diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index e18ee07..466df71 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "0.0.0"
+  ".": "0.1.0"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..8af1844
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,25 @@
+# Changelog
+
+## 0.1.0 (2026-05-09)
+
+
+### Features
+
+* add auth pipeline ([#12](https://github.com/meigma/authkit/issues/12)) ([95802c9](https://github.com/meigma/authkit/commit/95802c998091a667938716d72cc7411a5125265c))
+* **apikey:** add opaque API tokens ([#11](https://github.com/meigma/authkit/issues/11)) ([8f6ee02](https://github.com/meigma/authkit/commit/8f6ee0260e0ccf1dcc8b2ee8a8ee1d317e1b3732))
+* **apikey:** simplify issued token identity linking ([#17](https://github.com/meigma/authkit/issues/17)) ([174b3c8](https://github.com/meigma/authkit/commit/174b3c87f2fdd379f8e84cb5c3aa97be0031f090))
+* **authz:** add decision-time authorization facts ([6229feb](https://github.com/meigma/authkit/commit/6229feb22940f41d0b7b07ea5e80760f9603df5a))
+* **authz:** add local role authorization ([#28](https://github.com/meigma/authkit/issues/28)) ([33b5416](https://github.com/meigma/authkit/commit/33b5416397ae3ffe9dd585aa4950bab062486886))
+* **casbin:** add authorizer adapter ([#14](https://github.com/meigma/authkit/issues/14)) ([191e7c4](https://github.com/meigma/authkit/commit/191e7c493db98a1736e7730571217a8fe7a8743b))
+* **compose:** add HTTP composition helper ([#23](https://github.com/meigma/authkit/issues/23)) ([14b264d](https://github.com/meigma/authkit/commit/14b264dc4cd72514a400b88b21b1b6e7d0d35b2d))
+* define core auth contracts ([#9](https://github.com/meigma/authkit/issues/9)) ([a5816fa](https://github.com/meigma/authkit/commit/a5816fa3a288194ef8e041fb55aed69737bb167f))
+* **examples:** add notes vertical example ([#15](https://github.com/meigma/authkit/issues/15)) ([310a8e0](https://github.com/meigma/authkit/commit/310a8e0a6c23135d5e7008dcc1630d27b023aef9))
+* **examples:** prove mixed credential auth ([#22](https://github.com/meigma/authkit/issues/22)) ([d8deb20](https://github.com/meigma/authkit/commit/d8deb201df2141ce0b90468493747771c1a0ad0e))
+* **httpauth:** add net/http adapter ([#13](https://github.com/meigma/authkit/issues/13)) ([43e0427](https://github.com/meigma/authkit/commit/43e0427e768a4fbd6450f6e35db7fa86a55eb2d2))
+* **management:** add service-level auth setup ([#19](https://github.com/meigma/authkit/issues/19)) ([95b7ca5](https://github.com/meigma/authkit/commit/95b7ca5d60135cf6b77607b8310d8dc0a1542446))
+* **memory:** add in-memory principal resolution ([#10](https://github.com/meigma/authkit/issues/10)) ([b101fed](https://github.com/meigma/authkit/commit/b101fed17b53601b6336c4495442ae7f92b5e8f0))
+* **oidc:** add JWT bearer authentication ([#20](https://github.com/meigma/authkit/issues/20)) ([83d2c55](https://github.com/meigma/authkit/commit/83d2c55f4bfd20734948138e253104fa49585327))
+* **oidc:** add trusted provider storage ([#21](https://github.com/meigma/authkit/issues/21)) ([32875dd](https://github.com/meigma/authkit/commit/32875dd5cf46ac16f94a619b61834ed30423a521))
+* **postgres:** add auth storage adapter ([#18](https://github.com/meigma/authkit/issues/18)) ([af1b669](https://github.com/meigma/authkit/commit/af1b669777a8a5484dbbce6e5a7d06a6f02423ce))
+* **provisioning:** add OIDC auto-provisioning ([#25](https://github.com/meigma/authkit/issues/25)) ([ebc140a](https://github.com/meigma/authkit/commit/ebc140a29718ae7d0882e64ae07f76d25ef5b7d2))
+* **provisioning:** add OIDC provisioning rules ([#30](https://github.com/meigma/authkit/issues/30)) ([727287d](https://github.com/meigma/authkit/commit/727287d41edaa56683e036b46828500162766891))