Updated the `Serilog` package version in `Directory.Packages.props`
from `4.3.1-dev-02390` to `4.3.1-dev-02395`.

Added a new `Architecture.md` file to the solution under the
`/Solution Items/` folder. This document provides a detailed
overview of the FullStackHero .NET 10 Starter Kit architecture,
including solution structure, technology stack, development
guidelines, and future plans for Aspire orchestration.

The `Architecture.md` file serves as a single source of truth
for developers, ensuring clarity and consistency across the
project.

Introduced a configuration-driven rate limiting feature to protect APIs from abuse, with tenant- and user-aware policies. Added `RateLimitingOptions` for global and auth-specific limits, exempting health endpoints. Updated the pipeline to include rate limiting middleware.

Replaced `DatabaseOptionsLogger` with `DatabaseOptionsStartupLogger` as a hosted service for logging database provider details at startup. Removed OpenAPI annotations from health endpoints and ensured static files are unaffected by rate limiting.

Added `Microsoft.AspNetCore.RateLimiting` dependency, `MailOptions` configuration, and placeholders for `AppHost` and `ServiceDefaults`. Performed code cleanup and updated documentation to reflect these changes.

Introduced a new HTTP Auditing module with request/response
logging, W3C Trace Context correlation, body capture with
masking, and default exclusions. Automatically integrates
into the pipeline when referenced.

Enhanced logging with structured Serilog configuration,
correlation ID enrichment, and noise control for common
frameworks. Added production best practices and example
`appsettings` for JSON sinks.

Improved middleware pipeline in `Extensions.cs`:
- Added `ServeStaticFiles` option for early static file serving.
- Adjusted CORS middleware placement.
- Auto-wired Auditing middleware if referenced.

Enhanced `AuditHttpMiddleware`:
- Masked sensitive fields in request/response bodies.
- Replaced route pattern logging with exact path logging.
- Improved exception auditing and updated source identifier.

Expanded sensitive field masking in `JsonMaskingService` to
include `accessToken` and `refreshToken`.

Introduced `AppHost + ServiceDefaults` in `Architecture.md`
to outline plans for resource orchestration and deployment
bridges.

Renamed and rebranded the FullStackHero (FSH) framework to Hero across the codebase. This includes updates to method names, class names, namespaces, and configuration references to ensure consistency with the new naming convention.

Key changes:
- Updated `AddFshPlatform` and `UseFshPlatform` to `AddHeroPlatform` and `UseHeroPlatform`.
- Renamed `ConfigureDatabase` to `ConfigureHeroDatabase` in database-related classes.
- Replaced `BindDbContext` with `AddHeroDbContext` in all modules.
- Updated CORS, OpenAPI, and health check methods to use the `Hero` prefix.
- Refactored multi-tenant database configuration to `UseHeroMultiTenantDatabases`.

These changes ensure a consistent and unified naming convention for the Hero framework.

Introduced a new `Architecture.Tests` project to enforce solution-wide architectural rules, including modularity, namespace conventions, and decoupling between modules and host projects.

- Added new package references in `Directory.Packages.props` for testing libraries (`xunit`, `Shouldly`, `AutoFixture`, etc.).
- Updated `FSH.Framework.slnx` to include the `Architecture.Tests` project under `/Tests/`.
- Created `Architecture.Tests.csproj` targeting `net10.0` with references to building blocks, modules, and the Playground API.
- Added `ModuleArchitectureTests` to ensure module runtime projects do not reference other module runtime projects directly.
- Added `NamespaceConventionsTests` to enforce namespace alignment with folder structure in `BuildingBlocks/Core/Domain`.
- Added `PlaygroundArchitectureTests` to ensure modules do not depend on Playground host assemblies.
- Introduced `ModuleArchitectureTestsFixture` for dynamic solution root discovery.
- Updated `README.md` to document the purpose, structure, and usage of the `Architecture.Tests` project.

