chore(main): release 0.2.6

[szTheory]

🤖 I have created a release beep boop

0.2.6 (2026-04-25)

Features

• 053-01: add Hex docs link and ExDoc publish reminder (3362bf0)
• 053-01: refresh Hex description for PUB-01 (acd275e)
• 06-01: add MFA deps, config, error types, and Credential struct (52a25f4)
• 06-01: implement MFA orchestrator, BackupCodes, Trust, and Lockout modules (e913806)
• 06-02: add MFA-aware authenticate flow and complete_mfa_verification (db192a1)
• 06-02: add RequireMFA and RequireMFAEnrolled plugs with mfa_pending session type (d3bb45b)
• 06-03: add MFA telemetry event catalog and integration (826945c)
• 06-03: add MFA testing helpers and TokenCleanup mfa_pending extension (bf17b7c)
• 06-04: add MFA email templates, Auth context delegation, and test fixtures (8a93edb)
• 06-04: add MFA migration tables and generated Ecto schemas (e66b8f4)
• 06-05: add MFA challenge page templates (controller + HTML + LiveView) (8efd59d)
• 06-05: add MFA settings templates, require_mfa plug, and generator wiring (89cc608)
• 07-01: APIToken module and RequireScopes plug with full test coverage (953adbe)
• 07-01: config extensions, StringList type, ScopeRegistry, error types, telemetry events (e1e0e39)
• 07-02: add Joken dependency, ClaimsBuilder behaviour, and Signer module (8c79f0c)
• 07-02: add JWT module and RefreshToken with family-based reuse detection (2d00c6e)
• 07-03: add Auth delegation, TokenCleanup extension, Testing helpers, Email notification (611e5f6)
• 07-03: rewrite FetchBearer with auto-detection and scope assignment (425527a)
• 07-04: add API controllers, email template, injector, and install task (86f9be4)
• 07-04: add API token migration and schema templates (9b13525)
• 08-01: add config extensions, email templates, and data export behaviour (cd3ef15)
• 08-01: implement hooks engine with Ecto.Multi integration and tests (b635995)
• 08-02: add Account orchestrator with unified delegation API (44ea30a)
• 08-02: implement Account Deletion module with 3 strategies (cd31c37)
• 08-02: implement EmailChange and PasswordChange modules (601d35f)
• 08-03: add telemetry events and Auth module lifecycle delegation (34e6f2b)
• 08-03: implement RequirePasswordChange plug and AccountDeletion Oban worker (6c26dce)
• 08-04: add 7 account lifecycle email templates (36363df)
• 08-04: auth context lifecycle delegation and hooks stub module (ada92fb)
• 08-04: migration template, user schema, and token TTL for account lifecycle (21332d3)
• 08-05: add generator injector for lifecycle routes, plugs, and tests (ba5d3c5)
• 08-05: add settings LiveView, reactivation page, and lifecycle testing helpers (61112c9)
• 09-01: add audit_events migration template (02ae340)
• 09-01: add AuditEvent schema template and wire install task (bd3f69f)
• 09-02: add Sigra.Audit changeset, cursor, query submodules (01f75de)
• 09-02: add Sigra.Audit public API (ce6dc7c)
• 09-03: integrate audit logging into auth + session + security subsystems (0724d96)
• 09-03: integrate audit logging into mfa + oauth + api_token + account (68e222c)
• 09-04: add Sigra.Workers.AuditCleanup Oban worker and startup warning (a01a25c)
• 10-01: add audit test helpers and section headers to Sigra.Testing (d891e2b)
• 10-02: add scenario fixtures to AuthFixtures template (24ecd7c)
• 10-03: add :cookie_domain config + Sigra.MFA.Trust.cookie_opts/1 (080fd4f)
• 10-03: runtime remember_me_options in UserAuth + MFA trust cookie + boot warning (4aa7030)
• 10-05: add pure helpers + doctests to Config/Auth/Testing (fa57f1e)
• 10-06: scaffold test/example Phoenix app with Sigra installed (2f1790e)
• 10.1.1-03: unify example app on Sigra canonical user_sessions store (B6, D-06/D-07) (ddf7b94)
• 10.1.1-05: flip installer default to binary_id (uuid) PKs (D-10) (d1d2c40)
• 10.1.1-06: add --yes non-interactive flag to sigra.install (2b15e81)
• 10.1.1-06: add install_smoke + example_http_smoke CI jobs (ae37e78)
• 10.1.1-06: add install-smoke.sh and http-smoke.sh CI drivers (c082ab3)
• 10.1.1-07: add data-testid hook to MFA TOTP secret (7dd8e25)
• 10.1.1-07: scaffold Playwright golden-path browser smoke harness (24e8c7c)
• 41: TOTP-gated backup code rotation and GA-01 regression (e5f399e)
• 43-02: atomic auth.register.success audit via register_user_multi (d2e6efb)
• 43-03: atomic magic-link and password-reset request audits via Multi (149ab89)
• 43-04: atomic auth.login.success audit with lockout Multi (3bc7811)
• 49-01: add mix ci.audit_45 alias for AUD-08 merge gate (3adb5fe)
• 50-01: add mix ci.install_golden alias for install golden tests (ba8ca30)
• audit: add audit_multi_step for multi-row Multi audits (a642496)
• mfa: atomic audit Multis for AUD-06 (MFA) (3d5abf1)
• uat: add Docker UAT environment + runbook for milestone v1.0 manual gates (812eca0)

