home / skills / prowler-cloud / prowler / prowler-changelog
This skill helps teams manage changelog entries for Prowler components in keepachangelog format across ui api mcp_server prowler, streamlining PR documentation
npx playbooks add skill prowler-cloud/prowler --skill prowler-changelogReview the files below or copy the command above to add this skill to your agents.
---
name: prowler-changelog
description: >
Manages changelog entries for Prowler components following keepachangelog.com format.
Trigger: When creating PRs, adding changelog entries, or working with any CHANGELOG.md file in ui/, api/, mcp_server/, or prowler/.
license: Apache-2.0
metadata:
author: prowler-cloud
version: "1.0"
scope: [root, ui, api, sdk, mcp_server]
auto_invoke:
- "Add changelog entry for a PR or feature"
- "Update CHANGELOG.md in any component"
- "Create PR that requires changelog entry"
- "Review changelog format and conventions"
allowed-tools: Read, Edit, Write, Glob, Grep, Bash
---
## Changelog Locations
| Component | File | Version Prefix | Current Version |
|-----------|------|----------------|-----------------|
| UI | `ui/CHANGELOG.md` | None | 1.x.x |
| API | `api/CHANGELOG.md` | None | 1.x.x |
| MCP Server | `mcp_server/CHANGELOG.md` | None | 0.x.x |
| SDK | `prowler/CHANGELOG.md` | None | 5.x.x |
## Format Rules (keepachangelog.com)
### Section Order (ALWAYS this order)
```markdown
## [X.Y.Z] (Prowler vA.B.C) OR (Prowler UNRELEASED)
### Added
### Changed
### Deprecated
### Removed
### Fixed
### Security
```
### Emoji Prefixes (REQUIRED for ALL components)
| Section | Emoji | Usage |
|---------|-------|-------|
| Added | `### 🚀 Added` | New features, checks, endpoints |
| Changed | `### 🔄 Changed` | Modifications to existing functionality |
| Deprecated | `### ⚠️ Deprecated` | Features marked for removal |
| Removed | `### ❌ Removed` | Deleted features |
| Fixed | `### 🐞 Fixed` | Bug fixes |
| Security | `### 🔐 Security` | Security patches, CVE fixes |
### Entry Format
```markdown
### Added
- First entry [(#XXXX)](https://github.com/prowler-cloud/prowler/pull/XXXX)
- Second entry [(#YYYY)](https://github.com/prowler-cloud/prowler/pull/YYYY)
### Changed
- Another entry [(#ZZZZ)](https://github.com/prowler-cloud/prowler/pull/ZZZZ)
```
**Rules:**
- **Blank line after section header** before first entry
- **Blank line between sections**
- Be specific: what changed, not why (that's in the PR)
- One entry per PR (can link multiple PRs for related changes)
- No period at the end
- Do NOT start with redundant verbs (section header already provides the action)
### Semantic Versioning Rules
Prowler follows [semver.org](https://semver.org/):
| Change Type | Version Bump | Example |
|-------------|--------------|---------|
| Bug fixes, patches | PATCH (x.y.**Z**) | 1.16.1 → 1.16.2 |
| New features (backwards compatible) | MINOR (x.**Y**.0) | 1.16.2 → 1.17.0 |
| Breaking changes, removals | MAJOR (**X**.0.0) | 1.17.0 → 2.0.0 |
**CRITICAL:** `### ❌ Removed` entries MUST only appear in MAJOR version releases. Removing features is a breaking change.
### Released Versions Are Immutable
**NEVER modify already released versions.** Once a version is released (has a Prowler version tag like `v5.16.0`), its changelog section is frozen.
**Common issue:** A PR is created during release cycle X, includes a changelog entry, but merges after release. The entry is now in the wrong section.
