Add license file and release version checks, require support channel on submission

- Add automated checks for license file (LICENSE/LICENSE.md/LICENSE.txt) and
  release version (GitHub releases/tags) in ReviewPluginRepository
- Block plugin approval in Filament admin until required checks pass
- Split customer-facing review checks into required and additional sections
- Remove automated support email extraction from README
- Make support channel required on plugin submission with email/URL validation
- Allow users to edit support channel from their plugin dashboard
- Update all related tests and notifications

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: simonhamp

app/Filament/Resources/PluginResource.php

@@ -91,6 +91,16 @@ public static function form(Schema $schema): Schema
                             ->label('Last Reviewed')
                             ->content(fn (?Plugin $record) => $record?->reviewed_at?->diffForHumans() ?? 'Never'),
 
+                        Forms\Components\Placeholder::make('review_license')
+                            ->label('License File (required)')
+                            ->content(fn (?Plugin $record) => ($record?->review_checks['has_license_file'] ?? false) ? '✅ Found' : '❌ Missing'),
+
+                        Forms\Components\Placeholder::make('review_release')
+                            ->label('Release Version (required)')
+                            ->content(fn (?Plugin $record) => ($record?->review_checks['has_release_version'] ?? false)
+                                ? '✅ '.($record->review_checks['release_version'] ?? '')
+                                : '❌ Missing'),
+
                         Forms\Components\Placeholder::make('review_ios')
                             ->label('iOS Support')
                             ->content(fn (?Plugin $record) => ($record?->review_checks['supports_ios'] ?? false) ? '✅ Found' : '❌ Missing'),
@@ -103,12 +113,6 @@ public static function form(Schema $schema): Schema
                             ->label('JS Support')
                             ->content(fn (?Plugin $record) => ($record?->review_checks['supports_js'] ?? false) ? '✅ Found' : '❌ Missing'),
 
-                        Forms\Components\Placeholder::make('review_email')
-                            ->label('Support Email')
-                            ->content(fn (?Plugin $record) => ($record?->review_checks['has_support_email'] ?? false)
-                                ? '✅ '.($record->review_checks['support_email'] ?? '')
-                                : '❌ Missing'),
-
                         Forms\Components\Placeholder::make('review_sdk')
                             ->label('Requires nativephp/mobile')
                             ->content(fn (?Plugin $record) => ($record?->review_checks['requires_mobile_sdk'] ?? false)
@@ -368,10 +372,11 @@ public static function table(Table $table): Table
                             }
 
                             $lines = collect([
+                                ['License file *', $checks['has_license_file']],
+                                ['Release version *', $checks['has_release_version'] ? $checks['release_version'] : false],
                                 ['iOS support', $checks['supports_ios']],
                                 ['Android support', $checks['supports_android']],
                                 ['JS support', $checks['supports_js']],
-                                ['Support email', $checks['has_support_email'] ? $checks['support_email'] : false],
                                 ['Requires nativephp/mobile', $checks['requires_mobile_sdk'] ? $checks['mobile_sdk_constraint'] : false],
                                 ['iOS min_version', $checks['has_ios_min_version'] ? $checks['ios_min_version'] : false],
                                 ['Android min_version', $checks['has_android_min_version'] ? $checks['android_min_version'] : false],
@@ -388,16 +393,17 @@ public static function table(Table $table): Table
                             })->implode('<br>');
 
                             $passed = collect($checks)->only([
+                                'has_license_file', 'has_release_version',
                                 'supports_ios', 'supports_android', 'supports_js',
-                                'has_support_email', 'requires_mobile_sdk',
+                                'requires_mobile_sdk',
                                 'has_ios_min_version', 'has_android_min_version',
                             ])->filter()->count();
 
                             Notification::make()
-                                ->title("Review checks complete ({$passed}/7 passed)")
+                                ->title("Review checks complete ({$passed}/8 passed)")
                                 ->body(new HtmlString($lines))
                                 ->duration(15000)
-                                ->color($passed === 7 ? 'success' : 'warning')
+                                ->color($passed === 8 ? 'success' : 'warning')
                                 ->send();
                         }),
                 ])

app/Filament/Resources/PluginResource/Pages/EditPlugin.php

@@ -29,10 +29,13 @@ protected function getHeaderActions(): array
                     ->icon('heroicon-o-check')
                     ->color('success')
                     ->visible(fn () => $this->record->isPending())
+                    ->disabled(fn () => ! $this->record->passesRequiredReviewChecks())
                     ->action(fn () => $this->record->approve(auth()->id()))
                     ->requiresConfirmation()
                     ->modalHeading('Approve Plugin')
-                    ->modalDescription(fn () => "Are you sure you want to approve '{$this->record->name}'?"),
+                    ->modalDescription(fn () => ! $this->record->passesRequiredReviewChecks()
+                        ? "Cannot approve '{$this->record->name}' — required checks are failing: ".implode(', ', $this->record->getFailingRequiredChecks())
+                        : "Are you sure you want to approve '{$this->record->name}'?"),
 
