Skip to main content

CHANGELOG.md 

# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [1.0.0-rc.1] - 2026-06-15

### Changed
- **BEAM-local MCP cleanup** — Removed the public `ExMCP.Native` direct dispatcher stack, `ExMCP.Service`, and `ExMCP.ServiceRegistry.*`. BEAM-local MCP now uses `transport: :beam` with a server pid, preserving MCP initialization, capabilities, request ids, and tool/resource/prompt semantics.
- **Examples and docs refresh** — Updated README, guides, getting-started docs, and examples to use `ExMCP.Server.Handler` plus `ExMCP.Server.DSL`; removed stale debug/test examples and the placeholder OAuth full-flow script.

### Removed
- **Optional Horde dependency** — Removed the old optional Horde dependency and registry wiring because the Native dispatcher API no longer exists.
- **Legacy Claude ACP adapter** — Removed `ExMCP.ACP.Adapters.Claude`; Claude Code integrations now use `ExMCP.ACP.Adapters.ClaudeSDK`.
- **Unused public cleanup modules** — Removed `ExMCP.ClientConfigEnhanced`, `ExMCP.ClientConfig.Macros`, and the old distributed `ExMCP.Transport.Beam.*` cluster namespace. The active BEAM-local MCP path remains `transport: :beam`.

## [1.0.0-rc.0] - 2026-06-08

### Added
- **Claude SDK ACP adapter** — Added `ExMCP.ACP.Adapters.ClaudeSDK`, a new Claude Code adapter that uses the SDK-compatible stream-json control protocol with permission bridging, partial tool-call lifecycle events, SDK interrupt cancellation, runtime model/mode/effort config, richer status updates, plan updates, and SDK launch environment support.
- **Claude SDK session store** — Added pure Elixir helpers for Claude Code's SDK session store, including SDK-compatible project key derivation, JSONL metadata extraction, sidechain filtering, transcript reads, ACP `session/list`, disk-backed `session/fork`, and validated `session/delete`.
- **Codex ACP parity** — Expanded `ExMCP.ACP.Adapters.Codex` with app-server-backed `session/list`, `session/load`/resume replay, `session/close`, embedded-context prompts, ACP HTTP/stdio MCP descriptor forwarding, Codex auth methods, runtime model/reasoning config updates, `session/set_model`, Codex model catalog state from `model/list`, slash commands (`/compact`, `/init`, `/review`, `/review-branch`, `/review-commit`, `/logout`), and permission request bridging for Codex approval prompts.
- **Pi ACP parity** — Reworked `ExMCP.ACP.Adapters.Pi` around ACP-native session setup/load/list, terminal auth advertisement, model state and `session/set_model`, thinking levels through `session/set_mode`, prompt queuing, image/resource/audio prompt normalization, built-in and markdown slash commands, structured tool updates, edit diffs, session replay, and a pure Elixir Pi session map helper.
- **ACP session fork support** — Added unstable `session/fork` protocol/client/agent/adapter-bridge support, including `ExMCP.ACP.Client.fork_session/4`, native agent `handle_fork_session/3`, adapter `fork_session/2`, and capability auto-advertisement.
- **Adapter bridge direct replies** — Adapter implementations can now return direct JSON-RPC results, emit ACP messages before direct replies, emit messages from notifications, or reply while also writing to the subprocess, so adapted agents can own session IDs, replay history, and runtime config responses without bridge-synthesized placeholders.
- **Adapter-managed bridge mode** — Adapters can now return `:adapter_managed` from `command/1`, own persistent subprocess Ports directly, receive forwarded process messages through `handle_adapter_message/2`, and clean up resources through `shutdown/1`.
- **Adapter auth method advertisement** — ACP adapters can implement `auth_methods/1` so the bridge initialize response reflects implemented authentication methods instead of always returning an empty list.

### Changed
- **ACP docs** — Updated README and the ACP guide to recommend `ClaudeSDK` for new Claude Code integrations while keeping the legacy `Claude` stream-json adapter documented.
- **Claude SDK session capabilities** — The new adapter now advertises live session setup/load/resume/fork/close plus disk-backed `session/list` and `session/delete` support for Claude Code's local SDK store. `session/load` now replays persisted JSONL transcript entries as ACP updates before returning.
- **Claude SDK MCP capabilities** — Replaced legacy `"mcpServers" => true` advertisement with official ACP `mcpCapabilities` and an ExMCP-only `_meta.ex_mcp.mcpCapabilities.beam` flag for BEAM-local MCP transport negotiation.
- **Claude SDK prompt lifecycle** — Claude SDK prompts now queue while another prompt is active and drain in FIFO order after the active prompt result; queued prompts for a cancelled/closed/deleted session receive cancelled prompt responses.
- **Codex adapter session safety** — Codex prompt, cancel, mode, and config requests now require an explicit known `sessionId` instead of falling back to the last active thread. Codex-specific session metadata now lives under `_meta.ex_mcp.codex` instead of a non-spec root `metadata` field.
- **Codex app-server event coverage** — The Codex adapter now handles current app-server camelCase item variants (`commandExecution`, `fileChange`, `mcpToolCall`, `dynamicToolCall`, `webSearch`, `imageGeneration`), reasoning summary deltas, plan/status/goal/compaction notifications, and richer replay of loaded turn history. Unsupported dynamic tool calls, request-user-input prompts, ChatGPT token refresh, and attestation requests are rejected explicitly instead of being treated as approval prompts.
- **Pi adapter ACP surface** — Pi-specific control now uses ACP methods and slash commands instead of custom extension methods. `session/new` and `session/load` wait for Pi state/model/command responses instead of returning bridge-generated placeholder sessions, and `session/list` scans Pi JSONL sessions with optional cwd filtering.
- **Pi adapter remaining parity** — Pi now runs through adapter-managed subprocesses, supports `session/resume`, `session/close`, and `session/delete`, returns paginated `session/list` result maps with `nextCursor`, merges global/project Pi settings, filters skill commands from settings, emits startup/prelude context, adds `/changelog`, improves slash-command result messages, and maps prompt-time auth failures to ACP auth-required errors.
- **Pi destructive defaults** — Pi `session/delete` removes ExMCP session-map state by default and only deletes backing Pi JSONL files when `delete_session_files: true` is configured. Pi registry update notices are opt-in through `update_notice: true` or `PI_ACP_UPDATE_NOTICE=true`.
- **Adapter bridge set_model behavior** — `AdapterBridge` now returns method-not-found when an adapter skips `session/set_model`, instead of synthesizing a successful empty result for an unimplemented model change.

### Fixed
- **HexDocs package contents** — Included the public guide docs in the Hex package and updated ExDoc module grouping so the 1.0 RC documentation builds against current public modules.

