chore: sync pr-metadata-check.yml from Template-Joomla

chore: sync SECURITY.md from Template-Joomla
chore: sync GOVERNANCE.md from Template-Joomla
2026-06-28 07:47:38 +00:00 · 2026-06-28 07:46:12 +00:00 · 2026-06-28 07:42:40 +00:00 · 2026-06-28 07:40:55 +00:00 · 2026-06-28 07:37:50 +00:00 · 2026-06-28 07:35:50 +00:00
45 changed files with 1141 additions and 1093 deletions
@@ -22,7 +22,7 @@ on:
 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
 permissions:
  contents: write
@@ -27,9 +27,18 @@ name: "Universal: Build & Release"
 on:
  pull_request:
-    types: [opened, closed]
+    types: [opened, synchronize, closed]
    branches:
      - main
    paths-ignore:
      - '.mokogitea/workflows/**'
      - '*.md'
      - 'wiki/**'
      - '.editorconfig'
      - '.gitignore'
      - '.gitattributes'
      - '.gitmessage'
      - 'LICENSE' 
  workflow_dispatch:
    inputs:
      action:
@@ -43,7 +52,7 @@ on:
 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
@@ -57,6 +66,7 @@ jobs:
    runs-on: release
    if: >-
      (github.event.action == 'opened' && github.event.pull_request.merged != true) ||
      (github.event.action == 'synchronize' && github.event.pull_request.merged != true) ||
      (github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
    steps:
@@ -92,7 +102,7 @@ jobs:
          php ${MOKO_CLI}/branch_rename.php \
            --from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" \
-            --api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
+            --api-base "${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
            --pr "${{ github.event.pull_request.number }}"
      - name: Checkout rc and configure git
@@ -111,7 +121,7 @@ jobs:
      - name: Update RC release notes from CHANGELOG.md
        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          # Extract [Unreleased] section from changelog
@@ -259,7 +269,7 @@ jobs:
          !startsWith(steps.platform.outputs.platform, 'joomla')
        run: |
          VERSION="${{ steps.version.outputs.version }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          SEMVER_TAG="v${VERSION}"
@@ -284,7 +294,7 @@ jobs:
      - name: Update release notes and promote changelog
        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          # Get the stable release info (version and ID)
@@ -353,7 +363,7 @@ jobs:
          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
          GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          php ${MOKO_CLI}/release_mirror.php \
            --version "$VERSION" --tag "$RELEASE_TAG" \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
@@ -382,7 +392,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          # Delete rc branch (ephemeral — created by promote-rc)
@@ -406,7 +416,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
          BRANCH_NAME="version/${VERSION}"
@@ -427,7 +437,7 @@ jobs:
        if: steps.version.outputs.skip != 'true'
        continue-on-error: true
        run: |
-          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
+          API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          php ${MOKO_CLI}/version_reset_dev.php \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
            --branch dev --path . 2>&1 || true
@@ -453,5 +463,5 @@ jobs:
            echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
            echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
            echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
-            echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
+            echo "| Release | [View](${MOKOGITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
          fi
@@ -13,6 +13,12 @@
 name: "Generic: Project CI"
 on:
  pull_request:
    branches:
      - main
      - dev
      - dev/**
      - rc/**
  workflow_dispatch:
 permissions:
@@ -0,0 +1,68 @@
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Universal
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
 # PATH: /.mokogitea/workflows/ci-issue-reporter.yml
 # VERSION: 01.00.00
 # BRIEF: Reusable workflow — creates/updates a Gitea issue when a CI gate fails.
 #        Clones MokoCLI and runs cli/ci_issue_reporter.sh.
 name: "Universal: CI Issue Reporter"
 on:
  workflow_call:
    inputs:
      gate:
        description: "CI gate name (e.g. PR Validation, Repository Health)"
        required: true
        type: string
      details:
        description: "Human-readable failure description"
        required: true
        type: string
      severity:
        description: "error or warning"
        required: false
        type: string
        default: "error"
      workflow:
        description: "Workflow name for the issue title"
        required: false
        type: string
        default: ""
    secrets:
      MOKOGITEA_TOKEN:
        required: true
 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 jobs:
  report:
    name: "Report: ${{ inputs.gate }}"
    runs-on: ubuntu-latest
    steps:
      - name: Clone MokoCLI
        env:
          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
          MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
          git clone --depth 1 --filter=blob:none --sparse "${MOKOGITEA_URL}/MokoConsulting/MokoCLI.git" /tmp/mokocli
          cd /tmp/mokocli && git sparse-checkout set cli/ci_issue_reporter.sh
      - name: Report CI failure
        env:
          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
          MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
        run: |
          chmod +x /tmp/mokocli/cli/ci_issue_reporter.sh
          /tmp/mokocli/cli/ci_issue_reporter.sh \
            --gate "${{ inputs.gate }}" \
            --details "${{ inputs.details }}" \
            --severity "${{ inputs.severity }}" \
            --workflow "${{ inputs.workflow }}"
@@ -21,7 +21,7 @@ permissions:
  contents: write
 env:
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
 jobs:
  cleanup:
@@ -33,17 +33,17 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-          token: ${{ secrets.GA_TOKEN }}
+          token: ${{ secrets.MOKOGITEA_TOKEN }}
      - name: Delete merged branches
        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
          echo "=== Merged Branch Cleanup ==="
-          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
+          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
          # List branches via API
-          BRANCHES=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
+          BRANCHES=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
            "${API}/branches?limit=50" | jq -r '.[].name')
          DELETED=0
@@ -56,7 +56,7 @@ jobs:
            # Check if branch is merged into main
            if git merge-base --is-ancestor "origin/${BRANCH}" origin/main 2>/dev/null; then
              echo "  Deleting merged branch: ${BRANCH}"
-              curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
+              curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
                "${API}/branches/${BRANCH}" 2>/dev/null || true
              DELETED=$((DELETED + 1))
            fi
@@ -66,20 +66,20 @@ jobs:
      - name: Clean old workflow runs
        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
          echo "=== Workflow Run Cleanup ==="
-          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
+          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
          CUTOFF=$(date -d "30 days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-30d +%Y-%m-%dT%H:%M:%SZ)
          # Get old completed runs
-          RUNS=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
+          RUNS=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
            "${API}/actions/runs?status=completed&limit=50" | \
            jq -r ".workflow_runs[] | select(.created_at < \"${CUTOFF}\") | .id" 2>/dev/null)
          DELETED=0
          for RUN_ID in $RUNS; do
-            curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
+            curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
              "${API}/actions/runs/${RUN_ID}" 2>/dev/null || true
            DELETED=$((DELETED + 1))
          done
@@ -1,76 +0,0 @@
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 # SPDX-License-Identifier: GPL-3.0-or-later
 name: "Publish to Composer"
 on:
  push:
    tags:
      - 'v*'
      - '[0-9]*.[0-9]*.[0-9]*'
  release:
    types: [published]
  workflow_dispatch:
 env:
  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
 jobs:
  publish:
    name: Publish Package
    runs-on: ubuntu-latest
    if: >-
      !contains(github.event.head_commit.message, '[skip ci]') &&
      !contains(github.event.head_commit.message, '[skip publish]')
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup PHP
        run: |
          if ! command -v php &> /dev/null; then
            sudo apt-get update -qq
            sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
          fi
      - name: Install dependencies
        run: composer install --no-dev --no-interaction --prefer-dist --quiet
      - name: Determine version
        id: version
        run: |
          VERSION=$(php -r "echo json_decode(file_get_contents('composer.json'))->version;")
          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
          echo "Package version: ${VERSION}"
      # Gitea Composer Registry — auto-publishes from tags
      # The tag push itself registers the package at:
      # https://git.mokoconsulting.tech/api/packages/MokoConsulting/composer
      - name: Verify Gitea registry
        run: |
          echo "Gitea Composer registry auto-publishes from tags."
          echo "Package available at: ${GITEA_URL}/api/packages/MokoConsulting/composer"
          echo "Install: composer require mokoconsulting/mokocli"
      # Packagist — notify of new version
      - name: Notify Packagist
        if: secrets.PACKAGIST_TOKEN != ''
        run: |
          VERSION="${{ steps.version.outputs.version }}"
          echo "Notifying Packagist of version ${VERSION}..."
          curl -sf -X POST \
            -H "Content-Type: application/json" \
            -d '{"repository":{"url":"https://git.mokoconsulting.tech/MokoConsulting/mokocli"}}' \
            "https://packagist.org/api/update-package?username=mokoconsulting&apiToken=${{ secrets.PACKAGIST_TOKEN }}" \
            && echo "Packagist notified" \
            || echo "::warning::Packagist notification failed (package may not be registered yet)"
      - name: Summary
        run: |
          VERSION="${{ steps.version.outputs.version }}"
          echo "## Composer Package Published" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "| Registry | Status |" >> $GITHUB_STEP_SUMMARY
          echo "|----------|--------|" >> $GITHUB_STEP_SUMMARY
          echo "| Gitea | \`composer require mokoconsulting/mokocli:${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
          echo "| Packagist | \`composer require mokoconsulting/mokocli\` |" >> $GITHUB_STEP_SUMMARY
@@ -42,10 +42,10 @@ jobs:
      - name: Setup MokoStandards tools
        env:
-          GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
+          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
+          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
-          MOKO_CLONE_HOST: ${{ secrets.GA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
+          MOKO_CLONE_HOST: ${{ secrets.MOKOGITEA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
-          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
+          COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.MOKOGITEA_TOKEN || github.token }}"}}'
        run: |
          git clone --depth 1 --branch main --quiet \
            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Automation
-# VERSION: 01.03.00
+# VERSION: 01.00.00
 # BRIEF: Auto-create feature branch when an issue is opened
 name: "Universal: Issue Branch"
@@ -19,7 +19,7 @@ permissions:
  issues: write
 env:
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
 jobs:
  create-branch:
@@ -28,8 +28,8 @@ jobs:
    steps:
      - name: Create branch and comment
        run: |
-          TOKEN="${{ secrets.GA_TOKEN }}"
+          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
-          API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
+          API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
          ISSUE_NUM="${{ github.event.issue.number }}"
          ISSUE_TITLE="${{ github.event.issue.title }}"
@@ -58,7 +58,7 @@ jobs:
            echo "Created branch: ${BRANCH}"
            # Comment on issue with branch link
-            REPO_URL="${GITEA_URL}/${{ github.repository }}"
+            REPO_URL="${MOKOGITEA_URL}/${{ github.repository }}"
            BODY="Branch created: [\`${BRANCH}\`](${REPO_URL}/src/branch/${BRANCH})\n\n\`\`\`bash\ngit fetch origin\ngit checkout ${BRANCH}\n\`\`\`"
            curl -sf -X POST \
@@ -496,39 +496,26 @@ jobs:
    steps:
      - name: Trigger RC pre-release
        env:
-          GA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
          REPO: ${{ github.repository }}
          BRANCH: ${{ github.head_ref }}
-          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+          MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
        run: |
-          curl -s -X POST             "${GITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${GITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
+          curl -s -X POST             "${MOKOGITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches"             -H "Authorization: token ${MOKOGITEA_TOKEN}"             -H "Content-Type: application/json"             -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
          echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
          echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
  # ── Issue Reporter ──────────────────────────────────────────────────────
  report-issues:
    name: Report Issues
    runs-on: ubuntu-latest
    needs: [branch-policy, validate]
    if: >-
      always() &&
      needs.validate.result == 'failure'
-
+    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-    steps:
+    with:
-      - name: Checkout
+      gate: "PR Validation"
-        uses: actions/checkout@v4
+      workflow: "PR Check"
-        with:
+      severity: error
-          sparse-checkout: automation/ci-issue-reporter.sh
+      details: "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
-          sparse-checkout-cone-mode: false
+    secrets: inherit
      - name: "File issue for PR validation failure"
        env:
          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
        run: |
          chmod +x automation/ci-issue-reporter.sh
          ./automation/ci-issue-reporter.sh \
            --gate "PR Validation" \
            --workflow "PR Check" \
            --severity error \
            --details "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
@@ -20,7 +20,7 @@ permissions:
  contents: read
 env:
-  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+  MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
@@ -55,14 +55,14 @@ jobs:
      - name: Validate metadata against Joomla manifest
        env:
-          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
          php ${MOKO_CLI}/joomla_metadata_validate.php \
            --path . \
-            --token "${GITEA_TOKEN}" \
+            --token "${MOKOGITEA_TOKEN}" \
            --org "${GITEA_ORG}" \
            --repo "${GITEA_REPO}" \
-            --api-base "${GITEA_URL}/api/v1" \
+            --api-base "${MOKOGITEA_URL}/api/v1" \
            --ci
          if [ $? -ne 0 ]; then
@@ -7,7 +7,7 @@
 # INGROUP: mokocli.Release
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
 # PATH: /templates/workflows/universal/pre-release.yml.template
-# VERSION: 05.01.00
+# VERSION: 05.02.00
 # BRIEF: Auto pre-release on push to dev/alpha/beta/rc branches
 name: "Universal: Pre-Release"
@@ -59,6 +59,11 @@ jobs:
          fetch-depth: 0
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          ref: ${{ github.ref_name }}
          submodules: recursive
      - name: Update submodules to main
        run: |
          git submodule foreach --quiet 'git checkout main && git pull --quiet origin main' 2>/dev/null || true
      - name: Setup mokocli tools
        env:
@@ -29,12 +29,20 @@ jobs:
    steps:
      - name: Rename branch
        env:
          BRANCH: ${{ github.event.pull_request.head.ref }}
          REPO: ${{ github.repository }}
          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
          TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
-          BRANCH="${{ github.event.pull_request.head.ref }}"
