From 7d3fe7bb72448d96e829273e29fcf7e5bfde7406 Mon Sep 17 00:00:00 2001 From: zippon Date: Thu, 9 Apr 2026 23:57:43 +0530 Subject: [PATCH 01/22] =?UTF-8?q?feat:=20@confirmed=20verb,=20@feature=20f?= =?UTF-8?q?iltering,=20pentest=20integration,=20expanded=20report=20?= =?UTF-8?q?=E2=80=94=20v1.5.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit New annotation verbs: - @confirmed: mark a threat as verified exploitable (pentest/scan evidence), distinct from @exposes (theoretical). Parser, model, SARIF error-level, CLI status, dashboard, MCP lookup, and LLM report support. - @feature "Name": tag files with a product feature name; drives --feature filtering across status, report, dashboard, and the new /feature TUI command. New commands: - guardlink translate: generate CERT-X-GEN pentest templates from threat findings (all agent backends: --claude-code, --codex, --gemini, --cursor, --windsurf, --clipboard) - guardlink ask: natural-language questions about the threat model and codebase Pentest integration: - Loads CXG scan results from .guardlink/pentest-findings/ (JSON) - Injects findings as context into threat-report and AI analyses - Dashboard gains a Pentest Findings sidebar section with scan tables and detail drawers - New PentestFinding/PentestScanResult/PentestData interfaces in src/analyze/index.ts Expanded guardlink report (10 structured sections): - Application Overview, Scope, Architecture, Key Flows & Sequence, Data Inventory, Roles & Access, Dependencies, Secrets & Credentials, Logging & Audit, AI/ML System Details (conditional) - Reads .guardlink/prompt.md for Application Overview (created by init/sync) - Confirmed findings row in Executive Summary table - GuardLink version + git commit/branch in report header New files: - src/parser/feature-filter.ts: listFeatures(), filterByFeature(), getFeatureSummaries() - src/report/sequence.ts: Mermaid sequenceDiagram generator from @flows annotations Docs: CHANGELOG.md v1.5.0 entry, README pentest integration section, @feature in annotation table + commands table, SPEC.md @feature spec, GUARDLINK_REFERENCE.md translate/ask commands. Co-Authored-By: Claude Sonnet 4.6 --- AGENTS.md | 47 +- CHANGELOG.md | 50 + CLAUDE.md | 47 +- README.md | 30 +- docs/GUARDLINK_REFERENCE.md | 23 +- docs/SPEC.md | 36 +- package-lock.json | 4 +- src/agents/index.ts | 2 +- src/agents/prompts.ts | 458 +++++- src/analyze/index.ts | 210 ++- src/analyze/prompts.ts | 18 +- src/analyzer/sarif.ts | 32 +- src/cli/index.ts | 393 ++++- src/dashboard/data.ts | 24 + src/dashboard/generate.ts | 579 ++++++- src/diff/engine.ts | 8 +- src/init/index.ts | 29 +- src/init/templates.ts | 79 +- src/mcp/lookup.ts | 35 + src/mcp/server.ts | 27 +- src/parser/clear.ts | 2 +- src/parser/feature-filter.ts | 133 ++ src/parser/index.ts | 2 + src/parser/parse-line.ts | 22 +- src/parser/parse-project.ts | 23 +- src/parser/validate.ts | 7 + src/report/index.ts | 1 + src/report/report.ts | 1013 +++++++++++- src/report/sequence.ts | 165 ++ src/tui/commands.ts | 91 +- src/tui/index.ts | 6 +- src/types/index.ts | 39 + src/workspace/merge.ts | 8 +- tests/fixtures/all-annotations.ts | 1 + tests/parser.test.ts | 24 + threat-dashboard.html | 2555 +++++++++++++++++++---------- 36 files changed, 5233 insertions(+), 990 deletions(-) create mode 100644 src/parser/feature-filter.ts create mode 100644 src/report/sequence.ts diff --git a/AGENTS.md b/AGENTS.md index bf121a4..018fad1 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -14,11 +14,12 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c 1. **Annotate new code.** When you add a function, endpoint, or module that handles user input, accesses data, crosses a trust boundary, or could fail in a security-relevant way — add `@exposes`, `@mitigates`, `@flows`, `@handles`, or at minimum `@comment` annotations. This is not optional. 2. **NEVER write `@accepts`.** That is a human-only governance decision. When you find a risk with no mitigation in code, write `@exposes` to document the risk + `@audit` to flag it for human review + `@comment` to suggest potential controls. -3. Do not delete or mangle existing annotations. Treat them as part of the code. Edit only when intentionally changing the threat model. -4. Definitions (`@asset`, `@threat`, `@control` with `(#id)`) live in `.guardlink/definitions.ts`. Reuse existing `#id`s — never redefine. If you need a new asset or threat, add the definition there first, then reference it in source files. -5. Source files use relationship verbs only: `@mitigates`, `@exposes`, `@flows`, `@handles`, `@boundary`, `@comment`, `@validates`, `@audit`, `@owns`, `@assumes`, `@transfers`. -6. Write coupled annotation blocks that tell a complete story: risk + control (or audit) + data flow + context note. Never write a lone `@exposes` without follow-up. -7. Avoid `@shield` unless a human explicitly asks to hide code from AI — it creates blind spots. +3. **Use `@confirmed` for verified exploits.** When a pentest, CXG scan, or manual reproduction proves a threat is exploitable, mark it with `@confirmed #threat on Asset [severity] -- "evidence"`. This is distinct from `@exposes` (theoretical) — `@confirmed` means real, verified, not a false positive. Include severity based on actual observed impact. +4. Do not delete or mangle existing annotations. Treat them as part of the code. Edit only when intentionally changing the threat model. +5. Definitions (`@asset`, `@threat`, `@control` with `(#id)`) live in `.guardlink/definitions.ts`. Reuse existing `#id`s — never redefine. If you need a new asset or threat, add the definition there first, then reference it in source files. +6. Source files use relationship verbs only: `@mitigates`, `@exposes`, `@confirmed`, `@flows`, `@handles`, `@boundary`, `@comment`, `@validates`, `@audit`, `@owns`, `@assumes`, `@transfers`, `@feature`. +7. Write coupled annotation blocks that tell a complete story: risk + control (or audit) + data flow + context note. Never write a lone `@exposes` without follow-up. +8. Avoid `@shield` unless a human explicitly asks to hide code from AI — it creates blind spots. ### Workflow (while coding) @@ -43,6 +44,8 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c @handles pii on App.API -- "Processes email and session token" @validates #prepared-stmts for App.API -- "sqlInjectionTest.ts ensures placeholders used" @audit App.API -- "Token rotation logic needs crypto review" +@confirmed #sqli on App.API [critical] cwe:CWE-89 -- "Pentest verified: raw SQL injection via email param" +@feature "SSO Login" -- "Single sign-on authentication flow" @owns security-team for App.API -- "Team responsible for reviews" @comment -- "Rate limit: 100 req/15min via express-rate-limit" ``` @@ -52,7 +55,7 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c ### Current Definitions (REUSE these IDs — do NOT redefine) **Assets:** #parser (GuardLink,Parser), #cli (GuardLink,CLI), #tui (GuardLink,TUI), #mcp (GuardLink,MCP), #llm-client (GuardLink,LLM_Client), #dashboard (GuardLink,Dashboard), #init (GuardLink,Init), #agent-launcher (GuardLink,Agent_Launcher), #diff (GuardLink,Diff), #report (GuardLink,Report), #sarif (GuardLink,SARIF), #suggest (GuardLink,Suggest), #workspace-link (Workspace,Link), #merge-engine (Workspace,Merge), #report-metadata (Workspace,Metadata), #workspace-config (Workspace,Config) -**Threats:** #path-traversal (Path_Traversal) [high], #cmd-injection (Command_Injection) [critical], #xss (Cross_Site_Scripting) [high], #api-key-exposure (API_Key_Exposure) [high], #ssrf (Server_Side_Request_Forgery) [medium], #redos (ReDoS) [medium], #arbitrary-write (Arbitrary_File_Write) [high], #prompt-injection (Prompt_Injection) [medium], #dos (Denial_of_Service) [medium], #data-exposure (Sensitive_Data_Exposure) [medium], #insecure-deser (Insecure_Deserialization) [medium], #child-proc-injection (Child_Process_Injection) [high], #info-disclosure (Information_Disclosure) [low], #tag-collision (Tag_Collision) [medium], #config-tamper (Config_Tampering) [medium] +**Threats:** #path-traversal (Path_Traversal) [high], #cmd-injection (Command_Injection) [critical], #xss (Cross_Site_Scripting) [high], #api-key-exposure (API_Key_Exposure) [high], #ssrf (Server_Side_Request_Forgery) [medium], #redos (ReDoS) [medium], #arbitrary-write (Arbitrary_File_Write) [high], #prompt-injection (Prompt_Injection) [medium], #dos (Denial_of_Service) [medium], #data-exposure (Sensitive_Data_Exposure) [medium], #insecure-deser (Insecure_Deserialization) [medium], #child-proc-injection (Child_Process_Injection) [high], #info-disclosure (Information_Disclosure) [low], #secret-exposure (Secret_Exposure) [critical], #tag-collision (Tag_Collision) [medium], #config-tamper (Config_Tampering) [medium] **Controls:** #path-validation (Path_Validation), #input-sanitize (Input_Sanitization), #output-encoding (Output_Encoding), #key-redaction (Key_Redaction), #process-sandbox (Process_Sandboxing), #config-validation (Config_Validation), #resource-limits (Resource_Limits), #param-commands (Parameterized_Commands), #glob-filtering (Glob_Pattern_Filtering), #regex-anchoring (Regex_Anchoring), #prefix-ownership (Prefix_Ownership), #yaml-validation (YAML_Validation) ### Open Exposures (need @mitigates or @audit) @@ -60,16 +63,17 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c - #agent-launcher exposed to #prompt-injection [medium] (src/agents/launcher.ts:13) - #agent-launcher exposed to #dos [low] (src/agents/launcher.ts:15) - #agent-launcher exposed to #prompt-injection [high] (src/agents/prompts.ts:6) +- #agent-launcher exposed to #config-tamper [medium] (src/agents/prompts.ts:10) - #llm-client exposed to #data-exposure [low] (src/analyze/index.ts:12) - #llm-client exposed to #prompt-injection [medium] (src/analyze/llm.ts:17) -- #sarif exposed to #data-exposure [low] (src/analyzer/sarif.ts:15) -- #cli exposed to #cmd-injection [critical] (src/cli/index.ts:31) +- #sarif exposed to #data-exposure [low] (src/analyzer/sarif.ts:16) +- #cli exposed to #cmd-injection [critical] (src/cli/index.ts:33) - #init exposed to #data-exposure [low] (src/init/index.ts:12) +- #parser exposed to #arbitrary-write [high] (src/parser/clear.ts:7) - #mcp exposed to #cmd-injection [high] (src/mcp/index.ts:4) - #mcp exposed to #prompt-injection [medium] (src/mcp/server.ts:30) - #mcp exposed to #data-exposure [medium] (src/mcp/server.ts:34) - #suggest exposed to #dos [low] (src/mcp/suggest.ts:16) -- #parser exposed to #arbitrary-write [high] (src/parser/clear.ts:7) - #tui exposed to #cmd-injection [high] (src/tui/commands.ts:11) - #tui exposed to #prompt-injection [medium] (src/tui/commands.ts:15) @@ -82,24 +86,29 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c - #agent-launcher -> AgentProcess via spawn - AgentProcess -> #agent-launcher via stdout - UserPrompt -> #agent-launcher via buildAnnotatePrompt +- UserPrompt -> #agent-launcher via buildTranslatePrompt +- UserPrompt -> #agent-launcher via buildAskPrompt - ThreatModel -> #agent-launcher via model - #agent-launcher -> AgentPrompt via return - ThreatModel -> #llm-client via serializeModel - ProjectFiles -> #llm-client via readFileSync - #llm-client -> ReportFile via writeFileSync +- PentestFindings -> #llm-client via readFileSync - LLMConfig -> #llm-client via chatCompletion - #llm-client -> LLMProvider via fetch - LLMProvider -> #llm-client via response - LLMToolCall -> #llm-client via createToolExecutor - #llm-client -> NVD via fetch -- ProjectFiles -> #llm-client via readFileSync -- ThreatModel -> #sarif via generateSarif -- #sarif -> SarifLog via return -- ... and 48 more +- ... and 52 more + +### Features (filter with `--feature`) + +- "Dashboard" +- "MCP Integration" ### Model Stats -290 annotations, 16 assets, 15 threats, 12 controls, 60 exposures, 44 mitigations, 68 flows +305 annotations, 16 assets, 16 threats, 12 controls, 61 exposures, 0 confirmed, 46 mitigations, 72 flows, 2 features > **Note:** This section is auto-generated. Run `guardlink sync` to update after code changes. > Any coding agent (Cursor, Claude, Copilot, Windsurf, etc.) should reference these IDs @@ -116,6 +125,16 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c + + + + + + + + + + diff --git a/CHANGELOG.md b/CHANGELOG.md index bc6ffd3..25b4ecb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,56 @@ All notable changes to GuardLink CLI will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.5.0] — 2026-04-09 + +### Added + +- **`@confirmed` annotation** — New verb for verified exploitable findings. Distinct from `@exposes` (theoretical) and `@accepts` (governance). Syntax: `@confirmed #threat on Asset [severity] cwe:CWE-NNN -- "evidence"`. A `@confirmed` annotation means the threat has been proven exploitable through pentest, automated CXG scan with reproducible evidence, or manual reproduction — not a false positive. Full pipeline: parser, model assembly, dangling-ref validation, SARIF `error`-level export, CLI `status` output, dashboard emphasis, LLM report inclusion, MCP `guardlink_lookup "confirmed"`. + +- **`@feature` annotation** — New metadata verb to tag files/code with a named product feature. Syntax: `@feature "Feature Name" -- "description"`. Association is file-level: all annotations in a file with `@feature "X"` are considered part of that feature. Enables feature-scoped filtering across all output modes. + +- **Feature filtering (`--feature` flag)** — `guardlink status`, `guardlink report`, and `guardlink dashboard` all gain `--feature ` (comma-separated). Filters all output — assets, threats, exposures, flows — to files tagged with the named feature(s). Dashboard gets a live feature filter dropdown in the header with a dismissible banner. TUI gains `/feature [name]` command to list features or drill into one. + +- **`guardlink translate [prompt]`** — New command that translates GuardLink threat model findings into CERT-X-GEN (CXG) pentest templates (generation only, no execution). Supports all agent backends: `--claude-code`, `--codex`, `--gemini`, `--cursor`, `--windsurf`, `--clipboard`. Reads CXG reference docs and skeleton templates from `GUARDLINK_CXG_ROOT` env or configured default path. + +- **`guardlink ask `** — New command that answers natural-language questions about the threat model and codebase context, launching an AI agent with full model serialization as context. + +- **Pentest integration** — GuardLink now loads CXG scan results from `.guardlink/pentest-findings/` (JSON) and template metadata from `.guardlink/cxg-templates/`. New interfaces: `PentestFinding`, `PentestScanResult`, `PentestTemplate`, `PentestData`. Findings are injected as a `` block into AI threat reports, `guardlink threat-report`, and the dashboard. Dashboard gains a dedicated **Pentest Findings** sidebar section with scan summary tables and per-finding detail drawers. + +- **Expanded threat model report** (`guardlink report`) — `generateReport()` now produces 10 structured sections (was: Executive Summary + tables): + 1. Application Overview (auto-populated from `.guardlink/prompt.md` if present) + 2. Scope of This Threat Model + 3. Architecture (Mermaid DFD) + 4. Key Flows & Sequence (new Mermaid sequence diagram from `@flows`) + 5. Data Inventory + 6. Roles & Access + 7. Dependencies + 8. Secrets, Keys & Credential Management + 9. Logging, Monitoring & Audit + 10. AI/ML System Details (conditional — emitted only when AI-related threats are detected) + + Report header now includes GuardLink version and git commit/branch from metadata. Confirmed exploitable findings appear as a row in the Executive Summary table. + +- **Sequence diagram** (`src/report/sequence.ts`) — New Mermaid `sequenceDiagram` generator built from `@flows` annotations, showing step-by-step participant interactions. Used in the Key Flows & Sequence report section. + +- **`.guardlink/prompt.md`** — `guardlink init` and `guardlink sync` now create this skeleton file. AI annotation agents fill it in with a security-focused project overview (what the app does, components, trust boundaries, data sensitivity, deployment). `guardlink report` reads it and injects the content as the Application Overview section. + +- **SARIF: confirmed exploitable rule** — New `guardlink/confirmed-exploitable` SARIF rule emitting `error`-level results for `@confirmed` annotations. These appear alongside unmitigated exposures in GitHub Advanced Security. + +- **MCP `guardlink_lookup` queries** — Two new query types: `"confirmed"` returns all `@confirmed` verified findings; `"features"` returns all `@feature`-tagged feature names with their associated files. + +- **LLM prompt improvements** — `buildUserMessage()` accepts pentest findings context. AI prompts now distinguish pentest-confirmable threats from governance/design gaps, and teach agents when to use `@confirmed` vs `@exposes` vs `@audit`. + +### Changed + +- **`guardlink status`** — Now prints `@confirmed` findings with a red badge below the exposure list. Accepts `--feature` for filtered output. +- **`guardlink report`** — Accepts `--feature` for scoped reports. Reads `.guardlink/prompt.md` for Application Overview. +- **`guardlink dashboard`** — Accepts `--feature`. Risk score formula now accounts for confirmed finding count. Feature filter dropdown in header. +- **`guardlink threat-report`** — Pentest findings from `.guardlink/pentest-findings/` are automatically included in AI analysis context. AI prompted to emit a dedicated "Pentest Results" section when findings are present. +- **`/gal` TUI command** — Documents `@feature` tagging with examples. +- **SARIF export** — `@confirmed` findings now appear as `error`-level entries under the new rule; `@exposes` severity mapping unchanged. +- **MCP server** — Status tool description updated to reflect confirmed count. `guardlink_lookup` extended with `confirmed` and `features` queries. + ## [1.4.1] — 2026-03-12 ### Fixed diff --git a/CLAUDE.md b/CLAUDE.md index 68c3a9f..e3f2682 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -14,11 +14,12 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c 1. **Annotate new code.** When you add a function, endpoint, or module that handles user input, accesses data, crosses a trust boundary, or could fail in a security-relevant way — add `@exposes`, `@mitigates`, `@flows`, `@handles`, or at minimum `@comment` annotations. This is not optional. 2. **NEVER write `@accepts`.** That is a human-only governance decision. When you find a risk with no mitigation in code, write `@exposes` to document the risk + `@audit` to flag it for human review + `@comment` to suggest potential controls. -3. Do not delete or mangle existing annotations. Treat them as part of the code. Edit only when intentionally changing the threat model. -4. Definitions (`@asset`, `@threat`, `@control` with `(#id)`) live in `.guardlink/definitions.ts`. Reuse existing `#id`s — never redefine. If you need a new asset or threat, add the definition there first, then reference it in source files. -5. Source files use relationship verbs only: `@mitigates`, `@exposes`, `@flows`, `@handles`, `@boundary`, `@comment`, `@validates`, `@audit`, `@owns`, `@assumes`, `@transfers`. -6. Write coupled annotation blocks that tell a complete story: risk + control (or audit) + data flow + context note. Never write a lone `@exposes` without follow-up. -7. Avoid `@shield` unless a human explicitly asks to hide code from AI — it creates blind spots. +3. **Use `@confirmed` for verified exploits.** When a pentest, CXG scan, or manual reproduction proves a threat is exploitable, mark it with `@confirmed #threat on Asset [severity] -- "evidence"`. This is distinct from `@exposes` (theoretical) — `@confirmed` means real, verified, not a false positive. Include severity based on actual observed impact. +4. Do not delete or mangle existing annotations. Treat them as part of the code. Edit only when intentionally changing the threat model. +5. Definitions (`@asset`, `@threat`, `@control` with `(#id)`) live in `.guardlink/definitions.ts`. Reuse existing `#id`s — never redefine. If you need a new asset or threat, add the definition there first, then reference it in source files. +6. Source files use relationship verbs only: `@mitigates`, `@exposes`, `@confirmed`, `@flows`, `@handles`, `@boundary`, `@comment`, `@validates`, `@audit`, `@owns`, `@assumes`, `@transfers`, `@feature`. +7. Write coupled annotation blocks that tell a complete story: risk + control (or audit) + data flow + context note. Never write a lone `@exposes` without follow-up. +8. Avoid `@shield` unless a human explicitly asks to hide code from AI — it creates blind spots. ### Workflow (while coding) @@ -43,6 +44,8 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c @handles pii on App.API -- "Processes email and session token" @validates #prepared-stmts for App.API -- "sqlInjectionTest.ts ensures placeholders used" @audit App.API -- "Token rotation logic needs crypto review" +@confirmed #sqli on App.API [critical] cwe:CWE-89 -- "Pentest verified: raw SQL injection via email param" +@feature "SSO Login" -- "Single sign-on authentication flow" @owns security-team for App.API -- "Team responsible for reviews" @comment -- "Rate limit: 100 req/15min via express-rate-limit" ``` @@ -52,7 +55,7 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c ### Current Definitions (REUSE these IDs — do NOT redefine) **Assets:** #parser (GuardLink,Parser), #cli (GuardLink,CLI), #tui (GuardLink,TUI), #mcp (GuardLink,MCP), #llm-client (GuardLink,LLM_Client), #dashboard (GuardLink,Dashboard), #init (GuardLink,Init), #agent-launcher (GuardLink,Agent_Launcher), #diff (GuardLink,Diff), #report (GuardLink,Report), #sarif (GuardLink,SARIF), #suggest (GuardLink,Suggest), #workspace-link (Workspace,Link), #merge-engine (Workspace,Merge), #report-metadata (Workspace,Metadata), #workspace-config (Workspace,Config) -**Threats:** #path-traversal (Path_Traversal) [high], #cmd-injection (Command_Injection) [critical], #xss (Cross_Site_Scripting) [high], #api-key-exposure (API_Key_Exposure) [high], #ssrf (Server_Side_Request_Forgery) [medium], #redos (ReDoS) [medium], #arbitrary-write (Arbitrary_File_Write) [high], #prompt-injection (Prompt_Injection) [medium], #dos (Denial_of_Service) [medium], #data-exposure (Sensitive_Data_Exposure) [medium], #insecure-deser (Insecure_Deserialization) [medium], #child-proc-injection (Child_Process_Injection) [high], #info-disclosure (Information_Disclosure) [low], #tag-collision (Tag_Collision) [medium], #config-tamper (Config_Tampering) [medium] +**Threats:** #path-traversal (Path_Traversal) [high], #cmd-injection (Command_Injection) [critical], #xss (Cross_Site_Scripting) [high], #api-key-exposure (API_Key_Exposure) [high], #ssrf (Server_Side_Request_Forgery) [medium], #redos (ReDoS) [medium], #arbitrary-write (Arbitrary_File_Write) [high], #prompt-injection (Prompt_Injection) [medium], #dos (Denial_of_Service) [medium], #data-exposure (Sensitive_Data_Exposure) [medium], #insecure-deser (Insecure_Deserialization) [medium], #child-proc-injection (Child_Process_Injection) [high], #info-disclosure (Information_Disclosure) [low], #secret-exposure (Secret_Exposure) [critical], #tag-collision (Tag_Collision) [medium], #config-tamper (Config_Tampering) [medium] **Controls:** #path-validation (Path_Validation), #input-sanitize (Input_Sanitization), #output-encoding (Output_Encoding), #key-redaction (Key_Redaction), #process-sandbox (Process_Sandboxing), #config-validation (Config_Validation), #resource-limits (Resource_Limits), #param-commands (Parameterized_Commands), #glob-filtering (Glob_Pattern_Filtering), #regex-anchoring (Regex_Anchoring), #prefix-ownership (Prefix_Ownership), #yaml-validation (YAML_Validation) ### Open Exposures (need @mitigates or @audit) @@ -60,16 +63,17 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c - #agent-launcher exposed to #prompt-injection [medium] (src/agents/launcher.ts:13) - #agent-launcher exposed to #dos [low] (src/agents/launcher.ts:15) - #agent-launcher exposed to #prompt-injection [high] (src/agents/prompts.ts:6) +- #agent-launcher exposed to #config-tamper [medium] (src/agents/prompts.ts:10) - #llm-client exposed to #data-exposure [low] (src/analyze/index.ts:12) - #llm-client exposed to #prompt-injection [medium] (src/analyze/llm.ts:17) -- #sarif exposed to #data-exposure [low] (src/analyzer/sarif.ts:15) -- #cli exposed to #cmd-injection [critical] (src/cli/index.ts:31) +- #sarif exposed to #data-exposure [low] (src/analyzer/sarif.ts:16) +- #cli exposed to #cmd-injection [critical] (src/cli/index.ts:33) - #init exposed to #data-exposure [low] (src/init/index.ts:12) +- #parser exposed to #arbitrary-write [high] (src/parser/clear.ts:7) - #mcp exposed to #cmd-injection [high] (src/mcp/index.ts:4) - #mcp exposed to #prompt-injection [medium] (src/mcp/server.ts:30) - #mcp exposed to #data-exposure [medium] (src/mcp/server.ts:34) - #suggest exposed to #dos [low] (src/mcp/suggest.ts:16) -- #parser exposed to #arbitrary-write [high] (src/parser/clear.ts:7) - #tui exposed to #cmd-injection [high] (src/tui/commands.ts:11) - #tui exposed to #prompt-injection [medium] (src/tui/commands.ts:15) @@ -82,24 +86,29 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c - #agent-launcher -> AgentProcess via spawn - AgentProcess -> #agent-launcher via stdout - UserPrompt -> #agent-launcher via buildAnnotatePrompt +- UserPrompt -> #agent-launcher via buildTranslatePrompt +- UserPrompt -> #agent-launcher via buildAskPrompt - ThreatModel -> #agent-launcher via model - #agent-launcher -> AgentPrompt via return - ThreatModel -> #llm-client via serializeModel - ProjectFiles -> #llm-client via readFileSync - #llm-client -> ReportFile via writeFileSync +- PentestFindings -> #llm-client via readFileSync - LLMConfig -> #llm-client via chatCompletion - #llm-client -> LLMProvider via fetch - LLMProvider -> #llm-client via response - LLMToolCall -> #llm-client via createToolExecutor - #llm-client -> NVD via fetch -- ProjectFiles -> #llm-client via readFileSync -- ThreatModel -> #sarif via generateSarif -- #sarif -> SarifLog via return -- ... and 48 more +- ... and 52 more + +### Features (filter with `--feature`) + +- "Dashboard" +- "MCP Integration" ### Model Stats -290 annotations, 16 assets, 15 threats, 12 controls, 60 exposures, 44 mitigations, 68 flows +305 annotations, 16 assets, 16 threats, 12 controls, 61 exposures, 0 confirmed, 46 mitigations, 72 flows, 2 features > **Note:** This section is auto-generated. Run `guardlink sync` to update after code changes. > Any coding agent (Cursor, Claude, Copilot, Windsurf, etc.) should reference these IDs @@ -116,6 +125,16 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c + + + + + + + + + + diff --git a/README.md b/README.md index aab6572..1674431 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,8 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af | `guardlink sarif [dir]` | Export unmitigated exposures as SARIF 2.1.0 | | `guardlink threat-report [fw]` | AI threat report (stride/dread/pasta/attacker/rapid/general) | | `guardlink threat-reports` | List saved AI threat reports | +| `guardlink translate [prompt]` | Generate CERT-X-GEN pentest templates from threat model findings | +| `guardlink ask ` | Ask a natural-language question about the threat model and codebase | | `guardlink review [dir]` | Interactive governance review — accept, remediate, or skip unmitigated exposures | | `guardlink review --list` | List reviewable exposures without prompting | | `guardlink clear [dir]` | Remove all annotations from source files (with `--dry-run` preview) | @@ -241,6 +243,8 @@ GuardLink annotations go in comments in any language. The parser supports `//`, | `@control` | Define a security control | `@control WAF (#waf)` | | `@mitigates` | Control protects asset against threat | `@mitigates #api against #sqli using #prepared-stmts` | | `@exposes` | Asset vulnerable to threat | `@exposes #api to #xss [P1]` | +| `@confirmed` | Threat verified exploitable (pentest/scan) | `@confirmed #sqli on #api [critical] -- "Verified in pen test"` | +| `@feature` | Tag code with a product feature name | `@feature "SSO Login" -- "Single sign-on authentication flow"` | | `@accepts` | Risk acknowledged | `@accepts #dos on #api -- "By design"` | | `@transfers` | Risk moved between assets | `@transfers #sqli from #api to #db` | | `@flow` | Data flow between assets | `@flow #api -> #db via "SQL"` | @@ -303,7 +307,31 @@ For workspace setups, GuardLink provides two additional workflow templates: a pe ### SARIF -`guardlink sarif` exports unmitigated exposures as SARIF 2.1.0. Upload to GitHub Advanced Security and every `@exposes` appears as a code scanning alert with file, line, severity, and CWE. +`guardlink sarif` exports unmitigated exposures and `@confirmed` findings as SARIF 2.1.0. Upload to GitHub Advanced Security: unmitigated `@exposes` appear as warnings or errors by severity; `@confirmed` exploitable findings appear as errors. + +### Pentest Integration + +GuardLink bridges threat modeling and penetration testing in both directions. + +**From threat model to pentest templates** — `guardlink translate` reads your `@exposes` annotations and generates CERT-X-GEN (CXG) pentest template stubs targeting the specific threats you've documented. Run it with any agent backend: + +```bash +guardlink translate --claude-code +guardlink translate "focus on injection paths" --clipboard +``` + +**From pentest results back to the threat model** — Drop CXG scan result JSON files into `.guardlink/pentest-findings/`. GuardLink reads them automatically and: +- Injects findings as empirical evidence in `guardlink threat-report` and AI analyses +- Displays a **Pentest Findings** section in `guardlink dashboard` +- Teaches agents to cross-reference scan results against `@exposes` annotations + +**Marking verified findings** — When a pentest or scan proves a threat is exploitable, add `@confirmed` to close the loop: + +```typescript +// @confirmed #sqli on App.API [critical] cwe:CWE-89 -- "CXG scan 2026-04: time-based blind SQLi on /login confirmed" +``` + +`@confirmed` is distinct from `@exposes` (hypothesis) — it means real, verified, not a false positive. --- diff --git a/docs/GUARDLINK_REFERENCE.md b/docs/GUARDLINK_REFERENCE.md index 5d059c9..8afc4b1 100644 --- a/docs/GUARDLINK_REFERENCE.md +++ b/docs/GUARDLINK_REFERENCE.md @@ -12,6 +12,7 @@ DEFINE @asset (#id) -- "description" RELATE @mitigates against <#threat> using <#control> -- "how" @exposes to <#threat> [severity] cwe:CWE-NNN -- "what's wrong" + @confirmed <#threat> on [severity] cwe:CWE-NNN -- "verified evidence" @accepts <#threat> on -- "HUMAN-ONLY — AI agents must use @audit instead" @transfers <#threat> from to -- "who handles it" @@ -26,6 +27,8 @@ LIFECYCLE @handles on @assumes -- "unverified assumption" +METADATA @feature "Feature Name" -- "tag code with a feature for filtering" + COMMENT @comment -- "security-relevant developer note" PROTECT @shield -- "reason" @@ -55,10 +58,12 @@ Append after severity: `cwe:CWE-89`, `owasp:A03:2021`, `capec:CAPEC-66`, `attack | Writing new endpoint/handler | `@exposes` + `@mitigates` (or `@audit`) + `@flows` + `@comment` — tell the complete story | | New service/component | `@asset` in definitions, then reference in source | | Security gap exists | `@exposes Asset to #threat` + `@audit Asset` | +| Threat verified exploitable | `@confirmed #threat on Asset [severity] -- "pentest/scan evidence"` | | Risk with no fix yet | `@audit Asset` + `@comment` explaining potential controls. NEVER `@accepts`. | | Implementing a fix | `@mitigates Asset against #threat using #control` | | Processing sensitive data | `@handles pii on Asset` | | Proprietary algorithm | `@shield:begin` ... `@shield:end` (only if human requests it) | +| Tagging code to a feature | `@feature "SSO Login" -- "Single sign-on flow"` | | Unsure which annotation | `@comment -- "describe what you see"` | ## CLI Commands @@ -80,6 +85,8 @@ guardlink diff [ref] # Compare threat model against a git ref guardlink threat-report # AI threat report (see frameworks below) guardlink threat-reports # List saved threat reports guardlink annotate # Launch coding agent to add annotations +guardlink translate [prompt] # Generate CERT-X-GEN pentest templates from threat findings +guardlink ask # Ask questions about the threat model and codebase guardlink config # Manage LLM provider / CLI agent configuration # Governance & Maintenance @@ -88,11 +95,18 @@ guardlink review --list [--severity X] # List reviewable exposures without prom guardlink clear [dir] [--dry-run] # Remove all annotations from source files guardlink sync [dir] # Sync agent instruction files with current threat model guardlink unannotated [dir] # List source files with no annotations +guardlink feature list [dir] # List all @feature tags with stats +guardlink feature show # Show threat model for a specific feature # Interactive guardlink tui [dir] # Interactive TUI: slash commands + AI chat guardlink mcp # Start MCP server (stdio) for Claude Code, Cursor, etc. guardlink gal # Display GAL annotation language quick reference + +# Feature filtering (--feature flag on report, dashboard, status, translate) +guardlink report . --feature "SSO Login" # Report filtered to feature +guardlink dashboard . --feature "SSO,Payments" # Dashboard filtered to features +guardlink status . --feature "SSO Login" # Status filtered to feature ``` ## Threat Report Frameworks @@ -153,6 +167,7 @@ Run `guardlink tui` for the interactive terminal interface: /diff [ref] Compare model vs git ref (default: HEAD~1) /sarif [-o file] Export SARIF 2.1.0 /gal GAL annotation language guide +/feature List all @feature tags (freeform text) Chat about your threat model with AI ``` @@ -160,12 +175,12 @@ Run `guardlink tui` for the interactive terminal interface: 1. **@boundary requires TWO assets**: `@boundary between #A and #B` or `@boundary #A | #B`. 2. **@flows is ONE source → ONE target per line**: `@flows -> via `. -3. **@exposes / @mitigates require defined #id refs**: Every `#id` must have a definition in `.guardlink/definitions.*`. -4. **Severity in square brackets**: `[P0]` `[P1]` `[P2]` `[P3]` or `[critical]` `[high]` `[medium]` `[low]`. Goes AFTER the threat ref. +3. **@exposes / @mitigates / @confirmed require defined #id refs**: Every `#id` must have a definition in `.guardlink/definitions.*`. +4. **Severity in square brackets**: `[P0]` `[P1]` `[P2]` `[P3]` or `[critical]` `[high]` `[medium]` `[low]`. Goes AFTER the threat ref on `@exposes`; on `@confirmed` it reflects **verified** impact (optional but recommended). 5. **Descriptions in double quotes after --**: `-- "description text here"`. 6. **IDs use parentheses in definitions, hash in references**: Define `(#sqli)`, reference `#sqli`. 7. **Asset references**: Use `#id` or `Dotted.Path` — no spaces or special chars. -8. **External refs space-separated after severity**: `cwe:CWE-89 owasp:A03:2021 capec:CAPEC-66`. +8. **External refs space-separated after severity**: `cwe:CWE-89 owasp:A03:2021 capec:CAPEC-66` (on `@threat`, `@exposes`, `@confirmed`). 9. **@comment always needs -- and quotes**: `@comment -- "your note here"`. 10. **One annotation per comment line.** Do NOT put two @verbs on the same line. @@ -173,7 +188,7 @@ Run `guardlink tui` for the interactive terminal interface: When connected via `.mcp.json`, use: - `guardlink_parse` — parse annotations, return threat model -- `guardlink_lookup` — query threats, controls, exposures by ID +- `guardlink_lookup` — query threats, controls, exposures by ID (try `unmitigated`, `confirmed`) - `guardlink_suggest` — get annotation suggestions for a file - `guardlink_validate` — check for syntax errors - `guardlink_status` — coverage stats diff --git a/docs/SPEC.md b/docs/SPEC.md index 02318cf..24d2a4f 100644 --- a/docs/SPEC.md +++ b/docs/SPEC.md @@ -24,7 +24,7 @@ GuardLink extends the original ThreatSpec specification (dormant since 2020) wit **1.3. Annotations are structured data.** While readable as English, every annotation has a deterministic grammar that can be parsed by regex into typed data structures. Ambiguous or free-form syntax is avoided. -**1.4. Annotations capture intent, not implementation.** An `@exposes` annotation says "this code is vulnerable to X" — it does not describe how the vulnerability works. A `@mitigates` annotation says "this code defends against X" — it does not duplicate the implementation. The annotation is a pointer from code to the threat model. +**1.4. Annotations capture intent, not implementation.** An `@exposes` annotation says "this code is vulnerable to X" — it does not describe how the vulnerability works. A `@mitigates` annotation says "this code defends against X" — it does not duplicate the implementation. A `@confirmed` annotation says "this threat was verified exploitable here" with evidence summarized in the description — it is not a false positive. The annotation is a pointer from code to the threat model. **1.5. Annotations are incremental.** A codebase does not need 100% annotation coverage to be useful. A single `@exposes` annotation on a critical endpoint is valuable. Tools should work with partial annotation and measure coverage over time. @@ -337,6 +337,40 @@ def get_user(user_id: int): return db.get_user(user_id) # Anyone can access any user ``` +#### `@confirmed` — Verified Exploitable Finding + +``` +@confirmed on [] [] [-- ""] +``` + +Declares that a threat against an asset has been **verified** through penetration testing, automated security scanning with reproducible evidence, or manual exploitation — not a theoretical risk. This is distinct from `@exposes` (developer hypothesis) and from `@accepts` (governance decision to live with risk). Tools should surface `@confirmed` as highest-priority findings (e.g., SARIF `error`, dashboard emphasis). + +The optional `[severity]` reflects **observed** impact from verification; it may differ from the severity on a matching `@exposes` or `@threat` definition. + +```typescript +// @confirmed #secret-exposure on App.Config [critical] cwe:CWE-798 -- "TruffleHog + manual: live API key in committed .env.example, verified against provider" +``` + +#### `@feature` — Feature Tag + +``` +@feature "" [-- ""] +``` + +Tags the file with a named product feature. All annotations in a file that carries `@feature "X"` are associated with that feature. A file may carry multiple `@feature` tags. Feature names are free-form quoted strings. + +Feature tags are metadata only — they have no effect on validation or coverage scoring. Their purpose is to allow threat model consumers (CLI, dashboard, reports) to filter or scope the model to a subset of the system: + +- `guardlink status . --feature "SSO Login"` — coverage stats for one feature +- `guardlink report . --feature "Payments"` — report scoped to that feature +- Dashboard feature filter dropdown + +```typescript +// @feature "SSO Login" -- "Single sign-on authentication flow" +// @feature "Payment Processing" +export async function handleOAuthCallback(req: Request) { ... } +``` + #### `@accepts` — Acknowledge a Risk ``` diff --git a/package-lock.json b/package-lock.json index 1598cd4..28998be 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "guardlink", - "version": "1.3.0", + "version": "1.4.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "guardlink", - "version": "1.3.0", + "version": "1.4.1", "license": "MIT", "dependencies": { "@modelcontextprotocol/sdk": "^1.26.0", diff --git a/src/agents/index.ts b/src/agents/index.ts index a1bf5c5..36086b4 100644 --- a/src/agents/index.ts +++ b/src/agents/index.ts @@ -50,4 +50,4 @@ export function agentFromOpts(opts: Record): AgentEntry | null { export { launchAgentForeground, launchAgentIDE, launchAgent, launchAgentInline, copyToClipboard } from './launcher.js'; export type { InlineResult } from './launcher.js'; -export { buildAnnotatePrompt } from './prompts.js'; +export { buildAnnotatePrompt, buildTranslatePrompt, buildAskPrompt } from './prompts.js'; diff --git a/src/agents/prompts.ts b/src/agents/prompts.ts index 646b7fa..ea7f2a4 100644 --- a/src/agents/prompts.ts +++ b/src/agents/prompts.ts @@ -7,7 +7,11 @@ * @audit #agent-launcher -- "Prompt injection mitigated by agent's own safety measures; GuardLink prompt is read-only context" * @exposes #agent-launcher to #path-traversal [medium] cwe:CWE-22 -- "Reads reference docs from root-relative paths" * @mitigates #agent-launcher against #path-traversal using #path-validation -- "resolve() with root constrains file access" + * @exposes #agent-launcher to #config-tamper [medium] cwe:CWE-15 -- "Translate prompt may read CXG reference paths from environment overrides" + * @audit #agent-launcher -- "Environment override paths are optional convenience; verify trusted local paths in CI" * @flows UserPrompt -> #agent-launcher via buildAnnotatePrompt -- "User instruction input" + * @flows UserPrompt -> #agent-launcher via buildTranslatePrompt -- "Template translation instruction input" + * @flows UserPrompt -> #agent-launcher via buildAskPrompt -- "Threat model question input" * @flows ThreatModel -> #agent-launcher via model -- "Model context injection" * @flows #agent-launcher -> AgentPrompt via return -- "Assembled prompt output" * @handles internal on #agent-launcher -- "Serializes threat model IDs and flows into prompt" @@ -17,6 +21,18 @@ import { existsSync, readFileSync } from 'node:fs'; import { resolve } from 'node:path'; import type { ThreatModel } from '../types/index.js'; +const DEFAULT_CXG_ROOT = '/Users/shahidhakim/Downloads/cert-x-gen-fix-template-update-url-migration-and-cli'; +const DEFAULT_CXG_SKELETON_DIR = '/Users/shahidhakim/Downloads/cert-x-gen-fix-template-update-url-migration-and-cli/cert-x-gen-templates-main/templates/skeleton'; + +function readIfExists(path: string, maxChars = 5000): string { + if (!existsSync(path)) return ''; + try { + return readFileSync(path, 'utf-8').slice(0, maxChars); + } catch { + return ''; + } +} + /** * Build a prompt for annotation agents. * @@ -50,6 +66,7 @@ export function buildAnnotatePrompt( const parts = [ `${model.annotations_parsed} annotations`, `${model.exposures.length} exposures`, + ...((model.confirmed || []).length > 0 ? [`${model.confirmed.length} confirmed exploitable`] : []), `${model.assets.length} assets`, `${model.threats.length} threats`, `${model.controls.length} controls`, @@ -262,6 +279,16 @@ Example — what to do when no mitigation exists: Leaving exposures unmitigated is HONEST. The dashboard and reports will surface them as open risks for humans to triage. +### Pentest-Confirmable vs Governance-Only Gaps +When documenting threats, distinguish between: +1. **Pentest-confirmable findings**: testable with concrete I/O behavior (e.g., injection, auth bypass, IDOR, exposed service, unsafe deserialization). Document the risk with @exposes (hypothesis). After a pentest, CXG scan, or manual reproduction **proves** exploitability with evidence, add @confirmed #threat on Asset [severity] -- "evidence summary" — never use @confirmed for guesses or scanner noise without verification. +2. **Governance/design gaps**: important risks that are not directly testable as a penetration test template (e.g., missing ownership process, policy-only controls, broad architectural assumptions with no direct exploit path). + +For governance/design gaps: +- Do NOT force a fake exploit-style exposure. +- Add @audit on the relevant asset with precise reasoning. +- Add @comment suggesting concrete controls or follow-up review tasks. + ### @shield — DO NOT USE Unless Explicitly Asked @shield and @shield:begin/@shield:end block AI coding assistants from reading the annotated code. This means any shielded code becomes invisible to AI tools — they cannot analyze, refactor, or annotate it. @@ -285,6 +312,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re \`\`\` // @shield:begin -- "Relationship syntax examples, excluded from parsing" // @exposes #auth to #sqli [P0] cwe:CWE-89 owasp:A03:2021 -- "User input concatenated into query" +// @confirmed #sqli on #auth [critical] cwe:CWE-89 -- "Pentest 2026-04: time-based blind SQLi on /login confirmed" // @mitigates #auth against #sqli using #prepared-stmts -- "Uses parameterized queries via sqlx" // @audit #auth -- "Timing attack risk — needs human review to decide if bcrypt constant-time comparison is sufficient" // @transfers #ddos from #api to #cdn -- "Cloudflare handles L7 DDoS mitigation" @@ -295,6 +323,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re // @audit #auth -- "Session token rotation logic needs cryptographic review" // @assumes #auth -- "Upstream API gateway has already validated TLS and rate-limited requests" // @owns security-team for #auth -- "Security team reviews all auth PRs" +// @feature "SSO Login" -- "Single sign-on authentication flow" // @comment -- "Password hashing uses bcrypt with cost factor 12, migration from SHA256 completed in v2.1" // @shield:end \`\`\` @@ -315,6 +344,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re 4. **Severity in square brackets**: \`[P0]\` \`[P1]\` \`[P2]\` \`[P3]\` or \`[critical]\` \`[high]\` \`[medium]\` \`[low]\`. Goes AFTER the threat ref in @exposes: \`@exposes #app to #sqli [P0] cwe:CWE-89\` + On @confirmed, severity is optional but recommended — it reflects **verified** impact: \`@confirmed #sqli on #app [critical] -- "evidence"\` 5. **Descriptions in double quotes after --**: \`-- "description text here"\` WRONG: \`@comment "just a note"\` or \`@comment -- note without quotes\` @@ -352,8 +382,432 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re 5. **Use the project's comment style** (// for JS/TS/Go/Rust, # for Python/Ruby/Shell, etc.) -6. **Run validation** via guardlink_validate (MCP) or \`guardlink validate\` to check for errors. +6. **Generate project description.** If \`.guardlink/prompt.md\` exists and contains only the skeleton template + (HTML comments / placeholder headings with no real content), fill it in based on what you learned while + reading the codebase. Write a security-focused project overview covering: + - What the application does and who its users are + - Key components and services + - Trust boundaries (where trust changes between components) + - Data sensitivity (PII, credentials, financial data, etc.) + - Deployment context (cloud, containers, CI/CD, etc.) + This file feeds into \`guardlink report\` as the Application Overview section. + **Do NOT overwrite user-written content** — only fill in the template placeholders. + +7. **Run validation** via guardlink_validate (MCP) or \`guardlink validate\` to check for errors. + +8. **Fix any validation errors** before finishing — especially dangling refs and malformed syntax. +`; +} + +/** + * Build a prompt for translating GuardLink threat model findings into + * CERT-X-GEN (CXG) pentest templates. + */ +export function buildTranslatePrompt( + userPrompt: string, + root: string, + model: ThreatModel | null, +): string { + const cxgRoot = process.env.GUARDLINK_CXG_ROOT || DEFAULT_CXG_ROOT; + const skeletonDir = process.env.GUARDLINK_CXG_SKELETON_DIR || DEFAULT_CXG_SKELETON_DIR; + + const templateGuide = readIfExists(resolve(cxgRoot, 'cert-x-gen-templates-main', 'docs', 'TEMPLATE_GUIDE.md'), 4000); + const promptEngine = readIfExists(resolve(cxgRoot, 'src', 'ai', 'prompt.rs'), 4000); + const yamlSkeleton = readIfExists(resolve(skeletonDir, 'yaml-template-skeleton.yaml'), 5000); + const pythonSkeleton = readIfExists(resolve(skeletonDir, 'python-template-skeleton.py'), 3000); + + let modelSummary = 'No threat model parsed yet.'; + let candidateExposures = ''; + if (model) { + const unmitigated = model.exposures.filter((e) => + !model.mitigations.some((m) => m.asset === e.asset && m.threat === e.threat) + ); + + modelSummary = `Current model: ${model.annotations_parsed} annotations, ${model.exposures.length} exposures, ${(model.confirmed || []).length} confirmed, ${unmitigated.length} unmitigated exposures, ${model.assets.length} assets, ${model.threats.length} threats.`; + if (unmitigated.length > 0) { + const lines = unmitigated.slice(0, 40).map((e) => + `- ${e.asset} -> ${e.threat} [${e.severity || 'unrated'}] (${e.location.file}:${e.location.line})` + ); + candidateExposures = `\n\nUnmitigated exposure candidates:\n${lines.join('\n')}`; + if (unmitigated.length > 40) { + candidateExposures += `\n- ... and ${unmitigated.length - 40} more`; + } + } + } + + const instruction = userPrompt.trim() + ? userPrompt.trim() + : 'Generate CXG pentest templates for all pentest-confirmable high/critical threats first, then medium.'; + + return `You are a senior offensive security engineer translating GuardLink threat-model findings into CERT-X-GEN (CXG) templates. + +## Mission +Convert pentest-confirmable threats into runnable CXG templates. Do NOT execute templates. Only author template files. + +## Current Threat Model +${modelSummary}${candidateExposures} + +## User Request +${instruction} + +## Required CXG CLI Discovery (Do This First) +Before generating final user guidance, discover the actual CLI usage on this machine: +1. Try: \`cxg --help\` +2. Try: \`cxg scan --help\` +3. Try: \`cxg template --help\` +4. If \`cxg\` is not in PATH, try local binary from source checkout (if present): + - \`${cxgRoot}/target/release/cxg --help\` + - \`${cxgRoot}/target/release/cxg scan --help\` + - \`${cxgRoot}/target/release/cxg template --help\` +5. Base user instructions on the commands that actually work. If none work, clearly state the blocker and provide install/build steps first. + +## Required Decision Rule (Critical) +For every candidate threat/exposure: +1. Decide if it is **pentest-confirmable** — meaning it can be validated via: + - Network request/response behavior (HTTP, TCP, etc.) + - Local CLI invocation with crafted inputs (command injection, path traversal, etc.) + - File system operations (symlink attacks, arbitrary writes, config tampering) + - MCP/stdio protocol interactions (JSON-RPC tool calls with malicious payloads) + - Process spawning behavior (canary file creation, shell metacharacter interpretation) +2. If yes: create one or more CXG templates. For local CLI/codebase threats, templates should use \`subprocess.run()\` or \`subprocess.Popen()\` with \`cwd=target\` to invoke the tool under test. +3. If no (pure governance/process/design gap): do NOT create a template. Instead document it as audit-only guidance: + - Include suggested GuardLink @audit text and @comment text for the relevant asset/file. + - Explain briefly why no pentest template is appropriate. + +## Output and File Operations +1. Create templates under: \`.guardlink/cxg-templates/\` +2. Use meaningful filenames like: + - \`.guardlink/cxg-templates/.yaml\` + - or language variants \`.py\`, \`.js\`, \`.go\`, etc. if needed. +3. Write an index file at \`.guardlink/cxg-templates/README.md\` with: + - generated templates list + - mapping: GuardLink threat/exposure -> template file(s) + - "audit-only / no-template" items with suggested @audit annotations +4. CXG scan output goes to: \`.guardlink/pentest-findings/\` (this is where \`guardlink dashboard\` and \`guardlink threat-report\` read pentest results from). Always tell users to output to this path. +5. Do NOT run CXG CLI or execute generated templates. +6. Keep checks non-destructive. +7. You MAY run \`cxg --help\` and other help/listing commands only for usage discovery. Do not run active scans unless user explicitly asks. + +## CXG Format Contract (from source) +Use the project skeleton contract and examples; mirror field names and structure exactly. + +${templateGuide ? `### TEMPLATE_GUIDE excerpt\n${templateGuide}\n` : ''} +${promptEngine ? `### prompt.rs excerpt\n${promptEngine}\n` : ''} +${yamlSkeleton ? `### YAML skeleton excerpt\n${yamlSkeleton}\n` : ''} +${pythonSkeleton ? `### Python skeleton excerpt\n${pythonSkeleton}\n` : ''} + +## Quality Bar +- Each template must include clear metadata: id/name/author/severity/description/tags/references. +- Detection logic must align to the threat and include concrete matchers/assertions. +- Prefer YAML templates for declarative checks; use code templates where procedural logic is required. +- Avoid placeholder TODO logic. +- Keep template logic scoped to the specific threat confirmation. + +## CXG Engine Contract (Critical — templates MUST follow this) +When CXG runs a Python template, it does NOT pass the target as a CLI argument. +Instead, it sets environment variables and expects JSON on stdout. + +### Target resolution (in main / entry point): +\`\`\`python +target = os.environ.get("CERT_X_GEN_PROJECT_ROOT") or args.target or os.environ.get("CERT_X_GEN_TARGET_HOST") +\`\`\` +- \`CERT_X_GEN_PROJECT_ROOT\`: set for local codebase/CLI targets (absolute path). +- \`CERT_X_GEN_TARGET_HOST\`: set for network targets (hostname/IP). +- The positional \`target\` arg MUST use \`nargs="?"\` (optional) since CXG engine passes no argv. + +### Output contract: +- When \`CERT_X_GEN_MODE == "engine"\` (always true under CXG), print ONLY a JSON array to stdout. +- Output \`[]\` (empty array) when no findings — never print plain text in engine mode. +- Use: \`print(json.dumps(findings, indent=2))\` + +### Environment variables available: +| Variable | Value | +|----------|-------| +| \`CERT_X_GEN_MODE\` | Always \`"engine"\` | +| \`CERT_X_GEN_TARGET_HOST\` | Target address (path for local, hostname for network) | +| \`CERT_X_GEN_TARGET_TYPE\` | \`"local"\` or \`"network"\` | +| \`CERT_X_GEN_PROJECT_ROOT\` | Absolute path (local targets only) | +| \`CERT_X_GEN_TARGET_PORT\` | Port number (network targets, default 80) | + +### Running templates with CXG local scope: +\`\`\`bash +cxg scan --scope local://. --template-dir .guardlink/cxg-templates/ --output .guardlink/pentest-findings/guardlink-pentest --output-format json,sarif,html +\`\`\` + +## CXG Evidence Contract (Critical — findings MUST include rich evidence) +CXG parses finding evidence using specific field names. If these fields are missing or empty, +the output report will show blank evidence — making findings impossible to verify. + +### Required evidence structure in every finding dict: +\`\`\`python +"evidence": { + "request": "", + "response": "", + "matched_patterns": ["", ...], # list of STRINGS (not dicts) — e.g. CWE IDs, indicators found, regex matches + "data": { # arbitrary key-value map for all raw evidence details + "key1": "", + "key2": "", + ... + } +} +\`\`\` + +### Rules for populating evidence: +1. **\`request\`**: MUST contain the exact input that triggered the finding. Examples: + - For CLI injection: the full command with payload (e.g., \`npx guardlink annotate "; touch /tmp/canary"\`) + - For MCP tests: the JSON-RPC request body sent to the tool + - For path traversal: the malicious path used (e.g., \`../../etc/passwd\`) + - For config tamper: the environment variable name and injected value + +2. **\`response\`**: MUST contain the raw output that proves the vulnerability. Examples: + - stdout/stderr excerpt from the command execution (up to 2000 chars) + - The MCP JSON-RPC response content + - File contents read from an unexpected location + - Error messages that reveal injection + +3. **\`matched_patterns\`**: MUST be a list of **strings** (CXG drops non-strings). Include: + - Shell error indicators found (e.g., "sh: command not found") + - Sensitive data patterns matched (e.g., "absolute_paths: 5 found") + - CWE/OWASP identifiers relevant to the finding + - Canary strings that proved exploitation + +4. **\`data\`**: Store ALL evidence key-value pairs here. All values must be strings + (use \`json.dumps()\` to serialize complex objects). This is the catch-all for: + - \`canary_created\`: "true" + - \`exit_code\`: "0" + - \`symlink_path\`: "/path/to/symlink" + - \`traversal_root\`: "/etc" + - \`env_var\`: "GUARDLINK_CXG_ROOT" + +### Helper pattern for \`create_finding\`: +Always use a centralized helper that maps your raw evidence dict into the CXG structure: + +\`\`\`python +def create_finding(self, title, description, evidence): + return { + "template_id": self.id, + "title": title, + "severity": self.severity, + "confidence": self.confidence, + "description": description, + "evidence": { + "request": evidence.get("request") or evidence.get("payload") or evidence.get("rpc_request") or + json.dumps({k: v for k, v in evidence.items() + if k not in ("response", "stdout_excerpt", "stderr_excerpt", + "output_excerpt", "response_snippet", "matched_patterns")}, default=str), + "response": evidence.get("response") or evidence.get("stdout_excerpt") or + evidence.get("stderr_excerpt") or evidence.get("output_excerpt") or + evidence.get("response_snippet") or evidence.get("content_snippet") or "", + "matched_patterns": [p if isinstance(p, str) else + (f"{p.get('type','')}: {p.get('count','?')}" if isinstance(p, dict) else str(p)) + for p in (evidence.get("matched_patterns") or [])], + "data": {k: (v if isinstance(v, str) else json.dumps(v, default=str)) + for k, v in evidence.items()}, + }, + "cwe": self.cwe, + "tags": self.tags, + "remediation": "...", + } +\`\`\` + +### What to capture as evidence for each template type: +| Template type | request | response | matched_patterns | +|---|---|---|---| +| CLI injection | Full CLI command with payload | stdout + stderr (first 2000 chars) | Shell indicators, canary proof | +| MCP tool call | JSON-RPC request body | JSON-RPC response body | Sensitive data types found | +| Path traversal | Traversal path used | File/dir content from outside project | Path indicators (/etc, /tmp) | +| Config tamper | Env var name + injected value | Command output with canary | Canary string match | +| Prompt injection | Injected prompt text | LLM/agent output text | Injection markers found | +| Arbitrary write | Symlink/path payload | guardlink clear output showing external files | External paths listed | + +### NEVER do this: +- Do NOT pass raw evidence dicts without the CXG structure — CXG will show empty evidence fields. +- Do NOT put dicts or lists in \`matched_patterns\` — CXG drops non-string entries silently. +- Do NOT skip evidence collection — a finding without evidence is unverifiable. + +## Python Template Boilerplate (MUST use this structure) +Every Python template you create MUST follow this exact \`main()\` structure: + +\`\`\`python +def main(): + parser = argparse.ArgumentParser(description="...") + parser.add_argument("target", nargs="?", help="Project root or target host") + parser.add_argument("--port", type=int, default=0) + parser.add_argument("--json", action="store_true") + args = parser.parse_args() + + template = CertXGenTemplate() + target = os.environ.get("CERT_X_GEN_PROJECT_ROOT") or args.target or os.environ.get("CERT_X_GEN_TARGET_HOST") + if not target: + parser.error("target is required (positional, CERT_X_GEN_PROJECT_ROOT, or CERT_X_GEN_TARGET_HOST)") + + findings = template.execute(target, args.port) + if args.json or os.environ.get("CERT_X_GEN_MODE") == "engine": + print(json.dumps(findings, indent=2)) + elif findings: + for f in findings: + print(f"[{f['severity'].upper()}] {f['title']}") + print(f" {f['description']}") + print() + else: + print("No findings detected.") + +if __name__ == "__main__": + main() +\`\`\` + +Key rules: +- \`target\` positional arg uses \`nargs="?"\` — CXG engine does NOT pass target as argv. +- Target resolution order: \`CERT_X_GEN_PROJECT_ROOT\` > \`args.target\` > \`CERT_X_GEN_TARGET_HOST\`. +- When \`CERT_X_GEN_MODE == "engine"\`, ALWAYS output JSON (even if \`--json\` is not set). +- Output \`[]\` (empty JSON array) when no findings — never plain text in engine mode. +- For local/CLI templates, use \`target\` as \`cwd\` in \`subprocess.run()\` / \`subprocess.Popen()\` calls. + +## Final Response Format +After writing files, return: +1. A short "Generated templates" list with file paths. +2. A short "Audit-only (no template)" list with recommended GuardLink @audit/@comment text. +3. A "How to run these templates with CXG" section with these **exact steps**: + + **Step 1 — Prerequisites:** + \`\`\`bash + cxg --version # Verify CXG is installed (expect v1.1.0+) + python3 --version # Python 3.8+ required for template execution + ls .guardlink/cxg-templates/*.py # Verify templates were created + \`\`\` + + **Step 2 — Validate templates:** + \`\`\`bash + cxg template validate .guardlink/cxg-templates/ --recursive + \`\`\` + + **Step 3 — Create output directory and run scan using local scope (for CLI/codebase targets):** + \`\`\`bash + mkdir -p .guardlink/pentest-findings + cxg scan \\ + --scope local://. \\ + --template-dir .guardlink/cxg-templates/ \\ + --template-language python \\ + --output .guardlink/pentest-findings/guardlink-pentest \\ + --output-format json,sarif,html + \`\`\` + The \`local://.\` scope tells CXG this is a local codebase target. CXG will set + \`CERT_X_GEN_PROJECT_ROOT\` to the absolute path of the current directory and + \`CERT_X_GEN_TARGET_TYPE=local\`, so templates receive the correct project root. + + Output is stored in \`.guardlink/pentest-findings/\` so that \`guardlink dashboard\` + and \`guardlink threat-report\` automatically pick up the results. + + **Step 3b — Run scan using network scope (for HTTP/API targets):** + \`\`\`bash + cxg scan \\ + --scope https://api.example.com \\ + --template-dir .guardlink/cxg-templates/ \\ + --output .guardlink/pentest-findings/guardlink-pentest \\ + --output-format json,sarif,html + \`\`\` + + **Step 4 — Run with verbose output for debugging:** + \`\`\`bash + cxg -vv scan \\ + --scope local://. \\ + --template-dir .guardlink/cxg-templates/ \\ + --output .guardlink/pentest-findings/guardlink-pentest \\ + --output-format json,sarif,html + \`\`\` + + **Step 5 — Run individual templates standalone (without CXG):** + \`\`\`bash + python3 .guardlink/cxg-templates/.py . --json + \`\`\` + + **Expected output artifacts (in \`.guardlink/pentest-findings/\`):** + - \`guardlink-pentest.json\` — JSON with scan_id, findings array, statistics + - \`guardlink-pentest.sarif\` — SARIF 2.1.0 for GitHub Advanced Security / CI integration + - \`guardlink-pentest.html\` — Human-readable HTML report + - Each finding includes: template_id, severity, title, description, evidence (with request, response, matched_patterns, data), remediation + - **Evidence must be populated** — a finding with empty evidence (null request, null response, empty data) is a template bug + - These files are automatically consumed by \`guardlink dashboard\` (Pentest Findings tab) and \`guardlink threat-report\` (pentest context) + + **Troubleshooting:** + | Issue | Fix | + |---|---| + | \`target is required\` error | Template is missing \`nargs="?"\` on target arg — engine uses env vars, not argv | + | \`JSON parse error\` | Template prints non-JSON text to stdout in engine mode — wrap all output in \`json.dumps()\` | + | \`Operation timed out\` | Template takes >30s; add \`--timeout 60s\` to scan command | + | All templates show 0 findings | Run with \`-vv\` to check for WARN lines; ensure \`local://.\` scope is used for CLI templates | + | \`guardlink CLI not found\` | Run \`npm install\` in the project root first | + | Evidence fields are null/empty | Template is passing raw dict without CXG structure — use the \`create_finding\` helper pattern from the Evidence Contract section | + +4. A "What to expect" section that explains: + - what a positive finding looks like (JSON with template_id, severity, evidence) + - what a negative/no-finding run means (code is secure against those specific checks) + - false-positive caveats and manual verification guidance +5. Any assumptions requiring human review.`; +} + +/** + * Build a prompt for answering freeform user questions about the codebase + * and GuardLink threat model. + */ +export function buildAskPrompt( + userQuery: string, + root: string, + model: ThreatModel | null, +): string { + let modelSummary = 'No threat model parsed yet.'; + let idSummary = ''; + let exposureSummary = ''; + if (model) { + modelSummary = `Current model: ${model.annotations_parsed} annotations, ${model.exposures.length} exposures, ${(model.confirmed || []).length} confirmed, ${model.mitigations.length} mitigations, ${model.assets.length} assets, ${model.threats.length} threats, ${model.flows.length} flows.