All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

• PostgreSQL migration crash: AddMessageStatus1770108659848 migration contained hardcoded SQLite-specific raw SQL (datetime type, datetime('now') function) that PostgreSQL doesn't recognize. Migration now detects database type at runtime and uses appropriate SQL syntax. SQLite path is byte-for-byte identical to the original (zero regression). PostgreSQL path uses timestamp / NOW() / DEFAULT true / inline FK constraints. Fixes #59, #62.

• Version badge sync: Updated version badges in README.md (was 0.1.4), docs/README.md (was 0.1.0), and Swagger API docs (was 0.1.0) to 0.1.6.
• Dependency updates: Merged Dependabot PRs for 12 npm packages (@aws-sdk/client-s3, @nestjs/swagger, bullmq, class-validator, tar-stream, typeorm, @types/node, eslint, globals, jest, typescript-eslint) and 1 dashboard package (globals).
• GitHub Actions: Upgraded docker/setup-buildx-action v3→v4, codecov/codecov-action v5→v6, docker/login-action v3→v4, docker/metadata-action v5→v6, actions/upload-artifact v6→v7.

• First-boot crash on SQLite: Data DB now defaults to synchronize=true for SQLite so the embedded database "just works" on first boot. Resolves SQLITE_ERROR: no such table: sessions that appeared on fresh installs without DATABASE_SYNCHRONIZE=true.
• PostgreSQL boot crash on main connection: AuditLog.metadata now uses simple-json instead of the dynamic jsonColumnType(). The main connection is always SQLite, so it must not switch to jsonb when DATABASE_TYPE=postgres. Fixes DataTypeNotSupportedError: Data type "jsonb" in "AuditLog.metadata" is not supported by "sqlite" database.
• Operator env vars ignored: data/.env.generated no longer overrides process.env or project .env. Loading order is now process env > .env > data/.env.generated, so values from Docker / shell / systemd take precedence over Dashboard-saved config.

• Auto-run migrations on boot: PostgreSQL data DB now runs pending migrations automatically; SQLite also runs migrations when the user opts out of synchronize.
• Production migration scripts: Added migration:run:prod, migration:revert:prod, and migration:show:prod that operate from dist/ so they can be executed inside the production container (which strips ts-node).

• ESLint 10 upgrade: Upgraded eslint and @eslint/js from v9 to v10 in both root and dashboard
• Dependency updates: Merged Dependabot PRs for 6 root packages, 2 dashboard packages, and @types/node 24→25
• Dashboard peer deps: Added .npmrc with legacy-peer-deps=true for eslint-plugin-react-hooks ESLint 10 compatibility

• Dashboard lint: Fixed no-useless-assignment error in Infrastructure.tsx caught by ESLint 10's new rule
• Auto-formatting: Applied Prettier fix to whatsapp-web-js.types.ts

• Node 22 LTS upgrade: Upgraded CI, release workflow, and Dockerfile from Node 20 to Node 22 (current LTS)
• Lockfile compatibility: Regenerated package-lock.json with npm 10 to match CI runtime
• TypeScript type conflicts: Fixed whatsapp-web.js type mismatches after dependency update using Omit<> pattern
• ESLint peer dependency: Pinned @eslint/js and eslint to v9 to resolve Dependabot-introduced peer conflict
• CI npm audit: Changed audit level from high to critical — high-severity findings are all in unfixable transitive dependencies

• Dependency updates: Merged Dependabot PRs for 12 npm packages, 6 dashboard packages, and 5 GitHub Actions
• GitHub Actions: Upgraded actions/checkout v4→v6, actions/setup-node v4→v6, actions/upload-artifact v4→v6, docker/build-push-action v5→v6, codecov/codecov-action v4→v5

• [P1] Database safety: Default DATABASE_SYNCHRONIZE to false to prevent auto-schema changes in production
• [P1] Graceful shutdown: Replace process.exit() with ShutdownService callback pattern
• [P1] PostgreSQL types: Use native jsonb and timestamp column types when available
• [P1] Docker orchestration: Remove duplicate Docker management from main.ts (use DockerService)
• [P1] Queue stub: Remove unimplemented message queue processor that always threw errors
• [P2] Error visibility: Add proper logging to all 12 empty catch blocks across backend services
• [P2] Type safety: Reduce any usage from 38 to ~4 with typed interfaces for whatsapp-web.js
• [P2] Data consistency: Add TypeORM transaction support for session CRUD; save-before-send pattern for messages
• [P2] Dashboard crashes: Add ErrorBoundary with fallback UI instead of white screen of death
• [P2] Dashboard security: Move API key from localStorage to sessionStorage (cleared on browser close)
• [P2] Dashboard UX: Replace blocking alert() calls with Toast notifications
• [P2] Dashboard error handling: Add logging to all empty catch blocks in dashboard pages

• Dashboard React Query: Migrate all 8 pages from manual useState/useEffect to @tanstack/react-query with automatic caching and deduplication
• Dashboard code splitting: Route-level lazy loading with React.lazy + Suspense — main bundle reduced 36%

• CI npm audit: npm audit --audit-level=high in CI pipeline to catch vulnerabilities
• CI coverage threshold: Jest coverage floor to prevent regression
• CI dashboard job: Lint + build for React dashboard runs parallel with backend CI
• Dependabot: Automated dependency updates — npm weekly, GitHub Actions monthly

• Unit Tests: 94 new tests across auth, session, message, and webhook modules (110 total, ~17% coverage)
• Release Workflow: release.yml GitHub Actions — tag-triggered with test gate, GitHub Release, and Docker semver tagging
• SDK Scaffolds: JavaScript/TypeScript and Python client libraries in sdk/ directory
• New hook events: webhook:queued (after queue add) and webhook:delivered (after actual delivery)

• [P1] Idempotency Key: Made generateIdempotencyKey deterministic by removing Date.now(). Keys are now content-based for proper deduplication
• [P2] Webhook Processor: Added lastTriggeredAt update and webhook:delivered/webhook:error hooks after queue delivery
• [P2] Hook Semantics: Added webhook:queued event for queue mode; webhook:after now only fires in direct mode
• [P2] QueueModule DI: Added TypeOrmModule.forFeature([Webhook]) and HooksModule imports for proper dependency injection
• [P3] Message Processor: Changed placeholder to throw error so BullMQ correctly marks job as failed

OpenWA v0.1.0 is the first stable release featuring a complete WhatsApp API Gateway with all core functionality.

• REST API for WhatsApp operations
• Multi-session support with concurrent session handling
• Web Dashboard for visual management
• WebSocket real-time events via Socket.IO
• API Key Authentication with role-based permissions
• Webhook System with HMAC signatures and queue-based retries

• Send/receive text, image, video, audio, document messages
• Message reactions and replies
• Bulk messaging with rate limiting
• Location and contact sharing
• Sticker support

• Groups API - Full CRUD operations
• Channels/Newsletter support
• Labels Management
• Catalog API for product management
• Status/Stories support
• Proxy per Session configuration
• Plugin System for extensibility

• SQLite (development) and PostgreSQL (production) support
• Redis queue for webhook delivery (optional)
• S3/MinIO storage for media (optional)
• Docker + Docker Compose deployment
• Traefik reverse proxy integration
• Health check endpoints
• Zero-config onboarding with auto-generated API key

• API key authentication with SHA-256 hashing
• Rate limiting (configurable)
• CIDR IP whitelisting
• CORS configuration
• Helmet security headers
• Audit logging for all operations

• Session management with QR code display
• Webhook configuration and testing
• API key management
• Message tester for debugging
• Infrastructure status monitoring
• Audit logs viewer
• Plugin management