### Breaking Changes
- **MCP server DSL compatibility removal** — Removed the legacy `use ExMCP.Server` macro, `deftool`/`defresource`/`defprompt` declarations, generated getter APIs (`get_tools/0`, `get_resources/0`, `get_prompts/0`), `ExMCP.DSL.*` modules, and the old `ExMCP.Server.start_link` helper. Server implementations should use `ExMCP.Server.Handler` directly, optionally combined with `ExMCP.Server.DSL`, and start handler processes with `MyServer.start_link/1`, `ExMCP.Server.HandlerServer.start_link/1`, or `ExMCP.start_server/1`.
- **MCP handler server rename** — Renamed `ExMCP.Server.Legacy` to `ExMCP.Server.HandlerServer` and removed migration-only `MessageProcessor` dispatcher/handler facades for direct/genserver legacy server modes.
- **Server notification spelling** — Removed the legacy `notify_resource_updated` alias. Use `ExMCP.Server.notify_resource_update/2`.
- **Refactor compatibility helpers removed** — Removed unused `ExMCP.Server.RefactorHelpers`, old DSL-oriented `ExMCP.ContentHelpers`, `ExMCP.ErrorHelpers`, and transport `send`/`recv` compatibility aliases. Use `ExMCP.Protocol.ResponseBuilder`, `ExMCP.Content`, `ExMCP.Error`, and transport `send_message/2`/`receive_message/1` respectively.
- **Root protocol wrapper removed** — Removed deprecated `ExMCP.Protocol`. Low-level protocol construction/parsing remains internal; public protocol utility modules under `ExMCP.Protocol.*` remain available.
- **Client adapter switching layer removed** — Removed `ExMCP.Client.Adapter`, `ExMCP.Client.LegacyAdapter`, `ExMCP.Client.StateMachineAdapter`, `ExMCP.Client.Wrapper`, and `ExMCP.Client.Configuration`. Use `ExMCP.Client` as the supported public client API.
- **Handler init arguments are explicit** — `ExMCP.Server.HandlerServer` no longer passes leftover transport/system options to `handler.init/1`. Use `handler_args: term` when a handler needs initialization data.
- **Transport aliases removed** — Removed public `transport: :sse` and `transport: :native`. Use `transport: :http, use_sse: true` for HTTP SSE streaming and `transport: :beam` for BEAM-local MCP transport. BEAM transport now carries MCP-shaped maps/lists as Elixir terms without JSON serialization.
- **ACP BEAM MCP metadata renamed** — ExMCP ACP metadata now advertises BEAM-local MCP support only as `_meta.ex_mcp.mcpCapabilities.beam`; the previous `native` metadata flag and `:native_mcp` builder option were removed.
- **ACP adapter session listing callback** — Custom ACP adapters should implement `list_sessions(params, state)` instead of `list_sessions(state)`. The bridge now forwards decoded `session/list` params directly to adapters and no longer carries the legacy arity.
- **Codex ACP mode IDs** — `ExMCP.ACP.Adapters.Codex` now only accepts Zed-compatible mode IDs: `read-only`, `auto`, and `full-access`. The old `suggest`, `auto-edit`, and `full-auto` aliases were removed.
- **Adapter authenticate behavior** — `AdapterBridge` no longer returns `{}` for `authenticate` when an adapter skips the request. Unimplemented auth now returns method-not-found or invalid-params, while adapters that write to their subprocess can produce the eventual auth response themselves.
- **Pi extension methods removed** — `ExMCP.ACP.Adapters.Pi` no longer implements `_ex_mcp.pi/*` or legacy `pi/*` control methods. Use `session/set_model`, `session/set_mode`, `session/load`, `session/list`, or prompt slash commands such as `/compact`, `/export`, `/session`, `/name`, `/steering`, and `/follow-up`.

## [0.12.0] - 2026-06-07

### Added
- **ACP functional cores** — Added focused ACP modules for capabilities, lifecycle params, envelopes, metadata, map helpers, name/value normalization, and adapter event normalization. These keep protocol transformation logic pure and easier to test while preserving the existing facade APIs.
- **ACP interoperability coverage** — Expanded integration fixtures and tests for official ACP TypeScript libraries, including everything-style agent/client flows, prompt lifecycle events, auth/logout, permissions, session list/resume/close/delete, and rich content blocks.

### Changed
- **ACP stable spec alignment** — Updated ACP protocol encoding/decoding, session lifecycle params, prompt/session updates, capability builders, MCP server config shapes, extension method names, and adapter output to match the current stable ACP schema.
- **ACP adapter behavior** — Claude, Codex, and Pi adapters now produce normalized stable update events for tool calls, tool call progress, usage, plan/config/mode/session info, and streaming message chunks. Deprecated Pi extension aliases are still accepted, but only `_ex_mcp.pi/*` methods are advertised.
- **Claude adapter permission defaults** — The Claude adapter no longer defaults to `--permission-mode bypassPermissions`; it now inherits the Claude CLI default unless a permission mode is configured explicitly. Permission mode atoms now map to Claude CLI's real mode names.
- **HTTP Plug internals** — Extracted request parsing, session resolution, CORS/origin checks, response shaping, and SSE handling into a smaller functional core so side effects stay at the Plug boundary.

### Fixed
- **Official ACP library compatibility** — Fixed response result shapes, session id propagation, update discriminators, error responses, prompt capability handling, and adapter bridge request handling that prevented clean interop with official ACP SDK clients and agents.
- **MCP HTTP/SSE edge cases** — Hardened streamable HTTP and SSE parsing, session manager selection, response conversion, and structured output wrapping across conformance and integration paths.
- **Client state-machine tests** — Reworked timing-sensitive client tests to use telemetry-driven synchronization instead of sleeps.

### Security
- **MCP HTTP hardening** — OAuth and HTTP guard paths now fail closed on invalid auth state, validate scopes consistently, preserve configured session managers, enforce origin/CORS decisions at the boundary, and keep request body handling bounded.
- **ACP adapter hardening** — Adapter process startup now avoids leaking configured API keys into child environments unless explicitly required, and adapter error responses are normalized before crossing the ACP boundary.

## [0.11.0] - 2026-06-05

### Added
- **ACP Claude adapter — `sessionId` on prompt response result** — `ExMCP.ACP.Adapters.Claude` now includes `"sessionId"` in the prompt response result map when `state.session_id` is non-nil. The field sits alongside the existing optional `"thinking"` blocks and is omitted entirely when no session id is available, so downstream consumers can rely on `Map.has_key?(result, "sessionId")` as an absence signal. Backwards-compatible — callers that ignore it keep working unchanged. Useful for callers that need to correlate a prompt response with the underlying Claude SDK session, drive `--resume` themselves, or attach the session id to audit / telemetry.

## [0.10.1] - 2026-05-29

### Fixed
- **CI test determinism** — Explicitly load target modules before API export assertions so tests do not depend on execution order.

## [0.10.0] - 2026-05-29

### Added
- **Native ACP agents** — `ExMCP.ACP.Agent` and `ExMCP.ACP.Agent.Handler` let Elixir applications implement the agent side of the Agent Client Protocol over the same transports as the ACP client.
- **ACP agent facade helpers** — `ExMCP.ACP.start_agent/1`, `run_agent/1`, and streaming helpers provide a symmetrical API for building controllers and agents.
- **ACP examples** — Added an end-to-end native Elixir ACP echo agent and controller under `examples/acp`.
- **ACP cross-SDK interop fixtures** — Added TypeScript SDK agent/client fixtures plus ExMCP integration tests that cover both directions of ACP controller/agent interoperability.
- **ACP everything-style interop coverage** — Added broad ACP fixtures that exercise auth/logout, session lifecycle, prompt/cancel, mode/config updates, permission requests, filesystem requests, terminal requests, session updates, and rich content blocks.
- **ACP `usage_update` helpers** — Added protocol, type, and agent helper APIs for emitting stable context-window usage updates.

### Changed
- **ACP documentation** — Updated README, examples, and the ACP guide to cover both controller-side and agent-side protocol support.
- **ACP capabilities** — Updated ACP interop agents to use the official schema shape for session capability declarations.

### Fixed
- **ACP streamed prompt isolation** — `ExMCP.ACP.Client` now accumulates streamed `agent_message_chunk` text only while a matching prompt is pending, preventing out-of-band updates such as `session/load` chunks from leaking into the next prompt result.

## [0.9.2] - 2026-05-28

### Added
- **ACP Registry helpers** — `ExMCP.ACP.Registry` can fetch, parse, search, and build `npx` commands from the public ACP Registry.
- **ACP handler runner** — Agent-originated requests and session update handlers now run outside the ACP client process, so slow permission, file, terminal, or update handlers cannot block streamed updates or prompt completion.
- **MCP 2025-11-25 conformance coverage** — Conformance scripts and tests now cover the latest supported MCP spec version and updated server behaviors.

