Changesmith
Log inGet Started

Changelog

New updates and improvements to Changesmith.

v1.11.2

March 30, 2026View on GitHub

Added

  • Add "Force a re-sync" button to the repos list to recover repositories missed due to failed GitHub webhooks — fetches the latest repos from the GitHub API and adds any missing ones to your account (rate-limited to 3 syncs per hour)

Fixed

  • Fix generated changelogs occasionally containing AI reasoning text instead of actual changelog content — the worker now validates that output contains recognizable changelog structure (version headers, sections, or bullet points) before saving
  • Fix CI pipeline failures that blocked production deploys for three weeks — resolve a TypeScript type mismatch in the worker error handler and update Hono to address a file traversal vulnerability
  • Fix TypeScript compilation errors after Hono upgrade where route parameter calls returned `string | undefined` — all affected routes already validate params via middleware, so this was a type-only fix with no behavior change

Security

  • Update hono and @hono/node-server to patched versions to address file traversal vulnerability
  • Update transitive dependencies (tar, flatted, picomatch) to resolve high-severity advisories flagged by CI security audit

v1.11.1

March 28, 2026View on GitHub

Fixed

  • Fix SEO redirect issues by aligning all canonical URLs, sitemap, Open Graph metadata, and branding links to the primary `www.changesmith.dev` domain — eliminates 308 redirects previously flagged by Google Search Console as "Page with redirect" issues

v1.11.0

February 27, 2026View on GitHub

Added

  • Add Logsmith desktop app (`apps/logsmith`) for discovering repos with missing or low-quality changelogs, generating improvements via AI, and submitting PRs — built with Electron, Vite, and React with security-hardened IPC and token management
  • Add Logsmith CLI scripts as a lightweight alternative to the Electron app — bash-based discovery, scoring, lead ranking, cloning, and PR submission that integrates with Claude Code's conversational workflow
  • Add `/hub` resource center with guides for getting started and CI/CD integration — serves as the main entry point for new users, with MDX-powered content, sidebar navigation, and mobile breadcrumbs
  • Refresh `/docs` with a multi-page MDX layout featuring sidebar navigation — includes dedicated pages for CLI reference, configuration, FAQ, and security architecture, replacing the previous single-page design
  • Add admin dashboard at `/dashboard/admin` showing platform-wide usage stats (total users, changelogs, weekly/monthly activity) and tabbed user lists (recent signups vs. recently active), accessible only to allowlisted admins
  • Add Plausible privacy-friendly analytics to the web app
  • Add activity scoring (15 pts) to Logsmith's changelog quality scorer — penalizes repos inactive for over 2 years, helping surface actively maintained projects
  • Add sustained-activity check using the 5th most recent commit date (instead of `last_pushed`) to avoid false positives from bot/dependabot pushes on abandoned repos
  • Add auto-skip filters for archived repos, forks, and awesome lists during Logsmith discovery and scoring
  • Add dependency bump rules framework to Logsmith — classifies whether dependency bumps belong in a changelog based on project type (CLI/lib/web) and dependency category (core/security/CI)
  • Add unified version management via `sync-versions.sh` script that propagates the root `package.json` version to all sub-packages

Changed

  • Improve changelog generation accuracy — require one version section per tag range, add license file additions to the skip list, and add a "never infer or guess" guardrail to the system prompt

