Threat Model Source Code Repo

Deliver an actionable AppSec-grade threat model that is specific to the repository or a project path, not a generic checklist. Anchor every architectural claim to evidence in the repo and keep assumptions explicit. Prioritizing realistic attacker goals and concrete impacts over generic checklists.

Quick start

1. Collect (or infer) inputs:

• Repo root path and any in-scope paths.
• Intended usage, deployment model, internet exposure, and auth expectations (if known).
• Any existing repository summary or architecture spec.
• Use prompts in references/prompt-template.md to generate a repository summary.
• Follow the required output contract in references/prompt-template.md. Use it verbatim when possible.

Workflow

1) Scope and extract the system model

• Identify primary components, data stores, and external integrations from the repo summary.
• Identify how the system runs (server, CLI, library, worker) and its entrypoints.
• Separate runtime behavior from CI/build/dev tooling and from tests/examples.
• Map the in-scope locations to those components and exclude out-of-scope items explicitly.
• Do not claim components, flows, or controls without evidence.

2) Derive boundaries, assets, and entry points

• Enumerate trust boundaries as concrete edges between components, noting protocol, auth, encryption, validation, and rate limiting.
• List assets that drive risk (data, credentials, models, config, compute resources, audit logs).