                 Actions\Action::make('reject')
                     ->icon('heroicon-o-x-mark')
@@ -193,10 +196,11 @@ protected function getHeaderActions(): array
                         }
 
                         $lines = collect([
+                            ['License file *', $checks['has_license_file']],
+                            ['Release version *', $checks['has_release_version'] ? $checks['release_version'] : false],
                             ['iOS support', $checks['supports_ios']],
                             ['Android support', $checks['supports_android']],
                             ['JS support', $checks['supports_js']],
-                            ['Support email', $checks['has_support_email'] ? $checks['support_email'] : false],
                             ['Requires nativephp/mobile', $checks['requires_mobile_sdk'] ? $checks['mobile_sdk_constraint'] : false],
                             ['iOS min_version', $checks['has_ios_min_version'] ? $checks['ios_min_version'] : false],
                             ['Android min_version', $checks['has_android_min_version'] ? $checks['android_min_version'] : false],
@@ -213,16 +217,17 @@ protected function getHeaderActions(): array
                         })->implode('<br>');
 
                         $passed = collect($checks)->only([
+                            'has_license_file', 'has_release_version',
                             'supports_ios', 'supports_android', 'supports_js',
-                            'has_support_email', 'requires_mobile_sdk',
+                            'requires_mobile_sdk',
                             'has_ios_min_version', 'has_android_min_version',
                         ])->filter()->count();
 
                         Notification::make()
-                            ->title("Review checks complete ({$passed}/7 passed)")
+                            ->title("Review checks complete ({$passed}/8 passed)")
                             ->body(new HtmlString($lines))
                             ->duration(15000)
-                            ->color($passed === 7 ? 'success' : 'warning')
+                            ->color($passed === 8 ? 'success' : 'warning')
                             ->send();
                     }),
 

app/Jobs/ReviewPluginRepository.php

@@ -48,16 +48,16 @@ public function handle(): array
         }
 
         $tree = $this->fetchRepoTree($owner, $repoName, $defaultBranch, $token);
-        $readme = $this->fetchReadme($owner, $repoName, $token);
         $composerJson = $this->fetchComposerJson($owner, $repoName, $token);
         $nativephpJson = $this->fetchNativephpJson($owner, $repoName, $token);
 
         $checks = [
+            'has_license_file' => $this->checkHasLicenseFile($tree),
+            'has_release_version' => false,
+            'release_version' => null,
             'supports_ios' => $this->checkDirectoryHasFiles($tree, 'resources/ios/'),
             'supports_android' => $this->checkDirectoryHasFiles($tree, 'resources/android/'),
             'supports_js' => $this->checkDirectoryHasFiles($tree, 'resources/js/'),
-            'has_support_email' => false,
-            'support_email' => null,
             'requires_mobile_sdk' => false,
             'mobile_sdk_constraint' => null,
             'has_ios_min_version' => false,
@@ -66,10 +66,10 @@ public function handle(): array
             'android_min_version' => null,
         ];
 
-        if ($readme) {
-            $email = $this->extractEmail($readme);
-            $checks['has_support_email'] = $email !== null;
-            $checks['support_email'] = $email;
+        $latestTag = $this->fetchLatestTag($owner, $repoName, $token);
+        if ($latestTag) {
+            $checks['has_release_version'] = true;
+            $checks['release_version'] = $latestTag;
         }
 
         if ($composerJson) {
@@ -151,30 +151,6 @@ protected function fetchRepoTree(string $owner, string $repo, string $branch, ?s
         return $response->json('tree', []);
     }
 
