ppkarwasz opened a new pull request, #4083: URL: https://github.com/apache/logging-log4j2/pull/4083
This introduces an `AGENTS.md` file, which AI coding agents (such as Claude Code, Cursor, and GitHub Copilot) read automatically when entering a repository. It lets the project guide agent behavior without relying on researchers to configure their tools manually. This first version targets vulnerability research workflows. Before an agent drafts or files a report, it is instructed to read: - **Threat model**: to establish what is and isn't in scope - **VDR**: to catch duplicates before they are reported - **Security FAQ**: to filter out known, intentional behaviors that are not vulnerabilities All three documents are referenced by their raw source URLs rather than rendered pages. This reduces token consumption and avoids context window pressure when agents are processing large codebases alongside these files. The expected outcome is fewer duplicate reports, fewer false positives, and less triage burden. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
