underpost 2.99.6 → 2.99.7

package/src/cli/baremetal.js

@@ -773,13 +773,13 @@ rm -rf ${artifacts.join(' ')}`);
             bootstrapArch,
             callbackMetaData,
             steps: [
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].base(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].user(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].timezone({
+              ...Underpost.system.factory[systemProvisioning].base(),
+              ...Underpost.system.factory[systemProvisioning].user(),
+              ...Underpost.system.factory[systemProvisioning].timezone({
                 timezone,
                 chronyConfPath,
               }),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].keyboard(keyboard.layout),
+              ...Underpost.system.factory[systemProvisioning].keyboard(keyboard.layout),
             ],
           });
         }
@@ -826,13 +826,13 @@ rm -rf ${artifacts.join(' ')}`);
             bootstrapArch,
             callbackMetaData,
             steps: [
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].base(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].user(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].timezone({
+              ...Underpost.system.factory[systemProvisioning].base(),
+              ...Underpost.system.factory[systemProvisioning].user(),
+              ...Underpost.system.factory[systemProvisioning].timezone({
                 timezone,
                 chronyConfPath: chronyc.chronyConfPath,
               }),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].keyboard(keyboard.layout),
+              ...Underpost.system.factory[systemProvisioning].keyboard(keyboard.layout),
             ],
           });
         }
@@ -2961,320 +2961,6 @@ EOF`);
       throw new Error(`Unsupported host architecture: ${machine}`);
     },
 
