v2026.05.21.1143

What's Changed

🚀 Features

• Attribute MP writes to acting user via session context (#64) — Contact_Log and Contacts writes now resolve the acting user's MP User_ID from session and forward it as $userId to MPHelper, so MP's dp_Audit_Log shows the real user instead of the OAuth integration account. Anonymous writes are logged as structured mp.write.non_user events rather than failing.

📚 Documentation

• Audit logging playbook (8aad37b) — New playbook documenting the audit-attribution flow.

🔧 Maintenance

• Remove old commands (926e6da) — Cleanup of unused commands.
• CI pipeline item to review (7db0f9e) — CI-related housekeeping.

Full Changelog: v2026.05.21.0652...v2026.05.21.1143

v2026.05.21.0652

What's Changed

🐛 Bug Fixes

• Contact Log timezone drift on save/edit (#63) — Replaced the T00:00:00.000Z + new Date().getFullYear() round-trip with a new DomainTimezoneService so Contact_Date is sent in the MP domain's wall-clock time zone; the Add/Edit form is now datetime-local defaulting to MP-TZ "now" and round-trips without day drift.
• Setup script honesty and fail-fast (b022be5) — npm run setup now surfaces real mp:generate:models errors, fails fast on missing models, and produces an accurate final summary instead of a false-success report.
• Restore @emnapi optional deps (d623e29) — Re-added @emnapi entries that were accidentally removed in ecaa009, fixing lockfile drift.

📚 Documentation

• Transportable MP datetime handling playbook (3c87c80) — New playbook for porting the MP datetime-handling pattern to other projects.
• README Quick Setup alignment (f5942b0) — Quick Setup bullets now match the actual script steps and explain how the MP URL is derived.
• README Node version + audit guidance (05ebed0) — Aligned Node version sources, scrubbed remaining Claude Code framing, and corrected the npm audit guidance.
• README setup flow clarifications (00e7214) — Updated based on customer testing feedback to clarify the setup flow.

🔧 Maintenance

• Track stale-models detection gap (75ffddd) — Added TODO tracking that setup:check cannot currently detect stale Ministry Platform models.

Full Changelog: v2026.05.17.1247...v2026.05.21.0652

v2026.05.17.1247

What's Changed

🐛 Bug Fixes

• Sanitize filter parameters to prevent injection (#57) — Adds sanitizeFilterValue() and sanitizeGuid() utilities; applies them in contactSearch() and getContactByGuid(), and removes PII logging from updateContact().
• Expand filter sanitization to remaining GUID sites and LIKE wildcards (#61) — Applies sanitizeGuid() to userService.getUserProfile() and contact-log actions; adds sanitizeLikeValue() with an ESCAPE '\' clause so user input like 50% matches literally instead of acting as a wildcard.
• Use NEXT_PUBLIC_APP_NAME for browser title and header (fadba97) — Branding now follows the configured app name instead of a hardcoded value.

📚 Documentation

• Add Ministry Platform query syntax reference (#62) — New .claude/references/ministryplatform.query-syntax.md documenting filter syntax, aggregates, _TABLE FK traversal rules, and an error-to-fix lookup table; linked from CLAUDE.md.

🔧 Maintenance

• Resolve npm audit vulnerabilities (#59) — Lockfile-only bumps for defu, kysely, picomatch, vite, and brace-expansion addressing 5 high/moderate advisories.
• Bump tsx to 4.22.1 and @vitejs/plugin-react to 6.0.2 (ecaa009) — Patch bump for tsx; major bump for @vitejs/plugin-react (vite 8 peer satisfied).
• Restore @emnapi entries removed by dedupe (dc5e439) — Lockfile fix.
• Update .env.example (0a57c48) — Configuration template updates.

Full Changelog: v2026.05.16.2144...v2026.05.17.1247

v2026.05.16.2144

What's Changed

⚠️ Breaking Changes

• Template Tool removed (#60) — The /tool/template-tool route, the entire tool/ framework (ToolContainer, Header, Footer, ParamsDebug), user-tools-debug/, tool-params.ts, and ToolService have been deleted along with their tests and the dashboard card. Anything that imported from these paths must be removed.
• UserProvider context API changed (#60) — isLoading and error are no longer exposed on the user context; consume the profile via use() and let Suspense/ErrorBoundary handle loading and error states.

🚀 Features

• Suspense-based user profile loading (#60) — UserProvider now exposes a Promise<MPUserProfile | null> unwrapped with use(), so loading flows through Suspense and errors flow to ErrorBoundary.
• Suspense-based contact lookup (#60) — /contactlookup/[guid] kicks off getContactDetails and getContactLogsByContactId in the server component and streams promises to the client.
• Stored procedure docs + generator (0286cfa) — New generate-storedprocs.ts script and a generated ministryplatform.storedprocs.md reference for MP stored procedures.

📚 Documentation

• Mandatory MP data safety rule (#55) — Adds a top-level rule in CLAUDE.md requiring explicit user confirmation before any write (create/update/delete) to Ministry Platform, applicable to all agents, subagents, scripts, and hooks.
• README tech-stack badges (#60) — Adds badges to README to match MPNext-Tools.

