chore(release): build 01.02.00-rc [skip ci]

When source code is modified in a PR, the workflow now:
- BLOCKS if CHANGELOG.md was not updated (error)
- WARNS if README.md was not updated (warning, non-blocking)

This ensures every code change has a corresponding changelog entry.

.mokogitea/CLAUDE.md

@@ -0,0 +1,83 @@
+# MokoSuiteCross
+
+Cross-posting Joomla content to social media, email marketing, and chat platforms with plugin-based services.
+
+## Quick Reference
+
+| Field | Value |
+|---|---|
+| **Package** | `pkg_mokosuitecross` |
+| **Language** | PHP 8.1+ |
+| **Branch** | develop on `dev`, merge to `main` (protected) |
+| **Wiki** | [MokoSuiteCross Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteCross/wiki) |
+
+## Commands
+
+```bash
+make build        # Build package ZIP
+make lint         # Run linters
+make validate     # Validate structure
+make release      # Full release pipeline
+make clean        # Clean build artifacts
+composer install  # Install PHP dependencies
+```
+
+## Architecture
+
+Joomla **package** with core extensions + pluggable service plugins:
+
+### com_mokosuitecross (Component)
+- Admin backend: dashboard, services, post queue, templates, logs
+- Joomla 5/6 MVC: Dashboard, Services, Posts, Logs (list/edit each)
+- Namespace: `Joomla\Component\MokoSuiteCross\Administrator`
+
+### plg_system_mokosuitecross (System Plugin)
+- Hooks `onContentAfterSave` to trigger cross-posting on article publish
+- Dispatches to registered service plugins via `mokosuitecross` plugin group
+
+### plg_content_mokosuitecross (Content Plugin)
+- Adds cross-post status badges to articles via `onContentBeforeDisplay`
+
+### plg_webservices_mokosuitecross (WebServices Plugin)
+- REST API endpoints for posts and services
+
+### Service Plugins (mokosuitecross group)
+Each platform is a separate plugin implementing `MokoSuiteCrossServiceInterface`:
+- `plg_mokosuitecross_facebook` — Facebook/Meta Graph API
+- `plg_mokosuitecross_twitter` — X/Twitter API v2
+- `plg_mokosuitecross_linkedin` — LinkedIn Share API
+- `plg_mokosuitecross_mastodon` — Mastodon API
+- `plg_mokosuitecross_bluesky` — Bluesky AT Protocol
+- `plg_mokosuitecross_mailchimp` — Mailchimp Campaigns API
+- `plg_mokosuitecross_telegram` — Telegram Bot API
+- `plg_mokosuitecross_discord` — Discord Webhooks
+- `plg_mokosuitecross_slack` — Slack Incoming Webhooks
+
+### Database Schema
+
+- `#__mokosuitecross_services` — service configs (credentials as individual fields, not JSON)
+- `#__mokosuitecross_posts` — post queue (status: queued/posting/posted/failed/scheduled)
+- `#__mokosuitecross_templates` — message templates per service type
+- `#__mokosuitecross_logs` — activity logs with level and context
+
+## Rules
+
+- **Never commit** `.claude/`, `.mcp.json`, `TODO.md`, `*.min.css`/`*.min.js`
+- **Never commit** API keys, tokens, or credentials — these go in Joomla's encrypted params
+- **Attribution**: `Authored-by: Moko Consulting`
+- **Workflow directory**: `.mokogitea/` (not `.gitea/` or `.github/`)
+- **Minification**: handled at build time (CI)
+- **Wiki**: documentation lives in the Gitea wiki, not `docs/` files
+- **Standards**: [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/mokoplatform/wiki/Home)
+- **UX**: service credentials as individual form fields, not JSON blobs; dashboard link in toolbar
+
+## Coding Standards
+
+- PHP 8.1+ minimum
+- Joomla 5/6 DI container pattern: `services/provider.php` → Extension class
+- Legacy stub `.php` file required for plugin loader but empty
+- `SubscriberInterface` for event subscription (not `on*` method naming)
+- `bind() → check() → store()` for Table operations (not `save()`)
+- Language file placement: site (no `folder`) vs admin (`folder="administrator"`)
+- SPDX license headers on all PHP files
+- Service plugins MUST implement `MokoSuiteCrossServiceInterface`

.mokogitea/branch-protection.yml

@@ -0,0 +1,251 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+# SPDX-License-Identifier: GPL-3.0-or-later
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Automation
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /.gitea/workflows/branch-protection.yml
+# BRIEF: Apply standardised branch protection rules to all governed repositories
+#
+# +========================================================================+
+# |                   BRANCH PROTECTION SETUP                              |
+# +========================================================================+
+# |                                                                        |
+# |  Applies protection rules for: main, dev, rc, beta, alpha       |
+# |                                                                        |
+# |  main  — Require PR, block rejected reviews, no force push             |
+# |  dev   — Allow push, no force push, no delete                          |
+# |  rc  — Allow push, no force push, no delete                          |
+# |  beta — Allow push, no force push, no delete                         |
+# |  alpha — Allow push, no force push, no delete                        |
+# |                                                                        |
+# |  jmiller has override authority on all branches.                       |
+# |                                                                        |
+# +========================================================================+
+
+name: Branch Protection Setup
+
+on:
+  schedule:
+    - cron: '0 2 * * 1'  # Weekly Monday 02:00 UTC
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Preview mode (no changes)'
+        required: false
+        type: boolean
+        default: false
+      repos:
+        description: 'Comma-separated repo names (empty = all governed repos)'
+        required: false
+        type: string
+        default: ''
+
+env:
+  GITEA_URL: https://git.mokoconsulting.tech
+  GITEA_ORG: MokoConsulting
+
+permissions:
+  contents: read
+
+jobs:
+  protect:
+    name: Apply Branch Protection Rules
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Determine target repos
+        id: repos
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+        run: |
+          API="${GITEA_URL}/api/v1"
+
+          # Platform/standards/infra repos to exclude
+          EXCLUDE="gitea-org-config org-profile gitea-private .mokogitea-private MokoStandards moko-platform MokoTesting"
+          EXCLUDE="$EXCLUDE MokoStandards-Template-Client MokoStandards-Template-Dolibarr MokoStandards-Template-Generic MokoStandards-Template-Joomla MokoDoliProjTemplate"
+
+          if [ -n "${{ inputs.repos }}" ]; then
+            # User-specified repos
+            REPOS=$(echo "${{ inputs.repos }}" | tr ',' ' ')
+          else
+            # Fetch all org repos
+            PAGE=1
+            REPOS=""
+            while true; do
+              BATCH=$(curl -sS \
+                -H "Authorization: token ${GA_TOKEN}" \
+                "${API}/orgs/${GITEA_ORG}/repos?page=${PAGE}&limit=50" \
+                | jq -r '.[].name // empty')
+              [ -z "$BATCH" ] && break
+              REPOS="$REPOS $BATCH"
+              PAGE=$((PAGE + 1))
+            done
+
+            # Filter out excluded repos
+            FILTERED=""
+            for REPO in $REPOS; do
+              SKIP=false
+              for EX in $EXCLUDE; do
+                if [ "$REPO" = "$EX" ]; then
+                  SKIP=true
+                  break
+                fi
+              done
+              if [ "$SKIP" = "false" ]; then
+                FILTERED="$FILTERED $REPO"
+              fi
+            done
+            REPOS="$FILTERED"
+          fi
+
+          echo "repos=$REPOS" >> "$GITHUB_OUTPUT"
+          COUNT=$(echo "$REPOS" | wc -w)
+          echo "📋 Target repos (${COUNT}): $REPOS"
+
+      - name: Apply protection rules
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+          DRY_RUN: ${{ inputs.dry_run || 'false' }}
+        run: |
+          API="${GITEA_URL}/api/v1"
+          REPOS="${{ steps.repos.outputs.repos }}"
+
+          SUCCESS=0
+          FAILED=0
+          SKIPPED=0
+
+          # ── Rule definitions ──────────────────────────────────────
+          # Only the CI bot (jmiller token) can push directly.
+          # All human contributors must use PRs.
+          # Force push disabled on all branches.
+
+          RULE_MAIN='{
+            "rule_name": "main",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "dismiss_stale_approvals": true,
+            "block_on_rejected_reviews": true,
+            "block_on_outdated_branch": false,
+            "priority": 1
+          }'
+
+          RULE_DEV='{
+            "rule_name": "dev",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 2
+          }'
+
+          RULE_RC='{
+            "rule_name": "rc",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 3
+          }'
+
+          RULE_BETA='{
+            "rule_name": "beta",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 4
+          }'
+
+          RULE_ALPHA='{
+            "rule_name": "alpha",
+            "enable_push": true,
+            "enable_push_whitelist": true,
+            "push_whitelist_usernames": ["jmiller"],
+            "enable_force_push": false,
+            "enable_force_push_allowlist": false,
+            "force_push_allowlist_usernames": [],
+            "enable_merge_whitelist": false,
+            "required_approvals": 0,
+            "block_on_rejected_reviews": false,
+            "priority": 5
+          }'
+
+          RULES=("$RULE_MAIN" "$RULE_DEV" "$RULE_RC" "$RULE_BETA" "$RULE_ALPHA")
+          RULE_NAMES=("main" "dev" "rc" "beta" "alpha")
+
+          # ── Apply rules to each repo ──────────────────────────────
+          for REPO in $REPOS; do
+            echo ""
+            echo "═══ ${REPO} ═══"
+
+            for i in "${!RULES[@]}"; do
+              RULE="${RULES[$i]}"
+              NAME="${RULE_NAMES[$i]}"
+
+              if [ "$DRY_RUN" = "true" ]; then
+                echo "  [DRY RUN] Would apply rule: ${NAME}"
+                SKIPPED=$((SKIPPED + 1))
+                continue
+              fi
+
+              # Delete existing rule if present (idempotent recreate)
+              ENCODED_NAME=$(echo "$NAME" | sed 's|/|%2F|g')
+              curl -sS -o /dev/null -w "" \
+                -X DELETE \
+                -H "Authorization: token ${GA_TOKEN}" \
+                "${API}/repos/${GITEA_ORG}/${REPO}/branch_protections/${ENCODED_NAME}" 2>/dev/null || true
+
+              # Create rule
+              RESPONSE=$(curl -sS -w "\n%{http_code}" \
+                -X POST \
+                -H "Authorization: token ${GA_TOKEN}" \
+                -H "Content-Type: application/json" \
+                -d "$RULE" \
+                "${API}/repos/${GITEA_ORG}/${REPO}/branch_protections")
+
+              HTTP=$(echo "$RESPONSE" | tail -1)
+              BODY=$(echo "$RESPONSE" | sed '$d')
+
+              if [ "$HTTP" = "201" ]; then
+                echo "  ✅ ${NAME}"
+                SUCCESS=$((SUCCESS + 1))
+              else
+                echo "  ❌ ${NAME} (HTTP ${HTTP}): $(echo "$BODY" | jq -r '.message // .' 2>/dev/null | head -1)"
+                FAILED=$((FAILED + 1))
+              fi
+            done
+          done
+
+          # ── Summary ───────────────────────────────────────────────
+          echo ""
+          echo "════════════════════════════════════════"
+          echo "  ✅ Success: ${SUCCESS}"
+          echo "  ❌ Failed:  ${FAILED}"
+          echo "  ⏭️  Skipped: ${SKIPPED}"
+          echo "════════════════════════════════════════"
+
+          if [ "$FAILED" -gt 0 ]; then
+            echo "::warning::${FAILED} rule(s) failed to apply"
+          fi

.mokogitea/manifest.xml

@@ -1,20 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<moko-platform xmlns="https://standards.mokoconsulting.tech/moko-platform/1.0" schema-version="1.0">
+<mokoplatform xmlns="https://standards.mokoconsulting.tech/mokoplatform/1.0" schema-version="1.0">
     <identity>
-        <name>MokoJoomCross</name>
+        <name>MokoSuiteCross</name>
+        <display-name>Package - MokoSuiteCross</display-name>
         <org>MokoConsulting</org>
         <description>Cross-posting Joomla content to social media, email marketing, and chat platforms</description>
-        <version>01.00.00-dev</version>
+        <version>01.02.00</version>
         <license spdx="GPL-3.0-or-later">GNU General Public License v3</license>
     </identity>
     <governance>
         <platform>joomla</platform>
         <standards-version>05.00.00</standards-version>
-        <standards-source>https://git.mokoconsulting.tech/MokoConsulting/moko-platform</standards-source>
+        <standards-source>https://git.mokoconsulting.tech/MokoConsulting/mokoplatform</standards-source>
     </governance>
     <build>
         <language>PHP</language>
         <package-type>joomla-extension</package-type>
-        <entry-point>src/</entry-point>
+        <entry-point>source/</entry-point>
     </build>
-</moko-platform>
+    <licensing>
+        <enabled>true</enabled>
+        <dlid>true</dlid>
+        <update-server>https://git.mokoconsulting.tech/{org}/{repo}/updates.xml</update-server>
+    </licensing>
+</mokoplatform>

.mokogitea/workflows/auto-bump.yml

@@ -1,84 +1,66 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Release
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
-# PATH: /.mokogitea/workflows/auto-bump.yml
-# VERSION: 09.02.00
-# BRIEF: Auto patch-bump version on every push to dev (skips merge commits)
-
-name: "Universal: Auto Version Bump"
-
-on:
-  push:
-    branches:
-      - dev
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-
-permissions:
-  contents: write
-
-jobs:
-  bump:
-    name: Version Bump
-    runs-on: release
-    if: >-
-      !contains(github.event.head_commit.message, '[skip ci]') &&
-      !contains(github.event.head_commit.message, '[skip bump]') &&
-      !startsWith(github.event.head_commit.message, 'Merge pull request')
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          token: ${{ secrets.GA_TOKEN }}
-          fetch-depth: 1
-
-      - name: Setup moko-platform tools
-        run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          if [ -d "/opt/moko-platform/cli" ]; then
-            echo "MOKO_CLI=/opt/moko-platform/cli" >> "$GITHUB_ENV"
-          else
-            git clone --depth 1 --branch main --quiet \
-              "https://x-access-token:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/moko-platform.git" \
-              /tmp/moko-platform-api
-            cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
-            echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
-          fi
-
-      - name: Bump version
-        run: |
-          BUMP=$(php ${MOKO_CLI}/version_bump.php --path . 2>&1) || true
-          echo "$BUMP"
-
-          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null) || true
-          [ -z "$VERSION" ] && { echo "No version found — skipping"; exit 0; }
-
-          # Propagate to platform manifests
-          php ${MOKO_CLI}/version_set_platform.php \
-            --path . --version "$VERSION" --branch dev 2>/dev/null || true
-          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
-
-          # Commit if anything changed
-          if git diff --quiet && git diff --cached --quiet; then
-            echo "No version changes to commit"
-            exit 0
-          fi
-
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git commit -m "chore(version): patch bump to ${VERSION} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-          git push origin dev
-          echo "Bumped to ${VERSION}" >> $GITHUB_STEP_SUMMARY
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: moko-platform.Release
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /.mokogitea/workflows/auto-bump.yml
+# VERSION: 09.02.00
+# BRIEF: Auto patch-bump version on every push to dev (skips merge commits)
+
+name: "Universal: Auto Version Bump"
+
+on:
+  push:
+    branches:
+      - dev
+      - rc
+      - 'feature/**'
+      - 'patch/**'
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+
+permissions:
+  contents: write
+
+jobs:
+  bump:
+    name: Version Bump
+    runs-on: release
+    if: >-
+      !contains(github.event.head_commit.message, '[skip ci]') &&
+      !contains(github.event.head_commit.message, '[skip bump]') &&
+      !startsWith(github.event.head_commit.message, 'Merge pull request')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          fetch-depth: 1
+
+      - name: Setup moko-platform tools
+        run: |
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          fi
+          if [ -d "/opt/moko-platform/cli" ]; then
+            echo "MOKO_CLI=/opt/moko-platform/cli" >> "$GITHUB_ENV"
+          else
+            git clone --depth 1 --branch main --quiet \
+              "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/moko-platform.git" \
+              /tmp/moko-platform-api
+            cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
+            echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
+          fi
+
+      - name: Bump version
+        run: |
+          php ${MOKO_CLI}/version_auto_bump.php \
+            --path . --branch "${GITHUB_REF_NAME}" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --repo-url "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"

.mokogitea/workflows/auto-release.yml

@@ -4,8 +4,8 @@
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Release
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
+# INGROUP: mokoplatform.Release
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokoplatform
 # PATH: /templates/workflows/universal/auto-release.yml.template
 # VERSION: 05.00.00
 # BRIEF: Universal build & release � detects platform from manifest.xml
@@ -17,7 +17,7 @@
 # |  Reads manifest.xml (joomla|dolibarr|generic) to branch logic.       |
 # |                                                                        |
 # |  Platform-specific:                                                    |
-# |    joomla:   XML manifest, updates.xml, type-prefixed packages         |
+# |    joomla:   XML manifest, type-prefixed packages                      |
 # |    dolibarr: mod*.class.php, update.txt, dev version reset             |
 # |    generic:  README-only, no update stream                             |
 # |                                                                        |
@@ -51,58 +51,69 @@ permissions:
   contents: write
 
 jobs:
-  # ── Draft PR → Promote highest pre-release to RC ─────────────────────────────
+  # ── PR Opened → Rename branch to RC and build RC release ─────────────────────
   promote-rc:
-    name: Promote Pre-Release to RC
+    name: Promote to RC
     runs-on: release
     if: >-
-      (github.event.action == 'opened' && github.event.pull_request.draft == true) ||
+      (github.event.action == 'opened' && github.event.pull_request.merged != true) ||
       (github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
-          token: ${{ secrets.GA_TOKEN }}
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
           fetch-depth: 1
 
-      - name: Setup moko-platform tools
+      - name: Setup mokoplatform tools
         env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
           MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
         run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          if [ -f /opt/mokoplatform/cli/version_bump.php ] && [ -f /opt/mokoplatform/vendor/autoload.php ]; then
+            echo Using pre-installed /opt/mokoplatform
+            echo MOKO_CLI=/opt/mokoplatform/cli >> $GITHUB_ENV
+          else
+            echo Falling back to fresh clone
+            if ! command -v composer > /dev/null 2>&1; then
+              sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
+            fi
+            rm -rf /tmp/mokoplatform-api
+            CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/mokoplatform.git
+            git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokoplatform-api
+            cd /tmp/mokoplatform-api
+            composer install --no-dev --no-interaction --quiet
+            echo MOKO_CLI=/tmp/mokoplatform-api/cli >> $GITHUB_ENV
           fi
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api
-          composer install --no-dev --no-interaction --quiet
 
-      - name: Promote to release-candidate
+      - name: Rename branch to rc
         run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_promote.php \
-            --from auto --to release-candidate \
-            --token "${{ secrets.GA_TOKEN }}" \
-            --api-base "${API_BASE}" \
-            --branch "${{ github.event.pull_request.head.ref || 'dev' }}"
+          php ${MOKO_CLI}/branch_rename.php \
+            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
+            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
+            --pr "${{ github.event.pull_request.number }}"
 
-      - name: Cascade lesser channels
-        continue-on-error: true
+      - name: Checkout rc and configure git
         run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_cascade.php \
-            --stability release-candidate \
-            --token "${{ secrets.GA_TOKEN }}" \
-            --api-base "${API_BASE}"
+          git fetch origin rc
+          git checkout rc
+          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
+          git config --local user.name "gitea-actions[bot]"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+
+      - name: Publish RC release
+        run: |
+          php ${MOKO_CLI}/release_publish.php \
+            --path . --stability rc --bump minor --branch rc \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}"
 
       - name: Summary
         if: always()
         run: |
           echo "## Promoted to Release Candidate" >> $GITHUB_STEP_SUMMARY
-          echo "Draft PR opened — promoted highest pre-release to RC" >> $GITHUB_STEP_SUMMARY
+          echo "Branch renamed to rc, minor bump, RC release built" >> $GITHUB_STEP_SUMMARY
 
   # ── Merged PR → Build & Release (or promote RC to stable) ────────────────────
   release:
@@ -116,294 +127,104 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
-          token: ${{ secrets.GA_TOKEN }}
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
           fetch-depth: 0
 
-      - name: Setup moko-platform tools
-        env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
-          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN }}"}}'
+      - name: Configure git for bot pushes
         run: |
-          # Ensure PHP + Composer are available
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
-          fi
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api
-          composer install --no-dev --no-interaction --quiet
-
-
-      # -- PLATFORM DETECTION ---------------------------------------------------
-      - name: Detect platform
-        id: platform
-        run: |
-          php /tmp/moko-platform-api/cli/manifest_read.php --path . --github-output
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)
-          MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1 || true)
-          echo "manifest=${MANIFEST}" >> "$GITHUB_OUTPUT"
-          echo "mod_file=${MOD_FILE}" >> "$GITHUB_OUTPUT"
-
-      - name: "Step 1: Read version"
-        id: version
-        run: |
-          VERSION=$(php /tmp/moko-platform-api/cli/version_read.php --path .)
-          if [ -z "$VERSION" ]; then
-            echo "::error::No VERSION in README.md"
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          MAJOR=$(echo "$VERSION" | cut -d. -f1)
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "release_tag=stable" >> "$GITHUB_OUTPUT"
-          echo "skip=false" >> "$GITHUB_OUTPUT"
-          echo "branch=main" >> "$GITHUB_OUTPUT"
-
-      # -- CHECK FOR RC PROMOTION ------------------------------------------------
-      - name: "Check for RC release"
-        id: rc
-        if: steps.version.outputs.skip != 'true'
-        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          RC_JSON=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-            "${API_BASE}/releases/tags/release-candidate" 2>/dev/null || echo "{}")
-          RC_ID=$(echo "$RC_JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || true)
-
-          if [ -n "$RC_ID" ] && [ "$RC_ID" != "None" ] && [ "$RC_ID" != "" ]; then
-            echo "promote=true" >> "$GITHUB_OUTPUT"
-            echo "release_id=${RC_ID}" >> "$GITHUB_OUTPUT"
-            echo "::notice::RC release found (id: ${RC_ID}) — will promote to stable"
-          else
-            echo "promote=false" >> "$GITHUB_OUTPUT"
-            echo "::notice::No RC release — full build pipeline"
-          fi
-
-      - name: "Step 1b: Minor bump version"
-        id: bump
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.rc.outputs.promote != 'true'
-        run: |
-          MOKO_API="/tmp/moko-platform-api/cli"
-          php ${MOKO_API}/version_bump.php --path . --minor 2>&1 || true
-          VERSION=$(php ${MOKO_API}/version_read.php --path .)
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "Bumped to: ${VERSION}"
-
-      - name: Check if already released
-        if: steps.version.outputs.skip != 'true'
-        id: check
-        run: |
-          TAG="${{ steps.version.outputs.release_tag }}"
-          BRANCH="${{ steps.version.outputs.branch }}"
-
-          TAG_EXISTS=false
-          BRANCH_EXISTS=false
-
-          git rev-parse "$TAG" >/dev/null 2>&1 && TAG_EXISTS=true
-          git ls-remote --heads origin "$BRANCH" 2>/dev/null | grep -q "$BRANCH" && BRANCH_EXISTS=true
-
-          echo "tag_exists=$TAG_EXISTS" >> "$GITHUB_OUTPUT"
-          echo "branch_exists=$BRANCH_EXISTS" >> "$GITHUB_OUTPUT"
-
-          # Tag and branch may persist across patch releases — never skip
-          echo "already_released=false" >> "$GITHUB_OUTPUT"
-
-      # -- SANITY CHECKS -------------------------------------------------------
-      - name: "Sanity: Pre-release validation"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          php /tmp/moko-platform-api/cli/release_validate.php \
-            --path . --version "$VERSION" --output-summary --github-output || true
-
-      # -- STEP 2: Create or update version/XX.YY archive branch ---------------
-      # Always runs — every version change on main archives to version/XX.YY
-      - name: "Step 2: Version archive branch"
-        if: steps.check.outputs.already_released != 'true'
-        run: |
-          BRANCH="${{ steps.version.outputs.branch }}"
-          IS_MINOR="${{ steps.version.outputs.is_minor }}"
-          PATCH="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          PATCH_NUM=$(echo "$PATCH" | awk -F. '{print $3}')
-
-          # Check if branch exists
-          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
-            git push origin HEAD:"$BRANCH" --force
-            echo "Updated archive branch: ${BRANCH} (patch ${PATCH_NUM})" >> $GITHUB_STEP_SUMMARY
-          else
-            git checkout -b "$BRANCH" 2>/dev/null || git checkout "$BRANCH"
-            git push origin "$BRANCH" --force
-            echo "Created archive branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      # -- STEP 3: Set platform version ----------------------------------------
-      - name: "Step 3: Set platform version"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          php /tmp/moko-platform-api/cli/version_set_platform.php \
-            --path . --version "$VERSION" --branch main
-
-      # -- STEP 4: Update version badges ----------------------------------------
-      - name: "Step 4: Update version badges"
-        if: steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          php /tmp/moko-platform-api/cli/badge_update.php --path . --version "${VERSION}" 2>/dev/null || true
-          php /tmp/moko-platform-api/cli/version_check.php --path . --fix 2>/dev/null || true
-
-      # Step 5 (updates.xml) moved after Step 8 to include SHA-256 checksum
-
-      - name: Commit release changes
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.check.outputs.already_released != 'true'
-        run: |
-          if git diff --quiet && git diff --cached --quiet; then
-            echo "No changes to commit"
-            exit 0
-          fi
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
           git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
           git config --local user.name "gitea-actions[bot]"
-          # Set push URL with token for branch-protected repos
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-          git add -A
-          git commit -m "chore(release): build ${VERSION} [skip ci]" \
-            --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-          git push -u origin HEAD
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
 
-      # -- STEP 6: Create tag ---------------------------------------------------
-      - name: "Step 6: Create git tag"
-        if: >-
-          steps.version.outputs.skip != 'true'
+      - name: Check for merge conflict markers
         run: |
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          # Only create the major release tag if it doesn't exist yet
-          if ! git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
-            git tag "$RELEASE_TAG"
-            git push origin "$RELEASE_TAG"
-            echo "Tag created: ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
+          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
+          if [ -n "$CONFLICTS" ]; then
+            echo "::error::Merge conflict markers found — aborting release"
+            echo "## Release Blocked: Conflict Markers" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "No conflict markers found"
+
+      - name: Setup mokoplatform tools
+        env:
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN }}"}}'
+        run: |
+          if [ -f /opt/mokoplatform/cli/version_bump.php ] && [ -f /opt/mokoplatform/vendor/autoload.php ]; then
+            echo Using pre-installed /opt/mokoplatform
+            echo MOKO_CLI=/opt/mokoplatform/cli >> $GITHUB_ENV
           else
-            echo "Tag ${RELEASE_TAG} already exists" >> $GITHUB_STEP_SUMMARY
-          fi
-          echo "Tag: ${TAG}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 7a: Promote RC to stable (skip build) ----------------------------
-      - name: "Step 7a: Promote RC to stable"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.rc.outputs.promote == 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_promote.php \
-            --from release-candidate --to stable \
-            --token "${{ secrets.GA_TOKEN }}" \
-            --api-base "${API_BASE}" \
-            --path . --branch main
-          echo "Promoted RC → stable (${VERSION})" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 7b: Create or update Gitea Release (full build path) -------------
-      - name: "Step 7b: Gitea Release"
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.rc.outputs.promote != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_create.php \
-            --path . --version "$VERSION" --tag "$RELEASE_TAG" \
-            --token "${{ secrets.GA_TOKEN }}" --api-base "$API_BASE" \
-            --repo "${GITEA_REPO}" --branch main
-          echo "Release created: ${VERSION}" >> $GITHUB_STEP_SUMMARY
-
-      # -- STEP 8: Build packages and upload to release ----------------------------
-      - name: "Step 8: Build package and upload"
-        id: package
-        if: >-
-          steps.version.outputs.skip != 'true' &&
-          steps.rc.outputs.promote != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_package.php \
-            --path . --version "$VERSION" --tag "$RELEASE_TAG" \
-            --token "${{ secrets.GA_TOKEN }}" --api-base "$API_BASE" \
-            --repo "${GITEA_REPO}" --output /tmp || true
-
-      # -- STEP 5: Write update stream (after build so SHA-256 is available) -----
-      - name: "Step 5: Write update stream"
-        if: steps.version.outputs.skip != 'true'
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          SHA256="${{ steps.package.outputs.sha256_zip }}"
-
-          # Fetch latest updates.xml from main so preserve logic has all channels
-          GA_TOKEN="${{ secrets.GA_TOKEN }}"
-          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
-          curl -sf -H "Authorization: token ${GA_TOKEN}" \
-            "${API}/contents/updates.xml?ref=main" 2>/dev/null | \
-            python3 -c "import sys,json,base64; print(base64.b64decode(json.load(sys.stdin)['content']).decode())" \
-            > updates.xml 2>/dev/null || true
-
-          SHA_FLAG=""
-          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
-
-          php /tmp/moko-platform-api/cli/updates_xml_build.php \
-            --path . --version "${VERSION}" --stability stable \
-            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
-            ${SHA_FLAG} --github-output
-
-          # Commit updates.xml if changed
-          if ! git diff --quiet updates.xml 2>/dev/null; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
-            git add updates.xml
-            git commit -m "chore: update stable channel ${VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
-            git push origin HEAD 2>&1 || true
+            echo Falling back to fresh clone
+            if ! command -v composer > /dev/null 2>&1; then
+              sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
+            fi
+            rm -rf /tmp/mokoplatform-api
+            CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/mokoplatform.git
+            git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokoplatform-api
+            cd /tmp/mokoplatform-api
+            composer install --no-dev --no-interaction --quiet
+            echo MOKO_CLI=/tmp/mokoplatform-api/cli >> $GITHUB_ENV
           fi
 
-      # -- STEP 8b: Update release description with changelog ----------------------
-      - name: "Step 8b: Update release body"
-        if: steps.version.outputs.skip != 'true'
-        continue-on-error: true
+      - name: "Publish stable release"
         run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
-          php /tmp/moko-platform-api/cli/release_body_update.php \
-            --path . --version "${VERSION}" --tag "${RELEASE_TAG}" \
-            --token "${{ secrets.GA_TOKEN }}" \
-            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
-            2>&1 || true
-          echo "Release body updated" >> $GITHUB_STEP_SUMMARY
+          php ${MOKO_CLI}/release_publish.php \
+            --path . --stability stable --bump minor --branch main \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}"
+
+      - name: Update release notes from CHANGELOG.md
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          # Extract [Unreleased] section from changelog
+          if [ -f "CHANGELOG.md" ]; then
+            NOTES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md)
+            [ -z "$NOTES" ] && NOTES="Stable release"
+          else
+            NOTES="Stable release"
+          fi
+
+          # Update release body via API
+          RELEASE_ID=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+            "${API_BASE}/releases/tags/stable" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+
+          if [ -n "$RELEASE_ID" ]; then
+            python3 -c "
+          import json, urllib.request
+          body = open('/dev/stdin').read()
+          payload = json.dumps({'body': body}).encode()
+          req = urllib.request.Request(
+              '${API_BASE}/releases/${RELEASE_ID}',
+              data=payload, method='PATCH',
+              headers={
+                  'Authorization': 'token ${{ secrets.MOKOGITEA_TOKEN }}',
+                  'Content-Type': 'application/json'
+              })
+          urllib.request.urlopen(req)
+          " <<< "$NOTES"
+            echo "Release notes updated from CHANGELOG.md"
+          fi
 
       # -- STEP 9: Mirror to GitHub (stable only) --------------------------------
       - name: "Step 9: Mirror release to GitHub"
         if: >-
           steps.version.outputs.skip != 'true' &&
-          secrets.GH_TOKEN != ''
+          secrets.GH_MIRROR_TOKEN != ''
         continue-on-error: true
         run: |
           VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
           RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
           GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_mirror.php \
+          php ${MOKO_CLI}/release_mirror.php \
             --version "$VERSION" --tag "$RELEASE_TAG" \
-            --token "${{ secrets.GA_TOKEN }}" --api-base "$API_BASE" \
-            --gh-token "${{ secrets.GH_TOKEN }}" --gh-repo "$GH_REPO" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --gh-token "${{ secrets.GH_MIRROR_TOKEN }}" --gh-repo "$GH_REPO" \
             --branch main 2>&1 || true
           echo "GitHub mirror updated" >> $GITHUB_STEP_SUMMARY
 
@@ -411,38 +232,30 @@ jobs:
       - name: "Step 10: Push main to GitHub mirror"
         if: >-
           steps.version.outputs.skip != 'true' &&
-          secrets.GH_TOKEN != ''
+          secrets.GH_MIRROR_TOKEN != ''
         continue-on-error: true
         run: |
           GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
           GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
           GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
-          git remote add github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
-            git remote set-url github "https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
+          git remote add github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
+            git remote set-url github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
           git fetch origin main --depth=1
           git push github origin/main:refs/heads/main --force 2>/dev/null \
             && echo "main branch pushed to GitHub mirror" \
             || echo "WARNING: GitHub mirror push failed"
 
-      # -- Clean up lesser pre-releases (cascade) ---------------------------------
-      # stable → deletes all | rc → beta,alpha,dev | beta → alpha,dev | alpha → dev
-      - name: "Delete lesser pre-release channels"
-        continue-on-error: true
-        run: |
-          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/release_cascade.php \
-            --stability stable \
-            --version "${VERSION}" \
-            --token "${{ secrets.GA_TOKEN }}" \
-            --api-base "${API_BASE}" 2>/dev/null || true
-
-      - name: "Step 11: Delete and recreate dev branch from main"
+      - name: "Step 11: Delete rc branch and recreate dev from main"
         if: steps.version.outputs.skip != 'true'
         continue-on-error: true
         run: |
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+
+          # Delete rc branch (ephemeral — created by promote-rc)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
+            "${API_BASE}/branches/rc" 2>/dev/null \
+            && echo "Deleted rc branch" || echo "rc branch not found"
 
           # Delete dev branch
           curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
@@ -454,7 +267,26 @@ jobs:
             "${API_BASE}/branches" \
             -d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
 
-          echo "Dev branch reset from main (keeps dev ahead after release)" >> $GITHUB_STEP_SUMMARY
+          echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
+
+      - name: "Step 12: Create version branch from main"
+        if: steps.version.outputs.skip != 'true'
+        continue-on-error: true
+        run: |
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
+          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
+          BRANCH_NAME="version/${VERSION}"
+          MAIN_SHA=$(git rev-parse HEAD)
+
+          # Delete old version branch if it exists (same version re-release)
+          curl -sf -X DELETE -H "Authorization: token ${TOKEN}"             "${API_BASE}/branches/${BRANCH_NAME}" 2>/dev/null && echo "Deleted old ${BRANCH_NAME}"
+
+          # Create version/XX.YY.ZZ from main
+          curl -sf -X POST -H "Authorization: token ${TOKEN}"             -H "Content-Type: application/json"             "${API_BASE}/branches"             -d "{\"new_branch_name\":\"${BRANCH_NAME}\",\"old_branch_name\":\"main\"}" 2>/dev/null             && echo "Created ${BRANCH_NAME} from main (${MAIN_SHA})"             || echo "WARNING: ${BRANCH_NAME} creation failed"
+
+          echo "Version branch created: ${BRANCH_NAME} (${MAIN_SHA})" >> $GITHUB_STEP_SUMMARY
+
 
 
       # -- Dolibarr post-release: Reset dev version -----------------------------
@@ -463,8 +295,8 @@ jobs:
         continue-on-error: true
         run: |
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          php /tmp/moko-platform-api/cli/version_reset_dev.php \
-            --token "${{ secrets.GA_TOKEN }}" --api-base "${API_BASE}" \
+          php ${MOKO_CLI}/version_reset_dev.php \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
             --branch dev --path . 2>&1 || true
 
       # -- Summary --------------------------------------------------------------

.mokogitea/workflows/branch-cleanup.yml

@@ -0,0 +1,48 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Universal
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /.mokogitea/workflows/branch-cleanup.yml
+# VERSION: 01.00.00
+# BRIEF: Delete feature branches after PR merge
+
+name: "Branch Cleanup"
+
+on:
+  pull_request:
+    types: [closed]
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  cleanup:
+    name: Delete merged branch
+    runs-on: ubuntu-latest
+    if: >-
+      github.event.pull_request.merged == true &&
+      github.event.pull_request.head.ref != 'dev' &&
+      github.event.pull_request.head.ref != 'main'
+
+    steps:
+      - name: Delete source branch
+        run: |
+          BRANCH="${{ github.event.pull_request.head.ref }}"
+          API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
+          ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
+
+          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
+            -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+            "${API}/${ENCODED}" 2>/dev/null || true)
+
+          if [ "$STATUS" = "204" ]; then
+            echo "Deleted branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
+          elif [ "$STATUS" = "404" ]; then
+            echo "Branch already deleted: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "::warning::Failed to delete branch ${BRANCH} (HTTP ${STATUS})"
+          fi

.mokogitea/workflows/cascade-dev.yml

@@ -1,213 +1,10 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Maintenance
-# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/moko-platform
-# PATH: /templates/workflows/cascade-dev.yml.template
-# VERSION: 02.00.00
-# BRIEF: Forward-merge main -> all open branches after every push to main
-#
-# +========================================================================+
-# |                CASCADE MAIN -> ALL BRANCHES                             |
-# +========================================================================+
-# |                                                                        |
-# |  Triggers on every push to main (PR merges, bot commits, etc.)         |
-# |                                                                        |
-# |  1. List all branches matching: dev, rc/*, beta/*, alpha/*             |
-# |  2. For each: create PR (main -> branch), auto-merge if clean           |
-# |  3. On conflict: leave PR open for manual resolution                   |
-# |                                                                        |
-# +========================================================================+
-
-name: "Universal: Cascade Main -> Dev"
-
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
-  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
-
-permissions:
-  contents: write
-  pull-requests: write
-
+# DISABLED — auto-release Step 11 recreates dev from main after every release.
+# Cascade-dev is redundant and causes version conflicts when both main and dev
+# have different version numbers in templateDetails.xml / manifest.xml.
+name: "Cascade Main → Dev (DISABLED)"
+on: workflow_dispatch
 jobs:
-  cascade:
-    name: Cascade main -> branches
+  noop:
     runs-on: ubuntu-latest
-    if: >-
-      !contains(github.event.head_commit.message, '[skip ci]') &&
-      !contains(github.event.head_commit.message, '[skip cascade]')
-
     steps:
-      - name: Discover target branches
-        id: branches
-        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN }}
-        run: |
-          API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-
-          # Fetch all branches (paginated)
-          PAGE=1
-          ALL_BRANCHES=""
-          while true; do
-            BATCH=$(curl -sS \
-              -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/branches?page=${PAGE}&limit=50" \
-              | jq -r '.[].name // empty')
-            [ -z "$BATCH" ] && break
-            ALL_BRANCHES="$ALL_BRANCHES $BATCH"
-            PAGE=$((PAGE + 1))
-          done
-
-          # Filter to cascade targets: dev, dev/*, rc/*, beta/*, alpha/*
-          TARGETS=""
-          for BRANCH in $ALL_BRANCHES; do
-            case "$BRANCH" in
-              dev|dev/*|rc/*|beta/*|alpha/*)
-                TARGETS="$TARGETS $BRANCH"
-                ;;
-            esac
-          done
-
-          TARGETS=$(echo "$TARGETS" | xargs)  # trim whitespace
-
-          if [ -z "$TARGETS" ]; then
-            echo "targets=" >> "$GITHUB_OUTPUT"
-            echo "  No cascade target branches found"
-          else
-            echo "targets=$TARGETS" >> "$GITHUB_OUTPUT"
-            COUNT=$(echo "$TARGETS" | wc -w)
-            echo " Found ${COUNT} target branch(es): ${TARGETS}"
-          fi
-
-      - name: Cascade to all target branches
-        if: steps.branches.outputs.targets != ''
-        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN }}
-        run: |
-          API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          SHORT_SHA="${GITHUB_SHA:0:7}"
-          TARGETS="${{ steps.branches.outputs.targets }}"
-
-          SUCCESS=0
-          CONFLICTS=0
-          SKIPPED=0
-          FAILED=0
-
-          for BRANCH in $TARGETS; do
-            echo ""
-            echo " main -> ${BRANCH} "
-
-            # Check if branch is already up to date
-            ENCODED_BRANCH=$(echo "$BRANCH" | sed 's|/|%2F|g')
-            RESPONSE=$(curl -sS \
-              -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/compare/${ENCODED_BRANCH}...main")
-
-            AHEAD=$(echo "$RESPONSE" | jq '.total_commits // 0')
-
-            if [ "$AHEAD" -eq 0 ]; then
-              echo "   Already up to date"
-              SKIPPED=$((SKIPPED + 1))
-              continue
-            fi
-
-            echo "    main is ${AHEAD} commit(s) ahead"
-
-            # Check for existing cascade PR
-            EXISTING=$(curl -sS \
-              -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/pulls?state=open&head=${GITEA_ORG}:main&base=${ENCODED_BRANCH}&limit=1")
-
-            EXISTING_COUNT=$(echo "$EXISTING" | jq 'length')
-            PR_NUMBER=""
-
-            if [ "$EXISTING_COUNT" -gt 0 ]; then
-              PR_NUMBER=$(echo "$EXISTING" | jq -r '.[0].number')
-              echo "    Reusing existing PR #${PR_NUMBER}"
-            else
-              # Create cascade PR
-              PR_RESPONSE=$(curl -sS -w "\n%{http_code}" \
-                -X POST \
-                -H "Authorization: token ${GA_TOKEN}" \
-                -H "Content-Type: application/json" \
-                -d "{
-                  \"title\": \"chore: cascade main -> ${BRANCH} (${SHORT_SHA}) [skip ci]\",
-                  \"body\": \"## Automatic cascade\\n\\nForward-merging \`main\` (${SHORT_SHA}) into \`${BRANCH}\`.\\n\\nIf conflicts exist, resolve manually and merge.\\n\\n> Auto-created by **Cascade Main -> Dev**.\",
-                  \"head\": \"main\",
-                  \"base\": \"${BRANCH}\"
-                }" \
-                "${API}/pulls")
-
-              HTTP_CODE=$(echo "$PR_RESPONSE" | tail -1)
-              BODY=$(echo "$PR_RESPONSE" | sed '$d')
-              PR_NUMBER=$(echo "$BODY" | jq -r '.number // empty')
-
-              if [ "$HTTP_CODE" != "201" ] || [ -z "$PR_NUMBER" ]; then
-                MSG=$(echo "$BODY" | jq -r '.message // .' 2>/dev/null | head -1)
-                echo "   Failed to create PR (HTTP ${HTTP_CODE}): ${MSG}"
-                FAILED=$((FAILED + 1))
-                continue
-              fi
-
-              echo "   Created PR #${PR_NUMBER}"
-            fi
-
-            # Try auto-merge
-            PR_DATA=$(curl -sS \
-              -H "Authorization: token ${GA_TOKEN}" \
-              "${API}/pulls/${PR_NUMBER}")
-
-            MERGEABLE=$(echo "$PR_DATA" | jq -r '.mergeable // false')
-
-            if [ "$MERGEABLE" != "true" ]; then
-              echo "    Conflicts -- PR #${PR_NUMBER} left open"
-              CONFLICTS=$((CONFLICTS + 1))
-              continue
-            fi
-
-            MERGE_RESPONSE=$(curl -sS -w "\n%{http_code}" \
-              -X POST \
-              -H "Authorization: token ${GA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              -d "{
-                \"Do\": \"merge\",
-                \"merge_message_field\": \"chore: cascade main -> ${BRANCH} [skip ci]\",
-                \"delete_branch_after_merge\": false
-              }" \
-              "${API}/pulls/${PR_NUMBER}/merge")
-
-            MERGE_HTTP=$(echo "$MERGE_RESPONSE" | tail -1)
-
-            if [ "$MERGE_HTTP" = "200" ] || [ "$MERGE_HTTP" = "204" ]; then
-              echo "   Merged -- ${BRANCH} is in sync"
-              SUCCESS=$((SUCCESS + 1))
-            else
-              MERGE_BODY=$(echo "$MERGE_RESPONSE" | sed '$d')
-              echo "    Merge failed (HTTP ${MERGE_HTTP}) -- PR #${PR_NUMBER} left open"
-              CONFLICTS=$((CONFLICTS + 1))
-            fi
-          done
-
-          # Summary
-          echo ""
-          echo ""
-          echo "   Merged:    ${SUCCESS}"
-          echo "    Conflicts: ${CONFLICTS}"
-          echo "    Up to date: ${SKIPPED}"
-          echo "   Failed:    ${FAILED}"
-          echo ""
-
-          if [ "$FAILED" -gt 0 ]; then
-            exit 1
-          fi
+      - run: echo "Cascade disabled — auto-release handles dev recreation"

.mokogitea/workflows/ci-generic.yml

@@ -0,0 +1,204 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.CI
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
+# PATH: /.gitea/workflows/ci-generic.yml
+# VERSION: 01.00.00
+# BRIEF: CI pipeline — lint, validate, and test for generic projects (PHP + Node.js)
+
+name: "Generic: Project CI"
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - dev/**
+      - rc/**
+      - version/**
+  pull_request:
+    branches:
+      - main
+      - dev
+      - dev/**
+      - rc/**
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  # ── Lint & Validate ───────────────────────────────────────────────────
+  lint:
+    name: Lint & Validate
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect toolchain
+        id: detect
+        run: |
+          HAS_PHP=false
+          HAS_NODE=false
+          [ -f "composer.json" ] && HAS_PHP=true
+          [ -f "package.json" ] && HAS_NODE=true
+          echo "has_php=$HAS_PHP" >> "$GITHUB_OUTPUT"
+          echo "has_node=$HAS_NODE" >> "$GITHUB_OUTPUT"
+          echo "Toolchain: PHP=$HAS_PHP Node=$HAS_NODE"
+
+      - name: Setup PHP
+        if: steps.detect.outputs.has_php == 'true'
+        run: |
+          if ! command -v php &> /dev/null; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
+          fi
+          php -v
+
+      - name: Setup Node.js
+        if: steps.detect.outputs.has_node == 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install PHP dependencies
+        if: steps.detect.outputs.has_php == 'true'
+        run: |
+          if [ -f "composer.json" ]; then
+            composer install --no-interaction --prefer-dist --quiet 2>/dev/null || true
+          fi
+
+      - name: Install Node.js dependencies
+        if: steps.detect.outputs.has_node == 'true'
+        run: |
+          if [ -f "package.json" ]; then
+            npm ci --quiet 2>/dev/null || npm install --quiet 2>/dev/null || true
+          fi
+
+      - name: PHP syntax check
+        if: steps.detect.outputs.has_php == 'true'
+        run: |
+          ERRORS=0
+          while IFS= read -r -d '' file; do
+            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
+              echo "::error file=${file}::PHP syntax error"
+              ERRORS=$((ERRORS + 1))
+            fi
+          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -not -path "./node_modules/*" -print0)
+
+          echo "## PHP Lint" >> $GITHUB_STEP_SUMMARY
+          if [ "$ERRORS" -eq 0 ]; then
+            echo "All PHP files passed syntax check." >> $GITHUB_STEP_SUMMARY
+          else
+            echo "${ERRORS} file(s) with syntax errors." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+
+      - name: TypeScript/JavaScript lint
+        if: steps.detect.outputs.has_node == 'true'
+        run: |
+          if [ -f "node_modules/.bin/eslint" ]; then
+            npx eslint src/ --quiet 2>&1 || { echo "::error::ESLint errors found"; exit 1; }
+            echo "## ESLint" >> $GITHUB_STEP_SUMMARY
+            echo "All files passed ESLint." >> $GITHUB_STEP_SUMMARY
+          elif [ -f ".eslintrc.json" ] || [ -f ".eslintrc.js" ] || [ -f "eslint.config.js" ]; then
+            echo "::warning::ESLint config found but eslint not installed"
+          else
+            echo "No ESLint configured — skipping"
+          fi
+
+      - name: TypeScript compile check
+        if: steps.detect.outputs.has_node == 'true'
+        run: |
+          if [ -f "tsconfig.json" ] && [ -f "node_modules/.bin/tsc" ]; then
+            npx tsc --noEmit 2>&1 || { echo "::error::TypeScript compilation errors"; exit 1; }
+            echo "## TypeScript" >> $GITHUB_STEP_SUMMARY
+            echo "TypeScript compilation passed." >> $GITHUB_STEP_SUMMARY
+          fi
+
+      - name: PHPStan static analysis
+        if: steps.detect.outputs.has_php == 'true'
+        run: |
+          if [ -f "phpstan.neon" ] && [ -f "vendor/bin/phpstan" ]; then
+            vendor/bin/phpstan analyse --no-progress 2>&1 || { echo "::warning::PHPStan found issues"; }
+          fi
+
+  # ── Tests ─────────────────────────────────────────────────────────────
+  test:
+    name: Tests
+    runs-on: ubuntu-latest
+    needs: lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect toolchain
+        id: detect
+        run: |
+          HAS_PHP=false
+          HAS_NODE=false
+          [ -f "composer.json" ] && HAS_PHP=true
+          [ -f "package.json" ] && HAS_NODE=true
+          echo "has_php=$HAS_PHP" >> "$GITHUB_OUTPUT"
+          echo "has_node=$HAS_NODE" >> "$GITHUB_OUTPUT"
+
+      - name: Setup PHP
+        if: steps.detect.outputs.has_php == 'true'
+        run: |
+          if ! command -v php &> /dev/null; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
+          fi
+
+      - name: Setup Node.js
+        if: steps.detect.outputs.has_node == 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: |
+          [ -f "composer.json" ] && composer install --no-interaction --prefer-dist --quiet 2>/dev/null || true
+          [ -f "package.json" ] && { npm ci --quiet 2>/dev/null || npm install --quiet 2>/dev/null || true; }
+
+      - name: Run PHP tests
+        if: steps.detect.outputs.has_php == 'true'
+        run: |
+          if [ -f "vendor/bin/phpunit" ]; then
+            vendor/bin/phpunit --testdox 2>&1
+            echo "## PHPUnit" >> $GITHUB_STEP_SUMMARY
+            echo "Tests passed." >> $GITHUB_STEP_SUMMARY
+          elif [ -f "phpunit.xml" ] || [ -f "phpunit.xml.dist" ]; then
+            echo "::warning::PHPUnit config found but phpunit not installed"
+          else
+            echo "No PHPUnit configured — skipping"
+          fi
+
+      - name: Run Node.js tests
+        if: steps.detect.outputs.has_node == 'true'
+        run: |
+          if jq -e '.scripts.test' package.json > /dev/null 2>&1; then
+            npm test 2>&1
+            echo "## Node.js Tests" >> $GITHUB_STEP_SUMMARY
+            echo "Tests passed." >> $GITHUB_STEP_SUMMARY
+          else
+            echo "No test script in package.json — skipping"
+          fi
+
+      - name: Build check
+        run: |
+          if [ -f "Makefile" ]; then
+            make build 2>&1 || echo "::warning::Build failed or not configured"
+          elif [ -f "package.json" ] && jq -e '.scripts.build' package.json > /dev/null 2>&1; then
+            npm run build 2>&1 || echo "::warning::Build failed"
+          fi

.mokogitea/workflows/ci-joomla.yml

@@ -45,19 +45,22 @@ jobs:
           fi
           php -v && composer --version
 
-      - name: Clone MokoStandards
+      - name: Setup moko-platform tools
         env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
+          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
           MOKO_CLONE_HOST: ${{ secrets.GA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
         run: |
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api
+          if [ -d "/tmp/moko-platform" ] || [ -d "/opt/moko-platform" ]; then
+            echo "moko-platform already available on runner — skipping clone"
+          else
+            git clone --depth 1 --branch main --quiet \
+              "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+              /tmp/moko-platform 2>/dev/null || echo "moko-platform clone skipped — continuing without it"
+          fi
 
       - name: Install dependencies
         env:
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN || secrets.GA_TOKEN || github.token }}"}}'
         run: |
           if [ -f "composer.json" ]; then
             composer install \
@@ -128,8 +131,8 @@ jobs:
               echo "Manifest is well-formed XML." >> $GITHUB_STEP_SUMMARY
             fi
 
-            # Check required tags: name, version, author, namespace (Joomla 5+)
-            for TAG in name version author namespace; do
+            # Check required tags: name, version, author
+            for TAG in name version author; do
               if ! grep -q "<${TAG}>" "$MANIFEST" 2>/dev/null; then
                 echo "Missing required tag: \`<${TAG}>\`" >> $GITHUB_STEP_SUMMARY
                 ERRORS=$((ERRORS + 1))
@@ -137,6 +140,19 @@ jobs:
                 echo "Found required tag: \`<${TAG}>\`" >> $GITHUB_STEP_SUMMARY
               fi
             done
+
+            # Namespace is required for components/plugins but not packages
+            EXT_TYPE=$(grep -oP '<extension[^>]*\btype="\K[^"]+' "$MANIFEST" | head -1)
+            if [ "$EXT_TYPE" != "package" ]; then
+              if ! grep -q "<namespace" "$MANIFEST" 2>/dev/null; then
+                echo "Missing required tag: \`<namespace>\` (required for Joomla 5+ ${EXT_TYPE} extensions)" >> $GITHUB_STEP_SUMMARY
+                ERRORS=$((ERRORS + 1))
+              else
+                echo "Found required tag: \`<namespace>\`" >> $GITHUB_STEP_SUMMARY
+              fi
+            else
+              echo "Package extension — \`<namespace>\` not required." >> $GITHUB_STEP_SUMMARY
+            fi
           fi
 
           if [ "${ERRORS}" -gt 0 ]; then
@@ -354,7 +370,7 @@ jobs:
 
       - name: Install dependencies
         env:
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN || secrets.GA_TOKEN || github.token }}"}}'
         run: |
           if [ -f "composer.json" ]; then
             composer install \
@@ -404,7 +420,7 @@ jobs:
 
       - name: Install dependencies
         env:
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN || secrets.GA_TOKEN || github.token }}"}}'
         run: |
           if [ -f "composer.json" ]; then
             composer install --no-interaction --prefer-dist --optimize-autoloader
@@ -461,3 +477,24 @@ jobs:
             echo '```' >> $GITHUB_STEP_SUMMARY
           fi
           exit $EXIT
+
+  pre-release:
+    name: Build RC Pre-Release
+    runs-on: ubuntu-latest
+    needs: [lint-and-validate, test]
+    if: github.event_name == 'pull_request'
+
+    steps:
+      - name: Trigger pre-release build
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: ${{ github.head_ref }}
+        run: |
+          curl -s -X POST \
+            "${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches" \
+            -H "Authorization: token ${GA_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
+          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY

