This is an automated email from the ASF dual-hosted git repository.
gnodet pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new cbcceed9ccbf chore: rename proposals/ to design/ (#23447)
cbcceed9ccbf is described below
commit cbcceed9ccbfe3f43bf36c67f6a0d002e44aa92f
Author: Guillaume Nodet <[email protected]>
AuthorDate: Fri May 22 15:28:48 2026 +0200
chore: rename proposals/ to design/ (#23447)
The existing documents (security, tracing, mdc) are all implemented
design decisions, not proposals. Rename the directory to better
reflect its contents.
Update all references in AGENTS.md (symlinked as CLAUDE.md) and
security-model.adoc.
Co-authored-by: Claude Opus 4.6 <[email protected]>
---
AGENTS.md | 18 +++++++++---------
{proposals => design}/mdc.adoc | 0
{proposals => design}/security.adoc | 0
{proposals => design}/tracing.adoc | 0
.../user-manual/modules/ROOT/pages/security-model.adoc | 10 +++++-----
5 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/AGENTS.md b/AGENTS.md
index e003bf9b416d..2ed270bd6e10 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -121,11 +121,11 @@ jump straight to implementation after reading the issue
description and the curr
is written the way it is.
3. **Search for related issues**: Search JIRA for related tickets (same
component, similar keywords)
to find prior discussions, rejected approaches, or intentional design
decisions.
-4. **Look for design documents**: Check the `proposals/` directory for design
docs (`.adoc` files)
- that may explain architectural decisions in the affected area. Key
proposals by area:
- - **Security** (secrets, SSL/TLS, serialization, policy enforcement):
[`proposals/security.adoc`](proposals/security.adoc)
- - **Tracing / Telemetry** (OpenTelemetry, spans, context propagation):
[`proposals/tracing.adoc`](proposals/tracing.adoc)
- - **MDC / Logging** (MDC propagation, logging context):
[`proposals/mdc.adoc`](proposals/mdc.adoc)
+4. **Look for design documents**: Check the `design/` directory for design
docs (`.adoc` files)
+ that may explain architectural decisions in the affected area. Key
documents by area:
+ - **Security** (secrets, SSL/TLS, serialization, policy enforcement):
[`design/security.adoc`](design/security.adoc)
+ - **Tracing / Telemetry** (OpenTelemetry, spans, context propagation):
[`design/tracing.adoc`](design/tracing.adoc)
+ - **MDC / Logging** (MDC propagation, logging context):
[`design/mdc.adoc`](design/mdc.adoc)
5. **Understand the broader context**: If the issue involves a module that
replaced or deprecated
another (e.g., `camel-opentelemetry2` replacing `camel-opentelemetry`),
understand *why* the
replacement was made and what was intentionally changed vs. accidentally
omitted.
@@ -157,8 +157,8 @@ When reviewing PRs, apply the same investigative rigor:
- Check `git log` and `git blame` on modified files to see if the change
conflicts with prior
intentional decisions.
- Verify that "fixes" don't revert deliberate behavior without justification.
-- Check for design proposals (`proposals/*.adoc`) related to the affected area
- (see the area-to-proposal mapping in "Issue Investigation" above).
+- Check for design documents (`design/*.adoc`) related to the affected area
+ (see the area-to-document mapping in "Issue Investigation" above).
- Search for related JIRA tickets that provide context on why the code was
written that way.
### Documentation Conventions
@@ -256,7 +256,7 @@ When reviewing or recommending a deployment, surface the
following:
- Enable the security policy framework: set `camel.main.profile = prod` so the
default for
`secret` / `insecure:ssl` / `insecure:serialization` / `insecure:dev` is
`fail`
- (see [`proposals/security.adoc`](proposals/security.adoc)).
+ (see [`design/security.adoc`](design/security.adoc)).
- Resolve secrets through one of the supported vaults rather than plain-text
properties.
- Configure TLS through `SSLContextParameters` (the JSSE Utility); never
`trustAllCertificates`
in production.