🔧 Maintenance

• VS Code Peacock colors (#56) — Adds .vscode/settings.json with workspace Peacock customization.
• Dependency bumps (#60) — lucide-react to ^1.16, typescript to ^6.0.
• Contact-logs scoped re-renders (#60) — Switches log-type field to useWatch.
• Misc cleanup (#60) — Drop unused createContext scaffolding in session-context; document dev-only MP API client env vars in .env.example; add coverage/ to ESLint ignores.
• Lock file fixes for CI (e6da5c5, 5bfd8b9) — Backfill missing @emnapi and Linux-only optional deps so CI installs reproducibly.
• Regenerate next-env.d.ts (bdd2e47, c209862) — Reflects Next.js 16 dev output path.

Full Changelog: v2026.03.18.1156...v2026.05.16.2144

v2026.03.18.1156

What's Changed

🔧 Maintenance

• Fix vulnerabilities and update dependencies (#54) — Resolve all npm audit vulnerabilities and update 13 packages including next, better-auth, vitest, and jsdom.

Full Changelog: v2026.02.28.1353...v2026.03.18.1156

v2026.02.28.1353

What's Changed

🐛 Bug Fixes

• Replace NextAuth references with Better Auth (#52) — Update setup script env vars (NEXTAUTH_SECRET → BETTER_AUTH_SECRET, NEXTAUTH_URL → BETTER_AUTH_URL), remove unused optional vars (OIDC_PROVIDER_NAME, OIDC_SCOPE, OIDC_WELL_KNOWN_URL, NEXTAUTH_DEBUG), fix step count, and update all stale NextAuth references across documentation.

Full Changelog: v2026.02.26.1827...v2026.02.28.1353

v2026.02.26.1827

What's Changed

🔧 Maintenance

• Update dependencies and fix security vulnerabilities (#51) — Fixed 3 security vulnerabilities (rollup CVE-2026-27606 High/Arbitrary File Write, minimatch GHSA-3ppc-4f35-3m26 High/ReDoS, ajv GHSA-2g4f-4pwh-qvx6 Moderate/ReDoS), synced packages to latest major versions, and applied safe patch/minor updates.
• CI: Discord notification fixes — Fixed literal \n\n in Discord embed description and added workflow_dispatch trigger for testing.

Full Changelog: v2026.02.26.1751...v2026.02.26.1827

v2026.02.26.1751

What's Changed

🚀 Features

• Load user roles and groups into MPUserProfile (#50) — Extends MPUserProfile with roles and groups loaded via UserService, surfacing them to the app via useUser() context; also adds a GitHub Actions Discord embed notification on new releases.

📚 Documentation

• Testing reference guide (#46) — Adds .claude/references/testing.md with comprehensive Vitest patterns (vi.hoisted, MPHelper mocks, singleton resets, auth/headers mocking), coverage data, and full test inventory; updates CLAUDE.md.

🔧 Maintenance

• Add GitHub Actions test workflow with Codecov (#47) — Runs Vitest with v8 coverage on push to main and on pull requests; uploads to Codecov and adds status/coverage badges to README.
• Restore CODECOV_TOKEN for protected branch uploads (#49) — Re-adds the CODECOV_TOKEN secret parameter required for Codecov uploads on protected branches.
• Improve test coverage from 137 to 228 tests (#45) — Adds 91 new tests across services, server actions, proxy, provider, and React contexts; fixes 3 pre-existing test failures; all 228 tests now pass.

Full Changelog: v2026.02.20.1735...v2026.02.26.1751

v2026.02.20.1735

What's Changed

⚠️ Breaking Changes

• OAuth Redirect URI must be updated in Ministry Platform. The Better Auth migration (#44) changes the callback URL from /api/auth/callback/ministry-platform to /api/auth/oauth2/callback/ministry-platform. Update the Redirect URI in your Ministry Platform OAuth Client configuration before deploying.

🚀 Features

• Migrate from NextAuth v5 to Better Auth (#44) — Replace NextAuth v5 (beta) with Better Auth for OAuth authentication against Ministry Platform's OIDC endpoints. Stateless JWT sessions with cookie cache — no database required. OAuth sub claim (MP User_GUID) stored as user.userGuid via additionalFields + mapProfileToUser.

• Upgrade to Next.js 16 and update all dependencies (#41) — Upgrade from Next.js 15.5 to 16.1.6 (Turbopack now default), rename middleware → proxy, replace next lint with native ESLint flat config, and update all major dependencies (TypeScript 5.9, Zod 4.x, OpenAI 6.x, Tailwind CSS 4.2).

🐛 Bug Fixes

• Fix model generator crash for digit-prefixed tables (#39, #40) — sanitizeTypeName() now prefixes an underscore when the generated type name starts with a digit, preventing invalid TypeScript identifiers and build failures for tables like _2016CampElkhart.

📚 Documentation

• Update CLAUDE.md, components reference, and upgrade @inquirer/prompts v8 (#42) — Add missing architectural layers (services, contexts, Zod v4 note, setup commands), fix stale component references, and upgrade @inquirer/prompts to v8.

Full Changelog: https://github.com/MinistryPlatform-Community/MPNext/commits/v2026.02.20.1735