				'element' => $row->element,
+				'name'    => $manifest->name ?? $row->name,
+				'type'    => $row->type,
+				'version' => $manifest->version ?? '',
+				'enabled' => (int) $row->enabled,
+			];
+		}
+
+		return $extensions;
+	}
+
 	/**
 	 * Toggle a plugin's enabled state.
 	 *
@@ -242,13 +315,18 @@ class DashboardModel extends BaseDatabaseModel
 	{
 		try
 		{
-			$app = Factory::getApplication();
-			$app->get('cache_handler', 'file');
-
-			// Clear site and admin caches
+			// Use Joomla's native cache API — same as com_cache
 			$cache = Factory::getContainer()->get(\Joomla\CMS\Cache\CacheControllerFactoryInterface::class);
-			Factory::getCache('', '')->gc();
-			Factory::getCache('', '', 'administrator')->gc();
+			$cache->createCacheController('', ['defaultgroup' => ''])->cache->clean('');
+
+			// Also clean admin cache
+			$conf = Factory::getApplication()->get('cache_handler', 'file');
+			$options = [
+				'defaultgroup' => '',
+				'cachebase'    => JPATH_ADMINISTRATOR . '/cache',
+				'storage'      => $conf,
+			];
+			$cache->createCacheController('', $options)->cache->clean('');
 
 			// Clear opcache if available
 			if (\function_exists('opcache_reset'))
@@ -256,7 +334,7 @@ class DashboardModel extends BaseDatabaseModel
 				\opcache_reset();
 			}
 
-			return ['success' => true, 'message' => 'Cache cleared successfully.'];
+			return ['success' => true, 'message' => 'All cache cleared successfully.'];
 		}
 		catch (\Throwable $e)
 		{
@@ -264,6 +342,62 @@ class DashboardModel extends BaseDatabaseModel
 		}
 	}
 
+	/**
+	 * Clear the Joomla tmp directory.
+	 *
+	 * Removes all files and subdirectories from the configured tmp_path,
+	 * preserving the directory itself and any .htaccess / web.config files.
+	 *
+	 * @return  array  Result with success and message keys.
+	 */
+	public function clearTemp(): array
+	{
+		try
+		{
+			$tmpPath = Factory::getApplication()->get('tmp_path', JPATH_ROOT . '/tmp');
+
+			if (!is_dir($tmpPath))
+			{
+				return ['success' => false, 'message' => 'Temp directory does not exist: ' . $tmpPath];
+			}
+
+			$count = 0;
+			$protected = ['.htaccess', 'web.config', 'index.html', '.gitkeep'];
+
+			$items = new \RecursiveIteratorIterator(
+				new \RecursiveDirectoryIterator($tmpPath, \RecursiveDirectoryIterator::SKIP_DOTS),
+				\RecursiveIteratorIterator::CHILD_FIRST
+			);
+
+			foreach ($items as $item)
+			{
+				$basename = $item->getBasename();
+
+				// Skip protected files in the root tmp directory
+				if ($item->getPath() === $tmpPath && \in_array($basename, $protected, true))
+				{
+					continue;
+				}
+
+				if ($item->isDir())
+				{
+					@rmdir($item->getPathname());
+				}
+				else
+				{
+					@unlink($item->getPathname());
+					$count++;
+				}
+			}
+
+			return ['success' => true, 'message' => sprintf('Temp directory cleaned (%d files removed).', $count)];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Temp clear failed: ' . $e->getMessage()];
+		}
+	}
+
 	/**
 	 * Auto-generate dashboard metadata for plugins not in the static map.
 	 */
@@ -422,4 +556,84 @@ class DashboardModel extends BaseDatabaseModel
 			return [];
 		}
 	}
+
+	/**
+	 * WAF blocks per day for the last 14 days.
+	 */
+	public function getWafBlocksByDay(int $days = 14): array
+	{
+		try
+		{
+			$db = $this->getDatabase();
+			$db->setQuery(
+				"SELECT DATE(" . $db->quoteName('created') . ") AS day, COUNT(*) AS total"
+				. " FROM " . $db->quoteName('#__mokowaas_waf_log')
+				. " WHERE " . $db->quoteName('created') . " >= DATE_SUB(NOW(), INTERVAL $days DAY)"
+				. " GROUP BY day ORDER BY day"
+			);
+			$rows = $db->loadObjectList() ?: [];
+
+			// Fill in missing days with zero
+			$result = [];
+			$date   = new \DateTime("-{$days} days");
+			$now    = new \DateTime('now');
+			$map    = [];
+			foreach ($rows as $r)
+			{
+				$map[$r->day] = (int) $r->total;
+			}
+			while ($date <= $now)
+			{
+				$key = $date->format('Y-m-d');
+				$result[] = (object) ['day' => $date->format('M d'), 'total' => $map[$key] ?? 0];
+				$date->modify('+1 day');
+			}
+
+			return $result;
+		}
+		catch (\Throwable $e)
+		{
+			return [];
+		}
+	}
+
+	/**
+	 * Admin logins per day for the last 14 days.
+	 */
+	public function getLoginsByDay(int $days = 14): array
+	{
+		try
+		{
+			$db = $this->getDatabase();
+			$db->setQuery(
+				"SELECT DATE(" . $db->quoteName('log_date') . ") AS day, COUNT(*) AS total"
+				. " FROM " . $db->quoteName('#__action_logs')
+				. " WHERE " . $db->quoteName('message_language_key') . " = 'PLG_ACTIONLOG_JOOMLA_USER_LOGGED_IN'"
+				. " AND " . $db->quoteName('log_date') . " >= DATE_SUB(NOW(), INTERVAL $days DAY)"
+				. " GROUP BY day ORDER BY day"
+			);
+			$rows = $db->loadObjectList() ?: [];
+
+			$result = [];
+			$date   = new \DateTime("-{$days} days");
+			$now    = new \DateTime('now');
+			$map    = [];
+			foreach ($rows as $r)
+			{
+				$map[$r->day] = (int) $r->total;
+			}
+			while ($date <= $now)
+			{
+				$key = $date->format('Y-m-d');
+				$result[] = (object) ['day' => $date->format('M d'), 'total' => $map[$key] ?? 0];
+				$date->modify('+1 day');
+			}
+
+			return $result;
+		}
+		catch (\Throwable $e)
+		{
+			return [];
+		}
+	}
 }
diff --git a/source/packages/com_mokowaas/admin/src/Model/ExtensionsModel.php b/source/packages/com_mokowaas/admin/src/Model/ExtensionsModel.php
new file mode 100644
index 00000000..cc42dd3e
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Model/ExtensionsModel.php
@@ -0,0 +1,321 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+
+/**
+ * Extension catalog model — reads catalog.xml, fetches each extension's
+ * updates.xml to resolve latest version and download URL, and checks
+ * local install status.
+ *
+ * @since  02.32.00
+ */
+class ExtensionsModel extends BaseDatabaseModel
+{
+	/**
+	 * Parsed catalog entries (cached per request).
+	 *
+	 * @var  array|null
+	 */
+	private ?array $catalogCache = null;
+
+	/**
+	 * Get the full catalog with install status and release info.
+	 *
+	 * @return  array  Array of catalog entry objects
+	 */
+	public function getCatalog(): array
+	{
+		$catalog   = $this->loadCatalog();
+		$installed = $this->getInstalledVersions($catalog);
+		$packages  = [];
+
+		foreach ($catalog as $entry)
+		{
+			$release = $this->fetchFromUpdateServer($entry['updateserver'] ?? '');
+
+			$localVersion  = $installed[$entry['element']] ?? null;
+			$remoteVersion = $release['version'] ?? '';
+			$downloadUrl   = $release['download_url'] ?? '';
+
+			$status = 'not_installed';
+
+			if ($localVersion !== null)
+			{
+				$status = 'installed';
+
+				if ($remoteVersion !== '' && version_compare($remoteVersion, $localVersion, '>'))
+				{
+					$status = 'update_available';
+				}
+			}
+
+			$extensionId = $this->getExtensionId($entry['element']);
+
+			$packages[] = (object) [
+				'label'          => $entry['name'],
+				'description'    => $entry['description'],
+				'element'        => $entry['element'],
+				'type'           => $entry['type'],
+				'icon'           => $entry['icon'],
+				'category'       => $entry['category'],
+				'local_version'  => $localVersion ?? '',
+				'remote_version' => $remoteVersion,
+				'download_url'   => $downloadUrl,
+				'status'         => $status,
+				'article_url'    => $entry['article'] ?? '',
+				'protected'      => ($entry['protected'] ?? 'false') === 'true',
+				'extension_id'   => $extensionId,
+			];
+		}
+
+		return $packages;
+	}
+
+	/**
+	 * Install an extension from a remote ZIP URL.
+	 *
+	 * @param   string  $url  The download URL
+	 *
+	 * @return  array  Result with success, message, and extension info
+	 */
+	public function installFromUrl(string $url): array
+	{
+		$tmpPath = Factory::getConfig()->get('tmp_path', JPATH_ROOT . '/tmp');
+		$tmpFile = $tmpPath . '/mokowaas_install_' . md5($url) . '.zip';
+
+		try
+		{
+			$ch = curl_init($url);
+			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+			curl_setopt($ch, CURLOPT_TIMEOUT, 120);
+			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+			$data  = curl_exec($ch);
+			$code  = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
+			$error = curl_error($ch);
+			curl_close($ch);
+
+			if ($error || $code !== 200 || empty($data))
+			{
+				return ['success' => false, 'message' => 'Download failed: ' . ($error ?: "HTTP {$code}")];
+			}
+
+			file_put_contents($tmpFile, $data);
+
+			$installer = new \Joomla\CMS\Installer\Installer();
+			$result    = $installer->install($tmpFile);
+
+			@unlink($tmpFile);
+
+			if (!$result)
+			{
+				return ['success' => false, 'message' => 'Installation failed.'];
+			}
+
+			return [
+				'success' => true,
+				'message' => 'Installed successfully.',
+			];
+		}
+		catch (\Throwable $e)
+		{
+			@unlink($tmpFile);
+
+			return ['success' => false, 'message' => 'Error: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Load and parse the catalog.xml file.
+	 *
+	 * @return  array  Array of associative arrays, one per extension
+	 */
+	private function loadCatalog(): array
+	{
+		if ($this->catalogCache !== null)
+		{
+			return $this->catalogCache;
+		}
+
+		$catalogFile = JPATH_ADMINISTRATOR . '/components/com_mokowaas/catalog.xml';
+
+		if (!file_exists($catalogFile))
+		{
+			$this->catalogCache = [];
+
+			return [];
+		}
+
+		$xml = @simplexml_load_file($catalogFile);
+
+		if (!$xml)
+		{
+			$this->catalogCache = [];
+
+			return [];
+		}
+
+		$entries = [];
+
+		foreach ($xml->extension as $ext)
+		{
+			$entries[] = [
+				'name'         => (string) $ext->name,
+				'element'      => (string) $ext->element,
+				'type'         => (string) $ext->type,
+				'description'  => (string) $ext->description,
+				'icon'         => (string) $ext->icon,
+				'category'     => (string) $ext->category,
+				'article'      => (string) $ext->article,
+				'protected'    => (string) $ext->protected,
+				'updateserver' => (string) $ext->updateserver,
+			];
+		}
+
+		$this->catalogCache = $entries;
+
+		return $entries;
+	}
+
+	/**
+	 * Fetch the latest version and download URL from an extension's updates.xml.
+	 *
+	 * Parses the standard Joomla update server XML format and returns
+	 * the highest version entry with its download URL.
+	 *
+	 * @param   string  $updateServerUrl  URL to the updates.xml file
+	 *
+	 * @return  array  [version, download_url] or empty array
+	 */
+	private function fetchFromUpdateServer(string $updateServerUrl): array
+	{
+		if (empty($updateServerUrl))
+		{
+			return [];
+		}
+
+		$ch = curl_init($updateServerUrl);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+		$response = curl_exec($ch);
+		$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
+		curl_close($ch);
+
+		if ($code !== 200 || empty($response))
+		{
+			return [];
+		}
+
+		$xml = @simplexml_load_string($response);
+
+		if (!$xml)
+		{
+			return [];
+		}
+
+		// Find the highest version entry
+		$bestVersion = '0.0.0';
+		$downloadUrl = '';
+
+		foreach ($xml->update as $update)
+		{
+			$ver = (string) ($update->version ?? '');
+
+			if ($ver === '' || version_compare($ver, $bestVersion, '<='))
+			{
+				continue;
+			}
+
+			$bestVersion = $ver;
+
+			// Get download URL from <downloads><downloadurl>
+			if (isset($update->downloads->downloadurl))
+			{
+				$downloadUrl = (string) $update->downloads->downloadurl;
+			}
+		}
+
+		if ($bestVersion === '0.0.0')
+		{
+			return [];
+		}
+
+		return [
+			'version'      => $bestVersion,
+			'download_url' => $downloadUrl,
+		];
+	}
+
+	/**
+	 * Get installed versions of catalog extensions.
+	 *
+	 * @param   array  $catalog  The parsed catalog entries
+	 *
+	 * @return  array  element => version
+	 */
+	private function getInstalledVersions(array $catalog): array
+	{
+		if (empty($catalog))
+		{
+			return [];
+		}
+
+		$db       = $this->getDatabase();
+		$elements = [];
+
+		foreach ($catalog as $entry)
+		{
+			$elements[] = $db->quote($entry['element']);
+		}
+
+		$query = $db->getQuery(true)
+			->select([$db->quoteName('element'), $db->quoteName('manifest_cache')])
+			->from($db->quoteName('#__extensions'))
+			->where($db->quoteName('element') . ' IN (' . implode(',', $elements) . ')');
+		$db->setQuery($query);
+		$rows = $db->loadObjectList() ?: [];
+
+		$versions = [];
+
+		foreach ($rows as $row)
+		{
+			$mc = json_decode($row->manifest_cache ?? '{}');
+			$versions[$row->element] = $mc->version ?? '0.0.0';
+		}
+
+		return $versions;
+	}
+
+	/**
+	 * Get the extension_id for an element (for uninstall links).
+	 *
+	 * @param   string  $element  Extension element name
+	 *
+	 * @return  int
+	 */
+	private function getExtensionId(string $element): int
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select($db->quoteName('extension_id'))
+			->from($db->quoteName('#__extensions'))
+			->where($db->quoteName('element') . ' = ' . $db->quote($element))
+			->setLimit(1);
+		$db->setQuery($query);
+
+		return (int) $db->loadResult();
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/Model/HtaccessModel.php b/source/packages/com_mokowaas/admin/src/Model/HtaccessModel.php
new file mode 100644
index 00000000..5997b19c
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Model/HtaccessModel.php
@@ -0,0 +1,522 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+use Joomla\Registry\Registry;
+
+/**
+ * .htaccess / NginX configuration generator.
+ *
+ * @since  02.32.00
+ */
+class HtaccessModel extends BaseDatabaseModel
+{
+	private const DEFAULTS = [
+		// Security
+		'disable_directory_listing' => 1,
+		'block_sensitive_files'     => 1,
+		'block_php_in_uploads'      => 1,
+		'disable_server_signature'  => 1,
+		'prevent_clickjacking'      => 1,
+		'prevent_mime_sniffing'     => 1,
+		'xss_protection'            => 1,
+		'disable_trace_track'       => 1,
+		'referrer_policy'           => 'strict-origin-when-cross-origin',
+		'hsts_enabled'              => 0,
+		'hsts_max_age'              => 31536000,
+		'hsts_subdomains'           => 0,
+		'csp_enabled'               => 0,
+		'csp_value'                 => '',
+		'permissions_policy'        => 0,
+		'permissions_value'         => '',
+		// Performance
+		'enable_gzip'               => 1,
+		'enable_expires'            => 1,
+		'expires_html'              => 3600,
+		'expires_css_js'            => 2592000,
+		'expires_images'            => 31536000,
+		'etag_control'              => 0,
+		// SEO
+		'www_redirect'              => 'off',
+		'redirect_index_php'        => 1,
+		'force_trailing_slash'      => 0,
+		// Custom
+		'custom_rules'              => '',
+	];
+
+	/**
+	 * Get saved options or defaults.
+	 */
+	public function getOptions(): array
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select($db->quoteName('params'))
+			->from($db->quoteName('#__extensions'))
+			->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+			->where($db->quoteName('type') . ' = ' . $db->quote('component'));
+		$db->setQuery($query);
+		$params = new Registry($db->loadResult() ?? '{}');
+
+		$htaccess = $params->get('htaccess', null);
+
+		if ($htaccess)
+		{
+			return array_merge(self::DEFAULTS, (array) json_decode(json_encode($htaccess), true));
+		}
+
+		return self::DEFAULTS;
+	}
+
+	/**
+	 * Save options to component params.
+	 */
+	public function saveOptions(array $options): array
+	{
+		try
+		{
+			$db    = $this->getDatabase();
+			$query = $db->getQuery(true)
+				->select($db->quoteName('params'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('component'));
+			$db->setQuery($query);
+			$params = new Registry($db->loadResult() ?? '{}');
+
+			$clean = [];
+
+			foreach (self::DEFAULTS as $key => $default)
+			{
+				$clean[$key] = $options[$key] ?? $default;
+			}
+
+			$params->set('htaccess', $clean);
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+			)->execute();
+
+			return ['success' => true, 'message' => 'Options saved.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Save failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Read the current .htaccess file.
+	 */
+	public function readCurrentHtaccess(): string
+	{
+		$path = JPATH_ROOT . '/.htaccess';
+
+		return file_exists($path) ? file_get_contents($path) : '';
+	}
+
+	/**
+	 * Write .htaccess to disk with backup.
+	 */
+	public function saveHtaccess(string $content): array
+	{
+		$path   = JPATH_ROOT . '/.htaccess';
+		$backup = JPATH_ROOT . '/.htaccess.mokowaas.bak';
+
+		try
+		{
+			// Backup existing
+			if (file_exists($path))
+			{
+				copy($path, $backup);
+			}
+
+			$result = file_put_contents($path, $content);
+
+			if ($result === false)
+			{
+				// Restore backup
+				if (file_exists($backup))
+				{
+					copy($backup, $path);
+				}
+
+				return ['success' => false, 'message' => '.htaccess is not writable.'];
+			}
+
+			return ['success' => true, 'message' => '.htaccess saved. Backup at .htaccess.mokowaas.bak'];
+		}
+		catch (\Throwable $e)
+		{
+			if (file_exists($backup))
+			{
+				@copy($backup, $path);
+			}
+
+			return ['success' => false, 'message' => 'Write failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Generate .htaccess content from options.
+	 */
+	public function generateHtaccess(array $opts): string
+	{
+		$lines = [];
+		$lines[] = '##';
+		$lines[] = '## MokoWaaS Generated .htaccess';
+		$lines[] = '## Generated: ' . gmdate('Y-m-d H:i:s') . ' UTC';
+		$lines[] = '## DO NOT EDIT — regenerate from MokoWaaS > .htaccess Maker';
+		$lines[] = '##';
+		$lines[] = '';
+
+		// --- Security ---
+		if (!empty($opts['disable_directory_listing']))
+		{
+			$lines[] = '## Disable directory listing';
+			$lines[] = 'Options -Indexes';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['disable_server_signature']))
+		{
+			$lines[] = '## Hide server signature';
+			$lines[] = 'ServerSignature Off';
+			$lines[] = '<IfModule mod_headers.c>';
+			$lines[] = '    Header unset X-Powered-By';
+			$lines[] = '    Header unset Server';
+			$lines[] = '</IfModule>';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['block_sensitive_files']))
+		{
+			$lines[] = '## Block access to sensitive files';
+			$lines[] = '<FilesMatch "^(htaccess\.txt|web\.config\.txt|configuration\.php-dist|README\.txt|LICENSE\.txt|joomla\.xml|robots\.txt\.dist)$">';
+			$lines[] = '    <IfModule mod_authz_core.c>';
+			$lines[] = '        Require all denied';
+			$lines[] = '    </IfModule>';
+			$lines[] = '</FilesMatch>';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['block_php_in_uploads']))
+		{
+			$lines[] = '## Block PHP execution in upload directories';
+			$dirs = ['images', 'media', 'tmp', 'cache', 'logs'];
+
+			foreach ($dirs as $dir)
+			{
+				$lines[] = '<Directory "' . $dir . '">';
+				$lines[] = '    <FilesMatch "\.php$">';
+				$lines[] = '        <IfModule mod_authz_core.c>';
+				$lines[] = '            Require all denied';
+				$lines[] = '        </IfModule>';
+				$lines[] = '    </FilesMatch>';
+				$lines[] = '</Directory>';
+			}
+
+			$lines[] = '';
+		}
+
+		if (!empty($opts['disable_trace_track']))
+		{
+			$lines[] = '## Disable TRACE and TRACK methods';
+			$lines[] = '<IfModule mod_rewrite.c>';
+			$lines[] = '    RewriteEngine On';
+			$lines[] = '    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)';
+			$lines[] = '    RewriteRule .* - [F]';
+			$lines[] = '</IfModule>';
+			$lines[] = '';
+		}
+
+		// Security headers
+		$headers = [];
+
+		if (!empty($opts['prevent_clickjacking']))
+		{
+			$headers[] = '    Header always set X-Frame-Options "SAMEORIGIN"';
+		}
+
+		if (!empty($opts['prevent_mime_sniffing']))
+		{
+			$headers[] = '    Header always set X-Content-Type-Options "nosniff"';
+		}
+
+		if (!empty($opts['xss_protection']))
+		{
+			$headers[] = '    Header always set X-XSS-Protection "1; mode=block"';
+		}
+
+		$referrer = $opts['referrer_policy'] ?? '';
+
+		if (!empty($referrer) && $referrer !== 'off')
+		{
+			$headers[] = '    Header always set Referrer-Policy "' . $referrer . '"';
+		}
+
+		if (!empty($opts['hsts_enabled']))
+		{
+			$maxAge = (int) ($opts['hsts_max_age'] ?? 31536000);
+			$hsts   = 'max-age=' . $maxAge;
+
+			if (!empty($opts['hsts_subdomains']))
+			{
+				$hsts .= '; includeSubDomains';
+			}
+
+			$headers[] = '    Header always set Strict-Transport-Security "' . $hsts . '"';
+		}
+
+		if (!empty($opts['csp_enabled']) && !empty($opts['csp_value']))
+		{
+			$headers[] = '    Header always set Content-Security-Policy "' . str_replace('"', '', $opts['csp_value']) . '"';
+		}
+
+		if (!empty($opts['permissions_policy']) && !empty($opts['permissions_value']))
+		{
+			$headers[] = '    Header always set Permissions-Policy "' . str_replace('"', '', $opts['permissions_value']) . '"';
+		}
+
+		if (!empty($headers))
+		{
+			$lines[] = '## Security headers';
+			$lines[] = '<IfModule mod_headers.c>';
+			$lines   = array_merge($lines, $headers);
+			$lines[] = '</IfModule>';
+			$lines[] = '';
+		}
+
+		// --- Performance ---
+		if (!empty($opts['enable_gzip']))
+		{
+			$lines[] = '## GZip compression';
+			$lines[] = '<IfModule mod_deflate.c>';
+			$lines[] = '    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css';
+			$lines[] = '    AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript';
+			$lines[] = '    AddOutputFilterByType DEFLATE application/json application/xml application/rss+xml';
+			$lines[] = '    AddOutputFilterByType DEFLATE image/svg+xml application/font-woff application/font-woff2';
+			$lines[] = '</IfModule>';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['enable_expires']))
+		{
+			$html   = (int) ($opts['expires_html'] ?? 3600);
+			$cssJs  = (int) ($opts['expires_css_js'] ?? 2592000);
+			$images = (int) ($opts['expires_images'] ?? 31536000);
+
+			$lines[] = '## Browser caching';
+			$lines[] = '<IfModule mod_expires.c>';
+			$lines[] = '    ExpiresActive On';
+			$lines[] = '    ExpiresDefault "access plus ' . $html . ' seconds"';
+			$lines[] = '    ExpiresByType text/html "access plus ' . $html . ' seconds"';
+			$lines[] = '    ExpiresByType text/css "access plus ' . $cssJs . ' seconds"';
+			$lines[] = '    ExpiresByType text/javascript "access plus ' . $cssJs . ' seconds"';
+			$lines[] = '    ExpiresByType application/javascript "access plus ' . $cssJs . ' seconds"';
+			$lines[] = '    ExpiresByType image/jpeg "access plus ' . $images . ' seconds"';
+			$lines[] = '    ExpiresByType image/png "access plus ' . $images . ' seconds"';
+			$lines[] = '    ExpiresByType image/gif "access plus ' . $images . ' seconds"';
+			$lines[] = '    ExpiresByType image/webp "access plus ' . $images . ' seconds"';
+			$lines[] = '    ExpiresByType image/svg+xml "access plus ' . $images . ' seconds"';
+			$lines[] = '    ExpiresByType font/woff2 "access plus ' . $images . ' seconds"';
+			$lines[] = '</IfModule>';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['etag_control']))
+		{
+			$lines[] = '## Disable ETags (for load-balanced environments)';
+			$lines[] = '<IfModule mod_headers.c>';
+			$lines[] = '    Header unset ETag';
+			$lines[] = '</IfModule>';
+			$lines[] = 'FileETag None';
+			$lines[] = '';
+		}
+
+		// --- SEO / Redirects ---
+		$wwwRedirect = $opts['www_redirect'] ?? 'off';
+
+		if ($wwwRedirect !== 'off' || !empty($opts['redirect_index_php']) || !empty($opts['force_trailing_slash']))
+		{
+			$lines[] = '## SEO redirects';
+			$lines[] = '<IfModule mod_rewrite.c>';
+			$lines[] = '    RewriteEngine On';
+
+			if ($wwwRedirect === 'www')
+			{
+				$lines[] = '';
+				$lines[] = '    ## Force www';
+				$lines[] = '    RewriteCond %{HTTP_HOST} !^www\. [NC]';
+				$lines[] = '    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]';
+			}
+			elseif ($wwwRedirect === 'non-www')
+			{
+				$lines[] = '';
+				$lines[] = '    ## Force non-www';
+				$lines[] = '    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]';
+				$lines[] = '    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]';
+			}
+
+			if (!empty($opts['redirect_index_php']))
+			{
+				$lines[] = '';
+				$lines[] = '    ## Redirect /index.php to root';
+				$lines[] = '    RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+index\.php\s [NC]';
+				$lines[] = '    RewriteRule ^index\.php/?(.*)$ /$1 [R=301,L]';
+			}
+
+			if (!empty($opts['force_trailing_slash']))
+			{
+				$lines[] = '';
+				$lines[] = '    ## Force trailing slash';
+				$lines[] = '    RewriteCond %{REQUEST_FILENAME} !-f';
+				$lines[] = '    RewriteCond %{REQUEST_URI} !(.*)/$';
+				$lines[] = '    RewriteRule ^(.*)$ /$1/ [R=301,L]';
+			}
+
+			$lines[] = '</IfModule>';
+			$lines[] = '';
+		}
+
+		// --- Custom rules ---
+		$custom = trim($opts['custom_rules'] ?? '');
+
+		if (!empty($custom))
+		{
+			$lines[] = '## Custom rules';
+			$lines[] = $custom;
+			$lines[] = '';
+		}
+
+		return implode("\n", $lines);
+	}
+
+	/**
+	 * Generate equivalent NginX configuration snippet.
+	 */
+	public function generateNginx(array $opts): string
+	{
+		$lines = [];
+		$lines[] = '## MokoWaaS Generated NginX Configuration';
+		$lines[] = '## Add these directives inside your server { } block';
+		$lines[] = '';
+
+		if (!empty($opts['disable_directory_listing']))
+		{
+			$lines[] = '# Disable directory listing';
+			$lines[] = 'autoindex off;';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['disable_server_signature']))
+		{
+			$lines[] = '# Hide server version';
+			$lines[] = 'server_tokens off;';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['block_sensitive_files']))
+		{
+			$lines[] = '# Block sensitive files';
+			$lines[] = 'location ~* (htaccess\.txt|web\.config\.txt|configuration\.php-dist|README\.txt|LICENSE\.txt)$ {';
+			$lines[] = '    deny all;';
+			$lines[] = '}';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['block_php_in_uploads']))
+		{
+			$lines[] = '# Block PHP in upload directories';
+			$lines[] = 'location ~* ^/(images|media|tmp|cache|logs)/.*\.php$ {';
+			$lines[] = '    deny all;';
+			$lines[] = '}';
+			$lines[] = '';
+		}
+
+		// Headers
+		$hdrs = [];
+
+		if (!empty($opts['prevent_clickjacking']))
+		{
+			$hdrs[] = 'add_header X-Frame-Options "SAMEORIGIN" always;';
+		}
+
+		if (!empty($opts['prevent_mime_sniffing']))
+		{
+			$hdrs[] = 'add_header X-Content-Type-Options "nosniff" always;';
+		}
+
+		if (!empty($opts['xss_protection']))
+		{
+			$hdrs[] = 'add_header X-XSS-Protection "1; mode=block" always;';
+		}
+
+		$referrer = $opts['referrer_policy'] ?? '';
+
+		if (!empty($referrer) && $referrer !== 'off')
+		{
+			$hdrs[] = 'add_header Referrer-Policy "' . $referrer . '" always;';
+		}
+
+		if (!empty($opts['hsts_enabled']))
+		{
+			$maxAge = (int) ($opts['hsts_max_age'] ?? 31536000);
+			$hsts   = 'max-age=' . $maxAge;
+
+			if (!empty($opts['hsts_subdomains']))
+			{
+				$hsts .= '; includeSubDomains';
+			}
+
+			$hdrs[] = 'add_header Strict-Transport-Security "' . $hsts . '" always;';
+		}
+
+		if (!empty($hdrs))
+		{
+			$lines[] = '# Security headers';
+			$lines   = array_merge($lines, $hdrs);
+			$lines[] = '';
+		}
+
+		if (!empty($opts['enable_gzip']))
+		{
+			$lines[] = '# GZip compression';
+			$lines[] = 'gzip on;';
+			$lines[] = 'gzip_types text/plain text/css application/json application/javascript text/xml application/xml image/svg+xml;';
+			$lines[] = 'gzip_min_length 256;';
+			$lines[] = '';
+		}
+
+		if (!empty($opts['enable_expires']))
+		{
+			$cssJs  = (int) ($opts['expires_css_js'] ?? 2592000);
+			$images = (int) ($opts['expires_images'] ?? 31536000);
+
+			$lines[] = '# Browser caching';
+			$lines[] = 'location ~* \.(css|js)$ {';
+			$lines[] = '    expires ' . round($cssJs / 86400) . 'd;';
+			$lines[] = '}';
+			$lines[] = 'location ~* \.(jpg|jpeg|png|gif|webp|svg|ico|woff2)$ {';
+			$lines[] = '    expires ' . round($images / 86400) . 'd;';
+			$lines[] = '}';
+			$lines[] = '';
+		}
+
+		return implode("\n", $lines);
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/Model/ImportModel.php b/source/packages/com_mokowaas/admin/src/Model/ImportModel.php
new file mode 100644
index 00000000..352c6adf
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Model/ImportModel.php
@@ -0,0 +1,688 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Log\Log;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+use Joomla\Registry\Registry;
+
+/**
+ * Importer for migrating from Akeeba Admin Tools to MokoWaaS.
+ *
+ * Reads Admin Tools WAF config, htaccess settings, IP blocklists,
+ * and security headers — maps them to MokoWaaS firewall plugin params
+ * and htaccess maker options.
+ *
+ * @since  02.32.00
+ */
+class ImportModel extends BaseDatabaseModel
+{
+	/**
+	 * Check if Admin Tools data is available for import.
+	 * Returns null if already imported or no data found.
+	 */
+	public function checkAdminToolsAvailable(): ?object
+	{
+		if ($this->wasImported('admintools'))
+		{
+			return null;
+		}
+
+		$db = $this->getDatabase();
+
+		try
+		{
+			$result = (object) [
+				'component'  => false,
+				'waf_config' => false,
+				'storage'    => false,
+				'ip_blocks'  => 0,
+			];
+
+			// Check component
+			$db->setQuery("SELECT COUNT(*) FROM #__extensions WHERE element = 'com_admintools' AND type = 'component'");
+			$result->component = (int) $db->loadResult() > 0;
+
+			// Check WAF config table
+			$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%admintools_wafconfig%'));
+
+			if ($db->loadResult())
+			{
+				$result->waf_config = true;
+				$db->setQuery('SELECT COUNT(*) FROM #__admintools_wafconfig');
+				$result->waf_settings = (int) $db->loadResult();
+			}
+
+			// Check storage table
+			$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%admintools_storage%'));
+
+			if ($db->loadResult())
+			{
+				$result->storage = true;
+			}
+
+			// Check IP blocklist
+			$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%admintools_ipblock%'));
+
+			if ($db->loadResult())
+			{
+				$db->setQuery('SELECT COUNT(*) FROM #__admintools_ipblock');
+				$result->ip_blocks = (int) $db->loadResult();
+			}
+
+			// Only available if at least one data source exists
+			if (!$result->component && !$result->waf_config && !$result->storage)
+			{
+				return null;
+			}
+
+			return $result;
+		}
+		catch (\Throwable $e)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * Import Admin Tools settings into MokoWaaS.
+	 */
+	public function importAdminTools(): array
+	{
+		$db      = $this->getDatabase();
+		$results = ['firewall' => 0, 'htaccess' => 0, 'ip_blocks' => 0, 'disabled' => false];
+
+		try
+		{
+			// ============================================================
+			// 1. Import WAF Config → Firewall plugin params
+			// ============================================================
+			$wafSettings = $this->readWafConfig($db);
+			$firewallParams = $this->mapWafToFirewall($wafSettings);
+
+			if (!empty($firewallParams))
+			{
+				$this->mergePluginParams('mokowaas_firewall', 'system', $firewallParams);
+				$results['firewall'] = \count($firewallParams);
+			}
+
+			// ============================================================
+			// 2. Import htaccess settings → component htaccess options
+			// ============================================================
+			$htaccessSettings = $this->readHtaccessConfig($db);
+			$htaccessOptions  = $this->mapToHtaccess($htaccessSettings, $wafSettings);
+
+			if (!empty($htaccessOptions))
+			{
+				$this->mergeComponentHtaccessOptions($htaccessOptions);
+				$results['htaccess'] = \count($htaccessOptions);
+			}
+
+			// ============================================================
+			// 3. Import IP blocklist → Firewall IP deny list
+			// ============================================================
+			$ipBlocks = $this->readIpBlocklist($db);
+
+			if (!empty($ipBlocks))
+			{
+				$this->mergeIpBlocklist($ipBlocks);
+				$results['ip_blocks'] = \count($ipBlocks);
+			}
+
+			// ============================================================
+			// 4. Disable Admin Tools
+			// ============================================================
+			$this->disableAdminTools($db);
+			$results['disabled'] = true;
+
+			$this->markImported('admintools');
+
+			return [
+				'success' => true,
+				'message' => \sprintf(
+					'Imported %d firewall settings, %d htaccess options, %d blocked IPs from Admin Tools. Admin Tools has been disabled.',
+					$results['firewall'], $results['htaccess'], $results['ip_blocks']
+				),
+				'counts' => $results,
+			];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Import failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Read WAF config from #__admintools_wafconfig.
+	 */
+	private function readWafConfig($db): array
+	{
+		try
+		{
+			$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%admintools_wafconfig%'));
+
+			if (!$db->loadResult())
+			{
+				return [];
+			}
+
+			$db->setQuery('SELECT * FROM #__admintools_wafconfig');
+			$rows = $db->loadObjectList() ?: [];
+
+			$config = [];
+
+			foreach ($rows as $row)
+			{
+				$key = $row->key ?? $row->option ?? '';
+
+				if (!empty($key))
+				{
+					$config[$key] = $row->value ?? '';
+				}
+			}
+
+			return $config;
+		}
+		catch (\Throwable $e)
+		{
+			return [];
+		}
+	}
+
+	/**
+	 * Read htaccess/server config from #__admintools_storage.
+	 */
+	private function readHtaccessConfig($db): array
+	{
+		try
+		{
+			$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%admintools_storage%'));
+
+			if (!$db->loadResult())
+			{
+				return [];
+			}
+
+			$db->setQuery('SELECT * FROM #__admintools_storage');
+			$rows = $db->loadObjectList() ?: [];
+
+			$config = [];
+
+			foreach ($rows as $row)
+			{
+				$key = $row->key ?? '';
+
+				if (!empty($key))
+				{
+					$config[$key] = $row->value ?? '';
+				}
+			}
+
+			return $config;
+		}
+		catch (\Throwable $e)
+		{
+			return [];
+		}
+	}
+
+	/**
+	 * Read IP blocklist from #__admintools_ipblock.
+	 */
+	private function readIpBlocklist($db): array
+	{
+		try
+		{
+			$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%admintools_ipblock%'));
+
+			if (!$db->loadResult())
+			{
+				return [];
+			}
+
+			$db->setQuery('SELECT ip FROM #__admintools_ipblock');
+
+			return $db->loadColumn() ?: [];
+		}
+		catch (\Throwable $e)
+		{
+			return [];
+		}
+	}
+
+	/**
+	 * Map Admin Tools WAF config to MokoWaaS firewall plugin params.
+	 */
+	private function mapWafToFirewall(array $waf): array
+	{
+		$params = [];
+
+		// WAF shields
+		if (isset($waf['sqlishield']))
+		{
+			$params['waf_sqli'] = (int) $waf['sqlishield'] ? 1 : 0;
+		}
+
+		if (isset($waf['antispam']))
+		{
+			$params['waf_xss'] = (int) $waf['antispam'] ? 1 : 0;
+		}
+
+		if (isset($waf['muashield']))
+		{
+			$params['waf_mua'] = (int) $waf['muashield'] ? 1 : 0;
+		}
+
+		if (isset($waf['rfishield']))
+		{
+			$params['waf_rfi'] = (int) $waf['rfishield'] ? 1 : 0;
+		}
+
+		if (isset($waf['dfishield']))
+		{
+			$params['waf_dfi'] = (int) $waf['dfishield'] ? 1 : 0;
+		}
+
+		if (isset($waf['uploadshield']))
+		{
+			// Map to our block_direct_php
+			$params['block_direct_php'] = (int) $waf['uploadshield'] ? 1 : 0;
+		}
+
+		// Admin secret URL
+		if (!empty($waf['adminpw']))
+		{
+			$params['admin_secret'] = $waf['adminpw'];
+		}
+
+		// Block frontend super user login
+		if (isset($waf['nofesalogin']))
+		{
+			$params['block_frontend_superuser'] = (int) $waf['nofesalogin'] ? 1 : 0;
+		}
+
+		// Session timeout
+		if (!empty($waf['sessionshield']) && !empty($waf['session_timeout']))
+		{
+			$params['admin_session_timeout'] = (int) $waf['session_timeout'];
+		}
+
+		// Template switch blocking
+		if (isset($waf['tmpl']))
+		{
+			$params['block_template_switch'] = (int) $waf['tmpl'] ? 1 : 0;
+		}
+
+		// Blocked sensitive files
+		if (isset($waf['hogfiles']))
+		{
+			$params['block_sensitive_files'] = (int) $waf['hogfiles'] ? 1 : 0;
+		}
+
+		return $params;
+	}
+
+	/**
+	 * Map Admin Tools config to MokoWaaS htaccess maker options.
+	 */
+	private function mapToHtaccess(array $storage, array $waf): array
+	{
+		$opts = [];
+
+		// Server signature
+		if (isset($waf['serversignature']) || isset($storage['serversignature']))
+		{
+			$opts['disable_server_signature'] = 1;
+		}
+
+		// Clickjacking
+		if (isset($waf['clickjacking']) || isset($storage['xframeoptions']))
+		{
+			$opts['prevent_clickjacking'] = 1;
+		}
+
+		// HSTS
+		if (!empty($storage['hstsheader']) || !empty($waf['hstsheader']))
+		{
+			$opts['hsts_enabled'] = 1;
+
+			if (!empty($storage['hstsmaxage']))
+			{
+				$opts['hsts_max_age'] = (int) $storage['hstsmaxage'];
+			}
+		}
+
+		// GZip
+		if (isset($storage['gzipcompression']))
+		{
+			$opts['enable_gzip'] = (int) $storage['gzipcompression'] ? 1 : 0;
+		}
+
+		// Expiration
+		if (isset($storage['exptime']))
+		{
+			$opts['enable_expires'] = (int) $storage['exptime'] ? 1 : 0;
+		}
+
+		// ETag
+		if (isset($storage['etagtype']))
+		{
+			$opts['etag_control'] = ($storage['etagtype'] === 'none') ? 1 : 0;
+		}
+
+		// Redirect www / non-www
+		if (!empty($storage['wwwredir']))
+		{
+			$map = ['www' => 'www', 'nowww' => 'non-www'];
+			$opts['www_redirect'] = $map[$storage['wwwredir']] ?? 'off';
+		}
+
+		// Directory listing
+		if (isset($storage['nodirlisting']))
+		{
+			$opts['disable_directory_listing'] = (int) $storage['nodirlisting'] ? 1 : 0;
+		}
+
+		// Block PHP in uploads
+		if (isset($storage['phpuploadexec']))
+		{
+			$opts['block_php_in_uploads'] = (int) $storage['phpuploadexec'] ? 1 : 0;
+		}
+
+		// Sensitive files
+		if (isset($storage['hogfiles']))
+		{
+			$opts['block_sensitive_files'] = (int) $storage['hogfiles'] ? 1 : 0;
+		}
+
+		return $opts;
+	}
+
+	/**
+	 * Merge params into a plugin's existing params.
+	 */
+	private function mergePluginParams(string $element, string $folder, array $newParams): void
+	{
+		$db = $this->getDatabase();
+
+		$query = $db->getQuery(true)
+			->select($db->quoteName('params'))
+			->from($db->quoteName('#__extensions'))
+			->where($db->quoteName('element') . ' = ' . $db->quote($element))
+			->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+			->where($db->quoteName('folder') . ' = ' . $db->quote($folder));
+		$db->setQuery($query);
+		$current = new Registry($db->loadResult() ?? '{}');
+
+		foreach ($newParams as $key => $value)
+		{
+			$current->set($key, $value);
+		}
+
+		$db->setQuery(
+			$db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('params') . ' = ' . $db->quote($current->toString()))
+				->where($db->quoteName('element') . ' = ' . $db->quote($element))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote($folder))
+		)->execute();
+	}
+
+	/**
+	 * Merge htaccess options into the component params.
+	 */
+	private function mergeComponentHtaccessOptions(array $options): void
+	{
+		$db = $this->getDatabase();
+
+		$query = $db->getQuery(true)
+			->select($db->quoteName('params'))
+			->from($db->quoteName('#__extensions'))
+			->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+			->where($db->quoteName('type') . ' = ' . $db->quote('component'));
+		$db->setQuery($query);
+		$params = new Registry($db->loadResult() ?? '{}');
+
+		$htaccess = (array) json_decode(json_encode($params->get('htaccess', new \stdClass())), true);
+
+		foreach ($options as $key => $value)
+		{
+			$htaccess[$key] = $value;
+		}
+
+		$params->set('htaccess', $htaccess);
+
+		$db->setQuery(
+			$db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+				->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+		)->execute();
+	}
+
+	/**
+	 * Merge imported IPs into the firewall IP blocklist.
+	 */
+	private function mergeIpBlocklist(array $ips): void
+	{
+		$db = $this->getDatabase();
+
+		$query = $db->getQuery(true)
+			->select($db->quoteName('params'))
+			->from($db->quoteName('#__extensions'))
+			->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas_firewall'))
+			->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+			->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
+		$db->setQuery($query);
+		$params = new Registry($db->loadResult() ?? '{}');
+
+		$blocklist = json_decode($params->get('ip_blocklist', '[]'), true) ?: [];
+
+		$existingIps = array_column($blocklist, 'ip');
+
+		foreach ($ips as $ip)
+		{
+			$ip = trim($ip);
+
+			if (empty($ip) || \in_array($ip, $existingIps, true))
+			{
+				continue;
+			}
+
+			$blocklist[] = [
+				'ip'      => $ip,
+				'enabled' => '1',
+				'label'   => 'Imported from Admin Tools',
+			];
+		}
+
+		$params->set('ip_blocklist', json_encode($blocklist));
+
+		$db->setQuery(
+			$db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas_firewall'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+		)->execute();
+	}
+
+	/**
+	 * Disable Admin Tools component and plugins.
+	 */
+	private function disableAdminTools($db): void
+	{
+		// Disable component
+		$db->setQuery(
+			$db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('enabled') . ' = 0')
+				->where($db->quoteName('element') . ' = ' . $db->quote('com_admintools'))
+		)->execute();
+
+		// Disable all Admin Tools plugins
+		$db->setQuery(
+			$db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('enabled') . ' = 0')
+				->where($db->quoteName('element') . ' LIKE ' . $db->quote('admintools%'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+		)->execute();
+
+		Log::add('Admin Tools component and plugins disabled after MokoWaaS import', Log::INFO, 'mokowaas');
+	}
+
+	// ==================================================================
+	// Akeeba Ticket System Import
+	// ==================================================================
+
+	/**
+	 * Check if ATS tables exist.
+	 * Returns null if already imported or no data found.
+	 */
+	public function checkAtsAvailable(): ?object
+	{
+		if ($this->wasImported('ats'))
+		{
+			return null;
+		}
+
+		$db = $this->getDatabase();
+
+		try
+		{
+			$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%ats_tickets%'));
+
+			if (!$db->loadResult())
+			{
+				return null;
+			}
+
+			$db->setQuery('SELECT COUNT(*) FROM #__ats_tickets');
+			$tickets = (int) $db->loadResult();
+
+			$db->setQuery('SELECT COUNT(*) FROM #__ats_posts');
+			$posts = (int) $db->loadResult();
+
+			return (object) ['tickets' => $tickets, 'posts' => $posts];
+		}
+		catch (\Throwable $e)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * Import from Akeeba Ticket System and disable it.
+	 */
+	public function importAts(): array
+	{
+		// Delegate to TicketsModel for the actual import
+		$ticketsModel = new TicketsModel();
+		$result       = $ticketsModel->importFromAts();
+
+		if (!$result['success'])
+		{
+			return $result;
+		}
+
+		// Disable ATS after successful import
+		try
+		{
+			$db = $this->getDatabase();
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('enabled') . ' = 0')
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_ats'))
+			)->execute();
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('enabled') . ' = 0')
+					->where($db->quoteName('element') . ' LIKE ' . $db->quote('ats%'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+			)->execute();
+
+			$result['message'] .= ' Akeeba Ticket System has been disabled.';
+			Log::add('Akeeba Ticket System disabled after MokoWaaS import', Log::INFO, 'mokowaas');
+		}
+		catch (\Throwable $e)
+		{
+			$result['message'] .= ' Warning: could not disable ATS: ' . $e->getMessage();
+		}
+
+		$this->markImported('ats');
+
+		return $result;
+	}
+
+	// ==================================================================
+	// Import markers (stored in component params)
+	// ==================================================================
+
+	private function wasImported(string $key): bool
+	{
+		try
+		{
+			$db = $this->getDatabase();
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('params'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+			);
+			$params = new Registry($db->loadResult() ?? '{}');
+
+			return (bool) $params->get('imported_' . $key, false);
+		}
+		catch (\Throwable $e)
+		{
+			return false;
+		}
+	}
+
+	private function markImported(string $key): void
+	{
+		try
+		{
+			$db = $this->getDatabase();
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('params'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+			);
+			$params = new Registry($db->loadResult() ?? '{}');
+			$params->set('imported_' . $key, 1);
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+			)->execute();
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Import marker error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/Model/MaintenanceModel.php b/source/packages/com_mokowaas/admin/src/Model/MaintenanceModel.php
new file mode 100644
index 00000000..9d8aa946
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Model/MaintenanceModel.php
@@ -0,0 +1,251 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+
+class MaintenanceModel extends BaseDatabaseModel
+{
+	/**
+	 * Get database table status (size, rows, engine, overhead).
+	 */
+	public function getTableStatus(): array
+	{
+		$db     = $this->getDatabase();
+		$prefix = $db->getPrefix();
+
+		$db->setQuery('SHOW TABLE STATUS');
+		$tables = $db->loadObjectList() ?: [];
+
+		$results = [];
+		$totalSize = 0;
+		$totalOverhead = 0;
+
+		foreach ($tables as $t)
+		{
+			$sizeMb     = round(($t->Data_length + $t->Index_length) / 1048576, 2);
+			$overheadKb = round(($t->Data_free ?? 0) / 1024, 1);
+			$totalSize     += $sizeMb;
+			$totalOverhead += $overheadKb;
+
+			$results[] = (object) [
+				'name'       => $t->Name,
+				'rows'       => (int) $t->Rows,
+				'engine'     => $t->Engine,
+				'size_mb'    => $sizeMb,
+				'overhead_kb' => $overheadKb,
+				'is_moko'    => str_contains($t->Name, 'mokowaas'),
+			];
+		}
+
+		usort($results, fn($a, $b) => $b->size_mb <=> $a->size_mb);
+
+		return ['tables' => $results, 'total_size_mb' => round($totalSize, 2), 'total_overhead_kb' => round($totalOverhead, 1), 'count' => \count($results)];
+	}
+
+	/**
+	 * Optimize all tables or specific ones.
+	 */
+	public function optimizeTables(array $tableNames = []): array
+	{
+		$db    = $this->getDatabase();
+		$count = 0;
+
+		try
+		{
+			if (empty($tableNames))
+			{
+				$db->setQuery('SHOW TABLE STATUS WHERE Data_free > 0');
+				$tables = $db->loadObjectList() ?: [];
+				$tableNames = array_column($tables, 'Name');
+			}
+
+			foreach ($tableNames as $name)
+			{
+				$db->setQuery('OPTIMIZE TABLE ' . $db->quoteName($name));
+				$db->execute();
+				$count++;
+			}
+
+			return ['success' => true, 'message' => "Optimized {$count} tables."];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Optimize failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Repair all tables.
+	 */
+	public function repairTables(): array
+	{
+		$db = $this->getDatabase();
+
+		try
+		{
+			$db->setQuery('SHOW TABLE STATUS');
+			$tables = $db->loadObjectList() ?: [];
+			$count  = 0;
+
+			foreach ($tables as $t)
+			{
+				if ($t->Engine === 'InnoDB' || $t->Engine === 'MyISAM')
+				{
+					$db->setQuery('REPAIR TABLE ' . $db->quoteName($t->Name));
+					$db->execute();
+					$count++;
+				}
+			}
+
+			return ['success' => true, 'message' => "Repaired {$count} tables."];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Repair failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Purge expired sessions.
+	 */
+	public function purgeSessions(): array
+	{
+		try
+		{
+			$db = $this->getDatabase();
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__session'))
+					->where($db->quoteName('time') . ' < ' . (time() - 86400))
+			)->execute();
+
+			return ['success' => true, 'message' => 'Expired sessions purged. ' . $db->getAffectedRows() . ' removed.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => $e->getMessage()];
+		}
+	}
+
+	// ==================================================================
+	// Temp/Cache Cleanup (#128)
+	// ==================================================================
+
+	/**
+	 * Get directory sizes for cleanup.
+	 */
+	public function getCleanupInfo(): array
+	{
+		$dirs = [
+			['path' => JPATH_ROOT . '/cache',                   'label' => 'Site Cache'],
+			['path' => JPATH_ADMINISTRATOR . '/cache',          'label' => 'Admin Cache'],
+			['path' => JPATH_ROOT . '/tmp',                     'label' => 'Temp Directory'],
+			['path' => JPATH_ADMINISTRATOR . '/logs',           'label' => 'Log Files'],
+		];
+
+		$results = [];
+
+		foreach ($dirs as $dir)
+		{
+			$size = 0;
+			$files = 0;
+
+			if (is_dir($dir['path']))
+			{
+				$iterator = new \RecursiveIteratorIterator(
+					new \RecursiveDirectoryIterator($dir['path'], \RecursiveDirectoryIterator::SKIP_DOTS)
+				);
+
+				foreach ($iterator as $file)
+				{
+					if ($file->isFile())
+					{
+						$size += $file->getSize();
+						$files++;
+					}
+				}
+			}
+
+			$results[] = (object) [
+				'label'    => $dir['label'],
+				'path'     => $dir['path'],
+				'size_mb'  => round($size / 1048576, 2),
+				'files'    => $files,
+				'writable' => is_writable($dir['path']),
+			];
+		}
+
+		return $results;
+	}
+
+	/**
+	 * Clean a specific directory.
+	 */
+	public function cleanDirectory(string $dirKey): array
+	{
+		$allowed = [
+			'site_cache'  => JPATH_ROOT . '/cache',
+			'admin_cache' => JPATH_ADMINISTRATOR . '/cache',
+			'tmp'         => JPATH_ROOT . '/tmp',
+			'logs'        => JPATH_ADMINISTRATOR . '/logs',
+		];
+
+		if (!isset($allowed[$dirKey]))
+		{
+			return ['success' => false, 'message' => 'Invalid directory.'];
+		}
+
+		$dir = $allowed[$dirKey];
+
+		if (!is_dir($dir))
+		{
+			return ['success' => false, 'message' => 'Directory not found.'];
+		}
+
+		$count = 0;
+
+		try
+		{
+			$iterator = new \RecursiveIteratorIterator(
+				new \RecursiveDirectoryIterator($dir, \RecursiveDirectoryIterator::SKIP_DOTS),
+				\RecursiveIteratorIterator::CHILD_FIRST
+			);
+
+			foreach ($iterator as $item)
+			{
+				// Keep index.html and .htaccess files
+				$name = $item->getFilename();
+
+				if ($name === 'index.html' || $name === '.htaccess')
+				{
+					continue;
+				}
+
+				if ($item->isDir())
+				{
+					@rmdir($item->getPathname());
+				}
+				else
+				{
+					@unlink($item->getPathname());
+					$count++;
+				}
+			}
+
+			// Also clear opcache
+			if (\function_exists('opcache_reset'))
+			{
+				\opcache_reset();
+			}
+
+			return ['success' => true, 'message' => "Cleaned {$count} files from {$dirKey}."];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Cleanup failed: ' . $e->getMessage()];
+		}
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/Model/PrivacyModel.php b/source/packages/com_mokowaas/admin/src/Model/PrivacyModel.php
new file mode 100644
index 00000000..3f91e084
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Model/PrivacyModel.php
@@ -0,0 +1,612 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Log\Log;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+
+class PrivacyModel extends BaseDatabaseModel
+{
+	/**
+	 * Get all pending data requests.
+	 */
+	public function getDataRequests(string $filterStatus = ''): array
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('r') . '.*',
+				$db->quoteName('u.name', 'user_name'),
+				$db->quoteName('u.email', 'user_email'),
+				$db->quoteName('u.username'),
+				$db->quoteName('p.name', 'processed_by_name'),
+			])
+			->from($db->quoteName('#__mokowaas_data_requests', 'r'))
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = r.user_id')
+			->leftJoin($db->quoteName('#__users', 'p') . ' ON p.id = r.processed_by');
+
+		if ($filterStatus)
+		{
+			$query->where($db->quoteName('r.status') . ' = ' . $db->quote($filterStatus));
+		}
+
+		$query->order($db->quoteName('r.created') . ' DESC')->setLimit(50);
+		$db->setQuery($query);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Create a data request (from admin or user self-service).
+	 */
+	public function createRequest(int $userId, string $type, string $notes = ''): array
+	{
+		$validTypes = ['export', 'delete', 'anonymize'];
+
+		if (!\in_array($type, $validTypes, true))
+		{
+			return ['success' => false, 'message' => 'Invalid request type.'];
+		}
+
+		try
+		{
+			$db  = $this->getDatabase();
+			$row = (object) [
+				'user_id' => $userId,
+				'type'    => $type,
+				'status'  => 'pending',
+				'notes'   => $notes,
+				'created' => Factory::getDate()->toSql(),
+			];
+
+			$db->insertObject('#__mokowaas_data_requests', $row, 'id');
+
+			return ['success' => true, 'message' => ucfirst($type) . ' request #' . $row->id . ' created.', 'id' => (int) $row->id];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Process a data request (approve and execute).
+	 */
+	public function processRequest(int $requestId, string $action): array
+	{
+		$db = $this->getDatabase();
+
+		try
+		{
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('*')
+					->from($db->quoteName('#__mokowaas_data_requests'))
+					->where($db->quoteName('id') . ' = ' . $requestId)
+			);
+			$request = $db->loadObject();
+
+			if (!$request)
+			{
+				return ['success' => false, 'message' => 'Request not found.'];
+			}
+
+			if ($action === 'deny')
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->update($db->quoteName('#__mokowaas_data_requests'))
+						->set($db->quoteName('status') . ' = ' . $db->quote('denied'))
+						->set($db->quoteName('processed_by') . ' = ' . (int) Factory::getApplication()->getIdentity()->id)
+						->set($db->quoteName('processed') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+						->where($db->quoteName('id') . ' = ' . $requestId)
+				)->execute();
+
+				return ['success' => true, 'message' => 'Request denied.'];
+			}
+
+			// Mark as processing
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__mokowaas_data_requests'))
+					->set($db->quoteName('status') . ' = ' . $db->quote('processing'))
+					->where($db->quoteName('id') . ' = ' . $requestId)
+			)->execute();
+
+			// Execute the request
+			$result = null;
+
+			switch ($request->type)
+			{
+				case 'export':
+					$result = $this->exportUserData((int) $request->user_id);
+					break;
+
+				case 'delete':
+					$result = $this->deleteUserData((int) $request->user_id);
+					break;
+
+				case 'anonymize':
+					$result = $this->anonymizeUserData((int) $request->user_id);
+					break;
+			}
+
+			// Mark completed
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__mokowaas_data_requests'))
+					->set($db->quoteName('status') . ' = ' . $db->quote('completed'))
+					->set($db->quoteName('processed_by') . ' = ' . (int) Factory::getApplication()->getIdentity()->id)
+					->set($db->quoteName('processed') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+					->where($db->quoteName('id') . ' = ' . $requestId)
+			)->execute();
+
+			return $result ?? ['success' => true, 'message' => 'Request processed.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Processing failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Export all data for a user as a structured array.
+	 */
+	public function exportUserData(int $userId): array
+	{
+		$db   = $this->getDatabase();
+		$data = ['user_id' => $userId, 'exported' => gmdate('Y-m-d\TH:i:s\Z')];
+
+		try
+		{
+			// User profile
+			$db->setQuery(
+				$db->getQuery(true)
+					->select(['id', 'name', 'username', 'email', 'registerDate', 'lastvisitDate', 'params'])
+					->from($db->quoteName('#__users'))
+					->where($db->quoteName('id') . ' = ' . $userId)
+			);
+			$data['profile'] = $db->loadObject();
+
+			// Content (articles)
+			$db->setQuery(
+				$db->getQuery(true)
+					->select(['id', 'title', 'alias', 'created', 'modified', 'hits'])
+					->from($db->quoteName('#__content'))
+					->where($db->quoteName('created_by') . ' = ' . $userId)
+			);
+			$data['articles'] = $db->loadObjectList() ?: [];
+
+			// Action logs
+			$db->setQuery(
+				$db->getQuery(true)
+					->select(['message', 'log_date', 'ip_address'])
+					->from($db->quoteName('#__action_logs'))
+					->where($db->quoteName('user_id') . ' = ' . $userId)
+					->order('log_date DESC')
+					->setLimit(100)
+			);
+			$data['action_logs'] = $db->loadObjectList() ?: [];
+
+			// Support tickets
+			$db->setQuery(
+				$db->getQuery(true)
+					->select(['id', 'subject', 'body', 'status', 'priority', 'created'])
+					->from($db->quoteName('#__mokowaas_tickets'))
+					->where($db->quoteName('created_by') . ' = ' . $userId)
+			);
+			$data['tickets'] = $db->loadObjectList() ?: [];
+
+			// Ticket replies
+			$db->setQuery(
+				$db->getQuery(true)
+					->select(['r.id', 'r.ticket_id', 'r.body', 'r.created'])
+					->from($db->quoteName('#__mokowaas_ticket_replies', 'r'))
+					->where($db->quoteName('r.user_id') . ' = ' . $userId)
+			);
+			$data['ticket_replies'] = $db->loadObjectList() ?: [];
+
+			// Consent log
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('*')
+					->from($db->quoteName('#__mokowaas_consent_log'))
+					->where($db->quoteName('user_id') . ' = ' . $userId)
+					->order('created ASC')
+			);
+			$data['consent_history'] = $db->loadObjectList() ?: [];
+
+			// Community Builder profile (if table exists)
+			try
+			{
+				$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%comprofiler%'));
+
+				if ($db->loadResult())
+				{
+					$db->setQuery(
+						$db->getQuery(true)
+							->select('*')
+							->from($db->quoteName('#__comprofiler'))
+							->where($db->quoteName('user_id') . ' = ' . $userId)
+					);
+					$data['community_builder'] = $db->loadObject();
+				}
+			}
+			catch (\Throwable $e) {}
+
+			return ['success' => true, 'message' => 'Data exported.', 'data' => $data];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Export failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Anonymize a user's data (GDPR right to be forgotten — soft).
+	 */
+	public function anonymizeUserData(int $userId): array
+	{
+		$db  = $this->getDatabase();
+		$now = Factory::getDate()->toSql();
+		$anon = 'Anonymous User #' . $userId;
+
+		try
+		{
+			// Anonymize user record
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__users'))
+					->set([
+						$db->quoteName('name') . ' = ' . $db->quote($anon),
+						$db->quoteName('username') . ' = ' . $db->quote('anon_' . $userId),
+						$db->quoteName('email') . ' = ' . $db->quote('anon_' . $userId . '@deleted.local'),
+						$db->quoteName('password') . ' = ' . $db->quote(''),
+						$db->quoteName('block') . ' = 1',
+						$db->quoteName('params') . ' = ' . $db->quote('{}'),
+					])
+					->where($db->quoteName('id') . ' = ' . $userId)
+			)->execute();
+
+			// Anonymize article authorship
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__content'))
+					->set($db->quoteName('created_by_alias') . ' = ' . $db->quote($anon))
+					->where($db->quoteName('created_by') . ' = ' . $userId)
+			)->execute();
+
+			// Delete action logs
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__action_logs'))
+					->where($db->quoteName('user_id') . ' = ' . $userId)
+			)->execute();
+
+			// Anonymize ticket replies
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__mokowaas_ticket_replies'))
+					->set($db->quoteName('body') . ' = ' . $db->quote('[Content removed per data request]'))
+					->where($db->quoteName('user_id') . ' = ' . $userId)
+			)->execute();
+
+			// Community Builder
+			try
+			{
+				$db->setQuery('SHOW TABLES LIKE ' . $db->quote('%comprofiler%'));
+
+				if ($db->loadResult())
+				{
+					$db->setQuery(
+						$db->getQuery(true)
+							->update($db->quoteName('#__comprofiler'))
+							->set([
+								$db->quoteName('firstname') . ' = ' . $db->quote('Anonymous'),
+								$db->quoteName('lastname') . ' = ' . $db->quote('User'),
+								$db->quoteName('middlename') . ' = ' . $db->quote(''),
+							])
+							->where($db->quoteName('user_id') . ' = ' . $userId)
+					)->execute();
+				}
+			}
+			catch (\Throwable $e) {}
+
+			// Clear Joomla user profile fields (#7)
+			try
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__user_profiles'))
+						->where($db->quoteName('user_id') . ' = ' . $userId)
+				)->execute();
+			}
+			catch (\Throwable $e) {}
+
+			// Clear contact details if linked
+			try
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__contact_details'))
+						->where($db->quoteName('user_id') . ' = ' . $userId)
+				)->execute();
+			}
+			catch (\Throwable $e) {}
+
+			// Log the anonymization
+			$this->logConsent($userId, 'account_anonymized', 'granted');
+
+			return ['success' => true, 'message' => 'User #' . $userId . ' data anonymized.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Anonymization failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Delete a user's data completely (hard delete).
+	 */
+	public function deleteUserData(int $userId): array
+	{
+		$result = $this->anonymizeUserData($userId);
+
+		if (!$result['success'])
+		{
+			return $result;
+		}
+
+		$db = $this->getDatabase();
+
+		try
+		{
+			// Delete tickets and replies
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('id'))
+					->from($db->quoteName('#__mokowaas_tickets'))
+					->where($db->quoteName('created_by') . ' = ' . $userId)
+			);
+			$ticketIds = $db->loadColumn() ?: [];
+
+			if (!empty($ticketIds))
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__mokowaas_ticket_replies'))
+						->where($db->quoteName('ticket_id') . ' IN (' . implode(',', $ticketIds) . ')')
+				)->execute();
+
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__mokowaas_tickets'))
+						->where($db->quoteName('created_by') . ' = ' . $userId)
+				)->execute();
+			}
+
+			// Delete consent log
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__mokowaas_consent_log'))
+					->where($db->quoteName('user_id') . ' = ' . $userId)
+			)->execute();
+
+			// Delete user record
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__users'))
+					->where($db->quoteName('id') . ' = ' . $userId)
+			)->execute();
+
+			return ['success' => true, 'message' => 'User #' . $userId . ' data permanently deleted.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Deletion failed: ' . $e->getMessage()];
+		}
+	}
+
+	// ==================================================================
+	// Consent Management
+	// ==================================================================
+
+	/**
+	 * Get consent status for a user.
+	 */
+	public function getUserConsent(int $userId): array
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select('*')
+				->from($db->quoteName('#__mokowaas_consent_log'))
+				->where($db->quoteName('user_id') . ' = ' . $userId)
+				->order($db->quoteName('created') . ' DESC')
+		);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Record a consent action.
+	 */
+	public function logConsent(int $userId, string $category, string $action): void
+	{
+		$db  = $this->getDatabase();
+		$row = (object) [
+			'user_id'    => $userId,
+			'category'   => $category,
+			'action'     => $action === 'revoked' ? 'revoked' : 'granted',
+			'ip_address' => $_SERVER['REMOTE_ADDR'] ?? '',
+			'created'    => Factory::getDate()->toSql(),
+		];
+		$db->insertObject('#__mokowaas_consent_log', $row, 'id');
+	}
+
+	// ==================================================================
+	// Retention Policy Enforcement
+	// ==================================================================
+
+	/**
+	 * Get all retention policies.
+	 */
+	public function getRetentionPolicies(): array
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select('*')
+				->from($db->quoteName('#__mokowaas_retention_policies'))
+				->order($db->quoteName('id') . ' ASC')
+		);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Run retention policy enforcement (called by scheduled task).
+	 */
+	public function enforceRetentionPolicies(): array
+	{
+		$db       = $this->getDatabase();
+		$results  = ['policies_run' => 0, 'items_affected' => 0];
+		$policies = $this->getRetentionPolicies();
+
+		foreach ($policies as $policy)
+		{
+			if (!(int) $policy->enabled)
+			{
+				continue;
+			}
+
+			$cutoff = Factory::getDate('-' . (int) $policy->retention_days . ' days')->toSql();
+			$count  = 0;
+
+			try
+			{
+				switch ($policy->content_type)
+				{
+					case 'action_logs':
+						$db->setQuery(
+							$db->getQuery(true)
+								->delete($db->quoteName('#__action_logs'))
+								->where($db->quoteName('log_date') . ' < ' . $db->quote($cutoff))
+						)->execute();
+						$count = $db->getAffectedRows();
+						break;
+
+					case 'waf_logs':
+						$db->setQuery(
+							$db->getQuery(true)
+								->delete($db->quoteName('#__mokowaas_waf_log'))
+								->where($db->quoteName('created') . ' < ' . $db->quote($cutoff))
+						)->execute();
+						$count = $db->getAffectedRows();
+						break;
+
+					case 'sessions':
+						$db->setQuery(
+							$db->getQuery(true)
+								->delete($db->quoteName('#__session'))
+								->where($db->quoteName('time') . ' < ' . (int) strtotime($cutoff))
+						)->execute();
+						$count = $db->getAffectedRows();
+						break;
+
+					case 'closed_tickets':
+						if ($policy->action === 'anonymize')
+						{
+							$db->setQuery(
+								$db->getQuery(true)
+									->update($db->quoteName('#__mokowaas_tickets'))
+									->set($db->quoteName('body') . ' = ' . $db->quote('[Removed per retention policy]'))
+									->where($db->quoteName('status') . ' = ' . $db->quote('closed'))
+									->where($db->quoteName('closed') . ' < ' . $db->quote($cutoff))
+									->where($db->quoteName('body') . ' != ' . $db->quote('[Removed per retention policy]'))
+							)->execute();
+							$count = $db->getAffectedRows();
+						}
+						break;
+
+					case 'inactive_users':
+						if ($policy->action === 'anonymize')
+						{
+							$db->setQuery(
+								$db->getQuery(true)
+									->select($db->quoteName('id'))
+									->from($db->quoteName('#__users'))
+									->where($db->quoteName('lastvisitDate') . ' < ' . $db->quote($cutoff))
+									->where($db->quoteName('lastvisitDate') . ' != ' . $db->quote('0000-00-00 00:00:00'))
+									->where($db->quoteName('block') . ' = 0')
+									->where($db->quoteName('username') . ' NOT LIKE ' . $db->quote('anon_%'))
+							);
+							$userIds = $db->loadColumn() ?: [];
+
+							foreach ($userIds as $uid)
+							{
+								$this->anonymizeUserData((int) $uid);
+								$count++;
+							}
+						}
+						break;
+				}
+
+				if ($count > 0)
+				{
+					$results['policies_run']++;
+					$results['items_affected'] += $count;
+					Log::add(\sprintf('Retention: %s — %d items affected', $policy->content_type, $count), Log::INFO, 'mokowaas');
+				}
+			}
+			catch (\Throwable $e)
+			{
+				Log::add('Retention policy error (' . $policy->content_type . '): ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+			}
+		}
+
+		return $results;
+	}
+
+	/**
+	 * Get privacy dashboard summary counts.
+	 */
+	public function getDashboardSummary(): object
+	{
+		$db = $this->getDatabase();
+
+		$summary = (object) [
+			'pending_requests' => 0,
+			'total_requests'   => 0,
+			'consent_entries'  => 0,
+			'policies_active'  => 0,
+		];
+
+		try
+		{
+			$db->setQuery('SELECT COUNT(*) FROM #__mokowaas_data_requests WHERE status = ' . $db->quote('pending'));
+			$summary->pending_requests = (int) $db->loadResult();
+
+			$db->setQuery('SELECT COUNT(*) FROM #__mokowaas_data_requests');
+			$summary->total_requests = (int) $db->loadResult();
+
+			$db->setQuery('SELECT COUNT(*) FROM #__mokowaas_consent_log');
+			$summary->consent_entries = (int) $db->loadResult();
+
+			$db->setQuery('SELECT COUNT(*) FROM #__mokowaas_retention_policies WHERE enabled = 1');
+			$summary->policies_active = (int) $db->loadResult();
+		}
+		catch (\Throwable $e) {}
+
+		return $summary;
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/Model/TicketsModel.php b/source/packages/com_mokowaas/admin/src/Model/TicketsModel.php
new file mode 100644
index 00000000..34bfc928
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Model/TicketsModel.php
@@ -0,0 +1,945 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+use Moko\Component\MokoWaaS\Administrator\Service\NotificationService;
+
+class TicketsModel extends BaseDatabaseModel
+{
+	/**
+	 * Get ticket list with filters.
+	 */
+	public function getTickets(array $filters = []): array
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('t.id'),
+				$db->quoteName('t.subject'),
+				$db->quoteName('t.status'),
+				$db->quoteName('t.priority'),
+				$db->quoteName('t.created'),
+				$db->quoteName('t.modified'),
+				$db->quoteName('t.sla_response_due'),
+				$db->quoteName('t.sla_resolution_due'),
+				$db->quoteName('t.sla_responded'),
+				$db->quoteName('c.title', 'category_title'),
+				$db->quoteName('u.name', 'created_by_name'),
+				$db->quoteName('a.name', 'assigned_to_name'),
+			])
+			->from($db->quoteName('#__mokowaas_tickets', 't'))
+			->leftJoin($db->quoteName('#__mokowaas_ticket_categories', 'c') . ' ON c.id = t.category_id')
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = t.created_by')
+			->leftJoin($db->quoteName('#__users', 'a') . ' ON a.id = t.assigned_to');
+
+		if (!empty($filters['status']))
+		{
+			$query->where($db->quoteName('t.status') . ' = ' . $db->quote($filters['status']));
+		}
+
+		if (!empty($filters['priority']))
+		{
+			$query->where($db->quoteName('t.priority') . ' = ' . $db->quote($filters['priority']));
+		}
+
+		if (!empty($filters['assigned_to']))
+		{
+			$query->where($db->quoteName('t.assigned_to') . ' = ' . (int) $filters['assigned_to']);
+		}
+
+		if (!empty($filters['category_id']))
+		{
+			$query->where($db->quoteName('t.category_id') . ' = ' . (int) $filters['category_id']);
+		}
+
+		$query->order($db->quoteName('t.created') . ' DESC');
+		$query->setLimit(50);
+
+		$db->setQuery($query);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Get a single ticket with all replies.
+	 */
+	public function getTicket(int $id): ?object
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('t') . '.*',
+				$db->quoteName('c.title', 'category_title'),
+				$db->quoteName('u.name', 'created_by_name'),
+				$db->quoteName('u.email', 'created_by_email'),
+				$db->quoteName('a.name', 'assigned_to_name'),
+			])
+			->from($db->quoteName('#__mokowaas_tickets', 't'))
+			->leftJoin($db->quoteName('#__mokowaas_ticket_categories', 'c') . ' ON c.id = t.category_id')
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = t.created_by')
+			->leftJoin($db->quoteName('#__users', 'a') . ' ON a.id = t.assigned_to')
+			->where($db->quoteName('t.id') . ' = ' . $id);
+		$db->setQuery($query);
+		$ticket = $db->loadObject();
+
+		if (!$ticket)
+		{
+			return null;
+		}
+
+		// Load replies
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('r') . '.*',
+				$db->quoteName('u.name', 'user_name'),
+			])
+			->from($db->quoteName('#__mokowaas_ticket_replies', 'r'))
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = r.user_id')
+			->where($db->quoteName('r.ticket_id') . ' = ' . $id)
+			->order($db->quoteName('r.created') . ' ASC');
+		$db->setQuery($query);
+		$ticket->replies = $db->loadObjectList() ?: [];
+
+		// Reply count
+		$ticket->reply_count = \count($ticket->replies);
+
+		return $ticket;
+	}
+
+	/**
+	 * Create a new ticket.
+	 */
+	public function createTicket(array $data): array
+	{
+		try
+		{
+			$db   = $this->getDatabase();
+			$user = Factory::getApplication()->getIdentity();
+			$now  = Factory::getDate()->toSql();
+
+			$ticket = (object) [
+				'subject'     => $data['subject'] ?? '',
+				'body'        => $data['body'] ?? '',
+				'status'      => 'open',
+				'priority'    => $data['priority'] ?? 'normal',
+				'category_id' => (int) ($data['category_id'] ?? 0) ?: null,
+				'created_by'  => $user->id,
+				'assigned_to' => (int) ($data['assigned_to'] ?? 0) ?: null,
+				'created'     => $now,
+				'modified'    => $now,
+			];
+
+			// Auto-assign from category
+			if (!$ticket->assigned_to && $ticket->category_id)
+			{
+				$query = $db->getQuery(true)
+					->select($db->quoteName('auto_assign_user'))
+					->from($db->quoteName('#__mokowaas_ticket_categories'))
+					->where($db->quoteName('id') . ' = ' . (int) $ticket->category_id);
+				$db->setQuery($query);
+				$autoAssign = (int) $db->loadResult();
+
+				if ($autoAssign)
+				{
+					$ticket->assigned_to = $autoAssign;
+				}
+			}
+
+			// SLA deadlines from category
+			if ($ticket->category_id)
+			{
+				$query = $db->getQuery(true)
+					->select([$db->quoteName('sla_response_minutes'), $db->quoteName('sla_resolution_minutes')])
+					->from($db->quoteName('#__mokowaas_ticket_categories'))
+					->where($db->quoteName('id') . ' = ' . (int) $ticket->category_id);
+				$db->setQuery($query);
+				$sla = $db->loadObject();
+
+				if ($sla)
+				{
+					$ticket->sla_response_due   = Factory::getDate($now)->modify('+' . (int) $sla->sla_response_minutes . ' minutes')->toSql();
+					$ticket->sla_resolution_due = Factory::getDate($now)->modify('+' . (int) $sla->sla_resolution_minutes . ' minutes')->toSql();
+				}
+			}
+
+			$db->insertObject('#__mokowaas_tickets', $ticket, 'id');
+
+			// Run automation + notifications
+			$this->runAutomation('ticket_created', (int) $ticket->id);
+			NotificationService::notify('ticket_created', $this->getTicket((int) $ticket->id));
+
+			return ['success' => true, 'message' => 'Ticket #' . $ticket->id . ' created.', 'id' => (int) $ticket->id];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Add a reply to a ticket.
+	 */
+	public function addReply(int $ticketId, string $body, bool $isInternal = false): array
+	{
+		try
+		{
+			$db   = $this->getDatabase();
+			$user = Factory::getApplication()->getIdentity();
+			$now  = Factory::getDate()->toSql();
+
+			$reply = (object) [
+				'ticket_id'   => $ticketId,
+				'user_id'     => $user->id,
+				'body'        => $body,
+				'is_internal' => $isInternal ? 1 : 0,
+				'created'     => $now,
+			];
+
+			$db->insertObject('#__mokowaas_ticket_replies', $reply, 'id');
+
+			// Mark SLA as responded only for staff replies (not customer self-replies)
+			$ticket = $this->getTicket($ticketId);
+			$isStaffReply = $ticket && (int) $user->id !== (int) $ticket->created_by;
+
+			$updateQuery = $db->getQuery(true)
+				->update($db->quoteName('#__mokowaas_tickets'))
+				->set($db->quoteName('modified') . ' = ' . $db->quote($now))
+				->where($db->quoteName('id') . ' = ' . $ticketId);
+
+			if ($isStaffReply)
+			{
+				$updateQuery->set($db->quoteName('sla_responded') . ' = 1')
+					->where($db->quoteName('sla_responded') . ' = 0');
+			}
+
+			$db->setQuery($updateQuery)->execute();
+
+			// Run automation + notifications (skip internal notes)
+			$this->runAutomation('ticket_replied', $ticketId);
+
+			if (!$isInternal)
+			{
+				NotificationService::notify('ticket_replied', $this->getTicket($ticketId), ['reply_body' => $body]);
+			}
+
+			return ['success' => true, 'message' => 'Reply added.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Update ticket status.
+	 */
+	public function updateStatus(int $ticketId, string $status): array
+	{
+		$valid = ['open', 'in_progress', 'waiting', 'resolved', 'closed'];
+
+		if (!\in_array($status, $valid, true))
+		{
+			return ['success' => false, 'message' => 'Invalid status.'];
+		}
+
+		try
+		{
+			$db  = $this->getDatabase();
+			$now = Factory::getDate()->toSql();
+
+			// Capture old status for notification
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('status'))
+					->from($db->quoteName('#__mokowaas_tickets'))
+					->where($db->quoteName('id') . ' = ' . $ticketId)
+			);
+			$oldStatus = $db->loadResult() ?? '';
+
+			$sets = [
+				$db->quoteName('status') . ' = ' . $db->quote($status),
+				$db->quoteName('modified') . ' = ' . $db->quote($now),
+			];
+
+			if ($status === 'resolved')
+			{
+				$sets[] = $db->quoteName('resolved') . ' = ' . $db->quote($now);
+			}
+
+			if ($status === 'closed')
+			{
+				$sets[] = $db->quoteName('closed') . ' = ' . $db->quote($now);
+			}
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__mokowaas_tickets'))
+					->set($sets)
+					->where($db->quoteName('id') . ' = ' . $ticketId)
+			)->execute();
+
+			// Run automation + notifications
+			$this->runAutomation('status_changed', $ticketId);
+			NotificationService::notify('status_changed', $this->getTicket($ticketId), ['old_status' => $oldStatus]);
+
+			return ['success' => true, 'message' => 'Status updated to ' . $status . '.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Get all ticket categories.
+	 */
+	public function getCategories(): array
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select('*')
+				->from($db->quoteName('#__mokowaas_ticket_categories'))
+				->where($db->quoteName('published') . ' = 1')
+				->order($db->quoteName('ordering') . ' ASC')
+		);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Get canned responses, optionally filtered by category.
+	 */
+	public function getCannedResponses(int $categoryId = 0): array
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select('*')
+			->from($db->quoteName('#__mokowaas_ticket_canned'))
+			->order($db->quoteName('ordering') . ' ASC');
+
+		if ($categoryId)
+		{
+			$query->where('(' . $db->quoteName('category_id') . ' = ' . $categoryId
+				. ' OR ' . $db->quoteName('category_id') . ' IS NULL)');
+		}
+
+		$db->setQuery($query);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Get ticket counts by status for dashboard.
+	 */
+	public function getStatusCounts(): object
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select([$db->quoteName('status'), 'COUNT(*) AS ' . $db->quoteName('cnt')])
+				->from($db->quoteName('#__mokowaas_tickets'))
+				->group($db->quoteName('status'))
+		);
+		$rows = $db->loadObjectList('status') ?: [];
+
+		return (object) [
+			'open'        => (int) ($rows['open']->cnt ?? 0),
+			'in_progress' => (int) ($rows['in_progress']->cnt ?? 0),
+			'waiting'     => (int) ($rows['waiting']->cnt ?? 0),
+			'resolved'    => (int) ($rows['resolved']->cnt ?? 0),
+			'closed'      => (int) ($rows['closed']->cnt ?? 0),
+			'total'       => array_sum(array_map(fn($r) => (int) $r->cnt, $rows)),
+		];
+	}
+
+	/**
+	 * Get overdue tickets (SLA breached).
+	 */
+	public function getOverdueTickets(): array
+	{
+		$db  = $this->getDatabase();
+		$now = Factory::getDate()->toSql();
+
+		$query = $db->getQuery(true)
+			->select([$db->quoteName('id'), $db->quoteName('subject'), $db->quoteName('priority'),
+				$db->quoteName('sla_response_due'), $db->quoteName('sla_resolution_due'), $db->quoteName('sla_responded')])
+			->from($db->quoteName('#__mokowaas_tickets'))
+			->where($db->quoteName('status') . ' NOT IN (' . $db->quote('resolved') . ',' . $db->quote('closed') . ')')
+			->where('((' . $db->quoteName('sla_response_due') . ' < ' . $db->quote($now) . ' AND ' . $db->quoteName('sla_responded') . ' = 0)'
+				. ' OR ' . $db->quoteName('sla_resolution_due') . ' < ' . $db->quote($now) . ')')
+			->order($db->quoteName('sla_resolution_due') . ' ASC');
+		$db->setQuery($query);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	// ==================================================================
+	// Automation Engine
+	// ==================================================================
+
+	/**
+	 * Run automation rules for a specific trigger event against a ticket.
+	 *
+	 * @param  string  $event     trigger_event: ticket_created, ticket_replied, status_changed, scheduled
+	 * @param  int     $ticketId  The ticket to evaluate
+	 */
+	public function runAutomation(string $event, int $ticketId): void
+	{
+		try
+		{
+			$db = $this->getDatabase();
+
+			// Load enabled rules for this event
+			$query = $db->getQuery(true)
+				->select('*')
+				->from($db->quoteName('#__mokowaas_ticket_automation'))
+				->where($db->quoteName('trigger_event') . ' = ' . $db->quote($event))
+				->where($db->quoteName('enabled') . ' = 1')
+				->order($db->quoteName('ordering') . ' ASC');
+			$db->setQuery($query);
+			$rules = $db->loadObjectList() ?: [];
+
+			if (empty($rules))
+			{
+				return;
+			}
+
+			// Load the ticket
+			$ticket = $this->getTicket($ticketId);
+
+			if (!$ticket)
+			{
+				return;
+			}
+
+			// Calculate age in hours
+			$ticket->age_hours = (time() - strtotime($ticket->created)) / 3600;
+
+			foreach ($rules as $rule)
+			{
+				$conditions = json_decode($rule->conditions, true) ?: [];
+				$actions    = json_decode($rule->actions, true) ?: [];
+
+				if ($this->evaluateConditions($conditions, $ticket))
+				{
+					$this->executeActions($actions, $ticketId, $ticket);
+				}
+			}
+		}
+		catch (\Throwable $e)
+		{
+			\Joomla\CMS\Log\Log::add('Automation error: ' . $e->getMessage(), \Joomla\CMS\Log\Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Run all scheduled automation rules against all open tickets.
+	 */
+	public function runScheduledAutomation(): array
+	{
+		$db      = $this->getDatabase();
+		$results = ['evaluated' => 0, 'acted' => 0];
+
+		// Load scheduled rules
+		$query = $db->getQuery(true)
+			->select('*')
+			->from($db->quoteName('#__mokowaas_ticket_automation'))
+			->where($db->quoteName('trigger_event') . ' = ' . $db->quote('scheduled'))
+			->where($db->quoteName('enabled') . ' = 1')
+			->order($db->quoteName('ordering') . ' ASC');
+		$db->setQuery($query);
+		$rules = $db->loadObjectList() ?: [];
+
+		if (empty($rules))
+		{
+			return $results;
+		}
+
+		// Load all non-closed tickets
+		$query = $db->getQuery(true)
+			->select('*')
+			->from($db->quoteName('#__mokowaas_tickets'))
+			->where($db->quoteName('status') . ' != ' . $db->quote('closed'));
+		$db->setQuery($query);
+		$tickets = $db->loadObjectList() ?: [];
+
+		foreach ($tickets as $ticket)
+		{
+			$ticket->age_hours = (time() - strtotime($ticket->created)) / 3600;
+			$ticket->replies   = [];
+			$results['evaluated']++;
+
+			foreach ($rules as $rule)
+			{
+				$conditions = json_decode($rule->conditions, true) ?: [];
+				$actions    = json_decode($rule->actions, true) ?: [];
+
+				if ($this->evaluateConditions($conditions, $ticket))
+				{
+					$this->executeActions($actions, (int) $ticket->id, $ticket);
+					$results['acted']++;
+				}
+			}
+		}
+
+		return $results;
+	}
+
+	/**
+	 * Evaluate a set of conditions against a ticket (all must match).
+	 */
+	private function evaluateConditions(array $conditions, object $ticket): bool
+	{
+		foreach ($conditions as $cond)
+		{
+			$field = $cond['field'] ?? '';
+			$op    = $cond['op'] ?? 'eq';
+			$value = $cond['value'] ?? '';
+
+			$ticketValue = $ticket->{$field} ?? null;
+
+			if ($ticketValue === null)
+			{
+				return false;
+			}
+
+			switch ($op)
+			{
+				case 'eq':
+					if ((string) $ticketValue !== (string) $value) return false;
+					break;
+				case 'neq':
+					if ((string) $ticketValue === (string) $value) return false;
+					break;
+				case 'gt':
+					if ((float) $ticketValue <= (float) $value) return false;
+					break;
+				case 'lt':
+					if ((float) $ticketValue >= (float) $value) return false;
+					break;
+				case 'in':
+					$list = array_map('trim', explode(',', $value));
+					if (!\in_array((string) $ticketValue, $list, true)) return false;
+					break;
+				case 'not_in':
+					$list = array_map('trim', explode(',', $value));
+					if (\in_array((string) $ticketValue, $list, true)) return false;
+					break;
+				default:
+					return false;
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * Execute a set of actions on a ticket.
+	 */
+	private function executeActions(array $actions, int $ticketId, object $ticket): void
+	{
+		$db  = $this->getDatabase();
+		$now = Factory::getDate()->toSql();
+
+		foreach ($actions as $action)
+		{
+			$type  = $action['type'] ?? '';
+			$value = $action['value'] ?? '';
+
+			switch ($type)
+			{
+				case 'set_status':
+					$this->updateStatus($ticketId, $value);
+					break;
+
+				case 'set_priority':
+					$db->setQuery(
+						$db->getQuery(true)
+							->update($db->quoteName('#__mokowaas_tickets'))
+							->set($db->quoteName('priority') . ' = ' . $db->quote($value))
+							->set($db->quoteName('modified') . ' = ' . $db->quote($now))
+							->where($db->quoteName('id') . ' = ' . $ticketId)
+					)->execute();
+					break;
+
+				case 'assign':
+					$db->setQuery(
+						$db->getQuery(true)
+							->update($db->quoteName('#__mokowaas_tickets'))
+							->set($db->quoteName('assigned_to') . ' = ' . (int) $value)
+							->set($db->quoteName('modified') . ' = ' . $db->quote($now))
+							->where($db->quoteName('id') . ' = ' . $ticketId)
+					)->execute();
+					break;
+
+				case 'add_note':
+					$reply = (object) [
+						'ticket_id'   => $ticketId,
+						'user_id'     => 0,
+						'body'        => $value,
+						'is_internal' => 1,
+						'created'     => $now,
+					];
+					$db->insertObject('#__mokowaas_ticket_replies', $reply, 'id');
+					break;
+
+				case 'send_email':
+					// value = email address or comma-separated list
+					$emails = array_filter(array_map('trim', explode(',', $value)));
+
+					foreach ($emails as $email)
+					{
+						try
+						{
+							$mailer = Factory::getMailer();
+							$mailer->addRecipient($email);
+							$mailer->setSubject('[Ticket #' . $ticketId . '] Automation Alert');
+							$mailer->setBody('Automation rule triggered for ticket #' . $ticketId . ': ' . ($ticket->subject ?? ''));
+							$mailer->isHtml(false);
+							$mailer->Send();
+						}
+						catch (\Throwable $e)
+						{
+							\Joomla\CMS\Log\Log::add('Automation email failed: ' . $e->getMessage(), \Joomla\CMS\Log\Log::WARNING, 'mokowaas');
+						}
+					}
+					break;
+
+				case 'create_ticket':
+					// value = JSON: {"subject":"...","body":"...","category_id":1,"priority":"normal","behavior":"append"}
+					$ticketData = json_decode($value, true) ?: [];
+					$behavior   = $ticketData['behavior'] ?? 'append';
+					$userId     = (int) ($ticket->created_by ?? 0);
+					$catId      = (int) ($ticketData['category_id'] ?? 0);
+
+					if ($behavior === 'append' && $userId > 0)
+					{
+						// Check for existing open ticket from this user in this category
+						$db->setQuery(
+							$db->getQuery(true)
+								->select($db->quoteName('id'))
+								->from($db->quoteName('#__mokowaas_tickets'))
+								->where($db->quoteName('created_by') . ' = ' . $userId)
+								->where($db->quoteName('status') . ' NOT IN (' . $db->quote('resolved') . ',' . $db->quote('closed') . ')')
+								->where($catId ? $db->quoteName('category_id') . ' = ' . $catId : '1=1')
+								->order($db->quoteName('created') . ' DESC')
+								->setLimit(1)
+						);
+						$existingId = (int) $db->loadResult();
+
+						if ($existingId)
+						{
+							$this->addReply($existingId, $ticketData['body'] ?? 'Automation event', true);
+							break;
+						}
+					}
+					elseif ($behavior === 'skip_if_open' && $userId > 0)
+					{
+						$db->setQuery(
+							$db->getQuery(true)
+								->select('COUNT(*)')
+								->from($db->quoteName('#__mokowaas_tickets'))
+								->where($db->quoteName('created_by') . ' = ' . $userId)
+								->where($db->quoteName('status') . ' NOT IN (' . $db->quote('resolved') . ',' . $db->quote('closed') . ')')
+						);
+
+						if ((int) $db->loadResult() > 0)
+						{
+							break;
+						}
+					}
+
+					// Create new ticket
+					$this->createTicket([
+						'subject'     => $ticketData['subject'] ?? 'Automation: ' . ($ticket->subject ?? 'System event'),
+						'body'        => $ticketData['body'] ?? '',
+						'priority'    => $ticketData['priority'] ?? 'normal',
+						'category_id' => $catId,
+					]);
+					break;
+			}
+		}
+	}
+
+	/**
+	 * Run automation for a system event (not tied to a specific ticket).
+	 * Creates a virtual ticket context from event data.
+	 */
+	public function runSystemEventAutomation(string $event, array $eventData = []): void
+	{
+		try
+		{
+			$db = $this->getDatabase();
+
+			$query = $db->getQuery(true)
+				->select('*')
+				->from($db->quoteName('#__mokowaas_ticket_automation'))
+				->where($db->quoteName('trigger_event') . ' = ' . $db->quote($event))
+				->where($db->quoteName('enabled') . ' = 1')
+				->order($db->quoteName('ordering') . ' ASC');
+			$db->setQuery($query);
+			$rules = $db->loadObjectList() ?: [];
+
+			if (empty($rules))
+			{
+				return;
+			}
+
+			// Build a virtual ticket-like object from event data
+			$context = (object) array_merge([
+				'id'         => 0,
+				'subject'    => $eventData['subject'] ?? $event,
+				'body'       => $eventData['body'] ?? '',
+				'status'     => 'open',
+				'priority'   => $eventData['priority'] ?? 'normal',
+				'created_by' => $eventData['user_id'] ?? 0,
+				'created'    => gmdate('Y-m-d H:i:s'),
+				'age_hours'  => 0,
+			], $eventData);
+
+			foreach ($rules as $rule)
+			{
+				$conditions = json_decode($rule->conditions, true) ?: [];
+				$actions    = json_decode($rule->actions, true) ?: [];
+
+				if (empty($conditions) || $this->evaluateConditions($conditions, $context))
+				{
+					$this->executeActions($actions, 0, $context);
+				}
+			}
+		}
+		catch (\Throwable $e)
+		{
+			\Joomla\CMS\Log\Log::add('System event automation error: ' . $e->getMessage(), \Joomla\CMS\Log\Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Get all automation rules.
+	 */
+	public function getAutomationRules(): array
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select('*')
+				->from($db->quoteName('#__mokowaas_ticket_automation'))
+				->order($db->quoteName('ordering') . ' ASC')
+		);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	// ==================================================================
+	// Akeeba Ticket System Importer
+	// ==================================================================
+
+	/**
+	 * Check if ATS tables exist and return counts.
+	 */
+	public function checkAtsAvailable(): ?object
+	{
+		$db = $this->getDatabase();
+
+		try
+		{
+			$db->setQuery('SELECT COUNT(*) FROM #__ats_tickets');
+			$tickets = (int) $db->loadResult();
+
+			$db->setQuery('SELECT COUNT(*) FROM #__ats_posts');
+			$posts = (int) $db->loadResult();
+
+			$db->setQuery('SELECT COUNT(*) FROM #__ats_cannedreplies');
+			$canned = (int) $db->loadResult();
+
+			return (object) ['tickets' => $tickets, 'posts' => $posts, 'canned' => $canned];
+		}
+		catch (\Throwable $e)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * Import tickets, replies, and canned responses from Akeeba Ticket System.
+	 */
+	public function importFromAts(): array
+	{
+		$db      = $this->getDatabase();
+		$results = ['tickets' => 0, 'replies' => 0, 'canned' => 0, 'errors' => []];
+
+		try
+		{
+			// Status mapping: ATS → MokoWaaS
+			$statusMap = [
+				'O' => 'open',       // Open
+				'P' => 'in_progress', // Pending (staff action needed)
+				'C' => 'closed',     // Closed
+			];
+			// Numeric statuses 1-99 are custom — map to open
+			for ($i = 1; $i <= 99; $i++)
+			{
+				$statusMap[(string) $i] = 'open';
+			}
+
+			// Priority mapping: ATS uses 1-5, we use enum
+			$priorityMap = [
+				1 => 'low',
+				2 => 'low',
+				3 => 'normal',
+				4 => 'high',
+				5 => 'urgent',
+			];
+
+			// Category mapping: ATS uses Joomla categories, map catid to our category
+			// Default all to General Support (1) — admin can reassign later
+			$defaultCategory = 1;
+
+			// Import canned replies first
+			$db->setQuery('SELECT * FROM #__ats_cannedreplies WHERE enabled = 1 ORDER BY ordering');
+			$atsCanned = $db->loadObjectList() ?: [];
+
+			foreach ($atsCanned as $c)
+			{
+				$exists = $db->setQuery(
+					$db->getQuery(true)
+						->select('COUNT(*)')
+						->from('#__mokowaas_ticket_canned')
+						->where($db->quoteName('title') . ' = ' . $db->quote($c->title))
+				)->loadResult();
+
+				if ((int) $exists > 0)
+				{
+					continue;
+				}
+
+				$row = (object) [
+					'title'       => $c->title,
+					'body'        => strip_tags($c->reply ?? ''),
+					'category_id' => null,
+					'ordering'    => (int) ($c->ordering ?? 0),
+				];
+				$db->insertObject('#__mokowaas_ticket_canned', $row, 'id');
+				$results['canned']++;
+			}
+
+			// Import tickets
+			$db->setQuery('SELECT * FROM #__ats_tickets ORDER BY id');
+			$atsTickets = $db->loadObjectList() ?: [];
+
+			$ticketIdMap = []; // ATS id → MokoWaaS id
+
+			foreach ($atsTickets as $t)
+			{
+				// Skip if already imported (check by subject + created_by + created)
+				$exists = $db->setQuery(
+					$db->getQuery(true)
+						->select('COUNT(*)')
+						->from('#__mokowaas_tickets')
+						->where($db->quoteName('subject') . ' = ' . $db->quote($t->title))
+						->where($db->quoteName('created_by') . ' = ' . (int) $t->created_by)
+				)->loadResult();
+
+				if ((int) $exists > 0)
+				{
+					continue;
+				}
+
+				$status   = $statusMap[$t->status] ?? 'open';
+				$priority = $priorityMap[(int) $t->priority] ?? 'normal';
+
+				$row = (object) [
+					'subject'      => $t->title,
+					'body'         => '',
+					'status'       => $status,
+					'priority'     => $priority,
+					'category_id'  => $defaultCategory,
+					'created_by'   => (int) $t->created_by,
+					'assigned_to'  => (int) $t->assigned_to ?: null,
+					'created'      => $t->created ?: Factory::getDate()->toSql(),
+					'modified'     => $t->modified,
+					'resolved'     => $status === 'closed' ? ($t->modified ?: $t->created) : null,
+					'closed'       => $status === 'closed' ? ($t->modified ?: $t->created) : null,
+					'sla_responded' => 1,
+				];
+
+				$db->insertObject('#__mokowaas_tickets', $row, 'id');
+				$ticketIdMap[(int) $t->id] = (int) $row->id;
+				$results['tickets']++;
+			}
+
+			// Import posts (replies)
+			$db->setQuery('SELECT * FROM #__ats_posts ORDER BY id');
+			$atsPosts = $db->loadObjectList() ?: [];
+
+			foreach ($atsPosts as $p)
+			{
+				$newTicketId = $ticketIdMap[(int) $p->ticket_id] ?? null;
+
+				if (!$newTicketId)
+				{
+					continue;
+				}
+
+				// First post of a ticket is usually the ticket body — update the ticket
+				if (empty($results['first_post_' . $p->ticket_id]))
+				{
+					$results['first_post_' . $p->ticket_id] = true;
+					$body = strip_tags($p->content_html ?? '');
+					$db->setQuery(
+						$db->getQuery(true)
+							->update('#__mokowaas_tickets')
+							->set($db->quoteName('body') . ' = ' . $db->quote($body))
+							->where($db->quoteName('id') . ' = ' . $newTicketId)
+					)->execute();
+
+					continue;
+				}
+
+				$row = (object) [
+					'ticket_id'   => $newTicketId,
+					'user_id'     => (int) $p->created_by,
+					'body'        => strip_tags($p->content_html ?? ''),
+					'is_internal' => 0,
+					'created'     => $p->created ?: Factory::getDate()->toSql(),
+				];
+
+				$db->insertObject('#__mokowaas_ticket_replies', $row, 'id');
+				$results['replies']++;
+			}
+
+			// Clean up temp tracking keys
+			foreach (array_keys($results) as $k)
+			{
+				if (str_starts_with($k, 'first_post_'))
+				{
+					unset($results[$k]);
+				}
+			}
+
+			return [
+				'success' => true,
+				'message' => sprintf(
+					'Imported %d tickets, %d replies, %d canned responses from Akeeba Ticket System.',
+					$results['tickets'], $results['replies'], $results['canned']
+				),
+				'counts'  => $results,
+			];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Import failed: ' . $e->getMessage()];
+		}
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/Model/WaflogModel.php b/source/packages/com_mokowaas/admin/src/Model/WaflogModel.php
new file mode 100644
index 00000000..591ba310
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Model/WaflogModel.php
@@ -0,0 +1,215 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+
+class WaflogModel extends BaseDatabaseModel
+{
+	/**
+	 * Get WAF log entries with filters and pagination.
+	 */
+	public function getLogs(array $filters = [], int $limit = 50, int $offset = 0): array
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select('*')
+			->from($db->quoteName('#__mokowaas_waf_log'));
+
+		if (!empty($filters['rule']))
+		{
+			$query->where($db->quoteName('rule') . ' = ' . $db->quote($filters['rule']));
+		}
+
+		if (!empty($filters['ip']))
+		{
+			$query->where($db->quoteName('ip') . ' LIKE ' . $db->quote('%' . $db->escape($filters['ip'], true) . '%'));
+		}
+
+		if (!empty($filters['search']))
+		{
+			$search = $db->quote('%' . $db->escape($filters['search'], true) . '%');
+			$query->where('(' . $db->quoteName('uri') . ' LIKE ' . $search
+				. ' OR ' . $db->quoteName('detail') . ' LIKE ' . $search
+				. ' OR ' . $db->quoteName('user_agent') . ' LIKE ' . $search . ')');
+		}
+
+		if (!empty($filters['date_from']))
+		{
+			$query->where($db->quoteName('created') . ' >= ' . $db->quote($filters['date_from'] . ' 00:00:00'));
+		}
+
+		if (!empty($filters['date_to']))
+		{
+			$query->where($db->quoteName('created') . ' <= ' . $db->quote($filters['date_to'] . ' 23:59:59'));
+		}
+
+		$query->order($db->quoteName('created') . ' DESC');
+		$query->setLimit($limit, $offset);
+
+		$db->setQuery($query);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Get total count for pagination.
+	 */
+	public function getTotal(array $filters = []): int
+	{
+		$db    = $this->getDatabase();
+		$query = $db->getQuery(true)
+			->select('COUNT(*)')
+			->from($db->quoteName('#__mokowaas_waf_log'));
+
+		if (!empty($filters['rule']))
+		{
+			$query->where($db->quoteName('rule') . ' = ' . $db->quote($filters['rule']));
+		}
+
+		if (!empty($filters['ip']))
+		{
+			$query->where($db->quoteName('ip') . ' LIKE ' . $db->quote('%' . $db->escape($filters['ip'], true) . '%'));
+		}
+
+		$db->setQuery($query);
+
+		return (int) $db->loadResult();
+	}
+
+	/**
+	 * Get block counts grouped by rule for the summary bar.
+	 */
+	public function getRuleCounts(): array
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select([$db->quoteName('rule'), 'COUNT(*) AS ' . $db->quoteName('cnt')])
+				->from($db->quoteName('#__mokowaas_waf_log'))
+				->group($db->quoteName('rule'))
+				->order($db->quoteName('cnt') . ' DESC')
+		);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Get top blocked IPs.
+	 */
+	public function getTopIps(int $limit = 10): array
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select([$db->quoteName('ip'), 'COUNT(*) AS ' . $db->quoteName('cnt'),
+					'MAX(' . $db->quoteName('created') . ') AS ' . $db->quoteName('last_seen')])
+				->from($db->quoteName('#__mokowaas_waf_log'))
+				->group($db->quoteName('ip'))
+				->order($db->quoteName('cnt') . ' DESC')
+				->setLimit($limit)
+		);
+
+		return $db->loadObjectList() ?: [];
+	}
+
+	/**
+	 * Get distinct rule names for the filter dropdown.
+	 */
+	public function getRuleNames(): array
+	{
+		$db = $this->getDatabase();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select('DISTINCT ' . $db->quoteName('rule'))
+				->from($db->quoteName('#__mokowaas_waf_log'))
+				->order($db->quoteName('rule') . ' ASC')
+		);
+
+		return $db->loadColumn() ?: [];
+	}
+
+	/**
+	 * Delete logs older than N days.
+	 */
+	public function purgeLogs(int $days): array
+	{
+		try
+		{
+			$db     = $this->getDatabase();
+			$cutoff = Factory::getDate('-' . $days . ' days')->toSql();
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__mokowaas_waf_log'))
+					->where($db->quoteName('created') . ' < ' . $db->quote($cutoff))
+			)->execute();
+
+			$count = $db->getAffectedRows();
+
+			return ['success' => true, 'message' => "Purged {$count} log entries older than {$days} days."];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Purge failed: ' . $e->getMessage()];
+		}
+	}
+
+	/**
+	 * Add an IP to the firewall blocklist.
+	 */
+	public function banIp(string $ip, string $reason = 'Banned from WAF log'): array
+	{
+		try
+		{
+			$db = $this->getDatabase();
+
+			$query = $db->getQuery(true)
+				->select($db->quoteName('params'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas_firewall'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
+			$db->setQuery($query);
+
+			$params    = new \Joomla\Registry\Registry($db->loadResult() ?? '{}');
+			$blocklist = json_decode($params->get('ip_blocklist', '[]'), true) ?: [];
+
+			// Check if already blocked
+			foreach ($blocklist as $entry)
+			{
+				if (($entry['ip'] ?? '') === $ip)
+				{
+					return ['success' => false, 'message' => $ip . ' is already blocked.'];
+				}
+			}
+
+			$blocklist[] = ['ip' => $ip, 'enabled' => '1', 'label' => $reason];
+			$params->set('ip_blocklist', json_encode($blocklist));
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+					->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas_firewall'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+			)->execute();
+
+			return ['success' => true, 'message' => $ip . ' has been added to the IP blocklist.'];
+		}
+		catch (\Throwable $e)
+		{
+			return ['success' => false, 'message' => 'Ban failed: ' . $e->getMessage()];
+		}
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/Service/NotificationService.php b/source/packages/com_mokowaas/admin/src/Service/NotificationService.php
new file mode 100644
index 00000000..5f4ed16b
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/Service/NotificationService.php
@@ -0,0 +1,416 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\Service;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Log\Log;
+use Joomla\CMS\Uri\Uri;
+
+/**
+ * Helpdesk email notification service.
+ *
+ * Sends emails for ticket events to Joomla users (by ID) and/or
+ * raw email addresses. Uses Joomla's configured mailer.
+ *
+ * @since  02.32.00
+ */
+class NotificationService
+{
+	/**
+	 * Send a ticket notification email.
+	 *
+	 * @param  string  $event      Event name (ticket_created, ticket_replied, status_changed, ticket_assigned)
+	 * @param  object  $ticket     Ticket object with id, subject, status, priority, created_by, assigned_to
+	 * @param  array   $extra      Extra context (reply body, old status, etc.)
+	 */
+	public static function notify(string $event, object $ticket, array $extra = []): void
+	{
+		try
+		{
+			$recipients = self::getRecipients($event, $ticket);
+
+			if (empty($recipients))
+			{
+				return;
+			}
+
+			$subject = self::buildSubject($event, $ticket);
+			$body    = self::buildBody($event, $ticket, $extra);
+
+			$mailer = Factory::getMailer();
+			$mailer->isHtml(false);
+			$mailer->setSubject($subject);
+			$mailer->setBody($body);
+
+			foreach ($recipients as $email)
+			{
+				$email = trim($email);
+
+				if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL))
+				{
+					continue;
+				}
+
+				try
+				{
+					$mailer->clearAddresses();
+					$mailer->addRecipient($email);
+					$mailer->Send();
+				}
+				catch (\Throwable $e)
+				{
+					Log::add('Notification send failed to ' . $email . ': ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+				}
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Notification error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Determine recipients based on event type and ticket data.
+	 */
+	private static function getRecipients(string $event, object $ticket): array
+	{
+		$emails = [];
+
+		// Get notification config from component params
+		$config = self::getNotificationConfig();
+
+		// Always notify configured admin emails
+		$adminEmails = array_filter(array_map('trim', explode(',', $config['admin_emails'] ?? '')));
+		$emails      = array_merge($emails, $adminEmails);
+
+		// Always notify configured admin user IDs
+		$adminUserIds = array_filter(array_map('intval', explode(',', $config['admin_user_ids'] ?? '')));
+
+		foreach ($adminUserIds as $uid)
+		{
+			$email = self::getUserEmail($uid);
+
+			if ($email)
+			{
+				$emails[] = $email;
+			}
+		}
+
+		switch ($event)
+		{
+			case 'ticket_created':
+				// Notify assigned user if any
+				if (!empty($ticket->assigned_to))
+				{
+					$email = self::getUserEmail((int) $ticket->assigned_to);
+
+					if ($email)
+					{
+						$emails[] = $email;
+					}
+				}
+				break;
+
+			case 'ticket_replied':
+				// Notify ticket creator (customer gets notified of staff reply)
+				if (!empty($ticket->created_by))
+				{
+					$email = self::getUserEmail((int) $ticket->created_by);
+
+					if ($email)
+					{
+						$emails[] = $email;
+					}
+				}
+
+				// Notify assigned user
+				if (!empty($ticket->assigned_to))
+				{
+					$email = self::getUserEmail((int) $ticket->assigned_to);
+
+					if ($email)
+					{
+						$emails[] = $email;
+					}
+				}
+				break;
+
+			case 'status_changed':
+				// Notify ticket creator
+				if (!empty($ticket->created_by))
+				{
+					$email = self::getUserEmail((int) $ticket->created_by);
+
+					if ($email)
+					{
+						$emails[] = $email;
+					}
+				}
+				break;
+
+			case 'ticket_assigned':
+				// Notify newly assigned user
+				if (!empty($ticket->assigned_to))
+				{
+					$email = self::getUserEmail((int) $ticket->assigned_to);
+
+					if ($email)
+					{
+						$emails[] = $email;
+					}
+				}
+				break;
+		}
+
+		return array_unique($emails);
+	}
+
+	/**
+	 * Build email subject line.
+	 */
+	private static function buildSubject(string $event, object $ticket): string
+	{
+		$siteName = Factory::getConfig()->get('sitename', 'Support');
+		$prefix   = '[' . $siteName . ' #' . $ticket->id . '] ';
+
+		switch ($event)
+		{
+			case 'ticket_created':
+				return $prefix . 'New Ticket: ' . ($ticket->subject ?? '');
+
+			case 'ticket_replied':
+				return $prefix . 'Reply: ' . ($ticket->subject ?? '');
+
+			case 'status_changed':
+				return $prefix . 'Status Changed: ' . ($ticket->subject ?? '');
+
+			case 'ticket_assigned':
+				return $prefix . 'Assigned: ' . ($ticket->subject ?? '');
+
+			default:
+				return $prefix . ($ticket->subject ?? '');
+		}
+	}
+
+	/**
+	 * Build email body.
+	 */
+	private static function buildBody(string $event, object $ticket, array $extra): string
+	{
+		$siteName  = Factory::getConfig()->get('sitename', 'Support');
+		$siteUrl   = rtrim(Uri::root(), '/');
+		$ticketUrl = $siteUrl . '/index.php?option=com_mokowaas&view=ticket&id=' . $ticket->id;
+
+		$lines = [];
+		$lines[] = $siteName . ' Support';
+		$lines[] = str_repeat('-', 40);
+		$lines[] = '';
+
+		switch ($event)
+		{
+			case 'ticket_created':
+				$lines[] = 'A new support ticket has been created.';
+				$lines[] = '';
+				$lines[] = 'Subject:  ' . ($ticket->subject ?? '');
+				$lines[] = 'Priority: ' . ucfirst($ticket->priority ?? 'normal');
+				$lines[] = 'Category: ' . ($ticket->category_title ?? 'General');
+				$lines[] = '';
+
+				if (!empty($ticket->body))
+				{
+					$lines[] = 'Description:';
+					$lines[] = strip_tags($ticket->body);
+					$lines[] = '';
+				}
+				break;
+
+			case 'ticket_replied':
+				$lines[] = 'A new reply has been added to your ticket.';
+				$lines[] = '';
+				$lines[] = 'Subject: ' . ($ticket->subject ?? '');
+				$lines[] = 'Status:  ' . ucwords(str_replace('_', ' ', $ticket->status ?? ''));
+				$lines[] = '';
+
+				if (!empty($extra['reply_body']))
+				{
+					$lines[] = 'Reply:';
+					$lines[] = strip_tags($extra['reply_body']);
+					$lines[] = '';
+				}
+				break;
+
+			case 'status_changed':
+				$lines[] = 'Your ticket status has been updated.';
+				$lines[] = '';
+				$lines[] = 'Subject:    ' . ($ticket->subject ?? '');
+				$lines[] = 'New Status: ' . ucwords(str_replace('_', ' ', $ticket->status ?? ''));
+
+				if (!empty($extra['old_status']))
+				{
+					$lines[] = 'Old Status: ' . ucwords(str_replace('_', ' ', $extra['old_status']));
+				}
+
+				$lines[] = '';
+				break;
+
+			case 'ticket_assigned':
+				$lines[] = 'A ticket has been assigned to you.';
+				$lines[] = '';
+				$lines[] = 'Subject:  ' . ($ticket->subject ?? '');
+				$lines[] = 'Priority: ' . ucfirst($ticket->priority ?? 'normal');
+				$lines[] = '';
+				break;
+		}
+
+		$lines[] = 'View ticket: ' . $ticketUrl;
+		$lines[] = '';
+		$lines[] = '-- ';
+		$lines[] = $siteName . ' | Powered by MokoWaaS';
+
+		return implode("\n", $lines);
+	}
+
+	/**
+	 * Get email address for a Joomla user ID.
+	 */
+	private static function getUserEmail(int $userId): ?string
+	{
+		if ($userId <= 0)
+		{
+			return null;
+		}
+
+		try
+		{
+			$db = Factory::getDbo();
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('email'))
+					->from($db->quoteName('#__users'))
+					->where($db->quoteName('id') . ' = ' . $userId)
+			);
+
+			return $db->loadResult() ?: null;
+		}
+		catch (\Throwable $e)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * Get notification configuration from component params.
+	 */
+	private static function getNotificationConfig(): array
+	{
+		try
+		{
+			$db = Factory::getDbo();
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('params'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+			);
+
+			$params = json_decode($db->loadResult() ?? '{}', true);
+
+			return $params['notifications'] ?? [];
+		}
+		catch (\Throwable $e)
+		{
+			return [];
+		}
+	}
+
+	// ==================================================================
+	// Security Event Notifications (#131)
+	// ==================================================================
+
+	/**
+	 * Send a security alert to admin emails.
+	 */
+	public static function securityAlert(string $event, string $subject, string $body): void
+	{
+		try
+		{
+			$config    = self::getNotificationConfig();
+			$enabled   = $config['security_alerts'] ?? '1';
+
+			if (!$enabled)
+			{
+				return;
+			}
+
+			$adminEmails = array_filter(array_map('trim', explode(',', $config['admin_emails'] ?? '')));
+			$adminUserIds = array_filter(array_map('intval', explode(',', $config['admin_user_ids'] ?? '')));
+
+			$recipients = $adminEmails;
+
+			foreach ($adminUserIds as $uid)
+			{
+				$email = self::getUserEmail($uid);
+
+				if ($email)
+				{
+					$recipients[] = $email;
+				}
+			}
+
+			$recipients = array_unique($recipients);
+
+			if (empty($recipients))
+			{
+				return;
+			}
+
+			$siteName = Factory::getConfig()->get('sitename', 'Site');
+			$fullSubject = '[' . $siteName . ' Security] ' . $subject;
+
+			$lines = [
+				$siteName . ' Security Alert',
+				str_repeat('-', 40),
+				'',
+				'Event: ' . $event,
+				'Time: ' . gmdate('Y-m-d H:i:s') . ' UTC',
+				'',
+				$body,
+				'',
+				'-- ',
+				$siteName . ' | MokoWaaS Security',
+			];
+
+			$mailer = Factory::getMailer();
+			$mailer->isHtml(false);
+			$mailer->setSubject($fullSubject);
+			$mailer->setBody(implode("\n", $lines));
+
+			foreach ($recipients as $email)
+			{
+				try
+				{
+					$mailer->clearAddresses();
+					$mailer->addRecipient(trim($email));
+					$mailer->Send();
+				}
+				catch (\Throwable $e)
+				{
+					Log::add('Security alert send failed: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+				}
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Security alert error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Automation/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Automation/HtmlView.php
new file mode 100644
index 00000000..01928e4a
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Automation/HtmlView.php
@@ -0,0 +1,27 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\View\Automation;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $rules = [];
+
+	public function display($tpl = null)
+	{
+		$model       = new \Moko\Component\MokoWaaS\Administrator\Model\TicketsModel();
+		$this->rules = $model->getAutomationRules();
+
+		ToolbarHelper::title('Automation Rules', 'cogs');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas&view=tickets');
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Canned/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Canned/HtmlView.php
new file mode 100644
index 00000000..2a391df2
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Canned/HtmlView.php
@@ -0,0 +1,33 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\View\Canned;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $responses = [];
+	protected $categories = [];
+
+	public function display($tpl = null)
+	{
+		$db = Factory::getContainer()->get('Joomla\Database\DatabaseInterface');
+
+		$db->setQuery('SELECT * FROM #__mokowaas_ticket_canned ORDER BY ordering ASC');
+		$this->responses = $db->loadObjectList() ?: [];
+
+		$db->setQuery('SELECT id, title FROM #__mokowaas_ticket_categories WHERE published = 1 ORDER BY ordering');
+		$this->categories = $db->loadObjectList() ?: [];
+
+		ToolbarHelper::title('Canned Responses', 'comment');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas&view=tickets');
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Categories/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Categories/HtmlView.php
new file mode 100644
index 00000000..bebffae8
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Categories/HtmlView.php
@@ -0,0 +1,41 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\View\Categories;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $categories = [];
+	protected $users = [];
+
+	public function display($tpl = null)
+	{
+		$db = Factory::getContainer()->get('Joomla\Database\DatabaseInterface');
+
+		$db->setQuery('SELECT * FROM #__mokowaas_ticket_categories ORDER BY ordering ASC');
+		$this->categories = $db->loadObjectList() ?: [];
+
+		// Get admin users for auto-assign dropdown
+		$db->setQuery(
+			$db->getQuery(true)
+				->select([$db->quoteName('id'), $db->quoteName('name')])
+				->from($db->quoteName('#__users'))
+				->where($db->quoteName('block') . ' = 0')
+				->order($db->quoteName('name') . ' ASC')
+				->setLimit(100)
+		);
+		$this->users = $db->loadObjectList() ?: [];
+
+		ToolbarHelper::title('Ticket Categories', 'folder');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas&view=tickets');
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Cleanup/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Cleanup/HtmlView.php
new file mode 100644
index 00000000..14a9b44b
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Cleanup/HtmlView.php
@@ -0,0 +1,27 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\View\Cleanup;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $dirs = [];
+
+	public function display($tpl = null)
+	{
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\MaintenanceModel();
+		$this->dirs = $model->getCleanupInfo();
+
+		ToolbarHelper::title('Cache &amp; Temp Cleanup', 'trash');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas');
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+}
diff --git a/src/packages/com_mokowaas/admin/src/View/Dashboard/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Dashboard/HtmlView.php
similarity index 71%
rename from src/packages/com_mokowaas/admin/src/View/Dashboard/HtmlView.php
rename to source/packages/com_mokowaas/admin/src/View/Dashboard/HtmlView.php
index 323febf5..c191c8ca 100644
--- a/src/packages/com_mokowaas/admin/src/View/Dashboard/HtmlView.php
+++ b/source/packages/com_mokowaas/admin/src/View/Dashboard/HtmlView.php
@@ -23,6 +23,9 @@ class HtmlView extends BaseHtmlView
 	protected $pendingUpdates = [];
 	protected $checkedOutItems = [];
 	protected $wafBlocks = [];
+	protected $wafChartData = [];
+	protected $loginChartData = [];
+	protected $mokoExtensions = [];
 
 	public function display($tpl = null)
 	{
@@ -34,6 +37,22 @@ class HtmlView extends BaseHtmlView
 		$this->pendingUpdates  = $model->getPendingUpdates();
 		$this->checkedOutItems = $model->getCheckedOutItems();
 		$this->wafBlocks       = $model->getRecentWafBlocks(5);
+		$this->wafChartData    = $model->getWafBlocksByDay(14);
+		$this->loginChartData  = $model->getLoginsByDay(14);
+		$this->mokoExtensions  = $model->getMokoExtensions();
+
+		// Check for importable Akeeba data
+		try
+		{
+			$importModel = new \Moko\Component\MokoWaaS\Administrator\Model\ImportModel();
+			$this->adminToolsAvailable = $importModel->checkAdminToolsAvailable();
+			$this->atsAvailable        = $importModel->checkAtsAvailable();
+		}
+		catch (\Throwable $e)
+		{
+			$this->adminToolsAvailable = null;
+			$this->atsAvailable        = null;
+		}
 
