بنقرة واحدة
kms-changelog
Create or update the branch CHANGELOG entry. Use when writing a changelog entry for this branch.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Create or update the branch CHANGELOG entry. Use when writing a changelog entry for this branch.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Write the next version entry at the top of CHANGELOG.md by summarizing all changes since the last tagged release. Use when preparing release notes.
Audit GitHub Actions workflows for efficiency and recommend fixes to reduce CI minutes and costs. Use when asked to improve CI performance.
Fix CI failures in a loop until all GitHub workflow runs on the current branch are green. Use when CI is failing and needs automated repair.
AI-powered security scanner — OWASP Top 10, CWE Top 25, KMIP authorization, FIPS gating, memory safety, side-channel, supply chain, and 20 vulnerability families. Use when asked to review code security, audit KMIP access control, or scan for vulnerabilities.
Comprehensive cryptographic audit: FIPS 140-3, BSI TR-02102, ANSSI, NIST SP 800-series compliance, algorithm allow-list, key sizes, feature-flag gating, OpenSSL provider init, key lifecycle, multi-standard matrix, and academic cryptanalysis cross-check. Use when touching crate/crypto/, algorithm selection, or key management code.
Comprehensive security audit orchestrator: invokes /security-review, /cryptography-review, /threat-model, and /standards-review in sequence. Produces a unified go/no-go report. Use for full security audit before release or after significant changes.
| name | kms-changelog |
| description | Create or update the branch CHANGELOG entry. Use when writing a changelog entry for this branch. |
Create or update the branch-specific CHANGELOG entry for this repository.
CHANGELOG.md is auto-generated by git-cliff — NEVER edit it manually.CHANGELOG/<branch-name>.md (replace / with _).feature/my-feature → CHANGELOG/feature_my-feature.mdgit branch --show-current
Never guess the branch name. Always run this command.
The changelog file path is: CHANGELOG/<branch-name-with-slashes-replaced-by-underscores>.md
Example: branch fix/kmip-auth-bypass → CHANGELOG/fix_kmip-auth-bypass.md
Write a changelog entry only when the change is:
Skip for: routine internal implementation, formatting, minor refactors, test-only changes that don't affect observable behavior, CI pipeline adjustments.
If unsure, ask the user: "Does this change any of: public API signatures, CLI flags/output, config file keys, default behavior, supported algorithms, or error messages visible to operators?"
Ask the user (or infer from git diff and context):
kmip, api, cli, ui, crypto, db, hsm, config, wasm, docs, nix, ciCreate or append to CHANGELOG/<branch>.md using this structure:
## Features
### KMIP / Crypto
- Add `ReKey` operation with AES-256-GCM support for symmetric key rotation ([#42](https://github.com/Cosmian/kms/issues/42))
### CLI
- Add `ckms keys rekey` subcommand with `--uid` and `--wrapping-key-uid` flags
## Bug Fixes
### API
- Return HTTP 403 (not 500) when key access is denied in `Get` operation ([#38](https://github.com/Cosmian/kms/issues/38))
## Security
- Enforce access control check in `Wrap` operation before returning wrapped key material
## Build
- Upgrade OpenSSL from 3.5.0 to 3.6.0 (FIPS provider updated)
---
Closes #38
Closes #42
Section names: Features, Bug Fixes, Security, Refactor, Documentation, Testing, CI, Build
Sub-group by component when multiple entries share the same area (e.g. multiple KMIP changes under ### KMIP).
If CHANGELOG/<branch>.md does not exist yet:
ls CHANGELOG/
Create it with just the new entry. Do not copy content from other CHANGELOG files.
If the change introduces a breaking change, add a ## Breaking Changes section at the top with a migration guide:
## Breaking Changes
### CLI
- `--sqlite-path` flag renamed to `--sqlite-data-path`. Update startup scripts and `kms.toml`:
```toml
# Old
sqlite-path = "/data/kms"
# New
sqlite-data-path = "/data/kms"
## PR/Issue Link Format
- PR link: `([#N](https://github.com/Cosmian/kms/pull/N))`
- Issue link: `([#N](https://github.com/Cosmian/kms/issues/N))`
- Auto-close syntax at end of file: `Closes #N`