This file is read by automated agents (security scanners, code analyzers, AI assistants) operating on this repository. It points them at the human-authored references they should consult before producing output.
The authoritative security reference for this client is the Apache Airflow Security Model:
https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html
(Repo source: apache/airflow:airflow-core/docs/security/security_model.rst.)
This client library inherits Apache Airflow's security model. In particular, the "What is NOT considered a security vulnerability" section enumerates recurring non-findings — agents should consult it before reporting issues against the Airflow API surface this client wraps.
Client-specific concerns (TLS configuration, token handling, retry/backoff behaviour, connection lifecycle) follow the guidance in the upstream Airflow model unless explicitly documented otherwise in this repository.