# CODEOWNERS — auto-assigns reviewers when files are changed in a PR.
# GitHub reads this file (or the root /CODEOWNERS); to avoid drift we keep
# only this file. The granular per-module routing below was merged from the
# previous root-level CODEOWNERS.

# Default code owners — PRs require review from at least one owner.
* @msaad00 @andres-linero

# Release and supply-chain control surfaces.
/.github/workflows/release.yml @msaad00 @andres-linero
/.github/workflows/ci.yml @msaad00 @andres-linero
/.github/workflows/pr-security-gate.yml @msaad00 @andres-linero
/.github/workflows/cve-freshness.yml @msaad00 @andres-linero
/.github/workflows/dependabot-auto-approve.yml @msaad00 @andres-linero
/.github/dependabot.yml @msaad00 @andres-linero
/.github/CODEOWNERS @msaad00 @andres-linero
/.image-scan-ignore @msaad00 @andres-linero
/Dockerfile @msaad00 @andres-linero
/ui/Dockerfile @msaad00 @andres-linero

# Core scanner and enrichment pipeline.
src/agent_bom/scanners/     @msaad00
src/agent_bom/enrichment.py @msaad00
src/agent_bom/scan_cache.py @msaad00

# Runtime / proxy / detectors.
src/agent_bom/runtime/      @msaad00
src/agent_bom/proxy.py      @msaad00
src/agent_bom/enforcement.py @msaad00

# MCP server and discovery.
src/agent_bom/mcp_server.py    @msaad00
src/agent_bom/discovery/       @msaad00
src/agent_bom/mcp_introspect.py @msaad00

# Security-sensitive modules.
src/agent_bom/security.py    @msaad00
src/agent_bom/credentials.py @msaad00
src/agent_bom/policy.py      @msaad00

# API server.
src/agent_bom/api/ @msaad00

# Cloud integrations.
src/agent_bom/cloud/ @msaad00

# Release tooling.
scripts/bump-version.py @msaad00
pyproject.toml          @msaad00

# Integrations.
integrations/ @msaad00