`; + + const assetIds = model.assets.filter(a => a.id).slice(0, 30).map(a => `#${a.id}`); + const threatIds = model.threats.filter(t => t.id).slice(0, 30).map(t => `#${t.id}`); + const controlIds = model.controls.filter(c => c.id).slice(0, 30).map(c => `#${c.id}`); + const idLines: string[] = []; + if (assetIds.length) idLines.push(`Assets: ${assetIds.join(', ')}`); + if (threatIds.length) idLines.push(`Threats: ${threatIds.join(', ')}`); + if (controlIds.length) idLines.push(`Controls: ${controlIds.join(', ')}`); + if (idLines.length) idSummary = `\n\nKnown IDs:\n${idLines.join('\n')}`; + + const unmitigated = model.exposures.filter((e) => + !model.mitigations.some((m) => m.asset === e.asset && m.threat === e.threat) + ); + if (unmitigated.length > 0) { + const lines = unmitigated.slice(0, 25).map((e) => + `- ${e.asset} -> ${e.threat} [${e.severity || 'unrated'}] (${e.location.file}:${e.location.line})` + ); + exposureSummary = `\n\nOpen unmitigated exposures:\n${lines.join('\n')}`; + if (unmitigated.length > 25) { + exposureSummary += `\n- ... and ${unmitigated.length - 25} more`; + } + } + } + + return `You are a senior AppSec engineer answering questions about a GuardLink-instrumented codebase. + +## Project Root +${root} + +## Current Threat Model Context +${modelSummary}${idSummary}${exposureSummary} + +## User Question +${userQuery} + +## Required Method +1. Read relevant source files and configs before answering. +2. Use GuardLink annotations as guidance, but verify with actual code. +3. If the question asks about a specific area (e.g. admin portal, API, auth), trace entry points, data flows, and related threats. +4. If information is missing or ambiguous, say so clearly and list what was checked. +5. Never invent endpoints, threats, or controls. -7. **Fix any validation errors** before finishing — especially dangling refs and malformed syntax. +## Output Format +- Provide a direct answer first. +- Then include concise evidence: + - files/components examined + - relevant threats/exposures/controls + - important gaps or unknowns +- If asked "do we have X threats," include counts and examples with file paths. `; } diff --git a/src/analyze/index.ts b/src/analyze/index.ts index 22ca41e..617bb2e 100644 --- a/src/analyze/index.ts +++ b/src/analyze/index.ts @@ -360,6 +360,12 @@ export function serializeModel(model: ThreatModel): string { description: e.description, file: e.location.file, line: e.location.line, })); + if (model.confirmed.length) compact.confirmed = model.confirmed.map(c => ({ + threat: c.threat, asset: c.asset, severity: c.severity, + refs: c.external_refs.length ? c.external_refs : undefined, + description: c.description, + file: c.location.file, line: c.location.line, + })); if (model.acceptances.length) compact.acceptances = model.acceptances.map(a => ({ asset: a.asset, threat: a.threat, description: a.description, file: a.location.file, line: a.location.line, @@ -453,7 +459,7 @@ export function serializeModelCompact(model: ThreatModel): string { const compact: Record = { project: model.project, - summary: `${model.annotations_parsed} annotations, ${model.assets.length} assets, ${model.threats.length} threats, ${model.controls.length} controls, ${model.exposures.length} exposures (${unmitigated.length} unmitigated), ${model.mitigations.length} mitigations`, + summary: `${model.annotations_parsed} annotations, ${model.assets.length} assets, ${model.threats.length} threats, ${model.controls.length} controls, ${model.exposures.length} exposures (${unmitigated.length} unmitigated), ${model.confirmed.length} confirmed, ${model.mitigations.length} mitigations`, severity_breakdown: sevCounts, }; @@ -523,8 +529,10 @@ export async function generateThreatReport(opts: ThreatReportOptions): Promise #llm-client via readFileSync -- "Reads CXG scan results for dashboard and report context" + * @handles internal on #llm-client -- "Processes pentest scan output (JSON/SARIF)" + */ + +export interface PentestFinding { + id: string; + target: string; + template_id: string; + severity: string; + confidence: number; + title: string; + description: string; + evidence: { + request: string | null; + response: string | null; + matched_patterns: string[]; + data: Record; + timestamp?: string; + }; + cve_ids: string[]; + cwe_ids: string[]; + cvss_score: number | null; + remediation: string; + references: string[]; + tags: string[]; + timestamp: string; +} + +export interface PentestScanResult { + scan_id: string; + started_at: string; + completed_at: string; + findings: PentestFinding[]; + statistics: { + targets_scanned: number; + templates_executed: number; + findings_by_severity: Record; + success_rate: number; + duration?: { secs: number; nanos: number }; + }; + source_file: string; +} + +export interface PentestTemplate { + filename: string; + id: string; + tags: string[]; + severity: string; + language: string; +} + +export interface PentestData { + scans: PentestScanResult[]; + templates: PentestTemplate[]; + totalFindings: number; + findingsBySeverity: Record; +} + +const PENTEST_FINDINGS_DIR = 'pentest-findings'; +const CXG_TEMPLATES_DIR = 'cxg-templates'; + +/** + * Load pentest findings from .guardlink/pentest-findings/ and template + * metadata from .guardlink/cxg-templates/. + * + * @mitigates #llm-client against #path-traversal using #path-validation -- "join() constrains reads to .guardlink/" + */ +export function loadPentestData(root: string): PentestData { + const data: PentestData = { scans: [], templates: [], totalFindings: 0, findingsBySeverity: {} }; + + // Load scan results (JSON files) + const findingsDir = join(root, '.guardlink', PENTEST_FINDINGS_DIR); + if (existsSync(findingsDir)) { + try { + const files = readdirSync(findingsDir).filter(f => f.endsWith('.json')); + for (const file of files) { + try { + const raw = readFileSync(join(findingsDir, file), 'utf-8'); + const parsed = JSON.parse(raw); + if (parsed.findings && Array.isArray(parsed.findings)) { + data.scans.push({ ...parsed, source_file: file }); + data.totalFindings += parsed.findings.length; + for (const f of parsed.findings) { + const sev = (f.severity || 'unknown').toLowerCase(); + data.findingsBySeverity[sev] = (data.findingsBySeverity[sev] || 0) + 1; + } + } + } catch { /* skip malformed JSON */ } + } + } catch { /* dir not readable */ } + } + + // Also check repo root for legacy guardlink-pentest.json + for (const name of ['guardlink-pentest.json']) { + const rootFile = join(root, name); + if (existsSync(rootFile)) { + try { + const raw = readFileSync(rootFile, 'utf-8'); + const parsed = JSON.parse(raw); + if (parsed.findings && Array.isArray(parsed.findings)) { + const alreadyLoaded = data.scans.some(s => s.scan_id === parsed.scan_id); + if (!alreadyLoaded) { + data.scans.push({ ...parsed, source_file: name }); + data.totalFindings += parsed.findings.length; + for (const f of parsed.findings) { + const sev = (f.severity || 'unknown').toLowerCase(); + data.findingsBySeverity[sev] = (data.findingsBySeverity[sev] || 0) + 1; + } + } + } + } catch { /* skip */ } + } + } + + // Sort scans newest first + data.scans.sort((a, b) => (b.completed_at || '').localeCompare(a.completed_at || '')); + + // Load template metadata from .guardlink/cxg-templates/ + const templatesDir = join(root, '.guardlink', CXG_TEMPLATES_DIR); + if (existsSync(templatesDir)) { + try { + const files = readdirSync(templatesDir).filter(f => + f.endsWith('.py') || f.endsWith('.yaml') || f.endsWith('.yml') || + f.endsWith('.go') || f.endsWith('.rs') || f.endsWith('.js') || f.endsWith('.sh') + ); + for (const file of files) { + try { + const raw = readFileSync(join(templatesDir, file), 'utf-8'); + const ext = file.split('.').pop() || ''; + const idMatch = raw.match(/id[:\s]*["']?([a-z0-9_-]+)["']?/i); + const sevMatch = raw.match(/severity[:\s]*["']?(critical|high|medium|low|info)["']?/i); + const tagsMatch = raw.match(/tags[:\s]*\[([^\]]*)\]/); + data.templates.push({ + filename: file, + id: idMatch?.[1] || file.replace(/\.[^.]+$/, ''), + severity: sevMatch?.[1] || 'medium', + language: ext === 'py' ? 'python' : ext === 'yml' || ext === 'yaml' ? 'yaml' : ext, + tags: tagsMatch?.[1] + ? tagsMatch[1].split(',').map(t => t.trim().replace(/["']/g, '')).filter(Boolean) + : [], + }); + } catch { /* skip unreadable */ } + } + } catch { /* dir not readable */ } + } + + return data; +} + +/** + * Serialize pentest findings into a compact text summary for LLM context. + */ +export function serializePentestFindings(data: PentestData): string { + if (data.scans.length === 0 && data.templates.length === 0) return ''; + + const lines: string[] = ['## Pentest Findings (CXG Scan Results)', '']; + + if (data.templates.length > 0) { + lines.push(`### Templates (${data.templates.length})`); + for (const t of data.templates) { + lines.push(`- ${t.id} [${t.severity}] (${t.language}) — ${t.tags.slice(0, 5).join(', ')}`); + } + lines.push(''); + } + + if (data.scans.length > 0) { + lines.push(`### Scan Results (${data.totalFindings} findings across ${data.scans.length} scan(s))`); + const sevSummary = Object.entries(data.findingsBySeverity) + .sort(([, a], [, b]) => b - a) + .map(([sev, count]) => `${sev}: ${count}`) + .join(', '); + if (sevSummary) lines.push(`Severity breakdown: ${sevSummary}`); + lines.push(''); + + for (const scan of data.scans) { + lines.push(`#### Scan ${scan.scan_id.slice(0, 8)} (${scan.completed_at?.slice(0, 19) || 'unknown'}) — ${scan.source_file}`); + lines.push(`Templates executed: ${scan.statistics?.templates_executed || '?'} | Success rate: ${((scan.statistics?.success_rate || 0) * 100).toFixed(0)}%`); + lines.push(''); + + for (const f of scan.findings) { + lines.push(`**[${f.severity.toUpperCase()}] ${f.title}** (${f.template_id})`); + lines.push(` CWE: ${f.cwe_ids.join(', ') || 'none'} | Confidence: ${f.confidence}%`); + lines.push(` ${f.description}`); + if (f.evidence?.request) lines.push(` Request: ${String(f.evidence.request).slice(0, 300)}`); + if (f.evidence?.response) lines.push(` Response: ${String(f.evidence.response).slice(0, 300)}`); + if (f.evidence?.matched_patterns?.length) lines.push(` Patterns: ${f.evidence.matched_patterns.join(', ')}`); + lines.push(` Remediation: ${f.remediation}`); + lines.push(''); + } + } + } + + return lines.join('\n'); +} diff --git a/src/analyze/prompts.ts b/src/analyze/prompts.ts index e2a48fe..b961673 100644 --- a/src/analyze/prompts.ts +++ b/src/analyze/prompts.ts @@ -29,12 +29,17 @@ You will receive: 1. **Project context** — language/framework, dependencies, deployment signals (Dockerfile, CI config, etc.) 2. **Annotation graph** — structured security metadata extracted from source code comments (GuardLink annotations) 3. **Code snippets** — the actual source lines surrounding each annotation, so you can validate what developers claimed +4. **Pentest findings** (if available) — actual CXG (CERT-X-GEN) scan results from automated security testing, including confirmed vulnerabilities with evidence, severity, CWE mappings, and remediation guidance ## How to use these inputs - Treat annotations as **developer hypotheses**, not ground truth. Validate them against the code snippets. - Use the project context to reason about the **real attack surface** — what frameworks introduce, what dependencies are known-vulnerable, what the deployment model exposes. - **Identify gaps**: what is NOT annotated but should be? Look at unannotated symbols, data flows with no security coverage, and dependency-level risks. +- If **pentest findings** are provided, treat them as **empirical evidence** — these are confirmed or high-confidence vulnerabilities found by automated security templates. Cross-reference findings against annotations: which @exposes are now validated? Recommend adding @confirmed in code where verification is definitive. Which threats have actual evidence? Are there findings for threats that were NOT annotated? +- Pentest findings with high confidence (>70%) and evidence (request + response) should be treated as **confirmed exploitable** unless the evidence clearly shows a false positive. +- If the annotation graph includes **@confirmed** rows, treat them as **already verified** — prioritize them in executive summary and remediation ordering alongside pentest JSON evidence. +- Include a dedicated **Pentest Results** section in your report that summarizes confirmed findings, correlates them with the threat model, and highlights any new attack vectors discovered by scanning. - Produce a threat model a **security team could hand to an auditor** — specific, evidence-based, and actionable. ## Annotation semantics @@ -44,6 +49,7 @@ You will receive: - **@control** — a security mechanism in place - **@mitigates** — a real control exists in code defending an asset against a threat. This is a genuine defense. - **@exposes** — a known vulnerability: this asset is exposed to this threat +- **@confirmed** — the threat was **verified** exploitable (pentest, scan with evidence, or manual reproduction). Treat as ground truth for that finding, not a hypothesis. Distinct from @exposes (theoretical) and @accepts (governance). - **@accepts** — risk acknowledged but **NO control in code**. This is a governance decision, not a technical fix. - **@flows** — data movement between components - **@boundary** — a trust boundary between security zones @@ -57,6 +63,7 @@ You will receive: - Treat accepted-but-unmitigated exposures as **OPEN RISKS**, not resolved findings. - If a code snippet contradicts its annotation (e.g., a @mitigates annotation but the code shows no actual check), flag the annotation as **potentially inaccurate**. - Challenge accepted risks: "You accepted this — is that reasonable given the severity and blast radius?" +- Distinguish **pentest-confirmable threats** from **governance/design-only gaps**. Pentest-confirmable issues should include concrete validation ideas; governance/design-only risks should be called out explicitly as **audit-required** items with suggested @audit/@comment annotations instead of fake exploit claims. - Always reference **specific files, assets, and threat IDs** from the model. Never give generic advice. ## Output structure @@ -308,7 +315,8 @@ Top 5–10 items the team should act on, ordered by risk. For each: one-line des /** * Build the user message containing the serialized threat model, - * optional project context, and optional code snippets. + * optional project context, optional code snippets, and optional + * pentest findings from CXG scans. */ export function buildUserMessage( modelJson: string, @@ -316,6 +324,7 @@ export function buildUserMessage( customPrompt?: string, projectContext?: string, codeSnippets?: string, + pentestFindings?: string, ): string { const header = customPrompt ? `Use these annotations as input to produce a threat model. Additional focus: ${customPrompt}` @@ -341,5 +350,12 @@ export function buildUserMessage( parts.push(''); } + if (pentestFindings) { + parts.push(''); + parts.push(''); + parts.push(pentestFindings); + parts.push(''); + } + return parts.join('\n'); } diff --git a/src/analyzer/sarif.ts b/src/analyzer/sarif.ts index a172da6..15fbdb1 100644 --- a/src/analyzer/sarif.ts +++ b/src/analyzer/sarif.ts @@ -9,8 +9,9 @@ * * We emit results for: * 1. Unmitigated exposures (the primary security findings) - * 2. Parse errors (annotation syntax problems) - * 3. Dangling references (broken #id refs) + * 2. @confirmed verified exploitable annotations (always error-level) + * 3. Parse errors (annotation syntax problems) + * 4. Dangling references (broken #id refs) * * @exposes #sarif to #data-exposure [low] cwe:CWE-200 -- "Exposes threat model findings to SARIF consumers" * @audit #sarif -- "SARIF output intentionally reveals security findings for CI/CD integration" @@ -90,6 +91,14 @@ const RULES: SarifRule[] = [ helpUri: 'https://guardlink.bugb.io/docs/exposures', defaultConfiguration: { level: 'error' }, }, + { + id: 'guardlink/confirmed-exploitable', + name: 'ConfirmedExploitable', + shortDescription: { text: 'Threat verified exploitable through testing' }, + fullDescription: { text: 'A @confirmed annotation marks this threat as verified through pentest, scanning, or manual reproduction. This is not a false positive and requires immediate remediation.' }, + helpUri: 'https://guardlink.bugb.io/docs/confirmed', + defaultConfiguration: { level: 'error' }, + }, { id: 'guardlink/parse-error', name: 'AnnotationParseError', @@ -163,6 +172,25 @@ export function generateSarif( }); } + // ── Confirmed exploitable ── + for (const c of (model.confirmed || [])) { + const threat = c.threat.startsWith('#') ? c.threat.slice(1) : c.threat; + const desc = c.description ? `: ${c.description}` : ''; + + results.push({ + ruleId: 'guardlink/confirmed-exploitable', + level: 'error', + message: { text: `CONFIRMED: ${c.asset} exploitable via ${threat}${desc}` }, + locations: [locationFrom(c.location.file, c.location.line)], + properties: { + severity: c.severity || 'unset', + asset: c.asset, + threat: c.threat, + ...(c.external_refs.length > 0 ? { externalRefs: c.external_refs } : {}), + }, + }); + } + // ── Parse errors ── if (includeDiagnostics) { for (const d of diagnostics) { diff --git a/src/cli/index.ts b/src/cli/index.ts index ec93948..14cbeaf 100644 --- a/src/cli/index.ts +++ b/src/cli/index.ts @@ -13,6 +13,8 @@ * guardlink sarif [dir] Export SARIF 2.1.0 for GitHub / VS Code * guardlink threat-report AI-powered threat analysis (STRIDE, DREAD, PASTA, etc.) * guardlink threat-reports List saved AI threat reports + * guardlink translate [prompt] Generate CERT-X-GEN pentest templates from threats + * guardlink ask Ask questions about threats and codebase context * guardlink annotate Launch coding agent to add annotations * guardlink config Manage LLM provider configuration * guardlink dashboard [dir] Generate interactive HTML dashboard @@ -39,15 +41,15 @@ import { Command } from 'commander'; import { resolve, basename } from 'node:path'; import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'node:fs'; -import { parseProject, findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures, clearAnnotations } from '../parser/index.js'; +import { parseProject, findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures, clearAnnotations, listFeatures, filterByFeature, getFeatureSummaries } from '../parser/index.js'; import { initProject, detectProject, promptAgentSelection, syncAgentFiles } from '../init/index.js'; import { generateReport, generateMermaid } from '../report/index.js'; import { diffModels, formatDiff, formatDiffMarkdown, parseAtRef, getCurrentRef } from '../diff/index.js'; import { generateSarif } from '../analyzer/index.js'; import { startStdioServer } from '../mcp/index.js'; -import { generateThreatReport, listThreatReports, loadThreatReportsForDashboard, buildConfig, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, serializeModel, buildUserMessage, type AnalysisFramework } from '../analyze/index.js'; +import { generateThreatReport, listThreatReports, loadThreatReportsForDashboard, loadPentestData, serializePentestFindings, buildConfig, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, serializeModel, buildUserMessage, type AnalysisFramework } from '../analyze/index.js'; import { generateDashboardHTML } from '../dashboard/index.js'; -import { AGENTS, agentFromOpts, launchAgent, launchAgentInline, buildAnnotatePrompt } from '../agents/index.js'; +import { AGENTS, agentFromOpts, launchAgent, launchAgentInline, buildAnnotatePrompt, buildTranslatePrompt, buildAskPrompt } from '../agents/index.js'; import { resolveConfig, saveProjectConfig, saveGlobalConfig, loadProjectConfig, loadGlobalConfig, maskKey, describeConfigSource } from '../agents/config.js'; import { getReviewableExposures, applyReviewAction, formatExposureForReview, summarizeReview, type ReviewResult } from '../review/index.js'; import { populateMetadata, mergeReports, formatMergeSummary, diffMergedReports, formatDiffSummary, linkProject, addToWorkspace, removeFromWorkspace } from '../workspace/index.js'; @@ -211,9 +213,17 @@ program .argument('[dir]', 'Project directory to scan', '.') .option('-p, --project ', 'Project name', 'unknown') .option('--not-annotated', 'List source files with no GuardLink annotations') - .action(async (dir: string, opts: { project: string; notAnnotated?: boolean }) => { + .option('--feature ', 'Filter status to specific feature(s) (comma-separated)') + .action(async (dir: string, opts: { project: string; notAnnotated?: boolean; feature?: string }) => { const root = resolve(dir); - const { model, diagnostics } = await parseProject({ root, project: opts.project }); + let { model, diagnostics } = await parseProject({ root, project: opts.project }); + + // Apply feature filter if specified + if (opts.feature) { + const featureNames = opts.feature.split(',').map(s => s.trim()); + model = filterByFeature(model, featureNames); + console.log(`Filtered to feature(s): ${featureNames.map(f => `"${f}"`).join(', ')}\n`); + } printDiagnostics(diagnostics); printStatus(model); @@ -273,6 +283,13 @@ program } } + if ((model.confirmed || []).length > 0) { + console.error(`\n🔴 ${model.confirmed.length} confirmed exploitable finding(s) — verified, not false positives:`); + for (const c of model.confirmed) { + console.error(` ${c.asset} ← ${c.threat} [${c.severity || 'unset'}] (${c.location.file}:${c.location.line})`); + } + } + const errorCount = allDiags.filter(d => d.level === 'error').length; const hasUnmitigated = unmitigated.length > 0; @@ -307,9 +324,17 @@ program .option('-f, --format ', 'Output format: md, json, or both (default: md)', 'md') .option('--diagram-only', 'Output only the Mermaid diagram, no report wrapper') .option('--json', 'Also output threat-model.json alongside the report (legacy; prefer --format)') - .action(async (dir: string, opts: { project: string; output?: string; format: string; diagramOnly?: boolean; json?: boolean }) => { + .option('--feature ', 'Filter report to specific feature(s) (comma-separated)') + .action(async (dir: string, opts: { project: string; output?: string; format: string; diagramOnly?: boolean; json?: boolean; feature?: string }) => { const root = resolve(dir); - const { model, diagnostics } = await parseProject({ root, project: opts.project }); + let { model, diagnostics } = await parseProject({ root, project: opts.project }); + + // Apply feature filter if specified + if (opts.feature) { + const featureNames = opts.feature.split(',').map(s => s.trim()); + model = filterByFeature(model, featureNames); + console.error(`Filtered to feature(s): ${featureNames.map(f => `"${f}"`).join(', ')}`); + } // Show errors if any const errors = diagnostics.filter(d => d.level === 'error'); @@ -321,6 +346,18 @@ program // Enrich with provenance metadata (git SHA, branch, workspace, schema version) const enrichedModel = populateMetadata(model, root); + // Load project description from .guardlink/prompt.md if it exists + try { + const { readFile } = await import('node:fs/promises'); + const promptPath = resolve(root, '.guardlink', 'prompt.md'); + const promptContent = await readFile(promptPath, 'utf-8'); + if (promptContent.trim()) { + enrichedModel.prompt = promptContent.trim(); + } + } catch { + // No prompt file — that's fine, report will use annotation-derived overview + } + if (opts.diagramOnly) { // Just output Mermaid const mermaid = generateMermaid(enrichedModel); @@ -501,8 +538,11 @@ program const { buildProjectContext, extractCodeSnippets } = await import('../analyze/index.js'); const projectContext = buildProjectContext(root); const codeSnippets = extractCodeSnippets(root, model); + const pentestData = loadPentestData(root); + const pentestContext = serializePentestFindings(pentestData); const systemPrompt = FRAMEWORK_PROMPTS[fw]; - const userMessage = buildUserMessage(serialized, fw, customPrompt, projectContext || undefined, codeSnippets || undefined); + const userMessage = buildUserMessage(serialized, fw, customPrompt, projectContext || undefined, codeSnippets || undefined, pentestContext || undefined); + const hasPentest = pentestData.totalFindings > 0; const analysisPrompt = `You are analyzing a codebase with GuardLink security annotations. You have access to the full source code in the current directory. @@ -520,7 +560,8 @@ ${userMessage} 3. Produce the full report as markdown 4. Be specific — reference actual files, functions, and line numbers from the codebase 5. Output ONLY the markdown report content — do NOT add any metadata comments, save confirmations, or file path messages -6. Do NOT include lines like "Generated by...", "Agent:", "Project:", or "The report file write was blocked..."`; +6. Do NOT include lines like "Generated by...", "Agent:", "Project:", or "The report file write was blocked..."${hasPentest ? ` +7. The section contains CONFIRMED vulnerabilities from automated CXG security scans with real evidence. Cross-reference these against the threat model — mark confirmed findings as exploitable, identify which @exposes are now validated, and include a dedicated "Pentest Results" section summarizing all confirmed findings with their evidence and remediation guidance` : ''}`; // Resolve agent: explicit flag > project config CLI agent let agent = agentFromOpts(opts); @@ -743,6 +784,192 @@ program } }); +// ─── translate ─────────────────────────────────────────────────────── + +program + .command('translate') + .description('Translate GuardLink threats into CERT-X-GEN pentest templates (generation only, no execution)') + .argument('[prompt...]', 'Optional translation instructions') + .option('-d, --dir ', 'Project directory', '.') + .option('-p, --project ', 'Project name', 'unknown') + .option('--claude-code', 'Launch Claude Code in foreground') + .option('--codex', 'Launch Codex CLI in foreground') + .option('--gemini', 'Launch Gemini CLI in foreground') + .option('--cursor', 'Open Cursor IDE with prompt on clipboard') + .option('--windsurf', 'Open Windsurf IDE with prompt on clipboard') + .option('--clipboard', 'Copy translation prompt to clipboard only') + .option('--feature ', 'Filter to specific feature(s) (comma-separated)') + .action(async (promptParts: string[], opts: { + dir: string; project: string; + claudeCode?: boolean; codex?: boolean; gemini?: boolean; + cursor?: boolean; windsurf?: boolean; clipboard?: boolean; + feature?: string; + }) => { + const root = resolve(opts.dir); + const project = detectProjectName(root, opts.project); + const userPrompt = promptParts.join(' ').trim(); + + let { model, diagnostics } = await parseProject({ root, project }); + + // Apply feature filter if specified + if (opts.feature) { + const featureNames = opts.feature.split(',').map(s => s.trim()); + model = filterByFeature(model, featureNames); + console.error(`Filtered to feature(s): ${featureNames.map(f => `"${f}"`).join(', ')}`); + } + const errors = diagnostics.filter(d => d.level === 'error'); + if (errors.length > 0) printDiagnostics(errors); + + if (model.annotations_parsed === 0) { + console.error('No annotations found. Run: guardlink init . && add annotations first.'); + process.exit(1); + } + + // Build translate prompt + const fullPrompt = buildTranslatePrompt(userPrompt, root, model); + + // Resolve agent: explicit flag > project config > default (Claude Code) + let agent = agentFromOpts(opts); + if (!agent) { + const projCfg = loadProjectConfig(root); + if (projCfg?.aiMode === 'cli-agent' && projCfg?.cliAgent) { + agent = AGENTS.find(a => a.id === projCfg.cliAgent) || null; + } + if (!agent) { + agent = AGENTS.find(a => a.id === 'claude-code') || null; + } + } + + if (!agent) { + console.error('No agent available. Use one of:'); + for (const a of AGENTS) { + console.error(` ${a.flag.padEnd(16)} ${a.name}`); + } + process.exit(1); + } + + console.log(`Launching ${agent.name} for CXG template translation...`); + console.log(`Threat model: ${model.annotations_parsed} annotations, ${model.exposures.length} exposures`); + if (agent.cmd) { + console.log(`${agent.name} will take over this terminal. Exit the agent to return.\n`); + } + + const result = launchAgent(agent, fullPrompt, root); + + if (result.clipboardCopied) { + console.log(`✓ Prompt copied to clipboard (${fullPrompt.length.toLocaleString()} chars)`); + } + + if (result.error) { + console.error(`✗ ${result.error}`); + if (result.clipboardCopied) { + console.log('Prompt is on your clipboard — paste it manually.'); + } + process.exit(1); + } + + if (agent.cmd && result.launched) { + console.log(`\n✓ ${agent.name} session ended.`); + console.log(' Expected output location: .guardlink/cxg-templates/'); + console.log(' Note: Templates are generated only, not executed.'); + } else if (agent.app && result.launched) { + console.log(`✓ ${agent.name} launched with project: ${project}`); + console.log('\nPaste (Cmd+V) the prompt in the AI chat panel.'); + console.log('When done, review .guardlink/cxg-templates/'); + } else if (agent.id === 'clipboard') { + console.log('\nPaste the prompt into your preferred AI tool.'); + console.log('When done, review .guardlink/cxg-templates/'); + } + }); + +// ─── ask ───────────────────────────────────────────────────────────── + +program + .command('ask') + .description('Ask questions about this project, its threat model, and security posture') + .argument('[query...]', 'Question to answer') + .option('-d, --dir ', 'Project directory', '.') + .option('-p, --project ', 'Project name', 'unknown') + .option('--claude-code', 'Launch Claude Code in foreground') + .option('--codex', 'Launch Codex CLI in foreground') + .option('--gemini', 'Launch Gemini CLI in foreground') + .option('--cursor', 'Open Cursor IDE with prompt on clipboard') + .option('--windsurf', 'Open Windsurf IDE with prompt on clipboard') + .option('--clipboard', 'Copy ask prompt to clipboard only') + .action(async (queryParts: string[], opts: { + dir: string; project: string; + claudeCode?: boolean; codex?: boolean; gemini?: boolean; + cursor?: boolean; windsurf?: boolean; clipboard?: boolean; + }) => { + const root = resolve(opts.dir); + const project = detectProjectName(root, opts.project); + const query = queryParts.join(' ').trim(); + + if (!query) { + console.error('Usage: guardlink ask "" [--claude-code|--codex|--gemini|--cursor|--windsurf|--clipboard]'); + process.exit(1); + } + + // Parse model if available; allow questions even for lightly-annotated projects + let model: ThreatModel | null = null; + try { + const parsed = await parseProject({ root, project }); + model = parsed.model; + } catch { + model = null; + } + + const fullPrompt = buildAskPrompt(query, root, model); + + // Resolve agent: explicit flag > project config > default (Claude Code) + let agent = agentFromOpts(opts); + if (!agent) { + const projCfg = loadProjectConfig(root); + if (projCfg?.aiMode === 'cli-agent' && projCfg?.cliAgent) { + agent = AGENTS.find(a => a.id === projCfg.cliAgent) || null; + } + if (!agent) { + agent = AGENTS.find(a => a.id === 'claude-code') || null; + } + } + + if (!agent) { + console.error('No agent available. Use one of:'); + for (const a of AGENTS) { + console.error(` ${a.flag.padEnd(16)} ${a.name}`); + } + process.exit(1); + } + + console.log(`Launching ${agent.name} for question answering...`); + if (agent.cmd) { + console.log(`${agent.name} will take over this terminal. Exit the agent to return.\n`); + } + + const result = launchAgent(agent, fullPrompt, root); + + if (result.clipboardCopied) { + console.log(`✓ Prompt copied to clipboard (${fullPrompt.length.toLocaleString()} chars)`); + } + + if (result.error) { + console.error(`✗ ${result.error}`); + if (result.clipboardCopied) { + console.log('Prompt is on your clipboard — paste it manually.'); + } + process.exit(1); + } + + if (agent.cmd && result.launched) { + console.log(`\n✓ ${agent.name} session ended.`); + } else if (agent.app && result.launched) { + console.log(`✓ ${agent.name} launched with project: ${project}`); + console.log('\nPaste (Cmd+V) the prompt in the AI chat panel.'); + } else if (agent.id === 'clipboard') { + console.log('\nPaste the prompt into your preferred AI tool.'); + } + }); + // ─── clear ─────────────────────────────────────────────────────────── program @@ -1094,21 +1321,30 @@ program .option('-p, --project ', 'Project name', 'unknown') .option('-o, --output ', 'Output file (default: threat-dashboard.html)') .option('--light', 'Default to light theme instead of dark') - .action(async (dir: string, opts: { project: string; output?: string; light?: boolean }) => { + .option('--feature ', 'Filter dashboard to specific feature(s) (comma-separated)') + .action(async (dir: string, opts: { project: string; output?: string; light?: boolean; feature?: string }) => { const root = resolve(dir); const project = detectProjectName(root, opts.project); - const { model, diagnostics } = await parseProject({ root, project }); + let { model, diagnostics } = await parseProject({ root, project }); + + // Apply feature filter if specified + if (opts.feature) { + const featureNames = opts.feature.split(',').map(s => s.trim()); + model = filterByFeature(model, featureNames); + console.error(`Filtered to feature(s): ${featureNames.map(f => `"${f}"`).join(', ')}`); + } const errors = diagnostics.filter(d => d.level === 'error'); if (errors.length > 0) printDiagnostics(errors); - if (model.annotations_parsed === 0) { + if (model.annotations_parsed === 0 && !opts.feature) { console.error('No annotations found. Add GuardLink annotations first.'); process.exit(1); } const analyses = loadThreatReportsForDashboard(root); - let html = generateDashboardHTML(model, root, analyses); + const pentestData = loadPentestData(root); + let html = generateDashboardHTML(model, root, analyses, pentestData); // Switch default theme if requested if (opts.light) { @@ -1363,6 +1599,106 @@ program console.log(formatMergeSummary(merged)); }); +// ─── feature ────────────────────────────────────────────────────────── + +const featureCmd = program + .command('feature') + .description('Manage and inspect feature tags across the threat model'); + +featureCmd + .command('list') + .description('List all features found in annotations') + .argument('[dir]', 'Project directory to scan', '.') + .option('-p, --project ', 'Project name', 'unknown') + .option('--json', 'Output as JSON') + .action(async (dir: string, opts: { project: string; json?: boolean }) => { + const root = resolve(dir); + const project = detectProjectName(root, opts.project); + const { model } = await parseProject({ root, project }); + + const features = listFeatures(model); + if (features.length === 0) { + console.log('No @feature annotations found.'); + console.log('Tag code with: // @feature "Feature Name" -- "description"'); + return; + } + + if (opts.json) { + const summaries = getFeatureSummaries(model); + console.log(JSON.stringify(summaries, null, 2)); + return; + } + + const summaries = getFeatureSummaries(model); + console.log(`Features in ${project}:\n`); + for (const s of summaries) { + const files = s.files.length === 1 ? '1 file' : `${s.files.length} files`; + const exposureInfo = s.exposures > 0 ? ` | ${s.exposures} exposure(s)` : ''; + const confirmedInfo = s.confirmed > 0 ? ` | ${s.confirmed} confirmed` : ''; + console.log(` "${s.name}" (${files}, ${s.annotations} annotations${exposureInfo}${confirmedInfo})`); + for (const f of s.files) { + console.log(` → ${f}`); + } + } + console.log(`\n${features.length} feature(s) total`); + }); + +featureCmd + .command('show') + .description('Show detailed threat model for a specific feature') + .argument('', 'Feature name (case-insensitive)') + .option('-d, --dir ', 'Project directory', '.') + .option('-p, --project ', 'Project name', 'unknown') + .option('--json', 'Output as JSON') + .action(async (name: string, opts: { dir: string; project: string; json?: boolean }) => { + const root = resolve(opts.dir); + const project = detectProjectName(root, opts.project); + const { model } = await parseProject({ root, project }); + + const filtered = filterByFeature(model, [name]); + const totalAnnotations = filtered.assets.length + filtered.threats.length + + filtered.controls.length + filtered.mitigations.length + filtered.exposures.length + + filtered.confirmed.length + filtered.flows.length + filtered.boundaries.length; + + if (totalAnnotations === 0) { + console.error(`No annotations found for feature "${name}".`); + const available = listFeatures(model); + if (available.length > 0) { + console.error(`Available features: ${available.map(f => `"${f}"`).join(', ')}`); + } + process.exit(1); + } + + if (opts.json) { + console.log(JSON.stringify(filtered, null, 2)); + return; + } + + console.log(`Feature: "${name}"\n`); + console.log(` Assets: ${filtered.assets.length}`); + console.log(` Threats: ${filtered.threats.length}`); + console.log(` Controls: ${filtered.controls.length}`); + console.log(` Mitigations: ${filtered.mitigations.length}`); + console.log(` Exposures: ${filtered.exposures.length}`); + if (filtered.confirmed.length > 0) console.log(` Confirmed: ${filtered.confirmed.length} 🔴`); + console.log(` Flows: ${filtered.flows.length}`); + console.log(` Boundaries: ${filtered.boundaries.length}`); + + if (filtered.exposures.length > 0) { + console.log(`\n Exposures:`); + for (const e of filtered.exposures) { + console.log(` ${e.asset} → ${e.threat} [${e.severity || 'unset'}] (${e.location.file}:${e.location.line})`); + } + } + + if (filtered.mitigations.length > 0) { + console.log(`\n Mitigations:`); + for (const m of filtered.mitigations) { + console.log(` ${m.asset} against ${m.threat}${m.control ? ` using ${m.control}` : ''} (${m.location.file}:${m.location.line})`); + } + } + }); + // ─── mcp ───────────────────────────────────────────────────────────── program @@ -1452,6 +1788,13 @@ program console.log(EX(' // @mitigates db.users against Token Theft -- "Rotation implemented in v2"')); console.log(''); + console.log(` ${V('@confirmed')} ${K('')} ${D('on')} ${K('')} ${D('[severity]')} ${D('[ext-refs]')} ${D('[-- "evidence"]')}`); + console.log(D(' Mark a threat as verified exploitable (pentest, scan, or manual repro).')); + console.log(D(' Not a false positive — use observed severity. Distinct from @exposes (hypothesis).')); + console.log(EX(' // @confirmed SQL Injection on api.auth [critical] cwe:CWE-89 -- "Pen test: blind SQLi on /login"')); + console.log(EX(' // @confirmed #secret-exposure on App.Config [critical] -- "Live key in repo; verified with provider"')); + console.log(''); + console.log(` ${V('@accepts')} ${K('')} ${D('on')} ${K('')} ${D('[-- "reason"]')}`); console.log(D(' Explicitly accept a risk. Removes it from open findings.')); console.log(D(' Use when the risk is known and intentionally not mitigated.')); @@ -1513,6 +1856,23 @@ program console.log(EX(' // @assumes api.gateway -- "Upstream WAF filters malformed requests"')); console.log(''); + // ── FEATURE TAGGING ── + console.log(H(' ── Feature Tagging ─────────────────────────────────────────')); + console.log(''); + + console.log(` ${V('@feature')} ${K('"Feature Name"')} ${D('[-- "description"]')}`); + console.log(D(' Tag code with a feature name for filtering reports and dashboards.')); + console.log(D(' A file can have multiple @feature tags. All annotations in that file')); + console.log(D(' are associated with the tagged features.')); + console.log(EX(' // @feature "SSO Login" -- "Single sign-on authentication flow"')); + console.log(EX(' // @feature "Payment Processing"')); + console.log(D('')); + console.log(D(' Filter commands by feature:')); + console.log(EX(' guardlink feature list')); + console.log(EX(' guardlink report . --feature "SSO Login"')); + console.log(EX(' guardlink dashboard . --feature "SSO Login,Payment Processing"')); + console.log(''); + console.log(` ${V('@comment')} ${D('[-- "description"]')}`); console.log(D(' Free-form developer security note (no structural effect).')); console.log(EX(' // @comment -- "TODO — add rate limiting before v2 launch"')); @@ -1536,7 +1896,7 @@ program // ── EXTERNAL REFERENCES ── console.log(H(' ── External References ─────────────────────────────────────')); console.log(''); - console.log(D(' Append space-separated refs after severity on @threat and @exposes:')); + console.log(D(' Append space-separated refs after severity on @threat, @exposes, and @confirmed:')); console.log(EX(' cwe:CWE-89 owasp:A03:2021 capec:CAPEC-66 attack:T1190')); console.log(''); console.log(D(' Example:')); @@ -1597,6 +1957,7 @@ function printStatus(model: ThreatModel) { console.log(`Controls: ${model.controls.length}`); console.log(`Mitigations: ${model.mitigations.length}`); console.log(`Exposures: ${model.exposures.length}`); + if ((model.confirmed || []).length > 0) console.log(`Confirmed: ${model.confirmed.length} 🔴`); console.log(`Acceptances: ${model.acceptances.length}`); console.log(`Transfers: ${model.transfers.length}`); console.log(`Flows: ${model.flows.length}`); @@ -1606,6 +1967,10 @@ function printStatus(model: ThreatModel) { console.log(`Ownership: ${model.ownership.length}`); console.log(`Data handling: ${model.data_handling.length}`); console.log(`Assumptions: ${model.assumptions.length}`); + if (model.features.length > 0) { + const uniqueFeatures = new Set(model.features.map(f => f.feature)); + console.log(`Features: ${uniqueFeatures.size} (${model.features.length} tag${model.features.length > 1 ? 's' : ''})`); + } console.log(`Comments: ${model.comments.length}`); console.log(`Shields: ${model.shields.length}`); } diff --git a/src/dashboard/data.ts b/src/dashboard/data.ts index 83500ca..c9ad2a4 100644 --- a/src/dashboard/data.ts +++ b/src/dashboard/data.ts @@ -18,6 +18,7 @@ export interface DashboardStats { controls: number; mitigations: number; exposures: number; + confirmed: number; acceptances: number; transfers: number; flows: number; @@ -52,6 +53,16 @@ export interface ExposureRow { accepted: boolean; } +export interface ConfirmedRow { + threat: string; + asset: string; + severity: string; + description: string; + file: string; + line: number; + external_refs: string[]; +} + export interface AssetHeatmapEntry { name: string; exposures: number; @@ -70,6 +81,7 @@ export function computeStats(model: ThreatModel): DashboardStats { controls: model.controls.length, mitigations: model.mitigations.length, exposures: model.exposures.length, + confirmed: model.confirmed.length, acceptances: model.acceptances.length, transfers: model.transfers.length, flows: model.flows.length, @@ -147,3 +159,15 @@ export function computeAssetHeatmap(model: ThreatModel): AssetHeatmapEntry[] { return order[a.riskLevel] - order[b.riskLevel]; }); } + +export function computeConfirmed(model: ThreatModel): ConfirmedRow[] { + return (model.confirmed || []).map(c => ({ + threat: c.threat, + asset: c.asset, + severity: c.severity || 'unset', + description: c.description || '', + file: c.location.file, + line: c.location.line, + external_refs: c.external_refs || [], + })); +} diff --git a/src/dashboard/generate.ts b/src/dashboard/generate.ts index 0b0a612..69842e9 100644 --- a/src/dashboard/generate.ts +++ b/src/dashboard/generate.ts @@ -13,31 +13,35 @@ * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads" * @flows #dashboard -> HTML via return -- "Generated HTML output" * @handles internal on #dashboard -- "Processes and displays threat model data" + * @feature "Dashboard" -- "Interactive HTML threat model dashboard" */ import type { ThreatModel } from '../types/index.js'; -import { computeStats, computeSeverity, computeExposures, computeAssetHeatmap } from './data.js'; -import type { DashboardStats, SeverityBreakdown, ExposureRow, AssetHeatmapEntry } from './data.js'; +import { listFeatures } from '../parser/feature-filter.js'; +import { computeStats, computeSeverity, computeExposures, computeConfirmed, computeAssetHeatmap } from './data.js'; +import type { DashboardStats, SeverityBreakdown, ExposureRow, ConfirmedRow, AssetHeatmapEntry } from './data.js'; import { generateThreatGraph, generateDataFlowDiagram, generateAttackSurface } from './diagrams.js'; -import type { ThreatReportWithContent } from '../analyze/index.js'; +import type { ThreatReportWithContent, PentestData } from '../analyze/index.js'; import { readFileSync } from 'fs'; import { resolve, isAbsolute } from 'path'; -export function generateDashboardHTML(model: ThreatModel, root?: string, analyses?: ThreatReportWithContent[]): string { +export function generateDashboardHTML(model: ThreatModel, root?: string, analyses?: ThreatReportWithContent[], pentestData?: PentestData): string { const stats = computeStats(model); const severity = computeSeverity(model); const exposures = computeExposures(model); + const confirmedRows = computeConfirmed(model); const heatmap = computeAssetHeatmap(model); const threatGraph = generateThreatGraph(model); const dataFlow = generateDataFlowDiagram(model); const attackSurface = generateAttackSurface(model); + const featureNames = listFeatures(model); const timestamp = new Date().toISOString().slice(0, 19).replace('T', ' '); const unmitigated = exposures.filter(e => !e.mitigated && !e.accepted); const mitigatedCount = exposures.filter(e => e.mitigated).length; const mitigationCoveragePercent = exposures.length > 0 ? Math.round((mitigatedCount / exposures.length) * 100) : 0; - const riskScore = computeRiskGrade(severity, unmitigated.length, exposures.length); + const riskScore = computeRiskGrade(severity, unmitigated.length, exposures.length, confirmedRows.length); // Build file annotations data for code browser + drawer const fileAnnotations = buildFileAnnotations(model, root); @@ -45,6 +49,9 @@ export function generateDashboardHTML(model: ThreatModel, root?: string, analyse // Build analysis data for drawer const analysisData = buildAnalysisData(model, exposures); + // Pentest data (may be null/empty) + const pentest = pentestData || { scans: [], templates: [], totalFindings: 0, findingsBySeverity: {} }; + // Check for saved AI analyses // (we embed the latest one if model has it, otherwise empty) const aiAnalysis = ''; // Will be loaded from .guardlink/analyses/ by CLI @@ -77,12 +84,26 @@ ${CSS_CONTENT}
Open ${unmitigated.length}
Controls ${stats.controls}
Coverage ${stats.coveragePercent}%
+${featureNames.length > 0 ? `
+ +
` : ''} + + +
@@ -90,6 +111,7 @@ ${CSS_CONTENT}
Executive Summary Threat Reports + Pentest Findings Threats & Exposures Diagrams Code & Annotations @@ -108,7 +130,8 @@ ${CSS_CONTENT} ${renderSummaryPage(stats, severity, riskScore, unmitigated, exposures, model, mitigatedCount, mitigationCoveragePercent)} ${renderAIAnalysisPage(analyses || [])} -${renderThreatsPage(exposures, model)} +${renderPentestPage(pentest)} +${renderThreatsPage(exposures, confirmedRows, model)} ${renderDiagramsPage(threatGraph, dataFlow, attackSurface)} ${renderCodePage(fileAnnotations, model)} ${renderDataPage(model)} @@ -132,7 +155,9 @@ ${renderAssetsPage(heatmap)} const fileAnnotations = ${JSON.stringify(fileAnnotations).replace(/<\//g, '<\\/')}; const analysisData = ${JSON.stringify(analysisData).replace(/<\//g, '<\\/')}; const exposuresData = ${JSON.stringify(exposures).replace(/<\//g, '<\\/')}; +const confirmedData = ${JSON.stringify(confirmedRows).replace(/<\//g, '<\\/')}; const savedAnalyses = ${JSON.stringify(analyses || []).replace(/<\//g, '<\\/')}; +const pentestData = ${JSON.stringify(pentest).replace(/<\//g, '<\\/')}; const heatmapData = ${JSON.stringify(heatmap).replace(/<\//g, '<\\/')}; const threatModel = ${JSON.stringify(model).replace(/<\//g, '<\\/')}; /* ===== SECTION NAV ===== */ @@ -194,6 +219,17 @@ function openDrawer(type, idx) { h += sec('Asset', '' + esc(e.asset) + ''); if (e.description) h += sec('Description', esc(e.description)); h += sec('Location', '' + esc(e.file) + ':' + e.line + ''); + } else if (type === 'confirmed') { + const c = confirmedData[idx]; + title.textContent = c.threat + ' (Confirmed)'; + h += '
🔴 CONFIRMED EXPLOITABLE
Verified through testing — not a false positive
'; + h += sec('Severity', '' + esc(c.severity) + ''); + h += sec('Asset', '' + esc(c.asset) + ''); + h += sec('Threat', '' + esc(c.threat) + ''); + if (c.description) h += sec('Evidence', esc(c.description)); + if (c.external_refs && c.external_refs.length) h += sec('References', c.external_refs.map(r => '' + esc(r) + '').join(', ')); + h += sec('Location', '' + esc(c.file) + ':' + c.line + ''); + h += '
Immediate Action Required
This threat has been verified exploitable. Apply a @mitigates control urgently, or @accepts with explicit risk sign-off from security.
'; } else if (type === 'exposure') { const e = exposuresData[idx]; title.textContent = e.threat; @@ -418,6 +454,93 @@ function openAnnotationDrawer(fileIdx, annIdx) { document.getElementById('drawer-overlay').classList.add('open'); } +function openPentestDrawer(scanIdx, findingIdx) { + var title = document.getElementById('drawer-title'); + var body = document.getElementById('drawer-body'); + var scan = pentestData.scans[scanIdx]; + if (!scan) return; + var f = scan.findings[findingIdx]; + if (!f) return; + title.textContent = f.title; + var h = ''; + var sevColor = f.severity === 'critical' ? 'var(--sev-crit)' : f.severity === 'high' ? 'var(--sev-high)' : f.severity === 'medium' ? 'var(--sev-med)' : 'var(--sev-low)'; + h += sec('Severity', '' + esc(f.severity) + ''); + h += sec('Confidence', '' + f.confidence + '%'); + h += sec('Template', '' + esc(f.template_id) + ''); + if (f.cwe_ids && f.cwe_ids.length) h += sec('CWE', f.cwe_ids.map(function(c){return '' + esc(c) + ''}).join(', ')); + h += sec('Description', '
' + esc(f.description) + '
'); + + // Evidence section + if (f.evidence) { + h += '
Evidence
'; + if (f.evidence.request) { + h += sec('Request / Payload', '
' + esc(String(f.evidence.request).slice(0, 2000)) + '
'); + } + if (f.evidence.response) { + h += sec('Response / Output', '
' + esc(String(f.evidence.response).slice(0, 2000)) + '
'); + } + if (f.evidence.matched_patterns && f.evidence.matched_patterns.length) { + h += sec('Matched Patterns', f.evidence.matched_patterns.map(function(p){return '' + esc(String(p)) + ''}).join('')); + } + if (f.evidence.data && Object.keys(f.evidence.data).length > 0) { + var dataHtml = ''; + Object.keys(f.evidence.data).forEach(function(k) { + var val = f.evidence.data[k]; + var vs = typeof val === 'string' ? val : JSON.stringify(val); + if (vs && vs.length > 500) vs = vs.slice(0, 500) + '...'; + dataHtml += ''; + }); + dataHtml += '
' + esc(k) + '' + esc(vs) + '
'; + h += sec('Evidence Data', dataHtml); + } + } + + if (f.remediation) h += sec('Remediation', '
' + esc(f.remediation) + '
'); + h += sec('Scan ID', '' + esc(scan.scan_id) + ''); + h += sec('Timestamp', esc(f.timestamp || scan.completed_at || '')); + + body.innerHTML = h; + document.getElementById('drawer').classList.add('open'); + document.getElementById('drawer-overlay').classList.add('open'); +} + +function openTemplateDrawer(idx) { + var title = document.getElementById('drawer-title'); + var body = document.getElementById('drawer-body'); + var t = pentestData.templates[idx]; + if (!t) return; + title.textContent = t.id; + var h = ''; + h += sec('File', '' + esc(t.filename) + ''); + h += sec('Language', '' + esc(t.language) + ''); + h += sec('Severity', '' + esc(t.severity) + ''); + if (t.tags && t.tags.length) h += sec('Tags', t.tags.map(function(tag){return '' + esc(tag) + ''}).join('')); + + // Find related findings + var relatedFindings = []; + pentestData.scans.forEach(function(scan) { + scan.findings.forEach(function(f) { + if (f.template_id === t.id) relatedFindings.push(f); + }); + }); + if (relatedFindings.length > 0) { + h += '
Findings from this Template (' + relatedFindings.length + ')
'; + relatedFindings.forEach(function(f) { + var sc = f.severity === 'critical' ? 'var(--sev-crit)' : f.severity === 'high' ? 'var(--sev-high)' : f.severity === 'medium' ? 'var(--sev-med)' : 'var(--sev-low)'; + h += '
'; + h += '' + esc(f.title) + ''; + h += '
' + esc(f.description.slice(0, 200)) + '
'; + h += '
'; + }); + } else { + h += sec('Findings', 'No findings from this template yet — run CXG scan to test'); + } + + body.innerHTML = h; + document.getElementById('drawer').classList.add('open'); + document.getElementById('drawer-overlay').classList.add('open'); +} + function closeDrawer() { document.getElementById('drawer').classList.remove('open'); document.getElementById('drawer-overlay').classList.remove('open'); @@ -434,6 +557,289 @@ function sevCls(s) { return 'unset'; } +/* ===== FEATURE FILTER ===== */ +var _activeFeature = ''; + +function _featureFilesFor(featureName) { + var files = new Set(); + if (!featureName) return files; + if (threatModel.features) { + threatModel.features.forEach(function(f) { + if (f.feature.toLowerCase() === featureName.toLowerCase()) { + files.add(f.location.file); + } + }); + } + return files; +} + +function applyFeatureFilter(featureName) { + _activeFeature = featureName; + var banner = document.getElementById('feature-banner'); + + if (!featureName) { + // ── Clear filter ────────────────────────────────────────────── + if (banner) banner.style.display = 'none'; + document.querySelectorAll('[data-ff]').forEach(function(el) { el.style.display = ''; }); + document.querySelectorAll('[data-ff-asset]').forEach(function(el) { el.style.display = ''; }); + _restoreFullStats(); + return; + } + + // ── Compute matching file set ───────────────────────────────── + var featureFiles = _featureFilesFor(featureName); + + // ── Show banner ─────────────────────────────────────────────── + if (banner) { + banner.style.display = 'flex'; + document.getElementById('feature-banner-name').textContent = featureName; + document.getElementById('feature-banner-files').textContent = featureFiles.size + ' file(s)'; + } + + // ── Filter rows/cards by file ───────────────────────────────── + document.querySelectorAll('[data-ff]').forEach(function(el) { + var file = el.getAttribute('data-ff'); + // Empty data-ff means the annotation had no location — keep visible + el.style.display = (!file || featureFiles.has(file)) ? '' : 'none'; + }); + + // ── Filter asset heatmap cells by asset name ────────────────── + // An asset belongs to the feature if any of the feature files contains + // an annotation that references that asset. + var featureAssets = new Set(); + exposuresData.forEach(function(e) { if (featureFiles.has(e.file)) { featureAssets.add(e.asset); } }); + threatModel.flows.forEach(function(f) { + if (f.location && featureFiles.has(f.location.file)) { + featureAssets.add(f.source); featureAssets.add(f.target); + } + }); + threatModel.exposures.forEach(function(e) { + if (e.location && featureFiles.has(e.location.file)) featureAssets.add(e.asset); + }); + threatModel.mitigations.forEach(function(m) { + if (m.location && featureFiles.has(m.location.file)) featureAssets.add(m.asset); + }); + + document.querySelectorAll('[data-ff-asset]').forEach(function(el) { + var asset = el.getAttribute('data-ff-asset'); + el.style.display = featureAssets.has(asset) ? '' : 'none'; + }); + + // ── Recompute & update all live stats ───────────────────────── + _updateStatsForFilter(featureFiles); +} + +function _updateStatsForFilter(featureFiles) { + // Compute filtered exposure subsets from the raw data arrays + var visExp = exposuresData.filter(function(e) { return !featureFiles.size || featureFiles.has(e.file); }); + var visOpen = visExp.filter(function(e) { return !e.mitigated && !e.accepted; }); + var visMit = visExp.filter(function(e) { return e.mitigated; }); + + var sev = { critical: 0, high: 0, medium: 0, low: 0, unset: 0 }; + visExp.forEach(function(e) { + var s = (e.severity || '').toLowerCase(); + if (s === 'critical' || s === 'p0') sev.critical++; + else if (s === 'high' || s === 'p1') sev.high++; + else if (s === 'medium' || s === 'p2') sev.medium++; + else if (s === 'low' || s === 'p3') sev.low++; + else sev.unset++; + }); + + var totalExp = visExp.length; + var mitPct = totalExp > 0 ? Math.round(visMit.length / totalExp * 100) : 0; + + // ── Top nav ─────────────────────────────────────────────────── + var tnStats = document.querySelectorAll('.tn-stat'); + tnStats.forEach(function(s) { + var label = s.querySelector('span:first-child'); + var val = s.querySelector('.tn-v'); + if (!label || !val) return; + var lbl = label.textContent.trim(); + if (lbl === 'Open') val.textContent = visOpen.length; + if (lbl === 'Coverage') { + val.textContent = mitPct + '%'; + val.className = 'tn-v ' + (mitPct >= 70 ? 'green' : mitPct >= 40 ? 'yellow' : 'red'); + } + }); + + // ── Summary page stats grid ─────────────────────────────────── + _setStat('Open Threats', visOpen.length); + _setStat('Mitigated', visMit.length); + + // ── Coverage bar ────────────────────────────────────────────── + var covPct = document.querySelector('.coverage-pct'); + if (covPct) { + covPct.textContent = mitPct + '%'; + covPct.className = 'coverage-pct ' + (mitPct >= 70 ? 'good' : mitPct >= 40 ? 'warn' : 'bad'); + } + var covLabel = document.querySelector('.posture-fill')?.parentElement?.nextElementSibling; + var covFill = document.querySelector('.posture-fill'); + if (covFill) { + covFill.style.width = Math.min(mitPct, 100) + '%'; + covFill.className = 'posture-fill ' + (mitPct >= 70 ? 'good' : mitPct >= 40 ? 'warn' : 'bad'); + } + // Update "X of Y exposures mitigated" label + document.querySelectorAll('#sec-summary span').forEach(function(sp) { + if (sp.textContent.includes('exposures mitigated')) { + sp.textContent = visMit.length + ' of ' + totalExp + ' exposures mitigated'; + } + }); + + // ── Severity bars ───────────────────────────────────────────── + _updateSevBar('Critical', sev.critical, totalExp); + _updateSevBar('High', sev.high, totalExp); + _updateSevBar('Medium', sev.medium, totalExp); + _updateSevBar('Low', sev.low, totalExp); + _updateSevBar('Unset', sev.unset, totalExp); + + // ── Section headings with counts ───────────────────────────── + _updateHeading('sec-threats', 'Open Threats', visOpen.length); + _updateHeading('sec-threats', 'Mitigated Threats', visMit.length); + _updateHeading('sec-threats', 'All Exposures', totalExp); + + // ── Risk banner (recompute grade) ───────────────────────────── + var visConf = confirmedData.filter(function(c) { return !featureFiles.size || featureFiles.has(c.file); }); + _updateRiskBanner(sev, visOpen.length, totalExp, visConf.length); +} + +function _restoreFullStats() { + // Restore all counts from the original full data sets + var allOpen = exposuresData.filter(function(e) { return !e.mitigated && !e.accepted; }); + var allMit = exposuresData.filter(function(e) { return e.mitigated; }); + var totalExp = exposuresData.length; + var mitPct = totalExp > 0 ? Math.round(allMit.length / totalExp * 100) : 0; + + var sev = { critical: 0, high: 0, medium: 0, low: 0, unset: 0 }; + exposuresData.forEach(function(e) { + var s = (e.severity || '').toLowerCase(); + if (s === 'critical' || s === 'p0') sev.critical++; + else if (s === 'high' || s === 'p1') sev.high++; + else if (s === 'medium' || s === 'p2') sev.medium++; + else if (s === 'low' || s === 'p3') sev.low++; + else sev.unset++; + }); + + // Top nav + var tnStats = document.querySelectorAll('.tn-stat'); + tnStats.forEach(function(s) { + var label = s.querySelector('span:first-child'); + var val = s.querySelector('.tn-v'); + if (!label || !val) return; + var lbl = label.textContent.trim(); + if (lbl === 'Open') val.textContent = allOpen.length; + if (lbl === 'Coverage') { + val.textContent = mitPct + '%'; + val.className = 'tn-v ' + (mitPct >= 70 ? 'green' : mitPct >= 40 ? 'yellow' : 'red'); + } + }); + + _setStat('Open Threats', allOpen.length); + _setStat('Mitigated', allMit.length); + + var covPct = document.querySelector('.coverage-pct'); + if (covPct) { + covPct.textContent = mitPct + '%'; + covPct.className = 'coverage-pct ' + (mitPct >= 70 ? 'good' : mitPct >= 40 ? 'warn' : 'bad'); + } + var covFill = document.querySelector('.posture-fill'); + if (covFill) { + covFill.style.width = Math.min(mitPct, 100) + '%'; + covFill.className = 'posture-fill ' + (mitPct >= 70 ? 'good' : mitPct >= 40 ? 'warn' : 'bad'); + } + document.querySelectorAll('#sec-summary span').forEach(function(sp) { + if (sp.textContent.includes('exposures mitigated')) { + sp.textContent = allMit.length + ' of ' + totalExp + ' exposures mitigated'; + } + }); + + _updateSevBar('Critical', sev.critical, totalExp); + _updateSevBar('High', sev.high, totalExp); + _updateSevBar('Medium', sev.medium, totalExp); + _updateSevBar('Low', sev.low, totalExp); + _updateSevBar('Unset', sev.unset, totalExp); + + _updateHeading('sec-threats', 'Open Threats', allOpen.length); + _updateHeading('sec-threats', 'Mitigated Threats', allMit.length); + _updateHeading('sec-threats', 'All Exposures', totalExp); + + _updateRiskBanner(sev, allOpen.length, totalExp, confirmedData.length); +} + +/* ── Helpers ──────────────────────────────────────────────────────── */ + +function _setStat(label, value) { + document.querySelectorAll('.stat-card').forEach(function(card) { + var lbl = card.querySelector('.label'); + var val = card.querySelector('.value'); + if (lbl && val && lbl.textContent.trim() === label) { + val.textContent = value; + } + }); +} + +function _updateSevBar(label, count, total) { + var pct = total > 0 ? Math.round(count / total * 100) : 0; + document.querySelectorAll('.sev-row').forEach(function(row) { + var lbl = row.querySelector('.sev-label'); + if (!lbl || lbl.textContent.trim() !== label) return; + var fill = row.querySelector('.sev-fill'); + var cnt = row.querySelector('.sev-count'); + if (fill) fill.style.width = pct + '%'; + if (cnt) cnt.textContent = count; + }); +} + +function _updateHeading(sectionId, prefix, count) { + var sec = document.getElementById(sectionId); + if (!sec) return; + sec.querySelectorAll('.sub-h').forEach(function(h) { + if (h.textContent.trim().startsWith(prefix)) { + // Replace trailing (N) count + h.textContent = h.textContent.replace(/\(\d+\)$/, '(' + count + ')').replace(/\s+\d+$/, ' ' + count); + } + }); +} + +function _updateRiskBanner(sev, openCount, totalExp, confirmedCount) { + var grade, label, summary; + if (confirmedCount > 0) { + grade = 'F'; label = 'Critical Risk'; + summary = confirmedCount + ' confirmed exploitable finding(s) — immediate remediation required'; + } else if (sev.critical > 0) { + grade = 'F'; label = 'Critical Risk'; + summary = sev.critical + ' critical exposure(s) require immediate attention'; + } else if (sev.high >= 3 || openCount >= 5) { + grade = 'D'; label = 'High Risk'; + summary = openCount + ' unmitigated exposure(s), ' + sev.high + ' high severity'; + } else if (sev.high >= 1 || openCount >= 3) { + grade = 'C'; label = 'Moderate Risk'; + summary = openCount + ' unmitigated exposure(s) need remediation'; + } else if (openCount >= 1) { + grade = 'B'; label = 'Low Risk'; + summary = openCount + ' minor unmitigated exposure(s)'; + } else if (totalExp === 0) { + grade = 'A'; label = 'Excellent'; + summary = 'No exposures detected — consider adding more annotations'; + } else { + grade = 'A'; label = 'Excellent'; + summary = 'All exposures mitigated or accepted'; + } + + var banner = document.querySelector('.risk-banner'); + if (!banner) return; + // Update grade class + banner.className = banner.className.replace(/risk-[a-z]/g, 'risk-' + grade.toLowerCase()); + var gradeEl = banner.querySelector('.risk-grade'); + if (gradeEl) gradeEl.textContent = grade; + var detail = banner.querySelector('.risk-detail'); + if (detail) { + var strong = detail.querySelector('strong'); + var span = detail.querySelector('span'); + if (strong) strong.textContent = label; + if (span) span.textContent = summary; + } +} + /* ===== THEME ===== */ function toggleTheme() { const html = document.documentElement; @@ -663,6 +1069,7 @@ function renderSummaryPage(
${statCard(stats.assets, 'Assets')} ${statCard(unmitigated.length, 'Open Threats', 'danger')} + ${stats.confirmed > 0 ? statCard(stats.confirmed, 'Confirmed', 'danger') : ''} ${statCard(mitigatedCount, 'Mitigated', 'success')} ${statCard(stats.controls, 'Controls', 'success')} ${statCard(stats.flows, 'Data Flows')} @@ -698,7 +1105,7 @@ function renderSummaryPage(
⚠ Open Threats (No Mitigation)
${unmitigated.map((e, i) => ` -
+
${esc(e.threat)} ${esc(e.severity)} @@ -714,7 +1121,7 @@ function renderSummaryPage( SourceTargetMechanismLocation ${model.flows.map(f => ` - + ${esc(f.source)}${esc(f.target)} @@ -738,7 +1145,110 @@ function renderAIAnalysisPage(analyses: ThreatReportWithContent[]): string {
`; } -function renderThreatsPage(exposures: ExposureRow[], model: ThreatModel): string { +function renderPentestPage(pentest: PentestData): string { + const hasScanData = pentest.scans.length > 0; + const hasTemplates = pentest.templates.length > 0; + const latestScan = pentest.scans[0]; + + let findingsHtml = ''; + if (hasScanData) { + pentest.scans.forEach((scan, si) => { + const scanDate = scan.completed_at ? scan.completed_at.slice(0, 19).replace('T', ' ') : 'unknown'; + const duration = scan.statistics?.duration + ? `${scan.statistics.duration.secs}s` + : '?'; + findingsHtml += ` +
+
+ Scan ${esc(scan.scan_id.slice(0, 8))} + ${esc(scanDate)} · ${esc(duration)} · ${scan.findings.length} finding(s) + ${esc(scan.source_file)} +
`; + + if (scan.findings.length > 0) { + findingsHtml += ` + + + + ${scan.findings.map((f, fi) => ` + + + + + + + `).join('')} + +
SeverityTitleTemplateCWEConfidence
${esc(f.severity)}${esc(f.title)}${esc(f.template_id)}${f.cwe_ids?.length ? f.cwe_ids.map(c => `${esc(c)}`).join(' ') : '—'}${f.confidence}%
`; + } else { + findingsHtml += '