- Added RabbitMQ event bus provider with config and retry logic
- Introduced OutboxDispatcherHostedService for periodic dispatch
- Extended EventingOptions for outbox scheduling and provider selection
- Added DownloadAsync/ExistsAsync to IStorageService and implementations
- Introduced FileDownloadResponse DTO for file downloads
- Implemented phone confirmation and external user creation in UserService
- Updated TenantThemeService to track updater via ICurrentUser
- Updated NuGet dependencies for hosting and RabbitMQ support

- Added ForgotPassword, Register, and ResetPassword Blazor pages with modern, accessible UI and tenant support
- Updated SimpleLogin to link to new auth pages
- Enhanced ITenantService and TenantService to use CancellationToken and consistent async naming
- Added "Retry Provisioning" to TenantDetailPage for failed tenant provisioning
- Renamed and improved Multitenancy test project and restored domain/feature tests; added handler tests with NSubstitute
- Replaced Extensions.cs with PersistenceExtensions.cs and JwtAuthenticationExtensions.cs for clarity
- Updated .gitignore and solution/project file paths for consistency
- General code cleanup and improved async and error handling

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add 8 new architecture test files enforcing:
  - Layer dependency rules (Core shouldn't depend on EF/ASP.NET)
  - Contracts purity (DTOs only, no infrastructure deps)
  - Handler/validator pairing conventions
  - Endpoint naming and namespace conventions
  - BuildingBlocks independence from Modules
  - Circular reference detection
  - API versioning consistency
  - Domain entity patterns

- Fix namespace violations:
  - UserService: FSH.Framework.Infrastructure.Identity.Users.Services -> FSH.Modules.Identity.Services
  - SelfRegisterUserEndpoint: correct namespace
  - GenerateTokenEndpoint: correct namespace
  - RefreshTokenEndpoint: correct namespace
  - ToggleUserStatusEndpoint: fix method naming

- Remove ASP.NET Core dependencies from handlers:
  - Add IRequestContext abstraction in Core
  - Add RequestContextService implementation
  - Update handlers to use IRequestContext instead of IHttpContextAccessor

- Add missing GetTenantsQueryValidator for paginated query

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Change Auditing.Contracts to reference Shared instead of Web
- Add Web as direct reference to Auditing implementation project
- Contracts now only depends on Shared (for IPagedQuery/PagedResponse)
- Heavy dependencies (Web, FluentValidation, ASP.NET Core) stay in implementation

This improves module isolation by keeping Contracts lightweight.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Create IPasswordExpiryService and IPasswordHistoryService in Contracts
- Create PasswordExpiryStatusDto in Contracts/DTOs
- Update service implementations to use userId (string) instead of FshUser
- Make service methods async to support database lookups
- Update ChangePasswordValidator to use interface from Contracts
- Update tests to use NSubstitute mocks for UserManager

This follows proper dependency inversion - Contracts should contain
interfaces that consumers depend on, while implementations stay in
the module project.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Create PagedQueryValidator<T> in Web/Validation for IPagedQuery types
- Consolidate pagination rules: PageNumber > 0, PageSize 1-100, Sort max 200
- Update SearchUsersQueryValidator to use shared validator
- Update GetAuditsQueryValidator to use shared validator
- Update GetTenantsQueryValidator to use shared validator

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Eventing no longer references Persistence project
- Add Microsoft.EntityFrameworkCore.Relational package directly for ToTable()
- Add explicit Shared reference to Modules.Identity.Contracts
  (was relying on transitive dependency through Eventing -> Persistence)

This reduces coupling and makes Eventing a lower-layer component.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Moves all domain entities from scattered Feature folders to a centralized
Domain folder with namespace FSH.Modules.Identity.Domain for clearer
architectural separation between domain and application concerns.

Entities moved:
- FshUser, FshRole, FshRoleClaim (Identity entities)
- Group, GroupRole, UserGroup (Group entities)
- UserSession, PasswordHistory (Supporting entities)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- CA2227: Suppress in Identity module (EF Core requires collection setters)
- CA1307: Add StringComparison.OrdinalIgnoreCase to Contains() in SessionService
- CA1002: Use IReadOnlyList<string> instead of List<string> in endpoint DTOs
- CA2016: Forward CancellationToken in CreateTenantCommandValidator
- S6667: Pass exception to logger in S3StorageService catch clause
- S2930/CA2000: Add using declaration for CancellationTokenSource in tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Package updates:
- Microsoft.* packages: 10.0.1 -> 10.0.2
- Finbuckle.MultiTenant.*: 10.0.1 -> 10.0.2
- SonarAnalyzer.CSharp: 10.17.0 -> 10.18.0
- Asp.Versioning.*: 8.1.0 -> 8.1.1
- Scalar.AspNetCore: 2.11.8 -> 2.12.10
- RabbitMQ.Client: 7.1.2 -> 7.2.0
- Other minor version bumps

