[ENG-213] Fern Changelog Automation

[tanishq-atm]

Summary by cubic

Automates API changelog generation for Fern definition changes and publishes a Changelog section in docs, fulfilling ENG-213. Adds a GitHub Action that diffs OpenAPI changes and comments on PRs; includes guidelines, template, and initial entries.

• New Features

  • API Changelog workflow: exports base/current OpenAPI, runs oasdiff, uploads a diff artifact, and comments on the PR.
  • Changelog is live in docs: enabled tab, overview page, template, and initial MDX entries (Pods, WebSockets, Metrics, Drafts, Domains, Webhooks).
  • Writer guide (AGENTS.md) with structure, voice, and Slack flow.
  • .gitignore updated for generated SDK outputs and OpenAPI artifacts.

• Dependencies

  • Requires Node 20 and Fern CLI; uses oasdiff/oasdiff-action.
  • SDK generators pinned: TypeScript 3.46.2, Python 4.54.2; local outputs to generated/typescript and generated/python.

^{Written for commit 8bd64e3. Summary will update on new commits.}

[github-actions]

🌿 Preview your docs: https://agentmail-preview-af7d8f97-4e4f-451d-ae72-28c16fcaf519.docs.buildwithfern.com

[github-actions]

🌿 Preview your docs: https://agentmail-preview-03f6c1f9-2f25-46dc-967d-21d86f508701.docs.buildwithfern.com

[cubic-dev-ai]

9 issues found across 13 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name=".github/workflows/api-changelog.yml">

<violation number="1" location=".github/workflows/api-changelog.yml:55">
P1: **Security: Script injection vulnerability.** Directly interpolating `${{ steps.oasdiff.outputs.changelog }}` into a shell script allows command injection if the changelog contains shell metacharacters. Use an environment variable instead.</violation>

<violation number="2" location=".github/workflows/api-changelog.yml:83">
P1: **Security: Script injection vulnerability.** Directly interpolating `${{ steps.oasdiff.outputs.changelog }}` into a JavaScript template literal allows script injection if the changelog contains backticks or `${...}`. Use environment variables with `process.env` instead.</violation>

<violation number="3" location=".github/workflows/api-changelog.yml:84">
P2: **Potential runtime error.** If `breaking_count` is empty, this produces invalid JavaScript (`const breaking =  > 0;`). Add a fallback: `${{ steps.check_changes.outputs.breaking_count || 0 }}`.</violation>
</file>

<file name="fern/changelog/2025-10-28.mdx">

<violation number="1" location="fern/changelog/2025-10-28.mdx:34">
P2: The changelog uses `<CodeBlock>` with only a Python snippet. The guidelines require `<CodeBlocks>` with both Python and TypeScript blocks (with titles) so readers get the language toggle and consistent formatting.</violation>
</file>

<file name="fern/changelog/overview.mdx">

<violation number="1" location="fern/changelog/overview.mdx:3">
P3: Replace the relative RSS link with an absolute `https://docs.agentmail.to/...` URL to follow the changelog link guidelines.</violation>
</file>

<file name="fern/changelog/2025-07-20.mdx">

<violation number="1" location="fern/changelog/2025-07-20.mdx:2">
P3: Use only the documented tag categories in frontmatter. Remove the extra `real-time` tag to keep tags aligned with the changelog taxonomy.</violation>

<violation number="2" location="fern/changelog/2025-07-20.mdx:38">
P2: Use the required `<CodeBlocks>` component with both Python and TypeScript examples so the changelog matches the documented format.</violation>
</file>

<file name="fern/changelog/TEMPLATE.mdx">

<violation number="1" location="fern/changelog/TEMPLATE.mdx:28">
P2: Breaking change examples must use `<CodeBlocks>` with both Python and TypeScript fences; `<CodeBlock>` is disallowed by the changelog guidelines.</violation>
</file>

<file name="fern/changelog/2025-12-22.mdx">

<violation number="1" location="fern/changelog/2025-12-22.mdx:2">
P3: Replace the `events` tag with a supported taxonomy tag (or drop it) so the frontmatter matches the changelog guidelines.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[github-actions]

🌿 Preview your docs: https://agentmail-preview-1c052c88-0038-4e13-9271-40764e87b5c1.docs.buildwithfern.com

[tanishq-atm]

@cubic-dev-ai some changes to fix the stuff you mentioned. how we looking now?

[cubic-dev-ai]

@cubic-dev-ai some changes to fix the stuff you mentioned. how we looking now?

@tanishq-atm I don't see any prior review comments from me in this PR's history, so I'll give you a fresh review of the current state.

Overall, this is looking really solid. The changelog automation workflow is well-structured, and the documentation guidelines in AGENTS.md are comprehensive. Here are a few observations:

What's working well:

1. Workflow logic – The api-changelog.yml does exactly what it should: exports OpenAPI specs, diffs them, and posts results. The artifact upload is a nice touch for local preview.

2. Changelog entries – Your MDX files follow a consistent structure with proper frontmatter, clear sections, and runnable code examples in both Python and TypeScript.

3. AGENTS.md – This is excellent. Clear voice guidelines, structural requirements, and a concrete minimal example. Any AI agent or human writer will know exactly what to produce.

4. Template – TEMPLATE.mdx covers all the bases including breaking changes and SDK updates sections.

Minor polish suggestions:

In api-changelog.yml (line 91):

const body = `## ${breaking ? '🚨 Breaking' : '✨'} API Changes\n\n\`\`\`markdown\n${diff}\n\`\`\`\n\n💡 Download \`api-changelog-diff\` artifact or tag @Fern Writer in #github-prs for changelog.`;

The diff is already markdown from oasdiff, so wrapping it in ```markdown makes sense for the comment, but consider if the backticks inside the template string need escaping. This should work, but double-check the PR comment renders correctly.

In changelog entries:

• Minor: 2025-07-20.mdx line 25 says "Low-latency delivery (under 100ms typical)" – you mentioned in AGENTS.md to avoid raw < in prose to prevent MDX issues. Consider "typically under 100ms" or "sub-100ms."
• The code examples are clean and runnable. Love the lowercase comment style you've enforced.

In fern/generators.yml:
You've added local output paths for SDKs. Just confirm your team wants generated code committed or if .gitignore should cover it (you already ignore **/generated/, so you're good).

You're in great shape to merge this. The automation will comment on PRs with Fern definition changes, and the guidelines ensure consistent, high-quality changelog entries. Nice work! 🚀

[github-actions]

🌿 Preview your docs: https://agentmail-preview-98eef0be-82e3-4e0c-8858-7a44c1280dd4.docs.buildwithfern.com

[github-actions]

🌿 Preview your docs: https://agentmail-preview-c80af53e-bdcb-460c-84b3-92a98b464abc.docs.buildwithfern.com