No findings in this scan — all checks passed.

'; + } + findingsHtml += '
'; + }); + } + + let templatesHtml = ''; + if (hasTemplates) { + templatesHtml = ` +
Templates (${pentest.templates.length})
+

CXG templates in .guardlink/cxg-templates/ — click for details.

+
+ ${pentest.templates.map((t, i) => ` +
+
+ ${esc(t.id)} + ${esc(t.severity)} +
+
${esc(t.filename)} · ${esc(t.language)}
+ ${t.tags.length > 0 ? `
${t.tags.slice(0, 4).map(tag => `${esc(tag)}`).join(' ')}
` : ''} +
`).join('')} +
`; + } + + const sevBreakdown = pentest.findingsBySeverity; + const maxSevCount = Math.max(1, ...Object.values(sevBreakdown)); + + return ` +
+
🔬 Pentest Findings
+ + ${hasScanData || hasTemplates ? ` + +
+
${pentest.totalFindings}Total Findings
+
${sevBreakdown['critical'] || 0}Critical
+
${sevBreakdown['high'] || 0}High
+
${sevBreakdown['medium'] || 0}Medium
+
${sevBreakdown['low'] || 0}Low
+
${pentest.templates.length}Templates
+
${pentest.scans.length}Scans
+
+ + ${hasScanData ? ` +
Findings (${pentest.totalFindings})
+

Results from CXG security scans — click a finding for full evidence details.

+ ${findingsHtml} + ` : ''} + + ${templatesHtml} + ` : ` +
+
🔬
+
No Pentest Data Yet
+
Generate CXG templates and run scans to see findings here
+
+
Step 1 — Generate templates:
+ guardlink translate "Create templates for critical threats" --claude-code +
Step 2 — Run CXG scan:
+ cxg scan --scope local://. --template-dir .guardlink/cxg-templates/ --output .guardlink/pentest-findings/guardlink-pentest --output-format json,sarif +
Step 3 — View results:
+ guardlink dashboard +
+
`} +
`; +} + +function renderThreatsPage(exposures: ExposureRow[], confirmed: ConfirmedRow[], model: ThreatModel): string { const open = exposures.filter(e => !e.mitigated && !e.accepted); const mitigated = exposures.filter(e => e.mitigated); const accepted = exposures.filter(e => e.accepted); @@ -747,6 +1257,23 @@ function renderThreatsPage(exposures: ExposureRow[], model: ThreatModel): string
Threats & Exposures
+ ${confirmed.length > 0 ? ` +
🔴 Confirmed Exploitable (${confirmed.length})
+

Verified through pentest, scanning, or manual reproduction — not false positives.

+ + + + ${confirmed.map((c, i) => ` + + + + + + + `).join('')} + +
AssetThreatSeverityDescriptionLocation
${esc(c.asset)}${esc(c.threat)}${esc(c.severity)}${esc(c.description || '—')}${esc(c.file)}:${c.line}
` : ''} +
Open Threats (${open.length})

Exposed in code but not mitigated by any control.

${open.length > 0 ? ` @@ -754,7 +1281,7 @@ function renderThreatsPage(exposures: ExposureRow[], model: ThreatModel): string AssetThreatSeverityDescriptionLocation ${open.map((e, i) => ` - + ${esc(e.asset)} ${esc(e.threat)} ${esc(e.severity)} @@ -770,7 +1297,7 @@ function renderThreatsPage(exposures: ExposureRow[], model: ThreatModel): string AssetThreatSeverityDescriptionLocation ${mitigated.map((e, i) => ` - + ${esc(e.asset)} ${esc(e.threat)} ${esc(e.severity)} @@ -786,7 +1313,7 @@ function renderThreatsPage(exposures: ExposureRow[], model: ThreatModel): string AssetThreatSeverityDescriptionLocation ${accepted.map(e => ` - + ${esc(e.asset)} ${esc(e.threat)} ${esc(e.severity)} @@ -802,7 +1329,7 @@ function renderThreatsPage(exposures: ExposureRow[], model: ThreatModel): string SourceThreatTargetDescriptionLocation ${model.transfers.map(t => ` - + ${esc(t.source)} ${esc(t.threat)} ${esc(t.target)} @@ -818,7 +1345,7 @@ function renderThreatsPage(exposures: ExposureRow[], model: ThreatModel): string StatusAssetThreatSeverityDescriptionLocation ${exposures.map((e, i) => ` - + ${e.mitigated ? 'Mitigated' : e.accepted ? 'Accepted' : 'Open'} ${esc(e.asset)} ${esc(e.threat)} @@ -877,7 +1404,7 @@ function renderCodePage(fileAnnotations: FileAnnotationGroup[], model: ThreatMod Every file with GuardLink annotations. Click any annotation to see details.