+          set -euo pipefail
          # BRANCH is attacker-controlled (PR head ref). Strict allowlist before ANY use.
          if ! printf '%s' "$BRANCH" | grep -Eq '^rc/[A-Za-z0-9._/-]+$'; then
            echo "::error::Refusing unsafe branch name: $BRANCH"; exit 1
          fi
          SUFFIX="${BRANCH#rc/}"
          DEV_BRANCH="dev/${SUFFIX}"
-          API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
+          API="${GITEA_URL}/api/v1/repos/${REPO}/branches"
          TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          # Create dev/ branch from rc/ branch
          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X POST \
@@ -42,25 +50,22 @@ jobs:
            -H "Content-Type: application/json" \
            -d "{\"new_branch_name\": \"${DEV_BRANCH}\", \"old_branch_name\": \"${BRANCH}\"}" \
            "${API}" 2>/dev/null || true)
          if [ "$STATUS" = "201" ]; then
-            echo "Created branch: ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
+            echo "Created branch: ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
          else
-            echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"
+            echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"; exit 1
            exit 1
          fi
-          # Delete rc/ branch
+          # Read BRANCH from the environment inside PHP (getenv, no string interpolation -> no PHP injection)
-          ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
+          ENCODED=$(php -r 'echo rawurlencode(getenv("BRANCH"));')
          STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
            -H "Authorization: token ${TOKEN}" \
            "${API}/${ENCODED}" 2>/dev/null || true)
          if [ "$STATUS" = "204" ]; then
-            echo "Deleted branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
+            echo "Deleted branch: ${BRANCH}" >> "$GITHUB_STEP_SUMMARY"
          else
            echo "::warning::Failed to delete ${BRANCH} (HTTP ${STATUS})"
          fi
-          echo "### RC Reverted" >> $GITHUB_STEP_SUMMARY
+          echo "### RC Reverted" >> "$GITHUB_STEP_SUMMARY"
-          echo "${BRANCH} → ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
+          echo "${BRANCH} → ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
@@ -77,7 +77,7 @@ jobs:
      - name: Check actor permission (admin only)
        id: perm
        env:
-          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || secrets.MOKOGITEA_TOKEN || github.token }}
+          TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
          REPO: ${{ github.repository }}
          ACTOR: ${{ github.actor }}
        run: |
@@ -671,42 +671,30 @@ jobs:
  # ═══════════════════════════════════════════════════════════════════════
  # Issue Reporter — file issues for failed gates
  # ═══════════════════════════════════════════════════════════════════════
-  report-issues:
+  report-scripts:
-    name: "Report Issues"
+    name: "Report: Scripts Governance"
-    runs-on: ubuntu-latest
+    needs: [access_check, scripts_governance]
    needs: [access_check, scripts_governance, repo_health]
    if: >-
      always() &&
-      (needs.scripts_governance.result == 'failure' ||
+      needs.scripts_governance.result == 'failure'
-       needs.repo_health.result == 'failure')
+    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
    with:
      gate: "Scripts Governance"
      workflow: "Repo Health"
      severity: error
      details: "Scripts directory policy violations detected. Review required and allowed directories."
    secrets: inherit
-    steps:
+  report-health:
-      - name: Checkout
+    name: "Report: Repository Health"
-        uses: actions/checkout@v4
+    needs: [access_check, repo_health]
-        with:
+    if: >-
-          sparse-checkout: automation/ci-issue-reporter.sh
+      always() &&
-          sparse-checkout-cone-mode: false
+      needs.repo_health.result == 'failure'
-
+    uses: ./.mokogitea/workflows/ci-issue-reporter.yml
-      - name: "File issues for failed gates"
+    with:
-        env:
+      gate: "Repository Health"
-          GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+      workflow: "Repo Health"
-          GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
+      severity: error
-        run: |
+      details: "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
-          chmod +x automation/ci-issue-reporter.sh
+    secrets: inherit
          REPORTER="./automation/ci-issue-reporter.sh"
          WF="Repo Health"
          report_gate() {
            local gate="$1" result="$2" details="$3"
            if [ "$result" = "failure" ]; then
              "$REPORTER" --gate "$gate" --details "$details" --workflow "$WF" --severity error
            fi
          }
          report_gate "Scripts Governance" \
            "${{ needs.scripts_governance.result }}" \
            "Scripts directory policy violations detected. Review required and allowed directories."
          report_gate "Repository Health" \
            "${{ needs.repo_health.result }}" \
            "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
@@ -1,82 +0,0 @@
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: MokoStandards.Security
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
 # PATH: /.gitea/workflows/security-audit.yml
 # VERSION: 01.00.00
 # BRIEF: Dependency vulnerability scanning for composer and npm packages
 name: "Universal: Security Audit"
 on:
  schedule:
    - cron: '0 6 * * 1'  # Weekly on Monday at 06:00 UTC
  pull_request:
    branches:
      - main
    paths:
      - 'composer.json'
      - 'composer.lock'
      - 'package.json'
      - 'package-lock.json'
  workflow_dispatch:
 permissions:
  contents: read
 env:
  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
 jobs:
  audit:
    name: Dependency Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Composer audit
        if: hashFiles('composer.lock') != ''
        run: |
          echo "=== Composer Security Audit ==="
          if ! command -v composer &> /dev/null; then
            sudo apt-get update -qq
            sudo apt-get install -y -qq php-cli composer >/dev/null 2>&1
          fi
          composer audit --format=plain 2>&1 | tee /tmp/composer-audit.txt
          RESULT=$?
          if [ $RESULT -ne 0 ]; then
            echo "::warning::Composer vulnerabilities found"
            echo "composer_vulnerable=true" >> "$GITHUB_ENV"
          else
            echo "No known vulnerabilities in composer dependencies"
          fi
      - name: NPM audit
        if: hashFiles('package-lock.json') != ''
        run: |
          echo "=== NPM Security Audit ==="
          npm audit --production 2>&1 | tee /tmp/npm-audit.txt || true
          if npm audit --production 2>&1 | grep -q "found 0 vulnerabilities"; then
            echo "No known vulnerabilities in npm dependencies"
          else
            echo "::warning::NPM vulnerabilities found"
            echo "npm_vulnerable=true" >> "$GITHUB_ENV"
          fi
      - name: Notify on vulnerabilities
        if: env.composer_vulnerable == 'true' || env.npm_vulnerable == 'true'
        run: |
          REPO="${{ github.event.repository.name }}"
          curl -sS \
            -H "Title: ${REPO} has vulnerable dependencies" \
            -H "Tags: lock,warning" \
            -H "Priority: high" \
            -d "Security audit found vulnerabilities. Review dependency updates." \
            "${NTFY_URL}/${NTFY_TOPIC}" || true
@@ -1,312 +0,0 @@
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: moko-platform.Universal
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
 # PATH: /templates/workflows/update-server.yml
 # VERSION: 05.00.00
 # BRIEF: Pre-release build + update server XML for dev/alpha/beta/rc branches
 #
 # Thin wrapper around moko-platform CLI tools.
 # Builds packages, updates updates.xml, and optionally deploys via SFTP.
 #
 # Joomla filters update entries by the user's "Minimum Stability" setting.
 name: "Update Server"
 on:
  push:
    branches:
      - 'dev'
      - 'dev/**'
      - 'alpha/**'
      - 'beta/**'
      - 'rc/**'
    paths:
      - 'src/**'
      - 'htdocs/**'
  pull_request:
    types: [closed]
    branches:
      - 'dev'
      - 'dev/**'
      - 'alpha/**'
      - 'beta/**'
      - 'rc/**'
    paths:
      - 'src/**'
      - 'htdocs/**'
  workflow_dispatch:
    inputs:
      stability:
        description: 'Stability tag'
        required: true
        default: 'development'
        type: choice
        options:
          - development
          - alpha
          - beta
          - rc
          - stable
 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
  GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
  GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
  GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
 permissions:
  contents: write
 jobs:
  update-xml:
    name: Update Server
    runs-on: release
    if: >-
      github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' || github.event_name == 'push'
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.MOKOGITEA_TOKEN }}
          fetch-depth: 0
      - name: Setup moko-platform tools
        env:
          MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
          MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
          COMPOSER_AUTH: '{"http-basic":{"git.mokoconsulting.tech":{"username":"token","password":"${{ secrets.MOKOGITEA_TOKEN }}"}}}'
        run: |
          if ! command -v composer &> /dev/null; then
            sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
          fi
          # Always fetch latest CLI tools — never use stale cache from previous runs
          rm -rf /tmp/moko-platform
          git clone --depth 1 --branch main --quiet \
            "https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/moko-platform.git" \
            /tmp/moko-platform 2>/dev/null || true
          if [ -d "/tmp/moko-platform" ] && [ -f "/tmp/moko-platform/composer.json" ]; then
            cd /tmp/moko-platform && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
          fi
          echo "MOKO_CLI=/tmp/moko-platform/cli" >> "$GITHUB_ENV"
      - name: Detect platform
        id: platform
        run: php ${MOKO_CLI}/manifest_read.php --path . --github-output
      - name: Resolve stability and bump version
        id: meta
        run: |
          BRANCH="${{ github.ref_name }}"
          # Configure git for bot pushes
          git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
          git config --local user.name "gitea-actions[bot]"
          git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
          # Auto-bump patch version
          php ${MOKO_CLI}/version_bump.php --path . 2>/dev/null || true
          VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "0.0.0")
          # Strip any existing suffix before applying stability
          VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
          # Determine stability from branch or manual input
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            STABILITY="${{ inputs.stability }}"
          elif [[ "$BRANCH" == rc/* ]]; then
            STABILITY="rc"
          elif [[ "$BRANCH" == beta/* ]]; then
            STABILITY="beta"
          elif [[ "$BRANCH" == alpha/* ]]; then
            STABILITY="alpha"
          else
            STABILITY="development"
          fi
          # Version suffix per stability stream
          case "$STABILITY" in
            development) SUFFIX="-dev";  TAG="development" ;;
            alpha)       SUFFIX="-alpha"; TAG="alpha" ;;
            beta)        SUFFIX="-beta";  TAG="beta" ;;
            rc)          SUFFIX="-rc";    TAG="release-candidate" ;;
            *)           SUFFIX="";       TAG="stable" ;;
          esac
          # Propagate version with stability suffix to all manifest files
          php ${MOKO_CLI}/version_set_platform.php \
            --path . --version "$VERSION" --branch "$BRANCH" --stability "$STABILITY" 2>/dev/null || true
          php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
          # Re-read version (now includes suffix from version_set_platform)
          if [ -n "$SUFFIX" ]; then
            VERSION="${VERSION}${SUFFIX}"
          fi
          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
          echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
          echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
          echo "display_version=${VERSION}" >> "$GITHUB_OUTPUT"
          # Commit version bump if changed
          git add -A
          git diff --cached --quiet || {
            git commit -m "chore(version): auto-bump ${VERSION} [skip ci]" \
              --author="gitea-actions[bot] <gitea-actions[bot]@mokoconsulting.tech>"
            git push
          }
      - name: Create release and upload package
        id: package
        run: |
          VERSION="${{ steps.meta.outputs.version }}"
          TAG="${{ steps.meta.outputs.tag }}"
          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          # Create or update Gitea release
          php ${MOKO_CLI}/release_create.php \
            --path . --version "$VERSION" --tag "$TAG" \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
            --repo "${GITEA_REPO}" --branch "${{ github.ref_name }}" --prerelease
          # Build package and upload
          php ${MOKO_CLI}/release_package.php \
            --path . --version "$VERSION" --tag "$TAG" \
            --token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
            --repo "${GITEA_REPO}" --output /tmp || true
      - name: Update updates.xml
        if: steps.platform.outputs.platform == 'joomla'
        run: |
          VERSION="${{ steps.meta.outputs.version }}"
          STABILITY="${{ steps.meta.outputs.stability }}"
          SHA256="${{ steps.package.outputs.sha256_zip }}"
          if [ ! -f "updates.xml" ]; then
            echo "No updates.xml — skipping"
            exit 0
          fi
          SHA_FLAG=""
          [ -n "$SHA256" ] && SHA_FLAG="--sha ${SHA256}"
          php ${MOKO_CLI}/updates_xml_build.php \
            --path . --version "${VERSION}" --stability "${STABILITY}" \
            --gitea-url "${GITEA_URL}" --org "${GITEA_ORG}" --repo "${GITEA_REPO}" \
            ${SHA_FLAG}
          # Commit and push updates.xml
          git add updates.xml
          git diff --cached --quiet || {
            git commit -m "chore: update ${STABILITY} channel ${VERSION} [skip ci]"
            git push
          }
      - name: Sync updates.xml to main
        if: github.ref_name != 'main' && steps.platform.outputs.platform == 'joomla'
        run: |
          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          GITEA_TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
          FILE_SHA=$(curl -sf -H "Authorization: token ${GITEA_TOKEN}" \
            "${API_BASE}/contents/updates.xml?ref=main" | python3 -c "import sys,json; print(json.load(sys.stdin).get('sha',''))" 2>/dev/null || true)
          if [ -n "$FILE_SHA" ] && [ -f "updates.xml" ]; then
            python3 -c "
          import base64, json, urllib.request, sys
          with open('updates.xml', 'rb') as f:
              content = base64.b64encode(f.read()).decode()
          payload = json.dumps({
