oscerd opened a new pull request, #1771:
URL: https://github.com/apache/camel-kafka-connector/pull/1771
## What
Adds a project **Security Model** plus the supporting `SECURITY.md` and
`AGENTS.md`, following the Apache Camel house style
(`apache/camel`'s `security-model.adoc` / `SECURITY.md` / `AGENTS.md`).
| File | Purpose |
|---|---|
| `docs/modules/ROOT/pages/security-model.adoc` | The threat model, in
Camel's section structure (Audience → Trust model → Vulnerability scope →
Deployment hardening → Guidance for authors → Reporting → Conditions that
change the model) |
| `SECURITY.md` | GitHub-rendered security pointer (ASF private reporting
process) |
| `AGENTS.md` | AI-agent rules of engagement + a Security Model summary,
adapted for CKC (GitHub issues, generated-artifact rules, module layout) |
| `docs/modules/ROOT/nav.adoc` | Adds the `Security Model` navigation entry |
## Why
Camel Kafka Connector is thin glue over Apache Camel and the Kafka Connect
runtime, so security reports are easy to misroute. The model makes the
implicit contract explicit and gives the PMC / triage tooling an
authoritative scope statement.
Key positions captured:
- A **connector configuration is trusted, operator-authored route code** —
arbitrary `camel.sink.url` / `camel.source.url`, `#class:` beans and SMT
class options mean code execution by whoever can submit a config is
**by design** (the direct analogue of Camel's "route author is trusted").
- The **wrapped Camel component / Kamelet** is governed by the
[Apache Camel Security
Model](https://camel.apache.org/manual/security-model.html)
and triaged by the Camel PMC — "connector X wraps component Y with CVE-Z"
is explicitly a non-finding for CKC.
- The **Kafka Connect REST API and config store** are the runtime's
responsibility (a precondition, not a CKC feature).
- CKC's own in-scope surface is the narrow `core/` glue: config→route
assembly, the `CamelHeader.`/`CamelProperty.` header mapping, secret
masking in the startup log, and bundled SMTs.
## Notes
- Reporting address is `[email protected]` (ASF-wide alias); the docs
point to <https://camel.apache.org/security/> for the process, mirroring
Camel.
- Documentation-only change: no code, no dependency, no API impact. The new
page is wired into the Antora nav and all `xref:` targets resolve.
---
_Claude Code on behalf of Andrea Cosentino_
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