${fileAnnotations.length > 0 ? fileAnnotations.map((f, fi) => ` -
+
${esc(f.file)} @@ -931,7 +1458,7 @@ function renderDataPage(model: ThreatModel): string { Side ASide BDescriptionLocation ${model.boundaries.map(b => ` - + ${esc(b.asset_a)}${esc(b.asset_b)} @@ -947,7 +1474,7 @@ function renderDataPage(model: ThreatModel): string { ClassificationAssetDescriptionLocation ${model.data_handling.map(d => ` - + ${esc(d.classification)} ${esc(d.asset || '—')} ${esc(d.description || '—')} @@ -962,7 +1489,7 @@ function renderDataPage(model: ThreatModel): string { ControlAssetDescriptionLocation ${model.validations.map(v => ` - + ${esc(v.control)} ${esc(v.asset)} ${esc(v.description || '—')} @@ -977,7 +1504,7 @@ function renderDataPage(model: ThreatModel): string { AssetOwnerDescriptionLocation ${model.ownership.map(o => ` - + ${esc(o.asset)} ${esc(o.owner)} ${esc(o.description || '—')} @@ -992,7 +1519,7 @@ function renderDataPage(model: ThreatModel): string { AssetDescriptionLocation ${model.audits.map(a => ` - + ${esc(a.asset)} ${esc(a.description || 'Needs review')} ${a.location ? `${esc(a.location.file)}:${a.location.line}` : ''} @@ -1007,7 +1534,7 @@ function renderDataPage(model: ThreatModel): string { AssetAssumptionLocation ${model.assumptions.map(a => ` - + ${esc(a.asset)} ${esc(a.description || 'Unverified assumption')} ${a.location ? `${esc(a.location.file)}:${a.location.line}` : ''} @@ -1022,7 +1549,7 @@ function renderDataPage(model: ThreatModel): string { ReasonLocation ${model.shields.map(s => ` - + ${esc(s.reason || 'No reason provided')} ${s.location ? `${esc(s.location.file)}:${s.location.line}` : ''} `).join('')} @@ -1035,7 +1562,7 @@ function renderDataPage(model: ThreatModel): string { CommentLocation ${model.comments.map(c => ` - + ${esc(c.description || '(no description)')} ${c.location ? `${esc(c.location.file)}:${c.location.line}` : ''} `).join('')} @@ -1057,7 +1584,7 @@ function renderAssetsPage(heatmap: AssetHeatmapEntry[]): string { ${heatmap.length > 0 ? `
${heatmap.map((a, i) => ` -
+
${esc(a.name)}
⚠ ${a.exposures} @@ -1128,6 +1655,7 @@ function buildFileAnnotations(model: ThreatModel, root?: string): FileAnnotation for (const t of model.threats) addEntry('threat', t as any, t.name); for (const c of model.controls) addEntry('control', c as any, c.name); for (const e of model.exposures) addEntry('exposes', e as any, `${e.asset} → ${e.threat}`); + for (const cf of (model.confirmed || [])) addEntry('confirmed', cf as any, `${cf.asset} confirmed ${cf.threat}`); for (const m of model.mitigations) addEntry('mitigates', m as any, `${m.control} mitigates ${m.threat}`); for (const a of model.acceptances) addEntry('accepts', a as any, `${a.asset} accepts ${a.threat}`); for (const t of model.transfers) addEntry('transfers', t as any, `${t.source} → ${t.target}`); @@ -1184,7 +1712,8 @@ function sevClass(s: string): string { return 'unset'; } -function computeRiskGrade(sev: SeverityBreakdown, unmitigatedCount: number, totalExposures: number) { +function computeRiskGrade(sev: SeverityBreakdown, unmitigatedCount: number, totalExposures: number, confirmedCount: number = 0) { + if (confirmedCount > 0) return { grade: 'F', label: 'Critical Risk', summary: `${confirmedCount} confirmed exploitable finding(s) — immediate remediation required` }; if (sev.critical > 0) return { grade: 'F', label: 'Critical Risk', summary: `${sev.critical} critical exposure(s) require immediate attention` }; if (sev.high >= 3 || unmitigatedCount >= 5) return { grade: 'D', label: 'High Risk', summary: `${unmitigatedCount} unmitigated exposure(s), ${sev.high} high severity` }; if (sev.high >= 1 || unmitigatedCount >= 3) return { grade: 'C', label: 'Moderate Risk', summary: `${unmitigatedCount} unmitigated exposure(s) need remediation` }; diff --git a/src/diff/engine.ts b/src/diff/engine.ts index f007446..1b5d2b9 100644 --- a/src/diff/engine.ts +++ b/src/diff/engine.ts @@ -16,7 +16,7 @@ import type { ThreatModel, ThreatModelAsset, ThreatModelThreat, ThreatModelControl, - ThreatModelMitigation, ThreatModelExposure, ThreatModelAcceptance, + ThreatModelMitigation, ThreatModelExposure, ThreatModelConfirmed, ThreatModelAcceptance, ThreatModelFlow, ThreatModelBoundary, ThreatModelTransfer, Severity, SourceLocation, } from '../types/index.js'; @@ -42,6 +42,7 @@ export interface ThreatModelDiff { controls: Change[]; mitigations: Change[]; exposures: Change[]; + confirmed: Change[]; acceptances: Change[]; flows: Change[]; boundaries: Change[]; @@ -72,6 +73,7 @@ export function diffModels(before: ThreatModel, after: ThreatModel): ThreatModel const controls = diffByKey(before.controls, after.controls, controlKey, controlChanged); const mitigations = diffByKey(before.mitigations, after.mitigations, mitigationKey); const exposures = diffByKey(before.exposures, after.exposures, exposureKey, exposureChanged); + const confirmed = diffByKey(before.confirmed || [], after.confirmed || [], (c: ThreatModelConfirmed) => `${c.asset}::${c.threat}`, (a: ThreatModelConfirmed, b: ThreatModelConfirmed) => a.severity !== b.severity || a.description !== b.description ? `severity/description changed` : null); const acceptances = diffByKey(before.acceptances, after.acceptances, acceptanceKey); const flows = diffByKey(before.flows, after.flows, flowKey, flowChanged); const boundaries = diffByKey(before.boundaries, after.boundaries, boundaryKey); @@ -87,7 +89,7 @@ export function diffModels(before: ThreatModel, after: ThreatModel): ThreatModel const newUnmitigatedExposures = afterUnmitigated.filter(e => !beforeKeys.has(exposureKey(e))); const resolvedExposures = beforeUnmitigated.filter(e => !afterKeys.has(exposureKey(e))); - const allChanges = [assets, threats, controls, mitigations, exposures, acceptances, flows, boundaries, transfers]; + const allChanges = [assets, threats, controls, mitigations, exposures, confirmed, acceptances, flows, boundaries, transfers]; const totalChanges = allChanges.reduce((sum, c) => sum + c.length, 0); const added = allChanges.reduce((sum, c) => sum + c.filter(x => x.kind === 'added').length, 0); const removed = allChanges.reduce((sum, c) => sum + c.filter(x => x.kind === 'removed').length, 0); @@ -99,7 +101,7 @@ export function diffModels(before: ThreatModel, after: ThreatModel): ThreatModel return { summary: { totalChanges, added, removed, modified, newUnmitigated: newUnmitigatedExposures.length, resolvedUnmitigated: resolvedExposures.length, riskDelta }, - assets, threats, controls, mitigations, exposures, acceptances, flows, boundaries, transfers, + assets, threats, controls, mitigations, exposures, confirmed, acceptances, flows, boundaries, transfers, newUnmitigatedExposures, resolvedExposures, }; diff --git a/src/init/index.ts b/src/init/index.ts index 388a7fc..d36bf6a 100644 --- a/src/init/index.ts +++ b/src/init/index.ts @@ -31,6 +31,7 @@ import { configContent, mcpConfig, referenceDocContent, + promptMdContent, GITIGNORE_ENTRY, } from './templates.js'; import type { ThreatModel } from '../types/index.js'; @@ -109,7 +110,17 @@ export function initProject(options: InitOptions): InitResult { skipped.push(`.guardlink/${defsFile} (exists)`); } - // ── 4. Create docs/GUARDLINK_REFERENCE.md ── + // ── 4. Create .guardlink/prompt.md (skeleton for report) ── + + const promptPath = join(tsDir, 'prompt.md'); + if (!existsSync(promptPath) || force) { + if (!dryRun) writeFileSync(promptPath, promptMdContent(project)); + created.push('.guardlink/prompt.md'); + } else { + skipped.push('.guardlink/prompt.md (exists)'); + } + + // ── 5. Create docs/GUARDLINK_REFERENCE.md ── const docsDir = join(root, 'docs'); const refDocPath = join(docsDir, 'GUARDLINK_REFERENCE.md'); @@ -123,7 +134,7 @@ export function initProject(options: InitOptions): InitResult { skipped.push('docs/GUARDLINK_REFERENCE.md (exists)'); } - // ── 5. Update .gitignore ── + // ── 6. Update .gitignore ── const gitignorePath = join(root, '.gitignore'); if (existsSync(gitignorePath)) { @@ -134,7 +145,7 @@ export function initProject(options: InitOptions): InitResult { } } - // ── 6. Update/create agent instruction files ── + // ── 7. Update/create agent instruction files ── if (!skipAgentFiles) { const agentResults = updateAgentFiles(root, project, force, dryRun, options.agentIds); @@ -143,7 +154,7 @@ export function initProject(options: InitOptions): InitResult { skipped.push(...agentResults.skipped); } - // ── 7. Create .mcp.json for Claude Code MCP integration ── + // ── 8. Create .mcp.json for Claude Code MCP integration ── const mcpPath = join(root, '.mcp.json'); if (!existsSync(mcpPath) || force) { @@ -334,6 +345,16 @@ export function syncAgentFiles(options: SyncOptions): SyncResult { const updated: string[] = []; const skipped: string[] = []; + // Ensure .guardlink/prompt.md exists (fallback if init wasn't run) + const promptPath = join(root, '.guardlink', 'prompt.md'); + if (!existsSync(promptPath)) { + if (!dryRun) { + ensureDir(join(root, '.guardlink')); + writeFileSync(promptPath, promptMdContent(project)); + } + updated.push('.guardlink/prompt.md'); + } + for (const choice of AGENT_CHOICES) { const filePath = join(root, choice.file); const exists = existsSync(filePath); diff --git a/src/init/templates.ts b/src/init/templates.ts index 46b9560..990f195 100644 --- a/src/init/templates.ts +++ b/src/init/templates.ts @@ -40,6 +40,8 @@ LIFECYCLE @handles on @assumes -- "unverified assumption" +METADATA @feature "Feature Name" -- "tag code with a feature for filtering" + COMMENT @comment -- "security-relevant developer note" PROTECT @shield -- "reason" @@ -73,6 +75,7 @@ Append after severity: \`cwe:CWE-89\`, \`owasp:A03:2021\`, \`capec:CAPEC-66\`, \ | Implementing a fix | \`@mitigates Asset against #threat using #control\` | | Processing sensitive data | \`@handles pii on Asset\` | | Proprietary algorithm | \`@shield:begin\` ... \`@shield:end\` | +| Tagging code to a feature | \`@feature "SSO Login" -- "Single sign-on flow"\` | | Unsure which annotation | \`@comment -- "describe what you see"\` | ## Commands @@ -82,6 +85,8 @@ guardlink validate . # Check for errors guardlink report . # Generate threat-model.md guardlink status . # Coverage summary guardlink suggest # Get annotation suggestions +guardlink feature list # List all @feature tags +guardlink feature show # Show model for a specific feature \`\`\` ## MCP Tools @@ -116,11 +121,12 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c 1. **Annotate new code.** When you add a function, endpoint, or module that handles user input, accesses data, crosses a trust boundary, or could fail in a security-relevant way — add \`@exposes\`, \`@mitigates\`, \`@flows\`, \`@handles\`, or at minimum \`@comment\` annotations. This is not optional. 2. **NEVER write \`@accepts\`.** That is a human-only governance decision. When you find a risk with no mitigation in code, write \`@exposes\` to document the risk + \`@audit\` to flag it for human review + \`@comment\` to suggest potential controls. -3. Do not delete or mangle existing annotations. Treat them as part of the code. Edit only when intentionally changing the threat model. -4. Definitions (\`@asset\`, \`@threat\`, \`@control\` with \`(#id)\`) live in \`.guardlink/definitions${project.definitionsExt}\`. Reuse existing \`#id\`s — never redefine. If you need a new asset or threat, add the definition there first, then reference it in source files. -5. Source files use relationship verbs only: \`@mitigates\`, \`@exposes\`, \`@flows\`, \`@handles\`, \`@boundary\`, \`@comment\`, \`@validates\`, \`@audit\`, \`@owns\`, \`@assumes\`, \`@transfers\`. -6. Write coupled annotation blocks that tell a complete story: risk + control (or audit) + data flow + context note. Never write a lone \`@exposes\` without follow-up. -7. Avoid \`@shield\` unless a human explicitly asks to hide code from AI — it creates blind spots. +3. **Use \`@confirmed\` for verified exploits.** When a pentest, CXG scan, or manual reproduction proves a threat is exploitable, mark it with \`@confirmed #threat on Asset [severity] -- "evidence"\`. This is distinct from \`@exposes\` (theoretical) — \`@confirmed\` means real, verified, not a false positive. Include severity based on actual observed impact. +4. Do not delete or mangle existing annotations. Treat them as part of the code. Edit only when intentionally changing the threat model. +5. Definitions (\`@asset\`, \`@threat\`, \`@control\` with \`(#id)\`) live in \`.guardlink/definitions${project.definitionsExt}\`. Reuse existing \`#id\`s — never redefine. If you need a new asset or threat, add the definition there first, then reference it in source files. +6. Source files use relationship verbs only: \`@mitigates\`, \`@exposes\`, \`@confirmed\`, \`@flows\`, \`@handles\`, \`@boundary\`, \`@comment\`, \`@validates\`, \`@audit\`, \`@owns\`, \`@assumes\`, \`@transfers\`, \`@feature\`. +7. Write coupled annotation blocks that tell a complete story: risk + control (or audit) + data flow + context note. Never write a lone \`@exposes\` without follow-up. +8. Avoid \`@shield\` unless a human explicitly asks to hide code from AI — it creates blind spots. ### Workflow (while coding) @@ -145,6 +151,8 @@ This project uses [GuardLink](https://guardlink.bugb.io) annotations in source c @handles pii on App.API -- "Processes email and session token" @validates #prepared-stmts for App.API -- "sqlInjectionTest.ts ensures placeholders used" @audit App.API -- "Token rotation logic needs crypto review" +@confirmed #sqli on App.API [critical] cwe:CWE-89 -- "Pentest verified: raw SQL injection via email param" +@feature "SSO Login" -- "Single sign-on authentication flow" @owns security-team for App.API -- "Team responsible for reviews" @comment -- "Rate limit: 100 req/15min via express-rate-limit" \`\`\` @@ -186,6 +194,16 @@ export function buildModelContext(model: ThreatModel): string { if (unmitigated.length > 25) sections.push(`- ... and ${unmitigated.length - 25} more`); } + // Confirmed exploitable findings + if ((model.confirmed || []).length > 0) { + sections.push('\n### 🔴 Confirmed Exploitable (verified, not false positives)\n'); + const confirmedLines = model.confirmed.slice(0, 25).map(c => + `- ${c.asset} confirmed ${c.threat}${c.severity ? ` [${c.severity}]` : ''} (${c.location.file}:${c.location.line})` + ); + sections.push(confirmedLines.join('\n')); + if (model.confirmed.length > 25) sections.push(`- ... and ${model.confirmed.length - 25} more`); + } + // Existing flows (top 20) if (model.flows.length > 0) { sections.push('\n### Existing Data Flows (extend, don\'t duplicate)\n'); @@ -196,6 +214,13 @@ export function buildModelContext(model: ThreatModel): string { if (model.flows.length > 20) sections.push(`- ... and ${model.flows.length - 20} more`); } + // Features + const uniqueFeatures = new Set((model.features || []).map(f => f.feature)); + if (uniqueFeatures.size > 0) { + sections.push('\n### Features (filter with `--feature`)\n'); + sections.push([...uniqueFeatures].sort().map(f => `- "${f}"`).join('\n')); + } + // Summary stats const stats = [ `${model.annotations_parsed} annotations`, @@ -203,8 +228,10 @@ export function buildModelContext(model: ThreatModel): string { `${model.threats.length} threats`, `${model.controls.length} controls`, `${model.exposures.length} exposures`, + `${(model.confirmed || []).length} confirmed`, `${model.mitigations.length} mitigations`, `${model.flows.length} flows`, + ...(uniqueFeatures.size > 0 ? [`${uniqueFeatures.size} features`] : []), ].join(', '); sections.push(`\n### Model Stats\n\n${stats}`); @@ -280,9 +307,10 @@ Every time you write or modify code that touches security-relevant behavior, you ## Key Rules - ANNOTATE NEW CODE. When you add a function or endpoint that handles user input, accesses data, or crosses a trust boundary — add @exposes, @mitigates, @flows, @handles, or at minimum @comment. This is not optional. - NEVER write @accepts — that is a human-only governance decision. For risks with no mitigation: write @exposes + @audit + @comment suggesting potential controls. +- Use @confirmed for verified exploits. When pentest/scanning/manual reproduction proves a threat is exploitable: @confirmed #threat on Asset [severity] -- "evidence". Distinct from @exposes (theoretical) — @confirmed means real, verified, no false positives. - Preserve existing annotations — do not delete or mangle them. - Definitions (@asset, @threat, @control with (#id)) live in .guardlink/definitions${project.definitionsExt}. Reuse IDs — never redefine. Add new definitions there first, then reference in source files. -- Source files use relationship verbs: @mitigates, @exposes, @flows, @handles, @boundary, @comment, @validates, @audit, @owns, @assumes, @transfers. +- Source files use relationship verbs: @mitigates, @exposes, @confirmed, @flows, @handles, @boundary, @comment, @validates, @audit, @owns, @assumes, @transfers, @feature. - Write coupled annotation blocks: risk + control (or audit) + data flow + context note. - Avoid @shield unless a human explicitly asks to hide code from AI. @@ -301,6 +329,8 @@ Every time you write or modify code that touches security-relevant behavior, you - @handles pii on App.API -- "Processes email, token" - @validates #prepared-stmts for App.API -- "CI test ensures placeholders" - @audit App.API -- "Token rotation review" +- @confirmed #sqli on App.API [critical] cwe:CWE-89 -- "Pentest verified: raw SQL injection via email param" +- @feature "SSO Login" -- "Single sign-on authentication flow" - @owns security-team for App.API -- "Team responsible" - @comment -- "Rate limit: 100 req/15min" `.trimStart(); @@ -417,6 +447,43 @@ function defaultIncludeForLanguage(lang: string): string[] { // ─── MCP configuration ────────────────────────────────────────────── +// ─── Project description template ───────────────────────────────── + +/** + * Generate skeleton .guardlink/prompt.md for `guardlink report`. + * + * During `init` this creates a placeholder that guides users (and AI agents + * during `annotate`) on what to fill in. The content feeds into the + * "Application Overview" section of the generated threat model report. + */ +export function promptMdContent(project: ProjectInfo): string { + return `# ${project.name} — Project Description + + + + +## What This Application Does + + + +## Key Components + + + +## Trust Boundaries + + + +## Data Sensitivity + + + +## Deployment Context + + +`; +} + /** * Generate .mcp.json for Claude Code auto-configuration. * When committed to repo, Claude Code automatically connects to the MCP server. diff --git a/src/mcp/lookup.ts b/src/mcp/lookup.ts index 554d99c..8cd73f1 100644 --- a/src/mcp/lookup.ts +++ b/src/mcp/lookup.ts @@ -10,6 +10,7 @@ * - "flows into #engine" → data flows with target = engine * - "flows from #config" → data flows with source = config * - "unmitigated" → all unmitigated exposures + * - "confirmed" → @confirmed verified exploitable findings * - "boundary #config" → boundaries involving asset * - Free text → fuzzy match across assets, threats, controls * @@ -70,6 +71,27 @@ export function lookup(model: ThreatModel, query: string): LookupResult { return lookupUnmitigated(model, query); } + // ── "confirmed" (verified exploitable @confirmed annotations) ── + if (/^confirmed(\s|$)/.test(q)) { + return lookupConfirmed(model, query); + } + + // ── "features" ── + if (/^features?(\s|$)/.test(q)) { + const byName = new Map; description?: string }>(); + for (const f of (model.features || [])) { + const key = f.feature.toLowerCase(); + if (!byName.has(key)) { + byName.set(key, { name: f.feature, files: new Set(), description: f.description }); + } + byName.get(key)!.files.add(f.location.file); + } + const results = [...byName.values()] + .sort((a, b) => a.name.localeCompare(b.name)) + .map(v => ({ feature: v.name, files: [...v.files], description: v.description })); + return { query, type: 'features', count: results.length, results }; + } + // ── "threats for " ── const threatsFor = q.match(/^threats?\s+(?:for|targeting|on)\s+(.+)/); if (threatsFor) return lookupThreatsFor(model, query, threatsFor[1].trim(), resolve); @@ -129,6 +151,19 @@ function lookupUnmitigated(model: ThreatModel, query: string): LookupResult { return { query, type: 'unmitigated_exposures', count: results.length, results }; } +function lookupConfirmed(model: ThreatModel, query: string): LookupResult { + const results = (model.confirmed || []).map(c => ({ + asset: c.asset, + threat: c.threat, + severity: c.severity, + description: c.description, + external_refs: c.external_refs, + file: c.location.file, + line: c.location.line, + })); + return { query, type: 'confirmed_exploitable', count: results.length, results }; +} + type Resolver = (ref: string) => string[]; function lookupThreatsFor(model: ThreatModel, query: string, assetRef: string, resolve: Resolver): LookupResult { diff --git a/src/mcp/server.ts b/src/mcp/server.ts index 72b8921..f9280ba 100644 --- a/src/mcp/server.ts +++ b/src/mcp/server.ts @@ -3,7 +3,7 @@ * * Tools: * guardlink_parse — Parse annotations, return threat model - * guardlink_status — Coverage stats and unmitigated exposures + * guardlink_status — Coverage stats, unmitigated exposures, confirmed count * guardlink_validate — Syntax errors and dangling references * guardlink_suggest — Given a code diff or file, suggest annotations * guardlink_lookup — Query the threat model graph @@ -39,6 +39,7 @@ * @flows #mcp -> MCPClient via resource -- "Threat model data output" * @boundary #mcp and MCPClient (#mcp-tool-boundary) -- "Trust boundary at tool argument parsing" * @handles internal on #mcp -- "Processes project annotations and threat model data" + * @feature "MCP Integration" -- "Model Context Protocol server for AI agent tooling" */ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'; @@ -52,7 +53,7 @@ import { generateDashboardHTML } from '../dashboard/index.js'; import { diffModels, parseAtRef, formatDiffMarkdown } from '../diff/index.js'; import { lookup, type LookupQuery } from './lookup.js'; import { suggestAnnotations } from './suggest.js'; -import { generateThreatReport, listThreatReports, loadThreatReportsForDashboard, buildConfig, serializeModel, serializeModelCompact, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage, type AnalysisFramework } from '../analyze/index.js'; +import { generateThreatReport, listThreatReports, loadThreatReportsForDashboard, loadPentestData, buildConfig, serializeModel, serializeModelCompact, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage, type AnalysisFramework } from '../analyze/index.js'; import { buildAnnotatePrompt } from '../agents/prompts.js'; import { syncAgentFiles } from '../init/index.js'; import { loadWorkspaceConfig } from '../workspace/index.js'; @@ -105,22 +106,26 @@ export function createServer(): McpServer { // ── Tool: guardlink_status ── server.tool( 'guardlink_status', - 'Return coverage statistics: asset/threat/control counts, unmitigated exposures, coverage percentage', + 'Return coverage statistics: asset/threat/control counts, unmitigated exposures, @confirmed count, coverage percentage', { root: z.string().describe('Project root directory').default('.') }, async ({ root }) => { const { model } = await getModel(root); const unmitigated = findUnmitigatedExposures(model); + const uniqueFeatures = new Set((model.features || []).map(f => f.feature)); + const status = { assets: model.assets.length, threats: model.threats.length, controls: model.controls.length, mitigations: model.mitigations.length, exposures: model.exposures.length, + confirmed: (model.confirmed || []).length, acceptances: model.acceptances.length, flows: model.flows.length, boundaries: model.boundaries.length, + features: [...uniqueFeatures].sort(), unmitigated: unmitigated.map(e => ({ asset: e.asset, threat: e.threat, @@ -187,10 +192,10 @@ export function createServer(): McpServer { // ── Tool: guardlink_lookup ── server.tool( 'guardlink_lookup', - 'Query the threat model graph. Find assets, threats, controls, flows, exposures by ID or relationship. Examples: "what threats target #auth?", "flows into Scanner", "unmitigated exposures"', + 'Query the threat model graph. Find assets, threats, controls, flows, exposures by ID or relationship. Examples: "what threats target #auth?", "flows into Scanner", "unmitigated exposures", "confirmed"', { root: z.string().describe('Project root directory').default('.'), - query: z.string().describe('Natural language or structured query: asset ID, threat ID, "flows into X", "threats for X", "unmitigated", "controls for X"'), + query: z.string().describe('Natural language or structured query: asset ID, threat ID, "flows into X", "threats for X", "unmitigated", "confirmed", "controls for X"'), }, async ({ root, query }) => { const { model } = await getModel(root); @@ -326,8 +331,15 @@ export function createServer(): McpServer { if (model.annotations_parsed === 0) { return { content: [{ type: 'text', text: JSON.stringify({ error: 'No annotations found.' }) }] }; } - const { writeFile } = await import('node:fs/promises'); + const { writeFile, readFile } = await import('node:fs/promises'); const { resolve } = await import('node:path'); + + // Load project description from .guardlink/prompt.md if it exists + try { + const promptContent = await readFile(resolve(root, '.guardlink', 'prompt.md'), 'utf-8'); + if (promptContent.trim()) model.prompt = promptContent.trim(); + } catch { /* no prompt file */ } + const report = generateReport(model); await writeFile(resolve(root, output), report + '\n'); const jsonFile = output.replace(/\.md$/, '.json'); @@ -359,7 +371,8 @@ export function createServer(): McpServer { const { writeFile } = await import('node:fs/promises'); const { resolve } = await import('node:path'); const analyses = loadThreatReportsForDashboard(root); - const html = generateDashboardHTML(model, root, analyses); + const pentestData = loadPentestData(root); + const html = generateDashboardHTML(model, root, analyses, pentestData); await writeFile(resolve(root, output), html); return { content: [{ type: 'text', text: JSON.stringify({ diff --git a/src/parser/clear.ts b/src/parser/clear.ts index 416c22b..152673d 100644 --- a/src/parser/clear.ts +++ b/src/parser/clear.ts @@ -23,7 +23,7 @@ import { parseLine } from './parse-line.js'; const GUARDLINK_VERBS = new Set([ 'asset', 'threat', 'control', - 'mitigates', 'exposes', 'accepts', 'transfers', 'flows', 'boundary', + 'mitigates', 'exposes', 'confirmed', 'accepts', 'transfers', 'flows', 'boundary', 'validates', 'audit', 'owns', 'handles', 'assumes', 'comment', 'shield', 'shield:begin', 'shield:end', // v1 compat diff --git a/src/parser/feature-filter.ts b/src/parser/feature-filter.ts new file mode 100644 index 0000000..fbb2d05 --- /dev/null +++ b/src/parser/feature-filter.ts @@ -0,0 +1,133 @@ +/** + * GuardLink — Feature-based filtering. + * + * Filters a ThreatModel to only include annotations that belong to + * specific features. Feature association is determined by file-level + * proximity: if a file contains @feature "X", all annotations in + * that file are considered part of feature "X". + * + * @comment -- "Pure filtering utility; no I/O" + */ + +import type { ThreatModel } from '../types/index.js'; + +/** + * Unique feature names found in the model, sorted alphabetically. + */ +export function listFeatures(model: ThreatModel): string[] { + const names = new Set(); + for (const f of model.features) { + names.add(f.feature); + } + return [...names].sort(); +} + +/** + * Build a map of file → Set from feature annotations. + */ +function buildFileFeatureMap(model: ThreatModel): Map> { + const map = new Map>(); + for (const f of model.features) { + const file = f.location.file; + if (!map.has(file)) map.set(file, new Set()); + map.get(file)!.add(f.feature); + } + return map; +} + +/** + * Filter a ThreatModel to only annotations in files tagged with + * one or more of the given feature names. + * + * Returns a new ThreatModel with only matching annotations. + * Feature matching is case-insensitive. + */ +export function filterByFeature(model: ThreatModel, featureNames: string[]): ThreatModel { + const wantedLower = new Set(featureNames.map(n => n.toLowerCase())); + const fileFeatureMap = buildFileFeatureMap(model); + + // Determine which files match any of the requested features + const matchingFiles = new Set(); + for (const [file, features] of fileFeatureMap) { + for (const f of features) { + if (wantedLower.has(f.toLowerCase())) { + matchingFiles.add(file); + break; + } + } + } + + // Filter helper + const inFeature = (arr: T[]): T[] => + arr.filter(item => matchingFiles.has(item.location.file)); + + return { + ...model, + // Preserve metadata + annotations_parsed: model.annotations_parsed, + source_files: model.source_files, + annotated_files: model.annotated_files.filter(f => matchingFiles.has(f)), + unannotated_files: model.unannotated_files, + + // Filter each category + assets: inFeature(model.assets), + threats: inFeature(model.threats), + controls: inFeature(model.controls), + mitigations: inFeature(model.mitigations), + exposures: inFeature(model.exposures), + confirmed: inFeature(model.confirmed), + acceptances: inFeature(model.acceptances), + transfers: inFeature(model.transfers), + flows: inFeature(model.flows), + boundaries: inFeature(model.boundaries), + validations: inFeature(model.validations), + audits: inFeature(model.audits), + ownership: inFeature(model.ownership), + data_handling: inFeature(model.data_handling), + assumptions: inFeature(model.assumptions), + shields: inFeature(model.shields), + features: inFeature(model.features), + comments: inFeature(model.comments), + }; +} + +/** + * Summary of a feature: how many annotations of each type it has. + */ +export interface FeatureSummary { + name: string; + files: string[]; + annotations: number; + exposures: number; + mitigations: number; + assets: number; + threats: number; + flows: number; + confirmed: number; +} + +/** + * Get summary stats for each feature in the model. + */ +export function getFeatureSummaries(model: ThreatModel): FeatureSummary[] { + const featureNames = listFeatures(model); + return featureNames.map(name => { + const filtered = filterByFeature(model, [name]); + return { + name, + files: [...new Set(model.features.filter(f => f.feature.toLowerCase() === name.toLowerCase()).map(f => f.location.file))], + annotations: filtered.assets.length + filtered.threats.length + filtered.controls.length + + filtered.mitigations.length + filtered.exposures.length + filtered.confirmed.length + + filtered.acceptances.length + filtered.transfers.length + filtered.flows.length + + filtered.boundaries.length + filtered.validations.length + filtered.audits.length + + filtered.ownership.length + filtered.data_handling.length + filtered.assumptions.length + + filtered.features.length + filtered.comments.length + filtered.shields.length, + exposures: filtered.exposures.length, + mitigations: filtered.mitigations.length, + assets: filtered.assets.length, + threats: filtered.threats.length, + flows: filtered.flows.length, + confirmed: filtered.confirmed.length, + }; + }); +} diff --git a/src/parser/index.ts b/src/parser/index.ts index aa8f456..a72b371 100644 --- a/src/parser/index.ts +++ b/src/parser/index.ts @@ -11,3 +11,5 @@ export { stripCommentPrefix, commentStyleForExt } from './comment-strip.js'; export { findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures } from './validate.js'; export { clearAnnotations } from './clear.js'; export type { ClearAnnotationsOptions, ClearAnnotationsResult } from './clear.js'; +export { listFeatures, filterByFeature, getFeatureSummaries } from './feature-filter.js'; +export type { FeatureSummary } from './feature-filter.js'; diff --git a/src/parser/parse-line.ts b/src/parser/parse-line.ts index c205c47..8db2c92 100644 --- a/src/parser/parse-line.ts +++ b/src/parser/parse-line.ts @@ -40,6 +40,7 @@ const PATTERNS: Record = { mitigates: new RegExp(String.raw`^@mitigates\s+(${ASSET_REF})\s+against\s+(${THREAT_REF})(?:\s+using\s+(${THREAT_REF}))?(?:\s+${DESC})?$`), mitigates_v1: new RegExp(String.raw`^@mitigates\s+(${ASSET_REF})\s+against\s+(${THREAT_REF})(?:\s+with\s+(${THREAT_REF}))?(?:\s+${DESC})?$`), exposes: new RegExp(String.raw`^@exposes\s+(${ASSET_REF})\s+to\s+(${THREAT_REF})(?:\s+${SEVERITY})?${EXT_REFS_OPT}(?:\s+${DESC})?$`), + confirmed: new RegExp(String.raw`^@confirmed\s+(${THREAT_REF})\s+on\s+(${ASSET_REF})(?:\s+${SEVERITY})?${EXT_REFS_OPT}(?:\s+${DESC})?$`), accepts: new RegExp(String.raw`^@accepts\s+(${THREAT_REF})\s+on\s+(${ASSET_REF})(?:\s+${DESC})?$`), accepts_v1: new RegExp(String.raw`^@accepts\s+(${THREAT_REF})\s+to\s+(${ASSET_REF})(?:\s+${DESC})?$`), transfers: new RegExp(String.raw`^@transfers\s+(${THREAT_REF})\s+from\s+(${ASSET_REF})\s+to\s+(${ASSET_REF})(?:\s+${DESC})?$`), @@ -56,6 +57,9 @@ const PATTERNS: Record = { handles: new RegExp(String.raw`^@handles\s+(pii|phi|financial|secrets|internal|public)\s+on\s+(${ASSET_REF})(?:\s+${DESC})?$`, 'i'), assumes: new RegExp(String.raw`^@assumes\s+(${ASSET_REF})(?:\s+${DESC})?$`), + // Metadata — feature tagging + feature: new RegExp(String.raw`^@feature\s+"((?:[^"\\]|\\.)*)"(?:\s+${DESC})?$`), + // Comment — developer note, description only comment: new RegExp(String.raw`^@comment(?:\s+${DESC})?$`), @@ -152,6 +156,15 @@ export function parseLine( }); } + // ── @confirmed ── + if ((m = trimmed.match(PATTERNS.confirmed))) { + return ok({ + ...base, verb: 'confirmed', threat: resolveRef(m[1]), asset: m[2], + severity: m[3] ? resolveSeverity(m[3]) : undefined, + external_refs: extractExternalRefs(m[4]), description: desc(m[5]), + }); + } + // ── @accepts ── if ((m = trimmed.match(PATTERNS.accepts)) || (m = trimmed.match(PATTERNS.accepts_v1))) { return ok({ ...base, verb: 'accepts', threat: resolveRef(m[1]), asset: m[2], description: desc(m[3]) }); @@ -225,6 +238,11 @@ export function parseLine( return ok({ ...base, verb: 'assumes', asset: m[1], description: desc(m[2]) }); } + // ── @feature ── + if ((m = trimmed.match(PATTERNS.feature))) { + return ok({ ...base, verb: 'feature', feature: unescapeDescription(m[1]), description: desc(m[2]) }); + } + // ── @comment ── if ((m = trimmed.match(PATTERNS.comment))) { return ok({ ...base, verb: 'comment', description: desc(m[1]) }); @@ -245,9 +263,9 @@ export function parseLine( const verbMatch = trimmed.match(/^@(\S+)/); if (verbMatch) { const knownVerbs: Set = new Set([ - 'asset', 'threat', 'control', 'mitigates', 'exposes', 'accepts', + 'asset', 'threat', 'control', 'mitigates', 'exposes', 'confirmed', 'accepts', 'transfers', 'flows', 'boundary', 'validates', 'audit', 'owns', - 'handles', 'assumes', 'comment', 'shield', 'shield:begin', 'shield:end', + 'handles', 'assumes', 'feature', 'comment', 'shield', 'shield:begin', 'shield:end', // v1 compat 'review', 'connects', ]); diff --git a/src/parser/parse-project.ts b/src/parser/parse-project.ts index b891378..64bf215 100644 --- a/src/parser/parse-project.ts +++ b/src/parser/parse-project.ts @@ -16,11 +16,11 @@ import { relative } from 'node:path'; import type { Annotation, ThreatModel, ParseResult, ParseDiagnostic, AssetAnnotation, ThreatAnnotation, ControlAnnotation, - MitigatesAnnotation, ExposesAnnotation, AcceptsAnnotation, + MitigatesAnnotation, ExposesAnnotation, ConfirmedAnnotation, AcceptsAnnotation, TransfersAnnotation, FlowsAnnotation, BoundaryAnnotation, ValidatesAnnotation, AuditAnnotation, OwnsAnnotation, HandlesAnnotation, AssumesAnnotation, ShieldAnnotation, - CommentAnnotation, + FeatureAnnotation, CommentAnnotation, DataClassification, ExternalRef, AnnotationVerb, SourceLocation, } from '../types/index.js'; @@ -157,6 +157,7 @@ function assembleModel(annotations: Annotation[], fileCount: number, project: st controls: [], mitigations: [], exposures: [], + confirmed: [], acceptances: [], transfers: [], flows: [], @@ -167,6 +168,7 @@ function assembleModel(annotations: Annotation[], fileCount: number, project: st data_handling: [], assumptions: [], shields: [], + features: [], comments: [], coverage: { total_symbols: 0, @@ -229,6 +231,15 @@ function assembleModel(annotations: Annotation[], fileCount: number, project: st }); break; } + case 'confirmed': { + const cf = ann as ConfirmedAnnotation; + model.confirmed.push({ + threat: cf.threat, asset: cf.asset, severity: cf.severity, + external_refs: cf.external_refs, + description: cf.description, location: cf.location, + }); + break; + } case 'accepts': { const a = ann as AcceptsAnnotation; model.acceptances.push({ @@ -302,6 +313,14 @@ function assembleModel(annotations: Annotation[], fileCount: number, project: st }); break; } + case 'feature': { + const feat = ann as FeatureAnnotation; + model.features.push({ + feature: feat.feature, + description: feat.description, location: feat.location, + }); + break; + } case 'comment': { const c = ann as CommentAnnotation; model.comments.push({ diff --git a/src/parser/validate.ts b/src/parser/validate.ts index a850898..1de85b7 100644 --- a/src/parser/validate.ts +++ b/src/parser/validate.ts @@ -3,6 +3,9 @@ * * Extracted from cli/index.ts and tui/commands.ts to eliminate duplication * and ensure consistent validation logic across all entry points. + * + * @mitigates #parser against #tag-collision using #prefix-ownership -- "findDanglingRefs ensures #id refs resolve to definitions" + * @comment -- "@confirmed refs validated same as @exposes for asset and threat" */ import type { ThreatModel, ThreatModelExposure, ParseDiagnostic } from '../types/index.js'; @@ -46,6 +49,10 @@ export function findDanglingRefs(model: ThreatModel): ParseDiagnostic[] { checkRef(e.asset, e.location); checkRef(e.threat, e.location); } + for (const c of model.confirmed || []) { + checkRef(c.asset, c.location); + checkRef(c.threat, c.location); + } for (const a of model.acceptances) { checkRef(a.asset, a.location); checkRef(a.threat, a.location); diff --git a/src/report/index.ts b/src/report/index.ts index da559da..823ce44 100644 --- a/src/report/index.ts +++ b/src/report/index.ts @@ -7,3 +7,4 @@ export { generateMermaid } from './mermaid.js'; export { generateReport } from './report.js'; +export { generateSequenceDiagram } from './sequence.js'; diff --git a/src/report/report.ts b/src/report/report.ts index 9aba246..e13dc65 100644 --- a/src/report/report.ts +++ b/src/report/report.ts @@ -11,21 +11,12 @@ import type { ThreatModel, ThreatModelExposure, Severity } from '../types/index.js'; import { generateMermaid } from './mermaid.js'; +import { generateSequenceDiagram } from './sequence.js'; export function generateReport(model: ThreatModel): string { const lines: string[] = []; - // ── Header ── - lines.push(`# Threat Model Report — ${model.project}`); - lines.push(''); - lines.push(`> Generated: ${model.generated_at} `); - lines.push(`> Files scanned: ${model.source_files} | Annotations: ${model.annotations_parsed}`); - lines.push(''); - - // ── Executive Summary ── - lines.push('## Executive Summary'); - lines.push(''); - + // ── Pre-compute shared data ── const mitigatedPairs = new Set(); const acceptedPairs = new Set(); for (const m of model.mitigations) mitigatedPairs.add(`${m.asset}::${m.threat}`); @@ -37,6 +28,104 @@ export function generateReport(model: ThreatModel): string { }); const severityCounts = countBySeverity(unmitigated); + const hasAI = detectAI(model); + + // ── Header ── + lines.push(`# Threat Model Report — ${model.project}`); + lines.push(''); + lines.push(`> Generated: ${model.generated_at} `); + lines.push(`> Files scanned: ${model.source_files} | Annotations: ${model.annotations_parsed}`); + if (model.metadata?.guardlink_version) { + lines.push(`> GuardLink version: ${model.metadata.guardlink_version}`); + } + if (model.metadata?.commit_sha) { + lines.push(`> Commit: ${model.metadata.commit_sha}${model.metadata.branch ? ` (${model.metadata.branch})` : ''}`); + } + lines.push(''); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 1: Application Overview + // ══════════════════════════════════════════════════════════════════════ + lines.push('## Application Overview'); + lines.push(''); + emitApplicationOverview(model, unmitigated, severityCounts, hasAI, lines); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 2: Scope + // ══════════════════════════════════════════════════════════════════════ + lines.push('## Scope of This Threat Model'); + lines.push(''); + emitScope(model, lines); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 3: Architecture + // ══════════════════════════════════════════════════════════════════════ + lines.push('## Architecture'); + lines.push(''); + emitArchitecture(model, lines); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 4: Key Flows & Sequence + // ══════════════════════════════════════════════════════════════════════ + if (model.flows.length > 0) { + lines.push('## Key Flows & Sequence'); + lines.push(''); + emitKeyFlows(model, lines); + } + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 5: Data Inventory + // ══════════════════════════════════════════════════════════════════════ + if (model.data_handling.length > 0 || model.assets.length > 0) { + lines.push('## Data Inventory'); + lines.push(''); + emitDataInventory(model, hasAI, lines); + } + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 6: Roles & Access + // ══════════════════════════════════════════════════════════════════════ + lines.push('## Roles & Access'); + lines.push(''); + emitRolesAccess(model, lines); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 7: Dependencies + // ══════════════════════════════════════════════════════════════════════ + lines.push('## Dependencies'); + lines.push(''); + emitDependencies(model, lines); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 8: Secrets, Keys & Credential Management + // ══════════════════════════════════════════════════════════════════════ + lines.push('## Secrets, Keys & Credential Management'); + lines.push(''); + emitSecretsManagement(model, lines); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 9: Logging, Monitoring & Audit + // ══════════════════════════════════════════════════════════════════════ + lines.push('## Logging, Monitoring & Audit'); + lines.push(''); + emitLoggingAudit(model, lines); + + // ══════════════════════════════════════════════════════════════════════ + // SECTION 10: AI/ML System Details (conditional) + // ══════════════════════════════════════════════════════════════════════ + if (hasAI) { + lines.push('## AI/ML System Details'); + lines.push(''); + emitAIDetails(model, lines); + } + + // ══════════════════════════════════════════════════════════════════════ + // EXISTING SECTIONS: Executive Summary + Findings + // ══════════════════════════════════════════════════════════════════════ + + // ── Executive Summary ── + lines.push('## Executive Summary'); + lines.push(''); lines.push(`| Metric | Count |`); lines.push(`|--------|-------|`); @@ -46,6 +135,7 @@ export function generateReport(model: ThreatModel): string { lines.push(`| Active mitigations | ${model.mitigations.length} |`); lines.push(`| Accepted risks | ${model.acceptances.length} |`); lines.push(`| **Unmitigated exposures** | **${unmitigated.length}** |`); + if ((model.confirmed || []).length > 0) lines.push(`| **🔴 Confirmed exploitable** | **${model.confirmed.length}** |`); if (severityCounts.critical > 0) lines.push(`| ↳ Critical (P0) | ${severityCounts.critical} |`); if (severityCounts.high > 0) lines.push(`| ↳ High (P1) | ${severityCounts.high} |`); if (severityCounts.medium > 0) lines.push(`| ↳ Medium (P2) | ${severityCounts.medium} |`); @@ -68,7 +158,7 @@ export function generateReport(model: ThreatModel): string { // ── Unmitigated Exposures ── if (unmitigated.length > 0) { - lines.push('## ⚠ Unmitigated Exposures'); + lines.push('## Unmitigated Exposures'); lines.push(''); lines.push('These exposures have no matching `@mitigates` or `@accepts` and require attention.'); lines.push(''); @@ -83,9 +173,25 @@ export function generateReport(model: ThreatModel): string { lines.push(''); } + // ── Confirmed Exploitable ── + if ((model.confirmed || []).length > 0) { + lines.push('## 🔴 Confirmed Exploitable'); + lines.push(''); + lines.push('These threats have been verified through testing — **not false positives**. Immediate remediation required.'); + lines.push(''); + lines.push('| Severity | Asset | Threat | Evidence | Location |'); + lines.push('|----------|-------|--------|----------|----------|'); + for (const c of model.confirmed) { + const sev = severityBadge(c.severity); + const desc = c.description ? truncate(c.description, 60) : '—'; + lines.push(`| ${sev} | ${c.asset} | ${c.threat} | ${desc} | ${c.location.file}:${c.location.line} |`); + } + lines.push(''); + } + // ── Accepted Risks ── if (model.acceptances.length > 0) { - lines.push('## ✅ Accepted Risks'); + lines.push('## Accepted Risks'); lines.push(''); lines.push('| Asset | Threat | Rationale | Location |'); lines.push('|-------|--------|-----------|----------|'); @@ -98,7 +204,7 @@ export function generateReport(model: ThreatModel): string { // ── Active Mitigations ── if (model.mitigations.length > 0) { - lines.push('## 🛡 Active Mitigations'); + lines.push('## Active Mitigations'); lines.push(''); lines.push('| Asset | Threat | Control | Description | Location |'); lines.push('|-------|--------|---------|-------------|----------|'); @@ -112,7 +218,7 @@ export function generateReport(model: ThreatModel): string { // ── Trust Boundaries ── if (model.boundaries.length > 0) { - lines.push('## 🔒 Trust Boundaries'); + lines.push('## Trust Boundaries'); lines.push(''); lines.push('| Side A | Side B | Boundary ID | Description | Location |'); lines.push('|--------|--------|-------------|-------------|----------|'); @@ -126,7 +232,7 @@ export function generateReport(model: ThreatModel): string { // ── Data Flows ── if (model.flows.length > 0) { - lines.push('## 📊 Data Flows'); + lines.push('## Data Flows'); lines.push(''); lines.push('| Source | Target | Mechanism | Description |'); lines.push('|--------|--------|-----------|-------------|'); @@ -140,7 +246,7 @@ export function generateReport(model: ThreatModel): string { // ── Data Handling ── if (model.data_handling.length > 0) { - lines.push('## 📋 Data Classification'); + lines.push('## Data Classification'); lines.push(''); lines.push('| Asset | Classification | Description |'); lines.push('|-------|---------------|-------------|'); @@ -153,7 +259,7 @@ export function generateReport(model: ThreatModel): string { // ── Risk Transfers ── if (model.transfers.length > 0) { - lines.push('## 🔀 Risk Transfers'); + lines.push('## Risk Transfers'); lines.push(''); lines.push('| Source | Threat | Target | Description | Location |'); lines.push('|--------|--------|--------|-------------|----------|'); @@ -166,7 +272,7 @@ export function generateReport(model: ThreatModel): string { // ── Validations ── if (model.validations.length > 0) { - lines.push('## ✔ Validations'); + lines.push('## Validations'); lines.push(''); lines.push('| Control | Asset | Description | Location |'); lines.push('|---------|-------|-------------|----------|'); @@ -179,7 +285,7 @@ export function generateReport(model: ThreatModel): string { // ── Ownership ── if (model.ownership.length > 0) { - lines.push('## 👤 Ownership'); + lines.push('## Ownership'); lines.push(''); for (const o of model.ownership) { const desc = o.description ? ` — ${o.description}` : ''; @@ -190,7 +296,7 @@ export function generateReport(model: ThreatModel): string { // ── Audit Items ── if (model.audits.length > 0) { - lines.push('## 🔍 Audit Items'); + lines.push('## Audit Items'); lines.push(''); for (const a of model.audits) { const desc = a.description || 'Needs review'; @@ -201,7 +307,7 @@ export function generateReport(model: ThreatModel): string { // ── Assumptions ── if (model.assumptions.length > 0) { - lines.push('## ⚡ Assumptions'); + lines.push('## Assumptions'); lines.push(''); lines.push('These are unverified assumptions that should be periodically reviewed.'); lines.push(''); @@ -214,7 +320,7 @@ export function generateReport(model: ThreatModel): string { // ── Shielded Regions ── if (model.shields.length > 0) { - lines.push('## 🛡️ Shielded Regions'); + lines.push('## Shielded Regions'); lines.push(''); lines.push('Code regions where annotations are intentionally suppressed via `@shield`.'); lines.push(''); @@ -225,9 +331,32 @@ export function generateReport(model: ThreatModel): string { lines.push(''); } + // ── Features ── + if (model.features.length > 0) { + const uniqueFeatures = new Map; description?: string }>(); + for (const f of model.features) { + const key = f.feature.toLowerCase(); + if (!uniqueFeatures.has(key)) { + uniqueFeatures.set(key, { name: f.feature, files: new Set(), description: f.description }); + } + uniqueFeatures.get(key)!.files.add(f.location.file); + } + lines.push('## Feature Tags'); + lines.push(''); + lines.push('Annotations are tagged with the following features via `@feature`.'); + lines.push(''); + lines.push('| Feature | Files | Description |'); + lines.push('|---------|-------|-------------|'); + for (const [, entry] of [...uniqueFeatures.entries()].sort((a, b) => a[1].name.localeCompare(b[1].name))) { + const desc = entry.description ? truncate(entry.description, 60) : '—'; + lines.push(`| ${entry.name} | ${entry.files.size} | ${desc} |`); + } + lines.push(''); + } + // ── Developer Comments ── if (model.comments.length > 0) { - lines.push('## 💬 Developer Comments'); + lines.push('## Developer Comments'); lines.push(''); lines.push('Security-relevant notes left by developers via `@comment`.'); lines.push(''); @@ -240,18 +369,771 @@ export function generateReport(model: ThreatModel): string { // ── Footer ── lines.push('---'); - lines.push(`*Generated by [GuardLink](https://guardlink.bugb.io) — Security annotations for code.*`); + lines.push(`*Generated from security annotations on ${model.generated_at}.*`); return lines.join('\n'); } -// ─── Helpers ───────────────────────────────────────────────────────── +// ═══════════════════════════════════════════════════════════════════════ +// New Section Emitters +// ═══════════════════════════════════════════════════════════════════════ + +function emitApplicationOverview( + model: ThreatModel, + unmitigated: ThreatModelExposure[], + severityCounts: { critical: number; high: number; medium: number; low: number }, + hasAI: boolean, + lines: string[], +): void { + // If user provided a project description via .guardlink/prompt.md, use it + if (model.prompt) { + lines.push(model.prompt); + lines.push(''); + } else { + // Fallback: derive overview from annotations + const topLevelGroups = new Map(); + for (const a of model.assets) { + const group = a.path[0] || 'Unknown'; + if (!topLevelGroups.has(group)) topLevelGroups.set(group, []); + topLevelGroups.get(group)!.push(a.path.slice(1).join('.') || a.path[0]); + } + + lines.push(`**${model.project}** is composed of **${model.assets.length} assets** across **${model.source_files} source files** ` + + `with **${model.annotations_parsed} security annotations**.`); + lines.push(''); + + if (topLevelGroups.size > 0) { + lines.push('**Component groups:**'); + lines.push(''); + for (const [group, members] of topLevelGroups) { + lines.push(`- **${group}**: ${members.join(', ')}`); + } + lines.push(''); + } + } + + // Risk posture summary — always shown + const totalExposures = model.exposures.length; + const mitigatedCount = model.mitigations.length; + const acceptedCount = model.acceptances.length; + const coveragePct = totalExposures > 0 + ? Math.round(((mitigatedCount + acceptedCount) / totalExposures) * 100) + : 100; + + lines.push('**Risk posture at a glance:**'); + lines.push(''); + lines.push(`| Indicator | Value |`); + lines.push(`|-----------|-------|`); + lines.push(`| Exposure coverage | ${coveragePct}% addressed (${mitigatedCount} mitigated, ${acceptedCount} accepted) |`); + lines.push(`| Unmitigated exposures | ${unmitigated.length} (${severityCounts.critical} critical, ${severityCounts.high} high, ${severityCounts.medium} medium, ${severityCounts.low} low) |`); + lines.push(`| Trust boundaries | ${model.boundaries.length} |`); + lines.push(`| Data flows tracked | ${model.flows.length} |`); + if (hasAI) lines.push(`| AI/ML components | Yes |`); + lines.push(''); +} + +function emitScope(model: ThreatModel, lines: string[]): void { + // Scope intro — summarize what's modeled based on annotations + const annotatedCount = model.annotated_files.length; + const totalFiles = model.source_files; + const assetCount = model.assets.length; + const threatCount = model.threats.length; + lines.push(`This threat model covers **${assetCount} assets** and **${threatCount} threat categories** ` + + `derived from **${model.annotations_parsed} annotations** across **${annotatedCount}** of **${totalFiles}** source files.`); + lines.push(''); + + // What's in scope: annotated files / assets / threat categories + const threatCategories = [...new Set(model.threats.map(t => t.canonical_name || t.name))]; + const assetNames = model.assets.map(a => a.id ? `\`${a.id}\`` : `\`${a.path.join('.')}\``); + + lines.push('### Assets in Scope'); + lines.push(''); + if (assetNames.length > 0) { + for (const name of assetNames) { + const asset = model.assets.find(a => (a.id ? `\`${a.id}\`` : `\`${a.path.join('.')}\``) === name); + const desc = asset?.description ? ` — ${truncate(asset.description, 80)}` : ''; + lines.push(`- ${name}${desc}`); + } + } else { + lines.push('_No explicit assets defined. Consider adding `@asset` definitions._'); + } + lines.push(''); + + lines.push('### Threat Categories Addressed'); + lines.push(''); + if (threatCategories.length > 0) { + const severityMap = new Map(); + for (const t of model.threats) { + severityMap.set(t.canonical_name || t.name, t.severity || 'unset'); + } + for (const cat of threatCategories) { + const sev = severityMap.get(cat) || 'unset'; + lines.push(`- **${cat}** (${sev})`); + } + } else { + lines.push('_No explicit threats defined._'); + } + lines.push(''); + + // Coverage gaps + lines.push('### Coverage'); + lines.push(''); + const covAnnotated = model.annotated_files.length; + const covTotal = model.source_files; + const unannotatedCount = model.unannotated_files.length; + lines.push(`- **${covAnnotated}** of **${covTotal}** files have security annotations (${covTotal > 0 ? Math.round((covAnnotated / covTotal) * 100) : 0}%)`); + if (unannotatedCount > 0) { + lines.push(`- **${unannotatedCount}** files have no annotations`); + } + if (model.coverage.unannotated_critical.length > 0) { + lines.push(`- **${model.coverage.unannotated_critical.length}** unannotated security-critical symbols detected:`); + for (const sym of model.coverage.unannotated_critical.slice(0, 10)) { + lines.push(` - \`${sym.name}\` (${sym.kind}) at ${sym.file}:${sym.line}`); + } + if (model.coverage.unannotated_critical.length > 10) { + lines.push(` - ... and ${model.coverage.unannotated_critical.length - 10} more`); + } + } + lines.push(''); +} + +function emitArchitecture(model: ThreatModel, lines: string[]): void { + // ── Components ── + lines.push('### Components'); + lines.push(''); + if (model.assets.length > 0) { + lines.push('| Component | ID | Description | Defined At |'); + lines.push('|-----------|-----|-------------|------------|'); + for (const a of model.assets) { + const name = a.path.join('.'); + const id = a.id || '—'; + const desc = a.description ? truncate(a.description, 50) : '—'; + lines.push(`| ${name} | ${id} | ${desc} | ${a.location.file}:${a.location.line} |`); + } + } else { + lines.push('_No components defined via `@asset`._'); + } + lines.push(''); + + // ── Entrypoints ── + lines.push('### Entrypoints'); + lines.push(''); + // Build asset name set matching both "#id" and "id" forms + const assetNames = new Set(); + for (const a of model.assets) { + const id = a.id || a.path.join('.'); + assetNames.add(id); + assetNames.add(`#${id}`); + assetNames.add(a.path.join('.')); + assetNames.add(`#${a.path.join('.')}`); + } + + const flowTargets = new Set(model.flows.map(f => f.target)); + const flowSources = new Set(model.flows.map(f => f.source)); + + // External sources: flow sources that are NOT defined assets + const externalSources = new Set(); + for (const src of flowSources) { + if (!assetNames.has(src)) externalSources.add(src); + } + + // Entrypoints: assets that receive flows from external sources + const entrypoints = new Set(); + for (const f of model.flows) { + if (externalSources.has(f.source) && assetNames.has(f.target)) { + entrypoints.add(f.target); + } + } + + // Also: assets that appear in exposures but not as flow targets from internal sources + if (entrypoints.size === 0) { + // Fallback: assets with exposures are likely entrypoints + for (const e of model.exposures) { + if (assetNames.has(e.asset)) entrypoints.add(e.asset); + } + } + + if (entrypoints.size > 0) { + lines.push('Assets receiving external input:'); + lines.push(''); + for (const ep of entrypoints) { + const incomingFlows = model.flows.filter(f => f.target === ep && externalSources.has(f.source)); + const mechanisms = incomingFlows.map(f => `${f.source} via ${f.mechanism || 'unspecified'}`).join(', '); + lines.push(`- **${ep}**${mechanisms ? `: ${mechanisms}` : ''}`); + } + } else { + lines.push('_No explicit entrypoints identified. Add `@flows` from external sources to assets._'); + } + lines.push(''); + + // ── Callers (external entities) ── + if (externalSources.size > 0) { + lines.push('### External Callers'); + lines.push(''); + for (const src of externalSources) { + const targets = model.flows.filter(f => f.source === src).map(f => f.target); + lines.push(`- **${src}** → ${[...new Set(targets)].join(', ')}`); + } + lines.push(''); + } + + // ── Architecture Diagram ── + lines.push('### Architecture Diagram'); + lines.push(''); + lines.push('```mermaid'); + lines.push(generateMermaid(model)); + lines.push('```'); + lines.push(''); + + // ── Trust Boundaries / Network Zones ── + if (model.boundaries.length > 0) { + lines.push('### Network Zones & Trust Boundaries'); + lines.push(''); + for (const b of model.boundaries) { + const desc = b.description || b.id || 'Unnamed boundary'; + lines.push(`- **${desc}**: ${shortName(b.asset_a)} ↔ ${shortName(b.asset_b)}`); + } + lines.push(''); + } + + // ── Multi-tenancy ── + lines.push('### Multi-tenancy'); + lines.push(''); + const tenantAnnotations = [ + ...model.comments.filter(c => /tenant|multi.?tenant|isolat/i.test(c.description || '')), + ...model.assumptions.filter(a => /tenant|multi.?tenant|isolat/i.test(a.description || '')), + ]; + if (tenantAnnotations.length > 0) { + for (const a of tenantAnnotations) { + lines.push(`- ${a.description} (${a.location.file}:${a.location.line})`); + } + } else { + lines.push('_No multi-tenancy annotations found. If this is a multi-tenant application, consider adding `@comment` or `@boundary` annotations describing tenant isolation._'); + } + lines.push(''); + + // ── Compliance ── + lines.push('### Compliance'); + lines.push(''); + const complianceAnnotations = [ + ...model.comments.filter(c => /complian|gdpr|hipaa|soc|pci|iso|fedramp|ccpa/i.test(c.description || '')), + ...model.assumptions.filter(a => /complian|gdpr|hipaa|soc|pci|iso|fedramp|ccpa/i.test(a.description || '')), + ]; + const hasPII = model.data_handling.some(h => h.classification === 'pii'); + const hasPHI = model.data_handling.some(h => h.classification === 'phi'); + const hasFinancial = model.data_handling.some(h => h.classification === 'financial'); + + if (complianceAnnotations.length > 0) { + for (const a of complianceAnnotations) { + lines.push(`- ${a.description} (${a.location.file}:${a.location.line})`); + } + } + if (hasPII) lines.push('- Handles **PII** — consider GDPR, CCPA compliance requirements'); + if (hasPHI) lines.push('- Handles **PHI** — consider HIPAA compliance requirements'); + if (hasFinancial) lines.push('- Handles **Financial data** — consider PCI-DSS compliance requirements'); + if (complianceAnnotations.length === 0 && !hasPII && !hasPHI && !hasFinancial) { + lines.push('_No compliance-related annotations found._'); + } + lines.push(''); +} + +function emitKeyFlows(model: ThreatModel, lines: string[]): void { + // Group flows into chains (sequences of connected flows) + const chains = buildFlowChains(model.flows); + + // Emit sequence diagram + lines.push('### Sequence Diagram'); + lines.push(''); + lines.push('```mermaid'); + lines.push(generateSequenceDiagram(model)); + lines.push('```'); + lines.push(''); + + // Emit step-by-step for each chain + lines.push('### Flow Details'); + lines.push(''); + let chainIdx = 0; + for (const chain of chains) { + chainIdx++; + lines.push(`**Flow ${chainIdx}:** ${chain[0].source} → ${chain[chain.length - 1].target}`); + lines.push(''); + let step = 0; + for (const f of chain) { + step++; + const mech = f.mechanism ? ` via **${f.mechanism}**` : ''; + const desc = f.description ? ` — ${f.description}` : ''; + lines.push(`${step}. **${f.source}** → **${f.target}**${mech}${desc}`); + } + lines.push(''); + } +} + +function emitDataInventory(model: ThreatModel, hasAI: boolean, lines: string[]): void { + // ── Data Types ── + if (model.data_handling.length > 0) { + lines.push('### Data Types'); + lines.push(''); + const byClassification = new Map(); + for (const h of model.data_handling) { + if (!byClassification.has(h.classification)) byClassification.set(h.classification, []); + byClassification.get(h.classification)!.push(`${h.asset}${h.description ? ` (${truncate(h.description, 40)})` : ''}`); + } + for (const [cls, items] of byClassification) { + lines.push(`**${classificationBadge(cls)}:**`); + for (const item of items) { + lines.push(`- ${item}`); + } + lines.push(''); + } + } + + // ── Top Data Assets ── + lines.push('### Top Data Assets'); + lines.push(''); + // Assets that handle the most data flows + const assetFlowCount = new Map(); + for (const f of model.flows) { + assetFlowCount.set(f.target, (assetFlowCount.get(f.target) || 0) + 1); + assetFlowCount.set(f.source, (assetFlowCount.get(f.source) || 0) + 1); + } + const topDataAssets = [...assetFlowCount.entries()] + .sort((a, b) => b[1] - a[1]) + .slice(0, 10); + + if (topDataAssets.length > 0) { + lines.push('Assets by data flow volume:'); + lines.push(''); + lines.push('| Asset | Data Flows | Classifications |'); + lines.push('|-------|-----------|-----------------|'); + for (const [asset, count] of topDataAssets) { + const classes = model.data_handling + .filter(h => h.asset === asset) + .map(h => h.classification) + .join(', ') || '—'; + lines.push(`| ${asset} | ${count} | ${classes} |`); + } + lines.push(''); + } else { + lines.push('_No data flow volume data available._'); + lines.push(''); + } + + // ── AI-Specific Data Questions ── + if (hasAI) { + lines.push('### AI-Specific Data Considerations'); + lines.push(''); + const aiFlows = model.flows.filter(f => + isAIRelated(f.source) || isAIRelated(f.target), + ); + const aiHandling = model.data_handling.filter(h => isAIRelated(h.asset)); + const aiComments = model.comments.filter(c => + /prompt|model|train|inference|embed|token|llm|ai|ml/i.test(c.description || ''), + ); + + if (aiFlows.length > 0) { + lines.push('**Data flowing to/from AI components:**'); + lines.push(''); + for (const f of aiFlows) { + lines.push(`- ${f.source} → ${f.target} via ${f.mechanism || 'unspecified'}${f.description ? ` — ${f.description}` : ''}`); + } + lines.push(''); + } + + if (aiHandling.length > 0) { + lines.push('**Data classifications on AI components:**'); + lines.push(''); + for (const h of aiHandling) { + lines.push(`- ${h.asset}: ${classificationBadge(h.classification)}${h.description ? ` — ${h.description}` : ''}`); + } + lines.push(''); + } + + if (aiComments.length > 0) { + lines.push('**AI-related notes:**'); + lines.push(''); + for (const c of aiComments) { + lines.push(`- ${c.description} (${c.location.file}:${c.location.line})`); + } + lines.push(''); + } + + // Checklist + lines.push('**AI data checklist:**'); + lines.push(''); + lines.push('- [ ] Are prompts logged? If so, is PII scrubbed?'); + lines.push('- [ ] Is user data used for training/fine-tuning?'); + lines.push('- [ ] What is the data retention policy for AI inputs/outputs?'); + lines.push('- [ ] Are embeddings stored? Can they be reversed to recover source data?'); + lines.push(''); + } +} + +function emitRolesAccess(model: ThreatModel, lines: string[]): void { + // ── Owners / Internal Actors ── + if (model.ownership.length > 0) { + lines.push('### Ownership & Internal Actors'); + lines.push(''); + const byOwner = new Map(); + for (const o of model.ownership) { + if (!byOwner.has(o.owner)) byOwner.set(o.owner, []); + byOwner.get(o.owner)!.push(o.asset); + } + for (const [owner, assets] of byOwner) { + lines.push(`- **${owner}**: ${assets.join(', ')}`); + } + lines.push(''); + } + + // ── Actors from flows ── + const actors = new Set(); + const actorPattern = /user|admin|client|browser|operator|attacker|customer|tenant|role/i; + for (const f of model.flows) { + if (actorPattern.test(f.source)) actors.add(f.source); + if (actorPattern.test(f.target)) actors.add(f.target); + } + // Also check assets for actor-like patterns + for (const a of model.assets) { + const name = a.path.join('.'); + if (actorPattern.test(name)) actors.add(a.id || name); + } + + if (actors.size > 0) { + lines.push('### Customer / External Roles'); + lines.push(''); + for (const actor of actors) { + const flows = model.flows.filter(f => f.source === actor || f.target === actor); + const interacts = [...new Set(flows.map(f => f.source === actor ? f.target : f.source))]; + lines.push(`- **${actor}** interacts with: ${interacts.join(', ') || '—'}`); + } + lines.push(''); + } + + // ── Cross-Tenant Gut Check ── + lines.push('### Cross-Tenant Gut Check'); + lines.push(''); + const boundaryCount = model.boundaries.length; + const hasTenantBoundaries = model.boundaries.some(b => + /tenant|isolat/i.test(b.description || '') || /tenant|isolat/i.test(b.id || ''), + ); + if (hasTenantBoundaries) { + lines.push('Tenant isolation boundaries are defined:'); + lines.push(''); + for (const b of model.boundaries.filter(b => /tenant|isolat/i.test(b.description || '') || /tenant|isolat/i.test(b.id || ''))) { + lines.push(`- ${b.description || b.id} (${b.asset_a} ↔ ${b.asset_b})`); + } + } else if (boundaryCount > 0) { + lines.push(`${boundaryCount} trust boundaries defined, but none explicitly mention tenant isolation. If this is multi-tenant, verify that cross-tenant data access is prevented at each boundary.`); + } else { + lines.push('_No trust boundaries defined. If multi-tenant, add `@boundary` annotations to document tenant isolation._'); + } + lines.push(''); +} + +function emitDependencies(model: ThreatModel, lines: string[]): void { + // Build asset ID set that matches both "#id" and "id" forms used in flows + const assetIds = new Set(); + for (const a of model.assets) { + const id = a.id || a.path.join('.'); + assetIds.add(id); + assetIds.add(`#${id}`); + // Also add the dotted path form + const path = a.path.join('.'); + assetIds.add(path); + assetIds.add(`#${path}`); + } + + // ── Internal services: assets that are flow targets from other assets ── + lines.push('### Internal Services'); + lines.push(''); + const internalDeps = new Set(); + for (const f of model.flows) { + if (assetIds.has(f.source) && assetIds.has(f.target) && f.source !== f.target) { + internalDeps.add(`${f.source} → ${f.target}`); + } + } + if (internalDeps.size > 0) { + for (const dep of internalDeps) { + lines.push(`- ${dep}`); + } + } else { + lines.push('_No internal service dependencies detected from flows._'); + } + lines.push(''); + + // ── External / Cloud / AI Vendors ── + lines.push('### External & Cloud Dependencies'); + lines.push(''); + const externalNodes = new Set(); + for (const f of model.flows) { + if (!assetIds.has(f.source)) externalNodes.add(f.source); + if (!assetIds.has(f.target)) externalNodes.add(f.target); + } + // Also from transfers + for (const t of model.transfers) { + if (!assetIds.has(t.target)) externalNodes.add(t.target); + if (!assetIds.has(t.source)) externalNodes.add(t.source); + } + // Also external_refs + if (model.external_refs) { + for (const ref of model.external_refs) { + if (ref.inferred_repo) externalNodes.add(ref.inferred_repo); + } + } + + if (externalNodes.size > 0) { + const aiVendors: string[] = []; + const cloudVendors: string[] = []; + const otherVendors: string[] = []; + for (const node of externalNodes) { + if (isAIRelated(node)) { + aiVendors.push(node); + } else if (/aws|gcp|azure|cloud|s3|lambda|cdn|redis|postgres|mysql|mongo|kafka|rabbit|elastic/i.test(node)) { + cloudVendors.push(node); + } else { + otherVendors.push(node); + } + } + if (aiVendors.length > 0) { + lines.push('**AI/ML Vendors:**'); + for (const v of aiVendors) lines.push(`- ${v}`); + lines.push(''); + } + if (cloudVendors.length > 0) { + lines.push('**Cloud/Infrastructure:**'); + for (const v of cloudVendors) lines.push(`- ${v}`); + lines.push(''); + } + if (otherVendors.length > 0) { + lines.push('**Other External:**'); + for (const v of otherVendors) lines.push(`- ${v}`); + lines.push(''); + } + } else { + lines.push('_No external dependencies detected from flows or transfers._'); + lines.push(''); + } + + // Risk transfers to external parties + if (model.transfers.length > 0) { + lines.push('### Risk Transfers to Dependencies'); + lines.push(''); + for (const t of model.transfers) { + lines.push(`- **${t.threat}** transferred from ${t.source} → ${t.target}${t.description ? ` — ${t.description}` : ''}`); + } + lines.push(''); + } +} + +function emitSecretsManagement(model: ThreatModel, lines: string[]): void { + // ── Secret Inventory ── + const secretHandling = model.data_handling.filter(h => h.classification === 'secrets'); + const keyExposures = model.exposures.filter(e => + /key|secret|cred|token|password|api.?key/i.test(e.threat) || + /key|secret|cred|token|password|api.?key/i.test(e.description || ''), + ); + const keyMitigations = model.mitigations.filter(m => + /key|secret|cred|token|password|api.?key|redact|encrypt/i.test(m.control || '') || + /key|secret|cred|token|password|api.?key/i.test(m.description || ''), + ); + const keyComments = model.comments.filter(c => + /key|secret|cred|token|password|api.?key|rotat|vault|kms/i.test(c.description || ''), + ); + + lines.push('### Secret Inventory'); + lines.push(''); + if (secretHandling.length > 0) { + lines.push('| Asset | Description | Location |'); + lines.push('|-------|-------------|----------|'); + for (const h of secretHandling) { + lines.push(`| ${h.asset} | ${h.description || '—'} | ${h.location.file}:${h.location.line} |`); + } + lines.push(''); + } else { + lines.push('_No assets classified as `secrets` via `@handles`. Consider adding `@handles secrets on ` annotations._'); + lines.push(''); + } + + // ── Leak Impact ── + lines.push('### Leak Impact Analysis'); + lines.push(''); + if (keyExposures.length > 0) { + lines.push('Key/credential-related exposures:'); + lines.push(''); + for (const e of keyExposures) { + lines.push(`- ${severityBadge(e.severity)} **${e.asset}** exposed to **${e.threat}**${e.description ? ` — ${e.description}` : ''} (${e.location.file}:${e.location.line})`); + } + lines.push(''); + } + if (keyMitigations.length > 0) { + lines.push('Active credential protections:'); + lines.push(''); + for (const m of keyMitigations) { + lines.push(`- **${m.control || 'control'}** on ${m.asset}${m.description ? ` — ${m.description}` : ''}`); + } + lines.push(''); + } + if (keyExposures.length === 0 && keyMitigations.length === 0) { + lines.push('_No credential-related exposures or mitigations found._'); + lines.push(''); + } + + // ── Rotation Strategy ── + lines.push('### Rotation Strategy'); + lines.push(''); + if (keyComments.length > 0) { + for (const c of keyComments) { + lines.push(`- ${c.description} (${c.location.file}:${c.location.line})`); + } + } else { + lines.push('_No rotation strategy documented. Consider adding `@comment` annotations describing key rotation policies._'); + } + lines.push(''); +} + +function emitLoggingAudit(model: ThreatModel, lines: string[]): void { + // ── What's Logged ── + const loggingComments = model.comments.filter(c => + /log|audit|trace|monitor|alert|metric|observ/i.test(c.description || ''), + ); + + lines.push('### Logging & Observability'); + lines.push(''); + if (loggingComments.length > 0) { + for (const c of loggingComments) { + lines.push(`- ${c.description} (${c.location.file}:${c.location.line})`); + } + } else { + lines.push('_No logging-related annotations found. Consider documenting what security events are logged._'); + } + lines.push(''); + + // ── Incident Reconstruction ── + lines.push('### Incident Reconstruction'); + lines.push(''); + if (model.audits.length > 0) { + lines.push(`**${model.audits.length} audit items** flagged for review:`); + lines.push(''); + for (const a of model.audits.slice(0, 10)) { + lines.push(`- **${a.asset}**: ${a.description || 'Needs review'} (${a.location.file}:${a.location.line})`); + } + if (model.audits.length > 10) { + lines.push(`- ... and ${model.audits.length - 10} more (see Audit Items section)`); + } + } else { + lines.push('_No `@audit` items. Consider flagging security-critical code paths for review._'); + } + lines.push(''); + + // ── Alerting ── + lines.push('### Alerting'); + lines.push(''); + const alertComments = model.comments.filter(c => + /alert|page|notify|incident|on.?call/i.test(c.description || ''), + ); + if (alertComments.length > 0) { + for (const c of alertComments) { + lines.push(`- ${c.description} (${c.location.file}:${c.location.line})`); + } + } else { + lines.push('_No alerting annotations found. Consider documenting alerting strategies via `@comment`._'); + } + lines.push(''); +} + +function emitAIDetails(model: ThreatModel, lines: string[]): void { + // ── Model Inventory ── + const aiAssets = model.assets.filter(a => isAIRelated(a.id || a.path.join('.'))); + const aiExposures = model.exposures.filter(e => + isAIRelated(e.asset) || /prompt.?inject|model|adversarial/i.test(e.threat), + ); + const aiMitigations = model.mitigations.filter(m => + isAIRelated(m.asset) || /prompt.?inject|model|adversarial/i.test(m.threat), + ); + const aiComments = model.comments.filter(c => + /prompt|model|llm|ai|ml|inference|embed|token|train|fine.?tun|rag|vector/i.test(c.description || ''), + ); + + lines.push('### Model Inventory'); + lines.push(''); + if (aiAssets.length > 0) { + lines.push('| Component | ID | Description |'); + lines.push('|-----------|-----|-------------|'); + for (const a of aiAssets) { + lines.push(`| ${a.path.join('.')} | ${a.id || '—'} | ${a.description || '—'} |`); + } + } else { + lines.push('_AI usage detected in annotations but no AI-specific assets defined._'); + } + lines.push(''); + + // ── Safety Guardrails ── + lines.push('### Safety Guardrails'); + lines.push(''); + if (aiMitigations.length > 0) { + for (const m of aiMitigations) { + lines.push(`- **${m.control || 'control'}** on ${m.asset} against ${m.threat}${m.description ? ` — ${m.description}` : ''}`); + } + } else { + lines.push('_No AI-specific mitigations found._'); + } + lines.push(''); + + // ── Prompt Injection Handling ── + lines.push('### Prompt Injection Handling'); + lines.push(''); + const promptInjectionExposures = aiExposures.filter(e => + /prompt.?inject/i.test(e.threat), + ); + const promptInjectionMitigations = aiMitigations.filter(m => + /prompt.?inject/i.test(m.threat), + ); + if (promptInjectionExposures.length > 0 || promptInjectionMitigations.length > 0) { + if (promptInjectionExposures.length > 0) { + lines.push('**Exposures:**'); + for (const e of promptInjectionExposures) { + lines.push(`- ${severityBadge(e.severity)} ${e.asset}${e.description ? ` — ${e.description}` : ''} (${e.location.file}:${e.location.line})`); + } + lines.push(''); + } + if (promptInjectionMitigations.length > 0) { + lines.push('**Mitigations:**'); + for (const m of promptInjectionMitigations) { + lines.push(`- ${m.control || 'control'} on ${m.asset}${m.description ? ` — ${m.description}` : ''}`); + } + lines.push(''); + } + } else { + lines.push('_No prompt injection exposures or mitigations documented._'); + lines.push(''); + } + + // ── Data Retention ── + lines.push('### Data Retention & AI Notes'); + lines.push(''); + if (aiComments.length > 0) { + for (const c of aiComments) { + lines.push(`- ${c.description} (${c.location.file}:${c.location.line})`); + } + } else { + lines.push('_No AI data retention notes found. Consider documenting prompt logging, training data handling, and model output storage._'); + } + lines.push(''); +} + +// ═══════════════════════════════════════════════════════════════════════ +// Helpers +// ═══════════════════════════════════════════════════════════════════════ function truncate(s: string, max: number): string { if (s.length <= max) return s; return s.slice(0, max - 1) + '…'; } +function shortName(s: string): string { + if (s.startsWith('#')) return s.slice(1); + return s.split('.').pop() || s; +} + const SEVERITY_ORDER: Record = { critical: 0, high: 1, medium: 2, low: 3 }; function severityBadge(sev?: Severity): string { @@ -293,3 +1175,82 @@ function countBySeverity(exposures: ThreatModelExposure[]): { critical: number; } return counts; } + +/** Detect if the project uses AI/ML based on annotations */ +function detectAI(model: ThreatModel): boolean { + // Strict patterns — avoid false positives from "model" (data model), "token" (auth token), etc. + const aiAssetPattern = /\bllm\b|(?:^|\W)ai(?:\W|$)|\bml\b|\binference\b|\bembed(?:ding)?\b|\bopenai\b|\banthropic\b|\bgpt\b|\bclaude\b|\bgemini\b|\brag\b|\bvector.?(?:db|store)\b|\bneural\b/i; + const aiFlowPattern = /\bllm\b|\bopenai\b|\banthropic\b|\bgpt\b|\bclaude\b|\bgemini\b|\binference\b|\bembed(?:ding)?\b|\brag\b|\bvector.?(?:db|store)\b|\bchat.?completion\b/i; + + for (const a of model.assets) { + if (aiAssetPattern.test(a.id || '') || aiAssetPattern.test(a.path.join('.'))) return true; + if (aiAssetPattern.test(a.description || '')) return true; + } + for (const t of model.threats) { + if (/prompt.?inject/i.test(t.name) || /prompt.?inject/i.test(t.canonical_name)) return true; + } + for (const f of model.flows) { + if (aiFlowPattern.test(f.source) || aiFlowPattern.test(f.target)) return true; + if (aiFlowPattern.test(f.mechanism || '')) return true; + } + return false; +} + +/** Check if a name is AI-related (strict) */ +function isAIRelated(name: string): boolean { + return /\bllm\b|\bopenai\b|\banthropic\b|\bgpt\b|\bclaude\b|\bgemini\b|\binference\b|\bembed(?:ding)?\b|\brag\b|\bvector.?(?:db|store)\b|\bneural\b|\bchat.?completion\b/i.test(name); +} + + +/** Build connected flow chains from individual flow edges */ +function buildFlowChains(flows: ThreatModel['flows']): ThreatModel['flows'][] { + if (flows.length === 0) return []; + + // Build adjacency: source -> list of flows + const adj = new Map(); + for (const f of flows) { + if (!adj.has(f.source)) adj.set(f.source, []); + adj.get(f.source)!.push(f); + } + + // Find chain starting points: sources that are not targets of other flows + const allTargets = new Set(flows.map(f => f.target)); + const startNodes = new Set(); + for (const f of flows) { + if (!allTargets.has(f.source)) startNodes.add(f.source); + } + // If no clear start points, use all sources + if (startNodes.size === 0) { + for (const f of flows) startNodes.add(f.source); + } + + const visited = new Set(); + const chains: typeof flows[] = []; + + for (const start of startNodes) { + if (visited.has(start)) continue; + const chain: typeof flows[number][] = []; + let current = start; + const chainVisited = new Set(); + + while (adj.has(current) && !chainVisited.has(current)) { + chainVisited.add(current); + visited.add(current); + const nextFlows = adj.get(current)!; + const next = nextFlows[0]; // Take first path + chain.push(next); + current = next.target; + } + + if (chain.length > 0) chains.push(chain); + } + + // Add any isolated flows not in chains + const chainedFlows = new Set(chains.flat().map(f => `${f.source}::${f.target}`)); + const isolated = flows.filter(f => !chainedFlows.has(`${f.source}::${f.target}`)); + for (const f of isolated) { + chains.push([f]); + } + + return chains; +} diff --git a/src/report/sequence.ts b/src/report/sequence.ts new file mode 100644 index 0000000..8bc222b --- /dev/null +++ b/src/report/sequence.ts @@ -0,0 +1,165 @@ +/** + * GuardLink Report — Mermaid sequence diagram generator. + * Builds a sequence diagram from @flows annotations showing + * the step-by-step interactions between system participants. + * + * @comment -- "Pure function: transforms ThreatModel flows to Mermaid sequence diagram" + * @flows ThreatModel -> #report via generateSequenceDiagram -- "Sequence diagram generation" + */ + +import type { ThreatModel } from '../types/index.js'; + +/** Sanitize participant name for Mermaid sequence diagrams */ +function participantId(name: string): string { + return name.replace(/[^a-zA-Z0-9_]/g, '_'); +} + +/** Short display name */ +function displayName(s: string): string { + if (s.startsWith('#')) return s.slice(1); + return s.split('.').pop() || s; +} + +/** Escape for Mermaid labels */ +function esc(s: string): string { + return s.replace(/"/g, "'").replace(/\n/g, ' '); +} + +/** Truncate */ +function trunc(s: string, max = 40): string { + return s.length <= max ? s : s.slice(0, max - 1) + '…'; +} + +export function generateSequenceDiagram(model: ThreatModel): string { + const lines: string[] = []; + lines.push('sequenceDiagram'); + + if (model.flows.length === 0) { + lines.push(' Note over System: No data flows annotated'); + return lines.join('\n'); + } + + // Collect all participants in order of first appearance + const participantOrder: string[] = []; + const seen = new Set(); + for (const f of model.flows) { + if (!seen.has(f.source)) { + seen.add(f.source); + participantOrder.push(f.source); + } + if (!seen.has(f.target)) { + seen.add(f.target); + participantOrder.push(f.target); + } + } + + // Classify participants for styling + const assetIds = new Set(model.assets.map(a => a.id || a.path.join('.'))); + const actorPattern = /user|browser|client|external|attacker|customer|operator/i; + const dataStorePattern = /db|database|store|cache|file|credential|config|secret|storage|filesystem/i; + + // Emit participants with appropriate types + for (const p of participantOrder) { + const id = participantId(p); + const name = displayName(p); + const lower = name.toLowerCase(); + + if (actorPattern.test(lower)) { + lines.push(` actor ${id} as ${esc(name)}`); + } else if (dataStorePattern.test(lower)) { + lines.push(` participant ${id} as ${esc(name)} [DB]`); + } else { + lines.push(` participant ${id} as ${esc(name)}`); + } + } + + lines.push(''); + + // Group flows by chains for better visual grouping + // First, check if we can identify logical groups from the flow descriptions + const flowGroups = groupFlowsByContext(model.flows); + + for (const group of flowGroups) { + // Add activation boxes for flow groups > 1 + if (group.label && flowGroups.length > 1) { + lines.push(` rect rgb(240, 248, 255)`); + lines.push(` Note right of ${participantId(group.flows[0].source)}: ${esc(trunc(group.label, 30))}`); + } + + for (const f of group.flows) { + const src = participantId(f.source); + const tgt = participantId(f.target); + const label = f.mechanism + ? trunc(f.mechanism, 35) + : f.description + ? trunc(f.description, 35) + : ''; + + // Use different arrow types + if (label) { + lines.push(` ${src}->>+${tgt}: ${esc(label)}`); + } else { + lines.push(` ${src}->>+${tgt}: data`); + } + + // Check if there's a return flow (target -> source) + const returnFlow = model.flows.find(rf => + rf.source === f.target && rf.target === f.source && rf !== f, + ); + if (returnFlow) { + const retLabel = returnFlow.mechanism + ? trunc(returnFlow.mechanism, 35) + : returnFlow.description + ? trunc(returnFlow.description, 35) + : 'response'; + lines.push(` ${tgt}-->>-${src}: ${esc(retLabel)}`); + } else { + lines.push(` deactivate ${tgt}`); + } + } + + if (group.label && flowGroups.length > 1) { + lines.push(` end`); + } + } + + return lines.join('\n'); +} + +interface FlowGroup { + label: string; + flows: ThreatModel['flows']; +} + +/** Group related flows together for visual clarity */ +function groupFlowsByContext(flows: ThreatModel['flows']): FlowGroup[] { + // Try to group flows that share the same source or form a chain + if (flows.length <= 5) { + // Small number of flows — just one group + return [{ label: '', flows }]; + } + + // Group by starting source (external entity) + const allTargets = new Set(flows.map(f => f.target)); + const bySource = new Map(); + + for (const f of flows) { + // Find root source for this flow + const root = !allTargets.has(f.source) ? f.source : f.source; + if (!bySource.has(root)) bySource.set(root, []); + bySource.get(root)!.push(f); + } + + // If grouping resulted in reasonable groups, use them + const groups: FlowGroup[] = []; + for (const [source, groupFlows] of bySource) { + if (groupFlows.length > 0) { + groups.push({ + label: displayName(source), + flows: groupFlows, + }); + } + } + + return groups.length > 1 ? groups : [{ label: '', flows }]; +} diff --git a/src/tui/commands.ts b/src/tui/commands.ts index 5fed1a6..d74c820 100644 --- a/src/tui/commands.ts +++ b/src/tui/commands.ts @@ -23,12 +23,12 @@ import { resolve, basename, isAbsolute } from 'node:path'; import { readFileSync, existsSync, writeFileSync, mkdirSync } from 'node:fs'; -import { parseProject, findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures, clearAnnotations } from '../parser/index.js'; +import { parseProject, findDanglingRefs, findUnmitigatedExposures, findAcceptedWithoutAudit, findAcceptedExposures, clearAnnotations, listFeatures, filterByFeature, getFeatureSummaries } from '../parser/index.js'; import { initProject, detectProject, promptAgentSelection, syncAgentFiles } from '../init/index.js'; import { generateReport, generateMermaid } from '../report/index.js'; import { generateDashboardHTML } from '../dashboard/index.js'; import { computeStats, computeSeverity, computeExposures } from '../dashboard/data.js'; -import { generateThreatReport, serializeModel, listThreatReports, loadThreatReportsForDashboard, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage, buildProjectContext, extractCodeSnippets, type AnalysisFramework } from '../analyze/index.js'; +import { generateThreatReport, serializeModel, listThreatReports, loadThreatReportsForDashboard, loadPentestData, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage, buildProjectContext, extractCodeSnippets, type AnalysisFramework } from '../analyze/index.js'; import { diffModels, formatDiff, parseAtRef } from '../diff/index.js'; import { generateSarif } from '../analyzer/index.js'; import type { ThreatModel, ParseDiagnostic, ThreatModelExposure } from '../types/index.js'; @@ -129,6 +129,7 @@ export function cmdHelp(): void { ['/workspace', 'Show workspace config and linked repos'], ['/link ', 'Link repos into a workspace (--add / --remove)'], ['/merge ', 'Merge report JSONs into unified dashboard'], + ['/feature [name]', 'List all features or show detail for one'], ['', ''], ['/gal', 'GAL annotation language guide'], ['/help', 'This help'], @@ -268,6 +269,18 @@ export function cmdGal(): void { console.log(EX(' // @assumes api.gateway -- "Upstream WAF filters malformed requests"')); console.log(''); + // ── FEATURE TAGGING ────────────────────────────────────────────── + console.log(H(' ── Feature Tagging ─────────────────────────────────────────')); + console.log(''); + + console.log(` ${V('@feature')} ${K('"Feature Name"')} ${D('[-- "description"]')}`); + console.log(D(' Tag code with a feature name for filtering reports and dashboards.')); + console.log(D(' A file can have multiple @feature tags. All annotations in that file')); + console.log(D(' are associated with the tagged features.')); + console.log(EX(' // @feature "SSO Login" -- "Single sign-on authentication flow"')); + console.log(EX(' // @feature "Payment Processing"')); + console.log(''); + console.log(` ${V('@comment')} ${D('[-- "description"]')}`); console.log(D(' Free-form developer security note (no structural effect).')); console.log(EX(' // @comment -- "TODO — add rate limiting before v2 launch"')); @@ -1841,7 +1854,8 @@ export async function cmdDashboard(ctx: TuiContext): Promise { } const analyses = loadThreatReportsForDashboard(ctx.root); - const html = generateDashboardHTML(ctx.model, ctx.root, analyses); + const pentestData = loadPentestData(ctx.root); + const html = generateDashboardHTML(ctx.model, ctx.root, analyses, pentestData); const outFile = resolve(ctx.root, 'threat-dashboard.html'); const { writeFile } = await import('node:fs/promises'); await writeFile(outFile, html); @@ -1886,6 +1900,77 @@ export function cmdWorkspace(ctx: TuiContext): void { console.log(''); } +// ─── /feature ──────────────────────────────────────────────────────── + +export function cmdFeature(args: string, ctx: TuiContext): void { + if (!ctx.model) { + console.log(C.warn(' No threat model. Run /parse first.')); + return; + } + + const features = listFeatures(ctx.model); + if (features.length === 0) { + console.log(' No @feature annotations found.'); + console.log(C.dim(' Tag code with: // @feature "Feature Name" -- "description"')); + console.log(''); + return; + } + + const name = args.trim(); + if (name) { + // Show detail for specific feature + const filtered = filterByFeature(ctx.model, [name]); + const total = filtered.assets.length + filtered.threats.length + + filtered.controls.length + filtered.mitigations.length + filtered.exposures.length + + filtered.confirmed.length + filtered.flows.length + filtered.boundaries.length; + + if (total === 0) { + console.log(C.warn(` No annotations found for feature "${name}".`)); + console.log(` Available: ${features.map(f => `"${f}"`).join(', ')}`); + console.log(''); + return; + } + + console.log(` Feature: ${C.bold(`"${name}"`)}`); + console.log(''); + console.log(` Assets: ${filtered.assets.length}`); + console.log(` Threats: ${filtered.threats.length}`); + console.log(` Controls: ${filtered.controls.length}`); + console.log(` Mitigations: ${filtered.mitigations.length}`); + console.log(` Exposures: ${filtered.exposures.length}`); + if (filtered.confirmed.length > 0) console.log(` Confirmed: ${filtered.confirmed.length} 🔴`); + console.log(` Flows: ${filtered.flows.length}`); + console.log(` Boundaries: ${filtered.boundaries.length}`); + + if (filtered.exposures.length > 0) { + console.log(''); + console.log(` ${C.bold('Exposures:')}`); + for (const e of filtered.exposures) { + console.log(` ${e.asset} → ${e.threat} ${severityBadge(e.severity || 'unset')} (${fileLink(e.location.file, e.location.line)})`); + } + } + console.log(''); + return; + } + + // List all features + const summaries = getFeatureSummaries(ctx.model); + console.log(` ${C.bold('Features:')}`); + console.log(''); + for (const s of summaries) { + const files = s.files.length === 1 ? '1 file' : `${s.files.length} files`; + const exposureInfo = s.exposures > 0 ? C.red(` | ${s.exposures} exposure(s)`) : ''; + const confirmedInfo = s.confirmed > 0 ? C.red(` | ${s.confirmed} confirmed`) : ''; + console.log(` ${C.cyan(`"${s.name}"`)} (${files}, ${s.annotations} annotations${exposureInfo}${confirmedInfo})`); + for (const f of s.files) { + console.log(` → ${C.dim(f)}`); + } + } + console.log(''); + console.log(C.dim(` ${features.length} feature(s) total. Use /feature for detail.`)); + console.log(''); +} + // ─── /link ─────────────────────────────────────────────────────────── export async function cmdLink(args: string, ctx: TuiContext): Promise { diff --git a/src/tui/index.ts b/src/tui/index.ts index b733d53..8073a9e 100644 --- a/src/tui/index.ts +++ b/src/tui/index.ts @@ -56,6 +56,7 @@ import { cmdWorkspace, cmdLink, cmdMerge, + cmdFeature, } from './commands.js'; // ─── Command registry ──────────────────────────────────────────────── @@ -67,7 +68,7 @@ const COMMANDS = [ '/assets', '/files', '/view', '/threat-report', '/threat-reports', '/annotate', '/model', '/clear', '/sync', '/unannotated', '/review', - '/report', '/dashboard', + '/report', '/dashboard', '/feature', '/workspace', '/link', '/merge', '/quit', ]; @@ -109,6 +110,7 @@ const PALETTE_COMMANDS: CommandEntry[] = [ { command: '/workspace', label: 'Show workspace config and linked repos' }, { command: '/link', label: 'Link repos into workspace (--add / --remove)' }, { command: '/merge', label: 'Merge report JSONs into unified dashboard' }, + { command: '/feature', label: 'List features or show detail for one' }, { command: '/gal', label: 'GAL annotation language guide' }, { command: '/help', label: 'Show all commands' }, { command: '/quit', label: 'Exit GuardLink CLI', aliases: ['/exit', '/q'] }, @@ -323,6 +325,7 @@ function printCommandList(): void { ['/workspace', 'Workspace config + linked repos'], ['/link', 'Link repos (--add / --remove)'], ['/merge', 'Merge report JSONs'], + ['/feature', 'List features / show detail'], ['/gal', 'GAL annotation guide'], ['/help', 'Full help'], ['/quit', 'Exit GuardLink CLI'], @@ -387,6 +390,7 @@ async function dispatch(input: string, ctx: TuiContext): Promise { case '/workspace': cmdWorkspace(ctx); break; case '/link': await cmdLink(args, ctx); break; case '/merge': await cmdMerge(args, ctx); break; + case '/feature': cmdFeature(args, ctx); break; default: // Fuzzy match const matches = COMMANDS.filter(c => c.startsWith(cmd)); diff --git a/src/types/index.ts b/src/types/index.ts index b3b7e8e..8a6c469 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -16,8 +16,12 @@ export type AnnotationVerb = | 'asset' | 'threat' | 'control' // Relationship | 'mitigates' | 'exposes' | 'accepts' | 'transfers' | 'flows' | 'boundary' + // Evidence + | 'confirmed' // Lifecycle | 'validates' | 'audit' | 'owns' | 'handles' | 'assumes' + // Metadata + | 'feature' // Special | 'comment' | 'shield' | 'shield:begin' | 'shield:end'; @@ -76,6 +80,14 @@ export interface ExposesAnnotation extends BaseAnnotation { external_refs: string[]; } +export interface ConfirmedAnnotation extends BaseAnnotation { + verb: 'confirmed'; + threat: string; + asset: string; + severity?: Severity; + external_refs: string[]; +} + export interface AcceptsAnnotation extends BaseAnnotation { verb: 'accepts'; threat: string; @@ -135,6 +147,11 @@ export interface ShieldAnnotation extends BaseAnnotation { verb: 'shield' | 'shield:begin' | 'shield:end'; } +export interface FeatureAnnotation extends BaseAnnotation { + verb: 'feature'; + feature: string; +} + export interface CommentAnnotation extends BaseAnnotation { verb: 'comment'; } @@ -145,6 +162,7 @@ export type Annotation = | ControlAnnotation | MitigatesAnnotation | ExposesAnnotation + | ConfirmedAnnotation | AcceptsAnnotation | TransfersAnnotation | FlowsAnnotation @@ -154,6 +172,7 @@ export type Annotation = | OwnsAnnotation | HandlesAnnotation | AssumesAnnotation + | FeatureAnnotation | CommentAnnotation | ShieldAnnotation; @@ -215,11 +234,15 @@ export interface ThreatModel { /** Cross-repo tag references detected during parsing */ external_refs?: ExternalRef[]; + /** User-provided project description / threat model prompt (from .guardlink/prompt.md) */ + prompt?: string; + assets: ThreatModelAsset[]; threats: ThreatModelThreat[]; controls: ThreatModelControl[]; mitigations: ThreatModelMitigation[]; exposures: ThreatModelExposure[]; + confirmed: ThreatModelConfirmed[]; acceptances: ThreatModelAcceptance[]; transfers: ThreatModelTransfer[]; flows: ThreatModelFlow[]; @@ -230,6 +253,7 @@ export interface ThreatModel { data_handling: ThreatModelDataHandling[]; assumptions: ThreatModelAssumption[]; shields: ThreatModelShield[]; + features: ThreatModelFeature[]; comments: ThreatModelComment[]; coverage: CoverageStats; @@ -277,6 +301,15 @@ export interface ThreatModelExposure { location: SourceLocation; } +export interface ThreatModelConfirmed { + threat: string; + asset: string; + severity?: Severity; + external_refs: string[]; + description?: string; + location: SourceLocation; +} + export interface ThreatModelAcceptance { threat: string; asset: string; @@ -346,6 +379,12 @@ export interface ThreatModelShield { location: SourceLocation; } +export interface ThreatModelFeature { + feature: string; + description?: string; + location: SourceLocation; +} + export interface ThreatModelComment { description?: string; location: SourceLocation; diff --git a/src/workspace/merge.ts b/src/workspace/merge.ts index 0c7befb..7d393e0 100644 --- a/src/workspace/merge.ts +++ b/src/workspace/merge.ts @@ -413,6 +413,7 @@ export function combineModels(reports: LoadedReport[]): ThreatModel { controls: [], mitigations: [], exposures: [], + confirmed: [], acceptances: [], transfers: [], flows: [], @@ -423,6 +424,7 @@ export function combineModels(reports: LoadedReport[]): ThreatModel { data_handling: [], assumptions: [], shields: [], + features: [], comments: [], coverage: { total_symbols: 0, annotated_symbols: 0, coverage_percent: 0, unannotated_critical: [] }, }; @@ -453,6 +455,7 @@ export function combineModels(reports: LoadedReport[]): ThreatModel { // Relationships: keep all (no dedup — cross-repo relationships are valuable) combined.mitigations.push(...prefixAll(m.mitigations, repo)); combined.exposures.push(...prefixAll(m.exposures, repo)); + combined.confirmed.push(...prefixAll(m.confirmed || [], repo)); combined.acceptances.push(...prefixAll(m.acceptances, repo)); combined.transfers.push(...prefixAll(m.transfers, repo)); combined.flows.push(...prefixAll(m.flows, repo)); @@ -463,6 +466,7 @@ export function combineModels(reports: LoadedReport[]): ThreatModel { combined.data_handling.push(...prefixAll(m.data_handling, repo)); combined.assumptions.push(...prefixAll(m.assumptions, repo)); combined.shields.push(...prefixAll(m.shields, repo)); + combined.features.push(...prefixAll(m.features || [], repo)); combined.comments.push(...prefixAll(m.comments, repo)); // Aggregate coverage @@ -673,9 +677,9 @@ function emptyMergedReport(workspace: string, statuses: RepoStatus[]): MergedRep generated_at: new Date().toISOString(), source_files: 0, annotations_parsed: 0, annotated_files: [], unannotated_files: [], assets: [], threats: [], controls: [], mitigations: [], exposures: [], - acceptances: [], transfers: [], flows: [], boundaries: [], + confirmed: [], acceptances: [], transfers: [], flows: [], boundaries: [], validations: [], audits: [], ownership: [], data_handling: [], - assumptions: [], shields: [], comments: [], + assumptions: [], shields: [], features: [], comments: [], coverage: { total_symbols: 0, annotated_symbols: 0, coverage_percent: 0, unannotated_critical: [] }, }, }; diff --git a/tests/fixtures/all-annotations.ts b/tests/fixtures/all-annotations.ts index 224155e..26d8782 100644 --- a/tests/fixtures/all-annotations.ts +++ b/tests/fixtures/all-annotations.ts @@ -12,6 +12,7 @@ // @mitigates App.Auth.Login against #sqli using #prepared-stmts -- "Login uses parameterized query" // @exposes App.Auth.Login to #bac [P1] cwe:CWE-639 -- "No ownership check on profile access" +// @confirmed #bac on App.Auth.Login [high] cwe:CWE-639 -- "Pen test: IDOR on GET /users/{id} reproduced" // @accepts #cred-stuff on App.Auth.Login -- "Rate limiting is sufficient" // @transfers #sqli from App.Auth.Login to External.PaymentGateway -- "Payment provider handles their own SQL" diff --git a/tests/parser.test.ts b/tests/parser.test.ts index 8704fcc..c9e488c 100644 --- a/tests/parser.test.ts +++ b/tests/parser.test.ts @@ -110,6 +110,20 @@ describe('parseString', () => { expect(e.external_refs).toEqual(['cwe:CWE-639']); }); + it('parses @confirmed with severity and external refs', () => { + const { annotations } = parseString( + '// @confirmed #idor on App.API [critical] cwe:CWE-639 -- "Pen test reproduced IDOR"' + ); + expect(annotations).toHaveLength(1); + const c = annotations[0] as any; + expect(c.verb).toBe('confirmed'); + expect(c.threat).toBe('#idor'); + expect(c.asset).toBe('App.API'); + expect(c.severity).toBe('critical'); + expect(c.external_refs).toEqual(['cwe:CWE-639']); + expect(c.description).toBe('Pen test reproduced IDOR'); + }); + it('parses @accepts', () => { const { annotations } = parseString( '// @accepts #info-disclosure on App.Health -- "Public endpoint"' @@ -364,6 +378,16 @@ describe('findDanglingRefs', () => { expect(diags[0].message).toContain('#missing-asset'); }); + it('detects dangling threat ref in @confirmed', () => { + const model = emptyModel({ + assets: [{ path: ['App'], id: 'app', location: loc }], + confirmed: [{ asset: '#app', threat: '#ghost-threat', severity: 'high', external_refs: [], location: loc }], + }); + const diags = findDanglingRefs(model); + expect(diags).toHaveLength(1); + expect(diags[0].message).toContain('#ghost-threat'); + }); + it('detects dangling refs in @flows source/target', () => { const model = emptyModel({ flows: [{ source: '#missing-src', target: '#missing-tgt', location: loc }], diff --git a/threat-dashboard.html b/threat-dashboard.html index b81e728..f58d758 100644 --- a/threat-dashboard.html +++ b/threat-dashboard.html @@ -3,7 +3,7 @@ -GuardLink — unknown Threat Model +GuardLink — guardlink Threat Model + + +
+ +
+

