# Threat Model — **Feature spec:** [./spec.md](./spec.md) **Date:** **Author:** ## Data Flow Diagram (text) **Actors** - **Trust boundaries** - TB-1: Browser ⇄ Caddy (public internet ⇄ DMZ) - TB-2: Caddy ⇄ Backend (`:8080`) (DMZ ⇄ app) - TB-3: Backend ⇄ PostgreSQL / MinIO / sidecars (app ⇄ data plane) - **Data flows** (source → [boundary] → sink : data) - F-1: Browser → [TB-1,TB-2] → Backend : - F-2: Backend → [TB-3] → MinIO : - <…> ## STRIDE | Threat Category | Asset / Flow | Threat Description | Mitigation | Likelihood × Impact | Status | |---|---|---|---|---|---| | **S**poofing | | | | Low × High | | | **T**ampering | | | | Med × High | | | **R**epudiation | | | | Low × Med | | | **I**nformation disclosure | | | | Med × High | | | **D**enial of service | | | | Med × Med | | | **E**levation of privilege | | | | Low × High | | ## ASTRIDE (only if the feature invokes an AI agent / tool — OCR, NLP, LLM) | Threat | Asset / Flow | Threat Description | Mitigation | Likelihood × Impact | Status | |---|---|---|---|---|---| | Prompt Injection | | | | | | | Context Poisoning | | | | | | | Unsafe Tool Invocation | | | | | | | Reasoning Subversion | | | | | | ## Residual Risk