Merge tag '1.7.50' into develop

Release v1.7.50

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEwbiolRD/eEYBHGp5nyzziuvbCuAFAmj1apcACgkQnyzziuvb
# CuAfWA/8D21MkMWNjirnjc/osndB/SiEkSD2tB1TAIv3099vcGb4n1+OQ4hV0Cr+
# zixeH/bBZJwi1s1nrb6MKnDJMuzOpBOxgfFPWjU3FhG6pBhx7i1YXCH4CvANVFnP
# HNY9mI9PV8ZZ1ymjZF4I3dhOJqKzY9cY1F8RwUTS/iM03cMgrE8V66uMJIYF2Ti7
# d9QcH9ICCOv5en/u26vWRUDkRA+OseSOrc0FMbzMb9x0yqbTDFq4zjOoa6urAwj4
# kMXf8fBdE2N47DkyBr5aEPJqh7fd0xqCfBPQneHciZcBfGGKG4j4PT7IiFq7X6yA
# 4fCJ5+VuSUYP2aSUBugngwTledzh0JfMa0pRP6q6S97HAJwqYJ1eNm3NCI5xplpK
# n4ck/z//06qrYTvxx/ZTLQGGVRvP7OH/Zs1JfYbLb5TNGCTYL18v/t2xeThoGZBo
# vYsv6wXXSlELV5XVCzIsUwsilRgIwa+b2RvEcyEL6JG5QRRvDo4GcBBTHdZ6NVLH
# qkWId9bSlNBYMHuz0AR+LCTrr4KvMwLobLORu2yBP+qtiQ9x3sxapmCJ1iCQE0SZ
# Bxbdd8PPiQ/pANT6snLqM/IXTJcZn4dCGp0yaFkOeNkXOFJAFUGwW9AYQJU3fEHq
# nDu57yI9c0g4GCmnzmcZ2bLvG69C073ciRZIl+f5lGGn2Xp31pM=
# =Va0w
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun Oct 19 16:47:51 2025 MDT
# gpg:                using RSA key C1B8A89510FF7846011C6A799F2CF38AEBDB0AE0
# gpg: Good signature from "Andy Miller <rhuk@mac.com>" [ultimate]

system/UPGRADE_PROTOTYPE.md

@@ -1,48 +0,0 @@
-# Grav Safe Self-Upgrade Prototype
-
-This document tracks the design decisions behind the new self-upgrade prototype for Grav 1.8.
-
-## Goals
-
-- Prevent in-place mutation of the running Grav tree.
-- Guarantee a restorable snapshot before any destructive change.
-- Detect high-risk plugin incompatibilities (eg. `psr/log`) prior to upgrading.
-- Provide a recovery surface that does not depend on a working Admin plugin.
-
-## High-Level Flow
-
-1. **Preflight**
-   - Ensure PHP & extensions satisfy the target release requirements.
-   - Refresh GPM metadata and require all plugins/themes to be on their latest compatible release.
-   - Scan plugin `composer.json` files for dependencies that are known to break under Grav 1.8 (eg. `psr/log` < 3) and surface actionable warnings.
-2. **Stage**
-  - Download the Grav update archive into a staging area (`tmp://grav-snapshots/{timestamp}`).
-   - Extract the package, then write a manifest describing the target version, PHP info, and enabled packages.
-   - Snapshot the live `user/` directory and relevant metadata into the same stage folder.
-3. **Promote**
-   - Copy the staged package into place, overwriting Grav core files while leaving hydrated user content intact.
-   - Clear caches in the staged tree before promotion.
-   - Run Grav CLI smoke checks (`bin/grav check`) while still holding maintenance state; restore from the snapshot automatically on failure.
-4. **Finalize**
-   - Record the manifest under `user/data/upgrades`.
-   - Resume normal traffic by removing the maintenance flag.
-   - Leave the previous tree and manifest available for manual rollback commands.
-
-## Recovery Mode
-
-- Introduce a `system/recovery.flag` sentinel written whenever a fatal error occurs during bootstrap or when a promoted release fails validation.
-- While the flag is present, Grav forces a minimal Recovery UI served outside of Admin, protected by a short-lived signed token.
-- The Recovery UI lists recent manifests, quarantined plugins, and offers rollback/disabling actions.
-- Clearing the flag requires either a successful rollback or a full Grav request cycle without fatal errors.
-
-## CLI Additions
-
-- `bin/gpm preflight grav@<version>`: runs the same preflight checks without executing the upgrade.
-- `bin/gpm rollback [<manifest-id>]`: swaps the live tree with a stored rollback snapshot.
-- Existing `self-upgrade` command now wraps the stage/promote pipeline and respects the snapshot manifest.
-
-## Open Items
-
-- Finalize compatibility heuristics (initial pass focuses on `psr/log` and removed logging APIs).
-- UX polish for the Recovery UI (initial prototype will expose basic actions only).
-- Decide retention policy for old manifests and snapshots (prototype keeps the most recent three).