ProxmoxMCP-Plus v0.4.9

This release supersedes v0.4.8 with the same production reliability work plus a CodeQL-blocking log-injection fix.

What Changed

• Sanitized high-risk retry audit log values before writing them to logs, preventing forged log lines from job IDs or persisted tool names.
• Kept the v0.4.8 reliability hardening:
  • SQLite JobStore WAL, busy timeout, migration tracking, indexes, SQL filtering/limits, and explicit close lifecycle.
  • Policy checks for high-risk job retries in MCP and OpenAPI.
  • VM guest-agent command polling until exec-status exits, with non-zero exits reported as failures.
  • Cluster resource inventory for VM and default LXC list calls.
  • Route-template labels for OpenAPI Prometheus metrics.
  • Persistent clone_vm JobStore registration and vm.clone retry recipe.
  • Paramiko 4.x dependency support with a tracked temporary CVE-2026-44405 audit exception.
  • Aligned CI/docs quality gates.

Upgrade Notes

• Prefer v0.4.9 over v0.4.8.
• get_containers still defaults include_stats=false; pass include_stats=true when detailed per-container stats are required.
• Remove the temporary Paramiko audit exception once a fixed PyPI release is available.

Validation

• python -m pytest -q --cov=proxmox_mcp --cov-report=term-missing --cov-fail-under=60
• python -m ruff check .
• python -m mypy src --ignore-missing-imports
• python -m pip_audit -r requirements.txt --ignore-vuln CVE-2026-44405
• python -m build
• python -m twine check dist\*