Fixed

  • Fix MDX slug routes hardened against path traversal (slug validation + dynamic params disabled)
  • Fix admin dashboard rate limiting and add `createdAt` indexes for query performance
  • Fix admin dashboard type safety by replacing unsafe casts with explicit tuple types
  • Fix database migration to avoid write-blocking on large tables (removed `CONCURRENTLY` from index creation inside transactions)
  • Fix admin login comparison to be case-insensitive
  • Fix MDX rendering errors — wrap `compileMDX` in try/catch to prevent 500s on malformed content
  • Fix maintenance mode to exempt admin API routes so the dashboard remains accessible during outages
  • Fix admin dashboard `count()` queries returning string-typed numbers instead of integers
  • Fix `mailto:` links in admin user table — remove `encodeURIComponent` that was encoding `@` as `%40`, producing invalid URIs
  • Fix missing environment variables (`SENTRY_AUTH_TOKEN`, `ADMIN_GITHUB_LOGINS`, `APP_VERSION`) not declared in `turbo.json`, causing failed source map uploads and broken admin allowlist checks
  • Fix Sentry noise — filter out test-traffic events tagged with `test_source` (e2e, validator, cli-test) at the `beforeSend` level
  • Fix Redis idle connection drops on Railway by adding TCP keepalive (30s) to all Redis clients; filter transient reconnection errors from Sentry
  • Fix BullMQ/ioredis type mismatch by passing connection options instead of Redis instances (resolves version conflict between ioredis 5.9.3 and 5.10.0)
  • Fix `HEAD~N` syntax causing 404 errors on GitHub's compare API for repos with only one tag — resolve to actual SHA for first-release repos
  • Fix Octokit hanging in Electron's main process on non-search endpoints by replacing with direct `fetch` calls
  • Fix GitHub OAuth device flow — validate response status and required fields before use, wrap polling loop in try/catch to prevent hanging sign-in ([#51](https://github.com/PhilipLudington/Changesmith/issues/51), [#52](https://github.com/PhilipLudington/Changesmith/issues/52))
  • Fix OAuth device flow to accumulate `slow_down` interval permanently per RFC 8628, validate HTTPS on `verification_uri`, and check HTTP status before parsing token response
  • Fix N+1 query in Logsmith PR listing — replace `fetchRepoById` loop with a single JOIN query
  • Fix bash substitution error in `submit-pr.sh` — replace bash-only `${VAR,,}` lowercase with portable `tr`-based approach
  • Fix Logsmith CLI repo validation rejecting repos where owner and name are identical (e.g., `helmfile/helmfile`)
  • Fix changelog version heading matching to support `v` prefix (e.g., `## v1.0.0`) in Logsmith structure scoring
  • Fix UTF-8 truncation in Logsmith CLI by using `cut -c` instead of `head -c`
  • Fix changelog entries incorrectly including author names and `@username` attributions — update system prompt and strip author info from tool results
  • Fix Plausible analytics script blocked by Content Security Policy — add `plausible.io` to `script-src` and `connect-src` directives

Security

  • Fix [GHSA-5c6j-r48x-rmvq] — resolve high-severity RCE vulnerability in serialize-javascript by pinning to >=7.0.3
  • Harden MDX anchor component with protocol allowlist to block unsafe URI schemes
  • Harden `mailto:` hrefs against injection in admin user table
  • Restrict MDX link targets to safe protocols (`https:`, `http:`, `mailto:`)

v1.10.0

February 27, 2026View on GitHub

Added

  • Add `/hub` resource center with guides for getting started and CI/CD integration — serves as the main entry point for new users, with MDX-powered content, sidebar navigation, and mobile breadcrumbs
  • Refresh `/docs` with a multi-page MDX layout featuring sidebar navigation — includes dedicated pages for CLI reference, configuration, FAQ, and security architecture, replacing the previous single-page design
  • Add admin dashboard at `/dashboard/admin` showing platform-wide usage stats (total users, changelogs, weekly/monthly activity) and tabbed user lists (recent signups vs. recently active), accessible only to allowlisted admins
  • Add unified version management script (`sync-versions.sh`) that propagates the root `package.json` version to all sub-packages, making the root the single source of truth

Fixed

  • Fix admin dashboard returning string-typed numbers for count queries — values are now correctly cast to integers
  • Fix broken `mailto:` links in the admin user table caused by URL-encoding the `@` character
  • Fix admin dashboard failing to distinguish access-denied (403) from network errors — the page now shows a clear message when the user is not in the admin allowlist
  • Fix MDX content pages returning 500 errors on malformed content — compilation failures now fall back gracefully to a not-found page
  • Fix heading hierarchy skip on `/docs` index page for WCAG compliance

Security

  • Harden MDX slug routes against path traversal by validating slugs and restricting dynamic params to a known set
  • Add content directory allowlist to the MDX loader to prevent directory traversal beyond expected paths
  • Add protocol allowlist to MDX anchor components to block unsafe URI schemes
  • Strengthen admin login comparison to be case-insensitive and whitespace-tolerant, matching GitHub's own login behavior
  • Add rate limiting to the admin dashboard API endpoint
  • Sanitize `mailto:` hrefs in the admin user table against injection by validating emails with a regex before rendering as links
  • Add database indexes on `createdAt` columns for users and changelogs to support bounded admin dashboard queries