.mokogitea/workflows/cleanup.yml

@@ -0,0 +1,87 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Maintenance
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
+# PATH: /.gitea/workflows/cleanup.yml
+# VERSION: 01.00.00
+# BRIEF: Scheduled cleanup — delete merged branches and old workflow runs
+
+name: "Universal: Repository Cleanup"
+
+on:
+  schedule:
+    - cron: '0 3 * * 0'  # Weekly on Sunday at 03:00 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+env:
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+
+jobs:
+  cleanup:
+    name: Clean Merged Branches
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GA_TOKEN }}
+
+      - name: Delete merged branches
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+        run: |
+          echo "=== Merged Branch Cleanup ==="
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
+
+          # List branches via API
+          BRANCHES=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
+            "${API}/branches?limit=50" | jq -r '.[].name')
+
+          DELETED=0
+          for BRANCH in $BRANCHES; do
+            # Skip protected branches
+            case "$BRANCH" in
+              main|master|develop|release/*|hotfix/*) continue ;;
+            esac
+
+            # Check if branch is merged into main
+            if git merge-base --is-ancestor "origin/${BRANCH}" origin/main 2>/dev/null; then
+              echo "  Deleting merged branch: ${BRANCH}"
+              curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
+                "${API}/branches/${BRANCH}" 2>/dev/null || true
+              DELETED=$((DELETED + 1))
+            fi
+          done
+
+          echo "Deleted ${DELETED} merged branch(es)"
+
+      - name: Clean old workflow runs
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+        run: |
+          echo "=== Workflow Run Cleanup ==="
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
+          CUTOFF=$(date -d "30 days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-30d +%Y-%m-%dT%H:%M:%SZ)
+
+          # Get old completed runs
+          RUNS=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
+            "${API}/actions/runs?status=completed&limit=50" | \
+            jq -r ".workflow_runs[] | select(.created_at < \"${CUTOFF}\") | .id" 2>/dev/null)
+
+          DELETED=0
+          for RUN_ID in $RUNS; do
+            curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
+              "${API}/actions/runs/${RUN_ID}" 2>/dev/null || true
+            DELETED=$((DELETED + 1))
+          done
+
+          echo "Deleted ${DELETED} old workflow run(s)"

.mokogitea/workflows/deploy-manual.yml

@@ -0,0 +1,126 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Deploy
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
+# PATH: /templates/workflows/joomla/deploy-manual.yml.template
+# VERSION: 04.07.00
+# BRIEF: Manual SFTP deploy to dev server for Joomla repos
+
+name: "Universal: Deploy to Dev (Manual)"
+
+on:
+  workflow_dispatch:
+    inputs:
+      clear_remote:
+        description: 'Delete all remote files before uploading'
+        required: false
+        default: 'false'
+        type: boolean
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+    name: SFTP Deploy to Dev
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+      - name: Setup PHP
+        run: |
+          php -v && composer --version
+
+      - name: Setup MokoStandards tools
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
+          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
+          MOKO_CLONE_HOST: ${{ secrets.GA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
+        run: |
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
+            /tmp/mokostandards-api 2>/dev/null || true
+          if [ -d "/tmp/mokostandards-api" ] && [ -f "/tmp/mokostandards-api/composer.json" ]; then
+            cd /tmp/mokostandards-api && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
+          fi
+
+      - name: Check FTP configuration
+        id: check
+        env:
+          HOST: ${{ vars.DEV_FTP_HOST }}
+          PATH_VAR: ${{ vars.DEV_FTP_PATH }}
+          PORT: ${{ vars.DEV_FTP_PORT }}
+        run: |
+          if [ -z "$HOST" ] || [ -z "$PATH_VAR" ]; then
+            echo "DEV_FTP_HOST or DEV_FTP_PATH not configured -- cannot deploy"
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+          echo "skip=false" >> "$GITHUB_OUTPUT"
+          echo "host=$HOST" >> "$GITHUB_OUTPUT"
+
+          REMOTE="${PATH_VAR%/}"
+          echo "remote=$REMOTE" >> "$GITHUB_OUTPUT"
+
+          [ -z "$PORT" ] && PORT="22"
+          echo "port=$PORT" >> "$GITHUB_OUTPUT"
+
+      - name: Deploy via SFTP
+        if: steps.check.outputs.skip != 'true'
+        env:
+          SFTP_KEY: ${{ secrets.DEV_FTP_KEY }}
+          SFTP_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
+          SFTP_USER: ${{ vars.DEV_FTP_USERNAME }}
+        run: |
+          SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
+          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ -- nothing to deploy"; exit 0; }
+
+          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
+            "${{ steps.check.outputs.host }}" "${{ steps.check.outputs.port }}" "$SFTP_USER" "${{ steps.check.outputs.remote }}" \
+            > /tmp/sftp-config.json
+
+          if [ -n "$SFTP_KEY" ]; then
+            echo "$SFTP_KEY" > /tmp/deploy_key
+            chmod 600 /tmp/deploy_key
+            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
+          else
+            printf ',"password":"%s"}' "$SFTP_PASS" >> /tmp/sftp-config.json
+          fi
+
+          DEPLOY_ARGS=(--path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json)
+          [ "${{ inputs.clear_remote }}" = "true" ] && DEPLOY_ARGS+=(--clear-remote)
+
+          PLATFORM=$(php /tmp/mokostandards-api/cli/platform_detect.php --path . 2>/dev/null || true)
+          if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards-api/deploy/deploy-joomla.php" ]; then
+            php /tmp/mokostandards-api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}"
+          else
+            php /tmp/mokostandards-api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}"
+          fi
+
+          rm -f /tmp/deploy_key /tmp/sftp-config.json
+
+      - name: Summary
+        if: always()
+        run: |
+          if [ "${{ steps.check.outputs.skip }}" = "true" ]; then
+            echo "### Deploy Skipped -- FTP not configured" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "### Manual Dev Deploy Complete" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+            echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+            echo "| Host | \`${{ steps.check.outputs.host }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Remote | \`${{ steps.check.outputs.remote }}\` |" >> $GITHUB_STEP_SUMMARY
+            echo "| Clear | ${{ inputs.clear_remote }} |" >> $GITHUB_STEP_SUMMARY
+          fi

.mokogitea/workflows/gitleaks.yml

@@ -0,0 +1,96 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Security
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
+# PATH: /templates/workflows/gitleaks.yml.template
+# VERSION: 01.00.00
+# BRIEF: Secret scanning — detect leaked credentials, API keys, and tokens
+#
+# +========================================================================+
+# |                        SECRET SCANNING                                 |
+# +========================================================================+
+# |                                                                        |
+# |  Scans commits for leaked secrets using Gitleaks.                      |
+# |                                                                        |
+# |  - PR scan: only new commits in the PR                                 |
+# |  - Scheduled: full repo scan weekly                                    |
+# |  - Alerts via ntfy on findings                                         |
+# |                                                                        |
+# +========================================================================+
+
+name: "Universal: Secret Scanning"
+
+on:
+  pull_request:
+    branches:
+      - main
+      - 'dev/**'
+  schedule:
+    - cron: '0 5 * * 1'  # Weekly Monday 05:00 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
+  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
+
+jobs:
+  gitleaks:
+    name: Gitleaks Secret Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Gitleaks
+        run: |
+          GITLEAKS_VERSION="8.21.2"
+          curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
+            | tar -xz -C /usr/local/bin gitleaks
+          gitleaks version
+
+      - name: Scan for secrets
+        id: scan
+        run: |
+          echo "### Secret Scanning" >> $GITHUB_STEP_SUMMARY
+          ARGS="--source . --verbose --report-format json --report-path /tmp/gitleaks-report.json"
+
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            # Scan only PR commits
+            ARGS="$ARGS --log-opts=${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}"
+            echo "Scanning PR commits only" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "Full repository scan" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          if gitleaks detect $ARGS 2>&1; then
+            echo "result=clean" >> "$GITHUB_OUTPUT"
+            echo "**No secrets detected.**" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "result=found" >> "$GITHUB_OUTPUT"
+            FINDINGS=$(jq length /tmp/gitleaks-report.json 2>/dev/null || echo "unknown")
+            echo "**${FINDINGS} potential secret(s) detected.**" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "Review the findings and rotate any exposed credentials immediately." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+
+      - name: Notify on findings
+        if: failure() && steps.scan.outputs.result == 'found'
+        run: |
+          REPO="${{ github.event.repository.name }}"
+          curl -sS \
+            -H "Title: ${REPO} — secrets detected in code" \
+            -H "Tags: rotating_light,key" \
+            -H "Priority: urgent" \
+            -d "Gitleaks found potential secrets. Review and rotate credentials immediately." \
+            "${NTFY_URL}/${NTFY_TOPIC}" || true

.mokogitea/workflows/issue-branch.yml

@@ -4,8 +4,8 @@
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Automation
-# VERSION: 01.00.00
+# INGROUP: mokoplatform.Automation
+# VERSION: 01.02.00
 # BRIEF: Auto-create feature branch when an issue is opened
 
 name: "Universal: Issue Branch"
@@ -28,7 +28,7 @@ jobs:
     steps:
       - name: Create branch and comment
         run: |
-          TOKEN="${{ secrets.GA_TOKEN }}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
           API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
           ISSUE_NUM="${{ github.event.issue.number }}"
           ISSUE_TITLE="${{ github.event.issue.title }}"

.mokogitea/workflows/notify.yml

@@ -0,0 +1,70 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Notifications
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
+# PATH: /.gitea/workflows/notify.yml
+# VERSION: 01.00.00
+# BRIEF: Push notifications via ntfy on release success or workflow failure
+
+name: "Universal: Notifications"
+
+on:
+  workflow_run:
+    workflows:
+      - "Joomla Build & Release"
+      - "Joomla Extension CI"
+      - "Deploy"
+    types:
+      - completed
+
+permissions:
+  contents: read
+
+env:
+  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
+  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-releases' }}
+
+jobs:
+  notify:
+    name: Send Notification
+    runs-on: ubuntu-latest
+    if: >-
+      github.event.workflow_run.conclusion == 'success' ||
+      github.event.workflow_run.conclusion == 'failure'
+
+    steps:
+      - name: Notify on success (releases only)
+        if: >-
+          github.event.workflow_run.conclusion == 'success' &&
+          contains(github.event.workflow_run.name, 'Release')
+        run: |
+          REPO="${{ github.event.repository.name }}"
+          WORKFLOW="${{ github.event.workflow_run.name }}"
+          URL="${{ github.event.workflow_run.html_url }}"
+
+          curl -sS \
+            -H "Title: ${REPO} released" \
+            -H "Tags: white_check_mark,package" \
+            -H "Priority: default" \
+            -H "Click: ${URL}" \
+            -d "${WORKFLOW} completed successfully." \
+            "${NTFY_URL}/${NTFY_TOPIC}"
+
+      - name: Notify on failure
+        if: github.event.workflow_run.conclusion == 'failure'
+        run: |
+          REPO="${{ github.event.repository.name }}"
+          WORKFLOW="${{ github.event.workflow_run.name }}"
+          URL="${{ github.event.workflow_run.html_url }}"
+
+          curl -sS \
+            -H "Title: ${REPO} workflow failed" \
+            -H "Tags: x,warning" \
+            -H "Priority: high" \
+            -H "Click: ${URL}" \
+            -d "${WORKFLOW} failed. Check the run for details." \
+            "${NTFY_URL}/${NTFY_TOPIC}"

.mokogitea/workflows/pr-check.yml

@@ -0,0 +1,535 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: mokoplatform.CI
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokoplatform
+# PATH: /templates/workflows/universal/pr-check.yml.template
+# VERSION: 09.23.00
+# BRIEF: PR gate — branch policy + code validation before merge
+
+name: "Universal: PR Check"
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  # ── Branch Policy ──────────────────────────────────────────────────────
+  branch-policy:
+    name: Branch Policy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch merge target
+        run: |
+          HEAD="${{ github.head_ref }}"
+          BASE="${{ github.base_ref }}"
+
+          echo "PR: ${HEAD} → ${BASE}"
+
+          ALLOWED=true
+          REASON=""
+
+          case "$HEAD" in
+            feature/*|feat/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Feature branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            fix/*|bugfix/*)
+              if [ "$BASE" != "dev" ]; then
+                ALLOWED=false
+                REASON="Fix branches must target 'dev', not '${BASE}'"
+              fi
+              ;;
+            patch/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "rc" ]; then
+                ALLOWED=false
+                REASON="Patch branches must target 'dev' or 'rc', not '${BASE}'"
+              fi
+              ;;
+            hotfix/*)
+              if [ "$BASE" != "dev" ] && [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Hotfix branches can only target 'dev' or 'main', not '${BASE}'"
+              fi
+              ;;
+            rc)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="RC branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+            dev)
+              if [ "$BASE" != "main" ]; then
+                ALLOWED=false
+                REASON="Dev branch can only merge into 'main', not '${BASE}'"
+              fi
+              ;;
+          esac
+
+          if [ "$ALLOWED" = false ]; then
+            echo "::error::${REASON}"
+            echo "## Branch Policy Violation" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "${REASON}" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Allowed merge paths:" >> $GITHUB_STEP_SUMMARY
+            echo "- \`feature/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`fix/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`hotfix/*\` → \`dev\` or \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`dev\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            echo "- \`rc/*\` → \`main\`" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+
+          echo "Branch policy: OK (${HEAD} → ${BASE})"
+          echo "## Branch Policy: Passed" >> $GITHUB_STEP_SUMMARY
+
+  # ── Code Validation ────────────────────────────────────────────────────
+  validate:
+    name: Validate PR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check for merge conflict markers
+        run: |
+          CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
+          if [ -n "$CONFLICTS" ]; then
+            echo "::error::Merge conflict markers found in source files"
+            echo "## Conflict Markers Found" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "No conflict markers found"
+
+      - name: Detect platform
+        id: platform
+        run: |
+          # Read platform from XML manifest (<platform> tag) or plain text fallback
+          PLATFORM=$(sed -n 's/.*<platform>\([^<]*\)<\/platform>.*/\1/p' .mokogitea/manifest.xml 2>/dev/null | head -1)
+          [ -z "$PLATFORM" ] && PLATFORM=$(cat .mokogitea/manifest.xml 2>/dev/null | tr -d '[:space:]')
+          [ -z "$PLATFORM" ] && PLATFORM="generic"
+          echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
+
+      - name: Setup PHP
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          if ! command -v php &> /dev/null; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
+          fi
+
+      - name: PHP syntax check
+        if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
+        run: |
+          ERRORS=0
+          while IFS= read -r -d '' file; do
+            if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
+              ERRORS=$((ERRORS + 1))
+            fi
+          done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
+          echo "PHP lint: ${ERRORS} error(s)"
+          [ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
+
+      - name: Joomla JEXEC guard check
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          ERRORS=0
+          while IFS= read -r -d '' file; do
+            # Skip vendor, node_modules, and index.html stub files
+            case "$file" in ./vendor/*|./node_modules/*) continue ;; esac
+            # Check first 10 lines for JEXEC or JPATH guard
+            if ! head -20 "$file" | grep -qE "defined\s*\(\s*['\"](_JEXEC|JPATH_BASE|\\\\JPATH_PLATFORM)['\"]"; then
+              echo "::error file=${file}::Missing JEXEC guard: ${file}"
+              ERRORS=$((ERRORS + 1))
+            fi
+          done < <(find . -name "*.php" \( -path "*/source/*" -o -path "*/src/*" \) -not -path "./.git/*" -not -path "./vendor/*" -print0)
+          if [ "$ERRORS" -gt 0 ]; then
+            echo "::error::${ERRORS} PHP file(s) missing defined('_JEXEC') or die guard"
+            echo "## JEXEC Guard Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "${ERRORS} file(s) are missing the Joomla execution guard." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "JEXEC guard: OK"
+
+      - name: Joomla directory listing protection
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          MISSING=0
+          SOURCE_DIR="source"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && exit 0
+          while IFS= read -r dir; do
+            if [ ! -f "${dir}/index.html" ]; then
+              echo "::warning::Missing index.html in ${dir} (directory listing protection)"
+              MISSING=$((MISSING + 1))
+            fi
+          done < <(find "$SOURCE_DIR" -type d -not -path "./.git/*" -not -path "*/vendor/*" -not -path "*/node_modules/*")
+          if [ "$MISSING" -gt 0 ]; then
+            echo "## Directory Protection" >> $GITHUB_STEP_SUMMARY
+            echo "${MISSING} director(ies) missing index.html" >> $GITHUB_STEP_SUMMARY
+          fi
+          echo "Directory protection: ${MISSING} missing (advisory)"
+
+      - name: Joomla script file and asset checks
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          ERRORS=0
+          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+          [ -z "$MANIFEST" ] && exit 0
+          MANIFEST_DIR=$(dirname "$MANIFEST")
+
+          # Check scriptfile exists if declared
+          SCRIPTFILE=$(sed -n 's/.*<scriptfile>\([^<]*\)<\/scriptfile>.*/\1/p' "$MANIFEST" 2>/dev/null)
+          if [ -n "$SCRIPTFILE" ]; then
+            if [ ! -f "${MANIFEST_DIR}/${SCRIPTFILE}" ]; then
+              echo "::error::Manifest declares <scriptfile>${SCRIPTFILE}</scriptfile> but file not found at ${MANIFEST_DIR}/${SCRIPTFILE}"
+              ERRORS=$((ERRORS + 1))
+            else
+              echo "Script file: ${MANIFEST_DIR}/${SCRIPTFILE} (OK)"
+            fi
+          fi
+
+          # Require joomla.asset.json and validate it
+          ASSET_JSON=$(find "$MANIFEST_DIR" -name "joomla.asset.json" -not -path "./.git/*" 2>/dev/null | head -1)
+          if [ -z "$ASSET_JSON" ]; then
+            echo "::error::joomla.asset.json not found — Joomla asset system is required"
+            ERRORS=$((ERRORS + 1))
+          else
+            if command -v php &> /dev/null; then
+              php -r "json_decode(file_get_contents('$ASSET_JSON')); if(json_last_error()!==JSON_ERROR_NONE){echo json_last_error_msg();exit(1);}" 2>&1 || {
+                echo "::error::joomla.asset.json is not valid JSON"
+                ERRORS=$((ERRORS + 1))
+              }
+            fi
+            echo "joomla.asset.json: valid"
+          fi
+
+          # Validate all XML files in source/src are well-formed
+          XML_ERRORS=0
+          if command -v php &> /dev/null; then
+            while IFS= read -r -d '' xmlfile; do
+              if ! php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$xmlfile'); if(!\$x){foreach(libxml_get_errors() as \$e) echo trim(\$e->message) . ' in $xmlfile'; exit(1);}" 2>&1; then
+                XML_ERRORS=$((XML_ERRORS + 1))
+              fi
+            done < <(find "$MANIFEST_DIR" -name "*.xml" -not -path "./.git/*" -print0)
+          fi
+          if [ "$XML_ERRORS" -gt 0 ]; then
+            echo "::error::${XML_ERRORS} XML file(s) are malformed"
+            ERRORS=$((ERRORS + 1))
+          else
+            echo "XML well-formedness: OK"
+          fi
+
+          [ "$ERRORS" -gt 0 ] && exit 1
+          echo "Joomla asset checks: OK"
+
+      - name: Validate platform manifest
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
+              if [ -z "$MANIFEST" ]; then
+                echo "::warning::No Joomla manifest found (WaaS site)"
+                exit 0
+              fi
+              echo "Manifest: ${MANIFEST}"
+              if command -v php &> /dev/null; then
+                php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::Manifest XML is malformed"; exit 1; }
+              fi
+              for ELEMENT in name version description; do
+                grep -q "<${ELEMENT}>" "$MANIFEST" || { echo "::error::Missing <${ELEMENT}> in manifest"; exit 1; }
+              done
+              # Block legacy raw/branch update server URLs on MokoGitea
+              RAW_URLS=$(grep -n 'raw/branch' "$MANIFEST" | grep -i 'mokoconsulting\|mokogitea\|git\.mokoconsulting\.tech' || true)
+              if [ -n "$RAW_URLS" ]; then
+                echo "::error::Manifest contains legacy raw/branch update server URL on MokoGitea. Use the Gitea Pages URL instead (e.g. /{REPO}/updates.xml not /{REPO}/raw/branch/main/updates.xml)"
+                echo "$RAW_URLS"
+                exit 1
+              fi
+              echo "Joomla manifest valid"
+              ;;
+            dolibarr)
+              MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1)
+              if [ -z "$MOD_FILE" ]; then
+                echo "::error::No mod*.class.php found"
+                exit 1
+              fi
+              echo "Dolibarr module: ${MOD_FILE}"
+              ;;
+            *)
+              echo "Generic platform — no manifest validation"
+              ;;
+          esac
+
+      - name: Check update stream format
+        run: |
+          PLATFORM="${{ steps.platform.outputs.platform }}"
+          case "$PLATFORM" in
+            joomla)
+              if [ -f "updates.xml" ]; then
+                if command -v php &> /dev/null; then
+                  php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::updates.xml is malformed"; exit 1; }
+                fi
+                echo "updates.xml valid"
+              fi
+              ;;
+            dolibarr)
+              [ -f "update.txt" ] && echo "update.txt present" || echo "::warning::No update.txt"
+              ;;
+          esac
+
+      - name: Validate Joomla language files
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          ERRORS=0
+          WARNINGS=0
+
+          # Require both en-GB and en-US language directories
+          LANG_ROOT=$(find . -path "*/language" -type d -not -path "./.git/*" 2>/dev/null | head -1)
+          if [ -z "$LANG_ROOT" ]; then
+            echo "No language/ directory found — skipping"
+            exit 0
+          fi
+
+          if [ ! -d "$LANG_ROOT/en-GB" ]; then
+            echo "::error::Missing en-GB language directory (${LANG_ROOT}/en-GB)"
+            ERRORS=$((ERRORS + 1))
+          fi
+          if [ ! -d "$LANG_ROOT/en-US" ]; then
+            echo "::error::Missing en-US language directory (${LANG_ROOT}/en-US)"
+            ERRORS=$((ERRORS + 1))
+          fi
+
+          # Check that en-GB and en-US have matching .ini files
+          if [ -d "$LANG_ROOT/en-GB" ] && [ -d "$LANG_ROOT/en-US" ]; then
+            for GB_INI in "$LANG_ROOT/en-GB"/*.ini; do
+              [ ! -f "$GB_INI" ] && continue
+              US_INI="$LANG_ROOT/en-US/$(basename "$GB_INI")"
+              if [ ! -f "$US_INI" ]; then
+                echo "::error::$(basename "$GB_INI") exists in en-GB but missing from en-US"
+                ERRORS=$((ERRORS + 1))
+              fi
+            done
+            for US_INI in "$LANG_ROOT/en-US"/*.ini; do
+              [ ! -f "$US_INI" ] && continue
+              GB_INI="$LANG_ROOT/en-GB/$(basename "$US_INI")"
+              if [ ! -f "$GB_INI" ]; then
+                echo "::error::$(basename "$US_INI") exists in en-US but missing from en-GB"
+                ERRORS=$((ERRORS + 1))
+              fi
+            done
+          fi
+
+          # Find all .ini language files
+          INI_FILES=$(find . -path "*/language/*/*.ini" -not -path "./.git/*" 2>/dev/null)
+          if [ -z "$INI_FILES" ]; then
+            echo "No .ini language files found"
+            [ "$ERRORS" -gt 0 ] && exit 1
+            exit 0
+          fi
+
+          echo "Found $(echo "$INI_FILES" | wc -l) language file(s)"
+
+          for FILE in $INI_FILES; do
+            FNAME=$(basename "$FILE")
+            LINENUM=0
+            SEEN_KEYS=""
+
+            while IFS= read -r line || [ -n "$line" ]; do
+              LINENUM=$((LINENUM + 1))
+
+              # Skip empty lines and comments
+              [ -z "$line" ] && continue
+              echo "$line" | grep -qE '^\s*;' && continue
+              echo "$line" | grep -qE '^\s*$' && continue
+
+              # Must match KEY="VALUE" format
+              if ! echo "$line" | grep -qE '^[A-Z_][A-Z0-9_]*=".*"$'; then
+                echo "::error file=${FILE},line=${LINENUM}::Malformed line: ${line}"
+                ERRORS=$((ERRORS + 1))
+                continue
+              fi
+
+              # Extract key and check for duplicates
+              KEY=$(echo "$line" | sed 's/=.*//')
+              if echo "$SEEN_KEYS" | grep -qx "$KEY"; then
+                echo "::error file=${FILE},line=${LINENUM}::Duplicate key: ${KEY}"
+                ERRORS=$((ERRORS + 1))
+              fi
+              SEEN_KEYS="${SEEN_KEYS}
+          ${KEY}"
+            done < "$FILE"
+
+            echo "  ${FILE}: checked ${LINENUM} lines"
+          done
+
+          # Cross-check en-GB vs en-US key consistency
+          GB_DIR=$(find . -path "*/language/en-GB" -type d -not -path "./.git/*" 2>/dev/null | head -1)
+          US_DIR=$(find . -path "*/language/en-US" -type d -not -path "./.git/*" 2>/dev/null | head -1)
+
+          if [ -n "$GB_DIR" ] && [ -n "$US_DIR" ]; then
+            for GB_FILE in "$GB_DIR"/*.ini; do
+              [ ! -f "$GB_FILE" ] && continue
+              FNAME=$(basename "$GB_FILE")
+              US_FILE="$US_DIR/$FNAME"
+              [ ! -f "$US_FILE" ] && continue
+
+              GB_KEYS=$(grep -oP '^[A-Z_][A-Z0-9_]*(?==)' "$GB_FILE" 2>/dev/null | sort)
+              US_KEYS=$(grep -oP '^[A-Z_][A-Z0-9_]*(?==)' "$US_FILE" 2>/dev/null | sort)
+
+              # Keys in en-GB but not en-US
+              MISSING_US=$(comm -23 <(echo "$GB_KEYS") <(echo "$US_KEYS"))
+              if [ -n "$MISSING_US" ]; then
+                echo "::warning::Keys in en-GB/$FNAME but missing from en-US/$FNAME:"
+                echo "$MISSING_US" | while read -r k; do echo "  - $k"; done
+                WARNINGS=$((WARNINGS + 1))
+              fi
+
+              # Keys in en-US but not en-GB
+              MISSING_GB=$(comm -13 <(echo "$GB_KEYS") <(echo "$US_KEYS"))
+              if [ -n "$MISSING_GB" ]; then
+                echo "::warning::Keys in en-US/$FNAME but missing from en-GB/$FNAME:"
+                echo "$MISSING_GB" | while read -r k; do echo "  - $k"; done
+                WARNINGS=$((WARNINGS + 1))
+              fi
+            done
+          fi
+
+          {
+            echo "### Language File Validation"
+            echo "| Metric | Count |"
+            echo "|---|---|"
+            echo "| Files checked | $(echo "$INI_FILES" | wc -l) |"
+            echo "| Errors | ${ERRORS} |"
+            echo "| Warnings | ${WARNINGS} |"
+          } >> $GITHUB_STEP_SUMMARY
+
+          if [ "$ERRORS" -gt 0 ]; then
+            echo "::error::Language validation failed with ${ERRORS} error(s)"
+            exit 1
+          fi
+          echo "Language files: OK (${WARNINGS} warning(s))"
+
+      - name: Check changelog has unreleased entry
+        run: |
+          if [ ! -f "CHANGELOG.md" ]; then
+            echo "::warning::No CHANGELOG.md found"
+            exit 0
+          fi
+          # Check for content under [Unreleased] section
+          if ! grep -q "## \[Unreleased\]" CHANGELOG.md; then
+            echo "::error::CHANGELOG.md missing [Unreleased] section"
+            exit 1
+          fi
+          # Check there's at least one entry (Added/Changed/Fixed/Removed) under Unreleased
+          UNRELEASED_CONTENT=$(sed -n '/## \[Unreleased\]/,/## \[/p' CHANGELOG.md | grep -cE '^\s*-\s' || true)
+          if [ "$UNRELEASED_CONTENT" -eq 0 ]; then
+            echo "::error::CHANGELOG.md [Unreleased] section has no entries. Add a changelog entry describing your changes."
+            echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "The \`[Unreleased]\` section in CHANGELOG.md has no entries." >> $GITHUB_STEP_SUMMARY
+            echo "Add a line like \`- Description of your change\` under a heading (\`### Added\`, \`### Changed\`, \`### Fixed\`, etc.)" >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "Changelog: ${UNRELEASED_CONTENT} entry/entries in [Unreleased]"
+
+      - name: Require README and CHANGELOG in PR diff
+        run: |
+          BASE="${{ github.base_ref }}"
+          HEAD="${{ github.head_ref }}"
+          CHANGED=$(git diff --name-only "origin/${BASE}...HEAD" 2>/dev/null || git diff --name-only HEAD~1 2>/dev/null || echo "")
+          SOURCE_CHANGED=$(echo "$CHANGED" | grep -E '^source/|^src/' || true)
+          if [ -z "$SOURCE_CHANGED" ]; then
+            echo "No source changes — skipping README/CHANGELOG diff check"
+            exit 0
+          fi
+          ERRORS=0
+          if ! echo "$CHANGED" | grep -q '^CHANGELOG.md$'; then
+            echo "::error::Source code was modified but CHANGELOG.md was not updated."
+            ERRORS=$((ERRORS + 1))
+          fi
+          if ! echo "$CHANGED" | grep -q '^README.md$'; then
+            echo "::warning::Source code was modified but README.md was not updated."
+          fi
+          if [ "$ERRORS" -gt 0 ]; then
+            echo "## Documentation Check: Failed" >> $GITHUB_STEP_SUMMARY
+            echo "Source code was modified but CHANGELOG.md was not updated." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          fi
+          echo "Documentation diff check: OK"
+
+      - name: Verify package source
+        run: |
+          SOURCE_DIR="source"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="src"
+          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
+          if [ ! -d "$SOURCE_DIR" ]; then
+            echo "::warning::No source/, src/, or htdocs/ directory"
+            exit 0
+          fi
+          FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
+          echo "Source: ${FILE_COUNT} files"
+          [ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }
+
+  # ── Pre-Release RC Build ─────────────────────────────────────────────────
+  pre-release:
+    name: Build RC Package
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+
+    steps:
+      - name: Trigger RC pre-release
+        env:
+          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: ${{ github.head_ref }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
+          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
+
+  # ── Issue Reporter ──────────────────────────────────────────────────────
+  report-issues:
+    name: Report Issues
+    runs-on: ubuntu-latest
+    needs: [branch-policy, validate]
+    if: >-
+      always() &&
+      needs.validate.result == 'failure'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issue for PR validation failure"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          ./automation/ci-issue-reporter.sh \
+            --gate "PR Validation" \
+            --workflow "PR Check" \
+            --severity error \
+            --details "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."

.mokogitea/workflows/pre-release.yml

@@ -4,8 +4,8 @@
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
-# INGROUP: moko-platform.Release
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# INGROUP: mokoplatform.Release
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokoplatform
 # PATH: /templates/workflows/universal/pre-release.yml.template
 # VERSION: 05.01.00
 # BRIEF: Manual pre-release -- builds dev/alpha/beta/rc packages from any branch
@@ -17,6 +17,10 @@ on:
     types: [closed]
     branches:
       - dev
+  pull_request_target:
+    types: [synchronize, opened, reopened]
+    branches:
+      - main
   workflow_dispatch:
     inputs:
       stability:
@@ -43,28 +47,37 @@ jobs:
     runs-on: release
     if: >-
       github.event_name == 'workflow_dispatch' ||
-      (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'dev')
+      (github.event_name == 'pull_request' && github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'dev') ||
+      (github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == 'main')
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.GA_TOKEN }}
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || '' }}
 
-      - name: Setup moko-platform tools
+      - name: Setup mokoplatform tools
         env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
           MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
         run: |
-          if ! command -v composer &> /dev/null; then
-            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
+          # Use pre-installed /opt/mokoplatform if available (updated by cron every 6h)
+          if [ -f /opt/mokoplatform/cli/version_bump.php ] && [ -f /opt/mokoplatform/cli/manifest_element.php ] && [ -f /opt/mokoplatform/vendor/autoload.php ]; then
+            echo Using pre-installed /opt/mokoplatform
+            echo MOKO_CLI=/opt/mokoplatform/cli >> $GITHUB_ENV
+          else
+            echo Falling back to fresh clone
+            if ! command -v composer > /dev/null 2>&1; then
+              sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
+            fi
+            rm -rf /tmp/mokoplatform-api
+            CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/mokoplatform.git
+            git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokoplatform-api
+            cd /tmp/mokoplatform-api && composer install --no-dev --no-interaction --quiet
+            echo MOKO_CLI=/tmp/mokoplatform-api/cli >> $GITHUB_ENV
           fi
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-            /tmp/moko-platform-api
-          cd /tmp/moko-platform-api && composer install --no-dev --no-interaction --quiet
-          echo "MOKO_CLI=/tmp/moko-platform-api/cli" >> "$GITHUB_ENV"
 
       - name: Detect platform
         id: platform
@@ -74,7 +87,12 @@ jobs:
       - name: Resolve metadata and bump version
         id: meta
         run: |
-          STABILITY="${{ inputs.stability || 'development' }}"
+          # Auto-detect stability: RC for PRs targeting main, else use input or default to development
+          if [ "${{ github.event_name }}" = "pull_request_target" ] && [ "${{ github.event.pull_request.base.ref }}" = "main" ]; then
+            STABILITY="release-candidate"
+          else
+            STABILITY="${{ inputs.stability || 'development' }}"
+          fi
 
           case "$STABILITY" in
             development)        SUFFIX="-dev";   TAG="development" ;;
@@ -83,20 +101,34 @@ jobs:
             release-candidate)  SUFFIX="-rc";    TAG="release-candidate" ;;
           esac
 
-          # Read current version (bump already handled by push workflow)
-          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null)
-          [ -z "$VERSION" ] && VERSION="00.00.01"
+          # Bump version via CLI: patch for dev/alpha/beta, minor for RC
+          case "$STABILITY" in
+            release-candidate) BUMP="minor" ;;
+            *)                 BUMP="patch" ;;
+          esac
+
+          php ${MOKO_CLI}/version_bump.php --path . $([ "$BUMP" = "minor" ] && echo "--minor") 2>/dev/null || true
+
+          # Set stability suffix and verify consistency
+          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "00.00.01")
+          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
 
           php ${MOKO_CLI}/version_set_platform.php \
-            --path . --version "$VERSION" --branch "${{ github.ref_name }}" 2>/dev/null || true
-
-          # Verify version consistency across all files
+            --path . --version "$VERSION" --branch "${{ github.ref_name }}" --stability "$STABILITY" 2>/dev/null || true
           php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
 
+          # Ensure licensing tags (updateservers, dlid) if enabled in manifest.xml
+          php ${MOKO_CLI}/manifest_licensing.php --path . --fix 2>/dev/null || true
+
+          # Append suffix for output
+          if [ -n "$SUFFIX" ]; then
+            VERSION="${VERSION}${SUFFIX}"
+          fi
+
           # Commit version bump
           git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
           git config --local user.name "gitea-actions[bot]"
-          git remote set-url origin "https://jmiller:${{ secrets.GA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
           git add -A
           git diff --cached --quiet || {
             git commit -m "chore(version): pre-release bump to ${VERSION} [skip ci]"
@@ -112,7 +144,7 @@ jobs:
           EXT_ELEMENT=$(grep '^ext_element=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
           ZIP_NAME=$(grep '^zip_name=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
           [ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
-          [ -z "$ZIP_NAME" ] && ZIP_NAME="${EXT_ELEMENT}-${VERSION}${SUFFIX}.zip"
+          [ -z "$ZIP_NAME" ] && ZIP_NAME="${EXT_ELEMENT}-${VERSION}.zip"
 
           echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
           echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
@@ -131,9 +163,44 @@ jobs:
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
           php ${MOKO_CLI}/release_create.php \
             --path . --version "$VERSION" --tag "$TAG" \
-            --token "${{ secrets.GA_TOKEN }}" --api-base "$API_BASE" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
             --repo "${GITEA_REPO}" --branch dev --prerelease
 
+      - name: Update release notes from CHANGELOG.md
+        run: |
+          TAG="${{ steps.meta.outputs.tag }}"
+          VERSION="${{ steps.meta.outputs.version }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          # Extract [Unreleased] section from changelog (everything between [Unreleased] and next ## heading)
+          if [ -f "CHANGELOG.md" ]; then
+            NOTES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md)
+            [ -z "$NOTES" ] && NOTES="Release ${VERSION}"
+          else
+            NOTES="Release ${VERSION}"
+          fi
+
+          # Update release body via API
+          RELEASE_ID=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+            "${API_BASE}/releases/tags/${TAG}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+
+          if [ -n "$RELEASE_ID" ]; then
+            python3 -c "
+          import json, urllib.request
+          body = open('/dev/stdin').read()
+          payload = json.dumps({'body': body}).encode()
+          req = urllib.request.Request(
+              '${API_BASE}/releases/${RELEASE_ID}',
+              data=payload, method='PATCH',
+              headers={
+                  'Authorization': 'token ${{ secrets.MOKOGITEA_TOKEN }}',
+                  'Content-Type': 'application/json'
+              })
+          urllib.request.urlopen(req)
+          " <<< "$NOTES"
+            echo "Release notes updated from CHANGELOG.md"
+          fi
+
       - name: Build package and upload
         id: package
         run: |
@@ -142,64 +209,17 @@ jobs:
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
           php ${MOKO_CLI}/release_package.php \
             --path . --version "$VERSION" --tag "$TAG" \
-            --token "${{ secrets.GA_TOKEN }}" --api-base "$API_BASE" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
             --repo "${GITEA_REPO}" --output /tmp || true
 
-      - name: Update updates.xml
-        if: steps.platform.outputs.platform == 'joomla'
-        run: |
-          VERSION="${{ steps.meta.outputs.version }}"
-          STABILITY="${{ steps.meta.outputs.stability }}"
-          SHA256="${{ steps.package.outputs.sha256_zip }}"
-
-          if [ ! -f "updates.xml" ]; then
-            echo "No updates.xml -- skipping"
-            exit 0
-          fi
-
-          SHA_FLAG=""
-          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
-
-          php ${MOKO_CLI}/updates_xml_build.php \
-            --path . --version "${VERSION}" --stability "${STABILITY}" \
-            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
-            ${SHA_FLAG}
-
-          # Commit and push
-          if ! git diff --quiet updates.xml 2>/dev/null; then
-            git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-            git config --local user.name "gitea-actions[bot]"
-            git add updates.xml
-            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
-            git push origin HEAD 2>&1 || echo "WARNING: push failed"
-          fi
-
-      - name: "Sync updates.xml to all branches"
-        if: steps.platform.outputs.platform == 'joomla'
-        run: |
-          CURRENT_BRANCH="${{ github.ref_name }}"
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-
-          for BRANCH in main dev; do
-            [ "$BRANCH" = "$CURRENT_BRANCH" ] && continue
-            echo "Syncing updates.xml -> ${BRANCH}"
-            git fetch origin "${BRANCH}" 2>/dev/null || continue
-            git checkout "origin/${BRANCH}" -- updates.xml 2>/dev/null || continue
-            git checkout "${CURRENT_BRANCH}" -- updates.xml
-            if ! git diff --quiet updates.xml 2>/dev/null; then
-              git add updates.xml
-              git commit -m "chore: sync updates.xml from ${CURRENT_BRANCH} [skip ci]"
-              git push origin HEAD:refs/heads/${BRANCH} 2>&1 || echo "WARNING: push to ${BRANCH} failed"
-            fi
-            git checkout "${CURRENT_BRANCH}" 2>/dev/null
-          done
+      # updates.xml is generated dynamically by MokoGitea license server
+      # No need to build, commit, or sync updates.xml from workflows
 
       - name: "Delete lesser pre-release channels (cascade)"
         continue-on-error: true
         run: |
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          TOKEN="${{ secrets.GA_TOKEN }}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
 
           php ${MOKO_CLI}/release_cascade.php \
             --stability "${{ steps.meta.outputs.stability }}" \

.mokogitea/workflows/repo-health.yml

@@ -0,0 +1,713 @@
+# ============================================================================
+# Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+#
+# This file is part of a Moko Consulting project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: mokoplatform.Validation
+# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokoplatform
+# PATH: /templates/workflows/joomla/repo_health.yml.template
+# VERSION: 09.23.00
+# BRIEF: Enforces repository guardrails by validating scripts governance, tooling availability, and core repository health artifacts.
+# ============================================================================
+
+name: "Generic: Repo Health"
+
+defaults:
+  run:
+    shell: bash
+
+on:
+  workflow_dispatch:
+    inputs:
+      profile:
+        description: 'Validation profile: all, scripts, or repo'
+        required: true
+        default: all
+        type: choice
+        options:
+          - all
+          - scripts
+          - repo
+  pull_request:
+  push:
+
+permissions:
+  contents: read
+
+env:
+  # Scripts governance policy
+  SCRIPTS_REQUIRED_DIRS:
+  SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/lib,scripts/release,scripts/run,scripts/validate
+
+  # Repo health policy
+  REPO_REQUIRED_ARTIFACTS: README.md,LICENSE,CHANGELOG.md,CONTRIBUTING.md,CODE_OF_CONDUCT.md,.mokogitea/workflows/
+  REPO_OPTIONAL_FILES: SECURITY.md,GOVERNANCE.md,.editorconfig,.gitattributes,.gitignore,README.md,docs/
+  REPO_DISALLOWED_DIRS:
+  REPO_DISALLOWED_FILES: TODO.md,todo.md
+
+  # Extended checks toggles
+  EXTENDED_CHECKS: "true"
+
+  # File / directory variables
+  DOCS_INDEX: docs/docs-index.md
+  SCRIPT_DIR: scripts
+  WORKFLOWS_DIR: .mokogitea/workflows
+  SHELLCHECK_PATTERN: '*.sh'
+  SPDX_FILE_GLOBS: '*.sh,*.php,*.js,*.ts,*.css,*.xml,*.yml,*.yaml'
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  access_check:
+    name: Access control
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+
+    outputs:
+      allowed: ${{ steps.perm.outputs.allowed }}
+      permission: ${{ steps.perm.outputs.permission }}
+
+    steps:
+      - name: Check actor permission (admin only)
+        id: perm
+        env:
+          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || secrets.MOKOGITEA_TOKEN || github.token }}
+          REPO: ${{ github.repository }}
+          ACTOR: ${{ github.actor }}
+        run: |
+          set -euo pipefail
+          ALLOWED=false
+          PERMISSION=unknown
+          METHOD=""
+
+          # Hardcoded authorized users — always allowed
+          case "$ACTOR" in
+            jmiller|gitea-actions[bot])
+              ALLOWED=true
+              PERMISSION=admin
+              METHOD="hardcoded allowlist"
+              ;;
+            *)
+              # Detect platform and check permissions via API
+              API_BASE="${GITHUB_API_URL:-${GITEA_API_URL:-https://api.github.com}}"
+              RESP=$(curl -sf -H "Authorization: token ${TOKEN}" \
+                "${API_BASE}/repos/${REPO}/collaborators/${ACTOR}/permission" 2>/dev/null || echo '{}')
+              PERMISSION=$(echo "$RESP" | grep -oP '"permission"\s*:\s*"\K[^"]+' || echo "unknown")
+              if [ "$PERMISSION" = "admin" ] || [ "$PERMISSION" = "maintain" ] || [ "$PERMISSION" = "owner" ]; then
+                ALLOWED=true
+              fi
+              METHOD="collaborator API"
+              ;;
+          esac
+
+          echo "permission=${PERMISSION}" >> "$GITHUB_OUTPUT"
+          echo "allowed=${ALLOWED}" >> "$GITHUB_OUTPUT"
+
+          {
+            echo "## Access Authorization"
+            echo ""
+            echo "| Field | Value |"
+            echo "|-------|-------|"
+            echo "| **Actor** | \`${ACTOR}\` |"
+            echo "| **Repository** | \`${REPO}\` |"
+            echo "| **Permission** | \`${PERMISSION}\` |"
+            echo "| **Method** | ${METHOD} |"
+            echo "| **Authorized** | ${ALLOWED} |"
+            echo ""
+            if [ "$ALLOWED" = "true" ]; then
+              echo "${ACTOR} authorized (${METHOD})"
+            else
+              echo "${ACTOR} is NOT authorized. Requires admin or maintain role."
+            fi
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+      - name: Deny execution when not permitted
+        if: ${{ steps.perm.outputs.allowed != 'true' }}
+        run: |
+          set -euo pipefail
+          printf '%s\n' 'ERROR: Access denied. Admin permission required.' >> "${GITHUB_STEP_SUMMARY}"
+          exit 1
+
+  scripts_governance:
+    name: Scripts governance
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Scripts folder checks
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'repo' ]; then
+            {
+              printf '%s\n' '### Scripts governance'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes scripts governance'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          if [ ! -d "${SCRIPT_DIR}" ]; then
+            {
+              printf '%s\n' '### Scripts governance'
+              printf '%s\n' 'Status: OK (advisory)'
+              printf '%s\n' 'scripts/ directory not present. No scripts governance enforced.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          if [ -n "${SCRIPTS_REQUIRED_DIRS:-}" ]; then IFS=',' read -r -a required_dirs <<< "${SCRIPTS_REQUIRED_DIRS}"; else required_dirs=(); fi
+          IFS=',' read -r -a allowed_dirs <<< "${SCRIPTS_ALLOWED_DIRS}"
+
+          missing_dirs=()
+          unapproved_dirs=()
+
+          for d in "${required_dirs[@]}"; do
+            req="${d%/}"
+            [ ! -d "${req}" ] && missing_dirs+=("${req}/")
+          done
+
+          while IFS= read -r d; do
+            allowed=false
+            for a in "${allowed_dirs[@]}"; do
+              a_norm="${a%/}"
+              [ "${d%/}" = "${a_norm}" ] && allowed=true
+            done
+            [ "${allowed}" = false ] && unapproved_dirs+=("${d%/}/")
+          done < <(find "${SCRIPT_DIR}" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | sed 's#^\./##')
+
+          {
+            printf '%s\n' '### Scripts governance'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Area | Status | Notes |'
+            printf '%s\n' '|---|---|---|'
+
+            if [ "${#missing_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' '| Required directories | Warning | Missing required subfolders |'
+            else
+              printf '%s\n' '| Required directories | OK | All required subfolders present |'
+            fi
+
+            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' '| Directory policy | Warning | Unapproved directories detected |'
+            else
+              printf '%s\n' '| Directory policy | OK | No unapproved directories |'
+            fi
+
+            printf '%s\n' '| Enforcement mode | Advisory | scripts folder is optional |'
+            printf '\n'
+
+            if [ "${#missing_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' 'Missing required script directories:'
+              for m in "${missing_dirs[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            else
+              printf '%s\n' 'Missing required script directories: none.'
+              printf '\n'
+            fi
+
+            if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
+              printf '%s\n' 'Unapproved script directories detected:'
+              for m in "${unapproved_dirs[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            else
+              printf '%s\n' 'Unapproved script directories detected: none.'
+              printf '\n'
+            fi
+
+            printf '%s\n' 'Scripts governance completed in advisory mode.'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+  repo_health:
+    name: Repository health
+    needs: access_check
+    if: ${{ needs.access_check.outputs.allowed == 'true' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Repository health checks
+        env:
+          PROFILE_RAW: ${{ github.event.inputs.profile }}
+        run: |
+          set -euo pipefail
+
+          profile="${PROFILE_RAW:-all}"
+          case "${profile}" in
+            all|scripts|repo) ;;
+            *)
+              printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
+              exit 1
+              ;;
+          esac
+
+          if [ "${profile}" = 'scripts' ]; then
+            {
+              printf '%s\n' '### Repository health'
+              printf '%s\n' "Profile: ${profile}"
+              printf '%s\n' 'Status: SKIPPED'
+              printf '%s\n' 'Reason: profile excludes repository health'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 0
+          fi
+
+          IFS=',' read -r -a required_artifacts <<< "${REPO_REQUIRED_ARTIFACTS}"
+          IFS=',' read -r -a optional_files <<< "${REPO_OPTIONAL_FILES}"
+          if [ -n "${REPO_DISALLOWED_DIRS:-}" ]; then IFS=',' read -r -a disallowed_dirs <<< "${REPO_DISALLOWED_DIRS}"; else disallowed_dirs=(); fi
+          IFS=',' read -r -a disallowed_files <<< "${REPO_DISALLOWED_FILES:-}"
+
+          missing_required=()
+          missing_optional=()
+
+          # Source directory: source/, src/, or htdocs/ (any is valid for extension repos)
+          SOURCE_DIR=""
+          if [ -d "source" ]; then
+            SOURCE_DIR="source"
+          elif [ -d "src" ]; then
+            SOURCE_DIR="src"
+          elif [ -d "htdocs" ]; then
+            SOURCE_DIR="htdocs"
+          elif [ -d "deploy" ] || [ -d "cli" ] || [ -d "monitoring" ]; then
+            # Platform/tooling repos don't need source/
+            SOURCE_DIR=""
+          else
+            missing_required+=("source/ or src/ or htdocs/ (source directory required)")
+          fi
+
+          for item in "${required_artifacts[@]}"; do
+            if printf '%s' "${item}" | grep -q '/$'; then
+              d="${item%/}"
+              [ ! -d "${d}" ] && missing_required+=("${item}")
+            else
+              [ ! -f "${item}" ] && missing_required+=("${item}")
+            fi
+          done
+
+          for f in "${optional_files[@]}"; do
+            if printf '%s' "${f}" | grep -q '/$'; then
+              d="${f%/}"
+              [ ! -d "${d}" ] && missing_optional+=("${f}")
+            else
+              [ ! -f "${f}" ] && missing_optional+=("${f}")
+            fi
+          done
+
+          for d in "${disallowed_dirs[@]}"; do
+            d_norm="${d%/}"
+            [ -d "${d_norm}" ] && missing_required+=("${d_norm}/ (disallowed)")
+          done
+
+          for f in "${disallowed_files[@]}"; do
+            [ -f "${f}" ] && missing_required+=("${f} (disallowed)")
+          done
+
+          git fetch origin --prune
+
+          dev_paths=()
+          dev_branches=()
+
+          while IFS= read -r b; do
+            name="${b#origin/}"
+            if [ "${name}" = 'dev' ]; then
+              dev_branches+=("${name}")
+            else
+              dev_paths+=("${name}")
+            fi
+          done < <(git branch -r --list 'origin/dev*' | sed 's/^ *//')
+
+          if [ "${#dev_paths[@]}" -eq 0 ] && [ "${#dev_branches[@]}" -eq 0 ]; then
+            missing_required+=("dev or dev/* branch")
+          fi
+
+          content_warnings=()
+
+          if [ -f 'CHANGELOG.md' ] && ! grep -Eq '^# Changelog' CHANGELOG.md; then
+            content_warnings+=("CHANGELOG.md missing '# Changelog' header")
+          fi
+
+          if [ -f 'CHANGELOG.md' ] && grep -Eq '^[# ]*Unreleased' CHANGELOG.md; then
+            content_warnings+=("CHANGELOG.md contains Unreleased section (review release readiness)")
+          fi
+
+          if [ -f 'LICENSE' ] && ! grep -qiE 'GNU GENERAL PUBLIC LICENSE|GPL' LICENSE; then
+            content_warnings+=("LICENSE does not look like a GPL text")
+          fi
+
+          if [ -f 'README.md' ] && ! grep -qiE 'moko|Moko' README.md; then
+            content_warnings+=("README.md missing expected brand keyword")
+          fi
+
+          export PROFILE_RAW="${profile}"
+          export MISSING_REQUIRED="$(printf '%s\n' "${missing_required[@]:-}")"
+          export MISSING_OPTIONAL="$(printf '%s\n' "${missing_optional[@]:-}")"
+          export CONTENT_WARNINGS="$(printf '%s\n' "${content_warnings[@]:-}")"
+
+          report_json=$(printf '{"profile":"%s","missing_required":%d,"missing_optional":%d,"content_warnings":%d}'             "$profile" "${#missing_required[@]}" "${#missing_optional[@]}" "${#content_warnings[@]}")
+
+          {
+            printf '%s\n' '### Repository health'
+            printf '%s\n' "Profile: ${profile}"
+            printf '%s\n' '| Metric | Value |'
+            printf '%s\n' '|---|---|'
+            printf '%s\n' "| Missing required | ${#missing_required[@]} |"
+            printf '%s\n' "| Missing optional | ${#missing_optional[@]} |"
+            printf '%s\n' "| Content warnings | ${#content_warnings[@]} |"
+            printf '\n'
+
+            printf '%s\n' '### Guardrails report (JSON)'
+            printf '%s\n' '```json'
+            printf '%s\n' "${report_json}"
+            printf '%s\n' '```'
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${#missing_required[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing required repo artifacts'
+              for m in "${missing_required[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '%s\n' 'ERROR: Guardrails failed. Missing required repository artifacts.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+            exit 1
+          fi
+
+          if [ "${#missing_optional[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Missing optional repo artifacts'
+              for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          if [ "${#content_warnings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Repo content warnings'
+              for m in "${content_warnings[@]}"; do printf '%s\n' "- ${m}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          # -- Joomla-specific checks --
+          joomla_findings=()
+
+          MANIFEST="$(find . -maxdepth 2 -name '*.xml' -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)"
+          if [ -z "${MANIFEST}" ]; then
+            joomla_findings+=("Joomla XML manifest not found (no *.xml with <extension> tag)")
+          else
+            if ! grep -qP '<version>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <version> tag missing")
+            fi
+            if ! grep -qP 'type="(component|module|plugin|library|package|template|language)"' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: type attribute missing or invalid")
+            fi
+            if ! grep -qP '<name>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <name> tag missing")
+            fi
+            if ! grep -qP '<author>' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <author> tag missing")
+            fi
+            if ! grep -qP '<namespace' "${MANIFEST}"; then
+              joomla_findings+=("XML manifest: <namespace> missing (required for Joomla 5+)")
+            fi
+          fi
+
+          INI_COUNT="$(find . -name '*.ini' -type f 2>/dev/null | wc -l)"
+          if [ "${INI_COUNT}" -eq 0 ]; then
+            joomla_findings+=("No .ini language files found")
+          fi
+
+          if [ ! -f 'updates.xml' ]; then
+            joomla_findings+=("updates.xml missing in root (required for Joomla update server)")
+          fi
+
+          if [ -n "${SOURCE_DIR}" ]; then
+            INDEX_DIRS=("${SOURCE_DIR}" "${SOURCE_DIR}/admin" "${SOURCE_DIR}/site")
+            for dir in "${INDEX_DIRS[@]}"; do
+              if [ -d "${dir}" ] && [ ! -f "${dir}/index.html" ]; then
+                joomla_findings+=("${dir}/index.html missing (directory listing protection)")
+              fi
+            done
+          fi
+
+          if [ "${#joomla_findings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Joomla extension checks'
+              printf '%s\n' '| Check | Status |'
+              printf '%s\n' '|---|---|'
+              for f in "${joomla_findings[@]}"; do
+                printf '%s\n' "| ${f} | Warning |"
+              done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          else
+            {
+              printf '%s\n' '### Joomla extension checks'
+              printf '%s\n' 'All Joomla-specific checks passed.'
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          extended_enabled="${EXTENDED_CHECKS:-true}"
+          extended_findings=()
+
+          if [ "${extended_enabled}" = 'true' ]; then
+            if [ -f '.github/CODEOWNERS' ] || [ -f 'CODEOWNERS' ] || [ -f 'docs/CODEOWNERS' ]; then
+              :
+            else
+              extended_findings+=("CODEOWNERS not found (.github/CODEOWNERS preferred)")
+            fi
+
+            if ls "${WORKFLOWS_DIR}"/*.yml >/dev/null 2>&1 || ls "${WORKFLOWS_DIR}"/*.yaml >/dev/null 2>&1; then
+              bad_refs="$(grep -RIn --include='*.yml' --include='*.yaml' -E '^[[:space:]]*uses:[[:space:]]*[^#]+@(main|master)\b' "${WORKFLOWS_DIR}" 2>/dev/null || true)"
+              if [ -n "${bad_refs}" ]; then
+                extended_findings+=("Workflows reference actions @main/@master (pin versions): see log excerpt")
+                {
+                  printf '%s\n' '### Workflow pinning advisory'
+                  printf '%s\n' 'Found uses: entries pinned to main/master:'
+                  printf '%s\n' '```'
+                  printf '%s\n' "${bad_refs}"
+                  printf '%s\n' '```'
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            if [ -f "${DOCS_INDEX}" ]; then
+              missing_links=""
+              while IFS= read -r docline; do
+                for link in $(echo "$docline" | grep -oE '\]\([^)]+\)' | sed 's/\](//' | sed 's/)$//' || true); do
+                  case "$link" in http://*|https://*|"#"*|mailto:*) continue ;; esac
+                  linkpath="${link%%#*}"
+                  linkpath="${linkpath%%\?*}"
+                  [ -z "$linkpath" ] && continue
+                  if [ "${linkpath:0:1}" = "/" ]; then
+                    testpath="${linkpath#/}"
+                  else
+                    testpath="$(dirname "${DOCS_INDEX}")/${linkpath}"
+                  fi
+                  [ ! -e "$testpath" ] && missing_links="${missing_links}${testpath} "
+                done
+              done < "${DOCS_INDEX}"
+              if [ -n "${missing_links}" ]; then
+                extended_findings+=("docs/docs-index.md contains broken relative links")
+                {
+                  printf '%s\n' '### Docs index link integrity'
+                  printf '%s\n' 'Broken relative links:'
+                  for bl in ${missing_links}; do
+                    printf '%s\n' "- ${bl}"
+                  done
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            if [ -d "${SCRIPT_DIR}" ]; then
+              if ! command -v shellcheck >/dev/null 2>&1; then
+                sudo apt-get update -qq
+                sudo apt-get install -y shellcheck >/dev/null
+              fi
+
+              sc_out=''
+              while IFS= read -r shf; do
+                [ -z "${shf}" ] && continue
+                out_one="$(shellcheck -S warning -x "${shf}" 2>/dev/null || true)"
+                if [ -n "${out_one}" ]; then
+                  sc_out="${sc_out}${out_one}\n"
+                fi
+              done < <(find "${SCRIPT_DIR}" -type f -name "${SHELLCHECK_PATTERN}" 2>/dev/null | sort)
+
+              if [ -n "${sc_out}" ]; then
+                extended_findings+=("ShellCheck warnings detected (advisory)")
+                sc_head="$(printf '%s' "${sc_out}" | head -n 200)"
+                {
+                  printf '%s\n' '### ShellCheck (advisory)'
+                  printf '%s\n' '```'
+                  printf '%s\n' "${sc_head}"
+                  printf '%s\n' '```'
+                  printf '\n'
+                } >> "${GITHUB_STEP_SUMMARY}"
+              fi
+            fi
+
+            spdx_missing=()
+            IFS=',' read -r -a spdx_globs <<< "${SPDX_FILE_GLOBS}"
+            spdx_args=()
+            for g in "${spdx_globs[@]}"; do spdx_args+=("${g}"); done
+
+            while IFS= read -r f; do
+              [ -z "${f}" ] && continue
+              if ! head -n 40 "${f}" | grep -q 'SPDX-License-Identifier:'; then
+                spdx_missing+=("${f}")
+              fi
+            done < <(git ls-files "${spdx_args[@]}" 2>/dev/null || true)
+
+            if [ "${#spdx_missing[@]}" -gt 0 ]; then
+              extended_findings+=("SPDX header missing in some tracked files (advisory)")
+              {
+                printf '%s\n' '### SPDX header advisory'
+                printf '%s\n' 'Files missing SPDX-License-Identifier (first 40 lines scan):'
+                for f in "${spdx_missing[@]}"; do printf '%s\n' "- ${f}"; done
+                printf '\n'
+              } >> "${GITHUB_STEP_SUMMARY}"
+            fi
+
+            stale_cutoff_days=180
+            stale_branches="$(git for-each-ref --format='%(refname:short) %(committerdate:unix)' refs/remotes/origin 2>/dev/null | awk -v now="$(date +%s)" -v days="${stale_cutoff_days}" '{if (now-$2 > days*86400) print $1}' | head -50)"
+            if [ -n "${stale_branches}" ]; then
+              extended_findings+=("Stale remote branches detected (advisory)")
+              {
+                printf '%s\n' '### Git hygiene advisory'
+                printf '%s\n' "Branches with last commit older than ${stale_cutoff_days} days (sample up to 50):"
+                while IFS= read -r b; do [ -n "${b}" ] && printf '%s\n' "- ${b}"; done <<< "${stale_branches}"
+                printf '\n'
+              } >> "${GITHUB_STEP_SUMMARY}"
+            fi
+          fi
+
+          {
+            printf '%s\n' '### Guardrails coverage matrix'
+            printf '%s\n' '| Domain | Status | Notes |'
+            printf '%s\n' '|---|---|---|'
+            printf '%s\n' '| Access control | OK | Admin-only execution gate |'
+            printf '%s\n' '| Release policy | N/A | Releases handled by MokoGitea |'
+            printf '%s\n' '| Scripts governance | OK | Directory policy and advisory reporting |'
+            printf '%s\n' '| Repo required artifacts | OK | Required, optional, disallowed enforcement |'
+            printf '%s\n' '| Repo content heuristics | OK | Brand, license, changelog structure |'
+            if [ "${extended_enabled}" = 'true' ]; then
+              if [ "${#extended_findings[@]}" -gt 0 ]; then
+                printf '%s\n' '| Extended checks | Warning | See extended findings below |'
+              else
+                printf '%s\n' '| Extended checks | OK | No findings |'
+              fi
+            else
+              printf '%s\n' '| Extended checks | SKIPPED | EXTENDED_CHECKS disabled |'
+            fi
+            printf '\n'
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+          if [ "${extended_enabled}" = 'true' ] && [ "${#extended_findings[@]}" -gt 0 ]; then
+            {
+              printf '%s\n' '### Extended findings (advisory)'
+              for f in "${extended_findings[@]}"; do printf '%s\n' "- ${f}"; done
+              printf '\n'
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+
+          printf '%s\n' 'Repository health guardrails passed.' >> "${GITHUB_STEP_SUMMARY}"
+
+
+  site-health:
+    name: Site Health
+    runs-on: ubuntu-latest
+    if: github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+
+      - name: Uptime check
+        if: env.URLS != ''
+        run: |
+          echo "$URLS" > /tmp/urls.txt
+          php monitoring/uptime-probe.php --urls /tmp/urls.txt --timeout 15 || echo "::warning::Some sites are down"
+          rm -f /tmp/urls.txt
+        env:
+          URLS: ${{ vars.MONITORED_URLS }}
+
+      - name: SSL certificate check
+        if: env.DOMAINS != ''
+        run: |
+          echo "$DOMAINS" > /tmp/domains.txt
+          php monitoring/ssl-check.php --domains /tmp/domains.txt --warn-days 30 || echo "::warning::SSL certificates expiring soon"
+          rm -f /tmp/domains.txt
+        env:
+          DOMAINS: ${{ vars.MONITORED_DOMAINS }}
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "### Site Health" >> $GITHUB_STEP_SUMMARY
+          echo "Uptime and SSL checks completed." >> $GITHUB_STEP_SUMMARY
+
+  # ═══════════════════════════════════════════════════════════════════════
+  # Issue Reporter — file issues for failed gates
+  # ═══════════════════════════════════════════════════════════════════════
+  report-issues:
+    name: "Report Issues"
+    runs-on: ubuntu-latest
+    needs: [access_check, scripts_governance, repo_health]
+    if: >-
+      always() &&
+      (needs.scripts_governance.result == 'failure' ||
+       needs.repo_health.result == 'failure')
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issues for failed gates"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          REPORTER="./automation/ci-issue-reporter.sh"
+          WF="Repo Health"
+
+          report_gate() {
+            local gate="$1" result="$2" details="$3"
+            if [ "$result" = "failure" ]; then
+              "$REPORTER" --gate "$gate" --details "$details" --workflow "$WF" --severity error
+            fi
+          }
+
+          report_gate "Scripts Governance" \
+            "${{ needs.scripts_governance.result }}" \
+            "Scripts directory policy violations detected. Review required and allowed directories."
+
+          report_gate "Repository Health" \
+            "${{ needs.repo_health.result }}" \
+            "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."

