# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Changed
- **Node.js 24 LTS Baseline** — Upgraded from Node 20 to Node 24 LTS as the project baseline
- `package.json` now requires Node.js >=24.0.0 in `engines` field
- README prerequisites updated to specify Node.js 24+ (LTS)
- **Dependency Updates** — Updated npm dependencies to latest versions
- `@modelcontextprotocol/sdk`: 1.24.3 → 1.25.2
- `@types/node`: 25.0.2 → 25.0.8
- `better-sqlite3`: 12.5.0 → 12.6.0
- `globals`: 16.5.0 → 17.0.0 (major version bump)
- `pg`: 8.16.3 → 8.17.0
- `typescript-eslint`: 8.49.0 → 8.53.0
- `vitest`: 4.0.15 → 4.0.17
- `zod`: 4.1.13 → 4.3.5
### Security
- **Transitive Dependency Fixes** — Resolved high severity vulnerabilities via npm audit fix
### Fixed
- **MCP SDK 1.25.2 Compatibility** — Fixed stricter transport type requirements
- Added onclose handler to StreamableHTTPServerTransport before connecting
- Used type assertion to satisfy SDK's narrower Transport type constraints
### Added
- **MCP Enhanced Logging** — Full MCP protocol-compliant structured logging
- RFC 5424 severity levels: debug, info, notice, warning, error, critical, alert, emergency
- Module-prefixed error codes (e.g., `DB_CONNECT_FAILED`, `AUTH_TOKEN_INVALID`)
- Structured log format: `[timestamp] [LEVEL] [MODULE] [CODE] message {context}`
- Module-scoped loggers via `logger.forModule()` and `logger.child()`
- Sensitive data redaction for OAuth 2.1 configuration fields
- Stack trace inclusion for error-level logs with sanitization
- Log injection prevention via control character sanitization
- Initial repository setup
- Project documentation (README, CONTRIBUTING, CODE_OF_CONDUCT, SECURITY)
- GitHub workflows (CodeQL, Dependabot)
- Issue and PR templates