-    /**
-     * @property {object} systemProvisioningFactory
-     * @description A factory object containing functions for system provisioning based on OS type.
-     * Each OS type (e.g., 'ubuntu') provides methods for base system setup, user creation,
-     * timezone configuration, and keyboard layout settings.     *
-     * @memberof UnderpostBaremetal
-     * @namespace UnderpostBaremetal.systemProvisioningFactory
-     */
-    systemProvisioningFactory: {
-      /**
-       * @property {object} ubuntu
-       * @description Provisioning steps for Ubuntu-based systems.
-       * @memberof UnderpostBaremetal.systemProvisioningFactory
-       * @namespace UnderpostBaremetal.systemProvisioningFactory.ubuntu
-       */
-      ubuntu: {
-        /**
-         * @method base
-         * @description Generates shell commands for basic Ubuntu system provisioning.
-         * This includes updating package lists, installing essential build tools,
-         * kernel modules, cloud-init, SSH server, and other core utilities.
-         * @param {object} params - The parameters for the function.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        base: () => [
-          // Configure APT sources for Ubuntu ports
-          `cat <<SOURCES | tee /etc/apt/sources.list
-deb http://ports.ubuntu.com/ubuntu-ports noble main restricted universe multiverse
-deb http://ports.ubuntu.com/ubuntu-ports noble-updates main restricted universe multiverse
-deb http://ports.ubuntu.com/ubuntu-ports noble-security main restricted universe multiverse
-SOURCES`,
-
-          // Update package lists and perform a full system upgrade
-          `apt update -qq`,
-          `apt -y full-upgrade`,
-
-          // Install all essential packages in one consolidated step
-          `DEBIAN_FRONTEND=noninteractive apt install -y build-essential xinput x11-xkb-utils usbutils uuid-runtime linux-image-generic systemd-sysv openssh-server sudo locales udev util-linux iproute2 netplan.io ca-certificates curl wget chrony apt-utils tzdata kmod keyboard-configuration console-setup iputils-ping`,
-
-          // Ensure systemd is the init system
-          `ln -sf /lib/systemd/systemd /sbin/init`,
-
-          // Clean up
-          `apt-get clean`,
-        ],
-        /**
-         * @method user
-         * @description Generates shell commands for creating a root user and configuring SSH access.
-         * This is a critical security step for initial access to the provisioned system.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        user: () => [
-          `useradd -m -s /bin/bash -G sudo root`, // Create a root user with bash shell and sudo privileges.
-          `echo 'root:root' | chpasswd`, // Set a default password for the root user (consider more secure methods for production).
-          `mkdir -p /home/root/.ssh`, // Create .ssh directory for authorized keys.
-          // Add the public SSH key to authorized_keys for passwordless login.
-          `echo '${fs.readFileSync(
-            `/home/dd/engine/engine-private/deploy/id_rsa.pub`,
-            'utf8',
-          )}' > /home/root/.ssh/authorized_keys`,
-          `chown -R root /home/root/.ssh`, // Set ownership for security.
-          `chmod 700 /home/root/.ssh`, // Set permissions for the .ssh directory.
-          `chmod 600 /home/root/.ssh/authorized_keys`, // Set permissions for authorized_keys.
-        ],
-        /**
-         * @method timezone
-         * @description Generates shell commands for configuring the system timezone and Chrony (NTP client).
-         * Accurate time synchronization is essential for logging, security, and distributed systems.
-         * @param {object} params - The parameters for the function.
-         * @param {string} params.timezone - The timezone string (e.g., 'America/New_York').
-         * @param {string} params.chronyConfPath - The path to the Chrony configuration file.
-         * @param {string} [alias='chrony'] - The alias for the chrony service.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        timezone: ({ timezone, chronyConfPath }, alias = 'chrony') => [
-          `export DEBIAN_FRONTEND=noninteractive`, // Set non-interactive mode for Debian packages.
-          `ln -fs /usr/share/zoneinfo/${timezone} /etc/localtime`, // Symlink timezone.
-          `sudo dpkg-reconfigure --frontend noninteractive tzdata`, // Reconfigure timezone data.
-          `sudo timedatectl set-timezone ${timezone}`, // Set timezone using timedatectl.
-          `sudo timedatectl set-ntp true`, // Enable NTP synchronization.
-
-          // Write the Chrony configuration file.
-          `echo '
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-# pool 2.pool.ntp.org iburst
-server ${process.env.MAAS_NTP_SERVER} iburst
-
-# Record the rate at which the system clock gains/losses time.
-driftfile /var/lib/chrony/drift
-
-# Allow the system clock to be stepped in the first three updates
-# if its offset is larger than 1 second.