Breaking change fixes (Finbuckle 10.0.2):
- Convert AppTenantInfo from record to class
- Add [SetsRequiredMembers] to constructors
- Update command DTOs to use IReadOnlyList<string>

Warning fixes:
- Add StringComparison.Ordinal to string methods
- Add CultureInfo.InvariantCulture to StringBuilder
- Remove unused variables in test files
- Add assertions to informational tests
- Suppress analyzer warnings for test-specific code
- Fix params array syntax in test methods

Add zero warnings policy to CLAUDE.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fixes #1158 - Redis timeout issue when SSL is required

- Add EnableSsl option to CachingOptions (nullable bool)
- Apply SSL setting only when explicitly configured
- Enable SSL by default for Aspire Redis in AppHost

Behavior:
- No Redis: falls back to in-memory cache
- EnableSsl not set: uses connection string default
- EnableSsl: true/false: overrides connection string

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Updated appsettings.Development.json to include MultitenancyOptions and OpenTelemetryOptions. Multitenancy now supports auto-provisioning and disables tenant migrations on startup. OpenTelemetry OTLP exporter is explicitly disabled.

- Add CircuitTokenCache to store refreshed tokens per Blazor circuit
  (httpContext.User claims are cached per circuit and don't update after SignInAsync)
- Update circuit cache BEFORE SignInAsync to handle expected failures in SignalR context
- Add IAuthStateNotifier to notify components when session expires
- Add RedirectToLogin component for AuthorizeRouteView
- Update Routes.razor to use AuthorizeRouteView with proper authorization
- Add [AllowAnonymous] to public pages (login, register, forgot/reset password)
- Add sign-out deduplication flag to prevent multiple sign-out attempts
- Only show default credentials in development environment
- Handle concurrent refresh requests with lock and cache
- Track failed refresh tokens to prevent endless retry loops

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Create FshStatCard shared component with hover animations
- Update FshPageHeader with modern styling and elevation
- Create Eventing.Abstractions project for lightweight interfaces
- Move FileUploadRequest DTO from Storage to Shared project
- Update Modules.Identity.Contracts to use Eventing.Abstractions
- Update Modules.Multitenancy.Contracts to remove Storage dependency
- Update architecture tests for new dependency structure

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Configure JWT not to block debug when no profile pic

* Include .ico in theme favicon upload.
Configure JWT not to block debug when no profile pic

* Use SendGrid as Alternative mailing Client

* Handle TenantThemeSate restore after login.

* Update as per request

* Added ArgumentNullException on settings of null

* feat: Make repo AI-ready with comprehensive guidelines

- Rewrite CLAUDE.md with architectural philosophy and patterns
- Add .cursorrules for Cursor IDE users
- Add .github/copilot-instructions.md for GitHub Copilot

AI assistants can now understand:
- Modular monolith + vertical slice philosophy
- Feature structure and patterns
- Decision guides for where to put code
- Critical rules and rationale

* chore: Remove Cursor and Copilot files, keep Claude only

* feat: Complete AI-ready setup with rules, skills, and agents

Structure:
- CLAUDE.md → Entry point with quick reference
- .claude/rules.md → 12 hard constraints with rationale
- .claude/skills.md → Step-by-step guides for common tasks
- .claude/agents.md → AI behavior guidelines and decision framework

This enables AI assistants to:
- Understand architectural philosophy
- Follow patterns consistently
- Make correct decisions about code placement
- Catch common mistakes before they happen

* feat: Add Claude Code agents, skills, and rules

Following Claude Code official documentation structure:

Skills (.claude/skills/<name>/SKILL.md):
- add-feature: Create API endpoints with vertical slice pattern
- add-module: Scaffold new bounded contexts
- add-entity: Create domain entities with multi-tenancy
- query-patterns: Pagination, filtering, specifications
- testing-guide: Unit, integration, architecture tests
- mediator-reference: Mediator vs MediatR (background knowledge)

Subagents (.claude/agents/<name>.md):
- code-reviewer: Review PRs against FSH patterns (sonnet, read-only)
- feature-scaffolder: Generate complete feature files
- module-creator: Scaffold new modules
- architecture-guard: Verify architecture (haiku, plan mode)
- migration-helper: EF Core migrations

Rules (.claude/rules/<name>.md) - path-scoped:
- buildingblocks-protection: Warns on BuildingBlocks changes
- api-conventions: Endpoint requirements
- testing-rules: Test conventions