 		$this->addToolbar();
 
diff --git a/source/packages/com_mokowaas/admin/src/View/Database/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Database/HtmlView.php
new file mode 100644
index 00000000..6c91723d
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Database/HtmlView.php
@@ -0,0 +1,27 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\View\Database;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $tableData = [];
+
+	public function display($tpl = null)
+	{
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\MaintenanceModel();
+		$this->tableData = $model->getTableStatus();
+
+		ToolbarHelper::title('Database Tools', 'database');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas');
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+}
diff --git a/src/packages/com_mokowaas/admin/src/View/Extensions/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Extensions/HtmlView.php
similarity index 100%
rename from src/packages/com_mokowaas/admin/src/View/Extensions/HtmlView.php
rename to source/packages/com_mokowaas/admin/src/View/Extensions/HtmlView.php
diff --git a/source/packages/com_mokowaas/admin/src/View/Htaccess/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Htaccess/HtmlView.php
new file mode 100644
index 00000000..1a7dc9de
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Htaccess/HtmlView.php
@@ -0,0 +1,47 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\View\Htaccess;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $options = [];
+	protected $preview = '';
+	protected $nginxPreview = '';
+	protected $currentHtaccess = '';
+
+	public function display($tpl = null)
+	{
+		$model = $this->getModel();
+
+		$this->options          = $model->getOptions();
+		$this->preview          = $model->generateHtaccess($this->options);
+		$this->nginxPreview     = $model->generateNginx($this->options);
+		$this->currentHtaccess  = $model->readCurrentHtaccess();
+
+		$this->addToolbar();
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+
+	protected function addToolbar(): void
+	{
+		ToolbarHelper::title(Text::_('COM_MOKOWAAS_HTACCESS_TITLE'), 'file-code');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas');
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Privacy/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Privacy/HtmlView.php
new file mode 100644
index 00000000..b4d7e52d
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Privacy/HtmlView.php
@@ -0,0 +1,39 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\View\Privacy;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $requests = [];
+	protected $policies = [];
+	protected $summary;
+
+	public function display($tpl = null)
+	{
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\PrivacyModel();
+
+		$filterStatus     = Factory::getApplication()->getInput()->getString('filter_status', '');
+		$this->requests   = $model->getDataRequests($filterStatus);
+		$this->policies   = $model->getRetentionPolicies();
+		$this->summary    = $model->getDashboardSummary();
+
+		$this->addToolbar();
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+
+	protected function addToolbar(): void
+	{
+		ToolbarHelper::title('Privacy Guard', 'lock');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas');
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Ticket/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Ticket/HtmlView.php
new file mode 100644
index 00000000..b4c00476
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Ticket/HtmlView.php
@@ -0,0 +1,53 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\View\Ticket;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $ticket;
+	protected $cannedResponses = [];
+
+	public function display($tpl = null)
+	{
+		$model = $this->getModel('Tickets');
+		$id    = Factory::getApplication()->getInput()->getInt('id', 0);
+
+		$this->ticket          = $model->getTicket($id);
+		$this->cannedResponses = $model->getCannedResponses((int) ($this->ticket->category_id ?? 0));
+
+		if (!$this->ticket)
+		{
+			Factory::getApplication()->enqueueMessage('Ticket not found.', 'error');
+			Factory::getApplication()->redirect('index.php?option=com_mokowaas&view=tickets');
+
+			return;
+		}
+
+		$this->addToolbar();
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+
+	protected function addToolbar(): void
+	{
+		$title = $this->ticket ? 'Ticket #' . $this->ticket->id . ' — ' . $this->ticket->subject : 'Ticket';
+		ToolbarHelper::title($title, 'headphones');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas&view=tickets');
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Tickets/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Tickets/HtmlView.php
new file mode 100644
index 00000000..98cacb97
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Tickets/HtmlView.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Administrator\View\Tickets;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $tickets = [];
+	protected $categories = [];
+	protected $statusCounts;
+	protected $overdue = [];
+	protected $atsAvailable = null;
+
+	public function display($tpl = null)
+	{
+		$model = $this->getModel();
+		$app   = Factory::getApplication();
+
+		$filters = [
+			'status'      => $app->getInput()->getString('filter_status', ''),
+			'priority'    => $app->getInput()->getString('filter_priority', ''),
+			'category_id' => $app->getInput()->getInt('filter_category', 0),
+		];
+
+		$this->tickets      = $model->getTickets($filters);
+		$this->categories   = $model->getCategories();
+		$this->statusCounts = $model->getStatusCounts();
+		$this->overdue      = $model->getOverdueTickets();
+		$this->atsAvailable = $model->checkAtsAvailable();
+
+		$this->addToolbar();
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+
+	protected function addToolbar(): void
+	{
+		ToolbarHelper::title(Text::_('COM_MOKOWAAS_TICKETS_TITLE'), 'headphones');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas');
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/src/View/Waflog/HtmlView.php b/source/packages/com_mokowaas/admin/src/View/Waflog/HtmlView.php
new file mode 100644
index 00000000..e1f73a9c
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/src/View/Waflog/HtmlView.php
@@ -0,0 +1,55 @@
+<?php
+namespace Moko\Component\MokoWaaS\Administrator\View\Waflog;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $logs = [];
+	protected $ruleCounts = [];
+	protected $topIps = [];
+	protected $ruleNames = [];
+	protected $total = 0;
+	protected $filters = [];
+
+	public function display($tpl = null)
+	{
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\WaflogModel();
+		$input = Factory::getApplication()->getInput();
+
+		$this->filters = [
+			'rule'      => $input->getString('filter_rule', ''),
+			'ip'        => $input->getString('filter_ip', ''),
+			'search'    => $input->getString('filter_search', ''),
+			'date_from' => $input->getString('filter_date_from', ''),
+			'date_to'   => $input->getString('filter_date_to', ''),
+		];
+
+		$page        = max(1, $input->getInt('page', 1));
+		$limit       = 50;
+		$offset      = ($page - 1) * $limit;
+
+		$this->logs       = $model->getLogs($this->filters, $limit, $offset);
+		$this->total      = $model->getTotal($this->filters);
+		$this->ruleCounts = $model->getRuleCounts();
+		$this->topIps     = $model->getTopIps(10);
+		$this->ruleNames  = $model->getRuleNames();
+
+		$this->addToolbar();
+
+		$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
+		$wa->registerAndUseStyle('com_mokowaas.dashboard', 'com_mokowaas/dashboard.css');
+
+		parent::display($tpl);
+	}
+
+	protected function addToolbar(): void
+	{
+		ToolbarHelper::title('WAF Log Viewer', 'shield-alt');
+		ToolbarHelper::back('JTOOLBAR_BACK', 'index.php?option=com_mokowaas');
+	}
+}
diff --git a/source/packages/com_mokowaas/admin/tmpl/automation/default.php b/source/packages/com_mokowaas/admin/tmpl/automation/default.php
new file mode 100644
index 00000000..e9fd493d
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/automation/default.php
@@ -0,0 +1,141 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$rules   = $this->rules;
+$token   = Session::getFormToken();
+$saveUrl = Route::_('index.php?option=com_mokowaas&task=display.saveAutomation&format=json');
+$deleteUrl = Route::_('index.php?option=com_mokowaas&task=display.deleteAutomation&format=json');
+$toggleUrl = Route::_('index.php?option=com_mokowaas&task=display.toggleAutomation&format=json');
+
+$triggerLabels = ['ticket_created' => 'On Ticket Created', 'ticket_replied' => 'On Reply', 'status_changed' => 'On Status Change', 'scheduled' => 'Scheduled (Cron)'];
+?>
+
+<div id="mokowaas-automation">
+	<div class="d-flex justify-content-between align-items-center mb-3">
+		<h4><?php echo count($rules); ?> Automation Rules</h4>
+		<button type="button" class="btn btn-primary btn-sm" data-bs-toggle="modal" data-bs-target="#newRuleModal">
+			<span class="icon-plus"></span> Add Rule
+		</button>
+	</div>
+
+	<?php foreach ($rules as $r): ?>
+	<?php $conditions = json_decode($r->conditions, true) ?: []; $actions = json_decode($r->actions, true) ?: []; ?>
+	<div class="card mb-2 <?php echo !$r->enabled ? 'opacity-50' : ''; ?>" data-id="<?php echo $r->id; ?>">
+		<div class="card-body py-2">
+			<div class="d-flex justify-content-between align-items-start">
+				<div>
+					<div class="d-flex align-items-center gap-2">
+						<div class="form-check form-switch">
+							<input type="checkbox" class="form-check-input rule-toggle" data-id="<?php echo $r->id; ?>" <?php echo $r->enabled ? 'checked' : ''; ?>>
+						</div>
+						<strong><?php echo htmlspecialchars($r->title); ?></strong>
+						<span class="badge bg-secondary"><?php echo $triggerLabels[$r->trigger_event] ?? $r->trigger_event; ?></span>
+					</div>
+					<div class="small text-muted mt-1">
+						<span class="text-primary">IF</span>
+						<?php foreach ($conditions as $i => $c): ?>
+							<?php echo $i > 0 ? ' AND ' : ''; ?><?php echo htmlspecialchars($c['field'] ?? ''); ?> <?php echo htmlspecialchars($c['op'] ?? ''); ?> <?php echo htmlspecialchars($c['value'] ?? ''); ?>
+						<?php endforeach; ?>
+						<span class="text-success ms-2">THEN</span>
+						<?php foreach ($actions as $a): ?>
+							<?php echo htmlspecialchars($a['type'] ?? ''); ?>=<?php echo htmlspecialchars(mb_substr($a['value'] ?? '', 0, 30)); ?>
+						<?php endforeach; ?>
+					</div>
+				</div>
+				<button type="button" class="btn btn-sm btn-outline-danger btn-delete-rule" data-id="<?php echo $r->id; ?>">
+					<span class="icon-trash"></span>
+				</button>
+			</div>
+		</div>
+	</div>
+	<?php endforeach; ?>
+
+	<?php if (empty($rules)): ?>
+	<div class="alert alert-info">No automation rules. Click "Add Rule" to create one.</div>
+	<?php endif; ?>
+</div>
+
+<!-- New Rule Modal -->
+<div class="modal fade" id="newRuleModal" tabindex="-1">
+	<div class="modal-dialog modal-lg">
+		<div class="modal-content">
+			<div class="modal-header"><h5>Add Automation Rule</h5><button type="button" class="btn-close" data-bs-dismiss="modal"></button></div>
+			<div class="modal-body">
+				<div class="mb-3">
+					<label class="form-label">Title</label>
+					<input type="text" id="rule-title" class="form-control" required>
+				</div>
+				<div class="mb-3">
+					<label class="form-label">Trigger</label>
+					<select id="rule-trigger" class="form-select">
+						<?php foreach ($triggerLabels as $k => $v): ?><option value="<?php echo $k; ?>"><?php echo $v; ?></option><?php endforeach; ?>
+					</select>
+				</div>
+				<div class="mb-3">
+					<label class="form-label">Conditions (JSON)</label>
+					<textarea id="rule-conditions" class="form-control font-monospace" rows="3" placeholder='[{"field":"status","op":"eq","value":"resolved"}]'></textarea>
+					<small class="text-muted">Fields: status, priority, category_id, assigned_to, sla_responded, age_hours. Ops: eq, neq, gt, lt, in, not_in</small>
+				</div>
+				<div class="mb-3">
+					<label class="form-label">Actions (JSON)</label>
+					<textarea id="rule-actions" class="form-control font-monospace" rows="3" placeholder='[{"type":"set_status","value":"closed"}]'></textarea>
+					<small class="text-muted">Types: set_status, set_priority, assign, add_note, send_email</small>
+				</div>
+			</div>
+			<div class="modal-footer">
+				<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
+				<button type="button" class="btn btn-primary" id="btn-save-rule"><span class="icon-save"></span> Save Rule</button>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var token = '<?php echo $token; ?>';
+
+	// Save new rule
+	document.getElementById('btn-save-rule').addEventListener('click', function() {
+		var fd = new FormData();
+		fd.append('id', '0');
+		fd.append('title', document.getElementById('rule-title').value);
+		fd.append('trigger_event', document.getElementById('rule-trigger').value);
+		fd.append('conditions', document.getElementById('rule-conditions').value || '[]');
+		fd.append('actions', document.getElementById('rule-actions').value || '[]');
+		fd.append(token, '1');
+		fetch('<?php echo $saveUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+			.then(function(r){return r.json()})
+			.then(function(d){ if (d.success) location.reload(); else Joomla.renderMessages({error:[d.message]}); });
+	});
+
+	// Toggle rule
+	document.querySelectorAll('.rule-toggle').forEach(function(cb) {
+		cb.addEventListener('change', function() {
+			var fd = new FormData();
+			fd.append('id', this.dataset.id);
+			fd.append('enabled', this.checked ? '1' : '0');
+			fd.append(token, '1');
+			fetch('<?php echo $toggleUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){ if (!d.success) Joomla.renderMessages({error:[d.message]}); });
+		});
+	});
+
+	// Delete rule
+	document.querySelectorAll('.btn-delete-rule').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			if (!confirm('Delete this rule?')) return;
+			var card = this.closest('.card');
+			var fd = new FormData();
+			fd.append('id', this.dataset.id);
+			fd.append(token, '1');
+			fetch('<?php echo $deleteUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){ if (d.success) card.remove(); else Joomla.renderMessages({error:[d.message]}); });
+		});
+	});
+});
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/canned/default.php b/source/packages/com_mokowaas/admin/tmpl/canned/default.php
new file mode 100644
index 00000000..49a2bb31
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/canned/default.php
@@ -0,0 +1,107 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$responses  = $this->responses;
+$categories = $this->categories;
+$token      = Session::getFormToken();
+$saveUrl    = Route::_('index.php?option=com_mokowaas&task=display.saveCanned&format=json');
+$deleteUrl  = Route::_('index.php?option=com_mokowaas&task=display.deleteCanned&format=json');
+?>
+
+<div id="mokowaas-canned">
+	<div class="d-flex justify-content-between align-items-center mb-3">
+		<h4><?php echo count($responses); ?> Canned Responses</h4>
+		<button type="button" class="btn btn-primary btn-sm" data-bs-toggle="modal" data-bs-target="#newCannedModal">
+			<span class="icon-plus"></span> Add Response
+		</button>
+	</div>
+
+	<?php foreach ($responses as $r): ?>
+	<div class="card mb-2" data-id="<?php echo $r->id; ?>">
+		<div class="card-body py-2">
+			<div class="d-flex justify-content-between align-items-start">
+				<div>
+					<strong><?php echo htmlspecialchars($r->title); ?></strong>
+					<p class="text-muted small mb-0 mt-1"><?php echo htmlspecialchars(mb_substr($r->body, 0, 150)); ?></p>
+				</div>
+				<button type="button" class="btn btn-sm btn-outline-danger btn-delete-canned" data-id="<?php echo $r->id; ?>">
+					<span class="icon-trash"></span>
+				</button>
+			</div>
+		</div>
+	</div>
+	<?php endforeach; ?>
+
+	<?php if (empty($responses)): ?>
+	<div class="alert alert-info">No canned responses yet. Click "Add Response" to create one.</div>
+	<?php endif; ?>
+</div>
+
+<!-- New Canned Modal -->
+<div class="modal fade" id="newCannedModal" tabindex="-1">
+	<div class="modal-dialog modal-lg">
+		<div class="modal-content">
+			<div class="modal-header"><h5>Add Canned Response</h5><button type="button" class="btn-close" data-bs-dismiss="modal"></button></div>
+			<div class="modal-body">
+				<div class="mb-3">
+					<label class="form-label">Title</label>
+					<input type="text" id="canned-title" class="form-control" required>
+				</div>
+				<div class="mb-3">
+					<label class="form-label">Category (optional)</label>
+					<select id="canned-category" class="form-select">
+						<option value="">All categories</option>
+						<?php foreach ($categories as $cat): ?>
+						<option value="<?php echo $cat->id; ?>"><?php echo htmlspecialchars($cat->title); ?></option>
+						<?php endforeach; ?>
+					</select>
+				</div>
+				<div class="mb-3">
+					<label class="form-label">Response Text</label>
+					<textarea id="canned-body" class="form-control" rows="6" required></textarea>
+				</div>
+			</div>
+			<div class="modal-footer">
+				<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
+				<button type="button" class="btn btn-primary" id="btn-save-canned"><span class="icon-save"></span> Save</button>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var token = '<?php echo $token; ?>';
+
+	document.getElementById('btn-save-canned').addEventListener('click', function() {
+		var fd = new FormData();
+		fd.append('id', '0');
+		fd.append('title', document.getElementById('canned-title').value);
+		fd.append('body', document.getElementById('canned-body').value);
+		fd.append('category_id', document.getElementById('canned-category').value);
+		fd.append(token, '1');
+		fetch('<?php echo $saveUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+			.then(function(r){return r.json()})
+			.then(function(d){
+				if (d.success) location.reload();
+				else Joomla.renderMessages({error:[d.message]});
+			});
+	});
+
+	document.querySelectorAll('.btn-delete-canned').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			if (!confirm('Delete this canned response?')) return;
+			var card = this.closest('.card');
+			var fd = new FormData();
+			fd.append('id', this.dataset.id);
+			fd.append(token, '1');
+			fetch('<?php echo $deleteUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){ if (d.success) card.remove(); else Joomla.renderMessages({error:[d.message]}); });
+		});
+	});
+});
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/categories/default.php b/source/packages/com_mokowaas/admin/tmpl/categories/default.php
new file mode 100644
index 00000000..d52cb7ac
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/categories/default.php
@@ -0,0 +1,126 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$categories = $this->categories;
+$users      = $this->users;
+$token      = Session::getFormToken();
+$saveUrl    = Route::_('index.php?option=com_mokowaas&task=display.saveCategory&format=json');
+$deleteUrl  = Route::_('index.php?option=com_mokowaas&task=display.deleteCategory&format=json');
+?>
+
+<div id="mokowaas-categories">
+	<div class="d-flex justify-content-between align-items-center mb-3">
+		<h4><?php echo count($categories); ?> Categories</h4>
+		<button type="button" class="btn btn-primary btn-sm" id="btn-add-cat">
+			<span class="icon-plus"></span> Add Category
+		</button>
+	</div>
+
+	<div class="card">
+		<div class="table-responsive">
+			<table class="table table-striped mb-0" id="cat-table">
+				<thead><tr><th>Title</th><th>SLA Response</th><th>SLA Resolution</th><th>Auto-Assign</th><th>Active</th><th></th></tr></thead>
+				<tbody>
+				<?php foreach ($categories as $c): ?>
+				<tr data-id="<?php echo $c->id; ?>">
+					<td><input type="text" class="form-control form-control-sm cat-field" data-field="title" value="<?php echo htmlspecialchars($c->title); ?>"></td>
+					<td><input type="number" class="form-control form-control-sm cat-field" data-field="sla_response_minutes" value="<?php echo $c->sla_response_minutes; ?>" style="width:80px"> min</td>
+					<td><input type="number" class="form-control form-control-sm cat-field" data-field="sla_resolution_minutes" value="<?php echo $c->sla_resolution_minutes; ?>" style="width:80px"> min</td>
+					<td>
+						<select class="form-select form-select-sm cat-field" data-field="auto_assign_user">
+							<option value="">None</option>
+							<?php foreach ($users as $u): ?>
+							<option value="<?php echo $u->id; ?>" <?php echo (int)$c->auto_assign_user === (int)$u->id ? 'selected' : ''; ?>><?php echo htmlspecialchars($u->name); ?></option>
+							<?php endforeach; ?>
+						</select>
+					</td>
+					<td>
+						<input type="checkbox" class="form-check-input cat-field" data-field="published" <?php echo $c->published ? 'checked' : ''; ?>>
+					</td>
+					<td>
+						<button type="button" class="btn btn-sm btn-outline-success btn-save-cat" title="Save"><span class="icon-save"></span></button>
+						<button type="button" class="btn btn-sm btn-outline-danger btn-delete-cat" title="Delete"><span class="icon-trash"></span></button>
+					</td>
+				</tr>
+				<?php endforeach; ?>
+				</tbody>
+			</table>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var token = '<?php echo $token; ?>';
+
+	// Save category
+	document.querySelectorAll('.btn-save-cat').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var row = this.closest('tr');
+			var id = row.dataset.id || '0';
+			var fd = new FormData();
+			fd.append('id', id);
+			fd.append(token, '1');
+			row.querySelectorAll('.cat-field').forEach(function(f) {
+				fd.append(f.dataset.field, f.type === 'checkbox' ? (f.checked ? '1' : '0') : f.value);
+			});
+			fetch('<?php echo $saveUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) { Joomla.renderMessages({message:[d.message]}); if (d.id && id === '0') row.dataset.id = d.id; }
+					else Joomla.renderMessages({error:[d.message]});
+				});
+		});
+	});
+
+	// Delete category
+	document.querySelectorAll('.btn-delete-cat').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			if (!confirm('Delete this category?')) return;
+			var row = this.closest('tr');
+			var fd = new FormData();
+			fd.append('id', row.dataset.id);
+			fd.append(token, '1');
+			fetch('<?php echo $deleteUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) row.remove();
+					else Joomla.renderMessages({error:[d.message]});
+				});
+		});
+	});
+
+	// Add new row
+	document.getElementById('btn-add-cat').addEventListener('click', function() {
+		var tbody = document.querySelector('#cat-table tbody');
+		var tr = document.createElement('tr');
+		tr.dataset.id = '0';
+		tr.innerHTML = '<td><input type="text" class="form-control form-control-sm cat-field" data-field="title" value=""></td>'
+			+ '<td><input type="number" class="form-control form-control-sm cat-field" data-field="sla_response_minutes" value="480" style="width:80px"> min</td>'
+			+ '<td><input type="number" class="form-control form-control-sm cat-field" data-field="sla_resolution_minutes" value="2880" style="width:80px"> min</td>'
+			+ '<td><select class="form-select form-select-sm cat-field" data-field="auto_assign_user"><option value="">None</option><?php foreach ($users as $u): ?><option value="<?php echo $u->id; ?>"><?php echo htmlspecialchars($u->name); ?></option><?php endforeach; ?></select></td>'
+			+ '<td><input type="checkbox" class="form-check-input cat-field" data-field="published" checked></td>'
+			+ '<td><button type="button" class="btn btn-sm btn-outline-success btn-save-cat"><span class="icon-save"></span></button></td>';
+		tbody.appendChild(tr);
+		tr.querySelector('.btn-save-cat').addEventListener('click', function() {
+			var row = this.closest('tr');
+			var fd = new FormData();
+			fd.append('id', '0');
+			fd.append(token, '1');
+			row.querySelectorAll('.cat-field').forEach(function(f) {
+				fd.append(f.dataset.field, f.type === 'checkbox' ? (f.checked ? '1' : '0') : f.value);
+			});
+			fetch('<?php echo $saveUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) { Joomla.renderMessages({message:[d.message]}); location.reload(); }
+					else Joomla.renderMessages({error:[d.message]});
+				});
+		});
+		tr.querySelector('input').focus();
+	});
+});
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/cleanup/default.php b/source/packages/com_mokowaas/admin/tmpl/cleanup/default.php
new file mode 100644
index 00000000..073c623d
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/cleanup/default.php
@@ -0,0 +1,63 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$dirs    = $this->dirs;
+$token   = Session::getFormToken();
+$cleanUrl = Route::_('index.php?option=com_mokowaas&task=display.cleanDirectory&format=json');
+
+$dirKeys = ['site_cache', 'admin_cache', 'tmp', 'logs'];
+$totalMb = 0;
+$totalFiles = 0;
+foreach ($dirs as $d) { $totalMb += $d->size_mb; $totalFiles += $d->files; }
+?>
+
+<div id="mokowaas-cleanup">
+	<div class="row g-3 mb-4">
+		<div class="col-6 col-md-3"><div class="card text-center p-3"><span class="fw-bold fs-3"><?php echo number_format($totalMb, 1); ?> MB</span><small class="text-muted">Total Size</small></div></div>
+		<div class="col-6 col-md-3"><div class="card text-center p-3"><span class="fw-bold fs-3"><?php echo number_format($totalFiles); ?></span><small class="text-muted">Total Files</small></div></div>
+	</div>
+
+	<div class="row g-3">
+		<?php foreach ($dirs as $i => $d): ?>
+		<div class="col-12 col-md-6 col-xl-3">
+			<div class="card h-100">
+				<div class="card-body text-center">
+					<h5><?php echo htmlspecialchars($d->label); ?></h5>
+					<p class="fs-3 fw-bold mb-1 <?php echo $d->size_mb > 50 ? 'text-warning' : ''; ?>"><?php echo number_format($d->size_mb, 1); ?> MB</p>
+					<p class="text-muted small"><?php echo number_format($d->files); ?> files</p>
+					<?php if (!$d->writable): ?>
+					<span class="badge bg-danger">Not writable</span>
+					<?php else: ?>
+					<button type="button" class="btn btn-outline-danger btn-clean" data-key="<?php echo $dirKeys[$i] ?? ''; ?>" data-label="<?php echo htmlspecialchars($d->label); ?>">
+						<span class="icon-trash"></span> Clean
+					</button>
+					<?php endif; ?>
+				</div>
+			</div>
+		</div>
+		<?php endforeach; ?>
+	</div>
+</div>
+
+<script>
+document.querySelectorAll('.btn-clean').forEach(function(btn) {
+	btn.addEventListener('click', function() {
+		if (!confirm('Clean all files in ' + this.dataset.label + '?')) return;
+		var el = this;
+		el.disabled = true;
+		var fd = new FormData();
+		fd.append('dir_key', el.dataset.key);
+		fd.append('<?php echo $token; ?>', '1');
+		fetch('<?php echo $cleanUrl; ?>', {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+			.then(function(r){return r.json()})
+			.then(function(d){
+				if (d.success) { Joomla.renderMessages({message:[d.message]}); setTimeout(function(){location.reload()},1500); }
+				else { Joomla.renderMessages({error:[d.message]}); el.disabled = false; }
+			})
+			.catch(function(){ el.disabled = false; });
+	});
+});
+</script>
diff --git a/src/packages/com_mokowaas/admin/tmpl/dashboard/default.php b/source/packages/com_mokowaas/admin/tmpl/dashboard/default.php
similarity index 51%
rename from src/packages/com_mokowaas/admin/tmpl/dashboard/default.php
rename to source/packages/com_mokowaas/admin/tmpl/dashboard/default.php
index c8922884..8c007c6e 100644
--- a/src/packages/com_mokowaas/admin/tmpl/dashboard/default.php
+++ b/source/packages/com_mokowaas/admin/tmpl/dashboard/default.php
@@ -19,6 +19,9 @@ $siteInfo       = $this->siteInfo;
 $plugins        = $this->plugins;
 $recentLogins   = $this->recentLogins;
 $pendingUpdates = $this->pendingUpdates;
+$mokoExts       = $this->mokoExtensions;
+$adminToolsAvail = $this->adminToolsAvailable ?? null;
+$atsAvail        = $this->atsAvailable ?? null;
 $checkedOut     = $this->checkedOutItems;
 $wafBlocks      = $this->wafBlocks;
 $token          = Session::getFormToken();
@@ -63,29 +66,118 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 			<?php if ($siteInfo->offline): ?>
 			<span class="badge bg-danger"><?php echo Text::_('COM_MOKOWAAS_OFFLINE'); ?></span>
 			<?php endif; ?>
+			<div class="mokowaas-info-item ms-auto">
+				<span class="icon-globe" aria-hidden="true"></span>
+				<code><?php echo $this->escape($_SERVER['REMOTE_ADDR'] ?? ''); ?></code>
+			</div>
 		</div>
 	</div>
 
+	<?php if (!empty($mokoExts)): ?>
+	<!-- Moko Component & Module Versions -->
+	<div class="d-flex flex-wrap gap-2 mb-4">
+		<?php
+		$extIcons = [
+			'com_mokowaas'           => 'icon-cogs',
+			'mod_mokowaas_cpanel'    => 'icon-tachometer-alt',
+			'mod_mokowaas_menu'      => 'icon-bars',
+			'mod_mokowaas_cache'     => 'icon-bolt',
+			'mod_mokowaas_categories' => 'icon-folder',
+		];
+		foreach ($mokoExts as $ext):
+			$icon = $extIcons[$ext->element] ?? 'icon-puzzle-piece';
+			$label = str_replace(['mod_mokowaas_', 'com_mokowaas'], ['', 'Component'], $ext->element);
+			$label = ucfirst($label ?: 'Component');
+		?>
+		<div class="d-flex align-items-center gap-2 px-3 py-2 rounded border bg-white" style="font-size:0.85rem;">
+			<span class="<?php echo $icon; ?>" aria-hidden="true" style="color:#1a2744;"></span>
+			<span><?php echo $this->escape($label); ?></span>
+			<span class="badge bg-light text-dark"><?php echo $this->escape($ext->version); ?></span>
+		</div>
+		<?php endforeach; ?>
+	</div>
+	<?php endif; ?>
+
+	<?php if ($adminToolsAvail || $atsAvail): ?>
+	<!-- Akeeba Import Banner -->
+	<div class="alert alert-info d-flex flex-wrap align-items-center gap-3 mb-4">
+		<span class="icon-info-circle" style="font-size:1.25rem"></span>
+		<strong>Akeeba data detected — import into MokoWaaS:</strong>
+		<?php if ($adminToolsAvail): ?>
+		<button type="button" class="btn btn-sm btn-info" id="btn-import-admintools"
+			data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.importAdminTools&format=json'); ?>"
+			data-token="<?php echo $token; ?>">
+			<span class="icon-shield-alt"></span> Import Admin Tools Settings
+		</button>
+		<?php endif; ?>
+		<?php if ($atsAvail): ?>
+		<button type="button" class="btn btn-sm btn-info" id="btn-import-ats-dash"
+			data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.importAts&format=json'); ?>"
+			data-token="<?php echo $token; ?>">
+			<span class="icon-headphones"></span> Import Tickets (<?php echo $atsAvail->tickets; ?> tickets)
+		</button>
+		<?php endif; ?>
+	</div>
+	<?php endif; ?>
+
 	<!-- Quick Actions (large buttons) -->
 	<div class="row g-3 mb-4">
-		<div class="col-12 col-md-4">
+		<div class="col-6 col-md-4 col-xl-3">
 			<button type="button" class="btn btn-outline-primary w-100 py-3" id="mokowaas-btn-cache"
 				data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.clearCache&format=json'); ?>"
 				data-token="<?php echo $token; ?>">
-				<span class="icon-trash d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
-				<?php echo Text::_('COM_MOKOWAAS_CLEAR_CACHE'); ?>
+				<span class="icon-bolt d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
+				Clear Cache
 			</button>
 		</div>
-		<div class="col-12 col-md-4">
+		<div class="col-6 col-md-4 col-xl-3">
 			<a href="<?php echo Route::_('index.php?option=com_installer&view=update'); ?>" class="btn btn-outline-primary w-100 py-3">
 				<span class="icon-refresh d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
-				<?php echo Text::_('COM_MOKOWAAS_CHECK_UPDATES'); ?>
+				Check Updates
 			</a>
 		</div>
-		<div class="col-12 col-md-4">
+		<div class="col-6 col-md-4 col-xl-3">
 			<a href="<?php echo Route::_('index.php?option=com_mokowaas&view=extensions'); ?>" class="btn btn-outline-primary w-100 py-3">
 				<span class="icon-puzzle-piece d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
-				<?php echo Text::_('COM_MOKOWAAS_EXTENSIONS_LINK'); ?>
+				Moko Extensions
+			</a>
+		</div>
+		<div class="col-6 col-md-4 col-xl-3">
+			<a href="<?php echo Route::_('index.php?option=com_checkin'); ?>" class="btn btn-outline-secondary w-100 py-3">
+				<span class="icon-check-square d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
+				Global Check-in
+			</a>
+		</div>
+		<div class="col-6 col-md-4 col-xl-3">
+			<a href="<?php echo Route::_('index.php?option=com_actionlogs'); ?>" class="btn btn-outline-secondary w-100 py-3">
+				<span class="icon-list d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
+				View Logs
+			</a>
+		</div>
+		<div class="col-6 col-md-4 col-xl-3">
+			<a href="<?php echo Route::_('index.php?option=com_scheduler'); ?>" class="btn btn-outline-secondary w-100 py-3">
+				<span class="icon-clock d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
+				Scheduled Tasks
+			</a>
+		</div>
+		<div class="col-6 col-md-4 col-xl-3">
+			<?php
+				// Use MokoJoomCommunity if available, otherwise Joomla user manager
+				$useCB = file_exists(JPATH_ADMINISTRATOR . '/components/com_comprofiler/comprofiler.php');
+				$userUrl = $useCB
+					? Route::_('index.php?option=com_comprofiler&task=showusers')
+					: Route::_('index.php?option=com_users');
+				$userLabel = $useCB ? 'MokoJoomCommunity' : 'User Manager';
+			?>
+			<a href="<?php echo $userUrl; ?>" class="btn btn-outline-secondary w-100 py-3">
+				<span class="icon-users d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
+				<?php echo $userLabel; ?>
+			</a>
+		</div>
+		<div class="col-6 col-md-4 col-xl-3">
+			<a href="<?php echo Route::_('index.php?option=com_redirect'); ?>" class="btn btn-outline-secondary w-100 py-3">
+				<span class="icon-arrow-right d-block mb-1" aria-hidden="true" style="font-size:1.5rem"></span>
+				Redirects
 			</a>
 		</div>
 	</div>
@@ -118,10 +210,14 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 										<span class="badge bg-light text-dark"><?php echo $this->escape($plugin->version); ?></span>
 									<?php endif; ?>
 								</div>
-								<p class="card-text text-muted small flex-grow-1"><?php echo $this->escape($plugin->description); ?></p>
+								<p class="card-text text-muted text-muted flex-grow-1"><?php echo $this->escape($plugin->description); ?></p>
 								<div class="d-flex align-items-center justify-content-between mt-auto pt-2 border-top">
 									<?php if ($plugin->protected): ?>
 										<span class="badge bg-dark"><?php echo Text::_('COM_MOKOWAAS_PROTECTED'); ?></span>
+									<?php elseif ($plugin->configure_only): ?>
+										<span class="badge bg-<?php echo $plugin->enabled ? 'success' : 'secondary'; ?>">
+											<?php echo $plugin->enabled ? Text::_('COM_MOKOWAAS_ENABLED') : Text::_('COM_MOKOWAAS_DISABLED'); ?>
+										</span>
 									<?php else: ?>
 										<div class="form-check form-switch">
 											<input type="checkbox" class="form-check-input mokowaas-toggle" role="switch"
@@ -130,7 +226,7 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 												data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.togglePlugin&format=json'); ?>"
 												data-token="<?php echo $token; ?>"
 												<?php echo $plugin->enabled ? 'checked' : ''; ?>>
-											<label class="form-check-label small" for="toggle-<?php echo $plugin->extension_id; ?>">
+											<label class="form-check-label" for="toggle-<?php echo $plugin->extension_id; ?>">
 												<?php echo $plugin->enabled ? Text::_('COM_MOKOWAAS_ENABLED') : Text::_('COM_MOKOWAAS_DISABLED'); ?>
 											</label>
 										</div>
@@ -149,8 +245,28 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 			<?php endforeach; ?>
 		</div>
 
-		<!-- Right: Information Tables (4 cols) -->
-		<div class="col-12 col-xl-4">
+		<!-- Right: Charts & Information (4 cols) -->
+		<div class="col-12 col-xl-4" style="border-left:1px solid var(--gray-300, #dee2e6);padding-left:1.5rem;">
+
+			<!-- WAF Activity Chart -->
+			<div class="card mb-3">
+				<div class="card-header">
+					<strong><span class="icon-shield-alt" aria-hidden="true"></span> WAF Activity (14 days)</strong>
+				</div>
+				<div class="card-body py-2">
+					<canvas id="mokowaas-chart-waf" height="140"></canvas>
+				</div>
+			</div>
+
+			<!-- Login Activity Chart -->
+			<div class="card mb-3">
+				<div class="card-header">
+					<strong><span class="icon-user" aria-hidden="true"></span> Login Activity (14 days)</strong>
+				</div>
+				<div class="card-body py-2">
+					<canvas id="mokowaas-chart-logins" height="140"></canvas>
+				</div>
+			</div>
 
 			<!-- Pending Updates -->
 			<div class="card mb-3">
@@ -165,16 +281,16 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 						<tbody>
 						<?php foreach ($pendingUpdates as $upd): ?>
 							<tr>
-								<td class="small"><?php echo $this->escape($upd->name); ?></td>
-								<td class="small text-muted"><?php echo $this->escape($upd->current_version); ?></td>
-								<td class="small text-success"><?php echo $this->escape($upd->version); ?></td>
+								<td class="text-muted"><?php echo $this->escape($upd->name); ?></td>
+								<td class="text-muted"><?php echo $this->escape($upd->current_version); ?></td>
+								<td class="text-success fw-bold"><?php echo $this->escape($upd->version); ?></td>
 							</tr>
 						<?php endforeach; ?>
 						</tbody>
 					</table>
 				</div>
 				<?php else: ?>
-				<div class="card-body text-center text-muted small py-3">
+				<div class="card-body text-center text-muted py-3">
 					<span class="icon-check-circle text-success"></span> All extensions up to date
 				</div>
 				<?php endif; ?>
@@ -193,19 +309,19 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 						<tbody>
 						<?php foreach ($checkedOut as $item): ?>
 							<tr>
-								<td class="small"><?php echo $this->escape(mb_substr($item->title, 0, 30)); ?></td>
-								<td class="small"><?php echo $this->escape($item->username ?? ''); ?></td>
-								<td class="small text-muted"><?php echo HTMLHelper::_('date', $item->checked_out_time, 'M d H:i'); ?></td>
+								<td class="text-muted"><?php echo $this->escape(mb_substr($item->title, 0, 30)); ?></td>
+								<td class="text-muted"><?php echo $this->escape($item->username ?? ''); ?></td>
+								<td class="text-muted"><?php echo HTMLHelper::_('date', $item->checked_out_time, 'M d H:i'); ?></td>
 							</tr>
 						<?php endforeach; ?>
 						</tbody>
 					</table>
 				</div>
 				<div class="card-footer text-center py-1">
-					<a href="<?php echo Route::_('index.php?option=com_checkin'); ?>" class="small">Global Check-in</a>
+					<a href="<?php echo Route::_('index.php?option=com_checkin'); ?>" class="text-muted">Global Check-in</a>
 				</div>
 				<?php else: ?>
-				<div class="card-body text-center text-muted small py-3">
+				<div class="card-body text-center text-muted py-3">
 					<span class="icon-check-circle text-success"></span> No checked out items
 				</div>
 				<?php endif; ?>
@@ -224,16 +340,16 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 						<tbody>
 						<?php foreach ($wafBlocks as $block): ?>
 							<tr>
-								<td class="small"><code><?php echo $this->escape($block->ip); ?></code></td>
-								<td class="small"><span class="badge bg-danger"><?php echo $this->escape($block->rule); ?></span></td>
-								<td class="small text-muted"><?php echo HTMLHelper::_('date', $block->created, 'M d H:i'); ?></td>
+								<td class="text-muted"><code><?php echo $this->escape($block->ip); ?></code></td>
+								<td class="text-muted"><span class="badge bg-danger"><?php echo $this->escape($block->rule); ?></span></td>
+								<td class="text-muted"><?php echo HTMLHelper::_('date', $block->created, 'M d H:i'); ?></td>
 							</tr>
 						<?php endforeach; ?>
 						</tbody>
 					</table>
 				</div>
 				<?php else: ?>
-				<div class="card-body text-center text-muted small py-3">
+				<div class="card-body text-center text-muted py-3">
 					<span class="icon-check-circle text-success"></span> No recent blocks
 				</div>
 				<?php endif; ?>
@@ -251,19 +367,85 @@ $categoryOrder = ['core', 'security', 'monitoring', 'content', 'tools', 'api'];
 						<tbody>
 						<?php foreach ($recentLogins as $login): ?>
 							<tr>
-								<td class="small"><?php echo $this->escape($login->username ?? ''); ?></td>
-								<td class="small"><code><?php echo $this->escape($login->ip_address ?? ''); ?></code></td>
-								<td class="small text-muted"><?php echo HTMLHelper::_('date', $login->log_date, 'M d H:i'); ?></td>
+								<td class="text-muted"><?php echo $this->escape($login->username ?? ''); ?></td>
+								<td class="text-muted"><code><?php echo $this->escape($login->ip_address ?? ''); ?></code></td>
+								<td class="text-muted"><?php echo HTMLHelper::_('date', $login->log_date, 'M d H:i'); ?></td>
 							</tr>
 						<?php endforeach; ?>
 						</tbody>
 					</table>
 				</div>
 				<?php else: ?>
-				<div class="card-body text-center text-muted small py-3">No login activity recorded</div>
+				<div class="card-body text-center text-muted py-3">No login activity recorded</div>
 				<?php endif; ?>
 			</div>
 
 		</div><!-- /.col-xl-4 -->
 	</div><!-- /.row -->
 </div>
+
+<?php
+// Prepare chart data as JSON for JavaScript
+$wafChartData   = $this->wafChartData ?? [];
+$loginChartData = $this->loginChartData ?? [];
+
+$wafLabels  = array_map(fn($d) => $d->day, $wafChartData);
+$wafValues  = array_map(fn($d) => $d->total, $wafChartData);
+$loginLabels = array_map(fn($d) => $d->day, $loginChartData);
+$loginValues = array_map(fn($d) => $d->total, $loginChartData);
+?>
+
+<script src="https://cdn.jsdelivr.net/npm/chart.js@4/dist/chart.umd.min.js" integrity="sha384-jb8JQMbMoBUzgWatfe6COACi2ljcDdZQ2OxczGA3bGNeWe+6DChMTBJemed7ZnvJ" crossorigin="anonymous"></script>
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var chartDefaults = {
+		responsive: true,
+		maintainAspectRatio: false,
+		plugins: { legend: { display: false } },
+		scales: {
+			x: { grid: { display: false }, ticks: { maxRotation: 45, font: { size: 10 } } },
+			y: { beginAtZero: true, ticks: { stepSize: 1, font: { size: 10 } } }
+		}
+	};
+
+	// WAF chart
+	var wafCtx = document.getElementById('mokowaas-chart-waf');
+	if (wafCtx) {
+		new Chart(wafCtx, {
+			type: 'bar',
+			data: {
+				labels: <?php echo json_encode($wafLabels); ?>,
+				datasets: [{
+					data: <?php echo json_encode($wafValues); ?>,
+					backgroundColor: 'rgba(197, 40, 39, 0.6)',
+					borderColor: '#c52827',
+					borderWidth: 1,
+					borderRadius: 3
+				}]
+			},
+			options: chartDefaults
+		});
+	}
+
+	// Login chart
+	var loginCtx = document.getElementById('mokowaas-chart-logins');
+	if (loginCtx) {
+		new Chart(loginCtx, {
+			type: 'line',
+			data: {
+				labels: <?php echo json_encode($loginLabels); ?>,
+				datasets: [{
+					data: <?php echo json_encode($loginValues); ?>,
+					borderColor: '#2a69b8',
+					backgroundColor: 'rgba(42, 105, 184, 0.1)',
+					fill: true,
+					tension: 0.3,
+					pointRadius: 3,
+					pointBackgroundColor: '#2a69b8'
+				}]
+			},
+			options: chartDefaults
+		});
+	}
+});
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/database/default.php b/source/packages/com_mokowaas/admin/tmpl/database/default.php
new file mode 100644
index 00000000..0d0c9357
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/database/default.php
@@ -0,0 +1,72 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$data    = $this->tableData;
+$tables  = $data['tables'] ?? [];
+$token   = Session::getFormToken();
+$optimizeUrl = Route::_('index.php?option=com_mokowaas&task=display.optimizeDb&format=json');
+$repairUrl   = Route::_('index.php?option=com_mokowaas&task=display.repairDb&format=json');
+$purgeUrl    = Route::_('index.php?option=com_mokowaas&task=display.purgeSessions&format=json');
+?>
+
+<div id="mokowaas-database">
+	<div class="row g-3 mb-4">
+		<div class="col-6 col-md-3"><div class="card text-center p-3"><span class="fw-bold fs-3"><?php echo $data['count']; ?></span><small class="text-muted">Tables</small></div></div>
+		<div class="col-6 col-md-3"><div class="card text-center p-3"><span class="fw-bold fs-3"><?php echo $data['total_size_mb']; ?> MB</span><small class="text-muted">Total Size</small></div></div>
+		<div class="col-6 col-md-3"><div class="card text-center p-3"><span class="fw-bold fs-3 <?php echo $data['total_overhead_kb'] > 100 ? 'text-warning' : 'text-success'; ?>"><?php echo $data['total_overhead_kb']; ?> KB</span><small class="text-muted">Overhead</small></div></div>
+		<div class="col-6 col-md-3">
+			<div class="card p-3 d-grid gap-2">
+				<button type="button" class="btn btn-sm btn-primary btn-db-action" data-url="<?php echo $optimizeUrl; ?>" data-token="<?php echo $token; ?>" data-confirm="Optimize all tables with overhead?">
+					<span class="icon-bolt"></span> Optimize All
+				</button>
+				<button type="button" class="btn btn-sm btn-outline-warning btn-db-action" data-url="<?php echo $repairUrl; ?>" data-token="<?php echo $token; ?>" data-confirm="Repair all tables?">
+					<span class="icon-wrench"></span> Repair All
+				</button>
+				<button type="button" class="btn btn-sm btn-outline-secondary btn-db-action" data-url="<?php echo $purgeUrl; ?>" data-token="<?php echo $token; ?>" data-confirm="Purge expired sessions?">
+					<span class="icon-trash"></span> Purge Sessions
+				</button>
+			</div>
+		</div>
+	</div>
+
+	<div class="card">
+		<div class="table-responsive">
+			<table class="table table-striped table-sm mb-0">
+				<thead><tr><th>Table</th><th>Engine</th><th class="text-end">Rows</th><th class="text-end">Size</th><th class="text-end">Overhead</th></tr></thead>
+				<tbody>
+				<?php foreach ($tables as $t): ?>
+				<tr class="<?php echo $t->overhead_kb > 10 ? 'table-warning' : ''; ?> <?php echo $t->is_moko ? 'fw-bold' : ''; ?>">
+					<td class="small"><?php echo htmlspecialchars($t->name); ?></td>
+					<td class="small"><?php echo htmlspecialchars($t->engine); ?></td>
+					<td class="text-end small"><?php echo number_format($t->rows); ?></td>
+					<td class="text-end small"><?php echo $t->size_mb; ?> MB</td>
+					<td class="text-end small <?php echo $t->overhead_kb > 10 ? 'text-warning fw-bold' : ''; ?>"><?php echo $t->overhead_kb > 0 ? $t->overhead_kb . ' KB' : '—'; ?></td>
+				</tr>
+				<?php endforeach; ?>
+				</tbody>
+			</table>
+		</div>
+	</div>
+</div>
+
+<script>
+document.querySelectorAll('.btn-db-action').forEach(function(btn) {
+	btn.addEventListener('click', function() {
+		if (!confirm(this.dataset.confirm)) return;
+		var el = this;
+		el.disabled = true;
+		var fd = new FormData();
+		fd.append(el.dataset.token, '1');
+		fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+			.then(function(r){return r.json()})
+			.then(function(d){
+				if (d.success) { Joomla.renderMessages({message:[d.message]}); setTimeout(function(){location.reload()},1500); }
+				else { Joomla.renderMessages({error:[d.message]}); el.disabled = false; }
+			})
+			.catch(function(){ el.disabled = false; });
+	});
+});
+</script>
diff --git a/src/packages/com_mokowaas/admin/tmpl/extensions/default.php b/source/packages/com_mokowaas/admin/tmpl/extensions/default.php
similarity index 74%
rename from src/packages/com_mokowaas/admin/tmpl/extensions/default.php
rename to source/packages/com_mokowaas/admin/tmpl/extensions/default.php
index cdaa6850..4ffca746 100644
--- a/src/packages/com_mokowaas/admin/tmpl/extensions/default.php
+++ b/source/packages/com_mokowaas/admin/tmpl/extensions/default.php
@@ -25,8 +25,9 @@ foreach ($packages as $pkg)
 }
 
 $statusBadge = [
-	'installed'     => ['bg-success', 'Installed'],
-	'not_installed' => ['bg-secondary', 'Not Installed'],
+	'installed'        => ['bg-success', 'Installed'],
+	'update_available' => ['bg-warning text-dark', 'Update Available'],
+	'not_installed'    => ['bg-secondary', 'Not Installed'],
 ];
 ?>
 
@@ -63,6 +64,9 @@ $statusBadge = [
 						<div class="small text-muted">
 							<?php if ($pkg->local_version): ?>
 								v<?php echo htmlspecialchars($pkg->local_version); ?>
+								<?php if ($pkg->remote_version && $pkg->status === 'update_available'): ?>
+									&rarr; <?php echo htmlspecialchars($pkg->remote_version); ?>
+								<?php endif; ?>
 							<?php elseif ($pkg->remote_version): ?>
 								Latest: <?php echo htmlspecialchars($pkg->remote_version); ?>
 							<?php endif; ?>
@@ -73,7 +77,16 @@ $statusBadge = [
 								<span class="icon-book" aria-hidden="true"></span>
 							</a>
 							<?php endif; ?>
-							<?php if ($pkg->download_url && $pkg->status === 'not_installed'): ?>
+							<?php if ($pkg->download_url && $pkg->status === 'update_available'): ?>
+						<button type="button" class="btn btn-sm btn-warning mokowaas-install-btn"
+							data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.installExtension&format=json'); ?>"
+							data-download="<?php echo htmlspecialchars($pkg->download_url); ?>"
+							data-token="<?php echo $token; ?>"
+							data-label="<?php echo htmlspecialchars($pkg->label); ?>">
+							<span class="icon-refresh" aria-hidden="true"></span>
+							Update to <?php echo htmlspecialchars($pkg->remote_version); ?>
+						</button>
+						<?php elseif ($pkg->download_url && $pkg->status === 'not_installed'): ?>
 							<button type="button" class="btn btn-sm btn-primary mokowaas-install-btn"
 								data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.installExtension&format=json'); ?>"
 								data-download="<?php echo htmlspecialchars($pkg->download_url); ?>"
@@ -83,6 +96,26 @@ $statusBadge = [
 								Install
 							</button>
 							<?php elseif ($pkg->status === 'installed'): ?>
+							<?php
+								$dashLink = '';
+								if ($pkg->type === 'component')
+								{
+									$dashLink = 'index.php?option=' . $pkg->element;
+								}
+								elseif ($pkg->type === 'package' && strpos($pkg->element, 'pkg_') === 0)
+								{
+									$comElement = 'com_' . substr($pkg->element, 4);
+									if (is_dir(JPATH_ADMINISTRATOR . '/components/' . $comElement))
+									{
+										$dashLink = 'index.php?option=' . $comElement;
+									}
+								}
+							?>
+							<?php if ($dashLink): ?>
+							<a href="<?php echo Route::_($dashLink); ?>" class="btn btn-sm btn-outline-primary" title="Open">
+								<span class="icon-arrow-right" aria-hidden="true"></span> Open
+							</a>
+							<?php endif; ?>
 							<span class="btn btn-sm btn-outline-success disabled">
 								<span class="icon-check" aria-hidden="true"></span> Installed
 							</span>
diff --git a/source/packages/com_mokowaas/admin/tmpl/htaccess/default.php b/source/packages/com_mokowaas/admin/tmpl/htaccess/default.php
new file mode 100644
index 00000000..79155233
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/htaccess/default.php
@@ -0,0 +1,306 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$opts    = $this->options;
+$preview = $this->preview;
+$nginx   = $this->nginxPreview;
+$current = $this->currentHtaccess;
+$token   = Session::getFormToken();
+$saveUrl = Route::_('index.php?option=com_mokowaas&task=display.saveHtaccess&format=json');
+$genUrl  = Route::_('index.php?option=com_mokowaas&task=display.generateHtaccess&format=json');
+
+// Helper for toggle switch
+$sw = function($name, $label, $desc = '') use ($opts) {
+	$checked = !empty($opts[$name]) ? 'checked' : '';
+	echo '<div class="d-flex justify-content-between align-items-center py-2 border-bottom">';
+	echo '<div><strong>' . htmlspecialchars($label) . '</strong>';
+	if ($desc) echo '<br><small class="text-muted">' . htmlspecialchars($desc) . '</small>';
+	echo '</div>';
+	echo '<div class="form-check form-switch">';
+	echo '<input type="checkbox" class="form-check-input htaccess-opt" name="' . $name . '" id="htopt-' . $name . '" ' . $checked . '>';
+	echo '</div></div>';
+};
+?>
+
+<div id="mokowaas-htaccess">
+	<ul class="nav nav-tabs mb-3" role="tablist">
+		<li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#tab-htaccess" role="tab">.htaccess</a></li>
+		<li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#tab-nginx" role="tab">NginX</a></li>
+		<li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#tab-current" role="tab">Current File</a></li>
+	</ul>
+
+	<div class="tab-content">
+		<!-- .htaccess Tab -->
+		<div class="tab-pane fade show active" id="tab-htaccess" role="tabpanel">
+			<div class="row">
+				<!-- Left: Options -->
+				<div class="col-12 col-xl-6">
+
+					<div class="card mb-3">
+						<div class="card-header"><strong><span class="icon-shield-alt"></span> Security</strong></div>
+						<div class="card-body">
+							<?php $sw('disable_directory_listing', 'Disable Directory Listing', 'Options -Indexes'); ?>
+							<?php $sw('block_sensitive_files', 'Block Sensitive Files', 'htaccess.txt, configuration.php-dist, etc.'); ?>
+							<?php $sw('block_php_in_uploads', 'Block PHP in Uploads', 'Prevent .php in images/, media/, tmp/'); ?>
+							<?php $sw('disable_server_signature', 'Hide Server Signature', 'ServerSignature Off, remove X-Powered-By'); ?>
+							<?php $sw('prevent_clickjacking', 'Clickjacking Protection', 'X-Frame-Options: SAMEORIGIN'); ?>
+							<?php $sw('prevent_mime_sniffing', 'MIME Sniffing Prevention', 'X-Content-Type-Options: nosniff'); ?>
+							<?php $sw('xss_protection', 'XSS Protection Header', 'X-XSS-Protection: 1; mode=block'); ?>
+							<?php $sw('disable_trace_track', 'Disable TRACE/TRACK', 'Block HTTP TRACE and TRACK methods'); ?>
+
+							<div class="py-2 border-bottom">
+								<label class="form-label fw-bold" for="htopt-referrer_policy">Referrer Policy</label>
+								<select class="form-select form-select-sm htaccess-opt" name="referrer_policy" id="htopt-referrer_policy">
+									<option value="off" <?php echo ($opts['referrer_policy'] ?? '') === 'off' ? 'selected' : ''; ?>>Off</option>
+									<option value="no-referrer" <?php echo ($opts['referrer_policy'] ?? '') === 'no-referrer' ? 'selected' : ''; ?>>no-referrer</option>
+									<option value="same-origin" <?php echo ($opts['referrer_policy'] ?? '') === 'same-origin' ? 'selected' : ''; ?>>same-origin</option>
+									<option value="strict-origin-when-cross-origin" <?php echo ($opts['referrer_policy'] ?? '') === 'strict-origin-when-cross-origin' ? 'selected' : ''; ?>>strict-origin-when-cross-origin</option>
+								</select>
+							</div>
+
+							<?php $sw('hsts_enabled', 'HSTS (Force HTTPS)', 'Strict-Transport-Security header'); ?>
+							<div class="ps-4 <?php echo empty($opts['hsts_enabled']) ? 'd-none' : ''; ?>" id="hsts-options">
+								<div class="row g-2 py-2">
+									<div class="col-6">
+										<label class="form-label small">Max Age (seconds)</label>
+										<input type="number" class="form-control form-control-sm htaccess-opt" name="hsts_max_age" value="<?php echo (int) ($opts['hsts_max_age'] ?? 31536000); ?>">
+									</div>
+									<div class="col-6 d-flex align-items-end">
+										<div class="form-check">
+											<input type="checkbox" class="form-check-input htaccess-opt" name="hsts_subdomains" id="htopt-hsts_sub" <?php echo !empty($opts['hsts_subdomains']) ? 'checked' : ''; ?>>
+											<label class="form-check-label small" for="htopt-hsts_sub">Include Subdomains</label>
+										</div>
+									</div>
+								</div>
+							</div>
+
+							<?php $sw('csp_enabled', 'Content Security Policy', 'CSP header'); ?>
+							<div class="ps-4 <?php echo empty($opts['csp_enabled']) ? 'd-none' : ''; ?>" id="csp-options">
+								<textarea class="form-control form-control-sm htaccess-opt mt-1" name="csp_value" rows="2" placeholder="default-src 'self'; script-src 'self' 'unsafe-inline'"><?php echo htmlspecialchars($opts['csp_value'] ?? ''); ?></textarea>
+							</div>
+
+							<?php $sw('permissions_policy', 'Permissions Policy', 'Camera, microphone, geolocation controls'); ?>
+							<div class="ps-4 <?php echo empty($opts['permissions_policy']) ? 'd-none' : ''; ?>" id="perms-options">
+								<textarea class="form-control form-control-sm htaccess-opt mt-1" name="permissions_value" rows="2" placeholder="camera=(), microphone=(), geolocation=()"><?php echo htmlspecialchars($opts['permissions_value'] ?? ''); ?></textarea>
+							</div>
+						</div>
+					</div>
+
+					<div class="card mb-3">
+						<div class="card-header"><strong><span class="icon-bolt"></span> Performance</strong></div>
+						<div class="card-body">
+							<?php $sw('enable_gzip', 'GZip Compression', 'Compress CSS, JS, HTML, XML, JSON'); ?>
+							<?php $sw('enable_expires', 'Browser Caching', 'Set expiration headers for static files'); ?>
+							<div class="ps-4 <?php echo empty($opts['enable_expires']) ? 'd-none' : ''; ?>" id="expires-options">
+								<div class="row g-2 py-2">
+									<div class="col-4">
+										<label class="form-label small">HTML (sec)</label>
+										<input type="number" class="form-control form-control-sm htaccess-opt" name="expires_html" value="<?php echo (int) ($opts['expires_html'] ?? 3600); ?>">
+									</div>
+									<div class="col-4">
+										<label class="form-label small">CSS/JS (sec)</label>
+										<input type="number" class="form-control form-control-sm htaccess-opt" name="expires_css_js" value="<?php echo (int) ($opts['expires_css_js'] ?? 2592000); ?>">
+									</div>
+									<div class="col-4">
+										<label class="form-label small">Images (sec)</label>
+										<input type="number" class="form-control form-control-sm htaccess-opt" name="expires_images" value="<?php echo (int) ($opts['expires_images'] ?? 31536000); ?>">
+									</div>
+								</div>
+							</div>
+							<?php $sw('etag_control', 'Disable ETags', 'For load-balanced environments'); ?>
+						</div>
+					</div>
+
+					<div class="card mb-3">
+						<div class="card-header"><strong><span class="icon-search"></span> SEO / Redirects</strong></div>
+						<div class="card-body">
+							<div class="py-2 border-bottom">
+								<label class="form-label fw-bold">WWW Redirect</label>
+								<select class="form-select form-select-sm htaccess-opt" name="www_redirect">
+									<option value="off" <?php echo ($opts['www_redirect'] ?? 'off') === 'off' ? 'selected' : ''; ?>>Off</option>
+									<option value="www" <?php echo ($opts['www_redirect'] ?? '') === 'www' ? 'selected' : ''; ?>>Force www</option>
+									<option value="non-www" <?php echo ($opts['www_redirect'] ?? '') === 'non-www' ? 'selected' : ''; ?>>Force non-www</option>
+								</select>
+							</div>
+							<?php $sw('redirect_index_php', 'Redirect /index.php to /', 'SEO-friendly root redirect'); ?>
+							<?php $sw('force_trailing_slash', 'Force Trailing Slash', 'Append / to URLs without file extension'); ?>
+						</div>
+					</div>
+
+					<div class="card mb-3">
+						<div class="card-header"><strong><span class="icon-code"></span> Custom Rules</strong></div>
+						<div class="card-body">
+							<textarea class="form-control htaccess-opt" name="custom_rules" rows="4" placeholder="# Add custom Apache directives here"><?php echo htmlspecialchars($opts['custom_rules'] ?? ''); ?></textarea>
+						</div>
+					</div>
+				</div>
+
+				<!-- Right: Preview -->
+				<div class="col-12 col-xl-6">
+					<div class="card mb-3 sticky-top" style="top:1rem">
+						<div class="card-header d-flex justify-content-between align-items-center">
+							<strong>Preview</strong>
+							<span class="badge bg-secondary" id="htaccess-line-count"><?php echo substr_count($preview, "\n"); ?> lines</span>
+						</div>
+						<div class="card-body p-0">
+							<textarea id="htaccess-preview" class="form-control font-monospace border-0" rows="30" readonly style="font-size:0.8rem;resize:none"><?php echo htmlspecialchars($preview); ?></textarea>
+						</div>
+						<div class="card-footer d-flex gap-2">
+							<button type="button" class="btn btn-primary" id="htaccess-save"
+								data-url="<?php echo $saveUrl; ?>" data-token="<?php echo $token; ?>">
+								<span class="icon-save"></span> Save to .htaccess
+							</button>
+							<button type="button" class="btn btn-outline-secondary" id="htaccess-download">
+								<span class="icon-download"></span> Download
+							</button>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+
+		<!-- NginX Tab -->
+		<div class="tab-pane fade" id="tab-nginx" role="tabpanel">
+			<div class="card">
+				<div class="card-header"><strong>NginX Configuration Snippet</strong></div>
+				<div class="card-body p-0">
+					<textarea id="nginx-preview" class="form-control font-monospace border-0" rows="25" readonly style="font-size:0.8rem;resize:none"><?php echo htmlspecialchars($nginx); ?></textarea>
+				</div>
+				<div class="card-footer">
+					<button type="button" class="btn btn-outline-secondary" id="nginx-download">
+						<span class="icon-download"></span> Download NginX Config
+					</button>
+				</div>
+			</div>
+		</div>
+
+		<!-- Current File Tab -->
+		<div class="tab-pane fade" id="tab-current" role="tabpanel">
+			<div class="card">
+				<div class="card-header"><strong>Current .htaccess on Disk</strong></div>
+				<div class="card-body p-0">
+					<textarea class="form-control font-monospace border-0" rows="25" readonly style="font-size:0.8rem;resize:none"><?php echo htmlspecialchars($current); ?></textarea>
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var saveBtn = document.getElementById('htaccess-save');
+	var preview = document.getElementById('htaccess-preview');
+	var lineCount = document.getElementById('htaccess-line-count');
+
+	// Toggle sub-option visibility
+	document.getElementById('htopt-hsts_enabled').addEventListener('change', function() {
+		document.getElementById('hsts-options').classList.toggle('d-none', !this.checked);
+	});
+	document.getElementById('htopt-csp_enabled').addEventListener('change', function() {
+		document.getElementById('csp-options').classList.toggle('d-none', !this.checked);
+	});
+	document.getElementById('htopt-permissions_policy').addEventListener('change', function() {
+		document.getElementById('perms-options').classList.toggle('d-none', !this.checked);
+	});
+	document.getElementById('htopt-enable_expires') && document.getElementById('htopt-enable_expires').addEventListener('change', function() {
+		document.getElementById('expires-options').classList.toggle('d-none', !this.checked);
+	});
+
+	// Regenerate preview on any option change
+	document.querySelectorAll('.htaccess-opt').forEach(function(el) {
+		el.addEventListener('change', regeneratePreview);
+		el.addEventListener('input', regeneratePreview);
+	});
+
+	function collectOptions() {
+		var opts = {};
+		document.querySelectorAll('.htaccess-opt').forEach(function(el) {
+			if (el.type === 'checkbox') {
+				opts[el.name] = el.checked ? 1 : 0;
+			} else {
+				opts[el.name] = el.value;
+			}
+		});
+		return opts;
+	}
+
+	var debounceTimer;
+	function regeneratePreview() {
+		clearTimeout(debounceTimer);
+		debounceTimer = setTimeout(function() {
+			var fd = new FormData();
+			var opts = collectOptions();
+			for (var k in opts) fd.append(k, opts[k]);
+			fd.append('<?php echo $token; ?>', '1');
+
+			fetch('<?php echo $genUrl; ?>', {
+				method: 'POST', body: fd,
+				headers: {'X-Requested-With': 'XMLHttpRequest'}
+			})
+			.then(function(r) { return r.json(); })
+			.then(function(d) {
+				if (d.htaccess) {
+					preview.value = d.htaccess;
+					lineCount.textContent = d.htaccess.split('\n').length + ' lines';
+				}
+				if (d.nginx) {
+					document.getElementById('nginx-preview').value = d.nginx;
+				}
+			});
+		}, 300);
+	}
+
+	// Save to disk
+	saveBtn.addEventListener('click', function() {
+		if (!confirm('This will overwrite your current .htaccess file. A backup will be created at .htaccess.mokowaas.bak. Continue?')) return;
+		var btn = this;
+		btn.disabled = true;
+
+		var fd = new FormData();
+		fd.append('content', preview.value);
+		var opts = collectOptions();
+		for (var k in opts) fd.append('opt_' + k, opts[k]);
+		fd.append('<?php echo $token; ?>', '1');
+
+		fetch(btn.dataset.url, {
+			method: 'POST', body: fd,
+			headers: {'X-Requested-With': 'XMLHttpRequest'}
+		})
+		.then(function(r) { return r.json(); })
+		.then(function(d) {
+			if (d.success) Joomla.renderMessages({message: [d.message]});
+			else Joomla.renderMessages({error: [d.message]});
+		})
+		.catch(function() { Joomla.renderMessages({error: ['Network error']}); })
+		.finally(function() { btn.disabled = false; });
+	});
+
+	// Download buttons
+	function downloadText(content, filename) {
+		var blob = new Blob([content], {type: 'text/plain'});
+		var a = document.createElement('a');
+		a.href = URL.createObjectURL(blob);
+		a.download = filename;
+		a.click();
+		URL.revokeObjectURL(a.href);
+	}
+
+	document.getElementById('htaccess-download').addEventListener('click', function() {
+		downloadText(preview.value, '.htaccess');
+	});
+	document.getElementById('nginx-download').addEventListener('click', function() {
+		downloadText(document.getElementById('nginx-preview').value, 'mokowaas-nginx.conf');
+	});
+});
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/privacy/default.php b/source/packages/com_mokowaas/admin/tmpl/privacy/default.php
new file mode 100644
index 00000000..9fd993e6
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/privacy/default.php
@@ -0,0 +1,267 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\HTML\HTMLHelper;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$requests = $this->requests;
+$policies = $this->policies;
+$summary  = $this->summary;
+$token    = Session::getFormToken();
+
+$statusBadge = [
+	'pending'    => 'bg-warning text-dark',
+	'processing' => 'bg-info',
+	'completed'  => 'bg-success',
+	'denied'     => 'bg-secondary',
+];
+$typeBadge = [
+	'export'    => 'bg-primary',
+	'delete'    => 'bg-danger',
+	'anonymize' => 'bg-warning text-dark',
+];
+?>
+
+<div id="mokowaas-privacy">
+	<!-- Summary cards -->
+	<div class="row g-3 mb-4">
+		<div class="col-6 col-md-3">
+			<div class="card text-center p-3">
+				<span class="fw-bold fs-3 <?php echo $summary->pending_requests > 0 ? 'text-warning' : 'text-success'; ?>"><?php echo $summary->pending_requests; ?></span>
+				<small class="text-muted">Pending Requests</small>
+			</div>
+		</div>
+		<div class="col-6 col-md-3">
+			<div class="card text-center p-3">
+				<span class="fw-bold fs-3"><?php echo $summary->total_requests; ?></span>
+				<small class="text-muted">Total Requests</small>
+			</div>
+		</div>
+		<div class="col-6 col-md-3">
+			<div class="card text-center p-3">
+				<span class="fw-bold fs-3"><?php echo $summary->consent_entries; ?></span>
+				<small class="text-muted">Consent Entries</small>
+			</div>
+		</div>
+		<div class="col-6 col-md-3">
+			<div class="card text-center p-3">
+				<span class="fw-bold fs-3"><?php echo $summary->policies_active; ?></span>
+				<small class="text-muted">Active Policies</small>
+			</div>
+		</div>
+	</div>
+
+	<!-- New Request Form -->
+	<div class="card mb-4">
+		<div class="card-header d-flex justify-content-between align-items-center">
+			<strong><span class="icon-plus"></span> Create Data Request</strong>
+			<button class="btn btn-sm btn-outline-primary" type="button" data-bs-toggle="collapse" data-bs-target="#newRequestForm" aria-expanded="false">
+				<span class="icon-plus"></span> New Request
+			</button>
+		</div>
+		<div class="collapse" id="newRequestForm">
+			<div class="card-body">
+				<form id="formNewRequest" class="row g-3">
+					<div class="col-12 col-md-5">
+						<label for="req_user_id" class="form-label">User</label>
+						<select id="req_user_id" class="form-select" required>
+							<option value="">Select a user...</option>
+							<?php
+								$db = Factory::getDbo();
+								$db->setQuery(
+									$db->getQuery(true)
+										->select([$db->quoteName('id'), $db->quoteName('name'), $db->quoteName('email')])
+										->from($db->quoteName('#__users'))
+										->where($db->quoteName('block') . ' = 0')
+										->order($db->quoteName('name'))
+								);
+								foreach ($db->loadObjectList() as $u):
+							?>
+							<option value="<?php echo (int) $u->id; ?>"><?php echo $this->escape($u->name); ?> (<?php echo $this->escape($u->email); ?>)</option>
+							<?php endforeach; ?>
+						</select>
+					</div>
+					<div class="col-12 col-md-3">
+						<label for="req_type" class="form-label">Request Type</label>
+						<select id="req_type" class="form-select" required>
+							<option value="export">Export Data</option>
+							<option value="delete">Delete Data</option>
+							<option value="anonymize">Anonymize Data</option>
+						</select>
+					</div>
+					<div class="col-12 col-md-2">
+						<label for="req_auto" class="form-label">Auto-process</label>
+						<select id="req_auto" class="form-select">
+							<option value="0">No (pending)</option>
+							<option value="1">Yes (immediate)</option>
+						</select>
+					</div>
+					<div class="col-12 col-md-2 d-flex align-items-end">
+						<button type="submit" class="btn btn-primary w-100" id="btnCreateRequest"
+							data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.processDataRequest&format=json'); ?>"
+							data-token="<?php echo $token; ?>">
+							<span class="icon-check"></span> Submit
+						</button>
+					</div>
+				</form>
+			</div>
+		</div>
+	</div>
+
+	<div class="row">
+		<!-- Data Requests -->
+		<div class="col-12 col-xl-8">
+			<div class="card mb-4">
+				<div class="card-header d-flex justify-content-between align-items-center">
+					<strong><span class="icon-user-shield"></span> Data Subject Requests</strong>
+					<form method="get" class="d-inline">
+						<input type="hidden" name="option" value="com_mokowaas">
+						<input type="hidden" name="view" value="privacy">
+						<select name="filter_status" class="form-select form-select-sm" style="width:auto" onchange="this.form.submit()">
+							<option value="">All</option>
+							<?php foreach (['pending','processing','completed','denied'] as $s): ?>
+							<option value="<?php echo $s; ?>" <?php echo Factory::getApplication()->getInput()->getString('filter_status') === $s ? 'selected' : ''; ?>><?php echo ucfirst($s); ?></option>
+							<?php endforeach; ?>
+						</select>
+					</form>
+				</div>
+				<?php if (empty($requests)): ?>
+				<div class="card-body text-center text-muted py-4">No data requests found.</div>
+				<?php else: ?>
+				<div class="table-responsive">
+					<table class="table table-striped table-hover mb-0">
+						<thead><tr><th>#</th><th>User</th><th>Type</th><th>Status</th><th>Created</th><th>Processed</th><th>Actions</th></tr></thead>
+						<tbody>
+						<?php foreach ($requests as $r): ?>
+						<tr>
+							<td><?php echo $r->id; ?></td>
+							<td><?php echo $this->escape($r->user_name ?? ''); ?><br><small class="text-muted"><?php echo $this->escape($r->user_email ?? ''); ?></small></td>
+							<td><span class="badge <?php echo $typeBadge[$r->type] ?? 'bg-secondary'; ?>"><?php echo ucfirst($r->type); ?></span></td>
+							<td><span class="badge <?php echo $statusBadge[$r->status] ?? 'bg-secondary'; ?>"><?php echo ucfirst($r->status); ?></span></td>
+							<td class="text-nowrap small"><?php echo HTMLHelper::_('date', $r->created, 'M d, Y H:i'); ?></td>
+							<td class="text-nowrap small"><?php echo $r->processed ? HTMLHelper::_('date', $r->processed, 'M d, Y H:i') : '—'; ?></td>
+							<td>
+								<?php if ($r->status === 'pending'): ?>
+								<div class="btn-group btn-group-sm">
+									<button type="button" class="btn btn-success btn-privacy-action" data-id="<?php echo $r->id; ?>" data-action="approve"
+										data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.processDataRequest&format=json'); ?>"
+										data-token="<?php echo $token; ?>">Approve</button>
+									<button type="button" class="btn btn-outline-danger btn-privacy-action" data-id="<?php echo $r->id; ?>" data-action="deny"
+										data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.processDataRequest&format=json'); ?>"
+										data-token="<?php echo $token; ?>">Deny</button>
+								</div>
+								<?php elseif ($r->status === 'completed' && $r->type === 'export'): ?>
+								<button type="button" class="btn btn-sm btn-outline-primary btn-export-download" data-user="<?php echo $r->user_id; ?>"
+									data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.exportUserData&format=json'); ?>"
+									data-token="<?php echo $token; ?>">
+									<span class="icon-download"></span> Download
+								</button>
+								<?php endif; ?>
+							</td>
+						</tr>
+						<?php endforeach; ?>
+						</tbody>
+					</table>
+				</div>
+				<?php endif; ?>
+			</div>
+		</div>
+
+		<!-- Retention Policies -->
+		<div class="col-12 col-xl-4">
+			<div class="card mb-4">
+				<div class="card-header"><strong><span class="icon-clock"></span> Retention Policies</strong></div>
+				<div class="table-responsive">
+					<table class="table table-sm mb-0">
+						<thead><tr><th>Type</th><th>Days</th><th>Action</th><th>Active</th></tr></thead>
+						<tbody>
+						<?php foreach ($policies as $p): ?>
+						<tr>
+							<td class="small"><?php echo $this->escape($p->content_type); ?></td>
+							<td><?php echo $p->retention_days; ?></td>
+							<td><span class="badge bg-secondary"><?php echo $p->action; ?></span></td>
+							<td><?php echo (int) $p->enabled ? '<span class="text-success">Yes</span>' : '<span class="text-muted">No</span>'; ?></td>
+						</tr>
+						<?php endforeach; ?>
+						</tbody>
+					</table>
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	// Process request buttons
+	document.querySelectorAll('.btn-privacy-action').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var el = this;
+			var action = el.dataset.action;
+			if (!confirm(action === 'approve' ? 'Approve and process this data request?' : 'Deny this request?')) return;
+			el.disabled = true;
+			var fd = new FormData();
+			fd.append('request_id', el.dataset.id);
+			fd.append('action', action);
+			fd.append(el.dataset.token, '1');
+			fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) { Joomla.renderMessages({message:[d.message]}); location.reload(); }
+					else { Joomla.renderMessages({error:[d.message]}); el.disabled = false; }
+				});
+		});
+	});
+
+	// Create new request
+	var form = document.getElementById('formNewRequest');
+	if (form) {
+		form.addEventListener('submit', function(e) {
+			e.preventDefault();
+			var btn = document.getElementById('btnCreateRequest');
+			var userId = document.getElementById('req_user_id').value;
+			var type = document.getElementById('req_type').value;
+			var auto = document.getElementById('req_auto').value;
+			if (!userId) { Joomla.renderMessages({warning:['Please select a user.']}); return; }
+			btn.disabled = true;
+			var fd = new FormData();
+			fd.append('user_id', userId);
+			fd.append('type', type);
+			fd.append('action', auto === '1' ? 'approve' : 'create');
+			fd.append(btn.dataset.token, '1');
+			fetch(btn.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) { Joomla.renderMessages({message:[d.message || 'Request created.']}); location.reload(); }
+					else { Joomla.renderMessages({error:[d.message || 'Failed.']}); btn.disabled = false; }
+				})
+				.catch(function(){ btn.disabled = false; });
+		});
+	}
+
+	// Export download
+	document.querySelectorAll('.btn-export-download').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var el = this;
+			var fd = new FormData();
+			fd.append('user_id', el.dataset.user);
+			fd.append(el.dataset.token, '1');
+			fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success && d.data) {
+						var blob = new Blob([JSON.stringify(d.data, null, 2)], {type:'application/json'});
+						var a = document.createElement('a');
+						a.href = URL.createObjectURL(blob);
+						a.download = 'user-data-export-' + el.dataset.user + '.json';
+						a.click();
+					} else {
+						Joomla.renderMessages({error:[d.message || 'Export failed']});
+					}
+				});
+		});
+	});
+});
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/ticket/default.php b/source/packages/com_mokowaas/admin/tmpl/ticket/default.php
new file mode 100644
index 00000000..e7ceb8ee
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/ticket/default.php
@@ -0,0 +1,198 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\HTML\HTMLHelper;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$t       = $this->ticket;
+$canned  = $this->cannedResponses;
+$token   = Session::getFormToken();
+
+$statusBadge = [
+	'open' => 'bg-primary', 'in_progress' => 'bg-info',
+	'waiting' => 'bg-warning text-dark', 'resolved' => 'bg-success', 'closed' => 'bg-secondary',
+];
+$priorityBadge = [
+	'low' => 'bg-secondary', 'normal' => 'bg-primary', 'high' => 'bg-warning text-dark', 'urgent' => 'bg-danger',
+];
+?>
+
+<div id="mokowaas-ticket" class="row">
+	<!-- Left: conversation thread -->
+	<div class="col-12 col-xl-8">
+		<!-- Original ticket -->
+		<div class="card mb-3">
+			<div class="card-header d-flex justify-content-between align-items-center">
+				<div>
+					<strong><?php echo $this->escape($t->created_by_name); ?></strong>
+					<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $t->created, 'M d, Y H:i'); ?></small>
+				</div>
+				<span class="badge bg-dark">Original</span>
+			</div>
+			<div class="card-body"><?php echo nl2br($this->escape($t->body)); ?></div>
+		</div>
+
+		<!-- Replies -->
+		<?php foreach ($t->replies as $reply): ?>
+		<div class="card mb-3 <?php echo $reply->is_internal ? 'border-warning' : ''; ?>">
+			<div class="card-header d-flex justify-content-between align-items-center">
+				<div>
+					<strong><?php echo $this->escape($reply->user_name ?? 'System'); ?></strong>
+					<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $reply->created, 'M d, Y H:i'); ?></small>
+				</div>
+				<?php if ($reply->is_internal): ?>
+				<span class="badge bg-warning text-dark">Internal Note</span>
+				<?php endif; ?>
+			</div>
+			<div class="card-body"><?php echo nl2br($this->escape($reply->body)); ?></div>
+		</div>
+		<?php endforeach; ?>
+
+		<!-- Reply form -->
+		<div class="card mb-3">
+			<div class="card-header"><strong>Reply</strong></div>
+			<div class="card-body">
+				<?php if (!empty($canned)): ?>
+				<div class="mb-2">
+					<select class="form-select form-select-sm" id="canned-select">
+						<option value="">Insert canned response...</option>
+						<?php foreach ($canned as $c): ?>
+						<option value="<?php echo $this->escape($c->body); ?>"><?php echo $this->escape($c->title); ?></option>
+						<?php endforeach; ?>
+					</select>
+				</div>
+				<?php endif; ?>
+				<textarea id="reply-body" class="form-control mb-2" rows="5" placeholder="Type your reply..."></textarea>
+				<div class="d-flex gap-2">
+					<button type="button" class="btn btn-primary" id="btn-reply"
+						data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.addTicketReply&format=json'); ?>"
+						data-ticket="<?php echo $t->id; ?>" data-token="<?php echo $token; ?>">
+						<span class="icon-reply"></span> Send Reply
+					</button>
+					<button type="button" class="btn btn-outline-warning" id="btn-internal"
+						data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.addTicketReply&format=json'); ?>"
+						data-ticket="<?php echo $t->id; ?>" data-token="<?php echo $token; ?>" data-internal="1">
+						<span class="icon-eye-slash"></span> Internal Note
+					</button>
+				</div>
+			</div>
+		</div>
+	</div>
+
+	<!-- Right: ticket metadata -->
+	<div class="col-12 col-xl-4">
+		<div class="card mb-3">
+			<div class="card-header"><strong>Details</strong></div>
+			<div class="card-body">
+				<table class="table table-sm mb-0">
+					<tr><td class="text-muted">Status</td><td><span class="badge <?php echo $statusBadge[$t->status] ?? ''; ?>"><?php echo ucwords(str_replace('_', ' ', $t->status)); ?></span></td></tr>
+					<tr><td class="text-muted">Priority</td><td><span class="badge <?php echo $priorityBadge[$t->priority] ?? ''; ?>"><?php echo ucfirst($t->priority); ?></span></td></tr>
+					<tr><td class="text-muted">Category</td><td><?php echo $this->escape($t->category_title ?? '—'); ?></td></tr>
+					<tr><td class="text-muted">Created By</td><td><?php echo $this->escape($t->created_by_name); ?><br><small><?php echo $this->escape($t->created_by_email ?? ''); ?></small></td></tr>
+					<tr><td class="text-muted">Assigned To</td><td><?php echo $this->escape($t->assigned_to_name ?? 'Unassigned'); ?></td></tr>
+					<tr><td class="text-muted">Created</td><td><?php echo HTMLHelper::_('date', $t->created, 'M d, Y H:i'); ?></td></tr>
+					<?php if ($t->resolved): ?><tr><td class="text-muted">Resolved</td><td><?php echo HTMLHelper::_('date', $t->resolved, 'M d, Y H:i'); ?></td></tr><?php endif; ?>
+					<?php if ($t->closed): ?><tr><td class="text-muted">Closed</td><td><?php echo HTMLHelper::_('date', $t->closed, 'M d, Y H:i'); ?></td></tr><?php endif; ?>
+					<tr><td class="text-muted">Replies</td><td><?php echo $t->reply_count; ?></td></tr>
+				</table>
+			</div>
+		</div>
+
+		<!-- SLA -->
+		<?php if ($t->sla_response_due || $t->sla_resolution_due): ?>
+		<div class="card mb-3">
+			<div class="card-header"><strong>SLA</strong></div>
+			<div class="card-body">
+				<?php if ($t->sla_response_due): ?>
+				<div class="mb-2">
+					<small class="text-muted">Response Due</small><br>
+					<?php
+						$responseOverdue = !$t->sla_responded && strtotime($t->sla_response_due) < time();
+					?>
+					<span class="<?php echo $t->sla_responded ? 'text-success' : ($responseOverdue ? 'text-danger fw-bold' : ''); ?>">
+						<?php echo $t->sla_responded ? 'Responded' : HTMLHelper::_('date', $t->sla_response_due, 'M d H:i'); ?>
+						<?php echo $responseOverdue ? ' OVERDUE' : ''; ?>
+					</span>
+				</div>
+				<?php endif; ?>
+				<?php if ($t->sla_resolution_due): ?>
+				<div>
+					<small class="text-muted">Resolution Due</small><br>
+					<?php
+						$resolutionOverdue = !\in_array($t->status, ['resolved','closed']) && strtotime($t->sla_resolution_due) < time();
+					?>
+					<span class="<?php echo \in_array($t->status, ['resolved','closed']) ? 'text-success' : ($resolutionOverdue ? 'text-danger fw-bold' : ''); ?>">
+						<?php echo \in_array($t->status, ['resolved','closed']) ? 'Met' : HTMLHelper::_('date', $t->sla_resolution_due, 'M d H:i'); ?>
+						<?php echo $resolutionOverdue ? ' OVERDUE' : ''; ?>
+					</span>
+				</div>
+				<?php endif; ?>
+			</div>
+		</div>
+		<?php endif; ?>
+
+		<!-- Status actions -->
+		<div class="card mb-3">
+			<div class="card-header"><strong>Actions</strong></div>
+			<div class="card-body d-grid gap-2">
+				<?php foreach (['open' => 'Reopen', 'in_progress' => 'In Progress', 'waiting' => 'Waiting', 'resolved' => 'Resolve', 'closed' => 'Close'] as $s => $label): ?>
+				<?php if ($s !== $t->status): ?>
+				<button type="button" class="btn btn-sm btn-outline-<?php echo $s === 'closed' ? 'danger' : ($s === 'resolved' ? 'success' : 'secondary'); ?> btn-status"
+					data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.updateTicketStatus&format=json'); ?>"
+					data-ticket="<?php echo $t->id; ?>" data-status="<?php echo $s; ?>" data-token="<?php echo $token; ?>">
+					<?php echo $label; ?>
+				</button>
+				<?php endif; ?>
+				<?php endforeach; ?>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	// Canned response insert
+	var cannedSel = document.getElementById('canned-select');
+	if (cannedSel) {
+		cannedSel.addEventListener('change', function() {
+			if (this.value) { document.getElementById('reply-body').value = this.value; this.selectedIndex = 0; }
+		});
+	}
+
+	// Reply buttons
+	document.querySelectorAll('#btn-reply, #btn-internal').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var body = document.getElementById('reply-body').value.trim();
+			if (!body) return;
+			var el = this;
+			el.disabled = true;
+			var fd = new FormData();
+			fd.append('ticket_id', el.dataset.ticket);
+			fd.append('body', body);
+			fd.append('is_internal', el.dataset.internal || '0');
+			fd.append(el.dataset.token, '1');
+			fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){ if(d.success) location.reload(); else Joomla.renderMessages({error:[d.message]}); })
+				.finally(function(){ el.disabled = false; });
+		});
+	});
+
+	// Status buttons
+	document.querySelectorAll('.btn-status').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var el = this;
+			el.disabled = true;
+			var fd = new FormData();
+			fd.append('ticket_id', el.dataset.ticket);
+			fd.append('status', el.dataset.status);
+			fd.append(el.dataset.token, '1');
+			fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){ if(d.success) location.reload(); else Joomla.renderMessages({error:[d.message]}); })
+				.finally(function(){ el.disabled = false; });
+		});
+	});
+});
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/tickets/default.php b/source/packages/com_mokowaas/admin/tmpl/tickets/default.php
new file mode 100644
index 00000000..33c7f502
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/tickets/default.php
@@ -0,0 +1,291 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\HTML\HTMLHelper;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$tickets      = $this->tickets;
+$categories   = $this->categories;
+$counts       = $this->statusCounts;
+$overdue      = $this->overdue;
+$atsAvailable = $this->atsAvailable;
+$token        = Session::getFormToken();
+
+$statusBadge = [
+	'open'        => 'bg-primary',
+	'in_progress' => 'bg-info',
+	'waiting'     => 'bg-warning text-dark',
+	'resolved'    => 'bg-success',
+	'closed'      => 'bg-secondary',
+];
+
+$priorityBadge = [
+	'low'    => 'bg-secondary',
+	'normal' => 'bg-primary',
+	'high'   => 'bg-warning text-dark',
+	'urgent' => 'bg-danger',
+];
+?>
+
+<div id="mokowaas-tickets">
+	<!-- Status summary cards -->
+	<div class="row g-3 mb-4">
+		<div class="col"><div class="card text-center p-2"><span class="fw-bold fs-4"><?php echo $counts->open; ?></span><small class="text-muted">Open</small></div></div>
+		<div class="col"><div class="card text-center p-2"><span class="fw-bold fs-4"><?php echo $counts->in_progress; ?></span><small class="text-muted">In Progress</small></div></div>
+		<div class="col"><div class="card text-center p-2"><span class="fw-bold fs-4"><?php echo $counts->waiting; ?></span><small class="text-muted">Waiting</small></div></div>
+		<div class="col"><div class="card text-center p-2"><span class="fw-bold fs-4"><?php echo $counts->resolved; ?></span><small class="text-muted">Resolved</small></div></div>
+		<div class="col"><div class="card text-center p-2"><span class="fw-bold fs-4"><?php echo $counts->closed; ?></span><small class="text-muted">Closed</small></div></div>
+		<?php if (\count($overdue) > 0): ?>
+		<div class="col"><div class="card text-center p-2 border-danger"><span class="fw-bold fs-4 text-danger"><?php echo \count($overdue); ?></span><small class="text-danger">SLA Overdue</small></div></div>
+		<?php endif; ?>
+	</div>
+
+	<!-- New ticket + filters -->
+	<div class="d-flex flex-wrap justify-content-between align-items-center mb-3">
+		<div class="d-flex gap-2">
+			<button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#newTicketModal">
+				<span class="icon-plus"></span> New Ticket
+			</button>
+			<?php if ($atsAvailable): ?>
+			<button type="button" class="btn btn-outline-info" id="btn-import-ats"
+				data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.importAts&format=json'); ?>"
+				data-token="<?php echo $token; ?>"
+				data-tickets="<?php echo $atsAvailable->tickets; ?>"
+				data-posts="<?php echo $atsAvailable->posts; ?>">
+				<span class="icon-upload"></span> Import from Akeeba (<?php echo $atsAvailable->tickets; ?> tickets, <?php echo $atsAvailable->posts; ?> posts)
+			</button>
+			<?php endif; ?>
+		</div>
+		<form method="get" class="d-flex gap-2">
+			<input type="hidden" name="option" value="com_mokowaas">
+			<input type="hidden" name="view" value="tickets">
+			<select name="filter_status" class="form-select form-select-sm" style="width:auto" onchange="this.form.submit()">
+				<option value="">All Statuses</option>
+				<?php foreach (['open','in_progress','waiting','resolved','closed'] as $s): ?>
+				<option value="<?php echo $s; ?>" <?php echo Factory::getApplication()->getInput()->getString('filter_status') === $s ? 'selected' : ''; ?>><?php echo ucwords(str_replace('_', ' ', $s)); ?></option>
+				<?php endforeach; ?>
+			</select>
+			<select name="filter_priority" class="form-select form-select-sm" style="width:auto" onchange="this.form.submit()">
+				<option value="">All Priorities</option>
+				<?php foreach (['low','normal','high','urgent'] as $p): ?>
+				<option value="<?php echo $p; ?>" <?php echo Factory::getApplication()->getInput()->getString('filter_priority') === $p ? 'selected' : ''; ?>><?php echo ucfirst($p); ?></option>
+				<?php endforeach; ?>
+			</select>
+		</form>
+	</div>
+
+	<!-- Ticket table -->
+	<div class="card">
+		<div class="table-responsive">
+			<table class="table table-striped table-hover mb-0">
+				<thead>
+					<tr>
+						<th>#</th>
+						<th>Subject</th>
+						<th>Status</th>
+						<th>Priority</th>
+						<th>Category</th>
+						<th>Created By</th>
+						<th>Assigned To</th>
+						<th>Created</th>
+						<th>SLA</th>
+					</tr>
+				</thead>
+				<tbody>
+				<?php if (empty($tickets)): ?>
+					<tr><td colspan="9" class="text-center text-muted py-4">No tickets found.</td></tr>
+				<?php else: ?>
+					<?php foreach ($tickets as $t): ?>
+					<?php
+						$slaClass = '';
+						$now = time();
+						if ($t->sla_response_due && !$t->sla_responded && strtotime($t->sla_response_due) < $now) $slaClass = 'table-danger';
+						elseif ($t->sla_resolution_due && strtotime($t->sla_resolution_due) < $now && !\in_array($t->status, ['resolved','closed'])) $slaClass = 'table-danger';
+						elseif ($t->sla_response_due && !$t->sla_responded && strtotime($t->sla_response_due) < $now + 3600) $slaClass = 'table-warning';
+					?>
+					<tr class="<?php echo $slaClass; ?>">
+						<td><a href="<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id=' . $t->id); ?>"><?php echo $t->id; ?></a></td>
+						<td><a href="<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id=' . $t->id); ?>"><?php echo $this->escape(mb_substr($t->subject, 0, 60)); ?></a></td>
+						<td><span class="badge <?php echo $statusBadge[$t->status] ?? 'bg-secondary'; ?>"><?php echo ucwords(str_replace('_', ' ', $t->status)); ?></span></td>
+						<td><span class="badge <?php echo $priorityBadge[$t->priority] ?? 'bg-secondary'; ?>"><?php echo ucfirst($t->priority); ?></span></td>
+						<td><?php echo $this->escape($t->category_title ?? '—'); ?></td>
+						<td><?php echo $this->escape($t->created_by_name ?? ''); ?></td>
+						<td><?php echo $t->assigned_to_name ? $this->escape($t->assigned_to_name) : '<em>Unassigned</em>'; ?></td>
+						<td class="small"><?php echo HTMLHelper::_('date', $t->created, 'M d H:i'); ?></td>
+						<td class="small">
+							<?php if ($t->sla_response_due && !$t->sla_responded): ?>
+								<span title="Response due"><?php echo HTMLHelper::_('date', $t->sla_response_due, 'M d H:i'); ?></span>
+							<?php elseif ($t->sla_resolution_due): ?>
+								<span title="Resolution due"><?php echo HTMLHelper::_('date', $t->sla_resolution_due, 'M d H:i'); ?></span>
+							<?php else: ?>—<?php endif; ?>
+						</td>
+					</tr>
+					<?php endforeach; ?>
+				<?php endif; ?>
+				</tbody>
+			</table>
+		</div>
+	</div>
+</div>
+
+<!-- New Ticket Modal -->
+<div class="modal fade" id="newTicketModal" tabindex="-1">
+	<div class="modal-dialog modal-lg">
+		<div class="modal-content">
+			<div class="modal-header"><h5 class="modal-title">New Ticket</h5><button type="button" class="btn-close" data-bs-dismiss="modal"></button></div>
+			<div class="modal-body">
+				<!-- KB Search step -->
+				<div id="modal-kb-step">
+					<label class="form-label fw-bold">What's the issue?</label>
+					<div class="input-group mb-3">
+						<input type="text" id="modal-kb-search" class="form-control" placeholder="Describe your issue to search for existing answers...">
+						<button type="button" class="btn btn-outline-primary" id="modal-kb-btn"><span class="icon-search"></span></button>
+					</div>
+					<div id="modal-kb-results" class="list-group mb-3 d-none"></div>
+					<button type="button" class="btn btn-primary" id="modal-show-form">
+						<span class="icon-plus"></span> Create Ticket
+					</button>
+				</div>
+
+				<!-- Ticket form step (hidden initially) -->
+				<form id="modal-ticket-form" class="d-none" method="post" action="<?php echo Route::_('index.php?option=com_mokowaas&task=display.createTicket&format=json'); ?>">
+					<div class="mb-3">
+						<label class="form-label">Subject</label>
+						<input type="text" name="subject" id="modal-subject" class="form-control" required>
+					</div>
+					<div class="row mb-3">
+						<div class="col-md-6">
+							<label class="form-label">Category</label>
+							<select name="category_id" class="form-select">
+								<option value="">— Select —</option>
+								<?php foreach ($categories as $cat): ?>
+								<option value="<?php echo $cat->id; ?>"><?php echo $this->escape($cat->title); ?></option>
+								<?php endforeach; ?>
+							</select>
+						</div>
+						<div class="col-md-6">
+							<label class="form-label">Priority</label>
+							<select name="priority" class="form-select">
+								<option value="normal">Normal</option>
+								<option value="low">Low</option>
+								<option value="high">High</option>
+								<option value="urgent">Urgent</option>
+							</select>
+						</div>
+					</div>
+					<div class="mb-3">
+						<label class="form-label">Description</label>
+						<textarea name="body" class="form-control" rows="6" required></textarea>
+					</div>
+					<input type="hidden" name="<?php echo $token; ?>" value="1">
+					<div class="d-flex gap-2">
+						<button type="submit" class="btn btn-primary"><span class="icon-plus"></span> Create Ticket</button>
+						<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
+					</div>
+				</form>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+// Modal KB search
+var modalSearch = document.getElementById('modal-kb-search');
+var modalSearchBtn = document.getElementById('modal-kb-btn');
+var modalResults = document.getElementById('modal-kb-results');
+var modalShowForm = document.getElementById('modal-show-form');
+var modalKbStep = document.getElementById('modal-kb-step');
+var modalForm = document.getElementById('modal-ticket-form');
+var modalSubject = document.getElementById('modal-subject');
+
+function modalDoSearch() {
+	var q = modalSearch.value.trim();
+	if (q.length < 3) return;
+	fetch('<?php echo Route::_('index.php?option=com_mokowaas&task=display.searchKb&format=json'); ?>&q=' + encodeURIComponent(q), {
+		headers: {'X-Requested-With': 'XMLHttpRequest'}
+	}).then(function(r){return r.json()}).then(function(d) {
+		modalResults.textContent = '';
+		if (d.results && d.results.length > 0) {
+			d.results.forEach(function(item) {
+				var a = document.createElement('a');
+				a.href = item.url;
+				a.target = '_blank';
+				a.className = 'list-group-item list-group-item-action';
+				var strong = document.createElement('strong');
+				strong.textContent = item.title;
+				a.appendChild(strong);
+				if (item.description) {
+					a.appendChild(document.createElement('br'));
+					var small = document.createElement('small');
+					small.className = 'text-muted';
+					small.textContent = item.description;
+					a.appendChild(small);
+				}
+				modalResults.appendChild(a);
+			});
+			modalResults.classList.remove('d-none');
+		} else {
+			modalResults.classList.add('d-none');
+		}
+	});
+}
+if (modalSearchBtn) modalSearchBtn.addEventListener('click', modalDoSearch);
+if (modalSearch) modalSearch.addEventListener('keydown', function(e) { if (e.key === 'Enter') { e.preventDefault(); modalDoSearch(); } });
+
+// Show ticket form
+if (modalShowForm) {
+	modalShowForm.addEventListener('click', function() {
+		modalKbStep.classList.add('d-none');
+		modalForm.classList.remove('d-none');
+		if (modalSearch.value && !modalSubject.value) modalSubject.value = modalSearch.value;
+		modalSubject.focus();
+	});
+}
+
+// Submit ticket from modal
+if (modalForm) {
+	modalForm.addEventListener('submit', function(e) {
+		e.preventDefault();
+		var form = this;
+		var fd = new FormData(form);
+		fetch(form.action, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+			.then(function(r){return r.json()})
+			.then(function(d){
+				if (d.success) { location.href = 'index.php?option=com_mokowaas&view=ticket&id=' + d.id; }
+				else { Joomla.renderMessages({error:[d.message]}); }
+			});
+	});
+}
+
+// Reset modal on close
+document.getElementById('newTicketModal').addEventListener('hidden.bs.modal', function() {
+	modalKbStep.classList.remove('d-none');
+	modalForm.classList.add('d-none');
+	modalResults.classList.add('d-none');
+	modalSearch.value = '';
+	modalForm.reset();
+});
+
+// ATS Import
+var atsBtn = document.getElementById('btn-import-ats');
+if (atsBtn) {
+	atsBtn.addEventListener('click', function() {
+		var el = this;
+		if (!confirm('Import ' + el.dataset.tickets + ' tickets and ' + el.dataset.posts + ' posts from Akeeba Ticket System? Duplicates will be skipped.')) return;
+		el.disabled = true;
+		el.textContent = ' Importing...';
+		var fd = new FormData();
+		fd.append(el.dataset.token, '1');
+		fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+			.then(function(r){return r.json()})
+			.then(function(d){
+				if (d.success) { Joomla.renderMessages({message:[d.message]}); location.reload(); }
+				else { Joomla.renderMessages({error:[d.message]}); el.disabled = false; el.textContent = 'Import Failed - Retry'; }
+			})
+			.catch(function(){ Joomla.renderMessages({error:['Network error']}); el.disabled = false; });
+	});
+}
+</script>
diff --git a/source/packages/com_mokowaas/admin/tmpl/waflog/default.php b/source/packages/com_mokowaas/admin/tmpl/waflog/default.php
new file mode 100644
index 00000000..4fab7ab2
--- /dev/null
+++ b/source/packages/com_mokowaas/admin/tmpl/waflog/default.php
@@ -0,0 +1,212 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\HTML\HTMLHelper;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$logs       = $this->logs;
+$ruleCounts = $this->ruleCounts;
+$topIps     = $this->topIps;
+$ruleNames  = $this->ruleNames;
+$total      = $this->total;
+$filters    = $this->filters;
+$token      = Session::getFormToken();
+$input      = Factory::getApplication()->getInput();
+$page       = max(1, $input->getInt('page', 1));
+$totalPages = max(1, ceil($total / 50));
+
+$ruleBadge = [
+	'sqli' => 'bg-danger', 'xss' => 'bg-danger', 'mua' => 'bg-warning text-dark',
+	'rfi' => 'bg-danger', 'dfi' => 'bg-danger', 'blocked_file' => 'bg-info',
+	'blocked_php' => 'bg-info', 'tmpl_switch' => 'bg-secondary',
+	'ip_blocklist' => 'bg-dark', 'admin_secret' => 'bg-dark',
+];
+?>
+
+<div id="mokowaas-waflog">
+	<!-- Rule distribution cards -->
+	<div class="d-flex flex-wrap gap-2 mb-4">
+		<?php foreach ($ruleCounts as $rc): ?>
+		<div class="card p-2 text-center" style="min-width:100px">
+			<span class="badge <?php echo $ruleBadge[$rc->rule] ?? 'bg-secondary'; ?> mb-1"><?php echo htmlspecialchars($rc->rule); ?></span>
+			<span class="fw-bold"><?php echo number_format($rc->cnt); ?></span>
+		</div>
+		<?php endforeach; ?>
+		<div class="card p-2 text-center" style="min-width:100px">
+			<span class="badge bg-primary mb-1">Total</span>
+			<span class="fw-bold"><?php echo number_format($total); ?></span>
+		</div>
+	</div>
+
+	<div class="row">
+		<!-- Main: Log table -->
+		<div class="col-12 col-xl-9">
+			<!-- Filters -->
+			<form method="get" class="card mb-3">
+				<div class="card-body">
+					<input type="hidden" name="option" value="com_mokowaas">
+					<input type="hidden" name="view" value="waflog">
+					<div class="row g-2">
+						<div class="col-md-2">
+							<select name="filter_rule" class="form-select form-select-sm">
+								<option value="">All Rules</option>
+								<?php foreach ($ruleNames as $r): ?>
+								<option value="<?php echo htmlspecialchars($r); ?>" <?php echo $filters['rule'] === $r ? 'selected' : ''; ?>><?php echo htmlspecialchars($r); ?></option>
+								<?php endforeach; ?>
+							</select>
+						</div>
+						<div class="col-md-2">
+							<input type="text" name="filter_ip" class="form-control form-control-sm" placeholder="IP address" value="<?php echo htmlspecialchars($filters['ip']); ?>">
+						</div>
+						<div class="col-md-2">
+							<input type="text" name="filter_search" class="form-control form-control-sm" placeholder="Search URI/detail" value="<?php echo htmlspecialchars($filters['search']); ?>">
+						</div>
+						<div class="col-md-2">
+							<input type="date" name="filter_date_from" class="form-control form-control-sm" value="<?php echo htmlspecialchars($filters['date_from']); ?>">
+						</div>
+						<div class="col-md-2">
+							<input type="date" name="filter_date_to" class="form-control form-control-sm" value="<?php echo htmlspecialchars($filters['date_to']); ?>">
+						</div>
+						<div class="col-md-2 d-flex gap-1">
+							<button type="submit" class="btn btn-sm btn-primary"><span class="icon-search"></span> Filter</button>
+							<a href="<?php echo Route::_('index.php?option=com_mokowaas&view=waflog'); ?>" class="btn btn-sm btn-outline-secondary">Reset</a>
+						</div>
+					</div>
+				</div>
+			</form>
+
+			<!-- Log table -->
+			<div class="card">
+				<div class="card-header d-flex justify-content-between align-items-center">
+					<strong><?php echo number_format($total); ?> blocked requests</strong>
+					<button type="button" class="btn btn-sm btn-outline-danger" id="btn-purge"
+						data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.purgeWafLog&format=json'); ?>"
+						data-token="<?php echo $token; ?>">
+						<span class="icon-trash"></span> Purge Old Logs
+					</button>
+				</div>
+				<div class="table-responsive">
+					<table class="table table-striped table-hover table-sm mb-0">
+						<thead>
+							<tr><th>Time</th><th>IP</th><th>Rule</th><th>URI</th><th>Detail</th><th>User Agent</th><th></th></tr>
+						</thead>
+						<tbody>
+						<?php if (empty($logs)): ?>
+							<tr><td colspan="7" class="text-center text-muted py-4">No blocked requests found.</td></tr>
+						<?php else: ?>
+							<?php foreach ($logs as $log): ?>
+							<tr>
+								<td class="text-nowrap small"><?php echo HTMLHelper::_('date', $log->created, 'M d H:i:s'); ?></td>
+								<td><code><?php echo htmlspecialchars($log->ip); ?></code></td>
+								<td><span class="badge <?php echo $ruleBadge[$log->rule] ?? 'bg-secondary'; ?>"><?php echo htmlspecialchars($log->rule); ?></span></td>
+								<td class="small" style="max-width:250px;overflow:hidden;text-overflow:ellipsis" title="<?php echo htmlspecialchars($log->uri); ?>"><?php echo htmlspecialchars(mb_substr($log->uri, 0, 60)); ?></td>
+								<td class="small" style="max-width:200px;overflow:hidden;text-overflow:ellipsis"><?php echo htmlspecialchars(mb_substr($log->detail, 0, 50)); ?></td>
+								<td class="small" style="max-width:200px;overflow:hidden;text-overflow:ellipsis"><?php echo htmlspecialchars(mb_substr($log->user_agent, 0, 40)); ?></td>
+								<td>
+									<button type="button" class="btn btn-sm btn-outline-danger btn-ban-ip" data-ip="<?php echo htmlspecialchars($log->ip); ?>"
+										data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.banIpFromLog&format=json'); ?>"
+										data-token="<?php echo $token; ?>" title="Ban this IP">
+										<span class="icon-ban"></span>
+									</button>
+								</td>
+							</tr>
+							<?php endforeach; ?>
+						<?php endif; ?>
+						</tbody>
+					</table>
+				</div>
+
+				<?php if ($totalPages > 1): ?>
+				<div class="card-footer d-flex justify-content-between align-items-center">
+					<small class="text-muted">Page <?php echo $page; ?> of <?php echo $totalPages; ?></small>
+					<nav>
+						<ul class="pagination pagination-sm mb-0">
+							<?php if ($page > 1): ?>
+							<li class="page-item"><a class="page-link" href="<?php echo Route::_('index.php?option=com_mokowaas&view=waflog&page=' . ($page - 1)); ?>">Prev</a></li>
+							<?php endif; ?>
+							<?php if ($page < $totalPages): ?>
+							<li class="page-item"><a class="page-link" href="<?php echo Route::_('index.php?option=com_mokowaas&view=waflog&page=' . ($page + 1)); ?>">Next</a></li>
+							<?php endif; ?>
+						</ul>
+					</nav>
+				</div>
+				<?php endif; ?>
+			</div>
+		</div>
+
+		<!-- Sidebar: Top IPs -->
+		<div class="col-12 col-xl-3">
+			<div class="card">
+				<div class="card-header"><strong>Top Blocked IPs</strong></div>
+				<div class="table-responsive">
+					<table class="table table-sm mb-0">
+						<thead><tr><th>IP</th><th>Blocks</th><th>Last</th><th></th></tr></thead>
+						<tbody>
+						<?php foreach ($topIps as $tip): ?>
+						<tr>
+							<td><code class="small"><?php echo htmlspecialchars($tip->ip); ?></code></td>
+							<td class="fw-bold"><?php echo $tip->cnt; ?></td>
+							<td class="small text-nowrap"><?php echo HTMLHelper::_('date', $tip->last_seen, 'M d'); ?></td>
+							<td>
+								<button type="button" class="btn btn-sm btn-outline-danger btn-ban-ip" data-ip="<?php echo htmlspecialchars($tip->ip); ?>"
+									data-url="<?php echo Route::_('index.php?option=com_mokowaas&task=display.banIpFromLog&format=json'); ?>"
+									data-token="<?php echo $token; ?>" title="Ban">
+									<span class="icon-ban"></span>
+								</button>
+							</td>
+						</tr>
+						<?php endforeach; ?>
+						</tbody>
+					</table>
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var token = '<?php echo $token; ?>';
+
+	// Ban IP buttons
+	document.querySelectorAll('.btn-ban-ip').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var el = this;
+			var ip = el.dataset.ip;
+			if (!confirm('Add ' + ip + ' to the firewall IP blocklist?')) return;
+			el.disabled = true;
+			var fd = new FormData();
+			fd.append('ip', ip);
+			fd.append(el.dataset.token, '1');
+			fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) { Joomla.renderMessages({message:[d.message]}); el.textContent = 'Banned'; }
+					else { Joomla.renderMessages({error:[d.message]}); el.disabled = false; }
+				});
+		});
+	});
+
+	// Purge button
+	var purgeBtn = document.getElementById('btn-purge');
+	if (purgeBtn) {
+		purgeBtn.addEventListener('click', function() {
+			var days = prompt('Delete WAF logs older than how many days?', '30');
+			if (!days || isNaN(days)) return;
+			this.disabled = true;
+			var fd = new FormData();
+			fd.append('days', days);
+			fd.append(this.dataset.token, '1');
+			fetch(this.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) { Joomla.renderMessages({message:[d.message]}); location.reload(); }
+					else { Joomla.renderMessages({error:[d.message]}); }
+				})
+				.finally(function(){ purgeBtn.disabled = false; });
+		});
+	}
+});
+</script>
diff --git a/src/packages/com_mokowaas/api/src/Controller/CacheController.php b/source/packages/com_mokowaas/api/src/Controller/CacheController.php
similarity index 97%
rename from src/packages/com_mokowaas/api/src/Controller/CacheController.php
rename to source/packages/com_mokowaas/api/src/Controller/CacheController.php
index 8b4a4f44..f5e25409 100644
--- a/src/packages/com_mokowaas/api/src/Controller/CacheController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/CacheController.php
@@ -29,7 +29,7 @@ class CacheController extends BaseController
 	 *
 	 * @since   1.0.0
 	 */
-	public function execute(): void
+	public function execute($task = 'cache'): void
 	{
 		$app = Factory::getApplication();
 
diff --git a/src/packages/com_mokowaas/api/src/Controller/DashboardController.php b/source/packages/com_mokowaas/api/src/Controller/DashboardController.php
similarity index 100%
rename from src/packages/com_mokowaas/api/src/Controller/DashboardController.php
rename to source/packages/com_mokowaas/api/src/Controller/DashboardController.php
diff --git a/src/packages/com_mokowaas/api/src/Controller/ExtensionsController.php b/source/packages/com_mokowaas/api/src/Controller/ExtensionsController.php
similarity index 100%
rename from src/packages/com_mokowaas/api/src/Controller/ExtensionsController.php
rename to source/packages/com_mokowaas/api/src/Controller/ExtensionsController.php
diff --git a/src/packages/com_mokowaas/api/src/Controller/HealthController.php b/source/packages/com_mokowaas/api/src/Controller/HealthController.php
similarity index 100%
rename from src/packages/com_mokowaas/api/src/Controller/HealthController.php
rename to source/packages/com_mokowaas/api/src/Controller/HealthController.php
diff --git a/src/packages/com_mokowaas/api/src/Controller/InstallController.php b/source/packages/com_mokowaas/api/src/Controller/InstallController.php
similarity index 99%
rename from src/packages/com_mokowaas/api/src/Controller/InstallController.php
rename to source/packages/com_mokowaas/api/src/Controller/InstallController.php
index 8b36c42a..e408fe46 100644
--- a/src/packages/com_mokowaas/api/src/Controller/InstallController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/InstallController.php
@@ -42,7 +42,7 @@ class InstallController extends BaseController
 	 *
 	 * @since   02.21.00
 	 */
-	public function execute(): void
+	public function execute($task = 'install'): void
 	{
 		$app = Factory::getApplication();
 
diff --git a/src/packages/com_mokowaas/api/src/Controller/PluginsController.php b/source/packages/com_mokowaas/api/src/Controller/PluginsController.php
similarity index 99%
rename from src/packages/com_mokowaas/api/src/Controller/PluginsController.php
rename to source/packages/com_mokowaas/api/src/Controller/PluginsController.php
index a0b84be2..cfc9788a 100644
--- a/src/packages/com_mokowaas/api/src/Controller/PluginsController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/PluginsController.php
@@ -104,7 +104,7 @@ class PluginsController extends BaseController
 	 *
 	 * @return  void
 	 */
-	public function execute(): void
+	public function execute($task = 'plugins'): void
 	{
 		$app  = Factory::getApplication();
 		$user = $app->getIdentity();
diff --git a/source/packages/com_mokowaas/api/src/Controller/ProvisionController.php b/source/packages/com_mokowaas/api/src/Controller/ProvisionController.php
new file mode 100644
index 00000000..8f66a1c5
--- /dev/null
+++ b/source/packages/com_mokowaas/api/src/Controller/ProvisionController.php
@@ -0,0 +1,236 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Api\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Controller\BaseController;
+
+/**
+ * Provision reset API controller.
+ *
+ * POST /api/index.php/v1/mokowaas/provision-reset
+ *
+ * Resets a site for new client provisioning: clears hits, versions,
+ * download keys, and flags the site for fresh client info collection.
+ * Used after copying a demo site to create a new client install.
+ *
+ * @since  02.35.00
+ */
+class ProvisionController extends BaseController
+{
+	/**
+	 * Reset the site for new client provisioning.
+	 *
+	 * @return  void
+	 */
+	public function execute($task = 'provision'): void
+	{
+		$app  = Factory::getApplication();
+		$user = $app->getIdentity();
+
+		if (!$user->authorise('core.manage', 'com_mokowaas'))
+		{
+			$this->sendJson(403, ['error' => 'Not authorized']);
+
+			return;
+		}
+
+		if ($app->input->getMethod() !== 'POST')
+		{
+			$this->sendJson(405, ['error' => 'POST required']);
+
+			return;
+		}
+
+		$db      = Factory::getDbo();
+		$results = [];
+
+		// 1. Reset article hit counters
+		try
+		{
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__content'))
+					->set($db->quoteName('hits') . ' = 0')
+			)->execute();
+			$results['hits_reset'] = $db->getAffectedRows();
+		}
+		catch (\Throwable $e)
+		{
+			$results['hits_reset'] = 'error: ' . $e->getMessage();
+		}
+
+		// 2. Delete content version history
+		try
+		{
+			$db->setQuery(
+				$db->getQuery(true)->delete($db->quoteName('#__history'))
+			)->execute();
+			$results['versions_deleted'] = $db->getAffectedRows();
+		}
+		catch (\Throwable $e)
+		{
+			$results['versions_deleted'] = 'error: ' . $e->getMessage();
+		}
+
+		// 3. Regenerate heartbeat token if requested
+		$input       = $app->getInput()->json;
+		$resetToken  = (bool) ($input->get('reset_token', false, 'BOOLEAN'));
+
+		if ($resetToken)
+		{
+			try
+			{
+				$newToken = bin2hex(random_bytes(32));
+
+				$plugin = \Joomla\CMS\Plugin\PluginHelper::getPlugin('system', 'mokowaas');
+
+				if ($plugin)
+				{
+					$pluginParams = new \Joomla\Registry\Registry($plugin->params);
+					$pluginParams->set('health_api_token', $newToken);
+
+					$db->setQuery(
+						$db->getQuery(true)
+							->update($db->quoteName('#__extensions'))
+							->set($db->quoteName('params') . ' = ' . $db->quote($pluginParams->toString()))
+							->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
+							->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+							->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+					)->execute();
+
+					$results['token_regenerated'] = true;
+					$results['new_token']         = $newToken;
+				}
+			}
+			catch (\Throwable $e)
+			{
+				$results['token_regenerated'] = 'error: ' . $e->getMessage();
+			}
+		}
+
+		// 4. Reset all user API tokens if requested
+		$resetApiTokens = (bool) ($input->get('reset_api_tokens', false, 'BOOLEAN'));
+
+		if ($resetApiTokens)
+		{
+			try
+			{
+				// Get users who have API tokens before deleting
+				$db->setQuery(
+					$db->getQuery(true)
+						->select('DISTINCT ' . $db->quoteName('user_id'))
+						->from($db->quoteName('#__user_keys'))
+						->where($db->quoteName('series') . ' LIKE ' . $db->quote('api-%'))
+				);
+				$affectedUserIds = $db->loadColumn() ?: [];
+
+				$db->setQuery(
+					$db->getQuery(true)->delete($db->quoteName('#__user_keys'))
+						->where($db->quoteName('series') . ' LIKE ' . $db->quote('api-%'))
+				)->execute();
+				$results['api_tokens_revoked'] = $db->getAffectedRows();
+
+				// Notify affected users
+				if (!empty($affectedUserIds))
+				{
+					$this->notifyTokenReset($db, $affectedUserIds);
+					$results['users_notified'] = \count($affectedUserIds);
+				}
+			}
+			catch (\Throwable $e)
+			{
+				$results['api_tokens_revoked'] = 'error: ' . $e->getMessage();
+			}
+		}
+
+		// 5. Flag site for fresh client info setup
+		try
+		{
+			// Write a flag file that the core plugin checks on next admin load
+			$flagFile = JPATH_ADMINISTRATOR . '/cache/mokowaas_setup_required.flag';
+			file_put_contents($flagFile, json_encode([
+				'created'  => gmdate('Y-m-d\TH:i:s\Z'),
+				'reason'   => 'provision-reset',
+				'remote_ip' => $_SERVER['REMOTE_ADDR'] ?? '',
+			]));
+			$results['setup_flag'] = true;
+		}
+		catch (\Throwable $e)
+		{
+			$results['setup_flag'] = 'error: ' . $e->getMessage();
+		}
+
+		$this->sendJson(200, [
+			'status'  => 'ok',
+			'message' => 'Site provisioned for new client.',
+			'results' => $results,
+		]);
+	}
+
+	/**
+	 * Notify users that their API tokens have been revoked.
+	 */
+	private function notifyTokenReset($db, array $userIds): void
+	{
+		try
+		{
+			$db->setQuery(
+				$db->getQuery(true)
+					->select([$db->quoteName('name'), $db->quoteName('email')])
+					->from($db->quoteName('#__users'))
+					->whereIn($db->quoteName('id'), $userIds)
+					->where($db->quoteName('block') . ' = 0')
+			);
+			$users = $db->loadObjectList() ?: [];
+
+			$config   = Factory::getConfig();
+			$siteName = $config->get('sitename', 'Joomla');
+			$siteUrl  = rtrim(\Joomla\CMS\Uri\Uri::root(), '/');
+
+			$mailer = Factory::getMailer();
+
+			foreach ($users as $u)
+			{
+				try
+				{
+					$mailer->clearAllRecipients();
+					$mailer->addRecipient($u->email, $u->name);
+					$mailer->setSubject($siteName . ' — API tokens have been reset');
+					$mailer->setBody(
+						"Hello {$u->name},\n\n"
+						. "Your API access tokens on {$siteName} have been revoked by an administrator.\n\n"
+						. "If you use API integrations, please log in and generate a new token:\n"
+						. "{$siteUrl}/administrator/\n\n"
+						. "— {$siteName}"
+					);
+					$mailer->send();
+				}
+				catch (\Throwable $e)
+				{
+					// Non-critical
+				}
+			}
+		}
+		catch (\Throwable $e)
+		{
+			// Non-critical
+		}
+	}
+
+	private function sendJson(int $code, array $data): void
+	{
+		http_response_code($code);
+		header('Content-Type: application/json; charset=utf-8');
+		echo json_encode($data, JSON_UNESCAPED_SLASHES);
+		Factory::getApplication()->close();
+	}
+}
diff --git a/source/packages/com_mokowaas/api/src/Controller/RemoteLoginController.php b/source/packages/com_mokowaas/api/src/Controller/RemoteLoginController.php
new file mode 100644
index 00000000..b15e4353
--- /dev/null
+++ b/source/packages/com_mokowaas/api/src/Controller/RemoteLoginController.php
@@ -0,0 +1,173 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Api\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Controller\BaseController;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\Uri\Uri;
+use Joomla\Registry\Registry;
+
+/**
+ * Remote login API controller.
+ *
+ * POST /api/index.php/v1/mokowaas/remote-login
+ * Body: {"token": "health_api_token", "user": "requesting_username", "origin": "MokoWaaSBase"}
+ *
+ * Validates the health API token, generates a one-time login token
+ * for the master user, and returns a URL that auto-authenticates.
+ *
+ * @since  02.35.00
+ */
+class RemoteLoginController extends BaseController
+{
+	/**
+	 * One-time token validity in seconds.
+	 */
+	private const OTL_TTL = 60;
+
+	/**
+	 * Generate a one-time login URL for the master user.
+	 *
+	 * @return  void
+	 */
+	public function execute($task = 'remoteLogin'): void
+	{
+		$app   = Factory::getApplication();
+		$input = $app->getInput()->json;
+
+		$token  = $input->get('token', '', 'RAW');
+		$origin = $input->get('origin', '', 'STRING');
+
+		if (empty($token))
+		{
+			$this->sendJson(401, ['error' => 'Missing token']);
+
+			return;
+		}
+
+		// Validate against the core plugin's health_api_token
+		$plugin = PluginHelper::getPlugin('system', 'mokowaas');
+
+		if (!$plugin)
+		{
+			$this->sendJson(503, ['error' => 'MokoWaaS core plugin not found']);
+
+			return;
+		}
+
+		$params      = new Registry($plugin->params);
+		$healthToken = $params->get('health_api_token', '');
+
+		if (empty($healthToken) || !hash_equals($healthToken, $token))
+		{
+			$this->sendJson(401, ['error' => 'Invalid token']);
+
+			return;
+		}
+
+		// Find the master user
+		$masterUsernames = $this->getMasterUsernames($params);
+
+		if (empty($masterUsernames))
+		{
+			$this->sendJson(403, ['error' => 'No master user configured']);
+
+			return;
+		}
+
+		// Use the first master username
+		$masterUsername = $masterUsernames[0];
+
+		// Look up the user
+		$db = Factory::getDbo();
+		$db->setQuery(
+			$db->getQuery(true)
+				->select([$db->quoteName('id'), $db->quoteName('username')])
+				->from($db->quoteName('#__users'))
+				->where($db->quoteName('username') . ' = ' . $db->quote($masterUsername))
+				->where($db->quoteName('block') . ' = 0')
+		);
+		$user = $db->loadObject();
+
+		if (!$user)
+		{
+			$this->sendJson(403, ['error' => 'Master user not found or blocked']);
+
+			return;
+		}
+
+		// Generate one-time login token
+		$otlToken = bin2hex(random_bytes(32));
+		$expires  = time() + self::OTL_TTL;
+
+		// Store in a temp file (avoids DB schema changes)
+		$otlFile = JPATH_ADMINISTRATOR . '/cache/mokowaas_otl_' . md5($otlToken) . '.json';
+		file_put_contents($otlFile, json_encode([
+			'token'    => $otlToken,
+			'user_id'  => (int) $user->id,
+			'username' => $user->username,
+			'expires'  => $expires,
+			'origin'   => substr($origin, 0, 100),
+		]));
+
+		// Build login URL
+		$loginUrl = rtrim(Uri::root(), '/') . '/administrator/index.php?mokowaas_otl=' . $otlToken;
+
+		$this->sendJson(200, [
+			'status'    => 'ok',
+			'login_url' => $loginUrl,
+			'expires'   => $expires,
+			'user'      => $user->username,
+		]);
+	}
+
+	/**
+	 * Decode master usernames from plugin params.
+	 *
+	 * @param   Registry  $params  Plugin params.
+	 *
+	 * @return  array
+	 */
+	private function getMasterUsernames(Registry $params): array
+	{
+		// Use MokoWaaSHelper if available
+		$helperFile = JPATH_PLUGINS . '/system/mokowaas/Helper/MokoWaaSHelper.php';
+
+		if (file_exists($helperFile))
+		{
+			require_once $helperFile;
+
+			if (method_exists(\Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper::class, 'getMasterUsernames'))
+			{
+				return \Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper::getMasterUsernames();
+			}
+		}
+
+		return [];
+	}
+
+	/**
+	 * Send JSON response and terminate.
+	 *
+	 * @param   int    $code  HTTP status code.
+	 * @param   array  $data  Response data.
+	 *
+	 * @return  void
+	 */
+	private function sendJson(int $code, array $data): void
+	{
+		http_response_code($code);
+		header('Content-Type: application/json; charset=utf-8');
+		echo json_encode($data, JSON_UNESCAPED_SLASHES);
+		Factory::getApplication()->close();
+	}
+}
diff --git a/src/packages/com_mokowaas/api/src/Controller/ResetController.php b/source/packages/com_mokowaas/api/src/Controller/ResetController.php
similarity index 91%
rename from src/packages/com_mokowaas/api/src/Controller/ResetController.php
rename to source/packages/com_mokowaas/api/src/Controller/ResetController.php
index 0f80f5e2..4551aa76 100644
--- a/src/packages/com_mokowaas/api/src/Controller/ResetController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/ResetController.php
@@ -35,7 +35,7 @@ class ResetController extends BaseController
 	 *
 	 * @since   02.21.00
 	 */
-	public function execute(): void
+	public function execute($task = 'reset'): void
 	{
 		$app = Factory::getApplication();
 
