v0.5.0

Security Hardening

• RLS tenant isolation fix — replaced broken setTenantContext() with transactional tenantQuery() wrapper. Neon HTTP driver executes each query as a separate HTTP request, so set_config() must be in the same Drizzle transaction as the data queries.
• Auth graduation account takeover fix — graduateFromOAuth now checks provider linkage before merging accounts, preventing email-based account takeover.
• verifyBetterAuthSession implementation — replaced stub with working session verification.
• CORS hardening — omit CORS headers entirely for disallowed origins; localhost only allowed when ENVIRONMENT === "development".
• Security headers — added Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, and Content-Security-Policy to all responses.
• Rate limiting — KV-based rate limiting on /api/auth/ endpoints (20 req/min per IP).
• CSRF protection — Origin-check middleware for custom API routes.
• Session fixation prevention — onSessionCreated callback in graduation bridge for post-creation session regeneration.

Schema & Data Model

• Schema split — separated platformSchema (tenant infrastructure: tenants, domain_mappings, tenant_relationships) from appSchema (application tables). Platform tables live in the platform schema, app tables in {{SCHEMA_NAME}}.
• Domain verification — changed verified: boolean to verifiedAt: timestamp on domain_mappings for audit trail.
• Runtime validation — rowToTenantContext now validates tier, status, and isolation_mode values at runtime with descriptive errors.
• Slug format validation — DNS-safe slug regex check before database lookup.

Quality Improvements

• Named constants — session durations extracted to shared/contracts/constants.ts (SESSION_TTL_SECONDS, SESSION_REFRESH_SECONDS, PREVIEW_SESSION_TTL_SECONDS), replacing inline magic numbers across auth, graduation, and middleware files.
• PostHog SSR guard — posthog.ts now returns early when typeof window === "undefined", preventing server-side crashes.
• Dark mode alignment — scaffold CSS uses [data-theme="dark"] selector matching the contracts' default 'class' strategy.
• Request ID — X-Request-ID header on every response via crypto.randomUUID() for log correlation.
• --token- prefix removed — eliminated phantom two-layer CSS variable convention from 4 docs. Scaffold correctly uses single-layer --color-* vars with Tailwind v4.
• Drizzle config — added "platform" to schemaFilter array.
• tsconfig cleanup — removed dead declaration and declarationMap options (no-ops under noEmit).
• Documentation fixes — corrected stale TypeScript/Tailwind versions in architecture docs, fixed isolation-modes.md argument count, added missing scaffold placeholder docs, added shared/contracts/ to CLAUDE.md repo structure.

Changed

• Plugin metadata bumped to v0.5.0 in plugin.json and marketplace.json.
• Scrubbed sync from hn-platform4sync — all scaffold, skill, shared, and doc changes propagated to public marketplace.

v0.2.0

Changed

• Restructured from 4 plugins to 1 sequenced workflow — replaced disconnected skill plugins (multi-tenant-platform, graduated-auth, neon-multi-tenant, theme-inspired-tokens) with a single webplatform4sync plugin exposing 9 numbered commands
• Updated .claude-plugin/marketplace.json to register 1 plugin instead of 4

Added

• 9 sequenced commands (wp4s1_discover through wp4s9_status) that guide users through Platform4Sync standard stack adoption in order:
  1. wp4s1_discover — Scan project against the standard, write .p4s/status.json
  2. wp4s2_scaffold — Generate project structure (greenfield/brownfield/overlay)
  3. wp4s3_tenant — Set up 3-tier tenant model with RLS
  4. wp4s4_database — Neon branch strategy, Drizzle ORM, Hyperdrive
  5. wp4s5_auth — Firebase identity, Better Auth sessions, graduated auth
  6. wp4s6_tokens — Culturally-grounded design tokens, W3C DTCG, Tailwind 4
  7. wp4s7_deploy — Cloudflare Worker deployment, Doppler, DNS, health checks
  8. wp4s8_validate — Tenant, token, RLS, and contract validation
  9. wp4s9_status — Adoption checklist with next-step recommendation
• Persistent state via .p4s/status.json — every command reads and updates this file to track progress across sessions
• .claude-plugin/plugin.json — single plugin manifest with 9 command references

Removed

• skills/multi-tenant-platform/plugin.json — no longer standalone plugins
• skills/graduated-auth/plugin.json — no longer standalone plugins
• skills/neon-multi-tenant/plugin.json — no longer standalone plugins
• skills/theme-inspired-tokens/plugin.json — no longer standalone plugins

Unchanged

• All skills/*/skill.md files remain as reference material loaded by commands
• All skills/*/references/ and skills/*/templates/ remain unchanged
• shared/ directory (conventions, contracts, validation) unchanged
• scaffold/ directory (greenfield, brownfield, overlay) unchanged

v0.1.0

Added

• Multi-Tenant Platform skill — 3-tier architecture (Platform/Partner/Customer) with RLS patterns, tenant hierarchy modeling, and white-label support
• Graduated Auth skill — Progressive authentication from anonymous to full account (Anonymous → Preview → OAuth → Full Account) with Better Auth + Firebase
• Neon Multi-Tenant skill — Neon PostgreSQL branch isolation, Hyperdrive connection pooling, Drizzle ORM tenant-scoped queries, and shared auth schema patterns
• Theme-Inspired Tokens skill — Culturally-grounded design token generation with W3C DTCG alignment, Style Dictionary pipeline, and Tailwind CSS v4 integration
• Scaffold templates — Greenfield (new project), brownfield (migration), and overlay (token system only)
• Shared contracts — TypeScript type definitions for cross-skill compatibility (auth.ts, tenant.ts, tokens.ts, env.ts, constants.ts)
• Validators — Tenant configuration and token structure validators
• Conventions — Naming, stack versions, and deployment standards
• Claude Code plugin marketplace configuration (.claude-plugin/marketplace.json)
• Private data scrub verification CI workflow
• Semantic versioning release workflow