### Changed
- **ACP stable spec alignment** — Updated ACP method names, content/resource builders, permission responses, terminal delegation, config options, prompt capabilities, session capabilities, and adapter update shapes to match the current stable ACP v1 schema.
- **Adapter update normalization** — Claude, Codex, and Pi adapters now emit stable `agent_thought_chunk`, `tool_call`, and `tool_call_update` shapes for core streaming and tool lifecycle events.
- **Prompt text handling** — `Client.prompt/4` now folds streamed `agent_message_chunk` text into the returned result when agents stream the answer instead of returning inline text.

### Fixed
- **Permission cancellation** — `Client.cancel/2` now replies to pending `session/request_permission` requests with the required `cancelled` outcome without waiting for a blocked handler.
- **MCP protocol edge cases** — Updated method handling and version registry tests for newly covered MCP conformance cases.

## [0.9.1] - 2026-04-11

### Added
- **`HttpPlug`: cached body support via `conn.assigns[:raw_body]`** — Upstream
  plugs (e.g., signature-verification auth pipelines) can now pre-read the
  request body and stash it in `conn.assigns[:raw_body]`. The HTTP plug
  checks for a cached body before calling `read_body/1`, avoiding the
  empty-body issue that occurs when the underlying adapter has already
  been consumed by an upstream plug.

  Backwards compatible: callers that don't pre-read the body see no change
  in behavior. The new helper falls through to `read_body/1` when
  `raw_body` is absent.

  Use case: enables HTTP-authentication plugs that need to verify the body
  bytes (e.g., per-request request signing) before ExMCP processes the
  request, without forcing the auth plug to patch ExMCP, swap the conn
  adapter, or replace `ExMCP.HttpPlug` entirely.

## [0.9.0] - 2026-03-18

### Added
- **Pi ACP Adapter** — Full adapter for the Pi coding agent (badlogic/pi-mono) with 25 RPC commands and 14 event types
  - Text/thinking streaming, tool execution lifecycle, auto-compaction/retry events
  - Extension UI request/response bridge for dialog flows
  - Session persistence via `--session` flag, session directory scanning for `session/list`
  - Image support with data-url prefix stripping
  - 6 config options routed to native Pi RPC (model, thinking_level, auto_compaction, auto_retry, steering_mode, follow_up_mode)
- **ACP Spec Compliance** — All stabilized ACP features now implemented
  - `session/list` method (stabilized March 9, 2026)
  - All 8 official session update types: `user_message_chunk`, `agent_message_chunk`, `tool_call_update`, `plan_update`, `available_commands_update`, `config_option_update`, `current_mode_update`, `session_info_update`
  - Content blocks: `audio`, `resource_link`, `resource` (in addition to existing `text`, `image`)
  - `sessionCapabilities` in agent capabilities
  - ACP error codes: `-32000` (auth_required), `-32002` (resource_not_found)
  - Terminal request routing in Client (`terminal/*` methods delegated to handler)
- **Adapter Behaviour Extensions** — 3 new optional callbacks
  - `modes/0` — declare supported operational modes (advertised in initialize response)
  - `config_options/0` — declare supported config options (advertised in initialize response)
  - `list_sessions/1` — return available sessions for `session/list`
- **AdapterBridge Enhancements**
  - `session/list` handler with adapter delegation or empty fallback
  - `session/set_mode` handler with synthesized OK response
  - `session/set_config_option` handler routed through adapters
  - `authenticate` handler with synthesized OK response (RFD draft scaffolding)
  - Initialize response includes modes, configOptions, sessionCapabilities from adapter callbacks
- **Authentication Scaffolding** — protocol authentication encoding, `Client.authenticate/3`, and `Types.auth_required_code/0`
- **Plan Mode Builders** — `Types.plan_entry/3`, `Types.plan_update/2` for structured plan updates

### Changed
- **Claude Adapter** — Zed-parity tool introspection
  - Context-aware tool titles: "Read lib/app.ex (10-29)", "Search: defmodule"
  - Structured metadata: `kind` (read/write/execute/search/think), `locations` (file:line for jump-to-source), `content` (diff/terminal/text)
  - Tool calls now use spec-compliant `tool_call_update` (was non-standard `tool_call`)
  - Tool results include `completed`/`failed` status
  - Project-relative display paths when cwd is known
  - Usage streaming notification emitted before final result
  - System event and rate_limit_event forwarding as status notifications
  - Richer stop reason classification (end_turn, max_tokens, tool_use, error)
  - Declares `config_options` (model, thinking_budget)
- **Codex Adapter** — Tool call lifecycle and enrichments
  - Tool call notifications: `item/created` with `function_call` type
  - Tool completion: `item/completed` for function_call, function_call_output, patch types
  - Command execution lifecycle (started/outputDelta/completed)
  - Web search events (started/completed)
  - Image content in prompts
  - Session resume via `session/load` → `thread/start` with threadId
  - Status notification on turn/completed
  - Declares `modes` (suggest, auto-edit, full-auto) and `config_options` (model)
- **Pi Adapter** — Enhanced tool result parsing matching pi-acp reference
  - Content blocks, diff details, stdout/stderr/exitCode formatting
  - Replaces simpler `extract_tool_content` with full `extract_tool_result_text`

### MCP Protocol Conformance — 100% Client and Server
- **Official MCP Conformance** — 223/223 client checks, 39/39 server checks (0 failures, 0 warnings)
- **Full OAuth 2.1 Authorization Code Flow with PKCE** (`ExMCP.Authorization.FullOAuthFlow`)
  - Protected Resource Metadata discovery (RFC 9728) with path-based and root fallback
  - OIDC/OAuth AS metadata discovery with 4 URL patterns (RFC 8414)
  - Dynamic Client Registration (RFC 7591)
  - Local redirect server for authorization code callback
  - Token endpoint auth method selection (client_secret_basic, client_secret_post, none)
  - Client ID Metadata Document support (CIMD)
  - Scope negotiation from WWW-Authenticate header and PRM scopes_supported
  - Scope step-up on 403 insufficient_scope
  - Resource mismatch validation (RFC 8707)
- **HTTP Transport OAuth Integration**
  - Automatic 401/403 → OAuth discovery → token → retry
  - Auth loop protection (prevents infinite retry)
  - Unified FullOAuthFlow for both pre-existing credentials and browser auth
  - SSE POST response parsing with retry field extraction
  - SSE forced reconnection for pending tool results
  - Last-Event-ID propagation on reconnection
- **Elicitation Support**
  - `ExMCP.Client.ElicitationHandler` — configurable auto-accept/decline
  - Capability-aware routing (method-not-found when not declared)
  - `ExMCP.Testing.SchemaGenerator` — generate test values from JSON Schema
- **Server-Side SSE Sessions** (`ExMCP.Server.SSESession`)
  - Bidirectional SSE for server→client requests (elicitation, sampling)
  - ETS-based pending request tracking
  - GET SSE stream registration and event loop
- **DNS Rebinding Protection** (`ExMCP.Plugs.DnsRebinding`)
- **MessageProcessor Fixes**
  - `deep_stringify_keys` for all handler response paths (atom→string keys)
  - Initialize response normalization for Handler path
  - tools/call result wrapping in `{content: [...]}` format
  - `logging/setLevel` and `completion/complete` handlers
  - Default protocol version updated to `2025-11-25`
- **Test Infrastructure**
  - `scripts/test.sh` — saves output on every run
  - `scripts/conformance.sh` — runs official MCP conformance framework
  - `capture_log: true` — logs shown on test failures
  - Expected-failures baseline for CI
- **HTTP Transport Improvements**
  - URL auto-splitting (extract endpoint from URL path)
  - `:sse` transport alias → HTTP with use_sse: true (was broken)
  - SSE receive loop stability (waiting_for_session, not_supported_in_sync_mode)
  - 405 handling for GET SSE (graceful fallback)
  - SSE retry field parsing and timing buffer

### Removed
- Misleading `supportedModes` from Claude and Codex capabilities (removed features that weren't actually implemented)

## [0.8.4] - 2026-03-10

### Fixed
- `AdapterTransport` receiver loop now uses `:infinity` timeout (was 30s) for `AdapterBridge.receive_message/2`. This prevents spurious `receiver_exited` errors when CLI agents (Claude, Codex) take longer than 30 seconds to produce their first output line — common during complex reasoning or multi-turn tool use. The timeout is now configurable via `receive_timeout:` in transport opts.

