# Changelog

All notable changes to this project are documented here. The format follows
[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project
adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.2.0] — 2026-05-06

### Added

- **`SONARQUBE_TOKEN` (required).** The upstream MCP server expects a SonarQube
  user token in the `Authorization` header. The proxy now reads the token from
  the environment and forwards it as `Bearer <token>` on every connection.
- `TokenMissingError` raised by `proxy.sonarqube_token()` when the variable is
  unset or blank.
- Early fail-fast token check in `serve` and `check` — exits with code 1 and a
  clear stderr message pointing to *My Account → Security* in SonarQube.
- Defensive token redaction: any stderr output that includes exception text
  has occurrences of the live token replaced with `[REDACTED]` before display.
- Test coverage for header forwarding, missing-token exit, and token
  non-leakage in error paths.

### Changed

- `upstream_session()` now opens the streamable-HTTP client with the
  `Authorization` header attached.
- README and CLAUDE.md updated with the new env-var, the Claude Desktop config
  snippet now includes `SONARQUBE_TOKEN`, and the security guarantees are
  documented.

## [0.1.0] — 2026-05-06

### Added

- Initial transparent stdio MCP proxy implementation. Forwards `tools/list` and
  `tools/call` 1:1 to an upstream streamable-HTTP MCP server.
- Schema preservation: `Tool` objects (`inputSchema`, `outputSchema`,
  `annotations`, `title`, `_meta`) and `CallToolResult` (`isError`,
  `structuredContent`, content blocks) are passed through unchanged.
- Click-based CLI with `serve` (stdio) and `check` (probe-and-list) commands.
- pytest suite (14 tests) covering env resolution, schema passthrough,
  forwarding, registration, end-to-end dispatch, and CLI error paths.