.mokogitea/workflows/security-audit.yml

@@ -0,0 +1,82 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards.Security
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
+# PATH: /.gitea/workflows/security-audit.yml
+# VERSION: 01.00.00
+# BRIEF: Dependency vulnerability scanning for composer and npm packages
+
+name: "Universal: Security Audit"
+
+on:
+  schedule:
+    - cron: '0 6 * * 1'  # Weekly on Monday at 06:00 UTC
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'composer.json'
+      - 'composer.lock'
+      - 'package.json'
+      - 'package-lock.json'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
+  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
+
+jobs:
+  audit:
+    name: Dependency Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Composer audit
+        if: hashFiles('composer.lock') != ''
+        run: |
+          echo "=== Composer Security Audit ==="
+          if ! command -v composer &> /dev/null; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq php-cli composer >/dev/null 2>&1
+          fi
+          composer audit --format=plain 2>&1 | tee /tmp/composer-audit.txt
+          RESULT=$?
+          if [ $RESULT -ne 0 ]; then
+            echo "::warning::Composer vulnerabilities found"
+            echo "composer_vulnerable=true" >> "$GITHUB_ENV"
+          else
+            echo "No known vulnerabilities in composer dependencies"
+          fi
+
+      - name: NPM audit
+        if: hashFiles('package-lock.json') != ''
+        run: |
+          echo "=== NPM Security Audit ==="
+          npm audit --production 2>&1 | tee /tmp/npm-audit.txt || true
+          if npm audit --production 2>&1 | grep -q "found 0 vulnerabilities"; then
+            echo "No known vulnerabilities in npm dependencies"
+          else
+            echo "::warning::NPM vulnerabilities found"
+            echo "npm_vulnerable=true" >> "$GITHUB_ENV"
+          fi
+
+      - name: Notify on vulnerabilities
+        if: env.composer_vulnerable == 'true' || env.npm_vulnerable == 'true'
+        run: |
+          REPO="${{ github.event.repository.name }}"
+          curl -sS \
+            -H "Title: ${REPO} has vulnerable dependencies" \
+            -H "Tags: lock,warning" \
+            -H "Priority: high" \
+            -d "Security audit found vulnerabilities. Review dependency updates." \
+            "${NTFY_URL}/${NTFY_TOPIC}" || true

.mokogitea/workflows/update-server.yml

@@ -4,18 +4,16 @@
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Universal
+# INGROUP: moko-platform.Universal
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
 # PATH: /templates/workflows/update-server.yml
-# VERSION: 04.07.00
-# BRIEF: Update server XML feed with stable/rc/beta/alpha/dev entries (universal)
+# VERSION: 05.00.00
+# BRIEF: Pre-release build + update server XML for dev/alpha/beta/rc branches
 #
-# Writes updates.xml with multiple <update> entries:
-#   - <tag>stable</tag>     on push to main (from auto-release)
-#   - <tag>rc</tag>         on push to rc/**
-#   - <tag>development</tag> on push to dev or dev/**
+# Thin wrapper around moko-platform CLI tools.
+# Builds packages, updates updates.xml, and optionally deploys via SFTP.
 #
-# Joomla filters by user's "Minimum Stability" setting.
+# Joomla filters update entries by the user's "Minimum Stability" setting.
 
 name: "Update Server"
 
@@ -66,7 +64,7 @@ permissions:
 
 jobs:
   update-xml:
-    name: Update updates.xml
+    name: Update Server
     runs-on: release
     if: >-
       github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' || github.event_name == 'push'
@@ -75,50 +73,51 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.GA_TOKEN }}
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
           fetch-depth: 0
 
       - name: Setup moko-platform tools
         env:
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN }}
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
           MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
-          COMPOSER_AUTH: '{"http-basic":{"git.mokoconsulting.tech":{"username":"token","password":"${{ secrets.GA_TOKEN }}"}}}'
+          COMPOSER_AUTH: '{"http-basic":{"git.mokoconsulting.tech":{"username":"token","password":"${{ secrets.MOKOGITEA_TOKEN }}"}}}'
         run: |
           if ! command -v composer &> /dev/null; then
             sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
           fi
-          if [ -d "/tmp/moko-platform" ]; then
-            echo "moko-platform already available — skipping clone"
-          else
-            git clone --depth 1 --branch main --quiet \
-              "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
-              /tmp/moko-platform 2>/dev/null || true
-          fi
+          # Always fetch latest CLI tools — never use stale cache from previous runs
+          rm -rf /tmp/moko-platform
+          git clone --depth 1 --branch main --quiet \
+            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
+            /tmp/moko-platform 2>/dev/null || true
           if [ -d "/tmp/moko-platform" ] && [ -f "/tmp/moko-platform/composer.json" ]; then
             cd /tmp/moko-platform && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
           fi
+          echo "MOKO_CLI=/tmp/moko-platform/cli" >> "$GITHUB_ENV"
 
-      - name: Generate updates.xml entry
-        id: update
+      - name: Detect platform
+        id: platform
+        run: php ${MOKO_CLI}/manifest_read.php --path . --github-output
+
+      - name: Resolve stability and bump version
+        id: meta
         run: |
           BRANCH="${{ github.ref_name }}"
-          REPO="${{ github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          VERSION=$(php /tmp/moko-platform/cli/version_read.php --path . 2>/dev/null || echo "0.0.0")
 
-          # Auto-bump patch on all branches (dev, alpha, beta, rc)
+          # Configure git for bot pushes
           git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
           git config --local user.name "gitea-actions[bot]"
-          BUMPED=$(php /tmp/moko-platform/cli/version_bump.php --path . 2>/dev/null || true)
-          if [ -n "$BUMPED" ]; then
-            VERSION=$(php /tmp/moko-platform/cli/version_read.php --path . 2>/dev/null || echo "$VERSION")
-            git add -A
-            git commit -m "chore(version): auto-bump patch ${VERSION} [skip ci]" \
-              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>" 2>/dev/null || true
-            git push 2>/dev/null || true
-          fi
+          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
 
-          # Determine stability from branch or input
+          # Auto-bump patch version
+          php ${MOKO_CLI}/version_bump.php --path . 2>/dev/null || true
+
+          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "0.0.0")
+
+          # Strip any existing suffix before applying stability
+          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
+
+          # Determine stability from branch or manual input
           if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
             STABILITY="${{ inputs.stability }}"
           elif [[ "$BRANCH" == rc/* ]]; then
@@ -127,263 +126,96 @@ jobs:
             STABILITY="beta"
           elif [[ "$BRANCH" == alpha/* ]]; then
             STABILITY="alpha"
-          elif [[ "$BRANCH" == dev/* ]] || [[ "$BRANCH" == "dev" ]]; then
+          else
             STABILITY="development"
-          else
-            STABILITY="stable"
           fi
 
+          # Version suffix per stability stream
+          case "$STABILITY" in
+            development) SUFFIX="-dev";  TAG="development" ;;
+            alpha)       SUFFIX="-alpha"; TAG="alpha" ;;
+            beta)        SUFFIX="-beta";  TAG="beta" ;;
+            rc)          SUFFIX="-rc";    TAG="release-candidate" ;;
+            *)           SUFFIX="";       TAG="stable" ;;
+          esac
+
+          # Propagate version with stability suffix to all manifest files
+          php ${MOKO_CLI}/version_set_platform.php \
+            --path . --version "$VERSION" --branch "$BRANCH" --stability "$STABILITY" 2>/dev/null || true
+          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
+
+          # Re-read version (now includes suffix from version_set_platform)
+          if [ -n "$SUFFIX" ]; then
+            VERSION="${VERSION}${SUFFIX}"
+          fi
+
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
           echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
+          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
+          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "display_version=${VERSION}" >> "$GITHUB_OUTPUT"
 
-          # Parse manifest (portable — no grep -P)
-          MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" ! -path "./build/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
-          if [ -z "$MANIFEST" ]; then
-            echo "No Joomla manifest found — skipping"
-            exit 0
-          fi
-
-          # Extract fields using sed (works on all runners)
-          EXT_NAME=$(sed -n 's/.*<name>\([^<]*\)<\/name>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_TYPE=$(sed -n 's/.*<extension[^>]*type="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_ELEMENT=$(sed -n 's/.*<element>\([^<]*\)<\/element>.*/\1/p' "$MANIFEST" | head -1)
-          EXT_CLIENT=$(sed -n 's/.*<extension[^>]*client="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_FOLDER=$(sed -n 's/.*<extension[^>]*group="\([^"]*\)".*/\1/p' "$MANIFEST" | head -1)
-          EXT_VERSION=$(sed -n 's/.*<version>\([^<]*\)<\/version>.*/\1/p' "$MANIFEST" | head -1)
-          TARGET_PLATFORM=$(sed -n 's/.*\(<targetplatform[^/]*\/>\).*/\1/p' "$MANIFEST" | head -1)
-          PHP_MINIMUM=$(sed -n 's/.*<php_minimum>\([^<]*\)<\/php_minimum>.*/\1/p' "$MANIFEST" | head -1)
-
-          # Fallbacks
-          [ -z "$EXT_NAME" ] && EXT_NAME="${{ github.event.repository.name }}"
-          [ -z "$EXT_TYPE" ] && EXT_TYPE="component"
-
-          # Derive element if not in manifest: try XML filename, then repo name
-          if [ -z "$EXT_ELEMENT" ]; then
-            EXT_ELEMENT=$(basename "$MANIFEST" .xml | tr '[:upper:]' '[:lower:]')
-            case "$EXT_ELEMENT" in
-              templatedetails|manifest|*.xml) EXT_ELEMENT=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' | tr -d ' -') ;;
-            esac
-          fi
-
-          # Use manifest version if README version is empty
-          [ "$VERSION" = "0.0.0" ] && [ -n "$EXT_VERSION" ] && VERSION="$EXT_VERSION"
-
-          [ -z "$TARGET_PLATFORM" ] && TARGET_PLATFORM=$(printf '<targetplatform name="joomla" version="((5.[0-9])|(6.[0-9]))" %s>' "/")
-
-          # Joomla requires <client> on ALL extension types for update matching
-          if [ -n "$EXT_CLIENT" ]; then
-            CLIENT_TAG="<client>${EXT_CLIENT}</client>"
-          else
-            CLIENT_TAG="<client>site</client>"
-          fi
-
-          FOLDER_TAG=""
-          [ -n "$EXT_FOLDER" ] && [ "$EXT_TYPE" = "plugin" ] && FOLDER_TAG="<folder>${EXT_FOLDER}</folder>"
-
-          PHP_TAG=""
-          [ -n "$PHP_MINIMUM" ] && PHP_TAG="<php_minimum>${PHP_MINIMUM}</php_minimum>"
-
-          # Version suffix for non-stable
-          DISPLAY_VERSION="$VERSION"
-          case "$STABILITY" in
-            development) DISPLAY_VERSION="${VERSION}-dev" ;;
-            alpha)       DISPLAY_VERSION="${VERSION}-alpha" ;;
-            beta)        DISPLAY_VERSION="${VERSION}-beta" ;;
-            rc)          DISPLAY_VERSION="${VERSION}-rc" ;;
-          esac
-
-          MAJOR=$(echo "$VERSION" | awk -F. '{print $1}')
-
-          # Each stability level has its own release tag
-          case "$STABILITY" in
-            development) RELEASE_TAG="development" ;;
-            alpha)       RELEASE_TAG="alpha" ;;
-            beta)        RELEASE_TAG="beta" ;;
-            rc)          RELEASE_TAG="release-candidate" ;;
-            *)           RELEASE_TAG="v${MAJOR}" ;;
-          esac
-
-          PACKAGE_NAME="${EXT_ELEMENT}-${DISPLAY_VERSION}.zip"
-          DOWNLOAD_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/download/${RELEASE_TAG}/${PACKAGE_NAME}"
-          INFO_URL="${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}"
-
-          # -- Build install packages (ZIP + tar.gz) --------------------
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          if [ -d "$SOURCE_DIR" ]; then
-            EXCLUDES=".ftpignore sftp-config* *.ppk *.pem *.key .env*"
-            TAR_NAME="${EXT_ELEMENT}-${DISPLAY_VERSION}.tar.gz"
-
-            cd "$SOURCE_DIR"
-            zip -r "/tmp/${PACKAGE_NAME}" . -x $EXCLUDES
-            cd ..
-            tar -czf "/tmp/${TAR_NAME}" -C "$SOURCE_DIR" \
-              --exclude='.ftpignore' --exclude='sftp-config*' \
-              --exclude='*.ppk' --exclude='*.pem' --exclude='*.key' --exclude='.env*' .
-
-            SHA256=$(sha256sum "/tmp/${PACKAGE_NAME}" | cut -d' ' -f1)
-
-            # Ensure release exists on Gitea
-            RELEASE_JSON=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-              "${API_BASE}/releases/tags/${RELEASE_TAG}" 2>/dev/null || true)
-            RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-
-            if [ -z "$RELEASE_ID" ]; then
-              # Create release
-              RELEASE_JSON=$(curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                -H "Content-Type: application/json" \
-                "${API_BASE}/releases" \
-                -d "$(python3 -c "import json; print(json.dumps({
-                  'tag_name': '${RELEASE_TAG}',
-                  'name': '${RELEASE_TAG} (${DISPLAY_VERSION})',
-                  'body': '${STABILITY} release',
-                  'prerelease': True,
-                  'target_commitish': 'main'
-                }))")" 2>/dev/null || true)
-              RELEASE_ID=$(echo "$RELEASE_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
-            fi
-
-            if [ -n "$RELEASE_ID" ]; then
-              # Delete existing assets with same name before uploading
-              ASSETS=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets" 2>/dev/null || echo "[]")
-              for ASSET_FILE in "$PACKAGE_NAME" "$TAR_NAME"; do
-                ASSET_ID=$(echo "$ASSETS" | python3 -c "
-          import sys,json
-          assets = json.load(sys.stdin)
-          for a in assets:
-              if a['name'] == '${ASSET_FILE}':
-                  print(a['id']); break
-          " 2>/dev/null || true)
-                if [ -n "$ASSET_ID" ]; then
-                  curl -sf -X DELETE -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                    "${API_BASE}/releases/${RELEASE_ID}/assets/${ASSET_ID}" 2>/dev/null || true
-                fi
-              done
-
-              # Upload both formats
-              curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                -H "Content-Type: application/octet-stream" \
-                --data-binary @"/tmp/${PACKAGE_NAME}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets?name=${PACKAGE_NAME}" > /dev/null 2>&1 || true
-
-              curl -sf -X POST -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
-                -H "Content-Type: application/octet-stream" \
-                --data-binary @"/tmp/${TAR_NAME}" \
-                "${API_BASE}/releases/${RELEASE_ID}/assets?name=${TAR_NAME}" > /dev/null 2>&1 || true
-            fi
-
-            echo "Packages: ${PACKAGE_NAME} + ${TAR_NAME} (SHA: ${SHA256})" >> $GITHUB_STEP_SUMMARY
-          else
-            SHA256=""
-          fi
-
-          # -- Build the new entry (canonical format matching release.yml) --
-          NEW_ENTRY=""
-          NEW_ENTRY="${NEW_ENTRY}  <update>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <name>${EXT_NAME}</name>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <description>${EXT_NAME} ${STABILITY} build.</description>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <element>${EXT_ELEMENT}</element>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <type>${EXT_TYPE}</type>\n"
-          [ -n "$CLIENT_TAG" ] && NEW_ENTRY="${NEW_ENTRY}    ${CLIENT_TAG}\n"
-          [ -n "$FOLDER_TAG" ] && NEW_ENTRY="${NEW_ENTRY}    ${FOLDER_TAG}\n"
-          NEW_ENTRY="${NEW_ENTRY}    <version>${VERSION}</version>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <creationDate>$(date +%Y-%m-%d)</creationDate>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <infourl title='${EXT_NAME}'>https://git.mokoconsulting.tech/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${RELEASE_TAG}</infourl>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <downloads>\n"
-          NEW_ENTRY="${NEW_ENTRY}      <downloadurl type='full' format='zip'>${DOWNLOAD_URL}</downloadurl>\n"
-          NEW_ENTRY="${NEW_ENTRY}    </downloads>\n"
-          [ -n "$SHA256" ] && NEW_ENTRY="${NEW_ENTRY}    <sha256>${SHA256}</sha256>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <tags><tag>${STABILITY}</tag></tags>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <maintainer>Moko Consulting</maintainer>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <maintainerurl>https://mokoconsulting.tech</maintainerurl>\n"
-          NEW_ENTRY="${NEW_ENTRY}    <targetplatform name='joomla' version='(5|6).*'/>\n"
-          [ -n "$PHP_MINIMUM" ] && NEW_ENTRY="${NEW_ENTRY}    <php_minimum>${PHP_MINIMUM}</php_minimum>\n"
-          NEW_ENTRY="${NEW_ENTRY}  </update>"
-
-          # -- Write new entry to temp file --------------------------------
-          printf '%b' "$NEW_ENTRY" > /tmp/new_entry.xml
-
-          # -- Merge into updates.xml ----------------------------------------
-          # Cascade: stable→all | rc→rc+lower | beta→beta+lower | alpha→alpha+dev | dev→dev
-          CASCADE_MAP="stable:development,alpha,beta,rc,stable rc:development,alpha,beta,rc beta:development,alpha,beta alpha:development,alpha development:development"
-          TARGETS=""
-          for entry in $CASCADE_MAP; do
-            key="${entry%%:*}"
-            vals="${entry#*:}"
-            if [ "$key" = "${STABILITY}" ]; then
-              TARGETS="$vals"
-              break
-            fi
-          done
-          [ -z "$TARGETS" ] && TARGETS="${STABILITY}"
-
-          echo "Cascade: ${STABILITY} → ${TARGETS}"
-
-          # Create updates.xml if missing
-          if [ ! -f "updates.xml" ]; then
-            printf '%s\n' "<?xml version='1.0' encoding='UTF-8'?>" > updates.xml
-            printf '%s\n' "<!-- Copyright (C) $(date +%Y) Moko Consulting -->" >> updates.xml
-            printf '%s\n' "<updates>" >> updates.xml
-            printf '%s\n' "</updates>" >> updates.xml
-          fi
-
-          # Update existing blocks or create missing ones
-          export PY_TARGETS="$TARGETS" PY_VERSION="$VERSION" PY_DATE="$(date +%Y-%m-%d)"
-          python3 << 'PYEOF'
-          import re, os
-
-          targets = os.environ["PY_TARGETS"].split(",")
-          version = os.environ["PY_VERSION"]
-          date = os.environ["PY_DATE"]
-
-          with open("updates.xml") as f:
-              content = f.read()
-          with open("/tmp/new_entry.xml") as f:
-              new_entry_template = f.read()
-
-          for tag in targets:
-              tag = tag.strip()
-              # Build entry with this tag's name
-              new_entry = re.sub(r"<tag>[^<]*</tag>", f"<tag>{tag}</tag>", new_entry_template)
-
-              # Try to find existing block (handles both single-line and multi-line <tags>)
-              block_pattern = r"(<update>(?:(?!</update>).)*?<tag>" + re.escape(tag) + r"</tag>.*?</update>)"
-              match = re.search(block_pattern, content, re.DOTALL)
-
-              if match:
-                  # Update in place — replace entire block
-                  content = content.replace(match.group(1), new_entry.strip())
-                  print(f"  UPDATED: <tag>{tag}</tag> → {version}")
-              else:
-                  # Create — insert before </updates>
-                  content = content.replace("</updates>", "\n" + new_entry.strip() + "\n\n</updates>")
-                  print(f"  CREATED: <tag>{tag}</tag> → {version}")
-
-          # Clean up excessive blank lines
-          content = re.sub(r"\n{3,}", "\n\n", content)
-
-          with open("updates.xml", "w") as f:
-              f.write(content)
-          PYEOF
-
-          # Commit
-          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
-          git config --local user.name "gitea-actions[bot]"
-          git add updates.xml
+          # Commit version bump if changed
+          git add -A
           git diff --cached --quiet || {
-            git commit -m "chore: update updates.xml (${STABILITY}: ${DISPLAY_VERSION}) [skip ci]" \
+            git commit -m "chore(version): auto-bump ${VERSION} [skip ci]" \
               --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
             git push
           }
 
-      # -- Sync updates.xml to main (for non-main branches) ----------------------
+      - name: Create release and upload package
+        id: package
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          TAG="${{ steps.meta.outputs.tag }}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+
+          # Create or update Gitea release
+          php ${MOKO_CLI}/release_create.php \
+            --path . --version "$VERSION" --tag "$TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --repo "${GITEA_REPO}" --branch "${{ github.ref_name }}" --prerelease
+
+          # Build package and upload
+          php ${MOKO_CLI}/release_package.php \
+            --path . --version "$VERSION" --tag "$TAG" \
+            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
+            --repo "${GITEA_REPO}" --output /tmp || true
+
+      - name: Update updates.xml
+        if: steps.platform.outputs.platform == 'joomla'
+        run: |
+          VERSION="${{ steps.meta.outputs.version }}"
+          STABILITY="${{ steps.meta.outputs.stability }}"
+          SHA256="${{ steps.package.outputs.sha256_zip }}"
+
+          if [ ! -f "updates.xml" ]; then
+            echo "No updates.xml — skipping"
+            exit 0
+          fi
+
+          SHA_FLAG=""
+          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
+
+          php ${MOKO_CLI}/updates_xml_build.php \
+            --path . --version "${VERSION}" --stability "${STABILITY}" \
+            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
+            ${SHA_FLAG}
+
+          # Commit and push updates.xml
+          git add updates.xml
+          git diff --cached --quiet || {
+            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
+            git push
+          }
+
       - name: Sync updates.xml to main
-        if: github.ref_name != 'main'
+        if: github.ref_name != 'main' && steps.platform.outputs.platform == 'joomla'
         run: |
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
-          GA_TOKEN="${{ secrets.GA_TOKEN }}"
+          GITEA_TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
 
-          FILE_SHA=$(curl -sf -H "Authorization: token ${GA_TOKEN}" \
+          FILE_SHA=$(curl -sf -H "Authorization: token ${GITEA_TOKEN}" \
             "${API_BASE}/contents/updates.xml?ref=main" | python3 -c "import sys,json; print(json.load(sys.stdin).get('sha',''))" 2>/dev/null || true)
 
           if [ -n "$FILE_SHA" ] && [ -f "updates.xml" ]; then
@@ -394,27 +226,22 @@ jobs:
           payload = json.dumps({
               'content': content,
               'sha': '${FILE_SHA}',
-              'message': 'chore: sync updates.xml from ${STABILITY} [skip ci]',
+              'message': 'chore: sync updates.xml from ${{ steps.meta.outputs.stability }} [skip ci]',
               'branch': 'main'
           }).encode()
           req = urllib.request.Request(
               '${API_BASE}/contents/updates.xml',
               data=payload, method='PUT',
               headers={
-                  'Authorization': 'token ${GA_TOKEN}',
+                  'Authorization': 'token ${GITEA_TOKEN}',
                   'Content-Type': 'application/json'
               })
           try:
               urllib.request.urlopen(req)
               print('updates.xml synced to main')
           except Exception as e:
-              print(f'ERROR: failed to sync updates.xml to main: {e}', file=sys.stderr)
-              sys.exit(1)
-          " \
-              && echo "updates.xml synced to main (${STABILITY})" >> $GITHUB_STEP_SUMMARY \
-              || echo "::error::failed to sync updates.xml to main" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "::error::could not get updates.xml SHA from main — file may not exist on main yet" >> $GITHUB_STEP_SUMMARY
+              print(f'WARNING: sync to main failed: {e}', file=sys.stderr)
+          "
           fi
 
       - name: SFTP deploy to dev server
@@ -428,12 +255,11 @@ jobs:
           DEV_KEY: ${{ secrets.DEV_FTP_KEY }}
           DEV_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
         run: |
-          # -- Permission check: admin or maintain role required --------
+          # Permission check: admin or maintain role required
           ACTOR="${{ github.actor }}"
-          REPO="${{ github.repository }}"
           API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
 
-          PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" \
+          PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
             "${API_BASE}/collaborators/${ACTOR}/permission" 2>/dev/null | \
             python3 -c "import sys,json; print(json.load(sys.stdin).get('permission','read'))" 2>/dev/null || echo "read")
           case "$PERMISSION" in
@@ -463,198 +289,24 @@ jobs:
             printf ',"password":"%s"}' "$DEV_PASS" >> /tmp/sftp-config.json
           fi
 
-          PLATFORM=$(php /tmp/moko-platform/cli/platform_detect.php --path . 2>/dev/null || true)
-          if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/moko-platform/deploy/deploy-joomla.php" ]; then
-            php /tmp/moko-platform/deploy/deploy-joomla.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
-          elif [ -f "/tmp/moko-platform/deploy/deploy-sftp.php" ]; then
-            php /tmp/moko-platform/deploy/deploy-sftp.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
+          PLATFORM=$(php ${MOKO_CLI}/platform_detect.php --path . 2>/dev/null || true)
+          if [ "$PLATFORM" = "waas-component" ] && [ -f "${MOKO_CLI}/../deploy/deploy-joomla.php" ]; then
+            php ${MOKO_CLI}/../deploy/deploy-joomla.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
+          elif [ -f "${MOKO_CLI}/../deploy/deploy-sftp.php" ]; then
+            php ${MOKO_CLI}/../deploy/deploy-sftp.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
           fi
           rm -f /tmp/deploy_key /tmp/sftp-config.json
           echo "SFTP deploy to dev complete" >> $GITHUB_STEP_SUMMARY
 
-      - name: Validate updates.xml integrity
-        run: |
-          ERRORS=0
-
-          if [ ! -f "updates.xml" ]; then
-            echo "::error::updates.xml not found"
-            exit 1
-          fi
-
-          # Well-formed XML
-          if ! python3 -c "import xml.etree.ElementTree as ET; ET.parse('updates.xml')" 2>/dev/null; then
-            echo "::error::updates.xml is not valid XML"
-            ERRORS=$((ERRORS+1))
-          fi
-
-          python3 << 'PYEOF'
-          import xml.etree.ElementTree as ET, sys, re, os
-
-          tree = ET.parse("updates.xml")
-          root = tree.getroot()
-          updates = root.findall("update")
-          errors = 0
-          warnings = 0
-          seen_tags = set()
-
-          # All 5 channels MUST be present
-          REQUIRED_CHANNELS = {"stable", "rc", "beta", "alpha", "dev"}
-          VALID_TAGS = REQUIRED_CHANNELS | {"development"}  # accept legacy alias
-          REPO = os.environ.get("GITEA_REPO", "")
-          ORG = os.environ.get("GITEA_ORG", "MokoConsulting")
-          REPO_BASE = f"https://git.mokoconsulting.tech/{ORG}/"
-
-          # Gitea release tag names per channel (Moko standard)
-          RELEASE_TAG_MAP = {
-              "stable": "stable",
-              "rc": "release-candidate",
-              "beta": "beta",
-              "alpha": "alpha",
-              "dev": "development",
-              "development": "development",
-          }
-
-          # Joomla update XML required fields per
-          # https://docs.joomla.org/Deploying_an_Update_Server
-          REQUIRED_FIELDS = ["name", "element", "type", "version", "infourl"]
-
-          for i, u in enumerate(updates):
-              tag_el = u.find("tags/tag")
-              tag = tag_el.text.strip() if tag_el is not None and tag_el.text else None
-              label = f"Entry {i+1} (<tag>{tag or '?'}</tag>)"
-
-              # -- Required Joomla fields --
-              for field in REQUIRED_FIELDS:
-                  el = u.find(field)
-                  if el is None or not (el.text or "").strip():
-                      print(f"::error::{label}: missing required <{field}>")
-                      errors += 1
-
-              # -- <downloads><downloadurl> --
-              dl = u.find("downloads/downloadurl")
-              if dl is None or not (dl.text or "").strip():
-                  print(f"::error::{label}: missing <downloads><downloadurl>")
-                  errors += 1
-              else:
-                  dl_url = dl.text.strip()
-                  # Must point to org repo
-                  if REPO_BASE not in dl_url:
-                      print(f"::error::{label}: download URL not under {REPO_BASE}: {dl_url}")
-                      errors += 1
-                  # Must end in .zip
-                  if not dl_url.endswith(".zip"):
-                      print(f"::error::{label}: download URL must end in .zip: {dl_url}")
-                      errors += 1
-                  # Must use correct Gitea release tag in path
-                  if tag and tag in RELEASE_TAG_MAP:
-                      expected_tag = RELEASE_TAG_MAP[tag]
-                      if f"/download/{expected_tag}/" not in dl_url:
-                          print(f"::error::{label}: download URL should contain /download/{expected_tag}/ but got: {dl_url}")
-                          errors += 1
-
-              # -- <client> (required for Joomla to match update) --
-              client = u.find("client")
-              if client is None or not (client.text or "").strip():
-                  print(f"::error::{label}: missing <client> (required for Joomla update matching)")
-                  errors += 1
-
-              # -- <targetplatform> --
-              tp = u.find("targetplatform")
-              if tp is None:
-                  print(f"::error::{label}: missing <targetplatform>")
-                  errors += 1
-              else:
-                  tp_name = tp.get("name", "")
-                  tp_ver = tp.get("version", "")
-                  if tp_name != "joomla":
-                      print(f"::error::{label}: targetplatform name should be 'joomla', got '{tp_name}'")
-                      errors += 1
-                  if not tp_ver:
-                      print(f"::error::{label}: targetplatform missing version regex")
-                      errors += 1
-                  elif "5" not in tp_ver or "6" not in tp_ver:
-                      print(f"::warning::{label}: targetplatform version may not cover Joomla 5+6: {tp_ver}")
-                      warnings += 1
-
-              # -- <type> must be valid Joomla type --
-              type_el = u.find("type")
-              if type_el is not None and type_el.text:
-                  valid_types = {"component", "module", "plugin", "template", "library", "package", "file"}
-                  if type_el.text.strip() not in valid_types:
-                      print(f"::error::{label}: invalid type '{type_el.text}' (expected: {valid_types})")
-                      errors += 1
-
-              # -- <version> format (XX.YY.ZZ with optional suffix) --
-              ver_el = u.find("version")
-              if ver_el is not None and ver_el.text:
-                  if not re.match(r"^\d{2}\.\d{2}\.\d{2}(-\w+)?$", ver_el.text.strip()):
-                      print(f"::warning::{label}: version '{ver_el.text}' does not match XX.YY.ZZ format")
-                      warnings += 1
-
-              # -- <maintainer> and <maintainerurl> --
-              for field in ["maintainer", "maintainerurl"]:
-                  el = u.find(field)
-                  if el is None or not (el.text or "").strip():
-                      print(f"::warning::{label}: missing <{field}>")
-                      warnings += 1
-
-              # -- Valid stability tag --
-              if tag is None:
-                  print(f"::error::{label}: missing <tags><tag>")
-                  errors += 1
-              elif tag not in VALID_TAGS:
-                  print(f"::error::{label}: invalid tag '{tag}' (expected: {VALID_TAGS})")
-                  errors += 1
-
-              # -- Duplicate tag check --
-              norm_tag = "dev" if tag == "development" else tag
-              if norm_tag in seen_tags:
-                  print(f"::error::{label}: duplicate channel '{tag}'")
-                  errors += 1
-              if norm_tag:
-                  seen_tags.add(norm_tag)
-
-          # -- All 5 channels must exist --
-          missing = REQUIRED_CHANNELS - seen_tags
-          if missing:
-              print(f"::error::Missing required update channels: {', '.join(sorted(missing))}")
-              errors += 1
-
-          # -- Version ordering: higher stability must not exceed dev version --
-          channel_versions = {}
-          for u in updates:
-              tag_el = u.find("tags/tag")
-              ver_el = u.find("version")
-              if tag_el is not None and ver_el is not None and tag_el.text and ver_el.text:
-                  norm = "dev" if tag_el.text.strip() == "development" else tag_el.text.strip()
-                  # Strip suffix for comparison (01.00.18-dev -> 01.00.18)
-                  base_ver = re.sub(r"-\w+$", "", ver_el.text.strip())
-                  channel_versions[norm] = base_ver
-
-          # Cascade check: dev >= alpha >= beta >= rc >= stable
-          ORDER = ["dev", "alpha", "beta", "rc", "stable"]
-          for j in range(1, len(ORDER)):
-              current = ORDER[j]
-              previous = ORDER[j - 1]
-              if current in channel_versions and previous in channel_versions:
-                  if channel_versions[current] > channel_versions[previous]:
-                      print(f"::error::{current} version ({channel_versions[current]}) is ahead of {previous} ({channel_versions[previous]})")
-                      errors += 1
-
-          # -- Summary --
-          print(f"\nupdates.xml validation: {len(updates)} entries, {errors} error(s), {warnings} warning(s)")
-          if errors > 0:
-              sys.exit(1)
-          PYEOF
-
       - name: Summary
         if: always()
         run: |
-          echo "## Joomla Update Server" >> $GITHUB_STEP_SUMMARY
+          VERSION="${{ steps.meta.outputs.version }}"
+          STABILITY="${{ steps.meta.outputs.stability }}"
+          DISPLAY="${{ steps.meta.outputs.display_version }}"
+          echo "## Update Server" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
           echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
           echo "| Stability | \`${STABILITY}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Version | \`${DISPLAY_VERSION}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Element | \`${EXT_ELEMENT}\` |" >> $GITHUB_STEP_SUMMARY
-          echo "| Download | [ZIP](${DOWNLOAD_URL}) |" >> $GITHUB_STEP_SUMMARY
+          echo "| Version | \`${DISPLAY}\` |" >> $GITHUB_STEP_SUMMARY

CHANGELOG.md

@@ -1,12 +1,221 @@
 # Changelog
 
-<!-- VERSION: 01.00.00 -->
+## [Unreleased]
 
-All notable changes to MokoJoomCross will be documented in this file.
+
+<!-- VERSION: 01.02.00 -->
+
+All notable changes to MokoSuiteCross will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
-## [Unreleased]
+## [01.02.00] --- 2026-06-21
+
+### Changed
+- **Rebrand complete**: All 1,151 language key references renamed from `MOKOJOOMCROSS` to `MOKOSUITECROSS` across .ini, .xml, and .php files
+- **Event names**: All Joomla events renamed from `onMokoJoomCross*` to `onMokoSuiteCross*`
+- **Telegram default bot**: Updated from @MokoWaaSBot to @mokosuite_bot with obfuscated embedded token
+- **Branding**: All `MokoWaaS` references updated to `MokoSuite` across codebase, wiki, and docs
+- **Wiki**: Reorganized into folder structure (getting-started/, user-guide/, services/, developer/)
+- **README**: Updated with all 36 implemented service plugins and current feature list
+- **PR workflow**: Added README/CHANGELOG diff check — blocks PRs that modify source without updating CHANGELOG
+
+### Fixed
+- **SendGrid**: Removed duplicate `curl_setopt_array` with undefined `$token` variable in `publish()`
+- **Reddit**: Removed duplicate `curl_setopt_array` with undefined `$token` variable in `publish()`
+- **TikTok**: Removed duplicate `curl_setopt_array` in `publish()`
+- **Pinterest**: Removed duplicate `curl_setopt_array` in `publish()`
+- **Telegram**: Added missing `<config>` section to plugin XML for parse_mode and disable_preview settings
+
+### Fixed (previous)
+- **C-1 OauthController**: Added CSRF nonce validation to OAuth callback — session-based nonce is generated during `authorize()`, embedded in the state parameter, and verified in `callback()` to prevent CSRF attacks
+- **C-2 DispatchController**: Added POST method enforcement — rejects non-POST requests with 405 status
+- **C-5 ServiceModel**: Credential form fields (`cred_*`) are now collected into the `credentials` JSON column on save, and expanded back into individual fields on load — previously these fields were silently discarded
+- **H-1 Event pattern**: Fixed Joomla 5 SubscriberInterface incompatibility where `onMokoSuiteCrossGetServices` by-reference pattern silently lost all service plugins — dispatchers now read plugin instances from Event ArrayAccess indices after dispatch
+- **H-4 ServiceTable**: Added `check()` method with alias generation, required field validation (title, service_type), timestamp management, and JSON defaults for credentials/params
+- **H-9 WebhookService**: Fixed credential key mismatch — `publish()` and `validateCredentials()` now use keys matching the service.xml form fields (`url`, `method`, `auth_type`, `bearer_token`, `basic_username`, `basic_password`, `content_type`) and properly apply Bearer/Basic auth headers
+- **M-4 ServiceIconHelper**: Escaped `$extraClass` parameter in `renderIcon()` with `htmlspecialchars()` to prevent XSS
+- **M-5 Content plugin**: Fixed double-escaped HTML in cross-post history panel — uses `setFieldAttribute()` to inject history HTML into the note field description after XML load, avoiding XML attribute encoding
+
+- **Content plugin**: Fixed `onContentBeforeDisplay` signature for Joomla 5/6 — now accepts `BeforeDisplayEvent` object instead of individual parameters
+
+- **QueueProcessor**: Replaced read-then-write DB lock with MySQL advisory locks (`GET_LOCK`/`RELEASE_LOCK`) to eliminate race condition
+- **Twitter/X**: Replaced Bearer token auth with OAuth 1.0a (HMAC-SHA1) — Bearer tokens are app-only and cannot create tweets
+- **service.xml**: Fixed missing closing `</field>` tag on webhook method field
+- **Views**: Added missing `Toolbar` and `Route` imports in Logs, Posts, Services, Template, Templates HtmlView files
+- **13 service plugins**: Fixed broken `publish()` methods that had literal placeholder URLs instead of using credential values — ActivityPub, Blogger, Ghost, Google Business, Hashnode, Matrix, Medium, Nostr, RSS Feed, Threads, Tumblr, WhatsApp, WordPress
+- **Ghost**: Proper JWT auth from `{id}:{secret}` admin API key format
+- **WordPress**: Correct Basic Auth (not Bearer) with Application Passwords
+- **Medium**: 2-step flow — fetch user ID via /v1/me, then post
+- **Matrix**: PUT with transaction ID for idempotent message sending
+- **Hashnode**: GraphQL mutation with proper query structure
+- **Threads**: 2-step container creation + publish flow
+- **WhatsApp**: Meta Cloud API with messaging_product payload
+- **Nostr**: Stub with clear "not yet implemented" message (requires WebSocket)
+- **RSS Feed**: Local service — no external API, always succeeds
+
+
+### Added
+- **ServiceIconHelper**: Centralised icon mapping for all 34 service types — replaces per-template icon arrays with `ServiceIconHelper::getIcon()` / `::renderIcon()`
+- **Service Stats drill-down**: New `servicestats` view with per-service analytics — post counts, success rate, daily trend chart, recent posts table, and top articles list
+- **Dashboard service links**: Service breakdown table rows now link to the per-service stats view with service type icons
+- **Posts list icons**: Service type column in the posts list now shows the service icon
+- **Category routing rules**: New `#__mokosuitecross_category_rules` table to whitelist services per Joomla category — if rules exist for a category, only those services receive posts; no rules = all services (backward compatible)
+- **CrossPostDispatcher**: Category rule filtering integrated before per-article service filter in the dispatch loop
+- **Template editor**: Live character counter below template body textarea with platform-aware limits (green/yellow/red badges)
+- **Template editor**: Added `{tags}`, `{hashtags}`, and `{field:xxx}` rows to the placeholder reference table
+- **Content plugin**: Cross-post history panel in article editor showing last 10 posts with status badges, service names, timestamps, and error messages
+- **Config**: New "Category Rules" fieldset with explanatory note about the feature
+
+- **CrossPostDispatcher**: New static helper (`com_mokosuitecross/Helper/CrossPostDispatcher`) centralising dispatch logic for reuse by all source plugins
+- **Content plugin**: Added `onContentAfterSave` and `onContentChangeState` handlers with Joomla 5/6 event compatibility, dispatching via `CrossPostDispatcher`
+- **plg_system_mokosuitecross_events**: New source plugin for MokoSuiteCalendar — cross-posts calendar events when published
+- **plg_system_mokosuitecross_gallery**: New source plugin for MokoSuiteGallery — cross-posts galleries and images when published
+
+- **Credential fields**: Added fields for 19 previously missing services (Pinterest, Tumblr, TikTok, Nostr, ActivityPub, Brevo, ConvertKit, Constant Contact, Hashnode, Blogger, Google Business, RSS Feed config)
+- **Twitter**: Access Token and Access Token Secret fields for OAuth 1.0a
+- **LinkedIn**: Refresh token field for automatic token renewal
+- **Bluesky**: PDS URL field for self-hosted instances
+- **Discord**: Username and avatar URL override fields
+- **Mailchimp**: From name and from email fields
+- **SendGrid**: From email and from name fields
+- **Reddit**: Account password field for script-type OAuth
+- **WordPress**: Default post status selector (draft/publish)
+- **Dev.to**: Organization ID field
+- **Ghost**: Default post status selector (draft/published)
+- **Webhook**: Auth type selector (none/bearer/basic), auth token field, content type selector (JSON/form)
+- **RSS Feed**: Feed title and max items config fields
+- **OAuth services**: Added Pinterest, Tumblr, TikTok, Constant Contact, Blogger, Google Business to OAuth authorize flow
+- **Developer Guide**: Comprehensive wiki page for building new service plugins
+- **Help articles**: 42 KB articles on mokoconsulting.tech (overview, installation, 34 per-service guides, templates, queue, troubleshooting)
+- **Service help link**: Per-service "Setup Guide" button in service edit sidebar links to the matching KB article
+- **Evergreen re-sharing**: Articles can be marked as evergreen for automatic recurring cross-posts on a configurable interval (default 30 days)
+- **Post edit form**: Full CRUD for queue posts — edit message, reschedule, change status, re-queue failed posts
+- **Manual post creator**: New button in Post Queue toolbar to create manual cross-posts with article/service selection, custom message, and optional scheduling
+- **Scheduled posts**: Calendar picker for scheduling posts to specific date/time; scheduled_at shown in queue list
+- **Dashboard trend chart**: Chart.js line chart showing daily posted vs failed counts between stat cards and service breakdown
+- **Dashboard date range filter**: Period selector (7/30/90 days, all time) filters service breakdown, top articles, and trend chart
+- **Hashtag placeholders**: `{tags}` (comma-separated) and `{hashtags}` (#-prefixed space-separated) template placeholders from article tags
+- **Posts service filter**: SQL-driven service dropdown filter in posts list, plus search filter by article title or message content
+- **CSV export**: "Export CSV" toolbar button on posts list to download filtered post data as CSV
+- **WordPress canonical URL**: WordPress cross-posts now include an "Originally published at" source link appended to content with the Joomla article URL
+- **REST API dispatch endpoint**: `POST /api/v1/mokosuitecross/dispatch` — trigger cross-posts for an article via API with optional service filtering, duplicate guard, and template rendering
+
+
+### Added (original)
+
+#### Core Engine
+- Cross-posting engine dispatches articles to service plugins on publish
+- System plugin hooks `onContentAfterSave` and `onContentChangeState`
+- Duplicate guard prevents re-posting to services that already received an article
+- Message template rendering with 8 placeholders: `{title}`, `{url}`, `{introtext}`, `{fulltext}`, `{image}`, `{category}`, `{author}`, `{date}`
+- Custom `mokosuitecross` plugin group for extensible service architecture
+- `MokoSuiteCrossServiceInterface` contract for all service plugins
+
+#### Admin Component (5 views)
+- **Dashboard** — summary cards, posts-by-service analytics with success rates, top cross-posted articles, recent activity feed, PP Pro migration banner, page-load processing warning
+- **Post Queue** — list with color-coded status badges, error messages, retry counts, platform post IDs, article/service columns, date filters
+- **Services** — CRUD with service type selector (34 platforms organized by category), default/custom mode badges, publish toggle, credential editor
+- **Templates** — CRUD for message templates, per-platform assignment, placeholder reference panel, template body preview
+- **Activity Logs** — list with level badges (info/warning/error), service column, context data, level and search filters
+
+#### Queue Processing (3 methods)
+- Joomla Scheduled Task plugin (`plg_task_mokosuitecross`) — preferred, processes 20 posts per run
+- Page-load fallback via system plugin `onAfterRender` — configurable throttle interval, backend/frontend/both
+- Shared `QueueProcessor` helper with DB lock to prevent concurrent execution
+- Failed post retry with configurable max retries and exponential delay
+- Scheduled post support (`scheduled_at` column)
+- Automatic log cleanup based on configurable retention period
+
+#### Per-Article Controls
+- "Cross-Posting" fieldset injected into article editor via `onContentPrepareForm`
+- Skip cross-posting toggle per article
+- Service selection checkboxes (unchecked = post to all enabled services)
+
+#### OAuth 2.0
+- `OAuthHelper` with authorization URL generation, code-to-token exchange, token storage
+- Twitter PKCE flow support
+- `OauthController` with authorize and callback endpoints
+- Reads client ID/secret from service plugin params
+
+#### Perfect Publisher Pro Migration
+- Reads `#__autotweet_channels` table with per-platform credential mapping
+- Fallback extraction from component params when channel table missing
+- Maps Facebook, Twitter, LinkedIn, Telegram, Discord, Slack, Mastodon
+- Creates services in disabled state for manual verification
+- One-click migration from dashboard
+
+#### Service Plugins (34 platforms)
+
+**Social Media (12)**
+- Facebook / Meta — Graph API v19.0, default MokoSuite app mode, page feed posting
+- X / Twitter — API v2, OAuth 2.0 Bearer Token, 280 char limit
+- LinkedIn — Share API v2, organization + personal profile, 3000 char limit
+- Mastodon — API v1, multi-instance, hashtags, 500 char limit
+- Bluesky — AT Protocol, session auth, app passwords, 300 char limit
+- Threads (Meta) — Threads Publishing API, default app mode, 500 char limit
+- Pinterest — Pins API v5, board selection, image-focused
+- Reddit — OAuth2 link submission, subreddit selection
+- Tumblr — API v2, link/text posts, OAuth 1.0a
+- TikTok — Content Posting API, photo slideshows
+- Nostr — NIP-01 event publishing, configurable relays
+- ActivityPub — generic Fediverse (Pleroma, Akkoma, Misskey, Pixelfed)
+
+**Chat / Messaging (8)**
+- Telegram — Bot API, default @mokosuite_bot + custom bot, HTML/Markdown, 4096 chars
+- Discord — Webhooks, default MokoSuite webhook mode, embeds, 2000 chars
+- Slack — Incoming Webhooks, default MokoSuite webhook mode, Block Kit
+- Microsoft Teams — Incoming Webhooks, default mode, Adaptive Cards
+- Google Chat — Webhook API, card formatting
+- WhatsApp Business — Meta Cloud API, template + free-form messages
+- Matrix / Element — Client-Server API, self-hosted homeserver support
+- Ntfy — Push notifications, priority levels, action buttons
+
+**Email / Newsletter (5)**
+- Mailchimp — Campaigns API, audience selection, send/draft modes
+- SendGrid — Marketing Campaigns API v3, Single Send creation
+- Brevo (Sendinblue) — API v3, campaign creation
+- ConvertKit — API v3, broadcast creation
+- Constant Contact — API v3, campaign creation
+
+**Publishing / Blogging (6)**
+- Medium — Publishing API, full HTML, canonical URL, tags
+- WordPress — REST API v2, Application Passwords, category mapping
+- Dev.to — Forem API, markdown, series support
+- Ghost — Admin API v5, JWT auth, full HTML
+- Hashnode — GraphQL API, cover image, tags
+- Google Blogger — Blogger API v3, labels from categories
+
+**Business (1)**
+- Google Business Profile — API v1, local posts (UPDATE/EVENT/OFFER)
+
+**Universal (2)**
+- Generic Webhook — POST/PUT to any URL, JSON/form body, custom headers (IFTTT, Zapier, n8n, Make)
+- RSS Feed — dedicated cross-post feed generation
+
+#### Plugin Configuration
+- Telegram: default bot token, parse mode, link preview toggle
+- Facebook: default page access token, default page ID
+- Discord: default webhook URL, embed color
+- Slack: default webhook URL
+- LinkedIn: OAuth client ID/secret, redirect URI
+- Mastodon: default instance URL, visibility, hashtags
+- Bluesky: default PDS URL, auto link cards
+- Mailchimp: default sender name/email, auto-send toggle
+- Microsoft Teams: default webhook URL
+- Threads: default webhook URL
+
+#### Infrastructure
+- 7 CI/CD workflows: CI, auto-release, pre-release, auto-bump, update-server, cascade-dev, issue-branch
+- Joomla update server (`updates.xml`) with development channel
+- WebServices REST API plugin with CRUD routes for posts and services
+- Database: 4 tables (services, posts, templates, logs) with default templates
+- Package installer with auto-enable for core + task + service plugins
+- 9 wiki documentation pages
+- Windows Terminal profile in Joomla dropdown
+
+
+## [01.01.00] - 2026-06-19
 
 ### Added
 - Initial package structure with component, system plugin, content plugin, and webservices plugin
@@ -14,9 +223,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - System plugin triggering cross-post on article publish via `onContentAfterSave`
 - Content plugin adding cross-post controls to article editor
 - WebServices API plugin with REST endpoints for posts and services
-- Custom `mokojoomcross` plugin group for extensible service architecture
+- Custom `mokosuitecross` plugin group for extensible service architecture
 - Service plugins: Facebook, X/Twitter, LinkedIn, Mastodon, Bluesky, Mailchimp, Telegram, Discord, Slack
 - Database tables: services, posts, templates, logs
 - Perfect Publisher Pro migration tool in installer script
 - Message template system with per-platform placeholders
 - Post queue with scheduled posting, retry logic, and delivery tracking
+
+## [01.00] - 2026-05-28
+
+### Added
+- Initial release

CLAUDE.md

@@ -4,7 +4,7 @@ This file provides guidance to Claude Code when working with this repository.
 