## [0.8.3] - 2026-03-09

### Added
- Claude adapter handles multi-turn tool use sequences (`assistant(thinking)→assistant(tool_use)→user(tool_result)→assistant(text)→result`). Emits `tool_call` and `tool_result` session updates for observability.

## [0.8.2] - 2026-03-09

### Fixed
- **BREAKING:** Comprehensive ACP spec conformance audit — align all method names, field names, and message structures with the [ACP specification](https://agentclientprotocol.com/)
  - `session/prompt` params key is `"prompt"` (not `"content"`) per spec
  - `initialize` request uses `"clientCapabilities"` (not `"capabilities"`)
  - `initialize` response reads `"agentCapabilities"` (not `"capabilities"`)
  - Method names use snake_case: `session/set_mode`, `session/set_config_option`, `session/request_permission`
  - File system methods: `fs/read_text_file` / `fs/write_text_file` (not `session/fileRead` / `session/fileWrite`)
  - `session/update` notifications use nested `"update"` object with `"sessionUpdate"` discriminator (not flat `"kind"`)
  - Text updates use `"sessionUpdate": "agent_message_chunk"` with content block (not `"kind": "text"`)
  - Permission options use `"optionId"` field (not `"id"`)
  - Permission response is flat `{"outcome": "selected", "optionId": "..."}` (not wrapped)
  - `fs/write_text_file` response returns `null` result (not empty map)
  - Image content blocks use `"mimeType"` (not `"mediaType"`)
  - Plan entries use `"content"` / `"priority"` (not `"id"` / `"title"`)
  - Capabilities restructured to match spec (`loadSession`, `promptCapabilities`, `mcp`, `fs`, `terminal`)

## [0.8.1] - 2026-03-09

### Fixed
- ACP `session/prompt` message uses correct `"content"` param key instead of `"prompt"` to match the ACP specification

## [0.8.0] - 2026-03-08

### Added
- **Agent Client Protocol (ACP) Support** -- Full implementation of the [Agent Client Protocol](https://agentclientprotocol.com/) for controlling coding agents programmatically
  - `ExMCP.ACP` facade module for quick client startup
  - `ExMCP.ACP.Client` GenServer for managing ACP agent connections over stdio
  - `ExMCP.ACP.Protocol` for ACP-specific JSON-RPC 2.0 message encoding (integer protocol versions, ACP method names)
  - `ExMCP.ACP.Types` with type specifications and builder functions for ACP messages
  - `ExMCP.ACP.Client.Handler` behaviour for handling session events (updates, permission requests, file access)
  - `ExMCP.ACP.Client.DefaultHandler` implementation that auto-allows permissions
- **ACP Adapter System** for non-native agents
  - `ExMCP.ACP.Adapter` behaviour for protocol translation between ACP and agent-native formats
  - `ExMCP.ACP.AdapterBridge` GenServer bridge managing adapted agent subprocesses
  - `ExMCP.ACP.AdapterTransport` transport implementation delegating to the adapter bridge
  - `ExMCP.ACP.Adapters.Claude` -- Adapter for Claude Code CLI (NDJSON stream-json protocol)
  - `ExMCP.ACP.Adapters.Codex` -- Adapter for Codex CLI (app-server JSON-RPC protocol)
- **ACP Session Management** -- Create, resume, prompt, cancel, and configure sessions
  - `session/new`, `session/load`, `session/prompt`, `session/cancel` methods
  - `session/set_mode`, `session/set_config_option` for runtime agent configuration
  - Streaming session updates via notifications
  - Bidirectional communication for permission and file access requests
- **ACP Documentation** -- New [ACP Guide](docs/ACP_GUIDE.md) with usage examples and adapter development instructions

## [0.7.4] - 2026-02-14

### Fixed
- Fixed compile warnings for users without Horde installed -- `ExMCP.ServiceRegistry.Horde` now uses `apply/3` for all `Horde.Registry` calls to avoid compile-time "module is not available" warnings
- Removed 15 dead test files left over from DSL migration (eliminates ExUnit `test_load_filters` warning)

## [0.7.3] - 2026-02-13

### Added
- **OAuth Client Credentials with JWT Authentication** (`private_key_jwt`) -- RFC 7523 Section 2.2 client assertions as an alternative to client secrets for machine-to-machine auth
- **Enterprise-Managed Authorization (ID-JAG)** -- RFC 8693 token exchange + RFC 7523 JWT bearer grants for enterprise SSO flows
- **JWT Infrastructure** (`ExMCP.Authorization.JWT`) -- General-purpose JWT module wrapping JOSE for key management, signing, verification, and claims validation
- **Client Assertion Module** (`ExMCP.Authorization.ClientAssertion`) -- Build and verify JWT client assertions for token endpoint authentication
- **Discovery Flow** (`ExMCP.Authorization.DiscoveryFlow`) -- Full 401-to-discovery-to-auth orchestrator supporting both `client_secret` and `private_key_jwt` methods
- **Token Exchange** (`ExMCP.Authorization.TokenExchange`) -- RFC 8693 token exchange for swapping ID tokens for ID-JAG tokens
- **JWT Bearer Grant** (`ExMCP.Authorization.JWTBearerAssertion`) -- RFC 7523 Section 2.1 JWT bearer authorization grants
- **ID-JAG Creation and Validation** (`ExMCP.Authorization.IdJag`) -- Create and validate ID-JAG JWTs with `typ="oauth-id-jag+jwt"`
- **ID-JAG Server Handler** (`ExMCP.Authorization.IdJagHandler`) -- Server-side processing of JWT bearer grants containing ID-JAG tokens
- **Enterprise Flow** (`ExMCP.Authorization.EnterpriseFlow`) -- Client-side enterprise SSO orchestrator (OIDC -> token exchange -> JWT bearer grant)
- Extended `OAuthFlow` with `client_credentials_jwt_flow/1` for private_key_jwt auth
- Extended `HTTPClient` metadata parsing with `token_endpoint_auth_methods_supported`, `token_endpoint_auth_signing_alg_values_supported`, `issuer`, `jwks_uri`, and `issued_token_type`
- Extended `Validator` with JWT bearer and token exchange grant type validation
- Extended `AuthorizationServerMetadata` with auth method metadata fields
- Extended `TokenManager` with `auth_method` awareness (`:client_secret`, `:private_key_jwt`, `:enterprise_idjag`)
- Added `{:jose, "~> 1.11"}` dependency for JWT operations
- **Pluggable Service Registry** (`ExMCP.ServiceRegistry`) -- Registry abstraction with `Local` (built-in `Registry`, zero deps) and `Horde` adapters for `ExMCP.Native`
- `ExMCP.ServiceRegistry.Local` -- Default adapter using Elixir's built-in `Registry` for single-node service discovery
- `ExMCP.ServiceRegistry.Horde` -- Distributed adapter wrapping `Horde.Registry` for cross-node clusters (opt-in)

### Changed
- `Horde` is now fully optional -- default service registry uses Elixir's built-in `Registry` with zero extra dependencies
- `ExMCP.Native` uses pluggable registry via `ExMCP.ServiceRegistry.adapter()` instead of hardcoded `Horde.Registry`
- Application supervision tree starts the configured registry adapter's child specs instead of hardcoded Horde processes

