chore(version): pre-release bump to 01.43.16-dev [skip ci]

fix(db): add 01.43.11 schema update file to resolve version mismatch
Joomla's database checker requires a SQL update file matching the manifest version. Missing file caused schema version to stay at 01.41.00.
2026-06-25 16:11:26 +00:00 · 2026-06-25 11:11:05 -05:00
66 changed files with 300 additions and 838 deletions
@@ -1,3 +0,0 @@
-[submodule "source/packages/MokoSuiteClient"]
-	path = source/packages/MokoSuiteClient
-	url = https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteClient.git
@@ -22,7 +22,7 @@ on:

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}

 permissions:
  contents: write
@@ -7,7 +7,7 @@
 # INGROUP: mokocli.Release
 # REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokocli
 # PATH: /templates/workflows/universal/auto-release.yml.template
-# VERSION: 05.01.00
+# VERSION: 05.00.00
 # BRIEF: Universal build & release � detects platform from manifest.xml
 #
 # +=======================================================================+
@@ -52,7 +52,7 @@ on:

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}

@@ -75,7 +75,6 @@ jobs:
        with:
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          fetch-depth: 1
-          submodules: recursive

      - name: Setup mokocli tools
        env:
@@ -103,7 +102,7 @@ jobs:
          php ${MOKO_CLI}/branch_rename.php \
            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --api-base "${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
+            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
            --pr "${{ github.event.pull_request.number }}"

      - name: Checkout rc and configure git
@@ -122,7 +121,7 @@ jobs:

      - name: Update RC release notes from CHANGELOG.md
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Extract [Unreleased] section from changelog
@@ -174,7 +173,6 @@ jobs:
        with:
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          fetch-depth: 0
-          submodules: recursive

      - name: Configure git for bot pushes
        run: |
@@ -271,7 +269,7 @@ jobs:
          !startsWith(steps.platform.outputs.platform, 'joomla')
        run: |
          VERSION="${{ steps.version.outputs.version }}"
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          SEMVER_TAG="v${VERSION}"

@@ -296,7 +294,7 @@ jobs:

      - name: Update release notes and promote changelog
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Get the stable release info (version and ID)
@@ -365,7 +363,7 @@ jobs:
          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          php ${MOKO_CLI}/release_mirror.php \
            --version "$VERSION" --tag "$RELEASE_TAG" \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
@@ -394,7 +392,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Delete rc branch (ephemeral — created by promote-rc)
@@ -418,7 +416,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
          BRANCH_NAME="version/${VERSION}"
@@ -439,7 +437,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          php ${MOKO_CLI}/version_reset_dev.php \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
            --branch dev --path . 2>&1 || true
@@ -465,5 +463,5 @@ jobs:
            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${MOKOGITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
+            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
          fi
@@ -13,12 +13,6 @@
 name: "Generic: Project CI"

 on:
-  pull_request:
-    branches:
-      - main
-      - dev
-      - dev/**
-      - rc/**
  workflow_dispatch:

 permissions:
@@ -1,68 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: mokocli.Universal
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
-# PATH: /.mokogitea/workflows/ci-issue-reporter.yml
-# VERSION: 01.00.00
-# BRIEF: Reusable workflow — creates/updates a Gitea issue when a CI gate fails.
-#        Clones MokoCLI and runs cli/ci_issue_reporter.sh.
-
-name: "Universal: CI Issue Reporter"
-
-on:
-  workflow_call:
-    inputs:
-      gate:
-        description: "CI gate name (e.g. PR Validation, Repository Health)"
-        required: true
-        type: string
-      details:
-        description: "Human-readable failure description"
-        required: true
-        type: string
-      severity:
-        description: "error or warning"
-        required: false
-        type: string
-        default: "error"
-      workflow:
-        description: "Workflow name for the issue title"
-        required: false
-        type: string
-        default: ""
-    secrets:
-      MOKOGITEA_TOKEN:
-        required: true
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  report:
-    name: "Report: ${{ inputs.gate }}"
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone MokoCLI
-        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-        run: |
-          MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
-          git clone --depth 1 --filter=blob:none --sparse "${MOKOGITEA_URL}/MokoConsulting/MokoCLI.git" /tmp/mokocli
-          cd /tmp/mokocli && git sparse-checkout set cli/ci_issue_reporter.sh
-
-      - name: Report CI failure
-        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
-          MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-        run: |
-          chmod +x /tmp/mokocli/cli/ci_issue_reporter.sh
-          /tmp/mokocli/cli/ci_issue_reporter.sh \
-            --gate "${{ inputs.gate }}" \
-            --details "${{ inputs.details }}" \
-            --severity "${{ inputs.severity }}" \
-            --workflow "${{ inputs.workflow }}"
@@ -21,7 +21,7 @@ permissions:
  contents: write

 env:
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}

 jobs:
  cleanup:
@@ -33,17 +33,17 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-          token: ${{ secrets.MOKOGITEA_TOKEN }}
+          token: ${{ secrets.GA_TOKEN }}

      - name: Delete merged branches
        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
        run: |
          echo "=== Merged Branch Cleanup ==="
-          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"

          # List branches via API
-          BRANCHES=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+          BRANCHES=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
            "${API}/branches?limit=50" | jq -r '.[].name')

          DELETED=0
@@ -56,7 +56,7 @@ jobs:
            # Check if branch is merged into main
            if git merge-base --is-ancestor "origin/${BRANCH}" origin/main 2>/dev/null; then
              echo "  Deleting merged branch: ${BRANCH}"
-              curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+              curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
                "${API}/branches/${BRANCH}" 2>/dev/null || true
              DELETED=$((DELETED + 1))
            fi
@@ -66,20 +66,20 @@ jobs:

      - name: Clean old workflow runs
        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
        run: |
          echo "=== Workflow Run Cleanup ==="
-          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
          CUTOFF=$(date -d "30 days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-30d +%Y-%m-%dT%H:%M:%SZ)

          # Get old completed runs
-          RUNS=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+          RUNS=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
            "${API}/actions/runs?status=completed&limit=50" | \
            jq -r ".workflow_runs[] | select(.created_at < \"${CUTOFF}\") | .id" 2>/dev/null)

          DELETED=0
          for RUN_ID in $RUNS; do
-            curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
+            curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
              "${API}/actions/runs/${RUN_ID}" 2>/dev/null || true
            DELETED=$((DELETED + 1))
          done
@@ -1,126 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow
-# INGROUP: MokoStandards.Deploy
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
-# PATH: /templates/workflows/joomla/deploy-manual.yml.template
-# VERSION: 04.07.00
-# BRIEF: Manual SFTP deploy to dev server for Joomla repos
-
-name: "Universal: Deploy to Dev (Manual)"
-
-on:
-  workflow_dispatch:
-    inputs:
-      clear_remote:
-        description: 'Delete all remote files before uploading'
-        required: false
-        default: 'false'
-        type: boolean
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-permissions:
-  contents: read
-
-jobs:
-  deploy:
-    name: SFTP Deploy to Dev
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Setup PHP
-        run: |
-          php -v && composer --version
-
-      - name: Setup MokoStandards tools
-        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          MOKO_CLONE_HOST: ${{ secrets.MOKOGITEA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.MOKOGITEA_TOKEN || github.token }}"}}'
-        run: |
-          git clone --depth 1 --branch main --quiet \
-            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
-            /tmp/mokostandards-api 2>/dev/null || true
-          if [ -d "/tmp/mokostandards-api" ] && [ -f "/tmp/mokostandards-api/composer.json" ]; then
-            cd /tmp/mokostandards-api && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
-          fi
-
-      - name: Check FTP configuration
-        id: check
-        env:
-          HOST: ${{ vars.DEV_FTP_HOST }}
-          PATH_VAR: ${{ vars.DEV_FTP_PATH }}
-          PORT: ${{ vars.DEV_FTP_PORT }}
-        run: |
-          if [ -z "$HOST" ] || [ -z "$PATH_VAR" ]; then
-            echo "DEV_FTP_HOST or DEV_FTP_PATH not configured -- cannot deploy"
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          echo "skip=false" >> "$GITHUB_OUTPUT"
-          echo "host=$HOST" >> "$GITHUB_OUTPUT"
-
-          REMOTE="${PATH_VAR%/}"
-          echo "remote=$REMOTE" >> "$GITHUB_OUTPUT"
-
-          [ -z "$PORT" ] && PORT="22"
-          echo "port=$PORT" >> "$GITHUB_OUTPUT"
-
-      - name: Deploy via SFTP
-        if: steps.check.outputs.skip != 'true'
-        env:
-          SFTP_KEY: ${{ secrets.DEV_FTP_KEY }}
-          SFTP_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
-          SFTP_USER: ${{ vars.DEV_FTP_USERNAME }}
-        run: |
-          SOURCE_DIR="src"
-          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
-          [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ -- nothing to deploy"; exit 0; }
-
-          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
-            "${{ steps.check.outputs.host }}" "${{ steps.check.outputs.port }}" "$SFTP_USER" "${{ steps.check.outputs.remote }}" \
-            > /tmp/sftp-config.json
-
-          if [ -n "$SFTP_KEY" ]; then
-            echo "$SFTP_KEY" > /tmp/deploy_key
-            chmod 600 /tmp/deploy_key
-            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
-          else
-            printf ',"password":"%s"}' "$SFTP_PASS" >> /tmp/sftp-config.json
-          fi
-
-          DEPLOY_ARGS=(--path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json)
-          [ "${{ inputs.clear_remote }}" = "true" ] && DEPLOY_ARGS+=(--clear-remote)
-
-          PLATFORM=$(php /tmp/mokostandards-api/cli/platform_detect.php --path . 2>/dev/null || true)
-          if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards-api/deploy/deploy-joomla.php" ]; then
-            php /tmp/mokostandards-api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}"
-          else
-            php /tmp/mokostandards-api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}"
-          fi
-
-          rm -f /tmp/deploy_key /tmp/sftp-config.json
-
-      - name: Summary
-        if: always()
-        run: |
-          if [ "${{ steps.check.outputs.skip }}" = "true" ]; then
-            echo "### Deploy Skipped -- FTP not configured" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "### Manual Dev Deploy Complete" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
-            echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Host | \`${{ steps.check.outputs.host }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Remote | \`${{ steps.check.outputs.remote }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Clear | ${{ inputs.clear_remote }} |" >> $GITHUB_STEP_SUMMARY
-          fi
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Automation
-# VERSION: 01.45.04
+# VERSION: 01.43.16
 # BRIEF: Auto-create feature branch when an issue is opened

