Expand description
Render and update the project’s SECURITY.md.
Joy ships a SECURITY.md template that documents the public-by-design
auth schema fields (verify_key, kdf_nonce, enrollment_verifier,
delegation_verifier) so SOC analysts and secret scanners have a
canonical explanation when keyword-based detectors flag those names.
Per ADR-035 the template is rendered to the project root, not to
.joy/, so GitHub and similar forges show it in their Security
policy tab.
The Joy block is delimited by <!-- joy:security begin --> and
<!-- joy:security end -->. Content outside the markers is
preserved across rendering.
Functions§
- is_
current - Inspect
pathand report whetherrenderwould change anything. - render
- Render SECURITY.md at
path, preserving any existing user content outside the Joy markers. Returnstrueif the file was created or updated,falseif it was already current. - rendered_
body - Return the body that the Joy block should contain.