              'content': content,
              'sha': '${FILE_SHA}',
              'message': 'chore: sync updates.xml from ${{ steps.meta.outputs.stability }} [skip ci]',
              'branch': 'main'
          }).encode()
          req = urllib.request.Request(
              '${API_BASE}/contents/updates.xml',
              data=payload, method='PUT',
              headers={
                  'Authorization': 'token ${GITEA_TOKEN}',
                  'Content-Type': 'application/json'
              })
          try:
              urllib.request.urlopen(req)
              print('updates.xml synced to main')
          except Exception as e:
              print(f'WARNING: sync to main failed: {e}', file=sys.stderr)
          "
          fi
      - name: SFTP deploy to dev server
        if: contains(github.ref, 'dev/') || github.ref == 'refs/heads/dev'
        env:
          DEV_HOST: ${{ vars.DEV_FTP_HOST }}
          DEV_PATH: ${{ vars.DEV_FTP_PATH }}
          DEV_SUFFIX: ${{ vars.DEV_FTP_SUFFIX }}
          DEV_USER: ${{ vars.DEV_FTP_USERNAME }}
          DEV_PORT: ${{ vars.DEV_FTP_PORT }}
          DEV_KEY: ${{ secrets.DEV_FTP_KEY }}
          DEV_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
        run: |
          # Permission check: admin or maintain role required
          ACTOR="${{ github.actor }}"
          API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
          PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
            "${API_BASE}/collaborators/${ACTOR}/permission" 2>/dev/null | \
            python3 -c "import sys,json; print(json.load(sys.stdin).get('permission','read'))" 2>/dev/null || echo "read")
          case "$PERMISSION" in
            admin|maintain|write) ;;
            *)
              echo "Deploy denied: ${ACTOR} has '${PERMISSION}' — requires admin, maintain, or write"
              exit 0
              ;;
          esac
          [ -z "$DEV_HOST" ] || [ -z "$DEV_PATH" ] && { echo "DEV FTP not configured — skipping SFTP"; exit 0; }
          SOURCE_DIR="src"
          [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
          [ ! -d "$SOURCE_DIR" ] && exit 0
          PORT="${DEV_PORT:-22}"
          REMOTE="${DEV_PATH%/}"
          [ -n "$DEV_SUFFIX" ] && REMOTE="${REMOTE}/${DEV_SUFFIX#/}"
          printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
            "$DEV_HOST" "$PORT" "$DEV_USER" "$REMOTE" > /tmp/sftp-config.json
          if [ -n "$DEV_KEY" ]; then
            echo "$DEV_KEY" > /tmp/deploy_key && chmod 600 /tmp/deploy_key
            printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
          else
            printf ',"password":"%s"}' "$DEV_PASS" >> /tmp/sftp-config.json
          fi
          PLATFORM=$(php ${MOKO_CLI}/platform_detect.php --path . 2>/dev/null || true)
          if [ "$PLATFORM" = "waas-component" ] && [ -f "${MOKO_CLI}/../deploy/deploy-joomla.php" ]; then
            php ${MOKO_CLI}/../deploy/deploy-joomla.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
          elif [ -f "${MOKO_CLI}/../deploy/deploy-sftp.php" ]; then
            php ${MOKO_CLI}/../deploy/deploy-sftp.php --path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json
          fi
          rm -f /tmp/deploy_key /tmp/sftp-config.json
          echo "SFTP deploy to dev complete" >> $GITHUB_STEP_SUMMARY
      - name: Summary
        if: always()
        run: |
          VERSION="${{ steps.meta.outputs.version }}"
          STABILITY="${{ steps.meta.outputs.stability }}"
          DISPLAY="${{ steps.meta.outputs.display_version }}"
          echo "## Update Server" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
          echo "| Stability | \`${STABILITY}\` |" >> $GITHUB_STEP_SUMMARY
          echo "| Version | \`${DISPLAY}\` |" >> $GITHUB_STEP_SUMMARY
@@ -0,0 +1,130 @@
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow.Template
 # INGROUP: MokoStandards.CI
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
 # PATH: /.mokogitea/workflows/version-set.yml
 # VERSION: 01.00.00
 # BRIEF: Set or reset the extension version across all version-bearing files
 name: "Joomla: Set Version"
 on:
  workflow_dispatch:
    inputs:
      version:
        description: "Version number (e.g. 01.00.00)"
        required: true
        type: string
      branch:
        description: "Branch to update (default: current)"
        required: false
        type: string
 permissions:
  contents: write
 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 jobs:
  set-version:
    name: Set Version to ${{ inputs.version }}
    runs-on: ubuntu-latest
    steps:
      - name: Validate version format
        run: |
          VERSION="${{ inputs.version }}"
          if ! echo "$VERSION" | grep -qP '^\d{2}\.\d{2}\.\d{2}$'; then
            echo "::error::Invalid version format '${VERSION}' — expected XX.YY.ZZ (e.g. 01.00.00)"
            exit 1
          fi
          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
      - name: Checkout
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
          ref: ${{ inputs.branch || github.ref }}
          fetch-depth: 1
      - name: Update manifest version
        run: |
          MANIFEST=""
          for XML_FILE in $(find . -maxdepth 3 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
            if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
              MANIFEST="$XML_FILE"
              break
            fi
          done
          if [ -z "$MANIFEST" ]; then
            echo "::warning::No Joomla extension manifest found — skipping manifest update"
          else
            OLD_VER=$(grep -oP '<version>\K[^<]+' "$MANIFEST" | head -1)
            sed -i "s|<version>${OLD_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
            echo "Manifest: ${OLD_VER} → ${VERSION} (${MANIFEST})"
          fi
      - name: Update README.md version
        run: |
          if [ -f "README.md" ]; then
            if grep -qP '^\s*VERSION:\s*\d' README.md; then
              sed -i -E "s/(VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" README.md
              echo "README.md version updated to ${VERSION}"
            else
              echo "::warning::No VERSION line found in README.md — skipping"
            fi
          fi
      - name: Update CHANGELOG.md
        run: |
          if [ -f "CHANGELOG.md" ]; then
            DATE=$(date +%Y-%m-%d)
            # Check if this version already has an entry
            if grep -q "^\#\# \[${VERSION}\]" CHANGELOG.md; then
              echo "CHANGELOG.md already has entry for ${VERSION} — skipping"
            else
              # Insert new version entry after [Unreleased] or at the top after header
              if grep -q '^\#\# \[Unreleased\]' CHANGELOG.md; then
                sed -i "/^\#\# \[Unreleased\]/a\\\\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
              else
                sed -i "/^\# Changelog/a\\\\n## [Unreleased]\n\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
              fi
              echo "CHANGELOG.md: added entry for ${VERSION}"
            fi
          else
            echo "::warning::No CHANGELOG.md found — skipping"
          fi
      - name: Update FILE INFORMATION blocks
        run: |
          # Update VERSION in file header blocks (# VERSION: XX.YY.ZZ)
          find . -maxdepth 1 -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.php" -o -name "*.md" \) \
            -not -path "./.git/*" -not -path "./vendor/*" -print0 2>/dev/null | \
          while IFS= read -r -d '' FILE; do
            if head -20 "$FILE" | grep -qP '^\s*#?\s*VERSION:\s*\d{2}\.\d{2}\.\d{2}'; then
              sed -i -E "s/(#?\s*VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" "$FILE"
              echo "Updated FILE INFORMATION VERSION in ${FILE}"
            fi
          done
      - name: Commit and push
        run: |
          git config user.name "Moko Consulting [bot]"
          git config user.email "hello@mokoconsulting.tech"
          git add -A
          if git diff --cached --quiet; then
            echo "No version changes detected — nothing to commit"
          else
            git commit -m "chore: set version to ${VERSION} [skip bump]
 Authored-by: Moko Consulting"
            git push
            echo "### Version Set" >> $GITHUB_STEP_SUMMARY
            echo "Version updated to \`${VERSION}\` on branch \`${GITHUB_REF_NAME}\`" >> $GITHUB_STEP_SUMMARY
          fi
@@ -13,6 +13,7 @@
 name: "Universal: Workflow Sync Trigger"
 on:
  workflow_dispatch:
  pull_request:
    types: [closed]
    branches:
@@ -26,8 +27,9 @@ jobs:
    name: Sync workflows to live repos
    runs-on: ubuntu-latest
    if: >-
-      github.event.pull_request.merged == true &&
+      github.event_name == 'workflow_dispatch' ||
-      !contains(github.event.pull_request.title, '[skip sync]')
+      (github.event.pull_request.merged == true &&
      !contains(github.event.pull_request.title, '[skip sync]'))
    steps:
      - name: Determine platform from repo name
@@ -49,8 +51,14 @@ jobs:
        env:
          MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
        run: |
-          GITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
+          MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
-          git clone --depth 1 "${GITEA_URL}/MokoConsulting/mokocli.git" /tmp/mokocli
+          git clone --depth 1 "${MOKOGITEA_URL}/MokoConsulting/mokocli.git" /tmp/mokocli
      - name: Install PHP
        run: |
          if ! command -v php &> /dev/null; then
            apt-get update -qq && apt-get install -y -qq php-cli php-json php-curl > /dev/null 2>&1
          fi
      - name: Install dependencies
        run: |
@@ -2,16 +2,16 @@
 ## [Unreleased]
-## [01.03.00] --- 2026-06-21
+## [01.04.00] --- 2026-06-23
-<!-- VERSION: 01.03.00 -->
+<!-- VERSION: 01.04.00 -->
 All notable changes to MokoSuiteOpenGraph will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
-## [01.03.00] --- 2026-06-21
+## [01.04.00] --- 2026-06-23
 ### Security
 - Fix JSON-LD XSS vulnerability via `</script>` injection in content data (#34)
@@ -20,6 +20,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - Fix multilingual data corruption in content plugin load/save (#41)
 ### Added
 - Fediverse/Mastodon `fediverse:creator` meta tag — first extension on any CMS to support this (#57)
 - Live character count indicators on OG title, OG description, SEO title, meta description fields with color-coded warnings (#58)
 - LinkedIn social preview card in article/menu editor alongside Facebook and Twitter/X previews (#61)
 - `og:video` meta tag support with per-article video URL field, auto-detect MIME type for YouTube/Vimeo/direct files (#59)
 - Pinterest rich pin tags: `article:tag` from Joomla content tags, `product:availability` from MokoSuiteShop stock (#60)
 - Site-wide default OG title and description plugin parameters
 - Discord embed color via `theme-color` meta tag (color picker in plugin config)
 - LinkedIn article tags: `article:published_time`, `article:modified_time`, `article:author`
@@ -1,28 +1,46 @@
-# Code of Conduct
+<!--	Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 	This file is part of a Moko Consulting project.
 	SPDX-LICENSE-IDENTIFIER: GPL-3.0-or-later
 	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
 	This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 	You should have received a copy of the GNU General Public License (./LICENSE).
 	# FILE INFORMATION
 	DEFGROUP: Template-Joomla
 	INGROUP: Template-Joomla.Documentation
 	REPO: https://github.com/mokoconsulting-tech/Template-Joomla/
  VERSION: 01.01.00
  PATH: ./CODE_OF_CONDUCT.md
  BRIEF: Community expectations and enforcement guidelines
  NOTE: Adapted with attribution from the Contributor Covenant v2.1
 -->
 # Contributor Covenant Code of Conduct
 ## Our Pledge
-
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone.
 We pledge to make participation in our project a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
 ## Our Standards
 - Be empathetic and kind
 - Be respectful of differing opinions
 - Accept constructive feedback
 - Own mistakes and learn from them
-Examples of behavior that contributes to a positive environment:
+Unacceptable behavior includes sexualized language/imagery, trolling, harassment, doxing, and other inappropriate conduct.
 - Using welcoming and inclusive language
 - Being respectful of differing viewpoints and experiences
 - Gracefully accepting constructive criticism
 - Focusing on what is best for the community
 Examples of unacceptable behavior:
 - Trolling, insulting/derogatory comments, and personal or political attacks
 - Public or private harassment
 - Publishing others' private information without explicit permission
 ## Enforcement
 Report incidents to **hello@mokoconsulting.tech** or through GitHub Discussions if you prefer a community-visible approach. Private complaints will be reviewed promptly and fairly.
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project team at hello@mokoconsulting.tech. All complaints will be reviewed and investigated.
+## Enforcement Guidelines
 1. **Correction** — Private warning  
 2. **Warning** — Formal warning and limited interaction  
 3. **Temporary Ban** — Time-boxed exclusion  
 4. **Permanent Ban** — Removal from the community
 ## Attribution
-
+Adapted from the Contributor Covenant v2.1.
 This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1.
@@ -1,34 +1,161 @@
-# Contributing to MokoJoomOpenGraph
+# Contributing to Moko Consulting Projects
-
+
-Thank you for your interest in contributing to MokoJoomOpenGraph.
+Thank you for your interest in contributing. All Moko Consulting repositories follow this universal workflow and version policy.
-
+
-## Getting Started
+## Branching Workflow
-
+
-1. Fork the repository on Gitea
+```
-2. Create a feature branch from `dev` (`feature/your-feature`)
+feature/* ──PR──> dev ──draft PR──> (renamed to rc) ──merge──> main
-3. Make your changes following the coding standards below
+```
-4. Submit a pull request targeting `dev`
+
-
+### Step by step
-## Branch Strategy
+
-
+1. **Create a feature branch** from `dev`:
- `main` — stable releases only
+   ```bash
- `dev` — active development
+   git checkout dev && git pull
- `feature/*` — new features (target `dev`)
+   git checkout -b feature/my-change
- `fix/*` — bug fixes (target `dev`)
+   ```
- `hotfix/*` — urgent fixes (target `dev` or `main`)
+
-
+2. **Work and commit** on your feature branch. Push to origin.
-## Coding Standards
+
-
+3. **Open a PR**: `feature/my-change` → `dev`. After review and checks, merge it.
- PHP 8.1+ required
+
- Follow Joomla coding standards
+4. **When ready for release**, open a **draft PR**: `dev` → `main`.
- SPDX license headers on all PHP files
+   - This automatically renames the source branch to `rc` (release candidate)
- Use `SubscriberInterface` for event subscription
+   - An RC pre-release is built and uploaded
- Use `bind() -> check() -> store()` for Table operations
+
-
+5. **Alpha and beta branches** are created by manually renaming the branch before the RC stage:
-## Reporting Issues
+   - Rename `dev` to `alpha` for early testing → alpha pre-release is built
-
+   - Rename `alpha` to `beta` for feature-complete testing → beta pre-release is built
-Report bugs and feature requests via [Issues](https://git.mokoconsulting.tech/MokoConsulting/MokoJoomOpenGraph/issues).
