Comprehensive machine-readable API documentation covering all REST
endpoints exposed by the php-tenant package:
- Workspace API (CRUD, switching, session and API key auth)
- Entitlement Provisioning API (Blesta: create, suspend, unsuspend, cancel, renew)
- Cross-App Entitlement API (check, usage recording, summary)
- Entitlement Webhooks API (CRUD, test, secret rotation, circuit breaker, deliveries)
Includes full request/response schemas, authentication details, error
responses, and pagination structures.
Fixes#33
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add encrypted cast to UserTwoFactorAuth secret and recovery_codes
- Hash invitation tokens on creation using Hash::make()
- Update token verification to use Hash::check()
- Add migration commands for existing data:
- security:encrypt-2fa-secrets
- security:hash-invitation-tokens
- Add tests for encryption and hashing
Fixes SEC-003, SEC-004 from security audit.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
