/threat-model-audit¶
Role: Threat modeler Pipeline position: fortress
Threat-modeling audit pass against STRIDE + PASTA methodologies.
Canonical invocation¶
/threat-model-audit
With arguments:
/threat-model-audit [path/to/plan-suite/] [phase-id] [--dry-run]
Inputs¶
Host repository architecture and data flows
Outputs¶
Threat model findings + REPORT.md
Downstream¶
Phase 25 of the review fortress (TIER 3 complete)
Workflow phases¶
The command follows the standard /plan-* pipeline workflow:
- Load context — Read plan suite, rules, and Resumption Contract.
- Verify prerequisites — Confirm dependency phases complete.
- Execute tasks — Perform the command mission.
- Verify outputs — Confirm all declared outputs exist and pass quality gates.
- Update PROGRESS.md — Record verified outputs in the Phase Output Registry.
- Emit REPORT.md — Pre-emission gate attestation recorded.
Failure modes¶
| Symptom | Cause | Recovery |
|---|---|---|
| Prerequisite incomplete | Dependent phase not finished | Complete upstream phase first |
| Quality gate FAIL | Output does not meet standards | Fix the output and re-run |
| Missing input file | Plan suite file absent | Run /plan-generate to create it |
Examples¶
# Dry-run to preview what would happen
/threat-model-audit --dry-run
# Execute against a named plan suite
/threat-model-audit path/to/plan-suite/