From 8d889a353883e8a5de7587b1192d2db5cbaff77d Mon Sep 17 00:00:00 2001
From: chocks <804247+chocks@users.noreply.github.com>
Date: Sat, 11 Apr 2026 08:27:33 -0400
Subject: [PATCH] feat(release): inject release notes from CHANGELOG.md, group
 commit changelog

Adds a Keep-a-Changelog-style CHANGELOG.md as the source of per-release
narrative notes, wires goreleaser to prepend that narrative above its
auto-generated commit changelog, and groups the commit changelog by
conventional-commit type so future releases read as Features / Bug fixes /
Other instead of one flat list.

- CHANGELOG.md: new file, backfilled with a 0.0.1 section covering the
  gate/trace/replay primitives, approval workflow, MCP server, VS Code
  extension, SDKs, and release pipeline that shipped in v0.0.1.
- .goreleaser.yaml: add release.header pulling from {{ .Env.RELEASE_NOTES }},
  expand changelog.groups with feat/fix/other buckets (existing docs/chore/ci
  filters preserved).
- .github/workflows/release.yml: add a pre-goreleaser step that extracts the
  section matching the pushed tag from CHANGELOG.md and exports it as
  RELEASE_NOTES. Fails fast with a clear error if no matching section exists,
  so we can't accidentally tag a release with an empty summary.

The extractor uses $GITHUB_REF_NAME via an explicit env: block (not
${{ }} interpolation into the run script) to stay out of the workflow
injection footgun.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/release.yml | 22 ++++++++++++++++++++
 .goreleaser.yaml              | 13 ++++++++++++
 CHANGELOG.md                  | 39 +++++++++++++++++++++++++++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1c2695e..ecbcafc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,9 +31,31 @@ jobs:
       - name: Run tests
         run: go test ./...
 
+      - name: Extract release notes from CHANGELOG.md
+        env:
+          TAG_NAME: ${{ github.ref_name }}
+        run: |
+          VERSION="${TAG_NAME#v}"
+          if ! grep -qE "^## \[?${VERSION}\]?" CHANGELOG.md; then
+            echo "::error::No CHANGELOG.md section found for ${VERSION}. Add a '## [${VERSION}] - YYYY-MM-DD' heading before tagging."
+            exit 1
+          fi
+          NOTES=$(awk -v v="${VERSION}" '
+            $0 ~ "^## \\[?" v "\\]?" { flag=1; next }
+            flag && /^## / { exit }
+            flag && /^\[[^]]*\]: / { next }
+            flag { print }
+          ' CHANGELOG.md)
+          {
+            echo "RELEASE_NOTES<<NOTES_EOF"
+            echo "$NOTES"
+            echo "NOTES_EOF"
+          } >> "$GITHUB_ENV"
+
       - uses: goreleaser/goreleaser-action@v6
         with:
           version: "~> v2"
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_NOTES: ${{ env.RELEASE_NOTES }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 5fd0f97..14d464d 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -27,8 +27,21 @@ checksum:
 
 changelog:
   sort: asc
+  groups:
+    - title: "Features"
+      regexp: '^.*?feat(\([^)]+\))?!?:.+$'
+      order: 0
+    - title: "Bug fixes"
+      regexp: '^.*?fix(\([^)]+\))?!?:.+$'
+      order: 1
+    - title: "Other"
+      order: 999
   filters:
     exclude:
       - "^docs:"
       - "^chore:"
       - "^ci:"
+
+release:
+  header: |
+    {{ .Env.RELEASE_NOTES }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..bbf760b
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,39 @@
+# Changelog
+
+All notable changes to agentctl are documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+Add new work under `## [Unreleased]`. On release, rename the section to the new
+version and date, and the release workflow will lift it into the GitHub Release
+notes automatically.
+
+## [Unreleased]
+
+## [0.0.1] - 2026-04-11
+
+First tagged release of agentctl — a small Go toolkit for gating, tracing, and
+replaying high-risk agent actions.
+
+### Added
+
+- **`agentctl gate`** — deterministic policy evaluation against the action
+  schema in `pkg/schema`, with YAML policies (see `agentctl.policy.yaml`).
+- **`agentctl trace`** — reliable append-only trace storage for every gated
+  decision, kept in the agentctl home directory.
+- **`agentctl replay`** — inspect and replay recorded decisions for incident
+  review and policy iteration.
+- **Local HTTP server and approval workflow** — `agentctl serve` exposes a
+  local API for gate/trace/replay plus an approval endpoint for escalations.
+- **MCP server** (`agentctl mcp`) — expose agentctl to MCP clients.
+- **Claude Code hook adapter** — gate tool calls from Claude Code via hooks.
+- **VS Code extension** — approvals panel and trace viewer.
+- **OpenAPI contract** (`api/openapi.yaml`) and generated JS / Python SDKs
+  under `sdk/` — the OpenAPI spec is the source of truth for cross-language
+  clients.
+- **Release pipeline** — cross-platform binaries for linux, darwin, windows
+  across amd64 and arm64, built and published via goreleaser.
+
+[Unreleased]: https://github.com/chocks/agentctl/compare/v0.0.1...HEAD
+[0.0.1]: https://github.com/chocks/agentctl/releases/tag/v0.0.1