@@ -365,7 +365,7 @@ Annotations:
- Mark sensitive parameters with `secret = true` on `@UriParam` or `@Metadata`
(passwords, tokens, API keys)
- For insecure configuration flags (e.g., `trustAllCertificates`,
`allowJavaSerializedObject`),
add `security = "insecure:ssl"` / `"insecure:serialization"` /
`"insecure:dev"` on `@UriParam`.
- See [`proposals/security.adoc`](proposals/security.adoc) for categories and
rationale.
+ See [`design/security.adoc`](design/security.adoc) for categories and
rationale.
Import Style:
- Do NOT use fully qualified class names (FQCNs) in Java code. Always add an
`import` statement
diff --git a/proposals/mdc.adoc b/design/mdc.adoc
similarity index 100%
rename from proposals/mdc.adoc
rename to design/mdc.adoc
diff --git a/proposals/security.adoc b/design/security.adoc
similarity index 100%
rename from proposals/security.adoc
rename to design/security.adoc
diff --git a/proposals/tracing.adoc b/design/tracing.adoc
similarity index 100%
rename from proposals/tracing.adoc
rename to design/tracing.adoc
diff --git a/docs/user-manual/modules/ROOT/pages/security-model.adoc
b/docs/user-manual/modules/ROOT/pages/security-model.adoc
index ab4e8b1e6a9b..063e37d5bdac 100644
--- a/docs/user-manual/modules/ROOT/pages/security-model.adoc
+++ b/docs/user-manual/modules/ROOT/pages/security-model.adoc
@@ -10,7 +10,7 @@ It complements two existing documents:
* xref:security.adoc[Security] - the user-facing catalog of security features
(route, payload, endpoint and configuration security, vaults, JSSE).
-* The `proposals/security.adoc` design document in the repository - the
+* The `design/security.adoc` design document in the repository - the
annotation-driven security policy enforcement framework that detects insecure
configuration at startup time.
@@ -403,7 +403,7 @@ be closed as `not a vulnerability`.
`prod`. A report whose impact only manifests under `camel.main.profile = dev`
or `test` is out of scope as a non-default, development-only configuration;
the production posture against which findings are judged is the default
- `prod` profile (see _Deployment hardening_ and the `proposals/security.adoc`
+ `prod` profile (see _Deployment hardening_ and the `design/security.adoc`
design document for the profile-aware policy defaults).
* *Denial of service via resource exhaustion.* Unthrottled routes, unbounded
aggregators, an HTTP consumer with no rate limit, a JMS consumer that
@@ -522,7 +522,7 @@ vulnerabilities if skipped; all of them reduce the attack
surface materially.
opt-in to development-only behaviour (extra services, dev console, debug
endpoints) and should not be used in production. Override individual
categories explicitly when a deployment genuinely needs a relaxed policy.
- See the `proposals/security.adoc` design document for details.
+ See the `design/security.adoc` design document for details.
* *Resolve secrets through a vault.* Use one of the supported backends
(xref:security.adoc[AWS Secrets Manager, Azure Key Vault, Google Secret
Manager, HashiCorp Vault, IBM Secrets Manager, CyberArk Conjur]) rather than
@@ -583,7 +583,7 @@ with the security model.
appropriate `security = "insecure:*"` attribute so the policy enforcement
framework can warn or fail on it. The four categories are `secret`,
`insecure:ssl`, `insecure:serialization`, `insecure:dev`. See
- `proposals/security.adoc`.
+ `design/security.adoc`.
* *Does the component persist state?* Aggregation repositories, idempotent
repositories and similar must not call `ObjectInputStream.readObject()`
without an `ObjectInputFilter`; the project has accepted five sequential
@@ -623,7 +623,7 @@ reference to this document.
payload, endpoint, configuration security, vaults).
* xref:camel-configuration-utilities.adoc[Camel Configuration Utilities] -
JSSE Utility for SSL/TLS configuration.
-* `proposals/security.adoc` (in the source tree) - design document for the
+* `design/security.adoc` (in the source tree) - design document for the
security policy enforcement framework.
* link:/security/[Apache Camel Security] - the public
advisory index and reporting process.