### Fixed
- All examples updated to use correct DSL syntax (`meta do` + `input_schema`) -- previously used invalid syntax that would fail to compile
- Removed unnecessary Horde references from examples and getting-started guides
- Updated all documentation to present DSL (`use ExMCP.Server`) as the primary server API
- User Guide rewritten to lead with DSL examples; low-level Handler API preserved as one reference section

## [0.7.2] - 2026-02-12

### Fixed
- Aligned Tools DSL `handle_call_tool` with Handler behaviour arity
- Resolved CI failures in compliance test and dialyzer
- Made `ConsentCache.clear/0` synchronous to fix test isolation race condition
- Eliminated Elixir 1.19 type warnings in handler bridge
- Fixed `@before_compile` ordering for GenServer bridge in Elixir 1.19
- Injected GenServer bridge via `__using__` macro for HttpPlug compatibility
- Suppressed dialyzer pattern_match warnings in generated GenServer bridge at the source
- Fixed `@behaviour` vs `use` in handler20250618 compliance test (Elixir 1.17 compat)

## [0.7.0] - 2026-02-11

### Added
- **MCP Protocol Version 2025-11-25 Support** - Latest protocol version with full spec compliance
- **Streamable HTTP Spec Compliance** - Client and server now fully comply with MCP Streamable HTTP spec:
  - Server provides session ID (not client); first POST omits `Mcp-Session-Id` header
  - `Accept: application/json, text/event-stream` header sent on requests
  - SSE GET handled on same endpoint as POST (not `/sse`)
  - `mcp-protocol-version` header included in all responses
  - POST responses return 200 with JSON body even when SSE is enabled
- **TypeScript MCP SDK Interop Tests** - Verified interoperability with the official TypeScript MCP SDK
- **Agent Simulation Integration Tests** - Integration tests with MockLLM for testing agent workflows
- **`mix mcp.sync_spec` Task** - Automated task for syncing MCP protocol specifications
- **Conformance Test Suites** - Automated conformance tests for all 4 protocol versions (2024-11-05, 2025-03-26, 2025-06-18, 2025-11-25)
- **Client State Machine Adapter** - Refactored client using GenStateMachine with:
  - Formal state transitions with guards
  - State-specific data structures
  - Comprehensive telemetry events for observability
  - Enhanced reconnection logic with exponential backoff
  - Integration with `ExMCP.ProgressTracker`
- Structured error types with `ExMCP.Error` module
- Comprehensive telemetry instrumentation:
  - `[:ex_mcp, :request, :start/stop]` events
  - `[:ex_mcp, :tool, :start/stop]` events
  - `[:ex_mcp, :resource, :read, :start/stop]` events
  - `[:ex_mcp, :prompt, :get, :start/stop]` events
- Bidirectional communication for MCP server-to-client requests
- Comprehensive protocol version validation

### Changed
- **BREAKING:** Refactored internal architecture of `ExMCP.Server` module
  - Split monolithic 1,488-line module into focused components:
    - `ExMCP.Protocol.ResponseBuilder` - Response formatting
    - `ExMCP.Protocol.RequestTracker` - Request lifecycle management
    - `ExMCP.Protocol.RequestProcessor` - Request routing and handling
    - `ExMCP.Server.Transport.Coordinator` - Transport management
    - `ExMCP.DSL.CodeGenerator` - DSL macro code generation
  - Public API remains unchanged - 100% backward compatible
- Replaced deprecated `preferred_cli_env` with `cli/0` callback
- Reduced cyclomatic complexity in `TestTransport` and `Reliability.Supervisor`

### Fixed
- DSL type narrowing warnings for unreachable clauses (closes #3)
- Test isolation issues in session and property tests
- Conformance test alignment with MCP spec
- ETF deserialization security in BEAM transport
- Security guard robustness against malformed consent handlers
- Flaky security test race conditions
- Test infrastructure race conditions
- HTTP transport communication reliability
- Replaced unsafe `String.to_atom` usage with safe alternatives (atom exhaustion prevention)
- All compiler warnings in test files resolved

### Removed
- 22 stale planning/internal docs from root directory
- 16 stale docs and 5 stale subdirectories from `docs/`
- Non-existent `USER_GUIDE.md` and `EXTENSIONS.md` from hex package file list

### Security
- Prevented atom exhaustion attacks by using string keys instead of dynamic atom creation
- Enhanced ETF deserialization security in BEAM transport

## [0.6.0] - 2025-06-26

### 🎉 Major Release: Production-Ready ExMCP

This release represents the completion of an 18-week comprehensive test remediation and enhancement project that transformed ExMCP from alpha software into a production-ready MCP implementation. **100% MCP protocol compliance achieved** across all supported protocol versions.

### 🏆 18-Week Project Achievements

**📊 Quantitative Results:**
- **100% MCP Compliance**: All 270/270 compliance tests passing across 3 protocol versions
- **Complete Protocol Support**: 2024-11-05, 2025-03-26, and 2025-06-18 MCP specifications
- **High Performance**: <10ms average latency, >100 ops/sec throughput, ~15μs native BEAM calls
- **Comprehensive Testing**: 8 test suites with 95%+ coverage and organized tagging strategy
- **Security Implementation**: OAuth 2.1, TLS/SSL, comprehensive audit logging
- **Documentation**: 80+ documentation files with complete guides and examples

**🛡️ Enterprise-Grade Reliability:**
- Circuit breaker pattern for automatic failure detection and recovery
- Configurable retry policies with exponential backoff
- Health monitoring and connection recovery
- Performance baselines with regression detection
- Comprehensive security audit with OAuth 2.1 compliance

**⚡ Performance & Scalability:**
- Native BEAM service dispatcher with zero serialization overhead
- Cross-node distributed service discovery via Horde.Registry
- Performance profiling infrastructure with baseline establishment
- Concurrent load testing and throughput optimization
- Memory efficiency optimization for production workloads

