Add THREAT_MODEL.md + SECURITY.md and wire AGENTS.md (security-model discoverability)#3449
Conversation
…el discoverability Adds a draft threat model (ASF Security team v0, for the PMC to own and refine), a SECURITY.md pointing to it, and a Security section in AGENTS.md so the AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability chain resolves. Documentation only; no code or behaviour changes. Assisted-by: Claude Code:claude-opus-4-8
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3449 +/- ##
============================================
+ Coverage 76.35% 76.39% +0.03%
- Complexity 13424 13963 +539
============================================
Files 1012 1031 +19
Lines 60341 63139 +2798
Branches 7075 7389 +314
============================================
+ Hits 46076 48237 +2161
- Misses 11548 11895 +347
- Partials 2717 3007 +290 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
Thanks @Cole-Greer — both well taken. Maintainers list (L27) — agreed, dropping it; applying your suggestion. 3.7/3.8 vs 4 split (L47) — that makes sense, and I'll defer to you on the structure: I'll refocus this PR on the 4 / master line as you suggest. If you're up for opening the twin PR cherry-picking the 3.7/3.8-appropriate version, that's the cleanest split — say the word and I'll keep the shared wording aligned so the two don't diverge. Whatever fits your release lines best. Thanks for the careful read. |
|
@Cole-Greer — confirming I'm holding this PR rather than pushing a partial refocus. The 3.7/3.8-vs-4 split is yours to drive via the twin PR you mentioned; once that's open (or you tell me which way you'd like the version scope to land), I'll refocus this one on 4/master and keep the shared wording aligned with yours. The maintainers-list reword you suggested folds in at the same time. Nothing needed from you until then. |
…not protection without an Authorizer, clearer scope rules Assisted-by: Claude Code:claude-fable-5
Adds a draft
THREAT_MODEL.mdfor Apache TinkerPop, aSECURITY.mdpointing to it, and a## Securitysection inAGENTS.md, so automated security scanners (and researchers) can mechanically discover the project's threat model via theAGENTS.md->SECURITY.md->THREAT_MODEL.mdchain.The threat model is a v0 draft authored by the ASF Security team for the PMC to own and refine. It follows a standard rubric (scope, trust boundaries, adversary model, security properties provided / not provided, downstream responsibilities, known non-findings, triage dispositions). Every claim carries a provenance tag —
*(documented)*/*(inferred)*/*(maintainer)*— and every*(inferred)*claim routes to a numbered question in §14 for the PMC to confirm, correct, or strike. The highest-value items to confirm: the default authentication/TLS posture, the script-execution disposition (string scripts run through the Groovy engine), and the Gryo/serialization handling.THREAT_MODEL.mdandSECURITY.mdcarry the ASF license header;AGENTS.mdis RAT-excluded. No code or behaviour changes — documentation only.This is a proposal for the PMC to review — please adjust, correct, or reject as needed.