This is an automated email from the ASF dual-hosted git repository.
shahar1 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-client-python.git
The following commit(s) were added to refs/heads/main by this push:
new 804a8e9 Add AGENTS.md with security-model link for agent
discoverability (#152)
804a8e9 is described below
commit 804a8e9f7f13fd2d890d9091933c7ced9987cad4
Author: Jarek Potiuk <[email protected]>
AuthorDate: Fri May 29 20:50:17 2026 +0200
Add AGENTS.md with security-model link for agent discoverability (#152)
This adds an AGENTS.md to apache/airflow-client-python so an
automated scan agent can mechanically discover the project's
security model via the conventional AGENTS.md -> model chain.
The client library currently has no in-repo security-discovery
file, so an agent has no way to find the authoritative Airflow
security model without out-of-band knowledge.
The pointer chains the client to the main Apache Airflow
security model (the same one apache/airflow's AGENTS.md
points at).
Generated-by: Claude Code (Claude Opus 4.7)
---
AGENTS.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..a87a2c6
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,45 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+# Apache Airflow Python Client — Agent Instructions
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository. It
+points them at the human-authored references they should
+consult before producing output.
+
+## Security Model
+
+The authoritative security reference for this client is the
+Apache Airflow Security Model:
+
+
https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html
+
+(Repo source:
[`apache/airflow:airflow-core/docs/security/security_model.rst`](https://github.com/apache/airflow/blob/main/airflow-core/docs/security/security_model.rst).)
+
+This client library inherits Apache Airflow's security model.
+In particular, the *"What is NOT considered a security
+vulnerability"* section enumerates recurring non-findings —
+agents should consult it before reporting issues against the
+Airflow API surface this client wraps.
+
+Client-specific concerns (TLS configuration, token handling,
+retry/backoff behaviour, connection lifecycle) follow the
+guidance in the upstream Airflow model unless explicitly
+documented otherwise in this repository.