-makestep 1.0 3
-
-# Enable kernel synchronization of the real-time clock (RTC).
-rtcsync
-
-# Enable hardware timestamping on all interfaces that support it.
-#hwtimestamp *
-
-# Increase the minimum number of selectable sources required to adjust
-# the system clock.
-#minsources 2
-
-# Allow NTP client access from local network.
-#allow 192.168.0.0/16
-
-# Serve time even if not synchronized to a time source.
-#local stratum 10
-
-# Specify file containing keys for NTP authentication.
-keyfile /etc/chrony.keys
-
-# Get TAI-UTC offset and leap seconds from the system tz database.
-leapsectz right/UTC
-
-# Specify directory for log files.
-logdir /var/log/chrony
-
-# Select which information is logged.
-#log measurements statistics tracking
-' > ${chronyConfPath}`,
-          `systemctl stop ${alias}`, // Stop Chrony service before reconfiguring.
-
-          // Enable, restart, and check status of Chrony service.
-          `sudo systemctl enable --now ${alias}`,
-          `sudo systemctl restart ${alias}`,
-
-          // Wait for chrony to synchronize
-          `echo "Waiting for chrony to synchronize..."`,
-          `for i in {1..30}; do chronyc tracking | grep -q "Leap status     : Normal" && break || sleep 2; done`,
-
-          `sudo systemctl status ${alias}`,
-
-          // Verify Chrony synchronization.
-          `chronyc sources`,
-          `chronyc tracking`,
-
-          `chronyc sourcestats -v`, // Display source statistics.
-          `timedatectl status`, // Display current time and date settings.
-        ],
-        /**
-         * @method keyboard
-         * @description Generates shell commands for configuring the keyboard layout.
-         * This ensures correct input behavior on the provisioned system.
-         * @param {string} [keyCode='en'] - The keyboard layout code (e.g., 'en', 'es').
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        keyboard: (keyCode = 'en') => [
-          `sudo locale-gen en_US.UTF-8`,
-          `sudo update-locale LANG=en_US.UTF-8`,
-          `sudo sed -i 's/XKBLAYOUT="us"/XKBLAYOUT="${keyCode}"/' /etc/default/keyboard`,
-          `sudo dpkg-reconfigure --frontend noninteractive keyboard-configuration`,
-          `sudo systemctl restart keyboard-setup.service`,
-        ],
-      },
-      /**
-       * @property {object} rocky
-       * @description Provisioning steps for Rocky Linux-based systems.
-       * @memberof UnderpostBaremetal.systemProvisioningFactory
-       * @namespace UnderpostBaremetal.systemProvisioningFactory.rocky
-       */
-      rocky: {
-        /**
-         * @method base
-         * @description Generates shell commands for basic Rocky Linux system provisioning.
-         * This includes installing Node.js, npm, and underpost CLI tools.
-         * @param {object} params - The parameters for the function.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        base: () => [
-          // Update system and install EPEL repository
-          `dnf -y update`,
-          `dnf -y install epel-release`,
-
-          // Install essential system tools (avoiding duplicates from container packages)
-          `dnf -y install --allowerasing bzip2 openssh-server nano vim-enhanced less openssl-devel git gnupg2 libnsl perl`,
-          `dnf clean all`,
-
-          // Install Node.js
-          `curl -fsSL https://rpm.nodesource.com/setup_24.x | bash -`,
-          `dnf install -y nodejs`,
-          `dnf clean all`,
-
-          // Verify Node.js and npm versions
-          `node --version`,
-          `npm --version`,
-
-          // Install underpost ci/cd cli
-          `npm install -g underpost`,
-          `underpost --version`,
-        ],
-        /**
-         * @method user
-         * @description Generates shell commands for creating a root user and configuring SSH access on Rocky Linux.
-         * This is a critical security step for initial access to the provisioned system.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        user: () => [
-          `useradd -m -s /bin/bash -G wheel root`, // Create a root user with bash shell and wheel group (sudo on RHEL)
-          `echo 'root:root' | chpasswd`, // Set a default password for the root user
-          `mkdir -p /home/root/.ssh`, // Create .ssh directory for authorized keys
-          // Add the public SSH key to authorized_keys for passwordless login
-          `echo '${fs.readFileSync(
-            `/home/dd/engine/engine-private/deploy/id_rsa.pub`,
-            'utf8',
-          )}' > /home/root/.ssh/authorized_keys`,
-          `chown -R root:root /home/root/.ssh`, // Set ownership for security
-          `chmod 700 /home/root/.ssh`, // Set permissions for the .ssh directory
-          `chmod 600 /home/root/.ssh/authorized_keys`, // Set permissions for authorized_keys
-        ],
-        /**
-         * @method timezone
-         * @description Generates shell commands for configuring the system timezone on Rocky Linux.
