Changelog

All notable changes to this project will be documented in this file.

The format follows Keep a Changelog. This project adheres to Semantic Versioning.

Unreleased

src/proxyScripts/kmeContentSourceAdapter.js — OIDC authentication proxy script running in a Node.js VM sandbox (zero imports/exports)
src/globalVariables/kme_CSA_settings.json — OIDC credentials and token endpoint configuration (gitignored)
src/globalVariables/kme_CSA_settings.json.example — placeholder settings file for version control
Redis-backed token cache (authorization hash, fields token and expiry) — token persists across adapter restarts
Token stampede guard via in-process _pendingFetch promise — only one token fetch in-flight at a time
Absolute Unix epoch expiry check (Date.now() / 1000 < expiry)
200 OK / Authorized response on successful authentication
401 Unauthorized response with descriptive message on auth failure (bad credentials, timeout, unreachable service)
5-second timeout on OIDC token POST requests
Structured logging throughout proxy script using console.debug, console.info, and console.error
redis dependency wired into VM context via createClient().connect() in server.js
Unit tests (tests/unit/proxy.test.js) — 12 tests covering US1, US2, US3, and stampede guard
Contract tests (tests/contract/proxy-http.test.js) — 2 tests covering HTTP 200/401 response shape