Skip to content

docs: state threat-model coverage scope honestly#263

Merged
mlieberman85 merged 1 commit into
mainfrom
docs/threat-model-coverage-scope
May 21, 2026
Merged

docs: state threat-model coverage scope honestly#263
mlieberman85 merged 1 commit into
mainfrom
docs/threat-model-coverage-scope

Conversation

@mlieberman85
Copy link
Copy Markdown
Contributor

@mlieberman85 mlieberman85 commented May 18, 2026

Summary

  • Adds a Threat-model coverage scope subsection to the top-level README so users don't mistake "Total findings: 0" for a clean bill of health. Lists the project shapes the tree-sitter pipeline targets (Python web services = best path) versus the shapes that produce empty output today (CLIs, client libraries, daemons).
  • Updates the bullet for "STRIDE Threat Modeling" in the feature list to mention the coverage caveat inline.
  • Tempers the Production* rating for the SA-03.02 THREAT_MODEL.md remediation in packages/darnit-baseline/README.md to reflect the shape dependency.

Why

A cold audit of a Go CLI (gittuf) showed darnit happily writing a THREAT_MODEL.md containing "Total findings: 0" because the Go entry-point queries only match HTTP routing patterns. The file looked complete; the audit gave a misleading impression. Honest docs surface that gap so users (and demo audiences) aren't surprised.

Coverage expansion is tracked in #262.

Test plan

  • README renders correctly on GitHub (table + anchor link to coverage section work)
  • No docs/generated/ drift introduced (uv run python scripts/generate_docs.py is a no-op)
  • CI green

🤖 Generated with Claude Code

@mlieberman85 @claude
docs: state threat-model coverage scope honestly
063ba4e 
The tree-sitter discovery pipeline targets web-service shapes. Today
that means Python web frameworks (Flask, FastAPI, Django, MCP servers)
land in the supported sweet spot; Go HTTP services have thin coverage;
CLI tools, libraries, and systems software aren't modeled and produce
structurally-complete-but-empty threat models.

Adds a Coverage scope subsection to the top-level README so users
don't mistake "0 findings" for a clean bill of health. Tempers the
SA-03.02 remediation rating in the baseline README to reflect the
shape dependency.

Coverage expansion (cobra/CLI patterns, more Go shapes) will be
tracked in a follow-up issue.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@mlieberman85 mlieberman85 mentioned this pull request May 18, 2026
Open
7 tasks
@mlieberman85 mlieberman85 merged commit 4a7ee2e into main May 21, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mlieberman85