# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ### Added - โœจ `GET /api/v1/uptime` endpoint (PR #67) โ€” returns server start_time and uptime_seconds - ๐Ÿ“ mkcert local HTTPS doc + Makefile `cert` target (PR #68) โ€” prep for ADR-0028 Phase B OIDC callbacks - โœจ `pkg/auth/` skeleton for OpenID Connect (PR #69) โ€” types + client surface, handlers come later (Phase B.3+) - ๐Ÿ“ ADR-0028 Phase B roadmap document (PR #71) โ€” outlines remaining B.3 / B.4 / B.5 work - โœจ `pkg/auth/` OIDC client implementation : Discover, RefreshJWKS, ExchangeCode, ValidateIDToken (PR #74) โ€” completes ADR-0028 Phase B.3 - โœจ OIDC HTTP handlers : `/api/v1/auth/oidc/{provider}/start` and `/callback` with PKCE + sign-up-on-first-use (PR #75) โ€” completes ADR-0028 Phase B.4 - ๐Ÿงช OIDC handler unit tests covering start/callback rejection paths and PKCE redirect (PR #76) - ๐Ÿ“ `documentation/AUTH.md` synthesis covering Phase A + B current state (PR #73) - ๐Ÿ“ `documentation/MISTRAL-AUTONOMOUS-PATTERN.md` contributor guide for the Mistral autonomous pattern that ships PRs (PR #78) - ๐Ÿ“ PHASE_B_ROADMAP marks B.3 + B.4 done (PR #80) - ๐Ÿ“ documentation/2026-05-05-AUTONOMOUS-SESSION-RECAP.md captures the day's 24 Mistral autonomous PRs (PR #81) - ๐Ÿ“ README link to Mistral autonomous pattern doc (PR #83) - ๐Ÿ“ documentation/STATUS.md project snapshot for onboarding (PR #85) - ๐Ÿ“ documentation guides cherry-picked from PR #17 : CLI.md, CODE_EXAMPLES.md, HISTORY.md, OBSERVABILITY.md, ROADMAP.md, TROUBLESHOOTING.md (PR #87) - ๐Ÿ”’ redact JWT tokens and HMAC secrets in trace logs of pkg/user/auth_service.go via sha256 fingerprints (PR #88) - โœจ Dockerfile (root) + Helm chart for k3s homelab deployment, degraded mode without DB/SMTP/Vault (PR #89) - โ™ป๏ธ move UserContextKey + GetAuthenticatedUserFromContext from pkg/greet to pkg/auth (PR #90) - โ™ป๏ธ split AuthMiddleware into OptionalHandler + RequiredHandler with RFC 6750 challenge headers, narrow tokenValidator interface, case-insensitive Bearer (PR #91) - ๐Ÿงช unit tests for AuthMiddleware Optional/Required handlers + extractBearerToken edge cases (PR #92) - ๐Ÿ“ refresh AGENTS.md and README.md to reflect auth endpoints (magic-link, OIDC, JWT admin), pkg/auth, pkg/email, pkg/user/api packages, and 30-ADR index. Endpoints listing decision : curated short list + pointer to swagger as source of truth (PR #93) - ๐Ÿค– auto-build Docker image on push to main (paths-ignore for docs) + fix root Dockerfile swag init step (PR #94) ## [0.1.0] - 2026-05-05 ### Added - Magic-link passwordless authentication (ADR-0028 Phases A.1 through A.5, PRs #59-#63) - OIDC provider config skeleton (ADR-0028 Phase B.1 prep, PR #64) - Magic-link expired-token cleanup loop (PR #65) - Mailpit local SMTP infrastructure (ADR-0029) - BDD parallel email assertion strategy (ADR-0030)