+   - When the draft PR is created, the branch is renamed to `rc`
-
+
-## License
+6. **Once PR checks pass** on the `rc` branch, mark the PR as ready and merge to `main`.
-
+
-By contributing, you agree that your contributions will be licensed under GPL-3.0-or-later.
+7. **Merging to main** triggers the stable release pipeline:
   - Minor version bump (e.g., `02.09.xx` → `02.10.00`)
   - Stability suffix stripped (clean version)
   - Gitea release created with ZIP/tar.gz packages
   - `updates.xml` updated (Joomla extensions)
   - `dev` branch recreated from `main`
 ### Branch summary
 | Branch | Purpose | Created by |
 |--------|---------|-----------|
 | `feature/*` | New features and fixes | Developer |
 | `dev` | Integration branch | Auto-recreated after release |
 | `alpha` | Alpha pre-release testing | Manual rename from `dev` |
 | `beta` | Beta pre-release testing | Manual rename from `alpha` |
 | `rc` | Release candidate | Auto-renamed on draft PR to main |
 | `main` | Stable releases | Protected, merge only |
 | `version/XX.YY.ZZ` | Archived release snapshots | Auto-created by CI |
 ### Protected branches
 | Branch | Direct push | Merge via |
 |--------|------------|-----------|
 | `main` | Blocked (CI bot whitelisted) | PR merge only |
 | `dev` | Blocked (CI bot whitelisted) | PR merge from feature/* |
 | `rc` | Blocked (CI bot whitelisted) | Auto-created on draft PR |
 | `alpha` | Blocked (CI bot whitelisted) | Manual rename |
 | `beta` | Blocked (CI bot whitelisted) | Manual rename |
 | `feature/*` | Open | N/A (source branch) |
 ## Version Policy
 ### Format
 All versions use `XX.YY.ZZ` — three two-digit segments, zero-padded:
 - **XX** — Major version (breaking changes)
 - **YY** — Minor version (new features, bumped on release to main)
 - **ZZ** — Patch version (auto-incremented on every push to dev/feature branches)
 Rollover: patch `99` → `00` increments minor; minor `99` → `00` increments major.
 ### Stability suffixes
 Each branch appends a suffix to indicate stability:
 | Branch | Suffix | Example |
 |--------|--------|---------|
 | `main` | (none) | `02.09.00` |
 | `dev` | `-dev` | `02.09.01-dev` |
 | `feature/*` | `-dev` | `02.09.01-dev` |
 | `alpha` | `-alpha` | `02.09.01-alpha` |
 | `beta` | `-beta` | `02.09.01-beta` |
 | `rc` | `-rc` | `02.09.01-rc` |
 ### Auto version bump
 On every push to `dev`, `feature/*`, or `patch/*`:
 1. Patch version incremented
 2. Stability suffix `-dev` applied
 3. All version-bearing files updated (manifests, CHANGELOG, PHP headers, etc.)
 4. Commit created with `[skip ci]` to avoid loops
 ### Release version flow
 Version bumps happen at specific release events:
 | Event | Bump | Example |
 |-------|------|---------|
 | Feature merged to dev | Patch bump after dev release | `02.09.01-dev` → release → `02.09.02-dev` |
 | Dev promoted to RC | Minor bump | `02.09.02-dev` → `02.10.00-rc` |
 | RC merged to main | Minor bump | `02.10.00-rc` → `02.11.00` (stable) |
 | Dev recreated from main | Patch bump | `02.11.00` → `02.11.01-dev` |
 ### Release stream copies
 When a higher-stability release is published, copies are created for all lesser streams with the same base version:
 - **RC `02.10.00-rc`** also creates: `02.10.00-dev`, `02.10.00-alpha`, `02.10.00-beta`
 - **Stable `02.11.00`** also creates: `02.11.00-dev`, `02.11.00-alpha`, `02.11.00-beta`, `02.11.00-rc`
 This ensures Joomla sites on ANY stability channel see the update (Joomla only shows versions higher than what's installed).
 ### Version files
 The version tools update all files containing version stamps:
 - `.mokogitea/manifest.xml` (canonical source)
 - Joomla XML manifests (`<version>` tag)
 - `README.md`, `CHANGELOG.md` (`VERSION:` pattern)
 - `package.json`, `pyproject.toml`
 - Any text file with a `VERSION: XX.YY.ZZ` label
 Files synced from other repos (with a `# REPO:` header) are not touched.
 ## Code Standards
 - **PHP**: PSR-12, tabs for indentation
 - **Copyright**: all files must include the Moko Consulting copyright header
 - **License**: SPDX identifier `GPL-3.0-or-later` (or as specified per repo)
 - **Attribution**: use `Authored-by: Moko Consulting` in commits, not individual names
 ## Commit Messages
 Use conventional commit format:
 ```
 type(scope): short description
 Optional body with context.
 Authored-by: Moko Consulting
 ```
 Types: `feat`, `fix`, `chore`, `docs`, `style`, `refactor`, `test`, `ci`
 Special flags in commit messages:
 - `[skip ci]` — skip all CI workflows
 - `[skip bump]` — skip auto version bump only
 ## Reporting Issues
 Use the repository's issue tracker with the appropriate template.
 ---
 *Moko Consulting <hello@mokoconsulting.tech>*
@@ -0,0 +1,119 @@
 <!--
 Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 This file is part of a Moko Consulting project.
 SPDX-License-Identifier: GPL-3.0-or-later
 This program is free software; you can redistribute it and/or modify it under the terms of
 the GNU General Public License as published by the Free Software Foundation; either version 3
 of the License, or (at your option) any later version.
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 See the GNU General Public License for more details.
 You should have received a copy of the GNU General Public License (./LICENSE).
 FILE INFORMATION
 DEFGROUP: mokoconsulting-tech.Template-Joomla
 INGROUP: MokoStandards.Governance
 REPO: https://github.com/mokoconsulting-tech/Template-Joomla
 VERSION: 01.01.00
 PATH: /GOVERNANCE.md
 BRIEF: Project governance rules, roles, and decision process for Template-Joomla
 -->
 [![MokoStandards](https://img.shields.io/badge/MokoStandards-04.00.04-blue)](https://github.com/mokoconsulting-tech/MokoStandards)
 # Project Governance
 ## Overview
 This document defines the governance model for the `Template-Joomla` repository within the
 `mokoconsulting-tech` organization. It is automatically maintained by
 [MokoStandards](https://github.com/mokoconsulting-tech/MokoStandards) v04.00.04.
 Full governance policy is defined in the MokoStandards source repository:
 [docs/policy/GOVERNANCE.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/GOVERNANCE.md)
 ---
 ## Roles and Responsibilities
 ### Maintainer
 **GitHub**: @mokoconsulting-tech
 **Authority**: Final decision-making authority on all matters for this repository.
 **Responsibilities**:
 - Review and merge pull requests
 - Maintain code quality and standards compliance
 - Manage releases and versioning
 - Respond to issues and security reports
 ### Contributors
 **Authority**: Submit changes via pull requests.
 **Requirements**:
 - Read and accept `CODE_OF_CONDUCT.md`
 - Follow `CONTRIBUTING.md` guidelines
 ---
 ## Decision-Making
 All changes must be submitted as pull requests. The maintainer (@mokoconsulting-tech)
 reviews and approves all changes before they are merged.
 ### Sole Operator Policy
 This organization operates under a **sole operator** model. The maintainer (@mokoconsulting-tech)
 is the sole employee and owner and may self-approve pull requests when no second reviewer is
 available. The following requirements remain mandatory regardless:
 1. **Pull Requests Required** — all changes to protected branches go through a PR.
 2. **Automated Checks** — all CI checks must pass before merging.
 3. **Audit Trail** — issues, pull requests, and commit history are preserved.
 4. **Documentation** — changes are documented in `CHANGELOG.md`.
 See the full policy:
 [Sole Operator Policy](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/GOVERNANCE.md#sole-operator-policy)
 ---
 ## Change Management
 | Change Type | Approval | Process |
 |-------------|----------|---------|
 | Routine (docs, bug fixes) | Maintainer | PR → CI pass → merge |
 | Significant (new features) | Maintainer | PR with description → CI pass → merge |
 | Major (breaking, architecture) | Maintainer | Issue discussion → PR → CI pass → merge |
 | Emergency (security) | Maintainer | Labelled `EMERGENCY` → immediate merge → post-mortem |
 ---
 ## Reporting Issues
 - **Bugs / Features**: Open a [GitHub Issue](https://github.com/mokoconsulting-tech/Template-Joomla/issues)
 - **Security vulnerabilities**: See [SECURITY.md](./SECURITY.md)
 - **Code of Conduct**: See [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md)
 - **Contact**: dev@mokoconsulting.tech
 ---
 ## Metadata
 | Field         | Value                                           |
 | ------------- | ----------------------------------------------- |
 | Document Type | Policy                                          |
 | Domain        | Governance                                      |
 | Applies To    | mokoconsulting-tech/Template-Joomla                           |
 | Jurisdiction  | Tennessee, USA                                  |
 | Maintainer    | @mokoconsulting-tech                            |
 | Standards     | MokoStandards v04.00.04            |
 | Repo          | https://github.com/mokoconsulting-tech/Template-Joomla        |
 | Path          | /GOVERNANCE.md                                  |
 | Status        | Active — auto-maintained by MokoStandards       |
@@ -1,203 +0,0 @@
 # Makefile for Joomla Extensions
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 # MokoJoomOpenGraph — Open Graph & social sharing meta tag management
 # ==============================================================================
 # CONFIGURATION - Customize these for your extension
 # ==============================================================================
 # Extension Configuration
 EXTENSION_NAME := mokoog
 EXTENSION_TYPE := package
 # Options: module, plugin, component, package, template
 EXTENSION_VERSION := 1.0.0
 # Module Configuration (for modules only)
 MODULE_TYPE := site
 # Options: site, admin
 # Plugin Configuration (for plugins only)
 PLUGIN_GROUP := system
 # Options: system, content, user, authentication, etc.
 # Directories
 SRC_DIR := src
 BUILD_DIR := build
 DIST_DIR := dist
 DOCS_DIR := docs
 # Joomla Installation (for local testing - customize paths)
 JOOMLA_ROOT := /var/www/html/joomla
 JOOMLA_VERSION := 4
 # Tools
 PHP := php
 COMPOSER := composer
 NPM := npm
 PHPCS := vendor/bin/phpcs
 PHPCBF := vendor/bin/phpcbf
 PHPUNIT := vendor/bin/phpunit
 ZIP := zip
 # Coding Standards
 PHPCS_STANDARD := Joomla
 # Colors for output
 COLOR_RESET := \033[0m
 COLOR_GREEN := \033[32m
 COLOR_YELLOW := \033[33m
 COLOR_BLUE := \033[34m
 COLOR_RED := \033[31m
 # ==============================================================================
 # TARGETS
 # ==============================================================================
 .PHONY: help
 help: ## Show this help message
 	@echo "$(COLOR_BLUE)╔════════════════════════════════════════════════════════════╗$(COLOR_RESET)"
 	@echo "$(COLOR_BLUE)║            Joomla Extension Makefile                       ║$(COLOR_RESET)"
 	@echo "$(COLOR_BLUE)╚════════════════════════════════════════════════════════════╝$(COLOR_RESET)"
 	@echo ""
 	@echo "Extension: $(EXTENSION_NAME) ($(EXTENSION_TYPE)) v$(EXTENSION_VERSION)"
 	@echo ""
 	@echo "$(COLOR_GREEN)Available targets:$(COLOR_RESET)"
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "  $(COLOR_BLUE)%-20s$(COLOR_RESET) %s\n", $$1, $$2}'
 	@echo ""
 .PHONY: install-deps
 install-deps: ## Install all dependencies (Composer + npm)
 	@echo "$(COLOR_BLUE)Installing dependencies...$(COLOR_RESET)"
 	@if [ -f "composer.json" ]; then \
 		$(COMPOSER) install; \
 		echo "$(COLOR_GREEN)✓ Composer dependencies installed$(COLOR_RESET)"; \
 	fi
 .PHONY: lint
 lint: ## Run PHP linter (syntax check)
 	@echo "$(COLOR_BLUE)Running PHP linter...$(COLOR_RESET)"
 	@find . -name "*.php" ! -path "./vendor/*" ! -path "./node_modules/*" ! -path "./$(BUILD_DIR)/*" \
 		-exec $(PHP) -l {} \; | grep -v "No syntax errors" || true
 	@echo "$(COLOR_GREEN)✓ PHP linting complete$(COLOR_RESET)"
 .PHONY: phpcs
 phpcs: ## Run PHP CodeSniffer (Joomla standards)
 	@echo "$(COLOR_BLUE)Running PHP CodeSniffer...$(COLOR_RESET)"
 	@if [ -f "$(PHPCS)" ]; then \
 		$(PHPCS) --standard=$(PHPCS_STANDARD) --extensions=php --ignore=vendor,node_modules,$(BUILD_DIR) .; \
 	else \
 		echo "$(COLOR_YELLOW)⚠ PHP CodeSniffer not installed. Run: make install-deps$(COLOR_RESET)"; \
 	fi
 .PHONY: validate
 validate: lint phpcs ## Run all validation checks
 	@echo "$(COLOR_GREEN)✓ All validation checks passed$(COLOR_RESET)"
 .PHONY: clean
 clean: ## Clean build artifacts
 	@echo "$(COLOR_BLUE)Cleaning build artifacts...$(COLOR_RESET)"
 	@rm -rf $(BUILD_DIR) $(DIST_DIR)
 	@echo "$(COLOR_GREEN)✓ Build artifacts cleaned$(COLOR_RESET)"
 MOKO_PLATFORM ?= $(or $(wildcard ../moko-platform),$(wildcard $(HOME)/moko-platform),$(wildcard /opt/moko-platform))
 MINIFY_SCRIPT := $(MOKO_PLATFORM)/build/minify.js
 .PHONY: minify
 minify: ## Minify CSS/JS assets
 	@echo "Minifying assets..."
