security-threat-model

Repository-grounded threat modeling that maps trust boundaries, assets, and abuse paths to concrete code evidence. Deliver an actionable AppSec-grade threat model that is specific to the repository or a project path, not a generic checklist. Anchor every architectural claim to evidence in the repo and keep assumptions explicit. Prioritizing realistic attacker goals and concrete impacts over generic checklists. Only load the reference files you need. Keep the final result concise, grounded, and reviewable. - Enumerates entry points, data flows, and trust boundaries anchored to actual repository structure and configuration - Derives realistic attacker goals tied to specific assets (credentials, PII, integrity-critical state, compute resources) rather than generic checklists - Prioritizes threats using likelihood and impact reasoning, with explicit assumptions about deployment, authentication, and internet exposure - Recommends mitigations tied to specific components and control types (validation, rate limiting, secrets isolation, audit logging) with implementation hints - Requires user clarification on service context (environment, scale, auth model, data sensitivity) before finalizing priority rankings - Collect (or infer) inputs: - Repo root path and any in-scope paths. - Intended usage, deployment model, internet exposure, and auth expectations (if known).