Add comprehensive Pest tests for namespace-level entitlements including:
- canForNamespace() with user-owned and workspace-owned namespaces
- Entitlement cascade (namespace -> workspace -> user tier)
- provisionNamespacePackage() with replacement, expiry, metadata
- provisionNamespaceBoost() with stacking and unlimited overrides
- recordNamespaceUsage() with metadata and workspace context
- getNamespaceUsageSummary() with percentages and near-limit detection
- invalidateNamespaceCache() for limits and usage
- Multiple namespaces with separate usage tracking
- Boost stacking behaviour
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document provisionNamespacePackage with examples
- Document provisionNamespaceBoost with boost/duration types
- Document invalidateNamespaceCache with auto-invalidation triggers
- Add cross-references to workspace-level equivalents
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add declare(strict_types=1) to Workspace.php
- Add declare(strict_types=1) to User.php
- Add declare(strict_types=1) to EntitlementService.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
P1-010: Rate limiting (60 req/min) on EntitlementApiController
P1-011: API authentication documentation and middleware
P1-014: SSRF protection for webhook endpoints (PreventsSSRF trait)
P1-015: Workspace access validation in middleware (breaking change)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add encrypted cast to UserTwoFactorAuth secret and recovery_codes
- Hash invitation tokens on creation using Hash::make()
- Update token verification to use Hash::check()
- Add migration commands for existing data:
- security:encrypt-2fa-secrets
- security:hash-invitation-tokens
- Add tests for encryption and hashing
Fixes SEC-003, SEC-004 from security audit.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