```markdown
## [1.16.0] (Prowler v5.16.0) ← RELEASED, DO NOT MODIFY
### Added
- Feature from merged PR [(#9999)] ← WRONG! PR merged after release
## [1.17.0] (Prowler UNRELEASED) ← Move entry HERE
```
**Fix:** Move the entry from the released version to the UNRELEASED section.
### Version Header Format
```markdown
## [1.17.0] (Prowler UNRELEASED) # For unreleased changes
## [1.16.0] (Prowler v5.16.0) # For released versions
--- # Horizontal rule between versions
```
## Adding a Changelog Entry
### Step 1: Determine Affected Component(s)
```bash
# Check which files changed
git diff main...HEAD --name-only
```
| Path Pattern | Component |
|--------------|-----------|
| `ui/**` | UI |
| `api/**` | API |
| `mcp_server/**` | MCP Server |
| `prowler/**` | SDK |
| Multiple | Update ALL affected changelogs |
### Step 2: Determine Change Type
| Change | Section |
|--------|---------|
| New feature, check, endpoint | 🚀 Added |
| Behavior change, refactor | 🔄 Changed |
| Bug fix | 🐞 Fixed |
| CVE patch, security improvement | 🔐 Security |
| Feature removal | ❌ Removed |
| Deprecation notice | ⚠️ Deprecated |
### Step 3: Add Entry to UNRELEASED Section
```bash
# Example: Adding a fix to UI changelog
```
```markdown
## [1.17.0] (Prowler UNRELEASED)
### 🐞 Fixed
- Button alignment in dashboard header [(#9999)](https://github.com/prowler-cloud/prowler/pull/9999)
```
## Examples
### Good Entries
```markdown
### 🚀 Added
- Search bar when adding a provider [(#9634)](https://github.com/prowler-cloud/prowler/pull/9634)
### 🐞 Fixed
- OCI update credentials form failing silently due to missing provider UID [(#9746)](https://github.com/prowler-cloud/prowler/pull/9746)
### 🔐 Security
- Node.js from 20.x to 24.13.0 LTS, patching 8 CVEs [(#9797)](https://github.com/prowler-cloud/prowler/pull/9797)
```
### Bad Entries
```markdown
- Fixed bug. # Too vague, has period
- Added new feature for users # Missing PR link, redundant verb
- Add search bar [(#123)] # Redundant verb (section already says "Added")
- This PR adds a cool new thing (#123) # Wrong link format, conversational
```
## PR Changelog Gate
The `pr-check-changelog.yml` workflow enforces changelog entries:
1. **REQUIRED**: PRs touching `ui/`, `api/`, `mcp_server/`, or `prowler/` MUST update the corresponding changelog
2. **SKIP**: Add `no-changelog` label to bypass (use sparingly for docs-only, CI-only changes)
## Commands
```bash
# Check which changelogs need updates based on changed files
git diff main...HEAD --name-only | grep -E '^(ui|api|mcp_server|prowler)/' | cut -d/ -f1 | sort -u
# View current UNRELEASED section
head -50 ui/CHANGELOG.md
head -50 api/CHANGELOG.md
head -50 mcp_server/CHANGELOG.md
head -50 prowler/CHANGELOG.md
```
## Migration Note
**API, MCP Server, and SDK changelogs currently lack emojis.** When editing these files, add emoji prefixes to section headers as you update them:
```markdown
# Before (legacy)
### Added
# After (standardized)
### 🚀 Added
```
## Resources
- **Templates**: See [assets/](assets/) for entry templates
- **keepachangelog.com**: https://keepachangelog.com/en/1.1.0/
This skill manages changelog entries for Prowler components using the Keep a Changelog format and project conventions. It enforces emoji-prefixed sections, semantic versioning rules, and immutability of released sections across UI, API, MCP Server, and SDK changelogs. It triggers when creating PRs, adding entries, or editing any CHANGELOG.md under ui/, api/, mcp_server/, or prowler/.
When a PR touches files in the tracked component paths, the skill checks whether the corresponding CHANGELOG.md has an appropriate UNRELEASED entry. It validates section order, required emoji headers, entry format (one PR per entry with correct link), blank-line spacing rules, and semantic-version constraints for removals. It also detects entries placed under released versions and recommends moving them to the UNRELEASED section.
What if my PR merged after a release and the entry ended up under a released version?
Move the entry from the released version to the UNRELEASED section. Released sections are immutable and must not be modified
Can I skip adding a changelog entry?
Only use the no-changelog label sparingly for docs-only or CI-only changes; otherwise changelog updates are required