-         * @param {object} params - The parameters for the function.
-         * @param {string} params.timezone - The timezone string (e.g., 'America/Santiago').
-         * @param {string} params.chronyConfPath - The path to the Chrony configuration file (optional).
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        timezone: ({ timezone, chronyConfPath = '/etc/chrony.conf' }) => [
-          // Set system timezone using both methods (for chroot and running system)
-          `ln -sf /usr/share/zoneinfo/${timezone} /etc/localtime`,
-          `echo '${timezone}' > /etc/timezone`,
-          `timedatectl set-timezone ${timezone} 2>/dev/null`,
-
-          // Configure chrony with local NTP server and common NTP pools
-          `echo '# Local NTP server' > ${chronyConfPath}`,
-          `echo 'server 192.168.1.1 iburst prefer' >> ${chronyConfPath}`,
-          `echo '' >> ${chronyConfPath}`,
-          `echo '# Fallback public NTP servers' >> ${chronyConfPath}`,
-          `echo 'server 0.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo 'server 1.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo 'server 2.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo 'server 3.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo '' >> ${chronyConfPath}`,
-          `echo '# Configuration' >> ${chronyConfPath}`,
-          `echo 'driftfile /var/lib/chrony/drift' >> ${chronyConfPath}`,
-          `echo 'makestep 1.0 3' >> ${chronyConfPath}`,
-          `echo 'rtcsync' >> ${chronyConfPath}`,
-          `echo 'logdir /var/log/chrony' >> ${chronyConfPath}`,
-
-          // Enable chronyd to start on boot
-          `systemctl enable chronyd 2>/dev/null`,
-
-          // Create systemd link for boot (works in chroot)
-          `mkdir -p /etc/systemd/system/multi-user.target.wants`,
-          `ln -sf /usr/lib/systemd/system/chronyd.service /etc/systemd/system/multi-user.target.wants/chronyd.service 2>/dev/null`,
-
-          // Start chronyd if systemd is running
-          `systemctl start chronyd 2>/dev/null`,
-
-          // Restart chronyd to apply configuration
-          `systemctl restart chronyd 2>/dev/null`,
-
-          // Force immediate time synchronization (only if chronyd is running)
-          `chronyc makestep 2>/dev/null`,
-
-          // Verify timezone configuration
-          `ls -l /etc/localtime`,
-          `cat /etc/timezone || echo 'No /etc/timezone file'`,
-          `timedatectl status 2>/dev/null || echo 'Timezone set to ${timezone} (timedatectl not available in chroot)'`,
-          `chronyc tracking 2>/dev/null || echo 'Chrony configured but not running (will start on boot)'`,
-        ],
-        /**
-         * @method keyboard
-         * @description Generates shell commands for configuring the keyboard layout on Rocky Linux.
-         * This uses localectl to set the keyboard layout for both console and X11.
-         * @param {string} [keyCode='us'] - The keyboard layout code (e.g., 'us', 'es').
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        keyboard: (keyCode = 'us') => [
-          // Configure vconsole.conf for console keyboard layout (persistent)
-          `echo 'KEYMAP=${keyCode}' > /etc/vconsole.conf`,
-          `echo 'FONT=latarcyrheb-sun16' >> /etc/vconsole.conf`,
-
-          // Configure locale.conf for system locale
-          `echo 'LANG=en_US.UTF-8' > /etc/locale.conf`,
-          `echo 'LC_ALL=en_US.UTF-8' >> /etc/locale.conf`,
-
-          // Set keyboard layout using localectl (works if systemd is running)
-          `localectl set-locale LANG=en_US.UTF-8 2>/dev/null`,
-          `localectl set-keymap ${keyCode} 2>/dev/null`,
-          `localectl set-x11-keymap ${keyCode} 2>/dev/null`,
-
-          // Configure X11 keyboard layout file directly
-          `mkdir -p /etc/X11/xorg.conf.d`,
-          `echo 'Section "InputClass"' > /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo '    Identifier "system-keyboard"' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo '    MatchIsKeyboard "on"' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo '    Option "XkbLayout" "${keyCode}"' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo 'EndSection' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-
-          // Load the keymap immediately (if not in chroot)
-          `loadkeys ${keyCode} 2>/dev/null || echo 'Keymap ${keyCode} configured (loadkeys not available in chroot)'`,
-
-          // Verify configuration
-          `echo 'Keyboard configuration files:'`,
-          `cat /etc/vconsole.conf`,
-          `cat /etc/locale.conf`,
-          `cat /etc/X11/xorg.conf.d/00-keyboard.conf 2>/dev/null || echo 'X11 config created'`,
-          `localectl status 2>/dev/null || echo 'Keyboard layout set to ${keyCode} (localectl not available in chroot)'`,
-        ],
-      },
-    },
-
     /**
      * @method rebuildNfsServer
      * @description Configures and restarts the NFS server to export the specified path.

