Changesets VSCode Extension
This extension provides a simple way to use the changesets workflow directly from within VSCode or Cursor.
Features
Changeset: Add (Manual)
command: Walks you through creating a new changeset file, similar to the changeset add
CLI command.
Changeset: Add with AI
command: Automatically determines version bumps and generates a summary based on your staged git changes using Google's Gemini AI.
Changeset: Add Empty
command: Creates an empty changeset with no version bumps, useful for documentation-only changes.
Changeset: Set Gemini API Key
command: Manually set or replace your Google Gemini API key.
Changeset: Clear Gemini API Key
command: Remove your stored API key from secure storage.
How to Use
Manual Workflow
- Open a project that has been initialized with changesets.
- Open the Command Palette (
Ctrl+Shift+P
or Cmd+Shift+P
).
- Type and select
Changeset: Add (Manual)
.
- Follow the prompts to select packages, choose semver bumps, and write a summary.
AI-Powered Workflow
- Make your code changes and stage them using
git add
.
- Open the Command Palette.
- Type and select
Changeset: Add with AI
.
- The first time you run this, you will be prompted to enter your Google Gemini API key. This will be stored securely for future use.
- The extension will analyze your staged changes and propose version bumps and a summary.
- Review the AI's suggestion and click "Accept" to create the changeset file.
Empty Changeset Workflow
- Open the Command Palette.
- Type and select
Changeset: Add Empty
.
- Enter a summary for your changes (can be empty for documentation-only changes).
- The changeset will be created with no version bumps.
Requirements
- Your project should be set up to use changesets. If it's not, run
npx changeset init
(or your package managers equivalent) in your project's root directory.
git
must be installed and available in your system's PATH.
- For the AI feature, you must have staged changes (
git add ...
) for the AI to analyze.
- You need a Google Gemini API key to use the AI Feature. You can get one for free from Google AI Studio.
AI Feature Details
The AI-powered workflow uses Google's Gemini 2.0 Flash model to:
- Analyze your staged git changes
- Determine appropriate semantic version bumps (major, minor, or patch) for affected packages
- Generate a concise changelog summary
- Present the suggestions in a user-friendly format for review
The extension securely stores your API key using VSCode's / Cursor's built-in secret storage, so you only need to enter it once.
Security
This extension implements several security measures to protect your data and system:
- Secure API Key Storage: API keys are stored using VSCode's / Cursor's built-in secret storage
- Path Validation: All file operations validate paths to prevent path traversal attacks
- Input Sanitization: All user inputs are validated and sanitized before processing
- Memory Protection: Limits on buffer sizes and file counts prevent memory exhaustion attacks
- Command Injection Protection: Git commands are executed with validated working directories
- Cryptographically Secure Randomness: File names are generated using secure random algorithms
API Key Security
Important: When using the AI feature, your Google Gemini API key is transmitted as a query parameter in the URL. While this is the official method required by Google's API, it has some security implications:
Security Considerations:
- Server Logs: The API key may appear in Google's server logs
- Network Proxies: Corporate or network proxies might log the full URL including the API key
- HTTPS Transmission: The key is transmitted over HTTPS, but is visible in the URL
Recommendations:
- Use a Dedicated API Key: Create a separate API key specifically for this extension rather than using your main Google account key
- Monitor Usage: Check your Google AI Studio dashboard for unexpected usage
- Rotate Keys: Consider rotating your API key periodically
- Limit Scope: If possible, create API keys with minimal required permissions
What We Do to Protect You:
- API keys are stored encrypted in VSCode's / Cursor's secure storage
- Keys are automatically cleared if they become invalid
- All API requests include a user agent for tracking
- No API keys are logged or stored in plain text
You can manage your API key using the Changeset: Set API Key
and Changeset: Clear API Key
commands.
Development
This extension is built for VSCode and Cursor and requires Node.js. To run it in development mode:
- Clone this repository
- Run
npm install
- Press F5 in VSCode / Cursor to launch the extension in a new Extension Development Host window
Contributing
We welcome contributions to improve this extension! Here's how you can help:
Development Setup
Clone the repository:
git clone https://github.com/gunn4r/vscode-changesets.git
cd vscode-changesets
Install dependencies:
npm install
Open in VSCode or Cursor:
code .
cursor .
Run the extension:
- Press
F5
to launch the extension in a new Extension Development Host window
- Test your changes in the development environment
Making Changes
Create a feature branch:
git checkout -b feature/your-feature-name
Make your changes to the extension code
Test your changes:
- Use the Extension Development Host to test your changes
- Ensure all commands work correctly
- Test with different project configurations
Create a changeset:
- Use the extension commands to create a changeset for your changes
- Or run
npx changeset
in the terminal
- Choose the appropriate version bump (patch, minor, major)
Commit and push:
git add .
git commit -m "feat: your feature description"
git push origin feature/your-feature-name
Create a Pull Request:
- The changesets bot will automatically create a release PR
- Review the proposed changes and version bumps
- Merge when ready
Development Guidelines
- Code Style: Follow the existing code style and patterns
- Security: All user inputs should be validated and sanitized
- Error Handling: Provide clear error messages for users
- Documentation: Update README.md for new features
- Testing: Test your changes thoroughly before submitting
Areas for Contribution
- Bug Fixes: Report and fix issues you encounter
- Feature Enhancements: Add new functionality to the extension
- Documentation: Improve README, add examples, or clarify instructions
- Performance: Optimize extension performance
- Security: Enhance security measures and validation
- UI/UX: Improve the user experience and interface
Reporting Issues
When reporting issues, please include:
- VSCode or Cursor version
- Extension version
- Steps to reproduce
- Expected vs actual behavior
- Any error messages or logs
Questions or Need Help?
- Open an issue for bugs or feature requests
- Start a discussion for questions or ideas
- Check existing issues and discussions first
Thank you for contributing to making this extension better for everyone!