 name: "Universal: Issue Branch"
@@ -19,7 +19,7 @@ permissions:
  issues: write

 env:
-  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}

 jobs:
  create-branch:
@@ -28,8 +28,8 @@ jobs:
    steps:
      - name: Create branch and comment
        run: |
-          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
+          TOKEN="${{ secrets.GA_TOKEN }}"
+          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
          ISSUE_NUM="${{ github.event.issue.number }}"
          ISSUE_TITLE="${{ github.event.issue.title }}"

@@ -58,7 +58,7 @@ jobs:
            echo "Created branch: ${BRANCH}"

            # Comment on issue with branch link
-            REPO_URL="${MOKOGITEA_URL}/${{ github.repository }}"
+            REPO_URL="${GITEA_URL}/${{ github.repository }}"
            BODY="Branch created: [\`${BRANCH}\`](${REPO_URL}/src/branch/${BRANCH})\n\n\`\`\`bash\ngit fetch origin\ngit checkout ${BRANCH}\n\`\`\`"

            curl -sf -X POST \
@@ -496,26 +496,39 @@ jobs:
    steps:
      - name: Trigger RC pre-release
        env:
-          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
          REPO: ${{ github.repository }}
          BRANCH: ${{ github.head_ref }}
-          MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
        run: |
-          curl -s -X POST             "${MOKOGITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${MOKOGITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY

  # ── Issue Reporter ──────────────────────────────────────────────────────
  report-issues:
    name: Report Issues
+    runs-on: ubuntu-latest
    needs: [branch-policy, validate]
    if: >-
      always() &&
      needs.validate.result == 'failure'
-    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-    with:
-      gate: "PR Validation"
-      workflow: "PR Check"
-      severity: error
-      details: "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
-    secrets: inherit
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issue for PR validation failure"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          ./automation/ci-issue-reporter.sh \
+            --gate "PR Validation" \
+            --workflow "PR Check" \
+            --severity error \
+            --details "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
@@ -7,7 +7,7 @@
 # INGROUP: mokocli.Release
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
 # PATH: /templates/workflows/universal/pre-release.yml.template
-# VERSION: 05.02.00
+# VERSION: 05.01.00
 # BRIEF: Auto pre-release on push to dev/alpha/beta/rc branches

 name: "Universal: Pre-Release"
@@ -59,11 +59,6 @@ jobs:
          fetch-depth: 0
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          ref: ${{ github.ref_name }}
-          submodules: recursive
-
-      - name: Update submodules to main
-        run: |
-          git submodule foreach --quiet 'git checkout main && git pull --quiet origin main' 2>/dev/null || true

      - name: Setup mokocli tools
        env:
@@ -29,20 +29,12 @@ jobs:

    steps:
      - name: Rename branch
-        env:
-          BRANCH: ${{ github.event.pull_request.head.ref }}
-          REPO: ${{ github.repository }}
-          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
-          TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
-          set -euo pipefail
-          # BRANCH is attacker-controlled (PR head ref). Strict allowlist before ANY use.
-          if ! printf '%s' "$BRANCH" | grep -Eq '^rc/[A-Za-z0-9._/-]+$'; then
-            echo "::error::Refusing unsafe branch name: $BRANCH"; exit 1
-          fi
+          BRANCH="${{ github.event.pull_request.head.ref }}"
          SUFFIX="${BRANCH#rc/}"
          DEV_BRANCH="dev/${SUFFIX}"
-          API="${GITEA_URL}/api/v1/repos/${REPO}/branches"
+          API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"

          # Create dev/ branch from rc/ branch
          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X POST \
@@ -50,22 +42,25 @@ jobs:
            -H "Content-Type: application/json" \
            -d "{\"new_branch_name\": \"${DEV_BRANCH}\", \"old_branch_name\": \"${BRANCH}\"}" \
            "${API}" 2>/dev/null || true)
+
          if [ "$STATUS" = "201" ]; then
-            echo "Created branch: ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
+            echo "Created branch: ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
          else
-            echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"; exit 1
+            echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"
+            exit 1
          fi

-          # Read BRANCH from the environment inside PHP (getenv, no string interpolation -> no PHP injection)
-          ENCODED=$(php -r 'echo rawurlencode(getenv("BRANCH"));')
+          # Delete rc/ branch
+          ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
            -H "Authorization: token ${TOKEN}" \
            "${API}/${ENCODED}" 2>/dev/null || true)
+
          if [ "$STATUS" = "204" ]; then
-            echo "Deleted branch: ${BRANCH}" >> "$GITHUB_STEP_SUMMARY"
+            echo "Deleted branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
          else
            echo "::warning::Failed to delete ${BRANCH} (HTTP ${STATUS})"
          fi

-          echo "### RC Reverted" >> "$GITHUB_STEP_SUMMARY"
-          echo "${BRANCH} → ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
+          echo "### RC Reverted" >> $GITHUB_STEP_SUMMARY
+          echo "${BRANCH} → ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
@@ -77,7 +77,7 @@ jobs:
      - name: Check actor permission (admin only)
        id: perm
        env:
-          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
+          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || secrets.MOKOGITEA_TOKEN || github.token }}
          REPO: ${{ github.repository }}
          ACTOR: ${{ github.actor }}
        run: |
@@ -671,30 +671,42 @@ jobs:
  # ═══════════════════════════════════════════════════════════════════════
  # Issue Reporter — file issues for failed gates
  # ═══════════════════════════════════════════════════════════════════════
-  report-scripts:
-    name: "Report: Scripts Governance"
-    needs: [access_check, scripts_governance]
+  report-issues:
+    name: "Report Issues"
+    runs-on: ubuntu-latest
+    needs: [access_check, scripts_governance, repo_health]
    if: >-
      always() &&
-      needs.scripts_governance.result == 'failure'
-    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-    with:
-      gate: "Scripts Governance"
-      workflow: "Repo Health"
-      severity: error
-      details: "Scripts directory policy violations detected. Review required and allowed directories."
-    secrets: inherit
+      (needs.scripts_governance.result == 'failure' ||
+       needs.repo_health.result == 'failure')

