i18n - add Filipino (Tagalog) translation

[cleverguns]

Added Filipino (tl) locale support with full translation of all UI strings. Includes lang_config.py entry using the existing ph.svg flag and provenance entry in locales/README.md.

[coderabbitai]

src/ui

User-visible behaviour: Adds Filipino (Tagalog) language support to the UI dashboard. Users can now select "Filipino (tl)" from the language selection menu.

Configuration/schema changes: Updated lang_config.py to register the new "tl" locale in SUPPORTED_LANGUAGES, mapping it to the existing ph.svg flag asset and setting the English name to "Filipino".

Localisation: Added complete tl.json translation file with 1729 new lines covering all UI strings across general UI copy, navigation, country names, dashboard widgets, form labels, validation messages, tooltips, and notifications. Template placeholders (e.g. {{version}}, {{count}}) are preserved.

Documentation: Updated locales/README.md to document the new locale file's provenance (manually created and reviewed by @Cleverguns).

Security impact: None.

Testing: No automated test coverage documented or apparent.

Walkthrough

This PR adds Tagalog/Filipino as a supported UI language. The change registers Tagalog in the application's language configuration (line 19 of lang_config.py), introduces a complete translation file containing 1729 lines of localised UI strings across all functional areas, and documents the locale file's provenance in the README.

Changes

Tagalog Language Support

Layer / File(s)	Summary
Language registration src/ui/app/lang_config.py	Adds Tagalog entry to SUPPORTED_LANGUAGES with code "tl", display name, Philippine flag reference (ph.svg), and English name.
Tagalog locale file src/ui/app/static/locales/tl.json	Introduces complete translation file (1729 lines) covering general messaging (about, alerts, badges, buttons), navigation and breadcrumbs, country codes, dashboard and datatable UI, form labels and validation, setup wizard messaging, profile/session/PRO copy, template editor strings, themes, tooltips, toast notifications, and TOTP/validation prompts. All template placeholders ({{version}}, {{count}}, etc.) are preserved.
Locale provenance src/ui/app/static/locales/README.md	Documents the new tl.json file in the provenance table, indicating manual creation and review status.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Poem

🏝️ Tagalog joins the language fold,
Philippine colours, stories untold,
Config, translations, all in place—
One thousand lines of friendly grace,
tl.json blooms, bright and bold!

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: adding Filipino (Tagalog) translation support to the application's internationalisation system.
Description check	✅ Passed	The description is directly related to the changeset, detailing the addition of Filipino locale support, lang_config.py entry, and provenance documentation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/ui/app/static/locales/README.md`:
- Line 23: The table row for the new locale "tl.json" is out of alphabetical
order; move the entire row containing "tl.json | Manual (`@Cleverguns`) | Manual
(`@Cleverguns`)" so it appears after the "ru.json" row and before the "tr.json"
row to restore alphabetical ordering by locale code.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2f40ccec-9979-430c-815b-34d864a1e926

📥 Commits

Reviewing files that changed from the base of the PR and between 515efe9 and 748c401.

📒 Files selected for processing (3)

• src/ui/app/lang_config.py
• src/ui/app/static/locales/README.md
• src/ui/app/static/locales/tl.json

📜 Review details

🧰 Additional context used

📓 Path-based instructions (6)

src/ui/app/static/locales/**

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

UI translations must be placed in src/ui/app/static/locales/ directory

UI translations must be placed in src/ui/app/static/locales/

Files:

• src/ui/app/static/locales/README.md
• src/ui/app/static/locales/tl.json

src/ui/app/

📄 CodeRabbit inference engine (CLAUDE.md)

Web UI dependency injection must be centralized in src/ui/app/dependencies.py providing DB, DATA, BW_CONFIG, BW_INSTANCES_UTILS

Files:

• src/ui/app/static/locales/README.md
• src/ui/app/lang_config.py
• src/ui/app/static/locales/tl.json

**/*.md

⚙️ CodeRabbit configuration file

**/*.md: Documentation should be concise, accurate, and written in British English:

• Keep the structure clear with a sensible heading hierarchy.
• Prefer concrete instructions, accurate examples, and explicit prerequisites.
• Check that commands, paths, and references still match the codebase and supported deployment modes.
• When a PR changes behaviour, defaults, packaging, or security posture, ask for the corresponding documentation update.

Files:

• src/ui/app/static/locales/README.md

**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.py: Python code must follow snake_case naming for modules and functions, PascalCase for classes, and be formatted with Black at 160 characters per line
Python linting with flake8 must ignore error codes: E266, E402, E501, E722, W503

**/*.py: Python code must use Black for formatting with 160 character line lengths
Python code must conform to Flake8 linting with ignores defined in .pre-commit-config.yaml
Python modules and functions must use snake_case naming convention
Python classes must use PascalCase naming convention

Files:

