v4.3.1 - Email verification recipe (docs)

Documentation

• Package UPGRADE.md ships the new "opt-in email verification" recipe — required pre-flight (verified-user backfill + role-less audit), MAIL_MAILER=log footgun, custom-Registered-event warning, and the env switch (REGISTRATION_EMAIL_VERIFICATION=true). Recipe applies to both standalone skeleton installs and plugin-mode hosts.

Standalone skeleton (host-app, not shipped via this package)

The matching wiring landed in the standalone skeleton on main (not in this package release — host-app files don't ship through Composer):

• App\Models\User implements MustVerifyEmail and gates canAccessPanel() on hasVerifiedEmail() when the env flag is on
• AdminPanelProvider calls Filament-native ->emailVerification(isRequired: …) and ->emailChangeVerification(…) (note the signature mismatch — see docs/ref-email-verification.md)
• config/registration.php env fallback so the gate works without the registration plugin installed
• New docs/ref-email-verification.md — full recipe with custom-signup warning + signature gotcha

Upgrade Notes

• Backwards-compatible. Default REGISTRATION_EMAIL_VERIFICATION=false — every change is inert until you opt in. Existing installs with admin-created unverified users continue to log in unchanged.
• Before flipping the env on production, follow the pre-flight in UPGRADE.md: backfill verified-at, audit role-less users, switch MAIL_MAILER from log to a real driver, then php artisan optimize:clear.