-  report-health:
-    name: "Report: Repository Health"
-    needs: [access_check, repo_health]
-    if: >-
-      always() &&
-      needs.repo_health.result == 'failure'
-    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-    with:
-      gate: "Repository Health"
-      workflow: "Repo Health"
-      severity: error
-      details: "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
-    secrets: inherit
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: automation/ci-issue-reporter.sh
+          sparse-checkout-cone-mode: false
+
+      - name: "File issues for failed gates"
+        env:
+          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+        run: |
+          chmod +x automation/ci-issue-reporter.sh
+          REPORTER="./automation/ci-issue-reporter.sh"
+          WF="Repo Health"
+
+          report_gate() {
+            local gate="$1" result="$2" details="$3"
+            if [ "$result" = "failure" ]; then
+              "$REPORTER" --gate "$gate" --details "$details" --workflow "$WF" --severity error
+            fi
+          }
+
+          report_gate "Scripts Governance" \
+            "${{ needs.scripts_governance.result }}" \
+            "Scripts directory policy violations detected. Review required and allowed directories."
+
+          report_gate "Repository Health" \
+            "${{ needs.repo_health.result }}" \
+            "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
@@ -1,130 +0,0 @@
-# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# FILE INFORMATION
-# DEFGROUP: Gitea.Workflow.Template
-# INGROUP: MokoStandards.CI
-# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
-# PATH: /.mokogitea/workflows/version-set.yml
-# VERSION: 01.00.00
-# BRIEF: Set or reset the extension version across all version-bearing files
-
-name: "Joomla: Set Version"
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: "Version number (e.g. 01.00.00)"
-        required: true
-        type: string
-      branch:
-        description: "Branch to update (default: current)"
-        required: false
-        type: string
-
-permissions:
-  contents: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  set-version:
-    name: Set Version to ${{ inputs.version }}
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Validate version format
-        run: |
-          VERSION="${{ inputs.version }}"
-          if ! echo "$VERSION" | grep -qP '^\d{2}\.\d{2}\.\d{2}$'; then
-            echo "::error::Invalid version format '${VERSION}' — expected XX.YY.ZZ (e.g. 01.00.00)"
-            exit 1
-          fi
-          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
-
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          ref: ${{ inputs.branch || github.ref }}
-          fetch-depth: 1
-
-      - name: Update manifest version
-        run: |
-          MANIFEST=""
-          for XML_FILE in $(find . -maxdepth 3 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
-            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
-              MANIFEST="$XML_FILE"
-              break
-            fi
-          done
-
-          if [ -z "$MANIFEST" ]; then
-            echo "::warning::No Joomla extension manifest found — skipping manifest update"
-          else
-            OLD_VER=$(grep -oP '<version>\K[^<]+' "$MANIFEST" | head -1)
-            sed -i "s|<version>${OLD_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
-            echo "Manifest: ${OLD_VER} → ${VERSION} (${MANIFEST})"
-          fi
-
-      - name: Update README.md version
-        run: |
-          if [ -f "README.md" ]; then
-            if grep -qP '^\s*VERSION:\s*\d' README.md; then
-              sed -i -E "s/(VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" README.md
-              echo "README.md version updated to ${VERSION}"
-            else
-              echo "::warning::No VERSION line found in README.md — skipping"
-            fi
-          fi
-
-      - name: Update CHANGELOG.md
-        run: |
-          if [ -f "CHANGELOG.md" ]; then
-            DATE=$(date +%Y-%m-%d)
-            # Check if this version already has an entry
-            if grep -q "^\#\# \[${VERSION}\]" CHANGELOG.md; then
-              echo "CHANGELOG.md already has entry for ${VERSION} — skipping"
-            else
-              # Insert new version entry after [Unreleased] or at the top after header
-              if grep -q '^\#\# \[Unreleased\]' CHANGELOG.md; then
-                sed -i "/^\#\# \[Unreleased\]/a\\\\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
-              else
-                sed -i "/^\# Changelog/a\\\\n## [Unreleased]\n\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
-              fi
-              echo "CHANGELOG.md: added entry for ${VERSION}"
-            fi
-          else
-            echo "::warning::No CHANGELOG.md found — skipping"
-          fi
-
-      - name: Update FILE INFORMATION blocks
-        run: |
-          # Update VERSION in file header blocks (# VERSION: XX.YY.ZZ)
-          find . -maxdepth 1 -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.php" -o -name "*.md" \) \
-            -not -path "./.git/*" -not -path "./vendor/*" -print0 2>/dev/null | \
-          while IFS= read -r -d '' FILE; do
-            if head -20 "$FILE" | grep -qP '^\s*#?\s*VERSION:\s*\d{2}\.\d{2}\.\d{2}'; then
-              sed -i -E "s/(#?\s*VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" "$FILE"
-              echo "Updated FILE INFORMATION VERSION in ${FILE}"
-            fi
-          done
-
-      - name: Commit and push
-        run: |
-          git config user.name "Moko Consulting [bot]"
-          git config user.email "hello@mokoconsulting.tech"
-          git add -A
-          if git diff --cached --quiet; then
-            echo "No version changes detected — nothing to commit"
-          else
-            git commit -m "chore: set version to ${VERSION} [skip bump]
-
-Authored-by: Moko Consulting"
-            git push
-            echo "### Version Set" >> $GITHUB_STEP_SUMMARY
-            echo "Version updated to \`${VERSION}\` on branch \`${GITHUB_REF_NAME}\`" >> $GITHUB_STEP_SUMMARY
-          fi
@@ -13,7 +13,6 @@
 name: "Universal: Workflow Sync Trigger"

 on:
-  workflow_dispatch:
  pull_request:
    types: [closed]
    branches:
@@ -27,9 +26,8 @@ jobs:
    name: Sync workflows to live repos
    runs-on: ubuntu-latest
    if: >-
-      github.event_name == 'workflow_dispatch' ||
-      (github.event.pull_request.merged == true &&
-      !contains(github.event.pull_request.title, '[skip sync]'))
+      github.event.pull_request.merged == true &&
+      !contains(github.event.pull_request.title, '[skip sync]')

    steps:
      - name: Determine platform from repo name
@@ -51,14 +49,8 @@ jobs:
        env:
          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
-          MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
-          git clone --depth 1 "${MOKOGITEA_URL}/MokoConsulting/mokocli.git" /tmp/mokocli
-
-      - name: Install PHP
-        run: |
-          if ! command -v php &> /dev/null; then
-            apt-get update -qq && apt-get install -y -qq php-cli php-json php-curl > /dev/null 2>&1
-          fi
+          GITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
+          git clone --depth 1 "${GITEA_URL}/MokoConsulting/mokocli.git" /tmp/mokocli

      - name: Install dependencies
        run: |
@@ -1,13 +1,7 @@
 # Changelog
+
 ## [Unreleased]

-## [01.45.00] --- 2026-06-28
-
-
-## [01.45.00] --- 2026-06-28
-
-## [01.43.35] --- 2026-06-28
-
 ### Added
 - Customizable restore script filename per backup profile (reduces discoverability on remote servers)
 - MokoRestore standalone mode: multi-ZIP selector when multiple backup archives are present
@@ -23,7 +17,6 @@
 - MokoRestore cleanup and security messages now reference the actual script filename instead of hardcoded "restore.php"

 ### Fixed
- SSH key indicator detection and missing delete language key
 - Bootstrap 5 modal conversion for snapshots view (data-bs-dismiss, modal-footer, getOrCreateInstance)
 - ntfy default URL changed from ntfy.sh to ntfy.mokoconsulting.tech
 - Untranslated JFIELD_ORDERING_ASC / JFIELD_ORDERING_LABEL language keys replaced with component-specific keys
@@ -31,9 +24,135 @@
 - Profile dropdown IDs in backup records and dashboard show "#ID — Title (type)" format
 - MokoRestore stalling: unhandled promise rejections from network errors or non-JSON responses left UI in loading state

