Skip to content

Align threat model with security template#157

Merged
jgowdy-godaddy merged 4 commits into
mainfrom
docs-threat-model-template
May 21, 2026
Merged

Align threat model with security template#157
jgowdy-godaddy merged 4 commits into
mainfrom
docs-threat-model-template

Conversation

@jgowdy-godaddy
Copy link
Copy Markdown
Contributor

@jgowdy-godaddy jgowdy-godaddy commented May 21, 2026
edited
Loading

Summary

  • reshape THREAT_MODEL.md into the requested Security/Confluence template
  • mark service/API-only fields as N/A where appropriate for a local library
  • replace relative diagram references with absolute GitHub links for Confluence paste/use
  • add a dedicated Mermaid data-flow diagram with external entities, components, stores, platform secure storage, WSL bridge, and trust boundaries
  • add a rendered draw.io architecture PNG with embedded diagram source, plus an architecture-guidance mapping table for software/library context

Validation

  • rendered every docs/diagrams/*.mmd file with Mermaid CLI using system Chrome
  • exported docs/diagrams/architecture.png with drawio --embed-diagram and verified embedded mxGraphModel metadata
  • ran git diff --check

Note: docs-only commits were created with --no-gpg-sign where commit signing through sshenc-agent was unavailable locally.

@jgowdy-godaddy jgowdy-godaddy force-pushed the docs-threat-model-template branch from 7f15fde to cc33d20 Compare May 21, 2026 02:56
jgowdy added 3 commits May 20, 2026 20:25
@jgowdy
Replace architecture diagrams with layered trust-boundary versions
06f60f8 
- architecture.png: draw.io with nested containers (API boundary →
  platform backends → hardware SE), WSL bridge path, on-disk artifacts,
  and embedded XML source for future edits
- data-flow-diagram.mmd: styled subgraphs per trust zone with all crates
- encrypt-decrypt-flow.mmd: full encrypt + decrypt sequence with ECDH,
  HKDF, AES-GCM, cache envelope, and rollback counter
- wsl-bridge-flow.mmd: discovery, bounded JSON-RPC, TPM ops, error paths
@jgowdy
Replace architecture diagram with v2 draw.io PNG
363ec12 
Redesigned with proper nested trust boundaries, color-coded zones,
cleaner edge routing, and better label spacing. PNG contains embedded
draw.io XML source for future editing.
@jgowdy
Architecture diagram v3: fix clipped labels and overlapping text
4c87d61 
Enlarged disk artifact cylinders, separated titles from descriptions,
increased font sizes, cleaned up edge routing from core to disk.
@jgowdy-godaddy jgowdy-godaddy merged commit 33cc258 into main May 21, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jgowdy-godaddy @jgowdy