chore: sync issue-branch.yml from Template-Generic [skip ci]

- CHANGELOG: fix the mangled header (duplicate empty [01.05.00], misplaced
  intro) and add a full [Unreleased] section covering the dashboard, edit UI,
  CSV import UI, access.xml/config.xml, AI/sitemap hardening, forward-compat,
  dead-code removal, and the new unit tests
- README: add Coverage dashboard / Manual tag editor / Component permissions to
  Admin Tools; drop the removed ImageGenerator overlay feature; note sitemap
  access-level filtering; add a Joomla 6.0+ / PHP 8.2+ Requirements line

.mokogitea/workflows/auto-release.yml

@@ -7,7 +7,7 @@
 # INGROUP: mokocli.Release
 # REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokocli
 # PATH: /templates/workflows/universal/auto-release.yml.template
-# VERSION: 05.00.00
+# VERSION: 05.01.00
 # BRIEF: Universal build & release � detects platform from manifest.xml
 #
 # +=======================================================================+
@@ -75,6 +75,7 @@ jobs:
         with:
           token: ${{ secrets.MOKOGITEA_TOKEN }}
           fetch-depth: 1
+          submodules: recursive
 
       - name: Setup mokocli tools
         env:
@@ -173,6 +174,7 @@ jobs:
         with:
           token: ${{ secrets.MOKOGITEA_TOKEN }}
           fetch-depth: 0
+          submodules: recursive
 
       - name: Configure git for bot pushes
         run: |

.mokogitea/workflows/issue-branch.yml

@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Automation
-# VERSION: 01.06.09
+# VERSION: 01.00.00
 # BRIEF: Auto-create feature branch when an issue is opened
 
 name: "Universal: Issue Branch"

CHANGELOG.md

@@ -2,15 +2,46 @@
 
 ## [Unreleased]
 
-## [01.05.00] --- 2026-06-28
+## [01.07.00] --- 2026-06-29
 
 
-<!-- VERSION: 01.06.09 -->
-
 All notable changes to MokoSuiteOpenGraph will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+<!-- VERSION: 01.07.00 -->
+
+## [01.07.00] --- 2026-06-29
+
+### Added
+- OG coverage **dashboard** as the default admin view — SVG donut gauge, coverage by content type, and a list of articles missing OG tags with a batch-generate shortcut (#94)
+- Single OG tag **create/edit screen** in the admin (the tag manager was previously read-only) (#98)
+- **CSV import** button and upload form in the tag manager (#103)
+- Component **Options** screen with a Permissions tab, plus `access.xml` ACL actions `mokoog.batch` and `mokoog.import` (#95)
+- `og_video`, `event_data`, `recipe_data`, and `custom_schema` are now included in CSV import/export and the REST API (#101)
+- Unit tests for `JsonLdBuilder::buildLocalBusiness()` and `toScriptTag()` (#33)
+
+### Changed
+- **Require Joomla 6.0+ and PHP 8.2+** (enforced at install)
+- Renamed the product from *MokoJoomOpenGraph* to **MokoSuiteOpenGraph**
+- Forward-compatibility for Joomla 7: replaced deprecated `Factory::getDbo/getUser/getSession/getLanguage`, `Joomla\CMS\Filesystem\File/Folder`, and `jexit()` (#102)
+- Aligned OG/SEO form `maxlength` values with the database column limits (#77)
+- Moved coverage metrics out of the tag list into a dedicated model (no longer runs uncached `COUNT` queries on every list load)
+
+### Fixed
+- Fatal frontend error (HTTP 500) when a non-object value was saved into the custom JSON-LD field — values are now validated as objects/arrays on save and guarded on render (#97)
+- Stored XSS via the canonical URL field — now restricted to `http`/`https` (#79)
+- Use the `mysqli` driver in the component manifest so install/upgrade SQL actually runs on Joomla 4/5/6
+- `loadArticle()` now caches negative lookups; zero dates are no longer emitted as `article:published_time`/`article:modified_time` (#106)
+
+### Security
+- AI meta-generation endpoint now requires article-edit permission and enforces an HTTP timeout and status check — previously any authenticated back-end user could trigger paid API calls (#99)
+- XML sitemap now excludes content above the public view level (no longer leaks registered/special-access articles) and writes atomically (#100)
+
+### Removed
+- Unused `ImageGenerator` class and `JsonLdBuilder::buildOrganization()`; generated OG images are now pruned after 30 days to bound disk usage (#104)
+- Empty `src/Field` and `src/Service` stub directories; packaged the `en-US` language folder (#107)
+
 ## [01.05.00] --- 2026-06-28
 
