Phase 4 — MFA + Permissions
Pre-release
Pre-release
What's included
- TOTP MFA: setup, confirm, disable (pyotp)
- 8 argon2-hashed single-use backup codes
- Role hierarchy + scope guards
- Login brute force lockout (configurable)
- OTP attempt limiting with auto-invalidation
- Username and phone uniqueness on registration
Test Coverage
54 tests — 54 passing
Cumulative: 237 tests across Phases 1–4