 	@if [ -f "$(MINIFY_SCRIPT)" ]; then \
 		node "$(MINIFY_SCRIPT)" $(SRC_DIR); \
 	elif [ -f "scripts/minify.js" ]; then \
 		node scripts/minify.js; \
 	else \
 		echo "No minify script found"; \
 	fi
 .PHONY: build
 build: clean validate minify ## Build extension package
 	@echo "$(COLOR_BLUE)Building Joomla extension package...$(COLOR_RESET)"
 	@mkdir -p $(DIST_DIR) $(BUILD_DIR)
 	# Determine package prefix based on extension type
 	@case "$(EXTENSION_TYPE)" in \
 		module) \
 			PACKAGE_PREFIX="mod_$(EXTENSION_NAME)"; \
 			BUILD_TARGET="$(BUILD_DIR)/$$PACKAGE_PREFIX"; \
 			;; \
 		plugin) \
 			PACKAGE_PREFIX="plg_$(PLUGIN_GROUP)_$(EXTENSION_NAME)"; \
 			BUILD_TARGET="$(BUILD_DIR)/$$PACKAGE_PREFIX"; \
 			;; \
 		component) \
 			PACKAGE_PREFIX="com_$(EXTENSION_NAME)"; \
 			BUILD_TARGET="$(BUILD_DIR)/$$PACKAGE_PREFIX"; \
 			;; \
 		package) \
 			PACKAGE_PREFIX="pkg_$(EXTENSION_NAME)"; \
 			BUILD_TARGET="$(BUILD_DIR)/$$PACKAGE_PREFIX"; \
 			;; \
 		template) \
 			PACKAGE_PREFIX="tpl_$(EXTENSION_NAME)"; \
 			BUILD_TARGET="$(BUILD_DIR)/$$PACKAGE_PREFIX"; \
 			;; \
 		*) \
 			echo "$(COLOR_RED)✗ Unknown extension type: $(EXTENSION_TYPE)$(COLOR_RESET)"; \
 			exit 1; \
 			;; \
 	esac; \
 	\
 	mkdir -p "$$BUILD_TARGET"; \
 	\
 	echo "Building $$PACKAGE_PREFIX..."; \
 	\
 	rsync -av --progress \
 		--exclude='$(BUILD_DIR)' \
 		--exclude='$(DIST_DIR)' \
 		--exclude='.git*' \
 		--exclude='vendor/' \
 		--exclude='node_modules/' \
 		--exclude='tests/' \
 		--exclude='Makefile' \
 		--exclude='composer.json' \
 		--exclude='composer.lock' \
 		--exclude='package.json' \
 		--exclude='package-lock.json' \
 		--exclude='phpunit.xml' \
 		--exclude='*.md' \
 		--exclude='.editorconfig' \
 		. "$$BUILD_TARGET/"; \
 	\
 	cd $(BUILD_DIR) && $(ZIP) -r "../$(DIST_DIR)/$${PACKAGE_PREFIX}-$(EXTENSION_VERSION).zip" "$${PACKAGE_PREFIX}"; \
 	\
 	echo "$(COLOR_GREEN)✓ Package created: $(DIST_DIR)/$${PACKAGE_PREFIX}-$(EXTENSION_VERSION).zip$(COLOR_RESET)"
 .PHONY: package
 package: build ## Alias for build
 	@echo "$(COLOR_GREEN)✓ Package ready for distribution$(COLOR_RESET)"
 .PHONY: release
 release: validate build ## Create a release (validate + build)
 	@echo "$(COLOR_GREEN)✓ Release package ready$(COLOR_RESET)"
 .PHONY: version
 version: ## Display version information
 	@echo "$(COLOR_BLUE)Extension Information:$(COLOR_RESET)"
 	@echo "  Name:    $(EXTENSION_NAME)"
 	@echo "  Type:    $(EXTENSION_TYPE)"
 	@echo "  Version: $(EXTENSION_VERSION)"
 .PHONY: security-check
 security-check: ## Run security checks on dependencies
 	@echo "$(COLOR_BLUE)Running security checks...$(COLOR_RESET)"
 	@if [ -f "composer.json" ]; then \
 		$(COMPOSER) audit || echo "$(COLOR_YELLOW)⚠ Vulnerabilities found$(COLOR_RESET)"; \
 	fi
 .PHONY: all
 all: install-deps validate build ## Run complete build pipeline
 	@echo "$(COLOR_GREEN)✓ Complete build pipeline finished$(COLOR_RESET)"
 # Default target
 .DEFAULT_GOAL := help
@@ -1,6 +1,6 @@
 # MokoSuiteOpenGraph
-<!-- VERSION: 01.03.00 -->
+<!-- VERSION: 01.04.00 -->
 Open Graph, Twitter Card, and social sharing meta tag management for Joomla 4/5/6.
@@ -0,0 +1,241 @@
 <!--
 Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 This file is part of a Moko Consulting project.
 SPDX-License-Identifier: GPL-3.0-or-later
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 3 of the License, or
 (at your option) any later version.
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <https://www.gnu.org/licenses/>.
 # FILE INFORMATION
 DEFGROUP: Template-Joomla
 INGROUP: Template-Joomla.Documentation
 REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
 PATH: /SECURITY.md
 VERSION: 01.01.00
 BRIEF: Security vulnerability reporting and handling policy
 -->
 # Security Policy
 ## Purpose and Scope
 This document defines the security vulnerability reporting, response, and disclosure policy for this Joomla Plugin template repository. It establishes the authoritative process for responsible disclosure, assessment, remediation, and communication of security issues.
 ## Supported Versions
 Security updates are provided for the following versions:
 | Version | Supported          |
 | ------- | ------------------ |
 | 01.x.x  | :white_check_mark: |
 | < 01.0  | :x:                |
 Only the current major version receives security updates. Users should upgrade to the latest supported version to receive security patches.
 ## Reporting a Vulnerability
 ### Where to Report
 **DO NOT** create public GitHub issues for security vulnerabilities.
 Report security vulnerabilities privately to:
 **Email**: `security@mokoconsulting.tech`
 **Subject Line**: `[SECURITY] Template-Joomla - Brief Description`
 ### What to Include
 A complete vulnerability report should include:
 1. **Description**: Clear explanation of the vulnerability
 2. **Impact**: Potential security impact and severity assessment
 3. **Affected Versions**: Which versions are vulnerable
 4. **Reproduction Steps**: Detailed steps to reproduce the issue
 5. **Proof of Concept**: Code, configuration, or demonstration (if applicable)
 6. **Suggested Fix**: Proposed remediation (if known)
 7. **Disclosure Timeline**: Your expectations for public disclosure
 ### Response Timeline
 * **Initial Response**: Within 3 business days
 * **Assessment Complete**: Within 7 business days
 * **Fix Timeline**: Depends on severity (see below)
 * **Disclosure**: Coordinated with reporter
 ## Severity Classification
 Vulnerabilities are classified using the following severity levels:
 ### Critical
 * Remote code execution
 * Authentication bypass
 * Data breach or exposure of sensitive information
 * **Fix Timeline**: 7 days
 ### High
 * Privilege escalation
 * SQL injection or command injection
 * Cross-site scripting (XSS) with significant impact
 * **Fix Timeline**: 14 days
 ### Medium
 * Information disclosure (limited scope)
 * Denial of service
 * Security misconfigurations with moderate impact
 * **Fix Timeline**: 30 days
 ### Low
 * Security best practice violations
 * Minor information leaks
 * Issues requiring user interaction or complex preconditions
 * **Fix Timeline**: 60 days or next release
 ## Remediation Process
 1. **Acknowledgment**: Security team confirms receipt and begins investigation
 2. **Assessment**: Vulnerability is validated, severity assigned, and impact analyzed
 3. **Development**: Security patch is developed and tested
 4. **Review**: Patch undergoes security review and validation
 5. **Release**: Fixed version is released with security advisory
 6. **Disclosure**: Public disclosure follows coordinated timeline
 ## Security Advisories
 Security advisories are published via:
 * GitHub Security Advisories
 * Release notes and CHANGELOG.md
 * Email notification to project users (if mailing list is established)
 Advisories include:
 * CVE identifier (if applicable)
 * Severity rating
 * Affected versions
 * Fixed versions
 * Mitigation steps
 * Attribution (with reporter consent)
 ## Security Best Practices
 For projects using this template:
 ### Required Controls
 * Enable GitHub security features (Dependabot, code scanning)
 * Implement branch protection on `main`
 * Require code review for all changes
 * Enforce signed commits (recommended)
 * Use secrets management (never commit credentials)
 * Maintain security documentation
 * Follow secure coding standards defined in MokoStandards
 ### Joomla Plugin Security
 * Follow Joomla security best practices
 * Validate and sanitize all user input
 * Use Joomla's database API to prevent SQL injection
 * Properly escape output to prevent XSS
 * Implement proper access control checks
 * Use Joomla's session and authentication APIs
 * Keep Joomla and dependencies up to date
 ### CI/CD Security
 * Validate all inputs
 * Sanitize outputs
 * Use least privilege access
 * Pin dependencies with hash verification
 * Scan for vulnerabilities in dependencies
 * Audit third-party actions and tools
 #### Automated Security Scanning
 All repositories SHOULD implement:
 **CodeQL Analysis**:
 * Enabled for PHP and other supported languages
 * Runs on: push to main, pull requests, weekly schedule
 * Query sets: `security-extended` and `security-and-quality`
 * Configuration: `.github/workflows/codeql-analysis.yml`
 **Dependabot Security Updates**:
 * Weekly scans for vulnerable dependencies
 * Automated pull requests for security patches
 * Configuration: `.github/dependabot.yml`
 **Secret Scanning**:
 * Enabled by default with push protection
 * Prevents accidental credential commits
 ### Dependency Management
 * Keep dependencies up to date
 * Monitor security advisories for dependencies
 * Remove unused dependencies
 * Audit new dependencies before adoption
 * Document security-critical dependencies
 ## Compliance and Governance
 This security policy is aligned with MokoStandards. Deviations require documented justification.
 Security policies are reviewed and updated at least annually or following significant security incidents.
 ## Attribution and Recognition
 We acknowledge and appreciate responsible disclosure. With your permission, we will:
 * Credit you in security advisories
 * List you in CHANGELOG.md for the fix release
 * Recognize your contribution publicly (if desired)
 ## Contact and Escalation
 * **Security Team**: security@mokoconsulting.tech
 * **Primary Contact**: hello@mokoconsulting.tech
 * **Escalation**: For urgent matters requiring immediate attention, contact the maintainer directly via GitHub
 ## Out of Scope
 The following are explicitly out of scope:
 * Issues in third-party dependencies (report directly to maintainers)
 * Social engineering attacks
 * Physical security issues
 * Denial of service via resource exhaustion without amplification
 * Issues requiring physical access to systems
 * Theoretical vulnerabilities without proof of exploitability
 ---
 ## Metadata
 | Field        | Value                                                                                                         |
 | ------------ | ------------------------------------------------------------------------------------------------------------ |
 | Document     | Security Policy                                                                                               |
 | Path         | /SECURITY.md                                                                                                  |
 | Repository   | [https://github.com/mokoconsulting-tech/Template-Joomla](https://github.com/mokoconsulting-tech/Template-Joomla) |
 | Owner        | Moko Consulting                                                                                              |
 | Scope        | Security vulnerability handling                                                                              |
 | Status       | Active                                                                                                       |
 | Effective    | 2026-01-16                                                                                                   |
 ## Revision History
 | Date       | Change Description                                | Author          |
 | ---------- | ------------------------------------------------- | --------------- |
 | 2026-01-16 | Initial creation for template repository          | Moko Consulting |
