P1-010: Rate limiting (60 req/min) on EntitlementApiController
P1-011: API authentication documentation and middleware
P1-014: SSRF protection for webhook endpoints (PreventsSSRF trait)
P1-015: Workspace access validation in middleware (breaking change)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add encrypted cast to UserTwoFactorAuth secret and recovery_codes
- Hash invitation tokens on creation using Hash::make()
- Update token verification to use Hash::check()
- Add migration commands for existing data:
- security:encrypt-2fa-secrets
- security:hash-invitation-tokens
- Add tests for encryption and hashing
Fixes SEC-003, SEC-004 from security audit.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix namespace from Core\Mod\Tenant to Core\Tenant, add workspace
isolation patterns, coding standards, and entitlement system overview.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Simplifies the namespace hierarchy by removing the intermediate Mod
segment. Updates all 118 files including models, services, controllers,
middleware, tests, and composer.json autoload configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add TeamManager Livewire component for managing workspace teams
- Add MemberManager Livewire component for managing workspace members
- Add admin routes for team and member management
- Add blade templates for team and member management UI
- Support team permissions, bulk operations, and custom member permissions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