@@ -90,18 +90,18 @@ class ResetController extends BaseController
 	 */
 	private function createService(Registry $params)
 	{
-		$serviceFile = JPATH_PLUGINS . '/system/mokowaas/Service/DemoResetService.php';
+		$serviceFile = JPATH_PLUGINS . '/task/mokowaasdemo/src/Service/DemoResetService.php';
 
 		if (!file_exists($serviceFile))
 		{
-			throw new \RuntimeException('DemoResetService not found — is the MokoWaaS plugin installed?');
+			throw new \RuntimeException('DemoResetService not found — is the demo reset plugin installed?');
 		}
 
 		require_once $serviceFile;
 
 		$media = (bool) $params->get('demo_snapshot_include_media', 1);
 
-		return new \Moko\Plugin\System\MokoWaaS\Service\DemoResetService($media);
+		return new \Moko\Plugin\Task\MokoWaaSDemo\Service\DemoResetService($media);
 	}
 
 	/**
diff --git a/src/packages/com_mokowaas/api/src/Controller/SnapshotController.php b/source/packages/com_mokowaas/api/src/Controller/SnapshotController.php
similarity index 90%
rename from src/packages/com_mokowaas/api/src/Controller/SnapshotController.php
rename to source/packages/com_mokowaas/api/src/Controller/SnapshotController.php
index 0046fac0..3729b95c 100644
--- a/src/packages/com_mokowaas/api/src/Controller/SnapshotController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/SnapshotController.php
@@ -68,7 +68,7 @@ class SnapshotController extends BaseController
 	 *
 	 * @since   02.21.00
 	 */
-	public function execute(): void
+	public function execute($task = 'snapshot'): void
 	{
 		$app = Factory::getApplication();
 
@@ -118,11 +118,11 @@ class SnapshotController extends BaseController
 	 */
 	private function createService()
 	{
-		$serviceFile = JPATH_PLUGINS . '/system/mokowaas/Service/DemoResetService.php';
+		$serviceFile = JPATH_PLUGINS . '/task/mokowaasdemo/src/Service/DemoResetService.php';
 
 		if (!file_exists($serviceFile))
 		{
-			throw new \RuntimeException('DemoResetService not found');
+			throw new \RuntimeException('DemoResetService not found — is the demo reset plugin installed?');
 		}
 
 		require_once $serviceFile;
@@ -132,7 +132,7 @@ class SnapshotController extends BaseController
 
 		$media = (bool) $params->get('demo_snapshot_include_media', 1);
 
-		return new \Moko\Plugin\System\MokoWaaS\Service\DemoResetService($media);
+		return new \Moko\Plugin\Task\MokoWaaSDemo\Service\DemoResetService($media);
 	}
 
 	/**
diff --git a/src/packages/com_mokowaas/api/src/Controller/SyncController.php b/source/packages/com_mokowaas/api/src/Controller/SyncController.php
similarity index 89%
rename from src/packages/com_mokowaas/api/src/Controller/SyncController.php
rename to source/packages/com_mokowaas/api/src/Controller/SyncController.php
index 3e89f09c..93809f52 100644
--- a/src/packages/com_mokowaas/api/src/Controller/SyncController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/SyncController.php
@@ -26,7 +26,7 @@ use Joomla\Registry\Registry;
  */
 class SyncController extends BaseController
 {
-	public function execute(): void
+	public function execute($task = 'sync'): void
 	{
 		$app = Factory::getApplication();
 
@@ -57,10 +57,10 @@ class SyncController extends BaseController
 			$params = new Registry($plugin->params);
 			$targets = json_decode($params->get('sync_targets', '[]'), true) ?: [];
 
-			$serviceFile = JPATH_PLUGINS . '/system/mokowaas/Service/ContentSyncService.php';
+			$serviceFile = JPATH_PLUGINS . '/task/mokowaassync/src/Service/ContentSyncService.php';
 			require_once $serviceFile;
 
-			$service = new \Moko\Plugin\System\MokoWaaS\Service\ContentSyncService();
+			$service = new \Moko\Plugin\Task\MokoWaaSSync\Service\ContentSyncService();
 			$result  = $service->syncAllTargets($targets);
 
 			$this->sendJson(200, $result);
diff --git a/src/packages/com_mokowaas/api/src/Controller/SyncReceiveController.php b/source/packages/com_mokowaas/api/src/Controller/SyncReceiveController.php
similarity index 88%
rename from src/packages/com_mokowaas/api/src/Controller/SyncReceiveController.php
rename to source/packages/com_mokowaas/api/src/Controller/SyncReceiveController.php
index 60a734db..d888f7fb 100644
--- a/src/packages/com_mokowaas/api/src/Controller/SyncReceiveController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/SyncReceiveController.php
@@ -24,7 +24,7 @@ use Joomla\CMS\MVC\Controller\BaseController;
  */
 class SyncReceiveController extends BaseController
 {
-	public function execute(): void
+	public function execute($task = 'syncReceive'): void
 	{
 		$app = Factory::getApplication();
 
@@ -52,10 +52,10 @@ class SyncReceiveController extends BaseController
 				return;
 			}
 
-			$serviceFile = JPATH_PLUGINS . '/system/mokowaas/Service/ContentSyncReceiver.php';
+			$serviceFile = JPATH_PLUGINS . '/task/mokowaassync/src/Service/ContentSyncReceiver.php';
 			require_once $serviceFile;
 
-			$receiver = new \Moko\Plugin\System\MokoWaaS\Service\ContentSyncReceiver();
+			$receiver = new \Moko\Plugin\Task\MokoWaaSSync\Service\ContentSyncReceiver();
 			$result   = $receiver->receive($payload);
 
 			$this->sendJson(200, $result);
diff --git a/src/packages/com_mokowaas/api/src/Controller/UpdateController.php b/source/packages/com_mokowaas/api/src/Controller/UpdateController.php
similarity index 97%
rename from src/packages/com_mokowaas/api/src/Controller/UpdateController.php
rename to source/packages/com_mokowaas/api/src/Controller/UpdateController.php
index d74e9c2f..bb48efba 100644
--- a/src/packages/com_mokowaas/api/src/Controller/UpdateController.php
+++ b/source/packages/com_mokowaas/api/src/Controller/UpdateController.php
@@ -29,7 +29,7 @@ class UpdateController extends BaseController
 	 *
 	 * @since   1.0.0
 	 */
-	public function execute(): void
+	public function execute($task = 'update'): void
 	{
 		$app = Factory::getApplication();
 
diff --git a/src/packages/com_mokowaas/media/css/dashboard.css b/source/packages/com_mokowaas/media/css/dashboard.css
similarity index 100%
rename from src/packages/com_mokowaas/media/css/dashboard.css
rename to source/packages/com_mokowaas/media/css/dashboard.css
diff --git a/src/packages/com_mokowaas/media/js/dashboard.js b/source/packages/com_mokowaas/media/js/dashboard.js
similarity index 75%
rename from src/packages/com_mokowaas/media/js/dashboard.js
rename to source/packages/com_mokowaas/media/js/dashboard.js
index df8433ed..e6aa671c 100644
--- a/src/packages/com_mokowaas/media/js/dashboard.js
+++ b/source/packages/com_mokowaas/media/js/dashboard.js
@@ -109,4 +109,26 @@ document.addEventListener('DOMContentLoaded', function () {
 			});
 		});
 	}
+
+	// Akeeba import buttons
+	['btn-import-admintools', 'btn-import-ats-dash'].forEach(function(id) {
+		var btn = document.getElementById(id);
+		if (!btn) return;
+		btn.addEventListener('click', function() {
+			var el = this;
+			if (!confirm('Import Akeeba data into MokoWaaS? Akeeba extensions will be disabled after import.')) return;
+			el.disabled = true;
+			var origText = el.textContent;
+			el.textContent = ' Importing...';
+			var fd = new FormData();
+			fd.append(el.dataset.token, '1');
+			fetch(el.dataset.url, {method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}})
+				.then(function(r){return r.json()})
+				.then(function(d){
+					if (d.success) { Joomla.renderMessages({message:[d.message]}); setTimeout(function(){location.reload()}, 2000); }
+					else { Joomla.renderMessages({error:[d.message]}); el.disabled = false; el.textContent = origText; }
+				})
+				.catch(function(){ Joomla.renderMessages({error:['Network error']}); el.disabled = false; el.textContent = origText; });
+		});
+	});
 });
diff --git a/source/packages/com_mokowaas/mokowaas.xml b/source/packages/com_mokowaas/mokowaas.xml
new file mode 100644
index 00000000..c16922d4
--- /dev/null
+++ b/source/packages/com_mokowaas/mokowaas.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+
+ SPDX-LICENSE-IDENTIFIER: GPL-3.0-or-later
+
+ FILE INFORMATION
+ DEFGROUP: Joomla.Component
+ INGROUP: MokoWaaS
+ REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
+ VERSION: 02.34.16
+ PATH: /mokowaas.xml
+ BRIEF: Component manifest for MokoWaaS admin dashboard and REST API
+-->
+<extension type="component" method="upgrade">
+	<name>MokoWaaS</name>
+	<author>Moko Consulting</author>
+	<creationDate>2026-06-02</creationDate>
+	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
+	<license>GPL-3.0-or-later</license>
+	<authorEmail>hello@mokoconsulting.tech</authorEmail>
+	<authorUrl>https://mokoconsulting.tech</authorUrl>
+	<version>02.34.15</version>
+	<description>MokoWaaS admin dashboard and REST API. Provides a control panel for managing MokoWaaS feature plugins, site health monitoring, and remote management endpoints.</description>
+
+	<namespace path="src">Moko\Component\MokoWaaS</namespace>
+
+	<administration>
+		<menu img="class:cogs">MokoWaaS</menu>
+		<submenu>
+			<menu link="option=com_mokowaas" img="class:cogs">COM_MOKOWAAS_MENU_DASHBOARD</menu>
+			<menu link="option=com_mokowaas&amp;view=extensions" img="class:puzzle-piece">COM_MOKOWAAS_MENU_EXTENSIONS</menu>
+			<menu link="option=com_mokowaas&amp;view=tickets" img="class:headphones">COM_MOKOWAAS_MENU_TICKETS</menu>
+			<menu link="option=com_mokowaas&amp;view=htaccess" img="class:file-code">COM_MOKOWAAS_MENU_HTACCESS</menu>
+			<menu link="option=com_mokowaas&amp;view=privacy" img="class:lock">COM_MOKOWAAS_MENU_PRIVACY</menu>
+			<menu link="option=com_mokowaas&amp;view=waflog" img="class:shield-alt">COM_MOKOWAAS_MENU_WAFLOG</menu>
+			<menu link="option=com_mokowaas&amp;view=database" img="class:database">COM_MOKOWAAS_MENU_DATABASE</menu>
+			<menu link="option=com_mokowaas&amp;view=cleanup" img="class:trash">COM_MOKOWAAS_MENU_CLEANUP</menu>
+			<menu link="option=com_plugins&amp;filter[folder]=system&amp;filter[search]=mokowaas" img="class:power-off">COM_MOKOWAAS_MENU_PLUGINS</menu>
+			<menu link="option=com_installer&amp;view=update" img="class:refresh">COM_MOKOWAAS_MENU_UPDATES</menu>
+			<menu link="option=com_checkin" img="class:check-square">COM_MOKOWAAS_MENU_CHECKIN</menu>
+			<menu link="option=com_cache" img="class:bolt">COM_MOKOWAAS_MENU_CACHE</menu>
+		</submenu>
+		<files folder="admin">
+			<filename>access.xml</filename>
+			<filename>catalog.xml</filename>
+			<filename>config.xml</filename>
+			<folder>language</folder>
+			<folder>services</folder>
+			<folder>sql</folder>
+			<folder>src</folder>
+			<folder>tmpl</folder>
+		</files>
+		<languages folder="admin/language">
+			<language tag="en-GB">en-GB/com_mokowaas.sys.ini</language>
+		</languages>
+	</administration>
+
+	<files folder="site">
+		<folder>language</folder>
+		<folder>services</folder>
+		<folder>src</folder>
+		<folder>tmpl</folder>
+	</files>
+
+	<install>
+		<sql><file driver="mysql" charset="utf8">admin/sql/install.mysql.sql</file></sql>
+	</install>
+
+	<api>
+		<files folder="api">
+			<folder>src</folder>
+		</files>
+	</api>
+
+	<media destination="com_mokowaas" folder="media">
+		<folder>css</folder>
+		<folder>js</folder>
+	</media>
+</extension>
diff --git a/source/packages/com_mokowaas/site/language/en-GB/com_mokowaas.ini b/source/packages/com_mokowaas/site/language/en-GB/com_mokowaas.ini
new file mode 100644
index 00000000..3047c85e
--- /dev/null
+++ b/source/packages/com_mokowaas/site/language/en-GB/com_mokowaas.ini
@@ -0,0 +1,11 @@
+; MokoWaaS Customer Portal - Language Strings
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+COM_MOKOWAAS_PORTAL_TITLE="Support Portal"
+COM_MOKOWAAS_PORTAL_MY_TICKETS="My Support Tickets"
+COM_MOKOWAAS_PORTAL_NEW_TICKET="New Ticket"
+COM_MOKOWAAS_PORTAL_SUBMIT="Submit Ticket"
+COM_MOKOWAAS_PORTAL_REPLY="Send Reply"
+COM_MOKOWAAS_PORTAL_NO_TICKETS="You haven't submitted any support tickets yet."
+COM_MOKOWAAS_PORTAL_LOGIN_REQUIRED="Please log in to access the support portal."
diff --git a/source/packages/com_mokowaas/site/services/provider.php b/source/packages/com_mokowaas/site/services/provider.php
new file mode 100644
index 00000000..cb74ca34
--- /dev/null
+++ b/source/packages/com_mokowaas/site/services/provider.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas.site
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Dispatcher\ComponentDispatcherFactoryInterface;
+use Joomla\CMS\Extension\ComponentInterface;
+use Joomla\CMS\Extension\Service\Provider\ComponentDispatcherFactory;
+use Joomla\CMS\Extension\Service\Provider\MVCFactory;
+use Joomla\CMS\MVC\Factory\MVCFactoryInterface;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+
+return new class implements ServiceProviderInterface
+{
+	public function register(Container $container): void
+	{
+		$container->registerServiceProvider(new MVCFactory('\\Moko\\Component\\MokoWaaS'));
+		$container->registerServiceProvider(new ComponentDispatcherFactory('\\Moko\\Component\\MokoWaaS'));
+
+		$container->set(
+			ComponentInterface::class,
+			function (Container $container) {
+				$component = new \Joomla\CMS\Extension\MVCComponent(
+					$container->get(ComponentDispatcherFactoryInterface::class)
+				);
+				$component->setMVCFactory($container->get(MVCFactoryInterface::class));
+
+				return $component;
+			}
+		);
+	}
+};
diff --git a/source/packages/com_mokowaas/site/src/Controller/DisplayController.php b/source/packages/com_mokowaas/site/src/Controller/DisplayController.php
new file mode 100644
index 00000000..1018e9eb
--- /dev/null
+++ b/source/packages/com_mokowaas/site/src/Controller/DisplayController.php
@@ -0,0 +1,267 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas.site
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Site\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\Controller\BaseController;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+class DisplayController extends BaseController
+{
+	protected $default_view = 'tickets';
+
+	public function display($cachable = false, $urlparams = [])
+	{
+		$user = Factory::getApplication()->getIdentity();
+
+		if ($user->guest)
+		{
+			Factory::getApplication()->enqueueMessage('Please log in to access the support portal.', 'warning');
+			Factory::getApplication()->redirect(Route::_(
+				'index.php?option=com_users&view=login&return=' . base64_encode('index.php?option=com_mokowaas&view=tickets'),
+				false
+			));
+
+			return;
+		}
+
+		return parent::display($cachable, $urlparams);
+	}
+
+	/**
+	 * Submit a new ticket.
+	 */
+	public function submitTicket()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		$user = Factory::getApplication()->getIdentity();
+
+		if ($user->guest)
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Please log in.']);
+	return;
+		}
+
+		$input = Factory::getApplication()->getInput();
+
+		// Use admin TicketsModel
+		$model = $this->getModel('Tickets', 'Administrator');
+
+		$this->jsonResponse($model->createTicket([
+			'subject'     => $input->getString('subject', ''),
+			'body'        => $input->getRaw('body', ''),
+			'priority'    => $input->getString('priority', 'normal'),
+			'category_id' => $input->getInt('category_id', 0),
+		]));
+	}
+
+	/**
+	 * Submit a reply.
+	 */
+	public function submitReply()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		$user  = Factory::getApplication()->getIdentity();
+		$input = Factory::getApplication()->getInput();
+
+		if ($user->guest)
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Please log in.']);
+	return;
+		}
+
+		$ticketId = $input->getInt('ticket_id', 0);
+		$model    = $this->getModel('Tickets', 'Administrator');
+		$ticket   = $model->getTicket($ticketId);
+
+		if (!$ticket)
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Ticket not found.']);
+	return;
+		}
+
+		// Customers can only reply to their own tickets; staff can reply to any
+		if ((int) $ticket->created_by !== $user->id && !$this->isStaff($user))
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Access denied.']);
+	return;
+		}
+
+		// Staff replies from frontend are not internal notes
+		$this->jsonResponse($model->addReply(
+			$ticketId,
+			$input->getRaw('body', ''),
+			false
+		));
+	}
+
+	/**
+	 * Update ticket status (staff/manager only from frontend).
+	 */
+	public function updateStatus()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		$user = Factory::getApplication()->getIdentity();
+
+		if (!$this->isStaff($user))
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Access denied.']);
+	return;
+		}
+
+		$input = Factory::getApplication()->getInput();
+		$model = $this->getModel('Tickets', 'Administrator');
+
+		$this->jsonResponse($model->updateStatus(
+			$input->getInt('ticket_id', 0),
+			$input->getString('status', '')
+		));
+	}
+
+	/**
+	 * Assign a ticket (manager only from frontend).
+	 */
+	public function assignTicket()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		$user = Factory::getApplication()->getIdentity();
+
+		if (!$user->authorise('mokowaas.tickets.assign', 'com_mokowaas'))
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Access denied.']);
+	return;
+		}
+
+		$input    = Factory::getApplication()->getInput();
+		$ticketId = $input->getInt('ticket_id', 0);
+		$assignTo = $input->getInt('assigned_to', 0);
+
+		try
+		{
+			$db = Factory::getDbo();
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__mokowaas_tickets'))
+					->set($db->quoteName('assigned_to') . ' = ' . ($assignTo ?: 'NULL'))
+					->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+					->where($db->quoteName('id') . ' = ' . $ticketId)
+			)->execute();
+
+			$this->jsonResponse(['success' => true, 'message' => 'Ticket assigned.']);
+		}
+		catch (\Throwable $e)
+		{
+			$this->jsonResponse(['success' => false, 'message' => $e->getMessage()]);
+	return;
+		}
+	}
+
+	/**
+	 * Submit a data privacy request from frontend.
+	 */
+	public function submitDataRequest()
+	{
+		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
+
+		$user = Factory::getApplication()->getIdentity();
+
+		if ($user->guest)
+		{
+			$this->jsonResponse(['success' => false, 'message' => 'Please log in.']);
+	return;
+		}
+
+		$type  = Factory::getApplication()->getInput()->getString('type', '');
+		$model = new \Moko\Component\MokoWaaS\Administrator\Model\PrivacyModel();
+
+		$this->jsonResponse($model->createRequest($user->id, $type, 'Submitted via self-service portal'));
+	}
+
+	/**
+	 * Check if user is support staff (can manage tickets beyond their own).
+	 */
+	private function isStaff($user): bool
+	{
+		if ($user->guest)
+		{
+			return false;
+		}
+
+		// Super admins always staff
+		if ($user->authorise('core.admin'))
+		{
+			return true;
+		}
+
+		// Anyone with mokowaas.tickets ACL on the component is staff
+		return $user->authorise('mokowaas.tickets', 'com_mokowaas');
+	}
+
+	/**
+	 * Search KB articles via Smart Search (com_finder).
+	 */
+	public function searchKb()
+	{
+		$query = Factory::getApplication()->getInput()->getString('q', '');
+
+		if (strlen($query) < 3)
+		{
+			$this->jsonResponse(['results' => []]);
+		}
+
+		try
+		{
+			$db      = Factory::getDbo();
+			$escaped = $db->quote('%' . $db->escape($query, true) . '%');
+
+			$results = $db->setQuery(
+				$db->getQuery(true)
+					->select([
+						$db->quoteName('l.link_id'),
+						$db->quoteName('l.title'),
+						$db->quoteName('l.url'),
+						$db->quoteName('l.description'),
+					])
+					->from($db->quoteName('#__finder_links', 'l'))
+					->where($db->quoteName('l.published') . ' = 1')
+					->where('(' . $db->quoteName('l.title') . ' LIKE ' . $escaped
+						. ' OR ' . $db->quoteName('l.description') . ' LIKE ' . $escaped . ')')
+					->order($db->quoteName('l.title') . ' ASC')
+					->setLimit(8)
+			)->loadObjectList() ?: [];
+
+			foreach ($results as $r)
+			{
+				$r->description = mb_substr(strip_tags($r->description ?? ''), 0, 150);
+			}
+
+			$this->jsonResponse(['results' => $results]);
+		}
+		catch (\Throwable $e)
+		{
+			$this->jsonResponse(['results' => []]);
+		}
+	}
+
+	private function jsonResponse(array $data): void
+	{
+		$app = Factory::getApplication();
+		$app->setHeader('Content-Type', 'application/json');
+		echo json_encode($data);
+		$app->close();
+	}
+}
diff --git a/source/packages/com_mokowaas/site/src/View/Privacy/HtmlView.php b/source/packages/com_mokowaas/site/src/View/Privacy/HtmlView.php
new file mode 100644
index 00000000..a6b70082
--- /dev/null
+++ b/source/packages/com_mokowaas/site/src/View/Privacy/HtmlView.php
@@ -0,0 +1,68 @@
+<?php
+namespace Moko\Component\MokoWaaS\Site\View\Privacy;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Router\Route;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $requests = [];
+	protected $consent = [];
+
+	public function display($tpl = null)
+	{
+		$user = Factory::getApplication()->getIdentity();
+
+		if ($user->guest)
+		{
+			Factory::getApplication()->redirect(Route::_(
+				'index.php?option=com_users&view=login&return=' . base64_encode('index.php?option=com_mokowaas&view=privacy'),
+				false
+			));
+
+			return;
+		}
+
+		$db = Factory::getContainer()->get('Joomla\Database\DatabaseInterface');
+
+		// Get user's data requests
+		$query = $db->getQuery(true)
+			->select('*')
+			->from($db->quoteName('#__mokowaas_data_requests'))
+			->where($db->quoteName('user_id') . ' = ' . (int) $user->id)
+			->order($db->quoteName('created') . ' DESC');
+
+		try
+		{
+			$db->setQuery($query);
+			$this->requests = $db->loadObjectList() ?: [];
+		}
+		catch (\Throwable $e)
+		{
+			$this->requests = [];
+		}
+
+		// Get consent history
+		try
+		{
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('*')
+					->from($db->quoteName('#__mokowaas_consent_log'))
+					->where($db->quoteName('user_id') . ' = ' . (int) $user->id)
+					->order($db->quoteName('created') . ' DESC')
+					->setLimit(20)
+			);
+			$this->consent = $db->loadObjectList() ?: [];
+		}
+		catch (\Throwable $e)
+		{
+			$this->consent = [];
+		}
+
+		parent::display($tpl);
+	}
+}
diff --git a/source/packages/com_mokowaas/site/src/View/Ticket/HtmlView.php b/source/packages/com_mokowaas/site/src/View/Ticket/HtmlView.php
new file mode 100644
index 00000000..4a4289e6
--- /dev/null
+++ b/source/packages/com_mokowaas/site/src/View/Ticket/HtmlView.php
@@ -0,0 +1,84 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas.site
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Site\View\Ticket;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+use Joomla\CMS\Router\Route;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $ticket;
+	protected $isStaff = false;
+	protected $canAssign = false;
+
+	public function display($tpl = null)
+	{
+		$db   = Factory::getContainer()->get('Joomla\Database\DatabaseInterface');
+		$user = Factory::getApplication()->getIdentity();
+		$id   = Factory::getApplication()->getInput()->getInt('id', 0);
+
+		$this->isStaff   = $user->authorise('core.admin') || $user->authorise('mokowaas.tickets', 'com_mokowaas');
+		$this->canAssign = $user->authorise('core.admin') || $user->authorise('mokowaas.tickets.assign', 'com_mokowaas');
+
+		// Get ticket — staff see any, customers see only their own
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('t') . '.*',
+				$db->quoteName('c.title', 'category_title'),
+				$db->quoteName('u.name', 'created_by_name'),
+				$db->quoteName('u.email', 'created_by_email'),
+				$db->quoteName('a.name', 'assigned_to_name'),
+			])
+			->from($db->quoteName('#__mokowaas_tickets', 't'))
+			->leftJoin($db->quoteName('#__mokowaas_ticket_categories', 'c') . ' ON c.id = t.category_id')
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = t.created_by')
+			->leftJoin($db->quoteName('#__users', 'a') . ' ON a.id = t.assigned_to')
+			->where($db->quoteName('t.id') . ' = ' . $id);
+
+		if (!$this->isStaff)
+		{
+			$query->where($db->quoteName('t.created_by') . ' = ' . (int) $user->id);
+		}
+
+		$db->setQuery($query);
+		$this->ticket = $db->loadObject();
+
+		if (!$this->ticket)
+		{
+			Factory::getApplication()->enqueueMessage('Ticket not found.', 'error');
+			Factory::getApplication()->redirect(Route::_('index.php?option=com_mokowaas&view=tickets', false));
+
+			return;
+		}
+
+		// Load replies — staff see internal notes, customers don't
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('r') . '.*',
+				$db->quoteName('u.name', 'user_name'),
+			])
+			->from($db->quoteName('#__mokowaas_ticket_replies', 'r'))
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = r.user_id')
+			->where($db->quoteName('r.ticket_id') . ' = ' . $id);
+
+		if (!$this->isStaff)
+		{
+			$query->where($db->quoteName('r.is_internal') . ' = 0');
+		}
+
+		$query->order($db->quoteName('r.created') . ' ASC');
+		$db->setQuery($query);
+		$this->ticket->replies = $db->loadObjectList() ?: [];
+
+		parent::display($tpl);
+	}
+}
diff --git a/source/packages/com_mokowaas/site/src/View/Tickets/HtmlView.php b/source/packages/com_mokowaas/site/src/View/Tickets/HtmlView.php
new file mode 100644
index 00000000..5988fba9
--- /dev/null
+++ b/source/packages/com_mokowaas/site/src/View/Tickets/HtmlView.php
@@ -0,0 +1,75 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  com_mokowaas.site
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Component\MokoWaaS\Site\View\Tickets;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
+
+class HtmlView extends BaseHtmlView
+{
+	protected $tickets = [];
+	protected $categories = [];
+	protected $isStaff = false;
+
+	public function display($tpl = null)
+	{
+		$db   = Factory::getContainer()->get('Joomla\Database\DatabaseInterface');
+		$user = Factory::getApplication()->getIdentity();
+
+		$this->isStaff = $user->authorise('core.admin')
+			|| $user->authorise('mokowaas.tickets', 'com_mokowaas');
+
+		// Staff see all tickets, customers see their own
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('t.id'),
+				$db->quoteName('t.subject'),
+				$db->quoteName('t.status'),
+				$db->quoteName('t.priority'),
+				$db->quoteName('t.created'),
+				$db->quoteName('t.assigned_to'),
+				$db->quoteName('c.title', 'category_title'),
+				$db->quoteName('u.name', 'created_by_name'),
+				$db->quoteName('a.name', 'assigned_to_name'),
+			])
+			->from($db->quoteName('#__mokowaas_tickets', 't'))
+			->leftJoin($db->quoteName('#__mokowaas_ticket_categories', 'c') . ' ON c.id = t.category_id')
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = t.created_by')
+			->leftJoin($db->quoteName('#__users', 'a') . ' ON a.id = t.assigned_to');
+
+		if (!$this->isStaff)
+		{
+			$query->where($db->quoteName('t.created_by') . ' = ' . (int) $user->id);
+		}
+
+		$filterStatus = Factory::getApplication()->getInput()->getString('filter_status', '');
+
+		if ($filterStatus)
+		{
+			$query->where($db->quoteName('t.status') . ' = ' . $db->quote($filterStatus));
+		}
+
+		$query->order($db->quoteName('t.created') . ' DESC')->setLimit(50);
+		$db->setQuery($query);
+		$this->tickets = $db->loadObjectList() ?: [];
+
+		// Categories for new ticket form
+		$query = $db->getQuery(true)
+			->select([$db->quoteName('id'), $db->quoteName('title')])
+			->from($db->quoteName('#__mokowaas_ticket_categories'))
+			->where($db->quoteName('published') . ' = 1')
+			->order($db->quoteName('ordering') . ' ASC');
+		$db->setQuery($query);
+		$this->categories = $db->loadObjectList() ?: [];
+
+		parent::display($tpl);
+	}
+}
diff --git a/source/packages/com_mokowaas/site/tmpl/privacy/default.php b/source/packages/com_mokowaas/site/tmpl/privacy/default.php
new file mode 100644
index 00000000..f26b4e6a
--- /dev/null
+++ b/source/packages/com_mokowaas/site/tmpl/privacy/default.php
@@ -0,0 +1,114 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\HTML\HTMLHelper;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$user     = Factory::getApplication()->getIdentity();
+$requests = $this->requests;
+$consent  = $this->consent;
+$token    = Session::getFormToken();
+
+$statusLabel = ['pending' => 'Pending', 'processing' => 'Processing', 'completed' => 'Completed', 'denied' => 'Denied'];
+$statusClass = ['pending' => 'warning', 'processing' => 'info', 'completed' => 'success', 'denied' => 'secondary'];
+?>
+
+<div class="mokowaas-portal">
+	<h2>My Privacy &amp; Data</h2>
+	<p class="text-muted">Manage your personal data, download your information, or request account deletion.</p>
+
+	<!-- Action buttons -->
+	<div class="row g-3 mb-4">
+		<div class="col-12 col-md-4">
+			<button type="button" class="btn btn-primary w-100 py-3 btn-data-request" data-type="export">
+				<span class="icon-download d-block mb-1" style="font-size:1.5rem"></span>
+				Download My Data
+			</button>
+		</div>
+		<div class="col-12 col-md-4">
+			<button type="button" class="btn btn-outline-warning w-100 py-3 btn-data-request" data-type="anonymize">
+				<span class="icon-user-shield d-block mb-1" style="font-size:1.5rem"></span>
+				Anonymize My Account
+			</button>
+		</div>
+		<div class="col-12 col-md-4">
+			<button type="button" class="btn btn-outline-danger w-100 py-3 btn-data-request" data-type="delete">
+				<span class="icon-trash d-block mb-1" style="font-size:1.5rem"></span>
+				Delete My Account
+			</button>
+		</div>
+	</div>
+
+	<!-- My requests -->
+	<?php if (!empty($requests)): ?>
+	<div class="card mb-4">
+		<div class="card-header"><strong>My Data Requests</strong></div>
+		<div class="table-responsive">
+			<table class="table table-striped mb-0">
+				<thead><tr><th>Type</th><th>Status</th><th>Submitted</th><th>Processed</th></tr></thead>
+				<tbody>
+				<?php foreach ($requests as $r): ?>
+				<tr>
+					<td><?php echo ucfirst($r->type); ?></td>
+					<td><span class="badge bg-<?php echo $statusClass[$r->status] ?? 'secondary'; ?>"><?php echo $statusLabel[$r->status] ?? $r->status; ?></span></td>
+					<td><?php echo HTMLHelper::_('date', $r->created, 'M d, Y H:i'); ?></td>
+					<td><?php echo $r->processed ? HTMLHelper::_('date', $r->processed, 'M d, Y H:i') : '—'; ?></td>
+				</tr>
+				<?php endforeach; ?>
+				</tbody>
+			</table>
+		</div>
+	</div>
+	<?php endif; ?>
+
+	<!-- Consent history -->
+	<?php if (!empty($consent)): ?>
+	<div class="card mb-4">
+		<div class="card-header"><strong>Consent History</strong></div>
+		<div class="table-responsive">
+			<table class="table table-sm mb-0">
+				<thead><tr><th>Category</th><th>Action</th><th>Date</th></tr></thead>
+				<tbody>
+				<?php foreach ($consent as $c): ?>
+				<tr>
+					<td><?php echo htmlspecialchars(ucwords(str_replace('_', ' ', $c->category))); ?></td>
+					<td><span class="badge bg-<?php echo $c->action === 'granted' ? 'success' : 'secondary'; ?>"><?php echo ucfirst($c->action); ?></span></td>
+					<td><?php echo HTMLHelper::_('date', $c->created, 'M d, Y H:i'); ?></td>
+				</tr>
+				<?php endforeach; ?>
+				</tbody>
+			</table>
+		</div>
+	</div>
+	<?php endif; ?>
+</div>
+
+<script>
+document.querySelectorAll('.btn-data-request').forEach(function(btn) {
+	btn.addEventListener('click', function() {
+		var type = this.dataset.type;
+		var messages = {
+			'export': 'Request a download of all your personal data?',
+			'anonymize': 'Request your account to be anonymized? Your name, email, and personal details will be replaced. This cannot be undone.',
+			'delete': 'Request permanent deletion of your account and all data? This cannot be undone.'
+		};
+		if (!confirm(messages[type] || 'Submit this request?')) return;
+		this.disabled = true;
+		var fd = new FormData();
+		fd.append('type', type);
+		fd.append('<?php echo $token; ?>', '1');
+		fetch('<?php echo Route::_("index.php?option=com_mokowaas&task=display.submitDataRequest&format=json"); ?>', {
+			method: 'POST', body: fd, headers: {'X-Requested-With': 'XMLHttpRequest'}
+		})
+		.then(function(r) { return r.json(); })
+		.then(function(d) {
+			if (d.success) { alert(d.message); location.reload(); }
+			else { alert(d.message || 'Failed.'); }
+		})
+		.catch(function() { alert('Network error.'); })
+		.finally(function() { btn.disabled = false; });
+	});
+});
+</script>
diff --git a/source/packages/com_mokowaas/site/tmpl/ticket/default.php b/source/packages/com_mokowaas/site/tmpl/ticket/default.php
new file mode 100644
index 00000000..7f84e579
--- /dev/null
+++ b/source/packages/com_mokowaas/site/tmpl/ticket/default.php
@@ -0,0 +1,241 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\HTML\HTMLHelper;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+use Joomla\CMS\Factory;
+
+$t         = $this->ticket;
+$isStaff   = $this->isStaff;
+$canAssign = $this->canAssign;
+$token     = Session::getFormToken();
+$userId    = Factory::getApplication()->getIdentity()->id;
+
+$statusLabel = [
+	'open' => 'Open', 'in_progress' => 'In Progress', 'waiting' => 'Awaiting Response',
+	'resolved' => 'Resolved', 'closed' => 'Closed',
+];
+$statusClass = [
+	'open' => 'primary', 'in_progress' => 'info', 'waiting' => 'warning',
+	'resolved' => 'success', 'closed' => 'secondary',
+];
+?>
+
+<div class="mokowaas-portal-ticket">
+	<div class="mb-3">
+		<a href="<?php echo Route::_('index.php?option=com_mokowaas&view=tickets'); ?>" class="btn btn-sm btn-outline-secondary">
+			<span class="icon-arrow-left"></span> Back to Tickets
+		</a>
+	</div>
+
+	<div class="row">
+		<!-- Main column: conversation -->
+		<div class="col-12 <?php echo $isStaff ? 'col-lg-8' : ''; ?>">
+
+			<!-- Ticket header -->
+			<div class="card mb-3">
+				<div class="card-body">
+					<div class="d-flex justify-content-between align-items-start">
+						<div>
+							<h3 class="mb-1">#<?php echo $t->id; ?> — <?php echo htmlspecialchars($t->subject); ?></h3>
+							<small class="text-muted">
+								<?php echo htmlspecialchars($t->category_title ?? 'General'); ?>
+								&middot; <?php echo HTMLHelper::_('date', $t->created, 'M d, Y H:i'); ?>
+								&middot; <?php echo ucfirst($t->priority); ?>
+								<?php if ($isStaff): ?>
+								&middot; By: <?php echo htmlspecialchars($t->created_by_name); ?>
+								<?php endif; ?>
+							</small>
+						</div>
+						<span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?> fs-6">
+							<?php echo $statusLabel[$t->status] ?? $t->status; ?>
+						</span>
+					</div>
+				</div>
+			</div>
+
+			<!-- Original message -->
+			<div class="card mb-3">
+				<div class="card-header">
+					<strong><?php echo htmlspecialchars($t->created_by_name); ?></strong>
+					<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $t->created, 'M d, Y H:i'); ?></small>
+				</div>
+				<div class="card-body"><?php echo nl2br(htmlspecialchars($t->body)); ?></div>
+			</div>
+
+			<!-- Replies -->
+			<?php foreach ($t->replies as $reply): ?>
+			<?php
+				$replyIsStaffUser = ((int) $reply->user_id !== (int) $t->created_by);
+				$isInternal       = (int) $reply->is_internal;
+			?>
+			<div class="card mb-3 <?php echo $isInternal ? 'border-warning bg-warning bg-opacity-10' : ($replyIsStaffUser ? 'border-primary' : ''); ?>">
+				<div class="card-header d-flex justify-content-between">
+					<div>
+						<strong><?php echo htmlspecialchars($reply->user_name ?? 'Support'); ?></strong>
+						<?php if ($replyIsStaffUser): ?><span class="badge bg-primary ms-1">Staff</span><?php endif; ?>
+						<?php if ($isInternal): ?><span class="badge bg-warning text-dark ms-1">Internal Note</span><?php endif; ?>
+						<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $reply->created, 'M d, Y H:i'); ?></small>
+					</div>
+				</div>
+				<div class="card-body"><?php echo nl2br(htmlspecialchars($reply->body)); ?></div>
+			</div>
+			<?php endforeach; ?>
+
+			<!-- Reply form -->
+			<?php if (!\in_array($t->status, ['closed'])): ?>
+			<div class="card mt-4">
+				<div class="card-body">
+					<h5>Reply</h5>
+					<form id="portalReply">
+						<textarea name="body" class="form-control mb-3" rows="5" required placeholder="Type your reply..."></textarea>
+						<input type="hidden" name="ticket_id" value="<?php echo $t->id; ?>">
+						<input type="hidden" name="<?php echo $token; ?>" value="1">
+						<div class="d-flex gap-2">
+							<button type="submit" class="btn btn-primary">
+								<span class="icon-paper-plane"></span> Send Reply
+							</button>
+							<?php if ($isStaff): ?>
+							<button type="button" class="btn btn-outline-warning" id="btn-internal-note">
+								<span class="icon-eye-slash"></span> Internal Note
+							</button>
+							<?php endif; ?>
+						</div>
+					</form>
+				</div>
+			</div>
+			<?php elseif ($t->status === 'closed'): ?>
+			<div class="alert alert-secondary mt-4">
+				This ticket is closed. <a href="<?php echo Route::_('index.php?option=com_mokowaas&view=tickets&layout=submit'); ?>">Open a new ticket</a> if you need further help.
+			</div>
+			<?php endif; ?>
+		</div>
+
+		<!-- Staff sidebar -->
+		<?php if ($isStaff): ?>
+		<div class="col-12 col-lg-4">
+			<!-- Ticket info -->
+			<div class="card mb-3">
+				<div class="card-header"><strong>Details</strong></div>
+				<div class="card-body">
+					<dl class="row mb-0">
+						<dt class="col-5 text-muted">Status</dt>
+						<dd class="col-7"><span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?>"><?php echo $statusLabel[$t->status] ?? $t->status; ?></span></dd>
+						<dt class="col-5 text-muted">Priority</dt>
+						<dd class="col-7"><?php echo ucfirst($t->priority); ?></dd>
+						<dt class="col-5 text-muted">Category</dt>
+						<dd class="col-7"><?php echo htmlspecialchars($t->category_title ?? '—'); ?></dd>
+						<dt class="col-5 text-muted">Submitted By</dt>
+						<dd class="col-7"><?php echo htmlspecialchars($t->created_by_name); ?><br><small class="text-muted"><?php echo htmlspecialchars($t->created_by_email ?? ''); ?></small></dd>
+						<dt class="col-5 text-muted">Assigned To</dt>
+						<dd class="col-7"><?php echo htmlspecialchars($t->assigned_to_name ?? 'Unassigned'); ?></dd>
+						<dt class="col-5 text-muted">Created</dt>
+						<dd class="col-7"><?php echo HTMLHelper::_('date', $t->created, 'M d H:i'); ?></dd>
+						<dt class="col-5 text-muted">Replies</dt>
+						<dd class="col-7"><?php echo \count($t->replies); ?></dd>
+					</dl>
+				</div>
+			</div>
+
+			<!-- Status actions -->
+			<div class="card mb-3">
+				<div class="card-header"><strong>Change Status</strong></div>
+				<div class="card-body d-grid gap-2">
+					<?php foreach (['open' => 'Reopen', 'in_progress' => 'In Progress', 'waiting' => 'Waiting on Customer', 'resolved' => 'Resolve', 'closed' => 'Close'] as $s => $label): ?>
+					<?php if ($s !== $t->status): ?>
+					<button type="button" class="btn btn-sm btn-outline-<?php echo $s === 'closed' ? 'danger' : ($s === 'resolved' ? 'success' : 'secondary'); ?> btn-status"
+						data-status="<?php echo $s; ?>">
+						<?php echo $label; ?>
+					</button>
+					<?php endif; ?>
+					<?php endforeach; ?>
+				</div>
+			</div>
+
+			<?php if ($canAssign): ?>
+			<!-- Quick assign -->
+			<div class="card mb-3">
+				<div class="card-header"><strong>Assign</strong></div>
+				<div class="card-body">
+					<button type="button" class="btn btn-sm btn-outline-primary w-100" id="btn-assign-me">
+						Assign to Me
+					</button>
+				</div>
+			</div>
+			<?php endif; ?>
+		</div>
+		<?php endif; ?>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var token = '<?php echo $token; ?>';
+	var ticketId = <?php echo $t->id; ?>;
+
+	// Reply
+	var replyForm = document.getElementById('portalReply');
+	if (replyForm) {
+		replyForm.addEventListener('submit', function(e) {
+			e.preventDefault();
+			sendReply(false);
+		});
+	}
+
+	// Internal note
+	var internalBtn = document.getElementById('btn-internal-note');
+	if (internalBtn) {
+		internalBtn.addEventListener('click', function() { sendReply(true); });
+	}
+
+	function sendReply(isInternal) {
+		var body = replyForm.querySelector('textarea[name=body]').value.trim();
+		if (!body) return;
+		var fd = new FormData();
+		fd.append('ticket_id', ticketId);
+		fd.append('body', body);
+		fd.append('is_internal', isInternal ? '1' : '0');
+		fd.append(token, '1');
+		fetch('<?php echo Route::_("index.php?option=com_mokowaas&task=display.submitReply&format=json"); ?>', {
+			method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}
+		}).then(function(r){return r.json()}).then(function(d){
+			if (d.success) location.reload();
+			else alert(d.message);
+		});
+	}
+
+	// Status buttons
+	document.querySelectorAll('.btn-status').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var fd = new FormData();
+			fd.append('ticket_id', ticketId);
+			fd.append('status', this.dataset.status);
+			fd.append(token, '1');
+			fetch('<?php echo Route::_("index.php?option=com_mokowaas&task=display.updateStatus&format=json"); ?>', {
+				method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}
+			}).then(function(r){return r.json()}).then(function(d){
+				if (d.success) location.reload();
+				else alert(d.message);
+			});
+		});
+	});
+
+	// Assign to me
+	var assignBtn = document.getElementById('btn-assign-me');
+	if (assignBtn) {
+		assignBtn.addEventListener('click', function() {
+			var fd = new FormData();
+			fd.append('ticket_id', ticketId);
+			fd.append('assigned_to', <?php echo $userId; ?>);
+			fd.append(token, '1');
+			fetch('<?php echo Route::_("index.php?option=com_mokowaas&task=display.assignTicket&format=json"); ?>', {
+				method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}
+			}).then(function(r){return r.json()}).then(function(d){
+				if (d.success) location.reload();
+				else alert(d.message);
+			});
+		});
+	}
+});
+</script>
diff --git a/source/packages/com_mokowaas/site/tmpl/tickets/default.php b/source/packages/com_mokowaas/site/tmpl/tickets/default.php
new file mode 100644
index 00000000..8ed9e1a3
--- /dev/null
+++ b/source/packages/com_mokowaas/site/tmpl/tickets/default.php
@@ -0,0 +1,83 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\HTML\HTMLHelper;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$tickets    = $this->tickets;
+$categories = $this->categories;
+$isStaff    = $this->isStaff;
+$token      = Session::getFormToken();
+
+$statusLabel = [
+	'open' => 'Open', 'in_progress' => 'In Progress', 'waiting' => 'Awaiting Response',
+	'resolved' => 'Resolved', 'closed' => 'Closed',
+];
+$statusClass = [
+	'open' => 'primary', 'in_progress' => 'info', 'waiting' => 'warning',
+	'resolved' => 'success', 'closed' => 'secondary',
+];
+?>
+
+<div class="mokowaas-portal">
+	<div class="d-flex justify-content-between align-items-center mb-4">
+		<h2><?php echo $isStaff ? 'All Support Tickets' : 'My Support Tickets'; ?></h2>
+		<div class="d-flex gap-2">
+			<a href="<?php echo Route::_('index.php?option=com_mokowaas&view=tickets&layout=submit'); ?>" class="btn btn-primary">
+				<span class="icon-plus"></span> New Ticket
+			</a>
+			<?php if ($isStaff): ?>
+			<form method="get" class="d-inline">
+				<input type="hidden" name="option" value="com_mokowaas">
+				<input type="hidden" name="view" value="tickets">
+				<select name="filter_status" class="form-select form-select-sm" style="width:auto" onchange="this.form.submit()">
+					<option value="">All Statuses</option>
+					<?php foreach ($statusLabel as $k => $v): ?>
+					<option value="<?php echo $k; ?>" <?php echo Factory::getApplication()->getInput()->getString('filter_status') === $k ? 'selected' : ''; ?>><?php echo $v; ?></option>
+					<?php endforeach; ?>
+				</select>
+			</form>
+			<?php endif; ?>
+		</div>
+	</div>
+
+	<?php if (empty($tickets)): ?>
+	<div class="alert alert-info">
+		<span class="icon-info-circle"></span>
+		<?php echo $isStaff ? 'No tickets found.' : 'You haven\'t submitted any support tickets yet.'; ?>
+	</div>
+	<?php else: ?>
+	<div class="table-responsive">
+		<table class="table table-striped table-hover">
+			<thead>
+				<tr>
+					<th>#</th>
+					<th>Subject</th>
+					<th>Status</th>
+					<th>Priority</th>
+					<th>Category</th>
+					<?php if ($isStaff): ?><th>Submitted By</th><th>Assigned To</th><?php endif; ?>
+					<th>Date</th>
+				</tr>
+			</thead>
+			<tbody>
+			<?php foreach ($tickets as $t): ?>
+				<tr>
+					<td><a href="<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id=' . $t->id); ?>"><?php echo $t->id; ?></a></td>
+					<td><a href="<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id=' . $t->id); ?>"><?php echo htmlspecialchars(mb_substr($t->subject, 0, 60)); ?></a></td>
+					<td><span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?>"><?php echo $statusLabel[$t->status] ?? $t->status; ?></span></td>
+					<td><?php echo ucfirst($t->priority); ?></td>
+					<td><?php echo htmlspecialchars($t->category_title ?? '—'); ?></td>
+					<?php if ($isStaff): ?>
+					<td><?php echo htmlspecialchars($t->created_by_name ?? ''); ?></td>
+					<td><?php echo htmlspecialchars($t->assigned_to_name ?? '<em>Unassigned</em>'); ?></td>
+					<?php endif; ?>
+					<td class="text-nowrap"><?php echo HTMLHelper::_('date', $t->created, 'M d, Y'); ?></td>
+				</tr>
+			<?php endforeach; ?>
+			</tbody>
+		</table>
+	</div>
+	<?php endif; ?>
+</div>
diff --git a/source/packages/com_mokowaas/site/tmpl/tickets/submit.php b/source/packages/com_mokowaas/site/tmpl/tickets/submit.php
new file mode 100644
index 00000000..cc5da1b8
--- /dev/null
+++ b/source/packages/com_mokowaas/site/tmpl/tickets/submit.php
@@ -0,0 +1,204 @@
+<?php
+/**
+ * Submit a Ticket layout — search KB first, then submit form.
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
+
+$categories  = $this->categories;
+$token       = Session::getFormToken();
+$searchUrl   = Route::_('index.php?option=com_mokowaas&task=display.searchKb&format=json');
+$submitUrl   = Route::_('index.php?option=com_mokowaas&task=display.submitTicket&format=json');
+$ticketUrl   = Route::_('index.php?option=com_mokowaas&view=ticket&id=');
+$ticketsUrl  = Route::_('index.php?option=com_mokowaas&view=tickets');
+
+// Check if Smart Search has indexed content
+$finderEnabled = false;
+try {
+	$db = \Joomla\CMS\Factory::getContainer()->get('Joomla\Database\DatabaseInterface');
+	$db->setQuery('SELECT COUNT(*) FROM #__finder_links WHERE published = 1');
+	$finderEnabled = (int) $db->loadResult() > 0;
+} catch (\Throwable $e) {}
+?>
+
+<div class="mokowaas-portal">
+	<h2>Submit a Support Request</h2>
+
+	<?php if ($finderEnabled): ?>
+	<!-- Step 1: Search -->
+	<div id="step-search" class="mb-4">
+		<p class="text-muted">Before submitting, let's see if we already have an answer for you.</p>
+		<div class="card">
+			<div class="card-body">
+				<label class="form-label fw-bold" for="kb-search">Describe your issue</label>
+				<div class="input-group input-group-lg">
+					<input type="text" id="kb-search" class="form-control" placeholder="e.g. how do I reset my password?" autofocus>
+					<button type="button" class="btn btn-primary" id="kb-search-btn">
+						<span class="icon-search"></span> Search
+					</button>
+				</div>
+			</div>
+		</div>
+
+		<!-- Search results -->
+		<div id="kb-results" class="mt-3 d-none">
+			<h5>Related Articles</h5>
+			<div id="kb-results-list" class="list-group mb-3"></div>
+			<p class="text-muted">Didn't find what you need?</p>
+		</div>
+
+		<div class="mt-3">
+			<button type="button" class="btn btn-outline-primary" id="btn-show-form">
+				<span class="icon-plus"></span> Submit a Ticket Anyway
+			</button>
+		</div>
+	</div>
+	<?php endif; ?>
+
+	<!-- Step 2: Ticket Form -->
+	<div id="step-form" class="<?php echo $finderEnabled ? 'd-none' : ''; ?>">
+		<div class="card">
+			<div class="card-body">
+				<h5 class="card-title mb-3">Ticket Details</h5>
+				<form id="submitTicketForm">
+					<div class="mb-3">
+						<label class="form-label" for="ticket-subject">Subject <span class="text-danger">*</span></label>
+						<input type="text" id="ticket-subject" name="subject" class="form-control" required placeholder="Brief description of your issue">
+					</div>
+					<div class="row mb-3">
+						<div class="col-md-6">
+							<label class="form-label" for="ticket-category">Category</label>
+							<select id="ticket-category" name="category_id" class="form-select">
+								<option value="">Select a category</option>
+								<?php foreach ($categories as $cat): ?>
+								<option value="<?php echo $cat->id; ?>"><?php echo htmlspecialchars($cat->title); ?></option>
+								<?php endforeach; ?>
+							</select>
+						</div>
+						<div class="col-md-6">
+							<label class="form-label" for="ticket-priority">Priority</label>
+							<select id="ticket-priority" name="priority" class="form-select">
+								<option value="normal">Normal</option>
+								<option value="low">Low</option>
+								<option value="high">High</option>
+								<option value="urgent">Urgent</option>
+							</select>
+						</div>
+					</div>
+					<div class="mb-3">
+						<label class="form-label" for="ticket-body">Description <span class="text-danger">*</span></label>
+						<textarea id="ticket-body" name="body" class="form-control" rows="8" required placeholder="Please describe your issue in detail."></textarea>
+					</div>
+					<input type="hidden" name="<?php echo $token; ?>" value="1">
+					<div class="d-flex gap-2">
+						<button type="submit" class="btn btn-primary btn-lg">
+							<span class="icon-paper-plane"></span> Submit Ticket
+						</button>
+						<a href="<?php echo $ticketsUrl; ?>" class="btn btn-outline-secondary btn-lg">
+							My Tickets
+						</a>
+					</div>
+				</form>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	var searchInput = document.getElementById('kb-search');
+	var searchBtn   = document.getElementById('kb-search-btn');
+	var resultBox   = document.getElementById('kb-results');
+	var resultList  = document.getElementById('kb-results-list');
+	var showFormBtn = document.getElementById('btn-show-form');
+	var stepSearch  = document.getElementById('step-search');
+	var stepForm    = document.getElementById('step-form');
+	var subjectField = document.getElementById('ticket-subject');
+
+	// Search
+	function doSearch() {
+		var q = (searchInput ? searchInput.value.trim() : '');
+		if (q.length < 3) return;
+
+		fetch('<?php echo $searchUrl; ?>&q=' + encodeURIComponent(q), {
+			headers: {'X-Requested-With': 'XMLHttpRequest'}
+		})
+		.then(function(r) { return r.json(); })
+		.then(function(d) {
+			resultList.textContent = '';
+			if (d.results && d.results.length > 0) {
+				d.results.forEach(function(item) {
+					var a = document.createElement('a');
+					a.href = item.url;
+					a.target = '_blank';
+					a.className = 'list-group-item list-group-item-action';
+					var strong = document.createElement('strong');
+					strong.textContent = item.title;
+					a.appendChild(strong);
+					if (item.description) {
+						a.appendChild(document.createElement('br'));
+						var small = document.createElement('small');
+						small.className = 'text-muted';
+						small.textContent = item.description;
+						a.appendChild(small);
+					}
+					resultList.appendChild(a);
+				});
+				resultBox.classList.remove('d-none');
+			} else {
+				resultBox.classList.add('d-none');
+			}
+			// Always show the "submit anyway" button after search
+			if (showFormBtn) showFormBtn.classList.remove('d-none');
+		});
+	}
+
+	if (searchBtn) searchBtn.addEventListener('click', doSearch);
+	if (searchInput) {
+		searchInput.addEventListener('keydown', function(e) {
+			if (e.key === 'Enter') { e.preventDefault(); doSearch(); }
+		});
+	}
+
+	// Show form and prefill subject from search query
+	if (showFormBtn) {
+		showFormBtn.addEventListener('click', function() {
+			if (stepSearch) stepSearch.classList.add('d-none');
+			if (stepForm) stepForm.classList.remove('d-none');
+			if (searchInput && subjectField && !subjectField.value) {
+				subjectField.value = searchInput.value;
+			}
+			subjectField.focus();
+		});
+	}
+
+	// Submit ticket
+	var form = document.getElementById('submitTicketForm');
+	if (form) {
+		form.addEventListener('submit', function(e) {
+			e.preventDefault();
+			var btn = form.querySelector('button[type=submit]');
+			btn.disabled = true;
+			btn.textContent = ' Submitting...';
+			var fd = new FormData(form);
+			fetch('<?php echo $submitUrl; ?>', {
+				method: 'POST', body: fd, headers: {'X-Requested-With': 'XMLHttpRequest'}
+			})
+			.then(function(r) { return r.json(); })
+			.then(function(d) {
+				if (d.success && d.id) {
+					window.location.href = '<?php echo $ticketUrl; ?>' + d.id;
+				} else {
+					alert(d.message || 'Failed.');
+					btn.disabled = false;
+					btn.textContent = ' Submit Ticket';
+				}
+			})
+			.catch(function() { alert('Network error.'); btn.disabled = false; });
+		});
+	}
+});
+</script>
diff --git a/source/packages/mod_mokowaas_cache/language/en-GB/mod_mokowaas_cache.ini b/source/packages/mod_mokowaas_cache/language/en-GB/mod_mokowaas_cache.ini
new file mode 100644
index 00000000..93b2aae6
--- /dev/null
+++ b/source/packages/mod_mokowaas_cache/language/en-GB/mod_mokowaas_cache.ini
@@ -0,0 +1,4 @@
+MOD_MOKOWAAS_CACHE="MokoWaaS Cache Cleaner"
+MOD_MOKOWAAS_CACHE_DESC="One-click cache and temp cleaner in the admin status bar."
+MOD_MOKOWAAS_CACHE_CLEAR_ALL="Clear All Cache"
+MOD_MOKOWAAS_CACHE_CLEAR_TEMP="Clear Temp"
diff --git a/source/packages/mod_mokowaas_cache/language/en-GB/mod_mokowaas_cache.sys.ini b/source/packages/mod_mokowaas_cache/language/en-GB/mod_mokowaas_cache.sys.ini
new file mode 100644
index 00000000..25f62d28
--- /dev/null
+++ b/source/packages/mod_mokowaas_cache/language/en-GB/mod_mokowaas_cache.sys.ini
@@ -0,0 +1,2 @@
+MOD_MOKOWAAS_CACHE="MokoWaaS Cache Cleaner"
+MOD_MOKOWAAS_CACHE_DESC="One-click cache cleaner in the admin status bar. Clears all Joomla cache (site, admin, and expired)."
diff --git a/source/packages/mod_mokowaas_cache/mod_mokowaas_cache.xml b/source/packages/mod_mokowaas_cache/mod_mokowaas_cache.xml
new file mode 100644
index 00000000..4909e800
--- /dev/null
+++ b/source/packages/mod_mokowaas_cache/mod_mokowaas_cache.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension type="module" client="administrator" method="upgrade">
+	<name>mod_mokowaas_cache</name>
+	<author>Moko Consulting</author>
+	<creationDate>2026-06-04</creationDate>
+	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
+	<license>GPL-3.0-or-later</license>
+	<authorEmail>hello@mokoconsulting.tech</authorEmail>
+	<authorUrl>https://mokoconsulting.tech</authorUrl>
+	<version>02.34.15</version>
+	<description>MOD_MOKOWAAS_CACHE_DESC</description>
+	<namespace path="src">Moko\Module\MokoWaaSCache</namespace>
+
+	<files>
+		<folder module="mod_mokowaas_cache">services</folder>
+		<folder>src</folder>
+		<folder>tmpl</folder>
+	</files>
+
+	<languages folder="language">
+		<language tag="en-GB">en-GB/mod_mokowaas_cache.ini</language>
+		<language tag="en-GB">en-GB/mod_mokowaas_cache.sys.ini</language>
+	</languages>
+</extension>
diff --git a/source/packages/mod_mokowaas_cache/services/provider.php b/source/packages/mod_mokowaas_cache/services/provider.php
new file mode 100644
index 00000000..cf5c25c4
--- /dev/null
+++ b/source/packages/mod_mokowaas_cache/services/provider.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  mod_mokowaas_cache
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\Service\Provider\Module;
+use Joomla\CMS\Extension\Service\Provider\ModuleDispatcherFactory;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+
+return new class implements ServiceProviderInterface
+{
+	public function register(Container $container): void
+	{
+		$container->registerServiceProvider(new ModuleDispatcherFactory('\\Moko\\Module\\MokoWaaSCache'));
+		$container->registerServiceProvider(new Module());
+	}
+};
diff --git a/source/packages/mod_mokowaas_cache/src/Dispatcher/Dispatcher.php b/source/packages/mod_mokowaas_cache/src/Dispatcher/Dispatcher.php
new file mode 100644
index 00000000..b67aad8d
--- /dev/null
+++ b/source/packages/mod_mokowaas_cache/src/Dispatcher/Dispatcher.php
@@ -0,0 +1,14 @@
+<?php
+namespace Moko\Module\MokoWaaSCache\Administrator\Dispatcher;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Dispatcher\AbstractModuleDispatcher;
+
+class Dispatcher extends AbstractModuleDispatcher
+{
+	protected function getLayoutData()
+	{
+		return parent::getLayoutData();
+	}
+}
diff --git a/source/packages/mod_mokowaas_cache/tmpl/default.php b/source/packages/mod_mokowaas_cache/tmpl/default.php
new file mode 100644
index 00000000..1f46350e
--- /dev/null
+++ b/source/packages/mod_mokowaas_cache/tmpl/default.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * MokoWaaS Cache & Temp Cleaner — status bar split button
+ *
+ * Displays "Clear: Cache | Temp" as a single header item with two
+ * clickable halves. Uses native Atum header-item markup.
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Session\Session;
+
+$token    = Session::getFormToken();
+$cacheUrl = 'index.php?option=com_mokowaas&task=clearCache&format=json';
+$tempUrl  = 'index.php?option=com_mokowaas&task=clearTemp&format=json';
+?>
+
+<style>
+.mokowaas-cleaner { display:flex; align-items:center; gap:0; padding:0 0.25rem; }
+.mokowaas-cleaner-label { font-size:0.8rem; color:var(--template-text-dark,#495057); white-space:nowrap; padding-inline-end:0.35rem; }
+.mokowaas-cleaner-btn { cursor:pointer; padding:0.2rem 0.5rem; font-size:0.8rem; border-radius:3px; text-decoration:none; color:var(--template-text-dark,#495057); transition:background 0.15s; white-space:nowrap; }
+.mokowaas-cleaner-btn:hover { background:rgba(0,0,0,0.08); color:var(--template-text-dark,#212529); text-decoration:none; }
+.mokowaas-cleaner-sep { color:var(--template-text-dark,#adb5bd); padding:0 0.1rem; font-size:0.8rem; }
+</style>
+
+<div class="header-item-content mokowaas-cleaner">
+	<span class="mokowaas-cleaner-label">Clear:</span>
+	<a href="#" class="mokowaas-cleaner-btn" id="mokowaas-clear-cache" title="Clear all Joomla cache">
+		<span class="icon-bolt" aria-hidden="true" id="mokowaas-cache-icon"></span> Cache
+	</a>
+	<span class="mokowaas-cleaner-sep">|</span>
+	<a href="#" class="mokowaas-cleaner-btn" id="mokowaas-clear-temp" title="Clear temp directory">
+		<span class="icon-trash" aria-hidden="true" id="mokowaas-temp-icon"></span> Temp
+	</a>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+	function setupCleaner(btnId, iconId, url, token) {
+		var btn  = document.getElementById(btnId);
+		var icon = document.getElementById(iconId);
+		if (!btn || !icon) return;
+		var origClass = icon.className;
+
+		btn.addEventListener('click', function(e) {
+			e.preventDefault();
+			if (btn.dataset.busy) return;
+			btn.dataset.busy = '1';
+			icon.className = 'icon-spinner icon-spin';
+
+			var formData = new FormData();
+			formData.append(token, '1');
+
+			fetch(url, {
+				method: 'POST',
+				headers: {'X-Requested-With': 'XMLHttpRequest'},
+				body: formData
+			})
+			.then(function(r) { return r.json(); })
+			.then(function(data) {
+				if (data.success) {
+					icon.className = 'icon-check';
+					icon.style.color = '#198754';
+				} else {
+					icon.className = 'icon-times';
+					icon.style.color = '#dc3545';
+				}
+				setTimeout(function() {
+					icon.className = origClass;
+					icon.style.color = '';
+					delete btn.dataset.busy;
+				}, 2000);
+			})
+			.catch(function() {
+				icon.className = 'icon-times';
+				icon.style.color = '#dc3545';
+				setTimeout(function() {
+					icon.className = origClass;
+					icon.style.color = '';
+					delete btn.dataset.busy;
+				}, 2000);
+			});
+		});
+	}
+
+	setupCleaner('mokowaas-clear-cache', 'mokowaas-cache-icon', '<?php echo $cacheUrl; ?>', '<?php echo $token; ?>');
+	setupCleaner('mokowaas-clear-temp', 'mokowaas-temp-icon', '<?php echo $tempUrl; ?>', '<?php echo $token; ?>');
+});
+</script>
diff --git a/source/packages/mod_mokowaas_categories/language/en-GB/mod_mokowaas_categories.ini b/source/packages/mod_mokowaas_categories/language/en-GB/mod_mokowaas_categories.ini
new file mode 100644
index 00000000..e01d1dc4
--- /dev/null
+++ b/source/packages/mod_mokowaas_categories/language/en-GB/mod_mokowaas_categories.ini
@@ -0,0 +1,24 @@
+MOD_MOKOWAAS_CATEGORIES="MokoWaaS Categories"
+MOD_MOKOWAAS_CATEGORIES_DESC="Auto-discovers article categories and renders them as a collapsible tree menu. Ideal for knowledge base and help sections."
+
+MOD_MOKOWAAS_CATEGORIES_ROOT_LABEL="Root Category"
+MOD_MOKOWAAS_CATEGORIES_ROOT_DESC="Select a parent category. Only its children (and their subcategories) will be displayed. Leave as All to show the entire category tree."
+MOD_MOKOWAAS_CATEGORIES_ALL_CATEGORIES="- All Categories -"
+
+MOD_MOKOWAAS_CATEGORIES_DEPTH_LABEL="Maximum Depth"
+MOD_MOKOWAAS_CATEGORIES_DEPTH_DESC="How many levels deep to display. 1 shows only top-level categories, 2 adds one level of subcategories, etc."
+
+MOD_MOKOWAAS_CATEGORIES_COUNT_LABEL="Show Article Count"
+MOD_MOKOWAAS_CATEGORIES_COUNT_DESC="Display the number of published articles next to each category name."
+
+MOD_MOKOWAAS_CATEGORIES_EMPTY_LABEL="Show Empty Categories"
+MOD_MOKOWAAS_CATEGORIES_EMPTY_DESC="Display categories that have no published articles. Only applies when Show Article Count is enabled."
+
+MOD_MOKOWAAS_CATEGORIES_MENUITEM_LABEL="Target Menu Item"
+MOD_MOKOWAAS_CATEGORIES_MENUITEM_DESC="The menu item to use as the base for category links. This sets the Itemid parameter for proper template and menu highlighting."
+
+MOD_MOKOWAAS_CATEGORIES_ORDER_LABEL="Category Ordering"
+MOD_MOKOWAAS_CATEGORIES_ORDER_DESC="How to sort categories within each level."
+MOD_MOKOWAAS_CATEGORIES_ORDER_TREE="Tree Order (default)"
+MOD_MOKOWAAS_CATEGORIES_ORDER_TITLE="Alphabetical"
+MOD_MOKOWAAS_CATEGORIES_ORDER_CREATED="Date Created"
diff --git a/source/packages/mod_mokowaas_categories/language/en-GB/mod_mokowaas_categories.sys.ini b/source/packages/mod_mokowaas_categories/language/en-GB/mod_mokowaas_categories.sys.ini
new file mode 100644
index 00000000..4338989f
--- /dev/null
+++ b/source/packages/mod_mokowaas_categories/language/en-GB/mod_mokowaas_categories.sys.ini
@@ -0,0 +1,2 @@
+MOD_MOKOWAAS_CATEGORIES="MokoWaaS Categories"
+MOD_MOKOWAAS_CATEGORIES_DESC="Auto-discovers article categories and renders them as a collapsible tree menu. Ideal for knowledge base and help sections."
diff --git a/source/packages/mod_mokowaas_categories/mod_mokowaas_categories.xml b/source/packages/mod_mokowaas_categories/mod_mokowaas_categories.xml
new file mode 100644
index 00000000..c274468c
--- /dev/null
+++ b/source/packages/mod_mokowaas_categories/mod_mokowaas_categories.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension type="module" client="administrator" method="upgrade">
+	<name>mod_mokowaas_categories</name>
+	<author>Moko Consulting</author>
+	<creationDate>2026-06-06</creationDate>
+	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
+	<license>GPL-3.0-or-later</license>
+	<authorEmail>hello@mokoconsulting.tech</authorEmail>
+	<authorUrl>https://mokoconsulting.tech</authorUrl>
+	<version>02.34.15</version>
+	<description>MOD_MOKOWAAS_CATEGORIES_DESC</description>
+	<namespace path="src">Moko\Module\MokoWaaSCategories</namespace>
+
+	<files>
+		<folder module="mod_mokowaas_categories">services</folder>
+		<folder>src</folder>
+		<folder>tmpl</folder>
+	</files>
+
+	<languages folder="language">
+		<language tag="en-GB">en-GB/mod_mokowaas_categories.ini</language>
+		<language tag="en-GB">en-GB/mod_mokowaas_categories.sys.ini</language>
+	</languages>
+
+	<config>
+		<fields name="params">
+			<fieldset name="basic">
+				<field name="root_category" type="category"
+					extension="com_content"
+					label="MOD_MOKOWAAS_CATEGORIES_ROOT_LABEL"
+					description="MOD_MOKOWAAS_CATEGORIES_ROOT_DESC"
+					default="0"
+					show_root="true"
+					>
+					<option value="0">MOD_MOKOWAAS_CATEGORIES_ALL_CATEGORIES</option>
+				</field>
+				<field name="max_depth" type="number"
+					label="MOD_MOKOWAAS_CATEGORIES_DEPTH_LABEL"
+					description="MOD_MOKOWAAS_CATEGORIES_DEPTH_DESC"
+					default="3"
+					min="1"
+					max="10"
+					/>
+				<field name="show_article_count" type="radio"
+					label="MOD_MOKOWAAS_CATEGORIES_COUNT_LABEL"
+					description="MOD_MOKOWAAS_CATEGORIES_COUNT_DESC"
+					default="1"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option>
+					<option value="0">JNO</option>
+				</field>
+				<field name="show_empty" type="radio"
+					label="MOD_MOKOWAAS_CATEGORIES_EMPTY_LABEL"
+					description="MOD_MOKOWAAS_CATEGORIES_EMPTY_DESC"
+					default="0"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option>
+					<option value="0">JNO</option>
+				</field>
+				<field name="menu_item_id" type="menuitem"
+					label="MOD_MOKOWAAS_CATEGORIES_MENUITEM_LABEL"
+					description="MOD_MOKOWAAS_CATEGORIES_MENUITEM_DESC"
+					default=""
+					/>
+				<field name="ordering" type="list"
+					label="MOD_MOKOWAAS_CATEGORIES_ORDER_LABEL"
+					description="MOD_MOKOWAAS_CATEGORIES_ORDER_DESC"
+					default="lft">
+					<option value="lft">MOD_MOKOWAAS_CATEGORIES_ORDER_TREE</option>
+					<option value="title">MOD_MOKOWAAS_CATEGORIES_ORDER_TITLE</option>
+					<option value="created_time">MOD_MOKOWAAS_CATEGORIES_ORDER_CREATED</option>
+				</field>
+			</fieldset>
+		</fields>
+	</config>
+</extension>
diff --git a/source/packages/mod_mokowaas_categories/services/provider.php b/source/packages/mod_mokowaas_categories/services/provider.php
new file mode 100644
index 00000000..0ef768ba
--- /dev/null
+++ b/source/packages/mod_mokowaas_categories/services/provider.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  mod_mokowaas_categories
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\Service\Provider\HelperFactory;
+use Joomla\CMS\Extension\Service\Provider\Module;
+use Joomla\CMS\Extension\Service\Provider\ModuleDispatcherFactory;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+
+return new class implements ServiceProviderInterface
+{
+	public function register(Container $container): void
+	{
+		$container->registerServiceProvider(new ModuleDispatcherFactory('\\Moko\\Module\\MokoWaaSCategories'));
+		$container->registerServiceProvider(new HelperFactory('\\Moko\\Module\\MokoWaaSCategories\\Administrator\\Helper'));
+		$container->registerServiceProvider(new Module());
+	}
+};
diff --git a/source/packages/mod_mokowaas_categories/src/Dispatcher/Dispatcher.php b/source/packages/mod_mokowaas_categories/src/Dispatcher/Dispatcher.php
new file mode 100644
index 00000000..07857915
--- /dev/null
+++ b/source/packages/mod_mokowaas_categories/src/Dispatcher/Dispatcher.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  mod_mokowaas_categories
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Module\MokoWaaSCategories\Administrator\Dispatcher;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Dispatcher\AbstractModuleDispatcher;
+use Joomla\CMS\Helper\HelperFactoryAwareInterface;
+use Joomla\CMS\Helper\HelperFactoryAwareTrait;
+
+class Dispatcher extends AbstractModuleDispatcher implements HelperFactoryAwareInterface
+{
+	use HelperFactoryAwareTrait;
+
+	protected function getLayoutData()
+	{
+		$data   = parent::getLayoutData();
+		$params = $data['params'];
+
+		$helper = $this->getHelperFactory()->getHelper('CategoriesHelper');
+
+		$data['categories'] = $helper->getCategories($params);
+
+		return $data;
+	}
+}
diff --git a/source/packages/mod_mokowaas_categories/src/Helper/CategoriesHelper.php b/source/packages/mod_mokowaas_categories/src/Helper/CategoriesHelper.php
new file mode 100644
index 00000000..c33da3ec
--- /dev/null
+++ b/source/packages/mod_mokowaas_categories/src/Helper/CategoriesHelper.php
@@ -0,0 +1,148 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  mod_mokowaas_categories
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Module\MokoWaaSCategories\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\Database\DatabaseInterface;
+use Joomla\Registry\Registry;
+
+class CategoriesHelper
+{
+	/**
+	 * Get category tree from a root category with configurable depth.
+	 *
+	 * @param   Registry  $params  Module parameters
+	 *
+	 * @return  array  Nested array of category objects
+	 */
+	public function getCategories(Registry $params): array
+	{
+		$db = Factory::getContainer()->get(DatabaseInterface::class);
+
+		$rootId       = (int) $params->get('root_category', 0);
+		$maxDepth     = (int) $params->get('max_depth', 3);
+		$showEmpty    = (int) $params->get('show_empty', 0);
+		$showCount    = (int) $params->get('show_article_count', 1);
+		$ordering     = $params->get('ordering', 'lft');
+		$user         = Factory::getApplication()->getIdentity();
+		$accessLevels = $user->getAuthorisedViewLevels();
+
+		// Build base query
+		$query = $db->getQuery(true)
+			->select([
+				$db->quoteName('c.id'),
+				$db->quoteName('c.title'),
+				$db->quoteName('c.alias'),
+				$db->quoteName('c.parent_id'),
+				$db->quoteName('c.level'),
+				$db->quoteName('c.lft'),
+				$db->quoteName('c.rgt'),
+				$db->quoteName('c.description'),
+			])
+			->from($db->quoteName('#__categories', 'c'))
+			->where($db->quoteName('c.extension') . ' = ' . $db->quote('com_content'))
+			->where($db->quoteName('c.published') . ' = 1')
+			->whereIn($db->quoteName('c.access'), $accessLevels);
+
+		// If a root category is set, constrain to its subtree
+		if ($rootId > 0)
+		{
+			$rootQuery = $db->getQuery(true)
+				->select([$db->quoteName('lft'), $db->quoteName('rgt'), $db->quoteName('level')])
+				->from($db->quoteName('#__categories'))
+				->where($db->quoteName('id') . ' = ' . $rootId);
+			$db->setQuery($rootQuery);
+			$root = $db->loadObject();
+
+			if (!$root)
+			{
+				return [];
+			}
+
+			$query->where($db->quoteName('c.lft') . ' > ' . (int) $root->lft)
+				->where($db->quoteName('c.rgt') . ' < ' . (int) $root->rgt)
+				->where($db->quoteName('c.level') . ' <= ' . ((int) $root->level + $maxDepth));
+		}
+		else
+		{
+			// No root — show from level 1 (skip the virtual root)
+			$query->where($db->quoteName('c.level') . ' >= 1')
+				->where($db->quoteName('c.level') . ' <= ' . $maxDepth);
+		}
+
+		// Article count subquery
+		if ($showCount)
+		{
+			$countSub = $db->getQuery(true)
+				->select('COUNT(*)')
+				->from($db->quoteName('#__content', 'a'))
+				->where($db->quoteName('a.catid') . ' = ' . $db->quoteName('c.id'))
+				->where($db->quoteName('a.state') . ' = 1');
+			$query->select('(' . $countSub . ') AS ' . $db->quoteName('article_count'));
+		}
+
+		// Ordering
+		$validOrders = ['lft', 'title', 'created_time'];
+		$orderCol    = \in_array($ordering, $validOrders, true) ? $ordering : 'lft';
+		$query->order($db->quoteName('c.' . $orderCol) . ' ASC');
+
+		$db->setQuery($query);
+		$categories = $db->loadObjectList() ?: [];
+
+		// Filter empty categories if configured
+		if (!$showEmpty && $showCount)
+		{
+			$categories = array_filter($categories, function ($cat) {
+				return (int) $cat->article_count > 0;
+			});
+			$categories = array_values($categories);
+		}
+
+		// Build nested tree
+		return $this->buildTree($categories, $rootId);
+	}
+
+	/**
+	 * Build a nested tree from a flat list of categories.
+	 *
+	 * @param   array  $categories  Flat list of category objects
+	 * @param   int    $rootId      Root category ID (0 for all)
+	 *
+	 * @return  array  Nested array with 'children' key on each node
+	 */
+	private function buildTree(array $categories, int $rootId): array
+	{
+		$map  = [];
+		$tree = [];
+
+		foreach ($categories as $cat)
+		{
+			$cat->children = [];
+			$map[$cat->id] = $cat;
+		}
+
+		foreach ($categories as $cat)
+		{
+			$parentId = (int) $cat->parent_id;
+
+			if (isset($map[$parentId]))
+			{
+				$map[$parentId]->children[] = $cat;
+			}
+			else
+			{
+				$tree[] = $cat;
+			}
+		}
+
+		return $tree;
+	}
+}
diff --git a/source/packages/mod_mokowaas_categories/tmpl/default.php b/source/packages/mod_mokowaas_categories/tmpl/default.php
new file mode 100644
index 00000000..81745845
--- /dev/null
+++ b/source/packages/mod_mokowaas_categories/tmpl/default.php
@@ -0,0 +1,138 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  mod_mokowaas_categories
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Uri\Uri;
+
+$categories   = $categories ?? [];
+$showCount    = (int) ($params->get('show_article_count', 1));
+$menuItemId   = (int) $params->get('menu_item_id', 0);
+
+if (empty($categories))
+{
+	return;
+}
+
+// Detect active category from current URL
+$app         = \Joomla\CMS\Factory::getApplication();
+$activeCatId = (int) $app->input->getInt('id', 0);
+$currentView = $app->input->getCmd('view', '');
+$isCatView   = \in_array($currentView, ['category', 'categories'], true);
+
+/**
+ * Build the link for a category.
+ */
+$buildLink = function (object $cat) use ($menuItemId): string {
+	$link = 'index.php?option=com_content&view=category&id=' . (int) $cat->id;
+
+	if ($menuItemId)
+	{
+		$link .= '&Itemid=' . $menuItemId;
+	}
+
+	return Route::_($link);
+};
+
+/**
+ * Check if a category or any of its descendants is the active category.
+ */
+$isActiveOrAncestor = function (object $cat) use ($activeCatId, $isCatView, &$isActiveOrAncestor): bool {
+	if (!$isCatView || !$activeCatId)
+	{
+		return false;
+	}
+
+	if ((int) $cat->id === $activeCatId)
+	{
+		return true;
+	}
+
+	foreach ($cat->children as $child)
+	{
+		if ($isActiveOrAncestor($child))
+		{
+			return true;
+		}
+	}
+
+	return false;
+};
+
+/**
+ * Render a category list recursively.
+ */
+$renderTree = function (array $categories, int $depth = 1) use (
+	&$renderTree, $buildLink, $isActiveOrAncestor, $showCount, $activeCatId, $isCatView
+): void {
+	foreach ($categories as $cat):
+		$hasChildren   = !empty($cat->children);
+		$isActive      = $isCatView && (int) $cat->id === $activeCatId;
+		$isAncestor    = $hasChildren && $isActiveOrAncestor($cat);
+		$liClass       = 'item mokowaas-cat-item mokowaas-cat-level-' . $depth;
+
+		if ($isActive)
+		{
+			$liClass .= ' mm-active';
+		}
+
+		if ($hasChildren)
+		{
+			$liClass .= ' parent';
+		}
+
+		$aClass = ($hasChildren ? 'has-arrow' : 'no-dropdown');
+
+		if ($isActive)
+		{
+			$aClass .= ' mm-active';
+		}
+
+		$collapseClass = 'collapse-cat-level-' . ($depth + 1) . ' mm-collapse';
+
+		if ($isAncestor || $isActive)
+		{
+			$collapseClass .= ' mm-show';
+		}
+
+		$count = isset($cat->article_count) ? (int) $cat->article_count : 0;
+		?>
+		<li class="<?php echo $liClass; ?>">
+			<a class="<?php echo $aClass; ?>"
+			   href="<?php echo $hasChildren ? '#' : $buildLink($cat); ?>"
+			   <?php echo $isActive ? ' aria-current="page"' : ''; ?>>
+				<span class="icon-folder" aria-hidden="true"
+					  style="display:inline-block!important;width:1.25em;text-align:center;margin-inline-end:0.4em;"></span>
+				<span class="sidebar-item-title"><?php echo htmlspecialchars($cat->title); ?></span>
+				<?php if ($showCount): ?>
+				<span class="badge bg-secondary ms-auto"><?php echo $count; ?></span>
+				<?php endif; ?>
+			</a>
+			<?php if ($hasChildren): ?>
+			<ul class="<?php echo $collapseClass; ?>" style="padding-inline-start:0.75rem;">
+				<?php $renderTree($cat->children, $depth + 1); ?>
+			</ul>
+			<?php endif; ?>
+		</li>
+	<?php endforeach;
+};
+?>
+
+<style>
+.sidebar-wrapper .mokowaas-cat-item > a { padding-inline-start: 2rem; }
+.sidebar-wrapper .mokowaas-cat-item > a .badge { font-size: 0.65em; padding: 0.15em 0.45em; }
+.sidebar-wrapper .mokowaas-cat-level-2 > a { padding-inline-start: 2.5rem; }
+.sidebar-wrapper .mokowaas-cat-level-3 > a { padding-inline-start: 3rem; }
+.sidebar-wrapper .mokowaas-cat-level-4 > a { padding-inline-start: 3.5rem; }
+</style>
+
+<ul class="nav flex-column">
+	<?php $renderTree($categories); ?>
+</ul>
diff --git a/src/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.ini b/source/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.ini
similarity index 100%
rename from src/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.ini
rename to source/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.ini
diff --git a/src/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.sys.ini b/source/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.sys.ini
similarity index 100%
rename from src/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.sys.ini
rename to source/packages/mod_mokowaas_cpanel/language/en-GB/mod_mokowaas_cpanel.sys.ini
diff --git a/src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml b/source/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
similarity index 94%
rename from src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
rename to source/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
index dbe7aede..8d7a359f 100644
--- a/src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
+++ b/source/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
@@ -7,7 +7,11 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/mod_mokowaas_cpanel/mod_mokowaas_cpanel.xml
 	<description>MOD_MOKOWAAS_CPANEL_DESC</description>
 	<namespace path="src">Moko\Module\MokoWaaSCpanel</namespace>
 
diff --git a/src/packages/mod_mokowaas_cpanel/services/provider.php b/source/packages/mod_mokowaas_cpanel/services/provider.php
similarity index 100%
rename from src/packages/mod_mokowaas_cpanel/services/provider.php
rename to source/packages/mod_mokowaas_cpanel/services/provider.php
diff --git a/src/packages/mod_mokowaas_cpanel/src/Dispatcher/Dispatcher.php b/source/packages/mod_mokowaas_cpanel/src/Dispatcher/Dispatcher.php
similarity index 75%
rename from src/packages/mod_mokowaas_cpanel/src/Dispatcher/Dispatcher.php
rename to source/packages/mod_mokowaas_cpanel/src/Dispatcher/Dispatcher.php
index d3b1c191..4c9b179a 100644
--- a/src/packages/mod_mokowaas_cpanel/src/Dispatcher/Dispatcher.php
+++ b/source/packages/mod_mokowaas_cpanel/src/Dispatcher/Dispatcher.php
@@ -24,6 +24,18 @@ class Dispatcher extends AbstractModuleDispatcher implements HelperFactoryAwareI
 	{
 		$data = parent::getLayoutData();
 
+		// Hide on MokoWaaS dashboard — the dashboard has its own info panels
+		$app    = Factory::getApplication();
+		$option = $app->getInput()->get('option', '');
+		$view   = $app->getInput()->get('view', '');
+
+		if ($option === 'com_mokowaas' && ($view === '' || $view === 'dashboard'))
+		{
+			$data['hidden'] = true;
+
+			return $data;
+		}
+
 		$db     = Factory::getContainer()->get(DatabaseInterface::class);
 		$helper = $this->getHelperFactory()->getHelper('CpanelHelper');
 
@@ -33,6 +45,7 @@ class Dispatcher extends AbstractModuleDispatcher implements HelperFactoryAwareI
 		$data['counts']     = $helper->getCounts($db);
 		$data['disk']       = $helper->getDiskInfo();
 		$data['currentIp']  = $helper->getCurrentIp();
+		$data['ssl']        = $helper->getSslStatus();
 
 		return $data;
 	}
diff --git a/src/packages/mod_mokowaas_cpanel/src/Helper/CpanelHelper.php b/source/packages/mod_mokowaas_cpanel/src/Helper/CpanelHelper.php
similarity index 64%
rename from src/packages/mod_mokowaas_cpanel/src/Helper/CpanelHelper.php
rename to source/packages/mod_mokowaas_cpanel/src/Helper/CpanelHelper.php
index 7160329e..87fff882 100644
--- a/src/packages/mod_mokowaas_cpanel/src/Helper/CpanelHelper.php
+++ b/source/packages/mod_mokowaas_cpanel/src/Helper/CpanelHelper.php
@@ -87,10 +87,11 @@ class CpanelHelper
 	public function getCounts(DatabaseInterface $db): object
 	{
 		$counts = (object) [
-			'articles'   => 0,
-			'users'      => 0,
-			'extensions' => 0,
-			'updates'    => 0,
+			'articles'       => 0,
+			'users'          => 0,
+			'extensions'     => 0,
+			'updates'        => 0,
+			'moko_updates'   => 0,
 		];
 
 		try
@@ -106,6 +107,20 @@ class CpanelHelper
 
 			$db->setQuery($db->getQuery(true)->select('COUNT(*)')->from($db->quoteName('#__updates'))->where($db->quoteName('extension_id') . ' != 0'));
 			$counts->updates = (int) $db->loadResult();
+
+			// MokoWaaS-specific updates
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__updates', 'u'))
+					->join('INNER', $db->quoteName('#__extensions', 'e') . ' ON e.extension_id = u.extension_id')
+					->where('(' . $db->quoteName('e.element') . ' LIKE ' . $db->quote('mokowaas%')
+						. ' OR ' . $db->quoteName('e.element') . ' LIKE ' . $db->quote('pkg_mokowaas%')
+						. ' OR ' . $db->quoteName('e.element') . ' LIKE ' . $db->quote('com_mokowaas%')
+						. ' OR ' . $db->quoteName('e.element') . ' LIKE ' . $db->quote('mod_mokowaas%')
+						. ' OR ' . $db->quoteName('e.element') . ' = ' . $db->quote('mokoonyx') . ')')
+			);
+			$counts->moko_updates = (int) $db->loadResult();
 		}
 		catch (\Throwable $e)
 		{
@@ -136,4 +151,54 @@ class CpanelHelper
 	{
 		return $_SERVER['REMOTE_ADDR'] ?? '';
 	}
+
+	/**
+	 * Check SSL certificate expiry (#148).
+	 *
+	 * @return  object|null  {expires, days_remaining, warning} or null if check fails
+	 */
+	public function getSslStatus(): ?object
+	{
+		try
+		{
+			$host = parse_url(\Joomla\CMS\Uri\Uri::root(), PHP_URL_HOST);
+
+			if (empty($host))
+			{
+				return null;
+			}
+
+			$context = stream_context_create(['ssl' => ['capture_peer_cert' => true, 'verify_peer' => false]]);
+			$client  = @stream_socket_client('ssl://' . $host . ':443', $errno, $errstr, 5, STREAM_CLIENT_CONNECT, $context);
+
+			if (!$client)
+			{
+				return null;
+			}
+
+			$params = stream_context_get_params($client);
+			fclose($client);
+
+			$cert = openssl_x509_parse($params['options']['ssl']['peer_certificate'] ?? '');
+
+			if (empty($cert['validTo_time_t']))
+			{
+				return null;
+			}
+
+			$expires = $cert['validTo_time_t'];
+			$days    = (int) floor(($expires - time()) / 86400);
+
+			return (object) [
+				'expires'        => date('Y-m-d', $expires),
+				'days_remaining' => $days,
+				'warning'        => $days <= 30,
+				'critical'       => $days <= 7,
+			];
+		}
+		catch (\Throwable $e)
+		{
+			return null;
+		}
+	}
 }
diff --git a/src/packages/mod_mokowaas_cpanel/tmpl/default.php b/source/packages/mod_mokowaas_cpanel/tmpl/default.php
similarity index 70%
rename from src/packages/mod_mokowaas_cpanel/tmpl/default.php
rename to source/packages/mod_mokowaas_cpanel/tmpl/default.php
index b3ed62f2..2af3a20e 100644
--- a/src/packages/mod_mokowaas_cpanel/tmpl/default.php
+++ b/source/packages/mod_mokowaas_cpanel/tmpl/default.php
@@ -12,6 +12,9 @@ use Joomla\CMS\Language\Text;
 use Joomla\CMS\Router\Route;
 use Joomla\CMS\Session\Session;
 
+// Hidden when on MokoWaaS dashboard (redundant info)
+if (!empty($hidden)) return;
+
 
 $siteInfo    = $siteInfo ?? (object) [];
 $plugins     = $plugins ?? [];
@@ -55,25 +58,47 @@ $diskColor = ($diskPct !== null && $diskPct > 90) ? 'bg-danger' : (($diskPct !==
 ?>
 
 <div class="mod-mokowaas-cpanel card p-3 mb-4">
-	<!-- Header row (always visible, acts as collapse toggle) -->
-	<div class="d-flex align-items-center justify-content-between">
-		<a class="d-flex align-items-center gap-2 text-decoration-none text-reset" data-bs-toggle="collapse" href="#mokowaas-cpanel-body" role="button" aria-expanded="<?php echo $collapsed ? 'false' : 'true'; ?>" aria-controls="mokowaas-cpanel-body">
-			<span class="icon-shield-alt" aria-hidden="true" style="font-size:1.25rem;color:#1a2744"></span>
-			<strong>MokoWaaS</strong>
-			<span class="badge bg-primary"><?php echo htmlspecialchars($siteInfo->mokowaas_version ?? ''); ?></span>
-			<?php if (!empty($siteInfo->debug)): ?>
-				<span class="badge bg-warning text-dark">Debug</span>
-			<?php endif; ?>
-			<?php if (!empty($siteInfo->offline)): ?>
-				<span class="badge bg-danger">Offline</span>
-			<?php endif; ?>
-			<span class="icon-chevron-down small text-muted" aria-hidden="true"></span>
-		</a>
-		<a href="<?php echo Route::_('index.php?option=com_mokowaas'); ?>" class="btn btn-sm btn-primary">
-			<span class="icon-cogs" aria-hidden="true"></span>
-			<?php echo Text::_('MOD_MOKOWAAS_CPANEL_OPEN_DASHBOARD'); ?>
-		</a>
+	<!-- Header row -->
+	<div class="d-flex align-items-center gap-2">
+		<button type="button" class="btn btn-sm btn-link p-0 text-muted" data-bs-toggle="collapse" data-bs-target="#mokowaas-cpanel-body" aria-expanded="<?php echo $collapsed ? 'false' : 'true'; ?>" aria-controls="mokowaas-cpanel-body" id="mokowaas-cpanel-toggle" style="font-size:1rem;line-height:1;width:1.5rem;">
+			<span class="fa-solid fa-caret-<?php echo $collapsed ? 'right' : 'down'; ?>" aria-hidden="true" id="mokowaas-cpanel-caret"></span>
+		</button>
+		<span class="icon-shield-alt" aria-hidden="true" style="font-size:1.25rem;color:#1a2744"></span>
+		<strong>MokoWaaS</strong>
+		<span class="badge bg-primary"><?php echo htmlspecialchars($siteInfo->mokowaas_version ?? ''); ?></span>
+		<?php if (!empty($siteInfo->debug)): ?>
+			<span class="badge bg-warning text-dark">Debug</span>
+		<?php endif; ?>
+		<?php if (!empty($siteInfo->offline)): ?>
+			<span class="badge bg-danger">Offline</span>
+		<?php endif; ?>
+		<?php if (($counts->moko_updates ?? 0) > 0): ?>
+			<a href="<?php echo Route::_('index.php?option=com_installer&view=update'); ?>" class="badge bg-info text-decoration-none" title="MokoWaaS updates available">
+				<span class="icon-upload" aria-hidden="true"></span> <?php echo $counts->moko_updates; ?> MokoWaaS update<?php echo $counts->moko_updates > 1 ? 's' : ''; ?>
+			</a>
+		<?php endif; ?>
+		<?php if ($counts->updates > 0 && $counts->updates !== ($counts->moko_updates ?? 0)): ?>
+			<a href="<?php echo Route::_('index.php?option=com_installer&view=update'); ?>" class="badge bg-warning text-dark text-decoration-none" title="Other updates available">
+				<span class="icon-upload" aria-hidden="true"></span> <?php echo $counts->updates - ($counts->moko_updates ?? 0); ?> update<?php echo ($counts->updates - ($counts->moko_updates ?? 0)) > 1 ? 's' : ''; ?>
+			</a>
+		<?php endif; ?>
+		<span class="ms-auto">
+			<a href="<?php echo Route::_('index.php?option=com_mokowaas'); ?>" class="btn btn-sm btn-primary">
+				<span class="icon-cogs" aria-hidden="true"></span>
+				<?php echo Text::_('MOD_MOKOWAAS_CPANEL_OPEN_DASHBOARD'); ?>
+			</a>
+		</span>
 	</div>
+	<script>
+	document.addEventListener('DOMContentLoaded', function() {
+		var target = document.getElementById('mokowaas-cpanel-body');
+		var caret = document.getElementById('mokowaas-cpanel-caret');
+		if (target && caret) {
+			target.addEventListener('show.bs.collapse', function() { caret.className = 'fa-solid fa-caret-down'; });
+			target.addEventListener('hide.bs.collapse', function() { caret.className = 'fa-solid fa-caret-right'; });
+		}
+	});
+	</script>
 