🛡️ CERT-X-GEN Security Scan Report

+

Scan ID: 60be8e79-14f7-4040-afd2-ebf9fad1853e

+
+ 📅 2026-03-31 20:03:16 UTC + ⏱️ 30.00s duration + 🔧 v1.1.0 +
+
+ +
+
+
1
+
Targets Scanned
+
+
+
13
+
Templates Executed
+
+
+
9
+
Total Findings
+
+
+
30.00s
+
Duration
+
+
+ +
+
+
0
+
Critical
+
+
+
4
+
High
+
+
+
2
+
Medium
+
+
+
3
+
Low
+
+
+
0
+
Info
+
+
+ +
+

📋 Findings

+
+ +
+
+

Full Threat Model Exposed via MCP guardlink_parse

+ medium +
+
+
+
+
Target
+
/Users/shahidhakim/Downloads/guardlink-main
+
+
+
Template
+
guardlink-data-exposure-mcp
+
+
+
Confidence
+
80%
+
+
+
Timestamp
+
2026-03-31 20:03:19 UTC
+
+ +
+
Vulnerability IDs
+
CWE-200
+
+
+
+ Description: The MCP guardlink_parse tool returns the complete threat model including: exposures (62 entries), mitigations (44 entries), data flows (71 entries), absolute paths (3 found). Any MCP client connected to the server has full visibility into the project's security posture, including known vulnerabilities and their locations. +
+ + +
+
+ Evidence + Raw output +
+ 

+                    

+                    
+                

+            

+
+            

+                

+                    
Unmitigated Vulnerability Details Exposed via MCP

+                    medium
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-data-exposure-mcp

+                        

+                        

+                            
Confidence

+                            
80%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:19 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-200

+                        

+                    

+                    

+                        Description: The MCP guardlink_status tool reveals 17 unmitigated exposures (5 critical/high severity) with exact file paths and line numbers. This provides a detailed attack roadmap to any connected MCP client.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        

+                    

+                    
+                

+            

+
+            

+                

+                    
MCP Resource Accessible Without Auth: guardlink://model

+                    low
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-data-exposure-mcp

+                        

+                        

+                            
Confidence

+                            
80%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:19 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-200

+                        

+                    

+                    

+                        Description: The MCP resource guardlink://model (Full threat model) is accessible without any authentication or authorization check. Response size: 79717 chars.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        
{
+  "version": "1.1.0",
+  "project": "unknown",
+  "generated_at": "2026-03-31T20:03:18.347Z",
+  "source_files": 76,
+  "annotations_parsed": 297,
+  "annotated_files": [
+    ".cxg-test-symlink/external.ts",
+    ".guardlink/definitions.ts",
+    "src/agents/config.ts",
+    "src/agents/index.ts",
+    "sr

+                    

+                    
+                

+            

+
+            

+                

+                    
MCP Resource Accessible Without Auth: guardlink://definitions

+                    low
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-data-exposure-mcp

+                        

+                        

+                            
Confidence

+                            
80%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:19 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-200

+                        

+                    

+                    

+                        Description: The MCP resource guardlink://definitions (Asset/threat/control definitions) is accessible without any authentication or authorization check. Response size: 7384 chars.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        
{
+  "assets": [
+    {
+      "id": "parser",
+      "path": "GuardLink.Parser",
+      "description": "Reads source files from disk, extracts security annotations using regex patterns"
+    },
+    {
+      "id": "cli",
+      "path": "GuardLink.CLI",
+      "description": "Command-line interface, handles u

+                    

+                    
+                

+            

+
+            

+                

+                    
MCP Resource Accessible Without Auth: guardlink://unmitigated

+                    low
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-data-exposure-mcp

+                        

+                        

+                            
Confidence

+                            
80%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:19 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-200

+                        

+                    

+                    

+                        Description: The MCP resource guardlink://unmitigated (Unmitigated exposure list) is accessible without any authentication or authorization check. Response size: 2361 chars.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        
[
+  {
+    "asset": "App",
+    "threat": "#sqli",
+    "file": ".cxg-test-symlink/external.ts",
+    "line": 1
+  },
+  {
+    "asset": "#llm-client",
+    "threat": "#data-exposure",
+    "severity": "low",
+    "file": "src/analyze/index.ts",
+    "line": 12
+  },
+  {
+    "asset": "#llm-client",
+    "threat"

+                    

+                    
+                

+            

+
+            

+                

+                    
MCP Path Traversal via root Parameter (guardlink_parse)

+                    high
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-path-traversal-mcp

+                        

+                        

+                            
Confidence

+                            
85%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:20 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-22

+                        

+                    

+                    

+                        Description: The MCP server accepted root='/etc' and returned data from outside the project directory. An MCP client can read arbitrary directory contents through the parse tool.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        
EACCES: permission denied, scandir '/etc/cups/certs'

+                    

+                    
+                

+            

+
+            

+                

+                    
MCP Path Traversal via root Parameter (guardlink_status)

+                    high
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-path-traversal-mcp

+                        

+                        

+                            
Confidence

+                            
85%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:20 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-22

+                        

+                    

+                    

+                        Description: The MCP server accepted root='/etc' in guardlink_status and returned status data for files outside the project.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        
EACCES: permission denied, scandir '/etc/cups/certs'

+                    

+                    
+                

+            

+
+            

+                

+                    
MCP Arbitrary File Write via Report Output Path

+                    high
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-path-traversal-mcp

+                        

+                        

+                            
Confidence

+                            
85%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:20 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-22

+                        

+                    

+                    

+                        Description: The MCP guardlink_report tool wrote a file to /var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/guardlink-cxg-mcp-266fkcf_/stolen-report.md outside the project root by manipulating the output parameter.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        

+                    

+                    
+                

+            

+
+            

+                

+                    
Symlink Escape in guardlink clear

+                    high
+                

+                

+                    

+                        

+                            
Target

+                            
/Users/shahidhakim/Downloads/guardlink-main

+                        

+                        

+                            
Template

+                            
guardlink-parser-arbitrary-write

+                        

+                        

+                            
Confidence

+                            
80%

+                        

+                        

+                            
Timestamp

+                            
2026-03-31 20:03:46 UTC

+                        

+                        
+                        

+                            
Vulnerability IDs

+                            
CWE-73

+                        

+                    

+                    

+                        Description: The 'guardlink clear' command follows symlinks and would modify files outside the project root. External file '/var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/cxg-arb-write-7lyia0j6/external.ts' was included in the clear operation via a symlink.
+                    

+                    
+                    
+                    

+                        

+                            Evidence
+                            Raw output
+                        

+                        
+Found 294 annotation line(s) across 39 file(s):
+
+  .cxg-test-symlink/external.ts  (1 line)
+  src/agents/config.ts  (10 lines)
+  src/agents/index.ts  (2 lines)
+  src/agents/launcher.ts  (11 lines)
+  src/agents/prompts.ts  (62 lines)
+  src/analyzer/index.ts  (2 lines)
+  src/analyzer/sarif.ts  (5 lines)
+  src/cli/index.ts  (12 lines)
+  src/dashboard/generate.ts  (8 lines)
+  src/dashboard/index.ts  (4 lines)
+  src/diff/git.ts  (10 lines)
+  src/diff/index.ts  (3 lines)
+  src/init/detect.ts  (4 lines)
+  src/init/index.ts  (10 lines)
+  src/analyze/index.ts  (10 lines)
+  src/analyze/llm.ts  (11 lines)
+  src/analyze/prompts.ts  (2 lines)
+  src/analyze/tools.ts  (10 lines)
+  src/mcp/index.ts  (4 lines)
+  src/mcp/lookup.ts  (4 lines)
+  src/mcp/server.ts  (16 lines)
+  src/mcp/suggest.ts  (9 lines)
+  src/parser/clear.ts  (7 lines)
+  src/parser/parse-file.ts  (5 lines)
+  src/parser/parse-line.ts  (3 lines)
+  src/parser/parse-project.ts  (7 lines)
+  src/report/index.ts  (2 lines)
+  src/report/report

+                    

+                    
+                

+            

+
+        

+
+        

+            Generated by CERT-X-GEN v1.1.0 | 2026-03-31 20:03:16 UTC
+        

+    

+
+
diff --git a/guardlink-pentest.json b/guardlink-pentest.json
new file mode 100644
index 0000000..016dcd9
--- /dev/null
+++ b/guardlink-pentest.json
@@ -0,0 +1,290 @@
+{
+  "scan_id": "60be8e79-14f7-4040-afd2-ebf9fad1853e",
+  "started_at": "2026-03-31T20:03:16.873740Z",
+  "completed_at": "2026-03-31T20:03:46.877445Z",
+  "findings": [
+    {
+      "id": "0093d7e0-13fb-4a0e-a836-6e8d08a3e7e8",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-data-exposure-mcp",
+      "severity": "medium",
+      "confidence": 80,
+      "title": "Full Threat Model Exposed via MCP guardlink_parse",
+      "description": "The MCP guardlink_parse tool returns the complete threat model including: exposures (62 entries), mitigations (44 entries), data flows (71 entries), absolute paths (3 found). Any MCP client connected to the server has full visibility into the project's security posture, including known vulnerabilities and their locations.",
+      "evidence": {
+        "request": "guardlink_parse",
+        "response": "",
+        "matched_patterns": [],
+        "data": {
+          "tool": "guardlink_parse",
+          "model_size_chars": "79717",
+          "sensitive_fields": "[\"exposures (62 entries)\", \"mitigations (44 entries)\", \"data flows (71 entries)\", \"absolute paths (3 found)\"]",
+          "abs_paths_sample": "[\"\\\"/report, /sarif, /dashboard write files\\\"\", \"\\\"/annotate and /threat-report spawn child processes\\\"\", \"\\\"/model handles API key input and storage\\\"\"]"
+        },
+        "timestamp": "2026-03-31T20:03:19.090615Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-200"
+      ],
+      "cvss_score": null,
+      "remediation": "Consider access control for MCP tool calls. Redact absolute file paths from MCP responses. Implement scoped access where clients only see relevant subsets.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:19.090616Z"
+    },
+    {
+      "id": "bb85be3d-0253-4788-aadd-f800d7a91af0",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-data-exposure-mcp",
+      "severity": "medium",
+      "confidence": 80,
+      "title": "Unmitigated Vulnerability Details Exposed via MCP",
+      "description": "The MCP guardlink_status tool reveals 17 unmitigated exposures (5 critical/high severity) with exact file paths and line numbers. This provides a detailed attack roadmap to any connected MCP client.",
+      "evidence": {
+        "request": "guardlink_status",
+        "response": "",
+        "matched_patterns": [],
+        "data": {
+          "total_unmitigated": "17",
+          "critical_high": "5",
+          "sample": "[{\"asset\": \"App\", \"threat\": \"#sqli\", \"file\": \".cxg-test-symlink/external.ts\", \"line\": 1}, {\"asset\": \"#llm-client\", \"threat\": \"#data-exposure\", \"severity\": \"low\", \"file\": \"src/analyze/index.ts\", \"line\": 12}, {\"asset\": \"#llm-client\", \"threat\": \"#prompt-injection\", \"severity\": \"medium\", \"file\": \"src/analyze/llm.ts\", \"line\": 17}]",
+          "tool": "guardlink_status"
+        },
+        "timestamp": "2026-03-31T20:03:19.090618Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-200"
+      ],
+      "cvss_score": null,
+      "remediation": "Implement MCP client authentication/authorization. Redact sensitive details (absolute paths, severity, exact locations) from MCP responses unless the client is trusted. Consider a read-only mode that omits vulnerability details.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:19.090618Z"
+    },
+    {
+      "id": "2e777b8a-73c6-4352-b86d-efe7fe3f3770",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-data-exposure-mcp",
+      "severity": "low",
+      "confidence": 80,
+      "title": "MCP Resource Accessible Without Auth: guardlink://model",
+      "description": "The MCP resource guardlink://model (Full threat model) is accessible without any authentication or authorization check. Response size: 79717 chars.",
+      "evidence": {
+        "request": "guardlink://model",
+        "response": "{\n  \"version\": \"1.1.0\",\n  \"project\": \"unknown\",\n  \"generated_at\": \"2026-03-31T20:03:18.347Z\",\n  \"source_files\": 76,\n  \"annotations_parsed\": 297,\n  \"annotated_files\": [\n    \".cxg-test-symlink/external.ts\",\n    \".guardlink/definitions.ts\",\n    \"src/agents/config.ts\",\n    \"src/agents/index.ts\",\n    \"sr",
+        "matched_patterns": [],
+        "data": {
+          "description": "Full threat model",
+          "response_size": "79717",
+          "resource_uri": "guardlink://model",
+          "content_snippet": "{\n  \"version\": \"1.1.0\",\n  \"project\": \"unknown\",\n  \"generated_at\": \"2026-03-31T20:03:18.347Z\",\n  \"source_files\": 76,\n  \"annotations_parsed\": 297,\n  \"annotated_files\": [\n    \".cxg-test-symlink/external.ts\",\n    \".guardlink/definitions.ts\",\n    \"src/agents/config.ts\",\n    \"src/agents/index.ts\",\n    \"sr"
+        },
+        "timestamp": "2026-03-31T20:03:19.090626Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-200"
+      ],
+      "cvss_score": null,
+      "remediation": "Implement MCP client authentication/authorization. Redact sensitive details (absolute paths, severity, exact locations) from MCP responses unless the client is trusted. Consider a read-only mode that omits vulnerability details.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:19.090626Z"
+    },
+    {
+      "id": "daa0e139-ae7f-44ca-bfdd-3fcdb2ce810e",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-data-exposure-mcp",
+      "severity": "low",
+      "confidence": 80,
+      "title": "MCP Resource Accessible Without Auth: guardlink://definitions",
+      "description": "The MCP resource guardlink://definitions (Asset/threat/control definitions) is accessible without any authentication or authorization check. Response size: 7384 chars.",
+      "evidence": {
+        "request": "guardlink://definitions",
+        "response": "{\n  \"assets\": [\n    {\n      \"id\": \"parser\",\n      \"path\": \"GuardLink.Parser\",\n      \"description\": \"Reads source files from disk, extracts security annotations using regex patterns\"\n    },\n    {\n      \"id\": \"cli\",\n      \"path\": \"GuardLink.CLI\",\n      \"description\": \"Command-line interface, handles u",
+        "matched_patterns": [],
+        "data": {
+          "description": "Asset/threat/control definitions",
+          "content_snippet": "{\n  \"assets\": [\n    {\n      \"id\": \"parser\",\n      \"path\": \"GuardLink.Parser\",\n      \"description\": \"Reads source files from disk, extracts security annotations using regex patterns\"\n    },\n    {\n      \"id\": \"cli\",\n      \"path\": \"GuardLink.CLI\",\n      \"description\": \"Command-line interface, handles u",
+          "response_size": "7384",
+          "resource_uri": "guardlink://definitions"
+        },
+        "timestamp": "2026-03-31T20:03:19.090627Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-200"
+      ],
+      "cvss_score": null,
+      "remediation": "Implement MCP client authentication/authorization. Redact sensitive details (absolute paths, severity, exact locations) from MCP responses unless the client is trusted. Consider a read-only mode that omits vulnerability details.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:19.090627Z"
+    },
+    {
+      "id": "60fee1fd-94f1-49c5-a2b6-af1d4eab9a69",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-data-exposure-mcp",
+      "severity": "low",
+      "confidence": 80,
+      "title": "MCP Resource Accessible Without Auth: guardlink://unmitigated",
+      "description": "The MCP resource guardlink://unmitigated (Unmitigated exposure list) is accessible without any authentication or authorization check. Response size: 2361 chars.",
+      "evidence": {
+        "request": "guardlink://unmitigated",
+        "response": "[\n  {\n    \"asset\": \"App\",\n    \"threat\": \"#sqli\",\n    \"file\": \".cxg-test-symlink/external.ts\",\n    \"line\": 1\n  },\n  {\n    \"asset\": \"#llm-client\",\n    \"threat\": \"#data-exposure\",\n    \"severity\": \"low\",\n    \"file\": \"src/analyze/index.ts\",\n    \"line\": 12\n  },\n  {\n    \"asset\": \"#llm-client\",\n    \"threat\"",
+        "matched_patterns": [],
+        "data": {
+          "response_size": "2361",
+          "resource_uri": "guardlink://unmitigated",
+          "content_snippet": "[\n  {\n    \"asset\": \"App\",\n    \"threat\": \"#sqli\",\n    \"file\": \".cxg-test-symlink/external.ts\",\n    \"line\": 1\n  },\n  {\n    \"asset\": \"#llm-client\",\n    \"threat\": \"#data-exposure\",\n    \"severity\": \"low\",\n    \"file\": \"src/analyze/index.ts\",\n    \"line\": 12\n  },\n  {\n    \"asset\": \"#llm-client\",\n    \"threat\"",
+          "description": "Unmitigated exposure list"
+        },
+        "timestamp": "2026-03-31T20:03:19.090629Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-200"
+      ],
+      "cvss_score": null,
+      "remediation": "Implement MCP client authentication/authorization. Redact sensitive details (absolute paths, severity, exact locations) from MCP responses unless the client is trusted. Consider a read-only mode that omits vulnerability details.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:19.090629Z"
+    },
+    {
+      "id": "095476cd-ca1d-49f9-b03d-412167ca080f",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-path-traversal-mcp",
+      "severity": "high",
+      "confidence": 85,
+      "title": "MCP Path Traversal via root Parameter (guardlink_parse)",
+      "description": "The MCP server accepted root='/etc' and returned data from outside the project directory. An MCP client can read arbitrary directory contents through the parse tool.",
+      "evidence": {
+        "request": "{\"tool\": \"guardlink_parse\", \"traversal_root\": \"/etc\", \"response_snippet\": \"EACCES: permission denied, scandir '/etc/cups/certs'\"}",
+        "response": "EACCES: permission denied, scandir '/etc/cups/certs'",
+        "matched_patterns": [],
+        "data": {
+          "response_snippet": "EACCES: permission denied, scandir '/etc/cups/certs'",
+          "traversal_root": "/etc",
+          "tool": "guardlink_parse"
+        },
+        "timestamp": "2026-03-31T20:03:20.214651Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-22"
+      ],
+      "cvss_score": null,
+      "remediation": "Validate and canonicalize the root parameter using realpath(). Reject paths that resolve outside the expected project directory. Apply allowlist-based path validation at the MCP tool boundary.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:20.214653Z"
+    },
+    {
+      "id": "def6712b-bbd9-447c-8705-4ccf67d7cb19",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-path-traversal-mcp",
+      "severity": "high",
+      "confidence": 85,
+      "title": "MCP Path Traversal via root Parameter (guardlink_status)",
+      "description": "The MCP server accepted root='/etc' in guardlink_status and returned status data for files outside the project.",
+      "evidence": {
+        "request": "{\"tool\": \"guardlink_status\", \"traversal_root\": \"/etc\", \"response_snippet\": \"EACCES: permission denied, scandir '/etc/cups/certs'\"}",
+        "response": "EACCES: permission denied, scandir '/etc/cups/certs'",
+        "matched_patterns": [],
+        "data": {
+          "traversal_root": "/etc",
+          "tool": "guardlink_status",
+          "response_snippet": "EACCES: permission denied, scandir '/etc/cups/certs'"
+        },
+        "timestamp": "2026-03-31T20:03:20.214687Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-22"
+      ],
+      "cvss_score": null,
+      "remediation": "Validate and canonicalize the root parameter using realpath(). Reject paths that resolve outside the expected project directory. Apply allowlist-based path validation at the MCP tool boundary.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:20.214687Z"
+    },
+    {
+      "id": "5edab871-57b8-4909-ac0d-36df8cdce448",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-path-traversal-mcp",
+      "severity": "high",
+      "confidence": 85,
+      "title": "MCP Arbitrary File Write via Report Output Path",
+      "description": "The MCP guardlink_report tool wrote a file to /var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/guardlink-cxg-mcp-266fkcf_/stolen-report.md outside the project root by manipulating the output parameter.",
+      "evidence": {
+        "request": "{\"tool\": \"guardlink_report\", \"output_path\": \"../../../../var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/guardlink-cxg-mcp-266fkcf_/stolen-report.md\", \"file_created\": \"/var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/guardlink-cxg-mcp-266fkcf_/stolen-report.md\"}",
+        "response": "",
+        "matched_patterns": [],
+        "data": {
+          "tool": "guardlink_report",
+          "output_path": "../../../../var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/guardlink-cxg-mcp-266fkcf_/stolen-report.md",
+          "file_created": "/var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/guardlink-cxg-mcp-266fkcf_/stolen-report.md"
+        },
+        "timestamp": "2026-03-31T20:03:20.214690Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-22"
+      ],
+      "cvss_score": null,
+      "remediation": "Validate and canonicalize the root parameter using realpath(). Reject paths that resolve outside the expected project directory. Apply allowlist-based path validation at the MCP tool boundary.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:20.214690Z"
+    },
+    {
+      "id": "e8186cef-bd63-47f9-aa14-d7f9f792ec7e",
+      "target": "/Users/shahidhakim/Downloads/guardlink-main",
+      "template_id": "guardlink-parser-arbitrary-write",
+      "severity": "high",
+      "confidence": 80,
+      "title": "Symlink Escape in guardlink clear",
+      "description": "The 'guardlink clear' command follows symlinks and would modify files outside the project root. External file '/var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/cxg-arb-write-7lyia0j6/external.ts' was included in the clear operation via a symlink.",
+      "evidence": {
+        "request": "{\"symlink\": \"/Users/shahidhakim/Downloads/guardlink-main/.cxg-test-symlink\", \"external_target\": \"/var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/cxg-arb-write-7lyia0j6\"}",
+        "response": "\nFound 294 annotation line(s) across 39 file(s):\n\n  .cxg-test-symlink/external.ts  (1 line)\n  src/agents/config.ts  (10 lines)\n  src/agents/index.ts  (2 lines)\n  src/agents/launcher.ts  (11 lines)\n  src/agents/prompts.ts  (62 lines)\n  src/analyzer/index.ts  (2 lines)\n  src/analyzer/sarif.ts  (5 lines)\n  src/cli/index.ts  (12 lines)\n  src/dashboard/generate.ts  (8 lines)\n  src/dashboard/index.ts  (4 lines)\n  src/diff/git.ts  (10 lines)\n  src/diff/index.ts  (3 lines)\n  src/init/detect.ts  (4 lines)\n  src/init/index.ts  (10 lines)\n  src/analyze/index.ts  (10 lines)\n  src/analyze/llm.ts  (11 lines)\n  src/analyze/prompts.ts  (2 lines)\n  src/analyze/tools.ts  (10 lines)\n  src/mcp/index.ts  (4 lines)\n  src/mcp/lookup.ts  (4 lines)\n  src/mcp/server.ts  (16 lines)\n  src/mcp/suggest.ts  (9 lines)\n  src/parser/clear.ts  (7 lines)\n  src/parser/parse-file.ts  (5 lines)\n  src/parser/parse-line.ts  (3 lines)\n  src/parser/parse-project.ts  (7 lines)\n  src/report/index.ts  (2 lines)\n  src/report/report",
+        "matched_patterns": [],
+        "data": {
+          "external_target": "/var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/cxg-arb-write-7lyia0j6",
+          "output_excerpt": "\nFound 294 annotation line(s) across 39 file(s):\n\n  .cxg-test-symlink/external.ts  (1 line)\n  src/agents/config.ts  (10 lines)\n  src/agents/index.ts  (2 lines)\n  src/agents/launcher.ts  (11 lines)\n  src/agents/prompts.ts  (62 lines)\n  src/analyzer/index.ts  (2 lines)\n  src/analyzer/sarif.ts  (5 lines)\n  src/cli/index.ts  (12 lines)\n  src/dashboard/generate.ts  (8 lines)\n  src/dashboard/index.ts  (4 lines)\n  src/diff/git.ts  (10 lines)\n  src/diff/index.ts  (3 lines)\n  src/init/detect.ts  (4 lines)\n  src/init/index.ts  (10 lines)\n  src/analyze/index.ts  (10 lines)\n  src/analyze/llm.ts  (11 lines)\n  src/analyze/prompts.ts  (2 lines)\n  src/analyze/tools.ts  (10 lines)\n  src/mcp/index.ts  (4 lines)\n  src/mcp/lookup.ts  (4 lines)\n  src/mcp/server.ts  (16 lines)\n  src/mcp/suggest.ts  (9 lines)\n  src/parser/clear.ts  (7 lines)\n  src/parser/parse-file.ts  (5 lines)\n  src/parser/parse-line.ts  (3 lines)\n  src/parser/parse-project.ts  (7 lines)\n  src/report/index.ts  (2 lines)\n  src/report/report",
+          "symlink": "/Users/shahidhakim/Downloads/guardlink-main/.cxg-test-symlink"
+        },
+        "timestamp": "2026-03-31T20:03:46.871903Z"
+      },
+      "cve_ids": [],
+      "cwe_ids": [
+        "CWE-73"
+      ],
+      "cvss_score": null,
+      "remediation": "1. Resolve and canonicalize all paths with realpath() before operations.\n2. Verify resolved paths are within the project root using startsWith().\n3. Add followSymlinks: false to fast-glob options.\n4. Reject root/dir arguments that resolve outside the expected project boundary.",
+      "references": [],
+      "tags": [],
+      "timestamp": "2026-03-31T20:03:46.871907Z"
+    }
+  ],
+  "statistics": {
+    "targets_scanned": 1,
+    "templates_executed": 13,
+    "findings_by_severity": {
+      "medium": 2,
+      "high": 4,
+      "low": 3
+    },
+    "network_requests": 0,
+    "data_transferred": 0,
+    "duration": {
+      "secs": 30,
+      "nanos": 3705000
+    },
+    "success_rate": 0.6923076923076923
+  },
+  "errors": []
+}
\ No newline at end of file
diff --git a/guardlink-pentest.sarif b/guardlink-pentest.sarif
new file mode 100644
index 0000000..fd1af27
--- /dev/null
+++ b/guardlink-pentest.sarif
@@ -0,0 +1,233 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "results": [
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP guardlink_parse tool returns the complete threat model including: exposures (62 entries), mitigations (44 entries), data flows (71 entries), absolute paths (3 found). Any MCP client connected to the server has full visibility into the project's security posture, including known vulnerabilities and their locations."
+          },
+          "properties": {
+            "confidence": 80,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-200"
+            ],
+            "severity": "medium"
+          },
+          "ruleId": "guardlink-data-exposure-mcp"
+        },
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP guardlink_status tool reveals 17 unmitigated exposures (5 critical/high severity) with exact file paths and line numbers. This provides a detailed attack roadmap to any connected MCP client."
+          },
+          "properties": {
+            "confidence": 80,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-200"
+            ],
+            "severity": "medium"
+          },
+          "ruleId": "guardlink-data-exposure-mcp"
+        },
+        {
+          "level": "note",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP resource guardlink://model (Full threat model) is accessible without any authentication or authorization check. Response size: 79717 chars."
+          },
+          "properties": {
+            "confidence": 80,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-200"
+            ],
+            "severity": "low"
+          },
+          "ruleId": "guardlink-data-exposure-mcp"
+        },
+        {
+          "level": "note",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP resource guardlink://definitions (Asset/threat/control definitions) is accessible without any authentication or authorization check. Response size: 7384 chars."
+          },
+          "properties": {
+            "confidence": 80,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-200"
+            ],
+            "severity": "low"
+          },
+          "ruleId": "guardlink-data-exposure-mcp"
+        },
+        {
+          "level": "note",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP resource guardlink://unmitigated (Unmitigated exposure list) is accessible without any authentication or authorization check. Response size: 2361 chars."
+          },
+          "properties": {
+            "confidence": 80,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-200"
+            ],
+            "severity": "low"
+          },
+          "ruleId": "guardlink-data-exposure-mcp"
+        },
+        {
+          "level": "error",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP server accepted root='/etc' and returned data from outside the project directory. An MCP client can read arbitrary directory contents through the parse tool."
+          },
+          "properties": {
+            "confidence": 85,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-22"
+            ],
+            "severity": "high"
+          },
+          "ruleId": "guardlink-path-traversal-mcp"
+        },
+        {
+          "level": "error",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP server accepted root='/etc' in guardlink_status and returned status data for files outside the project."
+          },
+          "properties": {
+            "confidence": 85,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-22"
+            ],
+            "severity": "high"
+          },
+          "ruleId": "guardlink-path-traversal-mcp"
+        },
+        {
+          "level": "error",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The MCP guardlink_report tool wrote a file to /var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/guardlink-cxg-mcp-266fkcf_/stolen-report.md outside the project root by manipulating the output parameter."
+          },
+          "properties": {
+            "confidence": 85,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-22"
+            ],
+            "severity": "high"
+          },
+          "ruleId": "guardlink-path-traversal-mcp"
+        },
+        {
+          "level": "error",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/shahidhakim/Downloads/guardlink-main"
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "The 'guardlink clear' command follows symlinks and would modify files outside the project root. External file '/var/folders/zn/h5q5_5155fzcq32ddvgz2v0r0000gn/T/cxg-arb-write-7lyia0j6/external.ts' was included in the clear operation via a symlink."
+          },
+          "properties": {
+            "confidence": 80,
+            "cveIds": [],
+            "cweIds": [
+              "CWE-73"
+            ],
+            "severity": "high"
+          },
+          "ruleId": "guardlink-parser-arbitrary-write"
+        }
+      ],
+      "tool": {
+        "driver": {
+          "informationUri": "https://cert-x-gen.io",
+          "name": "CERT-X-GEN",
+          "version": "1.1.0"
+        }
+      }
+    }
+  ],
+  "version": "2.1.0"
+}
\ No newline at end of file
diff --git a/src/dashboard/diagrams.ts b/src/dashboard/diagrams.ts
index 52a0169..8f3e97e 100644
--- a/src/dashboard/diagrams.ts
+++ b/src/dashboard/diagrams.ts
@@ -1,20 +1,35 @@
 /**
- * GuardLink Dashboard — Mermaid diagram generators.
+ * GuardLink Dashboard — diagram generators.
  *
- * Three diagram types:
- * 1. Threat Model Graph — assets, threats, controls, relationships
- * 2. Data Flow Diagram — @flows with trust boundaries
- * 3. Attack Surface — exposures grouped by severity
+ * Three Mermaid diagrams and one structured topology dataset.
+ *   - generateThreatGraph      — LR flowchart of assets, threats, controls, mitigations
+ *   - generateDataFlowDiagram  — LR flow graph with trust boundary groupings
+ *   - generateAttackSurface    — TB grouping of exposures per asset, severity-coloured
+ *   - generateTopologyData     — structured graph data powering the interactive D3 view
+ *
+ * All four generators share a single alias map so that #id, bare id, name, and
+ * path.join() forms of an asset/threat/control collapse onto the same node.
+ * This removes the long-standing duplicate-node bug that made the Mermaid
+ * diagrams render the same asset twice whenever sources mixed ref forms.
+ *
+ * @flows ThreatModel -> #dashboard via generateThreatGraph -- "Threat model relationships rendered as Mermaid source"
+ * @flows ThreatModel -> #dashboard via generateTopologyData -- "Threat model relationships rendered as structured D3 graph data"
+ * @mitigates #dashboard against #xss using #output-encoding -- "Diagram labels are sanitized for Mermaid and emitted to D3 as text data"
+ * @comment -- "Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identity"
  */
 
 import type { ThreatModel } from '../types/index.js';
 
