# Release checklist

- [ ] Run Plugin Check and resolve all issues (0 discouraged patterns).
- [ ] Run PHPCS (WPCS) and ensure no unsanitized superglobals or missing nonce/cap checks.
- [ ] Test single-site: activation, settings save, import/export, safe mode, restrictions.
- [ ] Test multisite: network activation; ensure plugin page is not accessible in Network Admin.
- [ ] Verify no external requests/telemetry and no PII storage beyond documented items.
- [ ] Verify debug.log clean (no notices/warnings/deprecated).
- [ ] Verify exports (CSV/JSON) download correctly and CSV is protected against formula injection.
- [ ] Verify optional Settings export download (JSON) works only when enabled and requires nonce/capability.
- [ ] Verify optional 2FA reminder notice appears only for restricted users and can be dismissed per-user.
- [ ] Verify privacy tools: Export/Erase Personal Data includes safe mode meta and log anonymization.
- [ ] Verify admin assets are screen-gated (loaded only on plugin screens).
- [ ] Verify ZIP packaging: no .git, node_modules, build caches, OS junk, or unnecessary dev files.