potiuk opened a new pull request, #152: URL: https://github.com/apache/airflow-client-python/pull/152
**This is a proposal for the PMC to review — please correct, reject, or discuss as needed.** Nothing here is a requirement; the maintainer is the decision-maker. This adds an `AGENTS.md` to `apache/airflow-client-python` so an automated scan agent can mechanically discover the project's security model via the conventional `AGENTS.md → model` chain. The client library currently has no in-repo security-discovery file, so an agent has no way to find the authoritative Airflow security model without out-of-band knowledge. Context: the ASF Security team is preparing the project for an automated agentic security scan we're piloting. Such scans refuse to run if the model isn't discoverable by that path (refusing upfront beats wasting PMC reviewer cycles on a noise-heavy run against an unknown model). Discoverability is the one hard gate; everything else is suggestion. The Security team has reached out separately on the PMC's private list with the program details; this PR is the public-facing repo piece. The pointer chains the client to the main Apache Airflow security model (the same one apache/airflow's AGENTS.md points at). The Security team uses [threat-model-producer](https://gist.github.com/potiuk/da14a826283038ddfe38cc9fe6310573) as the rubric for what a complete model looks like — but this PR is just the *link*; nothing about the model content itself changes. Questions / pushback welcome. Happy to adjust the wording or move the section if the project has a house style. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
