Skip to content

docs: sync v0.3 threat model and layout #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CoderDeltaLAN merged 1 commit into from
Jun 19, 2026
+9 −2
Merged

docs: sync v0.3 threat model and layout #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ This project has a published GitHub Release line, but no stable support or API g

- Documented the v0.3.0 post-release audit findings and v0.3.1 maintenance hardening target.

### Changed

- Synced the README source-tree layout with the actual v0.3.0 module structure.
- Reviewed the threat model for the v0.3.0 doctor, budget, and explain command surface.

## [0.3.0] - 2026-06-19

### Added
Expand Down
1 change: 0 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,6 @@ See:
│ ├── budget.py
│ ├── cli.py
│ ├── discovery.py
│ ├── doctor.py
│ ├── explain.py
│ ├── findings.py
│ ├── governance.py
Expand Down
5 changes: 4 additions & 1 deletion docs/THREAT-MODEL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Threat Model

This document defines the threat model for agent-rules-kit. It was last reviewed for the published v0.2.0 release line and the current post-v0.2.0 main state.
This document defines the threat model for agent-rules-kit. It was last reviewed for the published v0.3.0 release line and the current post-v0.3.0 main state, including the v0.3.0 doctor, budget, and explain command surface.

It is intentionally narrow. agent-rules-kit is a local CLI for diagnosing AI agent instruction files. It is not a security scanner, malware detector, CI/CD auditor, sandbox, secret manager, or autonomous remediation agent.

Expand All @@ -11,6 +11,9 @@ In scope for the current release line and current main state:
- local repository paths provided by the user;
- supported agent instruction files such as AGENTS.md, CLAUDE.md, GEMINI.md, Cursor rules, GitHub Copilot instructions, and GitHub instruction files;
- diagnostic output in console, JSON, and Markdown;
- read-only doctor repository diagnosis summaries;
- read-only budget size and context-pressure approximation output;
- read-only explain output for local governance rule IDs;
- explicit init planning;
- explicit init write behavior for baseline AGENTS.md creation or replacement with backup;
- secret-like value redaction in findings and output.
Expand Down