Changesmith
Log inGet Started

Changelog

New updates and improvements to Changesmith.

v1.9.0

February 27, 2026View on GitHub

Added

  • Add automatic audience detection to tailor changelog language for your readers — Changesmith now infers whether your project targets developers, end-users, or a mixed audience based on repository name and changelog style (e.g., repos with `-sdk`, `-cli`, or `-api` in the name get developer-oriented language). You can also set the `audience` field explicitly in repo settings to override the auto-detection
  • Add security-aware changelog generation — Changesmith now detects security-related commits via CVE/CWE references, security scopes, and keywords, then groups them into a dedicated `### Security` section without duplicating them under other headings. Includes careful false-positive prevention so phrases like "dependency injection" or "build script injection point" aren't misidentified as security issues
  • Add improved prompt guidance for higher-quality changelogs — includes good/bad entry examples, deduplication rules for squash-merge duplicates, a structured Before/After/Migration format for breaking changes, category mapping from commit types to Keep a Changelog sections, and smarter tool-use strategy so the AI fetches extra context only when commit messages are ambiguous
  • Add importance-based commit sorting for large releases — when a release has many commits, the most significant changes (features and fixes) are now prioritized over recency, producing more useful summaries

Fixed

  • Fix a dependency security vulnerability by updating minimatch to a patched version, resolving potential regular expression denial-of-service issues

v1.8.0

February 26, 2026View on GitHub

Added

  • Add `changesmith autotag` command to create git tags from version bumps found in commit history — scans `package.json`, `Cargo.toml`, and `pyproject.toml` for version changes and creates tags at the commits where bumps occurred. Includes `--dry-run` to preview tags, `--push` to push them to origin, `--after <ref>` to limit scan range, and `--prefix <str>` to customize the tag prefix (default: `v`). This replaces the tag-less repository fallbacks previously built into the `local` command

Changed

  • Simplify pricing from 4 tiers to 3 (Free / Pro / Business) — Free now includes 3 generations/month (up from 1) with unlimited repositories, Pro ($9/mo) now includes unlimited generations plus CLI and API token access (previously Business-only), and Business switches to "Contact us" pricing. The Team plan is removed for new signups but remains available for existing subscribers
  • Remove tag-less repository fallbacks from `changesmith local` — the `--depth` flag, `HEAD~N` fallback, and auto-detection of version from package files have been removed in favor of the new `changesmith autotag` command. Error messages now suggest running `changesmith autotag` when no tags are found (**breaking:** if you relied on tag-less `local` behavior, run `changesmith autotag` first to create tags from your version bumps)

Fixed

  • Fix incorrect dates in generated changelog headers — the release date is now determined from the git ref and passed explicitly to the AI, preventing hallucinated or incorrect dates in version headings
  • Fix a vulnerability audit false positive by suppressing a transitive dependency CVE that only affects build tooling, not production runtime

v1.7.0

February 24, 2026View on GitHub

Added

  • Add `--release` flag to the `github` command to publish a GitHub Release in one step after changelog generation — combine with `-w` to both update CHANGELOG.md and publish a release (e.g., `changesmith github v1.2.0 -w --release`). Includes friendly error messages for already-published changelogs and proper recovery when the release publish fails after CHANGELOG.md was already written
  • Add support for tag-less repositories in `changesmith local` — forks, monorepos, and projects without git tags now work out of the box. Version is auto-detected from `package.json`, `Cargo.toml`, or `pyproject.toml`, and the commit range falls back to the last 50 commits when no previous tag exists
  • Add `--dry-run` flag to the `local` command to preview which commits would be included in the changelog without calling the API — helpful for verifying the commit range before spending a generation
  • Add `--depth` flag to the `local` command to control how many commits to include when no tags exist (default: 50)
  • Add duplicate version detection when using `-w` to prevent accidentally adding the same version section to CHANGELOG.md twice — shows a clear error with instructions to remove the existing section or use `-o` instead
  • Add "Generated by Changesmith" branding footer to changelogs generated by free-plan users

Changed

  • Rewrite all CLI documentation to reflect the current `github` and `local` command structure, including new flags (`-w`, `-r`, `--dry-run`, `--depth`), CI/CD examples, and a `github` vs `local` comparison table
  • Update the docs page on the website with a new Guides section linking to Getting Started, CLI Reference, Configuration, and FAQ guides

