Files

Peter.Morton 979521800c chore: bump version to 0.2.0 for sitemap generation feature

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-22 22:10:14 -05:00

Changelog

All notable changes to this project will be documented in this file.

The format follows Keep a Changelog. This project adheres to Semantic Versioning.

Unreleased

GET /sitemap.xml endpoint: returns a well-formed XML Sitemap (Sitemaps protocol 0.9) containing one <url><loc> per knowledge item from the KME Knowledge Search Service
sitemapFlow() async function in kmeContentSourceAdapter.js — settings validation, OIDC token reuse, search API call, XML build via xmlBuilder, 10-second timeout, 502/504/500 error responses
getValidToken() shared helper extracted from the existing OIDC auth flow — used by both sitemap and non-sitemap paths
URL routing at IIFE entry point: requests ending in /sitemap.xml → sitemapFlow(), all others → oidcAuthFlow()
Three new fields in src/globalVariables/kme_CSA_settings.json: searchApiBaseUrl, tenant, proxyBaseUrl
Three new placeholder fields in src/globalVariables/kme_CSA_settings.json.example
Unit tests for sitemap flow: happy path (items present), empty results, vkm:url filtering, 502/504/500 error scenarios, non-sitemap regression tests
Contract tests for sitemap endpoint: full round-trip 200, empty results 200, 502 upstream error, 504 timeout

src/proxyScripts/kmeContentSourceAdapter.js — OIDC authentication proxy script running in a Node.js VM sandbox (zero imports/exports)
src/globalVariables/kme_CSA_settings.json — OIDC credentials and token endpoint configuration (gitignored)
src/globalVariables/kme_CSA_settings.json.example — placeholder settings file for version control
Redis-backed token cache (authorization hash, fields token and expiry) — token persists across adapter restarts
Token stampede guard via in-process _pendingFetch promise — only one token fetch in-flight at a time
Absolute Unix epoch expiry check (Date.now() / 1000 < expiry)
200 OK / Authorized response on successful authentication
401 Unauthorized response with descriptive message on auth failure (bad credentials, timeout, unreachable service)
5-second timeout on OIDC token POST requests
Structured logging throughout proxy script using console.debug, console.info, and console.error
redis dependency wired into VM context via createClient().connect() in server.js
Unit tests (tests/unit/proxy.test.js) — 12 tests covering US1, US2, US3, and stampede guard
Contract tests (tests/contract/proxy-http.test.js) — 2 tests covering HTTP 200/401 response shape