-/** Sanitize IDs for Mermaid (no dots, spaces, hashes) */
+/* ══════════════════════════════════════════════════════════════════════════
+ * Shared sanitizers and ranking utilities
+ * ══════════════════════════════════════════════════════════════════════════ */
+
+/** Sanitize IDs for Mermaid (no dots, spaces, hashes). */
 function mid(s: string): string {
   return s.replace(/[^a-zA-Z0-9_]/g, '_');
 }
 
-/** Truncate long labels and sanitize for Mermaid (strip syntax-breaking characters) */
+/** Truncate long labels and sanitize for Mermaid (strip syntax-breaking characters). */
 function label(s: string, max = 40): string {
   const clean = s.replace(/"/g, "'").replace(/[\[\]{}()|`;]/g, '');
   return clean.length > max ? clean.slice(0, max - 1) + '…' : clean;
@@ -30,6 +45,411 @@ function normalizeRef(ref: string): string {
   return ref.startsWith('#') ? ref.slice(1) : ref;
 }
 
+function refKey(ref: string): string {
+  return normalizeRef(ref).trim().toLowerCase();
+}
+
+const severityRank: Record = { critical: 0, p0: 0, high: 1, p1: 1, medium: 2, p2: 2, low: 3, p3: 3, unset: 4 };
+const statusRank: Record = { confirmed: 0, open: 1, accepted: 2, mitigated: 3, none: 4 };
+
+function normalizeSeverity(severity?: string): string {
+  const s = (severity || '').toLowerCase();
+  return s && severityRank[s] !== undefined ? s : 'unset';
+}
+
+function strongerSeverity(a: string, b: string): string {
+  return (severityRank[b] ?? 4) < (severityRank[a] ?? 4) ? b : a;
+}
+
+function strongerStatus(a: string, b: string): string {
+  return (statusRank[b] ?? 4) < (statusRank[a] ?? 4) ? b : a;
+}
+
+/* ══════════════════════════════════════════════════════════════════════════
+ * Alias map — single source of truth for ref → canonical node resolution.
+ * Every diagram generator routes asset/threat/control references through this
+ * map so that `#api`, `api`, and `App.API` all collapse onto the same node.
+ * ══════════════════════════════════════════════════════════════════════════ */
+
+type NodeKind = 'asset' | 'threat' | 'control';
+
+interface AliasNode {
+  key: string;       // canonical node key (stable across ref forms)
+  label: string;     // best display label
+  id?: string;       // raw id if defined
+  kind: NodeKind;
+  severity: string;
+  externalRefs: string[];
+}
+
+interface ModelAliases {
+  resolve(kind: NodeKind, ref: string): AliasNode;
+  getExisting(kind: NodeKind, ref: string): AliasNode | undefined;
+  getAll(kind: NodeKind): AliasNode[];
+}
+
+function buildAliases(model: ThreatModel): ModelAliases {
+  const byKey: Record> = { asset: new Map(), threat: new Map(), control: new Map() };
+  const byRef: Record> = { asset: new Map(), threat: new Map(), control: new Map() };
+
+  const register = (kind: NodeKind, node: AliasNode, refs: Array): void => {
+    byKey[kind].set(node.key, node);
+    for (const r of refs) {
+      if (!r) continue;
+      const k = refKey(r);
+      if (!k) continue;
+      const existing = byRef[kind].get(k);
+      if (!existing) byRef[kind].set(k, node);
+    }
+  };
+
+  const upsert = (kind: NodeKind, key: string, displayLabel: string, refs: Array, opts?: { id?: string; severity?: string; externalRefs?: string[] }): AliasNode => {
+    let node = byKey[kind].get(key);
+    if (!node) {
+      node = {
+        key,
+        label: displayLabel || key,
+        id: opts?.id,
+        kind,
+        severity: normalizeSeverity(opts?.severity),
+        externalRefs: opts?.externalRefs ? [...opts.externalRefs] : [],
+      };
+    } else {
+      if (displayLabel && displayLabel.length > node.label.length) node.label = displayLabel;
+      if (opts?.id && !node.id) node.id = opts.id;
+      if (opts?.severity) node.severity = strongerSeverity(node.severity, normalizeSeverity(opts.severity));
+      if (opts?.externalRefs) for (const r of opts.externalRefs) if (!node.externalRefs.includes(r)) node.externalRefs.push(r);
+    }
+    register(kind, node, refs);
+    return node;
+  };
+
+  // Pre-register defined entities. #id takes priority over display label as the canonical key
+  // so that any later ref using the id resolves to the same node.
+  for (const a of model.assets) {
+    const display = a.path.join('.');
+    const key = a.id ? refKey(a.id) : refKey(display);
+    upsert('asset', key, display, [a.id, a.id ? `#${a.id}` : undefined, display, ...a.path], { id: a.id });
+  }
+  for (const t of model.threats) {
+    const key = t.id ? refKey(t.id) : refKey(t.name);
+    upsert('threat', key, t.name, [t.id, t.id ? `#${t.id}` : undefined, t.name, t.canonical_name], {
+      id: t.id,
+      severity: t.severity,
+      externalRefs: t.external_refs,
+    });
+  }
+  for (const c of model.controls) {
+    const key = c.id ? refKey(c.id) : refKey(c.name);
+    upsert('control', key, c.name, [c.id, c.id ? `#${c.id}` : undefined, c.name, c.canonical_name], { id: c.id });
+  }
+
+  // Sweep exposures/mitigations to pick up severities for undefined threats and external refs.
+  for (const e of model.exposures) {
+    const threat = byRef.threat.get(refKey(e.threat));
+    if (threat) {
+      if (e.severity) threat.severity = strongerSeverity(threat.severity, normalizeSeverity(e.severity));
+      for (const r of e.external_refs) if (!threat.externalRefs.includes(r)) threat.externalRefs.push(r);
+    }
+  }
+
+  const resolve = (kind: NodeKind, ref: string): AliasNode => {
+    const k = refKey(ref);
+    const existing = byRef[kind].get(k);
+    if (existing) return existing;
+    const display = normalizeRef(ref) || 'unknown';
+    return upsert(kind, k || display.toLowerCase(), display, [ref, display]);
+  };
+
+  return {
+    resolve,
+    getExisting: (kind, ref) => byRef[kind].get(refKey(ref)),
+    getAll: (kind) => [...byKey[kind].values()],
+  };
+}
+
+/* ══════════════════════════════════════════════════════════════════════════
+ * Topology data (interactive D3 view)
+ * ══════════════════════════════════════════════════════════════════════════ */
+
+export interface DiagramTopologyNode {
+  id: string;
+  label: string;
+  kind: 'asset' | 'threat' | 'control';
+  severity: string;
+  status: string;
+  exposures: number;
+  openExposures: number;
+  mitigations: number;
+  flows: number;
+  confirmed: number;
+  riskScore: number;
+  classifications: string[];
+  owner?: string;
+  refs: string[];
+}
+
+export interface DiagramTopologyLink {
+  source: string;
+  target: string;
+  kind: 'exposes' | 'confirmed' | 'mitigates' | 'protects' | 'accepts' | 'transfers' | 'flows' | 'boundary' | 'validates';
+  label: string;
+  severity: string;
+  status: string;
+  count: number;
+}
+
+export interface DiagramTopology {
+  nodes: DiagramTopologyNode[];
+  links: DiagramTopologyLink[];
+  summary: {
+    assets: number;
+    threats: number;
+    controls: number;
+    links: number;
+    open: number;
+    mitigated: number;
+    accepted: number;
+    confirmed: number;
+    criticalAssets: number;
+  };
+}
+
+const topoId = (kind: NodeKind, key: string): string => `${kind}:${key || 'unknown'}`;
+
+/**
+ * Build the structured graph consumed by the dashboard's native D3 topology.
+ * Shares an alias map with the Mermaid generators so #id/name/path forms agree.
+ */
+export function generateTopologyData(model: ThreatModel): DiagramTopology {
+  const aliases = buildAliases(model);
+
+  const nodes = new Map();
+  const links = new Map();
+
+  const materialize = (alias: AliasNode): DiagramTopologyNode => {
+    const id = topoId(alias.kind, alias.key);
+    let node = nodes.get(id);
+    if (!node) {
+      node = {
+        id,
+        label: alias.label,
+        kind: alias.kind,
+        severity: alias.severity,
+        status: 'none',
+        exposures: 0,
+        openExposures: 0,
+        mitigations: 0,
+        flows: 0,
+        confirmed: 0,
+        riskScore: 0,
+        classifications: [],
+        refs: [alias.label, alias.id, alias.id ? `#${alias.id}` : undefined].filter(Boolean) as string[],
+      };
+      nodes.set(id, node);
+    } else {
+      node.severity = strongerSeverity(node.severity, alias.severity);
+      if (alias.label.length > node.label.length) node.label = alias.label;
+    }
+    return node;
+  };
+
+  const resolve = (kind: NodeKind, ref: string): DiagramTopologyNode => materialize(aliases.resolve(kind, ref));
+
+  const addLink = (
+    source: string,
+    target: string,
+    kind: DiagramTopologyLink['kind'],
+    labelText: string,
+    severity: string = 'unset',
+    status: string = 'none',
+  ): void => {
+    if (!source || !target || source === target) return;
+    const key = `${source}|${target}|${kind}|${labelText}`;
+    const sev = normalizeSeverity(severity);
+    let link = links.get(key);
+    if (!link) {
+      link = { source, target, kind, label: labelText, severity: sev, status, count: 0 };
+      links.set(key, link);
+    }
+    link.count++;
+    link.severity = strongerSeverity(link.severity, sev);
+    link.status = strongerStatus(link.status, status);
+  };
+
+  const markNode = (node: DiagramTopologyNode, severity: string, status: string): void => {
+    node.severity = strongerSeverity(node.severity, normalizeSeverity(severity));
+    node.status = strongerStatus(node.status, status);
+  };
+
+  // Pre-seed nodes for every defined entity so the graph reflects the full model,
+  // not just what relationships happen to reference.
+  for (const a of aliases.getAll('asset')) materialize(a);
+  for (const t of aliases.getAll('threat')) materialize(t);
+  for (const c of aliases.getAll('control')) materialize(c);
+
+  // Classifications + ownership
+  for (const h of model.data_handling) {
+    const asset = resolve('asset', h.asset);
+    const classification = h.classification.toUpperCase();
+    if (!asset.classifications.includes(classification)) asset.classifications.push(classification);
+  }
+  for (const o of model.ownership) {
+    resolve('asset', o.asset).owner = o.owner;
+  }
+
+  // Compute per-pair resolution status for exposure links
+  const mitigatedPairs = new Set();
+  const acceptedPairs = new Set();
+  for (const m of model.mitigations) {
+    const asset = resolve('asset', m.asset);
+    const threat = resolve('threat', m.threat);
+    mitigatedPairs.add(`${asset.id}::${threat.id}`);
+  }
+  for (const a of model.acceptances) {
+    const asset = resolve('asset', a.asset);
+    const threat = resolve('threat', a.threat);
+    acceptedPairs.add(`${asset.id}::${threat.id}`);
+  }
+
+  for (const e of model.exposures) {
+    const asset = resolve('asset', e.asset);
+    const threat = resolve('threat', e.threat);
+    const pair = `${asset.id}::${threat.id}`;
+    const status = acceptedPairs.has(pair) ? 'accepted' : mitigatedPairs.has(pair) ? 'mitigated' : 'open';
+    const severity = normalizeSeverity(e.severity);
+    asset.exposures++;
+    threat.exposures++;
+    if (status === 'open') {
+      asset.openExposures++;
+      threat.openExposures++;
+    }
+    markNode(asset, severity, status);
+    markNode(threat, severity, status);
+    addLink(asset.id, threat.id, 'exposes', 'exposes', severity, status);
+  }
+
+  for (const c of model.confirmed || []) {
+    const asset = resolve('asset', c.asset);
+    const threat = resolve('threat', c.threat);
+    const severity = normalizeSeverity(c.severity);
+    asset.confirmed++;
+    threat.confirmed++;
+    markNode(asset, severity, 'confirmed');
+    markNode(threat, severity, 'confirmed');
+    addLink(asset.id, threat.id, 'confirmed', 'confirmed', severity, 'confirmed');
+  }
+
+  for (const m of model.mitigations) {
+    const asset = resolve('asset', m.asset);
+    const threat = resolve('threat', m.threat);
+    asset.mitigations++;
+    threat.mitigations++;
+    markNode(asset, 'unset', 'mitigated');
+    markNode(threat, 'unset', 'mitigated');
+    if (m.control) {
+      const control = resolve('control', m.control);
+      control.mitigations++;
+      addLink(control.id, threat.id, 'mitigates', 'mitigates', threat.severity, 'mitigated');
+      addLink(control.id, asset.id, 'protects', 'protects', 'unset', 'mitigated');
+    } else {
+      addLink(asset.id, threat.id, 'mitigates', 'mitigates', threat.severity, 'mitigated');
+    }
+  }
+
+  for (const a of model.acceptances) {
+    const asset = resolve('asset', a.asset);
+    const threat = resolve('threat', a.threat);
+    markNode(asset, threat.severity, 'accepted');
+    markNode(threat, threat.severity, 'accepted');
+    addLink(asset.id, threat.id, 'accepts', 'accepts', threat.severity, 'accepted');
+  }
+
+  for (const t of model.transfers) {
+    const source = resolve('asset', t.source);
+    const target = resolve('asset', t.target);
+    const threat = resolve('threat', t.threat);
+    addLink(source.id, target.id, 'transfers', `transfers ${threat.label}`, threat.severity, 'none');
+  }
+
+  for (const f of model.flows) {
+    const source = resolve('asset', f.source);
+    const target = resolve('asset', f.target);
+    source.flows++;
+    target.flows++;
+    addLink(source.id, target.id, 'flows', f.mechanism || 'flows', 'unset', 'none');
+  }
+
+  for (const b of model.boundaries) {
+    const a = resolve('asset', b.asset_a);
+    const z = resolve('asset', b.asset_b);
+    addLink(a.id, z.id, 'boundary', b.description || b.id || 'trust boundary', 'unset', 'none');
+  }
+
+  for (const v of model.validations) {
+    const control = resolve('control', v.control);
+    const asset = resolve('asset', v.asset);
+    addLink(control.id, asset.id, 'validates', 'validates', 'unset', 'mitigated');
+  }
+
+  // Risk score: exposures weighted by severity, amplified by confirmed hits.
+  const sevWeight: Record = { critical: 10, p0: 10, high: 6, p1: 6, medium: 3, p2: 3, low: 1, p3: 1, unset: 1 };
+  for (const n of nodes.values()) {
+    n.riskScore = n.openExposures * (sevWeight[n.severity] ?? 1) + n.confirmed * 12;
+  }
+
+  const nodeList = [...nodes.values()]
+    .map(n => ({ ...n, classifications: [...n.classifications].sort(), refs: [...n.refs].sort() }))
+    .sort((a, b) => {
+      const kindOrder = { asset: 0, threat: 1, control: 2 };
+      const byKind = kindOrder[a.kind] - kindOrder[b.kind];
+      if (byKind !== 0) return byKind;
+      const byRisk = b.riskScore - a.riskScore;
+      if (byRisk !== 0) return byRisk;
+      const bySeverity = (severityRank[a.severity] ?? 4) - (severityRank[b.severity] ?? 4);
+      if (bySeverity !== 0) return bySeverity;
+      return a.label.localeCompare(b.label);
+    });
+  const linkList = [...links.values()].sort((a, b) => a.kind.localeCompare(b.kind) || b.count - a.count || a.label.localeCompare(b.label));
+
+  const openCount = model.exposures.filter(e => {
+    const assetId = topoId('asset', aliases.resolve('asset', e.asset).key);
+    const threatId = topoId('threat', aliases.resolve('threat', e.threat).key);
+    const pair = `${assetId}::${threatId}`;
+    return !mitigatedPairs.has(pair) && !acceptedPairs.has(pair);
+  }).length;
+  const mitigatedCount = model.exposures.filter(e => {
+    const assetId = topoId('asset', aliases.resolve('asset', e.asset).key);
+    const threatId = topoId('threat', aliases.resolve('threat', e.threat).key);
+    return mitigatedPairs.has(`${assetId}::${threatId}`);
+  }).length;
+  const acceptedCount = model.exposures.filter(e => {
+    const assetId = topoId('asset', aliases.resolve('asset', e.asset).key);
+    const threatId = topoId('threat', aliases.resolve('threat', e.threat).key);
+    return acceptedPairs.has(`${assetId}::${threatId}`);
+  }).length;
+
+  return {
+    nodes: nodeList,
+    links: linkList,
+    summary: {
+      assets: nodeList.filter(n => n.kind === 'asset').length,
+      threats: nodeList.filter(n => n.kind === 'threat').length,
+      controls: nodeList.filter(n => n.kind === 'control').length,
+      links: linkList.length,
+      open: openCount,
+      mitigated: mitigatedCount,
+      accepted: acceptedCount,
+      confirmed: (model.confirmed || []).length,
+      criticalAssets: nodeList.filter(n => n.kind === 'asset' && (n.severity === 'critical' || n.severity === 'p0') && n.status !== 'mitigated').length,
+    },
+  };
+}
+
+/* ══════════════════════════════════════════════════════════════════════════
+ * Mermaid helpers
+ * ══════════════════════════════════════════════════════════════════════════ */
+
 /** Heuristic icon for data-flow assets to make diagrams easier to scan. */
 function assetIcon(name: string): string {
   const n = normalizeRef(name).toLowerCase();
@@ -51,436 +471,507 @@ function flowIcon(mechanism: string): string {
   return '📡';
 }
 
-/**
+function severityIcon(sev: string): string {
+  if (sev === 'critical' || sev === 'p0') return '🔴';
+  if (sev === 'high' || sev === 'p1') return '🟠';
+  if (sev === 'medium' || sev === 'p2') return '🟡';
+  if (sev === 'low' || sev === 'p3') return '🔵';
+  return '⚪';
+}
+
+function severityClass(sev: string): string {
+  if (sev === 'critical' || sev === 'p0') return 'sev_crit';
+  if (sev === 'high' || sev === 'p1') return 'sev_high';
+  if (sev === 'medium' || sev === 'p2') return 'sev_med';
+  if (sev === 'low' || sev === 'p3') return 'sev_low';
+  return 'sev_unset';
+}
+
+/* ══════════════════════════════════════════════════════════════════════════
  * Diagram 1: Threat Model Graph
- * Shows assets (boxes), threats (red), controls (green), and relationships.
- */
-export function generateThreatGraph(model: ThreatModel): string {
-  // Filter to critical+high severity threats to keep diagram readable
-  const highSevThreats = new Set();
-  const sevMap = new Map();
-  const threatLabelMap = new Map();
-  const sevRank: Record = { critical: 0, p0: 0, high: 1, p1: 1, medium: 2, p2: 2, low: 3, p3: 3, unset: 4 };
-
-  const setThreatSeverity = (ref: string, severity: string): void => {
-    if (!ref || !severity) return;
-    const norm = normalizeRef(ref);
-    const current = sevMap.get(ref) || sevMap.get(norm);
-    if (!current || (sevRank[severity] ?? 4) < (sevRank[current] ?? 4)) {
-      sevMap.set(ref, severity);
-      sevMap.set(norm, severity);
-    }
-  };
+ * ══════════════════════════════════════════════════════════════════════════ */
 
-  const setThreatLabel = (ref: string, display: string): void => {
-    if (!ref || !display) return;
-    const norm = normalizeRef(ref);
-    const existing = threatLabelMap.get(ref) || threatLabelMap.get(norm);
-    // Prefer richer labels (e.g., canonical threat name) over terse id-like refs.
-    if (!existing || display.length > existing.length) {
-      threatLabelMap.set(ref, display);
-      threatLabelMap.set(norm, display);
-    }
-  };
+interface ThreatGraphOptions {
+  /** Show all threats regardless of severity. Defaults to auto-filter when >12 distinct threats are exposed. */
+  showAll?: boolean;
+}
 
-  for (const t of model.threats) {
-    const s = (t.severity || '').toLowerCase();
-    if (t.id) {
-      setThreatSeverity(`#${t.id}`, s);
-      setThreatSeverity(t.id, s);
-      setThreatLabel(`#${t.id}`, t.name);
-      setThreatLabel(t.id, t.name);
-    }
-    setThreatSeverity(t.name, s);
-    setThreatLabel(t.name, t.name);
-    if (s === 'critical' || s === 'p0' || s === 'high' || s === 'p1') {
-      if (t.id) { highSevThreats.add(`#${t.id}`); highSevThreats.add(t.id); }
-      highSevThreats.add(t.name);
-      highSevThreats.add(normalizeRef(t.name));
-    }
-  }
+/**
+ * LR flowchart: assets (boxes), threats (red), controls (green), and relationships.
+ * All refs are canonicalized through buildAliases so mixed #id/name usage collapses.
+ */
+export function generateThreatGraph(model: ThreatModel, opts: ThreatGraphOptions = {}): string {
+  const aliases = buildAliases(model);
+  const resolve = (kind: NodeKind, ref: string) => aliases.resolve(kind, ref);
 
-  // Exposure-level severity can exist even when a threat definition doesn't.
-  for (const e of model.exposures) {
-    const s = (e.severity || '').toLowerCase();
-    setThreatSeverity(e.threat, s);
-    setThreatLabel(e.threat, e.threat.replace('#', ''));
-    if (s === 'critical' || s === 'p0' || s === 'high' || s === 'p1') {
-      highSevThreats.add(e.threat);
-      highSevThreats.add(normalizeRef(e.threat));
-    }
-  }
+  // Auto-filter to high/critical if the diagram would otherwise be overwhelming.
+  const distinctThreats = new Set();
+  for (const e of model.exposures) distinctThreats.add(resolve('threat', e.threat).key);
+  const filterHigh = opts.showAll ? false : distinctThreats.size > 12;
 
-  const isHighThreat = (ref: string): boolean => highSevThreats.has(ref) || highSevThreats.has(normalizeRef(ref));
+  const isHighSev = (sev: string): boolean => sev === 'critical' || sev === 'p0' || sev === 'high' || sev === 'p1';
 
-  // If very many threats, filter to critical+high only
-  const totalThreats = new Set();
-  for (const e of model.exposures) totalThreats.add(e.threat);
-  const filterHigh = totalThreats.size > 12;
+  const usedAssetKeys = new Set();   // key → seen
+  const usedThreatKeys = new Set();
+  const usedControlKeys = new Set();
 
-  const lines: string[] = ['graph LR'];
-  const usedAssets = new Set();
-  const usedThreats = new Set();
-  const usedControls = new Set();
-  const edges = new Set();
+  const registerAsset = (ref: string): AliasNode => {
+    const n = resolve('asset', ref);
+    usedAssetKeys.add(n.key);
+    return n;
+  };
+  const registerThreat = (ref: string): AliasNode => {
+    const n = resolve('threat', ref);
+    usedThreatKeys.add(n.key);
+    return n;
+  };
+  const registerControl = (ref: string): AliasNode => {
+    const n = resolve('control', ref);
+    usedControlKeys.add(n.key);
+    return n;
+  };
 
+  // Walk relationships and canonicalize usage
   for (const e of model.exposures) {
-    if (filterHigh && !isHighThreat(e.threat)) continue;
-    usedAssets.add(e.asset);
-    usedThreats.add(e.threat);
+    const threat = resolve('threat', e.threat);
+    const effectiveSev = e.severity ? normalizeSeverity(e.severity) : threat.severity;
+    if (filterHigh && !isHighSev(effectiveSev)) continue;
+    registerAsset(e.asset);
+    registerThreat(e.threat);
   }
   for (const m of model.mitigations) {
-    if (filterHigh && !isHighThreat(m.threat)) continue;
-    usedAssets.add(m.asset); usedThreats.add(m.threat);
-    if (m.control) usedControls.add(m.control);
+    const threat = resolve('threat', m.threat);
+    if (filterHigh && !isHighSev(threat.severity)) continue;
+    registerAsset(m.asset);
+    registerThreat(m.threat);
+    if (m.control) registerControl(m.control);
   }
   for (const a of model.acceptances) {
-    if (filterHigh && !isHighThreat(a.threat)) continue;
-    usedAssets.add(a.asset); usedThreats.add(a.threat);
+    const threat = resolve('threat', a.threat);
+    if (filterHigh && !isHighSev(threat.severity)) continue;
+    registerAsset(a.asset);
+    registerThreat(a.threat);
   }
   for (const t of model.transfers) {
-    if (filterHigh && !isHighThreat(t.threat)) continue;
-    usedAssets.add(t.source); usedAssets.add(t.target); usedThreats.add(t.threat);
+    const threat = resolve('threat', t.threat);
+    if (filterHigh && !isHighSev(threat.severity)) continue;
+    registerAsset(t.source);
+    registerAsset(t.target);
+    registerThreat(t.threat);
   }
   for (const v of model.validations) {
-    usedAssets.add(v.asset);
-    usedControls.add(v.control);
+    registerAsset(v.asset);
+    registerControl(v.control);
   }
-
-  // ── Build data-classification map (asset → classification badges) ──
-  const dataClassMap = new Map();
-  for (const h of model.data_handling) {
-    const norm = normalizeRef(h.asset);
-    if (!dataClassMap.has(h.asset)) dataClassMap.set(h.asset, []);
-    dataClassMap.get(h.asset)!.push(h.classification.toUpperCase());
-    if (norm !== h.asset) {
-      if (!dataClassMap.has(norm)) dataClassMap.set(norm, []);
-      dataClassMap.get(norm)!.push(h.classification.toUpperCase());
-    }
+  for (const c of model.confirmed || []) {
+    registerAsset(c.asset);
+    registerThreat(c.threat);
   }
 
-  // ── Build ownership map (asset → owner) ──
-  const ownerMap = new Map();
-  for (const o of model.ownership) {
-    ownerMap.set(o.asset, o.owner);
-    ownerMap.set(normalizeRef(o.asset), o.owner);
-  }
-
-  // ── Build external-refs map (threat → CWE/refs) ──
-  const extRefMap = new Map();
-  const addExtRefs = (ref: string, refs: string[]) => {
-    if (!refs || refs.length === 0) return;
-    const norm = normalizeRef(ref);
-    for (const r of [ref, norm]) {
-      if (!extRefMap.has(r)) extRefMap.set(r, []);
-      for (const er of refs) {
-        if (!extRefMap.get(r)!.includes(er)) extRefMap.get(r)!.push(er);
-      }
-    }
-  };
-  for (const t of model.threats) {
-    if (t.external_refs.length > 0) {
-      addExtRefs(t.name, t.external_refs);
-      if (t.id) { addExtRefs(`#${t.id}`, t.external_refs); addExtRefs(t.id, t.external_refs); }
-    }
-  }
-  for (const e of model.exposures) {
-    if (e.external_refs.length > 0) addExtRefs(e.threat, e.external_refs);
+  // Classifications + ownership lookup (keyed on asset key)
+  const dataClassByKey = new Map();
+  for (const h of model.data_handling) {
+    const node = resolve('asset', h.asset);
+    const list = dataClassByKey.get(node.key) ?? [];
+    const cls = h.classification.toUpperCase();
+    if (!list.includes(cls)) list.push(cls);
+    dataClassByKey.set(node.key, list);
   }
-
-  // ── Determine trust-boundary groupings for used assets ──
-  const assetZone = new Map();  // asset → zone id
-  const zoneAssets = new Map>(); // zone id → assets
-  const zoneLabel = new Map(); // zone id → label
+  const ownerByKey = new Map();
+  for (const o of model.ownership) ownerByKey.set(resolve('asset', o.asset).key, o.owner);
+
+  // Trust-zone grouping: pair up each boundary's two sides into a shared subgraph
+  // titled by the boundary description. An asset may appear in multiple zones, but
+  // we dedupe by putting it into its first-seen zone to keep Mermaid valid.
+  const zoneById = new Map }>();
+  const assetZoneByKey = new Map();
   let zIdx = 0;
   for (const b of model.boundaries) {
-    // Only include boundaries where at least one side is a used asset
-    const aUsed = usedAssets.has(b.asset_a) || usedAssets.has(normalizeRef(b.asset_a));
-    const bUsed = usedAssets.has(b.asset_b) || usedAssets.has(normalizeRef(b.asset_b));
-    if (!aUsed && !bUsed) continue;
-
-    // Assign each side to a zone if not already assigned
-    for (const side of [b.asset_a, b.asset_b]) {
-      if (!assetZone.has(side) && !assetZone.has(normalizeRef(side))) {
-        const zId = `TZ${zIdx++}`;
-        assetZone.set(side, zId);
-        assetZone.set(normalizeRef(side), zId);
-        zoneAssets.set(zId, new Set([side]));
-        zoneLabel.set(zId, side);
-      }
-    }
+    const aKey = resolve('asset', b.asset_a).key;
+    const bKey = resolve('asset', b.asset_b).key;
+    if (!usedAssetKeys.has(aKey) && !usedAssetKeys.has(bKey)) continue;
+    const zoneId = `TZ${zIdx++}`;
+    const desc = b.description || b.id || 'trust boundary';
+    const zone = { label: desc, members: new Set() };
+    if (usedAssetKeys.has(aKey) && !assetZoneByKey.has(aKey)) { zone.members.add(aKey); assetZoneByKey.set(aKey, zoneId); }
+    if (usedAssetKeys.has(bKey) && !assetZoneByKey.has(bKey)) { zone.members.add(bKey); assetZoneByKey.set(bKey, zoneId); }
+    if (zone.members.size > 0) zoneById.set(zoneId, zone);
   }
 
-  // ── Emit trust-boundary subgraphs ──
-  const inSubgraph = new Set();
-  for (const [zId, members] of zoneAssets) {
-    const rep = zoneLabel.get(zId) || [...members][0];
-    lines.push(`  subgraph ${zId}["🧱 ${label(rep)}"]`);
-    for (const m of members) {
-      if (!usedAssets.has(m) && !usedAssets.has(normalizeRef(m))) continue;
-      const badges = dataClassMap.get(m) || dataClassMap.get(normalizeRef(m));
-      const owner = ownerMap.get(m) || ownerMap.get(normalizeRef(m));
-      let suffix = '';
-      if (badges && badges.length > 0) suffix += ` [${badges.join(', ')}]`;
-      if (owner) suffix += ` (${label(owner, 15)})`;
-      lines.push(`    ${mid(m)}["🔷 ${label(m)}${suffix}"]`);
-      inSubgraph.add(m);
-      inSubgraph.add(normalizeRef(m));
+  const lines: string[] = [
+    // rankSpacing controls horizontal distance between columns in LR graphs — bump it
+    // to keep the diagram wide instead of cramming everything into a narrow strip.
+    '%%{init: {"flowchart": {"nodeSpacing": 55, "rankSpacing": 150, "curve": "monotoneX", "htmlLabels": false, "padding": 24}}}%%',
+    'graph LR',
+  ];
+
+  const assetLabelFor = (node: AliasNode): string => {
+    const classes = dataClassByKey.get(node.key);
+    const owner = ownerByKey.get(node.key);
+    let suffix = '';
+    if (classes && classes.length > 0) suffix += ` [${classes.join(', ')}]`;
+    if (owner) suffix += ` (${label(owner, 15)})`;
+    return `🔷 ${label(node.label)}${suffix}`;
+  };
+
+  // Emit subgraphs first
+  const emittedAssets = new Set();
+  for (const [zoneId, zone] of zoneById) {
+    lines.push(`  subgraph ${zoneId}["🧱 ${label(zone.label, 40)}"]`);
+    for (const key of zone.members) {
+      const node = [...aliases.getAll('asset')].find(n => n.key === key);
+      if (!node) continue;
+      lines.push(`    ${mid(node.key)}["${assetLabelFor(node)}"]`);
+      emittedAssets.add(key);
     }
     lines.push('  end');
   }
 
-  // ── Asset nodes (not already in a subgraph) ──
-  for (const a of usedAssets) {
-    if (inSubgraph.has(a) || inSubgraph.has(normalizeRef(a))) continue;
-    const badges = dataClassMap.get(a) || dataClassMap.get(normalizeRef(a));
-    const owner = ownerMap.get(a) || ownerMap.get(normalizeRef(a));
-    let suffix = '';
-    if (badges && badges.length > 0) suffix += ` [${badges.join(', ')}]`;
-    if (owner) suffix += ` (${label(owner, 15)})`;
-    lines.push(`  ${mid(a)}["🔷 ${label(a)}${suffix}"]`);
+  // Standalone assets
+  for (const key of usedAssetKeys) {
+    if (emittedAssets.has(key)) continue;
+    const node = [...aliases.getAll('asset')].find(n => n.key === key);
+    if (!node) continue;
+    lines.push(`  ${mid(node.key)}["${assetLabelFor(node)}"]`);
   }
-  // Threat nodes (with CWE/external-ref badges)
-  for (const t of usedThreats) {
-    const sev = sevMap.get(t) || sevMap.get(normalizeRef(t)) || '';
-    const display = threatLabelMap.get(t) || threatLabelMap.get(normalizeRef(t)) || t.replace('#', '');
-    const icon = sev === 'critical' || sev === 'p0' ? '🔴' : sev === 'high' || sev === 'p1' ? '🟠' : '🟡';
-    const refs = extRefMap.get(t) || extRefMap.get(normalizeRef(t));
-    const refSuffix = refs && refs.length > 0 ? ` (${refs.slice(0, 2).join(', ')})` : '';
-    lines.push(`  ${mid(t)}["${icon} ${label(display, 35)}${refSuffix}"]:::threat`);
+
+  // Threat nodes
+  for (const key of usedThreatKeys) {
+    const node = [...aliases.getAll('threat')].find(n => n.key === key);
+    if (!node) continue;
+    const icon = severityIcon(node.severity);
+    const refSuffix = node.externalRefs.length > 0 ? ` (${node.externalRefs.slice(0, 2).join(', ')})` : '';
+    lines.push(`  ${mid(node.key)}["${icon} ${label(node.label, 35)}${refSuffix}"]:::threat`);
   }
+
   // Control nodes
-  for (const c of usedControls) {
-    lines.push(`  ${mid(c)}["🛡️ ${label(c.replace('#', ''))}"]:::control`);
+  for (const key of usedControlKeys) {
+    const node = [...aliases.getAll('control')].find(n => n.key === key);
+    if (!node) continue;
+    lines.push(`  ${mid(node.key)}["🛡️ ${label(node.label)}"]:::control`);
   }
 
-  // Exposure edges (deduplicated)
+  // Edge emission (deduped)
+  const edgeKeys = new Set();
+  const edge = (sourceKey: string, targetKey: string, kind: string, syntax: string) => {
+    const k = `${sourceKey}|${targetKey}|${kind}`;
+    if (edgeKeys.has(k)) return;
+    edgeKeys.add(k);
+    lines.push(`  ${syntax}`);
+  };
+
   for (const e of model.exposures) {
-    if (filterHigh && !isHighThreat(e.threat)) continue;
-    const key = `${mid(e.asset)}->exp->${mid(e.threat)}`;
-    if (!edges.has(key)) {
-      edges.add(key);
-      lines.push(`  ${mid(e.asset)} -. exposed .-> ${mid(e.threat)}`);
-    }
+    const threat = resolve('threat', e.threat);
+    const asset = resolve('asset', e.asset);
+    const effectiveSev = e.severity ? normalizeSeverity(e.severity) : threat.severity;
+    if (filterHigh && !isHighSev(effectiveSev)) continue;
+    edge(asset.key, threat.key, 'exp', `${mid(asset.key)} -. exposes .-> ${mid(threat.key)}`);
+  }
+  for (const c of model.confirmed || []) {
+    const asset = resolve('asset', c.asset);
+    const threat = resolve('threat', c.threat);
+    edge(asset.key, threat.key, 'conf', `${mid(asset.key)} == "💥 confirmed" ==> ${mid(threat.key)}`);
   }
-  // Mitigation edges
   for (const m of model.mitigations) {
-    if (filterHigh && !isHighThreat(m.threat)) continue;
+    const threat = resolve('threat', m.threat);
+    const asset = resolve('asset', m.asset);
+    if (filterHigh && !isHighSev(threat.severity)) continue;
     if (m.control) {
-      const k1 = `${mid(m.control)}->mit->${mid(m.threat)}`;
-      if (!edges.has(k1)) { edges.add(k1); lines.push(`  ${mid(m.control)} -- mitigates --> ${mid(m.threat)}`); }
-      const k2 = `${mid(m.control)}->on->${mid(m.asset)}`;
-      if (!edges.has(k2)) { edges.add(k2); lines.push(`  ${mid(m.control)} -.- ${mid(m.asset)}`); }
+      const control = resolve('control', m.control);
+      edge(control.key, threat.key, 'mit', `${mid(control.key)} -- mitigates --> ${mid(threat.key)}`);
+      edge(control.key, asset.key, 'prot', `${mid(control.key)} -. protects .-> ${mid(asset.key)}`);
     } else {
-      const key = `${mid(m.asset)}->mit->${mid(m.threat)}`;
-      if (!edges.has(key)) { edges.add(key); lines.push(`  ${mid(m.asset)} -. mitigates .-> ${mid(m.threat)}`); }
+      edge(asset.key, threat.key, 'mit', `${mid(asset.key)} -. mitigates .-> ${mid(threat.key)}`);
     }
   }
-  // Acceptance edges
   for (const a of model.acceptances) {
-    if (filterHigh && !isHighThreat(a.threat)) continue;
-    const key = `${mid(a.asset)}->acc->${mid(a.threat)}`;
-    if (!edges.has(key)) { edges.add(key); lines.push(`  ${mid(a.asset)} -- accepts --> ${mid(a.threat)}`); }
+    const threat = resolve('threat', a.threat);
+    const asset = resolve('asset', a.asset);
+    if (filterHigh && !isHighSev(threat.severity)) continue;
+    edge(asset.key, threat.key, 'acc', `${mid(asset.key)} -- accepts --> ${mid(threat.key)}`);
   }
-  // Transfer edges (risk moved between parties for a specific threat)
   for (const t of model.transfers) {
-    if (filterHigh && !isHighThreat(t.threat)) continue;
-    const threatDisplay = threatLabelMap.get(t.threat) || threatLabelMap.get(normalizeRef(t.threat)) || t.threat.replace('#', '');
-    const key = `${mid(t.source)}->xfer->${mid(t.target)}::${mid(t.threat)}`;
-    if (!edges.has(key)) {
-      edges.add(key);
-      lines.push(`  ${mid(t.source)} -- "transfers risk: ${label(threatDisplay, 26)}" --> ${mid(t.target)}`);
-    }
+    const threat = resolve('threat', t.threat);
+    const source = resolve('asset', t.source);
+    const target = resolve('asset', t.target);
+    if (filterHigh && !isHighSev(threat.severity)) continue;
+    edge(source.key, target.key, `xfer:${threat.key}`, `${mid(source.key)} -- "transfers risk: ${label(threat.label, 26)}" --> ${mid(target.key)}`);
   }
-  // Validation edges (controls validating assets)
   for (const v of model.validations) {
-    const key = `${mid(v.control)}->val->${mid(v.asset)}`;
-    if (!edges.has(key)) { edges.add(key); lines.push(`  ${mid(v.control)} -. validates .-> ${mid(v.asset)}`); }
+    const control = resolve('control', v.control);
+    const asset = resolve('asset', v.asset);
+    edge(control.key, asset.key, 'val', `${mid(control.key)} -. validates .-> ${mid(asset.key)}`);
   }
-  // Data-flow edges (only between assets already in the graph)
   for (const f of model.flows) {
-    const srcIn = usedAssets.has(f.source) || usedAssets.has(normalizeRef(f.source));
-    const tgtIn = usedAssets.has(f.target) || usedAssets.has(normalizeRef(f.target));
-    if (!srcIn || !tgtIn) continue;
-    const key = `${mid(f.source)}->flow->${mid(f.target)}`;
-    if (!edges.has(key)) {
-      edges.add(key);
-      if (f.mechanism) {
-        lines.push(`  ${mid(f.source)} -- "${flowIcon(f.mechanism)} ${label(f.mechanism, 22)}" --> ${mid(f.target)}`);
-      } else {
-        lines.push(`  ${mid(f.source)} --> ${mid(f.target)}`);
-      }
+    const source = resolve('asset', f.source);
+    const target = resolve('asset', f.target);
+    if (!usedAssetKeys.has(source.key) || !usedAssetKeys.has(target.key)) continue;
+    if (f.mechanism) {
+      edge(source.key, target.key, `flow:${f.mechanism}`, `${mid(source.key)} -- "${flowIcon(f.mechanism)} ${label(f.mechanism, 22)}" --> ${mid(target.key)}`);
+    } else {
+      edge(source.key, target.key, 'flow', `${mid(source.key)} --> ${mid(target.key)}`);
     }
   }
-  // Trust-boundary crossing edges (dashed purple line between zones)
   for (const b of model.boundaries) {
-    const aIn = usedAssets.has(b.asset_a) || usedAssets.has(normalizeRef(b.asset_a));
-    const bIn = usedAssets.has(b.asset_b) || usedAssets.has(normalizeRef(b.asset_b));
-    if (!aIn || !bIn) continue;
-    const key = `${mid(b.asset_a)}->boundary->${mid(b.asset_b)}`;
-    if (!edges.has(key)) {
-      edges.add(key);
-      const desc = b.description ? label(b.description, 26) : 'trust boundary';
-      lines.push(`  ${mid(b.asset_a)} -.-|🧱 ${desc}| ${mid(b.asset_b)}`);
-    }
+    const a = resolve('asset', b.asset_a);
+    const z = resolve('asset', b.asset_b);
+    if (!usedAssetKeys.has(a.key) || !usedAssetKeys.has(z.key)) continue;
+    const desc = b.description ? label(b.description, 26) : 'trust boundary';
+    edge(a.key, z.key, 'bnd', `${mid(a.key)} -.-|🧱 ${desc}| ${mid(z.key)}`);
   }
 
-  lines.push('  classDef threat fill:#991b1b,stroke:#ef4444,color:#fecaca');
-  lines.push('  classDef control fill:#065f46,stroke:#10b981,color:#a7f3d0');
+  lines.push('  classDef threat fill:#3a1010,stroke:#ea1d1d,color:#f0f0f0,stroke-width:1.3px');
+  lines.push('  classDef control fill:#102a24,stroke:#33d49d,color:#f0f0f0,stroke-width:1.3px');
 
   return lines.join('\n');
 }
 
-/**
+/* ══════════════════════════════════════════════════════════════════════════
  * Diagram 2: Data Flow Diagram
- * Shows @flows between components with @boundary as subgraphs.
+ * ══════════════════════════════════════════════════════════════════════════ */
+
+/**
+ * LR flow graph. Each @boundary produces a paired subgraph (both sides appear
+ * inside a single zone) labelled by the boundary description; the boundary
+ * itself is drawn as a purple dashed edge between the two sides. Assets that
+ * are not touched by any boundary render as standalone nodes.
  */
 export function generateDataFlowDiagram(model: ThreatModel): string {
   if (model.flows.length === 0) return '';
 
-  const maxMechanismLen = model.flows.reduce((max, f) => {
-    const len = (f.mechanism || '').length;
-    return len > max ? len : max;
-  }, 0);
+  const aliases = buildAliases(model);
+  const resolve = (ref: string) => aliases.resolve('asset', ref);
+
+  // Dynamic spacing based on longest mechanism label so mermaid doesn't crush long edges.
+  const maxMechanismLen = model.flows.reduce((max, f) => Math.max(max, (f.mechanism || '').length), 0);
   const spacingBoost = Math.max(0, Math.min(140, (maxMechanismLen - 24) * 3));
-  const nodeSpacing = 40 + Math.floor(spacingBoost * 0.4);
-  const rankSpacing = 50 + spacingBoost;
+  const nodeSpacing = 44 + Math.floor(spacingBoost * 0.4);
+  const rankSpacing = 58 + spacingBoost;
 
   const lines: string[] = [
-    `%%{init: {"flowchart": {"nodeSpacing": ${nodeSpacing}, "rankSpacing": ${rankSpacing}, "curve": "basis"}}}%%`,
+    `%%{init: {"flowchart": {"nodeSpacing": ${nodeSpacing}, "rankSpacing": ${rankSpacing}, "curve": "basis", "htmlLabels": false}}}%%`,
     'graph LR',
   ];
 
-  // Collect boundary zones: each side of a boundary is a separate zone
-  // An asset may appear in multiple boundaries, so track zone membership
-  const assetZone = new Map(); // asset -> zone label
-  const zones = new Map>(); // zone label -> members
-  const boundaryEdges: { a: string; b: string; desc: string }[] = [];
-  let zIdx = 0;
+  // Data handling badges keyed on canonical asset key
+  const handlingByKey = new Map();
+  for (const h of model.data_handling) {
+    const node = resolve(h.asset);
+    const list = handlingByKey.get(node.key) ?? [];
+    if (!list.includes(h.classification)) list.push(h.classification);
+    handlingByKey.set(node.key, list);
+  }
 
-  for (const b of model.boundaries) {
-    const desc = b.description || b.id || `${b.asset_a}/${b.asset_b}`;
-    // Assign each side to its own zone if not already in one
-    if (!assetZone.has(b.asset_a)) {
-      const zoneLabel = `Z${zIdx++}`;
-      assetZone.set(b.asset_a, zoneLabel);
-      zones.set(zoneLabel, new Set([b.asset_a]));
-    }
-    if (!assetZone.has(b.asset_b)) {
-      const zoneLabel = `Z${zIdx++}`;
-      assetZone.set(b.asset_b, zoneLabel);
-      zones.set(zoneLabel, new Set([b.asset_b]));
-    }
-    boundaryEdges.push({ a: b.asset_a, b: b.asset_b, desc });
+  const nodeLabel = (n: AliasNode): string => {
+    const badges = handlingByKey.get(n.key);
+    const suffix = badges && badges.length > 0 ? ` · ${badges.join(', ')}` : '';
+    return `${assetIcon(n.label)} ${labelFull(n.label)}${suffix}`;
+  };
+
+  // Collect the set of assets actually used by flows (or boundaries)
+  const usedAssets = new Map();
+  for (const f of model.flows) {
+    const s = resolve(f.source);
+    const t = resolve(f.target);
+    usedAssets.set(s.key, s);
+    usedAssets.set(t.key, t);
   }
 
-  // Emit zone subgraphs
-  const inBoundary = new Set();
-  for (const [zoneId, members] of zones) {
-    const representative = [...members][0];
-    lines.push(`  subgraph ${zoneId}["🧱 Trust Zone · ${labelFull(representative)}"]`);
-    for (const m of members) {
-      lines.push(`    ${mid(m)}["${assetIcon(m)} ${labelFull(m)}"]`);
-      inBoundary.add(m);
-    }
+  // Emit one subgraph PER SIDE of each boundary (A and B live in different trust zones).
+  // Label combines the boundary description with the side's asset so the visual
+  // cleanly conveys "this zone is on one side of ".
+  const placedAssets = new Set();
+  let zIdx = 0;
+  const emitSide = (node: AliasNode, desc: string): void => {
+    if (placedAssets.has(node.key)) return;
+    const zoneId = `Z${zIdx++}`;
+    const zoneLabel = desc === node.label ? node.label : `${node.label} · ${desc}`;
+    lines.push(`  subgraph ${zoneId}["🧱 ${labelFull(zoneLabel)}"]`);
+    lines.push(`    ${mid(node.key)}["${nodeLabel(node)}"]`);
     lines.push('  end');
+    placedAssets.add(node.key);
+    usedAssets.set(node.key, node);
+  };
+  for (const b of model.boundaries) {
+    const a = resolve(b.asset_a);
+    const z = resolve(b.asset_b);
+    if (!usedAssets.has(a.key) && !usedAssets.has(z.key)) continue;
+    const desc = b.description || b.id || 'trust boundary';
+    emitSide(a, desc);
+    emitSide(z, desc);
   }
 
-  // Emit boundary edges between zones (thick dashed line)
-  for (const be of boundaryEdges) {
-    lines.push(`  ${mid(be.a)} -.-|🧱 ${labelFull(be.desc)}| ${mid(be.b)}`);
+  // Standalone nodes (flow endpoints not inside any boundary zone)
+  for (const node of usedAssets.values()) {
+    if (placedAssets.has(node.key)) continue;
+    lines.push(`  ${mid(node.key)}["${nodeLabel(node)}"]`);
+    placedAssets.add(node.key);
   }
 
-  // Data handling badges
-  const handling = new Map();
-  for (const h of model.data_handling) {
-    if (!handling.has(h.asset)) handling.set(h.asset, []);
-    handling.get(h.asset)!.push(h.classification);
-  }
-
-  // Standalone nodes (not in any boundary)
-  const allNodes = new Set();
-  for (const f of model.flows) { allNodes.add(f.source); allNodes.add(f.target); }
-  for (const n of allNodes) {
-    if (!inBoundary.has(n)) {
-      const badges = handling.get(n);
-      const suffix = badges ? ` · ${badges.join(', ')}` : '';
-      lines.push(`  ${mid(n)}["${assetIcon(n)} ${labelFull(n)}${suffix}"]`);
-    }
+  // Boundary edges: a visual connector between the two sides
+  const emittedBoundaries = new Set();
+  for (const b of model.boundaries) {
+    const a = resolve(b.asset_a);
+    const z = resolve(b.asset_b);
+    const k = `${a.key}|${z.key}`;
+    if (emittedBoundaries.has(k)) continue;
+    emittedBoundaries.add(k);
+    const desc = b.description ? labelFull(b.description) : 'trust boundary';
+    lines.push(`  ${mid(a.key)} -.-|🧱 ${desc}| ${mid(z.key)}`);
   }
 
   // Flow edges
+  const emittedFlows = new Set();
   for (const f of model.flows) {
+    const s = resolve(f.source);
+    const t = resolve(f.target);
+    const k = `${s.key}|${t.key}|${f.mechanism || ''}`;
+    if (emittedFlows.has(k)) continue;
+    emittedFlows.add(k);
     if (f.mechanism) {
-      lines.push(`  ${mid(f.source)} -- "${flowIcon(f.mechanism)} ${labelFull(f.mechanism)}" --> ${mid(f.target)}`);
+      lines.push(`  ${mid(s.key)} -- "${flowIcon(f.mechanism)} ${labelFull(f.mechanism)}" --> ${mid(t.key)}`);
     } else {
-      lines.push(`  ${mid(f.source)} --> ${mid(f.target)}`);
+      lines.push(`  ${mid(s.key)} --> ${mid(t.key)}`);
     }
   }
 
   return lines.join('\n');
 }
 
-/**
+/* ══════════════════════════════════════════════════════════════════════════
  * Diagram 3: Attack Surface Map
- * Groups exposures by asset, colored by severity.
- */
-export function generateAttackSurface(model: ThreatModel): string {
-  if (model.exposures.length === 0) return '';
-
-  const lines: string[] = ['graph LR'];
+ * ══════════════════════════════════════════════════════════════════════════ */
 
-  // Build set of mitigated/accepted (normalize refs for consistent matching)
-  const resolved = new Set();
-  for (const m of model.mitigations) resolved.add(`${normalizeRef(m.asset)}::${normalizeRef(m.threat)}`);
-  for (const a of model.acceptances) resolved.add(`${normalizeRef(a.asset)}::${normalizeRef(a.threat)}`);
+interface AttackSurfaceEntry {
+  threatLabel: string;
+  severity: string;
+  count: number;
+  status: 'open' | 'mitigated' | 'accepted' | 'confirmed';
+}
 