 ## Project Overview
 
-**MokoJoomCross** -- Cross-posting Joomla content to social media, email marketing, and chat platforms
+**MokoSuiteCross** -- Cross-posting Joomla content to social media, email marketing, and chat platforms
 
 | Field | Value |
 |---|---|
@@ -12,7 +12,7 @@ This file provides guidance to Claude Code when working with this repository.
 | **Language** | PHP |
 | **Default branch** | main |
 | **License** | GPL-3.0-or-later |
-| **Wiki** | [MokoJoomCross Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoJoomCross/wiki) |
+| **Wiki** | [MokoSuiteCross Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteCross/wiki) |
 | **Standards** | [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home) |
 
 ## Common Commands
@@ -32,60 +32,60 @@ composer install  # Install PHP dependencies
 
 ## Architecture
 
-This is a Joomla **package** extension (`pkg_mokojoomcross`) containing sub-extensions:
+This is a Joomla **package** extension (`pkg_mokosuitecross`) containing sub-extensions:
 
-### com_mokojoomcross (Component)
+### com_mokosuitecross (Component)
 - Admin backend for managing services, post queue, templates, and logs
 - Joomla 5/6 MVC: Dashboard, Services, Posts, Logs (list/edit each)
-- Namespace: `Joomla\Component\MokoJoomCross\Administrator`
-- Database tables: `#__mokojoomcross_services`, `#__mokojoomcross_posts`, `#__mokojoomcross_templates`, `#__mokojoomcross_logs`
+- Namespace: `Joomla\Component\MokoSuiteCross\Administrator`
+- Database tables: `#__mokosuitecross_services`, `#__mokosuitecross_posts`, `#__mokosuitecross_templates`, `#__mokosuitecross_logs`
 
-### plg_system_mokojoomcross (System Plugin)
+### plg_system_mokosuitecross (System Plugin)
 - Hooks `onContentAfterSave` to trigger cross-posting when articles are published
-- Dispatches to registered service plugins via the `mokojoomcross` plugin group
-- Namespace: `Joomla\Plugin\System\MokoJoomCross`
+- Dispatches to registered service plugins via the `mokosuitecross` plugin group
+- Namespace: `Joomla\Plugin\System\MokoSuiteCross`
 
-### plg_content_mokojoomcross (Content Plugin)
+### plg_content_mokosuitecross (Content Plugin)
 - Hooks `onContentBeforeDisplay` to add cross-post status badges to articles
-- Namespace: `Joomla\Plugin\Content\MokoJoomCross`
+- Namespace: `Joomla\Plugin\Content\MokoSuiteCross`
 
-### plg_webservices_mokojoomcross (WebServices Plugin)
+### plg_webservices_mokosuitecross (WebServices Plugin)
 - REST API endpoints for posts and services
-- Namespace: `Joomla\Plugin\WebServices\MokoJoomCross`
+- Namespace: `Joomla\Plugin\WebServices\MokoSuiteCross`
 
-### Service Plugins (mokojoomcross group)
-Each platform is a separate plugin in the custom `mokojoomcross` plugin group:
-- `plg_mokojoomcross_facebook` — Facebook/Meta Graph API
-- `plg_mokojoomcross_twitter` — X/Twitter API v2
-- `plg_mokojoomcross_linkedin` — LinkedIn Share API
-- `plg_mokojoomcross_mastodon` — Mastodon API
-- `plg_mokojoomcross_bluesky` — Bluesky AT Protocol
-- `plg_mokojoomcross_mailchimp` — Mailchimp Campaigns API
-- `plg_mokojoomcross_telegram` — Telegram Bot API (default @MokoWaaSBot + custom bot)
-- `plg_mokojoomcross_discord` — Discord Webhooks
-- `plg_mokojoomcross_slack` — Slack Incoming Webhooks
+### Service Plugins (mokosuitecross group)
+Each platform is a separate plugin in the custom `mokosuitecross` plugin group:
+- `plg_mokosuitecross_facebook` — Facebook/Meta Graph API
+- `plg_mokosuitecross_twitter` — X/Twitter API v2
+- `plg_mokosuitecross_linkedin` — LinkedIn Share API
+- `plg_mokosuitecross_mastodon` — Mastodon API
+- `plg_mokosuitecross_bluesky` — Bluesky AT Protocol
+- `plg_mokosuitecross_mailchimp` — Mailchimp Campaigns API
+- `plg_mokosuitecross_telegram` — Telegram Bot API (default @mokosuite_bot + custom bot)
+- `plg_mokosuitecross_discord` — Discord Webhooks
+- `plg_mokosuitecross_slack` — Slack Incoming Webhooks
 
 ### Database Schema
 
 Four tables:
 
-`#__mokojoomcross_services`:
+`#__mokosuitecross_services`:
 - `id`, `title`, `alias`, `service_type` (facebook, twitter, etc.)
 - `credentials` (JSON encrypted), `params` (JSON)
 - `published`, `ordering`, `created`, `modified`, `created_by`
 
-`#__mokojoomcross_posts`:
+`#__mokosuitecross_posts`:
 - `id`, `article_id` (FK to #__content), `service_id` (FK)
 - `status` (queued/posting/posted/failed/scheduled)
 - `message`, `platform_post_id`, `platform_response` (JSON)
 - `scheduled_at`, `posted_at`, `retry_count`
 - `created`, `modified`
 
-`#__mokojoomcross_templates`:
+`#__mokosuitecross_templates`:
 - `id`, `service_type`, `title`, `template_body`
 - `published`, `ordering`, `created`, `modified`
 
-`#__mokojoomcross_logs`:
+`#__mokosuitecross_logs`:
 - `id`, `post_id` (FK), `service_id` (FK)
 - `level` (info/warning/error), `message`, `context` (JSON)
 - `created`
@@ -109,4 +109,4 @@ Four tables:
 - `bind() → check() → store()` for Table operations (not `save()`)
 - Language file placement: site (no `folder`) vs admin (`folder="administrator"`)
 - SPDX license headers on all PHP files
-- Service plugins MUST implement `MokoJoomCrossServiceInterface`
+- Service plugins MUST implement `MokoSuiteCrossServiceInterface`

CONTRIBUTING.md

@@ -0,0 +1,161 @@
+# Contributing to Moko Consulting Projects
+
+Thank you for your interest in contributing. All Moko Consulting repositories follow this universal workflow and version policy.
+
+## Branching Workflow
+
+```
+feature/* ──PR──> dev ──draft PR──> (renamed to rc) ──merge──> main
+```
+
+### Step by step
+
+1. **Create a feature branch** from `dev`:
+   ```bash
+   git checkout dev && git pull
+   git checkout -b feature/my-change
+   ```
+
+2. **Work and commit** on your feature branch. Push to origin.
+
+3. **Open a PR**: `feature/my-change` → `dev`. After review and checks, merge it.
+
+4. **When ready for release**, open a **draft PR**: `dev` → `main`.
+   - This automatically renames the source branch to `rc` (release candidate)
+   - An RC pre-release is built and uploaded
+
+5. **Alpha and beta branches** are created by manually renaming the branch before the RC stage:
+   - Rename `dev` to `alpha` for early testing → alpha pre-release is built
+   - Rename `alpha` to `beta` for feature-complete testing → beta pre-release is built
+   - When the draft PR is created, the branch is renamed to `rc`
+
+6. **Once PR checks pass** on the `rc` branch, mark the PR as ready and merge to `main`.
+
+7. **Merging to main** triggers the stable release pipeline:
+   - Minor version bump (e.g., `02.09.xx` → `02.10.00`)
+   - Stability suffix stripped (clean version)
+   - Gitea release created with ZIP/tar.gz packages
+   - `updates.xml` updated (Joomla extensions)
+   - `dev` branch recreated from `main`
+
+### Branch summary
+
+| Branch | Purpose | Created by |
+|--------|---------|-----------|
+| `feature/*` | New features and fixes | Developer |
+| `dev` | Integration branch | Auto-recreated after release |
+| `alpha` | Alpha pre-release testing | Manual rename from `dev` |
+| `beta` | Beta pre-release testing | Manual rename from `alpha` |
+| `rc` | Release candidate | Auto-renamed on draft PR to main |
+| `main` | Stable releases | Protected, merge only |
+| `version/XX.YY.ZZ` | Archived release snapshots | Auto-created by CI |
+
+### Protected branches
+
+| Branch | Direct push | Merge via |
+|--------|------------|-----------|
+| `main` | Blocked (CI bot whitelisted) | PR merge only |
+| `dev` | Blocked (CI bot whitelisted) | PR merge from feature/* |
+| `rc` | Blocked (CI bot whitelisted) | Auto-created on draft PR |
+| `alpha` | Blocked (CI bot whitelisted) | Manual rename |
+| `beta` | Blocked (CI bot whitelisted) | Manual rename |
+| `feature/*` | Open | N/A (source branch) |
+
+## Version Policy
+
+### Format
+
+All versions use `XX.YY.ZZ` — three two-digit segments, zero-padded:
+
+- **XX** — Major version (breaking changes)
+- **YY** — Minor version (new features, bumped on release to main)
+- **ZZ** — Patch version (auto-incremented on every push to dev/feature branches)
+
+Rollover: patch `99` → `00` increments minor; minor `99` → `00` increments major.
+
+### Stability suffixes
+
+Each branch appends a suffix to indicate stability:
+
+| Branch | Suffix | Example |
+|--------|--------|---------|
+| `main` | (none) | `02.09.00` |
+| `dev` | `-dev` | `02.09.01-dev` |
+| `feature/*` | `-dev` | `02.09.01-dev` |
+| `alpha` | `-alpha` | `02.09.01-alpha` |
+| `beta` | `-beta` | `02.09.01-beta` |
+| `rc` | `-rc` | `02.09.01-rc` |
+
+### Auto version bump
+
+On every push to `dev`, `feature/*`, or `patch/*`:
+
+1. Patch version incremented
+2. Stability suffix `-dev` applied
+3. All version-bearing files updated (manifests, CHANGELOG, PHP headers, etc.)
+4. Commit created with `[skip ci]` to avoid loops
+
+### Release version flow
+
+Version bumps happen at specific release events:
+
+| Event | Bump | Example |
+|-------|------|---------|
+| Feature merged to dev | Patch bump after dev release | `02.09.01-dev` → release → `02.09.02-dev` |
+| Dev promoted to RC | Minor bump | `02.09.02-dev` → `02.10.00-rc` |
+| RC merged to main | Minor bump | `02.10.00-rc` → `02.11.00` (stable) |
+| Dev recreated from main | Patch bump | `02.11.00` → `02.11.01-dev` |
+
+### Release stream copies
+
+When a higher-stability release is published, copies are created for all lesser streams with the same base version:
+
+- **RC `02.10.00-rc`** also creates: `02.10.00-dev`, `02.10.00-alpha`, `02.10.00-beta`
+- **Stable `02.11.00`** also creates: `02.11.00-dev`, `02.11.00-alpha`, `02.11.00-beta`, `02.11.00-rc`
+
+This ensures Joomla sites on ANY stability channel see the update (Joomla only shows versions higher than what's installed).
+
+### Version files
+
+The version tools update all files containing version stamps:
+
+- `.mokogitea/manifest.xml` (canonical source)
+- Joomla XML manifests (`<version>` tag)
+- `README.md`, `CHANGELOG.md` (`VERSION:` pattern)
+- `package.json`, `pyproject.toml`
+- Any text file with a `VERSION: XX.YY.ZZ` label
+
+Files synced from other repos (with a `# REPO:` header) are not touched.
+
+## Code Standards
+
+- **PHP**: PSR-12, tabs for indentation
+- **Copyright**: all files must include the Moko Consulting copyright header
+- **License**: SPDX identifier `GPL-3.0-or-later` (or as specified per repo)
+- **Attribution**: use `Authored-by: Moko Consulting` in commits, not individual names
+
+## Commit Messages
+
+Use conventional commit format:
+
+```
+type(scope): short description
+
+Optional body with context.
+
+Authored-by: Moko Consulting
+```
+
+Types: `feat`, `fix`, `chore`, `docs`, `style`, `refactor`, `test`, `ci`
+
+Special flags in commit messages:
+- `[skip ci]` — skip all CI workflows
+- `[skip bump]` — skip auto version bump only
+
+## Reporting Issues
+
+Use the repository's issue tracker with the appropriate template.
+
+---
+
+*Moko Consulting <hello@mokoconsulting.tech>*

Makefile

@@ -2,14 +2,14 @@
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
-# MokoJoomCross — Cross-posting Joomla content to social media, email marketing, and chat platforms
+# MokoSuiteCross — Cross-posting Joomla content to social media, email marketing, and chat platforms
 
 # ==============================================================================
 # CONFIGURATION - Customize these for your extension
 # ==============================================================================
 
 # Extension Configuration
-EXTENSION_NAME := mokojoomcross
+EXTENSION_NAME := mokosuitecross
 EXTENSION_TYPE := package
 # Options: module, plugin, component, package, template
 EXTENSION_VERSION := 1.0.0

README.md

@@ -1,50 +1,99 @@
-# MokoJoomCross
+# MokoSuiteCross
 
-<!-- VERSION: 01.00.00-dev -->
+<!-- VERSION: 01.02.00 -->
 
 Cross-posting Joomla content to social media, email marketing, and chat platforms for Joomla 5/6.
 
 ## Overview
 
-MokoJoomCross automatically publishes your Joomla articles to multiple platforms when you hit publish. Connect your social media accounts, email marketing tools, and chat channels — then cross-post with one click. Each platform is a separate plugin, so you only install what you need and third-party developers can add new services.
+MokoSuiteCross automatically publishes your Joomla articles to multiple platforms when you hit publish. Connect your social media accounts, email marketing tools, and chat channels — then cross-post with one click. Each platform is a separate plugin, so you only install what you need and third-party developers can add new services.
 
 ## Features
 
 - **One-click cross-posting** — Publish to all connected platforms when an article goes live
 - **Plugin-based services** — Each platform is a separate plugin; install only what you need
+- **Default bot mode** — Pre-configured bots for Telegram (@mokosuite_bot), Discord, and Slack — just add your channel
 - **Post queue** — Scheduled posting, retry on failure, detailed delivery logs
-- **Message templates** — Customize post format per platform with placeholders ({title}, {url}, {intro}, {image})
+- **Message templates** — Customize post format per platform with placeholders ({title}, {url}, {intro}, {image}, {tags}, {field:xxx})
 - **Post history** — Track what was posted where, with platform response data
+- **Evergreen re-sharing** — Automatically re-share articles on a configurable interval
+- **Category routing** — Route articles to specific services by Joomla category
 - **Migration** — Import settings from Perfect Publisher Pro
 - **REST API** — WebServices plugin for headless/external integration
 
-### Supported Platforms
+### Supported Platforms (36)
 
+#### Social Media
 | Platform | Plugin | Status |
 |----------|--------|--------|
-| Facebook / Meta | `plg_mokojoomcross_facebook` | Planned |
-| X / Twitter | `plg_mokojoomcross_twitter` | Planned |
-| LinkedIn | `plg_mokojoomcross_linkedin` | Planned |
-| Mastodon | `plg_mokojoomcross_mastodon` | Planned |
-| Bluesky | `plg_mokojoomcross_bluesky` | Planned |
-| Mailchimp | `plg_mokojoomcross_mailchimp` | Planned |
-| Telegram | `plg_mokojoomcross_telegram` | Planned |
-| Discord | `plg_mokojoomcross_discord` | Planned |
-| Slack | `plg_mokojoomcross_slack` | Planned |
+| Facebook / Meta | `plg_mokosuitecross_facebook` | Implemented |
+| X / Twitter | `plg_mokosuitecross_twitter` | Implemented |
+| LinkedIn | `plg_mokosuitecross_linkedin` | Implemented |
+| Mastodon | `plg_mokosuitecross_mastodon` | Implemented |
+| Bluesky | `plg_mokosuitecross_bluesky` | Implemented |
+| Threads | `plg_mokosuitecross_threads` | Implemented |
+| Pinterest | `plg_mokosuitecross_pinterest` | Implemented |
+| Reddit | `plg_mokosuitecross_reddit` | Implemented |
+| TikTok | `plg_mokosuitecross_tiktok` | Implemented |
+| Tumblr | `plg_mokosuitecross_tumblr` | Implemented |
+
+#### Email Marketing
+| Platform | Plugin | Status |
+|----------|--------|--------|
+| Mailchimp | `plg_mokosuitecross_mailchimp` | Implemented |
+| SendGrid | `plg_mokosuitecross_sendgrid` | Implemented |
+| Brevo | `plg_mokosuitecross_brevo` | Implemented |
+| Constant Contact | `plg_mokosuitecross_constantcontact` | Implemented |
+| ConvertKit | `plg_mokosuitecross_convertkit` | Implemented |
+
+#### Chat / Messaging
+| Platform | Plugin | Status |
+|----------|--------|--------|
+| Telegram | `plg_mokosuitecross_telegram` | Implemented |
+| Discord | `plg_mokosuitecross_discord` | Implemented |
+| Slack | `plg_mokosuitecross_slack` | Implemented |
+| Microsoft Teams | `plg_mokosuitecross_teams` | Implemented |
+| WhatsApp | `plg_mokosuitecross_whatsapp` | Implemented |
+| Google Chat | `plg_mokosuitecross_googlechat` | Implemented |
+| Matrix | `plg_mokosuitecross_matrix` | Implemented |
+| Ntfy | `plg_mokosuitecross_ntfy` | Implemented |
+
+#### Publishing Platforms
+| Platform | Plugin | Status |
+|----------|--------|--------|
+| WordPress | `plg_mokosuitecross_wordpress` | Implemented |
+| Medium | `plg_mokosuitecross_medium` | Implemented |
+| Dev.to | `plg_mokosuitecross_devto` | Implemented |
+| Ghost | `plg_mokosuitecross_ghost` | Implemented |
+| Hashnode | `plg_mokosuitecross_hashnode` | Implemented |
+| Blogger | `plg_mokosuitecross_blogger` | Implemented |
+
+#### Other
+| Platform | Plugin | Status |
+|----------|--------|--------|
+| Webhook | `plg_mokosuitecross_webhook` | Implemented |
+| RSS Feed | `plg_mokosuitecross_rssfeed` | Implemented |
+| ActivityPub | `plg_mokosuitecross_activitypub` | Implemented |
+| Google Business | `plg_mokosuitecross_googlebusiness` | Implemented |
+| Nostr | `plg_mokosuitecross_nostr` | Stub (WebSocket deferred) |
 
 ## Installation
 
-1. Download the latest `pkg_mokojoomcross-*.zip` from [Releases](https://git.mokoconsulting.tech/MokoConsulting/MokoJoomCross/releases)
+1. Download the latest `pkg_mokosuitecross-*.zip` from [Releases](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteCross/releases)
 2. In Joomla Administrator → Extensions → Install → Upload Package File
 3. System and content plugins are enabled automatically on install
-4. Navigate to Components → MokoJoomCross to connect your first service
+4. Navigate to Components → MokoSuiteCross to connect your first service
+
+## Documentation
+
+See the [Wiki](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteCross/wiki) for full documentation.
 
 ## Migrating from Perfect Publisher Pro
 
-MokoJoomCross includes a built-in migration tool:
+MokoSuiteCross includes a built-in migration tool:
 
-1. Install MokoJoomCross (Perfect Publisher Pro can remain installed)
-2. Navigate to Components → MokoJoomCross → Dashboard
+1. Install MokoSuiteCross (Perfect Publisher Pro can remain installed)
+2. Navigate to Components → MokoSuiteCross → Dashboard
 3. Click "Migrate from Perfect Publisher Pro"
 4. Review detected services and confirm import
 

automation/ci-issue-reporter.sh

@@ -0,0 +1,237 @@
+#!/usr/bin/env bash
+# ============================================================================
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Automation.CI
+# INGROUP: moko-platform.Automation
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /automation/ci-issue-reporter.sh
+# VERSION: 09.23.00
+# BRIEF: Creates or updates a Gitea issue when a CI gate fails.
+#        Deduplicates by searching open issues with the "ci-auto" label
+#        whose title matches the gate. If a matching issue exists, a comment
+#        is appended instead of opening a duplicate.
+# ============================================================================
+
+set -euo pipefail
+
+# ── Defaults ────────────────────────────────────────────────────────────────
+GITEA_URL="${GITEA_URL:-https://git.mokoconsulting.tech}"
+GITEA_TOKEN="${GITEA_TOKEN:-}"
+REPO="${GITHUB_REPOSITORY:-}"
+RUN_URL="${GITHUB_SERVER_URL:-${GITEA_URL}}/${REPO}/actions/runs/${GITHUB_RUN_ID:-0}"
+LABEL_NAME="ci-auto"
+LABEL_COLOR="#e11d48"
+
+GATE=""
+DETAILS=""
+SEVERITY="error"
+WORKFLOW=""
+
+# ── Parse arguments ─────────────────────────────────────────────────────────
+usage() {
+  cat <<EOF
+Usage: ci-issue-reporter.sh --gate NAME --details TEXT [OPTIONS]
+
+Required:
+  --gate      CI gate name (e.g. "Code Quality", "Self-Health")
+  --details   Human-readable failure description
+
+Optional:
+  --severity  "error" (default) or "warning"
+  --workflow  Workflow name for the issue title
+  --repo      owner/repo (default: \$GITHUB_REPOSITORY)
+  --run-url   URL to the CI run (auto-detected from env)
+  --token     Gitea API token (default: \$GITEA_TOKEN)
+  --url       Gitea base URL (default: \$GITEA_URL)
+EOF
+  exit 1
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --gate)     GATE="$2";       shift 2 ;;
+    --details)  DETAILS="$2";    shift 2 ;;
+    --severity) SEVERITY="$2";   shift 2 ;;
+    --workflow) WORKFLOW="$2";   shift 2 ;;
+    --repo)     REPO="$2";      shift 2 ;;
+    --run-url)  RUN_URL="$2";   shift 2 ;;
+    --token)    GITEA_TOKEN="$2"; shift 2 ;;
+    --url)      GITEA_URL="$2"; shift 2 ;;
+    -h|--help)  usage ;;
+    *)          echo "Unknown option: $1"; usage ;;
+  esac
+done
+
+[[ -z "$GATE" ]]         && { echo "ERROR: --gate is required"; usage; }
+[[ -z "$DETAILS" ]]      && { echo "ERROR: --details is required"; usage; }
+[[ -z "$GITEA_TOKEN" ]]  && { echo "ERROR: GITEA_TOKEN not set"; exit 1; }
+[[ -z "$REPO" ]]         && { echo "ERROR: GITHUB_REPOSITORY not set"; exit 1; }
+
+API="${GITEA_URL}/api/v1/repos/${REPO}"
+
+# ── Build title ─────────────────────────────────────────────────────────────
+if [[ -n "$WORKFLOW" ]]; then
+  TITLE="[CI] ${WORKFLOW}: ${GATE} failed"
+else
+  TITLE="[CI] ${GATE} failed"
+fi
+
+# ── Ensure label exists ─────────────────────────────────────────────────────
+ensure_label() {
+  local exists
+  exists=$(curl -sf -o /dev/null -w '%{http_code}' \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/labels" 2>/dev/null || echo "000")
+
+  if [[ "$exists" == "200" ]]; then
+    # Check if label already exists
+    local found
+    found=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -o "\"name\":\"${LABEL_NAME}\"" || true)
+
+    if [[ -z "$found" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/labels" \
+        -d "{\"name\":\"${LABEL_NAME}\",\"color\":\"${LABEL_COLOR}\",\"description\":\"Auto-created by CI issue reporter\"}" \
+        > /dev/null 2>&1 || true
+    fi
+  fi
+}
+
+# ── Search for existing open issue ──────────────────────────────────────────
+find_existing_issue() {
+  # URL-encode the gate name for the query
+  local query
+  query=$(printf '%s' "[CI] ${GATE}" | sed 's/ /%20/g; s/\[/%5B/g; s/\]/%5D/g')
+
+  local response
+  response=$(curl -sf \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    "${API}/issues?type=issues&state=open&labels=${LABEL_NAME}&q=${query}&limit=5" \
+    2>/dev/null || echo "[]")
+
+  # Extract the first matching issue number
+  echo "$response" \
+    | grep -oP '"number":\s*\K[0-9]+' \
+    | head -1
+}
+
+# ── Build issue body ────────────────────────────────────────────────────────
+build_body() {
+  local severity_badge
+  if [[ "$SEVERITY" == "error" ]]; then
+    severity_badge="**Severity:** Error"
+  else
+    severity_badge="**Severity:** Warning"
+  fi
+
+  cat <<BODY
+## CI Gate Failure: ${GATE}
+
+${severity_badge}
+**Workflow:** ${WORKFLOW:-unknown}
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+### Details
+
+${DETAILS}
+
+### Resolution
+
+Fix the issue described above and push a new commit. This issue will be closed automatically when the gate passes, or can be closed manually.
+
+---
+*Auto-created by [ci-issue-reporter](${GITEA_URL}/${REPO}/src/branch/main/automation/ci-issue-reporter.sh)*
+BODY
+}
+
+# ── Build comment body (for existing issues) ────────────────────────────────
+build_comment() {
+  cat <<COMMENT
+### CI failure recurrence
+
+**Branch:** ${GITHUB_REF_NAME:-unknown}
+**Commit:** \`${GITHUB_SHA:0:8}\`
+**Run:** [View CI run](${RUN_URL})
+
+${DETAILS}
+COMMENT
+}
+
+# ── Main ────────────────────────────────────────────────────────────────────
+ensure_label
+
+EXISTING=$(find_existing_issue)
+
+if [[ -n "$EXISTING" ]]; then
+  # Append comment to existing issue
+  COMMENT_BODY=$(build_comment)
+  COMMENT_JSON=$(printf '%s' "$COMMENT_BODY" | python3 -c "
+import sys, json
+print(json.dumps({'body': sys.stdin.read()}))" 2>/dev/null)
+
+  HTTP=$(curl -sf -o /dev/null -w '%{http_code}' -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues/${EXISTING}/comments" \
+    -d "${COMMENT_JSON}" 2>/dev/null || echo "000")
+
+  if [[ "$HTTP" == "201" ]]; then
+    echo "Commented on existing issue #${EXISTING}"
+  else
+    echo "WARNING: Failed to comment on issue #${EXISTING} (HTTP ${HTTP})"
+  fi
+else
+  # Create new issue
+  ISSUE_BODY=$(build_body)
+  ISSUE_JSON=$(python3 -c "
+import sys, json
+body = sys.stdin.read()
+print(json.dumps({
+    'title': sys.argv[1],
+    'body': body,
+    'labels': []
+}))" "$TITLE" <<< "$ISSUE_BODY" 2>/dev/null)
+
+  # Create the issue
+  RESPONSE=$(curl -sf -X POST \
+    -H "Authorization: token ${GITEA_TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${API}/issues" \
+    -d "${ISSUE_JSON}" 2>/dev/null || echo "{}")
+
+  ISSUE_NUM=$(echo "$RESPONSE" | grep -oP '"number":\s*\K[0-9]+' | head -1)
+
+  if [[ -n "$ISSUE_NUM" ]]; then
+    # Apply label (separate call — more reliable across Gitea versions)
+    LABEL_ID=$(curl -sf \
+      -H "Authorization: token ${GITEA_TOKEN}" \
+      "${API}/labels" 2>/dev/null \
+      | grep -oP "\"id\":\s*\K[0-9]+(?=[^}]*\"name\":\s*\"${LABEL_NAME}\")" \
+      | head -1 || true)
+
+    if [[ -n "$LABEL_ID" ]]; then
+      curl -sf -X POST \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${API}/issues/${ISSUE_NUM}/labels" \
+        -d "{\"labels\":[${LABEL_ID}]}" \
+        > /dev/null 2>&1 || true
+    fi
+
+    echo "Created issue #${ISSUE_NUM}: ${TITLE}"
+  else
+    echo "WARNING: Failed to create issue"
+    echo "Response: ${RESPONSE}"
+  fi
+fi

composer.json

@@ -1,5 +1,5 @@
 {
-    "name": "mokoconsulting/mokojoomcross",
+    "name": "mokoconsulting/mokosuitecross",
     "description": "Cross-posting Joomla content to social media, email marketing, and chat platforms",
     "type": "joomla-package",
     "version": "01.00.00",

source/language/en-GB/pkg_mokosuitecross.sys.ini

@@ -0,0 +1,8 @@
+; MokoSuiteCross - Package System Language File
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+PKG_MOKOSUITECROSS="MokoSuiteCross"
+PKG_MOKOSUITECROSS_DESCRIPTION="Cross-posting Joomla content to social media, email marketing, and chat platforms. Automatically publish articles to Facebook, X/Twitter, LinkedIn, Mastodon, Bluesky, Mailchimp, Telegram, Discord, and Slack."
+PKG_MOKOSUITECROSS_PHP_VERSION_ERROR="MokoSuiteCross requires PHP %s or later."
+PKG_MOKOSUITECROSS_MIGRATION_DETECTED="Perfect Publisher Pro detected! Navigate to Components → MokoSuiteCross → Dashboard to migrate your settings."

source/packages/com_mokosuitecross/access.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<access component="com_mokojoomcross">
+<access component="com_mokosuitecross">
     <section name="component">
         <action name="core.admin" title="JACTION_ADMIN" />
         <action name="core.options" title="JACTION_OPTIONS" />
@@ -8,7 +8,7 @@
         <action name="core.delete" title="JACTION_DELETE" />
         <action name="core.edit" title="JACTION_EDIT" />
         <action name="core.edit.state" title="JACTION_EDITSTATE" />
-        <action name="mokojoomcross.crosspost" title="COM_MOKOJOOMCROSS_ACTION_CROSSPOST" />
-        <action name="mokojoomcross.migrate" title="COM_MOKOJOOMCROSS_ACTION_MIGRATE" />
+        <action name="mokosuitecross.crosspost" title="COM_MOKOSUITECROSS_ACTION_CROSSPOST" />
+        <action name="mokosuitecross.migrate" title="COM_MOKOSUITECROSS_ACTION_MIGRATE" />
     </section>
 </access>

source/packages/com_mokosuitecross/config.xml

@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<config>
+    <fieldset name="component" label="COM_MOKOSUITECROSS_CONFIG_COMPONENT">
+        <field
+            name="auto_post_on_publish"
+            type="radio"
+            label="COM_MOKOSUITECROSS_CONFIG_AUTO_POST"
+            description="COM_MOKOSUITECROSS_CONFIG_AUTO_POST_DESC"
+            default="1"
+            class="btn-group">
+            <option value="1">JYES</option>
+            <option value="0">JNO</option>
+        </field>
+
+        <field
+            name="post_on_first_publish_only"
+            type="radio"
+            label="COM_MOKOSUITECROSS_CONFIG_FIRST_PUBLISH_ONLY"
+            description="COM_MOKOSUITECROSS_CONFIG_FIRST_PUBLISH_ONLY_DESC"
+            default="0"
+            class="btn-group"
+            showon="auto_post_on_publish:1">
+            <option value="1">JYES</option>
+            <option value="0">JNO</option>
+        </field>
+
+        <field
+            name="retry_max"
+            type="number"
+            label="COM_MOKOSUITECROSS_CONFIG_RETRY_MAX"
+            description="COM_MOKOSUITECROSS_CONFIG_RETRY_MAX_DESC"
+            default="3"
+            min="0"
+            max="10"
+        />
+
+        <field
+            name="retry_delay"
+            type="number"
+            label="COM_MOKOSUITECROSS_CONFIG_RETRY_DELAY"
+            description="COM_MOKOSUITECROSS_CONFIG_RETRY_DELAY_DESC"
+            default="300"
+            min="60"
+            max="3600"
+        />
+
+        <field
+            name="log_retention_days"
+            type="number"
+            label="COM_MOKOSUITECROSS_CONFIG_LOG_RETENTION"
+            description="COM_MOKOSUITECROSS_CONFIG_LOG_RETENTION_DESC"
+            default="90"
+            min="7"
+            max="365"
+        />
+
+        <field
+            name="default_template"
+            type="textarea"
+            label="COM_MOKOSUITECROSS_CONFIG_DEFAULT_TEMPLATE"
+            description="COM_MOKOSUITECROSS_CONFIG_DEFAULT_TEMPLATE_DESC"
+            default="{title}\n\n{introtext}\n\n{url}"
+            rows="4"
+        />
+    </fieldset>
+
+    <fieldset name="evergreen" label="COM_MOKOSUITECROSS_CONFIG_EVERGREEN">
+        <field
+            name="evergreen_enabled"
+            type="radio"
+            label="COM_MOKOSUITECROSS_CONFIG_EVERGREEN_ENABLED"
+            description="COM_MOKOSUITECROSS_CONFIG_EVERGREEN_ENABLED_DESC"
+            default="1"
+            class="btn-group">
+            <option value="1">JYES</option>
+            <option value="0">JNO</option>
+        </field>
+
+        <field
+            name="evergreen_default_interval"
+            type="number"
+            label="COM_MOKOSUITECROSS_CONFIG_EVERGREEN_DEFAULT_INTERVAL"
+            description="COM_MOKOSUITECROSS_CONFIG_EVERGREEN_DEFAULT_INTERVAL_DESC"
+            default="30"
+            min="1"
+            max="365"
+            showon="evergreen_enabled:1"
+        />
+
+        <field
+            name="evergreen_max_per_run"
+            type="number"
+            label="COM_MOKOSUITECROSS_CONFIG_EVERGREEN_MAX_PER_RUN"
+            description="COM_MOKOSUITECROSS_CONFIG_EVERGREEN_MAX_PER_RUN_DESC"
+            default="3"
+            min="1"
+            max="20"
+            showon="evergreen_enabled:1"
+        />
+    </fieldset>
+
+    <fieldset name="queue" label="COM_MOKOSUITECROSS_CONFIG_QUEUE">
+        <field
+            name="queue_processing"
+            type="list"
+            label="COM_MOKOSUITECROSS_CONFIG_QUEUE_PROCESSING"
+            description="COM_MOKOSUITECROSS_CONFIG_QUEUE_PROCESSING_DESC"
+            default="scheduler">
+            <option value="scheduler">COM_MOKOSUITECROSS_CONFIG_QUEUE_SCHEDULER</option>
+            <option value="pageload">COM_MOKOSUITECROSS_CONFIG_QUEUE_PAGELOAD</option>
+            <option value="both">COM_MOKOSUITECROSS_CONFIG_QUEUE_BOTH</option>
+        </field>
+
+        <field
+            name="pageload_client"
+            type="list"
+            label="COM_MOKOSUITECROSS_CONFIG_PAGELOAD_CLIENT"
+            description="COM_MOKOSUITECROSS_CONFIG_PAGELOAD_CLIENT_DESC"
+            default="both"
+            showon="queue_processing:pageload,both">
+            <option value="both">COM_MOKOSUITECROSS_CONFIG_PAGELOAD_BOTH</option>
+            <option value="admin">COM_MOKOSUITECROSS_CONFIG_PAGELOAD_ADMIN</option>
+            <option value="site">COM_MOKOSUITECROSS_CONFIG_PAGELOAD_SITE</option>
+        </field>
+
+        <field
+            name="pageload_interval"
+            type="number"
+            label="COM_MOKOSUITECROSS_CONFIG_PAGELOAD_INTERVAL"
+            description="COM_MOKOSUITECROSS_CONFIG_PAGELOAD_INTERVAL_DESC"
+            default="300"
+            min="60"
+            max="3600"
+            showon="queue_processing:pageload,both"
+        />
+    </fieldset>
+
+    <fieldset name="category_rules" label="COM_MOKOSUITECROSS_CONFIG_CATEGORY_RULES">
+        <field
+            name="category_rules_note"
+            type="note"
+            label="COM_MOKOSUITECROSS_CONFIG_CATEGORY_RULES_NOTE"
+            description="COM_MOKOSUITECROSS_CONFIG_CATEGORY_RULES_NOTE_DESC"
+        />
+    </fieldset>
+</config>

source/packages/com_mokosuitecross/forms/filter_logs.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<form>
+    <fields name="filter">
+        <field
+            name="search"
+            type="text"
+            label="COM_MOKOSUITECROSS_FILTER_SEARCH"
+            hint="JSEARCH_FILTER"
+        />
+
+        <field
+            name="level"
+            type="list"
+            label="COM_MOKOSUITECROSS_FILTER_LEVEL"
+            onchange="this.form.submit();">
+            <option value="">COM_MOKOSUITECROSS_SELECT_LEVEL</option>
+            <option value="info">Info</option>
+            <option value="warning">Warning</option>
+            <option value="error">Error</option>
+        </field>
+    </fields>
+
+    <fields name="list">
+        <field
+            name="fullordering"
+            type="list"
+            label="JGLOBAL_SORT_BY"
+            default="a.created DESC"
+            onchange="this.form.submit();">
+            <option value="">JGLOBAL_SORT_BY</option>
+            <option value="a.created ASC">COM_MOKOSUITECROSS_CREATED_ASC</option>
+            <option value="a.created DESC">COM_MOKOSUITECROSS_CREATED_DESC</option>
+            <option value="a.level ASC">COM_MOKOSUITECROSS_LEVEL_ASC</option>
+            <option value="a.level DESC">COM_MOKOSUITECROSS_LEVEL_DESC</option>
+        </field>
+    </fields>
+</form>

source/packages/com_mokosuitecross/forms/filter_posts.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<form>
+    <fields name="filter">
+        <field
+            name="search"
+            type="text"
+            label="COM_MOKOSUITECROSS_FILTER_SEARCH"
+            hint="JSEARCH_FILTER"
+        />
+
+        <field
+            name="status"
+            type="list"
+            label="COM_MOKOSUITECROSS_FILTER_STATUS"
+            onchange="this.form.submit();">
+            <option value="">COM_MOKOSUITECROSS_SELECT_STATUS</option>
+            <option value="queued">Queued</option>
+            <option value="posting">Posting</option>
+            <option value="posted">Posted</option>
+            <option value="failed">Failed</option>
+            <option value="scheduled">Scheduled</option>
+        </field>
+
+        <field
+            name="service_id"
+            type="sql"
+            label="COM_MOKOSUITECROSS_FILTER_SERVICE_TYPE"
+            onchange="this.form.submit();"
+            sql_select="id, CONCAT(title, ' (', service_type, ')') AS title"
+            sql_from="#__mokosuitecross_services"
+            key_field="id"
+            value_field="title"
+            sql_order="ordering ASC">
+            <option value="">COM_MOKOSUITECROSS_SELECT_SERVICE</option>
+        </field>
+    </fields>
+
+    <fields name="list">
+        <field
+            name="fullordering"
+            type="list"
+            label="JGLOBAL_SORT_BY"
+            default="a.created DESC"
+            onchange="this.form.submit();">
+            <option value="">JGLOBAL_SORT_BY</option>
+            <option value="a.created ASC">COM_MOKOSUITECROSS_CREATED_ASC</option>
+            <option value="a.created DESC">COM_MOKOSUITECROSS_CREATED_DESC</option>
+            <option value="a.status ASC">COM_MOKOSUITECROSS_STATUS_ASC</option>
+            <option value="a.status DESC">COM_MOKOSUITECROSS_STATUS_DESC</option>
+        </field>
+    </fields>
+</form>

source/packages/com_mokosuitecross/forms/filter_services.xml

@@ -4,7 +4,7 @@
         <field
             name="search"
             type="text"
-            label="COM_MOKOJOOMCROSS_FILTER_SEARCH"
+            label="COM_MOKOSUITECROSS_FILTER_SEARCH"
             hint="JSEARCH_FILTER"
         />
 
@@ -19,9 +19,9 @@
         <field
             name="service_type"
             type="list"
-            label="COM_MOKOJOOMCROSS_FILTER_SERVICE_TYPE"
+            label="COM_MOKOSUITECROSS_FILTER_SERVICE_TYPE"
             onchange="this.form.submit();">
-            <option value="">COM_MOKOJOOMCROSS_SELECT_SERVICE_TYPE</option>
+            <option value="">COM_MOKOSUITECROSS_SELECT_SERVICE_TYPE</option>
             <option value="facebook">Facebook</option>
             <option value="twitter">X / Twitter</option>
             <option value="linkedin">LinkedIn</option>

source/packages/com_mokosuitecross/forms/filter_templates.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<form>
+    <fields name="filter">
+        <field
+            name="search"
+            type="text"
+            label="COM_MOKOSUITECROSS_FILTER_SEARCH"
+            hint="JSEARCH_FILTER"
+        />
+
+        <field
+            name="published"
+            type="status"
+            label="JOPTION_SELECT_PUBLISHED"
+            onchange="this.form.submit();">
+            <option value="">JOPTION_SELECT_PUBLISHED</option>
+        </field>
+
+        <field
+            name="service_type"
+            type="list"
+            label="COM_MOKOSUITECROSS_FILTER_SERVICE_TYPE"
+            onchange="this.form.submit();">
+            <option value="">COM_MOKOSUITECROSS_SELECT_SERVICE_TYPE</option>
+            <option value="default">Default</option>
+            <option value="facebook">Facebook</option>
+            <option value="twitter">X / Twitter</option>
+            <option value="linkedin">LinkedIn</option>
+            <option value="mastodon">Mastodon</option>
+            <option value="bluesky">Bluesky</option>
+            <option value="mailchimp">Mailchimp</option>
+            <option value="telegram">Telegram</option>
+            <option value="discord">Discord</option>
+            <option value="slack">Slack</option>
+        </field>
+    </fields>
+
+    <fields name="list">
+        <field
+            name="fullordering"
+            type="list"
+            label="JGLOBAL_SORT_BY"
+            default="a.ordering ASC"
+            onchange="this.form.submit();">
+            <option value="">JGLOBAL_SORT_BY</option>
+            <option value="a.title ASC">JGLOBAL_TITLE_ASC</option>
+            <option value="a.title DESC">JGLOBAL_TITLE_DESC</option>
+            <option value="a.ordering ASC">JGLOBAL_ORDERING_ASC</option>
+        </field>
+    </fields>
+</form>

source/packages/com_mokosuitecross/forms/post.xml

@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<form>
+    <fieldset name="details">
+        <field
+            name="id"
+            type="hidden"
+        />
+
+        <field
+            name="article_id"
+            type="sql"
+            label="COM_MOKOSUITECROSS_POST_ARTICLE"
+            description="COM_MOKOSUITECROSS_POST_ARTICLE_DESC"
+            required="true"
+            sql_select="id, title"
+            sql_from="#__content"
+            sql_filter="true"
+            sql_default_title="- Select Article -"
+            key_field="id"
+            value_field="title"
+            sql_order="title ASC"
+        >
+            <option value="">COM_MOKOSUITECROSS_SELECT_ARTICLE</option>
+        </field>
+
+        <field
+            name="service_id"
+            type="sql"
+            label="COM_MOKOSUITECROSS_POST_SERVICE"
+            description="COM_MOKOSUITECROSS_POST_SERVICE_DESC"
+            required="true"
+            sql_select="id, CONCAT(title, ' (', service_type, ')') AS title"
+            sql_from="#__mokosuitecross_services"
+            sql_filter="true"
+            sql_default_title="- Select Service -"
+            sql_where="published = 1"
+            key_field="id"
+            value_field="title"
+            sql_order="ordering ASC"
+        >
+            <option value="">COM_MOKOSUITECROSS_SELECT_SERVICE</option>
+        </field>
+
+        <field
+            name="message"
+            type="textarea"
+            label="COM_MOKOSUITECROSS_POST_MESSAGE"
+            description="COM_MOKOSUITECROSS_POST_MESSAGE_DESC"
+            rows="6"
+            cols="60"
+            required="true"
+        />
+
+        <field
+            name="status"
+            type="list"
+            label="COM_MOKOSUITECROSS_POST_STATUS"
+            default="queued">
+            <option value="queued">COM_MOKOSUITECROSS_STATUS_QUEUED</option>
+            <option value="scheduled">COM_MOKOSUITECROSS_STATUS_SCHEDULED</option>
+            <option value="posted">COM_MOKOSUITECROSS_STATUS_POSTED</option>
+            <option value="failed">COM_MOKOSUITECROSS_STATUS_FAILED</option>
+        </field>
+
+        <field
+            name="scheduled_at"
+            type="calendar"
+            label="COM_MOKOSUITECROSS_POST_SCHEDULED_AT"
+            description="COM_MOKOSUITECROSS_POST_SCHEDULED_AT_DESC"
+            showtime="true"
+            format="%Y-%m-%d %H:%M:%S"
+        />
+    </fieldset>
+
+    <fieldset name="readonly" label="COM_MOKOSUITECROSS_POST_RESULTS">
+        <field
+            name="platform_post_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_POST_PLATFORM_ID"
+            readonly="true"
+        />
+
+        <field
+            name="error_message"
+            type="textarea"
+            label="COM_MOKOSUITECROSS_POST_ERROR"
+            readonly="true"
+            rows="3"
+        />
+
+        <field
+            name="retry_count"
+            type="number"
+            label="COM_MOKOSUITECROSS_POST_RETRY_COUNT"
+            readonly="true"
+        />
+
+        <field
+            name="posted_at"
+            type="calendar"
+            label="COM_MOKOSUITECROSS_POST_POSTED_AT"
+            readonly="true"
+            showtime="true"
+            format="%Y-%m-%d %H:%M:%S"
+        />
+
+        <field
+            name="created"
+            type="calendar"
+            label="JGLOBAL_CREATED"
+            readonly="true"
+            showtime="true"
+            format="%Y-%m-%d %H:%M:%S"
+        />
+
+        <field
+            name="modified"
+            type="calendar"
+            label="JGLOBAL_MODIFIED"
+            readonly="true"
+            showtime="true"
+            format="%Y-%m-%d %H:%M:%S"
+        />
+    </fieldset>
+</form>