package/src/cli/cloud-init.js

@@ -64,7 +64,7 @@ class UnderpostCloudInit {
           fs.writeFileSync(
             `${nfsHostToolsPath}/date.sh`,
             Underpost.baremetal.stepsRender(
-              Underpost.baremetal.systemProvisioningFactory[systemProvisioning].timezone({
+              Underpost.system.factory[systemProvisioning].timezone({
                 timezone,
                 chronyConfPath,
               }),
@@ -78,7 +78,7 @@ class UnderpostCloudInit {
           fs.writeFileSync(
             `${nfsHostToolsPath}/keyboard.sh`,
             Underpost.baremetal.stepsRender(
-              Underpost.baremetal.systemProvisioningFactory[systemProvisioning].keyboard(keyboard.layout),
+              Underpost.system.factory[systemProvisioning].keyboard(keyboard.layout),
               false,
             ),
             'utf8',

package/src/cli/index.js

@@ -76,11 +76,20 @@ program
   .option('--info', 'Displays information about available commit types.')
   .option('--diff', 'Shows the current git diff changes.')
   .option('--edit', 'Edit last commit.')
-  .option('--msg <msg>', 'Sets a custom commit message.')
   .option('--deploy-id <deploy-id>', 'Sets the deployment configuration ID for the commit context.')
   .option('--cached', 'Commit staged changes only or context.')
   .option('--hashes <hashes>', 'Comma-separated list of specific file hashes of commits.')
   .option('--extension <extension>', 'specific file extensions of commits.')
+  .option(
+    '--changelog [latest-n]',
+    'Print plain the changelog of the specified number of latest n commits, if no number is provided it will get the changelog to latest ci integration',
+  )
+  .option('--changelog-build', 'Builds a CHANGELOG.md file based on the commit history')
+  .option('--changelog-min-version <version>', 'Sets the minimum version limit for --changelog-build (default: 2.85.0)')
+  .option(
+    '--changelog-no-hash',
+    'Excludes commit hashes from the generated changelog entries (used with --changelog-build).',
+  )
   .description('Manages commits to a GitHub repository, supporting various commit types and options.')
   .action(Underpost.repo.commit);
 
@@ -426,6 +435,7 @@ program
     '--create-job-now',
     'After applying manifests, immediately create a Job from each CronJob (requires --apply).',
   )
+  .option('--ssh', 'Execute backup commands via SSH on the remote node instead of locally.')
   .description('Manages cron jobs: execute jobs directly or generate and apply K8s CronJob manifests.')
   .action(Underpost.cron.callback);
 
@@ -502,6 +512,7 @@ program
   .option('--status', 'Checks the status of the SSH service.')
   .option('--connect-uri', 'Displays the connection URI.')
   .option('--copy', 'Copies the connection URI to clipboard.')
+  .description('Manages SSH credentials and sessions for remote access to cluster nodes or services.')
   .action(Underpost.ssh.callback);
 