-  // Group exposures by asset, deduplicate by threat, keep highest severity
-  const sevOrder: Record = { critical: 0, p0: 0, high: 1, p1: 1, medium: 2, p2: 2, low: 3, p3: 3, unset: 4 };
-  const byAsset = new Map>();
+/**
+ * TB grouping: exposures per asset, coloured by severity and marked by status.
+ *   - ⚠️  open
+ *   - ✅  mitigated
+ *   - 🟦  accepted
+ *   - 💥  confirmed (raises severity to critical)
+ */
+export function generateAttackSurface(model: ThreatModel): string {
+  if (model.exposures.length === 0 && (!model.confirmed || model.confirmed.length === 0)) return '';
+
+  const aliases = buildAliases(model);
+  const resolveAsset = (ref: string) => aliases.resolve('asset', ref);
+  const resolveThreat = (ref: string) => aliases.resolve('threat', ref);
+
+  // Compute per-pair resolution using canonical keys
+  const mitigatedPairs = new Set();
+  const acceptedPairs = new Set();
+  for (const m of model.mitigations) mitigatedPairs.add(`${resolveAsset(m.asset).key}::${resolveThreat(m.threat).key}`);
+  for (const a of model.acceptances) acceptedPairs.add(`${resolveAsset(a.asset).key}::${resolveThreat(a.threat).key}`);
+  const confirmedPairs = new Set();
+  for (const c of model.confirmed || []) confirmedPairs.add(`${resolveAsset(c.asset).key}::${resolveThreat(c.threat).key}`);
+
+  // Group by canonical asset key → canonical threat key → entry
+  type AssetGroup = { label: string; threats: Map; openCount: number; mitigatedCount: number; confirmedCount: number };
+  const byAsset = new Map();
+
+  const getGroup = (assetRef: string): AssetGroup => {
+    const node = resolveAsset(assetRef);
+    let g = byAsset.get(node.key);
+    if (!g) {
+      g = { label: node.label, threats: new Map(), openCount: 0, mitigatedCount: 0, confirmedCount: 0 };
+      byAsset.set(node.key, g);
+    }
+    return g;
+  };
 
   for (const e of model.exposures) {
-    if (!byAsset.has(e.asset)) byAsset.set(e.asset, new Map());
-    const assetMap = byAsset.get(e.asset)!;
-    const existing = assetMap.get(e.threat);
-    const sev = (e.severity || 'unset').toLowerCase();
-    const isResolved = resolved.has(`${normalizeRef(e.asset)}::${normalizeRef(e.threat)}`);
-    if (!existing || (sevOrder[sev] ?? 4) < (sevOrder[existing.severity] ?? 4)) {
-      assetMap.set(e.threat, { threat: e.threat, severity: sev, count: (existing?.count || 0) + 1, resolved: isResolved });
+    const group = getGroup(e.asset);
+    const threatNode = resolveThreat(e.threat);
+    const pair = `${resolveAsset(e.asset).key}::${threatNode.key}`;
+    const sev = normalizeSeverity(e.severity || threatNode.severity);
+    const existing = group.threats.get(threatNode.key);
+    const isConfirmed = confirmedPairs.has(pair);
+    const status: AttackSurfaceEntry['status'] = isConfirmed ? 'confirmed' : acceptedPairs.has(pair) ? 'accepted' : mitigatedPairs.has(pair) ? 'mitigated' : 'open';
+    const escalated = isConfirmed ? 'critical' : sev;
+    if (!existing) {
+      group.threats.set(threatNode.key, { threatLabel: threatNode.label, severity: escalated, count: 1, status });
     } else {
       existing.count++;
+      existing.severity = strongerSeverity(existing.severity, escalated);
+      existing.status = status === 'confirmed' ? 'confirmed' : status === 'open' && existing.status === 'mitigated' ? 'open' : existing.status;
     }
   }
 
-  let eIdx = 0;
-  for (const [asset, threatMap] of byAsset) {
-    // Sort threats by severity (critical first)
-    const sorted = [...threatMap.values()].sort((a, b) => (sevOrder[a.severity] ?? 4) - (sevOrder[b.severity] ?? 4));
+  // Make sure confirmed-only rows (no matching exposure) still appear
+  for (const c of model.confirmed || []) {
+    const group = getGroup(c.asset);
+    const threatNode = resolveThreat(c.threat);
+    const existing = group.threats.get(threatNode.key);
+    const sev = normalizeSeverity(c.severity || 'critical');
+    if (!existing) {
+      group.threats.set(threatNode.key, { threatLabel: threatNode.label, severity: sev, count: 1, status: 'confirmed' });
+    } else {
+      existing.status = 'confirmed';
+      existing.severity = strongerSeverity(existing.severity, sev);
+    }
+  }
+
+  // Roll up counts per group
+  for (const g of byAsset.values()) {
+    for (const t of g.threats.values()) {
+      if (t.status === 'open') g.openCount++;
+      else if (t.status === 'mitigated' || t.status === 'accepted') g.mitigatedCount++;
+      if (t.status === 'confirmed') g.confirmedCount++;
+    }
+  }
+
+  // Sort assets: confirmed first, then by open count desc, then by label
+  const assetsSorted = [...byAsset.entries()].sort(([, a], [, b]) => {
+    if (a.confirmedCount !== b.confirmedCount) return b.confirmedCount - a.confirmedCount;
+    if (a.openCount !== b.openCount) return b.openCount - a.openCount;
+    return a.label.localeCompare(b.label);
+  });
+
+  const lines: string[] = [
+    '%%{init: {"flowchart": {"nodeSpacing": 38, "rankSpacing": 48, "curve": "linear", "htmlLabels": false}}}%%',
+    'graph TB',
+  ];
 
-    lines.push(`  subgraph A_${mid(asset)}["${label(asset)}"]`);
+  let eIdx = 0;
+  for (const [assetKey, group] of assetsSorted) {
+    const totalThreats = group.threats.size;
+    const coverage = totalThreats === 0 ? 0 : Math.round((group.mitigatedCount / totalThreats) * 100);
+    const statusSuffix = group.confirmedCount > 0
+      ? ` · 💥 ${group.confirmedCount} confirmed`
+      : group.openCount > 0
+        ? ` · ⚠ ${group.openCount} open`
+        : ` · ✅ ${coverage}% covered`;
+
+    lines.push(`  subgraph A_${mid(assetKey)}["${label(group.label)}${statusSuffix}"]`);
     lines.push(`    direction TB`);
+
+    const sorted = [...group.threats.values()].sort((a, b) => (severityRank[a.severity] ?? 4) - (severityRank[b.severity] ?? 4));
+
     for (const entry of sorted) {
-      let cls = 'sev_unset';
-      if (entry.severity === 'critical' || entry.severity === 'p0') cls = 'sev_crit';
-      else if (entry.severity === 'high' || entry.severity === 'p1') cls = 'sev_high';
-      else if (entry.severity === 'medium' || entry.severity === 'p2') cls = 'sev_med';
-      else if (entry.severity === 'low' || entry.severity === 'p3') cls = 'sev_low';
-
-      const icon = entry.resolved ? '✅' : '⚠️';
-      const threatLabel = label(entry.threat.replace('#', ''), 30);
-      const countSuffix = entry.count > 1 ? ` x${entry.count}` : '';
+      const cls = severityClass(entry.severity);
+      const icon = entry.status === 'confirmed' ? '💥'
+        : entry.status === 'mitigated' ? '✅'
+          : entry.status === 'accepted' ? '🟦'
+            : '⚠️';
+      const threatLabel = label(entry.threatLabel, 30);
+      const countSuffix = entry.count > 1 ? ` ×${entry.count}` : '';
       lines.push(`    E${eIdx}["${icon} ${threatLabel}${countSuffix}"]:::${cls}`);
       eIdx++;
     }
     lines.push('  end');
   }
 
-  lines.push('  classDef sev_crit fill:#7f1d1d,stroke:#ef4444,color:#fecaca');
-  lines.push('  classDef sev_high fill:#7c2d12,stroke:#f97316,color:#fed7aa');
-  lines.push('  classDef sev_med fill:#78350f,stroke:#f59e0b,color:#fef3c7');
-  lines.push('  classDef sev_low fill:#1e3a5f,stroke:#3b82f6,color:#bfdbfe');
-  lines.push('  classDef sev_unset fill:#374151,stroke:#9ca3af,color:#e5e7eb');
+  lines.push('  classDef sev_crit fill:#3a1010,stroke:#ea1d1d,color:#f0f0f0,stroke-width:1.4px');
+  lines.push('  classDef sev_high fill:#402019,stroke:#ea1d1d,color:#f0f0f0,stroke-width:1.2px');
+  lines.push('  classDef sev_med fill:#1f3943,stroke:#55899e,color:#f0f0f0');
+  lines.push('  classDef sev_low fill:#10263b,stroke:#0360a2,color:#f0f0f0');
+  lines.push('  classDef sev_unset fill:#223942,stroke:#3b6779,color:#f0f0f0');
 
   return lines.join('\n');
 }
-
diff --git a/src/dashboard/generate.ts b/src/dashboard/generate.ts
index 69842e9..7233cfd 100644
--- a/src/dashboard/generate.ts
+++ b/src/dashboard/generate.ts
@@ -10,8 +10,10 @@
  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"
  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"
  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"
+ * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"
  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"
  * @flows #dashboard -> HTML via return -- "Generated HTML output"
+ * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"
  * @handles internal on #dashboard -- "Processes and displays threat model data"
  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"
  */
@@ -20,7 +22,8 @@ import type { ThreatModel } from '../types/index.js';
 import { listFeatures } from '../parser/feature-filter.js';
 import { computeStats, computeSeverity, computeExposures, computeConfirmed, computeAssetHeatmap } from './data.js';
 import type { DashboardStats, SeverityBreakdown, ExposureRow, ConfirmedRow, AssetHeatmapEntry } from './data.js';
-import { generateThreatGraph, generateDataFlowDiagram, generateAttackSurface } from './diagrams.js';
+import { generateThreatGraph, generateDataFlowDiagram, generateAttackSurface, generateTopologyData } from './diagrams.js';
+import type { DiagramTopology } from './diagrams.js';
 import type { ThreatReportWithContent, PentestData } from '../analyze/index.js';
 import { readFileSync } from 'fs';
 import { resolve, isAbsolute } from 'path';
@@ -32,8 +35,10 @@ export function generateDashboardHTML(model: ThreatModel, root?: string, analyse
   const confirmedRows = computeConfirmed(model);
   const heatmap = computeAssetHeatmap(model);
   const threatGraph = generateThreatGraph(model);
+  const threatGraphFull = generateThreatGraph(model, { showAll: true });
   const dataFlow = generateDataFlowDiagram(model);
   const attackSurface = generateAttackSurface(model);
+  const topology = generateTopologyData(model);
   const featureNames = listFeatures(model);
   const timestamp = new Date().toISOString().slice(0, 19).replace('T', ' ');
   const unmitigated = exposures.filter(e => !e.mitigated && !e.accepted);
@@ -80,12 +85,14 @@ ${CSS_CONTENT}
     Threat Model
   

   

-    
Assets ${stats.assets}

-    
Open ${unmitigated.length}

-    
Controls ${stats.controls}

-    
Coverage ${stats.coveragePercent}%

-${featureNames.length > 0 ? `    

-      
         
 ${featureNames.map(f => `        `).join('\n')}
       
@@ -97,11 +104,11 @@ ${featureNames.map(f => `        `).
 

 
 
-`;
 }
 
@@ -1137,11 +1698,13 @@ function renderAIAnalysisPage(analyses: ThreatReportWithContent[]): string {
   return `
 

   
 Threat Reports

+  

   

     
     
   

   

+  

 
`;
 }
 
@@ -1258,8 +1821,8 @@ function renderThreatsPage(exposures: ExposureRow[], confirmed: ConfirmedRow[],
   
 Threats & Exposures

 
   ${confirmed.length > 0 ? `
-  
🔴 Confirmed Exploitable (${confirmed.length})

-  
Verified through pentest, scanning, or manual reproduction — not false positives.

+  
🔴 Confirmed Exploitable (${confirmed.length})

+  
Verified through pentest, scanning, or manual reproduction — not false positives.

   
@@ -1274,8 +1837,8 @@ function renderThreatsPage(exposures: ExposureRow[], confirmed: ConfirmedRow[],
     

     
AssetThreatSeverityDescriptionLocation

     
   
` : ''}
 
-  
Open Threats (${open.length})

-  
Exposed in code but not mitigated by any control.

+  
Open Threats (${open.length})

+  
Exposed in code but not mitigated by any control.

   ${open.length > 0 ? `
   
@@ -1291,7 +1854,7 @@ function renderThreatsPage(exposures: ExposureRow[], confirmed: ConfirmedRow[],
     

     
AssetThreatSeverityDescriptionLocation

   
` : '
All exposed threats are mitigated or accepted.
'}
 
-  
Mitigated Threats (${mitigated.length})

+  
Mitigated Threats (${mitigated.length})

   ${mitigated.length > 0 ? `
   
@@ -1308,7 +1871,7 @@ function renderThreatsPage(exposures: ExposureRow[], confirmed: ConfirmedRow[],
   

     
AssetThreatSeverityDescriptionLocation
` : '
No mitigations found.
'}
 
   ${accepted.length > 0 ? `
-  
Accepted Risks (${accepted.length})

+  
Accepted Risks (${accepted.length})

   
@@ -1324,7 +1887,7 @@ function renderThreatsPage(exposures: ExposureRow[], confirmed: ConfirmedRow[],
   

     
AssetThreatSeverityDescriptionLocation

     
` : ''}
 
   ${model.transfers.length > 0 ? `
-  
Transferred Risks (${model.transfers.length})

+  
Transferred Risks (${model.transfers.length})

   
@@ -1358,21 +1921,128 @@ function renderThreatsPage(exposures: ExposureRow[], confirmed: ConfirmedRow[],
 `;
 }
 
-function renderDiagramsPage(threatGraph: string, dataFlow: string, attackSurface: string): string {
+function renderDiagramsPage(threatGraph: string, threatGraphFull: string, dataFlow: string, attackSurface: string, topology: DiagramTopology): string {
   const tabs = [];
   const panels = [];
+  const diagramActions = `
+          

+            
+            
+            
+          
`;
+
+  if (topology.nodes.length > 0) {
+    tabs.push({ id: 'risk-topology', label: 'Risk Topology', icon: '◎' });
+    // Which link kinds are actually present? Only show filters that apply.
+    const availableLinkKinds: Set = new Set(topology.links.map(l => l.kind));
+    const linkKindCatalog: Array<[string, string]> = [
+      ['exposes', 'Exposures'],
+      ['confirmed', 'Confirmed'],
+      ['mitigates', 'Mitigations'],
+      ['protects', 'Protects'],
+      ['validates', 'Validates'],
+      ['flows', 'Flows'],
+      ['boundary', 'Boundaries'],
+      ['transfers', 'Transfers'],
+      ['accepts', 'Accepts'],
+    ];
+    const linkFilters = linkKindCatalog
+      .filter(([k]) => availableLinkKinds.has(k))
+      .map(([k, label]) => ``)
+      .join('\n          ');
+    panels.push(`

+      

+        

+          Risk Topology
+          

+            
+            
+            
+            
+          

+        

+        

+          
+          

+            
+            
+            
+            
+          

+          ${topology.nodes.length} nodes · ${topology.links.length} links
+        

+        

+          Edges
+          ${linkFilters}
+        

+        

+          

+          
+        

+        

+          Asset
+          Threat
+          Control
+          Confirmed
+          Exposure
+          Mitigates
+          Flow
+          Boundary
+        

+      

+    
`);
+  }
 
   if (threatGraph) {
     tabs.push({ id: 'threat-graph', label: 'Threat Graph', icon: '🔷' });
-    panels.push(`
\n${threatGraph}\n
`);
+    const hasFullVariant = threatGraphFull && threatGraphFull !== threatGraph;
+    const showAllBtn = hasFullVariant
+      ? ``
+      : '';
+    panels.push(`

+      

+        

+          Threat Graph
+          

+            ${showAllBtn}
+            
+            
+            
+          

+        

+        

+          
\n${esc(threatGraph)}\n

+          ${hasFullVariant ? `` : ''}
+        

+        
Assets, threats, controls, and mitigations. ${hasFullVariant ? 'Filtered to high/critical by default — click All severities to expand.' : ''}

+      

+    
`);
   }
   if (dataFlow) {
     tabs.push({ id: 'data-flow', label: 'Data Flow', icon: '↔' });
-    panels.push(`
\n${dataFlow}\n
`);
+    panels.push(`

+      

+        

+          Data Flow
+${diagramActions}
+        

+        
\n${esc(dataFlow)}\n

+        
Trust zones (🧱) and data movement across system boundaries. Each boundary shows both sides of the trust line.

+      

+    
`);
   }
   if (attackSurface) {
     tabs.push({ id: 'attack-surface', label: 'Attack Surface', icon: '⚠' });
-    panels.push(`
\n${attackSurface}\n
`);
+    panels.push(`

+      

+        

+          Attack Surface
+${diagramActions}
+        

+        
\n${esc(attackSurface)}\n

+        
Exposures per asset, severity-coloured. 💥 confirmed, ⚠️ open, ✅ mitigated, 🟦 accepted.

+      

+    
`);
   }
 
   if (tabs.length === 0) {
@@ -1385,7 +2055,7 @@ function renderDiagramsPage(threatGraph: string, dataFlow: string, attackSurface
   return `
 

   
 Diagrams

-  
Interactive diagrams from annotations. Scroll to zoom, drag to pan, double-click to reset.

+  
Interactive diagrams generated from annotations. The topology view supports search, filtering, drag, pan, and node inspection.

   

     ${tabs.map((t, i) => ``).join('')}
   

@@ -1727,247 +2397,1301 @@ function computeRiskGrade(sev: SeverityBreakdown, unmitigatedCount: number, tota
 const CSS_CONTENT = `
 /* ── Reset ── */
 *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
-:root { --font-ui: 'Inter', system-ui, -apple-system, sans-serif; --font-mono: 'JetBrains Mono', 'SF Mono', Menlo, Consolas, monospace; }
+*::selection { background: color-mix(in oklab, var(--accent) 35%, transparent); color: var(--text); }
+:root {
+  --font-ui: 'Inter', system-ui, -apple-system, sans-serif;
+  --font-mono: 'JetBrains Mono', 'SF Mono', Menlo, Consolas, monospace;
+  --ease: cubic-bezier(.2,.8,.2,1);
+  --radius-sm: 6px; --radius-md: 8px; --radius-lg: 12px;
+  --drawer-w: 440px; --sidebar-w: 220px;
+}
 
-/* ══ DARK THEME (Bravos) ══ */
+/* ══ DARK THEME — Modern deep-slate ══ */
 [data-theme="dark"] {
-  --bg: #0a0d10; --surface: #0d1117; --surface2: #1a1f25; --border: #1f3943; --border-subtle: #162028;
-  --text: #f0f0f0; --muted: #55899e; --text-dim: #3b6779;
-  --accent: #2dd4a7; --blue: #0360a2; --green: #10b981; --red: #ea1d1d;
-  --orange: #f97316; --yellow: #f59e0b; --purple: #a78bfa;
-  --sev-crit: #ef4444; --sev-high: #f97316; --sev-med: #f59e0b; --sev-low: #3b82f6; --sev-unset: #6b7280;
-  --badge-red-bg: #7f1d1d; --badge-green-bg: #065f46; --badge-blue-bg: #1e3a5f;
-  --risk-f: #7f1d1d; --risk-d: #7c2d12; --risk-c: #78350f; --risk-b: #1e3a5f; --risk-a: #065f46;
-  --heatmap-crit: #7f1d1d; --heatmap-high: #7c2d12; --heatmap-med: #78350f;
-  --heatmap-low: #1e3a5f; --heatmap-none: #1a1f25;
-  --table-alt: #141a20; --table-hover: #1e2830; --shadow: 0 1px 3px rgba(0,0,0,.4);
-  --logo-bg: #2dd4a7; --logo-text: #0a0d10;
-  --drawer-w: 420px; --sidebar-w: 210px;
-}
-
-/* ══ LIGHT THEME ══ */
+  --bg: #000000;
+  --bg-gradient: radial-gradient(ellipse 1000px 500px at 15% 0%, rgba(51,212,157,.09), transparent 58%),
+                 radial-gradient(ellipse 800px 400px at 95% 10%, rgba(3,96,162,.10), transparent 60%);
+  --surface: #0f1b20;
+  --surface2: #172930;
+  --surface3: #1f3943;
+  --border: #1f3943;
+  --border-subtle: #1a3139;
+  --border-strong: #55899e;
+
+  --text: #f0f0f0;
+  --muted: #55899e;
+  --text-dim: #3b6779;
+
+  --accent: #33d49d;
+  --accent-soft: rgba(51,212,157,.12);
+  --accent-dim: rgba(51,212,157,.22);
+  --accent-hover: #ffffff;
+
+  --blue: #0360a2;
+  --green: #33d49d;
+  --red: #ea1d1d;
+  --orange: #ea1d1d;
+  --yellow: #55899e;
+  --purple: #0360a2;
+
+  --sev-crit: #ea1d1d;
+  --sev-high: #ea1d1d;
+  --sev-med:  #55899e;
+  --sev-low:  #0360a2;
+  --sev-unset:#3b6779;
+
+  --sev-crit-bg: rgba(234,29,29,.14);
+  --sev-high-bg: rgba(234,29,29,.10);
+  --sev-med-bg:  rgba(85,137,158,.16);
+  --sev-low-bg:  rgba(3,96,162,.16);
+
+  --badge-red-bg:   rgba(234,29,29,.16);
+  --badge-green-bg: rgba(51,212,157,.16);
+  --badge-blue-bg:  rgba(3,96,162,.16);
+  --badge-red-fg:   #f0f0f0;
+  --badge-green-fg: #33d49d;
+  --badge-blue-fg:  #f0f0f0;
+
+  --risk-f: linear-gradient(135deg, rgba(234,29,29,.20), rgba(234,29,29,.05));
+  --risk-d: linear-gradient(135deg, rgba(234,29,29,.14), rgba(234,29,29,.04));
+  --risk-c: linear-gradient(135deg, rgba(85,137,158,.18), rgba(85,137,158,.05));
+  --risk-b: linear-gradient(135deg, rgba(3,96,162,.18), rgba(3,96,162,.05));
+  --risk-a: linear-gradient(135deg, rgba(51,212,157,.20), rgba(51,212,157,.05));
+  --risk-border-f: rgba(234,29,29,.40);
+  --risk-border-d: rgba(234,29,29,.28);
+  --risk-border-c: rgba(85,137,158,.35);
+  --risk-border-b: rgba(3,96,162,.35);
+  --risk-border-a: rgba(51,212,157,.35);
+
+  --heatmap-crit: linear-gradient(135deg, rgba(234,29,29,.20), rgba(234,29,29,.05));
+  --heatmap-high: linear-gradient(135deg, rgba(234,29,29,.14), rgba(234,29,29,.04));
+  --heatmap-med:  linear-gradient(135deg, rgba(85,137,158,.16), rgba(85,137,158,.04));
+  --heatmap-low:  linear-gradient(135deg, rgba(3,96,162,.16), rgba(3,96,162,.04));
+  --heatmap-none: #172930;
+
+  --table-alt: #13232a;
+  --table-hover: #1c323a;
+  --shadow-sm: 0 1px 2px rgba(0,0,0,.3);
+  --shadow-md: 0 4px 12px rgba(0,0,0,.35), 0 1px 2px rgba(0,0,0,.4);
+  --shadow-lg: 0 12px 32px rgba(0,0,0,.45), 0 2px 6px rgba(0,0,0,.4);
+  --glow-accent: 0 0 0 1px rgba(45,212,191,.25), 0 8px 24px rgba(45,212,191,.12);
+
+  --logo-bg: linear-gradient(135deg, #33d49d, #0360a2);
+  --logo-text: #000000;
+}
+
+/* ══ LIGHT THEME — Refined off-white ══ */
 [data-theme="light"] {
-  --bg: #f8fafc; --surface: #ffffff; --surface2: #f1f5f9; --border: #d1d5db; --border-subtle: #e5e7eb;
-  --text: #1a1a2e; --muted: #4a5568; --text-dim: #9ca3af;
-  --accent: #0d9373; --blue: #2563eb; --green: #059669; --red: #dc2626;
-  --orange: #ea580c; --yellow: #d97706; --purple: #7c3aed;
-  --sev-crit: #dc2626; --sev-high: #ea580c; --sev-med: #d97706; --sev-low: #2563eb; --sev-unset: #6b7280;
-  --badge-red-bg: #fef2f2; --badge-green-bg: #ecfdf5; --badge-blue-bg: #eff6ff;
-  --risk-f: #fef2f2; --risk-d: #fff7ed; --risk-c: #fffbeb; --risk-b: #eff6ff; --risk-a: #ecfdf5;
-  --heatmap-crit: #fef2f2; --heatmap-high: #fff7ed; --heatmap-med: #fffbeb;
-  --heatmap-low: #eff6ff; --heatmap-none: #f9fafb;
-  --table-alt: #f9fafb; --table-hover: #f1f5f9; --shadow: 0 1px 3px rgba(0,0,0,.08);
-  --logo-bg: #0d9373; --logo-text: #ffffff;
-  --drawer-w: 420px; --sidebar-w: 210px;
-}
-
-body { font-family: var(--font-ui); background: var(--bg); color: var(--text); line-height: 1.5; overflow: hidden; height: 100vh; }
-a { color: var(--accent); text-decoration: none; }
-code { background: var(--border); padding: 1px 4px; border-radius: 3px; font-size: .75rem; font-family: var(--font-mono); }
+  --bg: #f0f0f0;
+  --bg-gradient: radial-gradient(ellipse 1000px 500px at 15% 0%, rgba(51,212,157,.10), transparent 58%),
+                 radial-gradient(ellipse 800px 400px at 95% 10%, rgba(3,96,162,.08), transparent 60%);
+  --surface: #ffffff;
+  --surface2: #f0f0f0;
+  --surface3: #e8eef0;
+  --border: #55899e;
+  --border-subtle: #d9e4e8;
+  --border-strong: #1f3943;
+
+  --text: #1f3943;
+  --muted: #55899e;
+  --text-dim: #3b6779;
+
+  --accent: #33d49d;
+  --accent-soft: rgba(51,212,157,.12);
+  --accent-dim: rgba(51,212,157,.20);
+  --accent-hover: #0360a2;
+
+  --blue: #0360a2;
+  --green: #33d49d;
+  --red: #ea1d1d;
+  --orange: #ea1d1d;
+  --yellow: #55899e;
+  --purple: #0360a2;
+
+  --sev-crit: #ea1d1d;
+  --sev-high: #ea1d1d;
+  --sev-med:  #3b6779;
+  --sev-low:  #0360a2;
+  --sev-unset:#55899e;
+
+  --sev-crit-bg: rgba(234,29,29,.10);
+  --sev-high-bg: rgba(234,29,29,.08);
+  --sev-med-bg:  rgba(59,103,121,.10);
+  --sev-low-bg:  rgba(3,96,162,.10);
+
+  --badge-red-bg:   rgba(234,29,29,.12);
+  --badge-green-bg: rgba(51,212,157,.14);
+  --badge-blue-bg:  rgba(3,96,162,.14);
+  --badge-red-fg:   #ea1d1d;
+  --badge-green-fg: #1f3943;
+  --badge-blue-fg:  #0360a2;
+
+  --risk-f: linear-gradient(135deg, rgba(234,29,29,.12), rgba(234,29,29,.02));
+  --risk-d: linear-gradient(135deg, rgba(234,29,29,.09), rgba(234,29,29,.02));
+  --risk-c: linear-gradient(135deg, rgba(59,103,121,.12), rgba(59,103,121,.02));
+  --risk-b: linear-gradient(135deg, rgba(3,96,162,.12), rgba(3,96,162,.02));
+  --risk-a: linear-gradient(135deg, rgba(51,212,157,.14), rgba(51,212,157,.02));
+  --risk-border-f: rgba(234,29,29,.28);
+  --risk-border-d: rgba(234,29,29,.2);
+  --risk-border-c: rgba(59,103,121,.26);
+  --risk-border-b: rgba(3,96,162,.24);
+  --risk-border-a: rgba(51,212,157,.28);
+
+  --heatmap-crit: linear-gradient(135deg, rgba(234,29,29,.14), rgba(234,29,29,.02));
+  --heatmap-high: linear-gradient(135deg, rgba(234,29,29,.10), rgba(234,29,29,.02));
+  --heatmap-med:  linear-gradient(135deg, rgba(59,103,121,.10), rgba(59,103,121,.02));
+  --heatmap-low:  linear-gradient(135deg, rgba(3,96,162,.10), rgba(3,96,162,.02));
+  --heatmap-none: #f0f0f0;
+
+  --table-alt: #f7f9fa;
+  --table-hover: #edf3f5;
+  --shadow-sm: 0 1px 2px rgba(15,23,42,.04);
+  --shadow-md: 0 4px 12px rgba(15,23,42,.06), 0 1px 2px rgba(15,23,42,.04);
+  --shadow-lg: 0 12px 32px rgba(15,23,42,.08), 0 2px 6px rgba(15,23,42,.04);
+  --glow-accent: 0 0 0 1px rgba(13,148,136,.20), 0 8px 24px rgba(13,148,136,.10);
+
+  --logo-bg: linear-gradient(135deg, #33d49d, #0360a2);
+  --logo-text: #ffffff;
+}
+
+html, body { height: 100%; }
+body {
+  font-family: var(--font-ui);
+  background: var(--bg-gradient), var(--bg);
+  color: var(--text);
+  line-height: 1.5;
+  font-size: 13.5px;
+  overflow: hidden;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+  letter-spacing: -0.005em;
+}
+a { color: var(--accent); text-decoration: none; transition: color .15s var(--ease); }
+a:hover { color: var(--accent-hover); }
+code {
+  background: var(--surface2);
+  border: 1px solid var(--border-subtle);
+  padding: 1px 5px;
+  border-radius: 4px;
+  font-size: .76rem;
+  font-family: var(--font-mono);
+  color: var(--text);
+}
+::-webkit-scrollbar { width: 10px; height: 10px; }
+::-webkit-scrollbar-track { background: transparent; }
+::-webkit-scrollbar-thumb { background: var(--border); border-radius: 10px; border: 2px solid var(--bg); }
+::-webkit-scrollbar-thumb:hover { background: var(--border-strong); }
 
 /* ── Top Nav ── */
-.topnav { height: 48px; background: var(--surface); border-bottom: 1px solid var(--border); display: flex; align-items: center; padding: 0 1.2rem; gap: 1rem; z-index: 100; }
-.topnav-left { display: flex; align-items: center; gap: .6rem; }
-.topnav-right { margin-left: auto; display: flex; align-items: center; gap: 1rem; }
-.topnav h1 { font-size: 1.1rem; font-weight: 700; white-space: nowrap; }
-.badge { background: var(--accent); color: var(--logo-text); padding: 2px 8px; border-radius: 10px; font-size: .65rem; font-weight: 600; }
-.tn-stat { font-size: .72rem; color: var(--muted); display: flex; align-items: center; gap: 4px; }
-.tn-stat .tn-v { font-weight: 700; font-size: .82rem; }
-.tn-v.red { color: var(--red); } .tn-v.green { color: var(--green); } .tn-v.blue { color: var(--accent); } .tn-v.yellow { color: var(--yellow); }
-.logo { width: 32px; height: 32px; background: var(--logo-bg); color: var(--logo-text); border-radius: 6px; display: flex; align-items: center; justify-content: center; font-weight: 700; font-size: 13px; }
-#themeToggle { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; padding: 4px 8px; cursor: pointer; font-size: 14px; line-height: 1; }
-#themeToggle:hover { background: var(--border); }
+.topnav {
+  height: 52px;
+  background: color-mix(in oklab, var(--surface) 92%, transparent);
+  backdrop-filter: saturate(160%) blur(12px);
+  -webkit-backdrop-filter: saturate(160%) blur(12px);
+  border-bottom: 1px solid var(--border);
+  display: flex; align-items: center;
+  padding: 0 1.4rem; gap: 1rem;
+  z-index: 100;
+  position: relative;
+}
+.topnav::after {
+  content: ''; position: absolute; left: 0; right: 0; bottom: -1px; height: 1px;
+  background: linear-gradient(90deg, transparent, var(--accent-dim) 40%, var(--accent-dim) 60%, transparent);
+  opacity: .55; pointer-events: none;
+}
+.topnav-left { display: flex; align-items: center; gap: .7rem; }
+.topnav-right { margin-left: auto; display: flex; align-items: center; gap: .75rem; }
+.topnav-metrics { display: flex; align-items: center; gap: .5rem; }
+.topnav h1 { font-size: 1.02rem; font-weight: 650; white-space: nowrap; letter-spacing: -0.01em; }
+.badge {
+  background: var(--accent-soft);
+  color: var(--accent);
+  border: 1px solid var(--accent-dim);
+  padding: 2px 9px; border-radius: 999px;
+  font-size: .64rem; font-weight: 600;
+  text-transform: uppercase; letter-spacing: .6px;
+}
+.tn-stat {
+  font-size: .72rem; color: var(--muted); display: flex; align-items: center; gap: 6px;
+  background: color-mix(in oklab, var(--surface2) 88%, transparent);
+  border: 1px solid var(--border);
+  border-radius: 999px;
+  padding: 4px 10px;
+  backdrop-filter: blur(4px);
+}
+.tn-stat .tn-k { letter-spacing: .2px; }
+.tn-stat .tn-v { font-weight: 700; font-size: .85rem; color: var(--text); font-variant-numeric: tabular-nums; }
+.tn-v.red { color: var(--sev-crit); } .tn-v.green { color: var(--green); }
+.tn-v.blue { color: var(--accent); } .tn-v.yellow { color: var(--yellow); }
+.feature-filter-wrap { display: flex; align-items: center; }
+.feature-filter-select {
+  max-width: 170px;
+  background: var(--surface2);
+  color: var(--text);
+  border: 1px solid var(--border);
+  border-radius: 999px;
+  padding: 5px 10px;
+  font-size: .74rem;
+  font-family: var(--font-ui);
+  cursor: pointer;
+  transition: all .15s var(--ease);
+}
+.feature-filter-select:hover { border-color: var(--border-strong); background: var(--surface3); }
+.feature-filter-select:focus { outline: none; border-color: var(--accent); box-shadow: var(--glow-accent); }
+.logo {
+  width: 34px; height: 34px;
+  background: var(--logo-bg); color: var(--logo-text);
+  border-radius: 9px;
+  display: flex; align-items: center; justify-content: center;
+  font-weight: 700; font-size: 12px; letter-spacing: .3px;
+  box-shadow: var(--shadow-sm);
+}
+#themeToggle {
+  background: var(--surface2); border: 1px solid var(--border);
+  border-radius: 8px; padding: 5px 9px; cursor: pointer;
+  font-size: 14px; line-height: 1; color: var(--text);
+  transition: all .15s var(--ease);
+}
+#themeToggle:hover { background: var(--surface3); border-color: var(--border-strong); }
 [data-theme="dark"] .icon-sun { display: none; }
 [data-theme="light"] .icon-moon { display: none; }
+.feature-banner {
+  display: none;
+  align-items: center;
+  gap: 8px;
+  padding: 8px 16px;
+  background: color-mix(in oklab, var(--accent) 88%, var(--surface));
+  color: #fff;
+  font-size: .8rem;
+  font-weight: 600;
+  border-bottom: 1px solid color-mix(in oklab, var(--accent) 45%, var(--border));
+}
+.feature-banner-files { opacity: .75; font-weight: 500; }
+.feature-banner-clear {
+  margin-left: auto;
+  background: rgba(255,255,255,.18);
+  border: 1px solid rgba(255,255,255,.28);
+  color: #fff;
+  padding: 4px 10px;
+  border-radius: 999px;
+  cursor: pointer;
+  font-size: .72rem;
+  font-weight: 600;
+}
+.feature-banner-clear:hover { background: rgba(255,255,255,.28); }
 
 /* ── Layout ── */
-.layout { display: flex; height: calc(100vh - 48px); position: relative; }
-.sidebar { width: var(--sidebar-w); min-width: var(--sidebar-w); background: var(--surface); border-right: 1px solid var(--border); display: flex; flex-direction: column; transition: all .25s ease; }
-.sidebar-nav { flex: 1; overflow-y: auto; padding: .6rem 0; }
-.sidebar.collapsed { width: 50px; min-width: 50px; }
+.layout { display: flex; height: calc(100vh - 54px); position: relative; }
+.sidebar {
+  width: var(--sidebar-w); min-width: var(--sidebar-w);
+  background: var(--surface);
+  border-right: 1px solid var(--border);
+  display: flex; flex-direction: column;
+  transition: width .25s var(--ease), min-width .25s var(--ease);
+}
+.sidebar-nav { flex: 1; overflow-y: auto; padding: .75rem .55rem; }
+.sidebar.collapsed { width: 52px; min-width: 52px; }
 .sidebar.collapsed .nav-text { display: none; }
 .sidebar.collapsed .sep { margin: .5rem .5rem; }
 .sidebar.collapsed .chevron-left { display: none; }
 .sidebar.collapsed .chevron-right { display: block; }
-#sidebarToggle { background: var(--surface2); border: none; border-top: 1px solid var(--border); padding: .8rem; cursor: pointer; color: var(--muted); transition: all .2s; display: flex; align-items: center; justify-content: center; width: 100%; }
-#sidebarToggle:hover { background: var(--border); color: var(--accent); }
+#sidebarToggle {
+  background: transparent; border: none; border-top: 1px solid var(--border);
+  padding: .7rem; cursor: pointer; color: var(--muted);
+  transition: all .15s var(--ease);
+  display: flex; align-items: center; justify-content: center; width: 100%;
+}
+#sidebarToggle:hover { background: var(--surface2); color: var(--accent); }
 #sidebarToggle svg { display: block; }
 #sidebarToggle .chevron-right { display: none; }
-.sidebar a { display: flex; align-items: center; gap: .6rem; padding: .55rem 1rem; font-size: .8rem; color: var(--muted); cursor: pointer; border-left: 3px solid transparent; transition: all .12s; user-select: none; }
+.sidebar a {
+  display: flex; align-items: center; gap: .65rem;
+  padding: .52rem .75rem; margin: 1px .1rem;
+  font-size: .8rem; color: var(--muted); cursor: pointer;
+  border-radius: 7px;
+  transition: background .12s var(--ease), color .12s var(--ease);
+  user-select: none;
+  position: relative;
+}
 .sidebar a:hover { background: var(--surface2); color: var(--text); }
-.sidebar a.active { color: var(--accent); border-left-color: var(--accent); background: rgba(45,212,167,.08); }
-.sidebar .nav-icon { width: 20px; display: flex; align-items: center; justify-content: center; flex-shrink: 0; }
+.sidebar a.active {
+  color: var(--accent);
+  background: var(--accent-soft);
+  font-weight: 550;
+}
+.sidebar a.active::before {
+  content: ''; position: absolute; left: -.1rem; top: 20%; bottom: 20%; width: 2px;
+  background: var(--accent); border-radius: 2px;
+}
+.sidebar .nav-icon { width: 18px; display: flex; align-items: center; justify-content: center; flex-shrink: 0; opacity: .85; }
+.sidebar a.active .nav-icon { opacity: 1; }
 .sidebar .nav-icon svg { display: block; }
-.sidebar .sep { height: 1px; background: var(--border); margin: .5rem 1rem; }
+.sidebar .sep { height: 1px; background: var(--border); margin: .6rem .8rem; }
 .main { flex: 1; overflow-y: auto; padding: 0; }
-.section-content { display: none; padding: 1.2rem 1.5rem; } .section-content.active { display: block; }
+.section-content { display: none; padding: 1.6rem 2rem 3rem; max-width: 1400px; }
+.section-content.active { display: block; animation: fadeIn .2s var(--ease); }
+@keyframes fadeIn { from { opacity: 0; transform: translateY(3px); } to { opacity: 1; transform: none; } }
+.panel {
+  background: color-mix(in oklab, var(--surface) 94%, transparent);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+  padding: 1rem 1.1rem;
+  box-shadow: var(--shadow-sm);
+  margin-bottom: 1rem;
+}
+.panel-row { display: flex; align-items: center; gap: .8rem; margin-bottom: .35rem; }
+.panel-muted { color: var(--muted); font-size: .82rem; }
+.summary-panels {
+  display: grid;
+  grid-template-columns: minmax(250px, 1fr) minmax(320px, 1.3fr);
+  gap: .9rem;
+}
+.ai-analysis-panel { padding-top: .9rem; }
 
 /* ── Drawer ── */
-.drawer-overlay { position: fixed; top: 0; left: 0; right: 0; bottom: 0; background: rgba(0,0,0,.4); z-index: 200; display: none; }
-.drawer-overlay.open { display: block; }
-.drawer { position: fixed; top: 0; right: 0; width: var(--drawer-w); height: 100vh; background: var(--surface); border-left: 1px solid var(--border); z-index: 201; transform: translateX(100%); transition: transform .25s ease; overflow-y: auto; }
+.drawer-overlay {
+  position: fixed; inset: 0;
+  background: rgba(0,0,0,.48);
+  backdrop-filter: blur(2px);
+  -webkit-backdrop-filter: blur(2px);
+  z-index: 200; display: none;
+}
+.drawer-overlay.open { display: block; animation: fadeIn .15s var(--ease); }
+.drawer {
+  position: fixed; top: 0; right: 0;
+  width: var(--drawer-w); height: 100vh;
+  background: var(--surface);
+  border-left: 1px solid var(--border);
+  z-index: 201;
+  transform: translateX(100%);
+  transition: transform .28s var(--ease);
+  overflow-y: auto;
+  box-shadow: var(--shadow-lg);
+}
 .drawer.open { transform: translateX(0); }
-.drawer-header { display: flex; align-items: center; justify-content: space-between; padding: .8rem 1rem; border-bottom: 1px solid var(--border); position: sticky; top: 0; background: var(--surface); z-index: 1; }
-.drawer-header h3 { font-size: .95rem; color: var(--accent); }
-.drawer-close { background: none; border: 1px solid var(--border); color: var(--muted); cursor: pointer; padding: 4px 10px; border-radius: 4px; font-size: .8rem; }
-.drawer-close:hover { color: var(--text); border-color: var(--muted); }
-.drawer-body { padding: 1rem; }
-.d-section { margin-bottom: 1rem; } .d-label { font-size: .7rem; text-transform: uppercase; color: var(--muted); letter-spacing: .5px; margin-bottom: .3rem; } .d-value { font-size: .82rem; }
-.d-code { background: var(--bg); border: 1px solid var(--border); border-radius: 6px; padding: .5rem .7rem; font-family: var(--font-mono); font-size: .72rem; line-height: 1.6; color: var(--muted); white-space: pre; overflow-x: auto; }
+.drawer-header {
+  display: flex; align-items: center; justify-content: space-between;
+  padding: 1rem 1.2rem;
+  border-bottom: 1px solid var(--border);
+  position: sticky; top: 0;
+  background: color-mix(in oklab, var(--surface) 94%, transparent);
+  backdrop-filter: blur(8px);
+  -webkit-backdrop-filter: blur(8px);
+  z-index: 1;
+}
+.drawer-header h3 { font-size: .95rem; color: var(--text); font-weight: 650; letter-spacing: -.01em; }
+.drawer-close {
+  background: var(--surface2); border: 1px solid var(--border);
+  color: var(--muted); cursor: pointer;
+  padding: 5px 11px; border-radius: 6px; font-size: .78rem;
+  transition: all .15s var(--ease);
+}
+.drawer-close:hover { color: var(--text); border-color: var(--border-strong); background: var(--surface3); }
+.drawer-body { padding: 1.2rem; }
+.d-section { margin-bottom: 1.2rem; }
+.d-label { font-size: .68rem; text-transform: uppercase; color: var(--muted); letter-spacing: .8px; margin-bottom: .35rem; font-weight: 600; }
+.d-value { font-size: .85rem; }
+.d-code {
+  background: var(--bg); border: 1px solid var(--border); border-radius: var(--radius-md);
+  padding: .65rem .8rem; font-family: var(--font-mono); font-size: .72rem;
+  line-height: 1.65; color: var(--muted); white-space: pre; overflow-x: auto;
+}
 
 /* ── Section headings ── */
-.sec-h { font-size: 1.1rem; font-weight: 700; margin-bottom: .8rem; display: flex; align-items: center; gap: .5rem; }
-.sec-icon { font-size: 1.2rem; }
-.sub-h { font-size: .9rem; font-weight: 600; color: var(--accent); margin: 1rem 0 .5rem 0; }
+.sec-h {
+  font-size: 1.25rem; font-weight: 700;
+  margin-bottom: 1rem;
+  display: flex; align-items: center; gap: .6rem;
+  letter-spacing: -.02em;
+}
+.sec-icon {
+  font-size: 1rem;
+  width: 30px; height: 30px;
+  display: inline-flex; align-items: center; justify-content: center;
+  background: var(--accent-soft);
+  color: var(--accent);
+  border: 1px solid var(--accent-dim);
+  border-radius: 8px;
+}
+.sub-h {
+  font-size: .78rem; font-weight: 600; color: var(--muted);
+  margin: 1.2rem 0 .55rem 0;
+  text-transform: uppercase; letter-spacing: .7px;
+  display: flex; align-items: center; gap: .5rem;
+}
+.sub-h::after {
+  content: ''; flex: 1; height: 1px;
+  background: linear-gradient(90deg, var(--border), transparent);
+}
+.sub-h-alert { color: var(--red); }
+.sub-h-critical { color: var(--sev-crit); }
+.sub-h-ok { color: var(--green); }
+.sub-h-neutral { color: var(--yellow); }
+.sub-h-info { color: var(--blue); }
+.section-note { color: var(--muted); font-size: .78rem; margin-bottom: .55rem; }
+.flow-arrow { color: var(--muted); font-weight: 700; font-size: .88rem; text-align: center; }
 
 /* ── Stats Grid ── */
-.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(100px, 1fr)); gap: .5rem; margin-bottom: 1.2rem; }
-.stat-card { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; padding: .5rem; text-align: center; }
-.stat-card .value { font-size: 1.3rem; font-weight: 700; color: var(--accent); }
-.stat-card .label { font-size: .65rem; color: var(--muted); margin-top: 2px; }
-.stat-danger .value { color: var(--red); } .stat-success .value { color: var(--green); }
-.stat-muted .value { color: var(--muted); } .stat-muted .label { color: var(--text-dim); }
+.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(118px, 1fr)); gap: .6rem; margin-bottom: 1.2rem; }
+.stat-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  padding: .75rem .7rem;
+  text-align: center;
+  transition: transform .15s var(--ease), border-color .15s var(--ease), box-shadow .15s var(--ease);
+  position: relative; overflow: hidden;
+}
+.stat-card::before {
+  content: ''; position: absolute; inset: 0 0 auto 0; height: 2px;
+  background: var(--accent); opacity: 0; transition: opacity .15s var(--ease);
+}
+.stat-card:hover { transform: translateY(-1px); border-color: var(--border-strong); box-shadow: var(--shadow-sm); }
+.stat-card:hover::before { opacity: .8; }
+.stat-card .value { font-size: 1.5rem; font-weight: 700; color: var(--accent); font-variant-numeric: tabular-nums; letter-spacing: -.02em; line-height: 1.1; }
+.stat-card .label { font-size: .68rem; color: var(--muted); margin-top: 4px; text-transform: uppercase; letter-spacing: .4px; font-weight: 500; }
+.stat-danger .value { color: var(--sev-crit); } .stat-danger::before { background: var(--sev-crit); }
+.stat-success .value { color: var(--green); } .stat-success::before { background: var(--green); }
+.stat-muted .value { color: var(--muted); } .stat-muted::before { background: var(--muted); }
+.stat-muted .label { color: var(--text-dim); }
 
 /* ── Risk Banner ── */
-.risk-banner { display: flex; align-items: center; gap: 20px; padding: 16px 20px; border-radius: 10px; border: 1px solid var(--border); margin-bottom: 1rem; }
-.risk-grade { font-size: 40px; font-weight: 700; width: 60px; height: 60px; display: flex; align-items: center; justify-content: center; border-radius: 10px; }
-.risk-detail { display: flex; flex-direction: column; gap: 2px; }
-.risk-detail strong { font-size: 15px; } .risk-detail span { font-size: 13px; color: var(--muted); }
-.risk-f { background: var(--risk-f); } .risk-f .risk-grade { background: var(--sev-crit); color: #fff; }
-.risk-d { background: var(--risk-d); } .risk-d .risk-grade { background: var(--sev-high); color: #fff; }
-.risk-c { background: var(--risk-c); } .risk-c .risk-grade { background: var(--sev-med); color: #fff; }
-.risk-b { background: var(--risk-b); } .risk-b .risk-grade { background: var(--sev-low); color: #fff; }
-.risk-a { background: var(--risk-a); } .risk-a .risk-grade { background: var(--green); color: #fff; }
+.risk-banner {
+  display: flex; align-items: center; gap: 22px;
+  padding: 18px 22px;
+  border-radius: var(--radius-lg);
+  border: 1px solid var(--border);
+  margin-bottom: 1.2rem;
+  box-shadow: var(--shadow-sm);
+}
+.risk-grade {
+  font-size: 34px; font-weight: 800;
+  width: 58px; height: 58px;
+  display: flex; align-items: center; justify-content: center;
+  border-radius: var(--radius-md);
+  letter-spacing: -.03em;
+  box-shadow: 0 6px 16px rgba(0,0,0,.22), inset 0 1px 0 rgba(255,255,255,.15);
+}
+.risk-detail { display: flex; flex-direction: column; gap: 3px; }
+.risk-detail strong { font-size: 15px; font-weight: 650; letter-spacing: -.01em; }
+.risk-detail span { font-size: 13px; color: var(--muted); }
+.risk-f { background: var(--risk-f); border-color: var(--risk-border-f); } .risk-f .risk-grade { background: var(--sev-crit); color: #fff; }
+.risk-d { background: var(--risk-d); border-color: var(--risk-border-d); } .risk-d .risk-grade { background: var(--sev-high); color: #fff; }
+.risk-c { background: var(--risk-c); border-color: var(--risk-border-c); } .risk-c .risk-grade { background: var(--sev-med); color: #fff; }
+.risk-b { background: var(--risk-b); border-color: var(--risk-border-b); } .risk-b .risk-grade { background: var(--sev-low); color: #fff; }
+.risk-a { background: var(--risk-a); border-color: var(--risk-border-a); } .risk-a .risk-grade { background: var(--green); color: #fff; }
 
 /* ── Coverage Bar ── */
-.coverage-pct { font-size: 1.8rem; font-weight: 700; }
-.coverage-pct.good { color: var(--green); } .coverage-pct.warn { color: var(--yellow); } .coverage-pct.bad { color: var(--red); }
-.posture-bar { height: 8px; border-radius: 4px; background: var(--border); margin: .6rem 0; overflow: hidden; }
-.posture-fill { height: 100%; border-radius: 4px; transition: width .4s; }
-.posture-fill.good { background: var(--green); } .posture-fill.warn { background: var(--yellow); } .posture-fill.bad { background: var(--red); }
+.coverage-pct { font-size: 2rem; font-weight: 700; font-variant-numeric: tabular-nums; letter-spacing: -.03em; }
+.coverage-pct.good { color: var(--green); } .coverage-pct.warn { color: var(--yellow); } .coverage-pct.bad { color: var(--sev-crit); }
+.posture-bar { height: 10px; border-radius: 999px; background: var(--surface2); margin: .7rem 0; overflow: hidden; border: 1px solid var(--border-subtle); }
+.posture-fill { height: 100%; border-radius: 999px; transition: width .6s var(--ease); }
+.posture-fill.good { background: linear-gradient(90deg, var(--green), var(--accent)); }
+.posture-fill.warn { background: linear-gradient(90deg, var(--yellow), var(--muted)); }
+.posture-fill.bad  { background: linear-gradient(90deg, var(--sev-crit), var(--red)); }
 
 /* ── Severity Chart ── */
-.severity-chart { display: flex; flex-direction: column; gap: 8px; margin-bottom: 1rem; }
-.sev-row { display: flex; align-items: center; gap: 10px; }
-.sev-label { width: 55px; font-size: 13px; font-weight: 500; text-align: right; }
-.sev-track { flex: 1; height: 22px; background: var(--surface2); border-radius: 5px; overflow: hidden; }
-.sev-fill { height: 100%; border-radius: 5px; min-width: 2px; transition: width .6s; }
-.sev-fill-crit { background: var(--sev-crit); } .sev-fill-high { background: var(--sev-high); }
-.sev-fill-med { background: var(--sev-med); } .sev-fill-low { background: var(--sev-low); }
+.severity-chart { display: flex; flex-direction: column; gap: 9px; margin-bottom: 1rem; }
+.sev-row { display: flex; align-items: center; gap: 12px; }
+.sev-label { width: 62px; font-size: 12.5px; font-weight: 550; text-align: right; color: var(--muted); }
+.sev-track { flex: 1; height: 22px; background: var(--surface2); border-radius: 6px; overflow: hidden; border: 1px solid var(--border-subtle); }
+.sev-fill { height: 100%; border-radius: 6px; min-width: 2px; transition: width .6s var(--ease); }
+.sev-fill-crit { background: linear-gradient(90deg, var(--sev-crit), var(--red)); }
+.sev-fill-high { background: linear-gradient(90deg, var(--sev-high), var(--red)); }
+.sev-fill-med  { background: linear-gradient(90deg, var(--sev-med), var(--text-dim)); }
+.sev-fill-low  { background: linear-gradient(90deg, var(--sev-low), var(--blue)); }
 .sev-fill-unset { background: var(--sev-unset); }
-.sev-count { width: 28px; font-size: 14px; font-weight: 600; font-family: var(--font-mono); }
+.sev-count { width: 32px; font-size: 14px; font-weight: 700; font-family: var(--font-mono); color: var(--text); font-variant-numeric: tabular-nums; }
 