-    protected function fetchReadme(string $owner, string $repo, ?string $token): ?string
-    {
-        $request = Http::timeout(30);
-
-        if ($token) {
-            $request = $request->withToken($token);
-        }
-
-        $response = $request->get("https://api.github.com/repos/{$owner}/{$repo}/readme");
-
-        if ($response->failed()) {
-            return null;
-        }
-
-        $content = $response->json('content');
-        $encoding = $response->json('encoding');
-
-        if ($encoding === 'base64' && $content) {
-            return base64_decode($content);
-        }
-
-        return null;
-    }
-
     protected function fetchComposerJson(string $owner, string $repo, ?string $token): ?array
     {
         $request = Http::timeout(30);
@@ -241,20 +217,50 @@ protected function checkDirectoryHasFiles(array $tree, string $prefix): bool
         return false;
     }
 
-    protected function extractEmail(string $content): ?string
+    protected function checkHasLicenseFile(array $tree): bool
     {
-        $excludedDomains = ['example.com', 'example.org', 'example.net', 'test.com', 'localhost'];
+        $licenseNames = ['LICENSE', 'LICENSE.md', 'LICENSE.txt', 'license', 'license.md', 'license.txt'];
 
-        if (preg_match_all('/[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/', $content, $matches)) {
-            foreach ($matches[0] as $email) {
-                $domain = strtolower(substr($email, strpos($email, '@') + 1));
+        foreach ($tree as $item) {
+            $path = $item['path'] ?? '';
+            $type = $item['type'] ?? '';
 
-                if (! in_array($domain, $excludedDomains, true)) {
-                    return $email;
-                }
+            if ($type === 'blob' && in_array($path, $licenseNames, true)) {
+                return true;
             }
         }
 
+        return false;
+    }
+
+    protected function fetchLatestTag(string $owner, string $repo, ?string $token): ?string
+    {
+        $request = Http::timeout(10);
+
+        if ($token) {
+            $request = $request->withToken($token);
+        }
+
+        $response = $request->get("https://api.github.com/repos/{$owner}/{$repo}/releases/latest");
+
+        if ($response->successful()) {
+            return $response->json('tag_name');
+        }
+
+        $tagsResponse = Http::timeout(10);
+
+        if ($token) {
+            $tagsResponse = $tagsResponse->withToken($token);
+        }
+
+        $tagsResponse = $tagsResponse->get("https://api.github.com/repos/{$owner}/{$repo}/tags", [
+            'per_page' => 1,
+        ]);
+
+        if ($tagsResponse->successful() && count($tagsResponse->json()) > 0) {
+            return $tagsResponse->json()[0]['name'];
+        }
+
         return null;
     }
 }

app/Livewire/Customer/Plugins/Create.php

@@ -95,10 +95,20 @@ function ($attribute, $value, $fail): void {
             ],
             'pluginType' => ['required', 'string', 'in:free,paid'],
             'notes' => ['nullable', 'string', 'max:5000'],
-            'supportChannel' => ['nullable', 'string', 'max:255'],
+            'supportChannel' => [
+                'required',
+                'string',
+                'max:255',
+                function (string $attribute, mixed $value, \Closure $fail) {
+                    if (! filter_var($value, FILTER_VALIDATE_EMAIL) && ! filter_var($value, FILTER_VALIDATE_URL)) {
+                        $fail('The support channel must be a valid email address or URL.');
+                    }
+                },
+            ],
         ], [
             'repository.required' => 'Please select a repository for your plugin.',
             'repository.regex' => 'Please enter a valid repository in the format vendor/repo-name.',
+            'supportChannel.required' => 'Please provide a support channel (email or URL) for your plugin.',
         ]);
 
         if ($this->pluginType === 'paid' && ! Feature::active(AllowPaidPlugins::class)) {

app/Livewire/Customer/Plugins/Show.php

@@ -31,6 +31,8 @@ class Show extends Component
     #[Validate('nullable|image|max:1024')]
     public $logo = null;
 
+    public ?string $supportChannel = null;
+
     public function mount(string $vendor, string $package): void
     {
         $this->plugin = Plugin::findByVendorPackageOrFail($vendor, $package);
@@ -43,6 +45,7 @@ public function mount(string $vendor, string $package): void
         $this->iconName = $this->plugin->icon_name ?? 'cube';
         $this->iconGradient = $this->plugin->icon_gradient;
         $this->iconMode = $this->plugin->hasLogo() ? 'upload' : 'gradient';
+        $this->supportChannel = $this->plugin->support_channel;
     }
 
     public function updateDescription(): void
@@ -122,6 +125,32 @@ public function deleteIcon(): void
         session()->flash('success', 'Plugin icon removed successfully!');
     }
 
