Uses the new mdpsc_options storage key; earlier pre-0.5.0 internal option data is not migrated.
0.4.1
Publishes only the WordPress.org ZIP and current GitHub updater ZIP for releases.
Keeps GitHub release asset naming in tooling code instead of runtime plugin identity.
Removes plugin header author metadata for WordPress.org package compatibility.
0.4.0
Allows users to scope their own Application Passwords when WordPress allows Application Passwords for their account, unless an administrator locks the scope.
Adds administrator locks that make selected scopes read-only for password owners.
Adds a Restrict Scope shortcut to Application Password profile tables when the current user can manage that password.
Adds source tabs, area/action grouping, section select/deselect controls, and read/write/delete badges to the capability editor.
Splits selected password details from Mandate rule status in the admin summary.
Improves admin page output hardening.
0.3.1
Adds a Plugins page Settings link that opens the Mandate admin tool.
Adds favicon and sitemap metadata for the static product site.
Keeps legacy GitHub updater installs on built release ZIPs by publishing and verifying the legacy package asset.
0.3.0
Capability descriptions and tooltips explain what each WordPress capability does.
Cleaner admin layout: user, password, and scope summary shown as aligned columns.
Expiration date editing moved into the password summary.
Capability tabs relabelled: WordPress Capabilities and Third-Party Capabilities.
0.2.0
Optional expiration dates per Application Password. Expired passwords are automatically revoked daily.
Scope audit details: last saved date and the roles the scope was based on.
Warning when current roles differ from roles at the time the scope was saved.
0.1.0
Initial release: capability scoping per Application Password, role-derived allowlists, and enforcement on every API request.
