This file is read by automated agents (security scanners, code analyzers, AI assistants) operating on this repository. It points them at the human-authored references they should consult before producing output.
Security model: SECURITY.md → THREAT_MODEL.md
Agents that scan this repository should consult SECURITY.md and the linked
THREAT_MODEL.md for the project's threat model — in-scope / out-of-scope
declarations, the security properties claimed and disclaimed, the adversary
model, and known non-findings — before reporting issues.