- Documented bug fix for API Verification Secret not visible in Docker
- Added ResponseSigner::getServerSecret() method documentation
- Removed known bug from roadmap (now fixed)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document CI/CD workflow fix for handling existing releases
- Add lessons learned about Gitea releases and tag updates
- Note about not creating zip archives locally (RAM issue)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the successful automated release workflow including:
- Correct version constraint (*) and symlink handling
- Direct Gitea API calls instead of gitea-release-action
- Correct secret name (SRC_GITEA_TOKEN)
- Workflow completion time (57 seconds)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Convert wc-licensed-product-client from Composer VCS to git submodule
- Add Gitea Actions workflow for automated releases on version tags
- Update composer.json to use path repository for submodule
- Workflow includes: submodule checkout, PHP setup, translation compilation,
version verification, package creation, checksum generation, release upload
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created wc-licensed-product-0.7.1.zip (886 KB)
- SHA256: 6ffd0bdf47395436bbc28a029eff4c6d065f2b5b64c687b96ae36a74c3ee34ef
- Updated CLAUDE.md with release info
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
## Fixed
- CRITICAL: Fixed API Verification Secret not displayed in PHP fallback template
- Response signing now includes /update-check endpoint
## Changed
- Updated magdev/wc-licensed-product-client to v0.2.2
- Updated symfony/http-client to v7.4.5
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix admin license test popup showing empty product field
- Display product name in bold in test license modal
- Split auto-update settings into notification and auto-install options
- Add filter functionality to customer account licenses page
- Update translations (402 strings)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document WordPress auto-update system implementation
- Add /update-check endpoint to REST API table
- Add Update/ directory to project structure
- Add Email/ directory to project structure
- Update temporary roadmap to v0.7.0
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CRITICAL: Key derivation now uses native hash_hkdf() for RFC 5869
compliance. Previous custom implementation was incompatible with
the magdev/wc-licensed-product-client library.
Changes:
- ResponseSigner::deriveCustomerSecret() now uses hash_hkdf()
- Added missing domain validation to /activate endpoint
- Customer secrets will change after upgrade (breaking change)
The signature algorithm now matches the client's ResponseSignature::deriveKey():
- IKM: server_secret
- Length: 32 bytes
- Info: license_key
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixed HTTP status codes for API responses:
- /validate now returns 404 for license_not_found (was 403)
- Added status code mapping: 404 not found, 500 server errors, 403 others
Added configurable rate limiting:
- WC_LICENSE_RATE_LIMIT constant for requests per window
- WC_LICENSE_RATE_WINDOW constant for window duration in seconds
Fixed license_key validation:
- Now enforces minimum 8 characters across all endpoints
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Customers can now purchase licenses with different durations (monthly,
yearly, lifetime) through WooCommerce product variations. Each variation
can have its own license validity settings.
New features:
- LicensedVariableProduct class for variable licensed products
- LicensedProductVariation class for individual variations
- Per-variation license duration and max activations settings
- Duration labels in checkout (Monthly, Quarterly, Yearly, etc.)
- Full support for WooCommerce Blocks checkout with variations
- Updated translations for German (de_CH)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add isSelfLicensing() method to detect when license server URL points to same installation
- Bypass license validation when self-licensing detected (prevents circular dependency)
- Add normalizeDomain() helper for domain comparison
- Update translations
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add admin dashboard widget with license statistics
- Add daily wp-cron to auto-expire licenses past expiration date
- Add LicenseExpiredEmail notification for expired licenses
- Add getExpiredActiveLicenses() and autoExpireLicense() to LicenseManager
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Downloads now displayed in two-row format per entry
- First row: file download link
- Second row: metadata (version, date, checksum)
- Better visual separation and readability
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Display current version under product title for licensed products
- Add frontend CSS styling for version badge
- Update translations for new "Version:" string
- Bump version to 0.3.4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated OpenAPI version from 0.0.7 to 0.3.2
- Added documentation for response signing headers (X-License-Signature, X-License-Timestamp)
- Enhanced API description with security information about signature verification
- Added header component definitions to OpenAPI spec
- All endpoint 200 responses now reference optional signature headers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added release package details for v0.3.1
- SHA256: 55468275522590cd68924bdf97cfcba8aa9e6ba11e2111d0234e16a1936b8adf
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Removed completed v0.3.0 and v0.3.1 items from roadmap
- Added session history for v0.3.0 (Self-Licensing)
- Added session history for v0.3.1 (Settings UI Improvements)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove known bug (checksum field issue was fixed)
- Remove completed v0.2.1 tasks from roadmap
- Add v0.2.1 version link to CHANGELOG
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add REST API response signing using HMAC-SHA256
- Add SHA256 hash validation for version file uploads
- Add ResponseSigner class for automatic API response signing
- Add file_hash column to database schema
- Remove external URL support from version uploads
- Update translations with all fuzzy strings resolved
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Conducted comprehensive security and best practices review
- Fixed VersionManager null format handling for attachment updates
- Improved input sanitization in AdminController for page context checks
- Updated README.md with complete feature documentation
- Updated CHANGELOG.md with 0.1.0 release notes
- Updated translations (.pot, .po, .mo files) to version 0.1.0
- Bumped version to 0.1.0 in plugin header and constant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Corrected session history to reflect actual v0.0.11 release:
- Created date column added to license overview
- Removed references to AnalyticsController (was deleted due to issues)
- Added release package details and SHA256 checksum
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Keep existing Reports > Licenses dashboard which works correctly.
Version 0.0.11 now only includes the Created column in license overview.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Created date column to admin license overview
- Add License Statistics page under WooCommerce menu
- Add REST API endpoints for analytics data with time-series support
- WooCommerce Analytics integration via submenu page
New files:
- src/Admin/AnalyticsController.php
- templates/admin/statistics.html.twig
REST API endpoints:
- GET /wc-licensed-product/v1/analytics/stats
- GET /wc-licensed-product/v1/analytics/products
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document inline editing features for licenses
- Document live search and copy license key functionality
- Document AJAX handlers and new LicenseManager methods
- Record release v0.0.10 details with checksums
- Note known bug about version uploads
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Register licenses query var with WooCommerce via woocommerce_get_query_vars
- Register endpoint in Installer before flushing rewrite rules
- Existing installations need to re-save permalinks
The endpoint was not being recognized because WooCommerce's My Account
requires both add_rewrite_endpoint() and query var registration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add license meta box on WooCommerce order edit pages
- Add editable order domain field with AJAX inline editing
- Add editable license domains directly from order page
- Add licenses table showing all licenses for an order
- Support both classic orders and HPOS
New files:
- src/Admin/OrderLicenseController.php
- assets/js/order-licenses.js
New method: LicenseManager::getLicensesByOrder()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
