All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

• TOTP-based two-factor authentication (enable, confirm, disable, verify)
• Recovery code generation and one-time consumption
• Passkey / WebAuthn registration and assertion
• Email OTP delivery and verification
• SMS OTP support via Twilio, Vonage, MessageBird, MSG91, or custom transport
• WhatsApp OTP support via Twilio or custom transport
• Trusted device management with optional user-agent and IP binding
• Socialite-based social account linking (static and runtime tenant credentials)
• RequireTwoFactor middleware auto-pushed into the web group
• ThrottleSensitiveAuth middleware for rate limiting OTP and passkey endpoints
• LaravelAuth facade and LaravelAuthManager contract
• AuthState enum for tracking authentication lifecycle
• Single idempotent migration covering all package tables
• Artisan install command (ghost:laravel-auth)
• PHP 8.2, 8.3, 8.4, 8.5 support
• Laravel 10, 11, 12, 13 support