Removed old flat files (skills.md, agents.md, rules.md)
Updated CLAUDE.md with new structure reference

---------

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

Add domain events for identity-related operations:
- UserRegisteredEvent: Raised when a new user registers
- PasswordChangedEvent: Raised when a user changes password
- UserRoleAssignedEvent: Raised when roles are assigned to a user
- UserActivatedEvent: Raised when a user account is activated
- UserDeactivatedEvent: Raised when a user account is deactivated
- SessionRevokedEvent: Raised when a user session is revoked

All events inherit from DomainEvent base record and include:
- EventId, OccurredOnUtc, CorrelationId, TenantId (from base)
- Relevant domain-specific data
- Static factory method for convenient creation

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

* fix: Add CancellationToken to Identity handlers

- PathAwareAuthorizationHandler: Pass context.RequestAborted to WriteAsync
- RequiredPermissionAuthorizationHandler: Extract CancellationToken from HttpContext and pass to HasPermissionAsync

Note: UserRegisteredEmailHandler and TokenGeneratedLogHandler already have proper CancellationToken handling.

* fix: Standardize Identity endpoints to use TypedResults

Replace Results.* with TypedResults.* in Identity module endpoints:
- Results.Ok() → TypedResults.Ok()
- Results.NotFound() → TypedResults.NotFound()
- Results.NoContent() → TypedResults.NoContent()
- Results.BadRequest() → TypedResults.BadRequest()

Files updated:
- AdminRevokeSessionEndpoint.cs
- RevokeSessionEndpoint.cs
- DeleteRoleEndpoint.cs
- UpdateRolePermissionsEndpoint.cs
- ToggleUserStatusEndpoint.cs
- ChangePasswordEndpoint.cs
- ForgotPasswordEndpoint.cs
- ConfirmEmailEndpoint.cs
- DeleteUserEndpoint.cs
- UpdateUserEndpoint.cs
- AssignUserRolesEndpoint.cs
- ResetPasswordEndpoint.cs

---------

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

* fix: Add missing authorization to Identity endpoints

- ChangePasswordEndpoint: Add RequireAuthorization() for logged-in users
- GetUserProfileEndpoint: Add RequireAuthorization() for logged-in users
- AssignUserRolesEndpoint: Add RequirePermission(Users.ManageRoles)
- GetUserPermissionsEndpoint: Add RequirePermission(Users.View)
- Add Users.ManageRoles permission constant

These endpoints were previously accessible without proper authorization checks.

* fix: Add CancellationToken to Identity handlers

- PathAwareAuthorizationHandler: Pass context.RequestAborted to WriteAsync
- RequiredPermissionAuthorizationHandler: Extract CancellationToken from HttpContext and pass to HasPermissionAsync

Note: UserRegisteredEmailHandler and TokenGeneratedLogHandler already have proper CancellationToken handling.

---------

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

- ChangePasswordEndpoint: Add RequireAuthorization() for logged-in users
- GetUserProfileEndpoint: Add RequireAuthorization() for logged-in users
- AssignUserRolesEndpoint: Add RequirePermission(Users.ManageRoles)
- GetUserPermissionsEndpoint: Add RequirePermission(Users.View)
- Add Users.ManageRoles permission constant

These endpoints were previously accessible without proper authorization checks.

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

Added 13 validators:
- AddUsersToGroupCommandValidator
- DeleteGroupCommandValidator
- RemoveUserFromGroupCommandValidator
- DeleteRoleCommandValidator
- AdminRevokeAllSessionsCommandValidator
- AdminRevokeSessionCommandValidator
- RevokeAllSessionsCommandValidator
- RevokeSessionCommandValidator
- AssignUserRolesCommandValidator
- ConfirmEmailCommandValidator
- DeleteUserCommandValidator
- RegisterUserCommandValidator
- ToggleUserStatusCommandValidator

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

Applied Domain-Driven Design patterns to Identity module entities:

- Group.cs: Private setters, private constructor, Create() factory, Update() and SetAsDefault() domain methods
- UserGroup.cs: Private setters, private constructor, Create() factory
- GroupRole.cs: Private setters, private constructor, Create() factory
- UserSession.cs: Private setters, private constructor, Create() factory, UpdateActivity(), UpdateRefreshToken(), and Revoke() domain methods
- PasswordHistory.cs: Private setters, private constructor, Create() factory

Updated all usages in:
- IdentityDbInitializer.cs
- CreateGroupCommandHandler.cs
- UpdateGroupCommandHandler.cs
- AddUsersToGroupCommandHandler.cs
- UserService.cs
- SessionService.cs
- PasswordHistoryService.cs

Note: FshUser and FshRole were skipped as they inherit from ASP.NET Identity base classes.