v1.9.0

February 27, 2026View on GitHub

Added

  • Add automatic audience detection to tailor changelog language for your readers — Changesmith now infers whether your project targets developers, end-users, or a mixed audience based on repository name and changelog style (e.g., repos with `-sdk`, `-cli`, or `-api` in the name get developer-oriented language). You can also set the `audience` field explicitly in repo settings to override the auto-detection
  • Add security-aware changelog generation — Changesmith now detects security-related commits via CVE/CWE references, security scopes, and keywords, then groups them into a dedicated `### Security` section without duplicating them under other headings. Includes careful false-positive prevention so phrases like "dependency injection" or "build script injection point" aren't misidentified as security issues
  • Add improved prompt guidance for higher-quality changelogs — includes good/bad entry examples, deduplication rules for squash-merge duplicates, a structured Before/After/Migration format for breaking changes, category mapping from commit types to Keep a Changelog sections, and smarter tool-use strategy so the AI fetches extra context only when commit messages are ambiguous
  • Add importance-based commit sorting for large releases — when a release has many commits, the most significant changes (features and fixes) are now prioritized over recency, producing more useful summaries

Fixed

  • Fix a dependency security vulnerability by updating minimatch to a patched version, resolving potential regular expression denial-of-service issues

v1.8.0

February 26, 2026View on GitHub

Added

  • Add `changesmith autotag` command to create git tags from version bumps found in commit history — scans `package.json`, `Cargo.toml`, and `pyproject.toml` for version changes and creates tags at the commits where bumps occurred. Includes `--dry-run` to preview tags, `--push` to push them to origin, `--after <ref>` to limit scan range, and `--prefix <str>` to customize the tag prefix (default: `v`). This replaces the tag-less repository fallbacks previously built into the `local` command

Changed

  • Simplify pricing from 4 tiers to 3 (Free / Pro / Business) — Free now includes 3 generations/month (up from 1) with unlimited repositories, Pro ($9/mo) now includes unlimited generations plus CLI and API token access (previously Business-only), and Business switches to "Contact us" pricing. The Team plan is removed for new signups but remains available for existing subscribers
  • Remove tag-less repository fallbacks from `changesmith local` — the `--depth` flag, `HEAD~N` fallback, and auto-detection of version from package files have been removed in favor of the new `changesmith autotag` command. Error messages now suggest running `changesmith autotag` when no tags are found (**breaking:** if you relied on tag-less `local` behavior, run `changesmith autotag` first to create tags from your version bumps)

Fixed

  • Fix incorrect dates in generated changelog headers — the release date is now determined from the git ref and passed explicitly to the AI, preventing hallucinated or incorrect dates in version headings
  • Fix a vulnerability audit false positive by suppressing a transitive dependency CVE that only affects build tooling, not production runtime

v1.7.0

February 24, 2026View on GitHub

Added

  • Add `--release` flag to the `github` command to publish a GitHub Release in one step after changelog generation — combine with `-w` to both update CHANGELOG.md and publish a release (e.g., `changesmith github v1.2.0 -w --release`). Includes friendly error messages for already-published changelogs and proper recovery when the release publish fails after CHANGELOG.md was already written
  • Add support for tag-less repositories in `changesmith local` — forks, monorepos, and projects without git tags now work out of the box. Version is auto-detected from `package.json`, `Cargo.toml`, or `pyproject.toml`, and the commit range falls back to the last 50 commits when no previous tag exists
  • Add `--dry-run` flag to the `local` command to preview which commits would be included in the changelog without calling the API — helpful for verifying the commit range before spending a generation
  • Add `--depth` flag to the `local` command to control how many commits to include when no tags exist (default: 50)
  • Add duplicate version detection when using `-w` to prevent accidentally adding the same version section to CHANGELOG.md twice — shows a clear error with instructions to remove the existing section or use `-o` instead
  • Add "Generated by Changesmith" branding footer to changelogs generated by free-plan users

Changed

  • Rewrite all CLI documentation to reflect the current `github` and `local` command structure, including new flags (`-w`, `-r`, `--dry-run`, `--depth`), CI/CD examples, and a `github` vs `local` comparison table
  • Update the docs page on the website with a new Guides section linking to Getting Started, CLI Reference, Configuration, and FAQ guides