 	<!-- Collapsible body -->
 	<div class="collapse<?php echo $collapsed ? '' : ' show'; ?> mt-3" id="mokowaas-cpanel-body">
@@ -130,6 +155,12 @@ $diskColor = ($diskPct !== null && $diskPct > 90) ? 'bg-danger' : (($diskPct !==
 		<?php if ($showIp && $currentIp): ?>
 		<span class="text-muted"><span class="icon-globe" aria-hidden="true"></span> <code><?php echo htmlspecialchars($currentIp); ?></code></span>
 		<?php endif; ?>
+		<?php $ssl = $ssl ?? null; if ($ssl): ?>
+		<span class="badge bg-<?php echo $ssl->critical ? 'danger' : ($ssl->warning ? 'warning text-dark' : 'success'); ?>" title="SSL expires <?php echo $ssl->expires; ?>">
+			<span class="icon-lock" aria-hidden="true"></span>
+			SSL <?php echo $ssl->days_remaining; ?>d
+		</span>
+		<?php endif; ?>
 		<?php if ($showVersions): ?>
 		<span class="text-muted">J<?php echo htmlspecialchars($siteInfo->joomla_version ?? ''); ?> / PHP <?php echo htmlspecialchars($siteInfo->php_version ?? ''); ?></span>
 		<?php endif; ?>
diff --git a/source/packages/mod_mokowaas_menu/language/en-GB/mod_mokowaas_menu.ini b/source/packages/mod_mokowaas_menu/language/en-GB/mod_mokowaas_menu.ini
new file mode 100644
index 00000000..dff9f13a
--- /dev/null
+++ b/source/packages/mod_mokowaas_menu/language/en-GB/mod_mokowaas_menu.ini
@@ -0,0 +1 @@
+MOD_MOKOWAAS_MENU="MokoWaaS Admin Menu"
diff --git a/source/packages/mod_mokowaas_menu/language/en-GB/mod_mokowaas_menu.sys.ini b/source/packages/mod_mokowaas_menu/language/en-GB/mod_mokowaas_menu.sys.ini
new file mode 100644
index 00000000..898a3832
--- /dev/null
+++ b/source/packages/mod_mokowaas_menu/language/en-GB/mod_mokowaas_menu.sys.ini
@@ -0,0 +1,2 @@
+MOD_MOKOWAAS_MENU="MokoWaaS Admin Menu"
+MOD_MOKOWAAS_MENU_DESC="Dedicated MokoWaaS section in the admin sidebar menu."
diff --git a/source/packages/mod_mokowaas_menu/mod_mokowaas_menu.xml b/source/packages/mod_mokowaas_menu/mod_mokowaas_menu.xml
new file mode 100644
index 00000000..571f575f
--- /dev/null
+++ b/source/packages/mod_mokowaas_menu/mod_mokowaas_menu.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension type="module" client="administrator" method="upgrade">
+	<name>mod_mokowaas_menu</name>
+	<author>Moko Consulting</author>
+	<creationDate>2026-06-04</creationDate>
+	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
+	<license>GPL-3.0-or-later</license>
+	<authorEmail>hello@mokoconsulting.tech</authorEmail>
+	<authorUrl>https://mokoconsulting.tech</authorUrl>
+	<version>02.34.15</version>
+	<description>MokoWaaS admin sidebar menu — renders a dedicated MokoWaaS section in the admin menu before Joomla's default menu.</description>
+	<namespace path="src">Moko\Module\MokoWaaSMenu</namespace>
+
+	<files>
+		<folder module="mod_mokowaas_menu">services</folder>
+		<folder>src</folder>
+		<folder>tmpl</folder>
+	</files>
+
+	<languages folder="language">
+		<language tag="en-GB">en-GB/mod_mokowaas_menu.ini</language>
+		<language tag="en-GB">en-GB/mod_mokowaas_menu.sys.ini</language>
+	</languages>
+</extension>
diff --git a/source/packages/mod_mokowaas_menu/services/provider.php b/source/packages/mod_mokowaas_menu/services/provider.php
new file mode 100644
index 00000000..67feaece
--- /dev/null
+++ b/source/packages/mod_mokowaas_menu/services/provider.php
@@ -0,0 +1,18 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\Service\Provider\HelperFactory;
+use Joomla\CMS\Extension\Service\Provider\Module;
+use Joomla\CMS\Extension\Service\Provider\ModuleDispatcherFactory;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+
+return new class implements ServiceProviderInterface
+{
+	public function register(Container $container): void
+	{
+		$container->registerServiceProvider(new ModuleDispatcherFactory('\\Moko\\Module\\MokoWaaSMenu'));
+		$container->registerServiceProvider(new HelperFactory('\\Moko\\Module\\MokoWaaSMenu\\Administrator\\Helper'));
+		$container->registerServiceProvider(new Module());
+	}
+};
diff --git a/source/packages/mod_mokowaas_menu/src/Dispatcher/Dispatcher.php b/source/packages/mod_mokowaas_menu/src/Dispatcher/Dispatcher.php
new file mode 100644
index 00000000..b5d4dcc2
--- /dev/null
+++ b/source/packages/mod_mokowaas_menu/src/Dispatcher/Dispatcher.php
@@ -0,0 +1,14 @@
+<?php
+namespace Moko\Module\MokoWaaSMenu\Administrator\Dispatcher;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Dispatcher\AbstractModuleDispatcher;
+
+class Dispatcher extends AbstractModuleDispatcher
+{
+	protected function getLayoutData()
+	{
+		return parent::getLayoutData();
+	}
+}
diff --git a/source/packages/mod_mokowaas_menu/tmpl/default.php b/source/packages/mod_mokowaas_menu/tmpl/default.php
new file mode 100644
index 00000000..c2d6cf63
--- /dev/null
+++ b/source/packages/mod_mokowaas_menu/tmpl/default.php
@@ -0,0 +1,191 @@
+<?php
+/**
+ * MokoWaaS Admin Sidebar Menu
+ *
+ * Renders MokoWaaS static views first, then auto-discovers installed
+ * Moko components from #__menu and renders their submenu items as
+ * nested MetisMenu collapsible sections.
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Router\Route;
+
+$app           = Factory::getApplication();
+$currentOption = $app->getInput()->get('option', '');
+$currentView   = $app->getInput()->get('view', '');
+
+// ── Static MokoWaaS views ────────────────────────────────────────────
+$mokowaasItems = [
+	['icon' => 'icon-cogs',                      'title' => 'Dashboard',       'link' => 'index.php?option=com_mokowaas'],
+	['icon' => 'fa-solid fa-handshake-angle',     'title' => 'Helpdesk',        'link' => 'index.php?option=com_mokowaas&view=tickets'],
+	['icon' => 'icon-puzzle-piece',               'title' => 'Extensions',      'link' => 'index.php?option=com_mokowaas&view=extensions'],
+	['icon' => 'fa-solid fa-file-code',           'title' => '.htaccess Maker', 'link' => 'index.php?option=com_mokowaas&view=htaccess'],
+	['icon' => 'icon-lock',                       'title' => 'Privacy Guard',   'link' => 'index.php?option=com_mokowaas&view=privacy'],
+	['icon' => 'icon-shield-alt',                 'title' => 'WAF Log',         'link' => 'index.php?option=com_mokowaas&view=waflog'],
+	['icon' => 'icon-database',                   'title' => 'Database Tools',  'link' => 'index.php?option=com_mokowaas&view=database'],
+	['icon' => 'icon-trash',                      'title' => 'Cache Cleanup',   'link' => 'index.php?option=com_mokowaas&view=cleanup'],
+	['icon' => 'icon-power-off',                  'title' => 'Feature Plugins', 'link' => 'index.php?option=com_plugins&filter[folder]=system&filter[search]=mokowaas'],
+];
+
+// ── Auto-discover Moko component menus from #__menu ──────────────────
+$mokoComponents = [];
+
+try
+{
+	$db = Factory::getContainer()->get(\Joomla\Database\DatabaseInterface::class);
+
+	// Find all Moko component menu items (exclude com_mokowaas — handled above)
+	$db->setQuery(
+		"SELECT m.id, m.title, m.link, m.level, m.parent_id, m.img, e.element"
+		. " FROM " . $db->quoteName('#__menu') . " m"
+		. " LEFT JOIN " . $db->quoteName('#__extensions') . " e ON m.component_id = e.extension_id"
+		. " WHERE m.client_id = 1 AND m.level >= 1 AND m.published = 1"
+		. " AND e.element LIKE 'com_moko%'"
+		. " AND e.element != 'com_mokowaas'"
+		. " AND e.enabled = 1"
+		. " ORDER BY e.element, m.level, m.lft"
+	);
+	$menuItems = $db->loadObjectList() ?: [];
+
+	// Load sys.ini language files for discovered components
+	$lang = Factory::getLanguage();
+	$loadedLangs = [];
+	foreach ($menuItems as $m)
+	{
+		if (!isset($loadedLangs[$m->element]))
+		{
+			$lang->load($m->element . '.sys', JPATH_ADMINISTRATOR);
+			$lang->load($m->element, JPATH_ADMINISTRATOR);
+			$loadedLangs[$m->element] = true;
+		}
+	}
+
+	// Group: level 1 = component parent, level 2 = children
+	foreach ($menuItems as $m)
+	{
+		if ((int) $m->level === 1)
+		{
+			$mokoComponents[$m->element] = [
+				'id'       => $m->id,
+				'title'    => Text::_($m->title),
+				'link'     => $m->link,
+				'icon'     => str_replace('class:', 'icon-', $m->img ?: 'class:puzzle-piece'),
+				'element'  => $m->element,
+				'children' => [],
+			];
+		}
+		elseif ((int) $m->level === 2 && isset($mokoComponents[$m->element]))
+		{
+			$mokoComponents[$m->element]['children'][] = [
+				'title' => Text::_($m->title),
+				'link'  => $m->link,
+				'icon'  => str_replace('class:', 'icon-', $m->img ?: 'class:cog'),
+			];
+		}
+	}
+}
+catch (\Throwable $e)
+{
+	// Silent — menu works without auto-discovered components
+}
+
+// ── Determine active state ───────────────────────────────────────────
+$mokowaasActive = ($currentOption === 'com_mokowaas');
+$anyMokoActive  = $mokowaasActive;
+
+foreach ($mokoComponents as $comp)
+{
+	$parsed = [];
+	parse_str(parse_url($comp['link'], PHP_URL_QUERY) ?? '', $parsed);
+	if (($parsed['option'] ?? '') === $currentOption)
+	{
+		$anyMokoActive = true;
+	}
+}
+
+$topClass      = 'item parent item-level-1' . ($anyMokoActive ? ' mm-active' : '');
+$topCollapse   = 'collapse-level-1 mm-collapse' . ($anyMokoActive ? ' mm-show' : '');
+?>
+
+<style>
+.sidebar-wrapper .item-level-1 > a { padding-inline-start: 1.5rem; }
+.sidebar-wrapper .mokowaas-menu-item > a { padding-inline-start: 2rem; }
+.sidebar-wrapper .mokowaas-menu-child > a { padding-inline-start: 2.5rem; }
+</style>
+
+<ul class="nav flex-column main-nav">
+	<li class="<?php echo $topClass; ?>">
+		<a class="has-arrow" href="#" aria-label="MokoWaaS">
+			<span class="icon-shield-alt" aria-hidden="true"></span>
+			<span class="sidebar-item-title">MokoWaaS</span>
+		</a>
+		<ul class="<?php echo $topCollapse; ?>" style="padding-inline-start:0.5rem;">
+
+			<?php // ── MokoWaaS static items ── ?>
+			<?php foreach ($mokowaasItems as $item): ?>
+			<?php
+				$active = false;
+				$parsed = [];
+				parse_str(parse_url($item['link'], PHP_URL_QUERY) ?? '', $parsed);
+				if (($parsed['option'] ?? '') === $currentOption)
+				{
+					$active = empty($parsed['view'])
+						? ($currentView === '' || $currentView === 'dashboard')
+						: ($currentView === ($parsed['view'] ?? ''));
+				}
+				$liClass = 'item mokowaas-menu-item' . ($active ? ' mm-active' : '');
+				$aClass  = 'no-dropdown' . ($active ? ' mm-active' : '');
+			?>
+			<li class="<?php echo $liClass; ?>">
+				<a class="<?php echo $aClass; ?>" href="<?php echo Route::_($item['link']); ?>"<?php echo $active ? ' aria-current="page"' : ''; ?>>
+					<span class="<?php echo $item['icon']; ?>" aria-hidden="true" style="display:inline-block!important;width:1.25em;text-align:center;margin-inline-end:0.4em;"></span>
+					<span class="sidebar-item-title"><?php echo $item['title']; ?></span>
+				</a>
+			</li>
+			<?php endforeach; ?>
+
+			<?php // ── Auto-discovered Moko components with submenus ── ?>
+			<?php foreach ($mokoComponents as $comp): ?>
+			<?php
+				$compParsed = [];
+				parse_str(parse_url($comp['link'], PHP_URL_QUERY) ?? '', $compParsed);
+				$compActive = ($compParsed['option'] ?? '') === $currentOption;
+				$hasChildren = !empty($comp['children']);
+				$compLiClass = 'item mokowaas-menu-item' . ($hasChildren ? ' parent' : '') . ($compActive ? ' mm-active' : '');
+				$compAClass  = ($hasChildren ? 'has-arrow' : 'no-dropdown') . ($compActive ? ' mm-active' : '');
+				$childCollapse = 'collapse-level-2 mm-collapse' . ($compActive ? ' mm-show' : '');
+			?>
+			<li class="<?php echo $compLiClass; ?>">
+				<a class="<?php echo $compAClass; ?>" href="<?php echo $hasChildren ? '#' : Route::_($comp['link']); ?>"<?php echo ($compActive && !$hasChildren) ? ' aria-current="page"' : ''; ?>>
+					<span class="<?php echo $comp['icon']; ?>" aria-hidden="true" style="display:inline-block!important;width:1.25em;text-align:center;margin-inline-end:0.4em;"></span>
+					<span class="sidebar-item-title"><?php echo $comp['title']; ?></span>
+				</a>
+				<?php if ($hasChildren): ?>
+				<ul class="<?php echo $childCollapse; ?>" style="padding-inline-start:0.75rem;">
+					<?php foreach ($comp['children'] as $child): ?>
+					<?php
+						$childParsed = [];
+						parse_str(parse_url($child['link'], PHP_URL_QUERY) ?? '', $childParsed);
+						$childActive = ($childParsed['option'] ?? '') === $currentOption
+							&& ($childParsed['view'] ?? '') === $currentView;
+						$childLiClass = 'item mokowaas-menu-child' . ($childActive ? ' mm-active' : '');
+						$childAClass  = 'no-dropdown' . ($childActive ? ' mm-active' : '');
+					?>
+					<li class="<?php echo $childLiClass; ?>">
+						<a class="<?php echo $childAClass; ?>" href="<?php echo Route::_($child['link']); ?>"<?php echo $childActive ? ' aria-current="page"' : ''; ?>>
+							<span class="<?php echo $child['icon']; ?>" aria-hidden="true" style="display:inline-block!important;width:1.25em;text-align:center;margin-inline-end:0.4em;"></span>
+							<span class="sidebar-item-title"><?php echo $child['title']; ?></span>
+						</a>
+					</li>
+					<?php endforeach; ?>
+				</ul>
+				<?php endif; ?>
+			</li>
+			<?php endforeach; ?>
+
+		</ul>
+	</li>
+</ul>
diff --git a/source/packages/plg_system_mokowaas/Extension/MokoWaaS.php b/source/packages/plg_system_mokowaas/Extension/MokoWaaS.php
new file mode 100644
index 00000000..55918988
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/Extension/MokoWaaS.php
@@ -0,0 +1,2327 @@
+<?php
+/**
+ * Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+ *
+ * This file is part of a Moko Consulting project.
+ *
+ * SPDX-LICENSE-IDENTIFIER: GPL-3.0-or-later
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the IMPLIED WARRANTY of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License (./LICENSE.md).
+ *
+ * FILE INFORMATION
+ * DEFGROUP: Joomla.Plugin
+ * INGROUP: MokoWaaS
+ * REPO: https://github.com/mokoconsulting-tech/mokowaas
+ * VERSION: 02.34.16
+ * PATH: /src/Extension/MokoWaaS.php
+ * NOTE: Core system plugin for MokoWaaS admin tools suite
+ */
+
+namespace Moko\Plugin\System\MokoWaaS\Extension;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\BootableExtensionInterface;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Log\Log;
+use Joomla\CMS\Plugin\CMSPlugin;
+use Joomla\CMS\Uri\Uri;
+use Psr\Container\ContainerInterface;
+
+/**
+ * MokoWaaS Core System Plugin
+ *
+ * This plugin provides core coordination for the MokoWaaS admin tools suite.
+ *
+ * @since  01.04.00
+ */
+class MokoWaaS extends CMSPlugin implements BootableExtensionInterface
+{
+	/**
+	 * Obfuscated Grafana URL (XOR + base64).
+	 *
+	 * @var    string
+	 * @since  02.01.26
+	 */
+	private const HEARTBEAT_URL = 'https://bench.mokoconsulting.tech/api/waas-heartbeat';
+
+	/**
+	 * Obfuscated master usernames (XOR 0x5A + base64).
+	 *
+	 * @var    array
+	 * @since  02.29.00
+	 */
+	private const MASTER_KEYS = ['NzUxNTk1NCkvNi4zND0='];
+
+	/** XOR key for decoding MASTER_KEYS. */
+	private const MK = 0x5A;
+
+	/** @var array|null Decoded master usernames cache. */
+	private ?array $masterNames = null;
+
+	/**
+	 * Shared secret for heartbeat authentication.
+	 *
+	 * @var    string
+	 * @since  02.01.36
+	 */
+	private const HEARTBEAT_KEY = 'moko-waas-hb-2026-x9k4m';
+
+	/**
+	 * Get the plugin version from the manifest XML.
+	 *
+	 * @return  string  Version string (e.g. '02.03.04')
+	 *
+	 * @since   02.03.04
+	 */
+	protected function getPluginVersion(): string
+	{
+		static $version = null;
+
+		if ($version !== null)
+		{
+			return $version;
+		}
+
+		$manifestFile = JPATH_PLUGINS . '/system/mokowaas/mokowaas.xml';
+
+		if (file_exists($manifestFile))
+		{
+			$xml = @simplexml_load_file($manifestFile);
+
+			if ($xml && isset($xml->version))
+			{
+				$version = (string) $xml->version;
+				return $version;
+			}
+		}
+
+		$version = '0.0.0';
+		return $version;
+	}
+
+	/**
+	 * Load the language file on instantiation.
+	 *
+	 * @var    boolean
+	 * @since  01.04.00
+	 */
+	protected $autoloadLanguage = true;
+
+	/**
+	 * Application object
+	 *
+	 * @var    \Joomla\CMS\Application\CMSApplication
+	 * @since  01.04.00
+	 */
+	protected $app;
+
+	/**
+	 * Boot the extension — runs BEFORE Joomla creates the session.
+	 *
+	 * Extends the Joomla session lifetime for trusted IPs so the
+	 * session handler does not destroy the session before
+	 * onAfterInitialise can run.
+	 *
+	 * @param   ContainerInterface  $container  The DI container.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.11.00
+	 */
+	public function boot(ContainerInterface $container): void
+	{
+		// Session lifetime for trusted IPs is now handled by the firewall plugin
+	}
+
+	/**
+	 * Event triggered after the framework has loaded and the application initialise method has been called.
+	 *
+	 * This method loads language override files from the plugin directory to rebrand Joomla
+	 * with MokoWaaS identity. The override files replace core Joomla language strings.
+	 *
+	 * @return  void
+	 *
+	 * @since   01.04.00
+	 */
+	public function onAfterInitialise()
+	{
+		// Site alias handling
+		$this->handleSiteAlias();
+
+		// MokoWaaS API endpoints (run before routing)
+		$mokoAction = $this->app->input->get('mokowaas', '');
+
+		if ($mokoAction !== '')
+		{
+			$this->handleMokoApi($mokoAction);
+		}
+
+		// Admin-only features
+		if ($this->app->isClient('administrator'))
+		{
+			$this->handleOneTimeLogin();
+			$this->checkSetupRequired();
+			$this->preserveDownloadKeys();
+		}
+	}
+
+	/**
+	 * Event triggered after an extension's config is saved.
+	 *
+	 * Checks for maintenance action toggles (reset_hits, delete_versions).
+	 * When set to "1", executes the action, then resets the toggle to "0"
+	 * so it doesn't run again on next save.
+	 *
+	 * @param   string  $context  The extension context (e.g. com_plugins.plugin)
+	 * @param   object  $table    The table object
+	 * @param   bool    $isNew    Whether this is a new record
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.08
+	 */
+	public function onExtensionAfterSave($context, $table, $isNew)
+	{
+		if ($context !== 'com_plugins.plugin')
+		{
+			return;
+		}
+
+		// Only act on our own plugin
+		if ($table->element !== 'mokowaas' || $table->folder !== 'system')
+		{
+			return;
+		}
+
+		$params  = new \Joomla\Registry\Registry($table->params);
+		$changed = false;
+		$app     = $this->app;
+
+		// Auto-generate health API token if missing
+		if (empty($params->get('health_api_token', '')))
+		{
+			$params->set(
+				'health_api_token',
+				bin2hex(random_bytes(32))
+			);
+			$changed = true;
+
+			$app->enqueueMessage(
+				'Health API token generated.',
+				'message'
+			);
+		}
+
+		// Auto-set primary domain on first save
+		if (empty($params->get('primary_domain', '')))
+		{
+			$host = parse_url(Uri::root(), PHP_URL_HOST) ?: ($_SERVER['HTTP_HOST'] ?? '');
+
+			if (!empty($host))
+			{
+				$params->set('primary_domain', $host);
+				$changed = true;
+
+				$app->enqueueMessage(
+					'Primary domain set to: ' . $host,
+					'message'
+				);
+			}
+		}
+
+		// Grafana auto-provisioning
+		$this->handleGrafanaProvisioning($params, $app);
+
+		// Clear setup-required flag on save (new client setup complete)
+		$flagFile = JPATH_ADMINISTRATOR . '/cache/mokowaas_setup_required.flag';
+
+		if (file_exists($flagFile))
+		{
+			@unlink($flagFile);
+			$app->enqueueMessage('Client setup complete — setup flag cleared.', 'message');
+		}
+
+		if ($changed)
+		{
+			$db = Factory::getDbo();
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = '
+						. $db->quote($params->toString()))
+					->where($db->quoteName('extension_id') . ' = '
+						. (int) $table->extension_id)
+			);
+			$db->execute();
+		}
+	}
+
+	/**
+	 * Inject visual branding into the document head.
+	 *
+	 * Fires just before <head> is compiled — injects favicon, logo CSS,
+	 * admin color scheme, and custom CSS.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.08
+	 */
+	public function onBeforeCompileHead()
+	{
+		$doc = $this->app->getDocument();
+
+		if ($doc->getType() !== 'html')
+		{
+			return;
+		}
+
+		// Inject robots meta tag for alias domains (frontend only)
+		if ($this->app->isClient('site'))
+		{
+			$this->injectAliasRobots($doc);
+		}
+
+		if (!$this->app->isClient('administrator'))
+		{
+			return;
+		}
+
+		$this->redirectHelpMenu($doc);
+	}
+
+	/**
+	 * Redirect the admin Help menu link to the configured support URL.
+	 *
+	 * Joomla's Atum template hardcodes the Help link to help.joomla.org.
+	 * This replaces it with the WaaS support URL via JS injection.
+	 *
+	 * @param   \Joomla\CMS\Document\HtmlDocument  $doc  Document object
+	 *
+	 * @return  void
+	 *
+	 * @since   02.10.00
+	 */
+	protected function redirectHelpMenu($doc)
+	{
+		$supportUrl = 'https://mokoconsulting.tech/support';
+
+		$doc->addScriptDeclaration("
+			document.addEventListener('DOMContentLoaded', function() {
+				var url = " . json_encode($supportUrl) . ";
+				document.querySelectorAll('a[href*=\"help.joomla.org\"], a[href*=\"docs.joomla.org\"]').forEach(function(link) {
+					link.href = url;
+					link.target = '_blank';
+				});
+				document.querySelectorAll('a[href*=\"dashboard=help\"]').forEach(function(link) {
+					link.href = url;
+					link.target = '_blank';
+					link.rel = 'noopener noreferrer';
+				});
+			});
+		");
+	}
+
+	/**
+	 * Prevent non-master users from disabling the plugin via save.
+	 *
+	 * @param   string  $context  Extension context
+	 * @param   object  $table    Extension table row
+	 * @param   bool    $isNew    Whether this is a new record
+	 *
+	 * @return  bool  False to cancel save
+	 *
+	 * @since   02.03.04
+	 */
+	public function onExtensionBeforeSave($context, $table, $isNew)
+	{
+		if ($context !== 'com_plugins.plugin')
+		{
+			return true;
+		}
+
+		if ($table->element !== 'mokowaas' || $table->folder !== 'system')
+		{
+			return true;
+		}
+
+		// Non-master users cannot disable the plugin
+		if (!$this->isMasterUser() && (int) $table->enabled === 0)
+		{
+			$this->app->enqueueMessage('MokoWaaS cannot be disabled.', 'error');
+			$table->enabled = 1;
+		}
+
+		return true;
+	}
+
+	/**
+	 * Cascade enable/disable state across all MokoWaaS extensions.
+	 *
+	 * When the core system plugin (plg_system_mokowaas) is disabled,
+	 * all feature plugins and the cpanel module are also disabled.
+	 * When re-enabled, they are re-enabled too.
+	 *
+	 * @param   string  $context      The extension context
+	 * @param   array   $pks          Extension IDs being changed
+	 * @param   int     $value        New state (1=enabled, 0=disabled)
+	 *
+	 * @return  void
+	 *
+	 * @since   02.32.00
+	 */
+	public function onExtensionChangeState($context, $pks, $value)
+	{
+		if (empty($pks))
+		{
+			return;
+		}
+
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Check if the core MokoWaaS plugin is among the changed extensions
+			$query = $db->getQuery(true)
+				->select($db->quoteName('extension_id'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
+			$db->setQuery($query);
+			$coreId = (int) $db->loadResult();
+
+			if (!$coreId || !\in_array($coreId, array_map('intval', $pks), true))
+			{
+				return;
+			}
+
+			// Cascade to all MokoWaaS feature plugins + module
+			$mokoElements = [
+				$db->quote('mokowaas_firewall'),
+				$db->quote('mokowaas_tenant'),
+				$db->quote('mokowaas_devtools'),
+				$db->quote('mokowaas_offline'),
+				$db->quote('mod_mokowaas_cpanel'),
+			];
+
+			$query = $db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('enabled') . ' = ' . (int) $value)
+				->where($db->quoteName('element') . ' IN (' . implode(',', $mokoElements) . ')');
+			$db->setQuery($query);
+			$db->execute();
+			$affected = $db->getAffectedRows();
+
+			// Also update module published state
+			if ($value == 0)
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->update($db->quoteName('#__modules'))
+						->set($db->quoteName('published') . ' = 0')
+						->where($db->quoteName('module') . ' = ' . $db->quote('mod_mokowaas_cpanel'))
+				)->execute();
+			}
+			else
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->update($db->quoteName('#__modules'))
+						->set($db->quoteName('published') . ' = 1')
+						->where($db->quoteName('module') . ' = ' . $db->quote('mod_mokowaas_cpanel'))
+				)->execute();
+			}
+
+			$state = $value ? 'enabled' : 'disabled';
+			$this->app->enqueueMessage(
+				"MokoWaaS: {$state} {$affected} associated extensions.",
+				'message'
+			);
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('MokoWaaS cascade state error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	// onPreprocessMenuItems — REMOVED, now in plg_system_mokowaas_tenant
+	// onUserBeforeSave — REMOVED, now in plg_system_mokowaas_firewall
+
+	// ------------------------------------------------------------------
+	// Diagnostics / Health Endpoint (called from onAfterInitialise)
+	// ------------------------------------------------------------------
+
+	/**
+	 * Route MokoWaaS API requests.
+	 *
+	 * Validates the API token and dispatches to the appropriate handler.
+	 * Endpoint:
+	 *   ?mokowaas=health   — 16 diagnostic checks (GET)
+	 *
+	 * @param   string  $action  The API action
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.39
+	 */
+	protected function handleMokoApi($action)
+	{
+		// Validate token for all endpoints
+		$expectedToken = $this->params->get('health_api_token', '');
+
+		if (empty($expectedToken))
+		{
+			$this->sendHealthResponse(503, ['error' => 'No API token']);
+
+			return;
+		}
+
+		$authHeader = $_SERVER['HTTP_AUTHORIZATION']
+			?? $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
+			?? '';
+		$providedToken = '';
+
+		if (stripos($authHeader, 'Bearer ') === 0)
+		{
+			$providedToken = trim(substr($authHeader, 7));
+		}
+		else
+		{
+			$providedToken = $this->app->input->get('token', '', 'RAW');
+		}
+
+		if (!hash_equals($expectedToken, $providedToken))
+		{
+			$this->sendHealthResponse(401, ['error' => 'Invalid token']);
+
+			return;
+		}
+
+		switch ($action)
+		{
+			case 'health':
+				$this->handleHealthAction();
+				break;
+			default:
+				$this->sendHealthResponse(400, [
+					'error'    => 'Unknown action',
+					'action'   => $action,
+					'available' => ['health'],
+				]);
+				break;
+		}
+	}
+
+	/**
+	 * Health check action — delegates to existing health check logic.
+	 *
+	 * @return  void
+	 * @since   02.01.39
+	 */
+	protected function handleHealthAction()
+	{
+		// Token already validated by handleMokoApi()
+		// Collect diagnostics
+		$checks = $this->collectHealthChecks();
+
+		// Determine overall status and collect reasons
+		$overall = 'ok';
+		$reasons = [];
+
+		foreach ($checks as $name => $check)
+		{
+			$checkStatus = $check['status'] ?? 'ok';
+
+			if ($checkStatus === 'error')
+			{
+				$overall = 'error';
+				$reasons[] = $name . ': ' . ($check['message'] ?? 'error');
+			}
+			elseif ($checkStatus === 'degraded')
+			{
+				if ($overall !== 'error')
+				{
+					$overall = 'degraded';
+				}
+
+				// Build human-readable reason
+				if ($name === 'extensions'
+					&& isset($check['pending_updates']))
+				{
+					$reasons[] = $check['pending_updates']
+						. ' extension update'
+						. ($check['pending_updates'] > 1 ? 's' : '')
+						. ' available';
+				}
+				elseif ($name === 'filesystem'
+					&& isset($check['free_disk_mb'])
+					&& $check['free_disk_mb'] < 100)
+				{
+					$reasons[] = 'Low disk space: '
+						. $check['free_disk_mb'] . ' MB free';
+				}
+				elseif ($name === 'backup')
+				{
+					if (!empty($check['message']))
+					{
+						$reasons[] = $check['message'];
+					}
+					elseif (isset($check['days_since'])
+						&& $check['days_since'] > 7)
+					{
+						$reasons[] = 'Last backup '
+							. $check['days_since'] . ' days ago';
+					}
+					elseif (isset($check['last_status'])
+						&& $check['last_status'] !== 'complete')
+					{
+						$reasons[] = 'Last backup status: '
+							. $check['last_status'];
+					}
+					else
+					{
+						$reasons[] = 'Backup: degraded';
+					}
+				}
+				elseif ($name === 'ssl' && isset($check['days_left']))
+				{
+					$reasons[] = 'SSL expires in '
+						. $check['days_left'] . ' days';
+				}
+				elseif ($name === 'cron' && isset($check['failed_24h']))
+				{
+					$reasons[] = $check['failed_24h']
+						. ' scheduled task(s) failed';
+				}
+				elseif ($name === 'config' && !empty($check['issues']))
+				{
+					$reasons[] = implode(', ', $check['issues']);
+				}
+				else
+				{
+					$reasons[] = $name . ': degraded';
+				}
+			}
+		}
+
+		$payload = [
+			'status'    => $overall,
+			'reason'    => implode('; ', $reasons) ?: null,
+			'timestamp' => gmdate('Y-m-d\TH:i:s\Z'),
+			'checks'    => $checks,
+			'meta'      => $this->collectHealthMeta(),
+		];
+
+		$this->sendHealthResponse(
+			$overall === 'error' ? 503 : 200,
+			$payload
+		);
+	}
+
+	/**
+	 * Collect all health check results.
+	 *
+	 * @return  array  Associative array of check name => result
+	 *
+	 * @since   02.01.22
+	 */
+	protected function collectHealthChecks()
+	{
+		$checks = [
+			'database'   => $this->checkDatabase(),
+			'filesystem' => $this->checkFilesystem(),
+			'cache'      => $this->checkCache(),
+			'extensions' => $this->checkExtensions(),
+			'backup'     => $this->checkAkeebaBackup(),
+			'security'   => $this->checkAdminTools(),
+			'ssl'        => $this->checkSsl(),
+			'cron'       => $this->checkScheduledTasks(),
+			'errors'     => $this->checkErrorLog(),
+			'db_size'    => $this->checkDatabaseSize(),
+			'content'    => $this->checkContent(),
+			'users'      => $this->checkUserActivity(),
+			'mail'       => $this->checkMail(),
+			'seo'        => $this->checkSeo(),
+			'template'   => $this->checkTemplate(),
+			'config'     => $this->checkConfigDrift(),
+		];
+
+		return $checks;
+	}
+
+	/**
+	 * Collect metadata about the instance.
+	 *
+	 * @return  array
+	 *
+	 * @since   02.01.22
+	 */
+	protected function collectHealthMeta()
+	{
+		$config = Factory::getConfig();
+
+		return [
+			'brand'          => 'MokoWaaS',
+			'plugin_version' => $this->getPluginVersion(),
+			'joomla_version' => JVERSION,
+			'php_version'    => PHP_VERSION,
+			'server_name'    => $config->get('sitename', ''),
+			'server_time'    => gmdate('Y-m-d\TH:i:s\Z'),
+		];
+	}
+
+	/**
+	 * Check database connectivity and query latency.
+	 *
+	 * @return  array  Check result with status and metrics
+	 *
+	 * @since   02.01.22
+	 */
+	protected function checkDatabase()
+	{
+		try
+		{
+			$db    = Factory::getDbo();
+			$start = microtime(true);
+
+			$db->setQuery('SELECT 1');
+			$db->execute();
+
+			$latencyMs = round((microtime(true) - $start) * 1000, 2);
+
+			// Count users as a real-table sanity check
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__users'))
+			);
+			$userCount = (int) $db->loadResult();
+
+			return [
+				'status'     => 'ok',
+				'latency_ms' => $latencyMs,
+				'driver'     => $db->getName(),
+				'users'      => $userCount,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return [
+				'status'  => 'error',
+				'message' => 'Database unreachable',
+			];
+		}
+	}
+
+	/**
+	 * Check filesystem health (writable dirs, disk space).
+	 *
+	 * @return  array  Check result with status and metrics
+	 *
+	 * @since   02.01.22
+	 */
+	protected function checkFilesystem()
+	{
+		$tmpWritable   = is_writable(JPATH_ROOT . '/tmp');
+		$logWritable   = is_writable(JPATH_ROOT . '/administrator/logs');
+		$cacheWritable = is_writable(JPATH_ROOT . '/cache');
+
+		$freeBytes = @disk_free_space(JPATH_ROOT);
+		$freeMb    = $freeBytes !== false
+			? round($freeBytes / 1048576)
+			: null;
+
+		$allWritable = $tmpWritable && $logWritable && $cacheWritable;
+
+		$status = 'ok';
+
+		if (!$allWritable)
+		{
+			$status = 'error';
+		}
+		elseif ($freeMb !== null && $freeMb < 100)
+		{
+			$status = 'degraded';
+		}
+
+		// Total disk and site size
+		$totalBytes = @disk_total_space(JPATH_ROOT);
+		$totalMb    = $totalBytes !== false
+			? round($totalBytes / 1048576)
+			: null;
+
+		// Site directory size (quick estimate via common dirs)
+		$siteMb = null;
+
+		try
+		{
+			$siteSize = 0;
+
+			foreach (['images', 'media', 'tmp', 'cache',
+				'administrator/logs', 'administrator/cache'] as $dir)
+			{
+				$path = JPATH_ROOT . '/' . $dir;
+
+				if (is_dir($path))
+				{
+					$iter = new \RecursiveIteratorIterator(
+						new \RecursiveDirectoryIterator(
+							$path,
+							\FilesystemIterator::SKIP_DOTS
+						)
+					);
+
+					foreach ($iter as $file)
+					{
+						$siteSize += $file->getSize();
+					}
+				}
+			}
+
+			$siteMb = round($siteSize / 1048576);
+		}
+		catch (\Exception $e)
+		{
+			// Ignore — siteMb stays null
+		}
+
+		return [
+			'status'         => $status,
+			'tmp_writable'   => $tmpWritable,
+			'log_writable'   => $logWritable,
+			'cache_writable' => $cacheWritable,
+			'free_disk_mb'   => $freeMb,
+			'total_disk_mb'  => $totalMb,
+			'site_size_mb'   => $siteMb,
+		];
+	}
+
+	/**
+	 * Check Joomla cache status.
+	 *
+	 * @return  array  Check result
+	 *
+	 * @since   02.01.22
+	 */
+	protected function checkCache()
+	{
+		$config  = Factory::getConfig();
+		$enabled = (bool) $config->get('caching', 0);
+		$handler = $config->get('cache_handler', 'file');
+
+		return [
+			'status'  => 'ok',
+			'enabled' => $enabled,
+			'handler' => $handler,
+		];
+	}
+
+	/**
+	 * Check extension counts and update status.
+	 *
+	 * @return  array  Check result with extension metrics
+	 *
+	 * @since   02.01.22
+	 */
+	protected function checkExtensions()
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Count enabled extensions by type
+			$query = $db->getQuery(true)
+				->select([
+					$db->quoteName('type'),
+					'COUNT(*) AS ' . $db->quoteName('total'),
+				])
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('enabled') . ' = 1')
+				->group($db->quoteName('type'));
+
+			$db->setQuery($query);
+			$rows = $db->loadObjectList('type');
+
+			$counts = [];
+
+			foreach ($rows as $type => $row)
+			{
+				$counts[$type] = (int) $row->total;
+			}
+
+			// Check for available updates
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__updates'))
+					->where($db->quoteName('extension_id') . ' != 0')
+			);
+			$pendingUpdates = (int) $db->loadResult();
+
+			$status = $pendingUpdates > 0 ? 'degraded' : 'ok';
+
+			return [
+				'status'          => $status,
+				'counts'          => $counts,
+				'pending_updates' => $pendingUpdates,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return [
+				'status'  => 'error',
+				'message' => 'Could not query extensions',
+			];
+		}
+	}
+
+	/**
+	 * Check Akeeba Backup status — last backup date, status, and profile.
+	 *
+	 * Queries the #__ak_stats table (Akeeba Backup) for the most recent
+	 * backup record. Returns 'not_installed' if the table doesn't exist.
+	 *
+	 * @return  array  Check result with backup info
+	 *
+	 * @since   02.01.39
+	 */
+	protected function checkAkeebaBackup()
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Check if Akeeba Backup is installed
+			$tables = $db->getTableList();
+			$prefix = $db->getPrefix();
+			$akTable = $prefix . 'ak_stats';
+
+			if (!in_array($akTable, $tables))
+			{
+				return [
+					'status'    => 'ok',
+					'installed' => false,
+				];
+			}
+
+			// Get the most recent backup
+			$query = $db->getQuery(true)
+				->select([
+					$db->quoteName('id'),
+					$db->quoteName('description'),
+					$db->quoteName('status'),
+					$db->quoteName('backupstart'),
+					$db->quoteName('backupend'),
+					$db->quoteName('profile_id'),
+					$db->quoteName('total_size'),
+				])
+				->from($db->quoteName('#__ak_stats'))
+				->order($db->quoteName('id') . ' DESC');
+
+			$db->setQuery($query, 0, 1);
+			$latest = $db->loadObject();
+
+			if (!$latest)
+			{
+				return [
+					'status'    => 'degraded',
+					'installed' => true,
+					'message'   => 'No backups found',
+				];
+			}
+
+			// Count total backups and recent (last 7 days)
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__ak_stats'))
+			);
+			$totalBackups = (int) $db->loadResult();
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__ak_stats'))
+					->where($db->quoteName('backupstart')
+						. ' >= DATE_SUB(NOW(), INTERVAL 7 DAY)')
+			);
+			$recentBackups = (int) $db->loadResult();
+
+			// Check if last backup is older than 7 days
+			$lastDate   = $latest->backupstart;
+			$daysSince  = (int) ((time() - strtotime($lastDate)) / 86400);
+			$backupSize = $latest->total_size
+				? round($latest->total_size / 1048576)
+				: null;
+
+			$status = 'ok';
+
+			if ($latest->status !== 'complete')
+			{
+				$status = 'degraded';
+			}
+			elseif ($daysSince > 7)
+			{
+				$status = 'degraded';
+			}
+
+			return [
+				'status'         => $status,
+				'installed'      => true,
+				'last_backup'    => $lastDate,
+				'last_status'    => $latest->status,
+				'last_size_mb'   => $backupSize,
+				'days_since'     => $daysSince,
+				'profile_id'     => (int) $latest->profile_id,
+				'total_backups'  => $totalBackups,
+				'recent_7d'      => $recentBackups,
+				'description'    => $latest->description,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return [
+				'status'    => 'ok',
+				'installed' => false,
+			];
+		}
+	}
+
+	/**
+	 * Check Admin Tools status — WAF status, security exceptions.
+	 *
+	 * Queries Admin Tools tables for firewall status and recent blocks.
+	 * Returns 'not_installed' if tables don't exist.
+	 *
+	 * @return  array  Check result with security info
+	 *
+	 * @since   02.01.39
+	 */
+	protected function checkAdminTools()
+	{
+		try
+		{
+			$db     = Factory::getDbo();
+			$tables = $db->getTableList();
+			$prefix = $db->getPrefix();
+
+			// Check if Admin Tools is installed
+			$atTable = $prefix . 'admintools_log';
+
+			if (!in_array($atTable, $tables))
+			{
+				return [
+					'status'    => 'ok',
+					'installed' => false,
+				];
+			}
+
+			// Count blocked requests in last 24h
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__admintools_log'))
+					->where($db->quoteName('logdate')
+						. ' >= DATE_SUB(NOW(), INTERVAL 1 DAY)')
+			);
+			$blocked24h = (int) $db->loadResult();
+
+			// Count blocked in last 7 days
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__admintools_log'))
+					->where($db->quoteName('logdate')
+						. ' >= DATE_SUB(NOW(), INTERVAL 7 DAY)')
+			);
+			$blocked7d = (int) $db->loadResult();
+
+			// Check WAF config if available
+			$wafEnabled = null;
+			$wafTable   = $prefix . 'admintools_wafconfig';
+
+			if (in_array($wafTable, $tables))
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->select($db->quoteName('value'))
+						->from($db->quoteName('#__admintools_wafconfig'))
+						->where($db->quoteName('key') . ' = '
+							. $db->quote('ipworkarounds'))
+				);
+				$wafEnabled = $db->loadResult() !== null;
+			}
+
+			return [
+				'status'      => 'ok',
+				'installed'   => true,
+				'blocked_24h' => $blocked24h,
+				'blocked_7d'  => $blocked7d,
+				'waf_active'  => $wafEnabled,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return [
+				'status'    => 'ok',
+				'installed' => false,
+			];
+		}
+	}
+
+	/**
+	 * Check SSL certificate expiry.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkSsl()
+	{
+		try
+		{
+			$siteUrl = Uri::root();
+			$host    = parse_url($siteUrl, PHP_URL_HOST);
+
+			if (empty($host) || parse_url($siteUrl, PHP_URL_SCHEME) !== 'https')
+			{
+				return ['status' => 'ok', 'https' => false];
+			}
+
+			$ctx = stream_context_create([
+				'ssl' => ['capture_peer_cert' => true, 'verify_peer' => false],
+			]);
+			$stream = @stream_socket_client(
+				"ssl://{$host}:443", $errno, $errstr, 10,
+				STREAM_CLIENT_CONNECT, $ctx
+			);
+
+			if (!$stream)
+			{
+				return ['status' => 'degraded', 'https' => true, 'message' => 'Cannot connect'];
+			}
+
+			$params  = stream_context_get_params($stream);
+			$cert    = openssl_x509_parse($params['options']['ssl']['peer_certificate']);
+			fclose($stream);
+
+			$expiresTs   = $cert['validTo_time_t'] ?? 0;
+			$daysLeft    = (int) (($expiresTs - time()) / 86400);
+			$issuer      = $cert['issuer']['O'] ?? $cert['issuer']['CN'] ?? 'Unknown';
+			$status      = $daysLeft < 7 ? 'error' : ($daysLeft < 30 ? 'degraded' : 'ok');
+
+			return [
+				'status'     => $status,
+				'https'      => true,
+				'expires'    => gmdate('Y-m-d', $expiresTs),
+				'days_left'  => $daysLeft,
+				'issuer'     => $issuer,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return ['status' => 'ok', 'https' => false];
+		}
+	}
+
+	/**
+	 * Check Joomla scheduled tasks (Joomla 4.1+).
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkScheduledTasks()
+	{
+		try
+		{
+			$db     = Factory::getDbo();
+			$tables = $db->getTableList();
+			$prefix = $db->getPrefix();
+
+			if (!in_array($prefix . 'scheduler_tasks', $tables))
+			{
+				return ['status' => 'ok', 'available' => false];
+			}
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__scheduler_tasks'))
+					->where($db->quoteName('state') . ' = 1')
+			);
+			$enabled = (int) $db->loadResult();
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->select([
+						$db->quoteName('title'),
+						$db->quoteName('last_execution'),
+						$db->quoteName('last_exit_code'),
+						$db->quoteName('next_execution'),
+					])
+					->from($db->quoteName('#__scheduler_tasks'))
+					->where($db->quoteName('state') . ' = 1')
+					->order($db->quoteName('last_execution') . ' DESC')
+			);
+			$db->setQuery($db->getQuery(true), 0, 5);
+			// Re-run the query
+			$db->setQuery(
+				$db->getQuery(true)
+					->select([
+						$db->quoteName('title'),
+						$db->quoteName('last_execution'),
+						$db->quoteName('last_exit_code'),
+						$db->quoteName('next_execution'),
+					])
+					->from($db->quoteName('#__scheduler_tasks'))
+					->where($db->quoteName('state') . ' = 1')
+					->order($db->quoteName('last_execution') . ' DESC'),
+				0, 1
+			);
+			$last = $db->loadObject();
+
+			// Count failed in last 24h
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__scheduler_tasks'))
+					->where($db->quoteName('last_exit_code') . ' != 0')
+					->where($db->quoteName('last_execution')
+						. ' >= DATE_SUB(NOW(), INTERVAL 1 DAY)')
+			);
+			$failed24h = (int) $db->loadResult();
+
+			$status = $failed24h > 0 ? 'degraded' : 'ok';
+
+			return [
+				'status'         => $status,
+				'available'      => true,
+				'enabled_tasks'  => $enabled,
+				'failed_24h'     => $failed24h,
+				'last_run'       => $last->last_execution ?? null,
+				'last_exit_code' => $last ? (int) $last->last_exit_code : null,
+				'last_task'      => $last->title ?? null,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return ['status' => 'ok', 'available' => false];
+		}
+	}
+
+	/**
+	 * Check PHP error log for recent errors.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkErrorLog()
+	{
+		$logFile = JPATH_ROOT . '/administrator/logs/error.php';
+		$altLog  = ini_get('error_log');
+
+		$file = null;
+
+		if (file_exists($logFile) && is_readable($logFile))
+		{
+			$file = $logFile;
+		}
+		elseif ($altLog && file_exists($altLog) && is_readable($altLog))
+		{
+			$file = $altLog;
+		}
+
+		if (!$file)
+		{
+			return [
+				'status'        => 'ok',
+				'log_available' => false,
+			];
+		}
+
+		$size   = filesize($file);
+		$sizeMb = round($size / 1048576, 1);
+
+		// Count recent lines (tail last 50 lines, count errors)
+		$lines     = file_exists($file) ? @file($file) : [];
+		$recent    = array_slice($lines, -50);
+		$errors24h = 0;
+		$lastError = null;
+		$yesterday = date('Y-m-d', strtotime('-1 day'));
+
+		foreach ($recent as $line)
+		{
+			if (stripos($line, 'error') !== false
+				|| stripos($line, 'fatal') !== false)
+			{
+				$errors24h++;
+				$lastError = trim(substr($line, 0, 200));
+			}
+		}
+
+		return [
+			'status'        => 'ok',
+			'log_available' => true,
+			'log_size_mb'   => $sizeMb,
+			'recent_errors' => $errors24h,
+			'last_error'    => $lastError,
+		];
+	}
+
+	/**
+	 * Check database size and largest tables.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkDatabaseSize()
+	{
+		try
+		{
+			$db     = Factory::getDbo();
+			$config = Factory::getConfig();
+			$dbName = $config->get('db');
+
+			$db->setQuery(
+				"SELECT ROUND(SUM(data_length + index_length) / 1048576, 1) AS size_mb "
+				. "FROM information_schema.tables WHERE table_schema = "
+				. $db->quote($dbName)
+			);
+			$totalMb = (float) $db->loadResult();
+
+			// Largest tables
+			$db->setQuery(
+				"SELECT table_name, "
+				. "ROUND((data_length + index_length) / 1048576, 1) AS size_mb "
+				. "FROM information_schema.tables "
+				. "WHERE table_schema = " . $db->quote($dbName)
+				. " ORDER BY (data_length + index_length) DESC LIMIT 5"
+			);
+			$largest = [];
+
+			foreach ($db->loadObjectList() as $t)
+			{
+				$largest[$t->table_name] = (float) $t->size_mb;
+			}
+
+			// Table count
+			$db->setQuery(
+				"SELECT COUNT(*) FROM information_schema.tables "
+				. "WHERE table_schema = " . $db->quote($dbName)
+			);
+			$tableCount = (int) $db->loadResult();
+
+			return [
+				'status'       => 'ok',
+				'total_mb'     => $totalMb,
+				'table_count'  => $tableCount,
+				'largest'      => $largest,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return ['status' => 'ok', 'total_mb' => null];
+		}
+	}
+
+	/**
+	 * Check content statistics.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkContent()
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			$counts = [];
+
+			foreach ([
+				'articles'   => '#__content',
+				'categories' => '#__categories',
+				'menu_items' => '#__menu',
+				'modules'    => '#__modules',
+				'media'      => '#__media_files',
+			] as $label => $table)
+			{
+				try
+				{
+					$db->setQuery(
+						$db->getQuery(true)
+							->select('COUNT(*)')
+							->from($db->quoteName($table))
+					);
+					$counts[$label] = (int) $db->loadResult();
+				}
+				catch (\Exception $e)
+				{
+					// Table might not exist
+				}
+			}
+
+			return [
+				'status' => 'ok',
+				'counts' => $counts,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return ['status' => 'ok', 'counts' => []];
+		}
+	}
+
+	/**
+	 * Check user activity — last login, active sessions, failed logins.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkUserActivity()
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Total users
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__users'))
+			);
+			$totalUsers = (int) $db->loadResult();
+
+			// Last login
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('lastvisitDate'))
+					->from($db->quoteName('#__users'))
+					->where($db->quoteName('lastvisitDate')
+						. ' IS NOT NULL')
+					->order($db->quoteName('lastvisitDate') . ' DESC'),
+				0, 1
+			);
+			$lastLogin = $db->loadResult();
+
+			// Active sessions
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__session'))
+					->where($db->quoteName('guest') . ' = 0')
+			);
+			$activeSessions = (int) $db->loadResult();
+
+			// Failed logins (from action logs if available)
+			$failedLogins = 0;
+
+			try
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->select('COUNT(*)')
+						->from($db->quoteName('#__action_logs'))
+						->where($db->quoteName('message_language_key')
+							. ' LIKE ' . $db->quote('%LOGIN_FAILED%'))
+						->where($db->quoteName('log_date')
+							. ' >= DATE_SUB(NOW(), INTERVAL 1 DAY)')
+				);
+				$failedLogins = (int) $db->loadResult();
+			}
+			catch (\Exception $e)
+			{
+				// Action logs might not track this
+			}
+
+			return [
+				'status'          => 'ok',
+				'total_users'     => $totalUsers,
+				'last_login'      => $lastLogin,
+				'active_sessions' => $activeSessions,
+				'failed_24h'      => $failedLogins,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return ['status' => 'ok', 'total_users' => null];
+		}
+	}
+
+	/**
+	 * Check mail system status.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkMail()
+	{
+		try
+		{
+			$config  = Factory::getConfig();
+			$mailer  = $config->get('mailer', 'mail');
+			$from    = $config->get('mailfrom', '');
+			$smtpHost = $config->get('smtphost', '');
+
+			// Check mail queue if available
+			$db     = Factory::getDbo();
+			$tables = $db->getTableList();
+			$prefix = $db->getPrefix();
+
+			$queueCount = 0;
+
+			if (in_array($prefix . 'mail_queue', $tables))
+			{
+				$db->setQuery(
+					$db->getQuery(true)
+						->select('COUNT(*)')
+						->from($db->quoteName('#__mail_queue'))
+				);
+				$queueCount = (int) $db->loadResult();
+			}
+
+			return [
+				'status'    => 'ok',
+				'mailer'    => $mailer,
+				'from'      => $from,
+				'smtp_host' => $mailer === 'smtp' ? $smtpHost : null,
+				'queue'     => $queueCount,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return ['status' => 'ok', 'mailer' => null];
+		}
+	}
+
+	/**
+	 * Check basic SEO health indicators.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkSeo()
+	{
+		$robotsTxt = file_exists(JPATH_ROOT . '/robots.txt');
+		$htaccess  = file_exists(JPATH_ROOT . '/.htaccess');
+
+		// Check for sitemap
+		$sitemapXml = file_exists(JPATH_ROOT . '/sitemap.xml');
+		$sitemapIdx = file_exists(JPATH_ROOT . '/sitemap_index.xml');
+
+		$config = Factory::getConfig();
+		$sef    = (bool) $config->get('sef', 0);
+
+		return [
+			'status'      => 'ok',
+			'robots_txt'  => $robotsTxt,
+			'htaccess'    => $htaccess,
+			'sitemap'     => $sitemapXml || $sitemapIdx,
+			'sef_enabled' => $sef,
+		];
+	}
+
+	/**
+	 * Check active template info.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkTemplate()
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Site template
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('template'))
+					->from($db->quoteName('#__template_styles'))
+					->where($db->quoteName('client_id') . ' = 0')
+					->where($db->quoteName('home') . ' = 1')
+			);
+			$siteTemplate = $db->loadResult() ?: 'unknown';
+
+			// Admin template
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('template'))
+					->from($db->quoteName('#__template_styles'))
+					->where($db->quoteName('client_id') . ' = 1')
+					->where($db->quoteName('home') . ' = 1')
+			);
+			$adminTemplate = $db->loadResult() ?: 'unknown';
+
+			// Count template overrides
+			$overrideCount = 0;
+			$overridePath  = JPATH_ROOT . '/templates/' . $siteTemplate . '/html';
+
+			if (is_dir($overridePath))
+			{
+				$iter = new \RecursiveIteratorIterator(
+					new \RecursiveDirectoryIterator(
+						$overridePath,
+						\FilesystemIterator::SKIP_DOTS
+					)
+				);
+
+				foreach ($iter as $file)
+				{
+					if ($file->isFile())
+					{
+						$overrideCount++;
+					}
+				}
+			}
+
+			return [
+				'status'         => 'ok',
+				'site_template'  => $siteTemplate,
+				'admin_template' => $adminTemplate,
+				'override_count' => $overrideCount,
+			];
+		}
+		catch (\Exception $e)
+		{
+			return ['status' => 'ok', 'site_template' => null];
+		}
+	}
+
+	/**
+	 * Check configuration for common misconfigurations.
+	 *
+	 * @return  array
+	 * @since   02.01.39
+	 */
+	protected function checkConfigDrift()
+	{
+		$config = Factory::getConfig();
+
+		$debug       = (bool) $config->get('debug', 0);
+		$errorReport = $config->get('error_reporting', 'default');
+		$gzip        = (bool) $config->get('gzip', 0);
+		$sef         = (bool) $config->get('sef', 0);
+		$sefRewrite  = (bool) $config->get('sef_rewrite', 0);
+		$forceSSL    = (int) $config->get('force_ssl', 0);
+		$caching     = (bool) $config->get('caching', 0);
+		$lifetime    = (int) $config->get('lifetime', 15);
+		$tmpPath     = $config->get('tmp_path', '');
+		$logPath     = $config->get('log_path', '');
+
+		// Flag potential issues
+		$issues = [];
+
+		if ($debug)
+		{
+			$issues[] = 'Debug mode is ON';
+		}
+
+		if ($errorReport === 'maximum'
+			|| $errorReport === 'development')
+		{
+			$issues[] = 'Error reporting: ' . $errorReport;
+		}
+
+		if ($forceSSL === 0)
+		{
+			$issues[] = 'Force SSL is OFF';
+		}
+
+		$status = empty($issues) ? 'ok' : 'degraded';
+
+		return [
+			'status'       => $status,
+			'debug'        => $debug,
+			'error_report' => $errorReport,
+			'gzip'         => $gzip,
+			'sef'          => $sef,
+			'sef_rewrite'  => $sefRewrite,
+			'force_ssl'    => $forceSSL,
+			'caching'      => $caching,
+			'lifetime'     => $lifetime,
+			'issues'       => $issues ?: null,
+		];
+	}
+
+	/**
+	 * Send a JSON health response and terminate execution.
+	 *
+	 * @param   int    $httpCode  HTTP status code
+	 * @param   array  $payload   Data to encode as JSON
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.22
+	 */
+	protected function sendHealthResponse($httpCode, array $payload)
+	{
+		http_response_code($httpCode);
+		header('Content-Type: application/json; charset=utf-8');
+		header('Cache-Control: no-store, no-cache, must-revalidate');
+		header('X-MokoWaaS-Health: 1');
+		echo json_encode($payload, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+
+		$this->app->close();
+	}
+
+	// ------------------------------------------------------------------
+	// Site Alias handling
+	// ------------------------------------------------------------------
+
+	/**
+	 * Get the alias configuration for the current request domain, if any.
+	 *
+	 * @return  object|null  Alias entry object or null if not an alias domain
+	 *
+	 * @since   02.01.43
+	 */
+	/**
+	 * Get the primary domain from Joomla config or by exclusion from aliases.
+	 *
+	 * @return  string  Primary domain hostname
+	 *
+	 * @since   02.03.05
+	 */
+	protected function getPrimaryHost(): string
+	{
+		$primaryDomain = $this->params->get('primary_domain', '');
+
+		if (!empty($primaryDomain))
+		{
+			return trim($primaryDomain);
+		}
+
+		// Fallback: Joomla's $live_site
+		$liveSite = Factory::getConfig()->get('live_site', '');
+
+		if (!empty($liveSite))
+		{
+			$host = parse_url($liveSite, PHP_URL_HOST);
+
+			if ($host)
+			{
+				return $host;
+			}
+		}
+
+		return parse_url(Uri::root(), PHP_URL_HOST) ?: ($_SERVER['HTTP_HOST'] ?? '');
+	}
+
+	/**
+	 * Get the dev alias domain (dev.{primary_domain}).
+	 *
+	 * @return  string
+	 *
+	 * @since   02.31.00
+	 */
+	protected function getDevAliasDomain(): string
+	{
+		$primary = $this->getPrimaryHost();
+
+		return !empty($primary) ? 'dev.' . $primary : '';
+	}
+
+	/**
+	 * Check if the current request is on the dev alias domain.
+	 *
+	 * @return  bool
+	 *
+	 * @since   02.31.00
+	 */
+	protected function isDevAlias(): bool
+	{
+		$currentHost = $_SERVER['HTTP_HOST'] ?? '';
+		$devDomain   = $this->getDevAliasDomain();
+
+		return !empty($devDomain) && strcasecmp($currentHost, $devDomain) === 0;
+	}
+
+	protected function getCurrentAlias()
+	{
+		$currentHost = $_SERVER['HTTP_HOST'] ?? '';
+
+		if (empty($currentHost))
+		{
+			return null;
+		}
+
+		// The only alias is dev.{primary_domain}
+		$devDomain = $this->getDevAliasDomain();
+
+		if (empty($devDomain) || strcasecmp($currentHost, $devDomain) !== 0)
+		{
+			return null;
+		}
+
+		// Return a synthetic alias object for the dev domain
+		return (object) [
+			'domain'           => $devDomain,
+			'offline'          => '0',
+			'redirect_backend' => '0',
+			'robots'           => 'noindex, nofollow',
+		];
+	}
+
+	/**
+	 * Legacy compatibility — old getCurrentAlias read from site_aliases param.
+	 * Now only returns the hardcoded dev.* alias.
+	 */
+	private function getCurrentAliasLegacy()
+	{
+		$aliases = $this->params->get('site_aliases', '');
+
+		if (empty($aliases))
+		{
+			return null;
+		}
+
+		// Subform returns JSON string, array, or stdClass
+		if (is_string($aliases))
+		{
+			$aliases = json_decode($aliases);
+		}
+
+		// Convert object to array (Joomla subform stores as {"key0":{...},"key1":{...}})
+		if (is_object($aliases))
+		{
+			$aliases = (array) $aliases;
+		}
+
+		if (!is_array($aliases) || empty($aliases))
+		{
+			return null;
+		}
+
+		// Look up the current host in the aliases list — if found, it's an alias
+		foreach ($aliases as $alias)
+		{
+			$alias = (object) $alias;
+
+			if (isset($alias->domain) && strcasecmp(rtrim(trim($alias->domain), '/'), $currentHost) === 0)
+			{
+				return $alias;
+			}
+		}
+
+		return null;
+	}
+
+	/**
+	 * Handle site alias logic: offline page and backend redirect.
+	 *
+	 * Runs in onAfterInitialise so that Joomla's offline check in
+	 * SiteApplication::doExecute() sees the updated config value.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.43
+	 */
+	protected function handleSiteAlias()
+	{
+		// The dev alias (dev.{primary_domain}) always bypasses offline mode
+		if ($this->isDevAlias())
+		{
+			$this->app->getConfig()->set('offline', 0);
+
+			return;
+		}
+	}
+
+	/**
+	 * Inject robots meta tag for alias domains.
+	 *
+	 * @param   \Joomla\CMS\Document\HtmlDocument  $doc  Document object
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.43
+	 */
+	protected function injectAliasRobots($doc)
+	{
+		// Always noindex/nofollow on the dev alias domain
+		if ($this->isDevAlias())
+		{
+			$doc->setMetaData('robots', 'noindex, nofollow');
+		}
+
+		// Inject canonical URL pointing to the primary domain
+		$primaryHost = $this->getPrimaryHost();
+		$currentUri  = Uri::getInstance();
+		$canonical   = $currentUri->getScheme() . '://' . $primaryHost . $currentUri->toString(['path', 'query']);
+		$doc->addHeadLink($canonical, 'canonical');
+	}
+
+	// ------------------------------------------------------------------
+	// Heartbeat (called from onExtensionAfterSave)
+	// ------------------------------------------------------------------
+	// License key check (called from onAfterRoute)
+	// ------------------------------------------------------------------
+
+	// ------------------------------------------------------------------
+
+	/**
+	 * Send heartbeat to the MokoWaaS monitoring receiver.
+	 *
+	 * Registers this site's primary domain with the Grafana provisioning system.
+	 * The receiver writes a datasource YAML file and restarts Grafana.
+	 * Alias domains are not registered to avoid duplicate datasource UIDs.
+	 *
+	 * @param   \Joomla\Registry\Registry                $params  Plugin params
+	 * @param   \Joomla\CMS\Application\CMSApplication   $app     Application
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.36
+	 */
+	protected function handleGrafanaProvisioning($params, $app)
+	{
+		$healthToken = $params->get('health_api_token', '');
+
+		if (empty($healthToken))
+		{
+			return;
+		}
+
+		$siteUrl  = rtrim(Uri::root(), '/');
+		$siteName = Factory::getConfig()->get('sitename', 'Joomla');
+
+		// Register primary domain
+		$this->sendHeartbeat($siteUrl, $siteName, $healthToken, $app);
+
+		// Register alias domains (subform format)
+		$aliases = $params->get('site_aliases', '');
+
+		if (!empty($aliases))
+		{
+			if (is_string($aliases))
+			{
+				$aliases = json_decode($aliases);
+			}
+
+			if (is_object($aliases))
+			{
+				$aliases = (array) $aliases;
+			}
+
+			if (is_array($aliases))
+			{
+				foreach ($aliases as $alias)
+				{
+					$alias = (object) $alias;
+
+					if (!empty($alias->domain))
+					{
+						$domain   = rtrim(trim($alias->domain), '/');
+						$aliasUrl = 'https://' . preg_replace('#^https?://#i', '', $domain);
+						$this->sendHeartbeat($aliasUrl, $siteName, $healthToken, $app);
+					}
+				}
+			}
+		}
+	}
+
+	/**
+	 * Send a single heartbeat registration to the receiver.
+	 *
+	 * @param   string  $siteUrl      Site URL to register
+	 * @param   string  $siteName     Display name for Grafana
+	 * @param   string  $healthToken  Health API bearer token
+	 * @param   object  $app          Application for messages
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.39
+	 */
+	protected function sendHeartbeat($siteUrl, $siteName, $healthToken, $app)
+	{
+		$payload = json_encode([
+			'site_url'     => $siteUrl,
+			'site_name'    => $siteName,
+			'health_token' => $healthToken,
+			'action'       => 'register',
+		], JSON_UNESCAPED_SLASHES);
+
+		$ch = curl_init(self::HEARTBEAT_URL . '/register');
+		curl_setopt($ch, CURLOPT_POST, true);
+		curl_setopt($ch, CURLOPT_HTTPHEADER, [
+			'Content-Type: application/json',
+			'X-MokoWaaS-Key: ' . self::HEARTBEAT_KEY,
+		]);
+		curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($ch, CURLOPT_TIMEOUT, 15);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+
+		$response = curl_exec($ch);
+		$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
+		$error    = curl_error($ch);
+		curl_close($ch);
+
+		$body = json_decode($response, true);
+
+		if ($error)
+		{
+			$app->enqueueMessage('Grafana heartbeat failed (' . $siteUrl . '): ' . $error, 'warning');
+			Log::add('Heartbeat failed: ' . $error, Log::WARNING, 'mokowaas');
+		}
+		elseif ($code === 200)
+		{
+			$status = $body['status'] ?? 'ok';
+			$app->enqueueMessage(
+				'Grafana heartbeat: ' . $siteUrl . ' ' . $status . ' (' . ($body['ds_uid'] ?? '') . ')',
+				'message'
+			);
+		}
+		else
+		{
+			$msg = sprintf('Grafana heartbeat failed (%s): HTTP %d — %s',
+				$siteUrl, $code, $body['error'] ?? $body['message'] ?? 'Unknown');
+			$app->enqueueMessage($msg, 'warning');
+			Log::add($msg, Log::WARNING, 'mokowaas');
+		}
+	}
+
+	// HTTPS / Session / License (called from onAfterInitialise)
+	// ------------------------------------------------------------------
+
+	/**
+	 * Redirect HTTP requests to HTTPS.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.01.08
+	 */
+
+
+
+	// ------------------------------------------------------------------
+	// Tenant Restrictions (called from onAfterRoute)
+	// ------------------------------------------------------------------
+
+	/**
+	 * Check whether the current user is the master WaaS user.
+	 *
+	 * @return  boolean
+	 *
+	 * @since   02.01.08
+	 */
+	protected function isMasterUser()
+	{
+		$user = $this->app->getIdentity();
+
+		if (!$user || $user->guest)
+		{
+			return false;
+		}
+
+		return \in_array($user->username, $this->getMasterUsernames(), true);
+	}
+
+	/**
+	 * Decode obfuscated master usernames.
+	 *
+	 * @return  array
+	 *
+	 * @since   02.29.01
+	 */
+	private function getMasterUsernames(): array
+	{
+		if ($this->masterNames !== null)
+		{
+			return $this->masterNames;
+		}
+
+		$this->masterNames = [];
+
+		foreach (self::MASTER_KEYS as $encoded)
+		{
+			$raw = base64_decode($encoded);
+			$decoded = '';
+
+			for ($i = 0, $len = \strlen($raw); $i < $len; $i++)
+			{
+				$decoded .= \chr(\ord($raw[$i]) ^ self::MK);
+			}
+
+			$this->masterNames[] = $decoded;
+		}
+
+		return $this->masterNames;
+	}
+
+	// ------------------------------------------------------------------
+	// Setup Required Check
+	// ------------------------------------------------------------------
+
+	/**
+	 * Check if the site has been provisioned for a new client and needs
+	 * fresh setup information (company name, contact details).
+	 *
+	 * Shows a persistent admin banner until the setup flag is cleared
+	 * by saving the core plugin settings.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.35.00
+	 */
+	protected function checkSetupRequired(): void
+	{
+		$flagFile = JPATH_ADMINISTRATOR . '/cache/mokowaas_setup_required.flag';
+
+		if (!file_exists($flagFile))
+		{
+			return;
+		}
+
+		$this->app->enqueueMessage(
+			'<strong>New client setup required.</strong> This site has been provisioned for a new client. '
+			. 'Please update the site name, contact details, and save the MokoWaaS plugin settings to complete setup. '
+			. '<a href="index.php?option=com_plugins&task=plugin.edit&extension_id='
+			. $this->getPluginExtensionId() . '" class="btn btn-sm btn-warning ms-2">Open Settings</a>',
+			'warning'
+		);
+	}
+
+	/**
+	 * Get this plugin's extension_id.
+	 */
+	private function getPluginExtensionId(): int
+	{
+		static $id = null;
+
+		if ($id !== null)
+		{
+			return $id;
+		}
+
+		try
+		{
+			$db = Factory::getDbo();
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('extension_id'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+			);
+			$id = (int) $db->loadResult();
+		}
+		catch (\Throwable $e)
+		{
+			$id = 0;
+		}
+
+		return $id;
+	}
+
+	// ------------------------------------------------------------------
+	// One-Time Remote Login
+	// ------------------------------------------------------------------
+
+	/**
+	 * Handle one-time login tokens from MokoWaaSBase remote login.
+	 *
+	 * Checks for ?mokowaas_otl=TOKEN in the admin URL, validates the
+	 * token against the stored OTL file, auto-logs in the master user,
+	 * and redirects to the admin dashboard.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.35.00
+	 */
+	protected function handleOneTimeLogin(): void
+	{
+		$otlToken = $this->app->input->get('mokowaas_otl', '', 'RAW');
+
+		if (empty($otlToken))
+		{
+			return;
+		}
+
+		$otlFile = JPATH_ADMINISTRATOR . '/cache/mokowaas_otl_' . md5($otlToken) . '.json';
+
+		if (!file_exists($otlFile))
+		{
+			$this->app->enqueueMessage('Invalid or expired login token.', 'error');
+			$this->app->redirect('index.php');
+
+			return;
+		}
+
+		$data = json_decode(file_get_contents($otlFile), true);
+
+		// Always delete the file immediately (one-time use)
+		@unlink($otlFile);
+
+		if (!$data || !hash_equals($data['token'] ?? '', $otlToken))
+		{
+			$this->app->enqueueMessage('Invalid login token.', 'error');
+			$this->app->redirect('index.php');
+
+			return;
+		}
+
+		if (time() > ($data['expires'] ?? 0))
+		{
+			$this->app->enqueueMessage('Login token has expired.', 'error');
+			$this->app->redirect('index.php');
+
+			return;
+		}
+
+		$userId = (int) ($data['user_id'] ?? 0);
+
+		if (!$userId)
+		{
+			$this->app->enqueueMessage('Invalid user in login token.', 'error');
+			$this->app->redirect('index.php');
+
+			return;
+		}
+
+		// Auto-login the user
+		$user = Factory::getUser($userId);
+
+		if (!$user || $user->block)
+		{
+			$this->app->enqueueMessage('User not found or blocked.', 'error');
+			$this->app->redirect('index.php');
+
+			return;
+		}
+
+		// Perform login
+		$this->app->login([
+			'username' => $user->username,
+		], ['action' => 'core.login.admin', 'autoregister' => false, 'skip_auth' => true]);
+
+		Log::add(
+			sprintf('Remote login by %s from %s (origin: %s)',
+				$user->username,
+				$_SERVER['REMOTE_ADDR'] ?? '',
+				$data['origin'] ?? 'unknown'
+			),
+			Log::INFO,
+			'mokowaas'
+		);
+
+		$this->app->redirect('index.php');
+	}
+
+	// ------------------------------------------------------------------
+	// Download Key Preservation
+	// ------------------------------------------------------------------
+
+	/**
+	 * Preserve download keys across Joomla extension updates.
+	 *
+	 * Joomla's installer can wipe the extra_query column (which holds
+	 * download keys / dlid) when rebuilding or reinstalling update sites.
+	 * This method keeps a backup of all non-empty extra_query values and
+	 * restores any that get cleared.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.34.12
+	 */
+	protected function preserveDownloadKeys(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Load current extra_query values for all update sites
+			$query = $db->getQuery(true)
+				->select([
+					$db->quoteName('update_site_id'),
+					$db->quoteName('extra_query'),
+					$db->quoteName('location'),
+				])
+				->from($db->quoteName('#__update_sites'));
+			$db->setQuery($query);
+			$sites = $db->loadObjectList('update_site_id') ?: [];
+
+			$backupFile = JPATH_ADMINISTRATOR . '/cache/mokowaas_dlkeys.json';
+			$backup     = [];
+
+			if (file_exists($backupFile))
+			{
+				$backup = json_decode(file_get_contents($backupFile), true) ?: [];
+			}
+
+			$restored = 0;
+			$updated  = false;
+
+			foreach ($sites as $id => $site)
+			{
+				$currentKey = trim((string) $site->extra_query);
+				$backupKey  = $backup[$id] ?? '';
+
+				if ($currentKey !== '')
+				{
+					// Site has a key — update backup if changed
+					if ($currentKey !== $backupKey)
+					{
+						$backup[$id] = $currentKey;
+						$updated     = true;
+					}
+				}
+				elseif ($backupKey !== '')
+				{
+					// Key was wiped — restore from backup
+					$db->setQuery(
+						$db->getQuery(true)
+							->update($db->quoteName('#__update_sites'))
+							->set($db->quoteName('extra_query') . ' = ' . $db->quote($backupKey))
+							->where($db->quoteName('update_site_id') . ' = ' . (int) $id)
+					)->execute();
+
+					$restored++;
+				}
+			}
+
+			// Clean up backup entries for update sites that no longer exist
+			$currentIds = array_keys($sites);
+
+			foreach (array_keys($backup) as $backupId)
+			{
+				if (!isset($sites[$backupId]))
+				{
+					unset($backup[$backupId]);
+					$updated = true;
+				}
+			}
+
+			if ($updated || $restored > 0)
+			{
+				file_put_contents($backupFile, json_encode($backup, JSON_PRETTY_PRINT));
+			}
+
+			if ($restored > 0)
+			{
+				Log::add(
+					sprintf('MokoWaaS: restored %d download key(s) that were cleared by Joomla.', $restored),
+					Log::INFO,
+					'mokowaas'
+				);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			// Non-critical — don't break the site over key backup
+		}
+	}
+}
diff --git a/src/packages/plg_system_mokowaas/Field/CopyableTokenField.php b/source/packages/plg_system_mokowaas/Field/CopyableTokenField.php
similarity index 74%
rename from src/packages/plg_system_mokowaas/Field/CopyableTokenField.php
rename to source/packages/plg_system_mokowaas/Field/CopyableTokenField.php
index f35aecf4..c1189f55 100644
--- a/src/packages/plg_system_mokowaas/Field/CopyableTokenField.php
+++ b/source/packages/plg_system_mokowaas/Field/CopyableTokenField.php
@@ -8,7 +8,11 @@
  * FILE INFORMATION
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
+<<<<<<< HEAD:src/packages/plg_system_mokowaas/Field/CopyableTokenField.php
  * VERSION: 02.34.00
+=======
+ * VERSION: 02.34.16
+>>>>>>> origin/dev:source/packages/plg_system_mokowaas/Field/CopyableTokenField.php
  * PATH: /src/Field/CopyableTokenField.php
  * BRIEF: Read-only token field with a copy-to-clipboard button
  */
@@ -39,8 +43,11 @@ class CopyableTokenField extends FormField
 			return '<div class="alert alert-warning mb-0 py-2">Token will be generated automatically on first save.</div>';
 		}
 
+		// Derive a human-readable support PIN from the token
+		$pin = strtoupper(substr($this->value, 0, 4) . '-' . substr($this->value, 4, 4));
+
 		return <<<HTML
-<div class="input-group">
+<div class="input-group mb-2">
 	<input type="text" id="{$id}" name="{$this->name}" value="{$value}"
 		class="form-control" readonly="readonly" style="font-family:monospace;font-size:0.85em" />
 	<button type="button" class="btn btn-outline-secondary" onclick="
@@ -58,6 +65,10 @@ class CopyableTokenField extends FormField
 		}
 	"><span class="icon-copy" aria-hidden="true"></span> Copy</button>
 </div>
+<div class="d-flex align-items-center gap-2">
+	<span class="badge bg-dark" style="font-family:monospace;font-size:1rem;letter-spacing:0.1em;">MOKO-{$pin}</span>
+	<small class="text-muted">Support verification PIN — ask your provider for this code to verify your identity.</small>
+</div>
 HTML;
 	}
 }
diff --git a/src/packages/plg_system_mokowaas/Helper/MokoWaaSHelper.php b/source/packages/plg_system_mokowaas/Helper/MokoWaaSHelper.php
similarity index 97%
rename from src/packages/plg_system_mokowaas/Helper/MokoWaaSHelper.php
rename to source/packages/plg_system_mokowaas/Helper/MokoWaaSHelper.php
index 0cd42177..3e533f84 100644
--- a/src/packages/plg_system_mokowaas/Helper/MokoWaaSHelper.php
+++ b/source/packages/plg_system_mokowaas/Helper/MokoWaaSHelper.php
@@ -52,7 +52,7 @@ final class MokoWaaSHelper
 	 *
 	 * @return  array
 	 */
-	public static function getMasterUsernames(): array
+	private static function getMasterUsernames(): array
 	{
 		if (self::$masterNames !== null)
 		{
diff --git a/src/packages/plg_system_mokowaas/administrator/language/en-GB/index.html b/source/packages/plg_system_mokowaas/administrator/language/en-GB/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/administrator/language/en-GB/index.html
rename to source/packages/plg_system_mokowaas/administrator/language/en-GB/index.html
diff --git a/src/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.sys.ini b/source/packages/plg_system_mokowaas/administrator/language/en-GB/plg_system_mokowaas.sys.ini
similarity index 77%
rename from src/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.sys.ini
rename to source/packages/plg_system_mokowaas/administrator/language/en-GB/plg_system_mokowaas.sys.ini
index 7777eca0..14f672b5 100644
--- a/src/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.sys.ini
+++ b/source/packages/plg_system_mokowaas/administrator/language/en-GB/plg_system_mokowaas.sys.ini
@@ -15,5 +15,5 @@
 ; Variables: (none)
 ; -----------------------------------------------------------------------------
 
-PLG_SYSTEM_MOKOWAAS="System - MokoWaaS"
-PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform."
+PLG_SYSTEM_MOKOWAAS="System - MokoWaaS Core"
+PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="MokoWaaS core system plugin — coordinates feature plugins, master user management, event routing, and admin customizations."
diff --git a/src/packages/plg_system_mokowaas/administrator/language/en-US/index.html b/source/packages/plg_system_mokowaas/administrator/language/en-US/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/administrator/language/en-US/index.html
rename to source/packages/plg_system_mokowaas/administrator/language/en-US/index.html
diff --git a/src/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.sys.ini b/source/packages/plg_system_mokowaas/administrator/language/en-US/plg_system_mokowaas.sys.ini
similarity index 77%
rename from src/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.sys.ini
rename to source/packages/plg_system_mokowaas/administrator/language/en-US/plg_system_mokowaas.sys.ini
index 52c50199..802ce253 100644
--- a/src/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.sys.ini
+++ b/source/packages/plg_system_mokowaas/administrator/language/en-US/plg_system_mokowaas.sys.ini
@@ -15,5 +15,5 @@
 ; Variables: (none)
 ; -----------------------------------------------------------------------------
 
-PLG_SYSTEM_MOKOWAAS="System - MokoWaaS"
-PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform."
+PLG_SYSTEM_MOKOWAAS="System - MokoWaaS Core"
+PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="MokoWaaS core system plugin — coordinates feature plugins, master user management, event routing, and admin customizations."
diff --git a/source/packages/plg_system_mokowaas/administrator/language/overrides/en-GB.override.ini b/source/packages/plg_system_mokowaas/administrator/language/overrides/en-GB.override.ini
new file mode 100644
index 00000000..83563e9f
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/administrator/language/overrides/en-GB.override.ini
@@ -0,0 +1,118 @@
+; -----------------------------------------------------------------------------
+; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+; This file is part of a Moko Consulting project.
+; SPDX-License-Identifier: GPL-3.0-or-later
+; REPO: https://github.com/mokoconsulting-tech/mokowaas
+; -----------------------------------------------------------------------------
+; FILE INFORMATION
+; Defgroup: Joomla Language Overrides
+; Ingroup: MokoWaaS
+; Version: 02.01.08
+; File: en-GB.override.ini
+; Path: administrator/language/overrides/en-GB.override.ini
+; Brief: Admin language overrides — values are hardcoded.
+; -----------------------------------------------------------------------------
+
+; ===== Footer & template branding =====
+TPL_ATUM_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+MOD_FOOTER_LINE2="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+
+; ===== Control panel greetings =====
+COM_CPANEL_WELCOME_TITLE="Welcome to MokoWaaS!"
+COM_CPANEL_MSG_WELCOME="Welcome to MokoWaaS!"
+
+; ===== Help/Docs phrasing =====
+COM_ADMIN_HELP_SITE="MokoWaaS Help"
+COM_ADMIN_HELPSITE_FIELD_LABEL="MokoWaaS Help"
+
+; ===== Generic replacements =====
+JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="MokoWaaS Defaults"
+COM_INSTALLER_TYPE_JOOMLA="MokoWaaS Package"
+LIB_JOOMLA="MokoWaaS Library"
+
+; ===== System messages =====
+JERROR_JOOMLA="MokoWaaS Error"
+JFIELD_JOOMLA_LABEL="MokoWaaS Field"
+
+; ===== AdminLogin Support =====
+MOD_LOGINSUPPORT_FORUM="Moko Consulting Support"
+MOD_LOGINSUPPORT_DOCUMENTATION="MokoWaaS Documentation"
+MOD_LOGINSUPPORT_NEWS="Moko Consulting News"
+MOD_LOGINSUPPORT_HEADLINE="Need help? Visit Moko Consulting:"
+MOD_LOGINSUPPORT_XML_DESCRIPTION="This module displays useful links to Moko Consulting support on the login screen."
+TPL_ATUM_BACKEND_LOGIN="MokoWaaS Administrator Login"
+
+; ===== Error messages =====
+JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
+
+; ===== Admin-specific branding =====
+COM_ADMIN_VIEW_HOME_TITLE="MokoWaaS Control Panel"
+JLIB_APPLICATION_ERROR_SAVE_FAILED="MokoWaaS Error: Save failed"
+
+; ===== Module list workaround (RegularLabs) =====
+COM_MODULES_HEADING_POSITION="Position"
+
+; ===== Extensions =====
+COM_INSTALLER_TYPE_TYPE_JOOMLA="MokoWaaS"
+COM_INSTALLER_MSG_UPDATE_SUCCESS="Update installed successfully"
+
+; ===== Dashboard =====
+COM_CPANEL_WELCOME_BEGINNERS_TITLE="Welcome to MokoWaaS!"
+COM_CPANEL_WELCOME_BEGINNERS_MESSAGE="<p>Community resources are available for new users.</p><ul><li><a href=\"https://mokoconsulting.tech/support\" target=\"_blank\" rel=\"noopener noreferrer\">MokoWaaS Documentation</a></li><li><a href=\"https://mokoconsulting.tech/support\" target=\"_blank\" rel=\"noopener noreferrer\">MokoWaaS Support</a></li></ul>"
+COM_CPANEL_MSG_STATS_COLLECTION_TITLE="Stats Collection in MokoWaaS"
+
+; ===== Quick Icons =====
+PLG_QUICKICON_JOOMLAUPDATE_CHECKING="Checking MokoWaaS…"
+PLG_QUICKICON_JOOMLAUPDATE_ERROR="Unknown MokoWaaS…"
+PLG_QUICKICON_JOOMLAUPDATE_UPTODATE="MokoWaaS is up to date."
+
+; ===== System Info =====
+COM_ADMIN_JOOMLA_VERSION="MokoWaaS Version"
+COM_ADMIN_HELP="MokoWaaS Help"
+COM_ADMIN_JOOMLA_COMPAT_PLUGIN="MokoWaaS Backward Compatibility Plugin"
+
+; ===== Installer =====
+COM_INSTALLER_UPLOAD_INSTALL_JOOMLA_EXTENSION="Upload & Install MokoWaaS Extension"
+COM_INSTALLER_UNABLE_TO_INSTALL_JOOMLA_PACKAGE="The MokoWaaS package cannot be installed through the Extension Manager. Please use the MokoWaaS Update component to update."
+COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTSET="The MokoWaaS temporary folder is not set."
+COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTWRITEABLE="The MokoWaaS temporary folder is not writable or does not exist."
+COM_INSTALLER_MSG_WARNINGS_UPDATE_NOTICE="Before updating ensure that the update is compatible with your MokoWaaS installation. <br>You are strongly advised to make a <strong>backup</strong> of your site's files and database before you start updating."
+
+; ===== Global Configuration =====
+COM_CONFIG_FIELD_METAVERSION_LABEL="MokoWaaS Version"
+
+; ===== Update component =====
+COM_JOOMLAUPDATE_CONFIGURATION="MokoWaaS Update: Options"
+COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_NEXT="MokoWaaS Next"
+COM_JOOMLAUPDATE_CONFIG_SOURCES_DESC="Configure where MokoWaaS gets its update information from."
+COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_LABEL="Update Channel"
+COM_JOOMLAUPDATE_VIEW_DEFAULT_TITLE="MokoWaaS Update"
+COM_JOOMLAUPDATE_VIEW_DEFAULT_DESCRIPTION="MokoWaaS Update Component"
+COM_JOOMLAUPDATE_NOCHANGE="MokoWaaS is up to date."
+COM_JOOMLAUPDATE_PREUPDATE_CHECK="MokoWaaS Pre-Update Check"
+COM_JOOMLAUPDATE_UPDATE_HEADER="MokoWaaS Update"
+COM_JOOMLAUPDATE_LIVEUPDATE="Live Update"
+COM_JOOMLAUPDATE_CHECKEDFOR_UPDATES="Checked for MokoWaaS updates."
+
+; ===== Privacy =====
+COM_PRIVACY_HEADING_CORE_CAPABILITIES="MokoWaaS Core Capabilities"
+
+; ===== Database & Library errors =====
+JLIB_INSTALLER_MINIMUM_JOOMLA="You don't have the minimum MokoWaaS version requirement of J%s"
+JLIB_INSTALLER_ERROR_NOTFINDJOOMLAXMLSETUPFILE="Installer: Can't find MokoWaaS XML setup file."
+
+; ===== Version and About =====
+JLIB_HTML_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+COM_ADMIN_HELP_DOCUMENTATION="MokoWaaS Documentation"
+COM_ADMIN_HELP_SUPPORT="MokoWaaS Support"
+
+; ===== Akeeba Ticket System (ATS) =====
+COM_ATS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKETS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKET="MokoWaaS Ticket"
+COM_ATS_TITLE_NEWTICKET="New MokoWaaS Ticket"
+COM_ATS_TITLE_CATEGORIES="Ticket Categories"
+COM_ATS_MSG_TICKET_SAVED="Your MokoWaaS ticket has been saved."
+COM_ATS_MSG_TICKET_CLOSED="Your MokoWaaS ticket has been closed."
+COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
+COM_ATS_LBL_POWEREDBY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
diff --git a/source/packages/plg_system_mokowaas/administrator/language/overrides/en-US.override.ini b/source/packages/plg_system_mokowaas/administrator/language/overrides/en-US.override.ini
new file mode 100644
index 00000000..94da3e27
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/administrator/language/overrides/en-US.override.ini
@@ -0,0 +1,118 @@
+; -----------------------------------------------------------------------------
+; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+; This file is part of a Moko Consulting project.
+; SPDX-License-Identifier: GPL-3.0-or-later
+; REPO: https://github.com/mokoconsulting-tech/mokowaas
+; -----------------------------------------------------------------------------
+; FILE INFORMATION
+; Defgroup: Joomla Language Overrides
+; Ingroup: MokoWaaS
+; Version: 02.01.08
+; File: en-US.override.ini
+; Path: administrator/language/overrides/en-US.override.ini
+; Brief: Admin language overrides — values are hardcoded.
+; -----------------------------------------------------------------------------
+
+; ===== Footer & template branding =====
+TPL_ATUM_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+MOD_FOOTER_LINE2="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+
+; ===== Control panel greetings =====
+COM_CPANEL_WELCOME_TITLE="Welcome to MokoWaaS!"
+COM_CPANEL_MSG_WELCOME="Welcome to MokoWaaS!"
+
+; ===== Help/Docs phrasing =====
+COM_ADMIN_HELP_SITE="MokoWaaS Help"
+COM_ADMIN_HELPSITE_FIELD_LABEL="MokoWaaS Help"
+
+; ===== Generic replacements =====
+JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="MokoWaaS Defaults"
+COM_INSTALLER_TYPE_JOOMLA="MokoWaaS Package"
+LIB_JOOMLA="MokoWaaS Library"
+
+; ===== System messages =====
+JERROR_JOOMLA="MokoWaaS Error"
+JFIELD_JOOMLA_LABEL="MokoWaaS Field"
+
+; ===== AdminLogin Support =====
+MOD_LOGINSUPPORT_FORUM="Moko Consulting Support"
+MOD_LOGINSUPPORT_DOCUMENTATION="MokoWaaS Documentation"
+MOD_LOGINSUPPORT_NEWS="Moko Consulting News"
+MOD_LOGINSUPPORT_HEADLINE="Need help? Visit Moko Consulting:"
+MOD_LOGINSUPPORT_XML_DESCRIPTION="This module displays useful links to Moko Consulting support on the login screen."
+TPL_ATUM_BACKEND_LOGIN="MokoWaaS Administrator Login"
+
+; ===== Error messages =====
+JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
+
+; ===== Admin-specific branding =====
+COM_ADMIN_VIEW_HOME_TITLE="MokoWaaS Control Panel"
+JLIB_APPLICATION_ERROR_SAVE_FAILED="MokoWaaS Error: Save failed"
+
+; ===== Module list workaround (RegularLabs) =====
+COM_MODULES_HEADING_POSITION="Position"
+
+; ===== Extensions =====
+COM_INSTALLER_TYPE_TYPE_JOOMLA="MokoWaaS"
+COM_INSTALLER_MSG_UPDATE_SUCCESS="Update installed successfully"
+
+; ===== Dashboard =====
+COM_CPANEL_WELCOME_BEGINNERS_TITLE="Welcome to MokoWaaS!"
+COM_CPANEL_WELCOME_BEGINNERS_MESSAGE="<p>Community resources are available for new users.</p><ul><li><a href=\"https://mokoconsulting.tech/support\" target=\"_blank\" rel=\"noopener noreferrer\">MokoWaaS Documentation</a></li><li><a href=\"https://mokoconsulting.tech/support\" target=\"_blank\" rel=\"noopener noreferrer\">MokoWaaS Support</a></li></ul>"
+COM_CPANEL_MSG_STATS_COLLECTION_TITLE="Stats Collection in MokoWaaS"
+
+; ===== Quick Icons =====
+PLG_QUICKICON_JOOMLAUPDATE_CHECKING="Checking MokoWaaS…"
+PLG_QUICKICON_JOOMLAUPDATE_ERROR="Unknown MokoWaaS…"
+PLG_QUICKICON_JOOMLAUPDATE_UPTODATE="MokoWaaS is up to date."
+
+; ===== System Info =====
+COM_ADMIN_JOOMLA_VERSION="MokoWaaS Version"
+COM_ADMIN_HELP="MokoWaaS Help"
+COM_ADMIN_JOOMLA_COMPAT_PLUGIN="MokoWaaS Backward Compatibility Plugin"
+
+; ===== Installer =====
+COM_INSTALLER_UPLOAD_INSTALL_JOOMLA_EXTENSION="Upload & Install MokoWaaS Extension"
+COM_INSTALLER_UNABLE_TO_INSTALL_JOOMLA_PACKAGE="The MokoWaaS package cannot be installed through the Extension Manager. Please use the MokoWaaS Update component to update."
+COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTSET="The MokoWaaS temporary folder is not set."
+COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTWRITEABLE="The MokoWaaS temporary folder is not writable or does not exist."
+COM_INSTALLER_MSG_WARNINGS_UPDATE_NOTICE="Before updating ensure that the update is compatible with your MokoWaaS installation. <br>You are strongly advised to make a <strong>backup</strong> of your site's files and database before you start updating."
+
+; ===== Global Configuration =====
+COM_CONFIG_FIELD_METAVERSION_LABEL="MokoWaaS Version"
+
+; ===== Update component =====
+COM_JOOMLAUPDATE_CONFIGURATION="MokoWaaS Update: Options"
+COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_NEXT="MokoWaaS Next"
+COM_JOOMLAUPDATE_CONFIG_SOURCES_DESC="Configure where MokoWaaS gets its update information from."
+COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_LABEL="Update Channel"
+COM_JOOMLAUPDATE_VIEW_DEFAULT_TITLE="MokoWaaS Update"
+COM_JOOMLAUPDATE_VIEW_DEFAULT_DESCRIPTION="MokoWaaS Update Component"
+COM_JOOMLAUPDATE_NOCHANGE="MokoWaaS is up to date."
+COM_JOOMLAUPDATE_PREUPDATE_CHECK="MokoWaaS Pre-Update Check"
+COM_JOOMLAUPDATE_UPDATE_HEADER="MokoWaaS Update"
+COM_JOOMLAUPDATE_LIVEUPDATE="Live Update"
+COM_JOOMLAUPDATE_CHECKEDFOR_UPDATES="Checked for MokoWaaS updates."
+
+; ===== Privacy =====
+COM_PRIVACY_HEADING_CORE_CAPABILITIES="MokoWaaS Core Capabilities"
+
+; ===== Database & Library errors =====
+JLIB_INSTALLER_MINIMUM_JOOMLA="You don't have the minimum MokoWaaS version requirement of J%s"
+JLIB_INSTALLER_ERROR_NOTFINDJOOMLAXMLSETUPFILE="Installer: Can't find MokoWaaS XML setup file."
+
+; ===== Version and About =====
+JLIB_HTML_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+COM_ADMIN_HELP_DOCUMENTATION="MokoWaaS Documentation"
+COM_ADMIN_HELP_SUPPORT="MokoWaaS Support"
+
+; ===== Akeeba Ticket System (ATS) =====
+COM_ATS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKETS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKET="MokoWaaS Ticket"
+COM_ATS_TITLE_NEWTICKET="New MokoWaaS Ticket"
+COM_ATS_TITLE_CATEGORIES="Ticket Categories"
+COM_ATS_MSG_TICKET_SAVED="Your MokoWaaS ticket has been saved."
+COM_ATS_MSG_TICKET_CLOSED="Your MokoWaaS ticket has been closed."
+COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
+COM_ATS_LBL_POWEREDBY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
diff --git a/src/packages/plg_system_mokowaas/Service/index.html b/source/packages/plg_system_mokowaas/administrator/language/overrides/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/Service/index.html
rename to source/packages/plg_system_mokowaas/administrator/language/overrides/index.html
diff --git a/src/packages/plg_system_mokowaas/forms/alias_entry.xml b/source/packages/plg_system_mokowaas/forms/alias_entry.xml
similarity index 100%
rename from src/packages/plg_system_mokowaas/forms/alias_entry.xml
rename to source/packages/plg_system_mokowaas/forms/alias_entry.xml
diff --git a/src/packages/plg_system_mokowaas/index.html b/source/packages/plg_system_mokowaas/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/index.html
rename to source/packages/plg_system_mokowaas/index.html
diff --git a/src/packages/plg_system_mokowaas/language/en-GB/index.html b/source/packages/plg_system_mokowaas/language/en-GB/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/language/en-GB/index.html
rename to source/packages/plg_system_mokowaas/language/en-GB/index.html
diff --git a/source/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.ini b/source/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.ini
new file mode 100644
index 00000000..fe5a2ac5
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.ini
@@ -0,0 +1,41 @@
+; -----------------------------------------------------------------------------
+; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+; This file is part of a Moko Consulting project.
+; SPDX-License-Identifier: GPL-3.0-or-later
+; REPO: https://github.com/mokoconsulting-tech/mokowaas
+; -----------------------------------------------------------------------------
+; FILE INFORMATION
+; Defgroup: Joomla Language
+; Ingroup: MokoWaaS
+; File: plg_system_mokowaas.ini
+; Brief: English language strings for MokoWaaS core system plugin
+; -----------------------------------------------------------------------------
+
+PLG_SYSTEM_MOKOWAAS="System - MokoWaaS Core"
+PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="MokoWaaS core system plugin — coordinates feature plugins, heartbeat, health checks, and admin customizations."
+
+; ===== Core fieldset =====
+PLG_SYSTEM_MOKOWAAS_FIELDSET_CORE_LABEL="Core"
+PLG_SYSTEM_MOKOWAAS_FIELDSET_CORE_DESC="Heartbeat token for health monitoring and Grafana integration."
+
+; ===== Diagnostics =====
+PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_LABEL="Heartbeat Token"
+PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_DESC="Auto-generated bearer token for the health endpoint. Use this token in your Grafana datasource configuration. Send as <code>Authorization: Bearer &lt;token&gt;</code> header or <code>&amp;token=&lt;value&gt;</code> query parameter."
+
+; ===== Site Aliases fieldset =====
+PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_LABEL="Site Aliases"
+PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_DESC="Configure additional domains that mirror this site. Each alias can have its own offline status, robots directive, and backend redirect behavior."
+PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_LABEL="Primary Domain"
+PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_DESC="The primary domain for this site (e.g. waas.dev.mokoconsulting.tech). Used for backend redirect on alias domains. Do not include https:// prefix."
+PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_LABEL="Domain Aliases"
+PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_DESC="Add domain aliases that serve as mirrors of this site. Each alias gets its own Grafana monitoring datasource."
+PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_LABEL="Domain"
+PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_DESC="The alias domain name (e.g. www.example.com). Do not include https:// prefix."
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_LABEL="Offline"
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_DESC="Show an offline maintenance page when visitors access the site through this alias domain."
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_LABEL="Offline Message"
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_DESC="Custom message to display when this alias is set to offline."
+PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_LABEL="Robots"
+PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_DESC="Meta robots directive for this alias domain. Use 'noindex, nofollow' to prevent search engines from indexing the alias."
+PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_LABEL="Redirect Backend"
+PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_DESC="Redirect admin panel requests on this alias to the primary domain. Frontend stays on the alias domain."
diff --git a/src/packages/plg_system_mokowaas/administrator/language/en-GB/plg_system_mokowaas.sys.ini b/source/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.sys.ini
similarity index 77%
rename from src/packages/plg_system_mokowaas/administrator/language/en-GB/plg_system_mokowaas.sys.ini
rename to source/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.sys.ini
index 53cb9993..14f672b5 100644
--- a/src/packages/plg_system_mokowaas/administrator/language/en-GB/plg_system_mokowaas.sys.ini
+++ b/source/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.sys.ini
@@ -15,5 +15,5 @@
 ; Variables: (none)
 ; -----------------------------------------------------------------------------
 
-PLG_SYSTEM_MOKOWAAS="System - Moko WaaS"
-PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform."
+PLG_SYSTEM_MOKOWAAS="System - MokoWaaS Core"
+PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="MokoWaaS core system plugin — coordinates feature plugins, master user management, event routing, and admin customizations."
diff --git a/src/packages/plg_system_mokowaas/language/en-US/index.html b/source/packages/plg_system_mokowaas/language/en-US/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/language/en-US/index.html
rename to source/packages/plg_system_mokowaas/language/en-US/index.html
diff --git a/source/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.ini b/source/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.ini
new file mode 100644
index 00000000..fe5a2ac5
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.ini
@@ -0,0 +1,41 @@
+; -----------------------------------------------------------------------------
+; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+; This file is part of a Moko Consulting project.
+; SPDX-License-Identifier: GPL-3.0-or-later
+; REPO: https://github.com/mokoconsulting-tech/mokowaas
+; -----------------------------------------------------------------------------
+; FILE INFORMATION
+; Defgroup: Joomla Language
+; Ingroup: MokoWaaS
+; File: plg_system_mokowaas.ini
+; Brief: English language strings for MokoWaaS core system plugin
+; -----------------------------------------------------------------------------
+
+PLG_SYSTEM_MOKOWAAS="System - MokoWaaS Core"
+PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="MokoWaaS core system plugin — coordinates feature plugins, heartbeat, health checks, and admin customizations."
+
+; ===== Core fieldset =====
+PLG_SYSTEM_MOKOWAAS_FIELDSET_CORE_LABEL="Core"
+PLG_SYSTEM_MOKOWAAS_FIELDSET_CORE_DESC="Heartbeat token for health monitoring and Grafana integration."
+
+; ===== Diagnostics =====
+PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_LABEL="Heartbeat Token"
+PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_DESC="Auto-generated bearer token for the health endpoint. Use this token in your Grafana datasource configuration. Send as <code>Authorization: Bearer &lt;token&gt;</code> header or <code>&amp;token=&lt;value&gt;</code> query parameter."
+
+; ===== Site Aliases fieldset =====
+PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_LABEL="Site Aliases"
+PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_DESC="Configure additional domains that mirror this site. Each alias can have its own offline status, robots directive, and backend redirect behavior."
+PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_LABEL="Primary Domain"
+PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_DESC="The primary domain for this site (e.g. waas.dev.mokoconsulting.tech). Used for backend redirect on alias domains. Do not include https:// prefix."
+PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_LABEL="Domain Aliases"
+PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_DESC="Add domain aliases that serve as mirrors of this site. Each alias gets its own Grafana monitoring datasource."
+PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_LABEL="Domain"
+PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_DESC="The alias domain name (e.g. www.example.com). Do not include https:// prefix."
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_LABEL="Offline"
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_DESC="Show an offline maintenance page when visitors access the site through this alias domain."
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_LABEL="Offline Message"
+PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_DESC="Custom message to display when this alias is set to offline."
+PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_LABEL="Robots"
+PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_DESC="Meta robots directive for this alias domain. Use 'noindex, nofollow' to prevent search engines from indexing the alias."
+PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_LABEL="Redirect Backend"
+PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_DESC="Redirect admin panel requests on this alias to the primary domain. Frontend stays on the alias domain."
diff --git a/src/packages/plg_system_mokowaas/administrator/language/en-US/plg_system_mokowaas.sys.ini b/source/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.sys.ini
similarity index 77%
rename from src/packages/plg_system_mokowaas/administrator/language/en-US/plg_system_mokowaas.sys.ini
rename to source/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.sys.ini
index 5e278e69..802ce253 100644
--- a/src/packages/plg_system_mokowaas/administrator/language/en-US/plg_system_mokowaas.sys.ini
+++ b/source/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.sys.ini
@@ -15,5 +15,5 @@
 ; Variables: (none)
 ; -----------------------------------------------------------------------------
 
-PLG_SYSTEM_MOKOWAAS="System - Moko WaaS"
-PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform."
+PLG_SYSTEM_MOKOWAAS="System - MokoWaaS Core"
+PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="MokoWaaS core system plugin — coordinates feature plugins, master user management, event routing, and admin customizations."
diff --git a/source/packages/plg_system_mokowaas/language/overrides/en-GB.override.ini b/source/packages/plg_system_mokowaas/language/overrides/en-GB.override.ini
new file mode 100644
index 00000000..b33bf0e4
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/language/overrides/en-GB.override.ini
@@ -0,0 +1,64 @@
+; -----------------------------------------------------------------------------
+; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+; This file is part of a Moko Consulting project.
+; SPDX-License-Identifier: GPL-3.0-or-later
+; REPO: https://github.com/mokoconsulting-tech/mokowaas
+; -----------------------------------------------------------------------------
+; FILE INFORMATION
+; Defgroup: Joomla Language Overrides
+; Ingroup: MokoWaaS
+; Version: 02.01.08
+; File: en-GB.override.ini
+; Path: language/overrides/en-GB.override.ini
+; Brief: Site/frontend language overrides — values are hardcoded.
+; -----------------------------------------------------------------------------
+
+; ===== Footer & template branding =====
+TPL_CASSIOPEIA_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+MOD_FOOTER_LINE2="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+
+; ===== Generic replacements =====
+JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="MokoWaaS Defaults"
+LIB_JOOMLA="MokoWaaS Library"
+
+; ===== System messages =====
+JERROR_JOOMLA="MokoWaaS Error"
+JFIELD_JOOMLA_LABEL="MokoWaaS Field"
+
+; ===== Error messages =====
+JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
+
+; ===== Installer / Sample data =====
+INSTL_SITE_NAME_LABEL="MokoWaaS Site Name"
+INSTL_SAMPLE_BLOG_SET="MokoWaaS Sample Data - Blog"
+INSTL_SAMPLE_BROCHURE_SET="MokoWaaS Sample Data - Brochure Site"
+INSTL_SAMPLE_DATA_SET="MokoWaaS Sample Data - Default"
+INSTL_SAMPLE_LEARN_SET="MokoWaaS Sample Data - Learn"
+INSTL_SAMPLE_TESTING_SET="MokoWaaS Sample Data - Testing"
+
+; ===== Login support =====
+MOD_LOGINSUPPORT_FORUM="Moko Consulting Support"
+MOD_LOGINSUPPORT_DOCUMENTATION="MokoWaaS Documentation"
+MOD_LOGINSUPPORT_NEWS="Moko Consulting News"
+
+; ===== Site offline =====
+JOFFLINE_MESSAGE="This site is down for maintenance.<br>Please check back again soon."
+
+; ===== Error pages =====
+JERROR_PAGE_NOT_FOUND="Page Not Found"
+JERROR_AN_ERROR_HAS_OCCURRED="An error has occurred."
+JLIB_APPLICATION_ERROR_COMPONENT_NOT_FOUND="Component not found."
+
+; ===== Version and About =====
+JLIB_HTML_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+
+; ===== Akeeba Ticket System (ATS) =====
+COM_ATS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKETS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKET="MokoWaaS Ticket"
+COM_ATS_TITLE_NEWTICKET="New MokoWaaS Ticket"
+COM_ATS_TITLE_CATEGORIES="Ticket Categories"
+COM_ATS_MSG_TICKET_SAVED="Your MokoWaaS ticket has been saved."
+COM_ATS_MSG_TICKET_CLOSED="Your MokoWaaS ticket has been closed."
+COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
+COM_ATS_LBL_POWEREDBY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
diff --git a/source/packages/plg_system_mokowaas/language/overrides/en-US.override.ini b/source/packages/plg_system_mokowaas/language/overrides/en-US.override.ini
new file mode 100644
index 00000000..51067385
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/language/overrides/en-US.override.ini
@@ -0,0 +1,64 @@
+; -----------------------------------------------------------------------------
+; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+; This file is part of a Moko Consulting project.
+; SPDX-License-Identifier: GPL-3.0-or-later
+; REPO: https://github.com/mokoconsulting-tech/mokowaas
+; -----------------------------------------------------------------------------
+; FILE INFORMATION
+; Defgroup: Joomla Language Overrides
+; Ingroup: MokoWaaS
+; Version: 02.01.08
+; File: en-US.override.ini
+; Path: language/overrides/en-US.override.ini
+; Brief: Site/frontend language overrides — values are hardcoded.
+; -----------------------------------------------------------------------------
+
+; ===== Footer & template branding =====
+TPL_CASSIOPEIA_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+MOD_FOOTER_LINE2="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+
+; ===== Generic replacements =====
+JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="MokoWaaS Defaults"
+LIB_JOOMLA="MokoWaaS Library"
+
+; ===== System messages =====
+JERROR_JOOMLA="MokoWaaS Error"
+JFIELD_JOOMLA_LABEL="MokoWaaS Field"
+
+; ===== Error messages =====
+JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
+
+; ===== Installer / Sample data =====
+INSTL_SITE_NAME_LABEL="MokoWaaS Site Name"
+INSTL_SAMPLE_BLOG_SET="MokoWaaS Sample Data - Blog"
+INSTL_SAMPLE_BROCHURE_SET="MokoWaaS Sample Data - Brochure Site"
+INSTL_SAMPLE_DATA_SET="MokoWaaS Sample Data - Default"
+INSTL_SAMPLE_LEARN_SET="MokoWaaS Sample Data - Learn"
+INSTL_SAMPLE_TESTING_SET="MokoWaaS Sample Data - Testing"
+
+; ===== Login support =====
+MOD_LOGINSUPPORT_FORUM="Moko Consulting Support"
+MOD_LOGINSUPPORT_DOCUMENTATION="MokoWaaS Documentation"
+MOD_LOGINSUPPORT_NEWS="Moko Consulting News"
+
+; ===== Site offline =====
+JOFFLINE_MESSAGE="This site is down for maintenance.<br>Please check back again soon."
+
+; ===== Error pages =====
+JERROR_PAGE_NOT_FOUND="Page Not Found"
+JERROR_AN_ERROR_HAS_OCCURRED="An error has occurred."
+JLIB_APPLICATION_ERROR_COMPONENT_NOT_FOUND="Component not found."
+
+; ===== Version and About =====
+JLIB_HTML_POWERED_BY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
+
+; ===== Akeeba Ticket System (ATS) =====
+COM_ATS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKETS="MokoWaaS Tickets"
+COM_ATS_TITLE_TICKET="MokoWaaS Ticket"
+COM_ATS_TITLE_NEWTICKET="New MokoWaaS Ticket"
+COM_ATS_TITLE_CATEGORIES="Ticket Categories"
+COM_ATS_MSG_TICKET_SAVED="Your MokoWaaS ticket has been saved."
+COM_ATS_MSG_TICKET_CLOSED="Your MokoWaaS ticket has been closed."
+COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
+COM_ATS_LBL_POWEREDBY="Powered by <a href='https://mokoconsulting.tech/support'>MokoWaaS</a>"
diff --git a/src/packages/plg_system_mokowaas/administrator/language/overrides/index.html b/source/packages/plg_system_mokowaas/language/overrides/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/administrator/language/overrides/index.html
rename to source/packages/plg_system_mokowaas/language/overrides/index.html
diff --git a/source/packages/plg_system_mokowaas/mokowaas.xml b/source/packages/plg_system_mokowaas/mokowaas.xml
new file mode 100644
index 00000000..556ea2ed
--- /dev/null
+++ b/source/packages/plg_system_mokowaas/mokowaas.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+
+ This file is part of a Moko Consulting project.
+
+ SPDX-LICENSE-IDENTIFIER: GPL-3.0-or-later
+
+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the IMPLIED WARRANTY of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License (./LICENSE.md).
+
+ # FILE INFORMATION
+ DEFGROUP: Joomla.Plugin
+ INGROUP: MokoWaaS
+ REPO: https://github.com/mokoconsulting-tech/mokowaas
+ VERSION: 02.34.16
+ PATH: /source/mokowaas.xml
+ BRIEF: Plugin manifest for MokoWaaS system plugin
+ NOTE: Defines installation metadata, files, and configuration for Joomla
+-->
+<extension type="plugin" group="system" method="upgrade">
+	<name>System - MokoWaaS Core</name>
+	<element>mokowaas</element>
+	<author>Moko Consulting</author>
+	<creationDate>2026-05-22</creationDate>
+	<copyright>Copyright (C) 2025 Moko Consulting. All rights reserved.</copyright>
+	<license>GNU General Public License version 3 or later; see LICENSE.md</license>
+	<authorEmail>hello@mokoconsulting.tech</authorEmail>
+	<authorUrl>https://mokoconsulting.tech</authorUrl>
+	<version>02.34.15</version>
+	<description>MokoWaaS core system plugin — coordinates feature plugins, heartbeat, health checks, and admin customizations.</description>
+	<namespace path=".">Moko\Plugin\System\MokoWaaS</namespace>
+	<scriptfile>script.php</scriptfile>
+
+	<files>
+		<filename plugin="mokowaas">script.php</filename>
+		<folder>Extension</folder>
+		<folder>Field</folder>
+		<folder>Helper</folder>
+		<folder>forms</folder>
+		<folder>payload</folder>
+		<folder>services</folder>
+		<folder>language</folder>
+		<folder>administrator</folder>
+	</files>
+
+	<languages folder="language">
+		<language tag="en-GB">en-GB/plg_system_mokowaas.ini</language>
+		<language tag="en-US">en-US/plg_system_mokowaas.ini</language>
+	</languages>
+
+	<languages folder="administrator/language">
+		<language tag="en-GB">en-GB/plg_system_mokowaas.sys.ini</language>
+		<language tag="en-US">en-US/plg_system_mokowaas.sys.ini</language>
+	</languages>
+
+	<administration>
+		<files folder="administrator">
+			<folder>language</folder>
+		</files>
+	</administration>
+
+	<config>
+		<fields name="params"
+			addfieldprefix="Moko\Plugin\System\MokoWaaS\Field"
+			>
+			<fieldset name="basic"
+				label="PLG_SYSTEM_MOKOWAAS_FIELDSET_CORE_LABEL"
+				description="PLG_SYSTEM_MOKOWAAS_FIELDSET_CORE_DESC">
+				<field
+					name="health_api_token"
+					type="CopyableToken"
+					label="PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_LABEL"
+					description="PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_DESC"
+					default=""
+					filter="raw"
+					readonly="true"
+					/>
+			</fieldset>
+		</fields>
+	</config>
+</extension>
diff --git a/src/packages/plg_system_mokowaas/media/index.html b/source/packages/plg_system_mokowaas/payload/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/media/index.html
rename to source/packages/plg_system_mokowaas/payload/index.html
diff --git a/src/packages/plg_system_mokowaas/script.php b/source/packages/plg_system_mokowaas/script.php
similarity index 87%
rename from src/packages/plg_system_mokowaas/script.php
rename to source/packages/plg_system_mokowaas/script.php
index 1e4bbb15..a993acef 100644
--- a/src/packages/plg_system_mokowaas/script.php
+++ b/source/packages/plg_system_mokowaas/script.php
@@ -22,7 +22,11 @@
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
  * REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD:src/packages/plg_system_mokowaas/script.php
  * VERSION: 02.34.00
+=======
+ * VERSION: 02.34.16
+>>>>>>> origin/dev:source/packages/plg_system_mokowaas/script.php
  * PATH: /src/script.php
  * BRIEF: Installation script for MokoWaaS plugin
  * NOTE: Handles installation, update, and uninstallation tasks including language override deployment
@@ -127,7 +131,6 @@ class plgSystemMokoWaaSInstallerScript implements InstallerScriptInterface
 			$this->ensureMokoCassiopeia();
 			$this->installLanguageOverrides();
 			$this->updateLoginSupportUrls();
-			$this->updateAtumBranding();
 			$this->registerActionLogExtension();
 			$this->provisionHealthEndpoint();
 			$this->sendInstallNotification($type);
@@ -537,80 +540,12 @@ class plgSystemMokoWaaSInstallerScript implements InstallerScriptInterface
 	/** Sentinel comment that marks the end of MokoWaaS overrides inside a Joomla override file. */
 	private const BLOCK_END = '; ===== END MokoWaaS Overrides =====';
 
-	/**
-	 * Build the placeholder → value map from the plugin's saved params.
-	 *
-	 * On first install the params row may not exist yet, so every value
-	 * falls back to a sensible default.
-	 *
-	 * @return  array  Associative array of placeholder => replacement value
-	 *
-	 * @since   02.01.08
-	 */
-	private function getPlaceholders()
-	{
-		$params = $this->getPluginParams();
-
-		return [
-			'{{BRAND_NAME}}'   => $params->get('brand_name', 'MokoWaaS'),
-			'{{COMPANY_NAME}}' => $params->get('company_name', 'Moko Consulting'),
-			'{{SUPPORT_URL}}'  => $params->get('support_url', 'https://mokoconsulting.tech/support'),
-		];
-	}
-
-	/**
-	 * Load the plugin's saved params from the database.
-	 *
-	 * @return  \Joomla\Registry\Registry
-	 *
-	 * @since   02.01.08
-	 */
-	private function getPluginParams()
-	{
-		$db    = Factory::getDbo();
-		$query = $db->getQuery(true)
-			->select($db->quoteName('params'))
-			->from($db->quoteName('#__extensions'))
-			->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
-			->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
-			->where($db->quoteName('type') . ' = ' . $db->quote('plugin'));
-
-		$db->setQuery($query);
-		$json = $db->loadResult();
-
-		return new \Joomla\Registry\Registry($json ?: '{}');
-	}
-
-	/**
-	 * Resolve placeholders in an array of language strings.
-	 *
-	 * @param   array  $strings  Key/value pairs (values may contain {{…}} tokens)
-	 *
-	 * @return  array  The same array with placeholders replaced
-	 *
-	 * @since   02.01.08
-	 */
-	private function resolvePlaceholders(array $strings)
-	{
-		$placeholders = $this->getPlaceholders();
-		$search       = array_keys($placeholders);
-		$replace      = array_values($placeholders);
-
-		foreach ($strings as $key => $value)
-		{
-			$strings[$key] = str_replace($search, $replace, $value);
-		}
-
-		return $strings;
-	}
-
 	/**
 	 * Install language override files to Joomla's global override directories.
 	 *
-	 * Reads each source override template shipped with the plugin, resolves
-	 * {{BRAND_NAME}} etc. from plugin params, then merges the resolved keys
-	 * into the destination file inside a clearly delimited block.  Existing
-	 * overrides outside the block are never touched.
+	 * Reads each source override file shipped with the plugin and merges
+	 * the keys into the destination file inside a clearly delimited block.
+	 * Existing overrides outside the block are never touched.
 	 *
 	 * @return  void
 	 *
@@ -644,7 +579,7 @@ class plgSystemMokoWaaSInstallerScript implements InstallerScriptInterface
 					Folder::create($destDir);
 				}
 
-				$pluginOverrides = $this->resolvePlaceholders($this->parseLanguageFile($source));
+				$pluginOverrides = $this->parseLanguageFile($source);
 
 				if (empty($pluginOverrides))
 				{
@@ -696,7 +631,7 @@ class plgSystemMokoWaaSInstallerScript implements InstallerScriptInterface
 
 		$supportUrls = [
 			'forum_url'         => 'https://mokoconsulting.tech/support',
-			'documentation_url' => 'https://mokoconsulting.tech/kb',
+			'documentation_url' => 'https://mokoconsulting.tech/support/products',
 			'news_url'          => 'https://mokoconsulting.tech/news',
 		];
 
@@ -727,75 +662,6 @@ class plgSystemMokoWaaSInstallerScript implements InstallerScriptInterface
 		);
 	}
 
-	/**
-	 * Set Atum admin template branding params at install time.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.01.08
-	 */
-	private function updateAtumBranding()
-	{
-		$mediaBase = 'media/plg_system_mokowaas/';
-
-		$expected = [
-			'logoBrandLarge'         => $mediaBase . 'logo.png',
-			'logoBrandSmall'         => $mediaBase . 'favicon_256.png',
-			'loginLogo'              => $mediaBase . 'logo.png',
-			'logoBrandLargeAlt'      => '',
-			'logoBrandSmallAlt'      => '',
-			'loginLogoAlt'           => '',
-			'emptyLogoBrandLargeAlt' => '1',
-			'emptyLogoBrandSmallAlt' => '1',
-			'emptyLoginLogoAlt'      => '1',
-			'hue'                    => 'hsl(219, 44%, 18%)',
-			'special-color'          => '#1a2744',
-			'link-color'             => '#0051ad',
-		];
-
-		$db    = Factory::getDbo();
-		$query = $db->getQuery(true)
-			->select([$db->quoteName('id'), $db->quoteName('params')])
-			->from($db->quoteName('#__template_styles'))
-			->where($db->quoteName('template') . ' = '
-				. $db->quote('atum'))
-			->where($db->quoteName('client_id') . ' = 1');
-
-		$db->setQuery($query);
-		$styles = $db->loadObjectList();
-
-		if (empty($styles))
-		{
-			return;
-		}
-
-		foreach ($styles as $style)
-		{
-			$params = new \Joomla\Registry\Registry(
-				$style->params ?: '{}'
-			);
-
-			foreach ($expected as $key => $value)
-			{
-				$params->set($key, $value);
-			}
-
-			$update = $db->getQuery(true)
-				->update($db->quoteName('#__template_styles'))
-				->set($db->quoteName('params') . ' = '
-					. $db->quote($params->toString()))
-				->where($db->quoteName('id') . ' = '
-					. (int) $style->id);
-
-			$db->setQuery($update);
-			$db->execute();
-		}
-
-		Factory::getApplication()->enqueueMessage(
-			'Updated Atum template branding.', 'message'
-		);
-	}
-
 	/**
 	 * Register the plugin in #__action_logs_extensions so it appears
 	 * as a filterable extension in System > Action Logs.
diff --git a/src/packages/plg_system_mokowaas/services/index.html b/source/packages/plg_system_mokowaas/services/index.html
similarity index 100%
rename from src/packages/plg_system_mokowaas/services/index.html
rename to source/packages/plg_system_mokowaas/services/index.html
diff --git a/src/packages/plg_system_mokowaas/services/provider.php b/source/packages/plg_system_mokowaas/services/provider.php
similarity index 91%
rename from src/packages/plg_system_mokowaas/services/provider.php
rename to source/packages/plg_system_mokowaas/services/provider.php
index 366257ae..68b08cbe 100644
--- a/src/packages/plg_system_mokowaas/services/provider.php
+++ b/source/packages/plg_system_mokowaas/services/provider.php
@@ -22,7 +22,11 @@
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
  * REPO: https://github.com/mokoconsulting-tech/mokowaas
+<<<<<<< HEAD:src/packages/plg_system_mokowaas/services/provider.php
  * VERSION: 02.34.00
+=======
+ * VERSION: 02.34.16
+>>>>>>> origin/dev:source/packages/plg_system_mokowaas/services/provider.php
  * PATH: /src/services/provider.php
  * BRIEF: Service provider for dependency injection in Joomla 5.x
  * NOTE: Registers the plugin with Joomla's DI container
diff --git a/src/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.ini b/source/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.ini
similarity index 82%
rename from src/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.ini
rename to source/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.ini
index 8fb821be..b4c72a05 100644
--- a/src/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.ini
+++ b/source/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.ini
@@ -13,3 +13,5 @@ PLG_SYSTEM_MOKOWAAS_DEVTOOLS_RESET_HITS_LABEL="Reset All Hits"
 PLG_SYSTEM_MOKOWAAS_DEVTOOLS_RESET_HITS_DESC="One-shot: reset article hit counters on save. Automatically turns off after execution."
 PLG_SYSTEM_MOKOWAAS_DEVTOOLS_DELETE_VERSIONS_LABEL="Delete All Versions"
 PLG_SYSTEM_MOKOWAAS_DEVTOOLS_DELETE_VERSIONS_DESC="One-shot: delete all content version history on save. Automatically turns off after execution."
+PLG_SYSTEM_MOKOWAAS_DEVTOOLS_RESET_DLKEYS_LABEL="Reset Download Keys"
+PLG_SYSTEM_MOKOWAAS_DEVTOOLS_RESET_DLKEYS_DESC="One-shot: clear all download keys (dlid) from update sites on save. Automatically turns off after execution."
diff --git a/src/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.sys.ini b/source/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.sys.ini
similarity index 100%
rename from src/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.sys.ini
rename to source/packages/plg_system_mokowaas_devtools/language/en-GB/plg_system_mokowaas_devtools.sys.ini
diff --git a/src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml b/source/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
similarity index 80%
rename from src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
rename to source/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
index 5a391af0..70b416e4 100644
--- a/src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
+++ b/source/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
@@ -8,7 +8,11 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_system_mokowaas_devtools/mokowaas_devtools.xml
 	<description>PLG_SYSTEM_MOKOWAAS_DEVTOOLS_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSDevTools</namespace>
 
@@ -52,6 +56,14 @@
 					<option value="1">JYES</option>
 					<option value="0">JNO</option>
 				</field>
+
+				<field name="reset_download_keys" type="radio" default="0"
+					label="PLG_SYSTEM_MOKOWAAS_DEVTOOLS_RESET_DLKEYS_LABEL"
+					description="PLG_SYSTEM_MOKOWAAS_DEVTOOLS_RESET_DLKEYS_DESC"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option>
+					<option value="0">JNO</option>
+				</field>
 			</fieldset>
 		</fields>
 	</config>
diff --git a/src/packages/plg_system_mokowaas_devtools/services/provider.php b/source/packages/plg_system_mokowaas_devtools/services/provider.php
similarity index 100%
rename from src/packages/plg_system_mokowaas_devtools/services/provider.php
rename to source/packages/plg_system_mokowaas_devtools/services/provider.php
diff --git a/src/packages/plg_system_mokowaas_devtools/src/Extension/DevTools.php b/source/packages/plg_system_mokowaas_devtools/src/Extension/DevTools.php
similarity index 69%
rename from src/packages/plg_system_mokowaas_devtools/src/Extension/DevTools.php
rename to source/packages/plg_system_mokowaas_devtools/src/Extension/DevTools.php
index cc6f5a90..06067d9d 100644
--- a/src/packages/plg_system_mokowaas_devtools/src/Extension/DevTools.php
+++ b/source/packages/plg_system_mokowaas_devtools/src/Extension/DevTools.php
@@ -80,9 +80,17 @@ class DevTools extends CMSPlugin implements SubscriberInterface
 	 */
 	public function onExtensionAfterSave($event): void
 	{
-		$context = $event->getArgument(0, '');
-		$table   = $event->getArgument(1);
-		$isNew   = $event->getArgument(2, false);
+		// Joomla 6: single event object; Joomla 5: individual args
+		if (is_object($event) && method_exists($event, 'getArgument'))
+		{
+			$context = $event->getArgument('context', $event->getArgument(0, ''));
+			$table   = $event->getArgument('subject', $event->getArgument(1, null));
+		}
+		else
+		{
+			$context = $event;
+			$table   = func_get_arg(1);
+		}
 
 		if ($context !== 'com_plugins.plugin' || !$table)
 		{
@@ -111,6 +119,13 @@ class DevTools extends CMSPlugin implements SubscriberInterface
 			$params->set('delete_versions', 0);
 		}
 
+		// Reset download keys on save if toggled on
+		if ($params->get('reset_download_keys', 0))
+		{
+			$this->resetDownloadKeys();
+			$params->set('reset_download_keys', 0);
+		}
+
 		// Reset the one-shot toggles
 		if ($table->params !== $params->toString())
 		{
@@ -152,4 +167,41 @@ class DevTools extends CMSPlugin implements SubscriberInterface
 
 		return $count;
 	}
+
+	private function resetDownloadKeys(): int
+	{
+		$db = Factory::getDbo();
+
+		// Find update sites that have a dlid in extra_query
+		$db->setQuery(
+			$db->getQuery(true)
+				->select([$db->quoteName('update_site_id'), $db->quoteName('extra_query')])
+				->from($db->quoteName('#__update_sites'))
+				->where($db->quoteName('extra_query') . ' LIKE ' . $db->quote('%dlid=%'))
+		);
+
+		$sites = $db->loadObjectList();
+		$count = 0;
+
+		foreach ($sites as $site)
+		{
+			// Parse the query string, remove dlid, rebuild
+			parse_str($site->extra_query, $parsed);
+			unset($parsed['dlid']);
+			$newQuery = http_build_query($parsed);
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__update_sites'))
+					->set($db->quoteName('extra_query') . ' = ' . $db->quote($newQuery))
+					->where($db->quoteName('update_site_id') . ' = ' . (int) $site->update_site_id)
+			)->execute();
+
+			$count++;
+		}
+
+		$this->getApplication()->enqueueMessage(\sprintf('Cleared download keys from %d update sites.', $count), 'message');
+
+		return $count;
+	}
 }
diff --git a/source/packages/plg_system_mokowaas_firewall/forms/trusted_ip_entry.xml b/source/packages/plg_system_mokowaas_firewall/forms/trusted_ip_entry.xml
new file mode 100644
index 00000000..e3850414
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_firewall/forms/trusted_ip_entry.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<form>
+	<field name="ip" type="text"
+		label="IP / CIDR"
+		hint="e.g. 192.168.1.0/24"
+		filter="raw" />
+	<field name="label" type="text"
+		label="Label"
+		hint="e.g. Office, VPN" />
+	<field name="enabled" type="radio" default="1"
+		label="Enabled"
+		class="btn-group btn-group-yesno">
+		<option value="1">JYES</option>
+		<option value="0">JNO</option>
+	</field>
+</form>
diff --git a/src/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.ini b/source/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.ini
similarity index 96%
rename from src/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.ini
rename to source/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.ini
index 2d544bc2..7c62e5ae 100644
--- a/src/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.ini
+++ b/source/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.ini
@@ -31,6 +31,9 @@ PLG_SYSTEM_MOKOWAAS_FIREWALL_WAF_RFI_DESC="Block remote file inclusion attempts
 PLG_SYSTEM_MOKOWAAS_FIREWALL_WAF_DFI_LABEL="DFIShield"
 PLG_SYSTEM_MOKOWAAS_FIREWALL_WAF_DFI_DESC="Block directory traversal and local file inclusion attempts."
 
