diff --git a/CLAUDE.md b/CLAUDE.md index 0b7de64..1f8f4b5 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,7 +1,7 @@ # WooCommerce Tier and Package Prices - AI Context Document -**Last Updated:** 2026-01-25 -**Current Version:** 1.3.0 +**Last Updated:** 2026-01-27 +**Current Version:** 1.3.1 **Author:** Marco Graetsch **Project Status:** Production-ready WordPress plugin @@ -20,9 +20,9 @@ This project is proudly **"vibe-coded"** using Claude.AI - the entire codebase w **Note for AI Assistants:** Clean this section after the specific features are done or new releases are made. Effective changes are tracked in `CHANGELOG.md`. Do not add completed versions here - document them in the Session History section at the end of this file. Always keep the `Known Bugs` section and create a section with the next bugfix and minor version after a release. -### Version 1.3.1 +### Version 1.3.2 -- TBD +- No planned changes yet ## Technical Stack @@ -40,7 +40,7 @@ This project is proudly **"vibe-coded"** using Claude.AI - the entire codebase w ```json { "twig/twig": "^3.0", - "magdev/wc-licensed-product-client": "^0.1", + "magdev/wc-licensed-product-client": "dev-main", "symfony/http-client": "^7.0", "psr/log": "^3.0", "psr/cache": "^3.0", @@ -1176,6 +1176,46 @@ The plugin architecture is solid and well-tested. Most bugs arise from: - Package version was `^0.1` not `^1.0` - always check available versions before setting constraint - Release package size increased from ~430KB to ~737KB due to new Composer dependencies +### v1.3.1 Release Session (2026-01-27) + +**Accomplished:** + +1. Reviewed server-implementation.md from license client library +2. Upgraded from `LicenseClient` to `SecureLicenseClient`: + - Added "Server Secret" configuration field in License settings tab + - Updated `get_license_client()` to use `SecureLicenseClient` with HMAC-SHA256 signature verification + - Updated JavaScript to pass `server_secret` in AJAX requests + +3. Added comprehensive exception handling: + - `RateLimitExceededException` - Shows retry time to user + - `SignatureException` - Reports signature verification failures + - `InvalidArgumentException` - SSRF protection for private IP blocking + +4. Updated Composer dependencies: + - Changed `magdev/wc-licensed-product-client` from `^0.1` to `dev-main` + - Library includes new security features (SSRF protection, response signatures) + +5. Updated translations: + - Added 7 new translation strings for v1.3.1 + - All 7 language files updated and compiled + +6. Created release package: + - Package size: 745KB + - 642 files included + - SHA256 checksum generated + +7. Updated README.md: + - Documented license management feature + - Updated PHP requirement to 8.3 + - Added v1.3.0 and v1.3.1 changelog entries + +**Key Learnings:** + +- `SecureLicenseClient` requires `serverSecret` parameter for HMAC verification +- The library's exception classes are in `Magdev\WcLicensedProductClient\Exception\` and `Magdev\WcLicensedProductClient\Security\` namespaces +- `RateLimitExceededException` has a `retryAfter` property (int seconds) +- Always check library documentation in `docs/server-implementation.md` for implementation requirements + --- Always refer to this document when starting work on this project. Good luck!