This is an automated email from the ASF dual-hosted git repository.

sergehuber pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/unomi-tracker.git


The following commit(s) were added to refs/heads/main by this push:
     new c20cb01  Add AGENTS.md + SECURITY.md security-model discoverability 
pointers (#24)
c20cb01 is described below

commit c20cb01964423ff011c9f6d301331e0f1dc30522
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sun Jun 21 02:46:02 2026 -0400

    Add AGENTS.md + SECURITY.md security-model discoverability pointers (#24)
    
    Merging — discoverability goal LGTM. We’ll follow up on main to align 
AGENTS.md / SECURITY.md with the existing ASF header style used in README.md. 
Longer term the PMC may standardize on SPDX/REUSE repo-wide to reduce per-file 
headers; until then we’ll keep one convention per repo.
---
 AGENTS.md   | 16 ++++++++++++++++
 SECURITY.md | 16 ++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..75755fd
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,16 @@
+<!-- SPDX-License-Identifier: Apache-2.0
+     https://www.apache.org/legal/release-policy.html -->
+
+# Agent Guide for unomi-tracker
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md)
+
+Agents that scan this repository should consult `SECURITY.md` and the
+threat model it links before reporting issues.
+
+Apache Unomi tracker is the client-side JS tracker; the project-wide threat 
model lives in `apache/unomi`.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..2d0b10b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+<!-- SPDX-License-Identifier: Apache-2.0
+     https://www.apache.org/legal/release-policy.html -->
+
+# Security Policy
+
+## Reporting a Vulnerability
+
+`apache/unomi-tracker` follows the [Apache Software Foundation security 
process](https://www.apache.org/security/). Please report suspected
+vulnerabilities privately to `[email protected]`; do not open public
+GitHub issues or pull requests for security reports.
+
+## Threat Model
+
+What the project treats as in scope and out of scope, the security
+properties it provides and disclaims, the adversary model, and how
+findings are triaged are documented in 
<https://github.com/apache/unomi/blob/master/THREAT_MODEL.md>.

Reply via email to