bostonaholic/changelog
skills/changelog/SKILL.md
Keep a Changelog methodology — loaded by the ship phase to update CHANGELOG.md with user-facing changes, filtering out internal-only commits
$ install --global
skillsauthnpx skillsauth add bostonaholic/team changelogInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 31, 2026, 3:55 AM10.7s1 file scanned
SKILL.md
- name:
- changelog
- description:
- Keep a Changelog methodology — loaded by the ship phase to update CHANGELOG.md with user-facing changes, filtering out internal-only commits
- user-invocable:
- false
Changelog
A changelog is a curated, human-readable record of notable changes to a project. It exists for users and consumers of the project — not for developers. Every entry should answer: "How does this affect me?"
This methodology follows Keep a Changelog conventions.
File Structure
The changelog lives at CHANGELOG.md in the project root. If it does not
exist, create it.
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
## [Unreleased]
### Added
- ...
### Changed
- ...
### Fixed
- ...
Section Types
Every entry belongs to exactly one section:
| Section | When to use |
|---------|-------------|
| Added | New features, new commands, new options |
| Changed | Changes to existing behavior that users will notice |
| Deprecated | Features scheduled for removal in a future release |
| Removed | Features removed in this release |
| Fixed | Bug fixes |
| Security | Vulnerability fixes — always document these |
The Unreleased Section
All changes go under [Unreleased] until a version is tagged. When a version
is released, the [Unreleased] section is renamed to [X.Y.Z] - YYYY-MM-DD
and a new empty [Unreleased] section is added above it.
## [Unreleased]
## [1.2.0] - 2026-03-15
### Added
- OAuth2 login with GitHub provider
Writing Entries
Each entry is a single bullet point. Write it from the user's perspective — what they can now do, what changed, what was fixed.
Good entries
- Add GitHub OAuth2 login — users can now sign in with their GitHub account
- Fix token expiry check that caused premature session logout
- Change API rate limit from 100 to 1000 requests per minute
Bad entries
- Refactor auth middleware to use new token validation pattern
- Update dependencies
- Fix bug in session.go line 42
- WIP cleanup
The bad entries describe implementation details. They tell developers what changed in the code, not users what changed in their experience.
Filtering Commits for Changelog Entries
When generating changelog entries from commit history, apply this filter:
Include
feat:commits — these are new features. Every feat commit gets an entry.fix:commits — these are bug fixes. Every fix commit gets an entry.perf:commits — performance improvements users will feel.BREAKING CHANGE:— always include, regardless of commit type.security:or security-relatedfix:— always include.
Exclude
chore:commits — tooling, build, dependency updates (unless a dependency update changes user-visible behavior, in which case document the behavior change, not the dep update).test:commits — internal test additions/changes.refactor:commits — internal code restructuring with no behavior change.docs:commits — unless the docs change represents the only change in the release and users rely on the documentation as the product.ci:commits — CI/CD pipeline changes.revert:commits — if a feat was added and reverted in the same release, neither appears in the changelog.- WIP commits, fixup commits, merge commits.
Applying This in the Ship Phase
When the ship phase runs, before committing:
-
Scan commits since the last changelog entry. Use
git logto find commits since the last version tag or the last changelog update. -
Filter to user-facing commits using the Include/Exclude rules above.
-
Translate each included commit to a user-facing bullet. Rewrite the commit message in plain language if the commit message is technical. The entry should complete the sentence: "Users can now..." or "We fixed..."
-
Add entries under
[Unreleased]in the appropriate section. -
Sort within sections: most impactful changes first.
-
Include the changelog update in the ship commit. The
CHANGELOG.mdchange should be part of the same commit as the code changes it documents.
Example Transformation
Given these commits:
feat(auth): add OAuth2 login with GitHub provider
fix: resolve token expiry causing premature logout
chore: update eslint to v9
test: add unit tests for session middleware
refactor: extract token validation to shared utility
The changelog entry would be:
## [Unreleased]
### Added
- GitHub OAuth2 login — users can sign in with their GitHub account
### Fixed
- Token expiry check that caused sessions to expire prematurely
chore, test, and refactor commits are excluded. The feat and fix
commits are rewritten in user-facing language.
Rules
- Never document internal implementation details. If a user would not notice the change in behavior, it does not go in the changelog.
- One entry per user-visible change. Multiple commits that implement a single feature produce one entry.
- Write in past tense. "Added X" not "Add X". The changelog records what happened.
- Keep entries short. One to two sentences maximum. Link to documentation for details if needed.
- Always update
[Unreleased]. Never create a versioned section without the user explicitly asking for a release.
Related Skills
bostonaholic/progress-tracking
data-ai
VerifiedTrustedCommunity
Todo-first progress convention for multi-step procedures — loaded by every multi-step agent to track its own steps without drift
3SKILL.mdUpdated Jun 2, 2026
bostonaholic/eng-design-doc-review
testing
VerifiedTrustedCommunity
Adversarially review a technical design document with fresh context before the human gate. Dispatches the built-in `general-purpose` subagent (clean context, no shared history with the design-author) against `docs/plans/<id>/design.md` and presents its verdict — APPROVE, REQUEST CHANGES, or COMMENT. Optional, not part of the QRSPI pipeline. Trigger on "review the design doc", "audit design.md", "is this design ready", or `/eng-design-doc-review`.
3SKILL.mdUpdated May 23, 2026
bostonaholic/code-review
development
VerifiedTrustedCommunity
Generator-evaluator separation and review methodology — loaded by review agents to enforce fresh-context review discipline, Conventional Comments format, and gate verdicts
3SKILL.mdUpdated May 2, 2026
bostonaholic/team-worktree
data-ai
VerifiedTrustedCommunity
Prepare one or more isolated git worktrees — one per repository the topic touches. Router action — no agent. Trigger on "set up the worktree", "isolate this work", or "/team-worktree".
3SKILL.mdUpdated Apr 23, 2026