+## [01.43.00] --- 2026-06-24
+
+
 ## [01.43.00] --- 2026-06-24

 ## [01.42.00] --- 2026-06-23


 ## [01.42.00] --- 2026-06-23
+
+## [01.41.00] — 2026-06-23
+
+### Added — Multi-Remote Storage
+- New `#__mokosuitebackup_remotes` table for multiple destinations per profile
+- Remote destinations UI: AJAX-driven add/edit/delete/toggle modal on profile edit
+- Engine uploads to ALL enabled destinations (BackupEngine + SteppedBackupEngine)
+- Migration auto-converts existing SFTP/S3/GDrive/FTP profile columns to new table
+- Backward compatibility: falls back to legacy single-remote columns if table empty
+- Secrets masked in API responses, merged from DB on save
+
+### Added — Content Snapshots
+- Lightweight JSON snapshots of articles, categories, and modules
+- Includes tags, custom fields, workflow associations, field values
+- Restore modes: Replace (clean slate), Merge (upsert), Selective (per-article)
+- Snapshot retention: max count + max age with automatic cleanup
+- Scheduled snapshot task via com_scheduler
+- CLI: `mokosuitebackup:snapshot create|restore|list|delete`
+- REST API: create, list, restore, delete, download snapshots
+- Tabbed browse modal: Articles / Categories / Modules with item counts
+
+### Added — SFTP Remote Storage
+- SFTP support with SSH key file authentication (key stored base64 in database)
+- Auth type dropdown: Password / Key File / Key File + Passphrase
+- SshKeyField: file upload via FileReader, key never exposed in HTML
+- SFTP remote directory browser for path selection
+- `__KEEP_EXISTING__` sentinel preserves key on profile re-save
+
+### Added — MokoRestore Wizard (9 steps)
+- Per-table conflict resolution: Replace / Skip / Merge / Data Only
+- Preset buttons: "All Replace", "All Skip", "Everything except users"
+- Post-restore actions: reset passwords, hits, versions, sessions, cache
+- Auto-detect sanitized passwords and prompt for reset (random temp password)
+- Standalone mode: restore.php scans directory for ZIP files
+- Wrapped mode: restore.php bundled inside backup ZIP
+- Security gate with filesystem verification + path traversal protection
+
+### Added — Data Sanitization
+- Sanitize user passwords: replace hashes with invalid sentinel
+- Sanitize user emails: replace with dummy values
+- Clear session data: exclude `#__session` table
+- Preserve super admin credentials (optional)
+- GDPR-friendly backup sharing for demos and staging sites
+
+### Added — Backup Engine
+- Pre-flight validation: directory, disk space, extensions, credentials, running backups
+- Auto-verify archive integrity after creation (ZIP, tar.gz, 7z)
+- 7z archive format via system 7za/7z CLI binary with native encryption
+- Streaming database dump to temp file (prevents OOM on large sites)
+- S3 streaming upload via CURLOPT_PUT (prevents OOM)
+- Graceful remote degradation: local backup preserved if upload fails
+- DatabaseDumper::dumpToFile() for memory-efficient operation
+
+### Added — Admin UI
+- Dashboard: snapshot widget, 30-day backup trend chart, per-profile storage breakdown
+- CPanel admin dashboard module (mod_mokosuitebackup_cpanel) with quick actions
+- Backup type filter dropdown in backups list
+- Backup comparison: select two backups for side-by-side diff
+- Archive browser: view files inside backup without extracting
+- Manual purge: delete backups older than a date with count preview
+- Backup count badges on profile list
+- "Do not navigate away" warning in backup/restore progress modals
+- Clickable placeholder pills for backup directory and archive name fields
+- Comprehensive help modal with absolute/relative/placeholder path documentation
+- Placeholder resolution display with EXAMPLE prefix
+- All placeholders UPPERCASE: [HOST], [SITE_NAME], [DATE], [DATETIME], etc.
+
+### Added — CLI & API
+- `mokosuitebackup:restore` with --files-only, --db-only, --password options
+- `mokosuitebackup:snapshot` with create, restore, list, delete actions
+- REST API for snapshots: create, list, restore, delete, download
+- Profile credentials masked in API responses
+
+### Added — Notifications & Logging
+- Email/ntfy notifications for site restore, snapshot create/restore
+- Joomla Action Logs for restore, snapshot, and snapshot restore events
+- Global ntfy server/topic/token settings (fallback for profiles)
+
+### Added — Security & Configuration
+- Webcron secret field with CSPRNG generator + strength meter
+- IP whitelist field with current IP detection + one-click "Add my IP"
+- 10 ACL permissions with full enforcement audit across all controllers
+- Config defaults: archive format, MokoRestore mode, sanitization settings
+- Path traversal protection on all archive extraction (ZIP, tar.gz, JPA)
+
+### Fixed
+- CLI RestoreCommand passed wrong arguments (filepath instead of record ID)
+- JPA path traversal: reject `../` in archive entry paths
+- S3Uploader OOM: streaming upload instead of file_get_contents
+- DatabaseDumper OOM: streaming to file instead of in-memory string
+- AkeebaImporter: removed unserialize() (PHP object injection risk)
+- BackupTable: delete DB row before file (prevents data loss)
+- RestoreEngine: staging path sanitized with preg_replace
+- API profiles: sensitive fields masked with `***`
+- Webcron: missing return after sendJsonResponse on auth failure
+- loadFormData(): cast array to object (PHP 8.x TypeError fix)
+- MokoRestore data-only mode: uses REPLACE INTO for existing rows
+- Plaintext archive deleted on encryption failure
+- TarGzArchiver: intermediate .tar cleaned in finally block
+- Install script: single-line comments converted to block comments
+- Orphaned root-level webservices plugin files removed
+- include_mokorestore column: TINYINT changed to VARCHAR(20)
+- Snapshot fields_values: scoped dump and restore to com_content.article (previously destroyed values for contacts, users, etc.)
+- Run Backup button: accept CSRF token from GET (fixes "token did not match" on profile edit)
+- SFTP fields: moved into remote fieldset for showon visibility; removed required attr that blocked non-SFTP saves
+- Script.php merge conflict markers resolved
+
+## [01.24.00] — 2026-06-02
+
+### Added
+- Initial release: full-site backup and restore for Joomla 6
+- Database, files, and configuration backup
+- ZIP and tar.gz archive formats with AES-256 encryption
+- Differential backups based on file manifests
+- FTP/FTPS, S3, Google Drive remote storage
+- MokoRestore standalone restore wizard
+- CLI backup and restore commands
+- REST API for remote management
+- Scheduled tasks via com_scheduler
+- Email and ntfy push notifications
+- Per-profile retention, exclusions, and notifications
+- Akeeba Backup migration tool
+- Admin dashboard with system health checks
@@ -5,7 +5,7 @@ Full-site backup and restore for Joomla — database, files, and configuration.
 | Field | Value |
 |---|---|
 | **Package** | `pkg_mokosuitebackup` |
-| **Type** | Joomla Package (9 sub-extensions + MokoSuiteClient) |
+| **Type** | Joomla Package (8 sub-extensions) |
 | **Joomla** | 6.x+ |
 | **PHP** | 8.1+ |
 | **License** | GPL-3.0-or-later |
@@ -19,7 +19,6 @@ Full-site backup and restore for Joomla — database, files, and configuration.
 - Stepped AJAX engine prevents timeout on shared hosting
 - AES-256 ZIP encryption with configurable password
 - Configurable archive naming with placeholders ([HOST], [DATE], [SITE_NAME], etc.)
- Per-profile retention — configure max backup count and max age (days) per profile, with global defaults
 - Data sanitization — optionally clear user passwords, emails, and sessions in backup

 ### Content Snapshots
@@ -31,8 +30,7 @@ Full-site backup and restore for Joomla — database, files, and configuration.
 - Scheduled snapshot task via com_scheduler

 ### Remote Storage
- Multi-remote — upload to multiple destinations per profile simultaneously
- SFTP with SSH key file auth + remote directory browser
+- SFTP with SSH key file authentication (key stored base64-encoded in database)
 - Amazon S3 and S3-compatible (DigitalOcean Spaces, Wasabi, MinIO)
 - Google Drive with OAuth2 and resumable uploads
 - Graceful degradation — local backup preserved if upload fails
@@ -68,10 +66,6 @@ Full-site backup and restore for Joomla — database, files, and configuration.
 - Snapshots: create, list, restore, delete, download
 - Profile credentials masked in API responses

-### Bundled: MokoSuiteClient
- Full MokoSuiteClient package installed automatically alongside MokoSuiteBackup
- Provides admin dashboard, security firewall, tenant management, and developer tools
-
 ## Installation