### Added
- **Comprehensive Python MCP SDK Interoperability Examples**
  - Complete bidirectional integration between ExMCP (Elixir) and Python MCP SDK
  - **Elixir → Python Integration:**
    - `elixir_to_python_stdio.ex` - Elixir clients connecting to Python subprocess servers
    - `elixir_to_python_http.ex` - Elixir clients connecting to Python HTTP servers with load balancing and failover
  - **Python → Elixir Integration:**
    - `python_clients/elixir_client.py` - Python clients connecting to Elixir servers via stdio
    - `elixir_servers_for_python.ex` - Elixir servers with rich schemas designed for Python clients
  - **Python MCP Server Examples:**
    - `python_mcp_servers/calculator_server.py` - Full stdio MCP server with history and statistics
    - `python_mcp_servers/http_server.py` - FastAPI-based HTTP MCP server with REST endpoints
  - **Hybrid Architecture Example:**
    - `hybrid_architecture.ex` - Production-ready architecture combining Native Elixir (~15μs), Python stdio (~1-5ms), and Python HTTP (~5-20ms) services
    - ServiceRegistry for managing multi-language service types
    - HybridOrchestrator with intelligent routing and automatic failover
    - Performance-based service selection and load balancing
  - **Complete Documentation:**
    - Comprehensive setup instructions and prerequisites
    - Performance comparisons across transport types
    - Cross-language JSON-RPC compatibility examples
    - Production deployment patterns and best practices
- **Native Service Dispatcher Migration**
  - Migrated 30+ example files from non-existent `:beam` transport to Native Service Dispatcher pattern
  - Updated examples to use `ExMCP.Service` macro for automatic service registration
  - Enhanced `ExMCP.Native` calls with zero serialization overhead for ultra-high performance
  - Fixed references to internal modules now in `ExMCP.Internal.*` namespace
  - Updated all BEAM transport examples to use Horde.Registry for service discovery
- **Comprehensive Test Tagging Strategy**
  - Implemented test tagging system based on ex_llm approach for efficient test execution
  - Created `mix test.suite` task with predefined test suites: unit, compliance, integration, transport, security, performance, all, ci
  - Created `mix test.tags` task to list all available tags and descriptions
  - Added 100+ test files with appropriate module tags for categorization
  - Default exclusions for fast development: integration, external, slow, performance tests excluded by default
  - Test categories: `:unit`, `:integration`, `:compliance`, `:security`, `:performance`, `:transport`, feature-specific tags
  - Transport-specific tags: `:beam`, `:http`, `:stdio` with requirement tags `:requires_beam`, `:requires_http`, `:requires_stdio`
  - Feature tags: `:progress`, `:roots`, `:resources`, `:prompts`, `:protocol`, `:cancellation`, `:batch`, `:logging`
  - Development tags: `:slow`, `:wip`, `:skip`, `:manual_only` for test lifecycle management
  - Reduced default test run time from ~30s to ~5s while maintaining full test coverage
  - Updated test tags from `:sse` to `:http` to align with MCP "Streamable HTTP transport" naming convention
  - Removed unused `ExMCP.Test.MockSSEServer` module and cleaned up references
- **Enhanced Compliance Test Organization**
  - Extracted MCP protocol compliance tests from implementation-specific test files
  - Created 7 new compliance test files by extracting tests from non-compliance files:
    - `cancellation_compliance_test.exs` - Cancellation protocol validation
    - `version_negotiation_compliance_test.exs` - Version negotiation compliance  
    - `roots_compliance_test.exs` - Roots functionality protocol compliance
    - `security_compliance_test.exs` - MCP security requirements
  - All 241 compliance tests now centralized in `test/ex_mcp/compliance/` directory
  - Updated compliance test statistics: 218 passing, 0 failing, 23 skipped
  - Created comprehensive documentation: `TAGGING_STRATEGY.md`, `TAGGING_IMPLEMENTATION.md`, `EXTRACTION_LOG.md`
- **Configurable SSE Endpoint**
  - HTTP transport now supports custom endpoint configuration via `:endpoint` option
  - Defaults to "/mcp/v1" for backward compatibility
  - Handles trailing slashes and empty endpoints properly
  - Example: `ExMCP.Client.start_link(transport: :http, url: "http://localhost", endpoint: "/custom/api")`
- **Progress Token and _meta Field Support**
  - Added `_meta` field support to all MCP request methods in Protocol module
  - Extended Client API to accept `:meta` option for all methods
  - Progress tokens can now be passed via `meta: %{"progressToken" => token}`
  - Backward compatibility maintained for `:progress_token` option in `call_tool/4`
  - All protocol methods now support arbitrary metadata passthrough
  - Server handlers receive _meta in tool arguments (for tools/call) or params (for other methods)
- **OAuth 2.1 Authorization Framework** (MCP 2025-03-26 specification)
  - Full OAuth 2.1 implementation with:
    - Authorization Code Flow with mandatory PKCE (RFC 7636)
    - Client Credentials Flow for service-to-service authentication
    - Authorization Server Metadata Discovery (RFC 8414)
    - Dynamic Client Registration (RFC 7591)
    - Protected Resource Metadata Discovery (RFC 9728 draft)
  - Token Management:
    - Automatic token refresh with configurable window
    - Token rotation for public clients
    - Token validation and introspection support
    - Secure token storage in GenServer state
  - Security Features:
    - PKCE S256 code challenge method required for all authorization code flows
    - HTTPS enforcement for all OAuth endpoints (except localhost)
    - No tokens in URLs - all tokens in headers
    - Bearer token authentication for HTTP transports
  - Integration:
    - `ExMCP.Authorization` module for OAuth flows
    - `ExMCP.Authorization.TokenManager` for automatic token lifecycle
    - `ExMCP.Authorization.PKCE` for code challenge generation/verification
    - Transport-level OAuth support for HTTP streaming and WebSocket
  - Comprehensive test coverage: 217+ passing OAuth tests

- **Production-Grade Reliability Framework**
  - **Circuit Breaker Integration**: Automatic failure detection and recovery across all transports
  - **Enhanced Retry Policies**: Configurable retry strategies with exponential backoff for all MCP operations
  - **Health Monitoring**: Real-time transport and connection health tracking
  - **Connection Recovery**: Automatic reconnection with intelligent backoff strategies
  - **Error Recovery**: Comprehensive error handling and graceful degradation
  - **Reliability Testing**: 100+ integration tests for circuit breakers, retry policies, and health monitoring

- **Performance Infrastructure & Benchmarking**
  - **Performance Profiling Utility**: Comprehensive metrics collection including execution time, memory usage, GC statistics
  - **Baseline Establishment**: Performance baselines stored for regression detection across all operations
  - **Benchmark Test Suites**: 7 comprehensive test suites covering basic operations, payload scaling, concurrent load, throughput
  - **Performance Regression Detection**: Automated comparison against established baselines
  - **Memory Efficiency Tracking**: Detailed memory delta monitoring and optimization
  - **Throughput Optimization**: Benchmarked >100 ops/sec for basic operations with concurrent client support

- **Comprehensive Testing Framework**
  - **8 Organized Test Suites**: Unit, compliance, integration, transport, security, performance, CI, and comprehensive suites
  - **Advanced Test Tagging**: Efficient test execution with 15+ tags for categorization and selection
  - **Cross-Transport Testing**: Comprehensive compatibility tests across stdio, HTTP, SSE, and Native BEAM transports
  - **Integration Test Framework**: End-to-end scenario validation with real component testing
  - **Process Cleanup Automation**: Automated test environment cleanup for reliable test execution
  - **CI/CD Integration**: Complete automated testing pipeline with quality gates

- **Cancellation Protocol Implementation** (MCP specification compliance)
  - Full support for `notifications/cancelled` messages
  - Client-side cancellation API: `ExMCP.Client.send_cancelled/3`
  - Request tracking: `ExMCP.Client.get_pending_requests/1` 
  - Automatic cleanup of cancelled in-progress requests
  - Validation that initialize request cannot be cancelled per spec
  - Proper handling of race conditions and late cancellations
  - Comprehensive test coverage with 12 passing tests

- **Logging Control Implementation** (MCP specification compliance)
  - `logging/setLevel` request handler with RFC 5424 syslog levels
  - Full integration with Elixir's Logger system
  - `ExMCP.Logging` module for centralized logging management
  - Automatic log level conversion between MCP and Elixir formats
  - Structured logging via `notifications/message`
  - Security features:
    - Automatic sanitization of sensitive data (passwords, tokens, keys)
    - Rate limiting support
    - Configurable logger names
  - Comprehensive test coverage with 33 passing tests

- **MCP Specification Compliance Updates**
  - Initialize request batch validation - prevents `initialize` from being part of JSON-RPC batch per spec
  - Audio content type support with `ExMCP.Content` module and examples
  - Completions capability declaration with `hasArguments` and `values` fields
  - Enhanced HTTP transport flexibility:
    - Session management with `Mcp-Session-Id` header
    - Non-streaming mode for single JSON responses
    - Configurable endpoint (defaults to `/mcp/v1`)
    - Resumability support with Last-Event-ID
  - Security requirements enforcement:
    - Origin validation for DNS rebinding protection
    - HTTPS enforcement for non-localhost deployments
    - Localhost binding security checks
    - Enhanced `SecureServer` module with all security features