+PLG_SYSTEM_MOKOWAAS_FIREWALL_FIELDSET_HEADERS="Security Headers"
+PLG_SYSTEM_MOKOWAAS_FIREWALL_FIELDSET_HEADERS_DESC="HTTP security headers injected into every response."
+
 PLG_SYSTEM_MOKOWAAS_FIREWALL_FIELDSET_ACCESS="Access Control"
 PLG_SYSTEM_MOKOWAAS_FIREWALL_FIELDSET_ACCESS_DESC="IP blocking, admin secret URL, and login restrictions."
 PLG_SYSTEM_MOKOWAAS_FIREWALL_IP_BLOCKLIST_LABEL="IP Deny List"
diff --git a/src/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.sys.ini b/source/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.sys.ini
similarity index 100%
rename from src/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.sys.ini
rename to source/packages/plg_system_mokowaas_firewall/language/en-GB/plg_system_mokowaas_firewall.sys.ini
diff --git a/src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml b/source/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
similarity index 74%
rename from src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
rename to source/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
index e68258bc..a9895f56 100644
--- a/src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
+++ b/source/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
@@ -8,7 +8,11 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_system_mokowaas_firewall/mokowaas_firewall.xml
 	<description>PLG_SYSTEM_MOKOWAAS_FIREWALL_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSFirewall</namespace>
 
@@ -16,6 +20,7 @@
 		<folder>src</folder>
 		<folder>sql</folder>
 		<folder>services</folder>
+		<folder>forms</folder>
 		<folder>language</folder>
 	</files>
 
@@ -54,7 +59,7 @@
 				<field name="trusted_ips" type="subform"
 					label="PLG_SYSTEM_MOKOWAAS_FIREWALL_TRUSTED_IPS_LABEL"
 					description="PLG_SYSTEM_MOKOWAAS_FIREWALL_TRUSTED_IPS_DESC"
-					formsource="plugins/system/mokowaas/forms/trusted_ip_entry.xml"
+					formsource="plugins/system/mokowaas_firewall/forms/trusted_ip_entry.xml"
 					multiple="true"
 					layout="joomla.form.field.subform.repeatable-table"
 					groupByFieldset="false"
@@ -127,6 +132,53 @@
 				</field>
 			</fieldset>
 
+			<!-- Security Headers -->
+			<fieldset name="headers"
+				label="PLG_SYSTEM_MOKOWAAS_FIREWALL_FIELDSET_HEADERS"
+				description="PLG_SYSTEM_MOKOWAAS_FIREWALL_FIELDSET_HEADERS_DESC">
+
+				<field name="header_xframe" type="radio" default="1"
+					label="X-Frame-Options" description="Clickjacking protection (SAMEORIGIN)"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option><option value="0">JNO</option>
+				</field>
+				<field name="header_xcontent" type="radio" default="1"
+					label="X-Content-Type-Options" description="MIME sniffing prevention (nosniff)"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option><option value="0">JNO</option>
+				</field>
+				<field name="header_xxss" type="radio" default="1"
+					label="X-XSS-Protection" description="Browser XSS filter (1; mode=block)"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option><option value="0">JNO</option>
+				</field>
+				<field name="header_referrer" type="list" default="strict-origin-when-cross-origin"
+					label="Referrer-Policy" description="Controls referrer information sent with requests">
+					<option value="off">Off</option>
+					<option value="no-referrer">no-referrer</option>
+					<option value="same-origin">same-origin</option>
+					<option value="strict-origin-when-cross-origin">strict-origin-when-cross-origin</option>
+				</field>
+				<field name="header_hsts" type="radio" default="0"
+					label="HSTS (Strict-Transport-Security)" description="Force HTTPS via browser header"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option><option value="0">JNO</option>
+				</field>
+				<field name="header_hsts_maxage" type="number" default="31536000"
+					label="HSTS Max Age (seconds)" showon="header_hsts:1" />
+				<field name="header_hsts_subdomains" type="radio" default="0"
+					label="HSTS Include Subdomains" class="btn-group btn-group-yesno"
+					showon="header_hsts:1">
+					<option value="1">JYES</option><option value="0">JNO</option>
+				</field>
+				<field name="header_csp" type="textarea" default=""
+					label="Content-Security-Policy" description="CSP header value (leave empty to disable)"
+					rows="2" filter="raw" />
+				<field name="header_permissions" type="textarea" default=""
+					label="Permissions-Policy" description="e.g. camera=(), microphone=(), geolocation=()"
+					rows="2" filter="raw" />
+			</fieldset>
+
 			<!-- Access Control -->
 			<fieldset name="access_control"
 				label="PLG_SYSTEM_MOKOWAAS_FIREWALL_FIELDSET_ACCESS"
@@ -135,7 +187,7 @@
 				<field name="ip_blocklist" type="subform"
 					label="PLG_SYSTEM_MOKOWAAS_FIREWALL_IP_BLOCKLIST_LABEL"
 					description="PLG_SYSTEM_MOKOWAAS_FIREWALL_IP_BLOCKLIST_DESC"
-					formsource="plugins/system/mokowaas/forms/trusted_ip_entry.xml"
+					formsource="plugins/system/mokowaas_firewall/forms/trusted_ip_entry.xml"
 					multiple="true"
 					layout="joomla.form.field.subform.repeatable-table"
 					groupByFieldset="false"
@@ -152,6 +204,16 @@
 					default="" filter="url" hint="Empty = 403 Forbidden"
 					showon="admin_secret!:" />
 
+				<field name="autoban_threshold" type="number" default="10"
+					label="Auto-Ban Threshold"
+					description="Auto-ban IP after this many WAF blocks (0 = disabled)"
+					hint="0 = disabled" />
+
+				<field name="autoban_window" type="number" default="5"
+					label="Auto-Ban Window (minutes)"
+					description="Time window for counting blocks before auto-ban"
+					showon="autoban_threshold!:0" />
+
 				<field name="block_frontend_superuser" type="radio" default="0"
 					label="PLG_SYSTEM_MOKOWAAS_FIREWALL_BLOCK_FE_SU_LABEL"
 					description="PLG_SYSTEM_MOKOWAAS_FIREWALL_BLOCK_FE_SU_DESC"
diff --git a/src/packages/plg_system_mokowaas_firewall/services/provider.php b/source/packages/plg_system_mokowaas_firewall/services/provider.php
similarity index 100%
rename from src/packages/plg_system_mokowaas_firewall/services/provider.php
rename to source/packages/plg_system_mokowaas_firewall/services/provider.php
diff --git a/src/packages/plg_system_mokowaas_firewall/sql/install.mysql.sql b/source/packages/plg_system_mokowaas_firewall/sql/install.mysql.sql
similarity index 100%
rename from src/packages/plg_system_mokowaas_firewall/sql/install.mysql.sql
rename to source/packages/plg_system_mokowaas_firewall/sql/install.mysql.sql
diff --git a/src/packages/plg_system_mokowaas_firewall/sql/uninstall.mysql.sql b/source/packages/plg_system_mokowaas_firewall/sql/uninstall.mysql.sql
similarity index 100%
rename from src/packages/plg_system_mokowaas_firewall/sql/uninstall.mysql.sql
rename to source/packages/plg_system_mokowaas_firewall/sql/uninstall.mysql.sql
diff --git a/src/packages/plg_system_mokowaas_firewall/src/Extension/Firewall.php b/source/packages/plg_system_mokowaas_firewall/src/Extension/Firewall.php
similarity index 56%
rename from src/packages/plg_system_mokowaas_firewall/src/Extension/Firewall.php
rename to source/packages/plg_system_mokowaas_firewall/src/Extension/Firewall.php
index c2b096b3..810d380a 100644
--- a/src/packages/plg_system_mokowaas_firewall/src/Extension/Firewall.php
+++ b/source/packages/plg_system_mokowaas_firewall/src/Extension/Firewall.php
@@ -10,12 +10,14 @@ namespace Moko\Plugin\System\MokoWaaSFirewall\Extension;
 
 defined('_JEXEC') or die;
 
+use Joomla\CMS\Extension\BootableExtensionInterface;
 use Joomla\CMS\Factory;
 use Joomla\CMS\Log\Log;
 use Joomla\CMS\Plugin\CMSPlugin;
 use Joomla\CMS\Router\Route;
 use Joomla\Event\SubscriberInterface;
 use Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper;
+use Psr\Container\ContainerInterface;
 
 /**
  * MokoWaaS Firewall Plugin
@@ -25,10 +27,29 @@ use Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper;
  *
  * @since  02.32.00
  */
-class Firewall extends CMSPlugin implements SubscriberInterface
+class Firewall extends CMSPlugin implements SubscriberInterface, BootableExtensionInterface
 {
 	protected $autoloadLanguage = true;
 
+	/**
+	 * Extend session lifetime for trusted IPs before Joomla creates the session.
+	 */
+	public function boot(ContainerInterface $container): void
+	{
+		$timeout = (int) $this->params->get('admin_session_timeout', 0);
+
+		if ($timeout <= 0)
+		{
+			return;
+		}
+
+		if ($this->ipIsTrusted())
+		{
+			ini_set('session.gc_maxlifetime', 315360000);
+			Factory::getConfig()->set('lifetime', 525600);
+		}
+	}
+
 	private const BLOCKED_FILES = [
 		'htaccess.txt', 'web.config.txt', 'configuration.php-dist',
 		'README.txt', 'LICENSE.txt', 'joomla.xml', 'robots.txt.dist',
@@ -44,6 +65,7 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 	{
 		return [
 			'onAfterInitialise' => 'onAfterInitialise',
+			'onAfterRoute'      => 'onAfterRoute',
 			'onUserBeforeSave'  => 'onUserBeforeSave',
 		];
 	}
@@ -90,7 +112,14 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 			$this->checkDirectPhpAccess();
 		}
 
-		// Existing features
+		// Block super users from frontend
+		if ($app->isClient('site') && $this->params->get('block_frontend_superuser', 0))
+		{
+			$this->blockFrontendSuperuser();
+		}
+
+		// Security headers + existing features
+		$this->injectSecurityHeaders();
 		$this->enforceHttps();
 		$this->enforceUploadRestrictions();
 
@@ -316,6 +345,19 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 		}
 	}
 
+	/**
+	 * Redirect super admin users away from the frontend to the admin panel.
+	 */
+	private function blockFrontendSuperuser(): void
+	{
+		$user = Factory::getApplication()->getIdentity();
+
+		if ($user && $user->id && $user->authorise('core.admin'))
+		{
+			Factory::getApplication()->redirect(Route::_('administrator/index.php', false));
+		}
+	}
+
 	private function checkAdminSecret(): void
 	{
 		$secret = $this->params->get('admin_secret', '');
@@ -379,6 +421,46 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 				'created'    => gmdate('Y-m-d H:i:s'),
 			];
 			$db->insertObject('#__mokowaas_waf_log', $row);
+
+			// Security alert email (#131) — rate limited to 1 per IP per 5 minutes
+			try
+			{
+				$alertKey = 'mokowaas_waf_alert_' . md5($ip);
+				$session  = \Joomla\CMS\Factory::getSession();
+
+				if (!$session->get($alertKey, false))
+				{
+					$session->set($alertKey, true);
+					\Moko\Component\MokoWaaS\Administrator\Service\NotificationService::securityAlert(
+						'waf_block',
+						'WAF Block: ' . $rule . ' from ' . $ip,
+						"Rule: {$rule}\nIP: {$ip}\nURI: {$uri}\nDetail: " . substr($detail, 0, 200)
+					);
+				}
+			}
+			catch (\Throwable $e) {}
+
+			// Auto-ban: if IP has N+ blocks in last M minutes, add to blocklist (#143)
+			$threshold = (int) $this->params->get('autoban_threshold', 10);
+			$window    = (int) $this->params->get('autoban_window', 5);
+
+			if ($threshold > 0 && $window > 0)
+			{
+				$cutoff = gmdate('Y-m-d H:i:s', time() - ($window * 60));
+				$db->setQuery(
+					$db->getQuery(true)
+						->select('COUNT(*)')
+						->from($db->quoteName('#__mokowaas_waf_log'))
+						->where($db->quoteName('ip') . ' = ' . $db->quote($ip))
+						->where($db->quoteName('created') . ' >= ' . $db->quote($cutoff))
+				);
+				$recentBlocks = (int) $db->loadResult();
+
+				if ($recentBlocks >= $threshold)
+				{
+					$this->autoBanIp($ip, $db);
+				}
+			}
 		}
 		catch (\Throwable $e)
 		{
@@ -397,6 +479,51 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 	// Input Scanning
 	// ==================================================================
 
+	/**
+	 * Auto-ban an IP by adding it to the blocklist params (#143).
+	 */
+	private function autoBanIp(string $ip, $db): void
+	{
+		try
+		{
+			$query = $db->getQuery(true)
+				->select($db->quoteName('params'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas_firewall'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
+			$db->setQuery($query);
+			$params    = new \Joomla\Registry\Registry($db->loadResult() ?? '{}');
+			$blocklist = json_decode($params->get('ip_blocklist', '[]'), true) ?: [];
+
+			foreach ($blocklist as $entry)
+			{
+				if (($entry['ip'] ?? '') === $ip)
+				{
+					return;
+				}
+			}
+
+			$blocklist[] = ['ip' => $ip, 'enabled' => '1', 'label' => 'Auto-banned by WAF (' . gmdate('Y-m-d H:i') . ')'];
+			$params->set('ip_blocklist', json_encode($blocklist));
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+					->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas_firewall'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+			)->execute();
+
+			Log::add('WAF auto-banned IP: ' . $ip, Log::WARNING, 'mokowaas');
+		}
+		catch (\Throwable $e)
+		{
+			// Silent
+		}
+	}
+
 	private function scanInput(array $input, string $pattern): ?string
 	{
 		foreach ($input as $key => $value)
@@ -414,7 +541,8 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 			}
 
 			$value   = (string) $value;
-			$decoded = urldecode($value);
+			// Double-decode to catch %25xx encoding tricks
+			$decoded = urldecode(urldecode($value));
 
 			if (preg_match($pattern, $value) || preg_match($pattern, $decoded))
 			{
@@ -526,6 +654,68 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 		}
 	}
 
+	/**
+	 * Inject HTTP security headers at runtime (#124).
+	 */
+	private function injectSecurityHeaders(): void
+	{
+		$app = $this->getApplication();
+
+		if ($app->isClient('cli'))
+		{
+			return;
+		}
+
+		if ($this->params->get('header_xframe', 1))
+		{
+			$app->setHeader('X-Frame-Options', 'SAMEORIGIN', true);
+		}
+
+		if ($this->params->get('header_xcontent', 1))
+		{
+			$app->setHeader('X-Content-Type-Options', 'nosniff', true);
+		}
+
+		if ($this->params->get('header_xxss', 1))
+		{
+			$app->setHeader('X-XSS-Protection', '1; mode=block', true);
+		}
+
+		$referrer = $this->params->get('header_referrer', '');
+
+		if (!empty($referrer) && $referrer !== 'off')
+		{
+			$app->setHeader('Referrer-Policy', $referrer, true);
+		}
+
+		if ($this->params->get('header_hsts', 0))
+		{
+			$maxAge = (int) $this->params->get('header_hsts_maxage', 31536000);
+			$hsts   = 'max-age=' . $maxAge;
+
+			if ($this->params->get('header_hsts_subdomains', 0))
+			{
+				$hsts .= '; includeSubDomains';
+			}
+
+			$app->setHeader('Strict-Transport-Security', $hsts, true);
+		}
+
+		$csp = $this->params->get('header_csp', '');
+
+		if (!empty($csp))
+		{
+			$app->setHeader('Content-Security-Policy', $csp, true);
+		}
+
+		$perms = $this->params->get('header_permissions', '');
+
+		if (!empty($perms))
+		{
+			$app->setHeader('Permissions-Policy', $perms, true);
+		}
+	}
+
 	private function enforceHttps(): void
 	{
 		if (!$this->params->get('force_https', 0))
@@ -622,4 +812,177 @@ class Firewall extends CMSPlugin implements SubscriberInterface
 			$config->set('upload_maxsize', $maxMb);
 		}
 	}
+
+	// ==================================================================
+	// Extension Protection (#155)
+	// ==================================================================
+
+	/**
+	 * Protect MokoWaaS extensions after routing.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.35.00
+	 */
+	public function onAfterRoute(): void
+	{
+		$app = $this->getApplication();
+
+		if (!$app->isClient('administrator'))
+		{
+			return;
+		}
+
+		$this->protectPlugin();
+	}
+
+	/**
+	 * Protect the plugin from being disabled or uninstalled by non-master users.
+	 * Does NOT self-heal (no lock) -- master users can still disable if needed.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.03.04
+	 */
+	private function protectPlugin(): void
+	{
+		// Ensure protected flag is set (self-healing -- runs once per session)
+		static $flagChecked = false;
+
+		if (!$flagChecked)
+		{
+			$flagChecked = true;
+			$this->ensureProtectedFlag();
+		}
+
+		if (MokoWaaSHelper::isMasterUser())
+		{
+			return;
+		}
+
+		$app    = $this->getApplication();
+		$option = $app->input->get('option', '');
+		$task   = $app->input->get('task', '');
+
+		// Block non-master from uninstalling MokoWaaS
+		if ($option === 'com_installer' && strpos($task, 'manage.remove') !== false)
+		{
+			$cid = $app->input->get('cid', [], 'array');
+
+			if ($this->isOurExtension($cid))
+			{
+				$app->enqueueMessage('MokoWaaS cannot be uninstalled.', 'error');
+				$app->redirect('index.php?option=com_installer&view=manage');
+			}
+		}
+
+		// Block non-master from disabling via list toggle
+		if ($option === 'com_plugins' && strpos($task, 'plugins.publish') !== false)
+		{
+			$cid = $app->input->get('cid', [], 'array');
+
+			if ($this->isOurExtension($cid))
+			{
+				$app->enqueueMessage('MokoWaaS cannot be disabled.', 'error');
+				$app->redirect('index.php?option=com_plugins');
+			}
+		}
+
+		// Block non-master from viewing or editing MokoWaaS plugin settings
+		if ($option === 'com_plugins')
+		{
+			$view       = $app->input->get('view', '');
+			$layout     = $app->input->get('layout', '');
+			$extensionId = (int) $app->input->get('extension_id', 0);
+
+			if (($view === 'plugin' || $layout === 'edit') && $extensionId > 0)
+			{
+				$db    = Factory::getDbo();
+				$query = $db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('extension_id') . ' = ' . $extensionId)
+					->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'));
+
+				if ((int) $db->setQuery($query)->loadResult() > 0)
+				{
+					$app->enqueueMessage('MokoWaaS settings are restricted to the master user.', 'warning');
+					$app->redirect('index.php?option=com_plugins');
+				}
+			}
+		}
+	}
+
+	/**
+	 * Ensure the protected flag is set on MokoWaaS extensions in the DB.
+	 *
+	 * Sets protected=1, locked=0 so the extension can't be disabled or
+	 * uninstalled but can still receive updates and config changes.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.03.10
+	 */
+	private function ensureProtectedFlag(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Set protected=1, locked=0 on MokoWaaS extensions
+			$query = $db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('protected') . ' = 1')
+				->set($db->quoteName('locked') . ' = 0')
+				->where('(' . $db->quoteName('element') . ' = ' . $db->quote('mokowaas')
+					. ' OR ' . $db->quoteName('element') . ' = ' . $db->quote('pkg_mokowaas') . ')')
+				->where($db->quoteName('protected') . ' = 0');
+			$db->setQuery($query);
+			$db->execute();
+
+			// Ensure update site stays enabled (protected extensions get their update site disabled by Joomla)
+			$query = $db->getQuery(true)
+				->update($db->quoteName('#__update_sites') . ' AS us')
+				->join('INNER', $db->quoteName('#__update_sites_extensions') . ' AS use2 ON us.update_site_id = use2.update_site_id')
+				->join('INNER', $db->quoteName('#__extensions') . ' AS e ON use2.extension_id = e.extension_id')
+				->set('us.enabled = 1')
+				->where('us.enabled = 0')
+				->where('(' . $db->quoteName('e.element') . ' = ' . $db->quote('mokowaas')
+					. ' OR ' . $db->quoteName('e.element') . ' = ' . $db->quote('pkg_mokowaas') . ')');
+			$db->setQuery($query);
+			$db->execute();
+		}
+		catch (\Throwable $e)
+		{
+			// Non-critical
+		}
+	}
+
+	/**
+	 * Check if any of the given extension IDs belong to MokoWaaS.
+	 *
+	 * @param   array  $ids  Extension IDs to check
+	 *
+	 * @return  bool
+	 *
+	 * @since   02.03.04
+	 */
+	private function isOurExtension(array $ids): bool
+	{
+		if (empty($ids))
+		{
+			return false;
+		}
+
+		$db    = Factory::getDbo();
+		$query = $db->getQuery(true)
+			->select('COUNT(*)')
+			->from($db->quoteName('#__extensions'))
+			->where($db->quoteName('extension_id') . ' IN (' . implode(',', array_map('intval', $ids)) . ')')
+			->where('(' . $db->quoteName('element') . ' = ' . $db->quote('mokowaas')
+				. ' OR ' . $db->quoteName('element') . ' = ' . $db->quote('pkg_mokowaas') . ')');
+
+		return (int) $db->setQuery($query)->loadResult() > 0;
+	}
 }
diff --git a/source/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.ini b/source/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.ini
new file mode 100644
index 00000000..9be4380c
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.ini
@@ -0,0 +1,13 @@
+; MokoWaaS Health Monitor Plugin
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+PLG_SYSTEM_MOKOWAAS_MONITOR="System - MokoWaaS Monitor"
+PLG_SYSTEM_MOKOWAAS_MONITOR_DESC="Sends heartbeat data to a MokoWaaSBase control panel for centralized site monitoring."
+
+PLG_SYSTEM_MOKOWAAS_MONITOR_FIELDSET_BASIC="Monitoring"
+PLG_SYSTEM_MOKOWAAS_MONITOR_FIELDSET_BASIC_DESC="Configure heartbeat reporting to MokoWaaSBase."
+PLG_SYSTEM_MOKOWAAS_MONITOR_HEARTBEAT_LABEL="Send Heartbeat"
+PLG_SYSTEM_MOKOWAAS_MONITOR_HEARTBEAT_DESC="Send heartbeat data to MokoWaaSBase when plugin settings are saved."
+PLG_SYSTEM_MOKOWAAS_MONITOR_BASE_URL_LABEL="MokoWaaSBase URL"
+PLG_SYSTEM_MOKOWAAS_MONITOR_BASE_URL_DESC="URL of the MokoWaaSBase control panel (e.g. https://mokoconsulting.tech). The heartbeat is sent to /api/index.php/v1/mokowaasbase/heartbeat on this host."
diff --git a/src/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.sys.ini b/source/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.sys.ini
similarity index 100%
rename from src/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.sys.ini
rename to source/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.sys.ini
diff --git a/src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml b/source/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
similarity index 75%
rename from src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
rename to source/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
index 6fd5539f..d62ee10c 100644
--- a/src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
+++ b/source/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
@@ -8,7 +8,11 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_system_mokowaas_monitor/mokowaas_monitor.xml
 	<description>PLG_SYSTEM_MOKOWAAS_MONITOR_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSMonitor</namespace>
 
@@ -36,6 +40,14 @@
 					<option value="1">JYES</option>
 					<option value="0">JNO</option>
 				</field>
+
+				<field name="base_url" type="url"
+					label="PLG_SYSTEM_MOKOWAAS_MONITOR_BASE_URL_LABEL"
+					description="PLG_SYSTEM_MOKOWAAS_MONITOR_BASE_URL_DESC"
+					default="https://mokoconsulting.tech"
+					filter="url"
+					hint="https://mokoconsulting.tech"
+					showon="heartbeat_enabled:1" />
 			</fieldset>
 		</fields>
 	</config>
diff --git a/src/packages/plg_system_mokowaas_monitor/services/provider.php b/source/packages/plg_system_mokowaas_monitor/services/provider.php
similarity index 100%
rename from src/packages/plg_system_mokowaas_monitor/services/provider.php
rename to source/packages/plg_system_mokowaas_monitor/services/provider.php
diff --git a/source/packages/plg_system_mokowaas_monitor/src/Extension/Monitor.php b/source/packages/plg_system_mokowaas_monitor/src/Extension/Monitor.php
new file mode 100644
index 00000000..addcb36a
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_monitor/src/Extension/Monitor.php
@@ -0,0 +1,242 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  plg_system_mokowaas_monitor
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Plugin\System\MokoWaaSMonitor\Extension;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Log\Log;
+use Joomla\CMS\Plugin\CMSPlugin;
+use Joomla\CMS\Uri\Uri;
+use Joomla\CMS\Version;
+use Joomla\Event\SubscriberInterface;
+use Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper;
+
+/**
+ * MokoWaaS Health Monitor Plugin
+ *
+ * Sends heartbeat data to a MokoWaaSBase control panel instance.
+ * The heartbeat includes site identity, version info, and optionally
+ * the full health check payload from the core plugin.
+ *
+ * @since  02.32.00
+ */
+class Monitor extends CMSPlugin implements SubscriberInterface
+{
+	protected $autoloadLanguage = true;
+
+	public static function getSubscribedEvents(): array
+	{
+		return [
+			'onExtensionAfterSave' => 'onExtensionAfterSave',
+		];
+	}
+
+	/**
+	 * After saving this plugin or the core plugin, send heartbeat.
+	 */
+	public function onExtensionAfterSave($event): void
+	{
+		// Joomla 6: single event object; Joomla 5: individual args
+		if (is_object($event) && method_exists($event, 'getArgument'))
+		{
+			$context = $event->getArgument('context', $event->getArgument(0, ''));
+			$table   = $event->getArgument('subject', $event->getArgument(1, null));
+		}
+		else
+		{
+			$context = $event;
+			$table   = func_get_arg(1);
+		}
+
+		if ($context !== 'com_plugins.plugin' || !$table)
+		{
+			return;
+		}
+
+		$element = $table->element ?? '';
+
+		// Trigger heartbeat when core or monitor plugin is saved
+		if (!\in_array($element, ['mokowaas', 'mokowaas_monitor'], true))
+		{
+			return;
+		}
+
+		if (!$this->params->get('heartbeat_enabled', 1))
+		{
+			return;
+		}
+
+		$this->sendHeartbeat();
+	}
+
+	/**
+	 * Send heartbeat to the MokoWaaSBase control panel.
+	 *
+	 * Posts site identity and version info to the MokoWaaSBase REST API.
+	 * The control panel looks up the site by domain and verifies the token.
+	 */
+	private function sendHeartbeat(): void
+	{
+		$baseUrl = rtrim($this->params->get('base_url', ''), '/');
+
+		if (empty($baseUrl))
+		{
+			return;
+		}
+
+		$coreParams  = MokoWaaSHelper::getCoreParams();
+		$healthToken = $coreParams->get('health_api_token', '');
+
+		if (empty($healthToken))
+		{
+			return;
+		}
+
+		$siteUrl = rtrim(Uri::root(), '/');
+		$domain  = parse_url($siteUrl, PHP_URL_HOST) ?: '';
+
+		if (empty($domain))
+		{
+			return;
+		}
+
+		$app = $this->getApplication();
+
+		$config = Factory::getConfig();
+
+		$payload = [
+			'token'            => $healthToken,
+			'domain'           => $domain,
+			'site_name'        => $config->get('sitename', 'Joomla'),
+			'site_url'         => $siteUrl,
+			'joomla_version'   => (new Version())->getShortVersion(),
+			'php_version'      => PHP_VERSION,
+			'mokowaas_version' => $this->getMokoWaaSVersion(),
+			'client_info'      => [
+				'company'  => $config->get('sitename', ''),
+				'email'    => $config->get('mailfrom', ''),
+			],
+		];
+
+		// Include live health data by calling the local health endpoint
+		$healthData = $this->fetchLocalHealth($siteUrl, $healthToken);
+
+		if ($healthData !== null)
+		{
+			$payload['health'] = $healthData;
+		}
+
+		$endpoint = $baseUrl . '/api/index.php/v1/mokowaasbase/heartbeat';
+		$json     = json_encode($payload, JSON_UNESCAPED_SLASHES);
+
+		$ch = curl_init($endpoint);
+		curl_setopt_array($ch, [
+			CURLOPT_POST           => true,
+			CURLOPT_HTTPHEADER     => ['Content-Type: application/json'],
+			CURLOPT_POSTFIELDS     => $json,
+			CURLOPT_RETURNTRANSFER => true,
+			CURLOPT_TIMEOUT        => 15,
+			CURLOPT_FOLLOWLOCATION => true,
+			CURLOPT_SSL_VERIFYPEER => false,
+		]);
+
+		$response = curl_exec($ch);
+		$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
+		$error    = curl_error($ch);
+		curl_close($ch);
+
+		if ($error)
+		{
+			Log::add('Monitor heartbeat failed: ' . $error, Log::WARNING, 'mokowaas');
+		}
+		elseif ($code >= 200 && $code < 300)
+		{
+			$body = json_decode($response, true);
+			$app->enqueueMessage(
+				'MokoWaaSBase heartbeat: ' . ($body['status'] ?? 'ok'),
+				'message'
+			);
+		}
+		else
+		{
+			$body = json_decode($response, true);
+			Log::add(
+				\sprintf('Monitor heartbeat HTTP %d: %s', $code, $body['error'] ?? 'Unknown'),
+				Log::WARNING,
+				'mokowaas'
+			);
+			$app->enqueueMessage(
+				'MokoWaaSBase heartbeat failed (HTTP ' . $code . ')',
+				'warning'
+			);
+		}
+	}
+
+	/**
+	 * Fetch health data from the local site's health endpoint.
+	 *
+	 * @param   string  $siteUrl     Local site URL.
+	 * @param   string  $healthToken Health API token.
+	 *
+	 * @return  array|null  Parsed health data or null on failure.
+	 */
+	private function fetchLocalHealth(string $siteUrl, string $healthToken): ?array
+	{
+		$url = $siteUrl . '/?mokowaas=health';
+
+		$ch = curl_init($url);
+		curl_setopt_array($ch, [
+			CURLOPT_RETURNTRANSFER => true,
+			CURLOPT_TIMEOUT        => 10,
+			CURLOPT_FOLLOWLOCATION => true,
+			CURLOPT_SSL_VERIFYPEER => false,
+			CURLOPT_HTTPHEADER     => [
+				'Authorization: Bearer ' . $healthToken,
+				'Accept: application/json',
+			],
+		]);
+
+		$response = curl_exec($ch);
+		$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
+		curl_close($ch);
+
+		if ($code !== 200 || empty($response))
+		{
+			return null;
+		}
+
+		return json_decode($response, true) ?: null;
+	}
+
+	/**
+	 * Get the installed MokoWaaS package version.
+	 */
+	private function getMokoWaaSVersion(): string
+	{
+		try
+		{
+			$db = Factory::getDbo();
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('manifest_cache'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('pkg_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('package'))
+			);
+			$mc = json_decode($db->loadResult() ?? '{}');
+
+			return $mc->version ?? '';
+		}
+		catch (\Throwable $e)
+		{
+			return '';
+		}
+	}
+}
diff --git a/source/packages/plg_system_mokowaas_offline/language/en-GB/plg_system_mokowaas_offline.ini b/source/packages/plg_system_mokowaas_offline/language/en-GB/plg_system_mokowaas_offline.ini
new file mode 100644
index 00000000..65517993
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_offline/language/en-GB/plg_system_mokowaas_offline.ini
@@ -0,0 +1,13 @@
+; MokoWaaS Terms of Service Plugin
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+PLG_SYSTEM_MOKOWAAS_OFFLINE="System - MokoWaaS Offline Bypass"
+PLG_SYSTEM_MOKOWAAS_OFFLINE_DESC="Keep selected pages (Terms of Service, Privacy Policy, etc.) accessible when the site is in offline mode."
+
+PLG_SYSTEM_MOKOWAAS_OFFLINE_FIELDSET_BASIC="Offline-Accessible Pages"
+PLG_SYSTEM_MOKOWAAS_OFFLINE_SLUG_LABEL="Menu Items to Keep Online"
+PLG_SYSTEM_MOKOWAAS_OFFLINE_SLUG_DESC="Select menu items that remain accessible during offline mode. Hold Ctrl/Cmd for multiple."
+PLG_SYSTEM_MOKOWAAS_OFFLINE_CHILDREN_LABEL="Include Child Menu Items"
+PLG_SYSTEM_MOKOWAAS_OFFLINE_CHILDREN_DESC="Also allow access to child pages under the selected items."
+PLG_SYSTEM_MOKOWAAS_OFFLINE_SEF_WARNING="SEF URLs are disabled - path matching requires SEF. Itemid fallback is active."
diff --git a/source/packages/plg_system_mokowaas_offline/language/en-GB/plg_system_mokowaas_offline.sys.ini b/source/packages/plg_system_mokowaas_offline/language/en-GB/plg_system_mokowaas_offline.sys.ini
new file mode 100644
index 00000000..7b6f1ef3
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_offline/language/en-GB/plg_system_mokowaas_offline.sys.ini
@@ -0,0 +1,3 @@
+; MokoWaaS Terms of Service Plugin - System strings
+PLG_SYSTEM_MOKOWAAS_OFFLINE="System - MokoWaaS Offline Bypass"
+PLG_SYSTEM_MOKOWAAS_OFFLINE_DESC="Keep selected pages (Terms of Service, Privacy Policy, etc.) accessible when the site is in offline mode."
diff --git a/source/packages/plg_system_mokowaas_offline/mokowaas_offline.xml b/source/packages/plg_system_mokowaas_offline/mokowaas_offline.xml
new file mode 100644
index 00000000..83cf31c3
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_offline/mokowaas_offline.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension type="plugin" group="system" method="upgrade">
+	<name>System - MokoWaaS Offline Bypass</name>
+	<element>mokowaas_offline</element>
+	<author>Moko Consulting</author>
+	<creationDate>2026-06-02</creationDate>
+	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
+	<license>GPL-3.0-or-later</license>
+	<authorEmail>hello@mokoconsulting.tech</authorEmail>
+	<authorUrl>https://mokoconsulting.tech</authorUrl>
+	<version>02.34.15</version>
+	<description>PLG_SYSTEM_MOKOWAAS_OFFLINE_DESC</description>
+	<namespace path="src">Moko\Plugin\System\MokoWaaSOffline</namespace>
+
+	<files>
+		<folder>src</folder>
+		<folder>services</folder>
+		<folder>language</folder>
+	</files>
+
+	<languages folder="language">
+		<language tag="en-GB">en-GB/plg_system_mokowaas_offline.ini</language>
+		<language tag="en-GB">en-GB/plg_system_mokowaas_offline.sys.ini</language>
+	</languages>
+
+	<config>
+		<fields name="params" addfieldprefix="Moko\Plugin\System\MokoWaaSOffline\Field">
+			<fieldset name="basic" label="PLG_SYSTEM_MOKOWAAS_OFFLINE_FIELDSET_BASIC">
+				<field name="tos_slug" type="menuslug"
+					label="PLG_SYSTEM_MOKOWAAS_OFFLINE_SLUG_LABEL"
+					description="PLG_SYSTEM_MOKOWAAS_OFFLINE_SLUG_DESC"
+					multiple="true" />
+
+				<field name="include_children" type="radio" default="1"
+					label="PLG_SYSTEM_MOKOWAAS_OFFLINE_CHILDREN_LABEL"
+					description="PLG_SYSTEM_MOKOWAAS_OFFLINE_CHILDREN_DESC"
+					class="btn-group btn-group-yesno">
+					<option value="1">JYES</option>
+					<option value="0">JNO</option>
+				</field>
+			</fieldset>
+		</fields>
+	</config>
+</extension>
diff --git a/source/packages/plg_system_mokowaas_offline/services/provider.php b/source/packages/plg_system_mokowaas_offline/services/provider.php
new file mode 100644
index 00000000..c45e733d
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_offline/services/provider.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  plg_system_mokowaas_offline
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\PluginInterface;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+use Joomla\Event\DispatcherInterface;
+use Moko\Plugin\System\MokoWaaSOffline\Extension\Tos;
+
+return new class implements ServiceProviderInterface
+{
+	public function register(Container $container): void
+	{
+		$container->set(
+			PluginInterface::class,
+			function (Container $container) {
+				$dispatcher = $container->get(DispatcherInterface::class);
+				$plugin     = new Tos($dispatcher, (array) PluginHelper::getPlugin('system', 'mokowaas_offline'));
+				$plugin->setApplication(Factory::getApplication());
+
+				return $plugin;
+			}
+		);
+	}
+};
diff --git a/source/packages/plg_system_mokowaas_offline/src/Extension/Tos.php b/source/packages/plg_system_mokowaas_offline/src/Extension/Tos.php
new file mode 100644
index 00000000..669b8137
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_offline/src/Extension/Tos.php
@@ -0,0 +1,179 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  plg_system_mokowaas_offline
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Plugin\System\MokoWaaSOffline\Extension;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\CMSPlugin;
+use Joomla\CMS\Uri\Uri;
+use Joomla\Event\SubscriberInterface;
+
+/**
+ * MokoWaaS Terms of Service Plugin
+ *
+ * Allows configured menu items (Terms of Service, Privacy Policy, etc.)
+ * to remain accessible when the site is in offline mode.
+ *
+ * @since  02.32.00
+ */
+final class Tos extends CMSPlugin implements SubscriberInterface
+{
+	protected $autoloadLanguage = true;
+
+	public static function getSubscribedEvents(): array
+	{
+		return [
+			'onAfterInitialise' => 'onAfterInitialise',
+		];
+	}
+
+	public function onAfterInitialise(): void
+	{
+		$app = $this->getApplication();
+
+		if (!$app->isClient('site'))
+		{
+			return;
+		}
+
+		$config = $app->getConfig();
+
+		if (!$config->get('offline'))
+		{
+			return;
+		}
+
+		$slugs = $this->params->get('tos_slug', []);
+
+		if (\is_string($slugs))
+		{
+			$slugs = array_filter([trim($slugs)]);
+		}
+		else
+		{
+			$slugs = (array) $slugs;
+		}
+
+		// Default bypassed pages when none configured
+		if (empty($slugs))
+		{
+			$slugs = [
+				'legal/terms-of-service',
+				'legal/privacy-policy',
+				'legal/community-guidelines',
+				'support',
+				'support/tickets',
+				'support/submit-a-ticket',
+			];
+		}
+
+		$includeChildren = (int) $this->params->get('include_children', 1);
+
+		if ($this->matchByPath($slugs, $config, $app, $includeChildren))
+		{
+			return;
+		}
+
+		$this->matchByItemId($slugs, $config, $app, $includeChildren);
+	}
+
+	private function matchByPath(array $slugs, $config, $app, int $includeChildren = 1): bool
+	{
+		$uri  = Uri::getInstance();
+		$path = urldecode(trim($uri->getPath(), '/'));
+
+		$base = trim(Uri::base(true), '/');
+
+		if (!empty($base) && strpos($path, $base) === 0)
+		{
+			$path = trim(substr($path, \strlen($base)), '/');
+		}
+
+		if (empty($path) || $path === 'index.php')
+		{
+			return false;
+		}
+
+		foreach ($slugs as $slug)
+		{
+			$slug = trim((string) $slug);
+
+			if (empty($slug))
+			{
+				continue;
+			}
+
+			if ($path === $slug || ($includeChildren && strpos($path, $slug . '/') === 0))
+			{
+				$this->bypassOffline($config, $app);
+
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	private function matchByItemId(array $slugs, $config, $app, int $includeChildren = 1): bool
+	{
+		$itemId = (int) $app->getInput()->getInt('Itemid', 0);
+
+		if (!$itemId)
+		{
+			return false;
+		}
+
+		try
+		{
+			$db    = Factory::getDbo();
+			$query = $db->getQuery(true)
+				->select($db->quoteName('path'))
+				->from($db->quoteName('#__menu'))
+				->where($db->quoteName('id') . ' = ' . $itemId)
+				->where($db->quoteName('published') . ' = 1')
+				->where($db->quoteName('client_id') . ' = 0');
+			$db->setQuery($query);
+			$menuPath = trim((string) $db->loadResult(), '/');
+
+			if (empty($menuPath))
+			{
+				return false;
+			}
+
+			foreach ($slugs as $slug)
+			{
+				$slug = trim((string) $slug);
+
+				if (empty($slug))
+				{
+					continue;
+				}
+
+				if ($menuPath === $slug || ($includeChildren && strpos($menuPath, $slug . '/') === 0))
+				{
+					$this->bypassOffline($config, $app);
+
+					return true;
+				}
+			}
+		}
+		catch (\Throwable $e)
+		{
+			// Silent
+		}
+
+		return false;
+	}
+
+	private function bypassOffline($config, $app): void
+	{
+		$config->set('offline', 0);
+	}
+}
diff --git a/source/packages/plg_system_mokowaas_offline/src/Field/MenuslugField.php b/source/packages/plg_system_mokowaas_offline/src/Field/MenuslugField.php
new file mode 100644
index 00000000..d9a822f2
--- /dev/null
+++ b/source/packages/plg_system_mokowaas_offline/src/Field/MenuslugField.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  plg_system_mokowaas_offline
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Plugin\System\MokoWaaSOffline\Field;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Form\Field\ListField;
+use Joomla\CMS\Language\Text;
+
+class MenuslugField extends ListField
+{
+	protected $type = 'Menuslug';
+
+	protected function getOptions()
+	{
+		$options = parent::getOptions();
+
+		try
+		{
+			$sef = Factory::getApplication()->get('sef', true);
+
+			if (!$sef)
+			{
+				$options[] = (object) [
+					'value'    => '',
+					'text'     => Text::_('PLG_SYSTEM_MOKOWAAS_OFFLINE_SEF_WARNING'),
+					'disabled' => true,
+				];
+			}
+		}
+		catch (\Throwable $e)
+		{
+			// Ignore
+		}
+
+		try
+		{
+			$db    = Factory::getDbo();
+			$query = $db->getQuery(true)
+				->select($db->quoteName(['path', 'alias', 'title', 'menutype']))
+				->from($db->quoteName('#__menu'))
+				->where($db->quoteName('published') . ' = 1')
+				->where($db->quoteName('client_id') . ' = 0')
+				->where($db->quoteName('alias') . ' != ' . $db->quote(''))
+				->order($db->quoteName('menutype') . ', ' . $db->quoteName('title'));
+			$db->setQuery($query);
+			$menuItems = $db->loadObjectList();
+
+			$lastMenuType = '';
+
+			foreach ($menuItems ?: [] as $item)
+			{
+				if ($item->menutype !== $lastMenuType)
+				{
+					if ($lastMenuType !== '')
+					{
+						$options[] = (object) ['value' => '', 'text' => '──────────────', 'disabled' => true];
+					}
+
+					$lastMenuType = $item->menutype;
+				}
+
+				$label     = $item->title !== '' ? $item->title : ucwords(str_replace(['-', '_'], ' ', $item->alias));
+				$options[] = (object) ['value' => $item->path, 'text' => $label . ' (/' . $item->path . ')'];
+			}
+		}
+		catch (\Throwable $e)
+		{
+			// Silent
+		}
+
+		return $options;
+	}
+}
diff --git a/src/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.ini b/source/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.ini
similarity index 100%
rename from src/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.ini
rename to source/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.ini
diff --git a/src/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.sys.ini b/source/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.sys.ini
similarity index 100%
rename from src/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.sys.ini
rename to source/packages/plg_system_mokowaas_tenant/language/en-GB/plg_system_mokowaas_tenant.sys.ini
diff --git a/src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml b/source/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
similarity index 94%
rename from src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
rename to source/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
index 0b799c8f..289b7b2d 100644
--- a/src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
+++ b/source/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
@@ -8,7 +8,11 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_system_mokowaas_tenant/mokowaas_tenant.xml
 	<description>PLG_SYSTEM_MOKOWAAS_TENANT_DESC</description>
 	<namespace path="src">Moko\Plugin\System\MokoWaaSTenant</namespace>
 
diff --git a/src/packages/plg_system_mokowaas_tenant/services/provider.php b/source/packages/plg_system_mokowaas_tenant/services/provider.php
similarity index 100%
rename from src/packages/plg_system_mokowaas_tenant/services/provider.php
rename to source/packages/plg_system_mokowaas_tenant/services/provider.php
diff --git a/src/packages/plg_system_mokowaas_tenant/src/Extension/Tenant.php b/source/packages/plg_system_mokowaas_tenant/src/Extension/Tenant.php
similarity index 100%
rename from src/packages/plg_system_mokowaas_tenant/src/Extension/Tenant.php
rename to source/packages/plg_system_mokowaas_tenant/src/Extension/Tenant.php
diff --git a/source/packages/plg_task_mokowaas_tickets/language/en-GB/plg_task_mokowaas_tickets.ini b/source/packages/plg_task_mokowaas_tickets/language/en-GB/plg_task_mokowaas_tickets.ini
new file mode 100644
index 00000000..5b695de4
--- /dev/null
+++ b/source/packages/plg_task_mokowaas_tickets/language/en-GB/plg_task_mokowaas_tickets.ini
@@ -0,0 +1,4 @@
+PLG_TASK_MOKOWAAS_TICKETS="Task - MokoWaaS Ticket Automation"
+PLG_TASK_MOKOWAAS_TICKETS_DESC="Runs scheduled helpdesk automation rules."
+PLG_TASK_MOKOWAAS_TICKETS_AUTOMATION_TITLE="MokoWaaS: Ticket Automation"
+PLG_TASK_MOKOWAAS_TICKETS_AUTOMATION_DESC="Runs time-based automation rules against open tickets (auto-close, SLA escalation, etc.)."
diff --git a/source/packages/plg_task_mokowaas_tickets/language/en-GB/plg_task_mokowaas_tickets.sys.ini b/source/packages/plg_task_mokowaas_tickets/language/en-GB/plg_task_mokowaas_tickets.sys.ini
new file mode 100644
index 00000000..c0dc6562
--- /dev/null
+++ b/source/packages/plg_task_mokowaas_tickets/language/en-GB/plg_task_mokowaas_tickets.sys.ini
@@ -0,0 +1,2 @@
+PLG_TASK_MOKOWAAS_TICKETS="Task - MokoWaaS Ticket Automation"
+PLG_TASK_MOKOWAAS_TICKETS_DESC="Runs scheduled helpdesk automation rules — auto-close, SLA escalation, and time-based actions."
diff --git a/source/packages/plg_task_mokowaas_tickets/mokowaas_tickets.xml b/source/packages/plg_task_mokowaas_tickets/mokowaas_tickets.xml
new file mode 100644
index 00000000..2a6a31aa
--- /dev/null
+++ b/source/packages/plg_task_mokowaas_tickets/mokowaas_tickets.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension type="plugin" group="task" method="upgrade">
+	<name>Task - MokoWaaS Ticket Automation</name>
+	<element>mokowaas_tickets</element>
+	<author>Moko Consulting</author>
+	<creationDate>2026-06-02</creationDate>
+	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
+	<license>GPL-3.0-or-later</license>
+	<authorEmail>hello@mokoconsulting.tech</authorEmail>
+	<authorUrl>https://mokoconsulting.tech</authorUrl>
+	<version>02.34.15</version>
+	<description>Runs scheduled helpdesk automation rules — auto-close resolved tickets, SLA breach escalation, and time-based actions.</description>
+	<namespace path="src">Moko\Plugin\Task\MokoWaaSTickets</namespace>
+
+	<files>
+		<folder>src</folder>
+		<folder>services</folder>
+		<folder>language</folder>
+	</files>
+
+	<languages folder="language">
+		<language tag="en-GB">en-GB/plg_task_mokowaas_tickets.ini</language>
+		<language tag="en-GB">en-GB/plg_task_mokowaas_tickets.sys.ini</language>
+	</languages>
+</extension>
diff --git a/source/packages/plg_task_mokowaas_tickets/services/provider.php b/source/packages/plg_task_mokowaas_tickets/services/provider.php
new file mode 100644
index 00000000..e97c8c8e
--- /dev/null
+++ b/source/packages/plg_task_mokowaas_tickets/services/provider.php
@@ -0,0 +1,27 @@
+<?php
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\PluginInterface;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+use Joomla\Event\DispatcherInterface;
+use Moko\Plugin\Task\MokoWaaSTickets\Extension\TicketAutomation;
+
+return new class implements ServiceProviderInterface
+{
+	public function register(Container $container): void
+	{
+		$container->set(
+			PluginInterface::class,
+			function (Container $container) {
+				$dispatcher = $container->get(DispatcherInterface::class);
+				$plugin     = new TicketAutomation($dispatcher, (array) PluginHelper::getPlugin('task', 'mokowaas_tickets'));
+				$plugin->setApplication(Factory::getApplication());
+
+				return $plugin;
+			}
+		);
+	}
+};
diff --git a/source/packages/plg_task_mokowaas_tickets/src/Extension/TicketAutomation.php b/source/packages/plg_task_mokowaas_tickets/src/Extension/TicketAutomation.php
new file mode 100644
index 00000000..3daa7aec
--- /dev/null
+++ b/source/packages/plg_task_mokowaas_tickets/src/Extension/TicketAutomation.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  plg_task_mokowaas_tickets
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+namespace Moko\Plugin\Task\MokoWaaSTickets\Extension;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Plugin\CMSPlugin;
+use Joomla\Component\Scheduler\Administrator\Event\ExecuteTaskEvent;
+use Joomla\Component\Scheduler\Administrator\Task\Status;
+use Joomla\Component\Scheduler\Administrator\Traits\TaskPluginTrait;
+use Joomla\Event\SubscriberInterface;
+use Moko\Component\MokoWaaS\Administrator\Model\TicketsModel;
+
+class TicketAutomation extends CMSPlugin implements SubscriberInterface
+{
+	use TaskPluginTrait;
+
+	protected const TASKS_MAP = [
+		'mokowaas.ticket.automation' => [
+			'langConstPrefix' => 'PLG_TASK_MOKOWAAS_TICKETS_AUTOMATION',
+			'method'          => 'runAutomation',
+		],
+	];
+
+	protected $autoloadLanguage = true;
+
+	public static function getSubscribedEvents(): array
+	{
+		return [
+			'onTaskOptionsList'    => 'advertiseRoutines',
+			'onExecuteTask'        => 'standardRoutineHandler',
+			'onContentPrepareForm' => 'enhanceTaskItemForm',
+		];
+	}
+
+	/**
+	 * Run all scheduled automation rules against open tickets.
+	 */
+	private function runAutomation(ExecuteTaskEvent $event): int
+	{
+		try
+		{
+			$model   = new TicketsModel();
+			$results = $model->runScheduledAutomation();
+
+			$this->logTask(
+				\sprintf('Ticket automation: evaluated %d tickets, acted on %d', $results['evaluated'], $results['acted'])
+			);
+
+			return Status::OK;
+		}
+		catch (\Throwable $e)
+		{
+			$this->logTask('Ticket automation failed: ' . $e->getMessage(), 'error');
+
+			return Status::KNOCKOUT;
+		}
+	}
+}
diff --git a/src/packages/plg_task_mokowaasdemo/forms/reset_params.xml b/source/packages/plg_task_mokowaasdemo/forms/reset_params.xml
similarity index 100%
rename from src/packages/plg_task_mokowaasdemo/forms/reset_params.xml
rename to source/packages/plg_task_mokowaasdemo/forms/reset_params.xml
diff --git a/src/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.ini b/source/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.ini
similarity index 100%
rename from src/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.ini
rename to source/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.ini
diff --git a/src/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.sys.ini b/source/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.sys.ini
similarity index 100%
rename from src/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.sys.ini
rename to source/packages/plg_task_mokowaasdemo/language/en-GB/plg_task_mokowaasdemo.sys.ini
diff --git a/src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml b/source/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
similarity index 87%
rename from src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
rename to source/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
index 68ed90b7..59ddb480 100644
--- a/src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
+++ b/source/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
@@ -12,8 +12,12 @@
 	<license>GNU General Public License version 3 or later; see LICENSE</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
 	<version>02.34.00</version>
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_task_mokowaasdemo/mokowaasdemo.xml
 	<description>PLG_TASK_MOKOWAASDEMO_DESC</description>
 	<namespace path="src">Moko\Plugin\Task\MokoWaaSDemo</namespace>
 
diff --git a/src/packages/plg_task_mokowaasdemo/services/provider.php b/source/packages/plg_task_mokowaasdemo/services/provider.php
similarity index 100%
rename from src/packages/plg_task_mokowaasdemo/services/provider.php
rename to source/packages/plg_task_mokowaasdemo/services/provider.php
diff --git a/src/packages/plg_task_mokowaasdemo/src/Extension/DemoReset.php b/source/packages/plg_task_mokowaasdemo/src/Extension/DemoReset.php
similarity index 77%
rename from src/packages/plg_task_mokowaasdemo/src/Extension/DemoReset.php
rename to source/packages/plg_task_mokowaasdemo/src/Extension/DemoReset.php
index d157d1fc..8c5fbdc6 100644
--- a/src/packages/plg_task_mokowaasdemo/src/Extension/DemoReset.php
+++ b/source/packages/plg_task_mokowaasdemo/src/Extension/DemoReset.php
@@ -16,6 +16,7 @@ use Joomla\Component\Scheduler\Administrator\Event\ExecuteTaskEvent;
 use Joomla\Component\Scheduler\Administrator\Task\Status;
 use Joomla\Component\Scheduler\Administrator\Traits\TaskPluginTrait;
 use Joomla\Event\SubscriberInterface;
+use Moko\Plugin\Task\MokoWaaSDemo\Service\DemoResetService;
 
 /**
  * MokoWaaS Demo Reset — Joomla Scheduled Task Plugin.
@@ -87,27 +88,20 @@ final class DemoReset extends CMSPlugin implements SubscriberInterface
 
 		if (!empty($params['take_snapshot_on_save']) && (int) $params['take_snapshot_on_save'] === 1)
 		{
-			$serviceFile = JPATH_PLUGINS . '/system/mokowaas/Service/DemoResetService.php';
+			$media   = !empty($params['include_media']) && (int) $params['include_media'] === 1;
+			$service = new DemoResetService($media);
 
-			if (file_exists($serviceFile))
+			try
 			{
-				require_once $serviceFile;
-
-				$media   = !empty($params['include_media']) && (int) $params['include_media'] === 1;
-				$service = new \Moko\Plugin\System\MokoWaaS\Service\DemoResetService($media);
-
-				try
-				{
-					$result = $service->createSnapshot('default');
-					Factory::getApplication()->enqueueMessage(
-						sprintf('Demo snapshot created (%.1f MB database, media=%s).', $result['dump_size_mb'] ?? 0, ($result['has_media'] ?? false) ? 'yes' : 'no'),
-						'message'
-					);
-				}
-				catch (\Throwable $e)
-				{
-					Factory::getApplication()->enqueueMessage('Snapshot failed: ' . $e->getMessage(), 'error');
-				}
+				$result = $service->createSnapshot('default');
+				Factory::getApplication()->enqueueMessage(
+					sprintf('Demo snapshot created (%.1f MB database, media=%s).', $result['dump_size_mb'] ?? 0, ($result['has_media'] ?? false) ? 'yes' : 'no'),
+					'message'
+				);
+			}
+			catch (\Throwable $e)
+			{
+				Factory::getApplication()->enqueueMessage('Snapshot failed: ' . $e->getMessage(), 'error');
 			}
 
 			// Reset the flag
@@ -128,19 +122,8 @@ final class DemoReset extends CMSPlugin implements SubscriberInterface
 	{
 		$params = $event->getArgument('params');
 
-		$serviceFile = JPATH_PLUGINS . '/system/mokowaas/Service/DemoResetService.php';
-
-		if (!file_exists($serviceFile))
-		{
-			$this->logTask('DemoResetService.php not found');
-
-			return Status::KNOCKOUT;
-		}
-
-		require_once $serviceFile;
-
 		$media   = !empty($params->include_media) && (int) $params->include_media === 1;
-		$service = new \Moko\Plugin\System\MokoWaaS\Service\DemoResetService($media);
+		$service = new DemoResetService($media);
 
 		try
 		{
@@ -168,17 +151,8 @@ final class DemoReset extends CMSPlugin implements SubscriberInterface
 	 */
 	private function takeSnapshot(object $params): void
 	{
-		$serviceFile = JPATH_PLUGINS . '/system/mokowaas/Service/DemoResetService.php';
-
-		if (!file_exists($serviceFile))
-		{
-			return;
-		}
-
-		require_once $serviceFile;
-
 		$media   = !empty($params->include_media) && (int) $params->include_media === 1;
-		$service = new \Moko\Plugin\System\MokoWaaS\Service\DemoResetService($media);
+		$service = new DemoResetService($media);
 		$service->createSnapshot('default');
 	}
 
diff --git a/src/packages/plg_system_mokowaas/Service/DemoResetService.php b/source/packages/plg_task_mokowaasdemo/src/Service/DemoResetService.php
similarity index 98%
rename from src/packages/plg_system_mokowaas/Service/DemoResetService.php
rename to source/packages/plg_task_mokowaasdemo/src/Service/DemoResetService.php
index 44b390f3..2eafd7ef 100644
--- a/src/packages/plg_system_mokowaas/Service/DemoResetService.php
+++ b/source/packages/plg_task_mokowaasdemo/src/Service/DemoResetService.php
@@ -10,11 +10,15 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_system_mokowaas/Service/DemoResetService.php
+<<<<<<< HEAD:src/packages/plg_system_mokowaas/Service/DemoResetService.php
  * VERSION: 02.34.00
+=======
+ * VERSION: 02.34.08
+>>>>>>> origin/dev:source/packages/plg_task_mokowaasdemo/src/Service/DemoResetService.php
  * BRIEF: Content-only snapshot/restore for demo site reset
  */
 
-namespace Moko\Plugin\System\MokoWaaS\Service;
+namespace Moko\Plugin\Task\MokoWaaSDemo\Service;
 
 defined('_JEXEC') or die;
 
diff --git a/src/packages/plg_task_mokowaassync/forms/sync_params.xml b/source/packages/plg_task_mokowaassync/forms/sync_params.xml
similarity index 100%
rename from src/packages/plg_task_mokowaassync/forms/sync_params.xml
rename to source/packages/plg_task_mokowaassync/forms/sync_params.xml
diff --git a/src/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.ini b/source/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.ini
similarity index 100%
rename from src/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.ini
rename to source/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.ini
diff --git a/src/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.sys.ini b/source/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.sys.ini
similarity index 100%
rename from src/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.sys.ini
rename to source/packages/plg_task_mokowaassync/language/en-GB/plg_task_mokowaassync.sys.ini
diff --git a/src/packages/plg_task_mokowaassync/mokowaassync.xml b/source/packages/plg_task_mokowaassync/mokowaassync.xml
similarity index 86%
rename from src/packages/plg_task_mokowaassync/mokowaassync.xml
rename to source/packages/plg_task_mokowaassync/mokowaassync.xml
index ffc84f56..163c25a6 100644
--- a/src/packages/plg_task_mokowaassync/mokowaassync.xml
+++ b/source/packages/plg_task_mokowaassync/mokowaassync.xml
@@ -12,7 +12,11 @@
 	<license>GNU General Public License version 3 or later; see LICENSE</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_task_mokowaassync/mokowaassync.xml
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_task_mokowaassync/mokowaassync.xml
 	<description>PLG_TASK_MOKOWAASSYNC_DESC</description>
 	<namespace path="src">Moko\Plugin\Task\MokoWaaSSync</namespace>
 
diff --git a/src/packages/plg_task_mokowaassync/services/provider.php b/source/packages/plg_task_mokowaassync/services/provider.php
similarity index 100%
rename from src/packages/plg_task_mokowaassync/services/provider.php
rename to source/packages/plg_task_mokowaassync/services/provider.php
diff --git a/src/packages/plg_task_mokowaassync/src/Extension/ContentSync.php b/source/packages/plg_task_mokowaassync/src/Extension/ContentSync.php
similarity index 100%
rename from src/packages/plg_task_mokowaassync/src/Extension/ContentSync.php
rename to source/packages/plg_task_mokowaassync/src/Extension/ContentSync.php
diff --git a/src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php b/source/packages/plg_task_mokowaassync/src/Service/ContentSyncReceiver.php
similarity index 98%
rename from src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
rename to source/packages/plg_task_mokowaassync/src/Service/ContentSyncReceiver.php
index 17493bdf..a73a1bbb 100644
--- a/src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
+++ b/source/packages/plg_task_mokowaassync/src/Service/ContentSyncReceiver.php
@@ -10,11 +10,15 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
+<<<<<<< HEAD:src/packages/plg_system_mokowaas/Service/ContentSyncReceiver.php
  * VERSION: 02.34.00
+=======
+ * VERSION: 02.34.08
+>>>>>>> origin/dev:source/packages/plg_task_mokowaassync/src/Service/ContentSyncReceiver.php
  * BRIEF: Receiver-side content sync — applies incoming payload to local DB
  */
 
-namespace Moko\Plugin\System\MokoWaaS\Service;
+namespace Moko\Plugin\Task\MokoWaaSSync\Service;
 
 defined('_JEXEC') or die;
 
diff --git a/src/packages/plg_system_mokowaas/Service/ContentSyncService.php b/source/packages/plg_task_mokowaassync/src/Service/ContentSyncService.php
similarity index 98%
rename from src/packages/plg_system_mokowaas/Service/ContentSyncService.php
rename to source/packages/plg_task_mokowaassync/src/Service/ContentSyncService.php
index 214fdc4f..31c23a56 100644
--- a/src/packages/plg_system_mokowaas/Service/ContentSyncService.php
+++ b/source/packages/plg_task_mokowaassync/src/Service/ContentSyncService.php
@@ -10,11 +10,15 @@
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
  * PATH: /src/packages/plg_system_mokowaas/Service/ContentSyncService.php
+<<<<<<< HEAD:src/packages/plg_system_mokowaas/Service/ContentSyncService.php
  * VERSION: 02.34.00
+=======
+ * VERSION: 02.34.08
+>>>>>>> origin/dev:source/packages/plg_task_mokowaassync/src/Service/ContentSyncService.php
  * BRIEF: Sender-side content sync — builds payload and pushes to remote sites
  */
 
-namespace Moko\Plugin\System\MokoWaaS\Service;
+namespace Moko\Plugin\Task\MokoWaaSSync\Service;
 
 defined('_JEXEC') or die;
 
diff --git a/src/packages/plg_webservices_mokowaas/mokowaas.xml b/source/packages/plg_webservices_mokowaas/mokowaas.xml
similarity index 82%
rename from src/packages/plg_webservices_mokowaas/mokowaas.xml
rename to source/packages/plg_webservices_mokowaas/mokowaas.xml
index 1c4ae923..d59c8587 100644
--- a/src/packages/plg_webservices_mokowaas/mokowaas.xml
+++ b/source/packages/plg_webservices_mokowaas/mokowaas.xml
@@ -7,8 +7,12 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_webservices_mokowaas/mokowaas.xml
 	<version>02.34.00</version>
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_webservices_mokowaas/mokowaas.xml
 	<description>Joomla Web Services API routes for MokoWaaS site management — health checks, cache, updates, backups, and site info.</description>
 	<namespace path="src">Moko\Plugin\WebServices\MokoWaaS</namespace>
 	<files>
diff --git a/src/packages/plg_webservices_mokowaas/services/provider.php b/source/packages/plg_webservices_mokowaas/services/provider.php
similarity index 100%
rename from src/packages/plg_webservices_mokowaas/services/provider.php
rename to source/packages/plg_webservices_mokowaas/services/provider.php
diff --git a/src/packages/plg_webservices_mokowaas/src/Extension/MokoWaaSApi.php b/source/packages/plg_webservices_mokowaas/src/Extension/MokoWaaSApi.php
similarity index 90%
rename from src/packages/plg_webservices_mokowaas/src/Extension/MokoWaaSApi.php
rename to source/packages/plg_webservices_mokowaas/src/Extension/MokoWaaSApi.php
index ceaec7cb..37235506 100644
--- a/src/packages/plg_webservices_mokowaas/src/Extension/MokoWaaSApi.php
+++ b/source/packages/plg_webservices_mokowaas/src/Extension/MokoWaaSApi.php
@@ -112,5 +112,17 @@ final class MokoWaaSApi extends CMSPlugin implements SubscriberInterface
 			'dashboard',
 			['component' => 'com_mokowaas']
 		);
+
+		$router->createCRUDRoutes(
+			'v1/mokowaas/remote-login',
+			'remotelogin',
+			['component' => 'com_mokowaas']
+		);
+
+		$router->createCRUDRoutes(
+			'v1/mokowaas/provision-reset',
+			'provision',
+			['component' => 'com_mokowaas']
+		);
 	}
 }
diff --git a/src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml b/source/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
similarity index 80%
rename from src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
rename to source/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
index d2fd79c3..d1652a65 100644
--- a/src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
+++ b/source/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
@@ -7,8 +7,12 @@
 	<license>GPL-3.0-or-later</license>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
+<<<<<<< HEAD:src/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
 	<version>02.34.00</version>
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/packages/plg_webservices_perfectpublisher/perfectpublisher.xml
 	<description>Joomla Web Services API routes for Perfect Publisher (com_autotweet) — channels, posts, requests, rules, and feeds.</description>
 	<namespace path="src">Moko\Plugin\WebServices\PerfectPublisher</namespace>
 	<files>
diff --git a/src/packages/plg_webservices_perfectpublisher/services/provider.php b/source/packages/plg_webservices_perfectpublisher/services/provider.php
similarity index 81%
rename from src/packages/plg_webservices_perfectpublisher/services/provider.php
rename to source/packages/plg_webservices_perfectpublisher/services/provider.php
index 7243384c..12adf9f6 100644
--- a/src/packages/plg_webservices_perfectpublisher/services/provider.php
+++ b/source/packages/plg_webservices_perfectpublisher/services/provider.php
@@ -7,8 +7,13 @@
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
+<<<<<<< HEAD:src/packages/plg_webservices_perfectpublisher/services/provider.php
  * PATH: /src/packages/plg_webservices_perfectpublisher/services/provider.php
  * VERSION: 02.34.00
+=======
+ * PATH: /source/packages/plg_webservices_perfectpublisher/services/provider.php
+ * VERSION: 02.34.16
+>>>>>>> origin/dev:source/packages/plg_webservices_perfectpublisher/services/provider.php
  * BRIEF: DI service provider for Perfect Publisher Web Services plugin
  */
 
diff --git a/src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php b/source/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
similarity index 97%
rename from src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
rename to source/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
index 3cf972b3..333c4a20 100644
--- a/src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
+++ b/source/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
@@ -7,8 +7,13 @@
  * DEFGROUP: Joomla.Plugin
  * INGROUP: MokoWaaS
  * REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS
+<<<<<<< HEAD:src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
  * PATH: /src/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
  * VERSION: 02.34.00
+=======
+ * PATH: /source/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
+ * VERSION: 02.34.16
+>>>>>>> origin/dev:source/packages/plg_webservices_perfectpublisher/src/Extension/PerfectPublisherApi.php
  * BRIEF: Web Services API plugin for Perfect Publisher (com_autotweet)
  */
 
diff --git a/src/pkg_mokowaas.xml b/source/pkg_mokowaas.xml
similarity index 69%
rename from src/pkg_mokowaas.xml
rename to source/pkg_mokowaas.xml
index 922babf3..4aceaf2d 100644
--- a/src/pkg_mokowaas.xml
+++ b/source/pkg_mokowaas.xml
@@ -2,7 +2,11 @@
 <extension type="package" method="upgrade">
 	<name>Package - MokoWaaS</name>
 	<packagename>mokowaas</packagename>
+<<<<<<< HEAD:src/pkg_mokowaas.xml
 	<version>02.34.00</version>
+=======
+	<version>02.34.15</version>
+>>>>>>> origin/dev:source/pkg_mokowaas.xml
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -10,6 +14,8 @@
 	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
 	<license>GNU General Public License version 3 or later; see LICENSE</license>
 	<description>MokoWaaS site management suite — admin dashboard, security firewall, tenant restrictions, health monitoring, developer tools, and REST API.</description>
+	<dlid prefix="dlid=" suffix=""/>
+	<blockChildUninstall>true</blockChildUninstall>
 	<scriptfile>script.php</scriptfile>
 
 	<files folder="packages">
@@ -17,18 +23,21 @@
 		<file type="plugin" id="plg_system_mokowaas_firewall" group="system">plg_system_mokowaas_firewall.zip</file>
 		<file type="plugin" id="plg_system_mokowaas_tenant" group="system">plg_system_mokowaas_tenant.zip</file>
 		<file type="plugin" id="plg_system_mokowaas_devtools" group="system">plg_system_mokowaas_devtools.zip</file>
-		<file type="plugin" id="plg_system_mokowaas_monitor" group="system">plg_system_mokowaas_monitor.zip</file>
+		<file type="plugin" id="plg_system_mokowaas_offline" group="system">plg_system_mokowaas_offline.zip</file>
 		<file type="component" id="com_mokowaas">com_mokowaas.zip</file>
 		<file type="module" id="mod_mokowaas_cpanel" client="administrator">mod_mokowaas_cpanel.zip</file>
+		<file type="module" id="mod_mokowaas_menu" client="administrator">mod_mokowaas_menu.zip</file>
+		<file type="module" id="mod_mokowaas_cache" client="administrator">mod_mokowaas_cache.zip</file>
+		<file type="module" id="mod_mokowaas_categories" client="administrator">mod_mokowaas_categories.zip</file>
 		<file type="plugin" id="plg_webservices_mokowaas" group="webservices">plg_webservices_mokowaas.zip</file>
 		<file type="plugin" id="plg_webservices_perfectpublisher" group="webservices">plg_webservices_perfectpublisher.zip</file>
 		<file type="plugin" id="plg_task_mokowaasdemo" group="task">plg_task_mokowaasdemo.zip</file>
 		<file type="plugin" id="plg_task_mokowaassync" group="task">plg_task_mokowaassync.zip</file>
-		<file type="template" id="mokoonyx" client="site">tpl_mokoonyx.zip</file>
+		<file type="plugin" id="plg_task_mokowaas_tickets" group="task">plg_task_mokowaas_tickets.zip</file>
 	</files>
 
