prowler-changelog - Claude MCP Skill

## Changelog Locations

| Component | File | Version Prefix | Current Version |
|-----------|------|----------------|-----------------|
| UI | `ui/CHANGELOG.md` | None | 1.x.x |
| API | `api/CHANGELOG.md` | None | 1.x.x |
| MCP Server | `mcp_server/CHANGELOG.md` | None | 0.x.x |
| SDK | `prowler/CHANGELOG.md` | None | 5.x.x |

## Format Rules (keepachangelog.com)

### Section Order (ALWAYS this order)

```markdown
## [X.Y.Z] (Prowler vA.B.C) OR (Prowler UNRELEASED)

### Added
### Changed
### Deprecated
### Removed
### Fixed
### Security
```

### Emoji Prefixes (REQUIRED for ALL components)

| Section | Emoji | Usage |
|---------|-------|-------|
| Added | `### 🚀 Added` | New features, checks, endpoints |
| Changed | `### 🔄 Changed` | Modifications to existing functionality |
| Deprecated | `### ⚠️ Deprecated` | Features marked for removal |
| Removed | `### ❌ Removed` | Deleted features |
| Fixed | `### 🐞 Fixed` | Bug fixes |
| Security | `### 🔐 Security` | Security patches, CVE fixes |

### Entry Format

```markdown
### Added

- Existing entry one [(#XXXX)](https://github.com/prowler-cloud/prowler/pull/XXXX)
- Existing entry two [(#YYYY)](https://github.com/prowler-cloud/prowler/pull/YYYY)
- NEW ENTRY GOES HERE at the BOTTOM [(#ZZZZ)](https://github.com/prowler-cloud/prowler/pull/ZZZZ)

### Changed

- Existing change [(#AAAA)](https://github.com/prowler-cloud/prowler/pull/AAAA)
- NEW CHANGE ENTRY at BOTTOM [(#BBBB)](https://github.com/prowler-cloud/prowler/pull/BBBB)
```

**Rules:**
- **ADD NEW ENTRIES AT THE BOTTOM of each section** (before next section header or `---`)
- **Blank line after section header** before first entry
- **Blank line between sections**
- Be specific: what changed, not why (that's in the PR)
- One entry per PR (can link multiple PRs for related changes)
- No period at the end
- Do NOT start with redundant verbs (section header already provides the action)
- **CRITICAL: Preserve section order** — when adding a new section to the UNRELEASED block, insert it in the correct position relative to existing sections (Added → Changed → Deprecated → Removed → Fixed → Security). Never append a new section at the top or bottom without checking order

### Semantic Versioning Rules

Prowler follows [semver.org](https://semver.org/):

| Change Type | Version Bump | Example |
|-------------|--------------|---------|
| Bug fixes, patches | PATCH (x.y.**Z**) | 1.16.1 → 1.16.2 |
| New features (backwards compatible) | MINOR (x.**Y**.0) | 1.16.2 → 1.17.0 |
| Breaking changes, removals | MAJOR (**X**.0.0) | 1.17.0 → 2.0.0 |

**CRITICAL:** `### ❌ Removed` entries MUST only appear in MAJOR version releases. Removing features is a breaking change.

### Released Versions Are Immutable

**NEVER modify already released versions.** Once a version is released (has a Prowler version tag like `v5.16.0`), its changelog section is frozen.

**Common issue:** A PR is created during release cycle X, includes a changelog entry, but merges after release. The entry is now in the wrong section.

```markdown
## [1.16.0] (Prowler v5.16.0)    ← RELEASED, DO NOT MODIFY

### Added
- Feature from merged PR [(#9999)]   ← WRONG! PR merged after release

## [1.17.0] (Prowler UNRELEASED)  ← Move entry HERE
```

**Fix:** Move the entry from the released version to the UNRELEASED section.

### Version Header Format

```markdown
## [1.17.0] (Prowler UNRELEASED)    # For unreleased changes
## [1.16.0] (Prowler v5.16.0)       # For released versions

---                                  # Horizontal rule between versions
```

## Adding a Changelog Entry

### Step 1: Determine Affected Component(s)

```bash
# Check which files changed
git diff main...HEAD --name-only
```

| Path Pattern | Component |
|--------------|-----------|
| `ui/**` | UI |
| `api/**` | API |
| `mcp_server/**` | MCP Server |
| `prowler/**` | SDK |
| Multiple | Update ALL affected changelogs |

### Step 2: Determine Change Type

| Change | Section |
|--------|---------|
| New feature, check, endpoint | 🚀 Added |
| Behavior change, refactor | 🔄 Changed |
| Bug fix | 🐞 Fixed |
| CVE patch, security improvement | 🔐 Security |
| Feature removal | ❌ Removed |
| Deprecation notice | ⚠️ Deprecated |

### Step 3: Add Entry at BOTTOM of Appropriate Section

**CRITICAL:** Add new entries at the BOTTOM of each section, NOT at the top.

```markdown
## [1.17.0] (Prowler UNRELEASED)

### 🐞 Fixed

- Existing fix one [(#9997)](https://github.com/prowler-cloud/prowler/pull/9997)
- Existing fix two [(#9998)](https://github.com/prowler-cloud/prowler/pull/9998)
- Button alignment in dashboard header [(#9999)](https://github.com/prowler-cloud/prowler/pull/9999)  ← NEW ENTRY AT BOTTOM

### 🔐 Security
```

This maintains chronological order within each section (oldest at top, newest at bottom).

## Examples

### Good Entries

```markdown
### 🚀 Added
- Search bar when adding a provider [(#9634)](https://github.com/prowler-cloud/prowler/pull/9634)

### 🐞 Fixed
- OCI update credentials form failing silently due to missing provider UID [(#9746)](https://github.com/prowler-cloud/prowler/pull/9746)

### 🔐 Security
- Node.js from 20.x to 24.13.0 LTS, patching 8 CVEs [(#9797)](https://github.com/prowler-cloud/prowler/pull/9797)
```

### Bad Entries

```markdown
# BAD - Wrong section order (Fixed before Added)
### 🐞 Fixed
- Some bug fix [(#123)](...)

### 🚀 Added
- Some new feature [(#456)](...)

- Fixed bug.                              # Too vague, has period
- Added new feature for users             # Missing PR link, redundant verb
- Add search bar [(#123)]                 # Redundant verb (section already says "Added")
- This PR adds a cool new thing (#123)    # Wrong link format, conversational
```

## PR Changelog Gate

The `pr-check-changelog.yml` workflow enforces changelog entries:

1. **REQUIRED**: PRs touching `ui/`, `api/`, `mcp_server/`, or `prowler/` MUST update the corresponding changelog
2. **SKIP**: Add `no-changelog` label to bypass (use sparingly for docs-only, CI-only changes)

## Commands

```bash
# Check which changelogs need updates based on changed files
git diff main...HEAD --name-only | grep -E '^(ui|api|mcp_server|prowler)/' | cut -d/ -f1 | sort -u

# View current UNRELEASED section
head -50 ui/CHANGELOG.md
head -50 api/CHANGELOG.md
head -50 mcp_server/CHANGELOG.md
head -50 prowler/CHANGELOG.md
```

## Migration Note

**API, MCP Server, and SDK changelogs currently lack emojis.** When editing these files, add emoji prefixes to section headers as you update them:

```markdown
# Before (legacy)
### Added

# After (standardized)
### 🚀 Added
```

## Resources

- **Templates**: See [assets/](assets/) for entry templates
- **keepachangelog.com**: https://keepachangelog.com/en/1.1.0/