oscerd opened a new pull request, #2835: URL: https://github.com/apache/camel-kamelets/pull/2835
Closes #2834 ## What Adds a security model for the Kamelet Catalog, mirroring the `apache/camel` house style (a `security-model.adoc` page + root `SECURITY.md` pointer + `AGENTS.md` with a Security Model section + `CLAUDE.md` symlink). - **`docs/modules/ROOT/pages/security-model.adoc`** — *specialises* the [Apache Camel Security Model](https://camel.apache.org/manual/security-model.html) for Kamelets. A Kamelet is PMC-authored route code, so the trusted-template author is the catalog itself; the Kamelet *runtime* (`kamelet:` component, `{{property}}` binding, `kamelets.utils.*`) lives in `apache/camel`, not here. Covers: trust roles, component families, in/out-of-scope vulnerability classes, false-friend properties, downstream responsibilities, a closed triage-disposition set, and a maintainer-ratification record (Camel PMC, 2026-05-15). - **`SECURITY.md`** — root reporting pointer to the Apache Camel ASF process. - **`AGENTS.md`** (+ **`CLAUDE.md`** symlink) — AI agent guidelines with the Kamelet-specific Security Model section, matching `apache/camel`. ## Why The Kamelet Catalog had no documented security model, despite Kamelets having trust nuances distinct from core Camel. This gives the PMC and triagers (and scanners/AI review) an authoritative scope statement that defers to, and specialises, the parent Camel model. ## Notes - **Documentation only** — no code, runtime, or kamelet YAML change. - `nav.adoc` is generated; the page is reached via the `SECURITY.md` / `AGENTS.md` xrefs. - Vulnerability **reporting** is unchanged (`[email protected]` / the Camel ASF process); this only documents *scope*. ## Test plan - `mvn verify` (docs/model only; no functional change). - AsciiDoc renders under the Antora `camel-kamelets` module; internal `xref:` links resolve to existing pages (`development.adoc`, `apis/spec.adoc`). --- _Authored with Claude Code on behalf of Andrea Cosentino (AI-assisted). The security model content was reviewed and ratified by the Camel PMC as recorded in the document._ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