### Fixed

#### 🔧 18-Week Remediation Project Fixes

**Phase 1: Critical Infrastructure (Weeks 1-4)**
- **Transport Configuration**: Fixed transport selection and configuration inconsistencies
- **Response Migration**: Resolved ExMCP.Response struct vs map access patterns throughout codebase  
- **Error Protocol**: Standardized isError/is_error field handling across all protocol versions
- **Connection State**: Fixed connection status tracking and state machine transitions

**Phase 2: Protocol Compliance (Weeks 5-8)**
- **Protocol Methods**: Implemented missing MCP protocol methods for 100% coverage
- **Message Field Normalization**: Fixed camelCase/snake_case field access inconsistencies
- **Pagination Standardization**: Resolved cursor handling and nextCursor field presence issues
- **Resource Operations**: Fixed resource read protocol compliance and resource/prompt operations

**Phase 3: Reliability & Performance (Weeks 9-12)**
- **Transport Behaviors**: Standardized transport implementations and error handling patterns
- **Connection Validation**: Implemented consistent connection validation across all transports
- **Message Format**: Standardized message format handling and protocol encoding/decoding

**Phase 4: Advanced Features & Testing (Weeks 13-16)**
- **Cross-Transport Compatibility**: Fixed DSL server integration and response format issues
- **Performance Profiling**: Resolved JSON serialization issues in performance metrics storage
- **HTTP Transport Communication**: Identified and documented HTTP/SSE client-server communication issues
- **Integration Framework**: Fixed test infrastructure and end-to-end scenario validation

**Phase 5: Documentation & Validation (Weeks 17-18)**
- **Documentation Completeness**: Updated 80+ documentation files for consistency and accuracy
- **Security Validation**: Confirmed OAuth 2.1 compliance and security audit requirements
- **Final Validation**: Verified 100% MCP compliance maintained across all protocol versions

#### Other Fixes
- All Credo code quality issues resolved (0 issues)
- Logger metadata warnings fixed with proper configuration
- Dialyzer type checking issues resolved across all modules
- Memory leaks and process cleanup issues in test environment
- Performance regression detection false positives
- Security audit logging configuration for production environments

## [0.5.0] - 2025-05-28

### Breaking Changes
- **Removed `:sse` transport identifier** - Use `:http` instead for Streamable HTTP transport
- **Renamed SSE references** - All documentation and APIs now use "HTTP streaming" or "Streamable HTTP" terminology

### Fixed
- **Logging Notification Method Name** - Changed from `notifications/log` to `notifications/message` to match MCP specification exactly

### Added

#### Current MCP Specification (2025-03-26) Features
- **OAuth 2.1 Authorization Support**
  - Full OAuth 2.1 implementation with PKCE support
  - Automatic token refresh before expiration
  - TokenManager GenServer for token lifecycle management
  - Authorization error handling for 401/403 responses
  - Request interceptor for automatic header injection
  - Integration with HTTP transport for seamless auth
  - Example demonstrating OAuth-protected MCP servers
- **Enhanced Streamable HTTP Transport**
  - Automatic reconnection with exponential backoff
  - Built-in keep-alive mechanism (30-second heartbeat)
  - Support for Last-Event-ID header for event resumption with HTTP streaming
  - Improved connection stability and error recovery

#### Draft MCP Specification Features (Experimental)
- **Structured Tool Output** (Draft feature - not in MCP 2025-03-26)
  - Tools can define `outputSchema` in their schema
  - Tool results can include `structuredContent` alongside regular content
  - Marked with "Draft feature" comments in code
- **Logging Level Control** (Draft feature - not in MCP 2025-03-26)
  - Added `logging/setLevel` handler implementation
  - `Client.set_log_level/3` for adjusting server log verbosity
  - `handle_set_log_level/2` callback in server handlers
- **Security Best Practices Implementation** (Draft specification)
  - Token validation with audience checking (prevents confused deputy)
  - Client registration and accountability system
  - Consent management for dynamic client registration
  - Request audit trail maintenance
  - Trust boundary enforcement
  - SecureServer module with built-in security features
  - Security supervisor for managing security components

#### Other Enhancements
- **Lifecycle Management Improvements**
  - Improved BEAM transport server lifecycle (supports reconnections)
  - Dynamic client capability building based on handler
  - Protocol version validation and negotiation
- **Client Roots Tests and Examples** (MCP specification compliance)
  - Comprehensive tests for client roots functionality
  - Root demo showing client-server root exchange
  - Server tools for requesting and analyzing client roots
  - Default handler providing current directory as root
  - Protocol compliance verification for roots/list requests
  - Note: Client roots functionality already fully implemented
- **Progress Notifications Tests and Examples** (MCP specification compliance)
  - Integration tests for progress tracking in long-running operations
  - Progress demo server showing various progress patterns
  - Support for string and integer progress tokens
  - Progress updates with current/total values
  - Note: Progress notifications already fully implemented
- **Server Utilities Tests** (MCP specification compliance)
  - Comprehensive test coverage for pagination across all list operations
  - Completion utility tests for prompt and resource references
  - Logging utility verification with all severity levels
  - Cursor-based pagination with proper error handling
  - Note: All utilities (completion, logging, pagination) already fully implemented
- **Tools Feature Tests** (MCP specification compliance)
  - Comprehensive test coverage for existing tools functionality
  - Tests for tool discovery, invocation, and error handling
  - Verification of isError flag support for tool execution errors
  - Batch tool request testing
  - Multiple content type support (text, image)
  - Progress token support verification
  - Note: Tools functionality including isError support already fully implemented
- **Resources Feature Tests and Examples** (MCP specification compliance)
  - Comprehensive test coverage for existing resources functionality
  - Example server demonstrating various resource types (text, JSON, binary)
  - Support for resource subscriptions and update notifications
  - Resource templates for dynamic URI patterns
  - Pagination support for resource listing
  - Multiple URI schemes (file://, config://, data://, db://)
  - Note: Resources functionality was already fully implemented
- **Prompts Feature Tests and Examples** (MCP specification compliance)
  - Comprehensive test coverage for existing prompts functionality
  - Example server demonstrating various prompt patterns
  - Support for parameterized prompts with required/optional arguments
  - Pagination support for prompt listing
  - Dynamic prompt list changes with notifications
  - Note: Prompts functionality was already fully implemented
- **Ping Utility Tests and Examples** (MCP specification compliance)
  - Comprehensive test coverage for existing ping functionality
  - Health check pattern examples and best practices
  - Bidirectional ping demonstration
  - Connection monitoring and verification patterns
  - Performance measurement examples
  - Note: Ping functionality was already fully implemented
- **Request Cancellation Support** (MCP specification compliance)
  - Complete implementation of `notifications/cancelled` method
  - Client and server can cancel in-progress requests
  - Automatic request tracking and resource cleanup
  - Initialize request cannot be cancelled (as per spec)
  - Graceful handling of unknown/completed requests
  - Malformed cancellation notification validation
  - Comprehensive test coverage and example implementation
- **OAuth 2.1 Authorization Support** (MCP specification compliance)
  - Complete OAuth 2.1 implementation with PKCE support
  - Authorization code flow with mandatory PKCE for security
  - Client credentials flow for application-to-application communication
  - Server metadata discovery (RFC 8414)
  - Dynamic client registration (RFC 7591)
  - Token validation and introspection
  - HTTPS enforcement with localhost development support
  - Comprehensive test coverage for all authorization flows
- Enhanced protocol version negotiation (MCP specification compliance)
  - Handlers now receive client's protocol version in params
  - Servers can check client version and propose alternatives
  - Comprehensive documentation and examples for version negotiation
  - Full test coverage for various negotiation scenarios

### Changed
- **BREAKING:** Renamed SSE transport to HTTP transport (MCP specification update)
  - `ExMCP.Transport.SSE` is now `ExMCP.Transport.HTTP`
  - Use `transport: :http` instead of `transport: :sse`
  - Transport identifier `:sse` is now `:http` (`:sse` still works for compatibility)
  - Updated documentation to reflect "Streamable HTTP" terminology from MCP spec 2025-03-26
  - All tests and examples updated to use new naming

