From d24b3b64888563fffe2ba33e2ca01e0f3ad96bae Mon Sep 17 00:00:00 2001
From: Jake Strawn <jake.strawn@gmail.com>
Date: Thu, 26 Mar 2026 20:41:34 -0400
Subject: [PATCH] sec: expand CODEOWNERS to cover security-sensitive code paths

Add review requirements for tool handlers that accept user input,
fetch external URLs, or access the filesystem (cdn.ts, library.ts),
shared security utilities (error-handling.ts, git.ts), and the
configuration module (config.ts).

Uses @himerus consistent with existing CODEOWNERS entries.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 CODEOWNERS | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CODEOWNERS b/CODEOWNERS
index 546e94b..0b44135 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -7,3 +7,12 @@
 .github/workflows/      @himerus
 package.json            @himerus
 CODEOWNERS              @himerus
+
+# Security-sensitive tool handlers (user input, external URLs, filesystem access)
+packages/core/src/handlers/cdn.ts              @himerus
+packages/core/src/tools/library.ts            @himerus
+packages/core/src/shared/error-handling.ts    @himerus
+packages/core/src/shared/git.ts               @himerus
+
+# Configuration that affects security boundaries
+packages/core/src/config.ts                   @himerus