Document v1.3.1 session learnings in CLAUDE.md

- Update version to 1.3.1 and date to 2026-01-27
- Replace completed v1.3.1 roadmap with v1.3.2 placeholder
- Update license client dependency to dev-main
- Add v1.3.1 session history documenting SecureLicenseClient switch

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CLAUDE.md

@@ -1,7 +1,7 @@
 # WooCommerce Tier and Package Prices - AI Context Document
 
-**Last Updated:** 2026-01-25
-**Current Version:** 1.3.0
+**Last Updated:** 2026-01-27
+**Current Version:** 1.3.1
 **Author:** Marco Graetsch
 **Project Status:** Production-ready WordPress plugin
 
@@ -20,9 +20,9 @@ This project is proudly **"vibe-coded"** using Claude.AI - the entire codebase w
 
 **Note for AI Assistants:** Clean this section after the specific features are done or new releases are made. Effective changes are tracked in `CHANGELOG.md`. Do not add completed versions here - document them in the Session History section at the end of this file. Always keep the `Known Bugs` section and create a section with the next bugfix and minor version after a release.
 
-### Version 1.3.1
+### Version 1.3.2
 
-- TBD
+- No planned changes yet
 
 ## Technical Stack
 
@@ -40,7 +40,7 @@ This project is proudly **"vibe-coded"** using Claude.AI - the entire codebase w
 ```json
 {
   "twig/twig": "^3.0",
-  "magdev/wc-licensed-product-client": "^0.1",
+  "magdev/wc-licensed-product-client": "dev-main",
   "symfony/http-client": "^7.0",
   "psr/log": "^3.0",
   "psr/cache": "^3.0",
@@ -1176,6 +1176,46 @@ The plugin architecture is solid and well-tested. Most bugs arise from:
 - Package version was `^0.1` not `^1.0` - always check available versions before setting constraint
 - Release package size increased from ~430KB to ~737KB due to new Composer dependencies
 
+### v1.3.1 Release Session (2026-01-27)
+
+**Accomplished:**
+
+1. Reviewed server-implementation.md from license client library
+2. Upgraded from `LicenseClient` to `SecureLicenseClient`:
+   - Added "Server Secret" configuration field in License settings tab
+   - Updated `get_license_client()` to use `SecureLicenseClient` with HMAC-SHA256 signature verification
+   - Updated JavaScript to pass `server_secret` in AJAX requests
+
+3. Added comprehensive exception handling:
+   - `RateLimitExceededException` - Shows retry time to user
+   - `SignatureException` - Reports signature verification failures
+   - `InvalidArgumentException` - SSRF protection for private IP blocking
+
+4. Updated Composer dependencies:
+   - Changed `magdev/wc-licensed-product-client` from `^0.1` to `dev-main`
+   - Library includes new security features (SSRF protection, response signatures)
+
+5. Updated translations:
+   - Added 7 new translation strings for v1.3.1
+   - All 7 language files updated and compiled
+
+6. Created release package:
+   - Package size: 745KB
+   - 642 files included
+   - SHA256 checksum generated
+
+7. Updated README.md:
+   - Documented license management feature
+   - Updated PHP requirement to 8.3
+   - Added v1.3.0 and v1.3.1 changelog entries
+
+**Key Learnings:**
+
+- `SecureLicenseClient` requires `serverSecret` parameter for HMAC verification
+- The library's exception classes are in `Magdev\WcLicensedProductClient\Exception\` and `Magdev\WcLicensedProductClient\Security\` namespaces
+- `RateLimitExceededException` has a `retryAfter` property (int seconds)
+- Always check library documentation in `docs/server-implementation.md` for implementation requirements
+
 ---
 
 Always refer to this document when starting work on this project. Good luck!