@@ -1,237 +0,0 @@
 #!/usr/bin/env bash
 # ============================================================================
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 # FILE INFORMATION
 # DEFGROUP: Automation.CI
 # INGROUP: moko-platform.Automation
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
 # PATH: /automation/ci-issue-reporter.sh
 # VERSION: 09.23.00
 # BRIEF: Creates or updates a Gitea issue when a CI gate fails.
 #        Deduplicates by searching open issues with the "ci-auto" label
 #        whose title matches the gate. If a matching issue exists, a comment
 #        is appended instead of opening a duplicate.
 # ============================================================================
 set -euo pipefail
 # ── Defaults ────────────────────────────────────────────────────────────────
 GITEA_URL="${GITEA_URL:-https://git.mokoconsulting.tech}"
 GITEA_TOKEN="${GITEA_TOKEN:-}"
 REPO="${GITHUB_REPOSITORY:-}"
 RUN_URL="${GITHUB_SERVER_URL:-${GITEA_URL}}/${REPO}/actions/runs/${GITHUB_RUN_ID:-0}"
 LABEL_NAME="ci-auto"
 LABEL_COLOR="#e11d48"
 GATE=""
 DETAILS=""
 SEVERITY="error"
 WORKFLOW=""
 # ── Parse arguments ─────────────────────────────────────────────────────────
 usage() {
  cat <<EOF
 Usage: ci-issue-reporter.sh --gate NAME --details TEXT [OPTIONS]
 Required:
  --gate      CI gate name (e.g. "Code Quality", "Self-Health")
  --details   Human-readable failure description
 Optional:
  --severity  "error" (default) or "warning"
  --workflow  Workflow name for the issue title
  --repo      owner/repo (default: \$GITHUB_REPOSITORY)
  --run-url   URL to the CI run (auto-detected from env)
  --token     Gitea API token (default: \$GITEA_TOKEN)
  --url       Gitea base URL (default: \$GITEA_URL)
 EOF
  exit 1
 }
 while [[ $# -gt 0 ]]; do
  case "$1" in
    --gate)     GATE="$2";       shift 2 ;;
    --details)  DETAILS="$2";    shift 2 ;;
    --severity) SEVERITY="$2";   shift 2 ;;
    --workflow) WORKFLOW="$2";   shift 2 ;;
    --repo)     REPO="$2";      shift 2 ;;
    --run-url)  RUN_URL="$2";   shift 2 ;;
    --token)    GITEA_TOKEN="$2"; shift 2 ;;
    --url)      GITEA_URL="$2"; shift 2 ;;
    -h|--help)  usage ;;
    *)          echo "Unknown option: $1"; usage ;;
  esac
 done
 [[ -z "$GATE" ]]         && { echo "ERROR: --gate is required"; usage; }
 [[ -z "$DETAILS" ]]      && { echo "ERROR: --details is required"; usage; }
 [[ -z "$GITEA_TOKEN" ]]  && { echo "ERROR: GITEA_TOKEN not set"; exit 1; }
 [[ -z "$REPO" ]]         && { echo "ERROR: GITHUB_REPOSITORY not set"; exit 1; }
 API="${GITEA_URL}/api/v1/repos/${REPO}"
 # ── Build title ─────────────────────────────────────────────────────────────
 if [[ -n "$WORKFLOW" ]]; then
  TITLE="[CI] ${WORKFLOW}: ${GATE} failed"
 else
  TITLE="[CI] ${GATE} failed"
 fi
 # ── Ensure label exists ─────────────────────────────────────────────────────
 ensure_label() {
  local exists
  exists=$(curl -sf -o /dev/null -w '%{http_code}' \
    -H "Authorization: token ${GITEA_TOKEN}" \
    "${API}/labels" 2>/dev/null || echo "000")
  if [[ "$exists" == "200" ]]; then
    # Check if label already exists
    local found
    found=$(curl -sf \
      -H "Authorization: token ${GITEA_TOKEN}" \
      "${API}/labels" 2>/dev/null \
      | grep -o "\"name\":\"${LABEL_NAME}\"" || true)
    if [[ -z "$found" ]]; then
      curl -sf -X POST \
        -H "Authorization: token ${GITEA_TOKEN}" \
        -H "Content-Type: application/json" \
        "${API}/labels" \
        -d "{\"name\":\"${LABEL_NAME}\",\"color\":\"${LABEL_COLOR}\",\"description\":\"Auto-created by CI issue reporter\"}" \
        > /dev/null 2>&1 || true
    fi
  fi
 }
 # ── Search for existing open issue ──────────────────────────────────────────
 find_existing_issue() {
  # URL-encode the gate name for the query
  local query
  query=$(printf '%s' "[CI] ${GATE}" | sed 's/ /%20/g; s/\[/%5B/g; s/\]/%5D/g')
  local response
  response=$(curl -sf \
    -H "Authorization: token ${GITEA_TOKEN}" \
    "${API}/issues?type=issues&state=open&labels=${LABEL_NAME}&q=${query}&limit=5" \
    2>/dev/null || echo "[]")
  # Extract the first matching issue number
  echo "$response" \
    | grep -oP '"number":\s*\K[0-9]+' \
    | head -1
 }
 # ── Build issue body ────────────────────────────────────────────────────────
 build_body() {
  local severity_badge
  if [[ "$SEVERITY" == "error" ]]; then
    severity_badge="**Severity:** Error"
  else
    severity_badge="**Severity:** Warning"
  fi
  cat <<BODY
 ## CI Gate Failure: ${GATE}
 ${severity_badge}
 **Workflow:** ${WORKFLOW:-unknown}
 **Branch:** ${GITHUB_REF_NAME:-unknown}
 **Commit:** \`${GITHUB_SHA:0:8}\`
 **Run:** [View CI run](${RUN_URL})
 ### Details
 ${DETAILS}
 ### Resolution
 Fix the issue described above and push a new commit. This issue will be closed automatically when the gate passes, or can be closed manually.
 ---
 *Auto-created by [ci-issue-reporter](${GITEA_URL}/${REPO}/src/branch/main/automation/ci-issue-reporter.sh)*
 BODY
 }
 # ── Build comment body (for existing issues) ────────────────────────────────
 build_comment() {
  cat <<COMMENT
 ### CI failure recurrence
 **Branch:** ${GITHUB_REF_NAME:-unknown}
 **Commit:** \`${GITHUB_SHA:0:8}\`
 **Run:** [View CI run](${RUN_URL})
 ${DETAILS}
 COMMENT
 }
 # ── Main ────────────────────────────────────────────────────────────────────
 ensure_label
 EXISTING=$(find_existing_issue)
 if [[ -n "$EXISTING" ]]; then
  # Append comment to existing issue
  COMMENT_BODY=$(build_comment)
  COMMENT_JSON=$(printf '%s' "$COMMENT_BODY" | python3 -c "
 import sys, json
 print(json.dumps({'body': sys.stdin.read()}))" 2>/dev/null)
  HTTP=$(curl -sf -o /dev/null -w '%{http_code}' -X POST \
    -H "Authorization: token ${GITEA_TOKEN}" \
    -H "Content-Type: application/json" \
    "${API}/issues/${EXISTING}/comments" \
    -d "${COMMENT_JSON}" 2>/dev/null || echo "000")
  if [[ "$HTTP" == "201" ]]; then
    echo "Commented on existing issue #${EXISTING}"
  else
    echo "WARNING: Failed to comment on issue #${EXISTING} (HTTP ${HTTP})"
  fi
 else
  # Create new issue
  ISSUE_BODY=$(build_body)
  ISSUE_JSON=$(python3 -c "
 import sys, json
 body = sys.stdin.read()
 print(json.dumps({
    'title': sys.argv[1],
    'body': body,
    'labels': []
 }))" "$TITLE" <<< "$ISSUE_BODY" 2>/dev/null)
  # Create the issue
  RESPONSE=$(curl -sf -X POST \
    -H "Authorization: token ${GITEA_TOKEN}" \
    -H "Content-Type: application/json" \
    "${API}/issues" \
    -d "${ISSUE_JSON}" 2>/dev/null || echo "{}")
  ISSUE_NUM=$(echo "$RESPONSE" | grep -oP '"number":\s*\K[0-9]+' | head -1)
  if [[ -n "$ISSUE_NUM" ]]; then
    # Apply label (separate call — more reliable across Gitea versions)
    LABEL_ID=$(curl -sf \
      -H "Authorization: token ${GITEA_TOKEN}" \
      "${API}/labels" 2>/dev/null \
      | grep -oP "\"id\":\s*\K[0-9]+(?=[^}]*\"name\":\s*\"${LABEL_NAME}\")" \
      | head -1 || true)
    if [[ -n "$LABEL_ID" ]]; then
      curl -sf -X POST \
        -H "Authorization: token ${GITEA_TOKEN}" \
        -H "Content-Type: application/json" \
        "${API}/issues/${ISSUE_NUM}/labels" \
        -d "{\"labels\":[${LABEL_ID}]}" \
        > /dev/null 2>&1 || true
    fi
    echo "Created issue #${ISSUE_NUM}: ${TITLE}"
  else
    echo "WARNING: Failed to create issue"
    echo "Response: ${RESPONSE}"
  fi
 fi
@@ -1,6 +1,6 @@
 {
-    "name": "mokoconsulting/mokoog",
+    "name": "mokoconsulting/mokojoomgallery",
-    "description": "Open Graph, Twitter Card, and social sharing meta tag management for Joomla",
+    "description": "Photo gallery management for Joomla — galleries, images, thumbnails, lightbox, and frontend display",
    "type": "joomla-package",
    "version": "01.00.00",
    "license": "GPL-3.0-or-later",
@@ -17,9 +17,9 @@
    "require-dev": {
        "squizlabs/php_codesniffer": "^3.7",
        "phpstan/phpstan": "^1.10",
-        "joomla/coding-standards": "^3.0"
+        "joomla/coding-standards": "3.0.x-dev"
    },
-    "minimum-stability": "alpha",
+    "minimum-stability": "dev",
    "prefer-stable": true,
    "config": {
        "sort-packages": true
@@ -60,6 +60,14 @@
            <option value="product">Product</option>
            <option value="profile">Profile</option>
        </field>
        <field
            name="og_video"
            type="url"
            label="COM_MOKOOG_FIELD_OG_VIDEO"
            description="COM_MOKOOG_FIELD_OG_VIDEO_DESC"
            filter="url"
            validate="url"
        />
        <field
            name="published"
            type="list"
@@ -32,6 +32,8 @@ COM_MOKOOG_FIELD_OG_IMAGE="OG Image"
 COM_MOKOOG_FIELD_OG_IMAGE_DESC="Custom image for social sharing."
 COM_MOKOOG_FIELD_OG_TYPE="OG Type"
 COM_MOKOOG_FIELD_OG_TYPE_DESC="The Open Graph content type."
 COM_MOKOOG_FIELD_OG_VIDEO="Video URL"
 COM_MOKOOG_FIELD_OG_VIDEO_DESC="URL of a video for social sharing previews. Supports direct video URLs and YouTube/Vimeo links."
 COM_MOKOOG_FILTER_SEARCH="Search OG titles"
 COM_MOKOOG_FILTER_CONTENT_TYPE="Content Type"
@@ -32,6 +32,8 @@ COM_MOKOOG_FIELD_OG_IMAGE="OG Image"
 COM_MOKOOG_FIELD_OG_IMAGE_DESC="Custom image for social sharing."
 COM_MOKOOG_FIELD_OG_TYPE="OG Type"
 COM_MOKOOG_FIELD_OG_TYPE_DESC="The Open Graph content type."
 COM_MOKOOG_FIELD_OG_VIDEO="Video URL"
 COM_MOKOOG_FIELD_OG_VIDEO_DESC="URL of a video for social sharing previews. Supports direct video URLs and YouTube/Vimeo links."
 COM_MOKOOG_FILTER_SEARCH="Search OG titles"
 COM_MOKOOG_FILTER_CONTENT_TYPE="Content Type"
@@ -8,7 +8,7 @@
 -->
 <extension type="component" method="upgrade">
    <name>com_mokoog</name>
-    <version>01.03.00</version>
+    <version>01.04.00</version>
    <creationDate>2026-05-23</creationDate>
    <author>Moko Consulting</author>
    <authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -6,12 +6,13 @@
 CREATE TABLE IF NOT EXISTS `#__mokoog_tags` (
    `id`             INT(11) UNSIGNED NOT NULL AUTO_INCREMENT,
-    `content_type`   VARCHAR(100) NOT NULL DEFAULT '' COMMENT 'e.g. com_content, menu, com_virtuemart',
+    `content_type`   VARCHAR(100) NOT NULL DEFAULT '' COMMENT 'e.g. com_content, menu, com_mokoshop',
    `content_id`     INT(11) UNSIGNED NOT NULL DEFAULT 0,
    `og_title`       VARCHAR(255) NOT NULL DEFAULT '',
    `og_description` TEXT NOT NULL,
    `og_image`       VARCHAR(512) NOT NULL DEFAULT '',
    `og_type`        VARCHAR(50) NOT NULL DEFAULT 'article',
    `og_video`       VARCHAR(512) NOT NULL DEFAULT '',
    `seo_title`      VARCHAR(70) NOT NULL DEFAULT '',
    `meta_description` VARCHAR(200) NOT NULL DEFAULT '',
    `robots`         VARCHAR(100) NOT NULL DEFAULT '',
@@ -0,0 +1,5 @@
 --
 -- MokoJoomOpenGraph 01.03.00 - Add og_video column
 --
 ALTER TABLE `#__mokoog_tags` ADD COLUMN `og_video` VARCHAR(512) NOT NULL DEFAULT '' AFTER `og_type`;
@@ -49,6 +49,14 @@
                <option value="music.song">Music</option>
                <option value="video.other">Video</option>
            </field>
            <field
                name="og_video"
                type="url"
                label="PLG_CONTENT_MOKOOG_FIELD_OG_VIDEO"
                description="PLG_CONTENT_MOKOOG_FIELD_OG_VIDEO_DESC"
                filter="url"
                validate="url"
            />
        </fieldset>
        <fieldset name="mokoog_seo" label="PLG_CONTENT_MOKOOG_FIELDSET_SEO_LABEL"
                  description="PLG_CONTENT_MOKOOG_FIELDSET_SEO_DESC">
@@ -14,6 +14,9 @@ PLG_CONTENT_MOKOOG_FIELD_OG_IMAGE_DESC="Custom image for social sharing. Recomme
 PLG_CONTENT_MOKOOG_FIELD_OG_TYPE="OG Type"
 PLG_CONTENT_MOKOOG_FIELD_OG_TYPE_DESC="The Open Graph content type for this page."
 PLG_CONTENT_MOKOOG_FIELD_OG_VIDEO="Video URL"
 PLG_CONTENT_MOKOOG_FIELD_OG_VIDEO_DESC="URL of a video to embed in social sharing previews. Supports direct video URLs and YouTube/Vimeo links. Outputs og:video meta tags."
 PLG_CONTENT_MOKOOG_FIELDSET_SEO_LABEL="SEO Meta Tags"
 PLG_CONTENT_MOKOOG_FIELDSET_SEO_DESC="Control search engine meta tags for this page."
@@ -14,6 +14,9 @@ PLG_CONTENT_MOKOOG_FIELD_OG_IMAGE_DESC="Custom image for social sharing. Recomme
 PLG_CONTENT_MOKOOG_FIELD_OG_TYPE="OG Type"
 PLG_CONTENT_MOKOOG_FIELD_OG_TYPE_DESC="The Open Graph content type for this page."
