一键导入
kms-changelog
Create or update the branch CHANGELOG entry. Use when writing a changelog entry for this branch.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Create or update the branch CHANGELOG entry. Use when writing a changelog entry for this branch.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Write the next version entry at the top of CHANGELOG.md by summarizing all changes since the last tagged release. Use when preparing release notes.
Audit GitHub Actions workflows for efficiency and recommend fixes to reduce CI minutes and costs. Use when asked to improve CI performance.
Fix CI failures in a loop until all GitHub workflow runs on the current branch are green. Use when CI is failing and needs automated repair.
AI-powered security scanner — OWASP Top 10, CWE Top 25, KMIP authorization, FIPS gating, memory safety, side-channel, supply chain, and 20 vulnerability families. Use when asked to review code security, audit KMIP access control, or scan for vulnerabilities.
Comprehensive cryptographic audit: FIPS 140-3, BSI TR-02102, ANSSI, NIST SP 800-series compliance, algorithm allow-list, key sizes, feature-flag gating, OpenSSL provider init, key lifecycle, multi-standard matrix, and academic cryptanalysis cross-check. Use when touching crate/crypto/, algorithm selection, or key management code.
Comprehensive security audit orchestrator: invokes /security-review, /cryptography-review, /threat-model, and /standards-review in sequence. Produces a unified go/no-go report. Use for full security audit before release or after significant changes.
| name | kms-changelog |
| description | Create or update the branch CHANGELOG entry. Use when writing a changelog entry for this branch. |
Create or update the branch-specific CHANGELOG entry for this repository.
CHANGELOG.md is auto-generated by git-cliff — NEVER edit it manually.CHANGELOG/<branch-name>.md (replace / with _).feature/my-feature → CHANGELOG/feature_my-feature.mdgit branch --show-current
Never guess the branch name. Always run this command.
The changelog file path is: CHANGELOG/<branch-name-with-slashes-replaced-by-underscores>.md
Example: branch fix/kmip-auth-bypass → CHANGELOG/fix_kmip-auth-bypass.md
Write a changelog entry only when the change is:
Skip for: routine internal implementation, formatting, minor refactors, test-only changes that don't affect observable behavior, CI pipeline adjustments.
If unsure, ask the user: "Does this change any of: public API signatures, CLI flags/output, config file keys, default behavior, supported algorithms, or error messages visible to operators?"
Ask the user (or infer from git diff and context):
kmip, api, cli, ui, crypto, db, hsm, config, wasm, docs, nix, ciCreate or append to CHANGELOG/<branch>.md using this structure:
## Features
### KMIP / Crypto
- Add `ReKey` operation with AES-256-GCM support for symmetric key rotation ([#42](https://github.com/Cosmian/kms/issues/42))
### CLI
- Add `ckms keys rekey` subcommand with `--uid` and `--wrapping-key-uid` flags
## Bug Fixes
### API
- Return HTTP 403 (not 500) when key access is denied in `Get` operation ([#38](https://github.com/Cosmian/kms/issues/38))
## Security
- Enforce access control check in `Wrap` operation before returning wrapped key material
## Build
- Upgrade OpenSSL from 3.5.0 to 3.6.0 (FIPS provider updated)
---
Closes #38
Closes #42
Section names: Features, Bug Fixes, Security, Refactor, Documentation, Testing, CI, Build
Sub-group by component when multiple entries share the same area (e.g. multiple KMIP changes under ### KMIP).
If CHANGELOG/<branch>.md does not exist yet:
ls CHANGELOG/
Create it with just the new entry. Do not copy content from other CHANGELOG files.
If the change introduces a breaking change, add a ## Breaking Changes section at the top with a migration guide:
## Breaking Changes
### CLI
- `--sqlite-path` flag renamed to `--sqlite-data-path`. Update startup scripts and `kms.toml`:
```toml
# Old
sqlite-path = "/data/kms"
# New
sqlite-data-path = "/data/kms"
## PR/Issue Link Format
- PR link: `([#N](https://github.com/Cosmian/kms/pull/N))`
- Issue link: `([#N](https://github.com/Cosmian/kms/issues/N))`
- Auto-close syntax at end of file: `Closes #N`