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

…dHandler (#1182)

Fixes #1179

The catch block was swallowing exceptions silently. While the behavior
is intentional (session creation failure shouldn't block login), the
exception should be logged for debugging purposes.

Changes:
- Added ILogger<GenerateTokenCommandHandler> dependency
- Log warning when session creation fails with exception details

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

* fix: Add logging to session creation exception in GenerateTokenCommandHandler

Fixes #1179

The catch block was swallowing exceptions silently. While the behavior
is intentional (session creation failure shouldn't block login), the
exception should be logged for debugging purposes.

Changes:
- Added ILogger<GenerateTokenCommandHandler> dependency
- Log warning when session creation fails with exception details

* fix: resolve all build warnings

- Change navigation property setters from 'private set' to 'init' for EF Core entities (fixes S1144)
  - GroupRole.cs: Group, Role properties
  - PasswordHistory.cs: Id, User properties
  - UserGroup.cs: User, Group properties
  - UserSession.cs: User property
- Add await to InvokeAsync(StateHasChanged) calls in PlaygroundLayout.razor (fixes CS4014)

Build now completes with 0 warnings, 0 errors.

---------

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

* fix: Add logging to session creation exception in GenerateTokenCommandHandler

Fixes #1179

The catch block was swallowing exceptions silently. While the behavior
is intentional (session creation failure shouldn't block login), the
exception should be logged for debugging purposes.

Changes:
- Added ILogger<GenerateTokenCommandHandler> dependency
- Log warning when session creation fails with exception details

* fix: resolve all build warnings

- Change navigation property setters from 'private set' to 'init' for EF Core entities (fixes S1144)
  - GroupRole.cs: Group, Role properties
  - PasswordHistory.cs: Id, User properties
  - UserGroup.cs: User, Group properties
  - UserSession.cs: User property
- Add await to InvokeAsync(StateHasChanged) calls in PlaygroundLayout.razor (fixes CS4014)

Build now completes with 0 warnings, 0 errors.

* refactor: standardize endpoints to use TypedResults

---------

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

- Make FshUser implement IHasDomainEvents with domain event methods:
  - RecordRegistered() for UserRegisteredEvent
  - RecordPasswordChanged() for PasswordChangedEvent
  - Activate()/Deactivate() for UserActivatedEvent/UserDeactivatedEvent
  - RecordRolesAssigned() for UserRoleAssignedEvent

- Make UserSession implement IHasDomainEvents:
  - Revoke() now raises SessionRevokedEvent

- Update UserService to raise domain events:
  - RegisterAsync and GetOrCreateFromPrincipalAsync raise UserRegisteredEvent
  - ToggleStatusAsync uses Activate/Deactivate methods for status events
  - AssignRolesAsync raises UserRoleAssignedEvent for newly assigned roles
  - ChangePasswordAsync/ResetPasswordAsync raise PasswordChangedEvent

- Update SessionService to pass tenantId to Revoke calls:
  - RevokeSessionAsync, RevokeAllSessionsAsync
  - RevokeSessionForAdminAsync, RevokeAllSessionsForAdminAsync

Domain events are automatically dispatched by DomainEventsInterceptor after SaveChanges.

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

Split the 682-line UserService.cs into smaller, focused partial class files:

- UserService.cs (~80 lines) - Core class with constructor and shared helpers
- UserService.Registration.cs (~220 lines) - RegisterAsync, GetOrCreateFromPrincipalAsync
- UserService.Profile.cs (~100 lines) - GetAsync, GetListAsync, UpdateAsync, existence checks
- UserService.Lifecycle.cs (~115 lines) - DeleteAsync, ToggleStatusAsync
- UserService.Roles.cs (~85 lines) - AssignRolesAsync, GetUserRolesAsync
- UserService.Confirmation.cs (~50 lines) - ConfirmEmailAsync, ConfirmPhoneNumberAsync

Existing partial files kept unchanged:
- UserService.Password.cs (87 lines)
- UserService.Permissions.cs (53 lines)

No interface or method signature changes. Build verified with 0 errors, 0 warnings.

Co-authored-by: jarvis <jarvis@codewithmukesh.com>