Bug Fixes

• 06: add Code.ensure_loaded! to function_exported? tests for isolation safety (61826f8)
• 06: add settings_url binding to email template test for MFA emails (86f9759)
• 06: correct struct syntax for Ecto.Changeset.cast in MFA enrollment (b968a86)
• 06: CR-01 use Ecto cast to trigger cloak_ecto encryption for TOTP secrets (3c74dc8)
• 06: CR-02 eliminate modulo bias in backup code and confirmation code generation (66f1d3b)
• 06: WR-01 wrap MFA enrollment and cleanup in Ecto.Multi transactions (41b3899)
• 06: WR-02 combine lockout increment and lock into single atomic query (59f6d78)
• 06: WR-03 align MFA pending state checks between controller, LiveView, and library plugs (84fd485)
• 06: WR-04 add missing settings_url binding for mfa_disabled_email template (a73c46a)
• 06: WR-05 pass required options to setup_totp and simulate_mfa_lockout in fixtures (d8bf183)
• 06: WR-06 handle trailing slashes in RequireMFA path comparison (c1f5e89)
• 07: revise plans based on checker feedback (2fd57a5)
• 08-05: update migration test to match partial unique index from Plan 04 (6037d26)
• 08: CR-01 add missing callback fns to email change request and cancel flows (befa404)
• 08: CR-02 add missing callback fns to email change confirm flow (d8f7d08)
• 08: CR-03 add missing validate_password_fn to password change flow (9903b78)
• 08: WR-01 execute hook multi instead of discarding it (4152725)
• 08: WR-02 document TTL-based cleanup for orphaned email change tokens (5285e68)
• 08: WR-03 include email and hashed_password in deletion_changeset for anonymize strategy (6b775d0)
• 08: WR-04 validate deletion strategy against known values with safe default (debe7fc)
• 09: CR-01 harden validate_metadata_size against non-map and unencodable metadata (58120a9)
• 09: WR-02 raise in Sigra.Audit.stream/2 when repo.stream/1 is unavailable (78a3474)
• 09: WR-06 WR-07 honor configured retention and batch cleanup deletes (065076f)
• 09: WR-08 WR-01 sanitize log_safe error telemetry + surface missing repo (41ec4a0)
• 10-review: CR-01 guard Mix.env() in generated UserAuth remember_me_options (7a922e7)
• 10-review: WR-01 correct MFA guide function references (fc43f52)
• 10-review: WR-02 preserve false/nil in assert_audit_event metadata lookup (138777c)
• 10-review: WR-03 make Sigra.MFA.Trust.cookie_opts/0 raise to prevent silent cookie_domain drop (009d424)
• 10-review: WR-04 oauth_enabled? requires at least one configured provider (1aae029)
• 10.1 IN-01,IN-02: robust migration timestamp offsets and pad/1 cleanup (8d031be)
• 10.1 IN-03: route password reset through Sigra.Auth.reset_password/4 (90d7adb)
• 10.1 IN-05: stop passing :secret_key_base to verify_confirmation_code/3 (7eef6d8)
• 10.1 IN-06 follow-up: move helper after handle_event clauses to satisfy --warnings-as-errors (d64177f)
• 10.1-01: build proper UserToken structs in request_password_reset and request_magic_link (10c7cf9)
• 10.1-02: backport installer template fixes #1-8 (0ab0d04)
• 10.1-02: backport installer template fixes #9-16 (b19bdf3)
• 10.1-03: eliminate mix docs --warnings-as-errors @doc reference warnings (b1f49d3)
• 10.1-05: scenario/2 raises ArgumentError with valid atoms on unknown scenarios (95987e2)
• 10.1-06: delete aspirational cursor_portability_test (182edbf)
• 10.1-06: generator_reset_test stale alias assertion (81d66fd)
• 10.1-06: sigra.install_test bindings — stale after plan 10.1-02 (32dbae1)
• 10.1.1-02: fix /users/sudo KeyError on render (B7, D-08) (388856f)
• 10.1.1-02: wire confirmation email in RegistrationLive (B5, D-05) (fbdc743)
• 10.1.1-04: replace LoginLive with plain SessionController + SessionHTML (B9/D-12) (ba66d76)
• 10.1.1-05: flip test/example to uuid PKs end-to-end (B8 root fix) (949f182)
• 10: revise plans per checker iteration 1 feedback (c70ec28)
• 44: document APIToken.revoke/2 changeset error in typespec (8df3957)
• 49-01: scope ci.audit_45 to one multi-path mix test (c658a74)
• ci: document RELEASE_PLEASE_TOKEN for downstream CI on release PRs (#24) (324b036)
• ci: retry mix deps.get in install-smoke for heroicons git flakiness (#27) (1840c8c)
• docs: include Nyquist matrix extra for ExDoc link validation (cac5a01)
• example: JS bundle + endpoint socket + router auth pipeline (58b7122)
• hex: shorten Hex package description (300 char limit) (#22) (3d8acfe)
• mfa: correct Ecto.Multi.merge arity for lockout audit Multis (09e2263)
• MFA: handle cleanup Multi errors in disable flows (2e1d309)

---

This PR was generated with Release Please. See documentation.