# Changelog
## [0.9.0] - 2026-02-18
### Added
- New first-class tools:
- `trafficCapture`
- `hydraBruteforce`
- `privEscAudit`
- `extractionSweep`
- New report-admin tools:
- `listEngagementRecords`
- `getEngagementRecord`
- SoW-aware reporting flow in `createClientReport`:
- `scopeMode=ask` uses MCP elicitation/user invocation
- falls back to safe default template if declined/unavailable
- Invocation metadata output for the new tools (`invocation.clientId`, session, scopes, request id when available).
- Bundled MCP Inspector integration:
- dependency on `@modelcontextprotocol/inspector@^0.20.0`
- new CLI entry path: `pentest-mcp inspector`
- Command execution controls:
- `MCP_COMMAND_TIMEOUT_MS`
- `MCP_COMMAND_OUTPUT_LIMIT_BYTES`
- Docker image support for modern recon dependencies (`httpx`, `ffuf`, `nuclei`, `subfinder`) and `hashcat`.
- Docker image support for `hydra`, `sqlmap`, and `tcpdump`.
### Changed
- Upgraded `@modelcontextprotocol/sdk` to `^1.26.0`.
- Streamable HTTP is now the canonical network transport (`MCP_TRANSPORT=http`).
- Node.js engine requirement updated to `>=22.7.5` (Inspector compatibility).
- Auth model modernized to bearer + OIDC/JWKS/introspection via:
- `MCP_AUTH_*`
- `MCP_OIDC_*`
- Health endpoints now return transport/auth/deprecation metadata.
### Deprecated
- `MCP_TRANSPORT=sse` is now compatibility-only and emits deprecation warnings.
- Legacy `MCP_OAUTH_*` env aliases remain accepted temporarily but are deprecated.
### Fixed
- Removed brittle dynamic transport/auth import fallbacks tied to outdated SDK structures.
- Corrected version reporting drift in runtime metadata.
- Hardened `httpx` command resolution:
- prefers `httpx-toolkit`
- validates fallback `httpx` binary
- rejects accidental Python HTTPX CLI matches
- Restored concrete Nmap XML parsing to populate `ScanData` host/port/service details.
## [0.5.0] - 2025-06-08
- Initial multi-transport release (`stdio`, `http`, `sse`) with OAuth-oriented networking setup.
