• refactor(broker): narrow health queries, add tests, fix docs (b56f9f0)
• refactor(broker): narrow ProviderHealthLookup to avoid loading secrets (e8e0bfa)
• fix(broker): harden connection health worker + align docs (bdd2798)
• fix(broker): harden connection health worker error handling (7188296)
• docs: rewrite healthchecks.md as operational reference and add to nav (befa665)
• docs: update broker.md — add health monitoring section and key API endpoints table (d1826a7)
• chore: bump to v0.2.4 (0dd32a9)
• feat(broker): harden health checks and add frontend API endpoints (b96583c)
• feat(broker): implement connection-level health checks and worker mode (d2ed9bd)
• feat(broker): implement provider-level health checks (751fd5d)
• fix(css): exact href matching for sidebar ::before icons — port of JarvisCore fix 165562b (c100939)
• fix(css): correct globe icon selector — bare svg direct child not .md-nav__icon span (727e12d)
• fix(css): hide globe only on external nav links (target=_blank); restore all frontmatter page icons (899288e)
• fix: set site_url to actual deployed domain — was causing Material JS to flag all internal links as external, showing globe icon on every nav item (8d1a970)
• fix(css): hide Material's auto-injected globe icon from all sidebar and TOC nav items (a6c6b24)
• ci: opt into Node.js 24 across all workflows before June 2026 forced cutover (2878759)
• fix(docs): track empty overrides dir with .gitkeep; add feat/doc-site-update to CI trigger; skip Pages deploy on feature branches (f15cbcf)
• Fix MkDocs docs build configuration (3cfd2cc)
• Initial plan (cf0c9b7)
• Potential fix for pull request finding (ef9c8a4)
• Remove orphaned doc files not in nav (6aa2474)
• Remove roadmap.md and fix header.js instant navigation (75e6352)
• Potential fix for pull request finding (a1411b5)
• Potential fix for pull request finding (7503d4a)
• Fix Discord invite URL consistency across docs (fb8690f)
• Potential fix for pull request finding (496a2eb)
• Potential fix for pull request finding (98a074f)
• Fix LinkedIn footer link to Prescott Data company page (bfdd6db)
• docs: complete documentation hub overhaul (9331817)
• test: add cross-module dependency testing and CI pipeline (68c4fbd)
• fix(gateway): address peer review findings on rate limiting (#14) (c04cac9)
• feat(gateway): add redis-backed rate limiting per workspace (df29607)
• docs: fix home page — add attr_list/md_in_html extensions, clean hero, sidebar nav with Website/Community/Blog, remove stats row (f5336f1)
• docs: content audit — enrich architecture, add all provider templates, fix home page links, surface Bridge gRPC/observability, fix writing tone (5fa1aa9)
• docs: restructure nav — SDKs under Reference, fix toc.integrate → toc.follow, clean developer journey (9c83e47)
• docs: wire SDK pages (Go/TS/Python) and MCP guide into nav from main PR #72 (75b0fdb)
• docs: revamp doc site — new nav, SDK reference, CLI reference, logo, table styles, audit log, agent identity, agent sessions, OBO delegation, security-as-code, infra deploy guide, brand CSS overhaul (222e9b6)
• docs: full revamp — new nav, Nexus brand CSS, all pages rewritten (da82664)
• fix: audit sweep — harden all SDKs and clean repo hygiene (2e417f8)
• chore(nexus-sdk-ts): remove stale compiled artifacts from tests/ and example/ (e2e56f7)
• fix(nexus-sdk-ts): point package entry at compiled dist/, not .ts source (d80a14e)
• fix: support non-OAuth auth strategies (API key, custom headers) across all SDKs (0089a85)
• Potential fix for pull request finding (1ab7993)
• Potential fix for pull request finding (0149d51)
• Potential fix for pull request finding (366553d)
• docs: comprehensive SDK documentation for Go, TypeScript, and Python SDKs (3d23fa1)
• chore: add pycache to gitignore, remove cached bytecode (5e1ad33)
• feat: add Python SDK (nexus-sdk-python) with full feature parity (98280ff)
• test(nexus-sdk): add MCP integration smoke test against live gateway (b537a15)
• feat(nexus-sdk): add MCP token resolution, caching, and authenticated transport (c3a491c)
• feat: evolve nexus-mcp-adapter into nexus-sdk-ts (c0e8dd6)
• fix(adapter): normalize Bearer token type to RFC 6750 capitalization (cd0036c)
• fix(ci): harden release workflow tag check and prev-tag filtering (ac4a4fd)

• ci: add automated release workflow, bump VERSION to 0.2.3 (e162cfb)
• fix(adapter,gateway): harden token TTL, stdio safety, formatting, error handling (f5f9313)
• fix(broker,gateway,adapter): wire resolve route, fix ESM imports, add test harness (1281929)
• feat(mcp-adapter): implement resolve token endpoint for stateless clients (f9c0e41)

Add provider category field

What's New in v0.2.0

This release implements the Security-as-Code epic (Issue #11), adding a complete audit subsystem and a declarative CLI for managing provider configurations.

🔍 Audit Subsystem

• audit.Service — centralized audit logging with IP validation and User-Agent capture
• GET /audit — queryable endpoint with event_type, since, and limit filters
• Credential redaction — PATCH audit payloads redact client_secret and client_id
• Full mutation coverage — provider.created, provider.updated, provider.deleted events

🛠️ Declarative CLI (nexus-cli)

• Terraform-style workflow — nexus-cli plan shows a field-level diff, nexus-cli apply executes with confirmation
• Safe updates — uses PATCH instead of PUT to prevent accidental overwrites
• Concurrent fetching — bounded worker pool (5) for fast plan generation
• Fail-fast — aborts if any ${...} env vars are unresolved
• CI-friendly — exits non-zero on partial apply failure; deterministic sorted output

📖 Documentation

• docs/guides/security-as-code.md — full usage guide
• docs/reference/audit-log.md — event type reference and query examples
• Updated security-model.md and broker.md

⚠️ Breaking Changes

None. All existing Broker API endpoints are unchanged.

Full Changelog: v0.1.5...v0.2.0

Full Changelog: https://github.com/Prescott-Data/nexus-framework/commits/v0.1.0