Fixed

  • Fix CI lint and type-check failures caused by formatting inconsistencies and overly narrow mock return types in tests

v1.6.7

February 24, 2026View on GitHub

Fixed

  • Fix deployment status workflows (Checkly and Sentry evidence) by removing concurrency groups that were cancelling in-progress check suites, which Railway interpreted as failures and blocked auto-deploy on every push to main

v1.6.6

February 24, 2026View on GitHub

Fixed

  • Fix Sentry evidence workflow to only run for supported deployment environments instead of failing on unsupported ones like Preview deployments
  • Fix Checkly monitoring workflow to only run for supported deployment environments to avoid unnecessary runs on Preview deployments

v1.6.5

February 24, 2026View on GitHub

Fixed

  • Fix Railway deployment sync workflow to only update production services, preventing "Commit not found" errors when syncing APP_VERSION to development environments that track different branches

v1.6.4

View on GitHub

Fixed

  • Fix Railway deployment workflow authentication by properly configuring GitHub environment secrets access and Railway CLI token requirements

v1.6.3

February 24, 2026View on GitHub

Fixed

  • Fix API type check errors by correcting invalid error handling arguments, handling undefined database records, and adding missing type imports
  • Fix API token length validation to properly accept cs_ tokens instead of incorrectly rejecting them as too short

v1.6.2

View on GitHub

Fixed

  • Fix CI pipeline formatting and type check failures by running prettier on 12 files with style drift and resolving worker type casting issues
  • Exclude auto-generated CHANGELOG.md file from prettier formatting to prevent reformatting of generated content
  • Upgrade monitoring dependencies and patch security vulnerability by updating checkly to v7.1.0 and overriding vulnerable minimatch versions

v1.6.1

View on GitHub

Fixed

  • Fix CLI installation issue where bundled workspace dependencies caused npm registry errors during package installation

v1.6.0

February 24, 2026View on GitHub

Added

  • Add local changelog generation allowing the CLI to collect commits and diffs from a local git repository and process them without requiring a GitHub App installation
  • Add revocable API token generation with dashboard management for CLI and CI/CD authentication, including secure token storage and business plan gating
  • Add comprehensive CLI dashboard page with installation instructions, authentication guide, and CI/CD integration examples
  • Add prominent support and suggestion email CTAs to contact page and dashboard with pre-filled subject lines for easy triage

Fixed

  • Fix npm installation of CLI package by bundling workspace dependencies instead of leaving unresolvable workspace references
  • Fix missing ID anchor on CLI section in documentation page preventing anchor links from working correctly
  • Include CHANGELOG.md in Turbo build inputs to prevent stale content being served when only the changelog is updated

Changed

  • Gate CLI access to Business plan users with appropriate error messaging and upgrade prompts
  • Update CLI command structure making `local` the primary command with `github` for GitHub App-based generation (maintains backwards compatibility with hidden alias)

v1.5.1

February 14, 2026View on GitHub

Added

  • Automated changelog parsing from CHANGELOG.md file for the website changelog page instead of maintaining a hardcoded releases array

Fixed

  • Fix release version ordering to sort by semantic version (newest first) instead of publish date, preventing hotfix patches from appearing above higher minor versions

Changed

  • Upgrade changelog generation model for improved quality and accuracy
  • Remove hardcoded RELEASES array from changelog page in favor of build-time parsing

v1.5.0

View on GitHub

Added

  • Automated CHANGELOG.md sync as background job with incremental append and full rebuild support

Fixed

  • Sentry evidence verification handling of empty artifact counts in bundle mode
  • Worker package.json configuration causing deployment failures on Railway
  • Publish endpoint synchronization race condition with repository settings loading

Changed

  • Moved CHANGELOG.md sync from inline processing to BullMQ background job for better performance
  • Enhanced Sentry evidence validation with strict DSN parsing and artifact verification

v1.4.1

February 13, 2026View on GitHub

Added

  • Automated Sentry release creation and APP_VERSION synchronization to Railway services
  • Worker heartbeat monitoring and liveness check-ins for better observability
  • Comprehensive test coverage for worker liveness and Sentry monitoring features
  • Configurable worker concurrency and rate limits via environment variables
  • Agentic loop timeout protection (10 minutes wall-clock limit)
  • Sentry evidence workflow with GitHub Actions automation
  • Dockerfile deployment migration for worker service with improved layer caching

Fixed

  • Security vulnerabilities including GitHub Actions script injection and resource leaks
  • Production E2E test failures by skipping fixture-dependent tests in production environment
  • Worker shutdown process now properly closes database pools and Redis connections
  • Sentry initialization errors are now caught and logged instead of crashing services
  • Invalid test source headers no longer fail requests (log-and-continue behavior)
  • Worker configuration validation and environment variable format checking
  • Maintenance mode awareness for deployment checks and Checkly monitoring