 ### Security

CODE_OF_CONDUCT.md

@@ -14,7 +14,7 @@
 	DEFGROUP: Template-Joomla
 	INGROUP: Template-Joomla.Documentation
 	REPO: https://github.com/mokoconsulting-tech/Template-Joomla/
-  VERSION: 01.06.09
+  VERSION: 01.07.00
   PATH: ./CODE_OF_CONDUCT.md
   BRIEF: Community expectations and enforcement guidelines
   NOTE: Adapted with attribution from the Contributor Covenant v2.1

GOVERNANCE.md

@@ -19,7 +19,7 @@
  DEFGROUP: mokoconsulting-tech.Template-Joomla
  INGROUP: MokoStandards.Governance
  REPO: https://github.com/mokoconsulting-tech/Template-Joomla
- VERSION: 01.06.09
+ VERSION: 01.07.00
  PATH: /GOVERNANCE.md
  BRIEF: Project governance rules, roles, and decision process for Template-Joomla
 -->

README.md

@@ -1,6 +1,6 @@
 # MokoSuiteOpenGraph
 
-<!-- VERSION: 01.06.09 -->
+<!-- VERSION: 01.07.00 -->
 
 Open Graph, Twitter Card, and social sharing meta tag management for Joomla 6 and higher.
 
@@ -45,21 +45,24 @@ MokoSuiteOpenGraph gives you full control over how your Joomla content appears w
 - **Debug links** — Quick links to Facebook Debugger, LinkedIn Inspector, Google Rich Results
 - **Live preview** — Real-time Facebook, Twitter/X, LinkedIn, Discord, Mastodon, and Slack card previews in the editor
 - **Character count indicators** — Green/yellow/red warnings on OG and SEO text fields
-- **OG coverage dashboard** — Coverage percentage and missing field counts
+- **Coverage dashboard** — Default admin view: coverage donut, breakdown by content type, and a list of articles missing OG tags with quick batch-generate
-- **AI meta generation** — Generate OG titles and descriptions with Claude or OpenAI
+- **Manual tag editor** — Create and edit individual OG tag records directly in the admin
+- **Component permissions** — ACL actions (`mokoog.batch`, `mokoog.import`) configurable from the component Options → Permissions
+- **AI meta generation** — Generate OG titles and descriptions with Claude or OpenAI (article-edit permission required)
 
 ### Developer Features
 - **REST API** — Full CRUD via Joomla Web Services (`/api/v1/mokoog/tags`)
 - **MokoSuiteShop integration** — Auto-generated OG/JSON-LD for product pages with pricing meta
 - **Plugin event** — `onMokoOGAfterRender` for third-party plugins to add custom social tags
-- **OG image generator** — Text overlay on template backgrounds with auto-resize to 1200x630
+- **Per-platform image resizing** — Twitter 1200x600, Pinterest 1000x1500, WhatsApp 400x400, with auto-resize to 1200x630
-- **Per-platform image resizing** — Twitter 1200x600, Pinterest 1000x1500, WhatsApp 400x400
+- **XML sitemap** — Auto-generates sitemap.xml on article save; respects noindex and public access levels, written atomically
-- **XML sitemap** — Auto-generates sitemap.xml on article save, respects noindex
 - **OpenAPI spec** — Full REST API documentation at `openapi.yaml`
-- **PHPUnit tests** — 16 unit tests for JsonLdBuilder schema outputs
+- **PHPUnit tests** — Unit tests for JsonLdBuilder schema outputs and JSON-LD script-tag escaping
 
 ## Installation
 
+**Requirements:** Joomla 6.0 or higher and PHP 8.2 or higher.
+
 1. Download the latest `pkg_mokoog-*.zip` from [Releases](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteOpenGraph/releases)
 2. In Joomla Administrator → Extensions → Install → Upload Package File
 3. All plugins are enabled automatically on install

