diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc5bdcb..482a53a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,26 +3,46 @@
 All notable user-visible changes should be recorded here.
 
 ## Unreleased
-
-### Added
-
-- None yet.
-
-### Changed
-
-- None yet.
-
-### Fixed
-
-- None yet.
-
+
+### Added
+
+- None yet.
+
+### Changed
+
+- None yet.
+
+### Fixed
+
+- None yet.
+
 ### Docs
 
 - None yet.
 
+## v0.2.0
+
+### Added
+
+- Added dedicated sanitized parser fixture matrices for both `syslog_legacy` and `journalctl_short_full`, expanding `sshd` and `pam_unix` coverage.
+- Added deterministic unknown-line telemetry coverage for unsupported parser inputs and unknown-pattern buckets.
+
+### Changed
+
+- Moved sudo handling onto the signal layer so detectors consume one unified normalized input model.
+- Kept detector thresholds and the existing report schema stable while simplifying internal detector semantics.
+
+### Fixed
+
+- None.
+
+### Docs
+
+- Improved release-facing documentation in `README.md`, added `docs/release-process.md`, and formalized changelog discipline for future releases.
+
 ## v0.1.0
-
-### Added
+
+### Added
 
 - Parser support for `syslog_legacy` and `journalctl_short_full` authentication log input.
 - Rule-based detections for SSH brute force, multi-user probing, and sudo burst activity.