+    public function updateSupportChannel(): void
+    {
+        $this->validate([
+            'supportChannel' => [
+                'required',
+                'string',
+                'max:255',
+                function (string $attribute, mixed $value, \Closure $fail) {
+                    if (! filter_var($value, FILTER_VALIDATE_EMAIL) && ! filter_var($value, FILTER_VALIDATE_URL)) {
+                        $fail('The support channel must be a valid email address or URL.');
+                    }
+                },
+            ],
+        ], [
+            'supportChannel.required' => 'Please provide a support channel (email or URL) for your plugin.',
+        ]);
+
+        $this->plugin->update([
+            'support_channel' => $this->supportChannel,
+        ]);
+
+        $this->plugin->refresh();
+
+        session()->flash('success', 'Support channel updated successfully!');
+    }
+
     public function resubmit(): void
     {
         if (! $this->plugin->isRejected()) {

app/Models/Plugin.php

@@ -287,6 +287,42 @@ public function isSatisSynced(): bool
         return $this->satis_synced_at !== null;
     }
 
+    /**
+     * Check if all required review checks have passed.
+     * A plugin cannot be approved until these checks pass.
+     */
+    public function passesRequiredReviewChecks(): bool
+    {
+        $checks = $this->review_checks;
+
+        if (! $checks) {
+            return false;
+        }
+
+        return ! empty($checks['has_license_file']) && ! empty($checks['has_release_version']);
+    }
+
+    /**
+     * Get the list of failing required review checks.
+     *
+     * @return array<int, string>
+     */
+    public function getFailingRequiredChecks(): array
+    {
+        $checks = $this->review_checks;
+        $failing = [];
+
+        if (empty($checks['has_license_file'])) {
+            $failing[] = 'License file (LICENSE or LICENSE.md)';
+        }
+
+        if (empty($checks['has_release_version'])) {
+            $failing[] = 'Release version (GitHub release or tag)';
+        }
+
+        return $failing;
+    }
+
     /**
      * @param  Builder<Plugin>  $query
      * @return Builder<Plugin>

app/Notifications/PluginReviewChecksIncomplete.php

@@ -18,6 +18,18 @@ class PluginReviewChecksIncomplete extends Notification implements ShouldQueue
      * @var array<string, array{label: string, passing_label: string, docs_url: string, docs_label: string}>
      */
     private const CHECK_DEFINITIONS = [
+        'has_license_file' => [
+            'label' => 'LICENSE or LICENSE.md file in your repository (required for approval)',
+            'passing_label' => 'License file',
+            'docs_url' => self::DOCS_BASE.'/best-practices',
+            'docs_label' => 'Best Practices guide',
+        ],
+        'has_release_version' => [
+            'label' => 'Release version or tag on GitHub (required for approval)',
+            'passing_label' => 'Release version',
+            'docs_url' => self::DOCS_BASE.'/best-practices',
+            'docs_label' => 'Best Practices guide',
+        ],
         'supports_ios' => [
             'label' => 'iOS native code in `resources/ios/Sources/`',
             'passing_label' => 'iOS native code',
@@ -36,12 +48,6 @@ class PluginReviewChecksIncomplete extends Notification implements ShouldQueue
             'docs_url' => self::DOCS_BASE.'/creating-plugins',
             'docs_label' => 'Creating Plugins guide',
         ],
-        'has_support_email' => [
-            'label' => 'Support email in your README',
-            'passing_label' => 'Support email',
-            'docs_url' => self::DOCS_BASE.'/best-practices',
-            'docs_label' => 'Best Practices guide',
-        ],
         'requires_mobile_sdk' => [
             'label' => '`nativephp/mobile` required in `composer.json`',
             'passing_label' => 'Requires nativephp/mobile',

app/Notifications/PluginSubmitted.php

@@ -74,10 +74,11 @@ protected function getFailingChecks(): array
         }
 
         $labels = [
+            'has_license_file' => 'Add a LICENSE or LICENSE.md file to your repository (required)',
+            'has_release_version' => 'Create a release version or tag on GitHub (required)',
             'supports_ios' => 'Add iOS support (resources/ios/)',
             'supports_android' => 'Add Android support (resources/android/)',
             'supports_js' => 'Add JavaScript support (resources/js/)',
-            'has_support_email' => 'Add a support email to your README',
             'requires_mobile_sdk' => 'Require the nativephp/mobile SDK in composer.json',
             'has_ios_min_version' => 'Set iOS min_version in nativephp.json',
             'has_android_min_version' => 'Set Android min_version in nativephp.json',