 PLG_CONTENT_MOKOOG_FIELD_OG_VIDEO="Video URL"
 PLG_CONTENT_MOKOOG_FIELD_OG_VIDEO_DESC="URL of a video to embed in social sharing previews. Supports direct video URLs and YouTube/Vimeo links. Outputs og:video meta tags."
 PLG_CONTENT_MOKOOG_FIELDSET_SEO_LABEL="SEO Meta Tags"
 PLG_CONTENT_MOKOOG_FIELDSET_SEO_DESC="Control search engine meta tags for this page."
@@ -102,3 +102,46 @@
    color: #536471;
    margin-top: 2px;
 }
 /* LinkedIn card */
 .mokoog-card-li {
    border: 1px solid #e0dfdc;
    border-radius: 2px;
 }
 .mokoog-card-li .mokoog-card-body {
    border-top-color: #e0dfdc;
 }
 .mokoog-card-li .mokoog-card-title {
    font-size: 14px;
    font-weight: 600;
    color: rgba(0, 0, 0, 0.9);
 }
 .mokoog-card-li .mokoog-card-domain {
    font-size: 12px;
    color: rgba(0, 0, 0, 0.6);
    text-transform: none;
 }
 /* Character count indicators */
 .mokoog-char-count {
    display: block;
    font-size: 12px;
    margin-top: 4px;
    font-variant-numeric: tabular-nums;
 }
 .mokoog-char-ok {
    color: #2e7d32;
 }
 .mokoog-char-warn {
    color: #f57c00;
 }
 .mokoog-char-over {
    color: #d32f2f;
    font-weight: 600;
 }
@@ -15,9 +15,44 @@ document.addEventListener('DOMContentLoaded', function () {
        ogDesc: document.getElementById('jform_mokoog_og_description'),
        ogImage: document.getElementById('jform_mokoog_og_image'),
        articleTitle: document.getElementById('jform_title'),
-        metaDesc: document.getElementById('jform_metadesc')
+        metaDesc: document.getElementById('jform_metadesc'),
        seoTitle: document.getElementById('jform_mokoog_seo_title'),
        metaDescription: document.getElementById('jform_mokoog_meta_description')
    };
    // Character count indicators
    var charLimits = [
        { field: fields.ogTitle, optimal: 60, max: 90 },
        { field: fields.ogDesc, optimal: 155, max: 200 },
        { field: fields.seoTitle, optimal: 60, max: 70 },
        { field: fields.metaDescription, optimal: 155, max: 160 }
    ];
    charLimits.forEach(function (cfg) {
        if (!cfg.field) return;
        var counter = document.createElement('span');
        counter.className = 'mokoog-char-count';
        cfg.field.parentNode.appendChild(counter);
        function refresh() {
            var len = cfg.field.value.length;
            counter.textContent = len + '/' + cfg.optimal;
            if (len > cfg.max) {
                counter.className = 'mokoog-char-count mokoog-char-over';
            } else if (len > cfg.optimal) {
                counter.className = 'mokoog-char-count mokoog-char-warn';
            } else {
                counter.className = 'mokoog-char-count mokoog-char-ok';
            }
        }
        cfg.field.addEventListener('input', refresh);
        cfg.field.addEventListener('change', refresh);
        refresh();
    });
    // Find the mokoog fieldset and insert preview after it
    var fieldset = document.querySelector('[data-showon-id="mokoog"]') ||
        document.getElementById('attrib-mokoog') ||
@@ -110,6 +145,36 @@ document.addEventListener('DOMContentLoaded', function () {
    twCard.appendChild(twBody);
    wrapper.appendChild(twCard);
    // LinkedIn preview card
    var liLabel = document.createElement('small');
    liLabel.className = 'mokoog-platform-label';
    liLabel.textContent = 'LinkedIn';
    wrapper.appendChild(liLabel);
    var liCard = document.createElement('div');
    liCard.className = 'mokoog-card mokoog-card-li';
    var liImg = document.createElement('div');
    liImg.id = 'mokoog-li-img';
    liImg.className = 'mokoog-card-img';
    liCard.appendChild(liImg);
    var liBody = document.createElement('div');
    liBody.className = 'mokoog-card-body';
    var liTitle = document.createElement('div');
    liTitle.id = 'mokoog-li-title';
    liTitle.className = 'mokoog-card-title';
    liBody.appendChild(liTitle);
    var liDomain = document.createElement('div');
    liDomain.id = 'mokoog-li-domain';
    liDomain.className = 'mokoog-card-domain';
    liBody.appendChild(liDomain);
    liCard.appendChild(liBody);
    wrapper.appendChild(liCard);
    preview.appendChild(wrapper);
    fieldset.parentNode.insertBefore(preview, fieldset.nextSibling);
@@ -152,6 +217,18 @@ document.addEventListener('DOMContentLoaded', function () {
        } else {
            twImgEl.style.display = 'none';
        }
        // LinkedIn (shorter truncation: title 70, no description shown in card)
        var liTitle = title.length > 70 ? title.substring(0, 67) + '...' : title;
        document.getElementById('mokoog-li-title').textContent = liTitle;
        document.getElementById('mokoog-li-domain').textContent = domain;
        var liImgEl = document.getElementById('mokoog-li-img');
        if (img) {
            liImgEl.style.backgroundImage = 'url(' + encodeURI(img) + ')';
            liImgEl.style.display = '';
        } else {
            liImgEl.style.display = 'none';
        }
    }
    Object.values(fields).forEach(function (el) {
@@ -8,7 +8,7 @@
 -->
 <extension type="plugin" group="content" method="upgrade">
    <name>Content - MokoJoomOpenGraph</name>
-    <version>01.03.00</version>
+    <version>01.04.00</version>
    <creationDate>2026-05-23</creationDate>
    <author>Moko Consulting</author>
    <authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -194,7 +194,7 @@ final class MokoOGContent extends CMSPlugin implements SubscriberInterface
        $db    = Factory::getDbo();
        $query = $db->getQuery(true)
            ->select($db->quoteName([
-                'og_title', 'og_description', 'og_image', 'og_type',
+                'og_title', 'og_description', 'og_image', 'og_type', 'og_video',
                'seo_title', 'meta_description', 'robots', 'canonical_url',
            ]))
            ->from($db->quoteName('#__mokoog_tags'))
@@ -249,6 +249,7 @@ final class MokoOGContent extends CMSPlugin implements SubscriberInterface
            'og_description'   => trim($ogData['og_description'] ?? ''),
            'og_image'         => trim($ogData['og_image'] ?? ''),
            'og_type'          => trim($ogData['og_type'] ?? 'article'),
            'og_video'         => $this->sanitizeUrl($ogData['og_video'] ?? ''),
            'seo_title'        => trim($ogData['seo_title'] ?? ''),
            'meta_description' => trim($ogData['meta_description'] ?? ''),
            'robots'           => trim($robots),
@@ -266,6 +267,28 @@ final class MokoOGContent extends CMSPlugin implements SubscriberInterface
        }
    }
    /**
     * Sanitize a URL to only allow http/https schemes.
     *
     * @param   string  $url  Raw URL value
     *
     * @return  string  Sanitized URL or empty string
     */
    private function sanitizeUrl(string $url): string
    {
        $url = trim($url);
        if ($url === '') {
            return '';
        }
        if (!str_starts_with($url, 'http://') && !str_starts_with($url, 'https://')) {
            return '';
        }
        return $url;
    }
    /**
     * Extract the language tag from content data.
     *
@@ -23,6 +23,8 @@ PLG_SYSTEM_MOKOOG_FIELD_FB_APP_ID="Facebook App ID"
 PLG_SYSTEM_MOKOOG_FIELD_FB_APP_ID_DESC="Your Facebook App ID for fb:app_id meta tag."
 PLG_SYSTEM_MOKOOG_FIELD_DISCORD_COLOR="Discord Embed Color"
 PLG_SYSTEM_MOKOOG_FIELD_DISCORD_COLOR_DESC="The color of the embed sidebar when shared on Discord. Sets the theme-color meta tag. Leave blank to use Discord defaults."
 PLG_SYSTEM_MOKOOG_FIELD_FEDIVERSE_CREATOR="Fediverse Creator"
 PLG_SYSTEM_MOKOOG_FIELD_FEDIVERSE_CREATOR_DESC="Your Fediverse/Mastodon handle (e.g. @user@mastodon.social). Outputs a fediverse:creator meta tag for author attribution on Mastodon and other Fediverse platforms."
 PLG_SYSTEM_MOKOOG_FIELD_AUTO_GENERATE="Auto-generate Tags"
 PLG_SYSTEM_MOKOOG_FIELD_AUTO_GENERATE_DESC="Automatically generate OG tags from article content when no custom tags are set."
 PLG_SYSTEM_MOKOOG_FIELD_STRIP_HTML="Strip HTML from Description"
@@ -23,6 +23,8 @@ PLG_SYSTEM_MOKOOG_FIELD_FB_APP_ID="Facebook App ID"
 PLG_SYSTEM_MOKOOG_FIELD_FB_APP_ID_DESC="Your Facebook App ID for fb:app_id meta tag."
 PLG_SYSTEM_MOKOOG_FIELD_DISCORD_COLOR="Discord Embed Color"
 PLG_SYSTEM_MOKOOG_FIELD_DISCORD_COLOR_DESC="The color of the embed sidebar when shared on Discord. Sets the theme-color meta tag. Leave blank to use Discord defaults."
 PLG_SYSTEM_MOKOOG_FIELD_FEDIVERSE_CREATOR="Fediverse Creator"
 PLG_SYSTEM_MOKOOG_FIELD_FEDIVERSE_CREATOR_DESC="Your Fediverse/Mastodon handle (e.g. @user@mastodon.social). Outputs a fediverse:creator meta tag for author attribution on Mastodon and other Fediverse platforms."
 PLG_SYSTEM_MOKOOG_FIELD_AUTO_GENERATE="Auto-generate Tags"
 PLG_SYSTEM_MOKOOG_FIELD_AUTO_GENERATE_DESC="Automatically generate OG tags from article content when no custom tags are set."
