GoScribe v0.5.19

Dokumentasi ringkas paket aktif GoScribe v0.5.19 dengan arsitektur database-first, tanpa JSON runtime. Fondasi inti, installer, auth, RBAC, settings DB, content engine, plugin engine, backup/updater, email center, queue/scheduler, security base, dan debug/site health sudah tersedia sebagai basis pengembangan berikutnya.

Masuk Admin · Buka Installer · Lihat ERD · Lihat SQL Schema v1

Step 10A/10B — Plugin Upload Engine & Quarantine

Plugin ZIP kini diupload ke area karantina terlebih dahulu, bukan langsung diekstrak ke folder aktif. Paket diperiksa untuk struktur minimum, path traversal, ukuran total hasil ekstrak, jumlah file, kedalaman folder, slug/header konsisten, dan bentrok publisher/signature.

Step 11 — Content Engine

Engine konten kini memakai gs_posts, gs_post_meta, dan gs_post_types. Admin sudah bisa membuat, mengedit, publish, private, trash, restore, memberi featured media relation, excerpt, revision dasar, dan custom fields tanpa file JSON runtime.

Prinsip Wajib

DB-first

No JSON runtime

Prefix gs_ / GS_

State sistem aktif berada di database.
Filesystem hanya untuk code, asset, upload fisik, config, dan migration PHP.
Role minimum: super_admin, admin, editor, author, contributor.
Tipe konten minimum: post dan page.

Yang Tersimpan di DB

users, roles, permissions, sessions, settings, posts, pages, categories, tags, comments, media metadata, menus, theme aktif, plugin state, scheduler jobs, logs, notifications, email templates, redirects, audit trail, migration history.

Yang Dilarang

plugin.json, theme.json, settings.json, menu.json, routes.json, cache.json, dan manifest.json untuk runtime.

Kalau file-file itu memegang state sistem aktif, berarti CMS masih menyimpan otak di laci, bukan di database.

Status Step

Step	Status	Ringkas
Step 0	Selesai	Kontrak sistem database-first dan no JSON runtime.
Step 1	Selesai	Schema database inti v1, ERD, index performa dasar.
Step 2	Selesai	PDO, CRUD helper, transaction, migrator, seeder.
Step 3	Selesai	Bootstrap core, app, router, loader, error handler.
Step 4	Selesai	Hook engine runtime + hook viewer.
Step 5	Selesai	Installer 5 langkah dari nol sampai CMS siap login.
Step 6	Selesai	Auth, session DB, CSRF, brute force, device history, TOTP.
Step 7	Selesai	RBAC: role, permission, page/menu guard, access control UI.
Step 8	Selesai	Admin shell clean, modern, responsive, dan shared layout.
Step 9	Selesai	Settings API full DB via `gs_options`.
Step 10	Selesai	Plugin engine tanpa JSON runtime.
Step 10A	Selesai	Upload plugin ZIP aman ke karantina, rename file internal, hash SHA-256, dan audit trail DB.
Step 10B	Selesai	Validasi paket plugin, ekstraksi non-public, path traversal guard, file scan, slug/header consistency, quarantine.
Step 11	Selesai	CRUD post/page, draft/publish/private/trash, slug, excerpt, featured media, revision dasar, custom fields.

Content Engine

Post type default: post dan page.
CRUD admin di admin/modules/posts/.
Revision dasar disimpan di gs_post_meta dengan prefix _revision_*.
Featured image relation memakai featured_media_id di gs_posts.
Custom fields memakai gs_post_meta.

Flow Instalasi

Welcome — verifikasi fondasi paket.
Setup DB — tulis config.php dan tes PDO.
Setup Admin — jalankan migrasi PHP, buat super admin, seed role/post type/theme/plugin.
Setup Site — simpan nama situs, slogan, timezone, locale ke gs_options.
Success — sistem siap dipakai.