mcp-outline-postgresql/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

[1.2.2] - 2026-01-31

Security

• SQL Injection Prevention: Fixed 21 SQL injection vulnerabilities across analytics, advanced-search, and search-queries modules

  • Replaced string interpolation with parameterized queries for all user inputs
  • Added validateDaysInterval() function for safe interval validation
  • Added isValidISODate() function for date format validation
  • Added validatePeriod() function for period parameter validation
  • All UUID validations now occur BEFORE string construction
  • Using make_interval(days => N) for safe interval expressions

• Transaction Support: Added atomic operations for bulk operations

  • bulk-operations.ts: All 6 bulk operations now use transactions
  • desk-sync.ts: Create project doc and link task use transactions
  • export-import.ts: Import markdown folder uses transactions

• Rate Limiting: Added automatic cleanup of expired entries (every 5 minutes)

Changed

• Refactored security utilities with new validation functions
• Improved error messages for invalid input parameters

[1.2.1] - 2026-01-31

Added

• Export/Import (2 tools): export_collection_to_markdown, import_markdown_folder - Advanced Markdown export/import with hierarchy
• Desk Sync (2 tools): create_desk_project_doc, link_desk_task - Desk CRM integration for project documentation

Changed

• Total tools increased from 160 to 164

[1.2.0] - 2026-01-31

Added

• Teams (5 tools): get, update, stats, domains, settings - Team/workspace management
• Integrations (6 tools): list, get, create, update, delete, sync - External integrations (Slack, embeds)
• Notifications (4 tools): list, mark read, mark all read, settings - User notification management
• Subscriptions (4 tools): list, subscribe, unsubscribe, settings - Document subscription management
• Templates (5 tools): list, get, create from, convert to/from - Document template management
• Imports (4 tools): list, status, create, cancel - Import job management
• Emojis (3 tools): list, create, delete - Custom emoji management
• User Permissions (3 tools): list, grant, revoke - Document/collection permission management
• Bulk Operations (6 tools): archive, delete, move, restore documents; add/remove users from collection
• Advanced Search (6 tools): advanced search, facets, recent, user activity, orphaned, duplicates
• Analytics (6 tools): overview, user activity, content insights, collection stats, growth metrics, search analytics

Changed

• Total tools increased from 108 to 160
• Updated module exports and index files
• Improved database schema compatibility

[1.1.0] - 2026-01-31

Added

• Stars (3 tools): list, create, delete - Bookmark documents/collections for quick access
• Pins (3 tools): list, create, delete - Pin important documents to collection tops
• Views (2 tools): list, create - Track document views and view counts
• Reactions (3 tools): list, create, delete - Emoji reactions on comments
• API Keys (4 tools): list, create, update, delete - Manage programmatic access
• Webhooks (4 tools): list, create, update, delete - Event notification subscriptions
• Backlinks (1 tool): list - View document link references (read-only view)
• Search Queries (2 tools): list, stats - Search analytics and popular queries

Changed

• Total tools increased from 86 to 108

[1.0.1] - 2026-01-31

Fixed

• Users: Adapted to Outline schema - use role enum instead of isAdmin/isViewer/isSuspended booleans
• Users: Removed non-existent username column
• Groups: Fixed group_users table queries - no deletedAt column, composite PK
• Groups: Fixed ambiguous column references in subqueries
• Attachments: Removed non-existent url and deletedAt columns
• Attachments: Changed delete to hard delete (no soft delete support)
• Auth: Use suspendedAt IS NOT NULL for suspended count, return role instead of isAdmin
• Comments: Use role='admin' for admin user queries
• Documents: Use suspendedAt IS NULL for active user checks
• Events: Return actorRole instead of actorIsAdmin
• Shares: Use role='admin' for admin user queries

Changed

• Users suspend/activate now use suspendedAt column instead of boolean
• Groups member count uses correct join without deletedAt filter
• All modules validated against Outline v0.78 PostgreSQL schema

[1.0.0] - 2026-01-31

Added

• Initial release of MCP Outline PostgreSQL
• 86 tools across 12 modules for direct PostgreSQL access to Outline Wiki
• Documents (19 tools): CRUD, search, archive, move, templates, memberships
• Collections (14 tools): CRUD, user/group memberships, export
• Users (9 tools): CRUD, suspend, activate, promote, demote
• Groups (8 tools): CRUD, memberships management
• Comments (6 tools): CRUD, resolve functionality
• Shares (5 tools): CRUD, revoke public links
• Revisions (3 tools): list, info, compare versions
• Events (3 tools): audit log, statistics
• Attachments (5 tools): CRUD, storage statistics
• File Operations (4 tools): import/export job management
• OAuth (8 tools): OAuth clients and authentications
• Auth (2 tools): authentication info and config
• PostgreSQL client with connection pooling
• Rate limiting and security utilities
• Full TypeScript implementation with type safety
• MCP SDK v1.0.0 compatibility

Technical

• Direct SQL access (not Outline API) for better performance
• Parameterized queries for SQL injection protection
• Soft delete support across all entities
• Full-text search using PostgreSQL tsvector
• Pagination and sorting on all list operations

---

Developed by Descomplicar® | descomplicar.pt