 1. Download from [Releases](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteBackup/releases)
@@ -1,241 +0,0 @@
-<!--
-Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
-
-This file is part of a Moko Consulting project.
-
-SPDX-License-Identifier: GPL-3.0-or-later
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# FILE INFORMATION
-DEFGROUP: Template-Joomla
-INGROUP: Template-Joomla.Documentation
-REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
-PATH: /SECURITY.md
-VERSION: 01.45.04
-BRIEF: Security vulnerability reporting and handling policy
-->
-
-# Security Policy
-
-## Purpose and Scope
-
-This document defines the security vulnerability reporting, response, and disclosure policy for this Joomla Plugin template repository. It establishes the authoritative process for responsible disclosure, assessment, remediation, and communication of security issues.
-
-## Supported Versions
-
-Security updates are provided for the following versions:
-
-| Version | Supported          |
-| ------- | ------------------ |
-| 01.x.x  | :white_check_mark: |
-| < 01.0  | :x:                |
-
-Only the current major version receives security updates. Users should upgrade to the latest supported version to receive security patches.
-
-## Reporting a Vulnerability
-
-### Where to Report
-
-**DO NOT** create public GitHub issues for security vulnerabilities.
-
-Report security vulnerabilities privately to:
-
-**Email**: `security@mokoconsulting.tech`
-
-**Subject Line**: `[SECURITY] Template-Joomla - Brief Description`
-
-### What to Include
-
-A complete vulnerability report should include:
-
-1. **Description**: Clear explanation of the vulnerability
-2. **Impact**: Potential security impact and severity assessment
-3. **Affected Versions**: Which versions are vulnerable
-4. **Reproduction Steps**: Detailed steps to reproduce the issue
-5. **Proof of Concept**: Code, configuration, or demonstration (if applicable)
-6. **Suggested Fix**: Proposed remediation (if known)
-7. **Disclosure Timeline**: Your expectations for public disclosure
-
-### Response Timeline
-
-* **Initial Response**: Within 3 business days
-* **Assessment Complete**: Within 7 business days
-* **Fix Timeline**: Depends on severity (see below)
-* **Disclosure**: Coordinated with reporter
-
-## Severity Classification
-
-Vulnerabilities are classified using the following severity levels:
-
-### Critical
-* Remote code execution
-* Authentication bypass
-* Data breach or exposure of sensitive information
-* **Fix Timeline**: 7 days
-
-### High
-* Privilege escalation
-* SQL injection or command injection
-* Cross-site scripting (XSS) with significant impact
-* **Fix Timeline**: 14 days
-
-### Medium
-* Information disclosure (limited scope)
-* Denial of service
-* Security misconfigurations with moderate impact
-* **Fix Timeline**: 30 days
-
-### Low
-* Security best practice violations
-* Minor information leaks
-* Issues requiring user interaction or complex preconditions
-* **Fix Timeline**: 60 days or next release
-
-## Remediation Process
-
-1. **Acknowledgment**: Security team confirms receipt and begins investigation
-2. **Assessment**: Vulnerability is validated, severity assigned, and impact analyzed
-3. **Development**: Security patch is developed and tested
-4. **Review**: Patch undergoes security review and validation
-5. **Release**: Fixed version is released with security advisory
-6. **Disclosure**: Public disclosure follows coordinated timeline
-
-## Security Advisories
-
-Security advisories are published via:
-
-* GitHub Security Advisories
-* Release notes and CHANGELOG.md
-* Email notification to project users (if mailing list is established)
-
-Advisories include:
-
-* CVE identifier (if applicable)
-* Severity rating
-* Affected versions
-* Fixed versions
-* Mitigation steps
-* Attribution (with reporter consent)
-
-## Security Best Practices
-
-For projects using this template:
-
-### Required Controls
-
-* Enable GitHub security features (Dependabot, code scanning)
-* Implement branch protection on `main`
-* Require code review for all changes
-* Enforce signed commits (recommended)
-* Use secrets management (never commit credentials)
-* Maintain security documentation
-* Follow secure coding standards defined in MokoStandards
-
-### Joomla Plugin Security
-
-* Follow Joomla security best practices
-* Validate and sanitize all user input
-* Use Joomla's database API to prevent SQL injection
-* Properly escape output to prevent XSS
-* Implement proper access control checks
-* Use Joomla's session and authentication APIs
-* Keep Joomla and dependencies up to date
-
-### CI/CD Security
-
-* Validate all inputs
-* Sanitize outputs
-* Use least privilege access
-* Pin dependencies with hash verification
-* Scan for vulnerabilities in dependencies
-* Audit third-party actions and tools
-
-#### Automated Security Scanning
-
-All repositories SHOULD implement:
-
-**CodeQL Analysis**:
-* Enabled for PHP and other supported languages
-* Runs on: push to main, pull requests, weekly schedule
-* Query sets: `security-extended` and `security-and-quality`
-* Configuration: `.github/workflows/codeql-analysis.yml`
-
-**Dependabot Security Updates**:
-* Weekly scans for vulnerable dependencies
-* Automated pull requests for security patches
-* Configuration: `.github/dependabot.yml`
-
-**Secret Scanning**:
-* Enabled by default with push protection
-* Prevents accidental credential commits
-
-### Dependency Management
-
-* Keep dependencies up to date
-* Monitor security advisories for dependencies
-* Remove unused dependencies
-* Audit new dependencies before adoption
-* Document security-critical dependencies
-
-## Compliance and Governance
-
-This security policy is aligned with MokoStandards. Deviations require documented justification.
-
-Security policies are reviewed and updated at least annually or following significant security incidents.
-
-## Attribution and Recognition
-
-We acknowledge and appreciate responsible disclosure. With your permission, we will:
-
-* Credit you in security advisories
-* List you in CHANGELOG.md for the fix release
-* Recognize your contribution publicly (if desired)
-
-## Contact and Escalation
-
-* **Security Team**: security@mokoconsulting.tech
-* **Primary Contact**: hello@mokoconsulting.tech
-* **Escalation**: For urgent matters requiring immediate attention, contact the maintainer directly via GitHub
-
-## Out of Scope
-
-The following are explicitly out of scope:
-
-* Issues in third-party dependencies (report directly to maintainers)
-* Social engineering attacks
-* Physical security issues
-* Denial of service via resource exhaustion without amplification
-* Issues requiring physical access to systems
-* Theoretical vulnerabilities without proof of exploitability
-
---
-
-## Metadata
-
-| Field        | Value                                                                                                        |
-| ------------ | ------------------------------------------------------------------------------------------------------------ |
-| Document     | Security Policy                                                                                              |
-| Path         | /SECURITY.md                                                                                                 |
-| Repository   | [https://github.com/mokoconsulting-tech/Template-Joomla](https://github.com/mokoconsulting-tech/Template-Joomla) |
-| Owner        | Moko Consulting                                                                                              |
-| Scope        | Security vulnerability handling                                                                              |
-| Status       | Active                                                                                                       |
-| Effective    | 2026-01-16                                                                                                   |
-
-## Revision History
-
-| Date       | Change Description                                | Author          |
-| ---------- | ------------------------------------------------- | --------------- |
-| 2026-01-16 | Initial creation for template repository          | Moko Consulting |
@@ -21,7 +21,7 @@
 			type="sql"
 			label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_PROFILE"
 			description="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_PROFILE_DESC"
-			query="SELECT id AS value, CONCAT(title, ' (#', id, ')') AS text FROM #__mokosuitebackup_profiles WHERE published = 1 ORDER BY id ASC"
+			query="SELECT id AS value, CONCAT(title, ' (#', id, ')') AS text FROM #__mokosuitebackup_profiles WHERE published = 1 ORDER BY ordering ASC"
 			default="1"
 		>
 			<option value="1">Default Backup Profile (#1)</option>
@@ -15,7 +15,6 @@
 		>
 			<option value="">COM_MOKOJOOMBACKUP_FILTER_STATUS_ALL</option>
 			<option value="complete">COM_MOKOJOOMBACKUP_STATUS_COMPLETE</option>
-			<option value="warning">COM_MOKOJOOMBACKUP_STATUS_WARNING</option>
 			<option value="running">COM_MOKOJOOMBACKUP_STATUS_RUNNING</option>
 			<option value="fail">COM_MOKOJOOMBACKUP_STATUS_FAIL</option>
 			<option value="pending">COM_MOKOJOOMBACKUP_STATUS_PENDING</option>
@@ -42,8 +42,6 @@ COM_MOKOJOOMBACKUP_DASHBOARD_STORAGE_BREAKDOWN="Storage by Profile"
 COM_MOKOJOOMBACKUP_DASHBOARD_BACKUP_TREND="Backup Trend (30 days)"

 ; Backups view
-COM_MOKOJOOMBACKUP_BACKUPS_N_ITEMS_DELETED="%d backup records deleted."
-COM_MOKOJOOMBACKUP_BACKUPS_N_ITEMS_DELETED_1="%d backup record deleted."
 COM_MOKOJOOMBACKUP_BACKUPS_TITLE="Backup Records"
 COM_MOKOJOOMBACKUP_BACKUPS_TABLE_CAPTION="Table of backup records"
 COM_MOKOJOOMBACKUP_NO_BACKUPS="No backups found. Click 'Backup Now' to create your first backup."
@@ -207,7 +205,6 @@ COM_MOKOJOOMBACKUP_TYPE_DIFFERENTIAL="Differential (changed files + full DB)"

 ; Status labels
 COM_MOKOJOOMBACKUP_STATUS_COMPLETE="Complete"
-COM_MOKOJOOMBACKUP_STATUS_WARNING="Warning"
 COM_MOKOJOOMBACKUP_STATUS_RUNNING="Running"
 COM_MOKOJOOMBACKUP_STATUS_FAIL="Failed"
 COM_MOKOJOOMBACKUP_STATUS_PENDING="Pending"
@@ -7,7 +7,8 @@
 -->
 <extension type="component" method="upgrade">
 	<name>MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -40,7 +40,6 @@ CREATE TABLE IF NOT EXISTS `#__mokosuitebackup_profiles` (
 	`remote_keep_local`    TINYINT(1) NOT NULL DEFAULT 1 COMMENT 'Keep local copy after upload',
 	`encryption_password`  VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'AES-256 archive encryption password (blank = no encryption)',
 	`include_mokorestore`    VARCHAR(20) NOT NULL DEFAULT '0' COMMENT 'MokoRestore mode: 0=none, 1=wrapped, standalone',
-	`restore_script_name`   VARCHAR(100) NOT NULL DEFAULT 'restore.php' COMMENT 'Custom restore script filename',
 	`sanitize_passwords`    TINYINT(1) NOT NULL DEFAULT 0 COMMENT 'Replace user password hashes with invalid value',
 	`preserve_super_admin`  TINYINT(1) NOT NULL DEFAULT 1 COMMENT 'Keep super admin password when sanitizing',
 	`sanitize_emails`       TINYINT(1) NOT NULL DEFAULT 0 COMMENT 'Replace user emails with dummy values',
@@ -55,6 +54,7 @@ CREATE TABLE IF NOT EXISTS `#__mokosuitebackup_profiles` (
 	`ntfy_server`          VARCHAR(512) NOT NULL DEFAULT 'https://ntfy.sh' COMMENT 'ntfy server URL',
 	`ntfy_token`           VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'ntfy access token (optional)',
 	`published`         TINYINT(1) NOT NULL DEFAULT 1,
+	`ordering`          INT(11) NOT NULL DEFAULT 0,
 	`created`           DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
 	`modified`          DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
 	PRIMARY KEY (`id`),
@@ -65,7 +65,7 @@ CREATE TABLE IF NOT EXISTS `#__mokosuitebackup_records` (
 	`id`              INT(11) UNSIGNED NOT NULL AUTO_INCREMENT,
 	`profile_id`      INT(11) UNSIGNED NOT NULL DEFAULT 1,
 	`description`     VARCHAR(255) NOT NULL DEFAULT '',
-	`status`          VARCHAR(20) NOT NULL DEFAULT 'pending' COMMENT 'pending, running, complete, warning, fail',
+	`status`          VARCHAR(20) NOT NULL DEFAULT 'pending' COMMENT 'pending, running, complete, fail',
 	`origin`          VARCHAR(20) NOT NULL DEFAULT 'backend' COMMENT 'backend, cli, api, scheduled',
 	`backup_type`     VARCHAR(20) NOT NULL DEFAULT 'full' COMMENT 'full, database, files',
 	`archivename`     VARCHAR(512) NOT NULL DEFAULT '',
@@ -83,7 +83,6 @@ CREATE TABLE IF NOT EXISTS `#__mokosuitebackup_records` (
 	`checksum`        VARCHAR(64) NOT NULL DEFAULT '' COMMENT 'SHA-256 hash of archive',
 	`base_record_id`  INT(11) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'Base full backup ID for differential',
 	`manifest`        LONGTEXT DEFAULT NULL COMMENT 'JSON file manifest for differential comparison',
-	`status_message`  VARCHAR(512) NOT NULL DEFAULT '' COMMENT 'Short user-facing status detail (e.g. upload failure reason)',
 	`log`             MEDIUMTEXT DEFAULT NULL COMMENT 'Step-by-step backup log',
 	PRIMARY KEY (`id`),
 	KEY `idx_profile` (`profile_id`),
@@ -114,13 +113,14 @@ CREATE TABLE IF NOT EXISTS `#__mokosuitebackup_remotes` (
 	`title`            VARCHAR(255) NOT NULL DEFAULT '',
 	`type`             VARCHAR(20) NOT NULL DEFAULT 'sftp' COMMENT 'sftp, s3, google_drive',
 	`enabled`          TINYINT(1) NOT NULL DEFAULT 1,
-	`params`           MEDIUMTEXT COMMENT 'JSON: type-specific settings',
+	`keep_local`       TINYINT(1) NOT NULL DEFAULT 1 COMMENT 'Keep local copy after upload',
+	`config`           MEDIUMTEXT NOT NULL COMMENT 'JSON — type-specific settings',
 	`ordering`         INT(11) NOT NULL DEFAULT 0,
 	`created`          DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
 	`modified`         DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
 	PRIMARY KEY (`id`),
 	KEY `idx_profile` (`profile_id`),
-	KEY `idx_enabled` (`profile_id`, `enabled`)
+	KEY `idx_enabled` (`enabled`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