SECURITY.md

@@ -23,7 +23,7 @@ DEFGROUP: Template-Joomla
 INGROUP: Template-Joomla.Documentation
 REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
 PATH: /SECURITY.md
-VERSION: 01.06.09
+VERSION: 01.07.00
 BRIEF: Security vulnerability reporting and handling policy
 -->
 

source/packages/com_mokoog/mokoog.xml

@@ -8,7 +8,7 @@
  -->
 <extension type="component" method="upgrade">
     <name>com_mokoog</name>
-    <version>01.06.09</version>
+    <version>01.07.00</version>
     <creationDate>2026-05-23</creationDate>
     <author>Moko Consulting</author>
     <authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/com_mokoog/sql/updates/mysql/01.06.00.sql

@@ -0,0 +1 @@
+/* 01.06.00 — no schema changes */

source/packages/com_mokoog/sql/updates/mysql/01.06.10.sql

@@ -0,0 +1 @@
+/* 01.06.10 — no schema changes */

source/packages/com_mokoog/sql/updates/mysql/01.06.11.sql

@@ -0,0 +1 @@
+/* 01.06.11 — no schema changes */

source/packages/com_mokoog/sql/updates/mysql/01.06.12.sql

@@ -0,0 +1 @@
+/* 01.06.12 — no schema changes */

source/packages/com_mokoog/sql/updates/mysql/01.06.13.sql

@@ -0,0 +1 @@
+/* 01.06.13 — no schema changes */

source/packages/com_mokoog/sql/updates/mysql/01.07.00.sql

@@ -0,0 +1 @@
+/* 01.07.00 — no schema changes */

source/packages/plg_content_mokoog/mokoog.xml

@@ -8,7 +8,7 @@
  -->
 <extension type="plugin" group="content" method="upgrade">
     <name>Content - MokoSuiteOpenGraph</name>
-    <version>01.06.09</version>
+    <version>01.07.00</version>
     <creationDate>2026-05-23</creationDate>
     <author>Moko Consulting</author>
     <authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_system_mokoog/mokoog.xml

@@ -8,7 +8,7 @@
  -->
 <extension type="plugin" group="system" method="upgrade">
     <name>System - MokoSuiteOpenGraph</name>
-    <version>01.06.09</version>
+    <version>01.07.00</version>
     <creationDate>2026-05-23</creationDate>
     <author>Moko Consulting</author>
     <authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_webservices_mokoog/mokoog.xml

@@ -8,7 +8,7 @@
  -->
 <extension type="plugin" group="webservices" method="upgrade">
     <name>Web Services - MokoSuiteOpenGraph</name>
-    <version>01.06.09</version>
+    <version>01.07.00</version>
     <creationDate>2026-05-23</creationDate>
     <author>Moko Consulting</author>
     <authorEmail>hello@mokoconsulting.tech</authorEmail>

source/pkg_mokoog.xml

@@ -8,7 +8,7 @@
 <extension type="package" method="upgrade">
     <name>Package - MokoSuiteOpenGraph</name>
     <packagename>mokoog</packagename>
-    <version>01.06.09</version>
+    <version>01.07.00</version>
     <creationDate>2026-05-23</creationDate>
     <author>Moko Consulting</author>
     <authorEmail>hello@mokoconsulting.tech</authorEmail>