 PLG_SYSTEM_MOKOOG_FIELD_STRIP_HTML="Strip HTML from Description"
@@ -8,7 +8,7 @@
 -->
 <extension type="plugin" group="system" method="upgrade">
    <name>System - MokoJoomOpenGraph</name>
-    <version>01.03.00</version>
+    <version>01.04.00</version>
    <creationDate>2026-05-23</creationDate>
    <author>Moko Consulting</author>
    <authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -106,6 +106,14 @@
                    description="PLG_SYSTEM_MOKOOG_FIELD_DISCORD_COLOR_DESC"
                    default=""
                />
                <field
                    name="fediverse_creator"
                    type="text"
                    label="PLG_SYSTEM_MOKOOG_FIELD_FEDIVERSE_CREATOR"
                    description="PLG_SYSTEM_MOKOOG_FIELD_FEDIVERSE_CREATOR_DESC"
                    default=""
                    filter="string"
                />
            </fieldset>
            <fieldset name="advanced" label="PLG_SYSTEM_MOKOOG_FIELDSET_ADVANCED">
                <field
@@ -92,7 +92,7 @@ final class MokoOG extends CMSPlugin implements SubscriberInterface
            if ($catOg) {
                // Merge: category fills any gaps in the content-level data
-                foreach (['og_title', 'og_description', 'og_image', 'og_type', 'seo_title', 'meta_description', 'robots', 'canonical_url'] as $field) {
+                foreach (['og_title', 'og_description', 'og_image', 'og_type', 'og_video', 'seo_title', 'meta_description', 'robots', 'canonical_url'] as $field) {
                    if (empty($ogData->$field) && !empty($catOg->$field)) {
                        $ogData->$field = $catOg->$field;
                    }
@@ -177,6 +177,38 @@ final class MokoOG extends CMSPlugin implements SubscriberInterface
            $doc->setMetaData('theme-color', $discordColor);
        }
        // Fediverse/Mastodon creator attribution
        $fediverseCreator = $this->params->get('fediverse_creator', '');
        if ($fediverseCreator) {
            $doc->setMetaData('fediverse:creator', $fediverseCreator);
        }
        // og:video tags
        $videoUrl = $ogData->og_video ?? '';
        if ($videoUrl) {
            $doc->setMetaData('og:video', $videoUrl, 'property');
            if (str_starts_with($videoUrl, 'https://')) {
                $doc->setMetaData('og:video:secure_url', $videoUrl, 'property');
            }
            // Detect video type from URL — embeds vs direct files
            $isEmbed = str_contains($videoUrl, 'youtube.com') || str_contains($videoUrl, 'youtu.be')
                || str_contains($videoUrl, 'vimeo.com');
            if ($isEmbed) {
                $doc->setMetaData('og:video:type', 'text/html', 'property');
            } else {
                $ext = strtolower(pathinfo(parse_url($videoUrl, PHP_URL_PATH) ?: '', PATHINFO_EXTENSION));
                $mimeMap = ['mp4' => 'video/mp4', 'webm' => 'video/webm', 'ogg' => 'video/ogg'];
                $doc->setMetaData('og:video:type', $mimeMap[$ext] ?? 'video/mp4', 'property');
                $doc->setMetaData('og:video:width', '1280', 'property');
                $doc->setMetaData('og:video:height', '720', 'property');
            }
        }
        // LinkedIn article tags
        if ($option === 'com_content' && $view === 'article' && $id > 0) {
            $doc->setMetaData('article:published_time', $this->getArticleDate($id, 'publish_up'), 'property');
@@ -189,13 +221,34 @@ final class MokoOG extends CMSPlugin implements SubscriberInterface
            }
        }
-        // MokoSuiteShop product meta tags
+        // MokoSuiteShop product meta tags (pricing + Pinterest availability)
        if ($option === 'com_mokoshop' && $view === 'product' && $id > 0) {
            $productData = $this->loadShopProduct($id);
            if ($productData) {
                $doc->setMetaData('product:price:amount', number_format((float) $productData->price, 2, '.', ''), 'property');
                $doc->setMetaData('product:price:currency', $productData->currency ?: 'USD', 'property');
                $availability = ((int) ($productData->stock_qty ?? 0) > 0) ? 'instock' : 'outofstock';
                $doc->setMetaData('product:availability', $availability, 'property');
            }
        }
        // Pinterest article:tag rich pins (from Joomla content tags)
        if ($option === 'com_content' && $view === 'article' && $id > 0) {
            $db = Factory::getDbo();
            $tagQuery = $db->getQuery(true)
                ->select($db->quoteName('t.title'))
                ->from($db->quoteName('#__tags', 't'))
                ->join('INNER', $db->quoteName('#__contentitem_tag_map', 'm')
                    . ' ON ' . $db->quoteName('m.tag_id') . ' = ' . $db->quoteName('t.id'))
                ->where($db->quoteName('m.type_alias') . ' = ' . $db->quote('com_content.article'))
                ->where($db->quoteName('m.content_item_id') . ' = ' . $id)
                ->where($db->quoteName('t.published') . ' = 1');
            $db->setQuery($tagQuery);
            $tags = $db->loadColumn();
            foreach ($tags as $tag) {
                $doc->setMetaData('article:tag', $tag, 'property');
            }
        }
@@ -299,6 +352,7 @@ final class MokoOG extends CMSPlugin implements SubscriberInterface
            'og_description'   => '',
            'og_image'         => '',
            'og_type'          => '',
            'og_video'         => '',
            'seo_title'        => '',
            'meta_description' => '',
            'robots'           => '',
@@ -8,7 +8,7 @@
 -->
 <extension type="plugin" group="webservices" method="upgrade">
    <name>Web Services - MokoJoomOpenGraph</name>
-    <version>01.03.00</version>
+    <version>01.04.00</version>
    <creationDate>2026-05-23</creationDate>
    <author>Moko Consulting</author>
    <authorEmail>hello@mokoconsulting.tech</authorEmail>
@@ -8,7 +8,7 @@
 <extension type="package" method="upgrade">
    <name>Package - MokoSuiteOpenGraph</name>
    <packagename>mokoog</packagename>
-    <version>01.03.00</version>
+    <version>01.04.00</version>
    <creationDate>2026-05-23</creationDate>
    <author>Moko Consulting</author>
    <authorEmail>hello@mokoconsulting.tech</authorEmail>
Author	SHA1	Message	Date
jmiller	aa4e254f0b	chore: sync pr-metadata-check.yml from Template-Joomla	2026-06-28 07:47:38 +00:00
jmiller	9147790214	chore: sync SECURITY.md from Template-Joomla	2026-06-28 07:46:12 +00:00
jmiller	3e51d8c439	chore: sync GOVERNANCE.md from Template-Joomla	2026-06-28 07:42:40 +00:00
jmiller	750f769a13	chore: sync CONTRIBUTING.md from Template-Joomla	2026-06-28 07:40:55 +00:00
jmiller	981464ee4e	chore: sync CODE_OF_CONDUCT.md from Template-Joomla	2026-06-28 07:37:50 +00:00
jmiller	7afcc8e6b9	chore: sync composer.json from Template-Joomla	2026-06-28 07:35:50 +00:00
jmiller	e47fdf8722	chore: sync phpstan.neon from Template-Joomla	2026-06-28 07:34:31 +00:00
jmiller	872abec8bc	chore: sync .editorconfig from Template-Joomla	2026-06-28 07:33:59 +00:00
jmiller	6cc08927e7	chore: sync ci-generic.yml from Template-Generic [skip ci]	2026-06-27 20:44:50 +00:00
jmiller	ed715b5db8	chore: sync rc-revert.yml from Template-Generic [skip ci]	2026-06-27 05:32:30 +00:00
jmiller	5d02db24d5	chore: sync pre-release.yml from Template-Generic [skip ci]	2026-06-27 00:49:26 +00:00
jmiller	e6ade9033d	chore: sync repo-health.yml from Template-Generic [skip ci]	2026-06-25 19:47:01 +00:00
jmiller	76845f78f2	chore: sync pr-check.yml from Template-Generic [skip ci]	2026-06-25 19:47:00 +00:00
jmiller	b68d3f6481	chore: sync ci-issue-reporter.yml from Template-Generic [skip ci]	2026-06-25 19:46:59 +00:00
jmiller	3110d7eb75	chore: sync workflow-sync-trigger.yml from Template-Generic [skip ci]	2026-06-25 17:11:55 +00:00
jmiller	e285b8e770	chore: sync version-set.yml from Template-Generic [skip ci]	2026-06-25 17:11:54 +00:00
jmiller	0997a875d6	chore: sync repo-health.yml from Template-Generic [skip ci]	2026-06-25 17:11:54 +00:00
jmiller	baf67e18e6	chore: sync pre-release.yml from Template-Generic [skip ci]	2026-06-25 17:11:53 +00:00
jmiller	cf6b1286b5	chore: sync pr-check.yml from Template-Generic [skip ci]	2026-06-25 17:11:53 +00:00
jmiller	c1f560704b	chore: sync issue-branch.yml from Template-Generic [skip ci]	2026-06-25 17:11:52 +00:00
jmiller	52edde00c9	chore: sync deploy-manual.yml from Template-Generic [skip ci]	2026-06-25 17:11:51 +00:00
jmiller	759af6b237	chore: sync cleanup.yml from Template-Generic [skip ci]	2026-06-25 17:11:51 +00:00
jmiller	e0112d770a	chore: sync auto-release.yml from Template-Generic [skip ci]	2026-06-25 17:11:50 +00:00
jmiller	5544878cf2	chore: sync auto-bump.yml from Template-Generic [skip ci]	2026-06-25 17:11:49 +00:00
jmiller	bd551bffda	chore: sync version-set.yml from Template-Generic [skip ci]	2026-06-24 11:51:16 +00:00
jmiller	48eeb9631f	chore: sync auto-release.yml from Template-Generic [skip ci]	2026-06-24 11:51:14 +00:00
jmiller	2e3331170f	chore: remove security-audit.yml -- handled by MokoGitea	2026-06-23 18:27:30 +00:00
jmiller	4699686f26	chore: sync deploy-manual.yml from Template-Generic [skip ci]	2026-06-23 17:51:20 +00:00
jmiller	a7fe881d84	chore: remove deprecated .mokogitea/workflows/composer-publish.yml [skip ci]	2026-06-23 17:37:50 +00:00
jmiller	ab02de34f4	chore: remove deprecated .mokogitea/workflows/update-server.yml [skip ci]	2026-06-23 17:37:47 +00:00
jmiller	64d9a97db1	chore: remove deprecated .mokogitea/workflows/deploy-manual.yml [skip ci]	2026-06-23 17:37:44 +00:00
jmiller	3ba1c3ead4	chore: sync repo-health.yml from Template-Generic [skip ci]	2026-06-23 16:05:23 +00:00
jmiller	4c091805ee	chore: sync pr-check.yml from Template-Generic [skip ci]	2026-06-23 16:05:22 +00:00
jmiller	0d4e7785a3	chore: sync issue-branch.yml from Template-Generic [skip ci]	2026-06-23 16:05:21 +00:00
jmiller	6f13a10a34	chore: sync auto-bump.yml from Template-Generic [skip ci]	2026-06-23 16:05:18 +00:00
gitea-actions[bot]	5f1e44e66b	chore: promote changelog [Unreleased] → [01.04.00]	2026-06-23 16:04:28 +00:00
gitea-actions[bot]	646dd23e81	chore(release): build 01.04.00 [skip ci] Publish to Composer / Publish Package (release) Successful in 27s Details	2026-06-23 16:04:22 +00:00
jmiller	d4229fd450	Merge pull request 'feat: v1.3 — multi-platform social tags, editor UX, video support' (#82 ) from dev into main	2026-06-23 16:03:30 +00:00
Jonathan Miller	5724a1545e	Merge remote-tracking branch 'origin/dev' into dev Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s Details Universal: PR Check / Validate PR (pull_request) Failing after 5s Details Universal: PR Check / Secret Scan (pull_request) Successful in 5s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 9s Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Failing after 9s Details Universal: Auto Version Bump / Version Bump (push) Successful in 11s Details Branch Cleanup / Delete merged branch (pull_request) Has been skipped Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 3s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 12s Details Universal: Build & Release / Promote to RC (pull_request) Has been skipped Details Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 23s Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details	2026-06-23 11:02:45 -05:00
Jonathan Miller	a04dbfd732	chore: normalize workflow CRLF to LF	2026-06-23 10:59:35 -05:00
Jonathan Miller	bc06710fdd	Merge remote-tracking branch 'origin/main' into dev # Conflicts: # CHANGELOG.md # README.md # source/packages/com_mokoog/mokoog.xml # source/packages/plg_content_mokoog/mokoog.xml # source/packages/plg_system_mokoog/mokoog.xml # source/packages/plg_webservices_mokoog/mokoog.xml # source/pkg_mokoog.xml	2026-06-23 10:55:38 -05:00
gitea-actions[bot]	07b296db61	chore(version): pre-release bump to 01.03.05-dev [skip ci] Publish to Composer / Publish Package (release) Successful in 39s Details	2026-06-23 15:47:35 +00:00
gitea-actions[bot]	6a0ee812d8	chore(version): auto-bump patch 01.03.04-dev [skip ci]	2026-06-23 15:47:22 +00:00
Jonathan Miller	fcfa6838e5	fix: address PR #82 review findings Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s Details Universal: PR Check / Branch Policy (pull_request) Successful in 2s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 2s Details Universal: PR Check / Validate PR (pull_request) Failing after 7s Details Universal: PR Check / Secret Scan (pull_request) Successful in 8s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 14s Details Universal: Auto Version Bump / Version Bump (push) Successful in 16s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 15s Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Failing after 54s Details Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled Details Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Universal: PR Check / Report Issues (pull_request) Has been cancelled Details Generic: Repo Health / Scripts governance (pull_request) Has been cancelled Details Generic: Repo Health / Repository health (pull_request) Has been cancelled Details Generic: Repo Health / Report Issues (pull_request) Has been cancelled Details - Only emit og:video:secure_url for HTTPS URLs (review #1) - Only emit og:video:width/height for direct files, not embeds (review #2) - Add server-side http/https scheme validation on og_video save (review #3) - Consolidate duplicate com_mokoshop product blocks into one (review #4) - Fix stale com_virtuemart reference in SQL comment (review #5) - Use COM_MOKOOG_* language keys in tag.xml instead of plugin keys (review #6)	2026-06-23 10:46:58 -05:00
gitea-actions[bot]	908e1d3e1b	chore(version): pre-release bump to 01.03.03-dev [skip ci] Publish to Composer / Publish Package (release) Successful in 29s Details	2026-06-23 15:37:27 +00:00
gitea-actions[bot]	9539bb44c2	chore(version): auto-bump patch 01.03.02-dev [skip ci]	2026-06-23 15:37:17 +00:00
Jonathan Miller	5b29690d34	feat: add og:video support and Pinterest rich pin tags Universal: Auto Version Bump / Version Bump (push) Successful in 16s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 12s Details - Add og:video meta tags with per-article video URL field and auto MIME type detection for YouTube/Vimeo/direct files. Includes DB migration for og_video column. (closes #59) - Add Pinterest rich pin tags: article:tag from Joomla content tags on article pages, product:availability from MokoSuiteShop stock quantity on product pages. (closes #60)	2026-06-23 10:36:04 -05:00
Jonathan Miller	881bb0a2ae	feat: add fediverse:creator tag, character counters, LinkedIn preview - Add fediverse:creator meta tag for Mastodon/Fediverse author attribution — first extension on any CMS to support this (closes #57) - Add live character count indicators with green/yellow/red color coding on OG title, description, SEO title, and meta description fields in the article/menu editor (closes #58) - Add LinkedIn social preview card alongside existing Facebook and Twitter/X previews in the editor (closes #61)	2026-06-23 10:36:04 -05:00
Jonathan Miller	e9b34522d3	chore: remove Makefile Build automation handled by CI workflows. Closes #81	2026-06-23 10:36:03 -05:00
jmiller	9aeb588937	chore: sync auto-release.yml from Template-Generic [skip ci]	2026-06-22 00:35:27 +00:00
jmiller	9cdc7915a3	chore: sync repo-health.yml from Template-Generic [skip ci]	2026-06-21 22:55:46 +00:00
jmiller	72ffaded49	chore: sync pr-check.yml from Template-Generic [skip ci]	2026-06-21 22:55:45 +00:00
gitea-actions[bot]	7d1a939b6a	chore(version): pre-release bump to 01.03.01-dev [skip ci] Publish to Composer / Publish Package (release) Successful in 5s Details	2026-06-21 22:55:44 +00:00
jmiller	23f6fe12a0	chore: sync issue-branch.yml from Template-Generic [skip ci]	2026-06-21 22:55:44 +00:00
jmiller	4c1d630673	chore: sync auto-bump.yml from Template-Generic [skip ci]	2026-06-21 22:55:42 +00:00
gitea-actions[bot]	6a3f9c126e	chore(version): auto-bump patch 01.02.04-dev [skip ci]	2026-06-21 22:55:32 +00:00
Jonathan Miller	ddb378a042	chore: remove automation/ directory Universal: Auto Version Bump / Version Bump (push) Successful in 10s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Successful in 14s Details	2026-06-21 17:54:50 -05:00
gitea-actions[bot]	20b62b95d8	chore(version): pre-release bump to 01.02.03-dev [skip ci] Publish to Composer / Publish Package (release) Successful in 6s Details	2026-06-21 22:27:35 +00:00
gitea-actions[bot]	437a23cec2	chore(version): auto-bump patch 01.02.02-dev [skip ci]	2026-06-21 22:27:19 +00:00