Difflog reads your commits since the last release, hands them to an LLM, and writes a CHANGELOG.md you'd actually want to read. No conventions. No templates. Just push a tag and it's done.
You're staring at git log --oneline v1.2.0..HEAD and there are 47 commits that say things like "fix stuff," "wip," "temp," and "ok now it works." You have no idea what to write. You're tired. You just want to ship. So you write "Bug fixes and performance improvements" and move on — and you know it, and your users know it, and nobody says anything, and that's somehow worse.
Or you skip the changelog entirely. Again.
Difflog fixes the part you've been skipping for three years.
Push a version tag (v1.2.0). That's the trigger.
The GitHub Action collects everything since your last tag and sends it to an LLM with the right context.
A clean, grouped, human-readable CHANGELOG.md gets committed back to your repo. Done.
No bullet soup. No raw commit hashes. No "chore: update deps (again)." Just what changed, in plain English, organized so someone can actually read it.
## [1.4.0] — 2026-03-14 ### What's new - Added support for monorepos: you can now scope Difflog to a subdirectory with `working_directory` - Changelog entries are now grouped by type (features, fixes, maintenance) automatically ### Fixed - Duplicate entries were appearing when commits spanned a merge and its squash — fixed - The action was failing silently on repos with no prior tags; it now exits with a helpful message ### Under the hood - Switched LLM call to streaming to reduce timeout risk on large commit ranges - Reduced default token budget by 30% without affecting output quality
Most tools ask you to trust them with your code. We designed it so you don't have to.
Difflog reads your git history inside your own GitHub Actions runner. That process runs entirely on GitHub's infrastructure. It never touches our servers.
Your OpenAI key is stored in your GitHub Secrets. We don't proxy it, store it, or ever see it. The LLM call goes from your runner to OpenAI — directly.
We issue a license key to unlock private repo access. That key validates your subscription status. That's the only data that passes through our system.
BYOK isn't a limitation we're working around. It's a decision we made on your behalf. You shouldn't have to hand your codebase to a third party to automate a changelog.
Difflog's architecture is fully inspectable. The action source is public at github.com/patchwork-eng/difflog. Read exactly what it does before you run it.
Click your plan. Checkout takes 60 seconds. Your license key arrives by email — it looks like difflog_xxxxxxxxxxxxxxxx.
In your repo: Settings → Secrets and variables → Actions → New repository secret.
Name: DIFFLOG_LICENSE_KEY
Value: your key.
Your workflow runs. Difflog reads commits since your last release, calls your OpenAI key, and writes CHANGELOG.md. Done.
- uses: patchwork-eng/difflog@v1 with: openai_key: ${{ secrets.OPENAI_API_KEY }} license_key: ${{ secrets.DIFFLOG_LICENSE_KEY }}
Need an OpenAI key? It takes 5 minutes at platform.openai.com. Pricing is negligible — a typical changelog run costs less than a fraction of a cent.
Drop this in .github/workflows/changelog.yml:
name: Generate Changelog on: push: tags: - 'v*' jobs: changelog: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: patchwork-eng/difflog@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} openai_api_key: ${{ secrets.OPENAI_API_KEY }}
That's it. Push a tag. Get a changelog.