Fixed

  • Fix CI lint and type-check failures caused by formatting inconsistencies and overly narrow mock return types in tests

v1.6.7

February 24, 2026View on GitHub

Fixed

  • Fix deployment status workflows (Checkly and Sentry evidence) by removing concurrency groups that were cancelling in-progress check suites, which Railway interpreted as failures and blocked auto-deploy on every push to main

v1.6.6

February 24, 2026View on GitHub

Fixed

  • Fix Sentry evidence workflow to only run for supported deployment environments instead of failing on unsupported ones like Preview deployments
  • Fix Checkly monitoring workflow to only run for supported deployment environments to avoid unnecessary runs on Preview deployments

v1.6.5

February 24, 2026View on GitHub

Fixed

  • Fix Railway deployment sync workflow to only update production services, preventing "Commit not found" errors when syncing APP_VERSION to development environments that track different branches

v1.6.4

View on GitHub

Fixed

  • Fix Railway deployment workflow authentication by properly configuring GitHub environment secrets access and Railway CLI token requirements

v1.6.3

February 24, 2026View on GitHub

Fixed

  • Fix API type check errors by correcting invalid error handling arguments, handling undefined database records, and adding missing type imports
  • Fix API token length validation to properly accept cs_ tokens instead of incorrectly rejecting them as too short

v1.6.2

View on GitHub

Fixed

  • Fix CI pipeline formatting and type check failures by running prettier on 12 files with style drift and resolving worker type casting issues
  • Exclude auto-generated CHANGELOG.md file from prettier formatting to prevent reformatting of generated content
  • Upgrade monitoring dependencies and patch security vulnerability by updating checkly to v7.1.0 and overriding vulnerable minimatch versions

v1.6.1

View on GitHub

Fixed

  • Fix CLI installation issue where bundled workspace dependencies caused npm registry errors during package installation

v1.6.0

February 24, 2026View on GitHub

Added

  • Add local changelog generation allowing the CLI to collect commits and diffs from a local git repository and process them without requiring a GitHub App installation
  • Add revocable API token generation with dashboard management for CLI and CI/CD authentication, including secure token storage and business plan gating
  • Add comprehensive CLI dashboard page with installation instructions, authentication guide, and CI/CD integration examples
  • Add prominent support and suggestion email CTAs to contact page and dashboard with pre-filled subject lines for easy triage

Fixed

  • Fix npm installation of CLI package by bundling workspace dependencies instead of leaving unresolvable workspace references
  • Fix missing ID anchor on CLI section in documentation page preventing anchor links from working correctly
  • Include CHANGELOG.md in Turbo build inputs to prevent stale content being served when only the changelog is updated

Changed

  • Gate CLI access to Business plan users with appropriate error messaging and upgrade prompts
  • Update CLI command structure making `local` the primary command with `github` for GitHub App-based generation (maintains backwards compatibility with hidden alias)

v1.5.1

February 14, 2026View on GitHub

Added

  • Automated changelog parsing from CHANGELOG.md file for the website changelog page instead of maintaining a hardcoded releases array

Fixed

  • Fix release version ordering to sort by semantic version (newest first) instead of publish date, preventing hotfix patches from appearing above higher minor versions

Changed

  • Upgrade changelog generation model for improved quality and accuracy
  • Remove hardcoded RELEASES array from changelog page in favor of build-time parsing

v1.5.0

View on GitHub

Added

  • Automated CHANGELOG.md sync as background job with incremental append and full rebuild support

Fixed

  • Sentry evidence verification handling of empty artifact counts in bundle mode
  • Worker package.json configuration causing deployment failures on Railway
  • Publish endpoint synchronization race condition with repository settings loading

Changed

  • Moved CHANGELOG.md sync from inline processing to BullMQ background job for better performance
  • Enhanced Sentry evidence validation with strict DSN parsing and artifact verification

v1.4.1

February 13, 2026View on GitHub

Added

  • Automated Sentry release creation and APP_VERSION synchronization to Railway services
  • Worker heartbeat monitoring and liveness check-ins for better observability
  • Comprehensive test coverage for worker liveness and Sentry monitoring features
  • Configurable worker concurrency and rate limits via environment variables
  • Agentic loop timeout protection (10 minutes wall-clock limit)
  • Sentry evidence workflow with GitHub Actions automation
  • Dockerfile deployment migration for worker service with improved layer caching

Fixed

  • Security vulnerabilities including GitHub Actions script injection and resource leaks
  • Production E2E test failures by skipping fixture-dependent tests in production environment
  • Worker shutdown process now properly closes database pools and Redis connections
  • Sentry initialization errors are now caught and logged instead of crashing services
  • Invalid test source headers no longer fail requests (log-and-continue behavior)
  • Worker configuration validation and environment variable format checking
  • Maintenance mode awareness for deployment checks and Checkly monitoring

Changed

  • Worker Railway configuration migrated from Nixpacks to Docker deployment
  • Enhanced Sentry observability with consecutive check-in failure logging
  • Optimized Docker build process with dependency manifest layer caching
  • Shared web Sentry configuration extracted to reduce code duplication
  • Test source header validation switched to non-blocking mode