source/packages/com_mokosuitecross/forms/service.xml

@@ -0,0 +1,910 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<form>
+    <fieldset name="details">
+        <field
+            name="id"
+            type="hidden"
+        />
+
+        <field
+            name="title"
+            type="text"
+            label="JGLOBAL_TITLE"
+            required="true"
+            size="40"
+        />
+
+        <field
+            name="alias"
+            type="text"
+            label="JFIELD_ALIAS_LABEL"
+            size="40"
+        />
+
+        <field
+            name="service_type"
+            type="list"
+            label="COM_MOKOSUITECROSS_FIELD_SERVICE_TYPE"
+            required="true"
+            default="">
+            <option value="">COM_MOKOSUITECROSS_SELECT_SERVICE_TYPE</option>
+            <!-- Social Media -->
+            <option value="facebook">Facebook / Meta</option>
+            <option value="twitter">X / Twitter</option>
+            <option value="linkedin">LinkedIn</option>
+            <option value="mastodon">Mastodon</option>
+            <option value="bluesky">Bluesky</option>
+            <option value="threads">Threads (Meta)</option>
+            <option value="pinterest">Pinterest</option>
+            <option value="reddit">Reddit</option>
+            <option value="tumblr">Tumblr</option>
+            <option value="tiktok">TikTok</option>
+            <option value="nostr">Nostr</option>
+            <option value="activitypub">ActivityPub (Fediverse)</option>
+            <!-- Chat / Messaging -->
+            <option value="telegram">Telegram</option>
+            <option value="discord">Discord</option>
+            <option value="slack">Slack</option>
+            <option value="teams">Microsoft Teams</option>
+            <option value="googlechat">Google Chat</option>
+            <option value="whatsapp">WhatsApp Business</option>
+            <option value="matrix">Matrix / Element</option>
+            <option value="ntfy">Ntfy (Push Notifications)</option>
+            <!-- Email / Newsletter -->
+            <option value="mailchimp">Mailchimp</option>
+            <option value="sendgrid">SendGrid</option>
+            <option value="brevo">Brevo (Sendinblue)</option>
+            <option value="convertkit">ConvertKit</option>
+            <option value="constantcontact">Constant Contact</option>
+            <!-- Publishing / Blogging -->
+            <option value="medium">Medium</option>
+            <option value="wordpress">WordPress</option>
+            <option value="devto">Dev.to</option>
+            <option value="ghost">Ghost</option>
+            <option value="hashnode">Hashnode</option>
+            <option value="blogger">Google Blogger</option>
+            <!-- Business -->
+            <option value="googlebusiness">Google Business Profile</option>
+            <!-- Other -->
+            <option value="webhook">Generic Webhook</option>
+            <option value="rssfeed">RSS Feed</option>
+        </field>
+
+        <field
+            name="published"
+            type="list"
+            label="JSTATUS"
+            default="1">
+            <option value="1">JPUBLISHED</option>
+            <option value="0">JUNPUBLISHED</option>
+        </field>
+
+        <field
+            name="ordering"
+            type="ordering"
+            label="JFIELD_ORDERING_LABEL"
+        />
+    </fieldset>
+
+    <!-- ============================================================ -->
+    <!-- Per-service credential fields using showon                    -->
+    <!-- ============================================================ -->
+
+    <!-- Mode selector for services with default bot support -->
+    <fieldset name="credentials" label="COM_MOKOSUITECROSS_FIELDSET_CREDENTIALS">
+
+        <field
+            name="cred_mode"
+            type="list"
+            label="COM_MOKOSUITECROSS_FIELD_CRED_MODE"
+            description="COM_MOKOSUITECROSS_FIELD_CRED_MODE_DESC"
+            default="default"
+            showon="service_type:telegram,discord,slack,teams,facebook,threads">
+            <option value="default">COM_MOKOSUITECROSS_CRED_MODE_DEFAULT</option>
+            <option value="custom">COM_MOKOSUITECROSS_CRED_MODE_CUSTOM</option>
+        </field>
+
+        <!-- ======== TELEGRAM ======== -->
+        <field
+            name="cred_telegram_chat_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_TELEGRAM_CHAT_ID"
+            description="COM_MOKOSUITECROSS_CRED_TELEGRAM_CHAT_ID_DESC"
+            showon="service_type:telegram"
+            size="40"
+        />
+        <field
+            name="cred_telegram_bot_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_TELEGRAM_BOT_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_TELEGRAM_BOT_TOKEN_DESC"
+            showon="service_type:telegram[AND]cred_mode:custom"
+            size="60"
+        />
+
+        <!-- ======== DISCORD ======== -->
+        <field
+            name="cred_discord_webhook_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_DISCORD_WEBHOOK"
+            description="COM_MOKOSUITECROSS_CRED_DISCORD_WEBHOOK_DESC"
+            showon="service_type:discord[AND]cred_mode:custom"
+            size="80"
+        />
+        <field
+            name="cred_discord_username"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_DISCORD_USERNAME"
+            description="COM_MOKOSUITECROSS_CRED_DISCORD_USERNAME_DESC"
+            showon="service_type:discord"
+            size="40"
+        />
+        <field
+            name="cred_discord_avatar_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_DISCORD_AVATAR"
+            description="COM_MOKOSUITECROSS_CRED_DISCORD_AVATAR_DESC"
+            showon="service_type:discord"
+            size="80"
+        />
+
+        <!-- ======== SLACK ======== -->
+        <field
+            name="cred_slack_webhook_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_SLACK_WEBHOOK"
+            description="COM_MOKOSUITECROSS_CRED_SLACK_WEBHOOK_DESC"
+            showon="service_type:slack[AND]cred_mode:custom"
+            size="80"
+        />
+
+        <!-- ======== MICROSOFT TEAMS ======== -->
+        <field
+            name="cred_teams_webhook_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_TEAMS_WEBHOOK"
+            description="COM_MOKOSUITECROSS_CRED_TEAMS_WEBHOOK_DESC"
+            showon="service_type:teams[AND]cred_mode:custom"
+            size="80"
+        />
+
+        <!-- ======== GOOGLE CHAT ======== -->
+        <field
+            name="cred_googlechat_webhook_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_GOOGLECHAT_WEBHOOK"
+            description="COM_MOKOSUITECROSS_CRED_GOOGLECHAT_WEBHOOK_DESC"
+            showon="service_type:googlechat"
+            size="80"
+        />
+
+        <!-- ======== FACEBOOK ======== -->
+        <field
+            name="cred_facebook_page_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_FACEBOOK_PAGE_ID"
+            description="COM_MOKOSUITECROSS_CRED_FACEBOOK_PAGE_ID_DESC"
+            showon="service_type:facebook"
+            size="40"
+        />
+        <field
+            name="cred_facebook_page_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_FACEBOOK_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_FACEBOOK_TOKEN_DESC"
+            showon="service_type:facebook[AND]cred_mode:custom"
+            size="60"
+        />
+
+        <!-- ======== THREADS ======== -->
+        <field
+            name="cred_threads_user_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_THREADS_USER_ID"
+            showon="service_type:threads"
+            size="40"
+        />
+        <field
+            name="cred_threads_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_THREADS_TOKEN"
+            showon="service_type:threads[AND]cred_mode:custom"
+            size="60"
+        />
+
+        <!-- ======== TWITTER / X (OAuth 1.0a — 4 keys required for posting) ======== -->
+        <field
+            name="cred_twitter_api_key"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_TWITTER_API_KEY"
+            description="COM_MOKOSUITECROSS_CRED_TWITTER_API_KEY_DESC"
+            showon="service_type:twitter"
+            size="40"
+        />
+        <field
+            name="cred_twitter_api_secret"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_TWITTER_API_SECRET"
+            description="COM_MOKOSUITECROSS_CRED_TWITTER_API_SECRET_DESC"
+            showon="service_type:twitter"
+            size="40"
+        />
+        <field
+            name="cred_twitter_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN_DESC"
+            showon="service_type:twitter"
+            size="60"
+        />
+        <field
+            name="cred_twitter_access_token_secret"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN_SECRET"
+            description="COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN_SECRET_DESC"
+            showon="service_type:twitter"
+            size="60"
+        />
+
+        <!-- ======== LINKEDIN ======== -->
+        <field
+            name="cred_linkedin_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_LINKEDIN_TOKEN"
+            showon="service_type:linkedin"
+            size="60"
+        />
+        <field
+            name="cred_linkedin_organization_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_LINKEDIN_ORG_ID"
+            description="COM_MOKOSUITECROSS_CRED_LINKEDIN_ORG_ID_DESC"
+            showon="service_type:linkedin"
+            size="40"
+        />
+        <field
+            name="cred_linkedin_refresh_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_LINKEDIN_REFRESH_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_LINKEDIN_REFRESH_TOKEN_DESC"
+            showon="service_type:linkedin"
+            size="60"
+        />
+
+        <!-- ======== MASTODON ======== -->
+        <field
+            name="cred_mastodon_instance_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_MASTODON_INSTANCE"
+            description="COM_MOKOSUITECROSS_CRED_MASTODON_INSTANCE_DESC"
+            showon="service_type:mastodon"
+            size="40"
+            default="https://mastodon.social"
+        />
+        <field
+            name="cred_mastodon_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_MASTODON_TOKEN"
+            showon="service_type:mastodon"
+            size="60"
+        />
+
+        <!-- ======== BLUESKY ======== -->
+        <field
+            name="cred_bluesky_handle"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_BLUESKY_HANDLE"
+            description="COM_MOKOSUITECROSS_CRED_BLUESKY_HANDLE_DESC"
+            showon="service_type:bluesky"
+            size="40"
+        />
+        <field
+            name="cred_bluesky_app_password"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_BLUESKY_APP_PWD"
+            description="COM_MOKOSUITECROSS_CRED_BLUESKY_APP_PWD_DESC"
+            showon="service_type:bluesky"
+            size="40"
+        />
+        <field
+            name="cred_bluesky_pds_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_BLUESKY_PDS_URL"
+            description="COM_MOKOSUITECROSS_CRED_BLUESKY_PDS_URL_DESC"
+            showon="service_type:bluesky"
+            size="40"
+            default="https://bsky.social"
+        />
+
+        <!-- ======== WHATSAPP ======== -->
+        <field
+            name="cred_whatsapp_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_WHATSAPP_TOKEN"
+            showon="service_type:whatsapp"
+            size="60"
+        />
+        <field
+            name="cred_whatsapp_phone_number_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_WHATSAPP_PHONE_ID"
+            showon="service_type:whatsapp"
+            size="40"
+        />
+        <field
+            name="cred_whatsapp_recipient"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_WHATSAPP_RECIPIENT"
+            description="COM_MOKOSUITECROSS_CRED_WHATSAPP_RECIPIENT_DESC"
+            showon="service_type:whatsapp"
+            size="40"
+        />
+
+        <!-- ======== MAILCHIMP ======== -->
+        <field
+            name="cred_mailchimp_api_key"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_MAILCHIMP_KEY"
+            description="COM_MOKOSUITECROSS_CRED_MAILCHIMP_KEY_DESC"
+            showon="service_type:mailchimp"
+            size="60"
+        />
+        <field
+            name="cred_mailchimp_list_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_MAILCHIMP_LIST"
+            description="COM_MOKOSUITECROSS_CRED_MAILCHIMP_LIST_DESC"
+            showon="service_type:mailchimp"
+            size="40"
+        />
+        <field
+            name="cred_mailchimp_from_name"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_NAME"
+            description="COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_NAME_DESC"
+            showon="service_type:mailchimp"
+            size="40"
+        />
+        <field
+            name="cred_mailchimp_from_email"
+            type="email"
+            label="COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_EMAIL"
+            description="COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_EMAIL_DESC"
+            showon="service_type:mailchimp"
+            size="40"
+        />
+
+        <!-- ======== SENDGRID ======== -->
+        <field
+            name="cred_sendgrid_api_key"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_SENDGRID_KEY"
+            showon="service_type:sendgrid"
+            size="60"
+        />
+        <field
+            name="cred_sendgrid_list_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_SENDGRID_LIST"
+            showon="service_type:sendgrid"
+            size="40"
+        />
+        <field
+            name="cred_sendgrid_from_email"
+            type="email"
+            label="COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_EMAIL"
+            description="COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_EMAIL_DESC"
+            showon="service_type:sendgrid"
+            size="40"
+        />
+        <field
+            name="cred_sendgrid_from_name"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_NAME"
+            description="COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_NAME_DESC"
+            showon="service_type:sendgrid"
+            size="40"
+        />
+
+        <!-- ======== GENERIC WEBHOOK ======== -->
+        <field
+            name="cred_webhook_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_WEBHOOK_URL"
+            description="COM_MOKOSUITECROSS_CRED_WEBHOOK_URL_DESC"
+            showon="service_type:webhook"
+            size="80"
+            required="true"
+        />
+        <field
+            name="cred_webhook_method"
+            type="list"
+            label="COM_MOKOSUITECROSS_CRED_WEBHOOK_METHOD"
+            showon="service_type:webhook"
+            default="POST">
+            <option value="POST">POST</option>
+            <option value="PUT">PUT</option>
+        </field>
+        <field
+            name="cred_webhook_auth_type"
+            type="list"
+            label="COM_MOKOSUITECROSS_CRED_WEBHOOK_AUTH_TYPE"
+            description="COM_MOKOSUITECROSS_CRED_WEBHOOK_AUTH_TYPE_DESC"
+            showon="service_type:webhook"
+            default="none">
+            <option value="none">COM_MOKOSUITECROSS_WEBHOOK_AUTH_NONE</option>
+            <option value="bearer">COM_MOKOSUITECROSS_WEBHOOK_AUTH_BEARER</option>
+            <option value="basic">COM_MOKOSUITECROSS_WEBHOOK_AUTH_BASIC</option>
+        </field>
+        <field
+            name="cred_webhook_bearer_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_WEBHOOK_BEARER_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_WEBHOOK_BEARER_TOKEN_DESC"
+            showon="service_type:webhook[AND]cred_webhook_auth_type:bearer"
+            size="60"
+        />
+        <field
+            name="cred_webhook_basic_username"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_WEBHOOK_BASIC_USER"
+            showon="service_type:webhook[AND]cred_webhook_auth_type:basic"
+            size="40"
+        />
+        <field
+            name="cred_webhook_basic_password"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_WEBHOOK_BASIC_PWD"
+            showon="service_type:webhook[AND]cred_webhook_auth_type:basic"
+            size="40"
+        />
+        <field
+            name="cred_webhook_content_type"
+            type="list"
+            label="COM_MOKOSUITECROSS_CRED_WEBHOOK_CONTENT_TYPE"
+            showon="service_type:webhook"
+            default="json">
+            <option value="json">application/json</option>
+            <option value="form">application/x-www-form-urlencoded</option>
+        </field>
+
+        <!-- ======== MATRIX ======== -->
+        <field
+            name="cred_matrix_homeserver"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_MATRIX_HOMESERVER"
+            showon="service_type:matrix"
+            size="40"
+            default="https://matrix.org"
+        />
+        <field
+            name="cred_matrix_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_MATRIX_TOKEN"
+            showon="service_type:matrix"
+            size="60"
+        />
+        <field
+            name="cred_matrix_room_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_MATRIX_ROOM"
+            description="COM_MOKOSUITECROSS_CRED_MATRIX_ROOM_DESC"
+            showon="service_type:matrix"
+            size="40"
+        />
+
+        <!-- ======== NTFY ======== -->
+        <field
+            name="cred_ntfy_server_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_NTFY_SERVER"
+            showon="service_type:ntfy"
+            size="40"
+            default="https://ntfy.sh"
+        />
+        <field
+            name="cred_ntfy_topic"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_NTFY_TOPIC"
+            description="COM_MOKOSUITECROSS_CRED_NTFY_TOPIC_DESC"
+            showon="service_type:ntfy"
+            size="40"
+            required="true"
+        />
+        <field
+            name="cred_ntfy_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_NTFY_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_NTFY_TOKEN_DESC"
+            showon="service_type:ntfy"
+            size="40"
+        />
+
+        <!-- ======== WORDPRESS ======== -->
+        <field
+            name="cred_wordpress_site_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_WP_SITE"
+            showon="service_type:wordpress"
+            size="40"
+        />
+        <field
+            name="cred_wordpress_username"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_WP_USER"
+            showon="service_type:wordpress"
+            size="40"
+        />
+        <field
+            name="cred_wordpress_app_password"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_WP_APP_PWD"
+            description="COM_MOKOSUITECROSS_CRED_WP_APP_PWD_DESC"
+            showon="service_type:wordpress"
+            size="40"
+        />
+        <field
+            name="cred_wordpress_default_status"
+            type="list"
+            label="COM_MOKOSUITECROSS_CRED_WP_DEFAULT_STATUS"
+            description="COM_MOKOSUITECROSS_CRED_WP_DEFAULT_STATUS_DESC"
+            showon="service_type:wordpress"
+            default="draft">
+            <option value="draft">COM_MOKOSUITECROSS_STATUS_DRAFT</option>
+            <option value="publish">COM_MOKOSUITECROSS_STATUS_PUBLISH</option>
+        </field>
+
+        <!-- ======== MEDIUM ======== -->
+        <field
+            name="cred_medium_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_MEDIUM_TOKEN"
+            showon="service_type:medium"
+            size="60"
+        />
+
+        <!-- ======== DEV.TO ======== -->
+        <field
+            name="cred_devto_api_key"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_DEVTO_KEY"
+            showon="service_type:devto"
+            size="60"
+        />
+        <field
+            name="cred_devto_organization_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_DEVTO_ORG_ID"
+            description="COM_MOKOSUITECROSS_CRED_DEVTO_ORG_ID_DESC"
+            showon="service_type:devto"
+            size="40"
+        />
+
+        <!-- ======== GHOST ======== -->
+        <field
+            name="cred_ghost_site_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_GHOST_SITE"
+            showon="service_type:ghost"
+            size="40"
+        />
+        <field
+            name="cred_ghost_admin_api_key"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_GHOST_KEY"
+            showon="service_type:ghost"
+            size="60"
+        />
+        <field
+            name="cred_ghost_default_status"
+            type="list"
+            label="COM_MOKOSUITECROSS_CRED_GHOST_DEFAULT_STATUS"
+            description="COM_MOKOSUITECROSS_CRED_GHOST_DEFAULT_STATUS_DESC"
+            showon="service_type:ghost"
+            default="draft">
+            <option value="draft">COM_MOKOSUITECROSS_STATUS_DRAFT</option>
+            <option value="published">COM_MOKOSUITECROSS_STATUS_PUBLISHED</option>
+        </field>
+
+        <!-- ======== REDDIT ======== -->
+        <field
+            name="cred_reddit_client_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_REDDIT_CLIENT_ID"
+            showon="service_type:reddit"
+            size="40"
+        />
+        <field
+            name="cred_reddit_client_secret"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_REDDIT_SECRET"
+            showon="service_type:reddit"
+            size="40"
+        />
+        <field
+            name="cred_reddit_username"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_REDDIT_USER"
+            showon="service_type:reddit"
+            size="40"
+        />
+        <field
+            name="cred_reddit_password"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_REDDIT_PASSWORD"
+            description="COM_MOKOSUITECROSS_CRED_REDDIT_PASSWORD_DESC"
+            showon="service_type:reddit"
+            size="40"
+        />
+        <field
+            name="cred_reddit_subreddit"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_REDDIT_SUBREDDIT"
+            description="COM_MOKOSUITECROSS_CRED_REDDIT_SUBREDDIT_DESC"
+            showon="service_type:reddit"
+            size="40"
+        />
+
+        <!-- ======== PINTEREST ======== -->
+        <field
+            name="cred_pinterest_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_PINTEREST_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_PINTEREST_TOKEN_DESC"
+            showon="service_type:pinterest"
+            size="60"
+        />
+        <field
+            name="cred_pinterest_board_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_PINTEREST_BOARD"
+            description="COM_MOKOSUITECROSS_CRED_PINTEREST_BOARD_DESC"
+            showon="service_type:pinterest"
+            size="40"
+        />
+
+        <!-- ======== TUMBLR ======== -->
+        <field
+            name="cred_tumblr_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_TUMBLR_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_TUMBLR_TOKEN_DESC"
+            showon="service_type:tumblr"
+            size="60"
+        />
+        <field
+            name="cred_tumblr_blog_name"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_TUMBLR_BLOG"
+            description="COM_MOKOSUITECROSS_CRED_TUMBLR_BLOG_DESC"
+            showon="service_type:tumblr"
+            size="40"
+        />
+
+        <!-- ======== TIKTOK ======== -->
+        <field
+            name="cred_tiktok_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_TIKTOK_TOKEN"
+            showon="service_type:tiktok"
+            size="60"
+        />
+        <field
+            name="cred_tiktok_refresh_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_TIKTOK_REFRESH_TOKEN"
+            showon="service_type:tiktok"
+            size="60"
+        />
+        <field
+            name="cred_tiktok_open_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_TIKTOK_OPEN_ID"
+            description="COM_MOKOSUITECROSS_CRED_TIKTOK_OPEN_ID_DESC"
+            showon="service_type:tiktok"
+            size="40"
+        />
+
+        <!-- ======== NOSTR ======== -->
+        <field
+            name="cred_nostr_private_key"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_NOSTR_PRIVKEY"
+            description="COM_MOKOSUITECROSS_CRED_NOSTR_PRIVKEY_DESC"
+            showon="service_type:nostr"
+            size="60"
+        />
+        <field
+            name="cred_nostr_relays"
+            type="textarea"
+            label="COM_MOKOSUITECROSS_CRED_NOSTR_RELAYS"
+            description="COM_MOKOSUITECROSS_CRED_NOSTR_RELAYS_DESC"
+            showon="service_type:nostr"
+            rows="3"
+            cols="60"
+        />
+
+        <!-- ======== ACTIVITYPUB (Fediverse) ======== -->
+        <field
+            name="cred_activitypub_instance_url"
+            type="url"
+            label="COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_INSTANCE"
+            description="COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_INSTANCE_DESC"
+            showon="service_type:activitypub"
+            size="40"
+        />
+        <field
+            name="cred_activitypub_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_TOKEN"
+            description="COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_TOKEN_DESC"
+            showon="service_type:activitypub"
+            size="60"
+        />
+
+        <!-- ======== BREVO (Sendinblue) ======== -->
+        <field
+            name="cred_brevo_api_key"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_BREVO_KEY"
+            showon="service_type:brevo"
+            size="60"
+        />
+        <field
+            name="cred_brevo_list_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_BREVO_LIST"
+            description="COM_MOKOSUITECROSS_CRED_BREVO_LIST_DESC"
+            showon="service_type:brevo"
+            size="40"
+        />
+        <field
+            name="cred_brevo_sender_email"
+            type="email"
+            label="COM_MOKOSUITECROSS_CRED_BREVO_SENDER_EMAIL"
+            description="COM_MOKOSUITECROSS_CRED_BREVO_SENDER_EMAIL_DESC"
+            showon="service_type:brevo"
+            size="40"
+        />
+        <field
+            name="cred_brevo_sender_name"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_BREVO_SENDER_NAME"
+            showon="service_type:brevo"
+            size="40"
+        />
+
+        <!-- ======== CONVERTKIT ======== -->
+        <field
+            name="cred_convertkit_api_key"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_CONVERTKIT_KEY"
+            showon="service_type:convertkit"
+            size="60"
+        />
+        <field
+            name="cred_convertkit_api_secret"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_CONVERTKIT_SECRET"
+            showon="service_type:convertkit"
+            size="60"
+        />
+
+        <!-- ======== CONSTANT CONTACT ======== -->
+        <field
+            name="cred_constantcontact_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_TOKEN"
+            showon="service_type:constantcontact"
+            size="60"
+        />
+        <field
+            name="cred_constantcontact_refresh_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_REFRESH_TOKEN"
+            showon="service_type:constantcontact"
+            size="60"
+        />
+        <field
+            name="cred_constantcontact_list_ids"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_LISTS"
+            description="COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_LISTS_DESC"
+            showon="service_type:constantcontact"
+            size="40"
+        />
+
+        <!-- ======== HASHNODE ======== -->
+        <field
+            name="cred_hashnode_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_HASHNODE_TOKEN"
+            showon="service_type:hashnode"
+            size="60"
+        />
+        <field
+            name="cred_hashnode_publication_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_HASHNODE_PUB_ID"
+            description="COM_MOKOSUITECROSS_CRED_HASHNODE_PUB_ID_DESC"
+            showon="service_type:hashnode"
+            size="40"
+        />
+
+        <!-- ======== GOOGLE BLOGGER ======== -->
+        <field
+            name="cred_blogger_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_BLOGGER_TOKEN"
+            showon="service_type:blogger"
+            size="60"
+        />
+        <field
+            name="cred_blogger_refresh_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_BLOGGER_REFRESH_TOKEN"
+            showon="service_type:blogger"
+            size="60"
+        />
+        <field
+            name="cred_blogger_blog_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_BLOGGER_BLOG_ID"
+            description="COM_MOKOSUITECROSS_CRED_BLOGGER_BLOG_ID_DESC"
+            showon="service_type:blogger"
+            size="40"
+        />
+
+        <!-- ======== GOOGLE BUSINESS PROFILE ======== -->
+        <field
+            name="cred_googlebusiness_access_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_GBUSINESS_TOKEN"
+            showon="service_type:googlebusiness"
+            size="60"
+        />
+        <field
+            name="cred_googlebusiness_refresh_token"
+            type="password"
+            label="COM_MOKOSUITECROSS_CRED_GBUSINESS_REFRESH_TOKEN"
+            showon="service_type:googlebusiness"
+            size="60"
+        />
+        <field
+            name="cred_googlebusiness_location_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_GBUSINESS_LOCATION"
+            description="COM_MOKOSUITECROSS_CRED_GBUSINESS_LOCATION_DESC"
+            showon="service_type:googlebusiness"
+            size="40"
+        />
+        <field
+            name="cred_googlebusiness_account_id"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_GBUSINESS_ACCOUNT"
+            description="COM_MOKOSUITECROSS_CRED_GBUSINESS_ACCOUNT_DESC"
+            showon="service_type:googlebusiness"
+            size="40"
+        />
+
+        <!-- ======== RSS FEED ======== -->
+        <field
+            name="cred_rssfeed_title"
+            type="text"
+            label="COM_MOKOSUITECROSS_CRED_RSSFEED_TITLE"
+            description="COM_MOKOSUITECROSS_CRED_RSSFEED_TITLE_DESC"
+            showon="service_type:rssfeed"
+            size="40"
+        />
+        <field
+            name="cred_rssfeed_max_items"
+            type="number"
+            label="COM_MOKOSUITECROSS_CRED_RSSFEED_MAX_ITEMS"
+            description="COM_MOKOSUITECROSS_CRED_RSSFEED_MAX_ITEMS_DESC"
+            showon="service_type:rssfeed"
+            default="50"
+            min="1"
+            max="500"
+        />
+    </fieldset>
+</form>

source/packages/com_mokosuitecross/forms/template.xml

@@ -14,21 +14,14 @@
             size="40"
         />
 
-        <field
-            name="alias"
-            type="text"
-            label="JFIELD_ALIAS_LABEL"
-            size="40"
-        />
-
         <field
             name="service_type"
             type="list"
-            label="COM_MOKOJOOMCROSS_FIELD_SERVICE_TYPE"
-            required="true"
-            default="">
-            <option value="">COM_MOKOJOOMCROSS_SELECT_SERVICE_TYPE</option>
-            <option value="facebook">Facebook / Meta</option>
+            label="COM_MOKOSUITECROSS_FIELD_SERVICE_TYPE"
+            description="COM_MOKOSUITECROSS_TEMPLATE_SERVICE_TYPE_DESC"
+            default="default">
+            <option value="default">COM_MOKOSUITECROSS_TEMPLATE_TYPE_DEFAULT</option>
+            <option value="facebook">Facebook</option>
             <option value="twitter">X / Twitter</option>
             <option value="linkedin">LinkedIn</option>
             <option value="mastodon">Mastodon</option>
@@ -39,6 +32,17 @@
             <option value="slack">Slack</option>
         </field>
 
+        <field
+            name="template_body"
+            type="textarea"
+            label="COM_MOKOSUITECROSS_TEMPLATE_BODY"
+            description="COM_MOKOSUITECROSS_TEMPLATE_BODY_DESC"
+            rows="10"
+            cols="60"
+            required="true"
+            filter="raw"
+        />
+
         <field
             name="published"
             type="list"
@@ -54,15 +58,4 @@
             label="JFIELD_ORDERING_LABEL"
         />
     </fieldset>
-
-    <fieldset name="credentials" label="COM_MOKOJOOMCROSS_FIELDSET_CREDENTIALS">
-        <field
-            name="credentials"
-            type="textarea"
-            label="COM_MOKOJOOMCROSS_FIELD_CREDENTIALS"
-            description="COM_MOKOJOOMCROSS_FIELD_CREDENTIALS_DESC"
-            rows="6"
-            filter="raw"
-        />
-    </fieldset>
 </form>

source/packages/com_mokosuitecross/language/en-GB/com_mokosuitecross.ini

@@ -0,0 +1,513 @@
+; MokoSuiteCross — Admin Backend Language File
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+COM_MOKOSUITECROSS="MokoSuiteCross"
+COM_MOKOSUITECROSS_DESCRIPTION="Cross-posting Joomla content to social media, email marketing, and chat platforms"
+
+; Submenu
+COM_MOKOSUITECROSS_SUBMENU_DASHBOARD="Dashboard"
+COM_MOKOSUITECROSS_SUBMENU_POSTS="Post Queue"
+COM_MOKOSUITECROSS_SUBMENU_SERVICES="Services"
+COM_MOKOSUITECROSS_SUBMENU_LOGS="Activity Logs"
+
+; Dashboard
+COM_MOKOSUITECROSS_DASHBOARD_ACTIVE_SERVICES="Active Services"
+COM_MOKOSUITECROSS_DASHBOARD_QUEUED="Queued"
+COM_MOKOSUITECROSS_DASHBOARD_POSTED="Posted"
+COM_MOKOSUITECROSS_DASHBOARD_FAILED="Failed"
+COM_MOKOSUITECROSS_DASHBOARD_QUICK_LINKS="Quick Links"
+
+; Migration
+COM_MOKOSUITECROSS_MIGRATION_TITLE="Migrate from Perfect Publisher Pro"
+COM_MOKOSUITECROSS_MIGRATION_DESCRIPTION="We detected Perfect Publisher Pro settings. Import your service configurations to MokoSuiteCross."
+COM_MOKOSUITECROSS_MIGRATION_BUTTON="Start Migration"
+COM_MOKOSUITECROSS_MIGRATION_SUCCESS="Migration complete: %d service(s) imported, %d skipped."
+COM_MOKOSUITECROSS_MIGRATION_ERROR="Migration encountered errors: %s"
+
+; Services
+COM_MOKOSUITECROSS_FIELD_SERVICE_TYPE="Service Type"
+COM_MOKOSUITECROSS_SELECT_SERVICE_TYPE="- Select Service Type -"
+COM_MOKOSUITECROSS_FIELDSET_CREDENTIALS="API Credentials"
+COM_MOKOSUITECROSS_FIELD_CREDENTIALS="Credentials (JSON)"
+COM_MOKOSUITECROSS_FIELD_CREDENTIALS_DESC="JSON object with API keys and tokens for this service. Keys vary by platform."
+
+; Posts
+COM_MOKOSUITECROSS_FILTER_SEARCH="Search"
+COM_MOKOSUITECROSS_FILTER_STATUS="Status"
+COM_MOKOSUITECROSS_SELECT_STATUS="- Select Status -"
+COM_MOKOSUITECROSS_FILTER_SERVICE_TYPE="Service Type"
+COM_MOKOSUITECROSS_CREATED_ASC="Created ascending"
+COM_MOKOSUITECROSS_CREATED_DESC="Created descending"
+COM_MOKOSUITECROSS_STATUS_ASC="Status ascending"
+COM_MOKOSUITECROSS_STATUS_DESC="Status descending"
+
+; Actions
+COM_MOKOSUITECROSS_ACTION_CROSSPOST="Cross-post"
+COM_MOKOSUITECROSS_ACTION_MIGRATE="Migrate"
+
+; Configuration
+COM_MOKOSUITECROSS_CONFIG_COMPONENT="MokoSuiteCross Settings"
+COM_MOKOSUITECROSS_CONFIG_AUTO_POST="Auto-post on Publish"
+COM_MOKOSUITECROSS_CONFIG_AUTO_POST_DESC="Automatically cross-post articles when they are published"
+COM_MOKOSUITECROSS_CONFIG_RETRY_MAX="Max Retries"
+COM_MOKOSUITECROSS_CONFIG_RETRY_MAX_DESC="Maximum number of retry attempts for failed posts"
+COM_MOKOSUITECROSS_CONFIG_RETRY_DELAY="Retry Delay (seconds)"
+COM_MOKOSUITECROSS_CONFIG_RETRY_DELAY_DESC="Seconds to wait before retrying a failed post"
+COM_MOKOSUITECROSS_CONFIG_LOG_RETENTION="Log Retention (days)"
+COM_MOKOSUITECROSS_CONFIG_LOG_RETENTION_DESC="Number of days to keep activity logs"
+COM_MOKOSUITECROSS_CONFIG_DEFAULT_TEMPLATE="Default Message Template"
+COM_MOKOSUITECROSS_CONFIG_DEFAULT_TEMPLATE_DESC="Default template for cross-posts. Placeholders: {title}, {url}, {introtext}, {image}, {category}, {author}"
+
+; Table headings
+COM_MOKOSUITECROSS_HEADING_STATUS="Status"
+COM_MOKOSUITECROSS_HEADING_ARTICLE="Article"
+COM_MOKOSUITECROSS_HEADING_SERVICE="Service"
+COM_MOKOSUITECROSS_HEADING_MESSAGE="Message"
+COM_MOKOSUITECROSS_HEADING_POSTED_AT="Posted"
+COM_MOKOSUITECROSS_HEADING_CREATED="Created"
+COM_MOKOSUITECROSS_HEADING_LEVEL="Level"
+COM_MOKOSUITECROSS_HEADING_MODE="Mode"
+
+; Dashboard
+COM_MOKOSUITECROSS_DASHBOARD_RECENT_ACTIVITY="Recent Activity"
+COM_MOKOSUITECROSS_DASHBOARD_NO_RECENT="No recent activity."
+COM_MOKOSUITECROSS_DASHBOARD_TOTAL_POSTS="Total Posts"
+COM_MOKOSUITECROSS_DASHBOARD_PAGELOAD_WARNING_TITLE="Page-load queue processing is active"
+COM_MOKOSUITECROSS_DASHBOARD_PAGELOAD_WARNING="You are using page-load processing for the cross-post queue. This is a fallback method and may be unreliable on low-traffic sites. For production use, switch to Joomla Scheduled Tasks: create a task of type <strong>MokoSuiteCross - Process Queue</strong> in System → Scheduled Tasks, then set queue processing to <strong>Scheduler only</strong> in component options."
+
+; Evergreen Configuration
+COM_MOKOSUITECROSS_CONFIG_EVERGREEN="Evergreen Re-sharing"
+COM_MOKOSUITECROSS_CONFIG_EVERGREEN_ENABLED="Enable Evergreen"
+COM_MOKOSUITECROSS_CONFIG_EVERGREEN_ENABLED_DESC="Allow articles marked as evergreen to be automatically re-shared on a recurring schedule."
+COM_MOKOSUITECROSS_CONFIG_EVERGREEN_DEFAULT_INTERVAL="Default Interval (days)"
+COM_MOKOSUITECROSS_CONFIG_EVERGREEN_DEFAULT_INTERVAL_DESC="Default number of days between re-shares when no per-article interval is set."
+COM_MOKOSUITECROSS_CONFIG_EVERGREEN_MAX_PER_RUN="Max Re-shares Per Run"
+COM_MOKOSUITECROSS_CONFIG_EVERGREEN_MAX_PER_RUN_DESC="Maximum number of evergreen articles to re-share in a single queue processing run. Prevents flooding platforms."
+
+; Queue Processing Configuration
+COM_MOKOSUITECROSS_CONFIG_QUEUE="Queue Processing"
+COM_MOKOSUITECROSS_CONFIG_QUEUE_PROCESSING="Processing Method"
+COM_MOKOSUITECROSS_CONFIG_QUEUE_PROCESSING_DESC="How queued posts, retries, and scheduled posts are processed. Scheduler (recommended) uses Joomla's built-in Task Scheduler. Page-load piggybacks on page requests."
+COM_MOKOSUITECROSS_CONFIG_QUEUE_SCHEDULER="Scheduler only (recommended)"
+COM_MOKOSUITECROSS_CONFIG_QUEUE_PAGELOAD="Page-load only (fallback)"
+COM_MOKOSUITECROSS_CONFIG_QUEUE_BOTH="Both (scheduler + page-load)"
+COM_MOKOSUITECROSS_CONFIG_PAGELOAD_CLIENT="Page-load Client"
+COM_MOKOSUITECROSS_CONFIG_PAGELOAD_CLIENT_DESC="Which Joomla application triggers page-load processing."
+COM_MOKOSUITECROSS_CONFIG_PAGELOAD_BOTH="Backend and Frontend"
+COM_MOKOSUITECROSS_CONFIG_PAGELOAD_ADMIN="Backend only"
+COM_MOKOSUITECROSS_CONFIG_PAGELOAD_SITE="Frontend only"
+COM_MOKOSUITECROSS_CONFIG_PAGELOAD_INTERVAL="Page-load Interval (seconds)"
+COM_MOKOSUITECROSS_CONFIG_PAGELOAD_INTERVAL_DESC="Minimum seconds between page-load queue runs. Lower = more responsive but more DB queries per page load."
+
+; Submenu (extended)
+COM_MOKOSUITECROSS_SUBMENU_TEMPLATES="Templates"
+
+; Template Management
+COM_MOKOSUITECROSS_TEMPLATE_BODY="Template Body"
+COM_MOKOSUITECROSS_TEMPLATE_BODY_DESC="Message template with placeholders. Use the reference panel on the right for available placeholders."
+COM_MOKOSUITECROSS_TEMPLATE_SERVICE_TYPE_DESC="Which platform this template is for. 'Default' is the fallback when no platform-specific template exists."
+COM_MOKOSUITECROSS_TEMPLATE_TYPE_DEFAULT="Default (fallback)"
+COM_MOKOSUITECROSS_TEMPLATE_PREVIEW="Preview"
+COM_MOKOSUITECROSS_TEMPLATE_PLACEHOLDERS="Available Placeholders"
+
+; Placeholders
+COM_MOKOSUITECROSS_PLACEHOLDER_TITLE="Article title"
+COM_MOKOSUITECROSS_PLACEHOLDER_URL="Article URL"
+COM_MOKOSUITECROSS_PLACEHOLDER_INTROTEXT="Intro text (280 chars, no HTML)"
+COM_MOKOSUITECROSS_PLACEHOLDER_FULLTEXT="Full text (500 chars, no HTML)"
+COM_MOKOSUITECROSS_PLACEHOLDER_IMAGE="Intro image URL"
+COM_MOKOSUITECROSS_PLACEHOLDER_CATEGORY="Category name"
+COM_MOKOSUITECROSS_PLACEHOLDER_AUTHOR="Author name"
+COM_MOKOSUITECROSS_PLACEHOLDER_DATE="Publish date (YYYY-MM-DD)"
+
+; Logs
+COM_MOKOSUITECROSS_FILTER_LEVEL="Level"
+COM_MOKOSUITECROSS_SELECT_LEVEL="- Select Level -"
+COM_MOKOSUITECROSS_LEVEL_ASC="Level ascending"
+COM_MOKOSUITECROSS_LEVEL_DESC="Level descending"
+
+; Analytics Dashboard
+COM_MOKOSUITECROSS_DASHBOARD_SERVICE_BREAKDOWN="Posts by Service"
+COM_MOKOSUITECROSS_DASHBOARD_TOP_ARTICLES="Most Cross-Posted Articles"
+COM_MOKOSUITECROSS_DASHBOARD_SUCCESS_RATE="Success Rate"
+
+; OAuth
+COM_MOKOSUITECROSS_OAUTH_NO_SERVICE="No service specified for OAuth authorization."
+COM_MOKOSUITECROSS_OAUTH_SERVICE_NOT_FOUND="Service not found."
+COM_MOKOSUITECROSS_OAUTH_NO_CLIENT_ID="No OAuth Client ID configured for %s. Set it in Extensions → Plugins → MokoSuiteCross - %s."
+COM_MOKOSUITECROSS_OAUTH_NOT_SUPPORTED="OAuth is not supported for %s."
+COM_MOKOSUITECROSS_OAUTH_PLATFORM_ERROR="Platform returned error: %s"
+COM_MOKOSUITECROSS_OAUTH_INVALID_CALLBACK="Invalid OAuth callback — missing code or state."
+COM_MOKOSUITECROSS_OAUTH_INVALID_STATE="Invalid OAuth state parameter."
+COM_MOKOSUITECROSS_OAUTH_TOKEN_ERROR="Token exchange failed: %s"
+COM_MOKOSUITECROSS_OAUTH_SUCCESS="%s connected successfully! Access token stored."
+
+; Post edit
+COM_MOKOSUITECROSS_NEW_POST="New Post"
+COM_MOKOSUITECROSS_EDIT_POST="Edit Post"
+COM_MOKOSUITECROSS_POST_ARTICLE="Article"
+COM_MOKOSUITECROSS_POST_ARTICLE_DESC="The Joomla article to cross-post."
+COM_MOKOSUITECROSS_SELECT_ARTICLE="- Select Article -"
+COM_MOKOSUITECROSS_POST_SERVICE="Service"
+COM_MOKOSUITECROSS_POST_SERVICE_DESC="The service to post to."
+COM_MOKOSUITECROSS_SELECT_SERVICE="- Select Service -"
+COM_MOKOSUITECROSS_POST_MESSAGE="Message"
+COM_MOKOSUITECROSS_POST_MESSAGE_DESC="The message to send to the platform. Use template placeholders or write a custom message."
+COM_MOKOSUITECROSS_POST_STATUS="Status"
+COM_MOKOSUITECROSS_STATUS_QUEUED="Queued"
+COM_MOKOSUITECROSS_STATUS_SCHEDULED="Scheduled"
+COM_MOKOSUITECROSS_STATUS_POSTED="Posted"
+COM_MOKOSUITECROSS_STATUS_FAILED="Failed"
+COM_MOKOSUITECROSS_POST_SCHEDULED_AT="Scheduled Date/Time"
+COM_MOKOSUITECROSS_POST_SCHEDULED_AT_DESC="When to send this post. Leave empty to process immediately. Set a future date to schedule."
+COM_MOKOSUITECROSS_POST_RESULTS="Post Results"
+COM_MOKOSUITECROSS_POST_PLATFORM_ID="Platform Post ID"
+COM_MOKOSUITECROSS_POST_ERROR="Error Message"
+COM_MOKOSUITECROSS_POST_RETRY_COUNT="Retry Count"
+COM_MOKOSUITECROSS_POST_POSTED_AT="Posted At"
+COM_MOKOSUITECROSS_POST_CREATE_HELP="Create a manual cross-post. Select an article and service, write your message, and optionally set a scheduled date. Leave the schedule empty to queue for immediate processing."
+COM_MOKOSUITECROSS_POST_REQUEUE="Re-queue for Posting"
+COM_MOKOSUITECROSS_POST_REQUEUE_HELP="Reset this post to queued status so it will be processed again on the next queue run."
+
+; Service edit
+COM_MOKOSUITECROSS_NEW_SERVICE="New Service"
+COM_MOKOSUITECROSS_EDIT_SERVICE="Edit Service"
+COM_MOKOSUITECROSS_SERVICE_DETAILS="Service Details"
+COM_MOKOSUITECROSS_CREDENTIALS_HELP="Fill in the connection details for the selected platform. Fields change based on the service type you choose above."
+
+; Credential mode
+COM_MOKOSUITECROSS_FIELD_CRED_MODE="Connection Mode"
+COM_MOKOSUITECROSS_FIELD_CRED_MODE_DESC="Default uses the pre-configured MokoSuite account. Custom lets you use your own API credentials."
+COM_MOKOSUITECROSS_CRED_MODE_DEFAULT="Default (MokoSuite)"
+COM_MOKOSUITECROSS_CRED_MODE_CUSTOM="Custom (your own credentials)"
+
+; Telegram
+COM_MOKOSUITECROSS_CRED_TELEGRAM_CHAT_ID="Chat ID"
+COM_MOKOSUITECROSS_CRED_TELEGRAM_CHAT_ID_DESC="Telegram channel, group, or user chat ID. Channel IDs start with -100. Get yours from @userinfobot."
+COM_MOKOSUITECROSS_CRED_TELEGRAM_BOT_TOKEN="Bot Token"
+COM_MOKOSUITECROSS_CRED_TELEGRAM_BOT_TOKEN_DESC="Your custom Telegram bot token from @BotFather. Only needed in Custom mode."
+
+; Discord
+COM_MOKOSUITECROSS_CRED_DISCORD_WEBHOOK="Webhook URL"
+COM_MOKOSUITECROSS_CRED_DISCORD_WEBHOOK_DESC="Discord channel webhook URL. Create one in Channel Settings → Integrations → Webhooks."
+
+; Slack
+COM_MOKOSUITECROSS_CRED_SLACK_WEBHOOK="Webhook URL"
+COM_MOKOSUITECROSS_CRED_SLACK_WEBHOOK_DESC="Slack Incoming Webhook URL. Create one at api.slack.com/apps."
+
+; Teams
+COM_MOKOSUITECROSS_CRED_TEAMS_WEBHOOK="Webhook URL"
+COM_MOKOSUITECROSS_CRED_TEAMS_WEBHOOK_DESC="Microsoft Teams Incoming Webhook URL. Create in channel Connectors."
+
+; Google Chat
+COM_MOKOSUITECROSS_CRED_GOOGLECHAT_WEBHOOK="Webhook URL"
+COM_MOKOSUITECROSS_CRED_GOOGLECHAT_WEBHOOK_DESC="Google Chat space webhook URL."
+
+; Facebook
+COM_MOKOSUITECROSS_CRED_FACEBOOK_PAGE_ID="Facebook Page ID"
+COM_MOKOSUITECROSS_CRED_FACEBOOK_PAGE_ID_DESC="Your Facebook Page numeric ID. Find it in Page Settings → About."
+COM_MOKOSUITECROSS_CRED_FACEBOOK_TOKEN="Page Access Token"
+COM_MOKOSUITECROSS_CRED_FACEBOOK_TOKEN_DESC="Long-lived Page Access Token. Use the Authorize button below or generate via Meta Business Suite."
+
+; Threads
+COM_MOKOSUITECROSS_CRED_THREADS_USER_ID="Threads User ID"
+COM_MOKOSUITECROSS_CRED_THREADS_TOKEN="Access Token"
+
+; Twitter (OAuth 1.0a)
+COM_MOKOSUITECROSS_CRED_TWITTER_API_KEY="API Key (Consumer Key)"
+COM_MOKOSUITECROSS_CRED_TWITTER_API_KEY_DESC="Consumer Key from the Twitter Developer Portal → Keys and Tokens."
+COM_MOKOSUITECROSS_CRED_TWITTER_API_SECRET="API Secret (Consumer Secret)"
+COM_MOKOSUITECROSS_CRED_TWITTER_API_SECRET_DESC="Consumer Secret from the Twitter Developer Portal → Keys and Tokens."
+COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN_DESC="User access token from the Developer Portal → Keys and Tokens → Authentication Tokens."
+COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN_SECRET="Access Token Secret"
+COM_MOKOSUITECROSS_CRED_TWITTER_ACCESS_TOKEN_SECRET_DESC="User access token secret from the Developer Portal → Keys and Tokens → Authentication Tokens."
+
+; LinkedIn
+COM_MOKOSUITECROSS_CRED_LINKEDIN_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_LINKEDIN_ORG_ID="Organization ID"
+COM_MOKOSUITECROSS_CRED_LINKEDIN_ORG_ID_DESC="LinkedIn Company Page ID. Leave empty to post as yourself."
+
+; Mastodon
+COM_MOKOSUITECROSS_CRED_MASTODON_INSTANCE="Instance URL"
+COM_MOKOSUITECROSS_CRED_MASTODON_INSTANCE_DESC="Your Mastodon server (e.g. https://mastodon.social)"
+COM_MOKOSUITECROSS_CRED_MASTODON_TOKEN="Access Token"
+
+; Bluesky
+COM_MOKOSUITECROSS_CRED_BLUESKY_HANDLE="Handle"
+COM_MOKOSUITECROSS_CRED_BLUESKY_HANDLE_DESC="Your Bluesky handle (e.g. user.bsky.social)"
+COM_MOKOSUITECROSS_CRED_BLUESKY_APP_PWD="App Password"
+COM_MOKOSUITECROSS_CRED_BLUESKY_APP_PWD_DESC="Generate in Bluesky Settings → Advanced → App Passwords."
+
+; WhatsApp
+COM_MOKOSUITECROSS_CRED_WHATSAPP_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_WHATSAPP_PHONE_ID="Phone Number ID"
+COM_MOKOSUITECROSS_CRED_WHATSAPP_RECIPIENT="Recipient Number"
+COM_MOKOSUITECROSS_CRED_WHATSAPP_RECIPIENT_DESC="Phone number to send to, with country code (e.g. +1234567890)"
+
+; Mailchimp
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_KEY="API Key"
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_KEY_DESC="Mailchimp API key (ends with -us1, -us2, etc.)"
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_LIST="Audience/List ID"
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_LIST_DESC="The audience to send campaigns to. Find in Audience → Settings → Audience ID."
+
+; SendGrid
+COM_MOKOSUITECROSS_CRED_SENDGRID_KEY="API Key"
+COM_MOKOSUITECROSS_CRED_SENDGRID_LIST="Contact List ID"
+
+; Webhook
+COM_MOKOSUITECROSS_CRED_WEBHOOK_URL="Webhook URL"
+COM_MOKOSUITECROSS_CRED_WEBHOOK_URL_DESC="The URL to send article data to. Works with Zapier, IFTTT, n8n, Make, or any custom endpoint."
+COM_MOKOSUITECROSS_CRED_WEBHOOK_METHOD="HTTP Method"
+
+; Matrix
+COM_MOKOSUITECROSS_CRED_MATRIX_HOMESERVER="Homeserver URL"
+COM_MOKOSUITECROSS_CRED_MATRIX_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_MATRIX_ROOM="Room ID"
+COM_MOKOSUITECROSS_CRED_MATRIX_ROOM_DESC="Matrix room ID (e.g. !abc123:matrix.org)"
+
+; Ntfy
+COM_MOKOSUITECROSS_CRED_NTFY_SERVER="Server URL"
+COM_MOKOSUITECROSS_CRED_NTFY_TOPIC="Topic Name"
+COM_MOKOSUITECROSS_CRED_NTFY_TOPIC_DESC="The notification topic (e.g. my-site-updates). Subscribers use this to receive push notifications."
+COM_MOKOSUITECROSS_CRED_NTFY_TOKEN="Auth Token"
+COM_MOKOSUITECROSS_CRED_NTFY_TOKEN_DESC="Optional authentication token if your ntfy server requires it."
+
+; WordPress
+COM_MOKOSUITECROSS_CRED_WP_SITE="WordPress Site URL"
+COM_MOKOSUITECROSS_CRED_WP_USER="Username"
+COM_MOKOSUITECROSS_CRED_WP_APP_PWD="Application Password"
+COM_MOKOSUITECROSS_CRED_WP_APP_PWD_DESC="Generate in WordPress → Users → Profile → Application Passwords."
+
+; Medium
+COM_MOKOSUITECROSS_CRED_MEDIUM_TOKEN="Integration Token"
+
+; Dev.to
+COM_MOKOSUITECROSS_CRED_DEVTO_KEY="API Key"
+
+; Ghost
+COM_MOKOSUITECROSS_CRED_GHOST_SITE="Ghost Site URL"
+COM_MOKOSUITECROSS_CRED_GHOST_KEY="Admin API Key"
+
+; Reddit
+COM_MOKOSUITECROSS_CRED_REDDIT_CLIENT_ID="App Client ID"
+COM_MOKOSUITECROSS_CRED_REDDIT_SECRET="App Secret"
+COM_MOKOSUITECROSS_CRED_REDDIT_USER="Reddit Username"
+COM_MOKOSUITECROSS_CRED_REDDIT_SUBREDDIT="Subreddit"
+COM_MOKOSUITECROSS_CRED_REDDIT_SUBREDDIT_DESC="Subreddit to post to (without r/ prefix)"
+
+; Authorize / OAuth
+COM_MOKOSUITECROSS_AUTHORIZE_BUTTON="Connect to %s"
+COM_MOKOSUITECROSS_AUTHORIZE_HELP="Click to open the authorization page. You'll be redirected back after granting access. Your token will be saved automatically."
+COM_MOKOSUITECROSS_OAUTH_HELP_TITLE="Authorization Required"
+COM_MOKOSUITECROSS_OAUTH_HELP_BODY="This service requires OAuth authorization. Save the service first, then click the Connect button below to authorize access."
+
+; LinkedIn (additional)
+COM_MOKOSUITECROSS_CRED_LINKEDIN_REFRESH_TOKEN="Refresh Token"
+COM_MOKOSUITECROSS_CRED_LINKEDIN_REFRESH_TOKEN_DESC="OAuth refresh token for automatic access token renewal."
+
+; Bluesky (additional)
+COM_MOKOSUITECROSS_CRED_BLUESKY_PDS_URL="PDS URL"
+COM_MOKOSUITECROSS_CRED_BLUESKY_PDS_URL_DESC="Personal Data Server URL. Default is https://bsky.social. Only change for self-hosted PDS."
+
+; Discord (additional)
+COM_MOKOSUITECROSS_CRED_DISCORD_USERNAME="Display Name Override"
+COM_MOKOSUITECROSS_CRED_DISCORD_USERNAME_DESC="Override the webhook's default display name. Leave empty to use the webhook name."
+COM_MOKOSUITECROSS_CRED_DISCORD_AVATAR="Avatar URL Override"
+COM_MOKOSUITECROSS_CRED_DISCORD_AVATAR_DESC="Override the webhook's default avatar with a custom image URL."
+
+; Mailchimp (additional)
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_NAME="From Name"
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_NAME_DESC="Sender name for campaigns. Leave empty to use the audience default."
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_EMAIL="From Email"
+COM_MOKOSUITECROSS_CRED_MAILCHIMP_FROM_EMAIL_DESC="Sender email for campaigns. Must be a verified sending domain."
+
+; SendGrid (additional)
+COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_EMAIL="From Email"
+COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_EMAIL_DESC="Verified sender email address for Single Sends."
+COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_NAME="From Name"
+COM_MOKOSUITECROSS_CRED_SENDGRID_FROM_NAME_DESC="Display name for the sender."
+
+; Reddit (additional)
+COM_MOKOSUITECROSS_CRED_REDDIT_PASSWORD="Account Password"
+COM_MOKOSUITECROSS_CRED_REDDIT_PASSWORD_DESC="Required for Reddit script-type OAuth. The password for the Reddit account."
+
+; WordPress (additional)
+COM_MOKOSUITECROSS_CRED_WP_DEFAULT_STATUS="Default Post Status"
+COM_MOKOSUITECROSS_CRED_WP_DEFAULT_STATUS_DESC="Whether cross-posted articles appear as drafts or are published immediately."
+
+; Dev.to (additional)
+COM_MOKOSUITECROSS_CRED_DEVTO_ORG_ID="Organization ID"
+COM_MOKOSUITECROSS_CRED_DEVTO_ORG_ID_DESC="Optional. Publish under a Dev.to organization instead of your personal account."
+
+; Ghost (additional)
+COM_MOKOSUITECROSS_CRED_GHOST_DEFAULT_STATUS="Default Post Status"
+COM_MOKOSUITECROSS_CRED_GHOST_DEFAULT_STATUS_DESC="Whether cross-posted articles are saved as drafts or published immediately."
+
+; Status options (shared)
+COM_MOKOSUITECROSS_STATUS_DRAFT="Draft"
+COM_MOKOSUITECROSS_STATUS_PUBLISH="Publish"
+COM_MOKOSUITECROSS_STATUS_PUBLISHED="Published"
+
+; Pinterest
+COM_MOKOSUITECROSS_CRED_PINTEREST_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_PINTEREST_TOKEN_DESC="Pinterest API v5 access token from the Developer Portal."
+COM_MOKOSUITECROSS_CRED_PINTEREST_BOARD="Board ID"
+COM_MOKOSUITECROSS_CRED_PINTEREST_BOARD_DESC="The board to pin to. Find the ID in the board URL or via the API."
+
+; Tumblr
+COM_MOKOSUITECROSS_CRED_TUMBLR_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_TUMBLR_TOKEN_DESC="Tumblr OAuth access token."
+COM_MOKOSUITECROSS_CRED_TUMBLR_BLOG="Blog Name"
+COM_MOKOSUITECROSS_CRED_TUMBLR_BLOG_DESC="Your Tumblr blog name (e.g. myblog — without .tumblr.com)."
+
+; TikTok
+COM_MOKOSUITECROSS_CRED_TIKTOK_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_TIKTOK_REFRESH_TOKEN="Refresh Token"
+COM_MOKOSUITECROSS_CRED_TIKTOK_OPEN_ID="Open ID"
+COM_MOKOSUITECROSS_CRED_TIKTOK_OPEN_ID_DESC="Your TikTok Open ID from the developer app authorization."
+
+; Nostr
+COM_MOKOSUITECROSS_CRED_NOSTR_PRIVKEY="Private Key"
+COM_MOKOSUITECROSS_CRED_NOSTR_PRIVKEY_DESC="Nostr private key in hex or nsec format. Used to sign events."
+COM_MOKOSUITECROSS_CRED_NOSTR_RELAYS="Relay URLs"
+COM_MOKOSUITECROSS_CRED_NOSTR_RELAYS_DESC="Comma-separated list of relay WebSocket URLs (e.g. wss://relay.damus.io, wss://nos.lol)."
+
+; ActivityPub
+COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_INSTANCE="Instance URL"
+COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_INSTANCE_DESC="Fediverse instance URL (Pleroma, Akkoma, Misskey, Pixelfed, etc.)."
+COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_ACTIVITYPUB_TOKEN_DESC="API access token from the instance's developer settings."
+
+; Brevo (Sendinblue)
+COM_MOKOSUITECROSS_CRED_BREVO_KEY="API Key"
+COM_MOKOSUITECROSS_CRED_BREVO_LIST="Contact List ID"
+COM_MOKOSUITECROSS_CRED_BREVO_LIST_DESC="Brevo contact list ID to send campaigns to."
+COM_MOKOSUITECROSS_CRED_BREVO_SENDER_EMAIL="Sender Email"
+COM_MOKOSUITECROSS_CRED_BREVO_SENDER_EMAIL_DESC="Must be a verified sender in your Brevo account."
+COM_MOKOSUITECROSS_CRED_BREVO_SENDER_NAME="Sender Name"
+
+; ConvertKit
+COM_MOKOSUITECROSS_CRED_CONVERTKIT_KEY="API Key"
+COM_MOKOSUITECROSS_CRED_CONVERTKIT_SECRET="API Secret"
+
+; Constant Contact
+COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_REFRESH_TOKEN="Refresh Token"
+COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_LISTS="Contact List IDs"
+COM_MOKOSUITECROSS_CRED_CONSTANTCONTACT_LISTS_DESC="Comma-separated list IDs to include in the campaign."
+
+; Hashnode
+COM_MOKOSUITECROSS_CRED_HASHNODE_TOKEN="Personal Access Token"
+COM_MOKOSUITECROSS_CRED_HASHNODE_PUB_ID="Publication ID"
+COM_MOKOSUITECROSS_CRED_HASHNODE_PUB_ID_DESC="Your Hashnode publication ID. Find in Dashboard → General settings."
+
+; Google Blogger
+COM_MOKOSUITECROSS_CRED_BLOGGER_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_BLOGGER_REFRESH_TOKEN="Refresh Token"
+COM_MOKOSUITECROSS_CRED_BLOGGER_BLOG_ID="Blog ID"
+COM_MOKOSUITECROSS_CRED_BLOGGER_BLOG_ID_DESC="Numeric Blog ID from Blogger settings or the Blogger API."
+
+; Google Business Profile
+COM_MOKOSUITECROSS_CRED_GBUSINESS_TOKEN="Access Token"
+COM_MOKOSUITECROSS_CRED_GBUSINESS_REFRESH_TOKEN="Refresh Token"
+COM_MOKOSUITECROSS_CRED_GBUSINESS_LOCATION="Location ID"
+COM_MOKOSUITECROSS_CRED_GBUSINESS_LOCATION_DESC="Google Business location ID (e.g. locations/1234567890)."
+COM_MOKOSUITECROSS_CRED_GBUSINESS_ACCOUNT="Account ID"
+COM_MOKOSUITECROSS_CRED_GBUSINESS_ACCOUNT_DESC="Google Business account ID (e.g. accounts/1234567890)."
+
+; RSS Feed
+COM_MOKOSUITECROSS_CRED_RSSFEED_TITLE="Feed Title"
+COM_MOKOSUITECROSS_CRED_RSSFEED_TITLE_DESC="Title for the generated RSS feed. Defaults to the site name."
+COM_MOKOSUITECROSS_CRED_RSSFEED_MAX_ITEMS="Max Feed Items"
+COM_MOKOSUITECROSS_CRED_RSSFEED_MAX_ITEMS_DESC="Maximum number of items to include in the feed."
+
+; Webhook (additional)
+COM_MOKOSUITECROSS_CRED_WEBHOOK_AUTH_TYPE="Authentication"
+COM_MOKOSUITECROSS_CRED_WEBHOOK_AUTH_TYPE_DESC="Authentication method for the webhook endpoint."
+COM_MOKOSUITECROSS_WEBHOOK_AUTH_NONE="None"
+COM_MOKOSUITECROSS_WEBHOOK_AUTH_BEARER="Bearer Token"
+COM_MOKOSUITECROSS_WEBHOOK_AUTH_BASIC="Basic Auth"
+COM_MOKOSUITECROSS_CRED_WEBHOOK_BEARER_TOKEN="Bearer Token"
+COM_MOKOSUITECROSS_CRED_WEBHOOK_BEARER_TOKEN_DESC="Authentication token sent as Authorization: Bearer {token}."
+COM_MOKOSUITECROSS_CRED_WEBHOOK_BASIC_USER="Username"
+COM_MOKOSUITECROSS_CRED_WEBHOOK_BASIC_PWD="Password"
+COM_MOKOSUITECROSS_CRED_WEBHOOK_CONTENT_TYPE="Content Type"
+
+; Service help link
+COM_MOKOSUITECROSS_SERVICE_HELP_LINK="%s Setup Guide"
+
+; Setup help panel
+COM_MOKOSUITECROSS_SETUP_HELP_TITLE="How to set up"
+COM_MOKOSUITECROSS_SETUP_HELP_INTRO="Setting up a new service is easy:"
+COM_MOKOSUITECROSS_SETUP_STEP1="Choose a service type from the dropdown"
+COM_MOKOSUITECROSS_SETUP_STEP2="Fill in the connection details that appear"
+COM_MOKOSUITECROSS_SETUP_STEP3="For OAuth services, save first, then click Connect"
+COM_MOKOSUITECROSS_SETUP_STEP4="Set status to Published and save"
+
+; Test Connection
+COM_MOKOSUITECROSS_TEST_CONNECTION_TITLE="Test Connection"
+COM_MOKOSUITECROSS_TEST_CONNECTION_DESC="Verify that your credentials are valid and the service is reachable."
+COM_MOKOSUITECROSS_TEST_CONNECTION_BUTTON="Test Connection"
+COM_MOKOSUITECROSS_TEST_CONNECTION_TESTING="Testing..."
+COM_MOKOSUITECROSS_TEST_CONNECTION_SUCCESS="Connection successful"
+COM_MOKOSUITECROSS_TEST_CONNECTION_FAILED="Connection failed"
+COM_MOKOSUITECROSS_TEST_CONNECTION_ERROR="Could not reach the server. Please try again."
+COM_MOKOSUITECROSS_TEST_CONNECTION_NO_SERVICE="No service specified for test."
+COM_MOKOSUITECROSS_TEST_CONNECTION_NOT_FOUND="Service record not found."
+COM_MOKOSUITECROSS_TEST_CONNECTION_NO_PLUGIN="No service plugin available for type '%s'."
+
+; Bulk Queue Actions
+COM_MOKOSUITECROSS_TOOLBAR_RETRY_FAILED="Retry Failed"
+COM_MOKOSUITECROSS_TOOLBAR_PURGE_POSTED="Purge Posted"
+COM_MOKOSUITECROSS_POSTS_N_RETRIED="%d failed post(s) re-queued for retry."
+COM_MOKOSUITECROSS_POSTS_N_RETRIED_1="1 failed post re-queued for retry."
+COM_MOKOSUITECROSS_POSTS_N_PURGED="%d posted record(s) purged."
+COM_MOKOSUITECROSS_POSTS_N_PURGED_1="1 posted record purged."
+COM_MOKOSUITECROSS_POSTS_N_SCHEDULED="%d post(s) scheduled."
+COM_MOKOSUITECROSS_POSTS_NO_ITEM_SELECTED="No posts selected."
+COM_MOKOSUITECROSS_SCHEDULE_NO_DATE="Please select a date and time for scheduling."
+COM_MOKOSUITECROSS_TOOLBAR_SCHEDULE="Schedule"
+COM_MOKOSUITECROSS_TOOLBAR_RETRY_SELECTED="Retry Selected"
+
+; Queue Depth Warning
+COM_MOKOSUITECROSS_DASHBOARD_QUEUE_DEPTH_WARNING_TITLE="Large queue backlog"
+COM_MOKOSUITECROSS_DASHBOARD_QUEUE_DEPTH_WARNING="There are %d posts waiting in the queue. Please verify that the Joomla Task Scheduler is running and the MokoSuiteCross scheduled task is enabled in System → Scheduled Tasks."
+
+; First-Publish-Only
+COM_MOKOSUITECROSS_CONFIG_FIRST_PUBLISH_ONLY="First Publish Only"
+COM_MOKOSUITECROSS_CONFIG_FIRST_PUBLISH_ONLY_DESC="When enabled, articles are only cross-posted on their first save as published. Subsequent edits to already-published articles will not trigger new cross-posts."
+
+; Trend Chart
+COM_MOKOSUITECROSS_DASHBOARD_TREND_CHART="Daily Post Trend"
+
+; Date Range Period Filter
+COM_MOKOSUITECROSS_PERIOD_7_DAYS="Last 7 days"
+COM_MOKOSUITECROSS_PERIOD_30_DAYS="Last 30 days"
+COM_MOKOSUITECROSS_PERIOD_90_DAYS="Last 90 days"
+COM_MOKOSUITECROSS_PERIOD_ALL_TIME="All time"
+
+; Hashtag Placeholders
+COM_MOKOSUITECROSS_PLACEHOLDER_TAGS="Article tags (comma-separated)"
+COM_MOKOSUITECROSS_PLACEHOLDER_HASHTAGS="Article tags as hashtags (#Tag1 #Tag2)"
+COM_MOKOSUITECROSS_PLACEHOLDER_CUSTOM_FIELD="Custom field value (replace xxx with field name)"
+
+; CSV Export
+COM_MOKOSUITECROSS_EXPORT_CSV="Export CSV"
+
+; Service Stats (drill-down)
+COM_MOKOSUITECROSS_SERVICESTATS_RECENT_POSTS="Recent Posts"
+COM_MOKOSUITECROSS_SERVICESTATS_NO_POSTS="No posts for this service yet."
+COM_MOKOSUITECROSS_SERVICESTATS_TOP_ARTICLES="Top Articles for This Service"
+
+; API Dispatch
+COM_MOKOSUITECROSS_DISPATCH_MISSING_ARTICLE="Missing or invalid article_id in request body."
+COM_MOKOSUITECROSS_DISPATCH_INVALID_SERVICES="service_ids must be a non-empty array of service IDs."
+COM_MOKOSUITECROSS_DISPATCH_ARTICLE_NOT_FOUND="Article not found."
+COM_MOKOSUITECROSS_DISPATCH_NO_SERVICES="No enabled services found matching the request."
+
+; Category Rules
+COM_MOKOSUITECROSS_CONFIG_CATEGORY_RULES="Category Rules"
+COM_MOKOSUITECROSS_CONFIG_CATEGORY_RULES_NOTE="Category Routing"
+COM_MOKOSUITECROSS_CONFIG_CATEGORY_RULES_NOTE_DESC="Category routing rules let you map Joomla categories to specific cross-post services. When rules exist for a category, only those services receive posts. When no rules exist, all services are used (default behaviour). Rules are managed in the database table #__mokosuitecross_category_rules. A full admin UI will be added in a future release."