 -- Insert default backup profile (IGNORE prevents duplicate key error on update)
@@ -128,12 +128,12 @@ INSERT IGNORE INTO `#__mokosuitebackup_profiles` (
 	`id`, `title`, `description`, `backup_type`,
 	`archive_format`, `compression_level`, `split_size`, `backup_dir`,
 	`exclude_dirs`, `exclude_files`, `exclude_tables`,
-	`published`, `created`, `modified`
+	`published`, `ordering`, `created`, `modified`
 ) VALUES (
 	1, 'Default Backup Profile', 'Full site backup with default settings', 'full',
 	'zip', 5, 0, '[DEFAULT_DIR]',
 	'administrator/components/com_mokosuitebackup/backups\ntmp\ncache\nlogs\nadministrator/logs',
 	'.gitignore\n.htaccess.bak',
 	'#__session',
-	1, NOW(), NOW()
+	1, 1, NOW(), NOW()
 );
@@ -1 +0,0 @@
-/* 01.43.19 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.20 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.21 — no schema changes */
@@ -1,5 +0,0 @@
-- 01.43.22 — Add restore_script_name to profiles, align remotes schema
-
-ALTER TABLE `#__mokosuitebackup_profiles`
-  ADD COLUMN `restore_script_name` VARCHAR(100) NOT NULL DEFAULT 'restore.php' COMMENT 'Custom restore script filename'
-  AFTER `include_mokorestore`;
@@ -1 +0,0 @@
-/* 01.43.23 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.24 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.25 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.26 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.29 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.30 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.31 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.32 — no schema changes */
@@ -1 +0,0 @@
-ALTER TABLE `#__mokosuitebackup_profiles` DROP COLUMN `ordering`;
@@ -1 +0,0 @@
-/* 01.43.34 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.35 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.36 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.37 — no schema changes */
@@ -1 +0,0 @@
-/* 01.43.38 — no schema changes */
@@ -1 +0,0 @@
-/* 01.44.00 — no schema changes */
@@ -1 +0,0 @@
-/* 01.44.01 — no schema changes */
@@ -1 +0,0 @@
-/* 01.45.00 — no schema changes */
@@ -1 +0,0 @@
-ALTER TABLE `#__mokosuitebackup_records` ADD COLUMN `status_message` VARCHAR(512) NOT NULL DEFAULT '' COMMENT 'Short user-facing status detail (e.g. upload failure reason)' AFTER `log`;
@@ -1 +0,0 @@
-/* 01.45.04 — no schema changes */
@@ -924,11 +924,11 @@ class AjaxController extends BaseController
 			return;
 		}

-		// Decode JSON params and mask secrets
+		// Decode JSON config and mask secrets
 		$items = [];

 		foreach ($rows as $row) {
-			$config = json_decode($row->params, true) ?: [];
+			$config = json_decode($row->config, true) ?: [];

 			// Mask sensitive fields so they never leave the server in list views
 			$masked = $this->maskSecrets($config, $row->type);
@@ -939,7 +939,8 @@ class AjaxController extends BaseController
 				'title'      => $row->title,
 				'type'       => $row->type,
 				'enabled'    => (int) $row->enabled,
-				'params'     => $masked,
+				'keep_local' => (int) $row->keep_local,
+				'config'     => $masked,
 				'ordering'   => (int) $row->ordering,
 			];
 		}
@@ -970,6 +971,7 @@ class AjaxController extends BaseController
 		$title     = trim($this->input->getString('remote_title', ''));
 		$type      = $this->input->getCmd('remote_type', 'sftp');
 		$enabled   = $this->input->getInt('remote_enabled', 1);
+		$keepLocal = $this->input->getInt('remote_keep_local', 1);
 		$configRaw = $this->input->getString('remote_config', '{}');

 		if (!$profileId) {
@@ -1017,7 +1019,9 @@ class AjaxController extends BaseController
 			$table->title      = $title;
 			$table->type       = $type;
 			$table->enabled    = $enabled ? 1 : 0;
-			$table->params     = json_encode($config);
+			$table->keep_local = $keepLocal ? 1 : 0;
+			$table->config     = json_encode($config);
+
 			if (!$table->check() || !$table->store()) {
 				$this->sendJson(['error' => true, 'message' => $table->getError() ?: 'Save failed']);

@@ -1186,7 +1190,7 @@ class AjaxController extends BaseController
 		try {
 			$db    = Factory::getDbo();
 			$query = $db->getQuery(true)
-				->select($db->quoteName('params'))
+				->select($db->quoteName('config'))
 				->from($db->quoteName('#__mokosuitebackup_remotes'))
 				->where($db->quoteName('id') . ' = ' . $id);
 			$db->setQuery($query);
@@ -249,6 +249,7 @@ class AkeebaImporter
 			'remote_keep_local'    => 1,
 			'include_mokorestore'    => (int) (($config['akeeba.advanced.embedded_installer'] ?? 'none') !== 'none'),
 			'published'         => 1,
+			'ordering'          => (int) $akProfile->id,
 			'created'           => $now,
 			'modified'          => $now,
 		];
@@ -285,9 +285,8 @@ class BackupEngine
 				$this->log('Standalone ' . $restoreScriptName . ' generated (' . number_format(filesize($restoreScriptPath)) . ' bytes)');
 			}

-			$remoteFilename  = '';
-			$uploadFailed    = false;
-			$uploadErrors    = [];
+			$remoteFilename = '';
+			$uploadFailed   = false;

 			/* Step 3: Remote upload — iterate all enabled destinations */
 			$remotes = $this->loadRemoteDestinations($db, $profileId);
@@ -309,12 +308,10 @@ class BackupEngine
 							}
 						} else {
 							$uploadFailed = true;
-							$uploadErrors[] = ($remote->title ?? $remote->type) . ': ' . $result['message'];
 							$this->log('  WARNING: Upload failed: ' . $result['message']);
 						}
 					} catch (\Throwable $e) {
 						$uploadFailed = true;
-						$uploadErrors[] = ($remote->title ?? $remote->type) . ': ' . $e->getMessage();
 						$this->log('  WARNING: Upload exception: ' . $e->getMessage());
 					}
 				}
@@ -357,13 +354,11 @@ class BackupEngine
 							}
 						} else {
 							$uploadFailed = true;
-							$uploadErrors[] = $remoteStorage . ': ' . $uploadResult['message'];
 							$this->log('WARNING: Remote upload failed: ' . $uploadResult['message']);
 							$this->log('Local backup is preserved.');
 						}
 					} catch (\Throwable $e) {
 						$uploadFailed = true;
-						$uploadErrors[] = $remoteStorage . ': ' . $e->getMessage();
 						$this->log('WARNING: Remote upload threw an exception: ' . $e->getMessage());
 						$this->log('Local backup is preserved.');
 					}
@@ -377,20 +372,10 @@ class BackupEngine
 				error_log('MokoSuiteBackup: Could not write log file: ' . $logPath);
 			}

