apache · potiuk · May 31, 2026
diff --git a/AGENTS.md b/AGENTS.md
@@ -174,3 +174,13 @@ Common scopes: `server`, `storage`, `commands`, `cluster`, `search`, `types`, `r
 - Prefer focused patches over broad refactors when contributing.
 - Some website or documentation tasks may belong in the separate website repository rather than this repository.
 - If AI assistance is used, keep the generated changes reviewable and be able to explain and defend the final patch.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md) → [THREAT_MODEL.md](./THREAT_MODEL.md)
+
+Agents that scan this repository should consult `SECURITY.md` and the linked
+`THREAT_MODEL.md` for the project's threat model — in-scope / out-of-scope
+declarations, the security properties claimed and disclaimed (namespace
+isolation, admin/namespace token separation, the Lua sandbox), the adversary
+model, and known non-findings — before reporting issues.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Apache Kvrocks follows the [Apache Software Foundation security process](https://www.apache.org/security/).
+Please report suspected vulnerabilities **privately** to `security@apache.org` (the Kvrocks PMC is reachable
+at `private@kvrocks.apache.org`). Do **not** open public GitHub issues or pull requests for security reports.
+
+When reporting, include the affected version, a description, and — if you can — which security property you
+believe is violated (see the Threat Model below) and a reproduction.
+
+## Threat Model
+
+What Kvrocks considers in scope and out of scope, the security properties it claims and the ones it explicitly
+disclaims (namespace isolation, admin/namespace token separation, the Lua sandbox, the no-auth/no-TLS defaults),
+the adversary model, and how inbound reports and tool/AI findings are triaged are documented in
+[THREAT_MODEL.md](./THREAT_MODEL.md). Reporters and triagers should consult it alongside this policy.