oscerd opened a new pull request, #6635: URL: https://github.com/apache/camel-k/pull/6635
## What Adds three repository-root files, modeled on what `apache/camel` ships, adapted for Camel K: - **`AGENTS.md`** — AI agent rules of engagement and contributor guidance. - **`CLAUDE.md`** — identical content to `AGENTS.md` (mirrors `apache/camel`'s layout so tools that look for either file find the same guidance). - **`SECURITY.md`** — the security-policy entry point GitHub and security tooling expect: supported versions, the ASF private-disclosure process, and a pointer to the threat model for scope. ## Why `apache/camel` has `AGENTS.md` / `CLAUDE.md` / `SECURITY.md`; Camel K had none. These give AI agents and contributors a single, accurate set of rules and give security tooling the conventional `SECURITY.md` entry point. The upstream files are Java/Maven/JIRA-specific, so they were **adapted** rather than copied: - Go/Make toolchain with the project's real targets (`make build` / `test` / `lint` / `generate` / `update-docs`) instead of Maven. - **GitHub Issues** workflow and the project's `fix/` `feature/` `quick-fix/` branch + `Fix #<n>:` / `chore:` / `ci:` commit conventions, instead of JIRA. - Go asynchronous-testing guidance (Gomega `Eventually`, no `time.Sleep`) instead of Awaitility. - A Camel-K-accurate **Security Model** section: trust roles (platform admin / CR author / cluster tenant / network client), in/out-of-scope summary, operator hardening checklist, and a committer review checklist for security-sensitive PRs — all sourced from the Camel K threat model. `SECURITY.md` and `AGENTS.md` point to `docs/threat-model.md` as the canonical Camel K threat model and frame it as the additive sub-project expansion of the umbrella [Apache Camel Security Model](https://camel.apache.org/manual/security-model.html) (which explicitly scopes itself to "Camel embedded in someone else's application, not a multi-tenant managed service"). ## Dependency `docs/threat-model.md` / `docs/threat-model.yaml` are added by #6634. The repo-relative links in `SECURITY.md` and `AGENTS.md` resolve once #6634 is merged — please merge #6634 first (or merge them together). --- _Authored by Claude Code on behalf of Andrea Cosentino (@oscerd)._ 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