source/packages/com_mokosuitecross/language/en-GB/com_mokosuitecross.sys.ini

@@ -0,0 +1,11 @@
+; MokoSuiteCross — System Language File
+; Copyright (C) 2026 Moko Consulting. All rights reserved.
+; License: GPL-3.0-or-later
+
+COM_MOKOSUITECROSS="MokoSuiteCross"
+COM_MOKOSUITECROSS_DESCRIPTION="Cross-posting Joomla content to social media, email marketing, and chat platforms"
+COM_MOKOSUITECROSS_SUBMENU_DASHBOARD="Dashboard"
+COM_MOKOSUITECROSS_SUBMENU_POSTS="Post Queue"
+COM_MOKOSUITECROSS_SUBMENU_SERVICES="Services"
+COM_MOKOSUITECROSS_SUBMENU_TEMPLATES="Templates"
+COM_MOKOSUITECROSS_SUBMENU_LOGS="Activity Logs"

source/packages/com_mokosuitecross/mokosuitecross.xml

@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <extension type="component" method="upgrade">
-    <name>com_mokojoomcross</name>
-    <version>01.00.00-dev</version>
+    <name>com_mokosuitecross</name>
+    <version>01.02.00-rc</version>
     <creationDate>2026-05-28</creationDate>
     <author>Moko Consulting</author>
     <authorEmail>hello@mokoconsulting.tech</authorEmail>
     <authorUrl>https://mokoconsulting.tech</authorUrl>
     <copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
     <license>GPL-3.0-or-later</license>
-    <description>COM_MOKOJOOMCROSS_DESCRIPTION</description>
+    <description>COM_MOKOSUITECROSS_DESCRIPTION</description>
 
-    <namespace path="src">Joomla\Component\MokoJoomCross</namespace>
+    <namespace path="src">Joomla\Component\MokoSuiteCross</namespace>
 
     <scriptfile>script.php</scriptfile>
 
@@ -37,18 +37,19 @@
     </files>
 
     <languages>
-        <language tag="en-GB">site/language/en-GB/com_mokojoomcross.ini</language>
-        <language tag="en-GB" folder="administrator">language/en-GB/com_mokojoomcross.ini</language>
-        <language tag="en-GB" folder="administrator">language/en-GB/com_mokojoomcross.sys.ini</language>
+        <language tag="en-GB">site/language/en-GB/com_mokosuitecross.ini</language>
+        <language tag="en-GB" folder="administrator">language/en-GB/com_mokosuitecross.ini</language>
+        <language tag="en-GB" folder="administrator">language/en-GB/com_mokosuitecross.sys.ini</language>
     </languages>
 
     <administration>
-        <menu img="class:share-alt">COM_MOKOJOOMCROSS</menu>
+        <menu img="class:share-alt">COM_MOKOSUITECROSS</menu>
         <submenu>
-            <menu link="option=com_mokojoomcross&amp;view=dashboard">COM_MOKOJOOMCROSS_SUBMENU_DASHBOARD</menu>
-            <menu link="option=com_mokojoomcross&amp;view=posts">COM_MOKOJOOMCROSS_SUBMENU_POSTS</menu>
-            <menu link="option=com_mokojoomcross&amp;view=services">COM_MOKOJOOMCROSS_SUBMENU_SERVICES</menu>
-            <menu link="option=com_mokojoomcross&amp;view=logs">COM_MOKOJOOMCROSS_SUBMENU_LOGS</menu>
+            <menu link="option=com_mokosuitecross&amp;view=dashboard">COM_MOKOSUITECROSS_SUBMENU_DASHBOARD</menu>
+            <menu link="option=com_mokosuitecross&amp;view=posts">COM_MOKOSUITECROSS_SUBMENU_POSTS</menu>
+            <menu link="option=com_mokosuitecross&amp;view=services">COM_MOKOSUITECROSS_SUBMENU_SERVICES</menu>
+            <menu link="option=com_mokosuitecross&amp;view=templates">COM_MOKOSUITECROSS_SUBMENU_TEMPLATES</menu>
+            <menu link="option=com_mokosuitecross&amp;view=logs">COM_MOKOSUITECROSS_SUBMENU_LOGS</menu>
         </submenu>
         <files>
             <filename>access.xml</filename>

source/packages/com_mokosuitecross/script.php

@@ -1,8 +1,8 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
@@ -13,7 +13,7 @@ defined('_JEXEC') or die;
 
 use Joomla\CMS\Installer\InstallerAdapter;
 
-class Com_MokoJoomCrossInstallerScript
+class Com_MokoSuiteCrossInstallerScript
 {
     public function preflight(string $type, InstallerAdapter $parent): bool
     {

source/packages/com_mokosuitecross/services/provider.php

@@ -1,8 +1,8 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
@@ -16,7 +16,7 @@ use Joomla\CMS\Extension\ComponentInterface;
 use Joomla\CMS\Extension\Service\Provider\ComponentDispatcherFactory;
 use Joomla\CMS\Extension\Service\Provider\MVCFactory;
 use Joomla\CMS\MVC\Factory\MVCFactoryInterface;
-use Joomla\Component\MokoJoomCross\Administrator\Extension\MokoJoomCrossComponent;
+use Joomla\Component\MokoSuiteCross\Administrator\Extension\MokoSuiteCrossComponent;
 use Joomla\DI\Container;
 use Joomla\DI\ServiceProviderInterface;
 
@@ -30,13 +30,13 @@ return new class () implements ServiceProviderInterface {
      */
     public function register(Container $container): void
     {
-        $container->registerServiceProvider(new MVCFactory('\\Joomla\\Component\\MokoJoomCross'));
-        $container->registerServiceProvider(new ComponentDispatcherFactory('\\Joomla\\Component\\MokoJoomCross'));
+        $container->registerServiceProvider(new MVCFactory('\\Joomla\\Component\\MokoSuiteCross'));
+        $container->registerServiceProvider(new ComponentDispatcherFactory('\\Joomla\\Component\\MokoSuiteCross'));
 
         $container->set(
             ComponentInterface::class,
             function (Container $container) {
-                $component = new MokoJoomCrossComponent(
+                $component = new MokoSuiteCrossComponent(
                     $container->get(ComponentDispatcherFactoryInterface::class)
                 );
                 $component->setMVCFactory($container->get(MVCFactoryInterface::class));

source/packages/com_mokosuitecross/site/language/en-GB/com_mokosuitecross.ini

@@ -1,5 +1,5 @@
-; MokoJoomCross — Site Frontend Language File
+; MokoSuiteCross — Site Frontend Language File
 ; Copyright (C) 2026 Moko Consulting. All rights reserved.
 ; License: GPL-3.0-or-later
 
-COM_MOKOJOOMCROSS="MokoJoomCross"
+COM_MOKOSUITECROSS="MokoSuiteCross"

source/packages/com_mokosuitecross/site/src/Controller/DisplayController.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Site\Controller;
+namespace Joomla\Component\MokoSuiteCross\Site\Controller;
 
 defined('_JEXEC') or die;
 

source/packages/com_mokosuitecross/sql/install.mysql.sql

@@ -1,8 +1,8 @@
--- MokoJoomCross 01.00.00 — Initial schema
+-- MokoSuiteCross 01.00.00 — Initial schema
 -- Copyright (C) 2026 Moko Consulting. All rights reserved.
 -- SPDX-License-Identifier: GPL-3.0-or-later
 
-CREATE TABLE IF NOT EXISTS `#__mokojoomcross_services` (
+CREATE TABLE IF NOT EXISTS `#__mokosuitecross_services` (
     `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
     `title` varchar(255) NOT NULL DEFAULT '',
     `alias` varchar(400) NOT NULL DEFAULT '',
@@ -21,10 +21,10 @@ CREATE TABLE IF NOT EXISTS `#__mokojoomcross_services` (
     KEY `idx_service_type` (`service_type`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
-CREATE TABLE IF NOT EXISTS `#__mokojoomcross_posts` (
+CREATE TABLE IF NOT EXISTS `#__mokosuitecross_posts` (
     `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
     `article_id` int(10) unsigned NOT NULL DEFAULT 0 COMMENT 'FK to #__content.id',
-    `service_id` int(10) unsigned NOT NULL DEFAULT 0 COMMENT 'FK to #__mokojoomcross_services.id',
+    `service_id` int(10) unsigned NOT NULL DEFAULT 0 COMMENT 'FK to #__mokosuitecross_services.id',
     `status` varchar(20) NOT NULL DEFAULT 'queued' COMMENT 'queued, posting, posted, failed, scheduled',
     `message` text NOT NULL COMMENT 'Rendered message sent to platform',
     `platform_post_id` varchar(255) NOT NULL DEFAULT '' COMMENT 'Post ID returned by platform',
@@ -32,7 +32,7 @@ CREATE TABLE IF NOT EXISTS `#__mokojoomcross_posts` (
     `scheduled_at` datetime DEFAULT NULL COMMENT 'When to post (NULL = immediately)',
     `posted_at` datetime DEFAULT NULL COMMENT 'When actually posted',
     `retry_count` int(10) unsigned NOT NULL DEFAULT 0,
-    `error_message` text NOT NULL DEFAULT '',
+    `error_message` text NOT NULL,
     `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
     `modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
     PRIMARY KEY (`id`),
@@ -42,7 +42,7 @@ CREATE TABLE IF NOT EXISTS `#__mokojoomcross_posts` (
     KEY `idx_scheduled` (`scheduled_at`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
-CREATE TABLE IF NOT EXISTS `#__mokojoomcross_templates` (
+CREATE TABLE IF NOT EXISTS `#__mokosuitecross_templates` (
     `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
     `service_type` varchar(50) NOT NULL DEFAULT '' COMMENT 'Platform this template is for (or "default")',
     `title` varchar(255) NOT NULL DEFAULT '',
@@ -56,10 +56,10 @@ CREATE TABLE IF NOT EXISTS `#__mokojoomcross_templates` (
     KEY `idx_published` (`published`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
-CREATE TABLE IF NOT EXISTS `#__mokojoomcross_logs` (
+CREATE TABLE IF NOT EXISTS `#__mokosuitecross_logs` (
     `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-    `post_id` int(10) unsigned DEFAULT NULL COMMENT 'FK to #__mokojoomcross_posts.id',
-    `service_id` int(10) unsigned DEFAULT NULL COMMENT 'FK to #__mokojoomcross_services.id',
+    `post_id` int(10) unsigned DEFAULT NULL COMMENT 'FK to #__mokosuitecross_posts.id',
+    `service_id` int(10) unsigned DEFAULT NULL COMMENT 'FK to #__mokosuitecross_services.id',
     `level` varchar(20) NOT NULL DEFAULT 'info' COMMENT 'info, warning, error',
     `message` text NOT NULL,
     `context` text NOT NULL COMMENT 'JSON — additional context data',
@@ -72,8 +72,34 @@ CREATE TABLE IF NOT EXISTS `#__mokojoomcross_logs` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
 -- Insert default templates
-INSERT INTO `#__mokojoomcross_templates` (`service_type`, `title`, `template_body`, `published`, `ordering`, `created`) VALUES
+INSERT INTO `#__mokosuitecross_templates` (`service_type`, `title`, `template_body`, `published`, `ordering`, `created`) VALUES
 ('default', 'Default Template', '{title}\n\n{introtext}\n\n{url}', 1, 1, NOW()),
 ('twitter', 'Twitter/X Default', '{title}\n\n{url}', 1, 2, NOW()),
 ('mastodon', 'Mastodon Default', '{title}\n\n{introtext}\n\n{url}\n\n#Joomla', 1, 3, NOW()),
-('mailchimp', 'Mailchimp Default', '<h1>{title}</h1>\n<p>{introtext}</p>\n<p><a href=\"{url}\">Read more</a></p>', 1, 4, NOW());
+('mailchimp', 'Mailchimp Default', '<h1>{title}</h1>\n<p>{introtext}</p>\n<p><a href=\"{url}\">Read more</a></p>', 1, 4, NOW()),
+('telegram', 'Telegram Default', '<b>{title}</b>\n\n{introtext}\n\n<a href=\"{url}\">Read more</a>', 1, 5, NOW()),
+('discord', 'Discord Default', '**{title}**\n\n{introtext}\n\n{url}', 1, 6, NOW()),
+('slack', 'Slack Default', '*{title}*\n\n{introtext}\n\n{url}', 1, 7, NOW()),
+('facebook', 'Facebook Default', '{title}\n\n{introtext}\n\n{url}', 1, 8, NOW()),
+('linkedin', 'LinkedIn Default', '{title}\n\n{introtext}\n\n{url}', 1, 9, NOW()),
+('bluesky', 'Bluesky Default', '{title}\n\n{url}', 1, 10, NOW()),
+('threads', 'Threads Default', '{title}\n\n{introtext}\n\n{url}', 1, 11, NOW()),
+('teams', 'Teams Default', '**{title}**\n\n{introtext}\n\n[Read more]({url})', 1, 12, NOW()),
+('medium', 'Medium Default', '{title}\n\n{introtext}\n\n{url}', 1, 13, NOW()),
+('wordpress', 'WordPress Default', '{title}\n\n{introtext}\n\n{url}', 1, 14, NOW()),
+('webhook', 'Webhook Default', '{title}\n\n{introtext}\n\n{url}', 1, 15, NOW()),
+('sendgrid', 'SendGrid Default', '<h1>{title}</h1>\n<p>{introtext}</p>\n<p><a href=\"{url}\">Read more</a></p>', 1, 16, NOW()),
+('brevo', 'Brevo Default', '<h1>{title}</h1>\n<p>{introtext}</p>\n<p><a href=\"{url}\">Read more</a></p>', 1, 17, NOW()),
+('ntfy', 'Ntfy Default', '{title}: {introtext}', 1, 18, NOW()),
+('reddit', 'Reddit Default', '{title}', 1, 19, NOW()),
+('pinterest', 'Pinterest Default', '{title} - {introtext}', 1, 20, NOW());
+
+CREATE TABLE IF NOT EXISTS `#__mokosuitecross_category_rules` (
+    `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+    `category_id` int(10) unsigned NOT NULL,
+    `service_id` int(10) unsigned NOT NULL,
+    `published` tinyint(1) NOT NULL DEFAULT 1,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `idx_category_service` (`category_id`, `service_id`),
+    KEY `idx_category` (`category_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

source/packages/com_mokosuitecross/sql/uninstall.mysql.sql

@@ -0,0 +1,5 @@
+-- MokoSuiteCross — Uninstall
+DROP TABLE IF EXISTS `#__mokosuitecross_logs`;
+DROP TABLE IF EXISTS `#__mokosuitecross_posts`;
+DROP TABLE IF EXISTS `#__mokosuitecross_templates`;
+DROP TABLE IF EXISTS `#__mokosuitecross_services`;

source/packages/com_mokosuitecross/sql/updates/mysql/01.00.00.sql

@@ -1,2 +1,2 @@
--- MokoJoomCross 01.00.00 — Initial release
+-- MokoSuiteCross 01.00.00 — Initial release
 -- No update queries needed for initial version

source/packages/com_mokosuitecross/sql/updates/mysql/01.01.00.sql

@@ -0,0 +1,14 @@
+-- MokoSuiteCross 01.01.00 — Category routing rules
+-- Copyright (C) 2026 Moko Consulting. All rights reserved.
+-- SPDX-License-Identifier: GPL-3.0-or-later
+-- Note: also in install.mysql.sql for fresh installs; IF NOT EXISTS prevents conflicts
+
+CREATE TABLE IF NOT EXISTS `#__mokosuitecross_category_rules` (
+    `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+    `category_id` int(10) unsigned NOT NULL,
+    `service_id` int(10) unsigned NOT NULL,
+    `published` tinyint(1) NOT NULL DEFAULT 1,
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `idx_category_service` (`category_id`, `service_id`),
+    KEY `idx_category` (`category_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

source/packages/com_mokosuitecross/src/Controller/DashboardController.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\Controller\BaseController;
+use Joomla\CMS\Router\Route;
+use Joomla\Component\MokoSuiteCross\Administrator\Helper\MigrationHelper;
+
+class DashboardController extends BaseController
+{
+    /**
+     * Run Perfect Publisher Pro migration.
+     *
+     * @return  void
+     */
+    public function migrate(): void
+    {
+        $this->checkToken();
+
+        // Check ACL
+        if (!$this->app->getIdentity()->authorise('mokosuitecross.migrate', 'com_mokosuitecross')) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=dashboard', false),
+                Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'),
+                'error'
+            );
+
+            return;
+        }
+
+        $result = MigrationHelper::migrate();
+
+        if (!empty($result['errors'])) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=dashboard', false),
+                Text::sprintf('COM_MOKOSUITECROSS_MIGRATION_ERROR', implode('; ', $result['errors'])),
+                'error'
+            );
+
+            return;
+        }
+
+        $this->setRedirect(
+            Route::_('index.php?option=com_mokosuitecross&view=dashboard', false),
+            Text::sprintf('COM_MOKOSUITECROSS_MIGRATION_SUCCESS', $result['migrated'], $result['skipped']),
+            'success'
+        );
+    }
+}

source/packages/com_mokosuitecross/src/Controller/DispatchController.php

@@ -0,0 +1,262 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\Controller\BaseController;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\Uri\Uri;
+use Joomla\Component\MokoSuiteCross\Administrator\Helper\CrossPostDispatcher;
+use Joomla\Component\MokoSuiteCross\Administrator\Service\MokoSuiteCrossServiceInterface;
+
+/**
+ * REST API controller for dispatching cross-posts.
+ *
+ * Endpoint: POST /api/index.php/v1/mokosuitecross/dispatch
+ *
+ * JSON body:
+ *   {
+ *     "article_id": 123,
+ *     "service_ids": [1, 2, 3]   // optional — omit to post to all enabled services
+ *   }
+ *
+ * Returns JSON with the created post IDs and status.
+ *
+ * Authentication is handled by Joomla's API application (token or session).
+ * The webservices plugin routes POST requests here via the API router.
+ */
+class DispatchController extends BaseController
+{
+    /**
+     * Dispatch cross-posts for an article to one or more services.
+     *
+     * @return  void
+     */
+    public function dispatch(): void
+    {
+        $app = $this->app;
+
+        // Enforce POST method — this is a state-changing action endpoint
+        if (strtoupper($this->input->getMethod()) !== 'POST') {
+            $this->sendJsonResponse(['error' => 'Method not allowed. Use POST.'], 405);
+
+            return;
+        }
+
+        // ACL check — require core.manage on the component
+        if (!Factory::getApplication()->getIdentity()->authorise('core.manage', 'com_mokosuitecross')) {
+            $this->sendJsonResponse(['error' => 'Forbidden'], 403);
+
+            return;
+        }
+
+        // Read JSON body
+        $input     = json_decode(file_get_contents('php://input'), true) ?: [];
+        $articleId = (int) ($input['article_id'] ?? 0);
+        $serviceIds = $input['service_ids'] ?? null;
+
+        if ($articleId < 1) {
+            $this->sendJsonResponse(['error' => Text::_('COM_MOKOSUITECROSS_DISPATCH_MISSING_ARTICLE')], 400);
+
+            return;
+        }
+
+        // Validate service_ids if provided
+        if ($serviceIds !== null) {
+            if (!is_array($serviceIds) || empty($serviceIds)) {
+                $this->sendJsonResponse(['error' => Text::_('COM_MOKOSUITECROSS_DISPATCH_INVALID_SERVICES')], 400);
+
+                return;
+            }
+
+            $serviceIds = array_map('intval', $serviceIds);
+        }
+
+        $db = Factory::getDbo();
+
+        // Load the article
+        $query = $db->getQuery(true)
+            ->select('*')
+            ->from($db->quoteName('#__content'))
+            ->where($db->quoteName('id') . ' = ' . $articleId);
+
+        $db->setQuery($query);
+        $article = $db->loadObject();
+
+        if (!$article) {
+            $this->sendJsonResponse(['error' => Text::_('COM_MOKOSUITECROSS_DISPATCH_ARTICLE_NOT_FOUND')], 404);
+
+            return;
+        }
+
+        // Load enabled services, optionally filtered by service_ids
+        $query = $db->getQuery(true)
+            ->select('*')
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('published') . ' = 1')
+            ->order($db->quoteName('ordering') . ' ASC');
+
+        if ($serviceIds !== null) {
+            $query->where($db->quoteName('id') . ' IN (' . implode(',', $serviceIds) . ')');
+        }
+
+        $db->setQuery($query);
+        $services = $db->loadObjectList() ?: [];
+
+        if (empty($services)) {
+            $this->sendJsonResponse(['error' => Text::_('COM_MOKOSUITECROSS_DISPATCH_NO_SERVICES')], 404);
+
+            return;
+        }
+
+        // Import service plugins and build type-to-plugin map.
+        // In Joomla 5+ with SubscriberInterface, plugins receive the Event object
+        // as their first argument. When they do $services[] = $this, they append to
+        // the Event via ArrayAccess at numeric indices starting at 1.
+        PluginHelper::importPlugin('mokosuitecross');
+
+        $servicePlugins = [];
+        $event = new \Joomla\Event\Event('onMokoSuiteCrossGetServices', [$servicePlugins]);
+
+        try {
+            $app->getDispatcher()->dispatch('onMokoSuiteCrossGetServices', $event);
+        } catch (\Throwable $e) {
+            // Dispatcher may not be available
+        }
+
+        // Read plugins back from the Event's ArrayAccess indices
+        $idx = 1;
+
+        while (isset($event[$idx])) {
+            $servicePlugins[] = $event[$idx];
+            $idx++;
+        }
+
+        $pluginMap = [];
+
+        foreach ($servicePlugins as $plugin) {
+            if ($plugin instanceof MokoSuiteCrossServiceInterface) {
+                $pluginMap[$plugin->getServiceType()] = $plugin;
+            }
+        }
+
+        // Create queue entries
+        $now       = Factory::getDate()->toSql();
+        $createdIds = [];
+        $skipped    = [];
+
+        // Build article URL
+        $articleUrl = Uri::root() . 'index.php?option=com_content&view=article&id=' . $article->id;
+
+        if (!empty($article->catid)) {
+            $articleUrl .= '&catid=' . $article->catid;
+        }
+
+        // Extract intro image for media
+        $media  = [];
+        $images = json_decode($article->images ?? '{}');
+
+        if (!empty($images->image_intro)) {
+            $media[] = Uri::root() . ltrim($images->image_intro, '/');
+        }
+
+        foreach ($services as $service) {
+            // Duplicate guard — skip if article already posted/queued for this service
+            $query = $db->getQuery(true)
+                ->select('COUNT(*)')
+                ->from($db->quoteName('#__mokosuitecross_posts'))
+                ->where($db->quoteName('article_id') . ' = ' . (int) $article->id)
+                ->where($db->quoteName('service_id') . ' = ' . (int) $service->id)
+                ->where($db->quoteName('status') . ' IN (' . $db->quote('queued') . ',' . $db->quote('posted') . ',' . $db->quote('posting') . ')');
+
+            $db->setQuery($query);
+
+            if ((int) $db->loadResult() > 0) {
+                $skipped[] = [
+                    'service_id'   => (int) $service->id,
+                    'service_type' => $service->service_type,
+                    'reason'       => 'duplicate',
+                ];
+
+                continue;
+            }
+
+            // Render template via shared dispatcher logic
+            $message = CrossPostDispatcher::renderTemplate($article, $service);
+
+            // Create queue entry
+            $post = (object) [
+                'article_id'        => (int) $article->id,
+                'service_id'        => (int) $service->id,
+                'status'            => 'queued',
+                'message'           => $message,
+                'platform_post_id'  => '',
+                'platform_response' => '',
+                'error_message'     => '',
+                'retry_count'       => 0,
+                'created'           => $now,
+                'modified'          => $now,
+            ];
+
+            $db->insertObject('#__mokosuitecross_posts', $post);
+            $postId = (int) $db->insertid();
+
+            $createdIds[] = [
+                'post_id'      => $postId,
+                'service_id'   => (int) $service->id,
+                'service_type' => $service->service_type,
+                'status'       => 'queued',
+            ];
+
+            // Write log entry
+            $log = (object) [
+                'post_id'    => $postId,
+                'service_id' => (int) $service->id,
+                'level'      => 'info',
+                'message'    => sprintf('API dispatch: queued article %d to %s', $article->id, $service->service_type),
+                'context'    => '{}',
+                'created'    => $now,
+            ];
+
+            $db->insertObject('#__mokosuitecross_logs', $log);
+        }
+
+        $this->sendJsonResponse([
+            'article_id' => (int) $article->id,
+            'dispatched' => $createdIds,
+            'skipped'    => $skipped,
+        ], 200);
+    }
+
+    /**
+     * Send a JSON response and close the application.
+     *
+     * @param   array  $data      Response data
+     * @param   int    $httpCode  HTTP status code
+     *
+     * @return  void
+     */
+    private function sendJsonResponse(array $data, int $httpCode): void
+    {
+        $app = $this->app;
+
+        $app->setHeader('Content-Type', 'application/json; charset=utf-8');
+        $app->setHeader('Status', (string) $httpCode);
+
+        echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+
+        $app->close();
+    }
+}

source/packages/com_mokosuitecross/src/Controller/DisplayController.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Controller;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
 
 defined('_JEXEC') or die;
 

source/packages/com_mokosuitecross/src/Controller/OauthController.php

@@ -0,0 +1,198 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\Controller\BaseController;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\Router\Route;
+use Joomla\Component\MokoSuiteCross\Administrator\Helper\OAuthHelper;
+
+/**
+ * OAuth controller for handling browser-based authorization flows.
+ *
+ * Endpoints:
+ *   task=oauth.authorize  — Initiate OAuth flow (redirect to platform)
+ *   task=oauth.callback   — Handle platform redirect with auth code
+ */
+class OauthController extends BaseController
+{
+    /**
+     * Initiate OAuth authorization for a service.
+     *
+     * Expects: service_id (int) in request
+     */
+    public function authorize(): void
+    {
+        $this->checkToken();
+
+        $serviceId = $this->input->getInt('service_id', 0);
+
+        if (!$serviceId) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::_('COM_MOKOSUITECROSS_OAUTH_NO_SERVICE'),
+                'error'
+            );
+
+            return;
+        }
+
+        $db = \Joomla\CMS\Factory::getDbo();
+
+        $query = $db->getQuery(true)
+            ->select('*')
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('id') . ' = ' . $serviceId);
+
+        $db->setQuery($query);
+        $service = $db->loadObject();
+
+        if (!$service) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::_('COM_MOKOSUITECROSS_OAUTH_SERVICE_NOT_FOUND'),
+                'error'
+            );
+
+            return;
+        }
+
+        // Get client ID from plugin params
+        PluginHelper::importPlugin('mokosuitecross');
+        $pluginParams = PluginHelper::getPlugin('mokosuitecross', $service->service_type);
+        $params = json_decode($pluginParams->params ?? '{}', true) ?: [];
+
+        $clientId = $params['client_id'] ?? '';
+
+        if (empty($clientId)) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::sprintf('COM_MOKOSUITECROSS_OAUTH_NO_CLIENT_ID', ucfirst($service->service_type)),
+                'error'
+            );
+
+            return;
+        }
+
+        // Generate CSRF nonce and store in session
+        $nonce = bin2hex(random_bytes(16));
+        Factory::getApplication()->getSession()->set('mokosuitecross.oauth_nonce', $nonce);
+
+        $url = OAuthHelper::getAuthorizeUrl($service->service_type, $serviceId, $clientId, $nonce);
+
+        if (!$url) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::sprintf('COM_MOKOSUITECROSS_OAUTH_NOT_SUPPORTED', ucfirst($service->service_type)),
+                'error'
+            );
+
+            return;
+        }
+
+        $this->app->redirect($url);
+    }
+
+    /**
+     * Handle OAuth callback from platform.
+     *
+     * Expects: code (string), state (base64 JSON with service_id)
+     */
+    public function callback(): void
+    {
+        $code  = $this->input->getString('code', '');
+        $state = $this->input->getString('state', '');
+        $error = $this->input->getString('error', '');
+
+        if ($error) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::sprintf('COM_MOKOSUITECROSS_OAUTH_PLATFORM_ERROR', $error),
+                'error'
+            );
+
+            return;
+        }
+
+        if (empty($code) || empty($state)) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::_('COM_MOKOSUITECROSS_OAUTH_INVALID_CALLBACK'),
+                'error'
+            );
+
+            return;
+        }
+
+        $stateData = json_decode(base64_decode($state), true);
+        $serviceId   = (int) ($stateData['service_id'] ?? 0);
+        $serviceType = $stateData['type'] ?? '';
+        $stateNonce  = $stateData['nonce'] ?? '';
+
+        if (!$serviceId || !$serviceType) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::_('COM_MOKOSUITECROSS_OAUTH_INVALID_STATE'),
+                'error'
+            );
+
+            return;
+        }
+
+        // CSRF nonce validation — compare state nonce against session
+        $session      = Factory::getApplication()->getSession();
+        $sessionNonce = $session->get('mokosuitecross.oauth_nonce', '');
+        $session->clear('mokosuitecross.oauth_nonce');
+
+        if (empty($stateNonce) || !hash_equals($sessionNonce, $stateNonce)) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=services', false),
+                Text::_('COM_MOKOSUITECROSS_OAUTH_INVALID_STATE'),
+                'error'
+            );
+
+            return;
+        }
+
+        // Get client credentials from plugin params
+        PluginHelper::importPlugin('mokosuitecross');
+        $pluginParams = PluginHelper::getPlugin('mokosuitecross', $serviceType);
+        $params = json_decode($pluginParams->params ?? '{}', true) ?: [];
+
+        $clientId     = $params['client_id'] ?? '';
+        $clientSecret = $params['client_secret'] ?? '';
+
+        $tokenData = OAuthHelper::exchangeCode($serviceType, $code, $clientId, $clientSecret);
+
+        if (!empty($tokenData['error'])) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&task=service.edit&id=' . $serviceId, false),
+                Text::sprintf('COM_MOKOSUITECROSS_OAUTH_TOKEN_ERROR', $tokenData['error']),
+                'error'
+            );
+
+            return;
+        }
+
+        OAuthHelper::storeToken($serviceId, $tokenData);
+
+        $this->setRedirect(
+            Route::_('index.php?option=com_mokosuitecross&task=service.edit&id=' . $serviceId, false),
+            Text::sprintf('COM_MOKOSUITECROSS_OAUTH_SUCCESS', ucfirst($serviceType)),
+            'success'
+        );
+    }
+}

source/packages/com_mokosuitecross/src/Controller/PostController.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Controller;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
 
 defined('_JEXEC') or die;
 

source/packages/com_mokosuitecross/src/Controller/PostsController.php

@@ -0,0 +1,258 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\Controller\AdminController;
+use Joomla\CMS\Router\Route;
+
+class PostsController extends AdminController
+{
+    public function getModel($name = 'Post', $prefix = 'Administrator', $config = ['ignore_request' => true])
+    {
+        return parent::getModel($name, $prefix, $config);
+    }
+
+    /**
+     * Schedule selected posts for a future date/time.
+     *
+     * @return  void
+     */
+    public function schedule(): void
+    {
+        $this->checkToken();
+
+        $ids         = $this->input->get('cid', [], 'array');
+        $scheduledAt = $this->input->getString('scheduled_at', '');
+
+        if (empty($ids)) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+                Text::_('COM_MOKOSUITECROSS_POSTS_NO_ITEM_SELECTED'),
+                'warning'
+            );
+            return;
+        }
+
+        if (empty($scheduledAt)) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+                Text::_('COM_MOKOSUITECROSS_SCHEDULE_NO_DATE'),
+                'warning'
+            );
+            return;
+        }
+
+        try {
+            $scheduledDate = Factory::getDate($scheduledAt);
+            $scheduledAt   = $scheduledDate->toSql();
+        } catch (\Throwable $e) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+                Text::_('COM_MOKOSUITECROSS_SCHEDULE_INVALID_DATE'),
+                'error'
+            );
+            return;
+        }
+
+        $db  = Factory::getDbo();
+        $now = Factory::getDate()->toSql();
+
+        foreach ($ids as $id) {
+            $query = $db->getQuery(true)
+                ->update($db->quoteName('#__mokosuitecross_posts'))
+                ->set($db->quoteName('scheduled_at') . ' = ' . $db->quote($scheduledAt))
+                ->set($db->quoteName('status') . ' = ' . $db->quote('queued'))
+                ->set($db->quoteName('modified') . ' = ' . $db->quote($now))
+                ->where($db->quoteName('id') . ' = ' . (int) $id)
+                ->where($db->quoteName('status') . ' IN ('
+                    . $db->quote('queued') . ',' . $db->quote('failed') . ','
+                    . $db->quote('permanently_failed') . ',' . $db->quote('cancelled') . ')');
+
+            $db->setQuery($query);
+            $db->execute();
+        }
+
+        $this->setRedirect(
+            Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+            Text::sprintf('COM_MOKOSUITECROSS_POSTS_N_SCHEDULED', count($ids)),
+            'success'
+        );
+    }
+
+    /**
+     * Retry selected failed/permanently_failed posts.
+     *
+     * @return  void
+     */
+    public function retrySelected(): void
+    {
+        $this->checkToken();
+
+        $ids = $this->input->get('cid', [], 'array');
+
+        if (empty($ids)) {
+            $this->setRedirect(
+                Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+                Text::_('COM_MOKOSUITECROSS_POSTS_NO_ITEM_SELECTED'),
+                'warning'
+            );
+            return;
+        }
+
+        $count = \Joomla\Component\MokoSuiteCross\Administrator\Helper\QueueProcessor::retryPosts($ids);
+
+        $this->setRedirect(
+            Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+            Text::sprintf('COM_MOKOSUITECROSS_POSTS_N_RETRIED', $count),
+            'success'
+        );
+    }
+
+    /**
+     * Re-queue all failed posts by resetting their status to queued and retry count to 0.
+     *
+     * @return  void
+     */
+    public function retryFailed(): void
+    {
+        $this->checkToken();
+
+        $db = Factory::getDbo();
+
+        $query = $db->getQuery(true)
+            ->update($db->quoteName('#__mokosuitecross_posts'))
+            ->set($db->quoteName('status') . ' = ' . $db->quote('queued'))
+            ->set($db->quoteName('retry_count') . ' = 0')
+            ->set($db->quoteName('error_message') . ' = ' . $db->quote(''))
+            ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+            ->where($db->quoteName('status') . ' IN (' . $db->quote('failed') . ',' . $db->quote('permanently_failed') . ',' . $db->quote('cancelled') . ')');
+
+        $db->setQuery($query);
+        $db->execute();
+
+        $count = $db->getAffectedRows();
+
+        $this->setRedirect(
+            Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+            Text::plural('COM_MOKOSUITECROSS_POSTS_N_RETRIED', $count),
+            'success'
+        );
+    }
+
+    /**
+     * Export posts as CSV download.
+     *
+     * @return  void
+     */
+    public function exportCsv(): void
+    {
+        $this->checkToken('get');
+
+        if (!$this->app->getIdentity()->authorise('core.manage', 'com_mokosuitecross')) {
+            throw new \RuntimeException(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
+        }
+
+        $app = $this->app;
+        $db  = Factory::getDbo();
+
+        $query = $db->getQuery(true)
+            ->select([
+                $db->quoteName('c.title', 'article_title'),
+                'CONCAT(' . $db->quoteName('s.title') . ', ' . $db->quote(' (') . ', '
+                    . $db->quoteName('s.service_type') . ', ' . $db->quote(')') . ') AS service',
+                $db->quoteName('a.status'),
+                $db->quoteName('a.message'),
+                $db->quoteName('a.posted_at'),
+                $db->quoteName('a.error_message'),
+                $db->quoteName('a.platform_post_id'),
+                $db->quoteName('a.created'),
+            ])
+            ->from($db->quoteName('#__mokosuitecross_posts', 'a'))
+            ->join('LEFT', $db->quoteName('#__content', 'c')
+                . ' ON ' . $db->quoteName('c.id') . ' = ' . $db->quoteName('a.article_id'))
+            ->join('LEFT', $db->quoteName('#__mokosuitecross_services', 's')
+                . ' ON ' . $db->quoteName('s.id') . ' = ' . $db->quoteName('a.service_id'))
+            ->order($db->quoteName('a.created') . ' DESC');
+
+        // Apply current filters
+        $status = $app->input->get('filter_status', '', 'string');
+
+        if (!empty($status)) {
+            $query->where($db->quoteName('a.status') . ' = ' . $db->quote($status));
+        }
+
+        $serviceId = $app->input->getInt('filter_service_id', 0);
+
+        if (!empty($serviceId)) {
+            $query->where($db->quoteName('a.service_id') . ' = ' . (int) $serviceId);
+        }
+
+        $search = $app->input->get('filter_search', '', 'string');
+
+        if (!empty($search)) {
+            $search = '%' . $db->escape(trim($search), true) . '%';
+            $query->where('(' . $db->quoteName('c.title') . ' LIKE ' . $db->quote($search)
+                . ' OR ' . $db->quoteName('a.message') . ' LIKE ' . $db->quote($search) . ')');
+        }
+
+        $db->setQuery($query);
+        $rows = $db->loadAssocList() ?: [];
+
+        $filename = 'mokosuitecross-posts-' . Factory::getDate()->format('Y-m-d') . '.csv';
+
+        $app->setHeader('Content-Type', 'text/csv; charset=utf-8');
+        $app->setHeader('Content-Disposition', 'attachment; filename="' . $filename . '"');
+        $app->sendHeaders();
+
+        $fp = fopen('php://output', 'w');
+        fputcsv($fp, ['Article', 'Service', 'Status', 'Message', 'Posted At', 'Error', 'Platform Post ID', 'Created']);
+
+        foreach ($rows as $row) {
+            fputcsv($fp, $row);
+        }
+
+        fclose($fp);
+
+        $app->close();
+    }
+
+    /**
+     * Purge (delete) all posts with status 'posted'.
+     *
+     * @return  void
+     */
+    public function purgePosted(): void
+    {
+        $this->checkToken();
+
+        $db = Factory::getDbo();
+
+        $query = $db->getQuery(true)
+            ->delete($db->quoteName('#__mokosuitecross_posts'))
+            ->where($db->quoteName('status') . ' = ' . $db->quote('posted'));
+
+        $db->setQuery($query);
+        $db->execute();
+
+        $count = $db->getAffectedRows();
+
+        $this->setRedirect(
+            Route::_('index.php?option=com_mokosuitecross&view=posts', false),
+            Text::plural('COM_MOKOSUITECROSS_POSTS_N_PURGED', $count),
+            'success'
+        );
+    }
+}

source/packages/com_mokosuitecross/src/Controller/ServiceController.php

@@ -0,0 +1,104 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\MVC\Controller\FormController;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\Response\JsonResponse;
+use Joomla\Component\MokoSuiteCross\Administrator\Service\MokoSuiteCrossServiceInterface;
+
+class ServiceController extends FormController
+{
+    /**
+     * Test connection to a service by validating its credentials.
+     *
+     * @return  void
+     */
+    public function testConnection(): void
+    {
+        $this->checkToken();
+
+        if (!$this->app->getIdentity()->authorise('core.manage', 'com_mokosuitecross')) {
+            throw new \RuntimeException(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
+        }
+
+        $app = $this->app;
+        $id  = (int) $this->input->getInt('id', 0);
+
+        try {
+            if ($id <= 0) {
+                throw new \RuntimeException(Text::_('COM_MOKOSUITECROSS_TEST_CONNECTION_NO_SERVICE'));
+            }
+
+            // Load the service record
+            $db = Factory::getDbo();
+            $query = $db->getQuery(true)
+                ->select('*')
+                ->from($db->quoteName('#__mokosuitecross_services'))
+                ->where($db->quoteName('id') . ' = ' . $id);
+            $db->setQuery($query);
+            $service = $db->loadObject();
+
+            if (!$service) {
+                throw new \RuntimeException(Text::_('COM_MOKOSUITECROSS_TEST_CONNECTION_NOT_FOUND'));
+            }
+
+            // Get service plugins via dispatcher (Joomla 5+ Event ArrayAccess pattern)
+            PluginHelper::importPlugin('mokosuitecross');
+
+            $servicePlugins = [];
+            $event = new \Joomla\Event\Event('onMokoSuiteCrossGetServices', [$servicePlugins]);
+            $app->getDispatcher()->dispatch('onMokoSuiteCrossGetServices', $event);
+
+            $idx = 1;
+
+            while (isset($event[$idx])) {
+                $servicePlugins[] = $event[$idx];
+                $idx++;
+            }
+
+            // Find the matching plugin
+            $plugin = null;
+
+            foreach ($servicePlugins as $sp) {
+                if ($sp instanceof MokoSuiteCrossServiceInterface && $sp->getServiceType() === $service->service_type) {
+                    $plugin = $sp;
+                    break;
+                }
+            }
+
+            if (!$plugin) {
+                throw new \RuntimeException(Text::sprintf('COM_MOKOSUITECROSS_TEST_CONNECTION_NO_PLUGIN', $service->service_type));
+            }
+
+            // Decode credentials and validate
+            $credentials = \Joomla\Component\MokoSuiteCross\Administrator\Helper\CredentialHelper::decrypt($service->credentials ?: '');
+            $result = $plugin->validateCredentials($credentials);
+
+            $app->mimeType = 'application/json';
+            $app->setHeader('Content-Type', 'application/json; charset=utf-8');
+
+            echo new JsonResponse($result);
+        } catch (\Throwable $e) {
+            $app->mimeType = 'application/json';
+            $app->setHeader('Content-Type', 'application/json; charset=utf-8');
+
+            echo new JsonResponse($e);
+        }
+
+        $app->close();
+    }
+}

source/packages/com_mokosuitecross/src/Controller/ServicesController.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Controller;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
 
 defined('_JEXEC') or die;
 

source/packages/com_mokosuitecross/src/Controller/TemplateController.php

@@ -1,20 +1,20 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Controller;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
 
 defined('_JEXEC') or die;
 
 use Joomla\CMS\MVC\Controller\FormController;
 
-class ServiceController extends FormController
+class TemplateController extends FormController
 {
 }

source/packages/com_mokosuitecross/src/Controller/TemplatesController.php

@@ -1,23 +1,23 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Controller;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Controller;
 
 defined('_JEXEC') or die;
 
 use Joomla\CMS\MVC\Controller\AdminController;
 
-class PostsController extends AdminController
+class TemplatesController extends AdminController
 {
-    public function getModel($name = 'Post', $prefix = 'Administrator', $config = ['ignore_request' => true])
+    public function getModel($name = 'Template', $prefix = 'Administrator', $config = ['ignore_request' => true])
     {
         return parent::getModel($name, $prefix, $config);
     }

source/packages/com_mokosuitecross/src/Extension/MokoSuiteCrossComponent.php

@@ -1,20 +1,20 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Extension;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Extension;
 
 defined('_JEXEC') or die;
 
 use Joomla\CMS\Extension\MVCComponent;
 
