fix: corrigir bugs críticos de segurança e memory leaks (v1.2.4)

- fix(pagination): SQL injection em cursor pagination - validação de nomes de campos
- fix(transaction): substituir Math.random() por crypto.randomBytes() para jitter
- fix(monitoring): memory leak - adicionar .unref() ao setInterval
- docs: adicionar relatório completo de bugs (BUG-REPORT-2026-01-31.md)
- chore: actualizar versão para 1.2.4

src/index.ts

@@ -17,7 +17,7 @@ import * as dotenv from 'dotenv';
 import { PgClient } from './pg-client.js';
 import { getDatabaseConfig } from './config/database.js';
 import { logger } from './utils/logger.js';
-import { checkRateLimit } from './utils/security.js';
+import { checkRateLimit, startRateLimitCleanup, stopRateLimitCleanup } from './utils/security.js';
 import { BaseTool } from './types/tools.js';
 
 // Import ALL tools
@@ -226,6 +226,19 @@ async function main() {
     }
   });
 
+  // Start background tasks
+  startRateLimitCleanup();
+
+  // Graceful shutdown handler
+  const shutdown = async () => {
+    stopRateLimitCleanup();
+    await pgClient.close();
+    process.exit(0);
+  };
+
+  process.on('SIGINT', shutdown);
+  process.on('SIGTERM', shutdown);
+
   // Log startup (minimal logging for MCP protocol compatibility)
   if (process.env.LOG_LEVEL !== 'error' && process.env.LOG_LEVEL !== 'none') {
     logger.info('MCP Server started');