Changed

  • Worker Railway configuration migrated from Nixpacks to Docker deployment
  • Enhanced Sentry observability with consecutive check-in failure logging
  • Optimized Docker build process with dependency manifest layer caching
  • Shared web Sentry configuration extracted to reduce code duplication
  • Test source header validation switched to non-blocking mode

Security

  • Fixed GitHub Actions script injection vulnerabilities by moving interpolations to environment blocks
  • Enhanced data scrubbing and validation across all Sentry configurations
  • Strengthened APP_VERSION format validation in build scripts

v1.4.0

View on GitHub

Added

  • Add semantic-release alternative landing page with comparison content and FAQ section
  • Add standard-version alternative landing page highlighting tool deprecation
  • Add security guidelines to changelog generation prompts for responsible output
  • Add end-to-end tests for SEO landing pages to ensure proper rendering
  • Add additional security pattern detection for environment variable references

Changed

  • Reorganize footer navigation into logical groupings (Generators, Alternatives, Product)
  • Improve test coverage for security prompt validation

Fixed

  • Fix SEO landing page tests by removing invalid visibility checks on hidden script elements

v1.3.1

February 8, 2026View on GitHub

Added

  • SEO landing pages for organic search traffic targeting changelog and release note generators
  • Custom 404 page with branded navigation and helpful links
  • Organization JSON-LD structured data on homepage for Google knowledge panel
  • Landing pages for Beamer, Canny, and Conventional Changelog alternatives
  • Landing pages for ChangelogIt alternative and Git changelog generator
  • Automated release notes and GitHub release notes generator landing pages
  • Validation of GitHub OAuth credentials at application startup
  • BUILD_DATE environment variable automatically set during build

Fixed

  • CSRF cookie lifetime now matches session cookie to prevent "session expired" errors on POST requests
  • CSRF cookie refresh for server-side rendered pages when expired mid-session
  • Accessibility issue by adding aria-hidden to decorative SVG icons
  • Beamer alternative page copy and metadata for better search results
  • Vercel build warnings by declaring environment variables and updating Next.js
  • High-severity DoS vulnerability by overriding axios to version 1.13.5+
  • Semgrep false positives on test fixture secrets with proper annotations
  • Checkly test concurrency conflicts by scoping group to deployment environment
  • Semgrep scanning its own output files causing duplicate alerts
  • Entropy threshold lowered to 3.5 to accept valid hex-encoded secrets
  • Removed unused Turbo output configuration causing build warnings

Changed

  • Documentation updated with v1.3.0 changelog entry and GitHub release notes alignment
  • Refactored landing pages to use shared reusable components

v1.3.0

February 3, 2026View on GitHub

Added

  • Maintenance mode support across all services - set `MAINTENANCE_MODE=true` to temporarily pause processing while displaying maintenance page to users
  • Maintenance status reporting in health endpoints for monitoring and validation scripts

Fixed

  • Replace debug console.error with structured logger in GitHub OAuth callback flow
  • TypeScript 5.9 compatibility errors in API routes and Hono context typing
  • CLI test assertions and error handling to prevent silent test failures
  • Cross-platform path handling and edge case coverage in CLI tests
  • Repository name parsing to properly handle dots in repository names (e.g., my.repo.git)
  • TypeScript cast errors and normalize Hono typing across all route files
  • Hardcoded pnpm version in Checkly workflow that was causing CI failures
  • E2E test configuration and cookie domain issues for proper authentication
  • Vercel deployment protection bypass for development environment validation

Documentation

  • Add e2e test and deploy validation instructions for development environment setup

v1.2.0

View on GitHub

Added

  • Add CLI configuration management with `config` command and comprehensive subcommands (show, set, get, reset) supporting both project and user configuration
  • Add comprehensive CLI README with installation guide, usage examples, and CI/CD integration instructions
  • Add device authentication flow for CLI allowing secure login via browser verification
  • Add bearer token authentication to API with CSRF exemption for CLI clients
  • Add repository lookup by name endpoint for CLI git-remote-to-repository resolution
  • Add post-deployment validation script with 29 comprehensive checks covering infrastructure, API endpoints, security headers, and web pages
  • Add Checkly monitoring with 5 continuous production checks including API health, authentication endpoints, and browser-based homepage/login page monitoring
  • Add CI integration for Checkly with automated deployment of monitoring checks
  • Add reply-to email address configuration for all outgoing notification emails
  • Add Railway deployment optimization with selective watch patterns to prevent unnecessary rebuilds
  • Add HSTS security header to API middleware
  • Add llms.txt file for AI agent discoverability