Security

  • Fixed GitHub Actions script injection vulnerabilities by moving interpolations to environment blocks
  • Enhanced data scrubbing and validation across all Sentry configurations
  • Strengthened APP_VERSION format validation in build scripts

v1.4.0

View on GitHub

Added

  • Add semantic-release alternative landing page with comparison content and FAQ section
  • Add standard-version alternative landing page highlighting tool deprecation
  • Add security guidelines to changelog generation prompts for responsible output
  • Add end-to-end tests for SEO landing pages to ensure proper rendering
  • Add additional security pattern detection for environment variable references

Changed

  • Reorganize footer navigation into logical groupings (Generators, Alternatives, Product)
  • Improve test coverage for security prompt validation

Fixed

  • Fix SEO landing page tests by removing invalid visibility checks on hidden script elements

v1.3.1

February 8, 2026View on GitHub

Added

  • SEO landing pages for organic search traffic targeting changelog and release note generators
  • Custom 404 page with branded navigation and helpful links
  • Organization JSON-LD structured data on homepage for Google knowledge panel
  • Landing pages for Beamer, Canny, and Conventional Changelog alternatives
  • Landing pages for ChangelogIt alternative and Git changelog generator
  • Automated release notes and GitHub release notes generator landing pages
  • Validation of GitHub OAuth credentials at application startup
  • BUILD_DATE environment variable automatically set during build

Fixed

  • CSRF cookie lifetime now matches session cookie to prevent "session expired" errors on POST requests
  • CSRF cookie refresh for server-side rendered pages when expired mid-session
  • Accessibility issue by adding aria-hidden to decorative SVG icons
  • Beamer alternative page copy and metadata for better search results
  • Vercel build warnings by declaring environment variables and updating Next.js
  • High-severity DoS vulnerability by overriding axios to version 1.13.5+
  • Semgrep false positives on test fixture secrets with proper annotations
  • Checkly test concurrency conflicts by scoping group to deployment environment
  • Semgrep scanning its own output files causing duplicate alerts
  • Entropy threshold lowered to 3.5 to accept valid hex-encoded secrets
  • Removed unused Turbo output configuration causing build warnings

Changed

  • Documentation updated with v1.3.0 changelog entry and GitHub release notes alignment
  • Refactored landing pages to use shared reusable components

v1.3.0

February 3, 2026View on GitHub

Added

  • Maintenance mode support across all services - set `MAINTENANCE_MODE=true` to temporarily pause processing while displaying maintenance page to users
  • Maintenance status reporting in health endpoints for monitoring and validation scripts

Fixed

  • Replace debug console.error with structured logger in GitHub OAuth callback flow
  • TypeScript 5.9 compatibility errors in API routes and Hono context typing
  • CLI test assertions and error handling to prevent silent test failures
  • Cross-platform path handling and edge case coverage in CLI tests
  • Repository name parsing to properly handle dots in repository names (e.g., my.repo.git)
  • TypeScript cast errors and normalize Hono typing across all route files
  • Hardcoded pnpm version in Checkly workflow that was causing CI failures
  • E2E test configuration and cookie domain issues for proper authentication
  • Vercel deployment protection bypass for development environment validation

Documentation

  • Add e2e test and deploy validation instructions for development environment setup

v1.2.0

View on GitHub

Added

  • Add CLI configuration management with `config` command and comprehensive subcommands (show, set, get, reset) supporting both project and user configuration
  • Add comprehensive CLI README with installation guide, usage examples, and CI/CD integration instructions
  • Add device authentication flow for CLI allowing secure login via browser verification
  • Add bearer token authentication to API with CSRF exemption for CLI clients
  • Add repository lookup by name endpoint for CLI git-remote-to-repository resolution
  • Add post-deployment validation script with 29 comprehensive checks covering infrastructure, API endpoints, security headers, and web pages
  • Add Checkly monitoring with 5 continuous production checks including API health, authentication endpoints, and browser-based homepage/login page monitoring
  • Add CI integration for Checkly with automated deployment of monitoring checks
  • Add reply-to email address configuration for all outgoing notification emails
  • Add Railway deployment optimization with selective watch patterns to prevent unnecessary rebuilds
  • Add HSTS security header to API middleware
  • Add llms.txt file for AI agent discoverability