-class MokoJoomCrossComponent extends MVCComponent
+class MokoSuiteCrossComponent extends MVCComponent
 {
 }

source/packages/com_mokosuitecross/src/Helper/CredentialHelper.php

@@ -0,0 +1,110 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+
+/**
+ * Encrypts and decrypts service credentials using libsodium.
+ *
+ * Uses Joomla's $secret from configuration.php as the key source.
+ * Falls back to plaintext JSON if sodium is unavailable or decryption
+ * fails (backward compat with existing unencrypted credentials).
+ */
+class CredentialHelper
+{
+    private const PREFIX = 'enc:sodium:';
+
+    /**
+     * Encrypt a credentials array to a storable string.
+     *
+     * @param   array  $credentials  Credentials to encrypt
+     *
+     * @return  string  Encrypted string prefixed with "enc:sodium:", or plain JSON as fallback
+     */
+    public static function encrypt(array $credentials): string
+    {
+        $json = json_encode($credentials);
+
+        if (!function_exists('sodium_crypto_secretbox')) {
+            return $json;
+        }
+
+        try {
+            $key   = self::deriveKey();
+            $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+            $cipher = sodium_crypto_secretbox($json, $nonce, $key);
+
+            return self::PREFIX . base64_encode($nonce . $cipher);
+        } catch (\Throwable $e) {
+            return $json;
+        }
+    }
+
+    /**
+     * Decrypt a credentials string back to an array.
+     *
+     * Handles both encrypted (prefixed) and legacy plaintext JSON.
+     *
+     * @param   string  $stored  Stored credential string
+     *
+     * @return  array  Decoded credentials
+     */
+    public static function decrypt(string $stored): array
+    {
+        if (empty($stored)) {
+            return [];
+        }
+
+        // Legacy plaintext JSON — no prefix
+        if (!str_starts_with($stored, self::PREFIX)) {
+            return json_decode($stored, true) ?: [];
+        }
+
+        if (!function_exists('sodium_crypto_secretbox_open')) {
+            return [];
+        }
+
+        try {
+            $key     = self::deriveKey();
+            $payload = base64_decode(substr($stored, strlen(self::PREFIX)));
+
+            if ($payload === false || strlen($payload) < SODIUM_CRYPTO_SECRETBOX_NONCEBYTES) {
+                return [];
+            }
+
+            $nonce  = substr($payload, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+            $cipher = substr($payload, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+            $plain  = sodium_crypto_secretbox_open($cipher, $nonce, $key);
+
+            if ($plain === false) {
+                return [];
+            }
+
+            return json_decode($plain, true) ?: [];
+        } catch (\Throwable $e) {
+            return [];
+        }
+    }
+
+    /**
+     * Derive a 32-byte encryption key from Joomla's secret.
+     */
+    private static function deriveKey(): string
+    {
+        $secret = Factory::getApplication()->get('secret', '');
+
+        return sodium_crypto_generichash($secret, '', SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
+    }
+}

source/packages/com_mokosuitecross/src/Helper/CrossPostDispatcher.php

@@ -0,0 +1,494 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Component\ComponentHelper;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\Uri\Uri;
+use Joomla\Component\MokoSuiteCross\Administrator\Service\MokoSuiteCrossServiceInterface;
+
+/**
+ * Static dispatcher for cross-posting content from any source plugin.
+ *
+ * Centralises the dispatch logic that was previously only in the system plugin,
+ * so content-type source plugins (articles, calendar events, gallery items) can
+ * trigger cross-posts without coupling to plg_system_mokosuitecross.
+ */
+class CrossPostDispatcher
+{
+    /**
+     * Dispatch an article-like payload to all enabled cross-post services.
+     *
+     * @param   object       $article      Article or article-like object
+     * @param   string       $articleUrl   Canonical URL for the content item
+     * @param   string|null  $contentType  Content type context (e.g. 'com_content.article')
+     */
+    public static function dispatch(object $article, string $articleUrl = '', ?string $contentType = null): void
+    {
+        $db = Factory::getDbo();
+
+        // Load all enabled services
+        $query = $db->getQuery(true)
+            ->select('*')
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('published') . ' = 1')
+            ->order($db->quoteName('ordering') . ' ASC');
+
+        $db->setQuery($query);
+        $services = $db->loadObjectList();
+
+        if (empty($services)) {
+            return;
+        }
+
+        // Import service plugins so they register with the dispatcher
+        PluginHelper::importPlugin('mokosuitecross');
+
+        // Collect registered service plugin instances.
+        // In Joomla 5+ with SubscriberInterface, plugins receive the Event object
+        // as their first argument. When they do $services[] = $this, they append to
+        // the Event via ArrayAccess at numeric indices starting at 1.
+        $servicePlugins = [];
+        $event = new \Joomla\Event\Event('onMokoSuiteCrossGetServices', [$servicePlugins]);
+
+        try {
+            Factory::getApplication()->getDispatcher()->dispatch('onMokoSuiteCrossGetServices', $event);
+        } catch (\Throwable $e) {
+            // Dispatcher may not be available in all contexts
+        }
+
+        // Read plugins back from the Event's ArrayAccess indices
+        $idx = 1;
+
+        while (isset($event[$idx])) {
+            $servicePlugins[] = $event[$idx];
+            $idx++;
+        }
+
+        // Index by service type for lookup
+        $pluginMap = [];
+
+        foreach ($servicePlugins as $plugin) {
+            if ($plugin instanceof MokoSuiteCrossServiceInterface) {
+                $pluginMap[$plugin->getServiceType()] = $plugin;
+            }
+        }
+
+        $componentParams = ComponentHelper::getParams('com_mokosuitecross');
+
+        // Per-article selective cross-posting (#19)
+        $attribs = json_decode($article->attribs ?? '{}', true) ?: [];
+        $selectedServiceIds = $attribs['mokosuitecross_services'] ?? null;
+        $skipCrossPost      = !empty($attribs['mokosuitecross_skip']);
+
+        if ($skipCrossPost) {
+            return;
+        }
+
+        // If specific services selected, convert to array of ints for filtering
+        if (is_array($selectedServiceIds) && !empty($selectedServiceIds)) {
+            $selectedServiceIds = array_map('intval', $selectedServiceIds);
+        } else {
+            $selectedServiceIds = null; // null = post to all
+        }
+
+        // Category routing rules — whitelist services by category
+        $categoryServiceIds = null;
+
+        if (!empty($article->catid)) {
+            $query = $db->getQuery(true)
+                ->select('service_id')
+                ->from($db->quoteName('#__mokosuitecross_category_rules'))
+                ->where($db->quoteName('category_id') . ' = ' . (int) $article->catid)
+                ->where($db->quoteName('published') . ' = 1');
+            $db->setQuery($query);
+            $ruleIds = $db->loadColumn();
+
+            if (!empty($ruleIds)) {
+                $categoryServiceIds = array_map('intval', $ruleIds);
+            }
+        }
+
+        // Determine service type filter from content type property
+        $serviceTypeFilter = $article->_content_type ?? null;
+
+        // Batch duplicate guard — single query for all services (fixes N query overhead)
+        $serviceIdList = implode(',', array_map(function ($s) { return (int) $s->id; }, $services));
+        $query = $db->getQuery(true)
+            ->select($db->quoteName('service_id'))
+            ->from($db->quoteName('#__mokosuitecross_posts'))
+            ->where($db->quoteName('article_id') . ' = ' . (int) $article->id)
+            ->where($db->quoteName('service_id') . ' IN (' . $serviceIdList . ')')
+            ->where($db->quoteName('status') . ' IN (' . $db->quote('queued') . ',' . $db->quote('posted') . ',' . $db->quote('posting') . ')');
+        $db->setQuery($query);
+        $existingServiceIds = array_map('intval', $db->loadColumn() ?: []);
+
+        // Batch template loading — single query for all needed service types + default
+        $serviceTypes = array_unique(array_column($services, 'service_type'));
+        $typeQuotes   = array_map([$db, 'quote'], $serviceTypes);
+        $typeQuotes[] = $db->quote('default');
+        $query = $db->getQuery(true)
+            ->select([$db->quoteName('service_type'), $db->quoteName('template_body')])
+            ->from($db->quoteName('#__mokosuitecross_templates'))
+            ->where($db->quoteName('published') . ' = 1')
+            ->where($db->quoteName('service_type') . ' IN (' . implode(',', $typeQuotes) . ')')
+            ->order($db->quoteName('service_type') . ' ASC');
+        $db->setQuery($query);
+        $templateRows = $db->loadObjectList() ?: [];
+
+        $templateMap = [];
+
+        foreach ($templateRows as $row) {
+            $templateMap[$row->service_type] = $row->template_body;
+        }
+
+        // Pre-build article metadata once (category, author, tags) — avoids N queries per service
+        $articleMeta = self::buildArticleMeta($article);
+
+        foreach ($services as $service) {
+            // Category routing filter — if rules exist, only post to whitelisted services
+            if ($categoryServiceIds !== null && !in_array((int) $service->id, $categoryServiceIds, true)) {
+                continue;
+            }
+            // Service type filter for non-article content types
+            if ($serviceTypeFilter !== null && $service->service_type !== $serviceTypeFilter) {
+                continue;
+            }
+
+            // Per-article filter
+            if ($selectedServiceIds !== null && !in_array((int) $service->id, $selectedServiceIds, true)) {
+                continue;
+            }
+
+            // Batch duplicate guard check
+            if (in_array((int) $service->id, $existingServiceIds, true)) {
+                continue;
+            }
+
+            $message = self::renderTemplate($article, $service, $templateMap, $articleMeta);
+
+            // Extract intro image for media attachment
+            $media  = [];
+            $images = json_decode($article->images ?? '{}');
+
+            if (!empty($images->image_intro)) {
+                $media[] = Uri::root() . ltrim($images->image_intro, '/');
+            }
+
+            // Create queue entry
+            $post = (object) [
+                'article_id'         => (int) $article->id,
+                'service_id'         => (int) $service->id,
+                'status'             => 'queued',
+                'message'            => $message,
+                'platform_post_id'   => '',
+                'platform_response'  => '',
+                'error_message'      => '',
+                'retry_count'        => 0,
+                'created'            => Factory::getDate()->toSql(),
+                'modified'           => Factory::getDate()->toSql(),
+            ];
+
+            $db->insertObject('#__mokosuitecross_posts', $post);
+            $postId = $db->insertid();
+
+            // Resolve article URL
+            $url = $article->_article_url ?? $articleUrl;
+
+            if (empty($url)) {
+                $url = Uri::root() . 'index.php?option=com_content&view=article&id=' . $article->id
+                    . (!empty($article->catid) ? '&catid=' . $article->catid : '');
+            }
+
+            // Attempt immediate dispatch if service plugin is available
+            $plugin = $pluginMap[$service->service_type] ?? null;
+
+            if ($plugin) {
+                self::executePost($db, $postId, $plugin, $message, $service, $media, $url);
+            } else {
+                self::log($db, $postId, $service->id, 'warning',
+                    sprintf('No service plugin found for type "%s" — post remains queued', $service->service_type));
+            }
+        }
+    }
+
+    /**
+     * Execute a cross-post via the service plugin.
+     */
+    private static function executePost($db, int $postId, MokoSuiteCrossServiceInterface $plugin, string $message, object $service, array $media = [], string $articleUrl = ''): void
+    {
+        // Mark as posting
+        $db->setQuery(
+            $db->getQuery(true)
+                ->update($db->quoteName('#__mokosuitecross_posts'))
+                ->set($db->quoteName('status') . ' = ' . $db->quote('posting'))
+                ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                ->where($db->quoteName('id') . ' = ' . $postId)
+        );
+        $db->execute();
+
+        $credentials = CredentialHelper::decrypt($service->credentials ?: '');
+        $params      = json_decode($service->params ?: '{}', true) ?: [];
+
+        if (!empty($articleUrl)) {
+            $params['_article_url'] = $articleUrl;
+        }
+
+        // Lifecycle event: before post
+        $cancel = false;
+        $dispatcher = Factory::getApplication()->getDispatcher();
+
+        try {
+            $beforeEvent = new \Joomla\Event\Event('onMokoSuiteCrossBeforePost', [$postId, &$message, $service->service_type, &$cancel]);
+            $dispatcher->dispatch('onMokoSuiteCrossBeforePost', $beforeEvent);
+        } catch (\Throwable $e) {
+            // Dispatcher may not be available
+        }
+
+        if ($cancel) {
+            $db->setQuery(
+                $db->getQuery(true)
+                    ->update($db->quoteName('#__mokosuitecross_posts'))
+                    ->set($db->quoteName('status') . ' = ' . $db->quote('cancelled'))
+                    ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                    ->where($db->quoteName('id') . ' = ' . $postId)
+            );
+            $db->execute();
+
+            self::log($db, $postId, $service->id, 'info',
+                sprintf('Post to %s cancelled by onMokoSuiteCrossBeforePost event', $service->service_type));
+
+            return;
+        }
+
+        try {
+            $result = $plugin->publish($message, $media, $credentials, $params);
+
+            if (!empty($result['success'])) {
+                $db->setQuery(
+                    $db->getQuery(true)
+                        ->update($db->quoteName('#__mokosuitecross_posts'))
+                        ->set($db->quoteName('status') . ' = ' . $db->quote('posted'))
+                        ->set($db->quoteName('platform_post_id') . ' = ' . $db->quote($result['platform_post_id'] ?? ''))
+                        ->set($db->quoteName('platform_response') . ' = ' . $db->quote(json_encode($result['response'] ?? [])))
+                        ->set($db->quoteName('posted_at') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                        ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                        ->where($db->quoteName('id') . ' = ' . $postId)
+                );
+                $db->execute();
+
+                self::log($db, $postId, $service->id, 'info',
+                    sprintf('Posted to %s (platform ID: %s)', $service->service_type, $result['platform_post_id'] ?? 'n/a'));
+
+                try {
+                    $afterEvent = new \Joomla\Event\Event('onMokoSuiteCrossAfterPost', [$postId, $service->service_type, $result]);
+                    $dispatcher->dispatch('onMokoSuiteCrossAfterPost', $afterEvent);
+                } catch (\Throwable $e) {
+                    // Non-critical
+                }
+            } else {
+                $errorMsg = $result['response']['error'] ?? json_encode($result['response'] ?? []);
+
+                $db->setQuery(
+                    $db->getQuery(true)
+                        ->update($db->quoteName('#__mokosuitecross_posts'))
+                        ->set($db->quoteName('status') . ' = ' . $db->quote('failed'))
+                        ->set($db->quoteName('error_message') . ' = ' . $db->quote(mb_substr($errorMsg, 0, 1000)))
+                        ->set($db->quoteName('platform_response') . ' = ' . $db->quote(json_encode($result['response'] ?? [])))
+                        ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                        ->where($db->quoteName('id') . ' = ' . $postId)
+                );
+                $db->execute();
+
+                self::log($db, $postId, $service->id, 'error',
+                    sprintf('Failed to post to %s: %s', $service->service_type, $errorMsg));
+
+                try {
+                    $failedEvent = new \Joomla\Event\Event('onMokoSuiteCrossPostFailed', [$postId, $service->service_type, $errorMsg]);
+                    $dispatcher->dispatch('onMokoSuiteCrossPostFailed', $failedEvent);
+                } catch (\Throwable $e) {
+                    // Non-critical
+                }
+            }
+        } catch (\Throwable $e) {
+            $db->setQuery(
+                $db->getQuery(true)
+                    ->update($db->quoteName('#__mokosuitecross_posts'))
+                    ->set($db->quoteName('status') . ' = ' . $db->quote('failed'))
+                    ->set($db->quoteName('error_message') . ' = ' . $db->quote(mb_substr($e->getMessage(), 0, 1000)))
+                    ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                    ->where($db->quoteName('id') . ' = ' . $postId)
+            );
+            $db->execute();
+
+            self::log($db, $postId, $service->id, 'error',
+                sprintf('Exception posting to %s: %s', $service->service_type, $e->getMessage()));
+
+            try {
+                $failedEvent = new \Joomla\Event\Event('onMokoSuiteCrossPostFailed', [$postId, $service->service_type, $e->getMessage()]);
+                $dispatcher->dispatch('onMokoSuiteCrossPostFailed', $failedEvent);
+            } catch (\Throwable $ex) {
+                // Non-critical
+            }
+        }
+    }
+
+    /**
+     * Build article metadata (category, author, tags, image) for template rendering.
+     * Call once per article, then pass to renderTemplate() for each service.
+     *
+     * @param   object  $article  Article object
+     *
+     * @return  array  Pre-resolved metadata for template placeholders
+     */
+    public static function buildArticleMeta(object $article): array
+    {
+        $db = Factory::getDbo();
+
+        $url = $article->_article_url
+            ?? (Uri::root() . 'index.php?option=com_content&view=article&id=' . $article->id
+                . (!empty($article->catid) ? '&catid=' . $article->catid : ''));
+
+        $categoryName = '';
+
+        if (!empty($article->catid)) {
+            $query = $db->getQuery(true)
+                ->select($db->quoteName('title'))
+                ->from($db->quoteName('#__categories'))
+                ->where($db->quoteName('id') . ' = ' . (int) $article->catid);
+            $db->setQuery($query);
+            $categoryName = $db->loadResult() ?: '';
+        }
+
+        $authorName = '';
+
+        if (!empty($article->created_by)) {
+            $query = $db->getQuery(true)
+                ->select($db->quoteName('name'))
+                ->from($db->quoteName('#__users'))
+                ->where($db->quoteName('id') . ' = ' . (int) $article->created_by);
+            $db->setQuery($query);
+            $authorName = $db->loadResult() ?: '';
+        }
+
+        $introImage = '';
+        $images = json_decode($article->images ?? '{}');
+
+        if (!empty($images->image_intro)) {
+            $introImage = Uri::root() . ltrim($images->image_intro, '/');
+        }
+
+        $tagNames = [];
+
+        if (!empty($article->id)) {
+            $query = $db->getQuery(true)
+                ->select($db->quoteName('t.title'))
+                ->from($db->quoteName('#__tags', 't'))
+                ->join('INNER', $db->quoteName('#__contentitem_tag_map', 'm')
+                    . ' ON ' . $db->quoteName('m.tag_id') . ' = ' . $db->quoteName('t.id'))
+                ->where($db->quoteName('m.type_alias') . ' = ' . $db->quote('com_content.article'))
+                ->where($db->quoteName('m.content_item_id') . ' = ' . (int) $article->id)
+                ->where($db->quoteName('t.published') . ' = 1');
+            $db->setQuery($query);
+            $tagNames = $db->loadColumn() ?: [];
+        }
+
+        $tagsComma = implode(', ', $tagNames);
+        $hashtags  = implode(' ', array_map(function ($tag) {
+            return '#' . preg_replace('/\s+/', '', $tag);
+        }, $tagNames));
+
+        return [
+            '{title}'     => $article->title ?? '',
+            '{introtext}' => strip_tags(mb_substr($article->introtext ?? '', 0, 280)),
+            '{fulltext}'  => strip_tags(mb_substr($article->fulltext ?? '', 0, 500)),
+            '{url}'       => $url,
+            '{image}'     => $introImage,
+            '{category}'  => $categoryName,
+            '{author}'    => $authorName,
+            '{date}'      => Factory::getDate($article->publish_up ?? 'now')->format('Y-m-d'),
+            '{tags}'      => $tagsComma,
+            '{hashtags}'  => $hashtags,
+        ];
+    }
+
+    /**
+     * Render the message template for a service.
+     *
+     * @param   object  $article      Article object
+     * @param   object  $service      Service object
+     * @param   array   $templateMap  Pre-loaded template map (service_type => body)
+     * @param   array   $articleMeta  Pre-built article metadata from buildArticleMeta()
+     */
+    public static function renderTemplate(object $article, object $service, array $templateMap = [], array $articleMeta = []): string
+    {
+        $db = Factory::getDbo();
+
+        // Use pre-loaded template map if available, otherwise query
+        if (!empty($templateMap)) {
+            $template = $templateMap[$service->service_type] ?? $templateMap['default'] ?? "{title}\n\n{url}";
+        } else {
+            $query = $db->getQuery(true)
+                ->select($db->quoteName('template_body'))
+                ->from($db->quoteName('#__mokosuitecross_templates'))
+                ->where($db->quoteName('published') . ' = 1')
+                ->where('(' . $db->quoteName('service_type') . ' = ' . $db->quote($service->service_type)
+                    . ' OR ' . $db->quoteName('service_type') . ' = ' . $db->quote('default') . ')')
+                ->order('CASE WHEN ' . $db->quoteName('service_type') . ' = '
+                    . $db->quote($service->service_type) . ' THEN 0 ELSE 1 END')
+                ->setLimit(1);
+
+            $db->setQuery($query);
+            $template = $db->loadResult() ?: "{title}\n\n{url}";
+        }
+
+        // Use pre-built metadata if available, otherwise build on the fly
+        $replacements = !empty($articleMeta) ? $articleMeta : self::buildArticleMeta($article);
+
+        $message = str_replace(array_keys($replacements), array_values($replacements), $template);
+
+        // Resolve custom field placeholders: {field:field_name}
+        $message = preg_replace_callback('/\{field:([a-zA-Z0-9_-]+)\}/', function ($matches) use ($db, $article) {
+            $fieldName = $matches[1];
+            $query = $db->getQuery(true)
+                ->select('fv.value')
+                ->from($db->quoteName('#__fields_values', 'fv'))
+                ->join('INNER', $db->quoteName('#__fields', 'f') . ' ON f.id = fv.field_id')
+                ->where('f.name = ' . $db->quote($fieldName))
+                ->where('fv.item_id = ' . (int) $article->id);
+            $db->setQuery($query);
+            return $db->loadResult() ?: '';
+        }, $message);
+
+        return $message;
+    }
+
+    /**
+     * Write an entry to the activity log.
+     */
+    private static function log($db, ?int $postId, ?int $serviceId, string $level, string $message): void
+    {
+        $log = (object) [
+            'post_id'    => $postId,
+            'service_id' => $serviceId,
+            'level'      => $level,
+            'message'    => mb_substr($message, 0, 2000),
+            'context'    => '{}',
+            'created'    => Factory::getDate()->toSql(),
+        ];
+
+        $db->insertObject('#__mokosuitecross_logs', $log);
+    }
+}

source/packages/com_mokosuitecross/src/Helper/MigrationHelper.php

@@ -0,0 +1,388 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+
+/**
+ * Migration helper for importing settings from Perfect Publisher Pro (com_autotweet).
+ *
+ * PP Pro stores channels in #__autotweet_channels with a channeltype_id FK
+ * to #__autotweet_channeltypes. Each channel has a JSON params column
+ * containing OAuth tokens, API keys, webhook URLs, etc.
+ *
+ * This helper reads those channels and creates MokoSuiteCross service records.
+ */
+class MigrationHelper
+{
+    /**
+     * Channel type name → MokoSuiteCross service type mapping.
+     * PP Pro channeltype names vary; we match common patterns.
+     */
+    private const CHANNEL_MAP = [
+        'facebook'    => 'facebook',
+        'fb'          => 'facebook',
+        'twitter'     => 'twitter',
+        'tw'          => 'twitter',
+        'linkedin'    => 'linkedin',
+        'li'          => 'linkedin',
+        'telegram'    => 'telegram',
+        'tg'          => 'telegram',
+        'discord'     => 'discord',
+        'slack'       => 'slack',
+        'mastodon'    => 'mastodon',
+    ];
+
+    /**
+     * Run the full migration from Perfect Publisher Pro.
+     *
+     * Strategy:
+     *   1. Try reading #__autotweet_channels (PP Pro's channel table)
+     *   2. Fall back to reading component params if table doesn't exist
+     *   3. Create disabled MokoSuiteCross service records
+     *
+     * @return  array  ['migrated' => int, 'skipped' => int, 'errors' => string[]]
+     */
+    public static function migrate(): array
+    {
+        $db = Factory::getDbo();
+        $result = ['migrated' => 0, 'skipped' => 0, 'errors' => []];
+
+        // Check if PP Pro is installed
+        if (!self::isPPProInstalled($db)) {
+            $result['errors'][] = 'Perfect Publisher Pro (com_autotweet) is not installed.';
+
+            return $result;
+        }
+
+        // Try channel-based migration first (PP Pro stores configs in #__autotweet_channels)
+        if (self::hasChannelTable($db)) {
+            $result = self::migrateFromChannels($db, $result);
+        } else {
+            // Fall back to component params extraction
+            $result = self::migrateFromParams($db, $result);
+        }
+
+        // Clear migration flag from MokoSuiteCross params
+        self::clearMigrationFlag($db);
+
+        return $result;
+    }
+
+    /**
+     * Check if PP Pro is installed.
+     */
+    private static function isPPProInstalled($db): bool
+    {
+        $query = $db->getQuery(true)
+            ->select('COUNT(*)')
+            ->from($db->quoteName('#__extensions'))
+            ->where('(' . $db->quoteName('element') . ' = ' . $db->quote('com_autotweet')
+                . ' OR ' . $db->quoteName('element') . ' LIKE ' . $db->quote('%perfectpublisher%') . ')')
+            ->where($db->quoteName('type') . ' = ' . $db->quote('component'));
+
+        $db->setQuery($query);
+
+        return (int) $db->loadResult() > 0;
+    }
+
+    /**
+     * Check if the autotweet_channels table exists.
+     */
+    private static function hasChannelTable($db): bool
+    {
+        $prefix = $db->getPrefix();
+
+        try {
+            $db->setQuery('SHOW TABLES LIKE ' . $db->quote($prefix . 'autotweet_channels'));
+
+            return !empty($db->loadResult());
+        } catch (\Throwable $e) {
+            return false;
+        }
+    }
+
+    /**
+     * Migrate from #__autotweet_channels table (primary method).
+     */
+    private static function migrateFromChannels($db, array $result): array
+    {
+        // Load channels with their type names
+        $query = $db->getQuery(true)
+            ->select('c.id, c.name, c.published, c.params')
+            ->select($db->quoteName('ct.name', 'type_name'))
+            ->from($db->quoteName('#__autotweet_channels', 'c'))
+            ->join('LEFT', $db->quoteName('#__autotweet_channeltypes', 'ct')
+                . ' ON ' . $db->quoteName('ct.id') . ' = ' . $db->quoteName('c.channeltype_id'));
+
+        $db->setQuery($query);
+        $channels = $db->loadObjectList();
+
+        if (empty($channels)) {
+            $result['errors'][] = 'No channels found in Perfect Publisher Pro.';
+
+            return $result;
+        }
+
+        foreach ($channels as $channel) {
+            $typeName = strtolower(trim($channel->type_name ?? ''));
+
+            // Match to MokoSuiteCross service type
+            $mjcType = null;
+
+            foreach (self::CHANNEL_MAP as $pattern => $serviceType) {
+                if (str_contains($typeName, $pattern)) {
+                    $mjcType = $serviceType;
+                    break;
+                }
+            }
+
+            if (!$mjcType) {
+                $result['skipped']++;
+                continue;
+            }
+
+            // Check for duplicate (same type + migrated alias)
+            $alias = $mjcType . '-pp-' . $channel->id;
+            $query = $db->getQuery(true)
+                ->select('COUNT(*)')
+                ->from($db->quoteName('#__mokosuitecross_services'))
+                ->where($db->quoteName('alias') . ' = ' . $db->quote($alias));
+            $db->setQuery($query);
+
+            if ((int) $db->loadResult() > 0) {
+                $result['skipped']++;
+                continue;
+            }
+
+            // Parse channel params to extract credentials
+            $channelParams = json_decode($channel->params ?: '{}', true) ?: [];
+            $credentials = self::mapChannelCredentials($mjcType, $channelParams);
+
+            if (empty($credentials)) {
+                $result['skipped']++;
+                continue;
+            }
+
+            // Create MokoSuiteCross service record
+            $service = (object) [
+                'title'        => $channel->name ?: ucfirst($mjcType) . ' (PP Pro #' . $channel->id . ')',
+                'alias'        => $alias,
+                'service_type' => $mjcType,
+                'credentials'  => json_encode($credentials),
+                'params'       => '{}',
+                'published'    => 0, // Disabled — user must verify before enabling
+                'ordering'     => 0,
+                'created'      => Factory::getDate()->toSql(),
+                'modified'     => Factory::getDate()->toSql(),
+                'created_by'   => Factory::getApplication()->getIdentity()->id ?? 0,
+            ];
+
+            try {
+                $db->insertObject('#__mokosuitecross_services', $service);
+                $result['migrated']++;
+            } catch (\Throwable $e) {
+                $result['errors'][] = sprintf('Failed to create %s service: %s', $mjcType, $e->getMessage());
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Map PP Pro channel params to MokoSuiteCross credential format.
+     *
+     * PP Pro stores various keys in channel params depending on the type.
+     * We normalize them to MokoSuiteCross's expected credential structure.
+     */
+    private static function mapChannelCredentials(string $serviceType, array $channelParams): array
+    {
+        $creds = ['mode' => 'custom'];
+
+        // Common OAuth fields PP Pro uses
+        $oauthFields = ['access_token', 'access_secret', 'client_id', 'client_secret',
+                        'api_key', 'api_secret', 'app_id', 'app_secret', 'token'];
+
+        switch ($serviceType) {
+            case 'facebook':
+                $creds['page_access_token'] = $channelParams['access_token'] ?? $channelParams['token'] ?? '';
+                $creds['page_id']           = $channelParams['page_id'] ?? $channelParams['pageid'] ?? '';
+                break;
+
+            case 'twitter':
+                $creds['bearer_token']       = $channelParams['bearer_token'] ?? '';
+                $creds['api_key']            = $channelParams['api_key'] ?? $channelParams['consumer_key'] ?? '';
+                $creds['api_secret']         = $channelParams['api_secret'] ?? $channelParams['consumer_secret'] ?? '';
+                $creds['access_token']       = $channelParams['access_token'] ?? '';
+                $creds['access_token_secret'] = $channelParams['access_secret'] ?? $channelParams['access_token_secret'] ?? '';
+                break;
+
+            case 'linkedin':
+                $creds['access_token']   = $channelParams['access_token'] ?? $channelParams['token'] ?? '';
+                $creds['organization_id'] = $channelParams['company_id'] ?? $channelParams['organization_id'] ?? '';
+                $creds['person_id']      = $channelParams['person_id'] ?? $channelParams['member_id'] ?? '';
+                break;
+
+            case 'telegram':
+                $creds['bot_token'] = $channelParams['bot_token'] ?? $channelParams['token'] ?? $channelParams['api_key'] ?? '';
+                $creds['chat_id']   = $channelParams['chat_id'] ?? $channelParams['channel_id'] ?? '';
+                break;
+
+            case 'discord':
+                $creds['webhook_url'] = $channelParams['webhook_url'] ?? $channelParams['webhook'] ?? '';
+                break;
+
+            case 'slack':
+                $creds['webhook_url'] = $channelParams['webhook_url'] ?? $channelParams['webhook'] ?? '';
+                break;
+
+            case 'mastodon':
+                $creds['instance_url']  = $channelParams['instance_url'] ?? $channelParams['server'] ?? '';
+                $creds['access_token']  = $channelParams['access_token'] ?? $channelParams['token'] ?? '';
+                break;
+
+            default:
+                // Generic: copy all non-empty params
+                foreach ($channelParams as $key => $value) {
+                    if (!empty($value) && is_string($value)) {
+                        $creds[$key] = $value;
+                    }
+                }
+        }
+
+        // Remove empty credential values and the mode key for check
+        $check = array_filter($creds, fn($v, $k) => $k !== 'mode' && !empty($v), ARRAY_FILTER_USE_BOTH);
+
+        return empty($check) ? [] : $creds;
+    }
+
+    /**
+     * Fallback: migrate from component params when channel table doesn't exist.
+     */
+    private static function migrateFromParams($db, array $result): array
+    {
+        $query = $db->getQuery(true)
+            ->select($db->quoteName('params'))
+            ->from($db->quoteName('#__extensions'))
+            ->where('(' . $db->quoteName('element') . ' = ' . $db->quote('com_autotweet')
+                . ' OR ' . $db->quoteName('element') . ' LIKE ' . $db->quote('%perfectpublisher%') . ')')
+            ->where($db->quoteName('type') . ' = ' . $db->quote('component'));
+
+        $db->setQuery($query);
+        $rawParams = $db->loadResult();
+
+        if (!$rawParams) {
+            $result['errors'][] = 'No PP Pro configuration found.';
+
+            return $result;
+        }
+
+        $params = json_decode($rawParams, true);
+
+        if (!is_array($params)) {
+            $result['errors'][] = 'Could not parse PP Pro configuration.';
+
+            return $result;
+        }
+
+        // Extract services from component params using prefix patterns
+        $servicePatterns = [
+            'facebook'  => ['facebook_', 'fb_'],
+            'twitter'   => ['twitter_', 'tw_'],
+            'linkedin'  => ['linkedin_', 'li_'],
+            'telegram'  => ['telegram_', 'tg_'],
+        ];
+
+        foreach ($servicePatterns as $mjcType => $prefixes) {
+            $credentials = ['mode' => 'custom'];
+            $found = false;
+
+            foreach ($params as $key => $value) {
+                foreach ($prefixes as $prefix) {
+                    if (str_starts_with($key, $prefix) && !empty($value)) {
+                        $cleanKey = substr($key, strlen($prefix));
+                        $credentials[$cleanKey] = $value;
+                        $found = true;
+                    }
+                }
+            }
+
+            if (!$found) {
+                $result['skipped']++;
+                continue;
+            }
+
+            // Duplicate check
+            $query = $db->getQuery(true)
+                ->select('COUNT(*)')
+                ->from($db->quoteName('#__mokosuitecross_services'))
+                ->where($db->quoteName('service_type') . ' = ' . $db->quote($mjcType))
+                ->where($db->quoteName('alias') . ' LIKE ' . $db->quote('%-migrated%'));
+            $db->setQuery($query);
+
+            if ((int) $db->loadResult() > 0) {
+                $result['skipped']++;
+                continue;
+            }
+
+            $service = (object) [
+                'title'        => ucfirst($mjcType) . ' (migrated from PP Pro)',
+                'alias'        => $mjcType . '-migrated',
+                'service_type' => $mjcType,
+                'credentials'  => json_encode($credentials),
+                'params'       => '{}',
+                'published'    => 0,
+                'ordering'     => 0,
+                'created'      => Factory::getDate()->toSql(),
+                'modified'     => Factory::getDate()->toSql(),
+                'created_by'   => Factory::getApplication()->getIdentity()->id ?? 0,
+            ];
+
+            try {
+                $db->insertObject('#__mokosuitecross_services', $service);
+                $result['migrated']++;
+            } catch (\Throwable $e) {
+                $result['errors'][] = sprintf('Failed to create %s: %s', $mjcType, $e->getMessage());
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Clear the migration flag from MokoSuiteCross component params.
+     */
+    private static function clearMigrationFlag($db): void
+    {
+        $query = $db->getQuery(true)
+            ->select($db->quoteName('params'))
+            ->from($db->quoteName('#__extensions'))
+            ->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+            ->where($db->quoteName('element') . ' = ' . $db->quote('com_mokosuitecross'));
+
+        $db->setQuery($query);
+        $params = json_decode($db->loadResult() ?: '{}', true) ?: [];
+
+        unset($params['migration_available'], $params['migration_source_params']);
+
+        $query = $db->getQuery(true)
+            ->update($db->quoteName('#__extensions'))
+            ->set($db->quoteName('params') . ' = ' . $db->quote(json_encode($params)))
+            ->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+            ->where($db->quoteName('element') . ' = ' . $db->quote('com_mokosuitecross'));
+
+        $db->setQuery($query);
+        $db->execute();
+    }
+}

source/packages/com_mokosuitecross/src/Helper/MokoSuiteCrossHelper.php

@@ -0,0 +1,74 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Language\Text;
+
+/**
+ * Component helper — renders the admin submenu.
+ *
+ * Uses Joomla 5+ toolbar submenu API when available, falling back to the
+ * deprecated Sidebar API for Joomla 4 compatibility.
+ */
+class MokoSuiteCrossHelper
+{
+    /**
+     * Configure the submenu links.
+     *
+     * Called from each view's display() to highlight the active item.
+     *
+     * @param   string  $activeView  The current view name
+     *
+     * @return  void
+     */
+    public static function addSubmenu(string $activeView): void
+    {
+        $views = [
+            'dashboard' => 'COM_MOKOSUITECROSS_SUBMENU_DASHBOARD',
+            'posts'     => 'COM_MOKOSUITECROSS_SUBMENU_POSTS',
+            'services'  => 'COM_MOKOSUITECROSS_SUBMENU_SERVICES',
+            'templates' => 'COM_MOKOSUITECROSS_SUBMENU_TEMPLATES',
+            'logs'      => 'COM_MOKOSUITECROSS_SUBMENU_LOGS',
+        ];
+
+        // Joomla 5+ toolbar submenu
+        if (class_exists('Joomla\CMS\Toolbar\Toolbar')) {
+            try {
+                $toolbar = Factory::getApplication()->getDocument()->getToolbar('submenu');
+
+                if ($toolbar && method_exists($toolbar, 'linkButton')) {
+                    foreach ($views as $view => $langKey) {
+                        $toolbar->linkButton($view, Text::_($langKey))
+                            ->url('index.php?option=com_mokosuitecross&view=' . $view)
+                            ->active($activeView === $view);
+                    }
+
+                    return;
+                }
+            } catch (\Throwable $e) {
+                // Fall through to legacy sidebar
+            }
+        }
+
+        // Legacy fallback for Joomla 4
+        foreach ($views as $view => $langKey) {
+            \Joomla\CMS\HTML\Sidebar::addEntry(
+                Text::_($langKey),
+                'index.php?option=com_mokosuitecross&view=' . $view,
+                $activeView === $view
+            );
+        }
+    }
+}

source/packages/com_mokosuitecross/src/Helper/OAuthHelper.php

@@ -0,0 +1,311 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\Uri\Uri;
+
+/**
+ * OAuth helper for services requiring browser-based authorization.
+ *
+ * Handles the OAuth 2.0 authorization code flow:
+ *   1. Generate authorize URL → redirect user to platform
+ *   2. Platform redirects back with auth code
+ *   3. Exchange code for access token
+ *   4. Store token in service credentials
+ *
+ * Each platform has its own endpoints and scopes. The service plugin
+ * provides these via OAuthConfigInterface (if it supports OAuth).
+ */
+class OAuthHelper
+{
+    /**
+     * OAuth endpoint configs per service type.
+     */
+    private const OAUTH_CONFIGS = [
+        'facebook' => [
+            'authorize_url' => 'https://www.facebook.com/v19.0/dialog/oauth',
+            'token_url'     => 'https://graph.facebook.com/v19.0/oauth/access_token',
+            'scopes'        => 'pages_manage_posts,pages_read_engagement',
+        ],
+        'linkedin' => [
+            'authorize_url' => 'https://www.linkedin.com/oauth/v2/authorization',
+            'token_url'     => 'https://www.linkedin.com/oauth/v2/accessToken',
+            'scopes'        => 'w_member_social',
+        ],
+        'twitter' => [
+            'authorize_url' => 'https://twitter.com/i/oauth2/authorize',
+            'token_url'     => 'https://api.twitter.com/2/oauth2/token',
+            'scopes'        => 'tweet.read tweet.write users.read',
+        ],
+    ];
+
+    /**
+     * Build the authorization URL for a given service.
+     *
+     * @param   string  $serviceType  Service type (facebook, linkedin, twitter)
+     * @param   int     $serviceId    Service record ID (passed through state param)
+     * @param   string  $clientId     OAuth client/app ID
+     *
+     * @return  string|null  Authorization URL or null if not supported
+     */
+    public static function getAuthorizeUrl(string $serviceType, int $serviceId, string $clientId, string $nonce = ''): ?string
+    {
+        $config = self::OAUTH_CONFIGS[$serviceType] ?? null;
+
+        if (!$config) {
+            return null;
+        }
+
+        $redirectUri = self::getCallbackUrl();
+        $statePayload = ['service_id' => $serviceId, 'type' => $serviceType];
+
+        if (!empty($nonce)) {
+            $statePayload['nonce'] = $nonce;
+        }
+
+        $state = base64_encode(json_encode($statePayload));
+
+        $params = [
+            'client_id'     => $clientId,
+            'redirect_uri'  => $redirectUri,
+            'response_type' => 'code',
+            'scope'         => $config['scopes'],
+            'state'         => $state,
+        ];
+
+        // Twitter uses PKCE
+        if ($serviceType === 'twitter') {
+            $verifier = bin2hex(random_bytes(32));
+            $challenge = rtrim(strtr(base64_encode(hash('sha256', $verifier, true)), '+/', '-_'), '=');
+
+            // Store verifier in session for token exchange
+            Factory::getApplication()->getSession()->set('mokosuitecross.pkce_verifier', $verifier);
+
+            $params['code_challenge']        = $challenge;
+            $params['code_challenge_method'] = 'S256';
+        }
+
+        return $config['authorize_url'] . '?' . http_build_query($params);
+    }
+
+    /**
+     * Exchange authorization code for access token.
+     *
+     * @param   string  $serviceType   Service type
+     * @param   string  $code          Authorization code from callback
+     * @param   string  $clientId      OAuth client ID
+     * @param   string  $clientSecret  OAuth client secret
+     *
+     * @return  array  ['access_token' => '...', 'expires_in' => N, ...] or ['error' => '...']
+     */
+    public static function exchangeCode(string $serviceType, string $code, string $clientId, string $clientSecret): array
+    {
+        $config = self::OAUTH_CONFIGS[$serviceType] ?? null;
+
+        if (!$config) {
+            return ['error' => 'Unsupported service type for OAuth'];
+        }
+
+        $postData = [
+            'grant_type'    => 'authorization_code',
+            'code'          => $code,
+            'redirect_uri'  => self::getCallbackUrl(),
+            'client_id'     => $clientId,
+            'client_secret' => $clientSecret,
+        ];
+
+        // Twitter PKCE
+        if ($serviceType === 'twitter') {
+            $verifier = Factory::getApplication()->getSession()->get('mokosuitecross.pkce_verifier', '');
+            $postData['code_verifier'] = $verifier;
+        }
+
+        $ch = curl_init($config['token_url']);
+        curl_setopt_array($ch, [
+            CURLOPT_POST           => true,
+            CURLOPT_POSTFIELDS     => http_build_query($postData),
+            CURLOPT_HTTPHEADER     => ['Content-Type: application/x-www-form-urlencoded', 'Accept: application/json'],
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_TIMEOUT        => 30,
+        ]);
+
+        $response = curl_exec($ch);
+        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        curl_close($ch);
+
+        $data = json_decode($response, true) ?: [];
+
+        if ($httpCode >= 200 && $httpCode < 300 && !empty($data['access_token'])) {
+            return $data;
+        }
+
+        return ['error' => $data['error_description'] ?? $data['error'] ?? 'Token exchange failed'];
+    }
+
+    /**
+     * Store OAuth token in the service credentials.
+     *
+     * @param   int    $serviceId    Service record ID
+     * @param   array  $tokenData    Token response from platform
+     *
+     * @return  bool
+     */
+    public static function storeToken(int $serviceId, array $tokenData): bool
+    {
+        $db = Factory::getDbo();
+
+        $query = $db->getQuery(true)
+            ->select($db->quoteName('credentials'))
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('id') . ' = ' . $serviceId);
+
+        $db->setQuery($query);
+        $credentials = json_decode($db->loadResult() ?: '{}', true) ?: [];
+
+        $credentials['access_token'] = $tokenData['access_token'];
+        $credentials['mode']         = 'custom';
+
+        if (!empty($tokenData['refresh_token'])) {
+            $credentials['refresh_token'] = $tokenData['refresh_token'];
+        }
+
+        if (!empty($tokenData['expires_in'])) {
+            $credentials['token_expires'] = time() + (int) $tokenData['expires_in'];
+        }
+
+        $query = $db->getQuery(true)
+            ->update($db->quoteName('#__mokosuitecross_services'))
+            ->set($db->quoteName('credentials') . ' = ' . $db->quote(CredentialHelper::encrypt($credentials)))
+            ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+            ->where($db->quoteName('id') . ' = ' . $serviceId);
+
+        $db->setQuery($query);
+        $db->execute();
+
+        return true;
+    }
+
+    /**
+     * Refresh an OAuth token if it has expired.
+     *
+     * Checks `token_expires` in the credentials array. If the token is expired
+     * and a refresh_token is available, performs the refresh grant and updates
+     * both the DB and the passed-in credentials array.
+     *
+     * @param   int    $serviceId    Service record ID
+     * @param   array  &$credentials Credentials array (updated by reference on refresh)
+     *
+     * @return  bool  True if token was refreshed, false otherwise
+     */
+    public static function refreshTokenIfNeeded(int $serviceId, array &$credentials): bool
+    {
+        // No expiry set — nothing to refresh
+        if (empty($credentials['token_expires'])) {
+            return false;
+        }
+
+        // Token not yet expired
+        if ((int) $credentials['token_expires'] >= time()) {
+            return false;
+        }
+
+        // Expired but no refresh token available
+        if (empty($credentials['refresh_token'])) {
+            return false;
+        }
+
+        // Look up the service type from DB
+        $db = Factory::getDbo();
+
+        $query = $db->getQuery(true)
+            ->select($db->quoteName('service_type'))
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('id') . ' = ' . $serviceId);
+        $db->setQuery($query);
+        $serviceType = $db->loadResult();
+
+        if (!$serviceType) {
+            return false;
+        }
+
+        // Get OAuth config for this service type
+        $config = self::OAUTH_CONFIGS[$serviceType] ?? null;
+
+        if (!$config || empty($config['token_url'])) {
+            return false;
+        }
+
+        // POST refresh token grant
+        $postData = [
+            'grant_type'    => 'refresh_token',
+            'refresh_token' => $credentials['refresh_token'],
+        ];
+
+        // Include client credentials if available
+        if (!empty($credentials['client_id'])) {
+            $postData['client_id'] = $credentials['client_id'];
+        }
+
+        if (!empty($credentials['client_secret'])) {
+            $postData['client_secret'] = $credentials['client_secret'];
+        }
+
+        $ch = curl_init($config['token_url']);
+        curl_setopt_array($ch, [
+            CURLOPT_POST           => true,
+            CURLOPT_POSTFIELDS     => http_build_query($postData),
+            CURLOPT_HTTPHEADER     => ['Content-Type: application/x-www-form-urlencoded', 'Accept: application/json'],
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_TIMEOUT        => 30,
+        ]);
+
+        $response = curl_exec($ch);
+        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        curl_close($ch);
+
+        $data = json_decode($response, true) ?: [];
+
+        if ($httpCode >= 200 && $httpCode < 300 && !empty($data['access_token'])) {
+            // Store updated token in DB
+            self::storeToken($serviceId, $data);
+
+            // Update credentials by reference
+            $credentials['access_token'] = $data['access_token'];
+
+            if (!empty($data['refresh_token'])) {
+                $credentials['refresh_token'] = $data['refresh_token'];
+            }
+
+            if (!empty($data['expires_in'])) {
+                $credentials['token_expires'] = time() + (int) $data['expires_in'];
+            }
+
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Get the OAuth callback URL for this Joomla installation.
+     *
+     * @return  string
+     */
+    public static function getCallbackUrl(): string
+    {
+        return Uri::root() . 'administrator/index.php?option=com_mokosuitecross&task=oauth.callback';
+    }
+}