 	<updateservers>
-		<server type="extension" priority="1" name="MokoWaaS Update Server">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/updates.xml</server>
+		<server type="extension" priority="1" name="Package - MokoWaaS">https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/updates.xml</server>
 	</updateservers>
 	<dlid prefix="dlid=" suffix=""/>
 	<blockChildUninstall>true</blockChildUninstall>
diff --git a/source/script.php b/source/script.php
new file mode 100644
index 00000000..49481545
--- /dev/null
+++ b/source/script.php
@@ -0,0 +1,1487 @@
+<?php
+/**
+ * @package     MokoWaaS
+ * @subpackage  pkg_mokowaas
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ */
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Installer\InstallerAdapter;
+use Joomla\CMS\Log\Log;
+
+/**
+ * Package installation script for MokoWaaS.
+ *
+ * Handles migration from standalone plugin to package, enables plugins,
+ * and triggers heartbeat registration on install/update.
+ *
+ * @since  2.2.0
+ */
+class Pkg_MokowaasInstallerScript
+{
+	/**
+	 * Runs after package installation/update.
+	 *
+	 * @param   string            $type    Installation type
+	 * @param   InstallerAdapter  $parent  Parent installer
+	 *
+	 * @return  void
+	 *
+	 * @since   2.2.0
+	 */
+	/**
+	 * Runs before package installation/update.
+	 *
+	 * Fixes MySQL strict mode incompatibility: #__extensions.element is NOT NULL
+	 * with no default, causing INSERT failures when Joomla's package installer
+	 * creates placeholder rows before processing sub-extension manifests.
+	 */
+	public function preflight($type, $parent)
+	{
+		try
+		{
+			$db = Factory::getDbo();
+			$db->setQuery("ALTER TABLE " . $db->quoteName('#__extensions')
+				. " MODIFY " . $db->quoteName('element') . " VARCHAR(100) NOT NULL DEFAULT ''");
+			$db->execute();
+		}
+		catch (\Throwable $e)
+		{
+			// Non-fatal — column may already have a default
+		}
+	}
+
+	public function postflight($type, $parent)
+	{
+		// Remove legacy extensions and migrate settings before retiring
+		$this->cleanupLegacyExtensions();
+		$this->migrateStandalonePlugins();
+		$this->removeRetiredExtensions();
+
+		$this->enablePlugin('system', 'mokowaas');
+		$this->enablePlugin('system', 'mokowaas_firewall');
+		$this->enablePlugin('system', 'mokowaas_tenant');
+		$this->enablePlugin('system', 'mokowaas_devtools');
+		$this->enablePlugin('system', 'mokowaas_offline');
+		$this->enablePlugin('webservices', 'mokowaas');
+		$this->enablePlugin('task', 'mokowaasdemo');
+		$this->enablePlugin('task', 'mokowaassync');
+		$this->enablePlugin('task', 'mokowaas_tickets');
+
+		// Migrate params from core plugin to feature plugins (one-time)
+		$this->migrateFeatureParams();
+
+		// Set up cpanel module on the admin dashboard
+		$this->setupCpanelModule();
+
+		// Set up admin sidebar menu module
+		$this->setupAdminMenuModule();
+
+		// Set up cache cleaner status bar module
+		$this->setupCacheModule();
+
+		// Create Support portal menu item on frontend
+		$this->setupSupportMenuItem();
+
+		// Set menu_icon params on submenu items (Joomla only renders img on level 1)
+		$this->fixMenuIcons();
+
+		// Set up MokoWaaS guided tours and unpublish Joomla defaults
+		$this->setupGuidedTours();
+
+		// Mark MokoWaaS extensions as protected (prevents disable/uninstall at framework level)
+		$this->protectExtensions();
+
+		// Migrate all Moko update server URLs to new format
+		$this->migrateUpdateServerUrls();
+
+		// Clean up stale/duplicate update sites
+		$this->cleanupStaleUpdateSites();
+
+		// Fix orphaned update records (extension_id=0)
+		$this->fixUpdateRecords();
+
+		// Trigger heartbeat registration
+		$this->sendHeartbeat();
+
+		// Warn if no license key is configured
+		$this->warnMissingLicenseKey();
+	}
+
+	/**
+	 * Remove legacy/stale extension entries and filesystem remnants.
+	 *
+	 * The old standalone plugin was named "mokowaasbrand" (plg_system_mokowaasbrand).
+	 * After the rewrite into the pkg_mokowaas package, the old entries and files
+	 * may linger — especially on sites restored from old backups.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.21.00
+	 */
+	private function cleanupLegacyExtensions(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Legacy element names to remove from #__extensions
+			$legacy = [
+				$db->quote('mokowaasbrand'),
+				$db->quote('plg_system_mokowaasbrand'),
+			];
+
+			// Delete from #__extensions
+			$query = $db->getQuery(true)
+				->delete($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' IN (' . implode(',', $legacy) . ')');
+			$db->setQuery($query);
+			$affected = $db->execute();
+			$count    = $db->getAffectedRows();
+
+			// Remove legacy plugin files from the filesystem
+			$legacyDirs = [
+				JPATH_PLUGINS . '/system/mokowaasbrand',
+			];
+
+			foreach ($legacyDirs as $dir)
+			{
+				if (is_dir($dir))
+				{
+					$this->rmdirRecursive($dir);
+				}
+			}
+
+			if ($count > 0)
+			{
+				Factory::getApplication()->enqueueMessage(
+					sprintf('Removed %d legacy MokoWaaS extension(s).', $count),
+					'message'
+				);
+
+				Log::add(
+					sprintf('Cleaned up %d legacy MokoWaaS extension entries', $count),
+					Log::INFO,
+					'mokowaas'
+				);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Legacy cleanup error: ' . $e->getMessage(), Log::WARNING, 'jerror');
+		}
+	}
+
+	/**
+	 * Remove extensions that have been retired and merged into core.
+	 *
+	 * plg_system_mokowaas_monitor was merged into the core plugin in 02.32.00.
+	 * Health monitoring is now built into plg_system_mokowaas directly.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.32.00
+	 */
+	private function migrateStandalonePlugins(): void
+	{
+		// Migrate standalone MokoJoomTOS plugin to MokoWaaS Offline Bypass
+		$migrations = [
+			['old_element' => 'mokojoomtos', 'old_folder' => 'system', 'new_element' => 'mokowaas_offline', 'new_folder' => 'system'],
+		];
+
+		try
+		{
+			$db = Factory::getDbo();
+
+			foreach ($migrations as $m)
+			{
+				// Check if old plugin exists
+				$query = $db->getQuery(true)
+					->select([$db->quoteName('extension_id'), $db->quoteName('params')])
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote($m['old_element']))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote($m['old_folder']));
+				$db->setQuery($query);
+				$old = $db->loadObject();
+
+				if (!$old)
+				{
+					continue;
+				}
+
+				$oldParams = $old->params ?? '{}';
+
+				// Copy params to new plugin (only if new plugin has empty params)
+				$query = $db->getQuery(true)
+					->select($db->quoteName('params'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote($m['new_element']))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote($m['new_folder']));
+				$db->setQuery($query);
+				$newParams = (string) $db->loadResult();
+
+				if (empty($newParams) || $newParams === '{}' || $newParams === '[]')
+				{
+					$db->setQuery(
+						$db->getQuery(true)
+							->update($db->quoteName('#__extensions'))
+							->set($db->quoteName('params') . ' = ' . $db->quote($oldParams))
+							->where($db->quoteName('element') . ' = ' . $db->quote($m['new_element']))
+							->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+							->where($db->quoteName('folder') . ' = ' . $db->quote($m['new_folder']))
+					)->execute();
+
+					Factory::getApplication()->enqueueMessage(
+						sprintf('Migrated settings from %s to %s.', $m['old_element'], $m['new_element']),
+						'message'
+					);
+				}
+
+				// Unprotect old plugin
+				$db->setQuery(
+					$db->getQuery(true)
+						->update($db->quoteName('#__extensions'))
+						->set($db->quoteName('protected') . ' = 0')
+						->where($db->quoteName('extension_id') . ' = ' . (int) $old->extension_id)
+				)->execute();
+
+				// Remove old extension record
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__extensions'))
+						->where($db->quoteName('extension_id') . ' = ' . (int) $old->extension_id)
+				)->execute();
+
+				// Remove old update site entries
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__update_sites_extensions'))
+						->where($db->quoteName('extension_id') . ' = ' . (int) $old->extension_id)
+				)->execute();
+
+				// Remove old files
+				$dir = JPATH_PLUGINS . '/' . $m['old_folder'] . '/' . $m['old_element'];
+
+				if (is_dir($dir))
+				{
+					$this->rmdirRecursive($dir);
+				}
+
+				Factory::getApplication()->enqueueMessage(
+					sprintf('Removed standalone %s plugin (replaced by %s).', $m['old_element'], $m['new_element']),
+					'message'
+				);
+
+				Log::add(
+					sprintf('Migrated %s → %s and removed old plugin', $m['old_element'], $m['new_element']),
+					Log::INFO,
+					'mokowaas'
+				);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Standalone plugin migration error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Remove extensions that have been retired and merged into core.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.32.00
+	 */
+	private function removeRetiredExtensions(): void
+	{
+		$retired = [
+			['type' => 'plugin', 'folder' => 'system', 'element' => 'mokowaas_monitor'],
+			['type' => 'plugin', 'folder' => 'system', 'element' => 'mokojoomtos'],
+			['type' => 'plugin', 'folder' => 'system', 'element' => 'mokoatsautomation'],
+			['type' => 'plugin', 'folder' => 'webservices', 'element' => 'mokodpcalendarapi'],
+			['type' => 'plugin', 'folder' => 'system', 'element' => 'mokogallerycalendar'],
+		];
+
+		try
+		{
+			$db = Factory::getDbo();
+
+			foreach ($retired as $ext)
+			{
+				// Check if installed
+				$query = $db->getQuery(true)
+					->select($db->quoteName('extension_id'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('type') . ' = ' . $db->quote($ext['type']))
+					->where($db->quoteName('folder') . ' = ' . $db->quote($ext['folder']))
+					->where($db->quoteName('element') . ' = ' . $db->quote($ext['element']));
+				$db->setQuery($query);
+				$extId = (int) $db->loadResult();
+
+				if (!$extId)
+				{
+					continue;
+				}
+
+				// Unprotect so Joomla allows removal
+				$db->setQuery(
+					$db->getQuery(true)
+						->update($db->quoteName('#__extensions'))
+						->set($db->quoteName('protected') . ' = 0')
+						->where($db->quoteName('extension_id') . ' = ' . $extId)
+				)->execute();
+
+				// Remove update site links and update sites
+				$db->setQuery(
+					$db->getQuery(true)
+						->select($db->quoteName('update_site_id'))
+						->from($db->quoteName('#__update_sites_extensions'))
+						->where($db->quoteName('extension_id') . ' = ' . $extId)
+				);
+				$siteIds = $db->loadColumn();
+
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__update_sites_extensions'))
+						->where($db->quoteName('extension_id') . ' = ' . $extId)
+				)->execute();
+
+				if (!empty($siteIds))
+				{
+					$db->setQuery(
+						$db->getQuery(true)
+							->delete($db->quoteName('#__updates'))
+							->where($db->quoteName('update_site_id') . ' IN (' . implode(',', $siteIds) . ')')
+					)->execute();
+
+					$db->setQuery(
+						$db->getQuery(true)
+							->delete($db->quoteName('#__update_sites'))
+							->where($db->quoteName('update_site_id') . ' IN (' . implode(',', $siteIds) . ')')
+					)->execute();
+				}
+
+				// Remove extension record
+				$db->setQuery(
+					$db->getQuery(true)
+						->delete($db->quoteName('#__extensions'))
+						->where($db->quoteName('extension_id') . ' = ' . $extId)
+				)->execute();
+
+				// Remove files
+				$dir = JPATH_PLUGINS . '/' . $ext['folder'] . '/' . $ext['element'];
+
+				if (is_dir($dir))
+				{
+					$this->rmdirRecursive($dir);
+				}
+
+				Factory::getApplication()->enqueueMessage(
+					sprintf('Removed retired extension: %s/%s', $ext['folder'], $ext['element']),
+					'message'
+				);
+
+				Log::add(
+					sprintf('Removed retired extension %s/%s (ID %d)', $ext['folder'], $ext['element'], $extId),
+					Log::INFO,
+					'mokowaas'
+				);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Retired extension cleanup error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Recursively remove a directory.
+	 *
+	 * @param   string  $dir  Directory path
+	 *
+	 * @return  void
+	 *
+	 * @since   02.21.00
+	 */
+	private function rmdirRecursive(string $dir): void
+	{
+		$items = new \RecursiveIteratorIterator(
+			new \RecursiveDirectoryIterator($dir, \RecursiveDirectoryIterator::SKIP_DOTS),
+			\RecursiveIteratorIterator::CHILD_FIRST
+		);
+
+		foreach ($items as $item)
+		{
+			if ($item->isDir())
+			{
+				@rmdir($item->getPathname());
+			}
+			else
+			{
+				@unlink($item->getPathname());
+			}
+		}
+
+		@rmdir($dir);
+	}
+
+	/**
+	 * Enable a plugin by group and element.
+	 *
+	 * @param   string  $group    Plugin group
+	 * @param   string  $element  Plugin element name
+	 *
+	 * @return  void
+	 *
+	 * @since   2.2.0
+	 */
+	private function enablePlugin(string $group, string $element): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+			$query = $db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('enabled') . ' = 1')
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote($group))
+				->where($db->quoteName('element') . ' = ' . $db->quote($element));
+			$db->setQuery($query);
+			$db->execute();
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Error enabling plugin ' . $group . '/' . $element . ': ' . $e->getMessage(), Log::WARNING, 'jerror');
+		}
+	}
+
+	/**
+	 * Set the protected flag on all MokoWaaS extensions.
+	 *
+	 * Joomla's protected flag prevents disabling and uninstalling at the
+	 * framework level — no plugin-side interception needed.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.03.10
+	 */
+	private function protectExtensions(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// All MokoWaaS elements: package, system plugin, component,
+			// webservices plugins, task plugin
+			$elements = [
+				$db->quote('pkg_mokowaas'),
+				$db->quote('mokowaas'),
+				$db->quote('mokowaas_firewall'),
+				$db->quote('mokowaas_tenant'),
+				$db->quote('mokowaas_devtools'),
+				$db->quote('mokowaas_offline'),
+				$db->quote('com_mokowaas'),
+				$db->quote('mod_mokowaas_cpanel'),
+				$db->quote('mokowaasdemo'),
+				$db->quote('mokowaassync'),
+				$db->quote('mokowaas_tickets'),
+				$db->quote('perfectpublisher'),
+				$db->quote('mokoonyx'),
+			];
+
+			$query = $db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('protected') . ' = 1')
+				->set($db->quoteName('locked') . ' = 0')
+				->where($db->quoteName('element') . ' IN (' . implode(',', $elements) . ')');
+			$db->setQuery($query);
+			$db->execute();
+
+			// Ensure update server stays enabled
+			$this->enableUpdateServer();
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Error protecting MokoWaaS extensions: ' . $e->getMessage(), Log::WARNING, 'jerror');
+		}
+	}
+
+	/**
+	 * Rewrite all Moko Consulting update server URLs from the old
+	 * raw/branch/main pattern to the new clean /updates.xml pattern.
+	 *
+	 * Old: https://git.mokoconsulting.tech/MokoConsulting/{repo}/raw/branch/main/updates.xml
+	 * New: https://git.mokoconsulting.tech/MokoConsulting/{repo}/updates.xml
+	 */
+	private function migrateUpdateServerUrls(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			$db->setQuery(
+				"UPDATE " . $db->quoteName('#__update_sites')
+				. " SET " . $db->quoteName('location') . " = REPLACE("
+				. $db->quoteName('location') . ", '/raw/branch/main/updates.xml', '/updates.xml')"
+				. " WHERE " . $db->quoteName('location') . " LIKE " . $db->quote('%mokoconsulting.tech%/raw/branch/main/updates.xml')
+			);
+			$db->execute();
+			$count = $db->getAffectedRows();
+
+			if ($count > 0)
+			{
+				Factory::getApplication()->enqueueMessage(
+					sprintf('Migrated %d Moko update server URL(s) to new format.', $count),
+					'message'
+				);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Update server URL migration error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Remove stale and duplicate MokoWaaS update site entries.
+	 *
+	 * Keeps only the package-level update site pointing to the dynamic
+	 * MokoGitea endpoint. Removes plugin-level entries, old static URLs,
+	 * and orphaned #__updates rows tied to deleted update sites.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.31.00
+	 */
+	private function fixUpdateRecords(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Link orphaned #__updates records to the installed extension
+			$db->setQuery(
+				"UPDATE " . $db->quoteName('#__updates') . " u"
+				. " JOIN " . $db->quoteName('#__extensions') . " e"
+				. " ON u.element = e.element AND u.type = e.type"
+				. " SET u.extension_id = e.extension_id"
+				. " WHERE u.extension_id = 0"
+				. " AND u.element LIKE " . $db->quote('%mokowaas%')
+			);
+			$db->execute();
+		}
+		catch (\Throwable $e)
+		{
+			// Non-critical
+		}
+	}
+
+	private function cleanupStaleUpdateSites(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+			$dynamicUrl = 'https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/updates.xml';
+
+			// Find all MokoWaaS update sites
+			$query = $db->getQuery(true)
+				->select($db->quoteName(['update_site_id', 'location']))
+				->from($db->quoteName('#__update_sites'))
+				->where('(' . $db->quoteName('name') . ' LIKE ' . $db->quote('%MokoWaaS%')
+					. ' OR ' . $db->quoteName('location') . ' LIKE ' . $db->quote('%MokoWaaS%') . ')');
+			$db->setQuery($query);
+			$sites = $db->loadObjectList();
+
+			$keepId = null;
+			$removeIds = [];
+
+			foreach ($sites as $site)
+			{
+				if ($site->location === $dynamicUrl && $keepId === null)
+				{
+					$keepId = (int) $site->update_site_id;
+				}
+				else
+				{
+					$removeIds[] = (int) $site->update_site_id;
+				}
+			}
+
+			if (empty($removeIds))
+			{
+				return;
+			}
+
+			$idList = implode(',', $removeIds);
+
+			// Remove orphaned #__updates rows
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__updates'))
+					->where($db->quoteName('update_site_id') . ' IN (' . $idList . ')')
+			)->execute();
+
+			// Remove link rows
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__update_sites_extensions'))
+					->where($db->quoteName('update_site_id') . ' IN (' . $idList . ')')
+			)->execute();
+
+			// Remove stale update sites
+			$db->setQuery(
+				$db->getQuery(true)
+					->delete($db->quoteName('#__update_sites'))
+					->where($db->quoteName('update_site_id') . ' IN (' . $idList . ')')
+			)->execute();
+
+			$count = count($removeIds);
+
+			if ($count > 0)
+			{
+				Factory::getApplication()->enqueueMessage(
+					sprintf('Cleaned up %d stale MokoWaaS update site(s).', $count),
+					'message'
+				);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Error cleaning up stale update sites: ' . $e->getMessage(), Log::WARNING, 'jerror');
+		}
+	}
+
+	/**
+	 * Ensure the MokoWaaS update server entry stays enabled and points
+	 * to the correct dynamic endpoint with the license key attached.
+	 *
+	 * Migrates legacy static URLs (raw/branch/main/updates.xml) to the
+	 * dynamic MokoGitea update feed, and syncs the license key from
+	 * plugin params into extra_query so Joomla sends it as dlid.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.21.00
+	 */
+	private function enableUpdateServer(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			$staticUrl = 'https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/updates.xml';
+
+			// Migrate old dynamic URL to static raw file URL
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__update_sites'))
+					->set($db->quoteName('location') . ' = ' . $db->quote($staticUrl))
+					->where('(' . $db->quoteName('name') . ' LIKE ' . $db->quote('%MokoWaaS%')
+						. ' OR ' . $db->quoteName('location') . ' LIKE ' . $db->quote('%MokoWaaS%') . ')')
+					->where($db->quoteName('location') . ' != ' . $db->quote($staticUrl))
+			);
+			$db->execute();
+
+			// Enable all MokoWaaS update sites
+			$query = $db->getQuery(true)
+				->update($db->quoteName('#__update_sites'))
+				->set($db->quoteName('enabled') . ' = 1')
+				->where('(' . $db->quoteName('name') . ' LIKE ' . $db->quote('%MokoWaaS%')
+					. ' OR ' . $db->quoteName('location') . ' LIKE ' . $db->quote('%MokoWaaS%') . ')');
+			$db->setQuery($query);
+			$db->execute();
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Error enabling update server: ' . $e->getMessage(), Log::WARNING, 'jerror');
+		}
+	}
+
+	/**
+	 * Send heartbeat to the MokoWaaS monitoring receiver.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.03.08
+	 */
+	private function sendHeartbeat(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+			$query = $db->getQuery(true)
+				->select($db->quoteName('params'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
+			$params = json_decode((string) $db->setQuery($query)->loadResult());
+
+			$healthToken = $params->health_api_token ?? '';
+
+			if (empty($healthToken))
+			{
+				return;
+			}
+
+			$siteUrl  = rtrim(\Joomla\CMS\Uri\Uri::root(), '/');
+			$siteName = Factory::getConfig()->get('sitename', 'Joomla');
+
+			$payload = json_encode([
+				'site_url'     => $siteUrl,
+				'site_name'    => $siteName,
+				'health_token' => $healthToken,
+				'action'       => 'register',
+			], JSON_UNESCAPED_SLASHES);
+
+			$ch = curl_init('https://bench.mokoconsulting.tech/api/waas-heartbeat/register');
+			curl_setopt($ch, CURLOPT_POST, true);
+			curl_setopt($ch, CURLOPT_HTTPHEADER, [
+				'Content-Type: application/json',
+				'X-MokoWaaS-Key: moko-waas-hb-2026-x9k4m',
+			]);
+			curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
+			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+			curl_setopt($ch, CURLOPT_TIMEOUT, 15);
+			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+
+			$response = curl_exec($ch);
+			$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
+			curl_close($ch);
+
+			if ($code >= 200 && $code < 300)
+			{
+				Factory::getApplication()->enqueueMessage('Grafana heartbeat: site registered', 'message');
+			}
+		}
+		catch (\Throwable $e)
+		{
+			// Silent failure — heartbeat is non-critical
+		}
+	}
+
+	/**
+	 * One-time migration of params from the monolithic core plugin to
+	 * the new feature plugins. Copies security, tenant, and dev params.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.32.00
+	 */
+	private function setupCpanelModule(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Enable the module
+			$query = $db->getQuery(true)
+				->update($db->quoteName('#__extensions'))
+				->set($db->quoteName('enabled') . ' = 1')
+				->where($db->quoteName('type') . ' = ' . $db->quote('module'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mod_mokowaas_cpanel'));
+			$db->setQuery($query);
+			$db->execute();
+
+			// Check if a module instance already exists in #__modules
+			$query = $db->getQuery(true)
+				->select('COUNT(*)')
+				->from($db->quoteName('#__modules'))
+				->where($db->quoteName('module') . ' = ' . $db->quote('mod_mokowaas_cpanel'));
+			$db->setQuery($query);
+
+			if ((int) $db->loadResult() > 0)
+			{
+				return;
+			}
+
+			// Create the module instance on the cpanel position
+			$module = (object) [
+				'title'     => 'MokoWaaS',
+				'note'      => '',
+				'content'   => '',
+				'ordering'  => 0,
+				'position'  => 'top',
+				'checked_out' => null,
+				'checked_out_time' => null,
+				'publish_up'   => null,
+				'publish_down' => null,
+				'published' => 1,
+				'module'    => 'mod_mokowaas_cpanel',
+				'access'    => 6, // Super Users only
+				'showtitle' => 0,
+				'params'    => '{"show_health":"1","show_plugins":"1"}',
+				'client_id' => 1, // Administrator
+				'language'  => '*',
+			];
+
+			$db->insertObject('#__modules', $module, 'id');
+			$moduleId = (int) $module->id;
+
+			if ($moduleId)
+			{
+				// Assign to all admin pages
+				$map = (object) [
+					'moduleid' => $moduleId,
+					'menuid'   => 0, // 0 = all pages
+				];
+				$db->insertObject('#__modules_menu', $map);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('CPanel module setup error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Set up the MokoWaaS admin sidebar menu module at position 0.
+	 */
+	private function setupAdminMenuModule(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Enable the module extension
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('enabled') . ' = 1')
+					->where($db->quoteName('type') . ' = ' . $db->quote('module'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('mod_mokowaas_menu'))
+			)->execute();
+
+			// Check if module instance exists
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__modules'))
+					->where($db->quoteName('module') . ' = ' . $db->quote('mod_mokowaas_menu'))
+			);
+
+			if ((int) $db->loadResult() > 0)
+			{
+				return;
+			}
+
+			$module = (object) [
+				'title'     => 'MokoWaaS Menu',
+				'note'      => '',
+				'content'   => '',
+				'ordering'  => 0,
+				'position'  => 'menu',
+				'checked_out' => null,
+				'checked_out_time' => null,
+				'publish_up'   => null,
+				'publish_down' => null,
+				'published' => 1,
+				'module'    => 'mod_mokowaas_menu',
+				'access'    => 3,
+				'showtitle' => 0,
+				'params'    => '{}',
+				'client_id' => 1,
+				'language'  => '*',
+			];
+
+			$db->insertObject('#__modules', $module, 'id');
+
+			if ((int) $module->id)
+			{
+				$db->insertObject('#__modules_menu', (object) ['moduleid' => (int) $module->id, 'menuid' => 0]);
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Admin menu module setup error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Set up the cache cleaner module in the admin status bar position.
+	 */
+	private function setupCacheModule(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Enable the module extension
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('enabled') . ' = 1')
+					->where($db->quoteName('type') . ' = ' . $db->quote('module'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('mod_mokowaas_cache'))
+			)->execute();
+
+			// Check if module instance exists
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__modules'))
+					->where($db->quoteName('module') . ' = ' . $db->quote('mod_mokowaas_cache'))
+			);
+
+			if ((int) $db->loadResult() > 0)
+			{
+				return;
+			}
+
+			$module = (object) [
+				'title'     => 'MokoWaaS Cache Cleaner',
+				'note'      => '',
+				'content'   => '',
+				'ordering'  => 8,
+				'position'  => 'status',
+				'checked_out' => null,
+				'checked_out_time' => null,
+				'publish_up'   => null,
+				'publish_down' => null,
+				'published' => 1,
+				'module'    => 'mod_mokowaas_cache',
+				'access'    => 3,
+				'showtitle' => 0,
+				'params'    => '{}',
+				'client_id' => 1,
+				'language'  => '*',
+			];
+
+			$db->insertObject('#__modules', $module, 'id');
+
+			if ((int) $module->id)
+			{
+				$mm = (object) ['moduleid' => (int) $module->id, 'menuid' => 0];
+				$db->insertObject('#__modules_menu', $mm, 'moduleid');
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Cache module setup error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Joomla only renders the img column icon for level-1 menu items.
+	 * Submenu items (level 2) need menu_icon set in the params JSON.
+	 */
+	private function fixMenuIcons(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			$iconMap = [
+				'class:cogs'         => 'icon-cogs',
+				'class:puzzle-piece' => 'icon-puzzle-piece',
+				'class:headphones'   => 'fa-solid fa-handshake-angle',
+				'class:file-code'    => 'fa-solid fa-file-code',
+				'class:lock'         => 'icon-lock',
+				'class:shield-alt'   => 'icon-shield-alt',
+				'class:database'     => 'icon-database',
+				'class:trash'        => 'icon-trash',
+				'class:power-off'    => 'icon-power-off',
+				'class:refresh'      => 'icon-refresh',
+				'class:check-square' => 'icon-check-square',
+				'class:bolt'         => 'icon-bolt',
+			];
+
+			// Find all MokoWaaS component submenu items (including those linking to other components)
+			$db->setQuery(
+				$db->getQuery(true)
+					->select(['m.id', 'm.img', 'm.params'])
+					->from($db->quoteName('#__menu', 'm'))
+					->where('m.client_id = 1')
+					->where('m.level >= 2')
+					->where('m.parent_id IN (SELECT id FROM ' . $db->quoteName('#__menu')
+						. ' WHERE client_id = 1 AND level = 1 AND link LIKE ' . $db->quote('%com_mokowaas%') . ')')
+			);
+
+			foreach ($db->loadObjectList() as $item)
+			{
+				$icon = $iconMap[$item->img] ?? '';
+
+				if (!$icon)
+				{
+					continue;
+				}
+
+				$params = json_decode($item->params ?: '{}', true) ?: [];
+
+				if (!empty($params['menu_icon']))
+				{
+					continue;
+				}
+
+				$params['menu_icon'] = $icon;
+
+				$db->setQuery(
+					$db->getQuery(true)
+						->update($db->quoteName('#__menu'))
+						->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($params)))
+						->where($db->quoteName('id') . ' = ' . (int) $item->id)
+				)->execute();
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Menu icon fix error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Unpublish default Joomla guided tours and create MokoWaaS tours.
+	 * Re-enables the guided tours plugin if disabled.
+	 */
+	private function setupGuidedTours(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Re-enable guided tours plugin (may have been disabled)
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('enabled') . ' = 1')
+					->where($db->quoteName('element') . ' = ' . $db->quote('guidedtours'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+			)->execute();
+
+			// Re-enable the guided tours module (shows our tours, not Joomla's)
+			$db->setQuery(
+				"UPDATE " . $db->quoteName('#__modules')
+				. " SET published = 1, title = 'MokoWaaS Tours'"
+				. " WHERE module = 'mod_guidedtours'"
+			);
+			$db->execute();
+
+			// Override the guided tours module language string
+			$overridePath = JPATH_ADMINISTRATOR . '/language/overrides/en-GB.override.ini';
+			$overrides = file_exists($overridePath) ? parse_ini_file($overridePath) : [];
+
+			if (empty($overrides['MOD_GUIDEDTOURS']))
+			{
+				$overrides['MOD_GUIDEDTOURS'] = 'MokoWaaS Tours';
+				$overrides['MOD_GUIDEDTOURS_TITLE'] = 'MokoWaaS Tours';
+
+				$lines = [];
+				foreach ($overrides as $k => $v)
+				{
+					$lines[] = $k . '="' . str_replace('"', '\"', $v) . '"';
+				}
+				file_put_contents($overridePath, implode("\n", $lines) . "\n");
+			}
+
+			// Unpublish all default Joomla tours
+			$db->setQuery(
+				"UPDATE " . $db->quoteName('#__guidedtours')
+				. " SET published = 0"
+				. " WHERE " . $db->quoteName('uid') . " LIKE 'joomla-%'"
+			);
+			$db->execute();
+
+			// Define MokoWaaS tours
+			$tours = [
+				[
+					'uid'   => 'mokowaas-welcome',
+					'title' => 'Welcome to MokoWaaS',
+					'desc'  => 'Get started with the MokoWaaS Admin Tools Suite. This tour shows you the key areas of your admin dashboard.',
+					'url'   => 'administrator/index.php?option=com_mokowaas',
+					'steps' => [
+						['title' => 'MokoWaaS Dashboard', 'desc' => 'This is your MokoWaaS control center. You can see site info, feature plugins, WAF activity, and quick actions all in one place.', 'target' => '#mokowaas-dashboard', 'type' => 0],
+						['title' => 'Site Information', 'desc' => 'The info bar shows your Joomla version, PHP version, database type, and debug/offline status at a glance.', 'target' => '.mokowaas-info-bar', 'type' => 0],
+						['title' => 'Quick Actions', 'desc' => 'Use these buttons to clear cache, check updates, manage extensions, and perform common admin tasks with one click.', 'target' => '#mokowaas-btn-cache', 'type' => 0],
+						['title' => 'Feature Plugins', 'desc' => 'MokoWaaS features are split into toggleable plugins. Enable or disable security, tenant restrictions, developer tools, and more from here.', 'target' => '.mokowaas-plugin-grid', 'type' => 0],
+						['title' => 'MokoWaaS Menu', 'desc' => 'The MokoWaaS sidebar menu gives you quick access to all admin tools — Helpdesk, Extensions, WAF Log, Database Tools, and more.', 'target' => '.mokowaas-admin-menu, [class*="mokowaas"]', 'type' => 0],
+					],
+				],
+				[
+					'uid'   => 'mokowaas-firewall',
+					'title' => 'MokoWaaS Firewall Setup',
+					'desc'  => 'Configure the Web Application Firewall to protect your site from common attacks.',
+					'url'   => 'administrator/index.php?option=com_plugins&task=plugin.edit&filter[search]=mokowaas_firewall',
+					'steps' => [
+						['title' => 'Firewall Plugin', 'desc' => 'The MokoWaaS Firewall provides 10 security shields including SQL injection, XSS, and malicious user agent detection.', 'target' => '', 'type' => 0],
+						['title' => 'WAF Shields', 'desc' => 'Enable or disable individual WAF shields. Each shield protects against a specific attack vector. All shields are enabled by default.', 'target' => '', 'type' => 0],
+						['title' => 'Security Headers', 'desc' => 'Configure HTTP security headers like X-Frame-Options, Content-Security-Policy, and HSTS to harden your site against browser-based attacks.', 'target' => '', 'type' => 0],
+						['title' => 'IP Blocklist', 'desc' => 'Block specific IP addresses, CIDR ranges, or wildcard patterns. The auto-ban feature automatically blocks IPs that trigger too many WAF alerts.', 'target' => '', 'type' => 0],
+					],
+				],
+				[
+					'uid'   => 'mokowaas-helpdesk',
+					'title' => 'MokoWaaS Helpdesk',
+					'desc'  => 'Learn how to manage support tickets, categories, and automation rules.',
+					'url'   => 'administrator/index.php?option=com_mokowaas&view=tickets',
+					'steps' => [
+						['title' => 'Ticket List', 'desc' => 'View all support tickets with status, priority, SLA tracking, and assignment. Filter by status or search to find specific tickets.', 'target' => '', 'type' => 0],
+						['title' => 'Create a Ticket', 'desc' => 'Click the New button to create a support ticket. Assign a category, priority, and optional SLA deadline.', 'target' => '', 'type' => 0],
+						['title' => 'Ticket Automation', 'desc' => 'Set up automation rules that trigger on ticket events (new ticket, status change) or Joomla events (user login, registration). Automate assignment, notifications, and status changes.', 'target' => '', 'type' => 0],
+					],
+				],
+				[
+					'uid'   => 'mokowaas-extensions',
+					'title' => 'Moko Extensions Manager',
+					'desc'  => 'Browse and install Moko Consulting extensions from the built-in catalog.',
+					'url'   => 'administrator/index.php?option=com_mokowaas&view=extensions',
+					'steps' => [
+						['title' => 'Extension Catalog', 'desc' => 'Browse all available Moko Consulting extensions. Each card shows the extension name, description, install status, and current version.', 'target' => '', 'type' => 0],
+						['title' => 'Install Extensions', 'desc' => 'Click Install to add an extension from the Moko Consulting repository. Updates are handled through Joomla\'s standard update system.', 'target' => '', 'type' => 0],
+					],
+				],
+			];
+
+			foreach ($tours as $tourDef)
+			{
+				// Check if tour already exists
+				$db->setQuery(
+					$db->getQuery(true)
+						->select('id')
+						->from($db->quoteName('#__guidedtours'))
+						->where($db->quoteName('uid') . ' = ' . $db->quote($tourDef['uid']))
+				);
+
+				if ($db->loadResult())
+				{
+					continue;
+				}
+
+				$tour = (object) [
+					'title'       => $tourDef['title'],
+					'uid'         => $tourDef['uid'],
+					'description' => $tourDef['desc'],
+					'extensions'  => '',
+					'url'         => $tourDef['url'],
+					'created'     => date('Y-m-d H:i:s'),
+					'created_by'  => 0,
+					'modified'    => date('Y-m-d H:i:s'),
+					'modified_by' => 0,
+					'published'   => 1,
+					'language'    => '*',
+					'note'        => 'MokoWaaS',
+					'access'      => 3,
+					'ordering'    => 0,
+					'autostart'   => 0,
+				];
+
+				$db->insertObject('#__guidedtours', $tour, 'id');
+				$tourId = (int) $tour->id;
+
+				foreach ($tourDef['steps'] as $i => $stepDef)
+				{
+					$step = (object) [
+						'tour_id'          => $tourId,
+						'title'            => $stepDef['title'],
+						'description'      => $stepDef['desc'],
+						'target'           => $stepDef['target'],
+						'type'             => $stepDef['type'],
+						'interactive_type' => 1,
+						'url'              => '',
+						'position'         => 'bottom',
+						'ordering'         => $i + 1,
+						'published'        => 1,
+						'created'          => date('Y-m-d H:i:s'),
+						'created_by'       => 0,
+						'modified'         => date('Y-m-d H:i:s'),
+						'modified_by'      => 0,
+						'language'         => '*',
+						'note'             => '',
+						'params'           => '{}',
+					];
+
+					$db->insertObject('#__guidedtour_steps', $step, 'id');
+				}
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Guided tours setup error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Create a "Support" menu item on the frontend main menu.
+	 */
+	private function setupSupportMenuItem(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->select('COUNT(*)')
+					->from($db->quoteName('#__menu'))
+					->where($db->quoteName('link') . ' LIKE ' . $db->quote('%com_mokowaas&view=tickets%'))
+					->where($db->quoteName('client_id') . ' = 0')
+			);
+
+			if ((int) $db->loadResult() > 0)
+			{
+				return;
+			}
+
+			$db->setQuery(
+				$db->getQuery(true)
+					->select($db->quoteName('extension_id'))
+					->from($db->quoteName('#__extensions'))
+					->where($db->quoteName('element') . ' = ' . $db->quote('com_mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+			);
+			$componentId = (int) $db->loadResult();
+
+			if (!$componentId)
+			{
+				return;
+			}
+
+			$db->setQuery("SELECT id FROM #__menu WHERE menutype = '' AND level = 0 AND client_id = 0 LIMIT 1");
+			$rootId = (int) $db->loadResult() ?: 1;
+
+			$db->setQuery('SELECT MAX(rgt) FROM #__menu WHERE client_id = 0');
+			$maxRgt = (int) $db->loadResult();
+
+			$item = (object) [
+				'menutype'          => 'mainmenu',
+				'title'             => 'Support',
+				'alias'             => 'support',
+				'note'              => '',
+				'path'              => 'support',
+				'link'              => 'index.php?option=com_mokowaas&view=tickets',
+				'type'              => 'component',
+				'published'         => 1,
+				'parent_id'         => $rootId,
+				'level'             => 1,
+				'component_id'      => $componentId,
+				'checked_out'       => null,
+				'checked_out_time'  => null,
+				'browserNav'        => 0,
+				'access'            => 2,
+				'img'               => '',
+				'template_style_id' => 0,
+				'params'            => '{}',
+				'lft'               => $maxRgt + 1,
+				'rgt'               => $maxRgt + 2,
+				'home'              => 0,
+				'language'          => '*',
+				'client_id'         => 0,
+			];
+
+			$db->insertObject('#__menu', $item, 'id');
+			$supportId = (int) $item->id;
+
+			// Create "Submit a Ticket" child menu item
+			if ($supportId)
+			{
+				$db->setQuery('SELECT MAX(rgt) FROM #__menu WHERE client_id = 0');
+				$maxRgt2 = (int) $db->loadResult();
+
+				$child = (object) [
+					'menutype'          => 'mainmenu',
+					'title'             => 'Submit a Ticket',
+					'alias'             => 'submit-ticket',
+					'note'              => '',
+					'path'              => 'support/submit-ticket',
+					'link'              => 'index.php?option=com_mokowaas&view=tickets&layout=submit',
+					'type'              => 'component',
+					'published'         => 1,
+					'parent_id'         => $supportId,
+					'level'             => 2,
+					'component_id'      => $componentId,
+					'checked_out'       => null,
+					'checked_out_time'  => null,
+					'browserNav'        => 0,
+					'access'            => 2,
+					'img'               => '',
+					'template_style_id' => 0,
+					'params'            => '{}',
+					'lft'               => $maxRgt2 + 1,
+					'rgt'               => $maxRgt2 + 2,
+					'home'              => 0,
+					'language'          => '*',
+					'client_id'         => 0,
+				];
+
+				$db->insertObject('#__menu', $child, 'id');
+			}
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Support menu setup error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * One-time migration of params from the monolithic core plugin to
+	 * the new feature plugins. Copies security, tenant, and dev params.
+	 *
+	 * @return  void
+	 *
+	 * @since   02.32.00
+	 */
+	private function migrateFeatureParams(): void
+	{
+		try
+		{
+			$db = Factory::getDbo();
+
+			// Read core plugin params
+			$query = $db->getQuery(true)
+				->select($db->quoteName('params'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
+			$db->setQuery($query);
+			$coreParamsJson = (string) $db->loadResult();
+
+			if (empty($coreParamsJson) || $coreParamsJson === '{}')
+			{
+				return;
+			}
+
+			$core = json_decode($coreParamsJson, true);
+
+			if (empty($core))
+			{
+				return;
+			}
+
+			// Check migration marker
+			if (!empty($core['_params_migrated_032']))
+			{
+				return;
+			}
+
+			// Firewall params
+			$firewallKeys = [
+				'force_https', 'admin_session_timeout', 'trusted_ips',
+				'password_min_length', 'password_require_uppercase',
+				'password_require_number', 'password_require_special',
+				'upload_allowed_types', 'upload_max_size_mb',
+			];
+
+			// Tenant params
+			$tenantKeys = [
+				'restrict_installer', 'allow_extension_updates', 'hide_sysinfo',
+				'restrict_global_config', 'restrict_template_editing',
+				'disable_install_url', 'hidden_menu_items',
+			];
+
+			// DevTools params
+			$devtoolsKeys = ['dev_mode', 'reset_hits', 'delete_versions'];
+
+			$migrations = [
+				'mokowaas_firewall' => $firewallKeys,
+				'mokowaas_tenant'   => $tenantKeys,
+				'mokowaas_devtools' => $devtoolsKeys,
+			];
+
+			foreach ($migrations as $element => $keys)
+			{
+				$featureParams = [];
+
+				foreach ($keys as $key)
+				{
+					if (isset($core[$key]))
+					{
+						$featureParams[$key] = $core[$key];
+					}
+				}
+
+				if (empty($featureParams))
+				{
+					continue;
+				}
+
+				$db->setQuery(
+					$db->getQuery(true)
+						->update($db->quoteName('#__extensions'))
+						->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($featureParams)))
+						->where($db->quoteName('element') . ' = ' . $db->quote($element))
+						->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+						->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+				)->execute();
+			}
+
+			// Set migration marker on core plugin
+			$core['_params_migrated_032'] = 1;
+			$db->setQuery(
+				$db->getQuery(true)
+					->update($db->quoteName('#__extensions'))
+					->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($core)))
+					->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
+					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+					->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
+			)->execute();
+
+			Factory::getApplication()->enqueueMessage(
+				'MokoWaaS: migrated settings to feature plugins (Firewall, Tenant, DevTools).',
+				'message'
+			);
+		}
+		catch (\Throwable $e)
+		{
+			Log::add('Feature param migration error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
+		}
+	}
+
+	/**
+	 * Warn after install/update if no license key (dlid) is configured on the update site.
+	 */
+	private function warnMissingLicenseKey(): void
+	{
+		try
+		{
+			$db  = Factory::getDbo();
+			$app = Factory::getApplication();
+
+			$query = $db->getQuery(true)
+				->select([$db->quoteName('update_site_id'), $db->quoteName('extra_query')])
+				->from($db->quoteName('#__update_sites'))
+				->where('(' . $db->quoteName('name') . ' LIKE ' . $db->quote('%MokoWaaS%')
+					. ' OR ' . $db->quoteName('location') . ' LIKE ' . $db->quote('%MokoWaaS%') . ')')
+				->setLimit(1);
+			$db->setQuery($query);
+			$site = $db->loadObject();
+
+			if ($site)
+			{
+				$extraQuery = (string) ($site->extra_query ?? '');
+
+				if (!empty($extraQuery) && strpos($extraQuery, 'dlid=') !== false)
+				{
+					parse_str($extraQuery, $parsed);
+
+					if (!empty($parsed['dlid']))
+					{
+						return;
+					}
+				}
+
+				$editUrl = 'index.php?option=com_installer&task=updatesite.edit&update_site_id=' . (int) $site->update_site_id;
+			}
+			else
+			{
+				$editUrl = 'index.php?option=com_installer&view=updatesites';
+			}
+
+			$app->enqueueMessage(
+				'<strong>Moko Consulting License Key Required</strong> — '
+				. 'No download key is configured. Updates will not be available until a valid license key is entered. '
+				. '<a href="' . $editUrl . '" class="btn btn-sm btn-warning ms-2">Enter License Key</a>',
+				'warning'
+			);
+		}
+		catch (\Throwable $e)
+		{
+			// Silent
+		}
+	}
+}
diff --git a/src/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.ini b/src/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.ini
deleted file mode 100644
index 2d7a1c7e..00000000
--- a/src/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.ini
+++ /dev/null
@@ -1,21 +0,0 @@
-; MokoWaaS Admin Dashboard - Language Strings
-; Copyright (C) 2026 Moko Consulting. All rights reserved.
-; License: GPL-3.0-or-later
-
-COM_MOKOWAAS_DASHBOARD_TITLE="MokoWaaS Control Panel"
-COM_MOKOWAAS_SITE="Site"
-COM_MOKOWAAS_DATABASE="Database"
-COM_MOKOWAAS_DEBUG_ON="Debug ON"
-COM_MOKOWAAS_OFFLINE="Offline"
-COM_MOKOWAAS_CLEAR_CACHE="Clear Cache"
-COM_MOKOWAAS_CHECK_UPDATES="Check Updates"
-COM_MOKOWAAS_ENABLED="Enabled"
-COM_MOKOWAAS_DISABLED="Disabled"
-COM_MOKOWAAS_PROTECTED="Protected"
-COM_MOKOWAAS_CONFIGURE="Configure"
-COM_MOKOWAAS_TOGGLE_SUCCESS="Plugin state updated."
-COM_MOKOWAAS_TOGGLE_FAIL="Failed to update plugin state."
-COM_MOKOWAAS_CACHE_CLEARED="Cache cleared successfully."
-COM_MOKOWAAS_EXTENSIONS_TITLE="Moko Extensions"
-COM_MOKOWAAS_EXTENSIONS_INFO="Install Moko Consulting Joomla packages from the official release server. Updates are handled through Joomla's native System > Update mechanism — each package registers its own update server."
-COM_MOKOWAAS_EXTENSIONS_LINK="Moko Extensions"
diff --git a/src/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.sys.ini b/src/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.sys.ini
deleted file mode 100644
index ac058b55..00000000
--- a/src/packages/com_mokowaas/admin/language/en-GB/com_mokowaas.sys.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-; MokoWaaS Admin Dashboard - System Language Strings
-; Copyright (C) 2026 Moko Consulting. All rights reserved.
-; License: GPL-3.0-or-later
-
-COM_MOKOWAAS="MokoWaaS"
-COM_MOKOWAAS_DESCRIPTION="MokoWaaS admin dashboard and REST API. Control panel for managing site features, health monitoring, and remote management."
-COM_MOKOWAAS_DASHBOARD_TITLE="MokoWaaS Control Panel"
diff --git a/src/packages/com_mokowaas/admin/src/Controller/DisplayController.php b/src/packages/com_mokowaas/admin/src/Controller/DisplayController.php
deleted file mode 100644
index b6bdac57..00000000
--- a/src/packages/com_mokowaas/admin/src/Controller/DisplayController.php
+++ /dev/null
@@ -1,125 +0,0 @@
-<?php
-/**
- * @package     MokoWaaS
- * @subpackage  com_mokowaas
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
-namespace Moko\Component\MokoWaaS\Administrator\Controller;
-
-defined('_JEXEC') or die;
-
-use Joomla\CMS\MVC\Controller\BaseController;
-use Joomla\CMS\Factory;
-use Joomla\CMS\Language\Text;
-use Joomla\CMS\Router\Route;
-use Joomla\CMS\Session\Session;
-
-class DisplayController extends BaseController
-{
-	protected $default_view = 'dashboard';
-
-	public function display($cachable = false, $urlparams = [])
-	{
-		return parent::display($cachable, $urlparams);
-	}
-
-	/**
-	 * Toggle a MokoWaaS feature plugin on or off.
-	 *
-	 * Expects POST with extension_id and enabled (0 or 1).
-	 * Returns JSON response for AJAX calls.
-	 */
-	public function togglePlugin()
-	{
-		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
-
-		$app   = Factory::getApplication();
-		$input = $app->getInput();
-
-		$user = $app->getIdentity();
-		if (!$user->authorise('core.manage', 'com_plugins'))
-		{
-			$app->setHeader('Content-Type', 'application/json');
-			echo json_encode(['success' => false, 'message' => Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN')]);
-			$app->close();
-		}
-
-		$extensionId = $input->getInt('extension_id', 0);
-		$enabled     = $input->getInt('enabled', 0);
-
-		if (!$extensionId)
-		{
-			$app->setHeader('Content-Type', 'application/json');
-			echo json_encode(['success' => false, 'message' => 'Missing extension_id']);
-			$app->close();
-		}
-
-		$model   = $this->getModel('Dashboard');
-		$result  = $model->togglePlugin($extensionId, $enabled);
-
-		$app->setHeader('Content-Type', 'application/json');
-		echo json_encode($result);
-		$app->close();
-	}
-
-	/**
-	 * Clear the Joomla cache.
-	 */
-	public function clearCache()
-	{
-		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
-
-		$app  = Factory::getApplication();
-		$user = $app->getIdentity();
-
-		if (!$user->authorise('core.admin'))
-		{
-			$app->setHeader('Content-Type', 'application/json');
-			echo json_encode(['success' => false, 'message' => Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN')]);
-			$app->close();
-		}
-
-		$model  = $this->getModel('Dashboard');
-		$result = $model->clearCache();
-
-		$app->setHeader('Content-Type', 'application/json');
-		echo json_encode($result);
-		$app->close();
-	}
-
-	/**
-	 * Install a Moko extension from a download URL.
-	 */
-	public function installExtension()
-	{
-		Session::checkToken() or die(Text::_('JINVALID_TOKEN'));
-
-		$app  = Factory::getApplication();
-		$user = $app->getIdentity();
-
-		if (!$user->authorise('core.admin'))
-		{
-			$app->setHeader('Content-Type', 'application/json');
-			echo json_encode(['success' => false, 'message' => Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN')]);
-			$app->close();
-		}
-
-		$downloadUrl = $app->getInput()->getString('download_url', '');
-
-		if (empty($downloadUrl))
-		{
-			$app->setHeader('Content-Type', 'application/json');
-			echo json_encode(['success' => false, 'message' => 'Missing download URL.']);
-			$app->close();
-		}
-
-		$model  = $this->getModel('Extensions');
-		$result = $model->installFromUrl($downloadUrl);
-
-		$app->setHeader('Content-Type', 'application/json');
-		echo json_encode($result);
-		$app->close();
-	}
-}
diff --git a/src/packages/com_mokowaas/admin/src/Model/ExtensionsModel.php b/src/packages/com_mokowaas/admin/src/Model/ExtensionsModel.php
deleted file mode 100644
index e8402f12..00000000
--- a/src/packages/com_mokowaas/admin/src/Model/ExtensionsModel.php
+++ /dev/null
@@ -1,305 +0,0 @@
-<?php
-/**
- * @package     MokoWaaS
- * @subpackage  com_mokowaas
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
-namespace Moko\Component\MokoWaaS\Administrator\Model;
-
-defined('_JEXEC') or die;
-
-use Joomla\CMS\Factory;
-use Joomla\CMS\MVC\Model\BaseDatabaseModel;
-
-/**
- * Extension manager model — fetches Moko Consulting Joomla packages
- * from the Gitea API and checks local install status.
- *
- * @since  02.32.00
- */
-class ExtensionsModel extends BaseDatabaseModel
-{
-	/**
-	 * Curated catalog of Moko Consulting Joomla packages.
-	 * Each entry maps a Gitea repo name to local extension metadata.
-	 */
-	private const CATALOG = [
-		'MokoWaaS' => [
-			'label'       => 'MokoWaaS',
-			'description' => 'Admin dashboard, security firewall, tenant restrictions, health monitoring, and REST API.',
-			'element'     => 'pkg_mokowaas',
-			'type'        => 'package',
-			'icon'        => 'icon-shield-alt',
-			'category'    => 'Platform',
-			'article'     => 'https://mokoconsulting.tech/kb/mokowaas-platform',
-			'protected'   => true,
-		],
-		'MokoOnyx' => [
-			'label'       => 'MokoOnyx',
-			'description' => 'Modern Joomla site template with dark mode, custom layouts, and MokoWaaS integration.',
-			'element'     => 'mokoonyx',
-			'type'        => 'template',
-			'icon'        => 'icon-paint-brush',
-			'category'    => 'Templates',
-			'article'     => 'https://mokoconsulting.tech/kb/mokoonyx-template',
-			'protected'   => false,
-		],
-		'MokoJoomTOS' => [
-			'label'       => 'MokoJoomTOS',
-			'description' => 'Terms of Service and privacy policy component with consent tracking.',
-			'element'     => 'com_mokojoomtos',
-			'type'        => 'component',
-			'icon'        => 'icon-file-contract',
-			'category'    => 'Components',
-			'article'     => 'https://mokoconsulting.tech/kb/mokojoomtos',
-			'protected'   => false,
-		],
-		'MokoJoomHero' => [
-			'label'       => 'MokoJoomHero',
-			'description' => 'Random hero image module from a configurable folder.',
-			'element'     => 'mod_mokojoomhero',
-			'type'        => 'module',
-			'icon'        => 'icon-image',
-			'category'    => 'Modules',
-			'article'     => 'https://mokoconsulting.tech/kb/mokojoomhero',
-			'protected'   => false,
-		],
-		'MokoWaaSAnnounce' => [
-			'label'       => 'MokoWaaS Announce',
-			'description' => 'Centralized announcement system via admin module.',
-			'element'     => 'mod_mokowaas_announce',
-			'type'        => 'module',
-			'icon'        => 'icon-bullhorn',
-			'category'    => 'Modules',
-			'article'     => 'https://mokoconsulting.tech/kb/mokowaas-announce',
-			'protected'   => false,
-		],
-		'MokoDPCalendarAPI' => [
-			'label'       => 'DPCalendar API',
-			'description' => 'Web Services plugin exposing DPCalendar events and calendars via REST API.',
-			'element'     => 'mokodpcalendarapi',
-			'type'        => 'plugin',
-			'icon'        => 'icon-calendar',
-			'category'    => 'Plugins',
-			'article'     => 'https://mokoconsulting.tech/kb/mokodpcalendarapi',
-			'protected'   => false,
-		],
-		'MokoGalleryCalendar' => [
-			'label'       => 'Gallery Calendar',
-			'description' => 'JoomGallery and DPCalendar integration — link galleries to events.',
-			'element'     => 'mokogallerycalendar',
-			'type'        => 'plugin',
-			'icon'        => 'icon-images',
-			'category'    => 'Plugins',
-			'article'     => 'https://mokoconsulting.tech/kb/mokogallerycalendar',
-			'protected'   => false,
-		],
-	];
-
-	private const GITEA_URL = 'https://git.mokoconsulting.tech';
-	private const GITEA_ORG = 'MokoConsulting';
-
-	/**
-	 * Get the full catalog with install status and release info.
-	 *
-	 * @return  array
-	 */
-	public function getCatalog(): array
-	{
-		$installed = $this->getInstalledVersions();
-		$packages  = [];
-
-		foreach (self::CATALOG as $repo => $meta)
-		{
-			$release = $this->fetchLatestRelease($repo);
-
-			$localVersion  = $installed[$meta['element']] ?? null;
-			$remoteVersion = $release['version'] ?? '';
-			$downloadUrl   = $release['download_url'] ?? '';
-
-			$status = ($localVersion !== null) ? 'installed' : 'not_installed';
-
-			// Get extension_id for uninstall link
-			$extensionId = $this->getExtensionId($meta['element']);
-
-			$packages[] = (object) [
-				'repo'           => $repo,
-				'label'          => $meta['label'],
-				'description'    => $meta['description'],
-				'element'        => $meta['element'],
-				'type'           => $meta['type'],
-				'icon'           => $meta['icon'],
-				'category'       => $meta['category'],
-				'local_version'  => $localVersion ?? '',
-				'remote_version' => $remoteVersion,
-				'download_url'   => $downloadUrl,
-				'status'         => $status,
-				'article_url'    => $meta['article'] ?? '',
-				'protected'      => $meta['protected'] ?? false,
-				'extension_id'   => $extensionId,
-			];
-		}
-
-		return $packages;
-	}
-
-	/**
-	 * Install an extension from a remote ZIP URL.
-	 *
-	 * @param   string  $url  The download URL.
-	 *
-	 * @return  array  Result with success, message, and extension info.
-	 */
-	public function installFromUrl(string $url): array
-	{
-		$tmpPath = Factory::getConfig()->get('tmp_path', JPATH_ROOT . '/tmp');
-		$tmpFile = $tmpPath . '/mokowaas_install_' . md5($url) . '.zip';
-
-		try
-		{
-			// Download
-			$ch = curl_init($url);
-			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-			curl_setopt($ch, CURLOPT_TIMEOUT, 120);
-			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-			$data = curl_exec($ch);
-			$code = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
-			$error = curl_error($ch);
-			curl_close($ch);
-
-			if ($error || $code !== 200 || empty($data))
-			{
-				return ['success' => false, 'message' => 'Download failed: ' . ($error ?: "HTTP {$code}")];
-			}
-
-			file_put_contents($tmpFile, $data);
-
-			// Install via Joomla Installer
-			$installer = new \Joomla\CMS\Installer\Installer();
-			$result    = $installer->install($tmpFile);
-
-			@unlink($tmpFile);
-
-			if (!$result)
-			{
-				return ['success' => false, 'message' => 'Installation failed.'];
-			}
-
-			return [
-				'success' => true,
-				'message' => 'Installed successfully.',
-			];
-		}
-		catch (\Throwable $e)
-		{
-			@unlink($tmpFile);
-
-			return ['success' => false, 'message' => 'Error: ' . $e->getMessage()];
-		}
-	}
-
-	/**
-	 * Get installed versions of all Moko extensions.
-	 *
-	 * @return  array  element => version
-	 */
-	private function getInstalledVersions(): array
-	{
-		$db       = $this->getDatabase();
-		$elements = [];
-
-		foreach (self::CATALOG as $meta)
-		{
-			$elements[] = $db->quote($meta['element']);
-		}
-
-		$query = $db->getQuery(true)
-			->select([$db->quoteName('element'), $db->quoteName('manifest_cache')])
-			->from($db->quoteName('#__extensions'))
-			->where($db->quoteName('element') . ' IN (' . implode(',', $elements) . ')');
-		$db->setQuery($query);
-		$rows = $db->loadObjectList() ?: [];
-
-		$versions = [];
-
-		foreach ($rows as $row)
-		{
-			$mc = json_decode($row->manifest_cache ?? '{}');
-			$versions[$row->element] = $mc->version ?? '0.0.0';
-		}
-
-		return $versions;
-	}
-
-	/**
-	 * Fetch the latest release from Gitea for a repo.
-	 *
-	 * @param   string  $repo  Repository name.
-	 *
-	 * @return  array  [version, download_url] or empty.
-	 */
-	private function fetchLatestRelease(string $repo): array
-	{
-		$url = self::GITEA_URL . '/api/v1/repos/' . self::GITEA_ORG . '/' . $repo . '/releases?limit=1';
-
-		$ch = curl_init($url);
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-		curl_setopt($ch, CURLOPT_TIMEOUT, 10);
-		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-		curl_setopt($ch, CURLOPT_HTTPHEADER, ['Accept: application/json']);
-		$response = curl_exec($ch);
-		$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
-		curl_close($ch);
-
-		if ($code !== 200 || empty($response))
-		{
-			return [];
-		}
-
-		$releases = json_decode($response, true);
-
-		if (empty($releases[0]))
-		{
-			return [];
-		}
-
-		$release = $releases[0];
-		$version = $release['tag_name'] ?? '';
-
-		// Find the first .zip asset
-		$downloadUrl = '';
-
-		foreach ($release['assets'] ?? [] as $asset)
-		{
-			if (str_ends_with(strtolower($asset['name'] ?? ''), '.zip'))
-			{
-				$downloadUrl = $asset['browser_download_url'] ?? '';
-				break;
-			}
-		}
-
-		return [
-			'version'      => $version,
-			'download_url' => $downloadUrl,
-		];
-	}
-
-	/**
-	 * Get the extension_id for an element (for uninstall links).
-	 */
-	private function getExtensionId(string $element): int
-	{
-		$db    = $this->getDatabase();
-		$query = $db->getQuery(true)
-			->select($db->quoteName('extension_id'))
-			->from($db->quoteName('#__extensions'))
-			->where($db->quoteName('element') . ' = ' . $db->quote($element))
-			->setLimit(1);
-		$db->setQuery($query);
-
-		return (int) $db->loadResult();
-	}
-}
diff --git a/src/packages/plg_system_mokowaas/administrator/language/overrides/en-GB.override.ini b/src/packages/plg_system_mokowaas/administrator/language/overrides/en-GB.override.ini
deleted file mode 100644
index ca5081b5..00000000
--- a/src/packages/plg_system_mokowaas/administrator/language/overrides/en-GB.override.ini
+++ /dev/null
@@ -1,120 +0,0 @@
-; -----------------------------------------------------------------------------
-; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-; This file is part of a Moko Consulting project.
-; SPDX-License-Identifier: GPL-3.0-or-later
-; REPO: https://github.com/mokoconsulting-tech/mokowaas
-; -----------------------------------------------------------------------------
-; FILE INFORMATION
-; Defgroup: Joomla Language Overrides
-; Ingroup: MokoWaaS
-; Version: 02.01.08
-; File: en-GB.override.ini
-; Path: administrator/language/overrides/en-GB.override.ini
-; Brief: Admin override TEMPLATE — placeholders resolved at runtime/install.
-; Notes: Use {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}} placeholders.
-; Variables: {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}}
-; -----------------------------------------------------------------------------
-
-; ===== Footer & template branding =====
-TPL_ATUM_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-MOD_FOOTER_LINE2="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-
-; ===== Control panel greetings =====
-COM_CPANEL_WELCOME_TITLE="Welcome to {{BRAND_NAME}}!"
-COM_CPANEL_MSG_WELCOME="Welcome to {{BRAND_NAME}}!"
-
-; ===== Help/Docs phrasing =====
-COM_ADMIN_HELP_SITE="{{BRAND_NAME}} Help"
-COM_ADMIN_HELPSITE_FIELD_LABEL="{{BRAND_NAME}} Help"
-
-; ===== Generic replacements =====
-JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="{{BRAND_NAME}} Defaults"
-COM_INSTALLER_TYPE_JOOMLA="{{BRAND_NAME}} Package"
-LIB_JOOMLA="{{BRAND_NAME}} Library"
-
-; ===== System messages =====
-JERROR_JOOMLA="{{BRAND_NAME}} Error"
-JFIELD_JOOMLA_LABEL="{{BRAND_NAME}} Field"
-
-; ===== AdminLogin Support =====
-MOD_LOGINSUPPORT_FORUM="{{COMPANY_NAME}} Support"
-MOD_LOGINSUPPORT_DOCUMENTATION="{{BRAND_NAME}} Documentation"
-MOD_LOGINSUPPORT_NEWS="{{COMPANY_NAME}} News"
-MOD_LOGINSUPPORT_HEADLINE="Need help? Visit {{COMPANY_NAME}}:"
-MOD_LOGINSUPPORT_XML_DESCRIPTION="This module displays useful links to {{COMPANY_NAME}} support on the login screen."
-TPL_ATUM_BACKEND_LOGIN="{{BRAND_NAME}} Administrator Login"
-
-; ===== Error messages =====
-JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
-
-; ===== Admin-specific branding =====
-COM_ADMIN_VIEW_HOME_TITLE="{{BRAND_NAME}} Control Panel"
-JLIB_APPLICATION_ERROR_SAVE_FAILED="{{BRAND_NAME}} Error: Save failed"
-
-; ===== Module list workaround (RegularLabs) =====
-COM_MODULES_HEADING_POSITION="Position"
-
-; ===== Extensions =====
-COM_INSTALLER_TYPE_TYPE_JOOMLA="{{BRAND_NAME}}"
-COM_INSTALLER_MSG_UPDATE_SUCCESS="Update installed successfully"
-
-; ===== Dashboard =====
-COM_CPANEL_WELCOME_BEGINNERS_TITLE="Welcome to {{BRAND_NAME}}!"
-COM_CPANEL_WELCOME_BEGINNERS_MESSAGE="<p>Community resources are available for new users.</p><ul><li><a href=\"{{SUPPORT_URL}}\" target=\"_blank\" rel=\"noopener noreferrer\">{{BRAND_NAME}} Documentation</a></li><li><a href=\"{{SUPPORT_URL}}\" target=\"_blank\" rel=\"noopener noreferrer\">{{BRAND_NAME}} Support</a></li></ul>"
-COM_CPANEL_MSG_STATS_COLLECTION_TITLE="Stats Collection in {{BRAND_NAME}}"
-
-; ===== Quick Icons =====
-PLG_QUICKICON_JOOMLAUPDATE_CHECKING="Checking {{BRAND_NAME}}…"
-PLG_QUICKICON_JOOMLAUPDATE_ERROR="Unknown {{BRAND_NAME}}…"
-PLG_QUICKICON_JOOMLAUPDATE_UPTODATE="{{BRAND_NAME}} is up to date."
-
-; ===== System Info =====
-COM_ADMIN_JOOMLA_VERSION="{{BRAND_NAME}} Version"
-COM_ADMIN_HELP="{{BRAND_NAME}} Help"
-COM_ADMIN_JOOMLA_COMPAT_PLUGIN="{{BRAND_NAME}} Backward Compatibility Plugin"
-
-; ===== Installer =====
-COM_INSTALLER_UPLOAD_INSTALL_JOOMLA_EXTENSION="Upload & Install {{BRAND_NAME}} Extension"
-COM_INSTALLER_UNABLE_TO_INSTALL_JOOMLA_PACKAGE="The {{BRAND_NAME}} package cannot be installed through the Extension Manager. Please use the {{BRAND_NAME}} Update component to update."
-COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTSET="The {{BRAND_NAME}} temporary folder is not set."
-COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTWRITEABLE="The {{BRAND_NAME}} temporary folder is not writable or does not exist."
-COM_INSTALLER_MSG_WARNINGS_UPDATE_NOTICE="Before updating ensure that the update is compatible with your {{BRAND_NAME}} installation. <br>You are strongly advised to make a <strong>backup</strong> of your site's files and database before you start updating."
-
-; ===== Global Configuration =====
-COM_CONFIG_FIELD_METAVERSION_LABEL="{{BRAND_NAME}} Version"
-
-; ===== Update component =====
-COM_JOOMLAUPDATE_CONFIGURATION="{{BRAND_NAME}} Update: Options"
-COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_NEXT="{{BRAND_NAME}} Next"
-COM_JOOMLAUPDATE_CONFIG_SOURCES_DESC="Configure where {{BRAND_NAME}} gets its update information from."
-COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_LABEL="Update Channel"
-COM_JOOMLAUPDATE_VIEW_DEFAULT_TITLE="{{BRAND_NAME}} Update"
-COM_JOOMLAUPDATE_VIEW_DEFAULT_DESCRIPTION="{{BRAND_NAME}} Update Component"
-COM_JOOMLAUPDATE_NOCHANGE="{{BRAND_NAME}} is up to date."
-COM_JOOMLAUPDATE_PREUPDATE_CHECK="{{BRAND_NAME}} Pre-Update Check"
-COM_JOOMLAUPDATE_UPDATE_HEADER="{{BRAND_NAME}} Update"
-COM_JOOMLAUPDATE_LIVEUPDATE="Live Update"
-COM_JOOMLAUPDATE_CHECKEDFOR_UPDATES="Checked for {{BRAND_NAME}} updates."
-
-; ===== Privacy =====
-COM_PRIVACY_HEADING_CORE_CAPABILITIES="{{BRAND_NAME}} Core Capabilities"
-
-; ===== Database & Library errors =====
-JLIB_INSTALLER_MINIMUM_JOOMLA="You don't have the minimum {{BRAND_NAME}} version requirement of J%s"
-JLIB_INSTALLER_ERROR_NOTFINDJOOMLAXMLSETUPFILE="Installer: Can't find {{BRAND_NAME}} XML setup file."
-
-; ===== Version and About =====
-JLIB_HTML_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-COM_ADMIN_HELP_DOCUMENTATION="{{BRAND_NAME}} Documentation"
-COM_ADMIN_HELP_SUPPORT="{{BRAND_NAME}} Support"
-
-; ===== Akeeba Ticket System (ATS) =====
-COM_ATS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKETS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKET="{{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_NEWTICKET="New {{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_CATEGORIES="Ticket Categories"
-COM_ATS_MSG_TICKET_SAVED="Your {{BRAND_NAME}} ticket has been saved."
-COM_ATS_MSG_TICKET_CLOSED="Your {{BRAND_NAME}} ticket has been closed."
-COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
-COM_ATS_LBL_POWEREDBY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
diff --git a/src/packages/plg_system_mokowaas/administrator/language/overrides/en-US.override.ini b/src/packages/plg_system_mokowaas/administrator/language/overrides/en-US.override.ini
deleted file mode 100644
index 02fc67f7..00000000
--- a/src/packages/plg_system_mokowaas/administrator/language/overrides/en-US.override.ini
+++ /dev/null
@@ -1,120 +0,0 @@
-; -----------------------------------------------------------------------------
-; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-; This file is part of a Moko Consulting project.
-; SPDX-License-Identifier: GPL-3.0-or-later
-; REPO: https://github.com/mokoconsulting-tech/mokowaas
-; -----------------------------------------------------------------------------
-; FILE INFORMATION
-; Defgroup: Joomla Language Overrides
-; Ingroup: MokoWaaS
-; Version: 02.01.08
-; File: en-US.override.ini
-; Path: administrator/language/overrides/en-US.override.ini
-; Brief: Admin override TEMPLATE — placeholders resolved at runtime/install.
-; Notes: Use {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}} placeholders.
-; Variables: {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}}
-; -----------------------------------------------------------------------------
-
-; ===== Footer & template branding =====
-TPL_ATUM_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-MOD_FOOTER_LINE2="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-
-; ===== Control panel greetings =====
-COM_CPANEL_WELCOME_TITLE="Welcome to {{BRAND_NAME}}!"
-COM_CPANEL_MSG_WELCOME="Welcome to {{BRAND_NAME}}!"
-
-; ===== Help/Docs phrasing =====
-COM_ADMIN_HELP_SITE="{{BRAND_NAME}} Help"
-COM_ADMIN_HELPSITE_FIELD_LABEL="{{BRAND_NAME}} Help"
-
-; ===== Generic replacements =====
-JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="{{BRAND_NAME}} Defaults"
-COM_INSTALLER_TYPE_JOOMLA="{{BRAND_NAME}} Package"
-LIB_JOOMLA="{{BRAND_NAME}} Library"
-
-; ===== System messages =====
-JERROR_JOOMLA="{{BRAND_NAME}} Error"
-JFIELD_JOOMLA_LABEL="{{BRAND_NAME}} Field"
-
-; ===== AdminLogin Support =====
-MOD_LOGINSUPPORT_FORUM="{{COMPANY_NAME}} Support"
-MOD_LOGINSUPPORT_DOCUMENTATION="{{BRAND_NAME}} Documentation"
-MOD_LOGINSUPPORT_NEWS="{{COMPANY_NAME}} News"
-MOD_LOGINSUPPORT_HEADLINE="Need help? Visit {{COMPANY_NAME}}:"
-MOD_LOGINSUPPORT_XML_DESCRIPTION="This module displays useful links to {{COMPANY_NAME}} support on the login screen."
-TPL_ATUM_BACKEND_LOGIN="{{BRAND_NAME}} Administrator Login"
-
-; ===== Error messages =====
-JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
-
-; ===== Admin-specific branding =====
-COM_ADMIN_VIEW_HOME_TITLE="{{BRAND_NAME}} Control Panel"
-JLIB_APPLICATION_ERROR_SAVE_FAILED="{{BRAND_NAME}} Error: Save failed"
-
-; ===== Module list workaround (RegularLabs) =====
-COM_MODULES_HEADING_POSITION="Position"
-
-; ===== Extensions =====
-COM_INSTALLER_TYPE_TYPE_JOOMLA="{{BRAND_NAME}}"
-COM_INSTALLER_MSG_UPDATE_SUCCESS="Update installed successfully"
-
-; ===== Dashboard =====
-COM_CPANEL_WELCOME_BEGINNERS_TITLE="Welcome to {{BRAND_NAME}}!"
-COM_CPANEL_WELCOME_BEGINNERS_MESSAGE="<p>Community resources are available for new users.</p><ul><li><a href=\"{{SUPPORT_URL}}\" target=\"_blank\" rel=\"noopener noreferrer\">{{BRAND_NAME}} Documentation</a></li><li><a href=\"{{SUPPORT_URL}}\" target=\"_blank\" rel=\"noopener noreferrer\">{{BRAND_NAME}} Support</a></li></ul>"
-COM_CPANEL_MSG_STATS_COLLECTION_TITLE="Stats Collection in {{BRAND_NAME}}"
-
-; ===== Quick Icons =====
-PLG_QUICKICON_JOOMLAUPDATE_CHECKING="Checking {{BRAND_NAME}}…"
-PLG_QUICKICON_JOOMLAUPDATE_ERROR="Unknown {{BRAND_NAME}}…"
-PLG_QUICKICON_JOOMLAUPDATE_UPTODATE="{{BRAND_NAME}} is up to date."
-
-; ===== System Info =====
-COM_ADMIN_JOOMLA_VERSION="{{BRAND_NAME}} Version"
-COM_ADMIN_HELP="{{BRAND_NAME}} Help"
-COM_ADMIN_JOOMLA_COMPAT_PLUGIN="{{BRAND_NAME}} Backward Compatibility Plugin"
-
-; ===== Installer =====
-COM_INSTALLER_UPLOAD_INSTALL_JOOMLA_EXTENSION="Upload & Install {{BRAND_NAME}} Extension"
-COM_INSTALLER_UNABLE_TO_INSTALL_JOOMLA_PACKAGE="The {{BRAND_NAME}} package cannot be installed through the Extension Manager. Please use the {{BRAND_NAME}} Update component to update."
-COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTSET="The {{BRAND_NAME}} temporary folder is not set."
-COM_INSTALLER_MSG_WARNINGS_JOOMLATMPNOTWRITEABLE="The {{BRAND_NAME}} temporary folder is not writable or does not exist."
-COM_INSTALLER_MSG_WARNINGS_UPDATE_NOTICE="Before updating ensure that the update is compatible with your {{BRAND_NAME}} installation. <br>You are strongly advised to make a <strong>backup</strong> of your site's files and database before you start updating."
-
-; ===== Global Configuration =====
-COM_CONFIG_FIELD_METAVERSION_LABEL="{{BRAND_NAME}} Version"
-
-; ===== Update component =====
-COM_JOOMLAUPDATE_CONFIGURATION="{{BRAND_NAME}} Update: Options"
-COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_NEXT="{{BRAND_NAME}} Next"
-COM_JOOMLAUPDATE_CONFIG_SOURCES_DESC="Configure where {{BRAND_NAME}} gets its update information from."
-COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_LABEL="Update Channel"
-COM_JOOMLAUPDATE_VIEW_DEFAULT_TITLE="{{BRAND_NAME}} Update"
-COM_JOOMLAUPDATE_VIEW_DEFAULT_DESCRIPTION="{{BRAND_NAME}} Update Component"
-COM_JOOMLAUPDATE_NOCHANGE="{{BRAND_NAME}} is up to date."
-COM_JOOMLAUPDATE_PREUPDATE_CHECK="{{BRAND_NAME}} Pre-Update Check"
-COM_JOOMLAUPDATE_UPDATE_HEADER="{{BRAND_NAME}} Update"
-COM_JOOMLAUPDATE_LIVEUPDATE="Live Update"
-COM_JOOMLAUPDATE_CHECKEDFOR_UPDATES="Checked for {{BRAND_NAME}} updates."
-
-; ===== Privacy =====
-COM_PRIVACY_HEADING_CORE_CAPABILITIES="{{BRAND_NAME}} Core Capabilities"
-
-; ===== Database & Library errors =====
-JLIB_INSTALLER_MINIMUM_JOOMLA="You don't have the minimum {{BRAND_NAME}} version requirement of J%s"
-JLIB_INSTALLER_ERROR_NOTFINDJOOMLAXMLSETUPFILE="Installer: Can't find {{BRAND_NAME}} XML setup file."
-
-; ===== Version and About =====
-JLIB_HTML_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-COM_ADMIN_HELP_DOCUMENTATION="{{BRAND_NAME}} Documentation"
-COM_ADMIN_HELP_SUPPORT="{{BRAND_NAME}} Support"
-
-; ===== Akeeba Ticket System (ATS) =====
-COM_ATS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKETS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKET="{{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_NEWTICKET="New {{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_CATEGORIES="Ticket Categories"
-COM_ATS_MSG_TICKET_SAVED="Your {{BRAND_NAME}} ticket has been saved."
-COM_ATS_MSG_TICKET_CLOSED="Your {{BRAND_NAME}} ticket has been closed."
-COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
-COM_ATS_LBL_POWEREDBY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
diff --git a/src/packages/plg_system_mokowaas/forms/sync_target_entry.xml b/src/packages/plg_system_mokowaas/forms/sync_target_entry.xml
deleted file mode 100644
index 301bc304..00000000
--- a/src/packages/plg_system_mokowaas/forms/sync_target_entry.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<form>
-	<field name="url" type="url"
-		label="PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_URL_LABEL"
-		description="PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_URL_DESC"
-		required="true" hint="https://client.example.com" />
-	<field name="token" type="text"
-		label="PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_TOKEN_LABEL"
-		description="PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_TOKEN_DESC"
-		required="true" hint="health_api_token from target site" />
-	<field name="label" type="text"
-		label="PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_LABEL_LABEL"
-		description="PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_LABEL_DESC"
-		hint="e.g. Client A" />
-</form>
diff --git a/src/packages/plg_system_mokowaas/forms/trusted_ip_entry.xml b/src/packages/plg_system_mokowaas/forms/trusted_ip_entry.xml
deleted file mode 100644
index 4e06f396..00000000
--- a/src/packages/plg_system_mokowaas/forms/trusted_ip_entry.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<form>
-	<field
-		name="ip"
-		type="text"
-		label="PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ADDR_LABEL"
-		description="PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ADDR_DESC"
-		required="true"
-		hint="e.g. 192.168.1.100 or 10.0.0.0/24"
-		/>
-	<field
-		name="label"
-		type="text"
-		label="PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_LABEL_LABEL"
-		description="PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_LABEL_DESC"
-		hint="e.g. Office network"
-		/>
-	<field
-		name="enabled"
-		type="radio"
-		label="PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ENABLED_LABEL"
-		default="1"
-		class="btn-group btn-group-yesno"
-		>
-		<option value="1">JYES</option>
-		<option value="0">JNO</option>
-	</field>
-</form>
diff --git a/src/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.ini b/src/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.ini
deleted file mode 100644
index 5f0f536a..00000000
--- a/src/packages/plg_system_mokowaas/language/en-GB/plg_system_mokowaas.ini
+++ /dev/null
@@ -1,201 +0,0 @@
-; -----------------------------------------------------------------------------
-; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-; This file is part of a Moko Consulting project.
-; SPDX-License-Identifier: GPL-3.0-or-later
-; REPO: https://github.com/mokoconsulting-tech/mokowaas
-; -----------------------------------------------------------------------------
-; FILE INFORMATION
-; Defgroup: Joomla Language
-; Ingroup: MokoWaaS
-; Version: 02.01.08
-; Variables: {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}} used in override templates
-; File: plg_system_mokowaas.ini
-; Path: /src/language/en-GB/plg_system_mokowaas.ini
-; Brief: English language strings for MokoWaaS system plugin
-; Notes: Contains translatable strings for plugin functionality
-; Variables: (none)
-; -----------------------------------------------------------------------------
-
-PLG_SYSTEM_MOKOWAAS="System - MokoWaaS"
-PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform."
-
-PLG_SYSTEM_MOKOWAAS_ENABLE_BRANDING_LABEL="Enable Branding"
-PLG_SYSTEM_MOKOWAAS_ENABLE_BRANDING_DESC="Enable or disable the branding overrides across the system."
-
-PLG_SYSTEM_MOKOWAAS_BRAND_NAME_LABEL="Brand Name"
-PLG_SYSTEM_MOKOWAAS_BRAND_NAME_DESC="The brand name that replaces 'Joomla' throughout the interface. Used in all language overrides."
-PLG_SYSTEM_MOKOWAAS_COMPANY_NAME_LABEL="Company Name"
-PLG_SYSTEM_MOKOWAAS_COMPANY_NAME_DESC="Your company name, used in support links and footer text."
-PLG_SYSTEM_MOKOWAAS_SUPPORT_URL_LABEL="Support URL"
-PLG_SYSTEM_MOKOWAAS_SUPPORT_URL_DESC="URL for support and documentation links."
-
-; ===== WaaS Access fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_WAAS_ACCESS_LABEL="WaaS Access Control"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_WAAS_ACCESS_DESC="Master user enforcement and emergency access settings for the WaaS operator."
-
-PLG_SYSTEM_MOKOWAAS_ENFORCE_MASTER_USER_LABEL="Enforce Master User"
-PLG_SYSTEM_MOKOWAAS_ENFORCE_MASTER_USER_DESC="Ensure the master super admin account always exists. If deleted, it will be recreated on next admin page load."
-PLG_SYSTEM_MOKOWAAS_MASTER_USERNAME_LABEL="Master Username"
-PLG_SYSTEM_MOKOWAAS_MASTER_USERNAME_DESC="Username for the persistent WaaS super admin account."
-PLG_SYSTEM_MOKOWAAS_MASTER_EMAIL_LABEL="Master Email"
-PLG_SYSTEM_MOKOWAAS_MASTER_EMAIL_DESC="Email address for the master super admin account."
-
-PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_LABEL="Emergency Access"
-PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_DESC="Allow login using database credentials as a two-factor emergency access method. Requires server file access to confirm."
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_SUCCESS="Emergency access LOGIN by {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_BLOCKED_IP="Emergency access BLOCKED (unauthorized IP) — {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_WRONG_PASSWORD="Emergency access FAILED (wrong password) — {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_VERIFY_FILE_CREATED="Emergency access verification file created — {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_PENDING_FILE_DELETE="Emergency access pending file deletion — {username} from {ip}"
-
-PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_LABEL="IP Whitelist"
-PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_DESC="Emergency access requires an IP whitelist. Set <code>public $mokowaas_allowed_ips = '1.2.3.4,5.6.7.8';</code> in configuration.php. Emergency access is BLOCKED if no IPs are configured."
-
-; ===== Maintenance fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_MAINTENANCE_LABEL="Maintenance"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_MAINTENANCE_DESC="One-time maintenance actions. Set to Yes and save to execute. Resets to No automatically after execution."
-
-PLG_SYSTEM_MOKOWAAS_DEV_MODE_LABEL="Development Mode"
-PLG_SYSTEM_MOKOWAAS_DEV_MODE_DESC="Disables all Joomla caching at runtime. Useful during development and testing. Does not modify configuration.php."
-
-PLG_SYSTEM_MOKOWAAS_RESET_HITS_LABEL="Reset All Hits"
-PLG_SYSTEM_MOKOWAAS_RESET_HITS_DESC="Set all article hit counters to zero across the site. This action executes on save and resets to No."
-PLG_SYSTEM_MOKOWAAS_DELETE_VERSIONS_LABEL="Delete All Versions"
-PLG_SYSTEM_MOKOWAAS_DELETE_VERSIONS_DESC="Purge all content version history from the database. This action executes on save and resets to No."
-
-; ===== Visual Branding fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_VISUAL_LABEL="Visual Branding"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_VISUAL_DESC="Admin color scheme and CSS injection. Logos and favicon are shipped in the plugin media folder."
-
-PLG_SYSTEM_MOKOWAAS_BRANDING_NOTE_LABEL="Logos & Favicon"
-PLG_SYSTEM_MOKOWAAS_BRANDING_NOTE_DESC="Logos and favicon are automatically applied from the plugin media folder (<code>/media/plg_system_mokowaas/</code>). Replace <code>logo.png</code>, <code>favicon.ico</code>, and <code>favicon_256.png</code> to change them."
-PLG_SYSTEM_MOKOWAAS_COLOR_PRIMARY_LABEL="Primary Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_PRIMARY_DESC="Main accent color used in the admin template header and buttons."
-PLG_SYSTEM_MOKOWAAS_COLOR_SIDEBAR_LABEL="Sidebar Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_SIDEBAR_DESC="Background color for the admin sidebar navigation."
-PLG_SYSTEM_MOKOWAAS_COLOR_HEADER_LABEL="Header Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_HEADER_DESC="Background color for the admin top header bar."
-PLG_SYSTEM_MOKOWAAS_COLOR_LINK_LABEL="Link Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_LINK_DESC="Color for hyperlinks in the admin interface."
-PLG_SYSTEM_MOKOWAAS_BRAND_ICON_LABEL="Brand Icon (FontAwesome)"
-PLG_SYSTEM_MOKOWAAS_BRAND_ICON_DESC="FontAwesome unicode codepoint for the brand icon that replaces the Joomla logo icon. Enter the hex code only (e.g. f6d5 for fa-hat-cowboy). Find codes at fontawesome.com/icons."
-PLG_SYSTEM_MOKOWAAS_CUSTOM_CSS_LABEL="Custom CSS"
-PLG_SYSTEM_MOKOWAAS_CUSTOM_CSS_DESC="Additional CSS injected into admin pages. Use for fine-tuning visual presentation."
-
-; ===== Tenant Restrictions fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_TENANT_LABEL="Tenant Restrictions"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_TENANT_DESC="Restrict admin features for non-master users. Master user always has full access."
-
-PLG_SYSTEM_MOKOWAAS_RESTRICT_INSTALLER_LABEL="Restrict Extension Installer"
-PLG_SYSTEM_MOKOWAAS_RESTRICT_INSTALLER_DESC="Block non-master users from installing or removing extensions."
-PLG_SYSTEM_MOKOWAAS_ALLOW_UPDATES_LABEL="Allow Extension Updates"
-PLG_SYSTEM_MOKOWAAS_ALLOW_UPDATES_DESC="When the installer is restricted, still allow non-master users to update extensions."
-PLG_SYSTEM_MOKOWAAS_HIDE_SYSINFO_LABEL="Hide System Information"
-PLG_SYSTEM_MOKOWAAS_HIDE_SYSINFO_DESC="Block non-master users from viewing PHP, database, and server information."
-PLG_SYSTEM_MOKOWAAS_RESTRICT_CONFIG_LABEL="Restrict Global Configuration"
-PLG_SYSTEM_MOKOWAAS_RESTRICT_CONFIG_DESC="Block non-master users from changing Global Configuration. Component config is still accessible."
-PLG_SYSTEM_MOKOWAAS_RESTRICT_TEMPLATE_LABEL="Restrict Template Code Editing"
-PLG_SYSTEM_MOKOWAAS_RESTRICT_TEMPLATE_DESC="Block non-master users from editing template source code. Template styles remain accessible."
-PLG_SYSTEM_MOKOWAAS_DISABLE_INSTALL_URL_LABEL="Disable Install from URL"
-PLG_SYSTEM_MOKOWAAS_DISABLE_INSTALL_URL_DESC="Block installing extensions from URL for ALL users (including master) as a safety measure."
-PLG_SYSTEM_MOKOWAAS_HIDDEN_MENUS_LABEL="Hidden Menu Items"
-PLG_SYSTEM_MOKOWAAS_HIDDEN_MENUS_DESC="Components to hide from admin menu for non-master users. One per line (e.g., com_installer)."
-
-; ===== Content Sync fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SYNC_LABEL="Content Sync"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SYNC_DESC="One-way content push to remote MokoWaaS sites. Syncs articles, categories, menus, and modules by alias."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGETS_LABEL="Sync Targets"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGETS_DESC="Remote sites to push content to. Each target requires the site URL and that site's health API token."
-PLG_SYSTEM_MOKOWAAS_SYNC_PUSH_NOW_LABEL="Push Content Now"
-PLG_SYSTEM_MOKOWAAS_SYNC_PUSH_NOW_DESC="Set to Yes and save to immediately push all content to all configured targets. Resets to No automatically."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_URL_LABEL="Site URL"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_URL_DESC="Full URL of the remote Joomla site (e.g. https://client.example.com)."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_TOKEN_LABEL="API Token"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_TOKEN_DESC="The health_api_token from the remote site's MokoWaaS plugin settings."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_LABEL_LABEL="Label"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_LABEL_DESC="Friendly name for this target (for identification only)."
-
-; ===== Diagnostics fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DIAGNOSTICS_LABEL="Diagnostics & Monitoring"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DIAGNOSTICS_DESC="Health check endpoint for external monitoring systems (e.g. Grafana). Exposes system status via a token-authenticated JSON API."
-
-PLG_SYSTEM_MOKOWAAS_ENABLE_HEALTH_LABEL="Enable Health Endpoint"
-PLG_SYSTEM_MOKOWAAS_ENABLE_HEALTH_DESC="Expose a JSON health check endpoint at <code>/?mokowaas=health</code>. Requires a valid API token. A random token is generated automatically when enabled."
-PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_LABEL="Health API Token"
-PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_DESC="Auto-generated bearer token for the health endpoint. Use this token in your Grafana datasource configuration. Send as <code>Authorization: Bearer &lt;token&gt;</code> header or <code>&amp;token=&lt;value&gt;</code> query parameter."
-PLG_SYSTEM_MOKOWAAS_GRAFANA_URL_LABEL="Grafana URL"
-PLG_SYSTEM_MOKOWAAS_GRAFANA_URL_DESC="Base URL of your Grafana instance (e.g. <code>https://grafana.example.com</code>). When provided along with an API key, the plugin will auto-provision a datasource and dashboard in Grafana when the health endpoint is enabled."
-PLG_SYSTEM_MOKOWAAS_GRAFANA_KEY_LABEL="Grafana API Key"
-PLG_SYSTEM_MOKOWAAS_GRAFANA_KEY_DESC="Service account token or API key with Editor role in Grafana. Required for auto-provisioning the MokoWaaS datasource and dashboard."
-
-; ===== Security fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SECURITY_LABEL="Security Hardening"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SECURITY_DESC="HTTPS enforcement, session timeouts, password policy, and upload restrictions."
-
-PLG_SYSTEM_MOKOWAAS_FORCE_HTTPS_LABEL="Force HTTPS"
-PLG_SYSTEM_MOKOWAAS_FORCE_HTTPS_DESC="Redirect all HTTP requests to HTTPS. Supports reverse proxy setups."
-PLG_SYSTEM_MOKOWAAS_SESSION_TIMEOUT_LABEL="Admin Session Timeout"
-PLG_SYSTEM_MOKOWAAS_SESSION_TIMEOUT_DESC="Minutes of idle time before admin sessions expire. 0 uses the Joomla default."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IPS_LABEL="Trusted IPs (No Session Timeout)"
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IPS_DESC="Sessions from these IP addresses or ranges will never time out. Supports exact IPs, CIDR notation (e.g. 10.0.0.0/24), and wildcards (e.g. 192.168.1.*)."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ADDR_LABEL="IP / CIDR"
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ADDR_DESC="An IP address, CIDR range, or wildcard pattern."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_LABEL_LABEL="Label"
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_LABEL_DESC="A descriptive label for this entry (e.g. Office, VPN)."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ENABLED_LABEL="Enabled"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_LENGTH_LABEL="Minimum Password Length"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_LENGTH_DESC="Minimum number of characters required for user passwords."
-PLG_SYSTEM_MOKOWAAS_PASSWORD_UPPER_LABEL="Require Uppercase"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_NUMBER_LABEL="Require Number"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_SPECIAL_LABEL="Require Special Character"
-PLG_SYSTEM_MOKOWAAS_UPLOAD_TYPES_LABEL="Allowed Upload Types"
-PLG_SYSTEM_MOKOWAAS_UPLOAD_TYPES_DESC="Comma-separated list of allowed file extensions for media uploads."
-PLG_SYSTEM_MOKOWAAS_UPLOAD_SIZE_LABEL="Max Upload Size (MB)"
-PLG_SYSTEM_MOKOWAAS_UPLOAD_SIZE_DESC="Maximum file upload size in megabytes."
-
-; ===== Demo Mode fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DEMO_LABEL="Demo Mode"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DEMO_DESC="Configure demo site behavior with baseline snapshots and automatic periodic reset. When enabled, a warning banner is shown on the frontend."
-
-PLG_SYSTEM_MOKOWAAS_DEMO_ENABLED_LABEL="Enable Demo Mode"
-PLG_SYSTEM_MOKOWAAS_DEMO_ENABLED_DESC="When enabled, shows a warning banner on the frontend and enables snapshot/restore functionality."
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_MSG_LABEL="Banner Message"
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_MSG_DESC="Message displayed in the demo warning banner on the frontend."
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_COLOR_LABEL="Banner Color"
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_COLOR_DESC="Background color for the demo warning banner."
-PLG_SYSTEM_MOKOWAAS_DEMO_COUNTDOWN_LABEL="Show Reset Countdown"
-PLG_SYSTEM_MOKOWAAS_DEMO_COUNTDOWN_DESC="Display a countdown timer in the banner showing time until the next scheduled reset."
-PLG_SYSTEM_MOKOWAAS_DEMO_SCHEDULE_LABEL="Reset Schedule"
-PLG_SYSTEM_MOKOWAAS_DEMO_SCHEDULE_DESC="How often the demo site resets. Select a preset or choose Custom to enter a crontab expression."
-PLG_SYSTEM_MOKOWAAS_DEMO_CRON_LABEL="Custom Crontab"
-PLG_SYSTEM_MOKOWAAS_DEMO_CRON_DESC="Crontab expression for the reset schedule. Format: minute hour day month weekday (e.g. 0 */6 * * * for every 6 hours)."
-PLG_SYSTEM_MOKOWAAS_DEMO_NEXT_RESET_LABEL="Next Scheduled Reset"
-PLG_SYSTEM_MOKOWAAS_DEMO_NEXT_RESET_DESC="Calculated automatically from the reset schedule. The banner countdown uses this timestamp."
-PLG_SYSTEM_MOKOWAAS_DEMO_TABLES_LABEL="Snapshot Tables"
-PLG_SYSTEM_MOKOWAAS_DEMO_TABLES_DESC="Database tables to include in snapshots. One per line, using #__ prefix. These tables will be truncated and restored during a reset."
-PLG_SYSTEM_MOKOWAAS_DEMO_MEDIA_LABEL="Include Directories"
-PLG_SYSTEM_MOKOWAAS_DEMO_MEDIA_DESC="Select which directories to include in the snapshot. Images contains uploaded media, Media contains extension assets."
-PLG_SYSTEM_MOKOWAAS_DEMO_ACTIVE_BASELINE_LABEL="Active Baseline Name"
-PLG_SYSTEM_MOKOWAAS_DEMO_ACTIVE_BASELINE_DESC="Name of the baseline snapshot used by admin toggles and scheduled tasks. Alphanumeric, hyphens, and underscores only."
-PLG_SYSTEM_MOKOWAAS_DEMO_TAKE_SNAPSHOT_LABEL="Take Snapshot Now"
-PLG_SYSTEM_MOKOWAAS_DEMO_TAKE_SNAPSHOT_DESC="Save the current site state as a baseline snapshot. Uses the Active Baseline Name above. Resets to No after execution."
-PLG_SYSTEM_MOKOWAAS_DEMO_RESTORE_NOW_LABEL="Restore Baseline Now"
-PLG_SYSTEM_MOKOWAAS_DEMO_RESTORE_NOW_DESC="Immediately restore the site to the active baseline snapshot. WARNING: This will overwrite current content. Resets to No after execution."
-
-; ===== Site Aliases fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_LABEL="Site Aliases"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_DESC="Configure additional domains that mirror this site. Each alias can have its own offline status, robots directive, and backend redirect behavior."
-PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_LABEL="Primary Domain"
-PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_DESC="The primary domain for this site (e.g. waas.dev.mokoconsulting.tech). Used for backend redirect on alias domains. Do not include https:// prefix."
-PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_LABEL="Domain Aliases"
-PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_DESC="Add domain aliases that serve as mirrors of this site. Each alias gets its own Grafana monitoring datasource."
-PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_LABEL="Domain"
-PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_DESC="The alias domain name (e.g. www.example.com). Do not include https:// prefix."
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_LABEL="Offline"
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_DESC="Show an offline maintenance page when visitors access the site through this alias domain."
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_LABEL="Offline Message"
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_DESC="Custom message to display when this alias is set to offline."
-PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_LABEL="Robots"
-PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_DESC="Meta robots directive for this alias domain. Use 'noindex, nofollow' to prevent search engines from indexing the alias."
-PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_LABEL="Redirect Backend"
-PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_DESC="Redirect admin panel requests on this alias to the primary domain. Frontend stays on the alias domain."
diff --git a/src/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.ini b/src/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.ini
deleted file mode 100644
index 5f0f536a..00000000
--- a/src/packages/plg_system_mokowaas/language/en-US/plg_system_mokowaas.ini
+++ /dev/null
@@ -1,201 +0,0 @@
-; -----------------------------------------------------------------------------
-; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-; This file is part of a Moko Consulting project.
-; SPDX-License-Identifier: GPL-3.0-or-later
-; REPO: https://github.com/mokoconsulting-tech/mokowaas