-			$statusMessage = '';
-
-			if ($uploadFailed) {
-				$statusMessage = 'Remote upload failed: ' . implode('; ', $uploadErrors);
-				if (strlen($statusMessage) > 512) {
-					$statusMessage = substr($statusMessage, 0, 509) . '...';
-				}
-			}
-
 			// Final record update (includes fields needed by NotificationSender)
 			$update = (object) [
 				'id'              => $recordId,
-				'status'          => $uploadFailed ? 'warning' : 'complete',
-				'status_message'  => $statusMessage,
+				'status'          => 'complete',
 				'description'     => $description,
 				'backup_type'     => $profile->backup_type,
 				'archivename'     => $archiveName,
@@ -394,14 +394,8 @@ class SteppedBackupEngine
 			$restoreScriptName = MokoRestore::sanitizeScriptName($restoreScriptName);
 			$restoreDir = dirname($session->archivePath);
 			$session->restoreScriptPath = $restoreDir . '/' . $restoreScriptName;
-
-			try {
-				MokoRestore::generateStandalone($session->restoreScriptPath);
-				$session->log('Standalone ' . $restoreScriptName . ' generated');
-			} catch (\Throwable $e) {
-				$session->log('MokoRestore error: ' . $e->getMessage() . ' in ' . $e->getFile() . ':' . $e->getLine());
-				$session->log('Stack trace: ' . $e->getTraceAsString());
-			}
+			MokoRestore::generateStandalone($session->restoreScriptPath);
+			$session->log('Standalone ' . $restoreScriptName . ' generated');
 		}

 		// Update record
@@ -451,7 +445,6 @@ class SteppedBackupEngine
 		$db = Factory::getDbo();
 		$remoteFilename = '';
 		$uploadFailed   = false;
-		$uploadErrors   = $session->uploadErrors ?? [];

 		if (!empty($session->remoteDestinations)) {
 			// ── Multi-remote path ──────────────────────────────────
@@ -486,16 +479,13 @@ class SteppedBackupEngine
 					}
 				} else {
 					$uploadFailed = true;
-					$uploadErrors[] = ($title) . ': ' . $result['message'];
 					$session->log('  WARNING: Upload failed: ' . $result['message']);
 				}
 			} catch (\Throwable $e) {
 				$uploadFailed = true;
-				$uploadErrors[] = ($title ?? $type) . ': ' . $e->getMessage();
 				$session->log('  WARNING: Upload exception: ' . $e->getMessage());
 			}

-			$session->uploadErrors = $uploadErrors;
 			$session->remoteIndex++;
 			$session->currentStep++;

@@ -521,7 +511,7 @@ class SteppedBackupEngine
 				$session->statusMessage = $uploadFailed
 					? 'Backup complete (some remote uploads failed — local archive preserved)'
 					: 'Backup complete';
-				$this->completeRecord($session, $uploadFailed, $uploadErrors);
+				$this->completeRecord($session, $uploadFailed);
 			}
 		} else {
 			// ── Legacy single-remote fallback ──────────────────────
@@ -561,13 +551,11 @@ class SteppedBackupEngine
 					}
 				} else {
 					$uploadFailed = true;
-					$uploadErrors[] = $session->remoteStorage . ': ' . $result['message'];
 					$session->log('WARNING: Remote upload failed: ' . $result['message']);
 					$session->log('Local backup is preserved.');
 				}
 			} catch (\Throwable $e) {
 				$uploadFailed = true;
-				$uploadErrors[] = $session->remoteStorage . ': ' . $e->getMessage();
 				$session->log('WARNING: Remote upload threw an exception: ' . $e->getMessage());
 				$session->log('Local backup is preserved.');
 			}
@@ -586,7 +574,7 @@ class SteppedBackupEngine
 			$session->statusMessage = $uploadFailed
 				? 'Backup complete (remote upload failed — local archive preserved)'
 				: 'Backup complete';
-			$this->completeRecord($session, $uploadFailed, $uploadErrors);
+			$this->completeRecord($session, $uploadFailed);
 		}
 	}

@@ -637,7 +625,7 @@ class SteppedBackupEngine
 	/**
 	 * Mark the backup record as complete.
 	 */
-	private function completeRecord(SteppedSession $session, bool $uploadFailed = false, array $uploadErrors = []): void
+	private function completeRecord(SteppedSession $session, bool $uploadFailed = false): void
 	{
 		$db         = Factory::getDbo();
 		$logContent = implode("\n", $session->log);
@@ -651,23 +639,13 @@ class SteppedBackupEngine
 		$totalSize = is_file($session->archivePath) ? filesize($session->archivePath) : 0;
 		$checksum  = is_file($session->archivePath) ? hash_file('sha256', $session->archivePath) : '';

-		$statusMessage = '';
-
-		if ($uploadFailed && !empty($uploadErrors)) {
-			$statusMessage = 'Remote upload failed: ' . implode('; ', $uploadErrors);
-			if (strlen($statusMessage) > 512) {
-				$statusMessage = substr($statusMessage, 0, 509) . '...';
-			}
-		}
-
 		$update = (object) [
-			'id'             => $session->recordId,
-			'status'         => $uploadFailed ? 'warning' : 'complete',
-			'status_message' => $statusMessage,
-			'backupend'      => date('Y-m-d H:i:s'),
-			'total_size'     => $totalSize,
-			'checksum'       => $checksum,
-			'log'            => $logContent,
+			'id'          => $session->recordId,
+			'status'      => 'complete',
+			'backupend'   => date('Y-m-d H:i:s'),
+			'total_size'  => $totalSize,
+			'checksum'    => $checksum,
+			'log'         => $logContent,
 		];

 		$db->updateObject('#__mokosuitebackup_records', $update, 'id');
@@ -60,7 +60,6 @@ class SteppedSession
 	// Multi-remote destinations (loaded from #__mokosuitebackup_remotes)
 	public array $remoteDestinations = [];
 	public int $remoteIndex = 0;
-	public array $uploadErrors = [];

 	// Progress
 	public int $totalSteps = 0;
@@ -29,10 +29,7 @@ class SshKeyField extends FormField
 		$id    = $this->id;
 		$name  = $this->name;

-		$decoded = !empty($value) ? (base64_decode($value, true) ?: '') : '';
-		$hasKey = !empty($value) && ($value === '__KEEP_EXISTING__'
-			|| str_contains($value, 'PRIVATE KEY')
-			|| str_contains($decoded, 'PRIVATE KEY'));
+		$hasKey = !empty($value) && str_contains($value, 'PRIVATE KEY');

 		$html = '<div id="' . htmlspecialchars($id) . '-wrapper">';

@@ -30,7 +30,7 @@ class DashboardModel extends BaseDatabaseModel
 			->select('r.*, p.title AS profile_title')
 			->from($db->quoteName('#__mokosuitebackup_records', 'r'))
 			->join('LEFT', $db->quoteName('#__mokosuitebackup_profiles', 'p') . ' ON p.id = r.profile_id')
-			->where($db->quoteName('r.status') . ' IN (' . $db->quote('complete') . ', ' . $db->quote('warning') . ')')
+			->where($db->quoteName('r.status') . ' = ' . $db->quote('complete'))
 			->order($db->quoteName('r.backupend') . ' DESC');
 		$db->setQuery($query, 0, 1);

@@ -75,7 +75,7 @@ class DashboardModel extends BaseDatabaseModel
 			->select('COUNT(*) AS total_count')
 			->select('COALESCE(SUM(' . $db->quoteName('total_size') . '), 0) AS total_size')
 			->from($db->quoteName('#__mokosuitebackup_records'))
-			->where($db->quoteName('status') . ' IN (' . $db->quote('complete') . ', ' . $db->quote('warning') . ')');
+			->where($db->quoteName('status') . ' = ' . $db->quote('complete'));
 		$db->setQuery($query);
 		$stats = $db->loadObject();

@@ -274,7 +274,7 @@ class DashboardModel extends BaseDatabaseModel
 			->select('COALESCE(SUM(r.total_size), 0) AS total_size')
 			->from($db->quoteName('#__mokosuitebackup_records', 'r'))
 			->join('LEFT', $db->quoteName('#__mokosuitebackup_profiles', 'p') . ' ON p.id = r.profile_id')
-			->where($db->quoteName('r.status') . ' IN (' . $db->quote('complete') . ', ' . $db->quote('warning') . ')')
+			->where($db->quoteName('r.status') . ' = ' . $db->quote('complete'))
 			->group($db->quoteName('r.profile_id'))
 			->order('total_size DESC');
 		$db->setQuery($query);
@@ -294,7 +294,7 @@ class DashboardModel extends BaseDatabaseModel
 			->select($db->quoteName(['id', 'title', 'backup_type']))
 			->from($db->quoteName('#__mokosuitebackup_profiles'))
 			->where($db->quoteName('published') . ' = 1')
-			->order($db->quoteName('id') . ' ASC');
+			->order($db->quoteName('ordering') . ' ASC');
 		$db->setQuery($query);

 		return $db->loadObjectList() ?: [];
@@ -25,6 +25,7 @@ class ProfilesModel extends ListModel
 				'title', 'a.title',
 				'backup_type', 'a.backup_type',
 				'published', 'a.published',
+				'ordering', 'a.ordering',
 			];
 		}