source/packages/com_mokosuitecross/src/Helper/QueueProcessor.php

@@ -0,0 +1,903 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Component\ComponentHelper;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\Uri\Uri;
+use Joomla\Component\MokoSuiteCross\Administrator\Helper\CredentialHelper;
+use Joomla\Component\MokoSuiteCross\Administrator\Service\MokoSuiteCrossServiceInterface;
+
+/**
+ * Shared queue processor used by:
+ *   - System plugin onAfterRender (page-load processing)
+ *   - Task scheduler plugin (Joomla scheduled task)
+ *
+ * Handles: queued posts, failed retries, scheduled posts, and log cleanup.
+ * Uses a simple DB-based lock to prevent concurrent execution.
+ */
+class QueueProcessor
+{
+    /**
+     * Process the post queue: dispatch queued posts, retry failed, fire scheduled.
+     *
+     * @param   int  $batchSize  Max posts to process per run
+     *
+     * @return  array  ['processed' => int, 'succeeded' => int, 'failed' => int, 'skipped' => int]
+     */
+    public static function processQueue(int $batchSize = 10): array
+    {
+        $result = ['processed' => 0, 'succeeded' => 0, 'failed' => 0, 'skipped' => 0];
+
+        if (!self::acquireLock()) {
+            $result['skipped'] = -1;
+
+            return $result;
+        }
+
+        try {
+            $db = Factory::getDbo();
+            $componentParams = ComponentHelper::getParams('com_mokosuitecross');
+            $maxRetry   = (int) $componentParams->get('retry_max', 3);
+            $retryDelay = (int) $componentParams->get('retry_delay', 300);
+            $now        = Factory::getDate()->toSql();
+
+            // Build service plugin map
+            $pluginMap = self::getServicePluginMap();
+
+            // 1. Process queued posts
+            $query = $db->getQuery(true)
+                ->select('p.*, s.service_type, s.credentials, s.params AS service_params')
+                ->from($db->quoteName('#__mokosuitecross_posts', 'p'))
+                ->join('INNER', $db->quoteName('#__mokosuitecross_services', 's')
+                    . ' ON ' . $db->quoteName('s.id') . ' = ' . $db->quoteName('p.service_id'))
+                ->where($db->quoteName('p.status') . ' = ' . $db->quote('queued'))
+                ->where('(' . $db->quoteName('p.scheduled_at') . ' IS NULL OR '
+                    . $db->quoteName('p.scheduled_at') . ' <= ' . $db->quote($now) . ')')
+                ->where($db->quoteName('s.published') . ' = 1')
+                ->order($db->quoteName('p.created') . ' ASC')
+                ->setLimit($batchSize);
+
+            $db->setQuery($query);
+            $queuedPosts = $db->loadObjectList() ?: [];
+
+            // 2. Process failed posts eligible for retry (exponential backoff)
+            // Retry 1 waits retryDelay, retry 2 waits retryDelay*2, retry 3 waits retryDelay*4, etc.
+            $query = $db->getQuery(true)
+                ->select('p.*, s.service_type, s.credentials, s.params AS service_params')
+                ->from($db->quoteName('#__mokosuitecross_posts', 'p'))
+                ->join('INNER', $db->quoteName('#__mokosuitecross_services', 's')
+                    . ' ON ' . $db->quoteName('s.id') . ' = ' . $db->quoteName('p.service_id'))
+                ->where($db->quoteName('p.status') . ' = ' . $db->quote('failed'))
+                ->where($db->quoteName('p.retry_count') . ' < ' . $maxRetry)
+                ->where($db->quoteName('p.modified') . ' <= DATE_SUB(NOW(), INTERVAL ('
+                    . (int) $retryDelay . ' * POW(2, ' . $db->quoteName('p.retry_count') . ')) SECOND)')
+                ->where($db->quoteName('s.published') . ' = 1')
+                ->order($db->quoteName('p.modified') . ' ASC')
+                ->setLimit($batchSize);
+
+            $db->setQuery($query);
+            $retryPosts = $db->loadObjectList() ?: [];
+
+            $allPosts = array_merge($queuedPosts, $retryPosts);
+
+            foreach ($allPosts as $post) {
+                $result['processed']++;
+
+                $plugin = $pluginMap[$post->service_type] ?? null;
+
+                if (!$plugin) {
+                    $result['skipped']++;
+                    continue;
+                }
+
+                $isRetry = ($post->status === 'failed');
+
+                if ($isRetry) {
+                    $newRetryCount = (int) $post->retry_count + 1;
+
+                    // If this is the last retry attempt, mark permanently failed on failure
+                    if ($newRetryCount >= $maxRetry) {
+                        $db->setQuery(
+                            $db->getQuery(true)
+                                ->update($db->quoteName('#__mokosuitecross_posts'))
+                                ->set($db->quoteName('status') . ' = ' . $db->quote('permanently_failed'))
+                                ->set($db->quoteName('retry_count') . ' = ' . $newRetryCount)
+                                ->set($db->quoteName('error_message') . ' = CONCAT(' . $db->quoteName('error_message') . ', ' . $db->quote(' [max retries exceeded]') . ')')
+                                ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                                ->where($db->quoteName('id') . ' = ' . (int) $post->id)
+                        );
+                        $db->execute();
+
+                        self::log($db, (int) $post->id, (int) $post->service_id, 'error',
+                            sprintf('Permanently failed %s: max retries (%d) exceeded', $post->service_type, $maxRetry));
+
+                        $result['failed']++;
+                        continue;
+                    }
+
+                    $db->setQuery(
+                        $db->getQuery(true)
+                            ->update($db->quoteName('#__mokosuitecross_posts'))
+                            ->set($db->quoteName('retry_count') . ' = ' . $newRetryCount)
+                            ->where($db->quoteName('id') . ' = ' . (int) $post->id)
+                    );
+                    $db->execute();
+                }
+
+                // Mark as posting
+                $db->setQuery(
+                    $db->getQuery(true)
+                        ->update($db->quoteName('#__mokosuitecross_posts'))
+                        ->set($db->quoteName('status') . ' = ' . $db->quote('posting'))
+                        ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                        ->where($db->quoteName('id') . ' = ' . (int) $post->id)
+                );
+                $db->execute();
+
+                $credentials = CredentialHelper::decrypt($post->credentials ?: '');
+                $params      = json_decode($post->service_params ?: '{}', true) ?: [];
+
+                // Token auto-refresh before posting
+                OAuthHelper::refreshTokenIfNeeded((int) $post->service_id, $credentials);
+
+                // Extract intro image for media attachment
+                $media = [];
+
+                if (!empty($post->article_id)) {
+                    $imgQuery = $db->getQuery(true)
+                        ->select($db->quoteName('images'))
+                        ->from($db->quoteName('#__content'))
+                        ->where($db->quoteName('id') . ' = ' . (int) $post->article_id);
+                    $db->setQuery($imgQuery);
+                    $imgJson = $db->loadResult();
+
+                    if ($imgJson) {
+                        $imgData = json_decode($imgJson);
+
+                        if (!empty($imgData->image_intro)) {
+                            $media[] = Uri::root() . ltrim($imgData->image_intro, '/');
+                        }
+                    }
+                }
+
+                // Lifecycle event: before post
+                $cancel = false;
+                $message = $post->message;
+
+                try {
+                    $dispatcher = Factory::getApplication()->getDispatcher();
+                    $beforeEvent = new \Joomla\Event\Event('onMokoSuiteCrossBeforePost', [(int) $post->id, &$message, $post->service_type, &$cancel]);
+                    $dispatcher->dispatch('onMokoSuiteCrossBeforePost', $beforeEvent);
+                } catch (\Throwable $e) {
+                    // Dispatcher may not be available
+                }
+
+                if ($cancel) {
+                    $db->setQuery(
+                        $db->getQuery(true)
+                            ->update($db->quoteName('#__mokosuitecross_posts'))
+                            ->set($db->quoteName('status') . ' = ' . $db->quote('cancelled'))
+                            ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                            ->where($db->quoteName('id') . ' = ' . (int) $post->id)
+                    );
+                    $db->execute();
+
+                    self::log($db, (int) $post->id, (int) $post->service_id, 'info',
+                        sprintf('Post to %s cancelled by onMokoSuiteCrossBeforePost event', $post->service_type));
+
+                    $result['skipped']++;
+                    continue;
+                }
+
+                try {
+                    $apiResult = $plugin->publish($message, $media, $credentials, $params);
+
+                    if (!empty($apiResult['success'])) {
+                        $db->setQuery(
+                            $db->getQuery(true)
+                                ->update($db->quoteName('#__mokosuitecross_posts'))
+                                ->set($db->quoteName('status') . ' = ' . $db->quote('posted'))
+                                ->set($db->quoteName('platform_post_id') . ' = ' . $db->quote($apiResult['platform_post_id'] ?? ''))
+                                ->set($db->quoteName('platform_response') . ' = ' . $db->quote(json_encode($apiResult['response'] ?? [])))
+                                ->set($db->quoteName('posted_at') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                                ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                                ->where($db->quoteName('id') . ' = ' . (int) $post->id)
+                        );
+                        $db->execute();
+
+                        self::log($db, (int) $post->id, (int) $post->service_id, 'info',
+                            sprintf('%s to %s (ID: %s)', $isRetry ? 'Retry succeeded' : 'Posted', $post->service_type, $apiResult['platform_post_id'] ?? 'n/a'));
+
+                        // Lifecycle event: after successful post
+                        try {
+                            $afterEvent = new \Joomla\Event\Event('onMokoSuiteCrossAfterPost', [(int) $post->id, $post->service_type, $apiResult]);
+                            $dispatcher->dispatch('onMokoSuiteCrossAfterPost', $afterEvent);
+                        } catch (\Throwable $e) {
+                            // Non-critical
+                        }
+
+                        $result['succeeded']++;
+                    } else {
+                        $errorMsg = $apiResult['response']['error'] ?? json_encode($apiResult['response'] ?? []);
+
+                        $db->setQuery(
+                            $db->getQuery(true)
+                                ->update($db->quoteName('#__mokosuitecross_posts'))
+                                ->set($db->quoteName('status') . ' = ' . $db->quote('failed'))
+                                ->set($db->quoteName('error_message') . ' = ' . $db->quote(mb_substr($errorMsg, 0, 1000)))
+                                ->set($db->quoteName('platform_response') . ' = ' . $db->quote(json_encode($apiResult['response'] ?? [])))
+                                ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                                ->where($db->quoteName('id') . ' = ' . (int) $post->id)
+                        );
+                        $db->execute();
+
+                        self::log($db, (int) $post->id, (int) $post->service_id, 'error',
+                            sprintf('Failed %s: %s', $post->service_type, mb_substr($errorMsg, 0, 500)));
+
+                        // Lifecycle event: post failed
+                        try {
+                            $failedEvent = new \Joomla\Event\Event('onMokoSuiteCrossPostFailed', [(int) $post->id, $post->service_type, $errorMsg]);
+                            $dispatcher->dispatch('onMokoSuiteCrossPostFailed', $failedEvent);
+                        } catch (\Throwable $e) {
+                            // Non-critical
+                        }
+
+                        $result['failed']++;
+                    }
+                } catch (\Throwable $e) {
+                    $db->setQuery(
+                        $db->getQuery(true)
+                            ->update($db->quoteName('#__mokosuitecross_posts'))
+                            ->set($db->quoteName('status') . ' = ' . $db->quote('failed'))
+                            ->set($db->quoteName('error_message') . ' = ' . $db->quote(mb_substr($e->getMessage(), 0, 1000)))
+                            ->set($db->quoteName('modified') . ' = ' . $db->quote(Factory::getDate()->toSql()))
+                            ->where($db->quoteName('id') . ' = ' . (int) $post->id)
+                    );
+                    $db->execute();
+
+                    self::log($db, (int) $post->id, (int) $post->service_id, 'error',
+                        sprintf('Exception %s: %s', $post->service_type, mb_substr($e->getMessage(), 0, 500)));
+
+                    // Lifecycle event: post failed (exception)
+                    try {
+                        $failedEvent = new \Joomla\Event\Event('onMokoSuiteCrossPostFailed', [(int) $post->id, $post->service_type, $e->getMessage()]);
+                        $dispatcher->dispatch('onMokoSuiteCrossPostFailed', $failedEvent);
+                    } catch (\Throwable $ex) {
+                        // Non-critical
+                    }
+
+                    $result['failed']++;
+                }
+            }
+
+            // 3. Clean up old logs
+            self::cleanupLogs($db, $componentParams);
+
+        } finally {
+            self::releaseLock();
+        }
+
+        return $result;
+    }
+
+    /**
+     * Process evergreen re-shares: find articles marked as evergreen whose last
+     * successful post to each service was longer ago than the configured interval,
+     * and create new queue entries for them.
+     *
+     * @return  array  ['queued' => int]
+     */
+    public static function processEvergreen(): array
+    {
+        $result = ['queued' => 0];
+
+        $componentParams = ComponentHelper::getParams('com_mokosuitecross');
+
+        if (!$componentParams->get('evergreen_enabled', 1)) {
+            return $result;
+        }
+
+        $defaultInterval = (int) $componentParams->get('evergreen_default_interval', 30);
+        $maxPerRun       = (int) $componentParams->get('evergreen_max_per_run', 3);
+
+        $db  = Factory::getDbo();
+        $now = Factory::getDate()->toSql();
+
+        // Find published articles with evergreen=1 in attribs
+        $query = $db->getQuery(true)
+            ->select('c.id, c.attribs')
+            ->from($db->quoteName('#__content', 'c'))
+            ->where($db->quoteName('c.state') . ' = 1')
+            ->where('JSON_EXTRACT(' . $db->quoteName('c.attribs') . ', ' . $db->quote('$.mokosuitecross_evergreen') . ') = ' . $db->quote('1'));
+
+        $db->setQuery($query);
+        $articles = $db->loadObjectList() ?: [];
+
+        if (empty($articles)) {
+            return $result;
+        }
+
+        // Load all published services
+        $query = $db->getQuery(true)
+            ->select('id, service_type')
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('published') . ' = 1');
+
+        $db->setQuery($query);
+        $services = $db->loadObjectList() ?: [];
+
+        if (empty($services)) {
+            return $result;
+        }
+
+        // Import service plugins (not used for direct dispatch here, but ensures
+        // they are loaded in case any lifecycle events depend on them)
+        PluginHelper::importPlugin('mokosuitecross');
+
+        // Batch pre-load: latest posted_at per article+service (eliminates N*M queries)
+        $articleIds = implode(',', array_map(function ($a) { return (int) $a->id; }, $articles));
+        $serviceIds = implode(',', array_map(function ($s) { return (int) $s->id; }, $services));
+
+        $query = $db->getQuery(true)
+            ->select(['article_id', 'service_id', 'MAX(' . $db->quoteName('posted_at') . ') AS last_posted'])
+            ->from($db->quoteName('#__mokosuitecross_posts'))
+            ->where($db->quoteName('article_id') . ' IN (' . $articleIds . ')')
+            ->where($db->quoteName('service_id') . ' IN (' . $serviceIds . ')')
+            ->where($db->quoteName('status') . ' = ' . $db->quote('posted'))
+            ->group(['article_id', 'service_id']);
+        $db->setQuery($query);
+        $lastPostedRows = $db->loadObjectList() ?: [];
+
+        $lastPostedMap = [];
+        foreach ($lastPostedRows as $row) {
+            $lastPostedMap[$row->article_id . ':' . $row->service_id] = $row->last_posted;
+        }
+
+        // Batch pre-load: existing queued/posting entries
+        $query = $db->getQuery(true)
+            ->select(['article_id', 'service_id'])
+            ->from($db->quoteName('#__mokosuitecross_posts'))
+            ->where($db->quoteName('article_id') . ' IN (' . $articleIds . ')')
+            ->where($db->quoteName('service_id') . ' IN (' . $serviceIds . ')')
+            ->where($db->quoteName('status') . ' IN (' . $db->quote('queued') . ',' . $db->quote('posting') . ')');
+        $db->setQuery($query);
+        $pendingRows = $db->loadObjectList() ?: [];
+
+        $pendingSet = [];
+        foreach ($pendingRows as $row) {
+            $pendingSet[$row->article_id . ':' . $row->service_id] = true;
+        }
+
+        foreach ($articles as $article) {
+            if ($result['queued'] >= $maxPerRun) {
+                break;
+            }
+
+            $attribs  = json_decode($article->attribs ?? '{}', true) ?: [];
+            $interval = (int) ($attribs['mokosuitecross_evergreen_interval'] ?? $defaultInterval);
+
+            if ($interval < 1) {
+                $interval = $defaultInterval;
+            }
+
+            // Per-article service filter
+            $selectedServiceIds = $attribs['mokosuitecross_services'] ?? null;
+
+            if (is_array($selectedServiceIds) && !empty($selectedServiceIds)) {
+                $selectedServiceIds = array_map('intval', $selectedServiceIds);
+            } else {
+                $selectedServiceIds = null;
+            }
+
+            // Load the full article for template rendering
+            $fullArticle = null;
+
+            foreach ($services as $service) {
+                if ($result['queued'] >= $maxPerRun) {
+                    break;
+                }
+
+                // Per-article service filter
+                if ($selectedServiceIds !== null && !in_array((int) $service->id, $selectedServiceIds, true)) {
+                    continue;
+                }
+
+                $key = $article->id . ':' . $service->id;
+
+                // Check last successful post from batch-loaded map
+                $lastPosted = $lastPostedMap[$key] ?? null;
+
+                if (empty($lastPosted)) {
+                    // Never posted — skip, the initial cross-post will handle it
+                    continue;
+                }
+
+                // Check if interval has elapsed
+                $dueDate = Factory::getDate($lastPosted . ' + ' . $interval . ' days');
+
+                if ($dueDate->toUnix() > Factory::getDate()->toUnix()) {
+                    continue;
+                }
+
+                // Skip if there's already a queued/posting entry
+                if (isset($pendingSet[$key])) {
+                    continue;
+                }
+
+                // Load full article if not already loaded
+                if ($fullArticle === null) {
+                    $query = $db->getQuery(true)
+                        ->select('*')
+                        ->from($db->quoteName('#__content'))
+                        ->where($db->quoteName('id') . ' = ' . (int) $article->id);
+                    $db->setQuery($query);
+                    $fullArticle = $db->loadObject();
+
+                    if (!$fullArticle) {
+                        break;
+                    }
+                }
+
+                // Render message using default template
+                $template = $componentParams->get('default_template', "{title}\n\n{url}");
+                $message  = self::renderEvergreenMessage($db, $fullArticle, $template);
+
+                // Create queue entry
+                $post = (object) [
+                    'article_id'        => (int) $article->id,
+                    'service_id'        => (int) $service->id,
+                    'status'            => 'queued',
+                    'message'           => $message,
+                    'platform_post_id'  => '',
+                    'platform_response' => '',
+                    'error_message'     => '',
+                    'retry_count'       => 0,
+                    'created'           => $now,
+                    'modified'          => $now,
+                ];
+
+                $db->insertObject('#__mokosuitecross_posts', $post);
+
+                self::log($db, $db->insertid(), (int) $service->id, 'info',
+                    sprintf('Evergreen re-share queued for article %d to %s (interval: %d days)',
+                        $article->id, $service->service_type, $interval));
+
+                $result['queued']++;
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Render a message for an evergreen re-share using the default template.
+     */
+    private static function renderEvergreenMessage($db, object $article, string $template): string
+    {
+        $url = \Joomla\CMS\Uri\Uri::root() . 'index.php?option=com_content&view=article&id=' . $article->id;
+
+        if (!empty($article->catid)) {
+            $url .= '&catid=' . $article->catid;
+        }
+
+        $categoryName = '';
+
+        if (!empty($article->catid)) {
+            $query = $db->getQuery(true)
+                ->select($db->quoteName('title'))
+                ->from($db->quoteName('#__categories'))
+                ->where($db->quoteName('id') . ' = ' . (int) $article->catid);
+            $db->setQuery($query);
+            $categoryName = $db->loadResult() ?: '';
+        }
+
+        $authorName = '';
+
+        if (!empty($article->created_by)) {
+            $query = $db->getQuery(true)
+                ->select($db->quoteName('name'))
+                ->from($db->quoteName('#__users'))
+                ->where($db->quoteName('id') . ' = ' . (int) $article->created_by);
+            $db->setQuery($query);
+            $authorName = $db->loadResult() ?: '';
+        }
+
+        $introImage = '';
+        $images = json_decode($article->images ?? '{}');
+
+        if (!empty($images->image_intro)) {
+            $introImage = \Joomla\CMS\Uri\Uri::root() . ltrim($images->image_intro, '/');
+        }
+
+        // Resolve article tags
+        $tagNames = [];
+
+        if (!empty($article->id)) {
+            $query = $db->getQuery(true)
+                ->select($db->quoteName('t.title'))
+                ->from($db->quoteName('#__tags', 't'))
+                ->join('INNER', $db->quoteName('#__contentitem_tag_map', 'm')
+                    . ' ON ' . $db->quoteName('m.tag_id') . ' = ' . $db->quoteName('t.id'))
+                ->where($db->quoteName('m.type_alias') . ' = ' . $db->quote('com_content.article'))
+                ->where($db->quoteName('m.content_item_id') . ' = ' . (int) $article->id)
+                ->where($db->quoteName('t.published') . ' = 1');
+            $db->setQuery($query);
+            $tagNames = $db->loadColumn() ?: [];
+        }
+
+        $tagsComma = implode(', ', $tagNames);
+        $hashtags  = implode(' ', array_map(function ($tag) {
+            return '#' . preg_replace('/\s+/', '', $tag);
+        }, $tagNames));
+
+        $replacements = [
+            '{title}'     => $article->title ?? '',
+            '{introtext}' => strip_tags(mb_substr($article->introtext ?? '', 0, 280)),
+            '{fulltext}'  => strip_tags(mb_substr($article->fulltext ?? '', 0, 500)),
+            '{url}'       => $url,
+            '{image}'     => $introImage,
+            '{category}'  => $categoryName,
+            '{author}'    => $authorName,
+            '{date}'      => Factory::getDate($article->publish_up ?? 'now')->format('Y-m-d'),
+            '{tags}'      => $tagsComma,
+            '{hashtags}'  => $hashtags,
+        ];
+
+        $message = str_replace(array_keys($replacements), array_values($replacements), $template);
+
+        // Resolve custom field placeholders: {field:field_name}
+        $message = preg_replace_callback('/\{field:([a-zA-Z0-9_-]+)\}/', function ($matches) use ($db, $article) {
+            $fieldName = $matches[1];
+            $query = $db->getQuery(true)
+                ->select('fv.value')
+                ->from($db->quoteName('#__fields_values', 'fv'))
+                ->join('INNER', $db->quoteName('#__fields', 'f') . ' ON f.id = fv.field_id')
+                ->where('f.name = ' . $db->quote($fieldName))
+                ->where('fv.item_id = ' . (int) $article->id);
+            $db->setQuery($query);
+            return $db->loadResult() ?: '';
+        }, $message);
+
+        return $message;
+    }
+
+    /**
+     * Manually retry one or more failed/permanently_failed posts.
+     *
+     * Resets status to 'queued' and retry_count to 0 so the queue processor
+     * picks them up on the next run.
+     *
+     * @param   array  $postIds  Post IDs to retry
+     *
+     * @return  int  Number of posts re-queued
+     */
+    public static function retryPosts(array $postIds): int
+    {
+        if (empty($postIds)) {
+            return 0;
+        }
+
+        $db  = Factory::getDbo();
+        $now = Factory::getDate()->toSql();
+        $ids = implode(',', array_map('intval', $postIds));
+
+        $query = $db->getQuery(true)
+            ->update($db->quoteName('#__mokosuitecross_posts'))
+            ->set($db->quoteName('status') . ' = ' . $db->quote('queued'))
+            ->set($db->quoteName('retry_count') . ' = 0')
+            ->set($db->quoteName('error_message') . ' = ' . $db->quote(''))
+            ->set($db->quoteName('modified') . ' = ' . $db->quote($now))
+            ->where($db->quoteName('id') . ' IN (' . $ids . ')')
+            ->where($db->quoteName('status') . ' IN (' . $db->quote('failed') . ',' . $db->quote('permanently_failed') . ')');
+
+        $db->setQuery($query);
+        $db->execute();
+        $count = $db->getAffectedRows();
+
+        if ($count > 0) {
+            self::log($db, null, null, 'info', sprintf('Manual retry: %d post(s) re-queued', $count));
+        }
+
+        return $count;
+    }
+
+    /**
+     * Retry all failed posts for a specific service.
+     *
+     * @param   int  $serviceId  Service ID
+     *
+     * @return  int  Number of posts re-queued
+     */
+    public static function retryService(int $serviceId): int
+    {
+        $db  = Factory::getDbo();
+        $now = Factory::getDate()->toSql();
+
+        $query = $db->getQuery(true)
+            ->update($db->quoteName('#__mokosuitecross_posts'))
+            ->set($db->quoteName('status') . ' = ' . $db->quote('queued'))
+            ->set($db->quoteName('retry_count') . ' = 0')
+            ->set($db->quoteName('error_message') . ' = ' . $db->quote(''))
+            ->set($db->quoteName('modified') . ' = ' . $db->quote($now))
+            ->where($db->quoteName('service_id') . ' = ' . $serviceId)
+            ->where($db->quoteName('status') . ' IN (' . $db->quote('failed') . ',' . $db->quote('permanently_failed') . ')');
+
+        $db->setQuery($query);
+        $db->execute();
+        $count = $db->getAffectedRows();
+
+        if ($count > 0) {
+            self::log($db, null, $serviceId, 'info', sprintf('Bulk retry: %d post(s) re-queued for service %d', $count, $serviceId));
+        }
+
+        return $count;
+    }
+
+    /**
+     * Check if there are pending items in the queue.
+     *
+     * @return  bool
+     */
+    public static function hasPendingWork(): bool
+    {
+        $db = Factory::getDbo();
+
+        $componentParams = ComponentHelper::getParams('com_mokosuitecross');
+        $maxRetry   = (int) $componentParams->get('retry_max', 3);
+        $retryDelay = (int) $componentParams->get('retry_delay', 300);
+        $now = Factory::getDate()->toSql();
+
+        // Queued posts ready to go
+        $query = $db->getQuery(true)
+            ->select('COUNT(*)')
+            ->from($db->quoteName('#__mokosuitecross_posts'))
+            ->where($db->quoteName('status') . ' = ' . $db->quote('queued'))
+            ->where('(' . $db->quoteName('scheduled_at') . ' IS NULL OR '
+                . $db->quoteName('scheduled_at') . ' <= ' . $db->quote($now) . ')');
+        $db->setQuery($query);
+        $queued = (int) $db->loadResult();
+
+        // Failed posts eligible for retry (exponential backoff matching processQueue)
+        $query = $db->getQuery(true)
+            ->select('COUNT(*)')
+            ->from($db->quoteName('#__mokosuitecross_posts'))
+            ->where($db->quoteName('status') . ' = ' . $db->quote('failed'))
+            ->where($db->quoteName('retry_count') . ' < ' . $maxRetry)
+            ->where($db->quoteName('modified') . ' <= DATE_SUB(NOW(), INTERVAL ('
+                . (int) $retryDelay . ' * POW(2, ' . $db->quoteName('retry_count') . ')) SECOND)');
+        $db->setQuery($query);
+        $retryable = (int) $db->loadResult();
+
+        return ($queued + $retryable) > 0;
+    }
+
+    /**
+     * Import mokosuitecross plugins and build a type → plugin instance map.
+     *
+     * @return  array<string, MokoSuiteCrossServiceInterface>
+     */
+    private static function getServicePluginMap(): array
+    {
+        PluginHelper::importPlugin('mokosuitecross');
+
+        // In Joomla 5+ with SubscriberInterface, plugins receive the Event object
+        // as their first argument. When they do $services[] = $this, they append to
+        // the Event via ArrayAccess at numeric indices starting at 1.
+        $servicePlugins = [];
+        $event = new \Joomla\Event\Event('onMokoSuiteCrossGetServices', [$servicePlugins]);
+
+        try {
+            Factory::getApplication()->getDispatcher()->dispatch(
+                'onMokoSuiteCrossGetServices',
+                $event
+            );
+        } catch (\Throwable $e) {
+            // Dispatcher may not be available in all contexts
+        }
+
+        // Read plugins back from the Event's ArrayAccess indices
+        $idx = 1;
+
+        while (isset($event[$idx])) {
+            $servicePlugins[] = $event[$idx];
+            $idx++;
+        }
+
+        $map = [];
+
+        foreach ($servicePlugins as $plugin) {
+            if ($plugin instanceof MokoSuiteCrossServiceInterface) {
+                $map[$plugin->getServiceType()] = $plugin;
+            }
+        }
+
+        return $map;
+    }
+
+    /**
+     * Delete logs older than the configured retention period.
+     */
+    private static function cleanupLogs($db, $componentParams): void
+    {
+        $retentionDays = (int) $componentParams->get('log_retention_days', 90);
+
+        if ($retentionDays <= 0) {
+            return;
+        }
+
+        $cutoff = Factory::getDate('now - ' . $retentionDays . ' days')->toSql();
+
+        $query = $db->getQuery(true)
+            ->delete($db->quoteName('#__mokosuitecross_logs'))
+            ->where($db->quoteName('created') . ' < ' . $db->quote($cutoff));
+
+        $db->setQuery($query);
+        $db->execute();
+    }
+
+    /**
+     * Acquire a database lock to prevent concurrent queue processing.
+     *
+     * Uses MySQL GET_LOCK() or PostgreSQL pg_advisory_lock() when available,
+     * falling back to a timestamp-based check for other databases.
+     */
+    private static function acquireLock(): bool
+    {
+        $db = Factory::getDbo();
+
+        try {
+            $serverType = $db->getServerType();
+
+            if ($serverType === 'mysql' || $serverType === 'mariadb') {
+                $db->setQuery("SELECT GET_LOCK('mokosuitecross_queue', 0)");
+
+                return (int) $db->loadResult() === 1;
+            }
+
+            if ($serverType === 'postgresql') {
+                $db->setQuery("SELECT pg_try_advisory_lock(hashtext('mokosuitecross_queue'))");
+
+                return (bool) $db->loadResult();
+            }
+        } catch (\Throwable $e) {
+            // Fall through to timestamp-based lock
+        }
+
+        return self::acquireTimestampLock($db);
+    }
+
+    /**
+     * Release the database lock.
+     */
+    private static function releaseLock(): void
+    {
+        $db = Factory::getDbo();
+
+        try {
+            $serverType = $db->getServerType();
+
+            if ($serverType === 'mysql' || $serverType === 'mariadb') {
+                $db->setQuery("SELECT RELEASE_LOCK('mokosuitecross_queue')");
+                $db->execute();
+
+                return;
+            }
+
+            if ($serverType === 'postgresql') {
+                $db->setQuery("SELECT pg_advisory_unlock(hashtext('mokosuitecross_queue'))");
+                $db->execute();
+
+                return;
+            }
+        } catch (\Throwable $e) {
+            // Fall through to timestamp-based release
+        }
+
+        self::releaseTimestampLock($db);
+    }
+
+    /**
+     * Timestamp-based lock fallback for databases without advisory locks.
+     *
+     * Uses an atomic UPDATE with a WHERE clause to prevent TOCTOU race
+     * conditions. The lock is considered stale after 120 seconds.
+     */
+    private static function acquireTimestampLock($db): bool
+    {
+        $now = time();
+        $staleThreshold = $now - 120;
+
+        // Atomic: only succeeds if lock is absent (0) or stale
+        $params = ComponentHelper::getParams('com_mokosuitecross');
+        $oldParams = $params->toString();
+        $params->set('queue_lock_time', $now);
+        $newParams = $params->toString();
+
+        $query = $db->getQuery(true)
+            ->update($db->quoteName('#__extensions'))
+            ->set($db->quoteName('params') . ' = ' . $db->quote($newParams))
+            ->where($db->quoteName('element') . ' = ' . $db->quote('com_mokosuitecross'))
+            ->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+            ->where('(' . $db->quoteName('params') . ' NOT LIKE ' . $db->quote('%"queue_lock_time"%')
+                . ' OR ' . $db->quoteName('params') . ' LIKE ' . $db->quote('%"queue_lock_time":0%')
+                . ' OR ' . $db->quoteName('params') . ' LIKE ' . $db->quote('%"queue_lock_time":"0"%')
+                . ')');
+
+        $db->setQuery($query);
+        $db->execute();
+
+        if ($db->getAffectedRows() > 0) {
+            return true;
+        }
+
+        // Check if the existing lock is stale
+        $params = ComponentHelper::getParams('com_mokosuitecross');
+        $lockTime = (int) $params->get('queue_lock_time', 0);
+
+        if ($lockTime > 0 && $lockTime <= $staleThreshold) {
+            // Force acquire stale lock
+            $params->set('queue_lock_time', $now);
+
+            $query = $db->getQuery(true)
+                ->update($db->quoteName('#__extensions'))
+                ->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+                ->where($db->quoteName('element') . ' = ' . $db->quote('com_mokosuitecross'))
+                ->where($db->quoteName('type') . ' = ' . $db->quote('component'));
+
+            $db->setQuery($query);
+            $db->execute();
+
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Release the timestamp-based lock.
+     */
+    private static function releaseTimestampLock($db): void
+    {
+        $params = ComponentHelper::getParams('com_mokosuitecross');
+        $params->set('queue_lock_time', 0);
+
+        $query = $db->getQuery(true)
+            ->update($db->quoteName('#__extensions'))
+            ->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()))
+            ->where($db->quoteName('element') . ' = ' . $db->quote('com_mokosuitecross'))
+            ->where($db->quoteName('type') . ' = ' . $db->quote('component'));
+
+        $db->setQuery($query);
+        $db->execute();
+    }
+
+    /**
+     * Write a log entry.
+     */
+    private static function log($db, ?int $postId, ?int $serviceId, string $level, string $message): void
+    {
+        $log = (object) [
+            'post_id'    => $postId,
+            'service_id' => $serviceId,
+            'level'      => $level,
+            'message'    => mb_substr($message, 0, 2000),
+            'context'    => '{}',
+            'created'    => Factory::getDate()->toSql(),
+        ];
+
+        $db->insertObject('#__mokosuitecross_logs', $log);
+    }
+}

source/packages/com_mokosuitecross/src/Helper/ServiceIconHelper.php

@@ -0,0 +1,96 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Helper;
+
+defined('_JEXEC') or die;
+
+/**
+ * Static helper that maps service types to Joomla Bootstrap icons.
+ */
+class ServiceIconHelper
+{
+    /**
+     * Map of service type identifiers to icon CSS classes.
+     *
+     * @var  array<string, string>
+     */
+    private const ICONS = [
+        // Social
+        'facebook'    => 'icon-facebook',
+        'twitter'     => 'icon-twitter',
+        'linkedin'    => 'icon-linkedin',
+        'mastodon'    => 'icon-globe',
+        'bluesky'     => 'icon-cloud',
+        'threads'     => 'icon-comments',
+        'pinterest'   => 'icon-thumbtack',
+        'reddit'      => 'icon-comments-alt',
+        'tumblr'      => 'icon-pencil-alt',
+        'tiktok'      => 'icon-play-circle',
+        'nostr'       => 'icon-key',
+        'activitypub' => 'icon-network-wired',
+        // Chat
+        'telegram'    => 'icon-paper-plane',
+        'discord'     => 'icon-headset',
+        'slack'       => 'icon-hashtag',
+        'teams'       => 'icon-users',
+        'googlechat'  => 'icon-comment',
+        'whatsapp'    => 'icon-mobile',
+        'matrix'      => 'icon-th',
+        'ntfy'        => 'icon-bell',
+        // Email
+        'mailchimp'   => 'icon-envelope',
+        'sendgrid'    => 'icon-envelope-open',
+        'brevo'       => 'icon-at',
+        'convertkit'  => 'icon-mail-bulk',
+        'constantcontact' => 'icon-address-book',
+        // Publishing
+        'medium'      => 'icon-book',
+        'wordpress'   => 'icon-blog',
+        'devto'       => 'icon-code',
+        'ghost'       => 'icon-ghost',
+        'hashnode'    => 'icon-newspaper',
+        'blogger'     => 'icon-rss',
+        // Business
+        'googlebusiness' => 'icon-store',
+        // Universal
+        'webhook'     => 'icon-plug',
+        'rssfeed'     => 'icon-rss-square',
+    ];
+
+    /**
+     * Get the icon CSS class for a service type.
+     *
+     * @param   string  $serviceType  The service type identifier
+     *
+     * @return  string  Icon CSS class
+     */
+    public static function getIcon(string $serviceType): string
+    {
+        return self::ICONS[$serviceType] ?? 'icon-share-alt';
+    }
+
+    /**
+     * Render an icon span element for a service type.
+     *
+     * @param   string  $serviceType  The service type identifier
+     * @param   string  $extraClass   Additional CSS classes to append
+     *
+     * @return  string  HTML span element
+     */
+    public static function renderIcon(string $serviceType, string $extraClass = ''): string
+    {
+        $icon  = self::getIcon($serviceType);
+        $class = trim($icon . ' ' . htmlspecialchars($extraClass, ENT_QUOTES, 'UTF-8'));
+
+        return '<span class="' . $class . '" aria-hidden="true"></span>';
+    }
+}

source/packages/com_mokosuitecross/src/Model/DashboardModel.php

@@ -0,0 +1,196 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+
+class DashboardModel extends BaseDatabaseModel
+{
+    /**
+     * Get summary statistics for the dashboard.
+     *
+     * @return  object  Stats object with counts
+     */
+    public function getStats(): object
+    {
+        $db = $this->getDatabase();
+
+        $stats = new \stdClass();
+
+        // Active services count
+        $query = $db->getQuery(true)
+            ->select('COUNT(*)')
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('published') . ' = 1');
+        $db->setQuery($query);
+        $stats->active_services = (int) $db->loadResult();
+
+        // Posts by status
+        foreach (['queued', 'posted', 'failed'] as $status) {
+            $query = $db->getQuery(true)
+                ->select('COUNT(*)')
+                ->from($db->quoteName('#__mokosuitecross_posts'))
+                ->where($db->quoteName('status') . ' = ' . $db->quote($status));
+            $db->setQuery($query);
+            $stats->{$status . '_count'} = (int) $db->loadResult();
+        }
+
+        return $stats;
+    }
+
+    /**
+     * Check if Perfect Publisher Pro migration is available.
+     *
+     * @return  bool
+     */
+    public function isMigrationAvailable(): bool
+    {
+        $db = $this->getDatabase();
+
+        $query = $db->getQuery(true)
+            ->select($db->quoteName('params'))
+            ->from($db->quoteName('#__extensions'))
+            ->where($db->quoteName('type') . ' = ' . $db->quote('component'))
+            ->where($db->quoteName('element') . ' = ' . $db->quote('com_mokosuitecross'));
+
+        $db->setQuery($query);
+        $params = json_decode($db->loadResult() ?: '{}', true);
+
+        return !empty($params['migration_available']);
+    }
+
+    /**
+     * Get recent activity log entries.
+     *
+     * @param   int  $limit  Number of entries to return
+     *
+     * @return  array
+     */
+    public function getRecentActivity(int $limit = 10): array
+    {
+        $db = $this->getDatabase();
+
+        $query = $db->getQuery(true)
+            ->select('l.*, s.title AS service_title, s.service_type')
+            ->from($db->quoteName('#__mokosuitecross_logs', 'l'))
+            ->join('LEFT', $db->quoteName('#__mokosuitecross_services', 's')
+                . ' ON ' . $db->quoteName('s.id') . ' = ' . $db->quoteName('l.service_id'))
+            ->order($db->quoteName('l.created') . ' DESC');
+
+        $db->setQuery($query, 0, $limit);
+
+        return $db->loadObjectList() ?: [];
+    }
+
+    /**
+     * Get posts-per-service breakdown for the analytics chart.
+     *
+     * @param   string|null  $since  Only count posts created on or after this datetime
+     *
+     * @return  array  [['service_type' => '...', 'posted' => N, 'failed' => N, 'queued' => N], ...]
+     */
+    public function getServiceBreakdown(?string $since = null): array
+    {
+        $db = $this->getDatabase();
+
+        $query = $db->getQuery(true)
+            ->select([
+                $db->quoteName('s.id', 'service_id'),
+                $db->quoteName('s.service_type'),
+                $db->quoteName('s.title', 'service_title'),
+                'SUM(CASE WHEN ' . $db->quoteName('p.status') . ' = ' . $db->quote('posted') . ' THEN 1 ELSE 0 END) AS posted',
+                'SUM(CASE WHEN ' . $db->quoteName('p.status') . ' = ' . $db->quote('failed') . ' THEN 1 ELSE 0 END) AS failed',
+                'SUM(CASE WHEN ' . $db->quoteName('p.status') . ' = ' . $db->quote('queued') . ' THEN 1 ELSE 0 END) AS queued',
+                'COUNT(*) AS total',
+            ])
+            ->from($db->quoteName('#__mokosuitecross_posts', 'p'))
+            ->join('INNER', $db->quoteName('#__mokosuitecross_services', 's')
+                . ' ON ' . $db->quoteName('s.id') . ' = ' . $db->quoteName('p.service_id'))
+            ->group($db->quoteName(['s.id', 's.service_type', 's.title']))
+            ->order('total DESC');
+
+        if ($since !== null) {
+            $query->where($db->quoteName('p.created') . ' >= ' . $db->quote($since));
+        }
+
+        $db->setQuery($query);
+
+        return $db->loadAssocList() ?: [];
+    }
+
+    /**
+     * Get posts-per-day for the last N days (for trend chart).
+     *
+     * @param   int  $days  Number of days to look back
+     *
+     * @return  array  [['day' => '2026-05-28', 'posted' => N, 'failed' => N], ...]
+     */
+    public function getDailyTrend(int $days = 14): array
+    {
+        $db = $this->getDatabase();
+
+        $cutoff = Factory::getDate('now - ' . $days . ' days')->format('Y-m-d');
+
+        $query = $db->getQuery(true)
+            ->select([
+                'DATE(' . $db->quoteName('created') . ') AS day',
+                'SUM(CASE WHEN ' . $db->quoteName('status') . ' = ' . $db->quote('posted') . ' THEN 1 ELSE 0 END) AS posted',
+                'SUM(CASE WHEN ' . $db->quoteName('status') . ' = ' . $db->quote('failed') . ' THEN 1 ELSE 0 END) AS failed',
+                'COUNT(*) AS total',
+            ])
+            ->from($db->quoteName('#__mokosuitecross_posts'))
+            ->where('DATE(' . $db->quoteName('created') . ') >= ' . $db->quote($cutoff))
+            ->group('DATE(' . $db->quoteName('created') . ')')
+            ->order('day ASC');
+
+        $db->setQuery($query);
+
+        return $db->loadAssocList() ?: [];
+    }
+
+    /**
+     * Get most cross-posted articles.
+     *
+     * @param   int          $limit  Number of articles
+     * @param   string|null  $since  Only count posts created on or after this datetime
+     *
+     * @return  array
+     */
+    public function getTopArticles(int $limit = 5, ?string $since = null): array
+    {
+        $db = $this->getDatabase();
+
+        $query = $db->getQuery(true)
+            ->select([
+                $db->quoteName('c.id'),
+                $db->quoteName('c.title'),
+                'COUNT(*) AS post_count',
+                'SUM(CASE WHEN ' . $db->quoteName('p.status') . ' = ' . $db->quote('posted') . ' THEN 1 ELSE 0 END) AS success_count',
+            ])
+            ->from($db->quoteName('#__mokosuitecross_posts', 'p'))
+            ->join('INNER', $db->quoteName('#__content', 'c')
+                . ' ON ' . $db->quoteName('c.id') . ' = ' . $db->quoteName('p.article_id'))
+            ->group($db->quoteName(['c.id', 'c.title']))
+            ->order('post_count DESC');
+
+        if ($since !== null) {
+            $query->where($db->quoteName('p.created') . ' >= ' . $db->quote($since));
+        }
+
+        $db->setQuery($query, 0, $limit);
+
+        return $db->loadAssocList() ?: [];
+    }
+}

source/packages/com_mokosuitecross/src/Model/LogsModel.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Model;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
 
 defined('_JEXEC') or die;
 
@@ -38,8 +38,8 @@ class LogsModel extends ListModel
 
         $query->select('a.*')
             ->select($db->quoteName('s.title', 'service_title'))
-            ->from($db->quoteName('#__mokojoomcross_logs', 'a'))
-            ->join('LEFT', $db->quoteName('#__mokojoomcross_services', 's')
+            ->from($db->quoteName('#__mokosuitecross_logs', 'a'))
+            ->join('LEFT', $db->quoteName('#__mokosuitecross_services', 's')
                 . ' ON ' . $db->quoteName('s.id') . ' = ' . $db->quoteName('a.service_id'));
 
         $level = $this->getState('filter.level');

source/packages/com_mokosuitecross/src/Model/PostModel.php

@@ -0,0 +1,93 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\AdminModel;
+
+class PostModel extends AdminModel
+{
+    public function getForm($data = [], $loadData = true)
+    {
+        $form = $this->loadForm(
+            'com_mokosuitecross.post',
+            'post',
+            ['control' => 'jform', 'load_data' => $loadData]
+        );
+
+        if (empty($form)) {
+            return false;
+        }
+
+        // Lock article_id and service_id on existing records
+        $id = $this->getState('post.id', 0);
+
+        if ($id > 0) {
+            $form->setFieldAttribute('article_id', 'readonly', 'true');
+            $form->setFieldAttribute('service_id', 'readonly', 'true');
+        }
+
+        return $form;
+    }
+
+    protected function loadFormData()
+    {
+        return $this->getItem();
+    }
+
+    /**
+     * Prepare and sanitise the table prior to saving.
+     */
+    protected function prepareTable($table)
+    {
+        $now = Factory::getDate()->toSql();
+
+        // Validate scheduled_at datetime format
+        if (!empty($table->scheduled_at)) {
+            try {
+                $date = Factory::getDate($table->scheduled_at);
+                $table->scheduled_at = $date->toSql();
+            } catch (\Throwable $e) {
+                $table->scheduled_at = null;
+            }
+        }
+
+        if (empty($table->id)) {
+            $table->created  = $now;
+            $table->modified = $now;
+
+            if (empty($table->status)) {
+                $table->status = empty($table->scheduled_at) ? 'queued' : 'scheduled';
+            }
+
+            if (empty($table->retry_count)) {
+                $table->retry_count = 0;
+            }
+
+            if (empty($table->platform_post_id)) {
+                $table->platform_post_id = '';
+            }
+
+            if (empty($table->platform_response)) {
+                $table->platform_response = '';
+            }
+
+            if (empty($table->error_message)) {
+                $table->error_message = '';
+            }
+        } else {
+            $table->modified = $now;
+        }
+    }
+}

source/packages/com_mokosuitecross/src/Model/PostsModel.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Model;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
 
 defined('_JEXEC') or die;
 
@@ -52,10 +52,10 @@ class PostsModel extends ListModel
             ->select($db->quoteName('c.title', 'article_title'))
             ->select($db->quoteName('s.title', 'service_title'))
             ->select($db->quoteName('s.service_type'))
-            ->from($db->quoteName('#__mokojoomcross_posts', 'a'))
+            ->from($db->quoteName('#__mokosuitecross_posts', 'a'))
             ->join('LEFT', $db->quoteName('#__content', 'c')
                 . ' ON ' . $db->quoteName('c.id') . ' = ' . $db->quoteName('a.article_id'))
-            ->join('LEFT', $db->quoteName('#__mokojoomcross_services', 's')
+            ->join('LEFT', $db->quoteName('#__mokosuitecross_services', 's')
                 . ' ON ' . $db->quoteName('s.id') . ' = ' . $db->quoteName('a.service_id'));
 
         // Filter by status
@@ -65,6 +65,22 @@ class PostsModel extends ListModel
             $query->where($db->quoteName('a.status') . ' = ' . $db->quote($status));
         }
 
+        // Filter by service
+        $serviceId = $this->getState('filter.service_id');
+
+        if (!empty($serviceId)) {
+            $query->where($db->quoteName('a.service_id') . ' = ' . (int) $serviceId);
+        }
+
+        // Filter by search (article title or message content)
+        $search = $this->getState('filter.search');
+
+        if (!empty($search)) {
+            $search = '%' . $db->escape(trim($search), true) . '%';
+            $query->where('(' . $db->quoteName('c.title') . ' LIKE ' . $db->quote($search)
+                . ' OR ' . $db->quoteName('a.message') . ' LIKE ' . $db->quote($search) . ')');
+        }
+
         // Ordering
         $orderCol  = $this->state->get('list.ordering', 'a.created');
         $orderDirn = $this->state->get('list.direction', 'DESC');

source/packages/com_mokosuitecross/src/Model/ServiceModel.php

@@ -0,0 +1,123 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Filter\OutputFilter;
+use Joomla\CMS\MVC\Model\AdminModel;
+
+class ServiceModel extends AdminModel
+{
+    /**
+     * Method to get the record form.
+     *
+     * @param   array    $data      Data for the form
+     * @param   boolean  $loadData  True if the form is to load its own data
+     *
+     * @return  \Joomla\CMS\Form\Form|boolean
+     */
+    public function getForm($data = [], $loadData = true)
+    {
+        $form = $this->loadForm(
+            'com_mokosuitecross.service',
+            'service',
+            ['control' => 'jform', 'load_data' => $loadData]
+        );
+
+        if (empty($form)) {
+            return false;
+        }
+
+        return $form;
+    }
+
+    /**
+     * Method to get the data that should be injected in the form.
+     *
+     * Expands the JSON credentials column back into individual cred_* form fields
+     * so they are populated when editing an existing service.
+     *
+     * @return  mixed  The data for the form
+     */
+    protected function loadFormData()
+    {
+        $data = $this->getItem();
+
+        if ($data && !empty($data->credentials)) {
+            $credentials = \Joomla\Component\MokoSuiteCross\Administrator\Helper\CredentialHelper::decrypt($data->credentials);
+            $serviceType = $data->service_type ?? '';
+
+            foreach ($credentials as $key => $value) {
+                // Map credential keys back to form field names.
+                // The mode field has no service type prefix.
+                if ($key === 'mode') {
+                    $data->cred_mode = $value;
+                } else {
+                    $data->{'cred_' . $serviceType . '_' . $key} = $value;
+                }
+            }
+        }
+
+        return $data;
+    }
+
+    /**
+     * Override save to collect cred_* form fields into the credentials JSON column.
+     *
+     * The service form has individual fields (cred_twitter_api_key, cred_facebook_page_id, etc.)
+     * but the database stores them as a single JSON blob in the `credentials` column.
+     *
+     * @param   array  $data  The form data
+     *
+     * @return  boolean  True on success
+     */
+    public function save($data)
+    {
+        $serviceType = $data['service_type'] ?? '';
+        $credentials = [];
+        $credPrefix  = 'cred_';
+
+        // Collect all cred_* fields into the credentials array
+        foreach ($data as $key => $value) {
+            if (strpos($key, $credPrefix) !== 0) {
+                continue;
+            }
+
+            $credKey = substr($key, strlen($credPrefix));
+
+            // The mode field is shared across service types (no service_type prefix)
+            if ($credKey === 'mode') {
+                $credentials['mode'] = $value;
+            } elseif ($serviceType && strpos($credKey, $serviceType . '_') === 0) {
+                // Strip the service_type prefix: cred_twitter_api_key -> api_key
+                $strippedKey = substr($credKey, strlen($serviceType) + 1);
+                $credentials[$strippedKey] = $value;
+            }
+        }
+
+        // Store credentials encrypted
+        $data['credentials'] = !empty($credentials)
+            ? \Joomla\Component\MokoSuiteCross\Administrator\Helper\CredentialHelper::encrypt($credentials)
+            : '{}';
+
+        // Remove individual cred_* fields so they don't cause column-not-found errors
+        foreach (array_keys($data) as $key) {
+            if (strpos($key, $credPrefix) === 0) {
+                unset($data[$key]);
+            }
+        }
+
+        return parent::save($data);
+    }
+}

source/packages/com_mokosuitecross/src/Model/ServiceStatsModel.php

@@ -0,0 +1,185 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\MVC\Model\BaseDatabaseModel;
+
+/**
+ * Per-service analytics drill-down model.
+ */
+class ServiceStatsModel extends BaseDatabaseModel
+{
+    /**
+     * Get the service ID from the request.
+     *
+     * @return  int
+     */
+    public function getServiceId(): int
+    {
+        return Factory::getApplication()->input->getInt('id', 0);
+    }
+
+    /**
+     * Load a single service record by ID.
+     *
+     * @param   int  $id  Service ID
+     *
+     * @return  object|null
+     */
+    public function getService(int $id = 0): ?object
+    {
+        if ($id === 0) {
+            $id = $this->getServiceId();
+        }
+
+        if ($id === 0) {
+            return null;
+        }
+
+        $db    = $this->getDatabase();
+        $query = $db->getQuery(true)
+            ->select('*')
+            ->from($db->quoteName('#__mokosuitecross_services'))
+            ->where($db->quoteName('id') . ' = ' . (int) $id);
+
+        $db->setQuery($query);
+
+        return $db->loadObject() ?: null;
+    }
+
+    /**
+     * Get post status counts for a specific service.
+     *
+     * @param   int  $serviceId  Service ID
+     *
+     * @return  object  Object with total, posted, failed, queued properties
+     */
+    public function getPostStats(int $serviceId): object
+    {
+        $db = $this->getDatabase();
+
+        $stats = new \stdClass();
+
+        foreach (['queued', 'posted', 'failed'] as $status) {
+            $query = $db->getQuery(true)
+                ->select('COUNT(*)')
+                ->from($db->quoteName('#__mokosuitecross_posts'))
+                ->where($db->quoteName('service_id') . ' = ' . (int) $serviceId)
+                ->where($db->quoteName('status') . ' = ' . $db->quote($status));
+            $db->setQuery($query);
+            $stats->{$status} = (int) $db->loadResult();
+        }
+
+        $stats->total = $stats->queued + $stats->posted + $stats->failed;
+
+        return $stats;
+    }
+
+    /**
+     * Get daily post trend for a specific service.
+     *
+     * @param   int  $serviceId  Service ID
+     * @param   int  $days       Number of days to look back
+     *
+     * @return  array  [['day' => '2026-05-28', 'posted' => N, 'failed' => N], ...]
+     */
+    public function getDailyTrend(int $serviceId, int $days = 30): array
+    {
+        $db = $this->getDatabase();
+
+        $cutoff = Factory::getDate('now - ' . $days . ' days')->format('Y-m-d');
+
+        $query = $db->getQuery(true)
+            ->select([
+                'DATE(' . $db->quoteName('created') . ') AS day',
+                'SUM(CASE WHEN ' . $db->quoteName('status') . ' = ' . $db->quote('posted') . ' THEN 1 ELSE 0 END) AS posted',
+                'SUM(CASE WHEN ' . $db->quoteName('status') . ' = ' . $db->quote('failed') . ' THEN 1 ELSE 0 END) AS failed',
+                'COUNT(*) AS total',
+            ])
+            ->from($db->quoteName('#__mokosuitecross_posts'))
+            ->where($db->quoteName('service_id') . ' = ' . (int) $serviceId)
+            ->where('DATE(' . $db->quoteName('created') . ') >= ' . $db->quote($cutoff))
+            ->group('DATE(' . $db->quoteName('created') . ')')
+            ->order('day ASC');
+
+        $db->setQuery($query);
+
+        return $db->loadAssocList() ?: [];
+    }
+
+    /**
+     * Get recent posts for a specific service with article titles.
+     *
+     * @param   int  $serviceId  Service ID
+     * @param   int  $limit      Number of posts to return
+     *
+     * @return  array
+     */
+    public function getRecentPosts(int $serviceId, int $limit = 20): array
+    {
+        $db = $this->getDatabase();
+
+        $query = $db->getQuery(true)
+            ->select([
+                $db->quoteName('p.id'),
+                $db->quoteName('p.status'),
+                $db->quoteName('p.posted_at'),
+                $db->quoteName('p.created'),
+                $db->quoteName('p.error_message'),
+                $db->quoteName('p.retry_count'),
+                $db->quoteName('c.title', 'article_title'),
+            ])
+            ->from($db->quoteName('#__mokosuitecross_posts', 'p'))
+            ->join('LEFT', $db->quoteName('#__content', 'c')
+                . ' ON ' . $db->quoteName('c.id') . ' = ' . $db->quoteName('p.article_id'))
+            ->where($db->quoteName('p.service_id') . ' = ' . (int) $serviceId)
+            ->order($db->quoteName('p.created') . ' DESC');
+
+        $db->setQuery($query, 0, $limit);
+
+        return $db->loadAssocList() ?: [];
+    }
+
+    /**
+     * Get the most cross-posted articles for a specific service.
+     *
+     * @param   int  $serviceId  Service ID
+     * @param   int  $limit      Number of articles to return
+     *
+     * @return  array
+     */
+    public function getTopArticles(int $serviceId, int $limit = 10): array
+    {
+        $db = $this->getDatabase();
+
+        $query = $db->getQuery(true)
+            ->select([
+                $db->quoteName('c.id'),
+                $db->quoteName('c.title'),
+                'COUNT(*) AS post_count',
+                'SUM(CASE WHEN ' . $db->quoteName('p.status') . ' = ' . $db->quote('posted') . ' THEN 1 ELSE 0 END) AS success_count',
+            ])
+            ->from($db->quoteName('#__mokosuitecross_posts', 'p'))
+            ->join('INNER', $db->quoteName('#__content', 'c')
+                . ' ON ' . $db->quoteName('c.id') . ' = ' . $db->quoteName('p.article_id'))
+            ->where($db->quoteName('p.service_id') . ' = ' . (int) $serviceId)
+            ->group($db->quoteName(['c.id', 'c.title']))
+            ->order('post_count DESC');
+
+        $db->setQuery($query, 0, $limit);
+
+        return $db->loadAssocList() ?: [];
+    }
+}

source/packages/com_mokosuitecross/src/Model/ServicesModel.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Model;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
 
 defined('_JEXEC') or die;
 
@@ -48,7 +48,7 @@ class ServicesModel extends ListModel
         $query = $db->getQuery(true);
 
         $query->select('a.*')
-            ->from($db->quoteName('#__mokojoomcross_services', 'a'));
+            ->from($db->quoteName('#__mokosuitecross_services', 'a'));
 
         // Filter by published state
         $published = $this->getState('filter.published');

source/packages/com_mokosuitecross/src/Model/TemplateModel.php

@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\MVC\Model\AdminModel;
+
+class TemplateModel extends AdminModel
+{
+    public function getForm($data = [], $loadData = true)
+    {
+        $form = $this->loadForm(
+            'com_mokosuitecross.template',
+            'template',
+            ['control' => 'jform', 'load_data' => $loadData]
+        );
+
+        if (empty($form)) {
+            return false;
+        }
+
+        return $form;
+    }
+
+    protected function loadFormData()
+    {
+        return $this->getItem();
+    }
+}

source/packages/com_mokosuitecross/src/Model/TemplatesModel.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Model;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\MVC\Model\ListModel;
+
+class TemplatesModel extends ListModel
+{
+    public function __construct($config = [])
+    {
+        if (empty($config['filter_fields'])) {
+            $config['filter_fields'] = [
+                'id', 'a.id',
+                'title', 'a.title',
+                'service_type', 'a.service_type',
+                'published', 'a.published',
+                'ordering', 'a.ordering',
+            ];
+        }
+
+        parent::__construct($config);
+    }
+
+    protected function getListQuery()
+    {
+        $db    = $this->getDatabase();
+        $query = $db->getQuery(true);
+
+        $query->select('a.*')
+            ->from($db->quoteName('#__mokosuitecross_templates', 'a'));
+
+        $published = $this->getState('filter.published');
+
+        if (is_numeric($published)) {
+            $query->where($db->quoteName('a.published') . ' = ' . (int) $published);
+        }
+
+        $serviceType = $this->getState('filter.service_type');
+
+        if (!empty($serviceType)) {
+            $query->where($db->quoteName('a.service_type') . ' = ' . $db->quote($serviceType));
+        }
+
+        $orderCol  = $this->state->get('list.ordering', 'a.ordering');
+        $orderDirn = $this->state->get('list.direction', 'ASC');
+        $query->order($db->escape($orderCol) . ' ' . $db->escape($orderDirn));
+
+        return $query;
+    }
+}

source/packages/com_mokosuitecross/src/Service/MokoSuiteCrossServiceInterface.php

@@ -1,26 +1,26 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Service;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Service;
 
 defined('_JEXEC') or die;
 
 /**
- * Interface that all MokoJoomCross service plugins must implement.
+ * Interface that all MokoSuiteCross service plugins must implement.
  *
- * Service plugins in the `mokojoomcross` plugin group register themselves
+ * Service plugins in the `mokosuitecross` plugin group register themselves
  * by implementing this interface. The system plugin dispatches cross-post
  * requests to all enabled service plugins via this contract.
  */
-interface MokoJoomCrossServiceInterface
+interface MokoSuiteCrossServiceInterface
 {
     /**
      * Get the unique service type identifier.
@@ -70,4 +70,15 @@ interface MokoJoomCrossServiceInterface
      * @return  bool
      */
     public function supportsMedia(): bool;
+
+    /**
+     * Get the media types this service supports.
+     *
+     * Return an array of supported types: 'image', 'video', 'gif', 'document'.
+     * Services that return an empty array are text-only.
+     * Default implementation returns ['image'] if supportsMedia() is true.
+     *
+     * @return  string[]  e.g. ['image', 'video', 'gif']
+     */
+    public function getSupportedMediaTypes(): array;
 }

source/packages/com_mokosuitecross/src/Table/PostTable.php

@@ -1,15 +1,15 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Table;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Table;
 
 defined('_JEXEC') or die;
 
@@ -20,6 +20,6 @@ class PostTable extends Table
 {
     public function __construct(DatabaseDriver $db)
     {
-        parent::__construct('#__mokojoomcross_posts', 'id', $db);
+        parent::__construct('#__mokosuitecross_posts', 'id', $db);
     }
 }

source/packages/com_mokosuitecross/src/Table/ServiceTable.php

@@ -0,0 +1,91 @@
+<?php
+
+/**
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
+ * @author      Moko Consulting <hello@mokoconsulting.tech>
+ * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
+ * @license     GNU General Public License version 3 or later; see LICENSE
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+namespace Joomla\Component\MokoSuiteCross\Administrator\Table;
+
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Filter\OutputFilter;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Table\Table;
+use Joomla\Database\DatabaseDriver;
+
+class ServiceTable extends Table
+{
+    public function __construct(DatabaseDriver $db)
+    {
+        parent::__construct('#__mokosuitecross_services', 'id', $db);
+    }
+
+    /**
+     * Validate the record before storing.
+     *
+     * Generates alias from title if empty, validates required fields,
+     * sets created/modified timestamps.
+     *
+     * @return  boolean  True if the record is valid
+     */
+    public function check(): bool
+    {
+        // Title is required
+        if (empty($this->title)) {
+            $this->setError(Text::_('COM_MOKOSUITECROSS_ERROR_TITLE_REQUIRED'));
+
+            return false;
+        }
+
+        // Service type is required
+        if (empty($this->service_type)) {
+            $this->setError(Text::_('COM_MOKOSUITECROSS_ERROR_SERVICE_TYPE_REQUIRED'));
+
+            return false;
+        }
+
+        // Generate alias from title if empty
+        if (empty($this->alias)) {
+            $this->alias = $this->title;
+        }
+
+        $this->alias = OutputFilter::stringURLSafe($this->alias);
+
+        // Make sure alias is unique
+        if (empty($this->alias)) {
+            $this->alias = Factory::getDate()->format('Y-m-d-H-i-s');
+        }
+
+        // Set timestamps
+        $now = Factory::getDate()->toSql();
+
+        if (empty($this->created)) {
+            $this->created = $now;
+        }
+
+        $this->modified = $now;
+
+        // Set created_by if not set
+        if (empty($this->created_by)) {
+            $this->created_by = Factory::getApplication()->getIdentity()->id ?? 0;
+        }
+
+        // Ensure credentials is valid JSON
+        if (empty($this->credentials)) {
+            $this->credentials = '{}';
+        }
+
+        // Ensure params is valid JSON
+        if (empty($this->params)) {
+            $this->params = '{}';
+        }
+
+        return true;
+    }
+}

source/packages/com_mokosuitecross/src/Table/TemplateTable.php

@@ -1,25 +1,25 @@
 <?php
 
 /**
- * @package     MokoJoomCross
- * @subpackage  com_mokojoomcross
+ * @package     MokoSuiteCross
+ * @subpackage  com_mokosuitecross
  * @author      Moko Consulting <hello@mokoconsulting.tech>
  * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
  * @license     GNU General Public License version 3 or later; see LICENSE
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-namespace Joomla\Component\MokoJoomCross\Administrator\Table;
+namespace Joomla\Component\MokoSuiteCross\Administrator\Table;
 
 defined('_JEXEC') or die;
 
 use Joomla\CMS\Table\Table;
 use Joomla\Database\DatabaseDriver;
 
-class ServiceTable extends Table
+class TemplateTable extends Table
 {
     public function __construct(DatabaseDriver $db)
     {
-        parent::__construct('#__mokojoomcross_services', 'id', $db);
+        parent::__construct('#__mokosuitecross_templates', 'id', $db);
     }
 }