tests/Unit/Helper/JsonLdBuilderLocalBusinessTest.php

@@ -1,93 +0,0 @@
-<?php
-
-/**
- * @package     MokoSuiteOpenGraph
- * @subpackage  Tests
- * @author      Moko Consulting <hello@mokoconsulting.tech>
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
-namespace Mokoconsulting\MokoOG\Tests\Unit\Helper;
-
-use Joomla\Plugin\System\MokoOG\Helper\JsonLdBuilder;
-use PHPUnit\Framework\TestCase;
-
-class JsonLdBuilderLocalBusinessTest extends TestCase
-{
-    /**
-     * Minimal Registry-like stand-in exposing get($key, $default).
-     */
-    private function params(array $data): object
-    {
-        return new class ($data) {
-            private array $data;
-
-            public function __construct(array $data)
-            {
-                $this->data = $data;
-            }
-
-            public function get($key, $default = null)
-            {
-                return $this->data[$key] ?? $default;
-            }
-        };
-    }
-
-    public function testReturnsNullWithoutName(): void
-    {
-        $this->assertNull(JsonLdBuilder::buildLocalBusiness($this->params([])));
-        $this->assertNull(JsonLdBuilder::buildLocalBusiness($this->params(['lb_name' => '   '])));
-    }
-
-    public function testMinimalSchemaHasNoOptionalKeys(): void
-    {
-        $result = JsonLdBuilder::buildLocalBusiness($this->params(['lb_name' => 'Acme Co']));
-
-        $this->assertSame('https://schema.org', $result['@context']);
-        $this->assertSame('LocalBusiness', $result['@type']);
-        $this->assertSame('Acme Co', $result['name']);
-        $this->assertArrayNotHasKey('address', $result);
-        $this->assertArrayNotHasKey('geo', $result);
-        $this->assertArrayNotHasKey('telephone', $result);
-    }
-
-    public function testCustomTypeAndPartialAddress(): void
-    {
-        $result = JsonLdBuilder::buildLocalBusiness($this->params([
-            'lb_name'    => 'Joe Pizza',
-            'lb_type'    => 'Restaurant',
-            'lb_street'  => '1 Main St',
-            'lb_city'    => 'Springfield',
-            'lb_country' => 'US',
-            'lb_phone'   => '+1-555-0100',
-        ]));
-
-        $this->assertSame('Restaurant', $result['@type']);
-        $this->assertSame('PostalAddress', $result['address']['@type']);
-        $this->assertSame('1 Main St', $result['address']['streetAddress']);
-        $this->assertSame('Springfield', $result['address']['addressLocality']);
-        $this->assertSame('US', $result['address']['addressCountry']);
-        $this->assertArrayNotHasKey('postalCode', $result['address']);
-        $this->assertSame('+1-555-0100', $result['telephone']);
-    }
-
-    public function testGeoRequiresBothCoordinates(): void
-    {
-        $partial = JsonLdBuilder::buildLocalBusiness($this->params([
-            'lb_name'     => 'X',
-            'lb_latitude' => '1.0',
-        ]));
-        $this->assertArrayNotHasKey('geo', $partial);
-
-        $full = JsonLdBuilder::buildLocalBusiness($this->params([
-            'lb_name'      => 'X',
-            'lb_latitude'  => '1.0',
-            'lb_longitude' => '2.0',
-        ]));
-        $this->assertSame('GeoCoordinates', $full['geo']['@type']);
-        $this->assertSame('1.0', $full['geo']['latitude']);
-        $this->assertSame('2.0', $full['geo']['longitude']);
-    }
-}

tests/Unit/Helper/JsonLdScriptTagTest.php

@@ -1,56 +0,0 @@
-<?php
-
-/**
- * @package     MokoSuiteOpenGraph
- * @subpackage  Tests
- * @author      Moko Consulting <hello@mokoconsulting.tech>
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
-namespace Mokoconsulting\MokoOG\Tests\Unit\Helper;
-
-use Joomla\Plugin\System\MokoOG\Helper\JsonLdBuilder;
-use PHPUnit\Framework\TestCase;
-
-class JsonLdScriptTagTest extends TestCase
-{
-    private const OPEN  = '<script type="application/ld+json">';
-    private const CLOSE = '</script>';
-
-    private function body(string $output): string
-    {
-        return substr($output, \strlen(self::OPEN), -\strlen(self::CLOSE));
-    }
-
-    public function testWrapsInLdJsonScriptTag(): void
-    {
-        $out = JsonLdBuilder::toScriptTag(['@type' => 'Thing']);
-
-        $this->assertStringStartsWith(self::OPEN, $out);
-        $this->assertStringEndsWith(self::CLOSE, $out);
-    }
-
-    public function testEscapesClosingScriptInsideData(): void
-    {
-        $out  = JsonLdBuilder::toScriptTag(['name' => 'evil </script><script>alert(1)</script>']);
-        $body = $this->body($out);
-
-        // No raw "</" may survive inside the body — it would let content break out
-        // of the <script> block. The builder rewrites every "</" to "<\/".
-        $this->assertStringNotContainsString('</', $body);
-        $this->assertStringContainsString('<\\/', $body);
-    }
-
-    public function testBodyIsValidJsonAfterUnescaping(): void
-    {
-        $out  = JsonLdBuilder::toScriptTag(['@context' => 'https://schema.org', '@type' => 'Article']);
-        $json = str_replace('<\\/', '</', $this->body($out));
-
-        $decoded = json_decode($json, true);
-
-        $this->assertIsArray($decoded);
-        $this->assertSame('Article', $decoded['@type']);
-        $this->assertSame('https://schema.org', $decoded['@context']);
-    }
-}