Initial .project scaffold for Cedar

cncf-automation[bot] · cncf-automation[bot] · commit 0d2460fc5a2f · 2026-03-18T14:36:03.000-05:00
diff --git a/.github/workflows/update-landscape.yml b/.github/workflows/update-landscape.yml
@@ -0,0 +1,25 @@
+name: Update Landscape
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'project.yaml'
+  workflow_dispatch:
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
+        with:
+          fetch-depth: 0
+
+      - name: Update Landscape
+        uses: cncf/automation/.github/actions/landscape-update@979abb1e07fa1b6f2b4e77200f6a698cdd86e59c
+        with:
+          project_file: 'project.yaml'
+          token: ${{ secrets.LANDSCAPE_REPO_TOKEN }}
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -0,0 +1,38 @@
+name: Validate Project Metadata
+
+on:
+  pull_request:
+    paths:
+      - 'project.yaml'
+      - 'maintainers.yaml'
+  push:
+    branches: [main]
+    paths:
+      - 'project.yaml'
+      - 'maintainers.yaml'
+
+jobs:
+  validate-project:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
+        with:
+          fetch-depth: 0
+
+      - uses: cncf/automation/.github/actions/validate-project@979abb1e07fa1b6f2b4e77200f6a698cdd86e59c
+        with:
+          project_file: 'project.yaml'
+
+  validate-maintainers:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
+        with:
+          fetch-depth: 0
+
+      - uses: cncf/automation/.github/actions/validate-maintainers@979abb1e07fa1b6f2b4e77200f6a698cdd86e59c
+        with:
+          maintainers_file: 'maintainers.yaml'
+          verify_maintainers: 'true'
+        env:
+          LFX_AUTH_TOKEN: ${{ secrets.LFX_AUTH_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+.cache/
+.DS_Store
+Thumbs.db
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1,4 @@
+# CODEOWNERS for .project metadata repository
+# Changes to project metadata require maintainer review.
+# TODO: Add CODEOWNERS
+# * @maintainer-handle
diff --git a/README.md b/README.md
@@ -0,0 +1,5 @@
+# Cedar `.project` Directory
+
+This directory contains the [CNCF `.project` metadata](https://github.com/cncf/automation/tree/main/utilities/dot-project) for the [Cedar](https://cedarpolicy.com) project.
+
+For documentation on the `.project` directory structure, schema, and tooling, see the [CNCF Automation repository](https://github.com/cncf/automation).
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Reporting Security Issues
+
+The Cedar maintainers take security seriously. We appreciate your efforts to responsibly disclose your findings.
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them through our [private vulnerability reporting](https://github.com/cedar-policy/cedar-policy/security/advisories/new) form.
+
+For more details, see the [Cedar security policy](https://github.com/cedar-policy/cedar-policy/blob/main/SECURITY.md).
diff --git a/maintainers.yaml b/maintainers.yaml
@@ -0,0 +1,13 @@
+# Maintainer roster for Cedar
+# Documentation: https://github.com/cncf/automation/tree/main/utilities/dot-project
+
+# TODO: Add maintainer GitHub handles
+
+maintainers:
+  - project_id: "cedar"
+    org: "cedar-policy"
+    teams:
+      - name: "project-maintainers"
+        members:
+          # TODO: Add maintainer handles
+          - github-handle
diff --git a/project.yaml b/project.yaml
@@ -0,0 +1,68 @@
+# .project metadata for Cedar
+# Documentation: https://github.com/cncf/automation/tree/main/utilities/dot-project
+
+# TODO: Add maintainer GitHub handles
+# TODO: Add maturity_log entry with TOC issue URL
+# TODO: Set project_lead GitHub handle
+# TODO: Set cncf_slack_channel
+# TODO: Set identity_type under legal (has_dco, has_cla)
+# TODO: Add adopters list (ADOPTERS.md)
+# TODO: Add package_managers if distributed via registries
+
+schema_version: "1.0.0"
+slug: "cedar"
+name: "Cedar"
+description: "Cedar is an open source authorization policy language that enables developers to express fine-grained permissions as easy-to-understand policies enforced in their applications, and decouple access control from application logic. Cedar is designed to be ergonomic, fast, safe, and analyzable using automated reasoning. Cedar's simple and intuitive syntax supports common authorization use-cases with readable policies, naturally expressing concepts from role-based, attribute-based, and relation-based access control models. Cedar's policy structure enables authorization requests to be decided quickly. Its policy validator uses optional typing to help policy writers avoid mistakes, but not get in their way. Cedar's design has been finely balanced to allow for a sound, complete, and decidable logical encoding, which enables precise automated analysis of Cedar policies, e.g., to ensure that policy refactoring preserves existing permissions. Cedar's language specification has been formally verified using a theorem prover to satisfy key security properties like "deny trumps allow," and its implementation in Rust undergoes rigorous differential random testing against its formal specification. By combining mathematical rigor with developer-friendly design, Cedar offers a practical approach to secure, maintainable authorization for modern applications."
+type: "project"
+# TODO: Set project lead GitHub handle
+# project_lead: "github-handle"
+# TODO: Set CNCF Slack channel
+# cncf_slack_channel: "#cedar"
+
+maturity_log:
+  - phase: "sandbox"
+    date: "2026-03-18T14:36:03Z"
+    issue: "https://github.com/cncf/toc/issues/XXX" # TODO: Set TOC issue URL
+
+repositories:
+  - "https://github.com/cedar-policy/cedar"
+
+website: "https://cedarpolicy.com"
+
+artwork: "https://landscape.cncf.io/logos/cedar.svg"
+
+# TODO: Add ADOPTERS.md if your project tracks adopters
+# adopters:
+#   path: "https://github.com/cedar-policy/cedar-policy/blob/main/ADOPTERS.md"
+
+# TODO: Add package manager identifiers if your project is distributed via registries
+# package_managers:
+#   docker: "cedar-policy/cedar-policy"
+
+
+security:
+  policy:
+    path: "https://github.com/cedar-policy/cedar-policy/blob/main/SECURITY.md"
+  contact:
+    advisory_url: "https://github.com/cedar-policy/cedar-policy/security/advisories/new"
+
+governance:
+  contributing:
+    path: "https://github.com/cedar-policy/cedar-policy/blob/main/CONTRIBUTING.md"
+  code_of_conduct:
+    path: "https://github.com/cncf/foundation/blob/main/code-of-conduct.md"
+
+legal:
+  license:
+    path: "https://github.com/cedar-policy/cedar-policy/blob/main/LICENSE"
+  identity_type:
+    has_dco: true
+    has_cla: false
+    dco_url:
+      path: "https://developercertificate.org/"
+
+
+landscape:
+  category: "Provisioning"
+  subcategory: "Security & Compliance"
+

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+.cache/`
	`2`	`+.DS_Store`
	`3`	`+Thumbs.db`