Changed

  • Rewrite CLI as thin API client that generates changelogs server-side instead of local AI SDK calls
  • Replace local changelog generation with API-based generation and polling workflow
  • Remove deprecated `push` command and AI SDK dependencies from CLI
  • Switch database driver from neon-http to neon-serverless to support transactions for changelog recovery and publishing
  • Remove CONCURRENTLY option from database migrations for Drizzle transaction compatibility

Fixed

  • Fix PostgreSQL array parameter handling by using parameterized IN clauses instead of ANY() for neon-serverless driver compatibility
  • Add WebSocket package support for neon-serverless driver in Node.js environments
  • Include error details in stuck changelog failure logs for better debugging visibility
  • Fix 22 device authentication security issues including race conditions, input validation, timing attacks, and robustness improvements
  • Add comprehensive error handling, exponential backoff, and collision detection for device authentication flow
  • Fix CSRF race conditions in device authorization form with atomic state management
  • Add device code memory exhaustion protection and stale lock detection
  • Fix deployment validation script header checks with proper error handling for missing responses
  • Remove problematic dashboard redirect validation that incorrectly flagged www-redirect behavior
  • Address multiple CLI security, validation, and user experience improvements from code review

v1.1.0

View on GitHub

Added

  • Add pagination to changelogs page with Previous/Next controls and page counts
  • Add search functionality to changelogs page with debounced search input
  • Add release URL link to published changelogs with "View Release" button and external link icon
  • Add failed status and retry functionality for stuck draft generation with automatic timeout detection
  • Add warning when publishing would update an existing GitHub release
  • Add shared Header and Footer components with trust signals, security information, and FAQ
  • Add before/after demo section and product screenshots carousel on landing page
  • Add clickable release URL display after successful changelog publishing

Fixed

  • Fix database validation to handle multiple PostgreSQL driver result formats more robustly
  • Fix session fingerprint mismatch for Next.js SSR requests by skipping validation for GET/HEAD/OPTIONS
  • Fix async event handler in worker failed callback to prevent unhandled promise rejections
  • Skip CSRF validation on logout endpoint to fix logout button functionality
  • Fix debounced search racing with polling by preventing search execution on component mount
  • Correct database migration journal entries and renumber migration files
  • Fix UUID route parameter validation to return 404 for non-UUID strings before database queries
  • Address multiple security and reliability issues including HTML injection prevention, rate limiting improvements, and error handling
  • Fix code quality issues including SQL parameterization, environment variable validation, and proper error boundaries
  • Resolve CI/CD workflow issues with security scanning tools and dependency management
  • Fix stuck changelog detection race conditions and improve concurrent request handling

Changed

  • Rename "drafts" to "changelogs" throughout the entire codebase including database tables, API routes, UI components, and documentation
  • Allow unlimited repositories for all tiers
  • Support updating existing GitHub releases with confirmation dialog
  • Allow regenerating any changelog including previously published ones
  • Update business tier with CLI and API Access as tier-exclusive features

Performance

  • Replace N+1 stuck changelog cleanup with single bulk SQL update using jsonb_set
  • Optimize changelog list queries with single count(*) OVER() query pattern
  • Add pagination limits and bulk operations to improve database performance

Documentation

  • Add comprehensive README with product overview, getting started guide, and architecture details
  • Update documentation to reflect drafts-to-changelogs terminology change
  • Add CLI reference documentation with commands and examples
  • Add configuration guide and deployment instructions

v1.0.1

January 29, 2026View on GitHub

Fixed

  • Fix authentication issues preventing users from accessing secured endpoints
  • Fix CSRF token validation failures causing 403 errors on changelog generation, draft save/publish, and billing actions
  • Fix logout functionality to properly include CSRF tokens in requests
  • Fix cookie domain configuration for proper authentication across subdomains

Changed

  • Remove specific AI model mentions from web interface for a more generic product experience
  • Update deployment configuration to use Railway for hosting services
  • Improve error handling and debugging capabilities across the application
  • Update build and deployment processes for better reliability

Added

  • Add comprehensive deployment documentation and production checklists
  • Add proper TypeScript build configuration with ESM bundling
  • Add Sentry integration for error tracking and monitoring
  • Add enhanced CORS configuration for cross-subdomain support

v1.0.0

View on GitHub

Added

  • AI-powered changelog generation from git commits
  • GitHub App integration for automatic release detection
  • Style matching from existing CHANGELOG.md files
  • Markdown editor with live preview
  • One-click publishing to GitHub Releases
  • CLI for local changelog generation

Generated with Changesmith, of course.