 program

package/src/cli/repository.js

@@ -88,10 +88,13 @@ class UnderpostRepository {
      * @param {boolean} [options.cached=false] - If true, commits only staged changes.
      * @param {number} [options.log=0] - If greater than 0, shows the last N commits with diffs.
      * @param {boolean} [options.lastMsg=0] - If greater than 0, copies or show the last last single n commit message to clipboard.
-     * @param {string} [options.msg=''] - If provided, outputs this message instead of committing.
      * @param {string} [options.deployId=''] - An optional deploy ID to include in the commit message.
      * @param {string} [options.hashes=''] - If provided with diff option, shows the diff between two hashes.
      * @param {string} [options.extension=''] - If provided with diff option, filters the diff by this file extension.
+     * @param {boolean|string} [options.changelog=undefined] - If true, prints the changelog since the last CI integration commit (starting with 'ci(package-pwa-microservices-'). If a number string, prints the changelog of the last N commits split by version sections. Only considers commits starting with '[<tag>]'.
+     * @param {boolean} [options.changelogBuild=false] - If true, scrapes all git history and builds a full CHANGELOG.md. Commits containing 'New release v:' are used as version section titles. Only commits starting with '[<tag>]' are included as entries.
+     * @param {string} [options.changelogMinVersion=''] - If set, overrides the default minimum version limit (2.85.0) for --changelog-build.
+     * @param {boolean} [options.changelogNoHash=false] - If true, omits commit hashes from the changelog entries.
      * @memberof UnderpostRepository
      */
     commit(
@@ -108,13 +111,169 @@ class UnderpostRepository {
         cached: false,
         lastMsg: 0,
         log: 0,
-        msg: '',
         deployId: '',
         hashes: '',
         extension: '',
+        changelog: undefined,
+        changelogBuild: false,
+        changelogMinVersion: '',
+        changelogNoHash: false,
       },
     ) {
       if (!repoPath) repoPath = '.';
+
+      if (options.changelog !== undefined || options.changelogBuild) {
+        const ciIntegrationPrefix = 'ci(package-pwa-microservices-';
+        const releaseMatch = 'New release v:';
+
+        // Helper: parse [<tag>] commits into grouped sections
+        const buildSectionChangelog = (commits) => {
+          const groups = {};
+          const tagOrder = [];
+          for (const commit of commits) {
+            if (!commit.message.startsWith('[')) continue;
+            const match = commit.message.match(/^\[([^\]]+)\]\s*(.*)/);
+            if (match) {
+              const tag = match[1].trim();
+              const context = match[2].trim().replaceAll('"', '');
+              if (!groups[tag]) {
+                groups[tag] = [];
+                tagOrder.push(tag);
+              }
+              groups[tag].push({ ...commit, context });
+            }
+          }
+          let out = '';
+          for (const tag of tagOrder) {
+            out += `### ${tag}\n\n`;
+            for (const entry of groups[tag]) {
+              out += `- ${entry.context}${options.changelogNoHash ? '' : ` (${commitUrl(entry.hash, entry.fullHash)})`}\n`;
+            }
+            out += '\n';
+          }
+          return out;
+        };
+
+        // Helper: fetch git log as structured array
+        const fetchHistory = (limit) => {
+          const limitArg = limit ? ` -n ${limit}` : '';
+          const rawLog = shellExec(`git log --pretty=format:"%h||%H||%s||%ci"${limitArg}`, {
+            stdout: true,
+            silent: true,
+            disableLog: true,
+          });
+          return rawLog
+            .split('\n')
+            .map((line) => {
+              const parts = line.split('||');
+              return {
+                hash: (parts[0] || '').trim(),
+                fullHash: (parts[1] || '').trim(),
+                message: parts[2] || '',
+                date: parts[3] || '',
+              };
+            })
+            .filter((c) => c.hash);
+        };
+
+        const githubUser = process.env.GITHUB_USERNAME || 'underpostnet';
+        const commitUrl = (shortHash, fullHash) =>
+          `[${shortHash}](https://github.com/${githubUser}/engine/commit/${fullHash})`;
+
+        // Helper: extract version from commit message containing 'New release v:'
+        const extractVersion = (message) => {
+          const idx = message.indexOf(releaseMatch);
+          if (idx === -1) return null;
+          return message.substring(idx + releaseMatch.length).trim();
+        };
+
+        // Helper: split commits array into version sections by 'New release v:' boundary
+        const buildVersionSections = (commits) => {
+          const sections = [];
+          let currentSection = { title: null, date: new Date().toISOString().split('T')[0], commits: [] };
+
+          for (const commit of commits) {