## [0.4.0] - 2025-05-27

### Added
- Tool execution error reporting with `isError` flag (MCP specification compliance)
  - Handlers can return `{:ok, %{content: [...], isError: true}, state}` for tool errors
  - Distinguishes between protocol errors and tool execution errors
  - Full test coverage demonstrating proper error handling
- Pagination support for list methods (MCP specification compliance)
  - Added cursor parameter to `list_tools`, `list_resources`, and `list_prompts`
  - Server handlers now return optional `nextCursor` for paginated results
  - Client API changed to accept options keyword list for cursor and timeout
  - Full test coverage for pagination functionality
- JSON-RPC batch request support (MCP specification compliance)
  - `batch_request/3` client method for sending multiple requests as a batch
  - Server automatically handles batch requests and returns batch responses
  - Full integration tests demonstrating batch functionality
- Bi-directional communication support (server-to-client requests)
  - New `ExMCP.Client.Handler` behaviour for handling server requests
  - Server can ping clients with `ping/2`
  - Server can request client roots with `list_roots/2`
  - Server can request client to sample LLM with `create_message/3`
  - Client automatically advertises capabilities when handler is provided
- Human-in-the-loop (HITL) interaction support
  - `ExMCP.Approval` behaviour for implementing approval flows
  - `ExMCP.Client.DefaultHandler` with built-in approval support
  - `ExMCP.Approval.Console` for terminal-based approval prompts
  - Approval required for LLM sampling requests and responses
  - Support for approving, denying, or modifying requests/responses
  - Full test coverage with approval and HITL integration tests
- WebSocket transport implementation (client-side only)
  - Support for ws:// and wss:// protocols
  - Automatic ping/pong frame handling
  - Full integration with ExMCP transport system
  - TLS/SSL support for secure connections
- Comprehensive security features across all transports
  - New `ExMCP.Security` module for unified security configuration
  - Authentication support: Bearer tokens, API keys, Basic auth, custom headers, node cookies
  - HTTP streaming transport: Origin validation, CORS headers, security headers
  - WebSocket transport: Authentication headers, TLS configuration
  - BEAM transport: Process-level authentication, node cookie support
  - TLS/SSL configuration with certificate validation
  - Mutual TLS support for HTTP streaming and WebSocket transports
  - Comprehensive security documentation in docs/SECURITY.md
- Native format support for BEAM transport
  - `:json` format (default) maintains MCP compatibility
  - `:native` format for direct Elixir term passing between processes
  - Configurable via `:format` option in connect/accept
- HTTP test server for streaming testing
  - Implemented with Plug and Cowboy
  - Supports Server-Sent Events connections and message endpoints
  - Request tracking for test assertions
  - Proper Server-Sent Events streaming with keep-alive

### Changed
- **BREAKING:** Client list methods now take options keyword list instead of timeout
  - `list_tools(client, timeout)` → `list_tools(client, opts \\ [])`
  - `list_resources(client, timeout)` → `list_resources(client, opts \\ [])`
  - `list_prompts(client, timeout)` → `list_prompts(client, opts \\ [])`
  - Options include `:timeout` and `:cursor` for pagination
- **BREAKING:** Server handler callbacks for list methods now include cursor parameter
  - `handle_list_tools(state)` → `handle_list_tools(cursor, state)`
  - `handle_list_resources(state)` → `handle_list_resources(cursor, state)`
  - `handle_list_prompts(state)` → `handle_list_prompts(cursor, state)`
  - All must return 4-tuple with optional `next_cursor`
- SSE transport endpoint is now configurable (was hardcoded to /mcp/v1)
- BEAM transport now supports both JSON and native Elixir term formats

### Fixed
- Dialyzer type errors in WebSocket and BEAM transports
- BEAM transport connection format to support security authentication
- Test compatibility issues with new security features

### Documentation
- Added comprehensive security guide (docs/SECURITY.md)
- Added local copy of MCP specification (docs/mcp-llms-full.txt)
- Updated TASKS.md with detailed compliance status

## [0.3.0] - 2025-05-26

### Added
- Protocol version updated to "2025-03-26" (latest MCP specification)
- Roots capability for URI-based resource boundaries
  - `list_roots/2` client method
  - `handle_list_roots/1` server callback
  - `notify_roots_changed/1` for dynamic root updates
- Resource subscription support
  - `subscribe_resource/3` and `unsubscribe_resource/3` client methods
  - `handle_subscribe_resource/2` and `handle_unsubscribe_resource/2` server callbacks
- Resource templates support
  - `list_resource_templates/2` client method  
  - `handle_list_resource_templates/1` server callback
- Enhanced protocol method support
  - `ping/2` for connection health checks
  - `complete/4` for completion/autocomplete features
  - `send_cancelled/3` for request cancellation notifications
  - `log_message/4` for structured logging
- Tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint)
- Audio content support (`audio_content` type)
- Embedded resource support in content
- Pagination support with cursor/nextCursor
- RFC-5424 compliant logging levels
- Progress tokens now use `_progressToken` in `_meta` as per spec
- Comprehensive USER_GUIDE.md documentation
- API_REFERENCE.md with complete module documentation
- Enhanced examples for all new features

### Changed  
- **BREAKING**: JSON field names now use camelCase to match official MCP schema
  - `mime_type` → `mimeType`
  - `progress_token` → `_progressToken` (in `_meta`)
  - All response fields follow camelCase convention
- **BREAKING**: ModelHint is now an object with optional `name` field (was array)
- Type specifications completely rewritten to match official schema
- Updated all documentation to reflect protocol version 2025-03-26
- Enhanced capabilities type to include roots and other new features

### Fixed
- Protocol compliance with official MCP schema
- Missing cancellation and logging notification handlers
- Type definitions for multimodal content
- Progress token parameter location (now in `_meta._progressToken`)

## [0.2.0] - 2025-05-26

### Added
- Sampling/createMessage support for LLM integrations
- Change notifications (resources, tools, prompts)
- Progress notifications with token support
- Comprehensive BEAM transport examples
- Code quality tooling (Credo, Dialyzer, Sobelow, ExCoveralls)
- Git hooks for pre-commit and pre-push checks
- GitHub Actions CI/CD pipeline

### Changed
- **BREAKING**: Simplified BEAM transport architecture to Native BEAM transport
  - Removed complex TCP-based BEAM transport modules (`ExMCP.Transport.Beam.Server`, `Client`, etc.)
  - Implemented `ExMCP.Transport.Native` for direct process communication
  - Added Registry-based service discovery and registration
  - Improved performance: ~15μs local calls vs previous TCP overhead
  - Note: Requires migration from old TCP-based API to new service registration pattern

### Fixed
- BEAM transport now properly supports server-initiated notifications
- Documentation discrepancies between claimed and actual features
- Server handler callback specs for sampling support

## [0.1.0] - 2025-05-25

### Added
- Initial release of ExMCP
- Complete Model Context Protocol implementation
- Protocol encoder/decoder for JSON-RPC messages
- Client implementation with automatic reconnection
- Server implementation with handler behaviour
- stdio transport for process communication
- SSE (Server-Sent Events) transport for HTTP streaming
- BEAM transport for native Erlang/Elixir communication
- Tool discovery and execution
- Resource listing and reading
- Prompt management
- Server manager for multiple connections
- Server discovery (npm packages, local directories)
- Request/response correlation
- Concurrent request handling
- Error handling and validation
- Type specifications throughout

### Features
- Full MCP specification compliance
- Multiple transport layer support (stdio, Streamable HTTP with optional SSE, BEAM)
- Both client and server implementations
- Extensible architecture
- Supervision tree integration