Switch header storage from blacklist to whitelist approach, add private
IP detection for auto-block bypass, and validate referer URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add per-user rate limiting to sensitive Livewire component methods to
prevent abuse from compromised admin sessions. Introduces a reusable
HasRateLimiting trait and applies it to PlatformUser, Settings, and
WaitlistManager components.
Rate limits:
- Tier changes, verification, entitlements: 10/min per admin
- Profile updates, preferences: 20/min per user
- Password changes: 5/min per user
- Data exports: 5/min per admin
- Deletions/anonymisation: 3/min per admin
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add tests for modal opening/closing, event handling, data passing,
validation, nested modals, and lifecycle management. Tests use
isolated test double components to verify modal behaviour patterns
used throughout core-admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tests cover:
- Provider registration (single and multiple)
- Provider availability filtering by user and workspace
- Search execution and result aggregation
- Result flattening for keyboard navigation
- Fuzzy matching (substring, case-insensitive, word-start, abbreviation)
- Relevance scoring hierarchy
- SearchResult creation, conversion, and immutability
- Integration tests with multiple providers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive Pest tests for form component authorization props
(canGate/canResource/canHide). Tests cover Button, Input, Select,
Checkbox, Toggle, and Textarea components.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