+            const version = extractVersion(commit.message);
+            if (version) {
+              // Push accumulated commits as a section
+              sections.push(currentSection);
+              // Start new version section; commits below this one belong to it
+              const commitDate = commit.date ? commit.date.split(' ')[0] : '';
+              currentSection = { title: `${releaseMatch}${version}`, date: commitDate, hash: commit.hash, commits: [] };
+            } else {
+              currentSection.commits.push(commit);
+            }
+          }
+          // Push the last (oldest) section
+          if (currentSection.commits.length > 0) sections.push(currentSection);
+          return sections;
+        };
+
+        // Helper: render sections array into changelog markdown string
+        const renderSections = (sections) => {
+          let changelog = '';
+          for (const section of sections) {
+            const sectionBody = buildSectionChangelog(section.commits);
+            if (!sectionBody) continue;
+            if (section.title) {
+              changelog += `## ${section.title}${options.changelogNoHash ? '' : ` (${section.date})`}\n\n`;
+            } else {
+              changelog += `## ${section.date}\n\n`;
+            }
+            changelog += sectionBody;
+          }
+          return changelog;
+        };
+
+        const changelogMinVersion = options.changelogMinVersion || '2.97.1';
+
+        if (options.changelogBuild) {
+          // --changelog-build: scrape ALL history, split by 'New release v:' commits as version sections
+          const allCommits = fetchHistory();
+          const sections = buildVersionSections(allCommits);
+
+          // Filter sections: stop at changelogMinVersion boundary
+          const limitedSections = [];
+          for (const section of sections) {
+            limitedSections.push(section);
+            if (section.title) {
+              const versionStr = section.title.replace(releaseMatch, '').trim();
+              if (versionStr === changelogMinVersion) break;
+            }
+          }
+
+          let changelog = renderSections(limitedSections);
+
+          if (!changelog) {
+            changelog = `No changelog entries found.\n`;
+          }
+
+          const changelogPath = `${repoPath === '.' ? '.' : repoPath}/CHANGELOG.md`;
+          fs.writeFileSync(changelogPath, `# Changelog\n\n${changelog}`);
+          logger.info('CHANGELOG.md built at', changelogPath);
+        } else {
+          // --changelog [latest-n]: print changelog of last N commits or since last release
+          const hasExplicitCount =
+            options.changelog !== undefined && options.changelog !== true && !isNaN(parseInt(options.changelog));
+          const scanLimit = hasExplicitCount ? parseInt(options.changelog) : 500;
+          const allCommits = fetchHistory(scanLimit);
+
+          let commits;
+          if (!hasExplicitCount) {
+            // No explicit count: find commits up to the last CI integration boundary
+            const ciIndex = allCommits.findIndex((c) => c.message.startsWith(ciIntegrationPrefix));
+            commits = ciIndex >= 0 ? allCommits.slice(0, ciIndex) : allCommits;
+          } else {
+            commits = allCommits;
+          }
+
+          const sections = buildVersionSections(commits);
+          let changelog = renderSections(sections);
+          console.log(changelog || `No changelog entries found.\n`);
+        }
+
+        return;
+      }
       if (options.diff && options.hashes) {
         const hashes = options.hashes.split(',');
         const cmd = `git --no-pager diff ${hashes[0]} ${hashes[1] ? hashes[1] : 'HEAD'}${options.extension ? ` -- '*.${options.extension}'` : ''}`;
@@ -123,16 +282,6 @@ class UnderpostRepository {
         } else console.log(cmd);
         return;
       }
-      if (options.msg) {
-        options.msg = options.msg.replaceAll('"', '').replaceAll(`'`, '').replaceAll('`', '');
-        let key = Object.keys(commitData).find((k) => k && options.msg.toLocaleLowerCase().slice(0, 16).match(k));
-        if (!key) key = Object.keys(commitData).find((k) => k && options.msg.toLocaleLowerCase().match(k));
-        if (!key || key === undefined) key = 'chore';
-        shellExec(
-          `underpost cmt ${repoPath} ${key} ${options.deployId ? options.deployId : `''`} '${options.msg.replaceAll(`${key}(${key}`, '')}'`,
-        );
-        return;
-      }
       if (options.lastMsg) {
         if (options.copy) {
           pbcopy(Underpost.repo.getLastCommitMsg(options.lastMsg - 1));
@@ -197,7 +346,11 @@ class UnderpostRepository {
      * @memberof UnderpostRepository
      */
     getLastCommitMsg(skip = 0) {
-      return shellExec(`git --no-pager log -1 --skip=${skip} --pretty=%B`, { stdout: true });
+      return shellExec(`git --no-pager log -1 --skip=${skip} --pretty=%B`, {
+        stdout: true,
+        silent: true,
+        disableLog: true,
+      });
     },
 
     /**