Changed

  • Rewrite CLI as thin API client that generates changelogs server-side instead of local AI SDK calls
  • Replace local changelog generation with API-based generation and polling workflow
  • Remove deprecated `push` command and AI SDK dependencies from CLI
  • Switch database driver from neon-http to neon-serverless to support transactions for changelog recovery and publishing
  • Remove CONCURRENTLY option from database migrations for Drizzle transaction compatibility

Fixed

  • Fix PostgreSQL array parameter handling by using parameterized IN clauses instead of ANY() for neon-serverless driver compatibility
  • Add WebSocket package support for neon-serverless driver in Node.js environments
  • Include error details in stuck changelog failure logs for better debugging visibility
  • Fix 22 device authentication security issues including race conditions, input validation, timing attacks, and robustness improvements
  • Add comprehensive error handling, exponential backoff, and collision detection for device authentication flow
  • Fix CSRF race conditions in device authorization form with atomic state management
  • Add device code memory exhaustion protection and stale lock detection
  • Fix deployment validation script header checks with proper error handling for missing responses
  • Remove problematic dashboard redirect validation that incorrectly flagged www-redirect behavior
  • Address multiple CLI security, validation, and user experience improvements from code review

v1.1.0

View on GitHub

Added

  • Add pagination to changelogs page with Previous/Next controls and page counts
  • Add search functionality to changelogs page with debounced search input
  • Add release URL link to published changelogs with "View Release" button and external link icon
  • Add failed status and retry functionality for stuck draft generation with automatic timeout detection
  • Add warning when publishing would update an existing GitHub release
  • Add shared Header and Footer components with trust signals, security information, and FAQ
  • Add before/after demo section and product screenshots carousel on landing page
  • Add clickable release URL display after successful changelog publishing

Fixed

  • Fix database validation to handle multiple PostgreSQL driver result formats more robustly
  • Fix session fingerprint mismatch for Next.js SSR requests by skipping validation for GET/HEAD/OPTIONS
  • Fix async event handler in worker failed callback to prevent unhandled promise rejections
  • Skip CSRF validation on logout endpoint to fix logout button functionality
  • Fix debounced search racing with polling by preventing search execution on component mount
  • Correct database migration journal entries and renumber migration files
  • Fix UUID route parameter validation to return 404 for non-UUID strings before database queries
  • Address multiple security and reliability issues including HTML injection prevention, rate limiting improvements, and error handling
  • Fix code quality issues including SQL parameterization, environment variable validation, and proper error boundaries
  • Resolve CI/CD workflow issues with security scanning tools and dependency management
  • Fix stuck changelog detection race conditions and improve concurrent request handling

Changed

  • Rename "drafts" to "changelogs" throughout the entire codebase including database tables, API routes, UI components, and documentation
  • Allow unlimited repositories for all tiers
  • Support updating existing GitHub releases with confirmation dialog
  • Allow regenerating any changelog including previously published ones
  • Update business tier with CLI and API Access as tier-exclusive features

Performance

  • Replace N+1 stuck changelog cleanup with single bulk SQL update using jsonb_set
  • Optimize changelog list queries with single count(*) OVER() query pattern
  • Add pagination limits and bulk operations to improve database performance

Documentation

  • Add comprehensive README with product overview, getting started guide, and architecture details
  • Update documentation to reflect drafts-to-changelogs terminology change
  • Add CLI reference documentation with commands and examples
  • Add configuration guide and deployment instructions

v1.0.1

January 29, 2026View on GitHub

Fixed

  • Fix authentication issues preventing users from accessing secured endpoints
  • Fix CSRF token validation failures causing 403 errors on changelog generation, draft save/publish, and billing actions
  • Fix logout functionality to properly include CSRF tokens in requests
  • Fix cookie domain configuration for proper authentication across subdomains

Changed

  • Remove specific AI model mentions from web interface for a more generic product experience
  • Update deployment configuration to use Railway for hosting services
  • Improve error handling and debugging capabilities across the application
  • Update build and deployment processes for better reliability

Added

  • Add comprehensive deployment documentation and production checklists
  • Add proper TypeScript build configuration with ESM bundling
  • Add Sentry integration for error tracking and monitoring
  • Add enhanced CORS configuration for cross-subdomain support

v1.0.0

View on GitHub

Added

  • AI-powered changelog generation from git commits
  • GitHub App integration for automatic release detection
  • Style matching from existing CHANGELOG.md files
  • Markdown editor with live preview
  • One-click publishing to GitHub Releases
  • CLI for local changelog generation

Generated with Changesmith, of course.