@@ -30,23 +30,12 @@ $ajaxUrl   = Route::_('index.php?option=com_mokosuitebackup&format=json', false)
 						<?php
 						$statusClass = match ($this->item->status) {
 							'complete' => 'badge bg-success',
-							'warning'  => 'badge bg-warning text-dark',
 							'running'  => 'badge bg-info',
 							'fail'     => 'badge bg-danger',
 							default    => 'badge bg-secondary',
 						};
-						$statusLabel = match ($this->item->status) {
-							'complete' => Text::_('COM_MOKOJOOMBACKUP_STATUS_COMPLETE'),
-							'warning'  => Text::_('COM_MOKOJOOMBACKUP_STATUS_WARNING'),
-							'running'  => Text::_('COM_MOKOJOOMBACKUP_STATUS_RUNNING'),
-							'fail'     => Text::_('COM_MOKOJOOMBACKUP_STATUS_FAIL'),
-							default    => $this->escape($this->item->status),
-						};
 						?>
-						<span class="<?php echo $statusClass; ?>"><?php echo $statusLabel; ?></span>
-						<?php if (!empty($this->item->status_message)) : ?>
-							<div class="mt-1"><small class="text-danger"><?php echo $this->escape($this->item->status_message); ?></small></div>
-						<?php endif; ?>
+						<span class="<?php echo $statusClass; ?>"><?php echo $this->escape($this->item->status); ?></span>
 					</td>
 				</tr>
 				<tr>
@@ -105,7 +94,7 @@ $ajaxUrl   = Route::_('index.php?option=com_mokosuitebackup&format=json', false)
 			</tbody>
 		</table>

-		<?php if (in_array($this->item->status, ['complete', 'warning']) && !empty($this->item->filesexist)) : ?>
+		<?php if ($this->item->status === 'complete' && !empty($this->item->filesexist)) : ?>
 		<!-- Archive Browser -->
 		<h4 class="mt-4">
 			<span class="icon-folder-open" aria-hidden="true"></span>
@@ -164,7 +153,7 @@ $ajaxUrl   = Route::_('index.php?option=com_mokosuitebackup&format=json', false)
 		document.getElementById('mb-detail-log-body').textContent = 'Error: ' + err.message;
 	});

-	<?php if (in_array($this->item->status, ['complete', 'warning']) && !empty($this->item->filesexist)) : ?>
+	<?php if ($this->item->status === 'complete' && !empty($this->item->filesexist)) : ?>
 	// Load archive contents
 	function formatFileSize(bytes) {
 		if (bytes === 0) return '0 B';
@@ -92,23 +92,12 @@ $listDirn  = $this->escape($this->state->get('list.direction'));
 									<?php
 									$statusClass = match ($item->status) {
 										'complete' => 'badge bg-success',
-										'warning'  => 'badge bg-warning text-dark',
 										'running'  => 'badge bg-info',
 										'fail'     => 'badge bg-danger',
 										default    => 'badge bg-secondary',
 									};
-									$statusLabel = match ($item->status) {
-										'complete' => Text::_('COM_MOKOJOOMBACKUP_STATUS_COMPLETE'),
-										'warning'  => Text::_('COM_MOKOJOOMBACKUP_STATUS_WARNING'),
-										'running'  => Text::_('COM_MOKOJOOMBACKUP_STATUS_RUNNING'),
-										'fail'     => Text::_('COM_MOKOJOOMBACKUP_STATUS_FAIL'),
-										default    => $this->escape($item->status),
-									};
 									?>
-									<span class="<?php echo $statusClass; ?>"><?php echo $statusLabel; ?></span>
-									<?php if (!empty($item->status_message)) : ?>
-										<br><small class="text-muted"><?php echo $this->escape($item->status_message); ?></small>
-									<?php endif; ?>
+									<span class="<?php echo $statusClass; ?>"><?php echo $this->escape($item->status); ?></span>
 								</td>
 								<td>
 									<?php echo $this->escape($item->backup_type); ?>
@@ -8,7 +8,8 @@
 -->
 <extension type="module" client="administrator" method="upgrade">
 	<name>mod_mokosuitebackup_cpanel</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-23</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,8 @@
 -->
 <extension type="plugin" group="actionlog" method="upgrade">
 	<name>Action Log - MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,8 @@
 -->
 <extension type="plugin" group="console" method="upgrade">
 	<name>Console - MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,8 @@
 -->
 <extension type="plugin" group="content" method="upgrade">
 	<name>Content - MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <extension type="plugin" group="quickicon" method="upgrade">
 	<name>Quick Icon - MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,8 @@
 -->
 <extension type="plugin" group="system" method="upgrade">
 	<name>System - MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -259,8 +259,6 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 			$maxCount = (int) $profile->retention_count > 0 ? (int) $profile->retention_count : $globalMaxCount;
 			$pid      = (int) $profile->id;

-			$completedStatuses = '(' . $db->quote('complete') . ', ' . $db->quote('warning') . ')';
-
 			// Delete by age for this profile
 			$cutoff = date('Y-m-d H:i:s', strtotime("-{$maxAge} days"));
 			$query  = $db->getQuery(true)
@@ -268,7 +266,7 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 				->from($db->quoteName('#__mokosuitebackup_records'))
 				->where($db->quoteName('profile_id') . ' = ' . $pid)
 				->where($db->quoteName('backupstart') . ' < ' . $db->quote($cutoff))
-				->where($db->quoteName('status') . ' IN ' . $completedStatuses);
+				->where($db->quoteName('status') . ' = ' . $db->quote('complete'));
 			$db->setQuery($query);
 			$expired = $db->loadObjectList();

@@ -281,7 +279,7 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 				->select('COUNT(*)')
 				->from($db->quoteName('#__mokosuitebackup_records'))
 				->where($db->quoteName('profile_id') . ' = ' . $pid)
-				->where($db->quoteName('status') . ' IN ' . $completedStatuses);
+				->where($db->quoteName('status') . ' = ' . $db->quote('complete'));
 			$db->setQuery($query);
 			$totalCount = (int) $db->loadResult();

@@ -291,7 +289,7 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 					->select('id, absolute_path')
 					->from($db->quoteName('#__mokosuitebackup_records'))
 					->where($db->quoteName('profile_id') . ' = ' . $pid)
-					->where($db->quoteName('status') . ' IN ' . $completedStatuses)
+					->where($db->quoteName('status') . ' = ' . $db->quote('complete'))
 					->order($db->quoteName('backupstart') . ' ASC');
 				$db->setQuery($query, 0, $excess);
 				$oldest = $db->loadObjectList();
@@ -308,7 +306,7 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 			->from($db->quoteName('#__mokosuitebackup_records', 'r'))
 			->join('LEFT', $db->quoteName('#__mokosuitebackup_profiles', 'p') . ' ON p.id = r.profile_id')
 			->where('p.id IS NULL')
-			->where($db->quoteName('r.status') . ' IN (' . $db->quote('complete') . ', ' . $db->quote('warning') . ')');
+			->where($db->quoteName('r.status') . ' = ' . $db->quote('complete'));
 		$db->setQuery($query);
 		$orphans = $db->loadObjectList();

@@ -7,7 +7,8 @@
 -->
 <extension type="plugin" group="task" method="upgrade">
 	<name>Task - MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -7,7 +7,8 @@
 -->
 <extension type="plugin" group="webservices" method="upgrade">
 	<name>Web Services - MokoSuiteBackup</name>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -8,7 +8,8 @@
 <extension type="package" method="upgrade">
 	<name>Package - MokoSuiteBackup</name>
 	<packagename>mokosuitebackup</packagename>
-	<version>01.45.04</version>
+	<version>01.43.16</version>
+	<version>01.43.16</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -29,7 +30,6 @@
 		<file type="plugin" id="mokosuitebackup" group="content">plg_content_mokosuitebackup.zip</file>
 		<file type="plugin" id="mokosuitebackup" group="actionlog">plg_actionlog_mokosuitebackup.zip</file>
 		<file type="module" id="mod_mokosuitebackup_cpanel" client="administrator">mod_mokosuitebackup_cpanel.zip</file>
-		<file type="package" id="pkg_mokosuiteclient">MokoSuiteClient.zip</file>
 	</files>

 	<languages>
Author	SHA1	Message	Date
gitea-actions[bot]	35d7000f64	chore(version): pre-release bump to 01.43.16-dev [skip ci]	2026-06-25 16:11:26 +00:00
jmiller	0bf05b2034	fix(db): add 01.43.11 schema update file to resolve version mismatch Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 10s Details Joomla's database checker requires a SQL update file matching the manifest version. Missing file caused schema version to stay at 01.41.00.	2026-06-25 11:11:05 -05:00
				`@@ -1 +0,0 @@`
				ALTER TABLE `#__mokosuitebackup_profiles` DROP COLUMN `ordering`;
				`@@ -1 +0,0 @@`
				ALTER TABLE `#__mokosuitebackup_records` ADD COLUMN `status_message` VARCHAR(512) NOT NULL DEFAULT '' COMMENT 'Short user-facing status detail (e.g. upload failure reason)' AFTER `log`;