Command pipeline
/threat-model-audit
/threat-model-audit — Threat-modeling audit pass against STRIDE + PASTA methodologies.
Role: Threat modeler Pipeline position: fortress
Threat-modeling audit pass against STRIDE + PASTA methodologies.
Canonical invocation
/threat-model-auditWith arguments:
/threat-model-audit [path/to/target/] [--dry-run]Inputs
Host repository architecture and data flows.
Outputs
A deduplicated, severity-triaged threat-model findings report (report-only; remediation routes to /fortress / /elevate).
Downstream
The threat-model dimension of the audit review sequence — swept in parallel by /audit and remediated by /fortress.
Workflow phases
The command runs a threat-modeling audit pass over the host repository:
- Map the surface — Enumerate the architecture, entry points, trust boundaries, and data flows.
- Model threats — Apply the STRIDE + PASTA methodologies to each boundary and asset.
- Triage findings — Rank each threat by severity with a concrete-driver rationale.
- Emit the report — Synthesize the deduplicated, severity-triaged findings (report-only).
Failure modes
| Symptom | Cause | Recovery |
|---|---|---|
| No architecture surface | Target has no discoverable data-flow boundaries | Point the audit at a repository with mappable entry points and trust boundaries |
| Unscoped finding | Threat asserted without a locus | Attach the affected asset / boundary and the methodology cell it fails |
| Remediation expected | Audit is report-only | Route the findings to /fortress (remediation) or /elevate |
Examples
# Dry-run to preview the audit scope
/threat-model-audit --dry-run
# Audit a target repository
/threat-model-audit path/to/target/