diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..a64b357
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,67 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.7.0] - 2025-01-25
+
+### Added
+- CHANGELOG.md with version history following Keep a Changelog format
+
+## [0.6.0] - 2025-01-25
+
+### Changed
+- All tools now use latest versions by default instead of pinning specific versions
+- PostgreSQL authentication uses scram-sha-256 for all TCP connections
+- Simplified tool installation by removing version pinning constraints
+
+### Security
+- VNC passwords are never stored and must be entered each time
+- Added documentation for input validation patterns and safe config loading
+
+## [0.5.0] - 2025-01-25
+
+### Security
+- Prevents shell injection through input validation and safe parameter passing
+- Replaces direct sourcing with manual config parsing to avoid code execution
+- Downloads and validates install scripts before execution instead of piping
+- Uses base64 encoding for secure VM parameter transmission
+- Adds checksum verification for binary downloads
+- Creates secure temporary directories and files with proper permissions
+
+## [0.4.0] - 2025-01-25
+
+### Changed
+- Replaces sequential installation with parallel step execution
+- Introduces real-time progress dashboard with spinner and status
+- Removes color variables to improve terminal compatibility
+- Restructures logging with per-step files for better debugging
+
+### Performance
+- Significantly reduces total setup time by running independent steps concurrently
+
+## [0.3.0] - 2025-01-25
+
+### Added
+- Dual-mode operation: orchestration on macOS, provisioning on Linux
+- Interactive component selection with visual menu interface
+- VNC desktop access for OAuth workflows and browser-based tasks
+
+### Security
+- Secure VM creation with disabled host filesystem access
+
+## [0.2.0] - 2025-01-25
+
+### Added
+- OrbStack development sandbox setup script
+- mise version manager with Node.js, Erlang, and Elixir support
+- PostgreSQL 16 with remote access configuration
+- Claude Code integration with multiple plugin marketplaces
+- Chromium browser and Playwright for automation tasks
+
+## [0.1.0] - 2025-01-25
+
+### Added
+- Initial project structure