-; -----------------------------------------------------------------------------
-; FILE INFORMATION
-; Defgroup: Joomla Language
-; Ingroup: MokoWaaS
-; Version: 02.01.08
-; Variables: {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}} used in override templates
-; File: plg_system_mokowaas.ini
-; Path: /src/language/en-GB/plg_system_mokowaas.ini
-; Brief: English language strings for MokoWaaS system plugin
-; Notes: Contains translatable strings for plugin functionality
-; Variables: (none)
-; -----------------------------------------------------------------------------
-
-PLG_SYSTEM_MOKOWAAS="System - MokoWaaS"
-PLG_SYSTEM_MOKOWAAS_XML_DESCRIPTION="This plugin rebrands the Joomla system interface with MokoWaaS identity. It applies language overrides and ensures consistent branding across the platform."
-
-PLG_SYSTEM_MOKOWAAS_ENABLE_BRANDING_LABEL="Enable Branding"
-PLG_SYSTEM_MOKOWAAS_ENABLE_BRANDING_DESC="Enable or disable the branding overrides across the system."
-
-PLG_SYSTEM_MOKOWAAS_BRAND_NAME_LABEL="Brand Name"
-PLG_SYSTEM_MOKOWAAS_BRAND_NAME_DESC="The brand name that replaces 'Joomla' throughout the interface. Used in all language overrides."
-PLG_SYSTEM_MOKOWAAS_COMPANY_NAME_LABEL="Company Name"
-PLG_SYSTEM_MOKOWAAS_COMPANY_NAME_DESC="Your company name, used in support links and footer text."
-PLG_SYSTEM_MOKOWAAS_SUPPORT_URL_LABEL="Support URL"
-PLG_SYSTEM_MOKOWAAS_SUPPORT_URL_DESC="URL for support and documentation links."
-
-; ===== WaaS Access fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_WAAS_ACCESS_LABEL="WaaS Access Control"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_WAAS_ACCESS_DESC="Master user enforcement and emergency access settings for the WaaS operator."
-
-PLG_SYSTEM_MOKOWAAS_ENFORCE_MASTER_USER_LABEL="Enforce Master User"
-PLG_SYSTEM_MOKOWAAS_ENFORCE_MASTER_USER_DESC="Ensure the master super admin account always exists. If deleted, it will be recreated on next admin page load."
-PLG_SYSTEM_MOKOWAAS_MASTER_USERNAME_LABEL="Master Username"
-PLG_SYSTEM_MOKOWAAS_MASTER_USERNAME_DESC="Username for the persistent WaaS super admin account."
-PLG_SYSTEM_MOKOWAAS_MASTER_EMAIL_LABEL="Master Email"
-PLG_SYSTEM_MOKOWAAS_MASTER_EMAIL_DESC="Email address for the master super admin account."
-
-PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_LABEL="Emergency Access"
-PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_DESC="Allow login using database credentials as a two-factor emergency access method. Requires server file access to confirm."
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_SUCCESS="Emergency access LOGIN by {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_BLOCKED_IP="Emergency access BLOCKED (unauthorized IP) — {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_WRONG_PASSWORD="Emergency access FAILED (wrong password) — {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_VERIFY_FILE_CREATED="Emergency access verification file created — {username} from {ip}"
-PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_PENDING_FILE_DELETE="Emergency access pending file deletion — {username} from {ip}"
-
-PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_LABEL="IP Whitelist"
-PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_DESC="Emergency access requires an IP whitelist. Set <code>public $mokowaas_allowed_ips = '1.2.3.4,5.6.7.8';</code> in configuration.php. Emergency access is BLOCKED if no IPs are configured."
-
-; ===== Maintenance fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_MAINTENANCE_LABEL="Maintenance"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_MAINTENANCE_DESC="One-time maintenance actions. Set to Yes and save to execute. Resets to No automatically after execution."
-
-PLG_SYSTEM_MOKOWAAS_DEV_MODE_LABEL="Development Mode"
-PLG_SYSTEM_MOKOWAAS_DEV_MODE_DESC="Disables all Joomla caching at runtime. Useful during development and testing. Does not modify configuration.php."
-
-PLG_SYSTEM_MOKOWAAS_RESET_HITS_LABEL="Reset All Hits"
-PLG_SYSTEM_MOKOWAAS_RESET_HITS_DESC="Set all article hit counters to zero across the site. This action executes on save and resets to No."
-PLG_SYSTEM_MOKOWAAS_DELETE_VERSIONS_LABEL="Delete All Versions"
-PLG_SYSTEM_MOKOWAAS_DELETE_VERSIONS_DESC="Purge all content version history from the database. This action executes on save and resets to No."
-
-; ===== Visual Branding fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_VISUAL_LABEL="Visual Branding"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_VISUAL_DESC="Admin color scheme and CSS injection. Logos and favicon are shipped in the plugin media folder."
-
-PLG_SYSTEM_MOKOWAAS_BRANDING_NOTE_LABEL="Logos & Favicon"
-PLG_SYSTEM_MOKOWAAS_BRANDING_NOTE_DESC="Logos and favicon are automatically applied from the plugin media folder (<code>/media/plg_system_mokowaas/</code>). Replace <code>logo.png</code>, <code>favicon.ico</code>, and <code>favicon_256.png</code> to change them."
-PLG_SYSTEM_MOKOWAAS_COLOR_PRIMARY_LABEL="Primary Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_PRIMARY_DESC="Main accent color used in the admin template header and buttons."
-PLG_SYSTEM_MOKOWAAS_COLOR_SIDEBAR_LABEL="Sidebar Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_SIDEBAR_DESC="Background color for the admin sidebar navigation."
-PLG_SYSTEM_MOKOWAAS_COLOR_HEADER_LABEL="Header Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_HEADER_DESC="Background color for the admin top header bar."
-PLG_SYSTEM_MOKOWAAS_COLOR_LINK_LABEL="Link Color"
-PLG_SYSTEM_MOKOWAAS_COLOR_LINK_DESC="Color for hyperlinks in the admin interface."
-PLG_SYSTEM_MOKOWAAS_BRAND_ICON_LABEL="Brand Icon (FontAwesome)"
-PLG_SYSTEM_MOKOWAAS_BRAND_ICON_DESC="FontAwesome unicode codepoint for the brand icon that replaces the Joomla logo icon. Enter the hex code only (e.g. f6d5 for fa-hat-cowboy). Find codes at fontawesome.com/icons."
-PLG_SYSTEM_MOKOWAAS_CUSTOM_CSS_LABEL="Custom CSS"
-PLG_SYSTEM_MOKOWAAS_CUSTOM_CSS_DESC="Additional CSS injected into admin pages. Use for fine-tuning visual presentation."
-
-; ===== Tenant Restrictions fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_TENANT_LABEL="Tenant Restrictions"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_TENANT_DESC="Restrict admin features for non-master users. Master user always has full access."
-
-PLG_SYSTEM_MOKOWAAS_RESTRICT_INSTALLER_LABEL="Restrict Extension Installer"
-PLG_SYSTEM_MOKOWAAS_RESTRICT_INSTALLER_DESC="Block non-master users from installing or removing extensions."
-PLG_SYSTEM_MOKOWAAS_ALLOW_UPDATES_LABEL="Allow Extension Updates"
-PLG_SYSTEM_MOKOWAAS_ALLOW_UPDATES_DESC="When the installer is restricted, still allow non-master users to update extensions."
-PLG_SYSTEM_MOKOWAAS_HIDE_SYSINFO_LABEL="Hide System Information"
-PLG_SYSTEM_MOKOWAAS_HIDE_SYSINFO_DESC="Block non-master users from viewing PHP, database, and server information."
-PLG_SYSTEM_MOKOWAAS_RESTRICT_CONFIG_LABEL="Restrict Global Configuration"
-PLG_SYSTEM_MOKOWAAS_RESTRICT_CONFIG_DESC="Block non-master users from changing Global Configuration. Component config is still accessible."
-PLG_SYSTEM_MOKOWAAS_RESTRICT_TEMPLATE_LABEL="Restrict Template Code Editing"
-PLG_SYSTEM_MOKOWAAS_RESTRICT_TEMPLATE_DESC="Block non-master users from editing template source code. Template styles remain accessible."
-PLG_SYSTEM_MOKOWAAS_DISABLE_INSTALL_URL_LABEL="Disable Install from URL"
-PLG_SYSTEM_MOKOWAAS_DISABLE_INSTALL_URL_DESC="Block installing extensions from URL for ALL users (including master) as a safety measure."
-PLG_SYSTEM_MOKOWAAS_HIDDEN_MENUS_LABEL="Hidden Menu Items"
-PLG_SYSTEM_MOKOWAAS_HIDDEN_MENUS_DESC="Components to hide from admin menu for non-master users. One per line (e.g., com_installer)."
-
-; ===== Content Sync fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SYNC_LABEL="Content Sync"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SYNC_DESC="One-way content push to remote MokoWaaS sites. Syncs articles, categories, menus, and modules by alias."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGETS_LABEL="Sync Targets"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGETS_DESC="Remote sites to push content to. Each target requires the site URL and that site's health API token."
-PLG_SYSTEM_MOKOWAAS_SYNC_PUSH_NOW_LABEL="Push Content Now"
-PLG_SYSTEM_MOKOWAAS_SYNC_PUSH_NOW_DESC="Set to Yes and save to immediately push all content to all configured targets. Resets to No automatically."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_URL_LABEL="Site URL"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_URL_DESC="Full URL of the remote Joomla site (e.g. https://client.example.com)."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_TOKEN_LABEL="API Token"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_TOKEN_DESC="The health_api_token from the remote site's MokoWaaS plugin settings."
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_LABEL_LABEL="Label"
-PLG_SYSTEM_MOKOWAAS_SYNC_TARGET_LABEL_DESC="Friendly name for this target (for identification only)."
-
-; ===== Diagnostics fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DIAGNOSTICS_LABEL="Diagnostics & Monitoring"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DIAGNOSTICS_DESC="Health check endpoint for external monitoring systems (e.g. Grafana). Exposes system status via a token-authenticated JSON API."
-
-PLG_SYSTEM_MOKOWAAS_ENABLE_HEALTH_LABEL="Enable Health Endpoint"
-PLG_SYSTEM_MOKOWAAS_ENABLE_HEALTH_DESC="Expose a JSON health check endpoint at <code>/?mokowaas=health</code>. Requires a valid API token. A random token is generated automatically when enabled."
-PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_LABEL="Health API Token"
-PLG_SYSTEM_MOKOWAAS_HEALTH_TOKEN_DESC="Auto-generated bearer token for the health endpoint. Use this token in your Grafana datasource configuration. Send as <code>Authorization: Bearer &lt;token&gt;</code> header or <code>&amp;token=&lt;value&gt;</code> query parameter."
-PLG_SYSTEM_MOKOWAAS_GRAFANA_URL_LABEL="Grafana URL"
-PLG_SYSTEM_MOKOWAAS_GRAFANA_URL_DESC="Base URL of your Grafana instance (e.g. <code>https://grafana.example.com</code>). When provided along with an API key, the plugin will auto-provision a datasource and dashboard in Grafana when the health endpoint is enabled."
-PLG_SYSTEM_MOKOWAAS_GRAFANA_KEY_LABEL="Grafana API Key"
-PLG_SYSTEM_MOKOWAAS_GRAFANA_KEY_DESC="Service account token or API key with Editor role in Grafana. Required for auto-provisioning the MokoWaaS datasource and dashboard."
-
-; ===== Security fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SECURITY_LABEL="Security Hardening"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_SECURITY_DESC="HTTPS enforcement, session timeouts, password policy, and upload restrictions."
-
-PLG_SYSTEM_MOKOWAAS_FORCE_HTTPS_LABEL="Force HTTPS"
-PLG_SYSTEM_MOKOWAAS_FORCE_HTTPS_DESC="Redirect all HTTP requests to HTTPS. Supports reverse proxy setups."
-PLG_SYSTEM_MOKOWAAS_SESSION_TIMEOUT_LABEL="Admin Session Timeout"
-PLG_SYSTEM_MOKOWAAS_SESSION_TIMEOUT_DESC="Minutes of idle time before admin sessions expire. 0 uses the Joomla default."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IPS_LABEL="Trusted IPs (No Session Timeout)"
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IPS_DESC="Sessions from these IP addresses or ranges will never time out. Supports exact IPs, CIDR notation (e.g. 10.0.0.0/24), and wildcards (e.g. 192.168.1.*)."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ADDR_LABEL="IP / CIDR"
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ADDR_DESC="An IP address, CIDR range, or wildcard pattern."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_LABEL_LABEL="Label"
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_LABEL_DESC="A descriptive label for this entry (e.g. Office, VPN)."
-PLG_SYSTEM_MOKOWAAS_TRUSTED_IP_ENABLED_LABEL="Enabled"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_LENGTH_LABEL="Minimum Password Length"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_LENGTH_DESC="Minimum number of characters required for user passwords."
-PLG_SYSTEM_MOKOWAAS_PASSWORD_UPPER_LABEL="Require Uppercase"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_NUMBER_LABEL="Require Number"
-PLG_SYSTEM_MOKOWAAS_PASSWORD_SPECIAL_LABEL="Require Special Character"
-PLG_SYSTEM_MOKOWAAS_UPLOAD_TYPES_LABEL="Allowed Upload Types"
-PLG_SYSTEM_MOKOWAAS_UPLOAD_TYPES_DESC="Comma-separated list of allowed file extensions for media uploads."
-PLG_SYSTEM_MOKOWAAS_UPLOAD_SIZE_LABEL="Max Upload Size (MB)"
-PLG_SYSTEM_MOKOWAAS_UPLOAD_SIZE_DESC="Maximum file upload size in megabytes."
-
-; ===== Demo Mode fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DEMO_LABEL="Demo Mode"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_DEMO_DESC="Configure demo site behavior with baseline snapshots and automatic periodic reset. When enabled, a warning banner is shown on the frontend."
-
-PLG_SYSTEM_MOKOWAAS_DEMO_ENABLED_LABEL="Enable Demo Mode"
-PLG_SYSTEM_MOKOWAAS_DEMO_ENABLED_DESC="When enabled, shows a warning banner on the frontend and enables snapshot/restore functionality."
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_MSG_LABEL="Banner Message"
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_MSG_DESC="Message displayed in the demo warning banner on the frontend."
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_COLOR_LABEL="Banner Color"
-PLG_SYSTEM_MOKOWAAS_DEMO_BANNER_COLOR_DESC="Background color for the demo warning banner."
-PLG_SYSTEM_MOKOWAAS_DEMO_COUNTDOWN_LABEL="Show Reset Countdown"
-PLG_SYSTEM_MOKOWAAS_DEMO_COUNTDOWN_DESC="Display a countdown timer in the banner showing time until the next scheduled reset."
-PLG_SYSTEM_MOKOWAAS_DEMO_SCHEDULE_LABEL="Reset Schedule"
-PLG_SYSTEM_MOKOWAAS_DEMO_SCHEDULE_DESC="How often the demo site resets. Select a preset or choose Custom to enter a crontab expression."
-PLG_SYSTEM_MOKOWAAS_DEMO_CRON_LABEL="Custom Crontab"
-PLG_SYSTEM_MOKOWAAS_DEMO_CRON_DESC="Crontab expression for the reset schedule. Format: minute hour day month weekday (e.g. 0 */6 * * * for every 6 hours)."
-PLG_SYSTEM_MOKOWAAS_DEMO_NEXT_RESET_LABEL="Next Scheduled Reset"
-PLG_SYSTEM_MOKOWAAS_DEMO_NEXT_RESET_DESC="Calculated automatically from the reset schedule. The banner countdown uses this timestamp."
-PLG_SYSTEM_MOKOWAAS_DEMO_TABLES_LABEL="Snapshot Tables"
-PLG_SYSTEM_MOKOWAAS_DEMO_TABLES_DESC="Database tables to include in snapshots. One per line, using #__ prefix. These tables will be truncated and restored during a reset."
-PLG_SYSTEM_MOKOWAAS_DEMO_MEDIA_LABEL="Include Directories"
-PLG_SYSTEM_MOKOWAAS_DEMO_MEDIA_DESC="Select which directories to include in the snapshot. Images contains uploaded media, Media contains extension assets."
-PLG_SYSTEM_MOKOWAAS_DEMO_ACTIVE_BASELINE_LABEL="Active Baseline Name"
-PLG_SYSTEM_MOKOWAAS_DEMO_ACTIVE_BASELINE_DESC="Name of the baseline snapshot used by admin toggles and scheduled tasks. Alphanumeric, hyphens, and underscores only."
-PLG_SYSTEM_MOKOWAAS_DEMO_TAKE_SNAPSHOT_LABEL="Take Snapshot Now"
-PLG_SYSTEM_MOKOWAAS_DEMO_TAKE_SNAPSHOT_DESC="Save the current site state as a baseline snapshot. Uses the Active Baseline Name above. Resets to No after execution."
-PLG_SYSTEM_MOKOWAAS_DEMO_RESTORE_NOW_LABEL="Restore Baseline Now"
-PLG_SYSTEM_MOKOWAAS_DEMO_RESTORE_NOW_DESC="Immediately restore the site to the active baseline snapshot. WARNING: This will overwrite current content. Resets to No after execution."
-
-; ===== Site Aliases fieldset =====
-PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_LABEL="Site Aliases"
-PLG_SYSTEM_MOKOWAAS_FIELDSET_ALIASES_DESC="Configure additional domains that mirror this site. Each alias can have its own offline status, robots directive, and backend redirect behavior."
-PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_LABEL="Primary Domain"
-PLG_SYSTEM_MOKOWAAS_PRIMARY_DOMAIN_DESC="The primary domain for this site (e.g. waas.dev.mokoconsulting.tech). Used for backend redirect on alias domains. Do not include https:// prefix."
-PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_LABEL="Domain Aliases"
-PLG_SYSTEM_MOKOWAAS_SITE_ALIASES_DESC="Add domain aliases that serve as mirrors of this site. Each alias gets its own Grafana monitoring datasource."
-PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_LABEL="Domain"
-PLG_SYSTEM_MOKOWAAS_ALIAS_DOMAIN_DESC="The alias domain name (e.g. www.example.com). Do not include https:// prefix."
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_LABEL="Offline"
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_DESC="Show an offline maintenance page when visitors access the site through this alias domain."
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_LABEL="Offline Message"
-PLG_SYSTEM_MOKOWAAS_ALIAS_OFFLINE_MSG_DESC="Custom message to display when this alias is set to offline."
-PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_LABEL="Robots"
-PLG_SYSTEM_MOKOWAAS_ALIAS_ROBOTS_DESC="Meta robots directive for this alias domain. Use 'noindex, nofollow' to prevent search engines from indexing the alias."
-PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_LABEL="Redirect Backend"
-PLG_SYSTEM_MOKOWAAS_ALIAS_REDIRECT_BACKEND_DESC="Redirect admin panel requests on this alias to the primary domain. Frontend stays on the alias domain."
diff --git a/src/packages/plg_system_mokowaas/language/overrides/en-GB.override.ini b/src/packages/plg_system_mokowaas/language/overrides/en-GB.override.ini
deleted file mode 100644
index d773e7b7..00000000
--- a/src/packages/plg_system_mokowaas/language/overrides/en-GB.override.ini
+++ /dev/null
@@ -1,66 +0,0 @@
-; -----------------------------------------------------------------------------
-; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-; This file is part of a Moko Consulting project.
-; SPDX-License-Identifier: GPL-3.0-or-later
-; REPO: https://github.com/mokoconsulting-tech/mokowaas
-; -----------------------------------------------------------------------------
-; FILE INFORMATION
-; Defgroup: Joomla Language Overrides
-; Ingroup: MokoWaaS
-; Version: 02.01.08
-; File: en-GB.override.ini
-; Path: language/overrides/en-GB.override.ini
-; Brief: Site/frontend override TEMPLATE — placeholders resolved at runtime/install.
-; Notes: Use {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}} placeholders.
-; Variables: {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}}
-; -----------------------------------------------------------------------------
-
-; ===== Footer & template branding =====
-TPL_CASSIOPEIA_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-MOD_FOOTER_LINE2="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-
-; ===== Generic replacements =====
-JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="{{BRAND_NAME}} Defaults"
-LIB_JOOMLA="{{BRAND_NAME}} Library"
-
-; ===== System messages =====
-JERROR_JOOMLA="{{BRAND_NAME}} Error"
-JFIELD_JOOMLA_LABEL="{{BRAND_NAME}} Field"
-
-; ===== Error messages =====
-JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
-
-; ===== Installer / Sample data =====
-INSTL_SITE_NAME_LABEL="{{BRAND_NAME}} Site Name"
-INSTL_SAMPLE_BLOG_SET="{{BRAND_NAME}} Sample Data - Blog"
-INSTL_SAMPLE_BROCHURE_SET="{{BRAND_NAME}} Sample Data - Brochure Site"
-INSTL_SAMPLE_DATA_SET="{{BRAND_NAME}} Sample Data - Default"
-INSTL_SAMPLE_LEARN_SET="{{BRAND_NAME}} Sample Data - Learn"
-INSTL_SAMPLE_TESTING_SET="{{BRAND_NAME}} Sample Data - Testing"
-
-; ===== Login support =====
-MOD_LOGINSUPPORT_FORUM="{{COMPANY_NAME}} Support"
-MOD_LOGINSUPPORT_DOCUMENTATION="{{BRAND_NAME}} Documentation"
-MOD_LOGINSUPPORT_NEWS="{{COMPANY_NAME}} News"
-
-; ===== Site offline =====
-JOFFLINE_MESSAGE="This site is down for maintenance.<br>Please check back again soon."
-
-; ===== Error pages =====
-JERROR_PAGE_NOT_FOUND="Page Not Found"
-JERROR_AN_ERROR_HAS_OCCURRED="An error has occurred."
-JLIB_APPLICATION_ERROR_COMPONENT_NOT_FOUND="Component not found."
-
-; ===== Version and About =====
-JLIB_HTML_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-
-; ===== Akeeba Ticket System (ATS) =====
-COM_ATS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKETS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKET="{{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_NEWTICKET="New {{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_CATEGORIES="Ticket Categories"
-COM_ATS_MSG_TICKET_SAVED="Your {{BRAND_NAME}} ticket has been saved."
-COM_ATS_MSG_TICKET_CLOSED="Your {{BRAND_NAME}} ticket has been closed."
-COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
-COM_ATS_LBL_POWEREDBY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
diff --git a/src/packages/plg_system_mokowaas/language/overrides/en-US.override.ini b/src/packages/plg_system_mokowaas/language/overrides/en-US.override.ini
deleted file mode 100644
index a23405ed..00000000
--- a/src/packages/plg_system_mokowaas/language/overrides/en-US.override.ini
+++ /dev/null
@@ -1,66 +0,0 @@
-; -----------------------------------------------------------------------------
-; Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
-; This file is part of a Moko Consulting project.
-; SPDX-License-Identifier: GPL-3.0-or-later
-; REPO: https://github.com/mokoconsulting-tech/mokowaas
-; -----------------------------------------------------------------------------
-; FILE INFORMATION
-; Defgroup: Joomla Language Overrides
-; Ingroup: MokoWaaS
-; Version: 02.01.08
-; File: en-US.override.ini
-; Path: language/overrides/en-US.override.ini
-; Brief: Site/frontend override TEMPLATE — placeholders resolved at runtime/install.
-; Notes: Use {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}} placeholders.
-; Variables: {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}}
-; -----------------------------------------------------------------------------
-
-; ===== Footer & template branding =====
-TPL_CASSIOPEIA_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-MOD_FOOTER_LINE2="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-
-; ===== Generic replacements =====
-JGLOBAL_FIELDSET_JOOMLA_DEFAULTS="{{BRAND_NAME}} Defaults"
-LIB_JOOMLA="{{BRAND_NAME}} Library"
-
-; ===== System messages =====
-JERROR_JOOMLA="{{BRAND_NAME}} Error"
-JFIELD_JOOMLA_LABEL="{{BRAND_NAME}} Field"
-
-; ===== Error messages =====
-JERROR_LAYOUT_ERROR_HAS_OCCURRED="ERROR OCCURRED"
-
-; ===== Installer / Sample data =====
-INSTL_SITE_NAME_LABEL="{{BRAND_NAME}} Site Name"
-INSTL_SAMPLE_BLOG_SET="{{BRAND_NAME}} Sample Data - Blog"
-INSTL_SAMPLE_BROCHURE_SET="{{BRAND_NAME}} Sample Data - Brochure Site"
-INSTL_SAMPLE_DATA_SET="{{BRAND_NAME}} Sample Data - Default"
-INSTL_SAMPLE_LEARN_SET="{{BRAND_NAME}} Sample Data - Learn"
-INSTL_SAMPLE_TESTING_SET="{{BRAND_NAME}} Sample Data - Testing"
-
-; ===== Login support =====
-MOD_LOGINSUPPORT_FORUM="{{COMPANY_NAME}} Support"
-MOD_LOGINSUPPORT_DOCUMENTATION="{{BRAND_NAME}} Documentation"
-MOD_LOGINSUPPORT_NEWS="{{COMPANY_NAME}} News"
-
-; ===== Site offline =====
-JOFFLINE_MESSAGE="This site is down for maintenance.<br>Please check back again soon."
-
-; ===== Error pages =====
-JERROR_PAGE_NOT_FOUND="Page Not Found"
-JERROR_AN_ERROR_HAS_OCCURRED="An error has occurred."
-JLIB_APPLICATION_ERROR_COMPONENT_NOT_FOUND="Component not found."
-
-; ===== Version and About =====
-JLIB_HTML_POWERED_BY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
-
-; ===== Akeeba Ticket System (ATS) =====
-COM_ATS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKETS="{{BRAND_NAME}} Tickets"
-COM_ATS_TITLE_TICKET="{{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_NEWTICKET="New {{BRAND_NAME}} Ticket"
-COM_ATS_TITLE_CATEGORIES="Ticket Categories"
-COM_ATS_MSG_TICKET_SAVED="Your {{BRAND_NAME}} ticket has been saved."
-COM_ATS_MSG_TICKET_CLOSED="Your {{BRAND_NAME}} ticket has been closed."
-COM_ATS_MSG_REPLY_SAVED="Your reply has been saved."
-COM_ATS_LBL_POWEREDBY="Powered by <a href='{{SUPPORT_URL}}'>{{BRAND_NAME}}</a>"
diff --git a/src/packages/plg_system_mokowaas/language/overrides/index.html b/src/packages/plg_system_mokowaas/language/overrides/index.html
deleted file mode 100644
index 2efb97f3..00000000
--- a/src/packages/plg_system_mokowaas/language/overrides/index.html
+++ /dev/null
@@ -1 +0,0 @@
-<!DOCTYPE html><title></title>
diff --git a/src/packages/plg_system_mokowaas/media/favicon.ico b/src/packages/plg_system_mokowaas/media/favicon.ico
deleted file mode 100644
index bb4ce548..00000000
Binary files a/src/packages/plg_system_mokowaas/media/favicon.ico and /dev/null differ
diff --git a/src/packages/plg_system_mokowaas/media/favicon.svg b/src/packages/plg_system_mokowaas/media/favicon.svg
deleted file mode 100644
index 0b898985..00000000
--- a/src/packages/plg_system_mokowaas/media/favicon.svg
+++ /dev/null
@@ -1,97 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   version="1.1"
-   width="256"
-   height="256"
-   viewBox="0 0 256 256"
-   id="svg1"
-   sodipodi:docname="favicon.svg"
-   inkscape:version="1.4.3 (0d15f75, 2025-12-25)"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:xlink="http://www.w3.org/1999/xlink"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg">
-  <defs
-     id="defs1">
-    <pattern
-       inkscape:collect="always"
-       xlink:href="#pattern5741"
-       id="pattern1"
-       patternTransform="translate(400.28574,159.42854)" />
-    <pattern
-       patternUnits="userSpaceOnUse"
-       width="160"
-       height="160"
-       patternTransform="translate(294.28574,943.79071)"
-       id="pattern5741">
-      <image
-         width="160"
-         height="160"
-         preserveAspectRatio="none"
-         xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAYAAAG0OVFdAAAACXBIWXMAAAsTAAALEwEAmpwYAAAA B3RJTUUH3QwEFxgV3kkWQAAAIABJREFUeNpMvGlzHFeSJXrc742ITOwrAYIgQZEUSYnaWqpWdasE IJNV0lj32MzY+z1FMSsB8ve0zcx70zbT1t1GVZdeSa+oKapJFUlx30EABEAsmRlx3f19kOcYYVZW IpaMG3dxP+f48UsXL14cAnACQFpZWfnxq6+++mWe56EsS2Hma2b2PhG9ijEe6Xa7r2KM6yJyOIRw XUTeYyKaI6JnAPZbrda7tVptv9frLTDzLVX9FRH9u5kN9nq9/RjjnZTSdAjhpqp+cunSpT+HRqOx IyJ/R0Q/AuCqqqZDCD+klBZrtdqaiLxPRH8mokEAvwgh3DSzZWb+Zmlp6TMGcDqE8I2IHAeAEML3 ZnYuxvi/yrKcJKI7qvoxgGcA7prZp0T0exE5y8zfM4BkZh/HGK+LyCfMfI6I7prZMSL6TkSmmPkb M3sXwD4zb6rqeyGEJyLyd6yqU3mePzOz8zHGq1VVFQDWAOynlI4XRQER+ZCZ74rIJ6q6y8zJzD4P IfwjM/P3VVV1iOg7VT0VQlgzsyUiijHG52VZSgihk1Kartfr94gomdk6ET0VkU/YzE77a3zKzFfN 7N2VlZX/ISJjzPwBM981MwwMDKAsy6MAICLvZVmmzPwkLC4uniWiPSJaU9XjzPxDo9GYZ+abVVXV mLkiome9Xu9QCOE7VT0eQnhQVdUUMz/mEMJVAEdFZLwoiiQiCwCQUnovxngHwCAznw0hrIvIOR/l yVqttpdSmmef7T+EELbKstwNIdxQ1aMxxucppVMA7qWURkII8yGEh6r6GRFd6/V6Y5cvX/4ztVqt GQCTADbNbNLMhmu12n5Zlgrgtqp+wsx3VfVklmVIKT1R1ekQwh0AcywiSwAeqepxIrrNzFtlWW61 2+0fAZxm5quqepKZ75ZlWfO98ADAMQA71Gq1xlT1DDNf828+M7NjZlZn5rsA5nx0nxLRdyml6Rjj AzObBHCOARxi5q3++6rqx0R0j4i2VfUMgB0Ao0VR3FfV92KMHd/aOwC+YTMbNrNYr9cLMzvNzD+a 2QkiekhEo6o6DaDX6/WUma+nlOrM/EJVTwIYpK+++urXzHzFzM4T0fdmNmdmQ8z8HYDTMcaxlNIG gAigByABeOq//134+uuv73/++ecfhBCuqeonRPSKiB4AaBDRd1VVTRVFEVNKh4joIYBxM/tbIvqf Zvbr0Gq1TjPzLQDHiOimmR1j5jUAewD+mpn/JCIjzPy9iPwdMz8B8AjAL4jo3wgALl68+J+I6J9U 9dOiKF53u93REMK3ACZTSuMxxhcppdkYYyel9GGM8RqAoKoT1Gq1TgLYVNXFWq12v9PpTIYQvk0p nQohMBHtq+oUMz/ws3IjpXQ8xrilqrOsqlNm9jYzf9fpdIpLly5dAXCiXq8XIsJmFojoge+VLTNb unz58nUROZXneQzNZnPHzOaIaJeIbHFx8SgzS1VVHGO8bmbvZFmWhxAOVVW1W6vV9j/77LMTly5d +rfPP//8JF24cOGTer3e63a7g8y8YWZPiegEgNse7qGqs1mWvRaR56r6HjM/N7N5IrrGIYQN3yRb qjpPRKMA9gGcBvDIzI4z8/cppdLMIhHdVNVhIrqrqsdZRI4T0TMPnndEZB5At91u/ygiHxPRNVX9 peeOUSLazLKsZ2YnmfkuhxCuisi7ly5d+kZVz4YQOiJy2PfHDwAmmfm6P2hHVb9IKT0gomsppVkG cCyEsNZqtd5dXV39ZxE5F0J4LiLjRFQzs56qngkhbInILDP/o49yJ8/zglU1N7P5drv944ULFz4L IfyDmX146dKlbwFMENFElmX7HrGvqeqnly9fvq6qH6rqQ2q1WlOqukBE20S06RHoSkrpvcuXL//5 woULH4UQhszsuqp+GEL4gx+ymbIse+Hzzz8/URTFqKoqgFir1XpVVZ0OIdxdWlp6P4RwAwAByGOM o2aWAditqupMrVbb4Bjjg16vN0NEXVUd7vV6p5j5m5TSEjPvppT+A4AdM1tQVTUzSSn9MoTwdVmW M9RqtY6YWQ/AIQCJiB718QIAARBEZNhHcsTMCjMbXl1d/bbVag2JyJkQwgsAMLNRMxtj5h8BjJrZ IBFNALhpZufMbMTjzI6qfkpEL8Ly8vKimdWY+ToRWUrpGBFVRPRMVY+LCMcYXwKoUkrTzFwx872l paW/8eh+28yMiCaJaCfP87qIvCci8/V6/ZWIvBaRE0R0wMxPzWxIRCZDCPeJiCOAq8zcM7PTqjpd r9f3yrJUVf2AmbeLosg7nc50jHG0Xq/HqqoeiMgnWZZ1VfWBmc2par1er/fMbLzX640x83qtVrNO p3P6Z8QSbgB4qap/S0TfxxijmZ0FMBKZ+XhKqRZC+EMI4Xav1/sMQCyK4qAsy9jpdBZijD9lWVYv y3ISwKF6vf6sLMt+anoZQijKshx06HYNwHav1/vUd9xQSum9EMJ8URTPqqra9+V+nWVZxao6GkL4 1szedRjzPTPf6HQ6C6rKtVrtBTPnVVXtEtE1IvqXTqfzTkrpSwAvAQyq6ryZvfLP+VREflWr1Q7M bEhVp0IIzzw9dMzs03a7fbsoCi3LcohardaQqv7SzJJH8SNmVhDRTpZls91u9wSAn0II1wEspJTq Hqi7vvHOENEtT1pg5jFV/VFVF1WVY4z/D4ATqjpFRBtE9CyldBzAyRjjdfYcdDWEcCOl9Pf+gT0z m+t2uyeY+Xt/+AkRGb58+fJ1IrpnZhHAs5WVlf+eUnrPzI7nec4AoqqeybJsJ8b4F1X9u5TSe0VR 9PI8z1X1l1mWDQ4MDNxV1cPkR+kUEQ348TnkkXWMiB4Q0YSIjDPzP7bb7fTb3/72vzCzMvMPZjYI 4HiMcU1EHqaUfsXMW/45ycwWieh7ADXPgUeZ+WaWZePdbjfGGIt+MC39fA6q6tEQwgYR3TKzkyml wMzfm9mJVqt1+vLly/+Vmf8ppTSsqtMrKyv/I6V0V1U/jDH+gZl/SCnNishJR/4QkXkzAzPfUdWT nU4HIYQtM9uiVqsVfYTHzKxHRF0zGxWRs/V6/V5VVaWqDptZL4Rwx8zeVlVm5odEdCilxDFGBbDp 2e94lmXh4sWL31y8ePFdIoJHwpqZvUtEvyeiQ6p6xsxqbGYLvin2iWhHRKYBIMZ4rSzLAxGZrtVq +yGEBymlU2Y2EkK4BWAwpZTHGB8AeCki855ur5qZ+MPvOcocJaKCmX9PRFFEpojo9yGEf6BWq7UA 4KmH3+igbz+lNB9C6BDRppkdU9WhEMKPALoOy+4493lPRCpmfkJE0cxGiSj5Cdn3h7+MMZ6sqmrU zHaYeQvAs5TSKY4xzorIhwB67Xb7RzOrATgUY9wqiqJuZp8CGA8hfAdg0mP4NwB6PnOvPPiMisis o7ZHPoB5x9ynu93uESL6mpmvqeqsmS3VarWCPF8+AHDIsdMPAPbN7GMAT4ioF2OcKsuyANBzzP2h iHRCCLc9WR0moiFm/jOASREZdwaQzOy8qq7V6/VeSmlQVbd85gBgjkMI11NK835Efu8z8oWZbWZZ NgwgdbvdfWa+u7q6+q2qfghgwB/+oYicDSHsrq6u/puq/hJADCEcENFHKaVTeZ4/unTp0tWDg4NY VVUNwCszmxSRDwA8oosXL/4nAD/keT7V7XZPEFGXmf8VQFdVP2PmGoDvU0qzIYS3iOgHAF2f8oGi KAbKshRV7V2+fPnPrVbrtIgM+0B2zWzf0/mdPM/PdTqd+RBCpyiKZ71e7wm1Wq3TKaUBR6FDInI+ hPAvKysr21999dUvAQRmvu35vXB4tyciHxJRZOarzPxZSikR0dOVlZWHX3311edENEBEX/tATzLz ISL6v81sAcAZIrrabrfXwpUrVzabzebHRBSyLJsD8EcA88vLy9PM/ERE6gDeIqKHKysrDxcXF88x 8w4z75vZhKr+DRH9U57nU2VZFufPnzci+snMJlxi6BRFUauqapqIypWVlTtLS0uTqjrUbDbXQ6vV iisrK7eWlpbeEZFIRCWAXESYiLZDCNue80ebzSYTkYjIDBERMz9n5tdm9letVuvfms2mqepZIiqL oijKsjwBYNDMrjq7eKvZbJ4gom+JqCYiR8PS0tJ/bDQaPWb+UUQGAUww8xYRravqh0S0xsyPzWwe QI2ZHxHRiKq+z8yPAbzsk4o8z4+EEHoppQEzG2Tme6oKM/vV6urqn5vN5rqZnSSit4noRzObCM1m c8dhbbderw+WZWnOETNmfioinzPzATO/EhFS1ZF6vW6q+srMpoloP8b4FoDdsiy7eZ6bme2r6jwA YeZNMztYXl4+QUQHRHRbVaeJ6GB1dfWn0Gg0hJlLEZlR1WchBFHVoKqnmXkjxhhUNQGoQgivARxK KeXMvEdEtwHMikgiotLMDnnyekJE6yJyhohqTnxgZmOrq6uPm81m18x+sby8XGMzOwFgM8a47lDp 6eXLl68DuJtS+iSEcADgpZkteEa7SkS7KaX38jw/5ZFz1iPiHwAcUdV3AfRCCH8WkTEzGw4hPAgh dFqt1rsAdojoOzMbC0tLSyecev5ERJ2U0okvv/xyzpPTkIgMEtErACoiQzHG0wAOPBTnzLwWQihS SiPMPMjMj8ysTkRZnuejANZUNSOiY1mWhbIsExF9QkSPiOg5M/NVAHuuVMQY44uqquYAwAHJg36C CSE8KcvytZmlPM/hU3u21Wp964LMlJlNuN44X1XVLoDbzNwxM6uqKrmEdCAipwHshUajwcycVPUD Iup5JtsxsyMAHhFRXVVnAAwx8xoRdTzkfgNgXVXHms3mMBGBiHqqOhZCOJTn+auyLAcAnGXmewAO VPUQERVE9JSIjovI2bC0tPTXRPTQ6fVJEaEQwjoRvRKRz4joR2Z+aGYzqjpdFMUgAEkpDRDRUFEU sSzLU0Q0TkR3+rNiZhkR3TazSSISItovioJEZMF/92siOhGazWZS1XNE9IKI1onoLBF1siybJqKe iMwx81Pf5WMiMkxET5wLDhHRQFEUL1R1R1U/yvMcRISqqiZDCINE9FRV58xsysweeYatALxHRD8x gJ5P67tmlojologc7nQ68rvf/e6bGKN5BoRnwD1VHSeitRDCnaqqeiLylvO9x71eb0BVnxZF8bCq qlcA9pj5OzMjM/uEiA4BEDMbMLN5duT6FyLaA7DoVOp5COHQxYsX/97MnnpOmDazPU8+uwDm2u32 HjN3ROQuM8/GGEsz64nIvOOFJ64m1mq12o6Z7Tnk68YYn5nZCKvqY1X9BRElIhLX6PaJ6IaZBRGZ b7fbTz0gnXMgcVtVj164cOEjRzz1qqpOMPNwCOEJEZmZHScihBDqZvaZB6i7/rMPRWQ7z/OXodls Bj8+qSiKXTMrzYwAEDPfMbOBpaWlOdf/ChGZXl1dffH111/fX15ePmdmxwG8cB1s1qd8TUSOEtER M7sFQM3sEIAtZt7x6Z80s83QaDSC0+YJVZ305Rg0s3Eieuyhc1hE/oaZbzBz5/PPP3/r/Pnzr4ho z8yOi8gcEX0H4IWITBLR6xDCNTM7LSKlU/EDh+w1ALfNbFJVjV1TRQjhpoisAZjoB4++0gXgnhPR CQA7McZSVT/JsuwwM/+rv9USEY2GEJ77MVxg5t8DOCkiZwB0a7XaTkrpEDO/y8wbzDzDAPZF5BPn AjdF5LCqngeQVLV+8eLFLwEMuUI07pQczPyi0+kkAMm5QC+lNExEtSzL9lR1DMDe5cuX/6uZ9Vwk DkT0o0fTfSL6X/8nGwKYbLfb681mcw3ASTPLmHmTiPZE5IRnv8dm9lcAXhPRE2YWEfmIiBIz75pZ TVWDK1avzOzTZrP5mJmDqs5WVTVfq9Vem9kzL4cMsqq+5wB04Le//e1HrhPdUtVNERkAcC+E8Dyl NB5COEdE3xBRSimdBbDv5aB5/++HMUZ1fAEiuioi/5fTuu+YeafX68212+0NIrpqZmNsZpUjnXVm hqp+AmAtxvjEzJKIfAygF2Msq6o6ZGYFgEchhNLl855zgEEz6wLYV9VXIjK/srKyHUL4R1Vd8Gdc V9XehQsXPsqy7AwRPQzNZnPXhezAzEREuwBGvejxE4AjAE45Fdszs+MxxjEzuyciBYDDRHQA4LWq niSi+yGEV2Z2YnFxcTzLsjMA/gxgzswOmPkxM9eqqhpn5m32Xf5MRIZVdQTAQwA9ERlut9uJmb9T 1QcAhlZWVm4z80ZZlmJmNQcuwd+w68WVc2Y2FEK4RkQDIvLU+eQOgI8BDDr/3DOzM2FxcfF9h9k5 EXUADAB4ysxoNBqHPXi8TilNN5vN97MsIzN7QUSjjUZjn4gyETlqZhN5no84IT1DRLeKohivquos Ec2trKz8sLy8HFzAHWLmZ0QkTET9dX/ZbrdvAyhE5KzPjHht7oPLly9fNzOUZZkR0ZqZwcxOmNnL GOP/NLOdXq93zMsu3wM4UVXVTQ9I3d/+9rf/hYgeuegNM5vIsqwems0mA5gxs8lmsznYbrdvNhqN XwAYJqKfAEhVVen8+fOvieg+gPcd9RwA6Pi666VLl24tLy8Pm9kpL5CoiHzpueK2mRUOVja8JvIO AA2Li4snmflbAGxm481mc9OZzVEzm2TmW0Q0JiKTzBy8LjoHYJiZbzEzq+qxZrOZiOi+L8k0Myci 2vaCRCqKYiSldJyIOkQUHSENhcXFxSlmLohIiahyHrdGRJsAcjObK4qCzWxARN5h5vteSx0gotOe pMjZdQDwgJlHzCx33RkAzojIzVqtximlaSLq+GcOcYzxpgtOsw5ERUTOAegS0Q4RTZZleZyIHscY v1XVM3mez/raDqjqaSK6HULoqepsjPGsFz3mzewzZ9t7qnquqqoXzHxTVU/2ej01s98zgKEY4y6A 4KL1E2Y+6nwBRHTNzF75APeZebfT6bzjIPUuAFHVz9rt9h+J6GGv1wtmNpjn+aZL8+Nmth1CuCYi p0IIC8z8T17WOx2c7T4notJLVPNE9AdPzW8R0ZoLjD0A7xPRBjNzSilj5i4RHYhIOn/+/DARPSei WTMbVdV1Zu4Q0QmvXiXPHQHADjOHlBJTq9WqOZs54kTkWYzxZrvd7rZareiawbIno+cA7hFRbLfb excvXpwys5NmlvoZMs/zaecDXRH5zMXs5y7LDPZrkGb2mZkJEQUiuuHl9/7XaRGpm1kvxjgG4E8x xo9TSj/2pSRVfRxCWM/zfPbChQtXL1269FG32wWAAWYe84T5xzc/08yOm9meA/BHACZDo9EYA7C5 srJyd3l5OfPIOtVsNie8BvGcmX8KIQyLSM7MwwBGG41G7gnvIRHVAUyoKkQkc94xXRTFHjOXqnrM zGYBHPVJ7K6srNxqNBrrZjaiqocAHHJpogDwNM/zaZcoxlwjeZTn+WFmLszsR2aORJSXZYlGo/GW mV1j5pKZNwEcEZE1M5v1kBUAvCyKgsqy7PgWHyMiogsXLnxkZn3GNuPb43hKqfCS05tC7KaXZA+H EEozO+zb7p5jpoWU0oyZBQCbPhGbeZ4fL8vyhTOP1yGE0tPRGoCamUURmXdQH73KdN8T/I6ZnQRQ d6n0CRFt+ES9NLNPVDUxcwHgwGP3JoAFMwMRBS+jjAC468/dEZHjIYQyNJvNQ2YWzGyGiE7lea4X L178odls1ph5SlWFiATAaSLKAGzXarUhVd1W1dMARpz8D6rqSyLqxhgtpfTaX+RtEdl0rjcCoGNm J1XViOhjAOwa0EsA486CS1U9xMxTRLRPRM+IqDIzUdWjAAxAyvP8UAhh38y2AEwBKFQ1MPNRAH9Z WVnZdAWuEJFSVRnAIBFlzPw0y7IZarVaUz6bPQATLjCKS7eFWyBOADgOIJpZj5mfe+F1PKU0mFI6 5AJEYObvXZ5PDufGmXnGzDZd+Oo6VeullOoAokP5vnw76hH5uKqOegx54mJ6MrMxVV1yT9OHIYTH ANazLBuuquqJaw4HvqvXPSXAdetjPvn3veS0GRqNxnEXtrsAdpl5l5nzlNI4EdWJaJSIHhVFkanq LRE55TN92gn1blEUO6r6HEA/Ws84tUzMvONGnQEAI0SUEVHPxdfX9PNsDZkZicj7Xk7czPOczOyP RJT5WT7u1LXDzM/MbMgRXm5mdTPrANhk5qeeHd73In/m6YyIKBLRHSIaMLNBETkdlpeXp510H/EX 7vm2VM/2J7zis0FE4y7krznTn3Xu3Mt/lgY3/aUUwCkRKYloZGVl5b6zyCQiH3tOLQB0fFDrACoA h1V1xwXDXSIaIaIdP+uZT+xJl1CeMfMegIyIJgGMOQ6LAHaJaMsVzmEimjKzY/5eu0SUE9EmERWh 0WjkIYQpEZnzrTPiM/3Qz2WlqsPMTKo6G0I4DOAuM/ecb0cimqiqaj/LstEsy/jixYs3lpeXX4cQ MjMbXl5eng8hzDmB3HYvR+nsZiyEUAew5uXaTRGZM7MBAJM+Qer60HMzOyEiyU1YmStqL2KMhZkN mlkOYAFA6X9XukXuw59PgY0DMI8rL8Kvf/3rd1X1BjO/JKIRZj4QkRqABSLaIqJJZr5nZuOeziqX 7p4T0aBLb9tmNqiqWUrpnUaj0SWi137+9ohoQUSSqp7y2uMr5yC7qjquql0PwjsrKyuvm83mFjOv q+qMmeUOil8DyInoaZ7nw6rKqpqIaAFAGUIYMLNrTn6i45pD/jcv/V32VbUGgL28YOHzzz8/q6qT zHzHlVhh5uAr8I47Tu4S0aaruK9VtW5mEy4B7hJRLIpiRFX3AHQADJjZsRDCSJZlQ6p608uFuWMB 8bg0ycw/Zlk2k1I6MLOR8+fPTwHYBTBQq9UyVa1U9YCI3lbVn2kk87SZ3cyybLqqqklmHkkpTTLz OhGV/sL3nXhtOWnPiWibmV8WRVGIyD6APDQaDfWtuGBmR2KMg2bW9fyem9kmEb0nIu/UajUTkfWi KMYd+HSJqABwVkSeEtG9oiiGPeJOiIi4knjL09k2gCdmNici76jqqxjjUVX9iZmFmTdTSn+tqgJg RlWfEREVRVF3OZRUddonIlPVW8zcizEOp5TuAzgsIqeZub8wT7IsG08pMRF1iajmCHXLEegDJiJc unTpqp/5VyLSARA8K+zU6/XEzJshhG6n0ylSSsfLsnxgZg9CCA+ZecbT05SqflaW5YNWq3WViG65 VN5T1V+llJYB1IjoEDPvhhCuhhBUVXe9OLHTbre3Y4z/zcHOroicNbMzIjJw8eLFq6urq994Ku1V VdVT1Q8AvBKR/x1jfEJEL0IIe2Y27aW9E1VV6aVLl65mWZar6ph/5qcAJM/z+X65tnT5bdLP8mH3 AK0XRXFQVdWWR+3DKaUdZh4AUK/VamsAUJblLhEdqarqdT/nXr58+brbAaJXUuY8C0x5uX+z3W53 V1ZWfplSmnTp94WZ7XgmGnVSM8TMY2YWYoybqvrUNah5ETlIKeVuAfkTgF6WZQtlWXacbQHAnnub Nv3fJ7zoBgAIS0tLR8xsyK2Mj4mo54WxLRFJ7gUcclX+ITNvOw6YFxFzbH3fc/Ce25BGm83mhHud Xq6srBw0Go3dPvlR1aNEVDQajY6ZPfbtuQZgyHP0O86HHzAzHDKTo0dj5iOq+irP85qZPVDVtwHU VLUAMJbneSfLso6Z7XucOm1mY54GdxzXUFmWu6HZbFZufh115lcwswLYLopiUkTYV3/CLQmTRARm /h5ACWBOVQdVdYyZnwHoMLMAqIjoDBHZ8vLyjGsszz0WEBGxu1Q++Bn72CaALXec7XmgPR5jNM8k BGDdzKbNbMSDdPa73/3urmOMl6r6vpvMAoCiv6vyPA+qOgVgTERO+VFfZ+YsNBoNZeZtZ2nTRDTu pqC3VXUjz3POsqzjhWR1hva2V7A2PeAchBAIQP/svSKimZWVlW8ajYaIyCgRTTuq23K5RUIIb6lq mVKaA1CLMR42swftdvtxo9HIfRzTPtGbHti2HFkWIjK3vLw85ADuMTM/duP5mEs4BzHGSRG55kHv sS92lVKaDCHM0YULFz5xefWm23dqjscLp7+TRHTdv9dzOe4DZ3Xrblhd8MDZU9VZVZ0lojyE8A/t djsBQKvVmkopzTpq61dck1vFkqoecTY34LsLrtbtiMhxZi5U9Uie5/dUtfRSYnT/AZj5hfsdU4xx NqW06+JYISL1LMuemNm1GOMnVVXd8LKkUKvVOunbIxDRmkt6Q1632Hc36s/VlJ8tZEf8TB4xs3cd j6vn3h0nVYPuHT9wJ9Bt///ogCe8IVQ8eoOGfyAiQ6q6ZmbiUtWa76p9t9IOADhg5gdFUcy73IiU UsfMholoMsa4KSLX/JnH/P16qnqkKIqnzJyqqnoBIIZGozFNRLd9e/cdn7k7Q0aY+b7LVXUze9vp ZJ/FPXHmJkQ05zBzk4hQq9XqIlJ61C9EZN7P/34/IqeUJjyj1JzMPCei5zHGMRE55trqqAMcuF7X VdV6CKEmP389MbPnrmpvAjhaVdU2gCMhhIkYI5vZrgOkmqrWUkrs+sHjsLS0dIqIngLorK6uPms0 GgMA3nbjrnhNddMx9aiZkaqWLiDeL4pizMy2nTZHIjrjtsnXLpGuOZRN7gkIZlYRUdXftiIy7mzx sD/3gU/8rselwle35ztlD8B6SmnGY0S/hqhE9JObWA6Z2WxVVTPMfNOJ1z0i6ts6hYjOsb/Uecf3 APDUfWETDm4+cF/5HhHduXTp0jcxxt0+wOl0OiP+NymEcBfADRc2xkXkUwCTKysrPwK4HUK4mVLK fZcd8udthxDuZFlWqOq+Z5pjDsS6Ln7nntfn/DNTu91Oly9fvu4V/mMppf/opYIxr+zcJaJ/NbNS VT91V9+Zdrv9kJm/c7D1gFqt1oyqvkVEr10nG3pTpBSR93yb97zse9PPVlLV98wMIYQDVT3MzH8A gDzPz/Z6vV0JsvKyAAAgAElEQVQRGfaC2RgR3XUOUPh5PNmX3NyasJ9l2amyLMkJUDKzhVqt9jSl dLXdbqdWqzXkafeou4UeedBObuCe94C45XLYozdizTF/nw+Z+ZuVlZWnrVYrUqvVOuJnJ6nqL3x7 Fh4QNz36d90xEkWkHkLoeGDrZwyklMZdeBh0b+WeK7E7qnrKV+au2yGfukt9wUHVsKoeiTF+69/f BHBeRDY9ssNNQHtZlp0ry7IjIm8z8ws/JpuuQu37mA6p6mHftVs+EaN9t6MXF+vMvM0uhpzuVxBD CLeYeUNEhh0zww0+j9rt9o/9VTOz8y5t7QDYjzHejDF2fCLPiMh/brfbPxLRZgjhaozxJ/+sQkTO mdlklmVjHl+eMPOOW7En35isG75VCzenfugBd39gYOAuEW2JyNsiMp1SmvZskvy5j10zQErpFBG9 64XwOwCeEdGYqs6E5eXlI+4JnXTYuQmgYubKlZXM09DQF198cUJVn3iQGQJgIjJuZhP9AOrOmlkA G8vLyydUdZSZXwHora6uPlheXj4MoGBm82DaK4piUlU3iGjCTQwDZlbzyL3l0nwmIiQi4+5FfLmy snLv/PnzD0MIZzx4HieibqPR6Lki9KP9/PWxmT13FLtDRHtFUdRV9QU5SInuMz/q3TbJV7zrP19w aBlVlb0mHfuc3oHRgRusur4Vu+5XCMw8qaqbLm72+sfD7celuz2uOl0ddJm8jzhfMvNNjx/bAMZS SrPMPOFH7rs8z895Xt8BMJdSGmDmgplv+NlPAF45hZ8CELMs6zFzCq1W62S73d70Wdv2JqABETnb bDanG43GS6eq68vLy9NEZAD+ygmSesvDnqo+8crPWSI6GmMciTGKmd0nogXXBSZVNWNmAvBsdXX1 yfLy8ryqsis7hwFs5Xke8zxPrg++FpEhF1M6vnsOmHlYVQ9UdUxVjzlaLX33bqjqhKp+5AvwqN1u bzQaDQGwDmBeVRdEJA9LS0unl5aWZpk5AVh39fcGEY2ZWSkiHzHzgZfDxXF4IKLca3nTIvIoy7JZ VX3m4uaQmW14ynseYxwBcM293GMASjM71mw294loz4vNz0WkS0QnXD67RkQvAURmPikidVUtmLnu HOKPzPwqxng0pTTsvo8ZJz7d1dXVu1988cVYSmkfwHSj0RgFsLuysrL95ZdfThDRWkppPDSbzX1P IYOq+jdm9jTP8+kY434IgQEMqSoBeMdrvlsefUsiMhHZI6IipZQRUcqybM7MXnjJq6OqE3147MXp O77ShZe8TuV5Tqq67UXSqKpveUnt7RjjlJk9ZOZXRDSkqrmqTqrqoKvJBTM/DSFEAHlKSVX1o2az ec/MIjNLjHGsqqojAMYWFxeHzWwDgDLzI3bBYDeEUIYQKlUd7na7KMtypqqqDQD/LzNveG/gvPcK f+ipZzPG+MJjQVTVhbIsex6F/xRj3IoxdryAOm9mvXa7vbGysvJHZv4hhHDAzE96vV70LrfUbrd/ CCH8g/sjMrcVHTcz5HnORVEMMvOBA6aPzexUCOF0CKFHRHcdA0hK6T+Y2RnvGNgfGBi4y8x3Yoyl B9IAYIcuXrz49wCuuSAx5m0sY8w8pKqb3mWc3ugsHfw57aeBGOMkgOf+/d4bxGnCOw76X4U3cYw5 izwAcM/BzWl/2ZNmtqeqr11Nqjl5GhWRXzom2cnzPHjf5VZ/PKo67o1IfQJ0hIjGUkonPCgfvAGc jjHzVFVVPQASFhcXR7zAcdiVmbxWq5WqumNmmaqecBFyHMBrAE9cuBjzuvusg6efmLnu23zQIy4B GCiKAqr62rX4mgsXg41G4y0/5/tE9BcABRHNNZvNuqq+7526A8x8m5kzADURqdwj8tiPgDHzjKu8 58xswhelm+e5qeoLIpoBMGVmhwFsxRiHANyOMc5Qq9Va8POfM7M6pd3xVHVEVRdUdTyE8Bfviknu GzgB4JSrxkNEdDPGOJ9S2jCzaVXtutaYXG/s1+eOiMh4jPFARN7zVUOWZWNVVQ2llDaJaNK1hkdO y+8BOJFSeo+IHoYQOmb20lXmMa9OTXsRZdJNN8kh8pAz0Xe8ZPavnhofmdko+5aZdrR1ys/hdp8Y uVjScbj6aavVGvP8e8/MNt2jugZgNKW0kWXZGBH9OYQwp6qHvdh6woWRBSIqYoz9itJTP/sPq6q6 BuAPMcZ1M9v0AHkMwLM8z8+6gnTN227POWga88yyE2PsOIQPqto0s2PtdjsR0V6M8QURrYkIq+q5 EELuQXkwNBqNjlPJYXf9Z741644E+2YdYuYugOEY45lWq3W/2Wz2vJSWOU+fM7M/ARgB8MILLZMA ysXFxWPuqdl33j/qtudCRIZXV1efffnll++KiHqeD34xwYGIPHY4Pk5Eh0XkKTObV57FnyFu4pj2 RaVGowHXCQ4AqBdkR1JKkZkfAtDQaDQAILbb7efLy8vHPL/ve91tx6s0lceByszYzNYbjUbNQcd2 P3d7l9MQgPU8z4+GEOqespiZp0QkMPNAu91ev3Llymaj0Zhi5m1VteXl5aNmdsPBTl8xqotI8j6i /Rjj26p6J4Qw7d7gyuW3By6q3I4xDonIGjPvikjNx2NENOy1xTH3kmVEtMV9AuGM6wYRbYQQ5kRE fWaPAIiXLl267ls/ichxMxt1zj5IRNdDCDUXUs8AOFaW5Z2yLEsA37ilf9tXe6DVao21Wq0jfh3J jn/unHtQJwGkLMvGmfmmx4oPnfN/D2AzhBD96A27Tvmxj2VIVb93tjftqfmoB8Z7XhH+wcw6IYRj qvpuWFxcPElEU74TKsfjO0Q0RkSVN7vsuFK07ncJrIlITkTH3NfzvCiKETMzT3mZ637ixvwtIqq/ oR2c8qg/4+6QQSJ6zcyVOwIzVbV+y5n/7SSAOV/h60TEvkvnzOy1R3jzZw24Y7geQtj0Rs8JM1NH s+bP2+v3z8yq6nE/Cg/d27Ph5GffnaCzrgP+0cyEmSe8qlsAqJVleRPADe8gTSIy4Cs02m63t4no kdcejrufegEAPDg+9SJGZOaOqh7K85xjjGfyPM9cR9wRkaGqqsZijKfyPJ8uioIBPHEletTMpvrX jnhgXPd4cE9EhtxQPOpjqYvIMLVarXdVdcorLadV9Ws/g6N9E9SbJkG3scy5unKYmQcBvPKA10eE wx5HRrwv+F9ijB+mlHZVNSeiow6yJonoH99QdX6pqlUIYcPMzmRZtplS+sGfN6Gq02b2GsBOURRw EQQiMpJSytx/lDHzNe/EgFeMzrlzJYUQSsceBTPPM4BnzPzCLdkBwN+22+0137rfOhl5YWbizQdz buHf8Rs/gguTfasNmPlajLHDzENmtm1mR5h5P89zdhiLEMK2iLCf+y6AY1mWVR6dQUR3e73ega/o MwA3fRxjZrbQ6/XeKcvyZlVVB6r6IoSw7aX9QU+t0f/XJaJdZh5h5gkRGfj5pGJHVW+ERqMx5BRx lJnXVDVrNpvRv1d6X+u73s0RvMS17e4N6ZMa79pbAPDAyc49JywZgHpVVWZm9wCMA3jgqvIrr/O9 z8x/clq86eXzU8wsTrt3PJU9Y+ZJM9t312eW53mhqlWMcVBVX4hI1xdtwAutucPoZGbMzEcd2g8T EUKj0ehH+z0ROeQzRkR0DsBjAPOePnLvdagT0XE3Mw46geqZ2TNmfmlmAy5f11zajr7t62Y2VhSF isiaY4vo3ScdInrft23Ng1THu5G3AZzzWv9p1xIKERkLIQx6g+hzR4Y9ZjavKA25d2HH5fKhGOOM H81ZF39+CMvLyzNOhKIb+vtCx56qznmOjczcZeaTvq2UiKZCCLtVVSW3wwyZ2YxLU6MufCqAcW+h qzPzflVVw956eVpVN7xLdlhVO0Q07wxz1My2ieiev/Cw3yl0391oz0MIw2b2nJlrqmquKWwC6IQQ jqhqUtXSDZJbeZ4fTin9ewjhsIjseD/aDDtxmXTsPwbgmaoedbGj04+qzg++97wdRaTX6/X6GCL4 7/ZUdR/AiF8E1hdNHzLzCxc1ZsxsMqV0N8Z43IlLv6lNvDvvKoD9lZWVp+76ePTG/SeDzhKfv3H8 FryFJLpjdZ+ZH8YY1QXcE71e74lfOfB9lmVwbeF1nwtMAviFa26Dq6ur/+ypbFpVj7jaUsuybH51 dfVbALdcGis8MO5kWVZn5seO1Z85LZ50OS25+rvr/e9ve/M9vBMY7u4/8CLpCQCx1WpNtdvtf/by Vk9EpkXksC9WIqL7WZa98DN+oKq/AlBUVdXxhXnpgY9dGzjmBO9JCGGbiIqwuLh4BMChn+9nIQaw fuXKldRsNp97LaDuLW0jIYSBpaWl0r+XOw8fdEzwMsuykRBC8YaJcRTA9BdffDETQhhX1TWHvrsx Rq2qKrkVb8DbWtWbiEFE54joh0ajMeIZp+fjYecp+45id/35yR3iJ/M8P/Dgep+IgsclNjPO83xE VZMH0oeh0WgUzgajU+J6o9HYdcnopZl94mruqKpyURRBRH4iIvFbTB6427uXZVlVVdUjr8HV/VzO VFW1l2VZcnW4YuZDImJOZYfdAmcA1v1IFp7TF/q53nlH8ra+rqrOENGWZ6qO2+QCgEERgao+9Ury M2auA1hQ1dciMuS6xBYAhCtXruw0m81NL3eXRDTrztIegMMrKyt/WF5e/qVP0JSqpjzPx1zseOpC wxoA8qrrdpZl76jqXa8mrxGRpJSGzOwvAAayLGOfiD0zy5n5ZLvd/vcrV66oi68jzihFVYuiKApV femqlLl3aN9F0h0nUB0HZS+89+moB+LgPwtu0oiuUK8TkQbn910f6LE3GqcBYK/RaIgrL4cAkBsl N/yhO0S060WScWeDp32w8L/riy1z7tG5o6prviWHPJBtNJvNqStXrqw3Go3YH5yZjbjlpc7MT514 DQHo+3+HzGyoKIoxr0Y/9ngWiWjAa56PiSj396scf9QcZ/yFzWyy3W538zw/TkRXvH9yX0TG3Cgx 6tjgqgeryvW7yRjjOQCF1/t6PttPAJxyNLntsBNmBr/M5bQH3k2/DAAhBBURvnjx4sk3Ci6FY47o CtMvsiw7nGVZvSiKTgih5p6BmV6vN+RBr+ZNQmt9MdSv1oMvsoQQoKo9ZlYR+VVYWlr6uNls7rZa rXuNRmPC2d2Y5/oFz+nr/fK4m48VwJCI9HybjboWqCLytqo+OH/+/EcxxglVJRdWd9y01PWXPAwg L4qCqqrKAGgIwTxg7Xv1ZtCRXcXMg1VVJbe5V57Lp0Wk7mW2zE0Zz7Msm1PVnvcHdPqMkoiQZZk6 /siJKIVms5mp6tFGo8FENJxl2SSAW6o66sWRTf65aNgDMONGRXI/gbpb+0673V5vNBqVs7ngpuUX HtwsxjilquSrGd2QXTHzoJnt+oSe9ucc8gb4zTcmdt7LZsMhhNf9GOSfs0VEsykl9QB5l4heMfPh vr/RqfKeqj4kolFmHldVCktLS6dUdY+Z3/Y+xg3HyQ8d72eq+rbD411PP+O+6s/cHvdXjUbjCYDp PM9rzveDs8WXAB6qauG9iwMe6QMRTfk9N9suVogbnCsAde8yOaKqXc84T7yXYZCIHgMYzLJs1AnO gR/Zt7yuefDFF19MeAG2E0J46ZWqDY9vB8z8MjSbzTUzO+KigrkR8ok3Stw1synXBXfdxLDgROMx gKN+x8JtFyEeiMh2lmWDKaUNZi7dzzfuMWLcX7T0S6SmzEw8q5RE9MIZXXKH2rkQwr6qdgFsM/MJ t+1EALNu3H7kATNz50kiou4XX3yxUFXVdb/FhPzYZUT0gS9kAeAZu5nomnuAokPNMYelJ2q12r4H seGU0nRVVbsOVZHn+aYzugkRyd1NklJKD0IIT7x5PHkXY9+6Oppl2YDT7SdE1Kmq6kW73X7abrf3 PGj23Bb3sqqqGQCb3ln7na9eIKIHKaV+//Ejv/n0iZs1hquqOsiy7D2fkB0/KoWZhZRS3cz2syw7 F7ximvyD5kWk66amCTcpjKnqX5zWnhKRLjOPtdvt24uLi4ULIdNeG8iI6Jh3Z/Xp7juquu2pKxLR Y1V91G63txqNxoCqHjKzvNFonPrNb34zr6qPsyw75hL2vseQud/85jcL/u+uU3U2M2LmPMuyw26p 33BUeURVyStVrz1W9XzVSxd+zwC4xUR0BsCYI7trHpQWvJt70t2aNe/Y4hBCKSLTrVbr13meD3t5 fM3Z24YPbsZ5xR6Ar/3Ctg1XlA95roY3amfMfEhV91JKDwFMVlV1q1ar7TuwqasqqqqifhOX6wPJ dyy8YXIPwGSWZUxEL1yJgsvkO45Znjm7DMz8VFVPBtfrDzuI2HOsPeGa/bR3hK/52X0F4CP3Bmfe L7ArIo/dXD3ufJzNbHxlZWX9ypUrZaPR2HHFVkMIFQBpNBqddrudGo3GmqrWHWoHIpohIhYRyvMc Zjasqq+86btOROZ4/sADbc2PyyFmfq2q5LUAcStc3a9S2gQwEWOsubny5/TqrW3Jpa4hj/I3/MKQ Z6raMbM53747RPT/MfOeCyGVn/EEYND9N/DfhRuw+v9eizHuppRyp64z/rMhv3Bo3SXwbZesXlZV 9TzLss0QwpDHoWRmh8uy3PIVRQhBvZTWUdVT7m0e9jTY8aMZzexv/TLnG64nbBNRDEtLSzPu0pxj 5llvUT0SYxxywjEqIjOeHXbf2N6DADJvnwueespGo9Fx90Uys7FmszkAIHcXyhgznyWiuymlgfPn zw/75JFrDEMhhFlfueMe5UsieuHtL5M+4WPerQoiqjleGQJAInLY70vvp9VBv7Drkd8GsQWgnmXZ kJkNhWazad6Ps2Fm3RDCtIj8RVU5z/Oqqqp9FzIFQO4R2ADc8rtNNhyjdz2gsoORul++VpnZSKPR 2O+TFleYzOPLSFEUgyLy0I/PrhddYGZMRGWe56Oquu2tc3UnSzNe+n7mN0+Qx657Xi16BWDLb6Wp O9EzVf2Imf+3qg4BeM7epPC15/0ipQTvqZ+qqmo7hLDrNxFDRGadcnZ95ncduEyKyEmXxKLfv/OA mSdFZEBVszfcn5t+ITH7ZRHzZVnOeSF007F85oxtzrf8A5flb3gsOOgXYTygDnqT5jUvjm6q6inf XdG3/K7XOP6iqp/5naC9cOXKla1GozHpMPGUo7w+J1/LsmxMVfv3lu/4Nlrzmv5mlmVjbmFJLqik L7744m1veLrPzHWfgOAReKvRaEx7U0blVt3SiQz5JLz2rLPr0fzAs8uQg7IX3rUWvOJ8vd1ur3/5 5ZeHVbVySp+83/G50/bcs8qwqm5UVXWyKAoLFy9ePOIobstlqa7PFvsNSxseGJ96+1nmW3TIJ+2p b7VR19wOe9m6L4rWHB8Muzuz5jpg7s886is664OFy2ev/BK9yu81HCOi/Xa7/bTRaARXfae902S4 0WiYiOzleT6uqjU3b2SuCxw4DjhwmfwwEW2KSAyff/75SSJ67aRj14PdqKeK8RDCqP/hYaevE77t un4GRwAc9vOqIvKWn//Xfe7Qb1P9+VZpzDvVfQFg2J0eya+ZMfcVv/RYUnnv/ygRzRLRTKPR6Drw 2jQzdXdpv06RHHQ9d2veht+xO+uMdhzAlmsYA0Q0yV7EHPVUl7xM9ch/adNLTj0XL2tE9MK1tkMO MpJv22degc3dRVa8AXj6pooCQPXG+e/57rrnPqHjDr7e9ZQ84bB428w2vRY56JWpGjM/cN9yX2Mo +nDbhdvC3SQHrgskAPtZlg2HEEZVdZ+dhr6tqgNmNtZutzeyLDvl5AUuIb3rD+67MR6ICDPzoZTS dD/4OV3+7z7g6AOZbLfbGwB6tVpNmPlpjLF0o1R/kk64nWbfX3TcS9r9e2fvOYureQtvv+1tLsuy /7+uN22O40zPdJ93y6xCFVBYCZAEd2qxpLba1oTtmWkKCR13fz+/R2qiq7p/znyYX9BjjM82E6c9 bru7LalFiTsJgFgKVQVUVb7L+cDrVaQZcRihCEnEUpn55rPcz33fz9AYM6QQ+9R7/3d8j4cy/w0y fJdSuu+cu1fX9VFK6X8aY07N7u7usdZ6RgC8X1XVJMY47vf7T3Z3d9sc0xky1zVa1aC1fgmbo03Q GXPUb2OO1APh7X3xxReJmcE5jO0enaGQFs+o0acYMmyC4+XWe4Up0jl0+VOInd/v7e09q6rqFUh0 BlzuwD0UOkBRSnVooNqAPpci8sIw9x/GGJO19iX8gPOqqlaIC6/g67gQwqnWuiyKogPD4hX8vwsK FZ8vpiiK9RCCQ+ywld0eY4xPtdZLKDd0CGGBV+sQ0MJprXvMD2b4r49gqB0glE4iokWkqKrqEvRq qJS6iUjTe++nWusL59wK6tQ2QXgVQHYkIh0NIcri/mxpMVfzMRKRksUZFzBHPpjP51pEbFEU95Cj CJPgTo4lv/zlL/+ZvL0G6SlSwlqIyxJjLHLmEJFN59wtTtt/E5ExZKqVrAGgAXqC05nlVbiVSdtK qT9orY9otddijPfrun5urV1USn1tjBEeypr3/nMRGZqHDx/e40mfYjS+jSnJAsPQGb84caQCcHYJ upvh7YWU0iKvTBuC0kxEjsxbsK+Lv0ebUdsMnUAHCk0PbeIJF/CM8nYh/z3aRqu1fiMiC9BmVUpp 69e//vUjGq9TPsNijLEXY7yJc28gc4mIHEHWWDRVVV1FkHT89kHqUkS2UkoLlKuXFB8TPnxB17ZO SjkVkdo5t0h5WVO/d3j3JKV0xJgskiLzBHnKxXbYZ3ApIuvk72y0fT2EEFCyrzFBzgPaqLW+F2Pc 2N3dVVVVFQ2vzFJrPdNaW37mcb/ff1VV1WuC6WJKKegY4yLkhlYmNYKuOMwNbhOUlmmLv0EwNWOO 14Oj/xjovGWMucLNuMYH8saYP1hr59baC25K2fidT0mRwhB00u/3xwTer40x9xmEeLLKWb/fP+AG naA2Wc5aJl7p56yz6aS3BcOtvb296/1+3xdFsYhfgpiqqnohhHP8OkZMdTzWpl5rvUGPfc5J6OE+ dgFQ0tNaO+fcKk/3GZqdMzi7JeluAmFhDbxgi1drljMAFaZRSt2Dt/BKRArnXDYaT5g8Ffv7+6f7 +/vT3d3d1xRSZUrpChaNx1Blr6aUnoAynyilAlLeM07vB5qjb2l2PgghBKLtU2vtc+p1QyPUJTh+ yxj9AtnrGrjen/j735OHv/HeX3LU1zh6L2FrXHD0P8iYQavVEvr6gxDCslLqfxeR8pe//OX/wI4z F0UfNbEGhqeXWbyVUvo7EZG6rr/r9/uPMHDw6Ap+yucREfmn7CMkIYRtgFFpZIAeVLUr8AMXtNaP earH3JAHIQRnjKlZ/zATkRfGmL8JIbwJIaynlM6ttZvcmDGStusNya5WSn1NE/YC+c5WjHEdJdkx IOz96XTaYWXAM7yHyqIoivl8/nVK6VYIoW2tnRP0XojIZr/ff8IN62R/OxH5k4hMNViaMAHehlDw ccOAqGRXRYFYaRvExnIj/onU9ANf4/v9vg8hPOLnnmmtN8kgJULKaUrpgPZ0FkIYs4qkA5fgBN3S E1LddRHpzefz52VZek7Re9mcjfTahfIroE7rKaX/zM64Fl8b+IzfwCvsqcZw1OMlVMIOOcNK658a vP9rbAs45yRMm68P7m/ZJyw7NmzGGP+aJSD/lmV2GYmGBToB1rIi8n/yd2vc8HV8GCf8c4V40sq1 PyDpca4XqBPeI6CPlFKHzrnbdV3/IaV0F4OlUinlNFQWyzs6RFN35r3X3vsZF+H7/f44pXQYY8xF zL0GXdazYEaQtH+KrN3SP/w3mhahCeqJyF3n3MfGmD8SC46hvfRy84SD6psQwlVkPZ9wtC1BcxFK bAeobo3v+YPWOsFWKUTkAcywu/COatClo+bWjVlOIxgbCQ3GfegqVinl2bJhwAy283SZ73vOB3/O 0b1JF3lTKfXfMUY/4sYdQ5HPnuVraJU/SSndAOL+kE5xDAt0AXbpExCi51prG0L4FF3Dej5Zg8Hg v7C6aC4i38zn8026yLsYP7wKIWhTVdUareitnCrg8h/D8qhhaa0ANy+Cqd9k58G13d3dU57KXCl1 mlK6w4duQWDIOP4cBXkWXm5yU7soVDzYXh5yvhCROfzFVVLr9u7u7nsi8k2/3x9WVdVm1jjnFI9E ZFZVleCleQ3PglcppeuDweD3VVUtwBX+RFtrZxgnWmS0VkQOBoPBm5TSIf8teWxWFMUKhiuXDFO3 Ukq7WusP4AVP2dczV0p1WJlwr9/vT5VSq6A+tuE416rr+vf4r75iN+NMRG6nlD4lKLZ+85vf/M5a O+fJHaaU3t/b22v1+/0/FUVxwPA2eO//VkQ+z68uafOAazjf29vbcc5dtdZ+ICK/Nzs7O0c41S5r rTcwAff7+/uT/f39Kd3WIvDWAvP67wFMPCDkIqYko6qqNnidZiEEA+CyzHBkxOz/CP94z6RoVSl1 XhTFrRDChdb645TSaYxxbXd3d6yUalVVZYDDNoDqNpRSnaqqjo0xW3t7e/93VVVzrfVJjLEFh2GC xeYFbnUFKFKZUnpurd02fOBV2s0tglj77//+7699/vnnI4LcZQhhEyBSc2Iu6QOiUqptjBkiZnrD MfTQWUo4eRbhUydTa5jalATKMdOeS8SZbf22Gfkp7jSniDQOQggbxpgt6LubMcb/tb+/H/f394dV VXVTSu0QggIPfGOtfc9aK9Dl7kDu3rDWzjXv5wuM84/zoIGFCy2CztgY8x2Rdwbr830Azx78nZwO /7Mx5jNr7aewxU5jjB2Qp6tKqRURaQ0Gg7OU0lN4iGcYsGYou1cUhWXTyO/gI65lk5eFhQVBI/gG THIT86ZPoPu/wQHzCqTM/6uu68fGmD/wmf4ihLBW1/Wm+uqrrz5Dm595fV12qrTxw31Cvh1yt2/T tc2cc26gaN8AACAASURBVBJjfOScuz2fz1+llD6IMZ7TK5zS2k4bmoQZ/cSbTK3hhn4E4WmcN6Xm VaMhhA3EjovGmBFp8AA84CNO17FSKpRlKXVdX8Ak3cjUe75nCFizydR4VWv9WgM3r/EEJwSOP4G0 dgETh7wKY4yGN6jgrpF7DZtN/skYc4UntgJuf40L+j24fEnn1gUxvqK1/hfYacJik7V+v+8Hg8HB wsJCdn245KKXeY2m2O0siMhfKKVuzGazMq+QYl1cCCFcZenJKgHVt9ttUW//8lO1t7f3ETYWEWXm Bo2D9d6XBLplWt1xv9/3Dx8+3Gw8mavOudpae47J2rWU0haTnef4huV1cR2Q3zwUvUwpPUL341lB towvSIcKbquu6z/iAXaPdnyxKAqp6/obbkbXe7/IzX9dFIWu6/oVp+jveBgvqQpPnHPbKaWF+Xwe zc7OzgL27x3WxEbv/SSlVBtjHDD1aUrp77TWT6uq2gToGIK6TKG2dlJKY+fcNvl3DIN8QSlli6K4 yjj9BKxgCsHhmnOuA7o0YsOAghd0Fd99z/+rlVLXmCBnQ/hALPogpTQFqXK05deLorAxxmVqi3UG rtMYYyyKQuvBYPCEMnYcYzyu61rA7EKM8RL93zLLHK7xpLLf0MtMUpjP5xu0o9+GEP5gjPkjqtJl EfmI+rzX7/cPUH5sK6VGMcYuTtQ9QJDfY9jyExE59N4/cs5t4foQ4PrdTCm1ReRD59y2iDxRSv0f vIp1SimKyH8iVoTBYPBfjTEdVC8dAvufvvrqq99pOra/Qv8neAz/R75wQtn4B2LCdkrpQ7rB75VS vaIoSmPMJXX3vZRS7uiuW2u/o05o1XUtdHEyGAxeWGv/DCj6yHufa3xRSmUpzktu2mpd123+fsVa O8ZJ9jyEMJ7P585a+59YYHwIWhxCCNlP8Og3v/nNZyLyHdoHCSGs7O3tXd/b2+tmPOAsN0T4v/8F Sy6+cc6t13X9Rmu95b3vaq1fYX0xypMWrfX73vt2jPEAJPeQSu8M1fjHePrOjTH/D9s4Vuq6Pg0h rGf3GWvteYzxD6S7rGOQGOOiMUaIF6vW2oX5fN4j+lutda8oimFd189xjLwvIu+hFT4Xke/IcE/Z q1HgZjnSOLpkgdHMWnuBs+vLEMI6Hn3HDCMeZ+UVeKCFGXJurR1TTn9Mk1SKyHJZlrd5Vw+VUs/J Ksd1Xf8BJ9nXdIree1+KSJdXIYjI93gHtPzbuf19ymgDw6yDBe/xfD4/YgLVYqlkzTAmicinWUGG jCcqpaz3fsXs7Ozch/N/Qq2f8+od+IMKQsQpwskW/CEDJn8AGfGAnHzEtOiOc07h4JoJVMvGmHPv /Ypz7pa1dgXM8QXFktNaKyq+Y1JcAAxNmURprZ0iy/0mxrittV5MKZWwUY5FZLEsyyGv0CJMVEvg 7lJrzJVS1zTAQEkKmszn89dFURTk+4sQQivGeM8Yc48f8kJr/Tyl5Pj7z6gfOuwCWKJBms1mM4PB UomR2iUz+826rrvz+fwCy/yhMSY7TVk8gLuAmceQNAypdGk+n1/Wdf2c3REzfApnyHE22ZJe4moj EDxWU0qb1tp1SvFSKeXV3t7eOgHPhhDaFEVDHBmuwbr+fcNSxzas8Sxpcp1JzEut9bUY4wT9f9M7 ILPALf3Gh9TlT1JK57zLc4CLl3z9NWvtslLqoq7rI0SQy0qpTTiDQxjqgWHry36/P87uEw3ws0UV u8nemxFY5QbT7D9mh/wM8GTnqUYZ3hRqFvRDX2en2mw9Zq39DPy0472/klI6gsXWowQ4QNF6jAzp g7quHzX8DjaVUp1cm8Ggu5tFbahinjauzfJ9a4BDPQTiBZ/5BCfPpw0N1/hHT1W6yxf4EK6gMmkB +Q+NMRMIGK2qqhIfVItIHAwGYxg2Xil1DYX6YxQwERC5zQfSkEWntAOHWuuvtdaRB6HxY74RQhD2 R87Y5T0XkTU2bbzmZCdCU5vTb7TWC+A7M1Z4f8wNXOHCX2utP4kxumx9qrUOmFR3qLZHIhL7/f6o qirbkDPlg6+11oHmdYXPMYEQ/x/Rd/xrSukJa+iGTPZOgUynYEFrwJdDpVTd7/fPqqrq0kCfYM9y i8l+MMbMQghLTCwLpdRlv98/ZxooSqnJr3/965e7u7tTHvwITOocn9oboICOLZVvFwKAqeTTJLiD XFdK/SVMu2yclxW/RyIyK4piaz6fP+/3+2dEBYG1cy2fXgDq/O9DgLaMI/cyG4iCeRvh/Ots5UZy zPOkMW9o/uPRtt9OKd2CtnmglLqGWO4UBDCrIT2fdZnwKCmlz7IJiIi8R7P/kv43TyCzg8kmNfAa AqA5KGUvxvgM5DHv4FimPs1huwwhlCGEGQ18fmstMy2BX7PJ99iiKPT87SrQFu1hiyrqkp0bHnOT 57yU04ZaukeUvU16syklg43FGHPU70RkUz18+PCjrFzMzkKsl1lnR9E0hLBgjLmg/IukCsu8SRqk HOucW8bWWVOl5HJR+P48JxvyVi/O5/NLNskvee/HIYSYHdbQw7xmn9pLDtCmc26dJVAjSsVcTl6h cJjwtY6IlBea+EaEk+ykksM6UvdtDu2fGC1Jg3CYcf5tvEEO2PVrET8oY8zXKaWuc24dXq7wcEvy 82f4DH/PIFNijBvsB/jvItKz1t723mdTxhZN2AqpzzLCz7qBtlLqlXOuqOv6u0YJPaEd3uSlbmGg ILkMNj/72c+u4/0hInLQ7/fnIiJVVc0Hg8ErNHyGdnmKaYmgLMlqTIuSU8cYH9PMnAGaWqVUwb6C vGJwE/mMp2WehBBe/+pXv/rhF7/4xUZKKaaU1kMIS6SkxZRSDZB5hVZ7CkQ+gkdgsO+7hHfsudgA 2UMppbYbwI5HSTJisFqGEGZ4Hrxp7Nn6KxFx3AsLOJzFHicwYVvQ8NpEllvwG0foLzestSuo1QpW fAQOzQqw3QVLaz5TSukY4/fwrtYo2mql1BzjaY/QvOD+zfBwdaTFSx5+xmsXAL0XeKnnCEc21Jdf fvkJwhDPGzRu+JDmU5/DaNkQbgsFm6Uwi5jETfmaLOxoaa0/4MFINnrOIz0GvHmYlGlJXQzkDOYQ wm6lFuYQT4kQhw2ySC72LATRFnrMBfZPnjbWGx1mw4rGbhlh1LjGjCULaCxi2GVjTJ1S+sY5d4/J +3MK5rsUixsN3ofEGJ0xZozvwzPakDwfzjyOHnVPDynUGc8h0Tplsyxxzn0CyDVhsHYnvh04O+qq NQ62wBf5XeO+TEVkWWt9q67roLW+klIqze7u7n/gLU7GmJMYowWsumqMuZH3RfX7/XFVVavOuSXs C27gJ1ECQnV4u0ullLLW3qYjOEJD3k4pvYZEdwHkckJUWIci/X0+vRhrv2Ij2IlS6ja60zewju8g wfrIWrsJb/w0O5M757astYL1U8GunCuAdr0Y4xKtmc1FI1z5Ue4b4bgr3pYZ1+bQv69qra9Za1sx xrooihYHZE7IPuWaHYP+FaXUknOuhwLLQEGviUQvkKr3UEhdks5u8Ht1jPEHDs9UKTUaDAaP2cQy p/46pNNYBDbWtJZZAqdTSgcIEsYppUsDn+yCkB5ijAloeAlTHi8iGqWDQarZKcuyDiGcMJbpppTG xpjhW2qNLDNTf+6cu4sa6oBquYYpeZ2buZarYrzz7jvnLOE9Ouc+0lrfRGT0ex5+wsuvDaIx5wEe o8fbpj44wJLie3S77RDCS2PMqVLqGqrqbEl5QZcS6ZE7GKctAHxOjDFD771lEdIqc7aXbH2Y8oBm 2Fx1oLAfa61b5OFTEZmHEExRFKmu62MRGRdFsciC4ksinYXZYRiRrSKQ9A3CxQLON540OISK30PR cgGUf59aZ6yUmvX7/ROMY3tFUXRNVVURf9BDyI8FdPc5p7CNPKXo9/svaPuGrH0/ZS/RlK9JVOMO hGclxlhw4UXe5EpHkfd9zAhZwocesmghU3efo/y4KIriOgfplBBfIIEpubEdlGbjGOOTt1HTrRlj FvnvE5RwGn7CiIe3lKV52ZtARNrIf7+HcrMRYyyNMTchZ1pmDIa0VeTJEwf9hVKqba3dhuegMJbv pJRueO+TUsqyeE7zcnlC/tQY46kpIqDTglJqCSO60OBvzbM8qfH/2iBnbbSfLbZ9FTs7Oy3qqssY 49RQ2ERCxBTa3D24iQtA6EOllHnw4MFNcIPsWJHrhkR7UyilPs7qWK21hBAORWSLyjallF5zwYtv XzBdW2sVp3TKILdELuR4e2ZMt0JDeFbgvzZH23kN94xFHsZtdF8ja20yxiwBcT4B9mxxzYk3fwEC aqITevHgwYOpiFwpimJNa91yzl2yv2EuIku8tZaNPVuQ6A8aCsHAkPwPrEaIhPsfwaW6rq8qpZz3 /s88GA0Rfwg+E7nOA3yiag7+Bl+rePgtDsIMvrnBO+K11rqttV6nuC611jehXp6aqqo+ggV8nofg zFeeMQpRjEa9tbZWSs1ZmuP4oHcbk/5lEfnOOWegLteMROfIMgvEcQZ6hS7e2oqFGOOFtXYhxjgy xjwJIQyJJgsMyZa4oamqKpcjBL/3ldZ6yM80wKEjZtLee++wUOs557ZjjBoVxJCqvoAcpPm593Z2 dj42xixZaxUPs1ZKRWtt0FqLUuoN4FOXVnEI4W6Re5mcc3c4eB0ROacjuk3BeMKLV9J+t3iYp41C MTGba2Nlex07u4LNr5aapiDqzBsQ8tNsRUvUfc3XW1zYlpRSU7Ozs5NdCgtu2gI9a01ePMLMa41c vwSZOK+AsiLy/WAwmOK5s0nx9gZHgyVCZZfR7FJd18ta63WMAQ9CCMk51/XeTzJgpLW+i0z1gvXG hvYxNYq3NefcdWPMeozxBdvk51TF7RDCRd67SZE4N8Y4rfXWF198cTPG+Ir875RSS1BeZo32ctV7 34oxnsQY/wxV/SrLDr5jl88ZdPQeNjiG5UcbKaXnMcYMDpXIUya0j2P2g0iWvVJ33QM9/Q5a+3h/ f/94Z2fnWCk1N8ZkY0fDgUrcix4Sm6wob+W8j2y2xjfgSuY+ZGrcBrDtsjFmCZTsdSPEZ/hzBCJ4 i755inymVEp1cJtvIWoseaMesRekjQY4siZzRMhtpZRa1trSez9yzi0YY0pSz3Poa+sxxgQTpYXx c6DvjzHGrFfMwu0JxWDiod5BO9RTSvXquj5PKX2XUrpwzl3XWl9no96zxtb5Da31pyJygg2Q0Vov ich4b2/vGw56l8jR4uefEkkTD3jEOuwV9JGBN/6S0D1JKbl8z7MbBvSCQGRt//znP1/f3d29jwlM jcDjz1n/kFJ6D2xhyvdvUjROSWcXeLpMqJ08+kwREW+qqtrw3ufCwInIBiEiT43mHIbpYDA4/sd/ /Mdvdnd3M0NFAUZ4Y0ztvc8Vs+X7ruJ78mfEn7lAWadPzjm7BJGbee8vQLsK51zHGHOOH4On0Byh hPcchjaVuxKRVlEUt2mzFG2VJwop8p4mkliMbX8nIqOiKG5qrVvYqD+hQ+nhx3pLRHQIwezs7Nyw 1t5LKY1pO1vUTVcxwJzGGFeYvt3h+vK24tDwnXEUr6+LovCsbY1c5yi/1fP5fB308ISOpsvPaYPP KPbXLoUQxrAbl2KMHyulFiHU3bXW3owx5gHZOS5FVj18+HCdnCFAvB3IKpl7nav13ILYBki0CSv3 AmAmT8pEaz13zhVaa4+j8CEPugVmsEq+tdzMbL77Gu1pR0QOG7OGNa31NhSncYxxZq2dNxjBF0qp i7IsC6LYbD6fv85aNzhmGgHNnP1Ul+haLhs7r2wjmmRcvZeJ91jAdeHP5y3qrSYeT/vVw+xvgbw7 4eDm+YeF6zLj/gxJsx1gdMPBycJlba2tnXNPuZ4OJiOZlNhtbG8bp5QC5IWbROVhWZbFfD6P1E42 KyWvDgaDb6uqujTGbNGP54XDI/DnZaXUQlEUmyB6BRdcN7atW8x+Sg5RJ6V0Jca4Yq29hJnQ43su lVI1Bh5FSmmEg1KBaDCSWi7Q3i9zUcewnU6NMQve+2xsWmqtJ0op7b03b3ebxh/yjKIoihVjjGNF RguH5XHDGrvQWr+vtV6iwr9spMDAzSo4tKeZrMAC4yWt9ZK19orWegsRcgZyCoCdFnVFC3BoOYRg MG7NW2gmRVFsWWunUGKT1voshHDBpHSslGrVdT2NMXZjjN9waFdIDaK17hpjVrH1umRwlGVyK7T2 ryk0rYjUam9v7yPg0DyPvsspbINXex7oBKe4szwda8zcMzjR9d5v4dPdydMrDI2stdaFELL9VjOS 5AFNBkHaGK+uU3lfaq2FFR/HeR1fTh15ts8C6NV86FJK30DKlMYgJ3/mtQxHe+8LZu/LhMcj0E/f mD7K3t7eMiv+1mDFnHGg8w721yB6lln/bYTZE2DbNkbQP/7BECJv3Qu0oG/yngdMqUwjsiRsDKJS 6klK6dvBYNDkanR5ju8RacuUkoeTMEsprRljDkXka6XUmdrb2/vLBh7uG9ixZ0fCBsSQMVR7iTEW 0HSfNPDpYWPEG2KMf42qJYAROJAxgaBZMr163KAe91JK74UQzpD6j5i597Aze4klyZs8ggbD34Qt X+YFlhzAAKf7ZfZd5dqyGbaFo9VlldIPPxIl3loi5v665NAeZPKFUqpLl7IsIo+RSlwFiz9vOIt7 9kGPnHPtuq7XYow1D1Qxmo2NtS3WObfYvKekhpIO5Sqp85h5zBq1x7cismmt3WIL8UXDSXyLwzXm 340xZioiz82DBw/uEcYKfqHwdmxgMFej49zCK8oDVy6klK4xjKgpwmpOf6I3f0XFXvAzlgCLriKx PMrmeFzUSlmWMwggJYS8mFIa0/bcUkr1dnZ2aqXUVcKyg02kAGbypMwzd+hSgOksl26AP4me/QQS v4NzOmxYOc5SSm8ynwxcowufreAz5NzdQctqcVAbK6WUMWZBa91D1vHcOVeA7mnIGnfQrq2hgEwc tm0AnVlRFB1Sw1NsozeJQhPmCT9Bj/M4xnghIqkoioUQwkVZltMQwujtuMc47GqMiLTNzs7OHcLE fU52RJM+AsF7TQ/5hL51ldO4Rlt4XSm1QSXcIucuQts6zyulEfBcwHjusVtrhcLshLx0BMQ8gsY0 Iv9l8uBrDI3/SmtdGmMUE7wT3ohj59waw47lGGOXkFvwe+5SPU+VUt2iKFZwfbh0zl0BKziBCHmj 4QKzBmV9TCcxYcgVAc1yUZUd2zc5GNOU0qrW+goj2BnL0g9EZFSWZYKo0SaiDlNKU9RiK9h4PYPd eRxjPKOlK2hZM8bfBmw6Y9ybjDEr7BQbhRBGSqlOWZY6pZS894uknAvz+eef3+bEvwam1EhOUkpJ O+fua603rLUlAIiAT2sEEXP8RHvQuLT3/nsq+wxtLvPmt1NK93hDEguW1kXkjtZ62711N33NW6oh NE4AerJ7VTTGZCs/BfWrC+pocKdbjDF+p7X+F621YmJZc0N7WPPOgacNjvSHSqk3RVFkOHchxngF 0EsZYyYQPG+A9i3CjFphIdwTrfUJgq+LRh9eQusvqMznWbIbY1TOOWWtHWJNPKUdL9BbFSJyTyl1 pSgKFUI4h/6VxWYhU/hYO3BujDlGCLaGv8IzUtnIWrtkjJk5506JlMHs7u5arXUvxphA27oAGBsg Sz/EGB+Dw8/wJRkqpX7AqG1OtCiy5zEhcSQiZVmWSxQxL51zvZTS9+TIdTxPz0XkIKWkyU9LSqnD fr8/xfyhk1IaF0XR5e1tQ/SYxxi3WDo5J2WdKqWOIGIsFEWxEUJ4Rc5TOO8l5gsdFk7NWUzdiTEu WGtTCOEZPouviHiet9lQnK5m7kKMcYonS4uDMXHOtXnYCo6fB2xLIrJKeplCoHkEqeOyKIo2Xc0y 6GKLh5kZSzVpeoF7nIgQJ9RWNdhHzZrIxEtpWAJoQgjTEMIF28guDajWIRVsXpUecNdaEJEtPFYu eLg668iUUgZi5SJ6qylpwJNKdAihJocuxhgTN2uilDqjYl4XkVvYrj0Kbz/11d3d3Sze+5EfQIFk mB3kzQMjRtYlqxju8bCPjDFdsPhzvrYGQz8j2p2FEGoEuVPIpblFWqBuyb62HRDBkH3oc6QMIcyK oliglnlBuzqz1rZTSqshhBJeRQuwawRWMQV5tDB6pgyPfkAvlwC+LC4sHkQy9vv9J1VVGVjCl0Da VkQ2QghFjFGstR5d/TYR4QxMQOVVWaaqqqWiKG6HEPxgMDioquo4jyCZmp3TO2/QnpWEKk2oPKYQ e0btsJYtobN9G6BSSim9BuWTfr//uKoqVxRFHvsuxBgtvWsXFWaPwmuI0egkxnicUno1GAye7e7u HsOJL7XWS8zmPctIr4hI9N6PqeKVUuoxOXRGFV5orRPXkoXQOb0lugXNQXgNTiAUaZFociOltBFC mHCD83i35qH/jkiS6C5e4CveBuL+O2T53yFeXgghvIGZpeAeTowxB1rrGZHkWlVVP1FKbRZFURJh J7xMR9QHLZxwzkE1u8xZbhFlJyKyYqqqWgshjIEMNWajC+DbN8ADHCPMLUL3CrbXy41wf0qKuMBt 4qYxpsSSc52QmZmyo6qqlHPuLhsinymljvIuMy5cY6+xlFK6xnLUWiklDe7/onNugyr/iGHTGMr3 MITQSSkZAKdaRC6hUUf8iy9F5EN2IRQicj2EcJ1DV/K5sgNFl8h4CXdhmes8RNm6SGpYaTCfZ865 W0Dmz3DYWaAlnoEfHGmtLzGjeYaTjZDuHLyCvL3zfZ5HTfdwWte1puhNHAJFfZAPUQkXYQGd9gJI 43Wl1Jn52c9+do+VQe+BwB3kcEnIHPL2LJMiLkDBllNKV4F8O9QPQ6LB3DnXQhJ0BTmgJfeuYTbl QgiXZVkukBt7IvKN1jrLf5O1NhM3p6jeFyE1XCqlfL/fH/32t7999Q//8A+vq6oaKqWGxhjFqDoy +JiB7k1EZLK/v+/39/ejiEjDYeucwdGcn3FEd3BTRK5qrbecc85aa0IIZVEUhbW2prpewuQiE0SX eCnarDnMAE8Pq/SZ1vpJbqVhHQVqoAWexRRzq5Fz7r619idKqWVjzBHF2w2KyzYpKcYYFxg6zfOW AgrtGmKL53ccYsgVU0or6ssvv/wpp2lLa32IB1wnY8XvcPjveO+vUGQE+vNJVuhZaw+990fvIG9T IGHNDWpD75IQgrPWHlOpTrL02Tl3Fbq3ySva8KD6IatlQCSf5L10eV5AK7WZ+fDee22tjfACMi39 QESmTaRvb2/vOoDLRgjhgO+RbNMOxP0mG3vxUA1TT8PQp0Pru4Th2AGrGzrW2sl8Po/w/WPWRADs rIH9WyhrWSHVcs5pVFEdHJOKEELpva95k9d4focghaVS6oDP+bIoiu1sYcP1lHVdT/KyEVNV1fu4 GL5hsd9nVK6n5MEOdPFhVVUnoIEBxYlkcIfiaSYiJ3n82IgIJ1prR8rwMcbnuKg9y753hLUjCr7z fr9/wO7NU7BsC9qW7aY3Ukp3lVKSnRMpGONgMDitqmqCFd5SCOEuBuM1OodNpdRyVVX6F7/4xZ0H Dx4sg3fMBoPBH7HLvA5wMhGRFcQZM631TWYfLwjRJXZXEwq2G4y+L5RShTFmVte1xBiXjDHiva+p m8Y4wJ4opR7BUVzLxSbpaBWQbtG+7Vd1XddD+BbinOtSnzkK7w65vwPB9RxBykGM8dxau2CMqTnM V1NKy2pvb+8ey1FK2qQAj1xERBtjSmvtGSTLI/Ladm4V67ouCLGGzU1zY8yflVL5RGZKeY8K2Sql NnkIFoHCPM8AoIgPmwqgxluet1+vi8h1BkCPG3rlcRPDxyOsxbx9I4RwjILHMtlbYmz9jAIwv92H bNjKiqer8BFcLoJZ9BrQM+fok79+iI5iOXulAEQZY8zXKOuzmOY4i2ooTK+yj80ZYyLGcoaVpLW1 9rQRHYewnIrZbFaiisqimEzEWRaRo8Fg8C9EyeWiKLYAjmaKYmqN3LwdYxwzulyj4g7ctEMw+I+K otDw8CSlJN77cUqpzdDhkvCV/9wQka/59w49a9N25Cp05XO2bB2yAFKllB7nYU5RFPfn8/mIm1QC rHgE6dL4nbcZAr3Ih8Za+4H3/hH5c1sptUq7Ko3Ftpf4Ni1778+IZlmC1otvS3YhvFu2hedFejbv bWwITC0h/n6M8RaSLA/5VGKMLezOj2nVThDqt7BevRFC6DFHkbzNTGs9ttaeQXItmTPM0Q2067ru isiR914zJ+hAaa+11q+zE8GPPnlVVS3DoimANQ85cZabNBORlRBCubOzc10pNYwx/gA0OaQlDFTI ZYzx/ZTSKE80Y4yBPr9kilg2xq0FTv4HULkuwB5CCGEC47aAuZsXeFlAmimtX4d5/XqMMfCmLiml NO1eJ8b4pN/vn1dVlfvoITe0BiRZY43zJi3cEV8zgxI3ol08poBagFqVmLgpKvzsWzehy4iE+DE1 TiujgaS8TRG5Yq01KaUjfnfe2fOD1voAHGJOy6npjrIRSKQwrUXkNMZ4aq3dgOpmsiiW3Vpd6PdX WH39luUMlWvEzR0BVsxpnRx28G1EFSPg179kO1pC6NCy1sYY49w5V+OhI1rrBBVag7zdypTkHMJY T7cYQnjU2JEzR4Hryf2LvOVBRC77/f7F/v7+RVVVQ611qbV+ykLROawXoZVcoT0asqruKiKSWVmW U/12Nes52oSWMWbOQqU2D3ZGr70WQniRF63j0XPOzGABh7d2jHEVIkuNycGKiNRlWW6CIXyNrM1i anCqlDr23vdSSh8j+zrhsGoiSsFe0C2Wv5/g9iIiUnrvO1rrRWz3erx0c55pACe5QkpOdGYbuFlb 9eWXX37CzL7MY9OiKD4k3B408lsJBVorpSwSq1mjoGmJyDX8O+dwzibcEJur8OzoTp49a4ye82i3 xQO8BwAAGdlJREFUR1X8Yw2AzeU9pVThnJuHEP4N6nMmVeaw24XIWVC5rzYcLs7R8/8oDm06ZTLs GXnvF4wxV1gLail0jxoh3mY19cOHD5eZ3q1jzX2QzaBYD1QTqg/gMBxgRDEDU+kx0+hqrY9ijBda 6xJFUxbVnmTXbDiKt6ipajqNbmOE/Wc+57DBt9iETLNGehzj5DERETG7u7s/FZFVBhoGn5MRv2Cj 0dJNyHkGjr5OKa2llH5KKJsqpU5CCI6KekQPnnl/d/gQp0zAFmKMf2uMWSTy5C0ay8zSD1g1sKaU +gDZlU0p1cwiMnOnJSJzZgdaRE4bDOSz3Bkw+v2IQumZiGjn3F1MsNu82Yqfe6GU2tJarzCveJ/U cyki16qqWmbz4Ao8hSn3qwUfr0eNMs4E0IYucMgQZ8hLUPBZu4BeB8DHcyDrPMK+gNhaO+cMlX/e S9kmcjpy/CVR/CfGmCLGeESncopnfQcbl8I8ePBgMcY4xBX8CmHsCjfhWb/fH+HCN+NmT2CllHy4 YYxxyNBmjaIl8wK2yrJsxRj/iDnDpdb6LgZ7J6xFzHrCSAcya0QEr5SaGWOK9PbPK2PMS0ChHGIj Bpkt9IstBiLfWWtvMXhK0MNPmf/3KOQecfjytTmslLpsRXSE10x2yVtKjxvFVMqiWnJ24uG0aB8j qGE+vC3ax0uK0bHW+py0t8D1eMCsZX5eoJuYishrqOZH1to10NIcUeek3Lsicg/V9SMi+AXoYmDx 0UVKqW12d3fHFFuJN8Awf1ZKqb/e2dlx9NmWiyp42yO/TBH2uimlq7m/JP/UTJ4CxcwQK5YNWLMe B41z5OPL1tqNrK7FXa0tIo8Gg8G/MSAqsnU8rVwb4WX2+Jzv7+9Pqqq6b4zpsstnSkvmU0rXIVQE DlDR7/ePOORDEemWZbkGbuHB80sK3COttWFxyoq1doVB1CIPZwQMO4V2FUDjlmglVxgCjcFPXnH4 OqCp/4OU4xlaXWSvMFZixty9UFBGOAUjhm03YFAtUTO+iDHegihjiEYvKUCLoihE/frXv/5b7/2j vIrOe78CKyavrao5jd9RyU4brCFP33mLmftFQy62ppQKxpiIXb4HAfPk+oCJ2jrrN6RhUpFHm14p dVwUxQY1iafi77BkZZx/J4JWwU4/C0euNWTqklJq8SaWIYSC9jazf4d8Xy8vhuM6JxSwqzHGTVDM 7GswM8acZQSu4Wzdg6DSa1DVRg0RiLzjn9Tiew5oc3sxxqvcw5KdrqdEravOubHWelbX9YW1dsV7 P2rc1ytwGcYwuq6xlGYCwpjt0GciMjWff/75QSPkjriQC9qsC07imDYxS6kz6jaDuPFKa/0KOlQb v4FN5tc9730rhHBIbm/zZoxZN/CUXnW58TlKEemBOiooTtkIIg9nvtdaHyOOWGBveo3n0B0R6TI6 XmaUPGPqdwp0ndjfYmEV5Q3fYx7EZSOvK6VUpr470tG5tXaCrn+JzzVzzt2k8FtUSh0xUZ1mcC0b cYrIRozxKu3xUb/fz52KVUptMhN5QeraRH18l0hr67oO+FO/gftgzVuc/Ii0ssbP93QqmYPYJsp6 EWmZqqpWaTu6eXEVOfYQIkLmBEy11s57v0JEmFG4ZW6e4SYva62PAXcSpz3kHtQY45xzCUdvA/9v RItVsNVjTWutQghjUkqHN/I0P8TBYHBeVdUczCFqrc+11mPEKW2t9SjGGGKMIwQXRYNMcYn24FJr 3SKdXTBVa2V+PiymzGKuqaD/zEqYAgFInWnw6u3TbRljPnTOxRDCmyw351CN0PW5nFpijHOt9VJV Vcs7OzuJQdARba5HfX1M6L9MKb0mRSyRUjp0B+ek2xmT2QQZJ3MGLSSQLTY4XdNaR/Xll1/+FGw4 iyNeNFqrM1qOv2FN9EsuJmSpWErpZDAY/DuWbmbqZqPxEMIGlbKB0TM2xjwqimIrpVTWdf06I4PG mGUUuOt5e3qmYGcZObKxF865D2EhCbY1M+/9jJC8pLU+a/LtGvT1po1ci15zG+r6PHsggQ1Ya+2Y MPuu5Z1gS9lrsHslpbSd205S62ZRFCssRGw1HEw6pMAJcxJpWLr5vIWiMbDKPgq38BsIOIH0uDff gZxmf6AhzyjvP8sLot4nVR6rr7766rOcj4FxnzagzCYeb1NKN2OMn3JIZnyAkiHJ4wbub3KOybRm 2qIfsf2MyaOsGTdvbL/fn6JYuoUv0BbLDs6zVJ0aYQoeMH3HxGkNkKTIUGg2Y6INGzZqmVzPZDyi k+cE1BciIj1jzGP+fta4J1kJ1FFK9XiYM2PMJVDsEtHyMd2DNA5gLuQ+ptU1Sqmn0NzGeVlUQ/c/ a7iLdVAqrYjI+8aYsVLqOX+XW8zs/+obs5GWiGxCCi2VUsvmwYMHa7SAC7jilwgyLvjlN4gGM0Lm C+b5JdPD2hjjwa2XGoiiUHVeAqSsG2Oysigqpe5AgrgPjrBUFMW6MWb9iy++uA6x81Ap9ZQqNu9E 3YAUWsIwVnmAJSLtfr9/mit64FuTUUVSXDaizWLLmPX4TDxbuJud8/0hry/kxreYM1xUVSUZu0DS ZrBr0biFXXLw1yDVjPr9/pxOZY4R1w+7u7uvMkcCqfcJqGaeNB6Spgve5Fci4qy1N+H6r+MJfZ1O bJXvvVBKLVZVtfzzn//8HuqkhKxtHmNcVg8fPrwOAdTATMnbNoS3vNNw72xGhC67XTb54ENmCDOQ vuztl6dew2zHCti0TnuVl2Z18zq2d3fPZMMo730dQrjM9C0KGXlrSWTLGOMjaFl59cqUz9/N3AIm h/OGT9+MkNxEFvNb2sGH0OB65vncM2NM1zl3nB2KG9+TldG9POOPMS6ihD621p4ysZw2wvo0O7Fn aR7eh1Oih6cbmVAjTPf29lrOuQ+zaRRe+Is4pjbNrUqEI53s9ZRVTiJyzVRVdYnDZE1+XwJZ2mJN ZGYHbUKFzm5eM9yOJ5zuFptUFJVyF0RuRkiKFDejqqom9P8llfcKuLgKIdxOKV1jkVCHNudRSunR YDB4vru7e6GU2kwp1cwfFCuoHZV9j6LSUZ0f4CgypHZRPMQ1MPwFLN5SQ7LWA6tQ0L2PUUGv0RZv ikhR17WFOjcBifTMKsasu20TOSIRapZSWmK1Zpvt0yIirV/84hf3Y4zPKPhmHKIRhy9xkLaUUu2d nZ0wGAzGDx48eCMiNbOR093d3Rz2F/L4GNOvhZTST6y1amdnZ4orzIqIvFG/+c1vPsN73zd60JW8 Igu60xlkzRlpwTfe6iHjZAsI8WPPmxXHxpiR1npBa11673/HmPY6MuuZ976FD+AGkO8xOHneL5In bOO9vb1Nfp8nLZV8XqO1XgZ+bcGrf9SQd00btU2P9jS3ZgsweTqNXcfDRr7PVnRdFkM1cfgnRJQJ k9FZHnfzplpUP58QZSdA1JbBjqVIFXY2bM3n8+dEr1ZK6R5j6Musbn4H93jawDtm2SFFKTX03q/k qNyouTxS81JExDx48CAvh8k06BFFiKFnnwOLLrNs1opIbYzpWmsXkW91CN8vyPeilGqhut1gQjfB LKom/5kY4/GvfvWrP+/v7z/B7uyE6DHDgGrOxl4nIpdVVW0657ZijE+hPWUY9iRr37XW55hG1MaY TNka09rmG7gE/6DLfOGCYtHnpdfZmpaol4BSxTm3yZbvA1jFQifiaTVbGEVcVFV1FTbTG631v2JM la1fAoSbCfqAnlJqGEJ4nusL0NNsFjUHE7iFRd96NrMC3csOrBNUVhOwHI/GQNGd3cXFpRQRp778 8sufghAdNhCwSWNS1lVK9bz3i42pU2QqKJgfDRtQcSZRiFJqzXvfzpw8cm6uIV6+42/bySaR1BbL 1AaSGUPUC8JS71ajU1kjYq2GEK7xIL7nzcp6/wkP2Db21+Uq/iZ1SS6ypkSYLjj9n6mmp1TSvcZn XaUN3aIonnG92W+gA5L5uFH5X8uuX3nJB7qMM4iez7m+AzaoSV3XX0MTawMjC25rue6aG2MWrLUe Spiv6/pJv99/8/Dhw+swvMtcOwGGvVJfffXVDsKICSHwm1zUNE2kHz58eEsp9QHihRm0I0t7NSPX 5gLD5taDkWmP9uo9ETHW2q/h7+eVlEIh1DSt7qaUbmZ7dmPMPI+iWW6cV0hkCLa5hbWTiawgb0XG L1iYPKGwyv+sGWNuhRDa4B2zxiEIWOePRGRSlmXGLs4aljS33i50kEA6ucDm5pYx5hBmk2m0vR7K 2Ix2bjF7MDNK7gKjn2mtQ13Xz9kGkc28PwJJPM6/jwhUaq0vjTFtY0xgK0X+s5mdyRDBXoYQ2uqX v/zl/0YxNiYnrb3Dy8v5b81au5VSkvl8PoEP8O6f2TuVZo4IPS7230US5vXeGJM9fg6oD7qNN7eT Jc4Mj66RFiLO3nmOcYtD8C0/o4UryEreZN94Oz3YvzRy9iR3KXze91m5PcaiZjmltGqMOUkpPcNt 4+gdDuJmCGGbn+eyywrTu9BqtTz0radNvwKt9V/Vdb0If+A8b+Kh9npNPTFugG1d2vBN5jWWemFo rZ3DhD59p2sL+X4yxndKqTXzxRdf3MY/bs7OlAkGj0t5MpgdQGKM6Ve/+tU/7+7untDvF+8ARpbd AptffPHFXciTy/TKp7SGV4gCU/JsCZrmMJtKmdKdZWH9fv90d3d3iFvJiTHmOGMQSqlPAIoKoOkA jCowdVeNMVPYSYkbq6lp2gxLXkALOwMKP2Wd4SH0d0f/bFDvztk5cDYYDH5sHff39ye7u7tHWutJ Y6dAlrAJEWVEjTAHgyhSSl+3Wi0FzN0DiykYJ7dTShtVVbWttTchqg6JPEcgf3MOj0spfcho2WMY daMBPdtsH4sP8VPF2yZU8dta6zv5zYgxHufQ14gI/45P//Dhw+UGr735x1JMPclWq3m1SsYR4Pvn fLaCHjEPbvKqxRfv/L7r7KAuKRjXlFJPMjJrjHnV+KytxpYSDw/wNkRQb62NpAejtb5k41imt5ds LXtN+/Y3MGm/J+de44a+glUsjXWzZ0SEdVKR8d4vADMX1FEjitNjItZH1tp17/1rqvRORjMb0Wve qC2adZM45z4Ob/+M6LwikXKTKPv4nfvfK4pC5yXCGcKdUmxd8d4vMFE6oN++iu/t6P9HWNFFF5/B nTwTWEbVMjbGnGdqeQOqbLFSapmHdAF9+hLbl1Ol1LfN+uBdWBM+Qu5ast37SkrpMTfrOhd/xuTv LvZtHUa7h8jAe1rrU/pxn6VddV1fppSesqNvQndzrUHdPkRAmkkyY8Qtc8bCLX7fnGFXFrMGos3L RpFpGyml+46VzQIHd95YiNjj4JzmB8w1TqD796C2GaB7k1J6pJQSa+26auRbaSBaPa31VZaPpSxx 5s3pKqUm1lptjDknD85EZJzzdwjhttb6JiSPb8n3m4TYTP7M/fmVTC9XSt0IIVwaY97A63ufLmCs tT5EfDJt4PYTPtc1+G4lDKUTrfWqUqqrtT6z1l7wMF5m17HGvqPtvB+RsbHwO09B875vIp88jKtY 2B+BtuVa5g0F5vCdaJjv6/UY423oaS1qA0HQcSYi3w4Gg2kj17fI/d3M1eBeLgGNHyH49AhFrvKC ZUyng45iLZtSov1YttZeGmOm6ssvv/ykKZfibfkx3GutPw0hrInI45TScvabwQHrlVLqn9+5WA9g Iix7vJLlUyJySLeRMYT/xQ09oIjzGE20gWcDTOQiGzVYa5PWelLX9SX+Owt1XV9A9rjlvXda6xda 61PC7gUbTyKH0b8ztbToE9azGRaHoQux83lK6Wvqkl5D15AFHT12EviG6ETjSD5swMMdir8MjXch 0eQZwBl8yIlS6v8lIl9pHPRho4BbTCndRI7/TSauNM263vF8uo4B1jVS+xoDsjdmZ2fnL2KMNVZw q4SyCwqqG1Tv/8xQJ1IUHVhrX6J1XyHHZ0l1dq++wOz4FF37ApEk78npMv4V/v01tq82pXTITlsP 2mZ4S9q0ap7Pc4pBw7LWuoNe8I8UX5vk0XXSwzjGuAkgklkxLYYtK2VZZsKEg2K+QMFWiMh9vu9r YN6mFG2ktd5m724WsJZY1CwDFJVFUSzCfZiIyA1r7QoU+9sc3gTkblJKV3h7L9jjF4myQw7IBULW LsOjKSk77wSwSqnAZ5V+v3+8u7sbSfEppVQaYy5SSkHt7e19FEJY1lp3QwiHgELDhvX4XQSNp1iR LNPzWpSua1C7jnH/evruEqrMYhGRT3EbGxE6OzHGLR5cBpR8Y/R5xij5KuaOi7SCmyGEFs7Z/7MB 2TZpXCW970ZK6RLqljSKtcPGgqYV6Gov8x6hlNI2NKxsENmBVuVA3oaNtOCBrddYtX2eC0wKvw0O 9u8bAzLbkLn3aB/v4kx6DMQ9IRXNnHPve++zH0OZwaWU0mYIYRFOxwgOpXBPc1S/Za3dRLwiIYQt 731XKXWu9vb2blFILeVQTR/q6JHPwdNnDGcWlVIz7EbWqAsMhhJL4NYBAUR2suzmSVtjs1jRDMeg W1uQGnKVOxSRK865xRhjCCFcwaChxw6cbLOWp4+mQVvLv28txrhBuzfOu4ozIkafPWt4Bw7pMHos gl/UWt/hml/mMM9bXQMDB5ZD+Yb65iqcxQwmZUSztNYuhxD+FUKMpfOYEt630Uy+zMpfVNTRGPPM GJOdRXNfb/FTvhJCaGmtp/AYxqzYOcW2ZhFCasYETAhBTFVVMyjaI5wk5saYCZXrCCnTAgzYP8UY JyxLeFyWpUEQMeN7X3ERbSprhdqlFpHgnPvQWtsNIZzBITTsBVBKqa4x5imh9Y4xRmPfXsQYv80r YejPj5BLKaXU+9QXSyKyba3tcQM2nXPXEGu85iBr5u415y7Sz28jb18ivcyUUkeDweD4iy++OGGO sIzpRAvH8HVqlX+OMR5baz/RWl+11nZjjN+SAnuocFbzIlyin9NaG+/9ATb2GoraEd5LC5hRHjOu 7oBQTppeTXAJj3d2doRW9Iz7tYKl3LCxlewsxvjD3t7es9/+9revHzx4cJlSGhlIDZEPWGB1ui4i UwYVXRFx3vtzpdRfGGPWOI2rvM3BOXfZEJJ0GfWeMD/Pytd5jHGKG0l+AEM4dQuQHh0XsA67ZszP KUTklLFuzoeZJ1ezR6/WWvfqul7Gtu4oxvhdzoPkziParmuZFIKtWiulZBBjjLPWYH9/3yM2WaGe yda2V6kRDhg7txG7HGBRe9Naey3GOCyK4pyayCmlXAjhwlo75FBsA6ZNnHMfgDN0lVJSFEVQSq0y G/Ai8hziS08plUk6l1VVLTvntowxnRjjuCzLoLWeZnsePq/A51z74osv2js7O4rr9Orhw4frFEvT htjhTCn1aQihi2Zf6H3XCJ9TpdTrsiwXaQPzcCRLu+4zkHiKDCqHP0+fnIGbZUJ8ez6fX3JgFnNr xMRuDq5wqJQ6y4rfoii25/P5Kfj23RBCAjuYUid0yaWPGnk3E0y26SKWYozjTKIIISxS9HZIDS+y NL2BdVzLqaHh8JmBrKtEpj8CYl1hV69PKYUQQgui6zJv+Yx7lqd4Zw1On21A1MMY4wfUS1mj4TPE XBSFYYnFDPp8mZ1QQwhb3MtZY5FlyMQU8/nnn/8HquwssxqxiKGLyfMJIWWVENbGMGorhDC01i5a a1v4CJ5CaJg75zSkkNOGuVGBBco2EaRkp/eU8DVkoHGHg3AE107FGD9JKZmqquZlWW7HGDsxxh/4 fc/hDNbs58kLLWqMHlb5bysiKcb4bDAYvKiq6lBrfYaR5BKs5JuMkdepHaZVVc329/cjY+wh1LjD xgLKXqPHrqF1LzjnvPd+SFotrbVDrbVlxPuatOaJYpFuYB3jzBEoY0G38grz6HmWmBMhSyDy0nv/ Wik1KYqix6oeTfeStNZXgaAtB7aMMa6aqqr+EnqyKKXGg8HgeH9/f/TgwYOjGOMJHjlDVp4I49KX 7P75gNBdED6HjZHnBO7aOSHSkrNNSqlmErjKnp9scbaGluAFnP/ETHwLfvswxrgWQlgxxkzgIox4 Y2pkYOcUURd0HJP4tshYSCm9n+1bmdVfOuc+YIyaUkpv2MYxMsYc8zZvxhjXdnd3fVVVeQB2FTBn qJRa1FpvhRDW2VB6qbU+CSEY2k5LC/o0hNBNKXnnnFAjnZEe5hTR10RkkXup4BCOsIPriMi81Wp1 GPyUMcZVTKCPiAj3SaEZdr/Iy6OstXm9jKcr8kqpRfP555+vQL+exxjbVVV9vLu7mw0LV9gTmPJi KK11iynZzTyFQteXffqyBGlE3j6vqkrh9hkI721MENshhBXwh9zidIui6LG4IZtQznnYCyxmSt77 bVhGy845RQ/uuXFvKPgM+btNeNage9eNMQvGmFUR0d77Q1DALtw/R8v5AQd+klJaxZJmhIGTJYfP RORFWZZTEVkLIYyJOA7lr8GRayF7IeFbmESkttZewe7Gaq0fhxAuWaZlRKTHlq/sCFKEEMQ5p2KM f1JKnQO1r1APnVDX9KhNhHQzQm38Pf6Fi5BV52pvb+8eMqQlTn9eGL2gtR4XRRFFJLcqJU7Wl3me LyLvNahGc2BUZYx5FkJ4TrFissFRXdcbbOu+zIYQOG93cfb+HnOkbUgQeZizhsagYMzazbSmGONB URTC7PyoAW1PROSMrV7vswSrZB/iHBLG88ZIOEPMQ37nFWhYkvM9+rtuURRPuKmGYUxGJC0RdYnf ddyAwkVEXr29DfVpY43tXWPMCvcrv91tY8yIYZClFho2HM8n3KNTpdT1GGO2qC1DCDpL2JRSwVp7 rJQS7s1x3r0cQgj/Hx4BYWvttQmhAAAAAElFTkSuQmCC "
-         id="image5738"
-         x="0"
-         y="0" />
-    </pattern>
-  </defs>
-  <sodipodi:namedview
-     id="namedview1"
-     pagecolor="#ffffff"
-     bordercolor="#000000"
-     borderopacity="0.25"
-     inkscape:showpageshadow="2"
-     inkscape:pageopacity="0.0"
-     inkscape:pagecheckerboard="0"
-     inkscape:deskcolor="#d1d1d1"
-     inkscape:zoom="3.078125"
-     inkscape:cx="127.83756"
-     inkscape:cy="128"
-     inkscape:window-width="1920"
-     inkscape:window-height="1010"
-     inkscape:window-x="-6"
-     inkscape:window-y="910"
-     inkscape:window-maximized="1"
-     inkscape:current-layer="svg1" />
-  <style
-     id="style1">@media (prefers-color-scheme: light) { :root { filter: none; } }
-@media (prefers-color-scheme: dark) { :root { filter: none; } }
-</style>
-  <g
-     id="g2"
-     transform="matrix(0.85333335,0,0,0.85333335,-90.453335,27.306673)">
-    <path
-       d="m 155.61259,-31.41638 c 0,0 45.52498,0 45.52498,0 0,0 143.5788,0 143.5788,0 0,0 21.01153,0 21.01153,0 17.08937,0 31.83246,0.28015 38.4044,19.84435 1.42412,4.27237 1.27237,7.28405 1.28404,11.67315 0,0 0,205.44749 0,205.44749 0,0 0,22.17892 0,22.17892 0,17.0895 -0.28015,31.8326 -19.84422,38.4047 -4.27234,1.4241 -7.284,1.2724 -11.67307,1.2841 0,0 -205.44608,0 -205.44608,0 0,0 -22.17884,0 -22.17884,0 -17.08937,0 -31.83246,-0.2802 -38.4044,-19.8444 -1.42412,-4.2724 -1.27237,-7.2841 -1.28404,-11.6732 0,0 0,-199.61085 0,-199.61085 0,0 0,-25.68093 0,-25.68093 0,-19.45914 -0.59533,-34.66925 22.17884,-41.40466 0,0 26.84806,-0.61867 26.84806,-0.61867 z"
-       id="Selection-4"
-       inkscape:connector-curvature="0"
-       style="fill:#e5e5e5;fill-opacity:1;stroke:none;stroke-width:1.16731;stroke-opacity:1" />
-    <path
-       d="m 155.61259,-31.41635 c 0,0 45.52499,0 45.52499,0 0,0 143.57879,0 143.57879,0 0,0 21.01153,0 21.01153,0 17.08937,0 31.83246,0.28015 38.4044,19.84435 1.42412,4.27237 1.27237,7.28405 1.28404,11.67315 0,0 0,205.44749 0,205.44749 0,0 0,22.17889 0,22.17889 0,17.0895 -0.28015,31.8326 -19.84422,38.4047 -4.27234,1.4241 -7.284,1.2724 -11.67307,1.2841 0,0 -205.44608,0 -205.44608,0 0,0 -22.17884,0 -22.17884,0 -17.08937,0 -31.83246,-0.2802 -38.4044,-19.8444 -1.42412,-4.2724 -1.27237,-7.2841 -1.28404,-11.6732 0,0 0,-199.61082 0,-199.61082 0,0 0,-25.68093 0,-25.68093 0,-19.45914 -0.59533,-34.66925 22.17884,-41.40466 0,0 26.84806,-0.61867 26.84806,-0.61867 z"
-       id="Selection"
-       inkscape:connector-curvature="0"
-       style="fill:url(#pattern1);fill-opacity:1;stroke:#e6e6e6;stroke-width:1.16731;stroke-opacity:1" />
-    <g
-       id="g6821"
-       transform="translate(106.00036,-764.30549)">
-      <g
-         id="g1"
-         transform="matrix(1.1537283,0,0,1.1537283,-23.059189,-159.14714)">
-        <path
-           inkscape:connector-curvature="0"
-           id="path4153"
-           d="m 135.09588,1008.743 c -0.48955,-0.2781 -1.13654,-0.7355 -1.84585,-1.305 -0.58745,-0.4717 -0.66939,-0.5166 -0.69021,-0.379 -0.0322,0.2133 -0.12924,0.1976 -0.62516,-0.1014 -0.98969,-0.5968 -2.30506,-1.6877 -3.88334,-3.2208 -0.89273,-0.8671 -1.17632,-1.1905 -1.31408,-1.4985 -0.13775,-0.308 -0.27458,-0.464 -0.63453,-0.7235 -0.72298,-0.5211 -1.70595,-1.72343 -3.99827,-4.89073 -1.50915,-2.08515 -2.16995,-2.93637 -2.20287,-2.83762 -0.0143,0.0422 0.53127,1.15629 1.21182,2.47559 0.68055,1.31938 1.3704,2.68212 1.53298,3.02833 0.16259,0.34628 0.66087,1.24503 1.10727,1.99723 1.25189,2.1095 1.88736,3.4566 1.71282,3.6311 -0.0537,0.054 -0.25648,0.043 -0.66395,-0.035 -1.25182,-0.2395 -2.70186,-0.8441 -3.99798,-1.6668 -0.40582,-0.2576 -1.14906,-0.6779 -1.6517,-0.934 -2.2466,-1.1448 -4.53763,-2.98542 -6.87575,-5.52377 -1.26334,-1.37154 -1.65471,-1.88964 -2.51781,-3.33274 -1.29383,-2.1633 -1.73722,-2.98074 -2.09925,-3.87032 -0.20008,-0.49163 -0.7934,-1.74373 -1.31837,-2.78252 -1.1862,-2.3467 -1.40289,-2.90459 -2.18641,-5.62886 -0.52547,-1.82703 -0.64205,-2.33039 -0.71196,-3.07362 -0.11815,-1.25726 -0.16216,-1.538 -0.23029,-1.4683 -0.16587,0.1696 -0.87147,3.46872 -1.06397,4.97465 -0.16344,1.27816 -0.15142,2.87812 0.0308,4.05638 0.081,0.52504 0.14763,1.24617 0.14806,1.60254 5e-4,0.46644 0.0927,1.10949 0.3289,2.29597 0.49764,2.49971 0.49434,3.63302 -0.009,2.96271 -0.27694,-0.36912 -2.39115,-2.70809 -2.4826,-2.74652 -0.0322,-0.0136 -0.0587,0.22169 -0.0587,0.52275 0,0.33283 -0.0379,0.59926 -0.0964,0.6794 -0.08824,0.12066 -0.127669,0.0952 -0.462933,-0.29848 -0.201517,-0.23672 -0.778658,-0.88127 -1.28252,-1.43237 -2.458414,-2.68884 -2.910896,-3.53498 -3.713097,-6.94373 -0.165092,-0.70172 -0.463645,-1.85157 -0.663444,-2.55523 -0.971658,-3.42263 -0.957776,-3.30277 -0.970013,-8.36121 -0.01145,-4.64182 -0.0072,-4.72068 0.517102,-7.80512 0.158866,-0.93687 0.329897,-2.15342 0.37999,-2.70329 0.07721,-0.84657 0.169457,-1.27687 0.601543,-2.80585 0.280735,-0.99334 0.662013,-2.15427 0.847357,-2.57992 0.185343,-0.42558 0.320451,-0.79032 0.300342,-0.81043 -0.02004,-0.02 -0.177829,0.20509 -0.350363,0.5005 -0.992268,1.69908 -1.754682,3.98775 -1.885066,5.65863 -0.05152,0.66101 -0.220337,1.22205 -0.36761,1.22205 -0.13661,0 -0.654785,-1.3392 -0.959994,-2.4811 -0.404893,-1.51509 -0.887287,-3.06733 -0.960208,-3.09001 -0.0365,-0.0114 -0.110133,0.10491 -0.163231,0.25841 -0.178474,0.51545 -0.473736,1.95719 -0.475596,2.32209 0,0.4509 -0.119006,0.97337 -0.268856,1.20315 -0.09561,0.14656 -0.12974,0.15866 -0.208815,0.0741 -0.162301,-0.17368 -0.678615,-1.54665 -0.887574,-2.36009 -0.109847,-0.42772 -0.3465,-1.26091 -0.525975,-1.85157 -0.179404,-0.59067 -0.465792,-1.6072 -0.636466,-2.25898 -0.294331,-1.12444 -0.311792,-1.25082 -0.342062,-2.47179 -0.03507,-1.41627 0.04938,-2.46264 0.325102,-4.04099 0.274796,-1.57142 0.458493,-2.22813 0.86081,-3.07842 0.202447,-0.42772 0.51474,-1.21032 0.694073,-1.73894 0.23701,-0.69887 0.479317,-1.22205 0.887645,-1.9167 1.146482,-1.9504 1.582719,-2.54257 3.118065,-4.2322 2.666872,-2.93507 3.363234,-3.48216 6.443444,-5.06214 1.61091,-0.82629 2.09639,-1.16589 2.09639,-1.46643 0,-0.20512 -0.31924,-0.70432 -0.63239,-0.98893 -0.46143,-0.41932 -2.761262,-3.10628 -3.011654,-3.5185 -0.843421,-1.38876 -1.473661,-3.90696 -1.589304,-6.35051 -0.03936,-0.82712 -0.02934,-1.01837 0.05152,-1.01837 0.05439,0 0.584798,0.32742 1.177969,0.72761 0.593242,0.40018 1.245165,0.78713 1.448828,0.85988 0.203735,0.0727 0.525474,0.19482 0.715121,0.27128 0.49362,0.19902 1.47573,0.41646 2.46964,0.54675 0.63683,0.0835 1.57593,0.11265 3.62666,0.11265 2.59652,0 2.89214,-0.014 4.79181,-0.22667 1.11349,-0.12468 2.60783,-0.25582 3.32065,-0.29143 1.99111,-0.0995 3.05093,-0.38042 4.3477,-1.15245 1.3958,-0.83105 2.12537,-1.44723 4.28072,-3.61533 2.15335,-2.16603 2.68169,-2.64131 4.29575,-3.86385 0.52956,-0.40112 1.14612,-0.8852 1.37017,-1.07574 0.62438,-0.531 1.24352,-0.90268 2.08474,-1.25142 0.4217,-0.17482 1.51659,-0.69225 2.43315,-1.14982 l 1.66645,-0.83196 2.81443,-0.78821 c 1.54794,-0.43351 3.26791,-0.87142 3.82221,-0.97312 1.04473,-0.19167 3.89072,-1.03036 4.55752,-1.34307 0.70689,-0.33146 1.14857,-0.97416 1.80958,-2.6334 0.79777,-2.00253 1.30627,-3.76665 1.52232,-5.28163 0.11114,-0.7796 0.1155,-1.01446 0.0358,-1.91226 -0.12544,-1.40675 -0.27823,-2.24199 -0.4902,-2.6797 -0.12509,-0.25845 -0.53413,-0.72417 -1.35408,-1.54175 -1.35394,-1.34995 -1.26256,-1.30538 -2.68161,-1.30764 -1.48361,-0.002 -3.01495,0.30927 -4.9587,1.00907 -1.98045,0.71303 -3.64776,1.6416 -5.02023,2.79594 -1.34585,1.13195 -5.3024,5.36446 -6.00463,6.4235 -0.55073,0.83054 -1.52603,2.54479 -1.91504,3.36599 -0.41806,0.8825 -0.53406,1.43292 -0.5921,2.80891 -0.0594,1.40211 0.007,1.78773 0.57478,3.46162 0.24603,0.72275 0.4366,1.38932 0.42357,1.48128 -0.02,0.14279 -0.0615,0.16367 -0.28295,0.14313 -0.72155,-0.0669 -2.00937,-0.62533 -3.94539,-1.71083 -0.57971,-0.325 -1.24709,-0.66439 -1.4831,-0.75418 -0.58487,-0.22255 -0.62867,-0.1675 -0.47731,0.60069 0.0941,0.47747 0.27264,0.90725 0.88585,2.13196 1.08158,2.16029 1.21912,2.6622 0.8168,2.98038 -0.2934,0.23206 -0.63575,0.16775 -2.15285,-0.40439 -1.51588,-0.57174 -2.10912,-0.87114 -2.74423,-1.38499 -0.45978,-0.37202 -1.50178,-0.85799 -1.55223,-0.72393 -0.0136,0.0354 0.31165,0.80298 0.72212,1.70564 0.41055,0.90267 0.74639,1.68584 0.74639,1.74038 0,0.27308 -1.00665,0.18117 -2.0931,-0.19111 -1.24287,-0.42588 -2.8774,-1.21212 -3.87826,-1.8655 -0.57377,-0.37454 -1.66902,-0.95209 -1.80563,-0.95209 -0.11686,0 0.10663,0.39698 0.66709,1.18502 0.2753,0.38698 0.60241,0.88692 0.72692,1.11096 0.22857,0.41126 0.60598,1.4457 0.60598,1.66098 0,0.16842 -0.26434,0.14754 -0.97752,-0.0772 -0.87405,-0.27545 -1.80013,-0.72492 -2.91083,-1.41267 -0.52955,-0.32792 -1.12158,-0.66554 -1.31565,-0.75029 -0.86389,-0.37716 -4.07241,-2.46361 -4.6708,-3.03731 -0.4026,-0.38596 -1.22298,-1.36554 -1.65986,-1.98188 -1.383215,-1.95145 -2.370903,-4.08191 -3.096891,-6.68024 -0.489264,-1.75133 -0.699654,-2.81418 -0.699654,-3.53519 0,-0.49767 -0.02004,-0.57195 -0.211321,-0.79243 -0.116215,-0.1338 -0.250034,-0.31701 -0.297336,-0.40712 -0.06083,-0.11607 -0.242235,-0.20923 -0.621939,-0.31957 -1.464286,-0.42557 -2.078997,-0.79352 -2.370322,-1.41888 -0.265922,-0.57067 -0.381422,-1.12276 -0.384642,-1.83793 0,-0.68676 0.114999,-0.99948 0.479747,-1.27133 0.252611,-0.18825 1.104189,-0.46811 1.757901,-0.5777 0.295333,-0.0495 0.536995,-0.12129 0.536995,-0.1595 0,-0.0382 -0.4162,-0.67349 -0.924928,-1.41171 -0.727206,-1.05534 -1.001786,-1.39404 -1.284882,-1.58468 -0.19801,-0.13336 -0.494345,-0.39503 -0.658506,-0.58152 -0.583511,-0.66289 -1.601326,-2.5342 -2.013232,-3.70128 -0.362959,-1.02857 -0.982106,-3.2375 -0.938955,-3.34995 0.02147,-0.0557 0.09818,-0.10129 0.170817,-0.10125 0.07256,4e-5 0.74259,0.36666 1.488974,0.8147 0.746383,0.44805 1.37326,0.81464 1.393011,0.81464 0.02004,0 1.391722,0.80822 3.048794,1.79605 1.944962,1.15946 3.695636,2.13808 4.939449,2.76107 1.53484,0.76882 1.93122,0.9972 1.94947,1.12322 0.0129,0.087 0.0786,0.17961 0.14698,0.20581 0.068,0.0262 0.88529,0.11341 1.81566,0.19378 l 1.69149,0.14616 1.08701,-0.23159 c 0.5979,-0.12736 1.09868,-0.24286 1.11292,-0.25665 0.0673,-0.0651 -0.11278,-0.20594 -0.5312,-0.41567 -1.21174,-0.60728 -4.75424,-2.50444 -5.34576,-2.86282 -0.36661,-0.22214 -1.13317,-0.65457 -1.70344,-0.96096 -1.488412,-0.79966 -1.699589,-0.9541 -3.076069,-2.24986 -1.088374,-1.02463 -1.482319,-1.47801 -1.889502,-2.17462 -0.07292,-0.12477 -0.148776,-0.11587 -1.333114,0.15632 -1.242017,0.28544 -1.272573,0.28861 -2.774142,0.28792 -2.015594,-7.1e-4 -2.705014,-0.14942 -3.639461,-0.78397 -0.23422,-0.15909 -0.457562,-0.28925 -0.496205,-0.28925 -0.207241,0 -1.228492,3.05728 -1.521535,4.55492 -0.21132,1.07987 -0.564188,3.84626 -0.564188,4.42296 0,0.53998 -0.0901,0.80341 -0.178474,0.52188 -0.0229,-0.0719 -0.213753,-0.94724 -0.424788,-1.94525 -0.351294,-1.66123 -0.383568,-1.89593 -0.381635,-2.7774 0,-1.75494 0.368325,-4.2949 0.758191,-5.28413 0.08401,-0.21298 0.15264,-0.44701 0.15264,-0.52006 0,-0.14388 -0.582938,-0.60233 -0.765848,-0.60233 -0.193502,0 -1.098107,2.53152 -1.41405,3.95704 -0.233719,1.05452 -0.638612,3.85783 -0.698867,4.83925 -0.02576,0.4182 -0.08008,0.76815 -0.120795,0.77767 -0.04079,0.01 -0.264705,-0.89924 -0.497637,-2.01945 -0.492484,-2.36797 -0.513595,-2.73352 -0.279518,-4.85118 0.193716,-1.75211 0.322956,-2.4187 0.63668,-3.28338 0.288893,-0.79629 0.33462,-1.26843 0.156147,-1.61233 -0.206598,-0.39819 -0.871616,-1.14049 -1.021751,-1.14049 -0.202161,0 -1.184696,0.9594 -1.742445,1.70139 -0.594172,0.79043 -1.168236,1.93188 -1.360736,2.70541 -0.08108,0.32587 -0.215328,1.05828 -0.29841,1.62755 -0.143481,0.98391 -0.242879,1.308 -0.328037,1.06964 -0.117504,-0.32917 -0.195648,-0.8694 -0.234792,-1.62327 -0.0926,-1.78418 0.439099,-3.56315 1.597818,-5.346 0.290539,-0.44709 0.481035,-0.64532 0.889506,-0.92581 0.285816,-0.1963 0.519893,-0.3918 0.520107,-0.43445 4.3e-4,-0.0974 -0.500642,-0.58066 -0.7169,-0.69137 -0.272505,-0.13954 -0.711676,-0.0943 -1.138324,0.11719 -0.840057,0.41654 -2.179755,2.02606 -2.810782,3.37697 -0.350936,0.75132 -0.473091,1.21872 -0.704377,2.69607 -0.187848,1.19956 -0.273865,1.44434 -0.395447,1.12459 -0.310075,-0.81546 -0.297623,-2.89669 0.02433,-4.06477 0.328036,-1.19047 1.304418,-3.06293 1.844419,-3.53702 0.136324,-0.1197 0.702444,-0.52826 1.257974,-0.90791 0.555601,-0.37964 1.010158,-0.73026 1.010158,-0.77916 0,-0.0489 -0.146199,-0.30689 -0.324816,-0.57333 -0.178688,-0.26644 -0.341275,-0.52916 -0.361241,-0.5838 -0.08766,-0.2395 -1.430223,1.31226 -2.098747,2.42572 -0.222341,0.37042 -0.478101,0.75265 -0.568197,0.8494 -0.150851,0.16191 -0.166022,0.16492 -0.190495,0.0378 -0.03793,-0.19839 0.11414,-0.94753 0.332544,-1.63478 0.264205,-0.8316 0.984468,-2.25818 1.505505,-2.98174 l 0.440531,-0.6117 -0.11872,-0.59184 c -0.08008,-0.39917 -0.152211,-0.59183 -0.221696,-0.59183 -0.346428,0 -1.625084,0.87531 -2.400736,1.64347 -0.676898,0.67035 -1.112133,1.22902 -1.759261,2.25831 -0.692999,1.10229 -0.899739,1.20781 -0.750534,0.38309 0.300414,-1.66027 1.33247,-3.76479 2.437375,-4.97018 0.214827,-0.23434 0.836407,-0.77742 1.381346,-1.20685 0.730783,-0.57586 1.119647,-0.94578 1.481747,-1.40945 0.343708,-0.44022 0.527334,-0.61791 0.612421,-0.59282 0.786744,0.23183 2.454549,0.41838 2.454549,0.27453 0,-0.0356 -0.274938,-0.19894 -0.610989,-0.36285 -0.336052,-0.16392 -0.927648,-0.50173 -1.314652,-0.7507 -0.387003,-0.24897 -0.9869,-0.58864 -1.333113,-0.75484 -0.346285,-0.16619 -1.02948,-0.54077 -1.518315,-0.83239 -2.194782,-1.30936 -3.797324,-3.61985 -4.37468,-6.30721 -0.203449,-0.94679 -0.172892,-2.47383 0.06798,-3.39367 0.50236,-1.91935 2.371897,-4.46829 4.126864,-5.62651 1.820875,-1.20173 3.806627,-1.84988 7.858853,-2.56512 2.463924,-0.43489 2.851357,-0.4759 4.2083,-0.4454 0.672103,0.0151 2.155281,0.0286 3.295824,0.0299 l 2.073844,0.002 0.962785,-0.24854 c 2.128015,-0.54933 4.131014,-1.3994 5.904083,-2.50564 2.2413,-1.3984 2.96901,-1.69166 3.68054,-1.48309 0.1993,0.0584 0.62394,0.28994 0.94368,0.51448 0.31966,0.22454 1.08122,0.67441 1.6922,0.9997 0.61107,0.32529 1.40468,0.77752 1.76356,1.00497 0.811,0.51388 1.06218,0.59861 1.6356,0.55173 0.45671,-0.0374 1.54952,-0.3031 1.74624,-0.42468 0.0848,-0.0524 0.0308,-0.14643 -0.26313,-0.45946 -0.20338,-0.21646 -0.46687,-0.52211 -0.58552,-0.67921 l -0.21575,-0.28562 -0.42078,0.0476 c -0.80249,0.0908 -1.35816,-0.23256 -2.21625,-1.28959 -0.62516,-0.77009 -1.12645,-1.26423 -1.82102,-1.79502 -1.29483,-0.98944 -1.88185,-2.12917 -1.88185,-3.65369 0,-2.05308 1.19078,-4.04076 4.31872,-7.20897 2.31529,-2.34507 4.2209,-3.86258 5.86502,-4.67059 1.66995,-0.82065 3.76648,-1.55401 4.92527,-1.72283 0.49413,-0.072 0.62086,-0.0633 1.14798,0.0784 0.42279,0.11369 1.17604,0.20301 2.62931,0.31174 2.22054,0.16616 2.29747,0.18153 4.15334,0.83061 1.11922,0.39142 2.53212,0.72519 2.63488,0.62243 0.0279,-0.0278 0,-0.14075 -0.0544,-0.25101 -0.16052,-0.30636 -1.45692,-1.63008 -1.64369,-1.67828 -0.0907,-0.0234 -0.21691,-0.13512 -0.28052,-0.24828 -0.0637,-0.11316 -0.37964,-0.38799 -0.70209,-0.61074 -0.45377,-0.31345 -0.76227,-0.45828 -1.36446,-0.64066 -0.76799,-0.23257 -0.95384,-0.35122 -0.87441,-0.55823 0.0487,-0.12723 2.17926,-1.09176 2.90854,-1.31684 0.78732,-0.24297 1.4675,-0.26506 2.6663,-0.0866 2.89229,0.43059 5.36115,1.32807 7.36937,2.67892 0.69966,0.47064 1.21969,0.7504 1.28102,0.6891 0.0694,-0.0696 -0.17361,-0.78461 -0.43745,-1.2865 -0.54222,-1.03146 -1.5868,-2.06554 -3.12107,-3.08951 -0.45828,-0.30586 -0.83319,-0.58683 -0.83319,-0.62438 0,-0.17964 0.39172,-0.79937 0.67883,-1.074 0.65757,-0.62892 1.43917,-0.86927 2.80219,-0.86165 2.7048,0.0151 6.64604,1.30752 9.17522,3.00869 0.46365,0.31189 0.87634,0.56706 0.91699,0.56706 0.13818,0 -0.007,-0.60919 -0.26921,-1.14327 -0.59275,-1.19932 -1.60684,-2.25881 -3.13095,-3.27107 -1.46772,-0.9748 -1.80356,-1.39658 -1.41863,-1.78156 0.31838,-0.31834 0.89466,-0.36524 2.99784,-0.24398 2.15958,0.12452 1.53127,0.13389 10.41209,-0.15539 2.66823,-0.0869 2.90689,-0.068 3.12815,0.24793 0.15236,0.21751 0.13704,0.61763 -0.0386,1.00432 -0.0806,0.17757 -0.14649,0.35254 -0.14649,0.38883 0,0.0743 1.85587,0.091 2.2116,0.0199 0.19887,-0.0398 0.30414,-0.16654 0.76843,-0.92558 1.04858,-1.7142 1.09345,-1.77208 1.57814,-2.03806 0.24574,-0.13486 1.01216,-0.4092 1.70308,-0.60965 0.69093,-0.20044 1.64956,-0.50375 2.13024,-0.67401 0.54894,-0.19442 1.13031,-0.34195 1.56304,-0.39666 0.63618,-0.0804 0.71246,-0.10823 0.99391,-0.36265 0.48189,-0.43555 1.06998,-0.68786 3.41268,-1.4642 2.29025,-0.75897 3.83182,-1.33568 4.89551,-1.83146 0.34621,-0.16137 1.46106,-0.84907 2.47738,-1.5282 1.95047,-1.30336 3.43916,-2.11435 4.24615,-2.31317 0.79283,-0.19531 0.75147,-0.23765 1.09017,1.11718 0.22985,0.91931 0.32116,1.17956 0.40739,1.16068 0.0608,-0.0134 0.33255,-0.12137 0.60319,-0.23997 0.70474,-0.30876 1.46586,-0.47726 1.58558,-0.35102 0.0508,0.0533 0.4922,1.79664 0.9814,3.87414 0.79425,3.37279 0.89859,3.89512 0.97495,4.87809 0.0771,0.99173 0.10512,1.13045 0.28331,1.39968 0.19071,0.28821 0.19815,0.33865 0.20938,1.41733 0.007,0.61517 0.0351,2.33499 0.063,3.82182 0.0508,2.64856 0.0479,2.73635 -0.14863,4.33273 -0.11014,0.89618 -0.20073,1.71273 -0.20123,1.81457 0,0.20147 0.74545,1.85159 0.83762,1.85159 0.0308,0 0.0802,-0.13979 0.10906,-0.31064 0.12223,-0.72372 0.65679,-1.8372 0.88199,-1.8372 0.0501,0 0.48833,0.85548 0.97359,1.90109 0.51574,1.11119 1.16974,2.37684 1.57399,3.0461 0.41956,0.69464 0.9962,1.81601 1.46593,2.85099 0.75984,1.67412 0.78675,1.75248 1.44024,4.19365 l 0.66588,2.48764 0.3334,3.36991 c 0.36275,3.66641 0.37513,4.26006 0.13583,6.51441 -0.18757,1.76744 -0.7904,4.3261 -1.69214,7.18237 -0.18563,0.58789 -0.33748,1.09692 -0.33748,1.13118 0,0.14805 0.41341,-0.23008 0.85823,-0.78508 0.66803,-0.83343 1.14899,-1.6651 2.1731,-3.75798 0.99334,-2.02995 1.58408,-3.53853 1.79368,-4.58051 0.078,-0.3878 0.25447,-1.08837 0.39216,-1.55681 0.33025,-1.12356 0.74581,-4.55298 0.67224,-5.5477 -0.0945,-1.27801 -0.28195,-2.30749 -0.77665,-4.26577 -0.27787,-1.09984 -0.56061,-2.33301 -0.62838,-2.74035 -0.068,-0.40736 -0.23501,-1.19058 -0.3719,-1.74051 -0.13683,-0.54992 -0.28625,-1.24982 -0.33212,-1.55534 -0.0458,-0.30551 -0.21769,-0.98355 -0.38192,-1.50676 -0.16416,-0.5232 -0.2793,-0.97049 -0.25576,-0.99398 0.0797,-0.0797 0.42786,0.31327 1.26391,1.42682 1.38765,1.84804 1.75361,2.45967 2.25068,3.76106 0.24345,0.63747 0.47724,1.21852 0.51953,1.29122 0.14334,0.24622 0.0946,-0.10226 -0.13597,-0.97264 -0.11965,-0.45146 -0.23915,-1.0208 -0.26563,-1.26522 -0.0265,-0.24441 -0.18413,-0.88596 -0.35036,-1.42568 -0.43588,-1.41476 -0.39953,-1.40581 0.82689,0.20363 1.26541,1.66071 1.85479,2.61139 2.24494,3.62097 0.70123,1.81482 1.6029,4.35349 1.90453,5.36189 0.16788,0.56155 0.48934,1.44285 0.71418,1.95844 0.62581,1.43482 1.18305,3.50384 1.44168,5.35274 0.0487,0.34625 0.11349,0.65724 0.14462,0.69109 0.11378,0.12382 0.35101,-1.20946 0.44561,-2.50452 0.0537,-0.73974 0.0451,-1.18786 -0.0386,-1.94162 -0.13432,-1.2113 -0.0623,-1.92875 0.16473,-1.63227 0.21376,0.27957 1.31136,3.03812 1.53606,3.86047 0.74839,2.73898 1.06111,5.54252 0.97152,8.71104 -0.0985,3.48358 -0.0836,3.3988 -1.39845,7.96187 -0.63389,2.19969 -1.30699,4.44831 -1.49592,4.99692 -0.80527,2.3387 -1.72083,4.33658 -2.62107,5.71962 -1.15492,1.77414 -3.17896,4.26617 -4.74701,5.84437 -0.86024,0.86588 -1.07907,1.04472 -1.55646,1.27219 -0.30549,0.14557 -0.68176,0.28773 -0.83619,0.31592 -0.23322,0.0426 -0.307,0.10305 -0.43609,0.35722 -0.20968,0.41307 -1.19379,1.37356 -2.09761,2.04726 -0.40732,0.30364 -1.34055,1.0551 -2.07377,1.66991 -1.27415,1.06835 -1.41527,1.16351 -3.18734,2.14916 -1.01982,0.56723 -2.09466,1.11344 -2.38857,1.21379 -1.16516,0.39787 -0.3772,0.38235 1.76163,-0.0347 0.71282,-0.13899 1.59603,-0.28978 1.96271,-0.33508 0.81229,-0.10037 1.96027,-0.39528 3.33217,-0.85605 1.7013,-0.57136 2.46149,-0.92195 3.71052,-1.7112 0.64806,-0.40953 1.61357,-1.01338 2.14548,-1.3419 2.21024,-1.36511 3.10855,-2.11791 5.16006,-4.3244 2.3641,-2.54265 3.15972,-3.52501 4.10347,-5.06643 0.80048,-1.30751 2.11399,-4.10587 2.51645,-5.36116 0.18513,-0.57753 0.26463,-2.07939 0.30206,-5.70436 0.0343,-3.32893 0.0279,-3.5646 -0.11758,-4.36977 -0.0846,-0.46809 -0.18913,-1.351 -0.23221,-1.96203 -0.0832,-1.17764 -0.2051,-1.77121 -0.8825,-4.2957 -0.54343,-2.0253 -0.82374,-3.74022 -0.6112,-3.74022 0.10977,0 0.59389,0.55354 0.74488,0.85173 0.0825,0.16294 0.2637,0.54622 0.4026,0.85173 0.1389,0.30552 0.63468,1.24031 1.10169,2.07733 0.49993,0.89606 0.96522,1.84016 1.1316,2.29598 0.38113,1.0443 0.72233,1.76849 0.76019,1.61351 0.0165,-0.0679 -0.17003,-0.87078 -0.4147,-1.78417 -0.48948,-1.82739 -0.71561,-2.86368 -0.79354,-3.6362 -0.0472,-0.46934 -0.0408,-0.50548 0.0867,-0.48093 0.21147,0.0407 0.65822,0.68528 0.94575,1.36464 0.14248,0.33646 0.66445,1.33932 1.16008,2.22858 0.61071,1.09576 1.01904,1.93257 1.26714,2.59656 0.2013,0.53886 0.70802,1.67204 1.12601,2.51818 0.41799,0.84614 0.83369,1.76369 0.92372,2.039 0.5103,1.56025 1.12587,6.5751 1.12673,9.17948 7.1e-4,1.52379 -0.14277,2.66164 -0.48504,3.85058 -0.1442,0.50108 -0.27838,1.1112 -0.29806,1.35582 -0.02,0.24462 -0.068,0.77325 -0.10762,1.17474 -0.0394,0.40147 -0.0722,1.16804 -0.0729,1.70346 -7.2e-4,0.54853 -0.0809,1.66647 -0.18399,2.56092 -0.10047,0.87308 -0.16602,1.6041 -0.1457,1.62447 0.0755,0.0755 0.21383,-0.14771 0.33584,-0.54206 0.0748,-0.24209 0.33419,-0.69846 0.64233,-1.13054 0.28424,-0.39852 0.92443,-1.39949 1.42264,-2.22438 0.49821,-0.82489 0.94082,-1.49979 0.98361,-1.49979 0.0515,0 0.0601,0.14438 0.025,0.42586 -0.0286,0.23423 -0.0794,1.17577 -0.11236,2.09231 -0.0952,2.64529 -0.63059,6.89001 -1.12508,8.91867 -0.58995,2.42022 -1.2768,4.05334 -2.80484,6.66883 -0.87605,1.49953 -1.10283,1.76881 -2.77601,3.29684 -3.02024,2.75813 -5.24343,4.36289 -7.10373,5.12758 -0.49063,0.20166 -1.26649,0.56607 -1.7242,0.80979 -0.66745,0.35543 -0.97509,0.47188 -1.5546,0.58845 -0.3973,0.0799 -1.35687,0.36355 -2.13238,0.63027 -0.77543,0.26673 -1.89322,0.60095 -2.48389,0.74271 -0.59066,0.14175 -1.67381,0.44156 -2.40703,0.66623 -0.73322,0.22467 -1.78309,0.48806 -2.33304,0.58532 -0.54988,0.0973 -1.89973,0.36162 -2.99956,0.58746 l -1.99971,0.41062 -1.88864,-0.004 c -2.6736,-0.004 -7.5228,-0.19427 -8.40622,-0.32885 -1.04108,-0.15858 -3.66623,-0.23974 -3.66623,-0.11333 0,0.24472 2.14963,2.57553 2.64075,2.86335 0.46429,0.27211 2.58687,1.14394 3.83289,1.57437 3.52661,1.2182 6.04235,1.70346 10.62964,2.05034 1.40861,0.10652 1.853,0.11253 2.92549,0.0396 2.82767,-0.19237 4.86495,-0.67897 8.00441,-1.91188 1.90231,-0.74704 2.78151,-1.33834 4.37074,-2.93938 2.25075,-2.26756 5.68053,-6.51921 6.85242,-8.49455 0.36503,-0.61532 1.70187,-3.44994 2.30262,-4.88264 0.1623,-0.38698 0.37885,-0.84666 0.48125,-1.0215 0.18792,-0.32095 0.70295,-0.75603 0.89502,-0.75603 0.12917,0 0.4064,0.61807 0.56791,1.26621 0.18985,0.76209 0.26385,1.49575 0.26635,2.64065 0,0.58048 0.0315,1.05542 0.0666,1.05542 0.0358,0 0.22227,-0.35829 0.41506,-0.79619 0.77078,-1.7511 0.79626,-1.79742 1.17467,-2.13765 0.20274,-0.18226 0.41835,-0.3216 0.47925,-0.30965 0.0608,0.012 0.19243,0.23834 0.29247,0.50312 0.45856,1.21384 0.59117,2.76656 0.47137,5.51776 -0.0739,1.69815 -0.35565,3.80556 -0.8266,6.18433 -0.26914,1.35914 -0.67446,1.99766 -3.34556,5.26968 -0.91119,1.11614 -0.95699,1.18896 -1.23457,1.9627 -0.15858,0.44195 -0.40611,1.09517 -0.55016,1.4516 -0.16173,0.40042 -0.22828,0.64806 -0.17418,0.64806 0.19428,0 1.10877,-0.70341 2.14819,-1.6523 1.42844,-1.30399 2.34506,-1.92488 2.34442,-1.58799 0,0.15618 -0.34614,1.38118 -0.63246,2.24043 -0.51231,1.53718 -0.99398,2.66751 -1.5624,3.66616 -0.313,0.54992 -0.67725,1.26204 -0.80942,1.58248 -0.21111,0.51166 -0.27959,0.6047 -0.56212,0.76397 -0.47388,0.26708 -0.86832,0.67764 -1.80184,1.87519 -0.96021,1.23177 -1.34299,1.62369 -2.24258,2.29598 -0.3543,0.26478 -0.76549,0.64294 -0.91384,0.84036 -0.2139,0.28473 -0.66602,0.61967 -2.18634,1.61983 -2.07556,1.36538 -2.59001,1.62321 -5.67223,2.84268 -1.15378,0.45647 -1.45727,0.54841 -1.81457,0.54963 -0.2851,7.1e-4 -0.64041,0.0763 -1.05861,0.22428 -0.95541,0.33814 -1.73858,0.43117 -4.33274,0.51467 -1.30356,0.042 -3.06998,0.1293 -3.92542,0.19408 -1.12173,0.0849 -3.26899,0.13364 -7.70264,0.17471 -6.7903,0.0629 -6.22833,0.0271 -9.90235,0.63117 -1.11207,0.18284 -2.70516,0.40045 -3.54021,0.48357 -0.83505,0.0831 -1.85157,0.21386 -2.25897,0.29052 -0.40733,0.0767 -1.34056,0.21026 -2.07377,0.29688 -1.51238,0.17868 -5.55144,1.08328 -10.55407,2.36376 -2.77471,0.71021 -2.87046,0.74079 -3.55509,1.1354 -0.387,0.22306 -1.02025,0.58319 -1.40725,0.80031 -0.93115,0.52247 -2.35036,1.44918 -3.85128,2.51487 -0.6721,0.47717 -1.7053,1.17854 -2.29597,1.55846 -0.59067,0.37992 -1.60719,1.0765 -2.25897,1.54794 -0.69529,0.50301 -1.79218,1.19651 -2.65428,1.67826 -2.11485,1.18169 -4.84298,3.15914 -6.89993,5.00134 -2.23937,2.00543 -3.88814,3.8671 -6.55315,7.39943 l -1.42493,1.88864 -1.05553,2.11077 c -1.07499,2.14984 -2.89171,6.21939 -3.14976,7.05572 -0.41649,1.34972 -0.56684,2.26184 -0.96085,5.82981 l -0.29841,2.70179 v 3.18856 c 0,2.36259 0.0286,3.41819 0.10941,4.07512 0.0601,0.48755 0.17647,1.5531 0.25848,2.36782 0.37792,3.75346 0.61893,5.23284 1.36954,8.40622 1.02612,4.33826 1.06669,4.4607 2.23207,6.73914 0.427,0.83469 0.89537,1.85119 1.04093,2.25889 0.3057,0.8564 0.46092,1.1283 1.73414,3.0373 1.36789,2.0511 2.18877,3.5761 2.01717,3.7477 -0.0336,0.034 -0.19622,-0.016 -0.36124,-0.1091 z M 113.10469,886.82015 c 0.57027,-0.0669 1.90345,-0.14377 2.96256,-0.17084 2.16759,-0.0554 2.17331,-0.0567 3.06897,-0.7161 1.26592,-0.93189 2.41233,-2.26086 3.05323,-3.53946 0.24868,-0.49607 0.57629,-1.08524 0.72807,-1.30929 0.81351,-1.20062 0.79526,-1.41298 -0.21333,-2.48062 -0.31007,-0.32824 -0.89408,-0.96065 -1.29783,-1.40535 -0.40382,-0.44471 -0.97982,-1.02711 -1.28002,-1.29423 -0.44976,-0.40015 -0.53856,-0.51543 -0.50443,-0.65463 0.0329,-0.13386 -0.007,-0.19538 -0.19014,-0.29625 -0.64784,-0.35623 -1.01882,-0.66137 -2.11614,-1.74059 l -1.19564,-1.17603 -0.22807,0.11791 c -0.12537,0.0648 -0.48661,0.1674 -0.8027,0.22788 -0.75289,0.14405 -6.08914,2.02611 -6.9468,2.45009 -0.73207,0.3619 -0.97925,0.55093 -1.25869,0.96267 -0.23093,0.34031 -0.23544,0.60374 -0.0329,1.9296 0.4406,2.88817 1.89072,5.78551 4.26247,8.51635 0.63997,0.73688 0.68742,0.77804 0.84371,0.73272 0.0608,-0.0177 0.57771,-0.0869 1.14798,-0.15383 z m 49.07933,-4.13828 c 1.24359,-0.2222 2.97573,-0.91468 4.54993,-1.81892 1.18692,-0.68177 1.9192,-1.21671 2.58515,-1.88843 1.14333,-1.15316 1.7574,-2.25542 2.69478,-4.83689 1.02211,-2.81465 1.08358,-3.18461 1.0795,-6.49576 0,-2.55744 -0.088,-3.65889 -0.41176,-5.3484 -0.31637,-1.65046 -1.59625,-5.08388 -2.41741,-6.48502 -0.14212,-0.24254 -0.74774,-0.99544 -1.34578,-1.67313 -0.59811,-0.67768 -1.62229,-1.88206 -2.27601,-2.67639 -1.32373,-1.60847 -1.76591,-2.04726 -2.95211,-2.9293 -1.34435,-0.99959 -2.21103,-1.52862 -3.96242,-2.41861 -1.67639,-0.85185 -2.7053,-1.24906 -4.74086,-1.83023 -1.19593,-0.34145 -4.7596,-1.19804 -4.88426,-1.17403 -0.0608,0.0117 0.39602,0.29523 1.01552,0.62999 0.61944,0.33476 1.46851,0.82076 1.88686,1.08 0.41827,0.25924 1.1605,0.69683 1.64934,0.97242 1.26806,0.71495 2.37834,1.45873 3.44395,2.30717 0.50923,0.40541 1.42572,1.11601 2.03678,1.5791 4.02081,3.04736 5.91282,5.26558 7.52252,8.81955 0.77157,1.70355 0.94689,2.25754 1.07184,3.3868 0.0623,0.561 0.22685,1.70323 0.36618,2.53831 0.47481,2.84462 0.51345,3.2348 0.51359,5.18447 7e-5,1.39541 -0.0301,1.98491 -0.12917,2.55202 -0.28044,1.60055 -0.74573,3.06682 -1.27006,4.00263 -0.55081,0.98313 -2.32159,2.84243 -3.96435,4.16261 -0.80571,0.64749 -1.11185,0.81323 -3.53656,1.91477 -0.62122,0.28221 -1.12945,0.54337 -1.12945,0.58034 0,0.097 1.83941,10e-4 2.60426,-0.13507 z m -35.73961,-1.40572 c -0.0608,-0.24146 -0.75926,-1.08046 -0.89974,-1.08046 -0.17024,0 -0.12938,0.0987 0.15501,0.37431 0.14484,0.14038 0.36574,0.41481 0.49091,0.60985 0.23901,0.37245 0.33197,0.40772 0.25382,0.0963 z m 26.11799,-5.73222 c 1.76355,-1.16593 2.40596,-2.09667 3.26848,-4.73583 0.71605,-2.19096 1.001,-3.71003 1.05925,-5.64736 0.0752,-2.49992 -0.32188,-4.28789 -1.43623,-6.46691 -0.85151,-1.66499 -2.02576,-3.22694 -3.76111,-5.00281 -1.29068,-1.32083 -2.10798,-2.03483 -3.3022,-2.88462 -0.47144,-0.33551 -1.06798,-0.78842 -1.3256,-1.00647 -0.35809,-0.30313 -0.73171,-0.51146 -1.58687,-0.885 -1.4806,-0.64671 -1.68476,-0.72245 -3.12093,-1.15782 -2.29217,-0.69486 -4.69119,-1.23823 -6.1972,-1.40365 -0.39559,-0.0434 -1.17453,-0.079 -1.73106,-0.079 -0.89101,0 -1.00086,0.0132 -0.91964,0.1111 0.0508,0.0611 0.12323,0.11109 0.16123,0.11109 0.15736,0 2.65657,1.30138 3.67066,1.91135 0.60133,0.36172 1.67661,0.98531 2.38943,1.38575 0.71289,0.40045 1.66273,0.95093 2.11084,1.2233 0.44812,0.27238 1.29798,0.77169 1.88865,1.10959 1.52854,0.87443 2.19614,1.3419 3.33282,2.33376 0.54995,0.47983 1.38363,1.19573 1.85265,1.59089 1.53348,1.29196 2.15928,2.07678 3.65076,4.57828 0.70374,1.18027 1.1258,2.08975 1.43252,3.08692 l 0.20509,0.66658 0.0279,2.85146 c 0.02,2.02556 0,3.00162 -0.0623,3.3699 -0.22935,1.3173 -1.10498,3.26594 -2.11234,4.70068 -0.34386,0.48975 -0.62523,0.90924 -0.62523,0.9322 0,0.0532 0.007,0.0497 1.12966,-0.69338 z m -26.26598,-1.19743 c 0.10534,-0.58426 0.11329,-0.80104 0.0465,-1.26187 -0.11321,-0.77802 -0.4829,-1.88335 -0.79805,-2.38618 -0.23594,-0.37645 -0.30879,-0.43712 -0.6442,-0.53674 -0.65199,-0.1936 -1.84076,-0.39796 -2.6303,-0.45215 -0.89301,-0.0613 -0.9079,-0.0439 -0.48891,0.57178 0.34894,0.51278 2.01409,2.5116 2.64462,3.17455 0.0969,0.10183 0.46894,0.51844 0.82682,0.92579 0.3578,0.40736 0.68634,0.76387 0.72999,0.79228 0.12195,0.0794 0.17605,-0.0631 0.3138,-0.82746 z m -11.42324,-6.63654 c 0.40754,-0.1386 0.77129,-0.28224 0.80821,-0.31922 0.17347,-0.17345 -0.11879,-0.4248 -1.73786,-1.49469 -1.4343,-0.94777 -1.92851,-1.22913 -3.0566,-1.74012 -3.20487,-1.45177 -6.13601,-2.50477 -7.823,-2.81041 -0.58115,-0.10528 -1.56683,-0.32274 -2.19049,-0.48323 -1.077208,-0.27725 -2.041495,-0.44539 -1.943957,-0.339 0.02505,0.0271 0.508013,0.2606 1.073917,0.51903 4.42249,2.01966 8.89857,4.31983 11.58297,5.9523 0.46844,0.28487 1.08444,0.64132 1.36883,0.79211 0.61263,0.32483 0.75361,0.31918 1.91798,-0.0768 z m 15.74762,-1.77267 c 0,-0.021 -0.3236,-0.49081 -0.71898,-1.04405 -0.50214,-0.70252 -0.82045,-1.07332 -1.05545,-1.22945 -0.18499,-0.12295 -0.50308,-0.42275 -0.70674,-0.66621 -0.40533,-0.48452 -1.81344,-1.69566 -2.77243,-2.38463 -1.38206,-0.99289 -2.95526,-1.83141 -5.15276,-2.7465 -1.38414,-0.57635 -5.61742,-2.06543 -6.22096,-2.18827 -0.51646,-0.10509 -6.23349,-0.22499 -6.40659,-0.13437 -0.0608,0.032 -0.0917,0.0592 -0.068,0.0605 0.0236,10e-4 0.65694,0.13741 1.40726,0.30258 0.75031,0.16519 1.91411,0.41446 2.58622,0.55395 2.19972,0.45648 5.65841,1.65303 8.55865,2.96087 1.27543,0.57517 1.71768,0.81029 2.99534,1.59267 0.50915,0.31179 1.27572,0.75897 1.70344,0.99373 1.10111,0.60436 2.3875,1.46743 4.18461,2.80756 1.4381,1.07242 1.66645,1.22615 1.66645,1.12168 z m 3.20802,-9.34944 c -0.21125,-0.59319 -2.86331,-3.30827 -4.06032,-4.15678 -1.22763,-0.87018 -2.51666,-1.3479 -4.90029,-1.81611 -0.92994,-0.18267 -2.29075,-0.46646 -3.02397,-0.63066 -1.61141,-0.36085 -2.06497,-0.4263 -3.40695,-0.49168 -0.70667,-0.0344 -1.01331,-0.0264 -0.96286,0.0253 0.0408,0.0417 1.39058,0.48294 2.99963,0.98056 2.42407,0.7497 3.12222,0.99724 4.07348,1.44432 0.63138,0.29675 1.93122,0.87877 2.8885,1.29338 1.29468,0.56075 1.99269,0.91364 2.72519,1.37778 0.54158,0.34317 1.24152,0.75437 1.55531,0.91377 0.31387,0.15941 0.88729,0.49129 1.27429,0.73751 0.74116,0.47158 0.91477,0.53843 0.83799,0.32262 z m -45.641177,-3.38844 c 0.34378,-0.10201 0.677828,-0.24984 0.743736,-0.32915 0.152425,-0.18352 0.616643,-1.32926 0.56104,-1.38485 -0.05296,-0.053 -1.473732,0.19445 -1.558103,0.27139 -0.06941,0.0635 -0.640902,1.45471 -0.640902,1.56079 0,0.10893 0.232288,0.0782 0.894229,-0.11818 z m 84.107187,-21.07514 c 0.73679,-0.0993 1.56433,-0.3262 2.14319,-0.58771 0.6029,-0.27238 0.69099,-0.411 0.22026,-0.34648 -0.83791,0.11485 -2.50135,0.21054 -3.08021,0.17718 -0.53191,-0.0306 -0.76055,-0.0901 -1.4743,-0.38326 -1.14927,-0.47204 -1.93795,-0.8752 -2.59918,-1.32864 -0.30556,-0.20949 -1.03878,-0.62061 -1.62944,-0.91359 -2.09711,-1.04019 -3.35701,-2.25684 -4.41075,-4.2593 -0.22012,-0.41825 -0.40053,-0.72712 -0.40096,-0.68638 0,0.11967 0.42772,1.51072 0.63947,2.07378 0.5453,1.45009 1.16616,2.31906 3.31672,4.64209 0.60777,0.6566 0.80041,0.75166 2.29976,1.13492 1.89974,0.48562 3.6605,0.65456 4.97544,0.47739 z m -2.67882,-7.39239 c 0.63618,-0.28899 1.07005,-1.1223 0.96343,-1.85023 -0.0807,-0.55108 -0.27458,-0.90037 -0.89194,-1.60735 -0.31845,-0.36463 -0.64319,-0.77128 -0.7217,-0.90367 -0.0785,-0.13239 -0.17038,-0.2407 -0.20416,-0.2407 -0.0877,0 -0.33884,0.70285 -0.44619,1.24843 -0.18885,0.95995 0.048,2.5477 0.47624,3.19512 0.22363,0.33789 0.36812,0.36565 0.82432,0.1584 z m 8.95932,-3.8723 c -0.2368,-0.92197 -0.94833,-2.05107 -1.93609,-3.07211 l -0.43216,-0.44671 -0.77765,-0.16067 c -1.15908,-0.23948 -2.10927,-0.32652 -2.59224,-0.23746 -0.54279,0.10007 -1.63488,0.64586 -2.32753,1.16317 -0.83032,0.62023 -0.77271,0.66908 0.36776,0.31166 0.6482,-0.20316 0.80506,-0.22587 1.29318,-0.1873 1.20709,0.0954 2.44661,0.61954 3.28774,1.39028 0.35272,0.32322 0.58616,0.47179 0.87419,0.5565 0.57557,0.16925 1.46056,0.64903 1.91848,1.04007 0.46572,0.39769 0.50666,0.35254 0.32432,-0.35743 z"
