Highlights

• expanded sanitized parser fixture coverage for sshd and pam_unix variants
• improved deterministic unknown-line telemetry and parser coverage reporting
• unified sudo detector input by moving sudo handling onto the signal layer
• improved release-facing documentation with a stable changelog and release-process guidance

Notable changes

• added dedicated parser fixture matrices for both syslog_legacy and journalctl_short_full
• kept unsupported connection-close / timeout / PAM session-close variants as telemetry-only
• preserved detector thresholds and report schema while simplifying detector input semantics
• added CHANGELOG.md and release-process documentation for future releases

Scope note

This release remains intentionally conservative. LogLens is still a focused, public-safe detection engineering CLI rather than a SIEM or correlation platform.