• src/ui/app/lang_config.py

---

⚙️ CodeRabbit configuration file

**/*.py: Follow BunkerWeb's Python standards and security posture:

• Use snake_case for functions and variables, PascalCase for classes, and provide concise, accurate docstrings for public classes, functions, and methods.
• Respect Black formatting with a 160-character line limit and the existing pre-commit conventions. Do not insist on adding type annotations to previously untyped code, but accept them when added consistently.
• Catch specific exceptions; never use bare except:. Catching Exception is acceptable only at explicit process boundaries (for example scheduler loops, outer job runners, worker entrypoints, or graceful-shutdown boundaries) when the code logs enough context and either re-raises, returns an error status, or terminates safely.
• Never use os.system, subprocess.*(..., shell=True), eval, or exec. Pass subprocess arguments as a list and prefer explicit binary paths for privileged operations.
• Do not use unsafe deserialisers (pickle, marshal, shelve, jsonpickle, dill) for untrusted data. Use yaml.safe_load() rather than unsafe YAML loading.
• Open files with an explicit encoding (normally utf-8) and use with statements for files, sockets, database sessions, and temporary resources.
• Use secrets for token generation and hmac.compare_digest for token, HMAC, or signature comparisons.
• For HTTP clients (requests, httpx): always set an explicit timeout, validate destination URLs to block RFC1918/loopback/link-local ranges (SSRF), disable automatic redirects to internal hosts, and be careful with proxy settings.
• For filesystem operations: resolve paths with Path.resolve() and verify they remain under the intended base directory before reading or writing (path traversal).
• Use defusedxml rather than stdlib XML parsers for untrusted XML.
• For SQLAlchemy, use bound parameters and safe query construction. Never call text() with f-strings or .format(), and flag .execute() calls built...

Files:

• src/ui/app/lang_config.py

src/ui/**/*.py

⚙️ CodeRabbit configuration file

src/ui/**/*.py: src/ui/ is the admin UI and related backend:

• State-changing routes must enforce CSRF protection where browser sessions are used.
• Session, remember-me, and auth-cookie changes must preserve Secure, HttpOnly, and appropriate SameSite behaviour.
• Redirect targets such as next parameters must be validated against an allowlist or local-path policy.
• For templates and forms, escape user-controlled data, validate uploads by type and size, and keep files outside the web root unless there is a deliberate reviewed exception.
• BunkerWeb uses bcrypt; flag any move towards weak password hashing or plaintext credential handling.

Files:

• src/ui/app/lang_config.py

src/ui/**/*.{js,jsx,ts,tsx,css,scss,html,json}

📄 CodeRabbit inference engine (AGENTS.md)

Front-end assets must follow Prettier default formatting

Files:

• src/ui/app/static/locales/tl.json

🪛 Checkov (3.2.529)

src/ui/app/static/locales/tl.json

[medium] 1567-1568: Basic Auth Credentials

(CKV_SECRET_4)

🔇 Additional comments (2)

src/ui/app/lang_config.py (1)

19-19: LGTM!

src/ui/app/static/locales/tl.json (1)

1-1729: LGTM!

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Table row should be positioned alphabetically by locale code.

The new tl.json entry appears after ur.json, but alphabetically it should appear after ru.json (line 19) and before tr.json (line 20). Maintaining alphabetical order makes the table easier to scan and keep organised.

📋 Proposed fix to maintain alphabetical order

Move line 23 to appear after line 19:

 | pt.json | AI (Google:Gemini-2.5-pro)    | AI (Google:Gemini-3-pro) |
 | ru.json | AI (Google:Gemini-2.5-pro)    | AI (Google:Gemini-3-pro) |
+| tl.json | Manual (`@Cleverguns`)          | Manual (`@Cleverguns`)     |
 | tr.json | Manual (`@wiseweb-works`)       | Manual (`@wiseweb-works`)  |
 | tw.json | AI (Google:Gemini-2.5-pro)    | AI (Google:Gemini-3-pro) |
 | ur.json | AI (Google:Gemini-2.5-pro)    | AI (Google:Gemini-3-pro) |
-| tl.json | Manual (`@Cleverguns`)          | Manual (`@Cleverguns`)     |
 | zh.json | AI (Google:Gemini-2.5-pro)    | AI (Google:Gemini-3-pro) |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| tl.json | Manual (@Cleverguns) | Manual (@Cleverguns) |
	| pt.json | AI (Google:Gemini-2.5-pro) | AI (Google:Gemini-3-pro) |
	| ru.json | AI (Google:Gemini-2.5-pro) | AI (Google:Gemini-3-pro) |
	| tl.json | Manual (`@Cleverguns`) | Manual (`@Cleverguns`) |
	| tr.json | Manual (`@wiseweb-works`) | Manual (`@wiseweb-works`) |
	| tw.json | AI (Google:Gemini-2.5-pro) | AI (Google:Gemini-3-pro) |
	| ur.json | AI (Google:Gemini-2.5-pro) | AI (Google:Gemini-3-pro) |
	| zh.json | AI (Google:Gemini-2.5-pro) | AI (Google:Gemini-3-pro) |

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/ui/app/static/locales/README.md` at line 23, The table row for the new
locale "tl.json" is out of alphabetical order; move the entire row containing
"tl.json | Manual (`@Cleverguns`) | Manual (`@Cleverguns`)" so it appears after the
"ru.json" row and before the "tr.json" row to restore alphabetical ordering by
locale code.

[cleverguns]

just contributing to this repo - my company will use this in our onpremise server