Adds Pest test suites for the four critical admin modals using test double
components, following the existing LivewireModalTest.php pattern. Covers
tab navigation, form validation, CRUD flows, filter combinations, and
state management. Fixes#7.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Aligns composer package name with forge repo path
(forge.lthn.ai/core/php-admin). Part of host-uk/* → core/* migration.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace github.server_url/GITHUB_REF_NAME with explicit forge URL
and GITEA_REF_NAME/GITEA_OUTPUT.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On tag push (v*), zips the package and publishes to the
forge.lthn.ai Composer package registry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace setup-php action with pre-built container.
Eliminates ~50s setup overhead per matrix job.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Direct git clone of ../php-framework avoids shell escaping
issues with dynamic PHP-based path extraction.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch php -r argument to single quotes so PHP dollar signs
are not interpreted by bash. Pipe output to while-read loop.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The PHP variables inside php -r need \$ escaping, but shell
variables outside need bare $ for command substitution and
variable expansion.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Forgejo act runner caches reusable workflow definitions,
preventing updates from being picked up. Inline the workflow
with dependency checkout step.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add mutators to Service and HoneypotHit models that enforce size and
structure limits on JSON fields (metadata, headers). Service.setMeta()
now validates key format. TeapotController pre-filters header count
before passing to the model.
Fixes#14
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch header storage from blacklist to whitelist approach, add private
IP detection for auto-block bypass, and validate referer URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add per-user rate limiting to sensitive Livewire component methods to
prevent abuse from compromised admin sessions. Introduces a reusable
HasRateLimiting trait and applies it to PlatformUser, Settings, and
WaitlistManager components.
Rate limits:
- Tier changes, verification, entitlements: 10/min per admin
- Profile updates, preferences: 20/min per user
- Password changes: 5/min per user
- Data exports: 5/min per admin
- Deletions/anonymisation: 3/min per admin
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive assessment of core-admin package covering:
- Environment and dependency analysis
- Test baseline documentation (6 test files, 280+ tests)
- Architecture review (event-driven providers, 30 Livewire modals)
- Code quality status (strict typing, UK English conventions)
- Outstanding work prioritisation from TODO.md
Key findings:
- Package is healthy with excellent test coverage
- Cannot run standalone (requires parent Laravel app)
- Recent major testing push completed January 2026
- Recommended: Add PHPStan configuration for type safety
Co-Authored-By: Clotho <clotho@lthn.ai>
Add tests for modal opening/closing, event handling, data passing,
validation, nested modals, and lifecycle management. Tests use
isolated test double components to verify modal behaviour patterns
used throughout core-admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tests cover:
- Provider registration (single and multiple)
- Provider availability filtering by user and workspace
- Search execution and result aggregation
- Result flattening for keyboard navigation
- Fuzzy matching (substring, case-insensitive, word-start, abbreviation)
- Relevance scoring hierarchy
- SearchResult creation, conversion, and immutability
- Integration tests with multiple providers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive Pest tests for form component authorization props
(canGate/canResource/canHide). Tests cover Button, Input, Select,
Checkbox, Toggle, and Textarea components.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace generic framework template with package-specific guidance:
- Document the three Boot.php architecture pattern
- Add Form Components and Search System sections
- Update commands to match actual package scripts
- Simplify directory structure to focus on src/
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Core\Mod\Tenant -> Core\Tenant
Part of namespace restructure to align with L1/L2 module conventions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Introduce Core\Service\Admin\Boot as the service definition for the
Hub admin panel. Update changelog to document TASK-005 Hades admin
navigation audit including new menu structure and AdminMenuProvider
interface.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
