# Changelog

All notable changes to this project will be documented in this file.

The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

---

## [Unreleased]

---

## [0.1.0] - 2026-04-23

### Added

- `src/proxyScripts/kmeContentSourceAdapter.js` — OIDC authentication proxy script running in a Node.js VM sandbox (zero imports/exports)
- `src/globalVariables/kme_CSA_settings.json` — OIDC credentials and token endpoint configuration (gitignored)
- `src/globalVariables/kme_CSA_settings.json.example` — placeholder settings file for version control
- Redis-backed token cache (`authorization` hash, fields `token` and `expiry`) — token persists across adapter restarts
- Token stampede guard via in-process `_pendingFetch` promise — only one token fetch in-flight at a time
- Absolute Unix epoch expiry check (`Date.now() / 1000 < expiry`)
- `200 OK / Authorized` response on successful authentication
- `401 Unauthorized` response with descriptive message on auth failure (bad credentials, timeout, unreachable service)
- 5-second timeout on OIDC token POST requests
- Structured logging throughout proxy script using `console.debug`, `console.info`, and `console.error`
- `redis` dependency wired into VM context via `createClient().connect()` in `server.js`
- Unit tests (`tests/unit/proxy.test.js`) — 12 tests covering US1, US2, US3, and stampede guard
- Contract tests (`tests/contract/proxy-http.test.js`) — 2 tests covering HTTP 200/401 response shape

[Unreleased]: https://github.com/your-org/kme-content-adapter/compare/v0.1.0...HEAD
[0.1.0]: https://github.com/your-org/kme-content-adapter/releases/tag/v0.1.0