-           style="fill:#016dbc" />
-        <path
-           inkscape:connector-curvature="0"
-           id="path4151"
-           d="m 135.09588,1008.743 c -0.48655,-0.2764 -1.13475,-0.7341 -1.83662,-1.2969 -0.68248,-0.5473 -0.78689,-0.6025 -0.78689,-0.416 0,0.061 -0.0279,0.111 -0.0623,0.111 -0.13754,0 -1.64955,-1.0659 -2.38148,-1.6789 -1.34092,-1.1231 -3.01208,-2.81 -3.22083,-3.2511 -0.12401,-0.2622 -0.29812,-0.4729 -0.53664,-0.6495 -0.809,-0.5989 -1.7642,-1.7479 -3.85393,-4.63561 -1.9441,-2.68663 -2.49541,-3.3905 -2.52038,-3.21818 -0.0122,0.0857 0.5186,1.20051 1.21611,2.55266 0.68098,1.32016 1.37126,2.68369 1.53384,3.0299 0.16259,0.34628 0.66087,1.24503 1.10727,1.99723 1.25189,2.1095 1.88728,3.4566 1.71282,3.6311 -0.0983,0.098 -1.01875,-0.072 -1.84399,-0.3406 -0.84178,-0.2743 -2.25189,-0.975 -3.06583,-1.5235 -0.38228,-0.2577 -0.84886,-0.5508 -1.03692,-0.6515 -2.90868,-1.5574 -4.81621,-3.09427 -7.54091,-6.07529 -0.99713,-1.09095 -1.53956,-1.86789 -2.74702,-3.93473 -1.05667,-1.80863 -1.17983,-2.04572 -1.5654,-3.01365 -0.16194,-0.40647 -0.70767,-1.55073 -1.21275,-2.54272 -1.15671,-2.27199 -1.5201,-3.21016 -2.26205,-5.84011 -0.47752,-1.69242 -0.61142,-2.27965 -0.67575,-2.96256 -0.14298,-1.51896 -0.15457,-1.58336 -0.26506,-1.47058 -0.20002,0.20416 -0.88607,3.32588 -1.10183,5.01393 -0.16345,1.27823 -0.15135,2.87812 0.0308,4.05645 0.081,0.52497 0.1477,1.24617 0.14813,1.60247 5e-4,0.46651 0.0927,1.10956 0.3289,2.29604 0.30463,1.53034 0.38471,2.18792 0.35158,2.88857 -0.0172,0.36997 -0.13676,0.3533 -0.4766,-0.0666 -0.15314,-0.18914 -0.70302,-0.80936 -1.22205,-1.37827 -0.51911,-0.56884 -0.97037,-1.0805 -1.003,-1.13704 -0.0322,-0.0565 -0.10756,-0.10269 -0.1666,-0.10269 -0.0832,0 -0.1077,0.11307 -0.10856,0.49993 0,0.70924 -0.08093,0.79719 -0.385639,0.42772 -0.133533,-0.16194 -0.442749,-0.51617 -0.68713,-0.78717 -0.244454,-0.271 -0.791468,-0.87827 -1.215682,-1.3495 -1.785954,-1.98418 -2.34499,-3.06919 -3.001994,-5.82702 -0.150421,-0.63138 -0.4859,-1.91455 -0.745524,-2.8515 -0.628093,-2.26627 -0.678186,-2.47093 -0.848287,-3.46621 -0.13246,-0.77443 -0.146987,-1.23794 -0.155288,-4.95254 -0.01002,-4.57054 0.0072,-4.80082 0.521968,-7.87531 0.157578,-0.93688 0.324959,-2.13674 0.372046,-2.6663 0.07278,-0.81873 0.167096,-1.25096 0.630383,-2.88849 0.354228,-1.25182 0.663874,-2.18183 0.884926,-2.65786 0.187133,-0.40275 0.324316,-0.74803 0.304994,-0.76742 -0.09088,-0.0909 -0.447973,0.45291 -0.926861,1.4114 -0.777727,1.55681 -1.341415,3.43358 -1.450259,4.82831 -0.05152,0.66094 -0.220337,1.22205 -0.36761,1.22205 -0.117933,0 -0.642906,-1.29462 -0.855873,-2.11084 -0.29247,-1.12037 -0.98275,-3.40703 -1.05746,-3.50264 -0.04151,-0.053 -0.09904,-0.0694 -0.12881,-0.0372 -0.124659,0.13532 -0.525832,1.92993 -0.588376,2.63181 -0.07314,0.82173 -0.190568,1.26398 -0.323958,1.2204 -0.123872,-0.0401 -0.528837,-1.0239 -0.753826,-1.83082 -0.107914,-0.387 -0.397379,-1.38686 -0.643335,-2.2219 -0.245884,-0.83512 -0.566693,-1.9683 -0.712964,-2.51817 l -0.26585,-0.99986 v -1.74051 c 7.15e-4,-1.43387 0.03077,-1.92972 0.167811,-2.81443 0.280162,-1.80463 0.559394,-2.88649 0.981605,-3.80333 0.209102,-0.45413 0.525116,-1.24703 0.702087,-1.76198 0.364318,-1.05975 1.075494,-2.35287 2.267059,-4.12222 0.359238,-0.53349 3.28144,-3.74851 3.92821,-4.32181 1.198365,-1.06235 2.181329,-1.69239 4.455117,-2.85558 2.20931,-1.13018 2.30312,-1.30771 1.26427,-2.39169 -0.21475,-0.22404 -0.94346,-1.03937 -1.619358,-1.81184 -0.956416,-1.09299 -1.301198,-1.54471 -1.554739,-2.03676 -0.802345,-1.55704 -1.300554,-3.66719 -1.424426,-6.03295 -0.04222,-0.81244 -0.03435,-0.95073 0.05582,-0.9163 0.173036,0.0664 1.653923,1.12064 1.718114,1.22315 0.0322,0.052 0.108916,0.0945 0.1696,0.0945 0.06083,0 0.241018,0.0667 0.400743,0.14813 0.159724,0.0815 0.37634,0.14813 0.481464,0.14813 0.105123,0 0.281378,0.0666 0.391792,0.14797 0.11035,0.0814 0.53063,0.23154 0.9338,0.33368 1.35316,0.34275 2.1837,0.40712 5.25131,0.40702 2.73457,0 2.90789,-0.009 5.18497,-0.25922 1.29569,-0.14252 2.6122,-0.25923 2.92549,-0.25934 1.2841,-7.1e-4 2.62387,-0.28078 3.67302,-0.76847 0.69415,-0.32263 2.13024,-1.29316 3.00701,-2.03214 0.38693,-0.32617 1.40009,-1.315 2.25138,-2.1974 1.70524,-1.76752 2.40825,-2.40001 4.11678,-3.70405 0.63067,-0.48135 1.34213,-1.03786 1.58107,-1.23669 0.44218,-0.36804 1.18348,-0.77543 2.04937,-1.12627 0.26478,-0.1073 1.24796,-0.57836 2.18484,-1.04682 l 1.70351,-0.85175 2.77736,-0.77287 c 1.52762,-0.42509 3.23371,-0.85641 3.79146,-0.9585 1.13339,-0.20746 4.18741,-1.13059 4.75288,-1.43664 0.62495,-0.33824 1.00794,-0.91811 1.62952,-2.46724 0.91914,-2.29049 1.54744,-4.59139 1.6487,-6.03765 0.0794,-1.13378 -0.22921,-3.43368 -0.54522,-4.06304 -0.1291,-0.257 -0.54015,-0.71476 -1.34335,-1.49597 -1.34127,-1.30447 -1.29182,-1.28162 -2.77192,-1.28112 -1.97459,7.1e-4 -4.43651,0.65845 -6.90573,1.8452 -1.16853,0.5616 -2.09367,1.15641 -3.05102,1.96157 -1.34592,1.13195 -5.3024,5.36446 -6.0047,6.4235 -0.55073,0.83054 -1.52597,2.54479 -1.91498,3.36599 -0.41806,0.8825 -0.53406,1.43292 -0.59209,2.80891 -0.0594,1.40211 0.007,1.78773 0.57471,3.46162 0.24602,0.72275 0.43666,1.38932 0.42357,1.48128 -0.02,0.14279 -0.0615,0.16367 -0.28296,0.14313 -0.72148,-0.0669 -2.00929,-0.62533 -3.94538,-1.71083 -0.57965,-0.325 -1.24703,-0.66439 -1.48304,-0.75418 -0.58494,-0.22255 -0.62866,-0.1675 -0.47731,0.60069 0.0941,0.47747 0.27265,0.90725 0.88579,2.13196 1.08164,2.16029 1.21918,2.6622 0.81687,2.98038 -0.29348,0.23206 -0.63583,0.16775 -2.15285,-0.40439 -1.56848,-0.59157 -2.15356,-0.89327 -2.82409,-1.45626 -0.29348,-0.24642 -0.71604,-0.51506 -0.97689,-0.62105 -0.25289,-0.10274 -0.47065,-0.1868 -0.48396,-0.1868 -0.10226,0 0.0744,0.46174 0.71632,1.87347 0.4074,0.89571 0.74066,1.6732 0.74066,1.72774 0,0.39821 -1.60139,0.0754 -3.33289,-0.67192 -1.25697,-0.5425 -3.11069,-1.58854 -3.11069,-1.75538 0,-0.0878 -1.2597,-0.66379 -1.34135,-0.61335 -0.0937,0.058 0.10327,0.41306 0.67504,1.21697 0.64906,0.9125 0.91026,1.38938 1.14312,2.08685 0.23823,0.71361 0.23916,0.80164 0.009,0.80164 -0.28489,0 -1.34657,-0.35736 -2.07764,-0.69933 -0.66924,-0.31306 -2.16723,-1.20085 -2.4441,-1.44849 -0.0814,-0.0729 -0.46472,-0.28904 -0.85172,-0.48035 -0.96372,-0.47643 -3.86739,-2.42145 -4.36975,-2.9271 -1.65199,-1.66275 -3.250663,-4.33243 -4.141528,-6.91592 -0.343351,-0.99578 -0.902817,-3.06013 -1.074277,-3.96417 -0.06441,-0.33862 -0.116788,-0.85573 -0.116788,-1.14913 0,-0.49984 -0.01431,-0.54713 -0.228853,-0.75097 -0.125876,-0.11964 -0.287247,-0.33043 -0.358665,-0.46842 -0.116072,-0.22443 -0.195434,-0.26975 -0.752466,-0.42969 -0.891295,-0.25591 -1.586727,-0.59493 -1.875047,-0.91408 -0.603762,-0.66827 -0.893871,-2.39543 -0.522898,-3.11282 0.05796,-0.1119 0.214827,-0.27122 0.348789,-0.35402 0.285959,-0.17673 1.333758,-0.49042 1.88936,-0.56564 0.273292,-0.037 0.388792,-0.0857 0.388792,-0.16399 0,-0.0613 -0.420923,-0.72575 -0.935305,-1.4767 -0.787031,-1.14884 -0.998709,-1.40742 -1.33519,-1.63077 -0.478673,-0.3177 -0.76456,-0.65635 -1.303917,-1.5444 -0.87641,-1.44302 -1.225485,-2.27851 -1.839266,-4.40145 -0.240517,-0.83213 -0.437382,-1.54036 -0.437382,-1.57386 0,-0.0335 0.05367,-0.0609 0.118863,-0.0609 0.146915,0 2.341125,1.31178 2.417911,1.44549 0.03077,0.0532 0.193859,0.12021 0.362958,0.14878 0.20352,0.0344 0.897879,0.40706 2.055238,1.1031 3.961772,2.38267 5.073619,3.02286 6.413891,3.69321 0.77393,0.38711 1.48031,0.78879 1.56969,0.89263 0.22513,0.26168 0.51209,0.32175 2.19199,0.45896 l 1.46579,0.11972 1.12645,-0.2365 c 0.61957,-0.13009 1.13954,-0.24844 1.15557,-0.263 0.0901,-0.0821 -0.343,-0.34255 -2.12559,-1.27813 -3.04736,-1.5994 -3.68776,-1.95305 -4.14203,-2.28749 -0.23129,-0.17029 -0.93295,-0.58597 -1.55925,-0.92372 -0.6263,-0.33776 -1.361019,-0.79082 -1.632737,-1.0068 -0.874692,-0.69531 -2.556882,-2.39218 -2.859729,-2.88463 -0.156504,-0.25459 -0.33047,-0.46289 -0.386574,-0.46289 -0.05582,0 -0.626304,0.12439 -1.267063,0.27644 -1.151062,0.2731 -1.183909,0.27645 -2.720471,0.27763 -2.053234,10e-4 -2.734426,-0.14355 -3.676458,-0.78327 -0.234291,-0.15909 -0.457562,-0.28925 -0.496205,-0.28925 -0.207241,0 -1.228563,3.05728 -1.521535,4.55492 -0.21132,1.07988 -0.564188,3.84627 -0.564188,4.42297 0,0.53997 -0.0901,0.8034 -0.178474,0.52187 -0.02218,-0.0719 -0.213753,-0.94724 -0.424787,-1.94525 -0.351366,-1.66123 -0.383569,-1.89593 -0.381636,-2.7774 0.0072,-1.75494 0.368254,-4.29489 0.758191,-5.28413 0.236295,-0.59954 0.211248,-0.70868 -0.231572,-1.00687 -0.283741,-0.19107 -0.408973,-0.23818 -0.478888,-0.18013 -0.207313,0.17206 -1.000784,2.40533 -1.35172,3.80484 -0.191855,0.76493 -0.74624,4.5724 -0.752752,5.17002 -0.0072,0.68307 -0.09081,0.41499 -0.513094,-1.65055 -0.431157,-2.10921 -0.445254,-2.39952 -0.219192,-4.53364 0.181908,-1.71806 0.294474,-2.29725 0.644194,-3.31481 0.146271,-0.42566 0.265921,-0.91319 0.265921,-1.08339 0,-0.37438 -0.249462,-0.82841 -0.747099,-1.35975 l -0.351509,-0.37537 -0.241447,0.12086 c -0.349934,0.17518 -1.4182,1.32745 -1.894941,2.04391 -0.815583,1.22579 -1.10741,2.05821 -1.382491,3.94397 -0.143552,0.98391 -0.242951,1.308 -0.328037,1.06964 -0.117575,-0.32916 -0.19572,-0.86939 -0.234864,-1.62326 -0.0926,-1.78419 0.4391,-3.56316 1.597819,-5.34601 0.290252,-0.44652 0.481464,-0.64568 0.888862,-0.9258 0.285529,-0.1963 0.537067,-0.40339 0.558965,-0.4602 0.05152,-0.13418 -0.141835,-0.34856 -0.552238,-0.61152 -0.417274,-0.26738 -0.793042,-0.27321 -1.335404,-0.0208 -0.89566,0.41688 -2.530977,2.42786 -3.028829,3.72447 -0.238943,0.62229 -0.465076,1.61127 -0.60369,2.63992 -0.11414,0.84698 -0.177615,0.97462 -0.292614,0.58845 -0.156147,-0.5241 -0.182982,-2.28475 -0.0458,-3.01106 0.222841,-1.1812 0.755472,-2.4897 1.406106,-3.45439 0.146987,-0.21796 0.267281,-0.42003 0.267281,-0.44905 0,-0.10496 0.427149,-0.4416 1.460135,-1.15079 0.579002,-0.39752 1.090737,-0.76847 1.137108,-0.82433 0.06584,-0.079 0.03507,-0.16376 -0.13568,-0.38106 -0.120938,-0.15372 -0.291755,-0.42115 -0.379417,-0.59427 -0.08773,-0.17312 -0.204809,-0.31477 -0.260125,-0.31477 -0.2466,0 -1.587872,1.6187 -2.182761,2.63424 -0.16867,0.28789 -0.381206,0.60345 -0.472304,0.70127 -0.152139,0.1633 -0.167882,0.16656 -0.192285,0.0398 -0.03793,-0.1984 0.11414,-0.94753 0.332474,-1.63478 0.268712,-0.84574 0.987187,-2.26097 1.53556,-3.02478 l 0.470157,-0.65474 -0.119507,-0.5663 c -0.08594,-0.40752 -0.154071,-0.57297 -0.242807,-0.59005 -0.188134,-0.0362 -0.938239,0.37085 -1.594599,0.86544 -1.000926,0.75422 -1.976163,1.88784 -2.796183,3.25031 -0.201588,0.33496 -0.397808,0.60902 -0.436022,0.60902 -0.244596,0 0.30299,-1.89328 0.881276,-3.0473 0.740444,-1.47764 1.385282,-2.28997 2.525897,-3.18191 1.031054,-0.80631 1.527975,-1.26918 1.85687,-1.72976 0.407684,-0.57081 0.382566,-0.56182 1.115067,-0.39875 0.8631,0.19217 1.973372,0.27089 1.928646,0.13676 -0.01789,-0.0535 -0.36396,-0.26831 -0.769211,-0.47747 -0.781377,-0.40329 -1.604689,-0.90165 -2.032911,-1.23053 -0.14255,-0.1095 -0.575853,-0.35735 -0.962785,-0.5508 -1.040643,-0.52015 -2.281658,-1.36628 -2.756896,-1.87957 -2.299548,-2.4838 -3.242152,-5.61539 -2.532194,-8.41299 0.234363,-0.92335 1.183194,-2.58632 2.126013,-3.72616 1.189776,-1.4384 2.945531,-2.54733 5.162784,-3.26084 1.116569,-0.35931 2.05166,-0.57152 4.445597,-1.00885 2.935084,-0.53619 3.127369,-0.54892 6.815705,-0.45145 2.565971,0.0678 3.10361,0.0157 4.643823,-0.45046 1.993695,-0.6034 3.61148,-1.3247 5.184534,-2.3116 1.89695,-1.19011 2.88635,-1.62577 3.44875,-1.5187 0.31716,0.0604 0.74495,0.2808 1.19622,0.61634 0.4859,0.36134 1.68484,1.01521 2.03355,1.10912 0.1505,0.0405 0.51267,0.25481 0.80493,0.4762 0.79826,0.60476 1.49985,0.93255 1.99598,0.93255 0.61922,0 2.01896,-0.37964 2.01896,-0.54757 0,-0.0502 -0.10305,-0.18918 -0.229,-0.30882 -0.12595,-0.11965 -0.39824,-0.42938 -0.60512,-0.68829 l -0.3762,-0.47077 -0.36496,0.0485 c -0.7725,0.10247 -1.34628,-0.26498 -2.31615,-1.48319 -0.385,-0.48366 -0.82181,-0.9087 -1.47509,-1.43551 -1.26864,-1.02295 -1.73436,-1.68812 -1.97259,-2.8169 -0.12408,-0.58783 -0.0444,-1.84714 0.15536,-2.44411 0.22327,-0.66864 0.58351,-1.40856 0.70917,-1.4568 0.058,-0.0222 0.10513,-0.0975 0.10513,-0.16734 0,-0.0698 0.16903,-0.37239 0.37562,-0.67228 1.4313,-2.07773 4.71481,-5.33096 7.14181,-7.07596 1.41634,-1.01829 4.59516,-2.32349 6.39106,-2.62405 0.49657,-0.0831 0.6097,-0.0753 1.40718,0.0969 0.61843,0.13357 1.39845,0.22229 2.71883,0.30924 l 1.85164,0.12194 1.51825,0.51194 c 0.83512,0.28157 1.80162,0.57869 2.14791,0.66027 0.65493,0.15431 1.18498,0.19367 1.18498,0.088 0,-0.12903 -0.45585,-0.73923 -0.96271,-1.28872 -0.3928,-0.42586 -0.6009,-0.59204 -0.81265,-0.64906 -0.21554,-0.058 -0.30299,-0.12945 -0.36046,-0.29422 -0.0465,-0.13311 -0.25755,-0.35143 -0.54386,-0.56229 -0.60126,-0.4428 -0.85086,-0.56344 -1.59682,-0.77153 -0.66766,-0.18626 -0.85208,-0.31599 -0.6794,-0.47789 0.0572,-0.054 0.56204,-0.30163 1.12108,-0.55028 1.98074,-0.88111 2.4821,-0.98311 3.94688,-0.80298 2.73651,0.33651 5.68118,1.35687 7.59,2.62999 0.67676,0.45142 1.34793,0.76328 1.47438,0.68513 0.17776,-0.10987 -0.27859,-1.17233 -0.84507,-1.96733 -0.57807,-0.81132 -1.76849,-1.85874 -3.00908,-2.64763 -0.22978,-0.14608 -0.43931,-0.30055 -0.46572,-0.34327 -0.0637,-0.1033 0.19801,-0.60647 0.48662,-0.93525 0.65922,-0.7508 1.88578,-1.06733 3.56511,-0.92003 2.62987,0.23068 5.97214,1.35979 8.05235,2.72033 0.78331,0.51236 1.29462,0.7658 1.43566,0.71168 0.0946,-0.0363 0.0939,-0.0899 -0.007,-0.42465 -0.26972,-0.90841 -1.0536,-2.06302 -1.97044,-2.90231 -0.29354,-0.26873 -1.00959,-0.80544 -1.59116,-1.1927 -1.43338,-0.95444 -1.71468,-1.38975 -1.10369,-1.70788 0.34206,-0.17811 1.43866,-0.20274 3.30913,-0.0743 1.19665,0.0822 2.01567,0.0941 3.29582,0.0481 4.24072,-0.15249 6.8394,-0.23111 8.04771,-0.24348 1.29068,-0.0132 1.31035,-0.011 1.49978,0.16617 0.23658,0.22136 0.24975,0.52499 0.0437,1.00601 -0.0816,0.19037 -0.12967,0.37644 -0.10677,0.4135 0.0458,0.0746 2.0176,0.0772 2.35987,0.003 0.22957,-0.0497 0.32661,-0.18323 1.21762,-1.67619 0.24309,-0.40735 0.53656,-0.83048 0.65214,-0.94029 0.29941,-0.28455 0.91677,-0.53782 2.12243,-0.87079 0.57764,-0.15952 1.35995,-0.40834 1.73858,-0.55293 0.86188,-0.32916 1.39094,-0.46644 2.05202,-0.53245 0.46228,-0.0462 0.55424,-0.0832 0.84921,-0.34159 0.50065,-0.43862 1.16423,-0.72042 3.5946,-1.52648 2.30706,-0.76516 4.09487,-1.44446 4.971,-1.88876 0.28037,-0.14217 1.33519,-0.80925 2.34413,-1.48243 1.04343,-0.69622 2.22498,-1.41759 2.74036,-1.67306 0.88586,-0.43914 1.78961,-0.73167 2.00508,-0.64901 0.0687,0.0265 0.20237,0.43462 0.36961,1.13031 0.14391,0.59891 0.29218,1.11938 0.3294,1.15663 0.0408,0.0409 0.30334,-0.0359 0.66294,-0.19399 0.7949,-0.34949 1.5644,-0.53043 1.69042,-0.3975 0.0508,0.0533 0.4922,1.79664 0.98139,3.87413 0.79419,3.37279 0.89859,3.89513 0.97495,4.87809 0.0769,0.98912 0.10541,1.13093 0.28174,1.39737 0.22448,0.33927 0.22126,0.26545 0.25762,5.83398 0.0179,2.75772 0.0122,2.89981 -0.18499,4.32279 l -0.20359,1.47134 0.34736,0.75058 c 0.49606,1.07187 0.55796,1.12391 0.65478,0.55063 0.12223,-0.72335 0.65686,-1.83681 0.88192,-1.83681 0.0501,0 0.48841,0.85549 0.97366,1.90109 0.51567,1.1112 1.16967,2.37684 1.57392,3.0461 0.41964,0.69465 0.99621,1.81601 1.466,2.851 0.75984,1.67411 0.78675,1.75247 1.44017,4.19364 l 0.66588,2.48764 0.33341,3.36991 c 0.29268,2.95776 0.32782,3.50125 0.28753,4.44383 -0.12402,2.90246 -0.57807,5.19056 -1.82009,9.17207 -0.24331,0.78019 -0.35201,1.23569 -0.30578,1.28191 0.10312,0.10316 0.9006,-0.79107 1.46292,-1.64038 1.29319,-1.95346 3.06562,-5.92553 3.40403,-7.62858 0.0687,-0.34625 0.23665,-1.01282 0.37298,-1.48127 0.32746,-1.12482 0.74359,-4.57583 0.66988,-5.55479 -0.11321,-1.50373 -0.28818,-2.42268 -0.93072,-4.88821 -0.19644,-0.75361 -0.41248,-1.72013 -0.48011,-2.14785 -0.068,-0.42773 -0.23479,-1.21095 -0.3714,-1.7405 -0.13661,-0.52956 -0.2866,-1.22487 -0.33341,-1.54514 -0.0465,-0.32026 -0.19815,-0.93684 -0.33655,-1.37017 -0.13833,-0.43334 -0.25211,-0.81288 -0.25289,-0.84344 -0.007,-0.18636 0.22899,0.0638 0.93365,0.99987 1.34242,1.78346 1.89402,2.67413 2.28839,3.69551 0.19436,0.50323 0.44668,1.14826 0.56082,1.4334 0.20431,0.51031 0.20767,0.5139 0.2114,0.22833 0,-0.15956 -0.094,-0.65949 -0.21361,-1.11095 -0.11965,-0.45146 -0.23909,-1.02081 -0.26557,-1.26522 -0.0265,-0.24441 -0.18412,-0.88597 -0.35043,-1.42568 -0.43581,-1.41477 -0.39946,-1.40581 0.82689,0.20362 1.37855,1.80916 1.8422,2.57952 2.35679,3.91632 0.82797,2.15058 1.64763,4.51049 1.87663,5.40325 0.12201,0.47531 0.40339,1.28344 0.6253,1.79584 0.58437,1.34929 1.13109,3.44723 1.3832,5.30825 0.0508,0.3768 0.11958,0.68509 0.15236,0.68509 0.16352,0 0.39731,-1.22749 0.50057,-2.62814 0.0544,-0.74202 0.0458,-1.18552 -0.0379,-1.94161 -0.13425,-1.21131 -0.0623,-1.92876 0.16481,-1.63228 0.21375,0.27957 1.31128,3.03813 1.53606,3.86047 0.74839,2.73898 1.06104,5.54253 0.97144,8.71105 -0.0985,3.48357 -0.0836,3.39879 -1.39845,7.96186 -0.63382,2.1997 -1.30699,4.44832 -1.49584,4.99693 -0.80528,2.33869 -1.72083,4.33657 -2.62115,5.71961 -1.15485,1.77414 -3.17896,4.26617 -4.74694,5.84437 -0.86031,0.86588 -1.07907,1.04472 -1.55645,1.27219 -0.3055,0.14557 -0.68184,0.28774 -0.8362,0.31593 -0.23322,0.0426 -0.30707,0.10304 -0.43609,0.35722 -0.20968,0.41306 -1.19386,1.37356 -2.0976,2.04725 -0.4074,0.30364 -1.34056,1.0551 -2.07385,1.66991 -1.27407,1.06835 -1.41519,1.16351 -3.18733,2.14917 -1.01975,0.56723 -2.09367,1.1131 -2.38643,1.21305 -0.57814,0.19741 -0.75826,0.37375 -0.38171,0.37375 0.32117,0 1.12366,-0.12405 2.40045,-0.37105 0.61099,-0.1182 1.4927,-0.26936 1.95928,-0.33592 0.94826,-0.13525 2.52668,-0.58393 4.05838,-1.15365 1.28416,-0.47763 1.45355,-0.56442 3.04414,-1.55937 0.7189,-0.44969 1.65707,-1.03504 2.08479,-1.30078 0.95055,-0.59057 2.16122,-1.46282 2.83726,-2.04415 0.70259,-0.60422 3.69442,-3.82051 4.59151,-4.93602 1.6306,-2.02755 2.59159,-3.73503 3.82144,-6.78988 0.43087,-1.07016 0.45592,-1.16748 0.53342,-2.07379 0.0444,-0.52302 0.0976,-2.55114 0.11751,-4.50693 0.0343,-3.35458 0.0272,-3.60419 -0.11615,-4.4068 -0.0839,-0.46794 -0.18863,-1.34918 -0.23293,-1.9583 -0.0948,-1.30327 -0.15014,-1.58599 -0.73622,-3.7607 -0.24453,-0.90718 -0.51181,-1.96604 -0.59396,-2.35303 -0.19057,-0.89749 -0.27308,-1.77753 -0.16667,-1.77753 0.15751,0 0.49521,0.49986 0.85072,1.25908 0.20023,0.42772 0.7597,1.49424 1.24324,2.37004 0.56304,1.01987 0.9962,1.91191 1.2048,2.48115 0.17919,0.48882 0.42908,1.08874 0.55539,1.33315 0.22427,0.43389 0.22978,0.43847 0.23329,0.19398 0,-0.13773 -0.19472,-0.99059 -0.43703,-1.89527 -0.4854,-1.81233 -0.71153,-2.8494 -0.78932,-3.62034 -0.0472,-0.46935 -0.0408,-0.50549 0.0867,-0.48094 0.21154,0.0407 0.65822,0.68528 0.94583,1.36464 0.1424,0.33646 0.66444,1.33932 1.16001,2.22858 0.6107,1.09576 1.0191,1.93258 1.2672,2.59657 0.2013,0.53885 0.70803,1.67203 1.12602,2.51817 0.41799,0.84614 0.83361,1.76369 0.92371,2.03901 0.5103,1.56025 1.1258,6.5751 1.12673,9.17948 7.2e-4,1.5079 -0.14226,2.65823 -0.47323,3.81392 -0.13776,0.48093 -0.28754,1.05771 -0.33283,1.28176 -0.1296,0.64135 -0.23043,1.93996 -0.23043,2.96757 0,0.53031 -0.0814,1.64643 -0.18642,2.55346 -0.10247,0.88624 -0.16752,1.63016 -0.14455,1.65315 0.10104,0.10102 0.28503,-0.13807 0.40525,-0.52655 0.0802,-0.2592 0.32925,-0.70019 0.64713,-1.14593 0.28424,-0.39852 0.92442,-1.39949 1.42263,-2.22438 0.49814,-0.82488 0.94082,-1.49979 0.98361,-1.49979 0.0515,0 0.0601,0.14438 0.025,0.42587 -0.0286,0.23422 -0.0794,1.17576 -0.11242,2.0923 -0.0951,2.6453 -0.6306,6.89002 -1.12509,8.91868 -0.58988,2.42021 -1.27679,4.05334 -2.80477,6.66882 -0.87605,1.49953 -1.10283,1.76882 -2.776,3.29685 -3.02024,2.75813 -5.24351,4.36289 -7.10374,5.12757 -0.49062,0.20166 -1.26649,0.56608 -1.7242,0.80979 -0.66745,0.35543 -0.97509,0.47188 -1.55459,0.58845 -0.39731,0.0799 -1.35688,0.36355 -2.13238,0.63028 -0.77551,0.26673 -1.89323,0.60094 -2.48389,0.7427 -0.59067,0.14176 -1.67382,0.44156 -2.40704,0.66623 -0.73329,0.22467 -1.78309,0.48807 -2.33304,0.58533 -0.54994,0.0972 -1.89973,0.36161 -2.99956,0.58746 l -1.99977,0.41061 -1.88858,-0.004 c -2.67367,-0.004 -7.52287,-0.19427 -8.40629,-0.32884 -0.40733,-0.062 -1.40224,-0.13423 -2.21089,-0.16039 -1.31608,-0.0426 -1.46757,-0.0353 -1.44425,0.0693 0.0394,0.17545 1.37305,1.71469 2.04716,2.36226 0.32553,0.31276 0.75389,0.65007 0.95183,0.74958 0.6993,0.35158 2.96936,1.22703 4.3223,1.6669 3.03742,0.98755 5.21073,1.391 9.29502,1.72552 1.81099,0.14834 2.12901,0.1556 3.36996,0.077 2.64111,-0.16725 4.21259,-0.51005 7.06237,-1.54052 2.71618,-0.9822 3.49863,-1.46729 5.34913,-3.31634 1.14419,-1.14326 2.93272,-3.14961 3.88341,-4.35625 1.40819,-1.78733 2.36668,-3.09816 2.95505,-4.04138 0.36647,-0.58755 1.81852,-3.66206 2.47244,-5.23498 0.23716,-0.57039 0.39438,-0.83002 0.6842,-1.12947 0.20703,-0.21386 0.43044,-0.38884 0.49649,-0.38884 0.0774,0 0.17311,0.14174 0.26929,0.39877 0.37605,1.00514 0.52798,2.0241 0.52798,3.54087 0,1.25423 0.0615,1.27053 0.55595,0.14723 0.76807,-1.74487 0.79419,-1.79242 1.17246,-2.13249 0.20267,-0.18226 0.41835,-0.32161 0.47918,-0.30966 0.0608,0.012 0.1925,0.23835 0.29254,0.50313 0.45856,1.21384 0.59117,2.76656 0.47137,5.51776 -0.0608,1.38833 -0.12974,2.046 -0.37455,3.55507 -0.52991,3.26631 -0.57714,3.45932 -1.0425,4.25867 -0.41298,0.70944 -1.70395,2.39469 -3.26734,4.26527 -0.52068,0.62303 -0.59368,0.75353 -0.93237,1.66781 -0.20217,0.54553 -0.43903,1.16686 -0.52648,1.38072 -0.14663,0.35868 -0.14892,0.38883 -0.0293,0.38883 0.23436,0 1.07378,-0.63333 2.18999,-1.6523 1.42843,-1.30399 2.34506,-1.92488 2.34434,-1.58799 0,0.15618 -0.34607,1.38119 -0.63246,2.24043 -0.51223,1.53718 -0.99391,2.66751 -1.56232,3.66616 -0.31301,0.54993 -0.67726,1.26204 -0.8095,1.58248 -0.21103,0.51166 -0.27952,0.6047 -0.56211,0.76397 -0.47381,0.26709 -0.86833,0.67764 -1.80184,1.87519 -0.96014,1.23177 -1.34292,1.6237 -2.24252,2.29598 -0.3543,0.26478 -0.76549,0.64294 -0.91383,0.84036 -0.21397,0.28473 -0.66602,0.61967 -2.18641,1.61983 -2.07557,1.36539 -2.59002,1.62321 -5.67223,2.84268 -1.15371,0.45648 -1.45728,0.54842 -1.81458,0.54963 -0.28503,7.1e-4 -0.64033,0.0763 -1.05861,0.22428 -0.95534,0.33814 -1.73858,0.43117 -4.33274,0.51468 -1.30349,0.0419 -3.06991,0.12929 -3.92535,0.19407 -1.12172,0.0849 -3.26906,0.13364 -7.70263,0.17471 -6.7903,0.0629 -6.22833,0.0271 -9.90236,0.63117 -1.11206,0.18285 -2.70516,0.40045 -3.5402,0.48358 -0.83512,0.0831 -1.85165,0.21384 -2.25898,0.29051 -0.40732,0.0767 -1.34055,0.21026 -2.07377,0.29688 -1.51245,0.17868 -5.55143,1.08328 -10.55413,2.36377 -2.77465,0.7102 -2.8704,0.74078 -3.55502,1.1354 -0.387,0.22305 -1.02025,0.58318 -1.40725,0.80031 -0.93116,0.52246 -2.35036,1.44918 -3.85128,2.51487 -0.67218,0.47717 -1.70538,1.17847 -2.29597,1.55846 -0.59067,0.37992 -1.6072,1.07649 -2.25898,1.54794 -0.69536,0.50293 -1.79218,1.1965 -2.65427,1.67825 -2.11485,1.18169 -4.84298,3.15915 -6.89994,5.00135 -2.23936,2.00543 -3.88813,3.86709 -6.55314,7.39943 l -1.42493,1.88864 -1.05553,2.11077 c -1.07499,2.14984 -2.89172,6.21938 -3.14977,7.05572 -0.41655,1.34972 -0.56683,2.26184 -0.96085,5.82981 l -0.29841,2.70179 v 3.18855 c 0,2.3626 0.0286,3.4182 0.10942,4.07513 0.0601,0.48755 0.17647,1.55309 0.25848,2.36782 0.37784,3.75345 0.61886,5.23284 1.36954,8.40622 1.02611,4.33826 1.06669,4.4607 2.23206,6.73914 0.42694,0.83474 0.89538,1.85124 1.04093,2.25894 0.30571,0.8564 0.46093,1.1282 1.73414,3.0373 1.3679,2.051 2.18878,3.5761 2.01717,3.7477 -0.0336,0.034 -0.19629,-0.016 -0.36124,-0.1091 z M 112.73436,886.94086 c 1.32195,-0.15588 2.4675,-0.22608 3.74022,-0.2292 1.49384,-0.004 1.74394,-0.0622 2.51816,-0.58877 0.59103,-0.40201 1.86145,-1.62482 2.46064,-2.36839 0.26384,-0.32747 0.58787,-0.85781 0.79712,-1.30481 0.19386,-0.4142 0.48547,-0.94915 0.64798,-1.18877 0.40733,-0.60071 0.6862,-1.17111 0.6862,-1.40337 0,-0.34764 -0.23164,-0.69789 -0.99348,-1.50186 -0.41141,-0.4341 -1.0405,-1.11195 -1.39809,-1.50636 -0.35759,-0.39439 -0.84943,-0.87766 -1.09296,-1.07392 -0.38664,-0.31155 -0.43745,-0.38183 -0.40038,-0.55382 0.0386,-0.17956 0,-0.21822 -0.40847,-0.43731 -0.54709,-0.29159 -1.26499,-0.90215 -2.29182,-1.94922 -0.42415,-0.43251 -0.80077,-0.78639 -0.83691,-0.78639 -0.0365,0 -0.16309,0.0504 -0.28217,0.11196 -0.11907,0.0616 -0.47509,0.16144 -0.79118,0.22192 -0.75289,0.14405 -6.08914,2.02611 -6.9468,2.45009 -0.73207,0.3619 -0.97925,0.55093 -1.25869,0.96267 -0.23093,0.34031 -0.23544,0.60374 -0.0329,1.9296 0.31043,2.03469 1.03964,3.87758 2.37984,6.0141 0.63052,1.00519 1.20187,1.73706 2.52997,3.24086 0.0472,0.0531 0.13525,0.0838 0.19637,0.068 0.0608,-0.0157 0.41105,-0.0638 0.77765,-0.10709 z m 49.65661,-4.22613 c 1.00422,-0.20493 1.92421,-0.54677 3.30506,-1.22815 3.46156,-1.70805 4.90015,-3.27568 6.18024,-6.73458 1.24838,-3.37321 1.37913,-4.14208 1.30878,-7.69578 -0.0444,-2.2513 -0.18126,-3.64724 -0.502,-5.12759 -0.32489,-1.4996 -1.63474,-4.94302 -2.3198,-6.09845 -0.16688,-0.28156 -0.83906,-1.12197 -1.49355,-1.86759 -0.65457,-0.74562 -1.7262,-2.00558 -2.38142,-2.79992 -1.37462,-1.66656 -1.95383,-2.18474 -3.97494,-3.55606 -1.02339,-0.69439 -4.30104,-2.28773 -5.59988,-2.72223 -2.26427,-0.75744 -6.74937,-1.88881 -6.89814,-1.74004 -0.0608,0.061 0.13897,0.19389 0.75991,0.505 0.46343,0.23221 1.24259,0.6642 1.73142,0.95997 0.48884,0.29577 1.01295,0.58943 1.1648,0.65259 0.90747,0.37746 3.12157,1.79509 4.42699,2.83444 0.50923,0.40541 1.42572,1.11601 2.03678,1.5791 4.02081,3.04736 5.91282,5.26558 7.52252,8.81955 0.77157,1.70355 0.94689,2.25754 1.07184,3.3868 0.0623,0.561 0.22685,1.70323 0.36618,2.53831 0.47481,2.84462 0.51345,3.2348 0.51359,5.18447 7e-5,1.39541 -0.0301,1.98491 -0.12917,2.55202 -0.28044,1.60055 -0.74573,3.06682 -1.27006,4.00263 -0.55081,0.98313 -2.32159,2.84243 -3.96435,4.16261 -0.80564,0.64743 -1.11199,0.8133 -3.53527,1.91418 -0.62051,0.28189 -1.14641,0.55986 -1.16859,0.6177 -0.0608,0.1578 1.85179,0.0645 2.84906,-0.13898 z m -35.91808,-1.31987 c 0,-0.0689 -0.0644,-0.23056 -0.14297,-0.35927 -0.18878,-0.3097 -0.77122,-0.91396 -0.88092,-0.91396 -0.18542,0 -0.0694,0.27361 0.24466,0.57687 0.18091,0.17471 0.40232,0.44832 0.49213,0.60802 0.1623,0.28882 0.28768,0.32738 0.2871,0.0883 z m 26.00607,-5.70827 c 2.08715,-1.38605 2.82266,-2.56241 3.80262,-6.08202 0.9557,-3.43249 0.9338,-6.77874 -0.0615,-9.4236 -0.9368,-2.4889 -3.06131,-5.36899 -5.77305,-7.82618 -0.55761,-0.50528 -1.01381,-0.94688 -1.01381,-0.98134 0,-0.0345 -0.0508,-0.0626 -0.113,-0.0626 -0.11657,0 -1.49627,-0.97265 -2.1381,-1.50728 -0.59053,-0.49188 -2.82223,-1.43936 -4.80834,-2.04144 -2.30857,-0.69983 -4.70337,-1.24275 -6.21359,-1.40863 -0.87555,-0.0962 -2.70037,-0.10432 -2.75726,-0.0123 -0.0229,0.0367 0.56698,0.36399 1.31029,0.72739 0.74331,0.36339 1.77164,0.91398 2.28516,1.22352 0.51353,0.30955 1.2134,0.69976 1.55531,0.86714 0.34192,0.16738 0.85502,0.44995 1.14012,0.62795 1.12766,0.70388 2.74831,1.66749 2.88849,1.71746 0.2612,0.0931 2.20058,1.22205 2.85143,1.65988 0.34629,0.23291 1.0795,0.81607 1.62945,1.29592 0.54988,0.47983 1.38357,1.19574 1.85265,1.59089 1.53341,1.29196 2.15929,2.07678 3.6507,4.57828 0.70373,1.18027 1.1258,2.08975 1.43251,3.08692 l 0.20509,0.66658 0.0279,2.85146 c 0.02,2.02557 0,3.00162 -0.0623,3.3699 -0.22928,1.3173 -1.10497,3.26594 -2.11234,4.70069 -0.55066,0.78434 -0.69722,1.03926 -0.59732,1.03926 0.015,0 0.47359,-0.29601 1.01839,-0.65778 z m -26.23571,-0.69388 c 0.14506,-0.44889 0.24668,-1.34578 0.19909,-1.75698 -0.10319,-0.89112 -0.54773,-2.2028 -0.92715,-2.73557 -0.11929,-0.16754 -0.27236,-0.24448 -0.72606,-0.36488 -0.86754,-0.23025 -1.68362,-0.368 -2.52232,-0.42577 -0.88936,-0.0612 -0.90439,-0.0435 -0.48561,0.57183 0.34893,0.51278 2.01409,2.5116 2.64461,3.17455 0.0969,0.10183 0.46894,0.51844 0.82675,0.92579 0.8606,0.97956 0.86976,0.98522 0.99069,0.61103 z m -11.44793,-7.16931 c 0.78825,-0.26349 1.01266,-0.39185 1.01266,-0.57911 0,-0.1883 -0.0757,-0.24698 -1.73271,-1.34204 -1.25125,-0.82689 -1.70702,-1.07912 -3.0211,-1.67179 -3.43916,-1.55111 -6.27041,-2.57334 -7.99024,-2.88494 -0.58115,-0.10528 -1.56683,-0.32274 -2.19049,-0.48323 -1.241369,-0.31949 -1.90739,-0.42552 -1.976017,-0.31458 -0.02433,0.0391 0.213038,0.18202 0.527049,0.31763 0.31401,0.13562 2.137388,0.99682 4.051938,1.9138 3.09574,1.48273 4.76877,2.35566 7.25824,3.78724 0.40733,0.23425 1.03506,0.58211 1.39501,0.77301 0.35989,0.19091 0.80986,0.4467 0.99986,0.56843 0.41763,0.26755 0.6477,0.25589 1.6658,-0.0844 z m 15.91657,-1.94054 c -0.0415,-0.0509 -0.39802,-0.54252 -0.79261,-1.09244 -0.46579,-0.64909 -0.80141,-1.04343 -0.95677,-1.12404 -0.13167,-0.0684 -0.4952,-0.40603 -0.80793,-0.75049 -0.64934,-0.71522 -1.67653,-1.58724 -2.92828,-2.48591 -0.9537,-0.68469 -2.95298,-1.70894 -4.97909,-2.55088 -1.41684,-0.58876 -5.64661,-2.07737 -6.25373,-2.20092 -0.4245,-0.0864 -6.08199,-0.22446 -6.46212,-0.15773 -0.43538,0.0764 -0.13654,0.15423 3.49955,0.91102 1.38965,0.28924 2.18155,0.50479 3.62909,0.98788 3.34534,1.11641 6.58721,2.52032 8.22109,3.5602 0.36661,0.23333 0.87885,0.52002 1.13826,0.6371 1.12007,0.50553 2.63832,1.49016 4.93493,3.20052 0.85544,0.63705 1.61778,1.15827 1.69407,1.15827 0.10162,0 0.11865,-0.0248 0.0637,-0.0926 z m 3.24173,-9.23103 c 0,-0.36372 -2.63417,-3.13002 -3.88835,-4.0833 -1.14577,-0.87093 -2.74581,-1.47208 -5.20257,-1.95465 -0.92694,-0.18207 -2.28524,-0.46538 -3.01846,-0.62958 -0.73328,-0.1642 -1.56647,-0.33046 -1.85164,-0.36945 -0.88078,-0.12047 -2.44976,-0.18056 -2.59481,-0.0994 -0.12588,0.0704 -0.12538,0.0764 0.009,0.11696 3.65563,1.10266 6.20686,1.95327 7.03876,2.34682 0.52455,0.24814 1.79583,0.81758 2.8251,1.26542 1.39401,0.60656 2.12866,0.97568 2.87983,1.44706 0.55467,0.34804 1.229,0.72312 1.4985,0.83351 0.26957,0.11039 0.83998,0.42287 1.2677,0.6944 0.72492,0.46019 1.03692,0.59024 1.03692,0.43219 z m -45.522669,-3.5295 0.621008,-0.19781 0.273507,-0.66877 c 0.174538,-0.42686 0.247817,-0.69446 0.202447,-0.7398 -0.08365,-0.0837 -1.522894,0.14938 -1.676035,0.27144 -0.141405,0.11272 -0.65042,1.43423 -0.590023,1.53192 0.06512,0.10568 0.39144,0.0507 1.169096,-0.19698 z m 40.153069,-14.88217 c 1.67668,-0.22332 2.91326,-0.58468 4.20701,-1.22939 1.40532,-0.70029 1.92658,-1.12027 4.10662,-3.30848 1.86724,-1.87422 2.01824,-2.04508 2.01824,-2.28365 0,-0.15685 -0.0422,-0.27398 -0.10727,-0.29904 -0.32983,-0.12655 -7.70872,1.60323 -12.79715,2.99993 -3.27836,0.89984 -6.86072,2.0005 -7.07426,2.17351 -0.2189,0.17735 -0.0515,0.30605 1.18498,0.91035 1.35144,0.66049 2.0994,0.89983 3.46249,1.10792 0.90232,0.13774 3.73357,0.0974 4.99934,-0.0711 z m 44.63223,-6.21015 c 0.87648,-0.22703 1.90446,-0.68444 1.79168,-0.79722 -0.0544,-0.0546 -0.30836,-0.0507 -0.84664,0.0129 -0.42278,0.05 -1.30191,0.0941 -1.95369,0.0979 l -1.18498,0.007 -0.81473,-0.32698 c -1.40074,-0.56216 -2.86316,-1.36178 -3.31257,-1.81113 -0.0601,-0.0602 -0.43001,-0.25926 -0.82188,-0.44239 -2.24366,-1.04845 -3.81149,-2.63155 -4.77929,-4.82588 -0.18956,-0.42979 -0.22892,-0.48045 -0.23007,-0.29626 0,0.2444 0.33369,1.41031 0.63876,2.22192 0.53306,1.41789 1.08315,2.20393 3.03212,4.33263 l 0.94718,1.03454 0.5594,0.18434 c 1.05395,0.34728 2.51387,0.66024 3.78122,0.81057 0.14255,0.0169 0.75912,0.0199 1.37018,0.006 0.88794,-0.0192 1.2539,-0.0611 1.82338,-0.20861 z m -3.41934,-7.32664 c 0.5735,-0.34754 0.85165,-0.86195 0.85008,-1.57182 0,-0.68958 -0.22349,-1.15669 -0.91212,-1.91949 -0.29011,-0.32137 -0.59675,-0.69631 -0.68133,-0.83322 -0.20288,-0.32822 -0.32181,-0.31402 -0.46995,0.0561 -0.34771,0.86909 -0.42772,1.93499 -0.22048,2.93841 0.13912,0.67392 0.26371,0.9931 0.51768,1.32604 0.23629,0.30976 0.41033,0.31052 0.91612,0.004 z m 8.93177,-3.50235 c -0.15128,-1.00861 -0.84027,-2.20087 -1.94324,-3.36262 l -0.43023,-0.45313 -0.81472,-0.17922 c -1.15364,-0.2538 -2.20065,-0.35575 -2.7033,-0.26327 -0.54257,0.0998 -1.63467,0.64553 -2.32745,1.16302 -0.53349,0.39843 -0.69315,0.61691 -0.45084,0.61691 0.0608,0 0.43538,-0.10418 0.8329,-0.2315 0.61922,-0.19836 0.79698,-0.22587 1.24145,-0.19213 1.15585,0.0877 2.31335,0.55811 3.19306,1.29761 0.38779,0.32596 0.6414,0.47579 0.96285,0.56869 0.60391,0.17456 1.48676,0.64594 1.9494,1.04083 0.21325,0.18201 0.42207,0.33093 0.46408,0.33093 0.0487,0 0.058,-0.12193 0.0258,-0.33612 z"
-           style="fill:#bd0404" />
-        <path
-           style="fill:#010000;stroke-width:0.996937"
-           d="m 131.86348,1005.906 c -1.58836,-1.0592 -4.40794,-3.6702 -4.75445,-4.4027 -0.12363,-0.2614 -0.29728,-0.4715 -0.53499,-0.6475 -0.83249,-0.6163 -1.72277,-1.69677 -4.12443,-5.00554 -0.78961,-1.08783 -1.6363,-2.23037 -1.88158,-2.53899 -0.24526,-0.30863 -0.61739,-0.83342 -0.82691,-1.16616 -0.20954,-0.33274 -0.65022,-0.97096 -0.97932,-1.41828 -0.74189,-1.00849 -0.89035,-1.26154 -1.36349,-2.32439 -0.36798,-0.82672 -1.26667,-2.28936 -1.40672,-2.28936 -0.1001,0 -0.0909,0.0966 0.11722,1.23185 0.21659,1.18178 0.60312,2.70173 0.88871,3.4949 0.10936,0.30392 0.7819,1.68232 1.49453,3.06307 0.71257,1.38076 1.40951,2.75688 1.54877,3.05808 0.13926,0.30121 0.61996,1.16508 1.06827,1.91975 1.2303,2.07117 1.88009,3.45307 1.70565,3.62757 -0.0933,0.094 -1.0799,-0.091 -1.76942,-0.3292 -1.58352,-0.5486 -3.48877,-1.6952 -5.27126,-3.17196 -0.82727,-0.68538 -2.39801,-2.22009 -3.44816,-3.36905 -0.99409,-1.08761 -1.53485,-1.86225 -2.73862,-3.92268 -1.05343,-1.80316 -1.1762,-2.03952 -1.56067,-3.00442 -0.16144,-0.40529 -0.7055,-1.54598 -1.20896,-2.53493 -1.15245,-2.26353 -1.5148,-3.19861 -2.25605,-5.82222 -0.54148,-1.91631 -0.60498,-2.21124 -0.71042,-3.29971 -0.0635,-0.65734 -0.14697,-1.37176 -0.18499,-1.58742 -0.0378,-0.21575 -0.22137,-1.8708 -0.40736,-3.67804 -0.18607,-1.80717 -0.35422,-3.33182 -0.37376,-3.38811 -0.0649,-0.1867 -0.30706,0.12342 -0.65015,0.8322 -0.59171,1.22224 -1.01391,2.52159 -1.67047,5.14027 -1.076764,4.29464 -1.322181,6.56811 -0.961404,8.90556 0.08076,0.52343 0.147249,1.24234 0.147678,1.59763 5.7e-4,0.46942 0.09153,1.09652 0.333026,2.29549 0.23864,1.18478 0.33195,1.82458 0.33117,2.27061 0,0.83134 -0.0706,0.9298 -0.38446,0.54905 -0.133129,-0.16145 -0.441397,-0.51459 -0.685102,-0.78477 -0.243633,-0.2701 -0.788971,-0.87558 -1.211886,-1.34537 -1.780483,-1.9781 -2.337807,-3.05978 -2.992798,-5.80916 -0.14996,-0.62945 -0.484412,-1.90868 -0.743312,-2.84276 -0.626098,-2.25934 -0.676037,-2.46337 -0.845689,-3.45559 -0.131982,-0.77207 -0.146465,-1.23415 -0.15474,-4.93737 -0.01,-4.55647 0.0072,-4.78606 0.520369,-7.85119 0.157023,-0.93401 0.324035,-2.1302 0.37112,-2.65813 0.07177,-0.80532 0.168938,-1.25712 0.603696,-2.80581 0.34872,-1.24206 0.648571,-2.13827 0.916674,-2.73953 0.219163,-0.49155 0.398516,-0.94779 0.398516,-1.01392 0,-0.31191 0.616681,-2.56959 0.981524,-3.59329 0.583507,-1.63723 0.82186,-2.95348 0.534922,-2.95348 -0.321396,0 -2.530144,2.14169 -3.51074,3.40416 -1.961977,2.52593 -3.250699,5.43297 -3.466223,7.819 -0.07555,0.83649 -0.192052,1.27817 -0.325605,1.23458 -0.123493,-0.0407 -0.527217,-1.02076 -0.751517,-1.82521 -0.107583,-0.38582 -0.396162,-1.38261 -0.641364,-2.21511 -0.245131,-0.83256 -0.565029,-1.96226 -0.71078,-2.51052 l -0.265036,-0.99679 V 950.376 c 7.13e-4,-1.42948 0.03068,-1.92381 0.167297,-2.80581 0.279304,-1.7991 0.557609,-2.87765 0.978598,-3.79169 0.208462,-0.45273 0.523437,-1.2432 0.699936,-1.75658 0.363202,-1.0565 1.0722,-2.34565 2.260044,-4.10958 0.358209,-0.53186 3.271459,-3.73705 3.916248,-4.30858 1.194693,-1.0591 2.174647,-1.68722 4.441468,-2.84684 2.20254,-1.12672 2.29607,-1.3037 1.26032,-2.38436 -0.21402,-0.22336 -0.9405,-1.0362 -1.61439,-1.8063 -0.953414,-1.08964 -1.297211,-1.53998 -1.549905,-2.03051 -0.799887,-1.55227 -1.29657,-3.65597 -1.420062,-6.01448 -0.04209,-0.80995 -0.03424,-0.94782 0.05565,-0.91348 0.139117,0.0533 1.640081,1.10585 1.70165,1.19317 0.0264,0.0373 0.159235,0.10976 0.295356,0.16095 0.13612,0.0512 0.560178,0.21446 0.942351,0.36277 1.6662,0.64667 2.71556,0.77487 6.35658,0.77661 2.75665,0.001 2.91381,-0.006 5.19133,-0.257 1.29173,-0.14208 2.60413,-0.25843 2.91654,-0.25853 1.28009,-7.2e-4 2.61583,-0.27992 3.66177,-0.76612 0.69195,-0.32165 2.12364,-1.28921 2.99772,-2.02592 0.38582,-0.32517 1.39588,-1.31096 2.24456,-2.19066 1.70001,-1.76211 2.40081,-2.39266 4.10409,-3.69271 0.62874,-0.47987 1.33809,-1.03468 1.57624,-1.23291 0.44089,-0.36691 1.17993,-0.77305 2.04316,-1.12282 0.26396,-0.10696 1.24413,-0.57659 2.17814,-1.04361 l 1.6983,-0.84914 2.76886,-0.7705 c 1.52287,-0.42378 3.2238,-0.85379 3.77984,-0.95556 1.12991,-0.20683 4.17457,-1.12713 4.73832,-1.43225 0.62303,-0.3372 1.00485,-0.9153 1.62453,-2.45967 0.91632,-2.28347 1.5427,-4.57734 1.64365,-6.01916 0.0774,-1.10431 -0.22808,-3.42433 -0.52914,-4.01903 -0.20889,-0.41279 -0.49077,-0.71684 -1.94272,-2.09612 -1.28658,-1.22209 -1.86809,-1.66442 -2.57923,-1.96179 -1.43547,-0.60027 -3.41314,-0.59705 -5.69794,0.009 -2.4857,0.65966 -4.82151,1.77293 -6.4643,3.08099 -1.30078,1.03573 -5.54163,5.52491 -6.29893,6.66775 -0.54991,0.82994 -1.52187,2.53848 -1.90911,3.35612 -0.41386,0.87355 -0.53115,1.42479 -0.59043,2.77484 -0.0606,1.37866 0.0242,1.91143 0.5365,3.37329 0.21851,0.62365 0.40586,1.27177 0.41628,1.44026 l 0.0192,0.30633 -0.24856,-0.0243 c -0.70351,-0.0689 -2.22024,-0.72732 -3.9786,-1.72718 -0.53799,-0.30598 -1.1795,-0.63159 -1.42548,-0.72357 -0.61098,-0.22847 -0.6565,-0.1736 -0.49676,0.5989 0.0955,0.46196 0.29271,0.9333 0.88743,2.12111 1.07712,2.15134 1.21444,2.65254 0.8133,2.96854 -0.30021,0.23644 -0.7135,0.15256 -2.23237,-0.45311 -2.07242,-0.82633 -2.08268,-0.83245 -3.51923,-2.08438 -0.65078,-0.56715 -0.98602,-0.77767 -0.98602,-0.61913 0,0.0536 0.39873,0.97227 0.886,2.04136 0.48734,1.06912 0.88606,1.98901 0.88606,2.04421 0,0.27932 -1.04459,0.17773 -2.13704,-0.20785 -0.90747,-0.32029 -3.22866,-1.43641 -3.83342,-1.84326 -0.18842,-0.12678 -0.74361,-0.64088 -1.23365,-1.14244 -0.49004,-0.50157 -0.9303,-0.91196 -0.97831,-0.91196 -0.0478,0 -0.0873,0.0596 -0.0873,0.13251 0,0.2363 0.61954,1.37487 1.15667,2.12562 0.66962,0.9359 0.92951,1.40708 1.16459,2.11127 0.23656,0.70863 0.238,0.7992 0.0122,0.7992 -0.72162,0 -2.61731,-0.94113 -4.73332,-2.34983 -1.6597,-1.10489 -2.08455,-1.46582 -2.8855,-2.45115 -1.820216,-2.23912 -3.022757,-4.71721 -3.897624,-8.03194 -0.487338,-1.8464 -0.506743,-1.95626 -0.555469,-3.14564 l -0.04494,-1.1004 -0.40615,-0.12676 c -0.2233,-0.0697 -0.704859,-0.21773 -1.069988,-0.32891 -1.632162,-0.49697 -2.102377,-0.99871 -2.333811,-2.49017 -0.142541,-0.91878 0.01713,-1.54058 0.468147,-1.81912 0.285083,-0.17618 1.3296,-0.48891 1.8835,-0.56389 0.272455,-0.0369 0.387672,-0.0854 0.387672,-0.1635 0,-0.0611 -0.419633,-0.72353 -0.932511,-1.47218 -0.784548,-1.14532 -0.995649,-1.40311 -1.3311,-1.62577 -0.477135,-0.31672 -0.762218,-0.65434 -1.299851,-1.53967 -0.873725,-1.4386 -1.221803,-2.27153 -1.833632,-4.38797 -0.239852,-0.82958 -0.436043,-1.53564 -0.436043,-1.56904 0,-0.0334 0.05351,-0.0607 0.1185,-0.0607 0.130342,0 2.326035,1.29909 2.40287,1.42164 0.0264,0.042 0.159236,0.11472 0.295355,0.16162 0.136121,0.0469 1.559965,0.86379 3.16409,1.8153 1.604054,0.95149 3.797035,2.17925 4.873235,2.72835 1.40415,0.71646 1.9569,1.03405 1.95755,1.12474 4.3e-4,0.0695 0.0335,0.15906 0.0739,0.19901 0.04,0.04 0.88043,0.14358 1.86738,0.23032 l 1.79446,0.15769 0.9375,-0.19826 c 0.51567,-0.10904 1.303,-0.29091 1.74974,-0.40417 1.82108,-0.46165 4.91789,-0.80829 7.27296,-0.81406 1.48926,-0.004 1.73861,-0.062 2.51046,-0.58697 0.58921,-0.40078 1.85574,-1.61985 2.45302,-2.36114 0.26311,-0.32647 0.58608,-0.85519 0.79468,-1.30082 0.19333,-0.41293 0.48405,-0.94624 0.646,-1.18513 0.40607,-0.59886 0.68417,-1.16751 0.68417,-1.39906 0,-0.34658 -0.23101,-0.69576 -0.99052,-1.49727 -0.41007,-0.43276 -1.03723,-1.10853 -1.39373,-1.50173 -0.3565,-0.3932 -0.84683,-0.87499 -1.08968,-1.07064 -0.38767,-0.31241 -0.43619,-0.37997 -0.39851,-0.55475 0.0378,-0.17673 0.007,-0.21714 -0.27588,-0.36083 -0.60848,-0.30886 -0.98937,-0.61946 -2.12786,-1.73524 -1.69008,-1.65639 -2.05372,-1.95411 -3.01412,-2.46753 l -0.86096,-0.46024 -0.34322,0.19295 c -0.18884,0.10613 -0.60441,0.24276 -0.92367,0.30362 -0.7411,0.14133 -6.05301,2.01269 -6.9303,2.44151 -0.72234,0.35306 -0.97083,0.5436 -1.25484,0.9621 -0.22109,0.32584 -0.23271,0.60284 -0.0722,1.7193 0.42655,2.96451 1.88228,5.9265 4.25055,8.6484 0.75502,0.86774 1.20854,1.47837 1.44682,1.94789 0.15645,0.30847 0.16794,0.37526 0.0797,0.46351 -0.0881,0.0882 -0.26845,0.0672 -1.25076,-0.14602 l -1.14768,-0.24913 -1.80117,-0.94475 c -0.99059,-0.51961 -2.46566,-1.30949 -3.27781,-1.75528 -0.81222,-0.4458 -1.68459,-0.9246 -1.93857,-1.06399 -0.637803,-0.35002 -1.358429,-0.95046 -2.52858,-2.1069 -1.072199,-1.0596 -1.48156,-1.63999 -1.623459,-2.30143 -0.0478,-0.22429 -0.159878,-0.45923 -0.276451,-0.58085 -0.107583,-0.11234 -0.28073,-0.36155 -0.384676,-0.55382 -0.279731,-0.51753 -0.466006,-0.58025 -1.168582,-0.39344 -0.314047,0.0835 -1.235501,0.30864 -2.047658,0.50032 l -1.47678,0.34853 -1.550547,10e-4 c -2.059002,0.002 -2.686098,-0.13305 -3.605697,-0.77887 -0.39074,-0.27442 -0.538061,-0.34206 -0.611757,-0.28092 -0.209033,0.1735 -0.998146,2.39173 -1.350219,3.79538 -0.191269,0.76259 -0.743884,4.55839 -0.750376,5.15418 -0.0072,0.68098 -0.09053,0.41373 -0.511522,-1.64548 -0.429907,-2.10276 -0.44389,-2.39218 -0.218591,-4.51976 0.181422,-1.71279 0.293572,-2.29023 0.64222,-3.30466 0.145823,-0.42435 0.265179,-0.91038 0.265179,-1.08007 0,-0.42088 -0.25512,-0.83165 -1.04402,-1.68112 -0.357066,-0.38456 -0.781694,-0.89332 -0.943569,-1.1306 -0.376614,-0.55208 -0.894843,-0.91162 -1.312693,-0.91062 -0.171007,7.1e-4 -0.483414,0.0835 -0.709853,0.18895 -0.892845,0.41559 -2.523224,2.42043 -3.019551,3.71305 -0.238139,0.62039 -0.463651,1.60634 -0.601841,2.63184 -0.113719,0.8444 -0.177,0.97164 -0.291717,0.58666 -0.155597,-0.52252 -0.182422,-2.27776 -0.04566,-3.00186 0.222158,-1.17757 0.753158,-2.48206 1.401799,-3.44381 0.146607,-0.21728 0.266462,-0.41873 0.266462,-0.44766 0,-0.10464 0.425841,-0.44025 1.455662,-1.14727 0.5773,-0.3963 1.087395,-0.76612 1.133625,-0.8218 0.06564,-0.0788 0.03424,-0.16413 -0.140187,-0.38439 -0.33388,-0.42156 -0.868803,-1.53725 -0.998716,-2.08315 -0.06278,-0.26397 -0.170294,-0.79012 -0.238925,-1.16924 -0.08183,-0.45241 -0.162232,-0.70372 -0.234073,-0.73129 -0.16423,-0.063 -0.943998,0.34983 -1.613115,0.85407 -1.004281,0.7567 -1.974603,1.88377 -2.793895,3.24511 -0.200971,0.33393 -0.396591,0.60716 -0.434758,0.60716 -0.243776,0 0.302062,-1.88749 0.878576,-3.03798 0.738176,-1.47311 1.381039,-2.28294 2.51816,-3.17217 1.027896,-0.80383 1.523294,-1.26528 1.851254,-1.72445 0.406221,-0.56883 0.381251,-0.55988 1.111579,-0.3993 1.064494,0.23405 1.581367,0.24987 2.393168,0.0733 2.190342,-0.4765 4.049872,-1.66485 5.335812,-3.40998 0.597204,-0.81037 0.672898,-0.993 1.528788,-3.68747 0.122565,-0.3858 0.386674,-1.04324 0.58693,-1.46098 0.639225,-1.33362 1.340161,-3.81665 1.116432,-3.95494 -0.03496,-0.0214 -0.426626,0.0591 -0.871157,0.17902 -0.444462,0.11986 -1.721912,0.38412 -2.838699,0.58724 -3.106589,0.56501 -4.488412,0.92869 -5.933801,1.56172 -0.991511,0.43422 -1.555541,0.87062 -1.975603,1.52849 -0.292288,0.45782 -0.34023,0.86923 -0.145752,1.25049 0.165443,0.3243 0.615182,0.64104 1.027254,0.72346 l 0.234929,0.0471 v -0.58146 c 0,-0.94232 0.350075,-1.47755 1.216667,-1.87436 0.55447,-0.25386 1.166869,-0.39157 2.621248,-0.58938 0.69423,-0.0944 1.551118,-0.27224 2.178215,-0.45193 1.446958,-0.4147 2.081617,-0.41224 2.215169,0.009 0.06492,0.20548 -0.66134,1.972 -1.609404,3.9131 -1.160735,2.3766 -1.692875,3.1555 -2.644863,3.87111 -0.727475,0.54683 -1.634588,0.93152 -2.536352,1.07558 -0.59649,0.0953 -1.69801,-0.0501 -2.409291,-0.31813 -1.397946,-0.52665 -3.38211,-1.73456 -4.070346,-2.47798 -2.292576,-2.4762 -3.232222,-5.59821 -2.524438,-8.38724 0.233574,-0.92051 1.179498,-2.57839 2.1195,-3.71474 1.186133,-1.43399 2.936509,-2.53952 5.146899,-3.25086 1.113148,-0.3582 2.045446,-0.56976 4.432051,-1.00575 2.926092,-0.53455 3.117788,-0.54724 6.794827,-0.45007 2.558039,0.0676 3.094103,0.0157 4.629526,-0.44908 1.98766,-0.60155 3.600417,-1.32064 5.168723,-2.3045 2.7297,-1.71255 3.39838,-1.85633 4.52252,-0.97238 0.31241,0.24569 0.88543,0.58055 1.91974,1.12186 0.42641,0.22317 1.0157,0.56145 1.30962,0.75176 1.15924,0.75065 1.58773,0.8399 2.68632,0.5594 0.85026,-0.2171 2.87059,-1.06101 4.86452,-2.032 0.95435,-0.46474 1.8412,-0.86546 1.9709,-0.89049 0.40023,-0.0773 0.9674,0.1142 2.34851,0.79282 2.09374,1.02873 3.4065,1.29353 6.05465,1.22128 2.96491,-0.0809 4.77299,-0.45828 6.63074,-1.38401 1.40102,-0.69813 1.92067,-1.11684 4.0941,-3.29834 1.10659,-1.11077 2.01206,-2.0567 2.01206,-2.10205 0,-0.0454 0.0221,-0.0605 0.0486,-0.0336 0.0271,0.0269 0.15147,-0.0291 0.27688,-0.12443 0.55697,-0.42331 0.83356,-0.49967 2.48007,-0.6846 1.37134,-0.15402 3.76408,-0.17152 5.09475,-0.0372 0.50759,0.0512 1.587,0.2061 2.39859,0.34418 0.81165,0.13808 1.50253,0.22421 1.53535,0.1914 0.0861,-0.0861 -0.54969,-0.76617 -0.96669,-1.03379 -0.44924,-0.28827 -0.98887,-0.40098 -2.85653,-0.59671 -2.24506,-0.23526 -3.19227,-0.29467 -4.72748,-0.29651 -1.67897,-0.002 -2.32218,0.0689 -3.68995,0.40624 -0.70344,0.17354 -1.70608,0.33592 -3.13806,0.50821 -1.59827,0.1923 -2.7147,0.37979 -4.64243,0.77959 -1.39588,0.28952 -3.14026,0.63955 -3.87644,0.77785 -1.06121,0.19939 -1.72826,0.38259 -3.22116,0.88466 -1.0356,0.34825 -2.7339,0.89821 -3.774,1.22211 -1.24363,0.38727 -2.35528,0.79186 -3.24655,1.18157 -0.74546,0.32595 -2.177,0.9077 -3.18129,1.29278 -1.00421,0.38508 -1.97503,0.76406 -2.15731,0.8422 -0.18228,0.0782 -0.52979,0.1811 -0.77221,0.22879 -0.83862,0.16499 -1.39488,-0.16899 -2.41443,-1.44966 -0.38389,-0.48217 -0.81929,-0.90592 -1.47057,-1.43111 -1.26475,-1.01981 -1.72912,-1.68295 -1.96661,-2.80827 -0.12364,-0.58604 -0.0443,-1.84149 0.15488,-2.43662 0.22266,-0.6666 0.58173,-1.40425 0.70707,-1.45234 0.0578,-0.0221 0.10473,-0.0972 0.10473,-0.16683 0,-0.0696 0.16852,-0.37125 0.37447,-0.67022 1.42699,-2.07136 4.70045,-5.31464 7.12002,-7.05428 1.41192,-1.01518 4.58108,-2.31639 6.37141,-2.61602 0.49511,-0.0829 0.60783,-0.0751 1.40294,0.0966 0.61653,0.13316 1.39416,0.22161 2.71049,0.30829 l 1.84591,0.12157 1.51366,0.51037 c 0.83249,0.28071 1.79611,0.57692 2.14126,0.65825 0.65299,0.15383 1.18142,0.19307 1.18142,0.0877 0,-0.27488 -1.14932,-1.53982 -2.16173,-2.37926 -0.82214,-0.68165 -1.25605,-0.92891 -2.01006,-1.14549 -0.75331,-0.21637 -0.94486,-0.34103 -0.77264,-0.50287 0.0592,-0.0558 0.56403,-0.3044 1.12128,-0.55229 1.97475,-0.87841 2.4745,-0.9801 3.9348,-0.80053 3.26775,0.40183 6.61354,1.71531 8.61434,3.38176 0.46879,0.39043 0.53477,0.37739 0.47891,-0.0946 -0.0542,-0.46043 -0.45145,-1.32199 -0.89234,-1.93689 -0.58736,-0.81921 -1.76886,-1.85902 -3.00664,-2.64607 -0.22901,-0.14563 -0.43797,-0.29963 -0.46422,-0.34222 -0.0635,-0.10298 0.19733,-0.60461 0.48512,-0.93239 0.65721,-0.74849 1.88,-1.06405 3.55419,-0.9172 3.14091,0.2755 7.05801,1.7763 9.18978,3.52097 0.27024,0.22119 0.31947,0.23905 0.36106,0.13082 0.0649,-0.16929 -0.14946,-0.91443 -0.41392,-1.43823 -0.3159,-0.6259 -1.03974,-1.55226 -1.64779,-2.10884 -0.29264,-0.2679 -1.0065,-0.80297 -1.58629,-1.18903 -1.42898,-0.95153 -1.70943,-1.38551 -1.10031,-1.70265 0.34102,-0.17759 1.43419,-0.20214 3.29893,-0.0741 1.19305,0.0819 2.00949,0.0938 3.2858,0.0479 4.22772,-0.15202 6.81837,-0.2304 8.02298,-0.24274 1.29735,-0.0133 1.30491,-0.0125 1.50118,0.17125 0.34308,0.32099 0.29392,0.4977 -0.99601,3.58113 -0.83984,2.00764 -1.09831,2.83385 -1.28494,4.10802 -0.29671,2.02551 -0.33666,4.92801 -0.0821,5.96617 0.15574,0.63536 0.73346,2.49885 0.97417,3.1426 0.52893,1.41431 1.08968,2.21339 3.07634,4.38363 1.1342,1.23901 1.70222,1.65266 3.23693,2.35728 1.03581,0.47553 2.0458,0.79633 3.27439,1.03997 3.13683,0.62206 5.5917,0.24228 7.30042,-1.12942 0.59071,-0.47423 0.91661,-0.88613 1.52629,-1.9292 0.24178,-0.41357 0.68596,-1.07296 0.98709,-1.46531 0.7685,-1.0013 0.81851,-1.17528 0.80831,-2.81394 -0.009,-1.50963 -0.22722,-3.4249 -0.46958,-4.12897 -0.53606,-1.55743 -2.60006,-3.77001 -4.09896,-4.39398 -1.17421,-0.48885 -3.56203,-0.95394 -4.3575,-0.84875 -0.50431,0.0667 -1.07847,0.29022 -1.72069,0.66987 -1.45766,0.86176 -2.33195,1.83262 -2.80004,3.10931 -0.36854,1.0053 -0.28807,2.65931 0.17644,3.62389 0.36762,0.7636 1.50254,1.76799 2.38467,2.11042 0.18107,0.0703 0.54656,0.14466 0.81216,0.16524 0.4501,0.0349 0.5101,0.0207 0.88215,-0.20864 0.5758,-0.35489 0.85232,-0.8662 0.85075,-1.57309 0,-0.69297 -0.22266,-1.1519 -0.938,-1.94681 -0.68046,-0.75618 -0.9699,-1.25616 -0.9032,-1.56002 0.0571,-0.25886 0.54363,-0.71874 0.82935,-0.78359 0.5935,-0.13468 1.06179,-0.26284 1.45324,-0.39769 0.52416,-0.18059 0.96868,-0.18927 1.72206,-0.0337 2.0473,0.42289 3.53299,1.7646 3.91032,3.53139 0.23693,1.10947 0.015,2.37402 -0.7264,4.13782 -0.80952,1.92586 -1.28715,2.67733 -1.9009,2.99042 -0.33931,0.17313 -3.02034,0.50446 -4.61406,0.57021 -1.3358,0.0551 -1.35057,0.0516 -3.01148,-0.7125 -3.61675,-1.66392 -5.27282,-3.94153 -6.20198,-8.52957 -0.29621,-1.46259 -0.29892,-1.49126 -0.28701,-2.99041 0.009,-1.16424 0.0364,-1.55061 0.11651,-1.6738 0.0755,-0.11569 0.0927,-0.28992 0.0621,-0.62761 -0.0556,-0.61756 0.083,-1.18565 0.64237,-2.63165 0.52343,-1.35296 1.18384,-2.72184 1.68495,-3.49244 0.73311,-1.12725 1.02676,-1.59398 1.31897,-2.09626 0.16537,-0.28427 0.39496,-0.60642 0.51024,-0.71591 0.29864,-0.28369 0.91404,-0.53618 2.116,-0.86812 0.57588,-0.15903 1.35579,-0.40708 1.73319,-0.55123 0.85925,-0.32815 1.38668,-0.46502 2.0458,-0.53081 0.46087,-0.0461 0.55254,-0.0829 0.84662,-0.34055 0.49904,-0.43727 1.16066,-0.71822 3.58358,-1.52181 2.29992,-0.76282 4.08233,-1.44003 4.95577,-1.88298 0.27952,-0.14172 1.3311,-0.80677 2.33695,-1.47789 1.04023,-0.69407 2.21817,-1.41324 2.7319,-1.66792 0.88022,-0.43632 1.78412,-0.72949 1.99715,-0.64774 0.10908,0.0419 0.21917,0.45144 1.3139,4.8887 0.51332,2.08069 0.59692,2.51618 0.69987,3.64766 0.10559,1.16018 0.1359,1.31351 0.31226,1.57998 0.18785,0.28389 0.19569,0.33753 0.2069,1.41017 0.007,0.61329 0.035,2.32784 0.0628,3.81012 0.0499,2.61166 0.045,2.74416 -0.14039,4.28255 -0.46972,3.89217 -1.22609,7.10071 -2.60192,11.03855 -0.64786,1.85423 -1.15567,3.03274 -2.52829,5.86815 -1.56411,3.23097 -2.24606,4.38872 -4.16673,7.07389 -0.64714,0.90471 -1.15631,1.66524 -1.13148,1.69006 0.0755,0.0755 0.83798,-0.42317 1.55211,-1.015 1.08647,-0.9004 1.86917,-1.77739 3.28709,-3.68311 1.89755,-2.55032 2.87593,-4.26604 3.5437,-6.21448 0.20004,-0.58372 0.51402,-1.34373 0.69758,-1.68892 0.21132,-0.39732 0.49783,-1.15598 0.7807,-2.06744 0.76079,-2.45148 0.98587,-3.60732 1.15752,-5.94388 0.12135,-1.65203 0.22387,-2.21505 0.51116,-2.80722 0.18128,-0.37365 0.43605,-0.70003 0.54648,-0.70003 0.0592,0 0.82757,1.6195 1.10324,2.32587 0.1984,0.50842 0.70707,1.53947 0.88228,1.78823 0.56147,0.79731 1.31098,2.18003 1.97639,3.64611 0.76922,1.69477 0.78676,1.746 1.44382,4.21675 0.54926,2.06555 0.6831,2.67741 0.76828,3.51336 0.0563,0.55673 0.19569,1.90936 0.30877,3.00584 0.40951,3.96841 0.19569,6.44309 -0.9024,10.44793 -0.33353,1.21631 -1.52016,5.03703 -2.32297,7.47969 -0.17429,0.53036 -0.10837,0.57683 0.45053,0.31733 0.73189,-0.33982 2.42513,-1.33675 3.21588,-1.89336 1.28194,-0.90239 1.98866,-1.8126 3.15061,-4.05773 1.18627,-2.29218 2.04794,-4.42353 2.2987,-5.68545 0.0685,-0.34519 0.23593,-1.00973 0.37184,-1.47675 0.32646,-1.12136 0.74131,-4.5618 0.66783,-5.53777 -0.11286,-1.49911 -0.28729,-2.41526 -0.92787,-4.87324 -0.19584,-0.75129 -0.41122,-1.71486 -0.47864,-2.14127 -0.0671,-0.42641 -0.23407,-1.20724 -0.37026,-1.73517 -0.13619,-0.52793 -0.28572,-1.2211 -0.33238,-1.5404 -0.0464,-0.31927 -0.19755,-0.93397 -0.33545,-1.36598 -0.27795,-0.87055 -0.28323,-0.89621 -0.18349,-0.89621 0.14061,0 2.4065,3.12875 2.75394,3.80259 0.0628,0.12184 0.41949,1.00233 0.79275,1.95668 1.92702,4.92767 2.04588,5.45973 2.16074,9.67264 0.0997,3.65586 0.10637,4.81385 0.0385,6.74332 -0.0599,1.71417 -0.0435,1.76357 0.36492,1.08654 0.15488,-0.25682 0.28993,-0.6386 0.38995,-1.10251 0.0841,-0.39029 0.3515,-1.54111 0.59422,-2.55737 0.54426,-2.27967 0.64656,-2.84363 0.73588,-4.0571 0.0542,-0.74 0.0457,-1.18487 -0.0385,-1.95667 -0.10702,-0.97689 -0.0782,-1.62622 0.0733,-1.6515 0.0393,-0.006 0.16658,0.22062 0.28244,0.5049 0.11586,0.28427 0.39024,0.93481 0.60976,1.44563 0.58522,1.36169 1.08097,3.27379 1.39602,5.38429 0.0635,0.4264 0.15395,1.02449 0.20061,1.32907 0.11885,0.77509 0.11822,4.7056 0,6.31305 l -0.0985,1.32907 -1.07042,3.76569 c -0.58878,2.07111 -1.22087,4.23086 -1.40472,4.79939 -0.80303,2.48274 -1.88543,4.90208 -2.85618,6.3836 -1.15438,1.76188 -3.16551,4.23098 -4.69686,5.76635 -0.84691,0.84915 -1.0817,1.04113 -1.5517,1.26873 -0.30456,0.14749 -0.67967,0.29097 -0.83363,0.31883 -0.23265,0.0421 -0.30606,0.10211 -0.4349,0.35567 -0.21146,0.41596 -1.11864,1.30191 -2.05415,2.00604 -0.42634,0.32096 -1.37334,1.08511 -2.1043,1.69812 -1.25192,1.04986 -1.43084,1.17146 -3.08234,2.09491 -0.96433,0.5392 -2.07741,1.105 -2.47357,1.25734 -0.39616,0.15234 -1.17735,0.50601 -1.73611,0.78593 -1.03566,0.51892 -1.23693,0.6997 -0.98451,0.88431 0.1964,0.14356 1.15567,0.25422 2.20397,0.25422 0.53506,0 1.43875,0.038 2.00813,0.0843 1.15046,0.0937 1.74439,0.044 3.32604,-0.27824 0.48733,-0.0993 1.34929,-0.24863 1.91538,-0.33188 1.12913,-0.16603 2.62275,-0.58303 4.23151,-1.18141 1.28024,-0.47617 1.44911,-0.56269 3.03482,-1.55459 0.71677,-0.44833 1.652,-1.03188 2.07841,-1.2968 0.94771,-0.58876 2.1546,-1.45835 2.82857,-2.03789 0.70044,-0.60237 3.68317,-3.8088 4.57751,-4.92091 1.62553,-2.02133 2.58358,-3.72359 3.80967,-6.76908 0.42955,-1.06688 0.45452,-1.16389 0.53178,-2.06744 0.0443,-0.52141 0.0974,-2.54331 0.11721,-4.49312 0.0343,-3.34429 0.0271,-3.59315 -0.11585,-4.3933 -0.0836,-0.46651 -0.18806,-1.34505 -0.23222,-1.9523 -0.0944,-1.29927 -0.14961,-1.58112 -0.73397,-3.74918 -0.2437,-0.9044 -0.51016,-1.96002 -0.59213,-2.34582 -0.18999,-0.89475 -0.27225,-1.77208 -0.16609,-1.77208 0.15696,0 0.49369,0.49832 0.84804,1.25522 0.19962,0.4264 0.75751,1.48966 1.23964,2.36278 0.54869,0.99359 0.99215,1.90419 1.18549,2.43401 0.1698,0.46558 0.68046,1.57867 1.13469,2.47354 0.45424,0.89486 0.89805,1.85159 0.98631,2.12606 0.33724,1.04929 0.77812,3.96427 1.01341,6.70006 0.14718,1.71056 0.11614,4.0362 -0.0671,5.02601 -0.14854,0.80301 -1.79025,6.28399 -2.18042,7.2796 -0.40516,1.03374 -0.58779,1.3749 -1.12093,2.09396 -0.25362,0.34202 -0.66149,1.00495 -0.90648,1.47318 -0.24498,0.46823 -0.78796,1.34246 -1.2066,1.94272 -0.41863,0.60028 -0.76115,1.12585 -0.76115,1.16792 0,0.20965 1.00065,-0.33891 1.80902,-0.99172 0.32489,-0.26237 1.23829,-1.15044 2.02983,-1.97349 1.27972,-1.33069 1.45259,-1.53984 1.56031,-1.88802 0.0699,-0.22671 0.33802,-0.69568 0.63631,-1.11393 0.28337,-0.3973 0.92694,-1.40351 1.43011,-2.23602 1.02348,-1.69317 1.01692,-1.69068 0.88457,-0.33581 -0.0443,0.45296 -0.0804,1.2435 -0.0804,1.75676 0,0.51327 -0.0671,1.50831 -0.14967,2.2112 -0.0823,0.7029 -0.18335,1.691 -0.22459,2.19577 -0.16009,1.96266 -0.65598,4.35881 -1.27702,6.17058 -0.53578,1.56308 -1.05379,2.6334 -2.33952,4.83345 -0.70807,1.21158 -1.00962,1.56059 -2.61675,3.02826 -3.01099,2.74968 -5.22737,4.34952 -7.08198,5.11187 -0.48912,0.20104 -1.25783,0.5618 -1.70829,0.80165 -0.65114,0.34674 -0.96846,0.46686 -1.54862,0.58624 -0.4013,0.0825 -1.3627,0.36787 -2.13647,0.634 -0.77378,0.26614 -1.88864,0.59952 -2.4775,0.74084 -0.58878,0.14133 -1.66868,0.44021 -2.39966,0.66419 -0.73097,0.22398 -1.77763,0.48657 -2.32589,0.58353 -0.54819,0.097 -1.89391,0.36051 -2.99037,0.58566 l -1.99358,0.40936 -1.88286,-0.004 c -2.66541,-0.004 -7.49976,-0.19366 -8.38047,-0.32783 -1.04032,-0.15847 -3.65493,-0.239 -3.65493,-0.11256 0,0.14876 1.33188,1.68864 2.05943,2.38096 0.84555,0.80468 1.4837,1.2277 3.01577,1.99927 2.88928,1.45504 6.54313,2.68189 9.69217,3.25432 1.3958,0.25373 2.46358,0.38147 4.76251,0.56977 1.80545,0.14787 2.1225,0.15511 3.35957,0.0768 2.63302,-0.16674 4.19975,-0.50849 7.04073,-1.53581 2.70786,-0.97918 3.48792,-1.46279 5.33275,-3.30617 1.14069,-1.13977 2.92381,-3.13997 3.87152,-4.34291 1.40387,-1.78186 2.35942,-3.08867 2.94599,-4.02901 0.36535,-0.58574 1.81302,-3.65083 2.46487,-5.21894 0.23643,-0.56864 0.39324,-0.82747 0.68217,-1.12601 0.20633,-0.21321 0.42905,-0.38764 0.4949,-0.38764 0.0772,0 0.17258,0.1413 0.26846,0.39754 0.4613,1.23294 0.55112,2.12318 0.50503,5.00736 -0.0328,2.04813 -0.0585,2.42867 -0.22337,3.34479 -0.10259,0.56853 -0.25719,1.49888 -0.34358,2.06742 -0.41828,2.7531 -0.32811,2.60401 -5.06735,8.38049 -1.78555,2.17643 -2.25655,2.70497 -2.77535,3.11479 -0.34365,0.27148 -0.67197,0.55039 -0.72962,0.61982 -0.0952,0.11481 -0.0881,0.12116 0.0793,0.0702 0.39781,-0.12106 2.53443,-1.25566 3.25827,-1.73019 0.4374,-0.28679 1.23486,-0.93137 1.86138,-1.50454 1.39852,-1.27956 2.33731,-1.92125 2.33731,-1.59764 0,0.21471 -0.34366,1.3806 -0.67133,2.27732 -0.72826,1.9932 -1.12978,2.93741 -1.60377,3.77115 -0.26547,0.46701 -0.59007,1.11049 -0.72126,1.42995 -0.20968,0.51068 -0.27724,0.60266 -0.55926,0.76163 -0.47242,0.26627 -0.86566,0.67558 -1.79632,1.86945 -0.95826,1.22931 -1.33987,1.61977 -2.23685,2.28895 -0.35379,0.26396 -0.75973,0.63871 -0.90205,0.83278 -0.20853,0.28429 -0.63901,0.6016 -2.21552,1.63319 -1.74347,1.14083 -2.09904,1.34186 -3.26341,1.84488 -2.49418,1.0775 -3.71378,1.52211 -4.17943,1.52372 -0.27638,7.2e-4 -0.63615,0.0777 -1.04836,0.22359 -0.95185,0.33689 -1.73362,0.42982 -4.31948,0.51353 -1.29957,0.0421 -3.0772,0.12929 -3.95028,0.19384 -1.13563,0.0839 -3.32147,0.13336 -7.67904,0.17361 -6.7287,0.0621 -6.17058,0.0264 -9.83514,0.62901 -1.10865,0.18229 -2.69686,0.39932 -3.52936,0.4823 -0.83249,0.0829 -1.86252,0.2155 -2.28893,0.29449 -0.42641,0.0791 -1.35678,0.21177 -2.06742,0.29507 -1.46729,0.17195 -5.53065,1.08359 -10.48486,2.35235 -2.75487,0.70551 -2.86444,0.74044 -3.5442,1.12985 -0.38581,0.22102 -1.01712,0.57997 -1.40293,0.79768 -0.93772,0.52915 -2.35615,1.45622 -3.83949,2.50942 -0.67005,0.47578 -1.70008,1.17493 -2.28893,1.55368 -0.58887,0.37876 -1.60228,1.0732 -2.25206,1.5432 -0.69281,0.50118 -1.78662,1.19277 -2.64479,1.67233 -1.04502,0.58393 -1.96704,1.18171 -3.2248,2.09075 -2.09618,1.51494 -3.24578,2.46201 -4.70095,3.8728 -1.86194,1.80516 -3.18506,3.34836 -5.48747,6.40001 l -1.42057,1.88287 -1.02997,2.05715 c -1.25361,2.50375 -2.99572,6.47429 -3.2604,7.43091 -0.38153,1.37918 -0.4737,1.96454 -0.85995,5.46237 l -0.2975,2.69345 v 3.13969 c 0,2.8514 0.0165,3.29214 0.1835,4.80096 0.10102,0.91375 0.25183,2.29264 0.33509,3.06421 0.34272,3.17551 0.61989,4.61633 1.85125,9.62304 0.39623,1.61098 0.58757,2.10351 1.57958,4.06535 0.46437,0.91831 0.94864,1.96875 1.0762,2.33424 0.26838,0.76948 0.43147,1.05308 1.69765,2.95358 0.51409,0.7716 1.09461,1.6817 1.29015,2.0224 0.5427,0.9462 0.82657,1.7063 0.63716,1.7063 -0.0342,0 -0.40815,-0.2305 -0.83064,-0.5122 z m -1.66171,-119.33244 c -0.007,-0.35785 -0.11072,-0.79551 -0.43233,-1.80173 -0.23364,-0.73099 -0.55711,-1.7444 -0.71884,-2.25202 -0.74624,-2.34252 -1.53093,-3.8253 -2.21017,-4.17657 -0.41222,-0.21316 -0.46137,-0.16998 -0.82985,0.73015 -0.18827,0.45986 -0.34231,0.86689 -0.34223,0.9045 7e-5,0.0376 0.12827,0.18891 0.28487,0.33623 0.15653,0.14733 0.47428,0.55881 0.70607,0.91439 0.23179,0.35558 0.66384,0.96658 0.96005,1.35775 0.70614,0.93241 0.93572,1.35114 1.33266,2.43046 0.18129,0.49306 0.40159,1.03838 0.48949,1.21183 0.21837,0.43096 0.58272,0.88183 0.68424,0.84664 0.0513,-0.0178 0.0806,-0.20997 0.0761,-0.50163 z m 32.41946,-4.20286 c 2.05279,-0.43465 5.26882,-2.0985 6.71935,-3.47639 1.40985,-1.33923 2.18434,-2.79912 3.36463,-6.34249 0.57551,-1.72769 0.69786,-2.83545 0.63936,-5.78938 -0.0443,-2.24439 -0.1807,-3.63606 -0.50046,-5.11188 -0.32389,-1.495 -1.62973,-4.92788 -2.31269,-6.07977 -0.16637,-0.28069 -0.83649,-1.11853 -1.48898,-1.86187 -0.65256,-0.74332 -1.72091,-1.99943 -2.37412,-2.79134 -1.26547,-1.53417 -1.66185,-1.90692 -3.2029,-3.01187 -1.30692,-0.93707 -2.89413,-1.8761 -5.12429,-3.03162 -2.4608,-1.27502 -2.91139,-1.48461 -3.98723,-1.85476 -2.15303,-0.74079 -6.53742,-1.85 -7.3983,-1.87173 -0.58586,-0.0148 -0.85447,0.10472 -0.53193,0.23666 0.0975,0.0399 0.74224,0.29398 1.43262,0.56462 2.30413,0.90327 5.71135,2.8043 7.33481,4.09247 0.43297,0.34355 1.35208,1.05444 2.04246,1.57979 4.1889,3.18753 6.02475,5.32606 7.64714,8.90806 0.76922,1.69833 0.944,2.25061 1.06857,3.37641 0.0621,0.55929 0.22615,1.69802 0.36512,2.53054 0.47328,2.83591 0.51188,3.2249 0.51195,5.16859 0,1.93541 -0.0642,2.51696 -0.44539,4.02028 -0.37047,1.46143 -0.84697,2.49686 -1.56495,3.40033 -0.84106,1.05837 -2.97904,3.07381 -4.02142,3.79102 -0.39045,0.26861 -4.04794,1.96161 -4.50196,2.08385 -0.17129,0.0462 -0.67846,0.10906 -1.12699,0.13984 -0.52536,0.036 -0.90169,0.10048 -1.05743,0.18103 -0.2345,0.12128 -0.36877,0.30275 -0.28551,0.38598 0.0606,0.0603 2.20304,0.58913 2.9492,0.72776 1.58002,0.29356 4.54628,0.31177 5.84934,0.0359 z m -15.90749,-3.87977 c 0.73654,-0.13972 1.69715,-0.47374 2.44832,-0.85131 0.31212,-0.15687 1.45844,-0.88089 2.54741,-1.60894 2.94392,-1.96822 3.43769,-2.56229 4.30321,-5.17712 1.61069,-4.86638 1.59277,-8.59607 -0.0578,-12.0419 -1.02068,-2.13071 -2.98793,-4.62966 -5.27888,-6.7056 -0.55589,-0.50374 -1.01077,-0.94399 -1.01077,-0.97835 0,-0.0344 -0.0506,-0.0624 -0.11264,-0.0624 -0.13648,0 -1.54535,-1.01221 -2.36143,-1.69654 -0.32517,-0.2727 -0.75715,-0.56905 -0.9599,-0.65858 -0.20276,-0.0895 -0.57445,-0.29671 -0.826,-0.46042 -0.45444,-0.29572 -2.645,-1.31403 -3.86161,-1.79512 -1.3679,-0.54091 -4.4528,-1.39398 -6.38738,-1.76626 -1.39296,-0.26808 -2.21753,-0.34224 -3.8051,-0.34224 -1.30413,0 -1.40937,0.01 -1.38661,0.12921 0.0443,0.23136 0.68603,0.57896 1.72163,0.93214 1.61368,0.55033 3.97318,1.68221 5.83064,2.79704 0.6104,0.36636 1.65806,0.9727 2.3281,1.34741 1.31291,0.7342 2.7882,1.61407 3.32076,1.98047 0.18206,0.12525 0.71385,0.5626 1.18171,0.97189 0.46793,0.4093 1.2868,1.11571 1.81979,1.56979 1.62018,1.3804 2.1633,2.05897 3.66834,4.58319 0.70157,1.17666 1.12228,2.08336 1.42812,3.07747 l 0.20447,0.66453 0.0285,2.84273 c 0.0314,3.15048 0.009,3.41036 -0.4055,4.61481 -0.72042,2.09633 -2.39196,4.63479 -3.84248,5.8352 -0.71606,0.59263 -2.65536,1.80531 -3.57203,2.2337 -0.74759,0.3494 -0.94749,0.4881 -0.84747,0.5881 0.0831,0.083 1.47314,0.15438 2.38497,0.12232 0.49596,-0.0174 1.17093,-0.0827 1.49989,-0.14516 z m -20.35958,-3.37328 c 0.58907,-1.37788 0.50838,-2.78923 -0.25084,-4.38849 -0.23778,-0.5008 -0.36941,-0.6743 -0.76813,-1.01258 -1.35422,-1.14887 -3.33446,-1.84385 -5.72221,-2.0083 -0.86894,-0.0598 -0.88464,-0.0407 -0.46828,0.57116 0.33943,0.4989 1.87472,2.34534 2.6007,3.1279 0.113,0.12184 0.61561,0.68668 1.11679,1.25523 1.20117,1.36264 2.91924,3.06423 3.09381,3.06423 0.10224,0 0.20489,-0.15696 0.39816,-0.60915 z m 6.70194,-6.09071 c -0.25119,-0.6235 -0.74374,-1.46411 -1.59028,-2.71435 -1.36956,-2.02257 -1.95527,-2.79941 -2.20968,-2.93084 -0.13312,-0.0688 -0.4862,-0.39588 -0.78462,-0.72693 -1.15674,-1.28313 -2.91532,-2.59175 -5.35065,-3.9816 -1.98966,-1.13551 -3.90119,-2.09352 -5.50083,-2.75686 -1.38033,-0.57237 -5.45866,-2.01508 -6.12849,-2.16794 -0.64101,-0.14628 -7.43298,-0.28694 -8.04824,-0.16667 -1.22059,0.2386 -2.75958,0.87702 -2.5703,1.06626 0.0157,0.0159 1.35649,0.12898 2.97931,0.25148 1.75066,0.13215 3.11572,0.26906 3.35671,0.33665 0.56246,0.15778 2.7807,0.65352 4.50403,1.0066 2.51075,0.51438 6.72428,2.02442 9.5619,3.42676 1.66691,0.8238 3.01164,1.67233 5.10225,3.2196 0.84868,0.62813 1.76549,1.29856 2.03738,1.48985 1.17229,0.82478 1.63259,1.32654 2.80467,3.05752 0.77427,1.14357 1.78041,2.24367 1.92224,2.10184 0.0656,-0.0654 0.045,-0.18773 -0.0854,-0.51137 z m -17.9224,-1.49967 c 0.78433,-0.26218 1.00956,-0.39067 1.00956,-0.57589 0,-0.19547 -0.16508,-0.32055 -2.03046,-1.53839 -2.18842,-1.4287 -2.59285,-1.66943 -3.92032,-2.33379 -3.48862,-1.74592 -7.64636,-3.33485 -9.69937,-3.70673 -0.587074,-0.10634 -1.500824,-0.30625 -2.030538,-0.44424 -1.070273,-0.27881 -2.248485,-0.51064 -2.305559,-0.45363 -0.01998,0.0204 -0.01427,0.10786 0.01284,0.19438 0.07333,0.23104 0.544267,0.54228 1.236427,0.81713 0.335522,0.13324 1.114934,0.48601 1.732042,0.78393 0.617108,0.29794 1.141328,0.5417 1.165018,0.5417 0.0236,0 1.61205,0.75359 3.52971,1.67465 3.84278,1.84568 5.81232,2.90465 8.7571,4.70847 1.16901,0.71603 1.33209,0.73735 2.54355,0.33241 z m 19.06523,-11.18809 c -0.0649,-0.15581 -0.245,-0.4509 -0.39973,-0.65578 -0.41514,-0.54964 -2.61091,-2.71538 -3.30642,-3.26115 -1.30741,-1.02599 -4.06035,-2.52099 -5.7396,-3.11691 -0.53943,-0.19143 -1.46095,-0.42121 -2.56611,-0.63987 -0.94835,-0.18763 -2.3067,-0.47134 -3.01848,-0.63047 -1.86738,-0.41746 -2.27752,-0.46334 -4.20668,-0.47053 -1.82578,-0.007 -2.04623,0.0188 -3.24885,0.37803 -0.92958,0.27764 -1.4767,0.57714 -1.4767,0.80834 0,0.0806 0.36135,0.0993 1.92316,0.0993 1.81145,0 2.0279,0.0151 3.7252,0.26063 l 1.80196,0.26063 3.05686,0.95445 c 2.33366,0.72865 3.28209,1.06099 4.00921,1.4048 0.52386,0.2477 1.7665,0.8032 2.76143,1.23446 1.85075,0.80218 1.98588,0.87718 5.51866,3.06377 0.63801,0.39491 1.18798,0.69001 1.22223,0.65579 0.0343,-0.0343 0.009,-0.18969 -0.0563,-0.3455 z"
-           id="path4149-1"
-           inkscape:connector-curvature="0" />
-      </g>
-    </g>
-  </g>
-</svg>
diff --git a/src/packages/plg_system_mokowaas/media/favicon_256.png b/src/packages/plg_system_mokowaas/media/favicon_256.png
deleted file mode 100644
index 3abb73d2..00000000
Binary files a/src/packages/plg_system_mokowaas/media/favicon_256.png and /dev/null differ
diff --git a/src/packages/plg_system_mokowaas/media/logo.png b/src/packages/plg_system_mokowaas/media/logo.png
deleted file mode 100644
index 4cf17316..00000000
Binary files a/src/packages/plg_system_mokowaas/media/logo.png and /dev/null differ
diff --git a/src/packages/plg_system_mokowaas/payload/index.html b/src/packages/plg_system_mokowaas/payload/index.html
deleted file mode 100644
index e69de29b..00000000
diff --git a/src/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.ini b/src/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.ini
deleted file mode 100644
index 62115221..00000000
--- a/src/packages/plg_system_mokowaas_monitor/language/en-GB/plg_system_mokowaas_monitor.ini
+++ /dev/null
@@ -1,11 +0,0 @@
-; MokoWaaS Health Monitor Plugin
-; Copyright (C) 2026 Moko Consulting. All rights reserved.
-; License: GPL-3.0-or-later
-
-PLG_SYSTEM_MOKOWAAS_MONITOR="System - MokoWaaS Monitor"
-PLG_SYSTEM_MOKOWAAS_MONITOR_DESC="Site health monitoring, Grafana heartbeat integration, and diagnostics."
-
-PLG_SYSTEM_MOKOWAAS_MONITOR_FIELDSET_BASIC="Monitoring"
-PLG_SYSTEM_MOKOWAAS_MONITOR_FIELDSET_BASIC_DESC="Configure health monitoring and heartbeat settings."
-PLG_SYSTEM_MOKOWAAS_MONITOR_HEARTBEAT_LABEL="Grafana Heartbeat"
-PLG_SYSTEM_MOKOWAAS_MONITOR_HEARTBEAT_DESC="Send heartbeat registration to the Grafana monitoring receiver when plugin settings are saved."
diff --git a/src/packages/plg_system_mokowaas_monitor/src/Extension/Monitor.php b/src/packages/plg_system_mokowaas_monitor/src/Extension/Monitor.php
deleted file mode 100644
index 34a20c08..00000000
--- a/src/packages/plg_system_mokowaas_monitor/src/Extension/Monitor.php
+++ /dev/null
@@ -1,135 +0,0 @@
-<?php
-/**
- * @package     MokoWaaS
- * @subpackage  plg_system_mokowaas_monitor
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
-namespace Moko\Plugin\System\MokoWaaSMonitor\Extension;
-
-defined('_JEXEC') or die;
-
-use Joomla\CMS\Factory;
-use Joomla\CMS\Log\Log;
-use Joomla\CMS\Plugin\CMSPlugin;
-use Joomla\CMS\Uri\Uri;
-use Joomla\Event\SubscriberInterface;
-use Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper;
-
-/**
- * MokoWaaS Health Monitor Plugin
- *
- * Provides Grafana heartbeat integration and site health diagnostics.
- * The detailed 14-check health endpoint remains in the core plugin's API
- * for now; this plugin handles the proactive monitoring side.
- *
- * @since  02.32.00
- */
-class Monitor extends CMSPlugin implements SubscriberInterface
-{
-	protected $autoloadLanguage = true;
-
-	private const HEARTBEAT_URL = 'https://bench.mokoconsulting.tech/api/waas-heartbeat';
-	private const HEARTBEAT_KEY = 'moko-waas-hb-2026-x9k4m';
-
-	public static function getSubscribedEvents(): array
-	{
-		return [
-			'onExtensionAfterSave' => 'onExtensionAfterSave',
-		];
-	}
-
-	/**
-	 * After saving this plugin or the core plugin, send heartbeat.
-	 */
-	public function onExtensionAfterSave($event): void
-	{
-		$context = $event->getArgument(0, '');
-		$table   = $event->getArgument(1);
-
-		if ($context !== 'com_plugins.plugin' || !$table)
-		{
-			return;
-		}
-
-		$element = $table->element ?? '';
-
-		// Trigger heartbeat when core or monitor plugin is saved
-		if (!\in_array($element, ['mokowaas', 'mokowaas_monitor'], true))
-		{
-			return;
-		}
-
-		if (!$this->params->get('heartbeat_enabled', 1))
-		{
-			return;
-		}
-
-		$this->sendHeartbeat();
-	}
-
-	/**
-	 * Send heartbeat registration to the Grafana monitoring receiver.
-	 */
-	private function sendHeartbeat(): void
-	{
-		$coreParams  = MokoWaaSHelper::getCoreParams();
-		$healthToken = $coreParams->get('health_api_token', '');
-
-		if (empty($healthToken))
-		{
-			return;
-		}
-
-		$app      = $this->getApplication();
-		$siteUrl  = rtrim(Uri::root(), '/');
-		$siteName = Factory::getConfig()->get('sitename', 'Joomla');
-
-		$payload = json_encode([
-			'site_url'     => $siteUrl,
-			'site_name'    => $siteName,
-			'health_token' => $healthToken,
-			'action'       => 'register',
-		], JSON_UNESCAPED_SLASHES);
-
-		$ch = curl_init(self::HEARTBEAT_URL . '/register');
-		curl_setopt($ch, CURLOPT_POST, true);
-		curl_setopt($ch, CURLOPT_HTTPHEADER, [
-			'Content-Type: application/json',
-			'X-MokoWaaS-Key: ' . self::HEARTBEAT_KEY,
-		]);
-		curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-		curl_setopt($ch, CURLOPT_TIMEOUT, 15);
-		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-
-		$response = curl_exec($ch);
-		$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
-		$error    = curl_error($ch);
-		curl_close($ch);
-
-		if ($error)
-		{
-			Log::add('Monitor heartbeat failed: ' . $error, Log::WARNING, 'mokowaas');
-		}
-		elseif ($code === 200)
-		{
-			$body = json_decode($response, true);
-			$app->enqueueMessage(
-				'Grafana heartbeat: ' . ($body['status'] ?? 'ok'),
-				'message'
-			);
-		}
-		else
-		{
-			$body = json_decode($response, true);
-			Log::add(
-				\sprintf('Monitor heartbeat HTTP %d: %s', $code, $body['error'] ?? 'Unknown'),
-				Log::WARNING,
-				'mokowaas'
-			);
-		}
-	}
-}
diff --git a/src/packages/tpl_mokoonyx b/src/packages/tpl_mokoonyx
deleted file mode 160000
index 16a7090f..00000000
--- a/src/packages/tpl_mokoonyx
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 16a7090f29e0d8622a8bc6a72a7858ebaf6fac64
diff --git a/src/script.php b/src/script.php
deleted file mode 100644
index eb04804c..00000000
--- a/src/script.php
+++ /dev/null
@@ -1,624 +0,0 @@
-<?php
-/**
- * @package     MokoWaaS
- * @subpackage  pkg_mokowaas
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
-defined('_JEXEC') or die;
-
-use Joomla\CMS\Factory;
-use Joomla\CMS\Installer\InstallerAdapter;
-use Joomla\CMS\Log\Log;
-
-/**
- * Package installation script for MokoWaaS.
- *
- * Handles migration from standalone plugin to package, enables plugins,
- * and triggers heartbeat registration on install/update.
- *
- * @since  2.2.0
- */
-class Pkg_MokowaasInstallerScript
-{
-	/**
-	 * Runs after package installation/update.
-	 *
-	 * @param   string            $type    Installation type
-	 * @param   InstallerAdapter  $parent  Parent installer
-	 *
-	 * @return  void
-	 *
-	 * @since   2.2.0
-	 */
-	public function postflight($type, $parent)
-	{
-		// Remove legacy extensions from before the package rewrite
-		$this->cleanupLegacyExtensions();
-
-		$this->enablePlugin('system', 'mokowaas');
-		$this->enablePlugin('system', 'mokowaas_firewall');
-		$this->enablePlugin('system', 'mokowaas_tenant');
-		$this->enablePlugin('system', 'mokowaas_devtools');
-		$this->enablePlugin('system', 'mokowaas_monitor');
-		$this->enablePlugin('webservices', 'mokowaas');
-		$this->enablePlugin('task', 'mokowaasdemo');
-		$this->enablePlugin('task', 'mokowaassync');
-
-		// Migrate params from core plugin to feature plugins (one-time)
-		$this->migrateFeatureParams();
-
-		// Set up cpanel module on the admin dashboard
-		$this->setupCpanelModule();
-
-		// Mark MokoWaaS extensions as protected (prevents disable/uninstall at framework level)
-		$this->protectExtensions();
-
-		// Clean up stale/duplicate update sites
-		$this->cleanupStaleUpdateSites();
-
-		// Trigger heartbeat registration
-		$this->sendHeartbeat();
-	}
-
-	/**
-	 * Remove legacy/stale extension entries and filesystem remnants.
-	 *
-	 * The old standalone plugin was named "mokowaasbrand" (plg_system_mokowaasbrand).
-	 * After the rewrite into the pkg_mokowaas package, the old entries and files
-	 * may linger — especially on sites restored from old backups.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.21.00
-	 */
-	private function cleanupLegacyExtensions(): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-
-			// Legacy element names to remove from #__extensions
-			$legacy = [
-				$db->quote('mokowaasbrand'),
-				$db->quote('plg_system_mokowaasbrand'),
-			];
-
-			// Delete from #__extensions
-			$query = $db->getQuery(true)
-				->delete($db->quoteName('#__extensions'))
-				->where($db->quoteName('element') . ' IN (' . implode(',', $legacy) . ')');
-			$db->setQuery($query);
-			$affected = $db->execute();
-			$count    = $db->getAffectedRows();
-
-			// Remove legacy plugin files from the filesystem
-			$legacyDirs = [
-				JPATH_PLUGINS . '/system/mokowaasbrand',
-			];
-
-			foreach ($legacyDirs as $dir)
-			{
-				if (is_dir($dir))
-				{
-					$this->rmdirRecursive($dir);
-				}
-			}
-
-			if ($count > 0)
-			{
-				Factory::getApplication()->enqueueMessage(
-					sprintf('Removed %d legacy MokoWaaS extension(s).', $count),
-					'message'
-				);
-
-				Log::add(
-					sprintf('Cleaned up %d legacy MokoWaaS extension entries', $count),
-					Log::INFO,
-					'mokowaas'
-				);
-			}
-		}
-		catch (\Throwable $e)
-		{
-			Log::add('Legacy cleanup error: ' . $e->getMessage(), Log::WARNING, 'jerror');
-		}
-	}
-
-	/**
-	 * Recursively remove a directory.
-	 *
-	 * @param   string  $dir  Directory path
-	 *
-	 * @return  void
-	 *
-	 * @since   02.21.00
-	 */
-	private function rmdirRecursive(string $dir): void
-	{
-		$items = new \RecursiveIteratorIterator(
-			new \RecursiveDirectoryIterator($dir, \RecursiveDirectoryIterator::SKIP_DOTS),
-			\RecursiveIteratorIterator::CHILD_FIRST
-		);
-
-		foreach ($items as $item)
-		{
-			if ($item->isDir())
-			{
-				@rmdir($item->getPathname());
-			}
-			else
-			{
-				@unlink($item->getPathname());
-			}
-		}
-
-		@rmdir($dir);
-	}
-
-	/**
-	 * Enable a plugin by group and element.
-	 *
-	 * @param   string  $group    Plugin group
-	 * @param   string  $element  Plugin element name
-	 *
-	 * @return  void
-	 *
-	 * @since   2.2.0
-	 */
-	private function enablePlugin(string $group, string $element): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-			$query = $db->getQuery(true)
-				->update($db->quoteName('#__extensions'))
-				->set($db->quoteName('enabled') . ' = 1')
-				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
-				->where($db->quoteName('folder') . ' = ' . $db->quote($group))
-				->where($db->quoteName('element') . ' = ' . $db->quote($element));
-			$db->setQuery($query);
-			$db->execute();
-		}
-		catch (\Throwable $e)
-		{
-			Log::add('Error enabling plugin ' . $group . '/' . $element . ': ' . $e->getMessage(), Log::WARNING, 'jerror');
-		}
-	}
-
-	/**
-	 * Set the protected flag on all MokoWaaS extensions.
-	 *
-	 * Joomla's protected flag prevents disabling and uninstalling at the
-	 * framework level — no plugin-side interception needed.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.03.10
-	 */
-	private function protectExtensions(): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-
-			// All MokoWaaS elements: package, system plugin, component,
-			// webservices plugins, task plugin
-			$elements = [
-				$db->quote('pkg_mokowaas'),
-				$db->quote('mokowaas'),
-				$db->quote('mokowaas_firewall'),
-				$db->quote('mokowaas_tenant'),
-				$db->quote('mokowaas_devtools'),
-				$db->quote('mokowaas_monitor'),
-				$db->quote('com_mokowaas'),
-				$db->quote('mod_mokowaas_cpanel'),
-				$db->quote('mokowaasdemo'),
-				$db->quote('mokowaassync'),
-				$db->quote('perfectpublisher'),
-				$db->quote('mokoonyx'),
-			];
-
-			$query = $db->getQuery(true)
-				->update($db->quoteName('#__extensions'))
-				->set($db->quoteName('protected') . ' = 1')
-				->set($db->quoteName('locked') . ' = 0')
-				->where($db->quoteName('element') . ' IN (' . implode(',', $elements) . ')');
-			$db->setQuery($query);
-			$db->execute();
-
-			// Ensure update server stays enabled
-			$this->enableUpdateServer();
-		}
-		catch (\Throwable $e)
-		{
-			Log::add('Error protecting MokoWaaS extensions: ' . $e->getMessage(), Log::WARNING, 'jerror');
-		}
-	}
-
-	/**
-	 * Remove stale and duplicate MokoWaaS update site entries.
-	 *
-	 * Keeps only the package-level update site pointing to the dynamic
-	 * MokoGitea endpoint. Removes plugin-level entries, old static URLs,
-	 * and orphaned #__updates rows tied to deleted update sites.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.31.00
-	 */
-	private function cleanupStaleUpdateSites(): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-			$dynamicUrl = 'https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/updates.xml';
-
-			// Find all MokoWaaS update sites
-			$query = $db->getQuery(true)
-				->select($db->quoteName(['update_site_id', 'location']))
-				->from($db->quoteName('#__update_sites'))
-				->where('(' . $db->quoteName('name') . ' LIKE ' . $db->quote('%MokoWaaS%')
-					. ' OR ' . $db->quoteName('location') . ' LIKE ' . $db->quote('%MokoWaaS%') . ')');
-			$db->setQuery($query);
-			$sites = $db->loadObjectList();
-
-			$keepId = null;
-			$removeIds = [];
-
-			foreach ($sites as $site)
-			{
-				if ($site->location === $dynamicUrl && $keepId === null)
-				{
-					$keepId = (int) $site->update_site_id;
-				}
-				else
-				{
-					$removeIds[] = (int) $site->update_site_id;
-				}
-			}
-
-			if (empty($removeIds))
-			{
-				return;
-			}
-
-			$idList = implode(',', $removeIds);
-
-			// Remove orphaned #__updates rows
-			$db->setQuery(
-				$db->getQuery(true)
-					->delete($db->quoteName('#__updates'))
-					->where($db->quoteName('update_site_id') . ' IN (' . $idList . ')')
-			)->execute();
-
-			// Remove link rows
-			$db->setQuery(
-				$db->getQuery(true)
-					->delete($db->quoteName('#__update_sites_extensions'))
-					->where($db->quoteName('update_site_id') . ' IN (' . $idList . ')')
-			)->execute();
-
-			// Remove stale update sites
-			$db->setQuery(
-				$db->getQuery(true)
-					->delete($db->quoteName('#__update_sites'))
-					->where($db->quoteName('update_site_id') . ' IN (' . $idList . ')')
-			)->execute();
-
-			$count = count($removeIds);
-
-			if ($count > 0)
-			{
-				Factory::getApplication()->enqueueMessage(
-					sprintf('Cleaned up %d stale MokoWaaS update site(s).', $count),
-					'message'
-				);
-			}
-		}
-		catch (\Throwable $e)
-		{
-			Log::add('Error cleaning up stale update sites: ' . $e->getMessage(), Log::WARNING, 'jerror');
-		}
-	}
-
-	/**
-	 * Ensure the MokoWaaS update server entry stays enabled and points
-	 * to the correct dynamic endpoint with the license key attached.
-	 *
-	 * Migrates legacy static URLs (raw/branch/main/updates.xml) to the
-	 * dynamic MokoGitea update feed, and syncs the license key from
-	 * plugin params into extra_query so Joomla sends it as dlid.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.21.00
-	 */
-	private function enableUpdateServer(): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-
-			$staticUrl = 'https://git.mokoconsulting.tech/MokoConsulting/MokoWaaS/raw/branch/main/updates.xml';
-
-			// Migrate old dynamic URL to static raw file URL
-			$db->setQuery(
-				$db->getQuery(true)
-					->update($db->quoteName('#__update_sites'))
-					->set($db->quoteName('location') . ' = ' . $db->quote($staticUrl))
-					->where('(' . $db->quoteName('name') . ' LIKE ' . $db->quote('%MokoWaaS%')
-						. ' OR ' . $db->quoteName('location') . ' LIKE ' . $db->quote('%MokoWaaS%') . ')')
-					->where($db->quoteName('location') . ' != ' . $db->quote($staticUrl))
-			);
-			$db->execute();
-
-			// Enable all MokoWaaS update sites
-			$query = $db->getQuery(true)
-				->update($db->quoteName('#__update_sites'))
-				->set($db->quoteName('enabled') . ' = 1')
-				->where('(' . $db->quoteName('name') . ' LIKE ' . $db->quote('%MokoWaaS%')
-					. ' OR ' . $db->quoteName('location') . ' LIKE ' . $db->quote('%MokoWaaS%') . ')');
-			$db->setQuery($query);
-			$db->execute();
-		}
-		catch (\Throwable $e)
-		{
-			Log::add('Error enabling update server: ' . $e->getMessage(), Log::WARNING, 'jerror');
-		}
-	}
-
-	/**
-	 * Send heartbeat to the MokoWaaS monitoring receiver.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.03.08
-	 */
-	private function sendHeartbeat(): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-			$query = $db->getQuery(true)
-				->select($db->quoteName('params'))
-				->from($db->quoteName('#__extensions'))
-				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
-				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
-				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
-			$params = json_decode((string) $db->setQuery($query)->loadResult());
-
-			$healthToken = $params->health_api_token ?? '';
-
-			if (empty($healthToken))
-			{
-				return;
-			}
-
-			$siteUrl  = rtrim(\Joomla\CMS\Uri\Uri::root(), '/');
-			$siteName = Factory::getConfig()->get('sitename', 'Joomla');
-
-			$payload = json_encode([
-				'site_url'     => $siteUrl,
-				'site_name'    => $siteName,
-				'health_token' => $healthToken,
-				'action'       => 'register',
-			], JSON_UNESCAPED_SLASHES);
-
-			$ch = curl_init('https://bench.mokoconsulting.tech/api/waas-heartbeat/register');
-			curl_setopt($ch, CURLOPT_POST, true);
-			curl_setopt($ch, CURLOPT_HTTPHEADER, [
-				'Content-Type: application/json',
-				'X-MokoWaaS-Key: moko-waas-hb-2026-x9k4m',
-			]);
-			curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
-			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-			curl_setopt($ch, CURLOPT_TIMEOUT, 15);
-			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-
-			$response = curl_exec($ch);
-			$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
-			curl_close($ch);
-
-			if ($code >= 200 && $code < 300)
-			{
-				Factory::getApplication()->enqueueMessage('Grafana heartbeat: site registered', 'message');
-			}
-		}
-		catch (\Throwable $e)
-		{
-			// Silent failure — heartbeat is non-critical
-		}
-	}
-
-	/**
-	 * One-time migration of params from the monolithic core plugin to
-	 * the new feature plugins. Copies security, tenant, and dev params.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.32.00
-	 */
-	private function setupCpanelModule(): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-
-			// Enable the module
-			$query = $db->getQuery(true)
-				->update($db->quoteName('#__extensions'))
-				->set($db->quoteName('enabled') . ' = 1')
-				->where($db->quoteName('type') . ' = ' . $db->quote('module'))
-				->where($db->quoteName('element') . ' = ' . $db->quote('mod_mokowaas_cpanel'));
-			$db->setQuery($query);
-			$db->execute();
-
-			// Check if a module instance already exists in #__modules
-			$query = $db->getQuery(true)
-				->select('COUNT(*)')
-				->from($db->quoteName('#__modules'))
-				->where($db->quoteName('module') . ' = ' . $db->quote('mod_mokowaas_cpanel'));
-			$db->setQuery($query);
-
-			if ((int) $db->loadResult() > 0)
-			{
-				return;
-			}
-
-			// Create the module instance on the cpanel position
-			$module = (object) [
-				'title'     => 'MokoWaaS',
-				'note'      => '',
-				'content'   => '',
-				'ordering'  => 0,
-				'position'  => 'top',
-				'checked_out' => null,
-				'checked_out_time' => null,
-				'publish_up'   => null,
-				'publish_down' => null,
-				'published' => 1,
-				'module'    => 'mod_mokowaas_cpanel',
-				'access'    => 6, // Super Users only
-				'showtitle' => 0,
-				'params'    => '{"show_health":"1","show_plugins":"1"}',
-				'client_id' => 1, // Administrator
-				'language'  => '*',
-			];
-
-			$db->insertObject('#__modules', $module, 'id');
-			$moduleId = (int) $module->id;
-
-			if ($moduleId)
-			{
-				// Assign to all admin pages
-				$map = (object) [
-					'moduleid' => $moduleId,
-					'menuid'   => 0, // 0 = all pages
-				];
-				$db->insertObject('#__modules_menu', $map);
-			}
-		}
-		catch (\Throwable $e)
-		{
-			Log::add('CPanel module setup error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
-		}
-	}
-
-	/**
-	 * One-time migration of params from the monolithic core plugin to
-	 * the new feature plugins. Copies security, tenant, and dev params.
-	 *
-	 * @return  void
-	 *
-	 * @since   02.32.00
-	 */
-	private function migrateFeatureParams(): void
-	{
-		try
-		{
-			$db = Factory::getDbo();
-
-			// Read core plugin params
-			$query = $db->getQuery(true)
-				->select($db->quoteName('params'))
-				->from($db->quoteName('#__extensions'))
-				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
-				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
-				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
-			$db->setQuery($query);
-			$coreParamsJson = (string) $db->loadResult();
-
-			if (empty($coreParamsJson) || $coreParamsJson === '{}')
-			{
-				return;
-			}
-
-			$core = json_decode($coreParamsJson, true);
-
-			if (empty($core))
-			{
-				return;
-			}
-
-			// Check migration marker
-			if (!empty($core['_params_migrated_032']))
-			{
-				return;
-			}
-
-			// Firewall params
-			$firewallKeys = [
-				'force_https', 'admin_session_timeout', 'trusted_ips',
-				'password_min_length', 'password_require_uppercase',
-				'password_require_number', 'password_require_special',
-				'upload_allowed_types', 'upload_max_size_mb',
-			];
-
-			// Tenant params
-			$tenantKeys = [
-				'restrict_installer', 'allow_extension_updates', 'hide_sysinfo',
-				'restrict_global_config', 'restrict_template_editing',
-				'disable_install_url', 'hidden_menu_items',
-			];
-
-			// DevTools params
-			$devtoolsKeys = ['dev_mode', 'reset_hits', 'delete_versions'];
-
-			$migrations = [
-				'mokowaas_firewall' => $firewallKeys,
-				'mokowaas_tenant'   => $tenantKeys,
-				'mokowaas_devtools' => $devtoolsKeys,
-			];
-
-			foreach ($migrations as $element => $keys)
-			{
-				$featureParams = [];
-
-				foreach ($keys as $key)
-				{
-					if (isset($core[$key]))
-					{
-						$featureParams[$key] = $core[$key];
-					}
-				}
-
-				if (empty($featureParams))
-				{
-					continue;
-				}
-
-				$db->setQuery(
-					$db->getQuery(true)
-						->update($db->quoteName('#__extensions'))
-						->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($featureParams)))
-						->where($db->quoteName('element') . ' = ' . $db->quote($element))
-						->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
-						->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
-				)->execute();
-			}
-
-			// Set migration marker on core plugin
-			$core['_params_migrated_032'] = 1;
-			$db->setQuery(
-				$db->getQuery(true)
-					->update($db->quoteName('#__extensions'))
-					->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($core)))
-					->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
-					->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
-					->where($db->quoteName('folder') . ' = ' . $db->quote('system'))
-			)->execute();
-
-			Factory::getApplication()->enqueueMessage(
-				'MokoWaaS: migrated settings to feature plugins (Firewall, Tenant, DevTools).',
-				'message'
-			);
-		}
-		catch (\Throwable $e)
-		{
-			Log::add('Feature param migration error: ' . $e->getMessage(), Log::WARNING, 'mokowaas');
-		}
-	}
-}