docs: update changelog, project tracker, QA tracker, and implementation plan

Refresh project documentation to reflect current state of the platform
including recent features, test improvements, and QA status.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

CHANGELOG.md

@@ -8,8 +8,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+- CEO audit plan document with full improvement & feature matrix (TEC-1682)
+- Wave 5 issues: npm vulnerability fixes, test coverage, Saved Searches, Dependabot
+- PgBouncer connection pooling for production PostgreSQL
+- SEO optimization — JSON-LD, dynamic sitemap, meta tags for listings
+- API error codes reference documentation
+- Security headers hardening across API and Web apps
 - Multi-stage production Dockerfile for NestJS API
 - Startup-time validation for JWT secrets (rejects placeholders)
+- Per-type file size limits and 413 responses for media uploads
+- Rate limiting and auth guard for MCP transport controller
+- Async error handling for critical module handlers
+- QueryErrorBoundary component with real map coordinates (web)
+- GDPR-compliant user data deletion endpoint
+- Listing search caching with @Cacheable decorator
+- Auth + search i18n translations and filter-bar accessibility
+
+### Fixed
+- MCP transport controller now requires JWT authentication (BUG-004 resolved)
+- 21 lint errors from GDPR/logger/caching commits
+- Replaced `new Logger()` with DI LoggerService across modules
+- CI workflow branch targets corrected from main to master
+- Lint error and typecheck failures for MVP launch readiness
+
+### Changed
+- Split large files during logger refactor
 
 ---