Reads PRODUCT_VERSION from init.php and plugin versions from config.php,
then updates uptelligence_vendors to reflect what is actually deployed.
Supports --dry-run and --path options. 7 tests, 16 assertions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Idempotent seeder using updateOrCreate for 4 licensed products
(66analytics, 66biolinks, 66pusher, 66socialproof) and 13 plugins.
All entries use placeholder version 0.0.0 pending sync from Task 4.
Also fixes Pest.php to use Tests\TestCase (loads Boot provider) so
database-dependent tests can run migrations via RefreshDatabase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add automated version checking for AltumCode products and plugins:
- isAltumPlatform() routes altum vendors before OSS checks
- checkAltumProduct() fetches latest_release_version from product info.php
- checkAltumPlugin() looks up plugin versions from dev.altumcode.com
- In-memory cache avoids redundant HTTP calls for multiple plugins
14 Pest tests covering all paths (43 assertions).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Aligns composer package name with forge repo path
(forge.lthn.ai/core/php-uptelligence). Part of host-uk/* → core/* migration.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace github.server_url/GITHUB_REF_NAME with explicit forge URL
and GITEA_REF_NAME/GITEA_OUTPUT.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On tag push (v*), zips the package and publishes to the
forge.lthn.ai Composer package registry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace setup-php action with pre-built container.
Eliminates ~50s setup overhead per matrix job.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Direct git clone of ../php-framework avoids shell escaping
issues with dynamic PHP-based path extraction.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch php -r argument to single quotes so PHP dollar signs
are not interpreted by bash. Pipe output to while-read loop.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The PHP variables inside php -r need \$ escaping, but shell
variables outside need bare $ for command substitution and
variable expansion.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Forgejo act runner caches reusable workflow definitions,
preventing updates from being picked up. Inline the workflow
with dependency checkout step.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The reusable php-test.yml now detects pest/phpunit/pint availability
and clones path dependencies using the runner token.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add phpunit.xml and tests/Pest.php for standalone test execution.
Apply Laravel Pint formatting fixes across all source files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add package name validation with strict regex patterns
- Convert all Process::run() calls to array syntax
- Support Composer and NPM package name formats
- Add comprehensive shell injection tests (20 attack patterns)
- Update security docs and changelog
Fixes P2 shell injection vulnerability from security audit.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace generic Core PHP Framework boilerplate with package-specific
documentation covering the vendor tracking module's architecture,
services, and commands.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Aligns module namespace with Core PHP Framework conventions where
modules live under the Core\Mod\ namespace hierarchy. This follows
the monorepo separation work started in 40d893a.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
