0.24.0 - Changelog | MD Planner

Cookie-based API token authentication via --api-token CLI flag with login modal UI and session cookies for SSE compatibility.
Request body size limits and per-IP rate limiting middleware.
Request logging middleware with X-Request-ID header propagation.
Zod validation on tasks, notes, and goals API routes.
Global search now supports searching by entity ID.
Loading spinner for all 38 async view modules during data fetch.
CI secrets scan workflow step (detects sk-, ghp_, AKIA, password= patterns in staged files).

SSE connection limit per IP (max 10, evicts oldest) to prevent resource exhaustion.
Event listener accumulation in orgchart and config views on repeated navigation.
Missing <label> elements on form inputs across all sidenav modules.
Native confirm() dialogs replaced with styled confirmation modal.
Removed unnecessary !important declarations and replaced hardcoded px font sizes with CSS variables.