一键导入
kmip-compliance
Validate a KMIP operation against the KMIP 2.1 spec, dispatch table, and type definitions. Use when adding or modifying a KMIP operation.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Validate a KMIP operation against the KMIP 2.1 spec, dispatch table, and type definitions. Use when adding or modifying a KMIP operation.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Write the next version entry at the top of CHANGELOG.md by summarizing all changes since the last tagged release. Use when preparing release notes.
Audit GitHub Actions workflows for efficiency and recommend fixes to reduce CI minutes and costs. Use when asked to improve CI performance.
Fix CI failures in a loop until all GitHub workflow runs on the current branch are green. Use when CI is failing and needs automated repair.
AI-powered security scanner — OWASP Top 10, CWE Top 25, KMIP authorization, FIPS gating, memory safety, side-channel, supply chain, and 20 vulnerability families. Use when asked to review code security, audit KMIP access control, or scan for vulnerabilities.
Comprehensive cryptographic audit: FIPS 140-3, BSI TR-02102, ANSSI, NIST SP 800-series compliance, algorithm allow-list, key sizes, feature-flag gating, OpenSSL provider init, key lifecycle, multi-standard matrix, and academic cryptanalysis cross-check. Use when touching crate/crypto/, algorithm selection, or key management code.
Comprehensive security audit orchestrator: invokes /security-review, /cryptography-review, /threat-model, and /standards-review in sequence. Produces a unified go/no-go report. Use for full security audit before release or after significant changes.
| name | kmip-compliance |
| description | Validate a KMIP operation against the KMIP 2.1 spec, dispatch table, and type definitions. Use when adding or modifying a KMIP operation. |
Verify that a new or modified KMIP operation is fully compliant with the KMIP 2.1 specification and correctly wired through the codebase.
crate/server/src/core/operations/crate/kmip/src/kmip_2_1/Determine the operation name (e.g. Get, Create, Locate, Encrypt, ReKey). Locate these files:
crate/kmip/src/kmip_2_1/ or crate/kmip/src/kmip_1_4/ — HTML spec filescrate/kmip/src/kmip_2_1/kmip_operations.rscrate/server/src/core/operations/dispatch.rscrate/server/src/core/operations/<operation>.rscrate/kmip/src/ls crate/kmip/src/
ls crate/server/src/core/operations/
Read the HTML spec file for the operation. Verify:
Option<T> in Rust#[kmip(tag = "0x...")] attributes)Do not rely on training-data recall for spec section numbers, field names, or TTLV tag values. Always cross-reference against the actual HTML spec file.
In crate/kmip/src/kmip_2_1/kmip_operations.rs:
Request and response types are defined and added to the Operation enum
All fields use correct Rust types mapped from KMIP types:
| KMIP Type | Rust Type |
|---|---|
| TextString | String |
| ByteString | Vec<u8> |
| Integer | i32 |
| LongInteger | i64 |
| BigInteger | Vec<u8> |
| Enumeration | Custom enum with #[derive(KmipEnum)] |
| Boolean | bool |
| DateTime | i64 (epoch seconds) |
| Structure | Nested struct |
Structs derive Debug, Clone, Serialize, Deserialize (and KmipSerialize/KmipDeserialize via proc-macros)
Optional fields consistently use Option<T>, not default-zero integers
In crate/server/src/core/operations/dispatch.rs:
#[cfg(feature = "non-fips")]In crate/server/src/core/operations/<operation>.rs:
db.is_allowed(uid, caller, operation_type) (or equivalent)? propagation; no .unwrap() in production pathstrace!/debug! level; errors at warn! or error!crate/server/src/core/operations/mod.rs#[cfg(test)] block within the operation file, or a test vector existscrate/test_kms_server/src/vector_runner.rs (run /kms-test-vector if missing)## KMIP Compliance: [OperationName]
### Spec Cross-Reference
[Issues or ✅ clean]
### Type Definitions
[Issues or ✅ clean]
### Dispatch Table
[Issues or ✅ clean]
### Implementation
[Issues or ✅ clean]
### Access Control
[Issues or ✅ CRITICAL concern if missing]
### Test Coverage
[Missing vectors or ✅ covered]
### Required Actions
1. [Ordered list of fixes needed before the operation is compliant]