 /* ── Finding Cards ── */
-.finding-card { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; padding: .7rem 1rem; margin-bottom: .5rem; cursor: pointer; transition: border-color .15s; }
-.finding-card:hover { border-color: var(--accent); }
-.fc-top { display: flex; align-items: center; gap: .5rem; margin-bottom: .2rem; }
-.fc-risk { font-weight: 600; font-size: .85rem; } .fc-desc { font-size: .78rem; color: var(--muted); }
-.fc-assets { font-size: .72rem; color: var(--muted); margin-top: .2rem; font-family: var(--font-mono); }
-.fc-sev { font-size: .7rem; padding: 1px 6px; border-radius: 3px; font-weight: 600; }
-.fc-sev.crit { background: var(--sev-crit); color: #fff; } .fc-sev.high { background: var(--sev-high); color: #fff; }
-.fc-sev.med { background: var(--sev-med); color: #000; } .fc-sev.low { background: var(--border); color: var(--muted); }
-.fc-sev.unset { background: var(--border); color: var(--muted); }
+.finding-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  padding: .8rem 1rem;
+  margin-bottom: .55rem;
+  cursor: pointer;
+  transition: all .15s var(--ease);
+  position: relative;
+}
+.finding-card::before {
+  content: ''; position: absolute; left: 0; top: 0; bottom: 0; width: 3px;
+  background: var(--sev-crit); border-radius: 3px 0 0 3px;
+  opacity: .7;
+}
+.finding-card:hover {
+  border-color: var(--border-strong);
+  transform: translateX(2px);
+  box-shadow: var(--shadow-sm);
+}
+.fc-top { display: flex; align-items: center; gap: .55rem; margin-bottom: .25rem; }
+.fc-risk { font-weight: 600; font-size: .88rem; letter-spacing: -.005em; }
+.fc-desc { font-size: .8rem; color: var(--muted); line-height: 1.5; }
+.fc-assets { font-size: .72rem; color: var(--muted); margin-top: .3rem; font-family: var(--font-mono); }
+.fc-sev {
+  font-size: .66rem;
+  padding: 2px 8px;
+  border-radius: 999px;
+  font-weight: 700;
+  text-transform: uppercase;
+  letter-spacing: .4px;
+  border: 1px solid transparent;
+}
+.fc-sev.crit  { background: var(--sev-crit-bg); color: var(--sev-crit); border-color: color-mix(in oklab, var(--sev-crit) 35%, transparent); }
+.fc-sev.high  { background: var(--sev-high-bg); color: var(--sev-high); border-color: color-mix(in oklab, var(--sev-high) 35%, transparent); }
+.fc-sev.med   { background: var(--sev-med-bg);  color: var(--sev-med);  border-color: color-mix(in oklab, var(--sev-med) 35%, transparent); }
+.fc-sev.low   { background: var(--sev-low-bg);  color: var(--sev-low);  border-color: color-mix(in oklab, var(--sev-low) 35%, transparent); }
+.fc-sev.unset { background: var(--surface2);    color: var(--muted);    border-color: var(--border); }
 
 /* ── Tables ── */
-table { width: 100%; border-collapse: collapse; background: var(--surface2); border-radius: 6px; overflow: hidden; margin-bottom: .8rem; }
-th, td { padding: .45rem .7rem; text-align: left; border-bottom: 1px solid var(--border); font-size: .78rem; }
-th { background: var(--border); color: var(--muted); font-weight: 600; text-transform: uppercase; font-size: .68rem; }
-tr.clickable { cursor: pointer; } tr.clickable:hover { background: var(--table-hover); }
-.row-open { border-left: 3px solid var(--red); }
+table {
+  width: 100%; border-collapse: separate; border-spacing: 0;
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  overflow: hidden;
+  margin-bottom: 1rem;
+  box-shadow: var(--shadow-sm);
+}
+th, td { padding: .6rem .85rem; text-align: left; border-bottom: 1px solid var(--border-subtle); font-size: .8rem; }
+tr:last-child td { border-bottom: none; }
+th {
+  background: var(--surface2);
+  color: var(--muted); font-weight: 650;
+  text-transform: uppercase; font-size: .66rem; letter-spacing: .7px;
+  position: sticky; top: 0;
+}
+tbody tr { transition: background .12s var(--ease); }
+tbody tr:nth-child(even) { background: var(--table-alt); }
+tr.clickable { cursor: pointer; }
+tr.clickable:hover { background: var(--table-hover); }
+.row-open { box-shadow: inset 3px 0 0 var(--sev-crit); }
 .loc { color: var(--muted); font-family: var(--font-mono); font-size: .72rem; white-space: nowrap; }
-.empty-state { color: var(--muted); font-style: italic; padding: .8rem; font-size: .82rem; }
+.empty-state {
+  color: var(--muted); font-style: italic;
+  padding: 1.2rem;
+  font-size: .82rem; text-align: center;
+  background: var(--surface); border: 1px dashed var(--border);
+  border-radius: var(--radius-md);
+}
 
 /* ── Badges ── */
-.badge-red { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; background: var(--badge-red-bg); color: var(--sev-crit); }
-.badge-green { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; background: var(--badge-green-bg); color: var(--green); }
-.badge-blue { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; background: var(--badge-blue-bg); color: var(--sev-low); }
-
-/* ── Annotation badges ── */
-.ann-badge { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; text-transform: uppercase; letter-spacing: .3px; }
-.ann-asset { background: #1c3a5e; color: #58a6ff; } .ann-threat { background: #4a1a1a; color: #f85149; }
-.ann-control { background: #1a3a1a; color: #3fb950; } .ann-exposes { background: #4a1a1a; color: #f85149; }
-.ann-mitigates { background: #1a3a1a; color: #3fb950; } .ann-accepts { background: #3a3a1a; color: #d29922; }
-.ann-transfers { background: #2a1a3a; color: #bc8cff; } .ann-flow { background: #2a2a2a; color: #8b949e; }
-.ann-boundary { background: #2a1a3a; color: #bc8cff; } .ann-data { background: #3a2a1a; color: #db6d28; }
-.ann-handles { background: #3a2a1a; color: #db6d28; } .ann-validates { background: #1a3a1a; color: #3fb950; }
-.ann-owns { background: #1c3a5e; color: #58a6ff; } .ann-audit { background: #3a3a1a; color: #d29922; }
-.ann-assumes { background: #3a3a1a; color: #d29922; } .ann-shield { background: #2a2a2a; color: #8b949e; }
-.ann-comment { background: var(--surface2); color: var(--muted); border: 1px solid var(--border); }
+.badge-red, .badge-green, .badge-blue {
+  display: inline-block; padding: 2px 9px;
+  border-radius: 999px;
+  font-size: .66rem; font-weight: 650;
+  text-transform: uppercase; letter-spacing: .4px;
+  border: 1px solid transparent;
+}
+.badge-red   { background: var(--badge-red-bg);   color: var(--badge-red-fg);   border-color: color-mix(in oklab, var(--sev-crit) 25%, transparent); }
+.badge-green { background: var(--badge-green-bg); color: var(--badge-green-fg); border-color: color-mix(in oklab, var(--green) 25%, transparent); }
+.badge-blue  { background: var(--badge-blue-bg);  color: var(--badge-blue-fg);  border-color: color-mix(in oklab, var(--sev-low) 25%, transparent); }
+
+/* ── Annotation badges (theme-aware) ── */
+.ann-badge {
+  display: inline-block; padding: 2px 8px;
+  border-radius: 5px;
+  font-size: .66rem; font-weight: 650;
+  text-transform: uppercase; letter-spacing: .35px;
+  border: 1px solid transparent;
+}
+.ann-asset    { background: rgba(3,96,162,.14);    color: #f0f0f0; border-color: rgba(3,96,162,.3); }
+.ann-threat   { background: rgba(234,29,29,.14);   color: #f0f0f0; border-color: rgba(234,29,29,.3); }
+.ann-control  { background: rgba(51,212,157,.14);  color: #33d49d; border-color: rgba(51,212,157,.3); }
+.ann-exposes  { background: rgba(234,29,29,.14);   color: #f0f0f0; border-color: rgba(234,29,29,.3); }
+.ann-mitigates{ background: rgba(51,212,157,.14);  color: #33d49d; border-color: rgba(51,212,157,.3); }
+.ann-accepts  { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-transfers{ background: rgba(59,103,121,.18);  color: #f0f0f0; border-color: rgba(59,103,121,.3); }
+.ann-flow     { background: var(--surface2);       color: var(--muted); border-color: var(--border); }
+.ann-boundary { background: rgba(59,103,121,.18);  color: #f0f0f0; border-color: rgba(59,103,121,.3); }
+.ann-data     { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-handles  { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-validates{ background: rgba(51,212,157,.14);  color: #33d49d; border-color: rgba(51,212,157,.3); }
+.ann-owns     { background: rgba(3,96,162,.14);    color: #f0f0f0; border-color: rgba(3,96,162,.3); }
+.ann-audit    { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-assumes  { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-shield   { background: var(--surface2);       color: var(--muted); border-color: var(--border); }
+.ann-comment  { background: var(--surface2);       color: var(--muted); border: 1px solid var(--border); }
+[data-theme="light"] .ann-asset    { color: #0360a2; background: rgba(3,96,162,.10); border-color: rgba(3,96,162,.25); }
+[data-theme="light"] .ann-threat,
+[data-theme="light"] .ann-exposes  { color: #ea1d1d; background: rgba(234,29,29,.10); border-color: rgba(234,29,29,.25); }
+[data-theme="light"] .ann-control,
+[data-theme="light"] .ann-mitigates,
+[data-theme="light"] .ann-validates{ color: #1f3943; background: rgba(51,212,157,.16); border-color: rgba(51,212,157,.25); }
+[data-theme="light"] .ann-accepts,
+[data-theme="light"] .ann-audit,
+[data-theme="light"] .ann-assumes  { color: #3b6779; background: rgba(85,137,158,.14); border-color: rgba(85,137,158,.25); }
+[data-theme="light"] .ann-transfers,
+[data-theme="light"] .ann-boundary { color: #1f3943; background: rgba(59,103,121,.12); border-color: rgba(59,103,121,.25); }
+[data-theme="light"] .ann-data,
+[data-theme="light"] .ann-handles  { color: #3b6779; background: rgba(85,137,158,.14); border-color: rgba(85,137,158,.25); }
+[data-theme="light"] .ann-owns     { color: #0360a2; background: rgba(3,96,162,.10); border-color: rgba(3,96,162,.25); }
 
 /* ── File Cards (Code Browser) ── */
-.file-card { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; margin-bottom: .7rem; overflow: hidden; }
-.file-card-header { display: flex; align-items: center; justify-content: space-between; padding: .5rem .8rem; background: var(--surface); cursor: pointer; user-select: none; }
-.file-card-header:hover { background: var(--border); }
+.file-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  margin-bottom: .7rem;
+  overflow: hidden;
+  transition: border-color .15s var(--ease);
+}
+.file-card:hover { border-color: var(--border-strong); }
+.file-card-header {
+  display: flex; align-items: center; justify-content: space-between;
+  padding: .65rem .9rem;
+  background: var(--surface2);
+  cursor: pointer; user-select: none;
+  transition: background .12s var(--ease);
+}
+.file-card-header:hover { background: var(--surface3); }
 .file-path { font-family: var(--font-mono); font-size: .78rem; color: var(--accent); font-weight: 600; }
-.file-count { font-size: .68rem; color: var(--muted); background: var(--border); padding: 1px 7px; border-radius: 10px; }
-.chevron { color: var(--muted); transition: transform .2s; font-size: .75rem; }
+.file-count {
+  font-size: .68rem; color: var(--muted);
+  background: var(--surface); border: 1px solid var(--border);
+  padding: 2px 9px; border-radius: 999px; font-weight: 600;
+}
+.chevron { color: var(--muted); transition: transform .2s var(--ease); font-size: .75rem; }
 .file-card-header.open .chevron { transform: rotate(90deg); }
-.file-card-body { display: none; border-top: 1px solid var(--border); } .file-card-body.open { display: block; }
-.ann-entry { padding: .6rem .8rem; border-bottom: 1px solid var(--border); cursor: pointer; }
-.ann-entry:hover { background: rgba(45,212,167,.04); } .ann-entry:last-child { border-bottom: none; }
-.ann-header { display: flex; align-items: center; gap: .4rem; margin-bottom: .2rem; }
-.ann-line { font-family: var(--font-mono); font-size: .68rem; color: var(--muted); min-width: 35px; }
-.ann-summary { font-size: .78rem; font-weight: 500; }
-.ann-desc { font-size: .75rem; color: var(--muted); margin: .15rem 0 .25rem 0; padding-left: .5rem; border-left: 2px solid var(--border); }
+.file-card-body { display: none; border-top: 1px solid var(--border); }
+.file-card-body.open { display: block; animation: fadeIn .2s var(--ease); }
+.ann-entry {
+  padding: .7rem .9rem;
+  border-bottom: 1px solid var(--border-subtle);
+  cursor: pointer;
+  transition: background .1s var(--ease);
+}
+.ann-entry:hover { background: var(--accent-soft); }
+.ann-entry:last-child { border-bottom: none; }
+.ann-header { display: flex; align-items: center; gap: .5rem; margin-bottom: .25rem; }
+.ann-line { font-family: var(--font-mono); font-size: .68rem; color: var(--muted); min-width: 38px; }
+.ann-summary { font-size: .8rem; font-weight: 550; }
+.ann-desc {
+  font-size: .76rem; color: var(--muted);
+  margin: .2rem 0 .3rem 0;
+  padding-left: .6rem; border-left: 2px solid var(--border);
+}
 
 /* ── Diagrams ── */
-.diagram-hint { font-size: .75rem; color: var(--muted); margin-bottom: .6rem; }
-.mermaid-wrap { background: var(--surface); border: 1px solid var(--border); border-radius: 6px; padding: 16px; overflow: auto; margin-bottom: 1rem; }
+.diagram-hint { font-size: .78rem; color: var(--muted); margin-bottom: .7rem; }
+.diagram-shell {
+  background: color-mix(in oklab, var(--surface) 92%, transparent);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+  box-shadow: var(--shadow-sm);
+  overflow: hidden;
+  margin-bottom: 1rem;
+}
+.diagram-toolbar {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: .8rem;
+  padding: .65rem .8rem;
+  border-bottom: 1px solid var(--border);
+  background: color-mix(in oklab, var(--surface2) 92%, transparent);
+}
+.diagram-title {
+  font-size: .8rem;
+  font-weight: 650;
+  letter-spacing: .3px;
+  color: var(--text);
+  text-transform: uppercase;
+}
+.diagram-actions { display: flex; align-items: center; gap: .35rem; }
+.diagram-btn {
+  min-width: 28px;
+  height: 28px;
+  border-radius: 7px;
+  border: 1px solid var(--border);
+  background: var(--surface);
+  color: var(--text);
+  font-size: .78rem;
+  font-weight: 650;
+  cursor: pointer;
+  transition: all .15s var(--ease);
+}
+.diagram-btn:hover { border-color: var(--border-strong); background: var(--surface3); }
+.diagram-meta {
+  padding: .55rem .8rem;
+  border-top: 1px solid var(--border);
+  color: var(--muted);
+  font-size: .74rem;
+}
+.mermaid-wrap {
+  background: var(--surface);
+  border: none;
+  border-radius: 0;
+  padding: 16px 18px;
+  overflow: auto;
+  margin-bottom: 0;
+  box-shadow: none;
+}
 .mermaid { text-align: left; width: max-content; min-width: 100%; }
 .mermaid svg { max-width: none; height: auto; display: block; }
+.mermaid svg .cluster rect,
+.mermaid svg .cluster polygon {
+  rx: 10;
+  ry: 10;
+  stroke-dasharray: 4 3;
+  stroke-opacity: .72;
+}
+.mermaid svg .cluster-label .nodeLabel,
+.mermaid svg .cluster .cluster-label text {
+  font-weight: 700 !important;
+  letter-spacing: .3px;
+}
+.mermaid svg .edgeLabel { font-size: 11px !important; }
+.mermaid svg .edgeLabel rect { opacity: .92; }
+.mermaid svg .node rect,
+.mermaid svg .node polygon,
+.mermaid svg .node circle {
+  filter: drop-shadow(0 2px 4px rgba(0,0,0,.18));
+}
+.mermaid svg path.flowchart-link {
+  stroke-linecap: round;
+}
+.topology-shell { min-height: 720px; }
+.topology-toolbar { border-bottom-color: var(--border-subtle); }
+.topology-controls {
+  display: flex;
+  align-items: center;
+  gap: .7rem;
+  flex-wrap: wrap;
+  padding: .7rem .85rem;
+  border-bottom: 1px solid var(--border-subtle);
+  background: color-mix(in oklab, var(--surface) 96%, transparent);
+}
+.diagram-search {
+  min-width: 240px;
+  flex: 1;
+  max-width: 380px;
+  height: 34px;
+  border-radius: 8px;
+  border: 1px solid var(--border);
+  background: var(--surface2);
+  color: var(--text);
+  padding: 0 .85rem;
+  font-family: var(--font-ui);
+  font-size: .82rem;
+  outline: none;
+  transition: border-color .15s var(--ease), box-shadow .15s var(--ease);
+}
+.diagram-search:focus { border-color: var(--accent); box-shadow: 0 0 0 3px var(--accent-soft); }
+.topology-kind-toggles { display: inline-flex; align-items: center; gap: .35rem; flex-wrap: wrap; }
+.topology-kind-pill {
+  display: inline-flex; align-items: center; gap: .4rem;
+  padding: .3rem .65rem;
+  border-radius: 999px;
+  border: 1px solid var(--border);
+  background: var(--surface2);
+  color: var(--muted);
+  font-size: .72rem;
+  font-weight: 600;
+  cursor: pointer;
+  user-select: none;
+  transition: all .15s var(--ease);
+}
+.topology-kind-pill:hover { border-color: var(--border-strong); color: var(--text); }
+.topology-kind-pill:has(input:checked) { background: var(--accent-soft); border-color: var(--accent-dim); color: var(--text); }
+.topology-kind-pill.topology-kind-asset:has(input:checked) { border-color: color-mix(in oklab, var(--blue) 50%, transparent); }
+.topology-kind-pill.topology-kind-threat:has(input:checked) { border-color: color-mix(in oklab, var(--sev-crit) 50%, transparent); }
+.topology-kind-pill.topology-kind-control:has(input:checked) { border-color: color-mix(in oklab, var(--green) 50%, transparent); }
+.topology-kind-pill input { position: absolute; opacity: 0; pointer-events: none; }
+.topology-kind-pill::before {
+  content: '';
+  width: 8px; height: 8px; border-radius: 50%;
+  background: var(--muted);
+  transition: background .15s var(--ease);
+}
+.topology-kind-pill.topology-kind-asset::before { background: var(--blue); }
+.topology-kind-pill.topology-kind-threat::before { background: var(--sev-crit); }
+.topology-kind-pill.topology-kind-control::before { background: var(--green); }
+.topology-kind-pill:not(:has(input:checked))::before { background: var(--text-dim); opacity: .5; }
+
+.topology-link-filters {
+  display: flex;
+  align-items: center;
+  gap: .5rem;
+  flex-wrap: wrap;
+  padding: .55rem .85rem;
+  border-bottom: 1px solid var(--border-subtle);
+  background: color-mix(in oklab, var(--surface2) 55%, var(--surface));
+}
+.topology-link-filters-k {
+  color: var(--muted);
+  font-size: .65rem;
+  text-transform: uppercase;
+  letter-spacing: .8px;
+  font-weight: 700;
+  margin-right: .2rem;
+}
+.topology-link-pill {
+  display: inline-flex; align-items: center; gap: .35rem;
+  padding: .22rem .55rem;
+  border-radius: 999px;
+  border: 1px solid var(--border);
+  background: var(--surface);
+  color: var(--muted);
+  font-size: .68rem;
+  font-weight: 600;
+  cursor: pointer;
+  user-select: none;
+  transition: all .12s var(--ease);
+}
+.topology-link-pill input { position: absolute; opacity: 0; pointer-events: none; }
+.topology-link-pill::before {
+  content: '';
+  display: inline-block;
+  width: 14px; height: 0;
+  border-top: 2px solid currentColor;
+}
+.topology-link-pill:has(input:checked) { color: var(--text); border-color: var(--border-strong); }
+.topology-link-pill:not(:has(input:checked)) { opacity: .45; }
+.topology-link-pill-exposes::before,
+.topology-link-pill-confirmed::before { border-color: var(--sev-crit); border-top-style: solid; }
+.topology-link-pill-mitigates::before,
+.topology-link-pill-protects::before,
+.topology-link-pill-validates::before { border-color: var(--green); border-top-style: solid; }
+.topology-link-pill-flows::before { border-color: var(--blue); border-top-style: dashed; }
+.topology-link-pill-boundary::before { border-color: var(--purple); border-top-style: dashed; }
+.topology-link-pill-transfers::before,
+.topology-link-pill-accepts::before { border-color: var(--sev-med); border-top-style: dashed; }
+
+.topology-count {
+  margin-left: auto;
+  color: var(--muted);
+  font-size: .7rem;
+  font-family: var(--font-mono);
+  white-space: nowrap;
+  letter-spacing: .4px;
+}
+.topology-layout {
+  display: grid;
+  grid-template-columns: minmax(0, 1fr) 300px;
+  min-height: 600px;
+  background: var(--surface);
+}
+.topology-graph {
+  min-height: 600px;
+  overflow: hidden;
+  border-right: 1px solid var(--border-subtle);
+  background:
+    radial-gradient(ellipse 600px 320px at 30% 40%, color-mix(in oklab, var(--accent) 4%, transparent), transparent 70%),
+    radial-gradient(ellipse 500px 280px at 75% 70%, color-mix(in oklab, var(--sev-crit) 5%, transparent), transparent 70%),
+    linear-gradient(color-mix(in oklab, var(--border-subtle) 55%, transparent) 1px, transparent 1px),
+    linear-gradient(90deg, color-mix(in oklab, var(--border-subtle) 55%, transparent) 1px, transparent 1px),
+    var(--surface);
+  background-size: auto, auto, 36px 36px, 36px 36px, auto;
+  background-position: 0 0, 0 0, -1px -1px, -1px -1px, 0 0;
+}
+.topology-graph svg { width: 100%; height: 100%; display: block; cursor: grab; }
+.topology-graph svg:active { cursor: grabbing; }
+
+.topology-lane-label {
+  fill: color-mix(in oklab, var(--muted) 55%, transparent);
+  font-size: 10px;
+  font-weight: 800;
+  letter-spacing: 3.5px;
+  text-transform: uppercase;
+  pointer-events: none;
+  user-select: none;
+}
+
+.topology-link {
+  stroke: var(--muted);
+  stroke-width: 1.4;
+  stroke-opacity: .42;
+  transition: stroke-opacity .2s var(--ease), stroke-width .2s var(--ease);
+}
+.topology-link-exposes { stroke: var(--sev-crit); stroke-opacity: .58; stroke-width: 1.6; }
+.topology-link-confirmed { stroke: var(--sev-crit); stroke-opacity: .9; stroke-width: 2.6; }
+.topology-link-mitigates,
+.topology-link-validates { stroke: var(--green); stroke-opacity: .62; stroke-width: 1.6; }
+.topology-link-protects { stroke: var(--green); stroke-opacity: .48; stroke-dasharray: 4 3; }
+.topology-link-flows { stroke: var(--blue); stroke-dasharray: 6 4; stroke-opacity: .6; stroke-width: 1.5; }
+.topology-link-boundary { stroke: var(--purple); stroke-dasharray: 2 5; stroke-width: 1.9; stroke-opacity: .75; }
+.topology-link-accepts { stroke: var(--sev-med); stroke-dasharray: 6 4; stroke-opacity: .7; }
+.topology-link-transfers { stroke: var(--sev-med); stroke-dasharray: 8 3; stroke-opacity: .7; }
+.topology-link-status-mitigated { stroke-opacity: .32; }
+.topology-link.emphasis { stroke-opacity: 1 !important; stroke-width: 2.4 !important; }
+.topology-link.dim { stroke-opacity: .08 !important; }
+
+.topology-node { cursor: pointer; transition: opacity .2s var(--ease); }
+.topology-node circle.topology-node-body {
+  stroke: var(--border-strong);
+  stroke-width: 1.4;
+  filter: drop-shadow(0 4px 10px rgba(0,0,0,.28));
+  transition: stroke-width .15s var(--ease), filter .15s var(--ease), r .25s var(--ease);
+}
+.topology-node:hover circle.topology-node-body,
+.topology-node.active circle.topology-node-body,
+.topology-node.emphasis circle.topology-node-body {
+  stroke-width: 2.6;
+  filter: drop-shadow(0 0 14px color-mix(in oklab, var(--accent) 48%, transparent));
+}
+.topology-node.active circle.topology-node-body { stroke: var(--accent); }
+.topology-node.dim { opacity: .18; }
+
+.topology-node-halo {
+  fill: transparent;
+  stroke: var(--sev-crit);
+  stroke-width: 2;
+  stroke-opacity: .55;
+  pointer-events: none;
+  filter: url(#topology-glow);
+  animation: topology-pulse 1.9s ease-in-out infinite;
+}
+.topology-fully-covered .topology-node-halo { display: none; }
+
+@keyframes topology-pulse {
+  0%, 100% { stroke-opacity: .3; transform: scale(1); }
+  50% { stroke-opacity: .75; transform: scale(1.08); }
+}
+
+.topology-coverage-arc {
+  fill: none;
+  stroke: var(--green);
+  stroke-width: 2.5;
+  stroke-linecap: round;
+  opacity: .85;
+  pointer-events: none;
+}
+
+.topology-asset circle.topology-node-body { fill: color-mix(in oklab, var(--blue) 60%, var(--surface)); }
+.topology-threat circle.topology-node-body { fill: color-mix(in oklab, var(--sev-med) 60%, var(--surface)); }
+.topology-control circle.topology-node-body { fill: color-mix(in oklab, var(--green) 58%, var(--surface)); }
+.topology-has-open circle.topology-node-body { stroke: var(--sev-crit); }
+.topology-has-confirmed circle.topology-node-body { stroke: var(--sev-crit); stroke-width: 2; }
+.topology-fully-covered circle.topology-node-body { stroke: var(--green); }
+
+.topology-sev-critical circle.topology-node-body,
+.topology-sev-p0 circle.topology-node-body { fill: color-mix(in oklab, var(--sev-crit) 72%, var(--surface)); }
+.topology-sev-high circle.topology-node-body,
+.topology-sev-p1 circle.topology-node-body { fill: color-mix(in oklab, var(--red) 60%, var(--surface)); }
+
+.topology-node-icon {
+  fill: #fff;
+  font-size: 11px;
+  font-weight: 800;
+  letter-spacing: .4px;
+  pointer-events: none;
+}
+.topology-node-label {
+  fill: var(--text);
+  paint-order: stroke;
+  stroke: var(--surface);
+  stroke-width: 4px;
+  stroke-linejoin: round;
+  font-size: 11px;
+  font-weight: 650;
+  pointer-events: none;
+}
+.topology-node.emphasis .topology-node-label { font-weight: 750; }
+
+.topology-inspector {
+  padding: 1rem .95rem;
+  overflow-y: auto;
+  background: color-mix(in oklab, var(--surface2) 78%, var(--surface));
+  border-left: 1px solid var(--border-subtle);
+}
+.topology-inspector-head {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: .6rem;
+  margin-bottom: .35rem;
+}
+.topology-inspector-k {
+  color: var(--muted);
+  font-size: .66rem;
+  text-transform: uppercase;
+  letter-spacing: .8px;
+  font-weight: 700;
+}
+.topology-badge {
+  font-size: .62rem;
+  font-weight: 800;
+  text-transform: uppercase;
+  letter-spacing: .5px;
+  padding: 2px 7px;
+  border-radius: 999px;
+  border: 1px solid transparent;
+}
+.topology-badge-open { background: var(--sev-crit-bg); color: var(--sev-crit); border-color: color-mix(in oklab, var(--sev-crit) 35%, transparent); }
+.topology-badge-confirmed { background: var(--sev-crit-bg); color: var(--sev-crit); border-color: var(--sev-crit); animation: topology-pulse 2s ease-in-out infinite; }
+.topology-badge-covered { background: color-mix(in oklab, var(--green) 15%, transparent); color: var(--green); border-color: color-mix(in oklab, var(--green) 40%, transparent); }
+
+.topology-inspector h3 {
+  font-size: 1rem;
+  line-height: 1.25;
+  margin-bottom: .75rem;
+  word-break: break-word;
+}
+.topology-bar-wrap { margin: 0 0 .9rem 0; }
+.topology-bar-label {
+  display: flex; justify-content: space-between; align-items: baseline;
+  font-size: .68rem;
+  color: var(--muted);
+  text-transform: uppercase;
+  letter-spacing: .8px;
+  font-weight: 700;
+  margin-bottom: .3rem;
+}
+.topology-bar-label strong { color: var(--text); font-family: var(--font-mono); }
+.topology-bar {
+  height: 7px;
+  border-radius: 999px;
+  background: var(--surface3);
+  overflow: hidden;
+}
+.topology-bar-fill { height: 100%; border-radius: 999px; transition: width .5s var(--ease); }
+.topology-bar-fill.good { background: linear-gradient(90deg, color-mix(in oklab, var(--green) 70%, transparent), var(--green)); }
+.topology-bar-fill.warn { background: linear-gradient(90deg, color-mix(in oklab, var(--sev-med) 65%, transparent), var(--sev-med)); }
+.topology-bar-fill.bad { background: linear-gradient(90deg, color-mix(in oklab, var(--sev-crit) 65%, transparent), var(--sev-crit)); }
+
+.topology-detail-grid {
+  display: grid;
+  grid-template-columns: 88px 1fr;
+  gap: .4rem .7rem;
+  align-items: baseline;
+  font-size: .78rem;
+}
+.topology-detail-grid span { color: var(--muted); }
+.topology-detail-grid strong { color: var(--text); font-weight: 700; word-break: break-word; }
+.topology-detail-grid .danger,
+.topology-detail-grid .status-open,
+.topology-detail-grid .status-confirmed,
+.topology-detail-grid .sev-critical,
+.topology-detail-grid .sev-p0,
+.topology-detail-grid .sev-high,
+.topology-detail-grid .sev-p1 { color: var(--sev-crit); }
+.topology-detail-grid .good,
+.topology-detail-grid .status-mitigated { color: var(--green); }
+.topology-chip-row {
+  display: flex;
+  flex-wrap: wrap;
+  gap: .35rem;
+  margin-top: .9rem;
+}
+.topology-chip-row span {
+  border: 1px solid var(--accent-dim);
+  background: var(--accent-soft);
+  color: var(--accent);
+  border-radius: 999px;
+  padding: 2px 8px;
+  font-size: .65rem;
+  font-weight: 700;
+}
+.topology-related-title {
+  margin: 1rem 0 .45rem;
+  color: var(--muted);
+  font-size: .68rem;
+  text-transform: uppercase;
+  letter-spacing: .7px;
+  font-weight: 700;
+}
+.topology-related { display: flex; flex-direction: column; gap: .35rem; }
+.topology-related-row {
+  display: grid;
+  grid-template-columns: 88px 1fr auto;
+  gap: .45rem;
+  align-items: center;
+  padding: .42rem .55rem;
+  border: 1px solid var(--border-subtle);
+  border-radius: 7px;
+  background: var(--surface);
+  font-size: .72rem;
+  transition: border-color .12s var(--ease);
+}
+.topology-related-row:hover { border-color: var(--border-strong); }
+.topology-related-exposes,
+.topology-related-confirmed { border-left: 2px solid var(--sev-crit); }
+.topology-related-mitigates,
+.topology-related-protects,
+.topology-related-validates { border-left: 2px solid var(--green); }
+.topology-related-flows { border-left: 2px solid var(--blue); }
+.topology-related-boundary { border-left: 2px solid var(--purple); }
+.topology-related-transfers,
+.topology-related-accepts { border-left: 2px solid var(--sev-med); }
+.topology-related-kind {
+  color: var(--muted);
+  font-family: var(--font-mono);
+  font-size: .64rem;
+  font-weight: 600;
+}
+.topology-related-row em { color: var(--muted); font-style: normal; font-family: var(--font-mono); }
+.topology-inspector-note {
+  margin-top: .9rem;
+  color: var(--muted);
+  font-size: .74rem;
+  line-height: 1.5;
+}
+.topology-legend {
+  display: flex;
+  align-items: center;
+  gap: .9rem;
+  flex-wrap: wrap;
+}
+.topology-legend span { display: inline-flex; align-items: center; gap: .35rem; }
+.legend-dot {
+  width: 10px;
+  height: 10px;
+  border-radius: 50%;
+  display: inline-block;
+  border: 1px solid color-mix(in oklab, currentColor 30%, transparent);
+}
+.legend-dot.asset { background: var(--blue); }
+.legend-dot.threat { background: var(--sev-med); }
+.legend-dot.control { background: var(--green); }
+.legend-dot.confirmed { background: var(--sev-crit); box-shadow: 0 0 8px color-mix(in oklab, var(--sev-crit) 60%, transparent); }
+.legend-line {
+  display: inline-block;
+  width: 20px;
+  height: 0;
+  border-top: 2px solid var(--muted);
+}
+.legend-line.exposes { border-color: var(--sev-crit); }
+.legend-line.open { border-color: var(--sev-crit); }
+.legend-line.mitigates { border-color: var(--green); }
+.legend-line.flow { border-color: var(--blue); border-top-style: dashed; }
+.legend-line.boundary { border-color: var(--purple); border-top-style: dashed; }
 
 /* ── Heatmap ── */
-.heatmap { display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); gap: 10px; }
-.heatmap-cell { border-radius: 8px; padding: 12px; border: 1px solid var(--border); transition: border-color 0.15s; }
+.heatmap { display: grid; grid-template-columns: repeat(auto-fill, minmax(220px, 1fr)); gap: 12px; }
+.heatmap-cell {
+  border-radius: var(--radius-md);
+  padding: 14px;
+  border: 1px solid var(--border);
+  transition: all .15s var(--ease);
+  box-shadow: var(--shadow-sm);
+}
 .heatmap-cell.clickable { cursor: pointer; }
-.heatmap-cell.clickable:hover { border-color: var(--accent); }
-.heatmap-name { font-weight: 600; font-size: 13px; margin-bottom: 4px; font-family: var(--font-mono); word-break: break-all; }
-.heatmap-stats { display: flex; gap: 10px; font-size: 12px; color: var(--muted); }
-.heatmap-data { margin-top: 4px; display: flex; gap: 4px; flex-wrap: wrap; }
-.data-badge { font-size: 10px; padding: 1px 6px; border-radius: 4px; background: rgba(45,212,167,.15); color: var(--accent); font-weight: 600; text-transform: uppercase; }
-.risk-cell-critical { background: var(--heatmap-crit); } .risk-cell-high { background: var(--heatmap-high); }
-.risk-cell-medium { background: var(--heatmap-med); } .risk-cell-low { background: var(--heatmap-low); }
-.risk-cell-none { background: var(--heatmap-none); }
+.heatmap-cell.clickable:hover {
+  border-color: var(--border-strong);
+  transform: translateY(-2px);
+  box-shadow: var(--shadow-md);
+}
+.heatmap-name { font-weight: 650; font-size: 13px; margin-bottom: 6px; font-family: var(--font-mono); word-break: break-all; color: var(--text); }
+.heatmap-stats { display: flex; gap: 12px; font-size: 12px; color: var(--muted); }
+.heatmap-data { margin-top: 6px; display: flex; gap: 4px; flex-wrap: wrap; }
+.data-badge {
+  font-size: 10px; padding: 2px 7px;
+  border-radius: 999px;
+  background: var(--accent-soft);
+  color: var(--accent);
+  border: 1px solid var(--accent-dim);
+  font-weight: 650; text-transform: uppercase; letter-spacing: .3px;
+}
+.risk-cell-critical { background: var(--heatmap-crit); border-color: var(--risk-border-f); }
+.risk-cell-high     { background: var(--heatmap-high); border-color: var(--risk-border-d); }
+.risk-cell-medium   { background: var(--heatmap-med);  border-color: var(--risk-border-c); }
+.risk-cell-low      { background: var(--heatmap-low);  border-color: var(--risk-border-b); }
+.risk-cell-none     { background: var(--heatmap-none); }
 
 /* ── Code Blocks ── */
-.code-block { background: var(--bg); border: 1px solid var(--border); border-radius: 5px; padding: .3rem .6rem; overflow-x: auto; margin-top: .25rem; font-family: var(--font-mono); font-size: .72rem; line-height: 1.45; tab-size: 2; }
+.code-block {
+  background: var(--bg);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  padding: .4rem .7rem;
+  overflow-x: auto;
+  margin-top: .3rem;
+  font-family: var(--font-mono);
+  font-size: .72rem; line-height: 1.5;
+  tab-size: 2;
+}
 .code-line-code { display: block; color: var(--muted); white-space: pre; }
-.code-line-ann { display: block; color: var(--accent); background: rgba(45,212,167,.08); margin: 0 -.6rem; padding: 0 .6rem; border-left: 2px solid var(--accent); white-space: pre; }
+.code-line-ann {
+  display: block; color: var(--accent);
+  background: var(--accent-soft);
+  margin: 0 -.7rem; padding: 0 .7rem;
+  border-left: 2px solid var(--accent);
+  white-space: pre;
+}
 
 /* ── Diagram Tabs ── */
-.diagram-tabs { display: flex; gap: 0; border-bottom: 1px solid var(--border); margin-bottom: 1rem; }
-.diagram-tab { background: none; border: none; border-bottom: 2px solid transparent; padding: .5rem 1rem; color: var(--muted); font-size: .82rem; cursor: pointer; font-family: var(--font-ui); transition: all .15s; }
+.diagram-tabs { display: flex; gap: .25rem; border-bottom: 1px solid var(--border); margin-bottom: 1rem; padding: 0 .2rem; }
+.diagram-tab {
+  background: none; border: none; border-bottom: 2px solid transparent;
+  padding: .55rem 1rem; color: var(--muted);
+  font-size: .82rem; font-weight: 550;
+  cursor: pointer; font-family: var(--font-ui);
+  transition: all .15s var(--ease);
+  border-radius: 6px 6px 0 0;
+}
 .diagram-tab:hover { color: var(--text); background: var(--surface2); }
-.diagram-tab.active { color: var(--accent); border-bottom-color: var(--accent); }
+.diagram-tab.active {
+  color: var(--accent);
+  border-bottom-color: var(--accent);
+  background: var(--accent-soft);
+}
 .diagram-panel { display: none; } .diagram-panel.active { display: block; }
 
 /* ── AI Analysis Controls ── */
-.ai-analysis-controls { display: flex; align-items: center; gap: 0.75rem; margin: 0.75rem 0 1.25rem; }
-.report-selector-label { font-weight: 600; font-size: 0.88rem; color: var(--text); }
-.report-selector { flex: 1; max-width: 600px; padding: 0.5rem 0.75rem; font-size: 0.88rem; font-family: var(--font-base); background: var(--surface2); color: var(--text); border: 1px solid var(--border); border-radius: 6px; cursor: pointer; transition: border-color 0.15s, background 0.15s; }
-.report-selector:hover { background: var(--surface3); border-color: var(--accent); }
-.report-selector:focus { outline: none; border-color: var(--accent); box-shadow: 0 0 0 3px rgba(45,212,167,0.1); }
-.report-selector option { background: var(--surface); color: var(--text); padding: 0.5rem; }
-.ai-analysis-main { margin-top: 0.5rem; }
-.md-content h1 { font-size: 1.4rem; font-weight: 700; margin: 1.2rem 0 .6rem; color: var(--text); }
-.md-content h2 { font-size: 1.15rem; font-weight: 600; margin: 1rem 0 .5rem; color: var(--text); border-bottom: 1px solid var(--border); padding-bottom: .3rem; }
-.md-content h3 { font-size: 1rem; font-weight: 600; margin: .8rem 0 .4rem; color: var(--text); }
-.md-content p { margin: .4rem 0; line-height: 1.6; }
-.md-content ul, .md-content ol { margin: .4rem 0 .4rem 1.5rem; }
-.md-content li { margin: .2rem 0; line-height: 1.5; }
-.md-content code { font-family: var(--font-mono); font-size: .82rem; background: var(--surface2); padding: 1px 5px; border-radius: 3px; }
-.md-content pre { background: var(--bg); border: 1px solid var(--border); border-radius: 6px; padding: .8rem; overflow-x: auto; margin: .6rem 0; }
-.md-content pre code { background: none; padding: 0; }
-.md-content blockquote { border-left: 3px solid var(--accent); padding-left: .8rem; margin: .6rem 0; color: var(--muted); }
-.md-content table { width: 100%; border-collapse: collapse; margin: .6rem 0; font-size: .82rem; }
-.md-content th, .md-content td { padding: .4rem .6rem; border: 1px solid var(--border); text-align: left; }
-.md-content th { background: var(--surface2); font-weight: 600; }
-.md-content strong { color: var(--text); }
+.ai-analysis-controls { display: flex; align-items: center; gap: .85rem; margin: .75rem 0 1.5rem; }
+.report-selector-label { font-weight: 600; font-size: .85rem; color: var(--text); }
+.report-selector {
+  flex: 1; max-width: 600px;
+  padding: .55rem .85rem;
+  font-size: .88rem; font-family: var(--font-ui);
+  background: var(--surface);
+  color: var(--text);
+  border: 1px solid var(--border);
+  border-radius: 8px;
+  cursor: pointer;
+  transition: all .15s var(--ease);
+  box-shadow: var(--shadow-sm);
+}
+.report-selector:hover { background: var(--surface2); border-color: var(--border-strong); }
+.report-selector:focus {
+  outline: none; border-color: var(--accent);
+  box-shadow: 0 0 0 3px var(--accent-soft);
+}
+.report-selector option { background: var(--surface); color: var(--text); padding: .5rem; }
+.ai-analysis-main { margin-top: .5rem; }
+
+/* ── Markdown content ── */
+.md-content h1 { font-size: 1.5rem; font-weight: 700; margin: 1.3rem 0 .7rem; color: var(--text); letter-spacing: -.02em; }
+.md-content h2 {
+  font-size: 1.2rem; font-weight: 650; margin: 1.2rem 0 .6rem;
+  color: var(--text); border-bottom: 1px solid var(--border);
+  padding-bottom: .4rem; letter-spacing: -.01em;
+}
+.md-content h3 { font-size: 1.02rem; font-weight: 650; margin: 1rem 0 .45rem; color: var(--text); letter-spacing: -.01em; }
+.md-content p { margin: .5rem 0; line-height: 1.65; color: var(--text); }
+.md-content ul, .md-content ol { margin: .5rem 0 .5rem 1.6rem; }
+.md-content li { margin: .25rem 0; line-height: 1.6; }
+.md-content code { font-family: var(--font-mono); font-size: .82rem; background: var(--surface2); border: 1px solid var(--border-subtle); padding: 1px 6px; border-radius: 4px; }
+.md-content pre { background: var(--bg); border: 1px solid var(--border); border-radius: var(--radius-md); padding: .9rem 1rem; overflow-x: auto; margin: .8rem 0; box-shadow: var(--shadow-sm); }
+.md-content pre code { background: none; padding: 0; border: none; font-size: .8rem; }
+.md-content blockquote { border-left: 3px solid var(--accent); padding: .1rem 0 .1rem .9rem; margin: .7rem 0; color: var(--muted); background: var(--accent-soft); border-radius: 0 6px 6px 0; }
+.md-content table { width: 100%; border-collapse: separate; border-spacing: 0; margin: .7rem 0; font-size: .82rem; border: 1px solid var(--border); border-radius: var(--radius-md); overflow: hidden; }
+.md-content th, .md-content td { padding: .5rem .75rem; border-bottom: 1px solid var(--border-subtle); text-align: left; }
+.md-content tr:last-child td { border-bottom: none; }
+.md-content th { background: var(--surface2); font-weight: 650; color: var(--muted); text-transform: uppercase; font-size: .68rem; letter-spacing: .5px; }
+.md-content strong { color: var(--text); font-weight: 650; }
 
 /* ── Responsive ── */
+@media (max-width: 900px) {
+  .section-content { padding: 1.2rem 1rem 2rem; }
+  .summary-panels { grid-template-columns: 1fr; }
+  .topology-layout { grid-template-columns: 1fr; }
+  .topology-graph { border-right: none; border-bottom: 1px solid var(--border); }
+  .topology-inspector { min-height: 220px; }
+}
 @media (max-width: 768px) {
-  .sidebar { width: 50px; min-width: 50px; } .sidebar .nav-text { display: none; }
-  .topnav .tn-stat { display: none; }
+  .sidebar { width: 52px; min-width: 52px; } .sidebar .nav-text { display: none; }
+  .topnav .topnav-metrics { display: none; }
+  .feature-filter-select { max-width: 130px; }
+  .risk-banner { flex-direction: column; align-items: flex-start; gap: 12px; }
+  .diagram-search { min-width: 100%; max-width: none; }
+  .topology-count { margin-left: 0; width: 100%; }
+  :root { --drawer-w: 100vw; }
+}
+@media print {
+  .topnav, .sidebar, #sidebarToggle, #themeToggle { display: none; }
+  .main { margin: 0; } .layout { display: block; }
+  body { overflow: auto; height: auto; background: #fff; color: #000; }
 }
-@media print { .topnav, .sidebar, #sidebarToggle { display: none; } .main { margin: 0; } .layout { display: block; } #themeToggle { display: none; } }
 `;
diff --git a/tests/dashboard.test.ts b/tests/dashboard.test.ts
index 23b825f..7735f9d 100644
--- a/tests/dashboard.test.ts
+++ b/tests/dashboard.test.ts
@@ -1,15 +1,16 @@
 import { describe, it, expect } from 'vitest';
-import { generateThreatGraph, generateDataFlowDiagram, generateAttackSurface } from '../src/dashboard/diagrams.js';
+import { generateThreatGraph, generateDataFlowDiagram, generateAttackSurface, generateTopologyData } from '../src/dashboard/diagrams.js';
 import { computeExposures } from '../src/dashboard/data.js';
 import type { ThreatModel } from '../src/types/index.js';
 
 function emptyModel(overrides: Partial = {}): ThreatModel {
   return {
     version: '1.0.0', project: 'test', generated_at: '', source_files: 0,
+    annotated_files: [], unannotated_files: [],
     annotations_parsed: 0, assets: [], threats: [], controls: [],
     mitigations: [], exposures: [], acceptances: [], transfers: [],
     flows: [], boundaries: [], validations: [], audits: [], ownership: [],
-    data_handling: [], assumptions: [], shields: [], comments: [],
+    data_handling: [], assumptions: [], shields: [], features: [], comments: [],
     coverage: { total_symbols: 0, annotated_symbols: 0, coverage_percent: 0, unannotated_critical: [] },
     ...overrides,
   };
@@ -58,8 +59,55 @@ describe('generateThreatGraph', () => {
       exposures: [{ asset: 'App.API', threat: '#sqli', severity: 'high', external_refs: [], location: loc }],
     });
     const mermaid = generateThreatGraph(model);
+    // The displayed label should be the human-readable name, not the raw id.
     expect(mermaid).toContain('SQL_Injection');
-    expect(mermaid).not.toContain(' sqli');
+    expect(mermaid).not.toMatch(/\["[^"]*sqli"\]/);
+  });
+
+  it('collapses mixed #id and bare-name exposures onto a single node', () => {
+    const model = emptyModel({
+      assets: [{ path: ['App', 'API'], id: 'api', location: loc }],
+      threats: [{ name: 'XSS', canonical_name: 'xss', id: 'xss', severity: 'high', external_refs: [], location: loc }],
+      exposures: [
+        { asset: '#api', threat: '#xss', severity: 'high', external_refs: [], location: loc },
+        { asset: 'App.API', threat: 'XSS', severity: 'high', external_refs: [], location: loc },
+      ],
+    });
+    const mermaid = generateThreatGraph(model);
+    // Both exposures refer to the same asset/threat — the graph should contain exactly
+    // one threat node and one asset node, not duplicates per ref form.
+    expect((mermaid.match(/:::threat/g) || []).length).toBe(1);
+    const assetLines = mermaid.split('\n').filter(l => l.includes('🔷'));
+    expect(assetLines.length).toBe(1);
+  });
+
+  it('adds a protects link from control to asset distinct from mitigates', () => {
+    const model = emptyModel({
+      assets: [{ path: ['App', 'API'], id: 'api', location: loc }],
+      threats: [{ name: 'XSS', canonical_name: 'xss', id: 'xss', severity: 'high', external_refs: [], location: loc }],
+      controls: [{ name: 'Output Encoding', canonical_name: 'output_encoding', id: 'output-encoding', location: loc }],
+      exposures: [{ asset: '#api', threat: '#xss', severity: 'high', external_refs: [], location: loc }],
+      mitigations: [{ asset: '#api', threat: '#xss', control: '#output-encoding', location: loc }],
+    });
+    const topology = generateTopologyData(model);
+    expect(topology.links.some(l => l.kind === 'mitigates')).toBe(true);
+    expect(topology.links.some(l => l.kind === 'protects')).toBe(true);
+    // Protects links are control → asset (not control → threat)
+    const protectsLink = topology.links.find(l => l.kind === 'protects');
+    expect(protectsLink?.source).toBe('control:output-encoding');
+    expect(protectsLink?.target).toBe('asset:api');
+  });
+
+  it('marks confirmed exploits distinctly in Attack Surface', () => {
+    const model = emptyModel({
+      assets: [{ path: ['App'], id: 'app', location: loc }],
+      threats: [{ name: 'SQL_Injection', canonical_name: 'sqli', id: 'sqli', severity: 'critical', external_refs: [], location: loc }],
+      exposures: [{ asset: '#app', threat: '#sqli', severity: 'high', external_refs: [], location: loc }],
+      confirmed: [{ asset: '#app', threat: '#sqli', severity: 'critical', external_refs: [], location: loc }],
+    });
+    const mermaid = generateAttackSurface(model);
+    expect(mermaid).toContain('💥');
+    expect(mermaid).toContain('confirmed');
   });
 
   it('renders mitigation edge even when mitigation has no control', () => {
@@ -161,6 +209,43 @@ describe('generateAttackSurface', () => {
   });
 });
 
+// ─── Topology Data: dashboard-native graph ───────────────────────────
+
+describe('generateTopologyData', () => {
+  it('uses definition labels when relationships reference #ids', () => {
+    const model = emptyModel({
+      assets: [{ path: ['App', 'API'], id: 'api', location: loc }],
+      threats: [{ name: 'Cross_Site_Scripting', canonical_name: 'xss', id: 'xss', severity: 'high', external_refs: [], location: loc }],
+      exposures: [{ asset: '#api', threat: '#xss', severity: 'high', external_refs: [], location: loc }],
+    });
+    const topology = generateTopologyData(model);
+    expect(topology.nodes.find(n => n.id === 'asset:api')?.label).toBe('App.API');
+    expect(topology.nodes.find(n => n.id === 'threat:xss')?.label).toBe('Cross_Site_Scripting');
+  });
+
+  it('marks exposure links as mitigated when normalized refs match controls', () => {
+    const model = emptyModel({
+      exposures: [{ asset: '#app', threat: '#xss', severity: 'high', external_refs: [], location: loc }],
+      mitigations: [{ asset: 'app', threat: 'xss', control: '#output-encoding', location: loc }],
+    });
+    const topology = generateTopologyData(model);
+    expect(topology.summary.open).toBe(0);
+    expect(topology.summary.mitigated).toBe(1);
+    expect(topology.links.find(l => l.kind === 'exposes')?.status).toBe('mitigated');
+    expect(topology.nodes.find(n => n.id === 'control:output-encoding')).toBeTruthy();
+  });
+
+  it('includes flows and boundaries as asset relationships', () => {
+    const model = emptyModel({
+      flows: [{ source: 'Browser', target: 'API', mechanism: 'HTTPS', location: loc }],
+      boundaries: [{ asset_a: 'Browser', asset_b: 'API', description: 'Internet edge', location: loc }],
+    });
+    const topology = generateTopologyData(model);
+    expect(topology.links.some(l => l.kind === 'flows' && l.label === 'HTTPS')).toBe(true);
+    expect(topology.links.some(l => l.kind === 'boundary' && l.label === 'Internet edge')).toBe(true);
+  });
+});
+
 // ─── computeExposures: ref normalization ─────────────────────────────
 
 describe('computeExposures', () => {
diff --git a/threat-dashboard.html b/threat-dashboard.html
index f58d758..9be0193 100644
--- a/threat-dashboard.html
+++ b/threat-dashboard.html
@@ -10,249 +10,1303 @@
 
 /* ── Reset ── */
 *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
-:root { --font-ui: 'Inter', system-ui, -apple-system, sans-serif; --font-mono: 'JetBrains Mono', 'SF Mono', Menlo, Consolas, monospace; }
+*::selection { background: color-mix(in oklab, var(--accent) 35%, transparent); color: var(--text); }
+:root {
+  --font-ui: 'Inter', system-ui, -apple-system, sans-serif;
+  --font-mono: 'JetBrains Mono', 'SF Mono', Menlo, Consolas, monospace;
+  --ease: cubic-bezier(.2,.8,.2,1);
+  --radius-sm: 6px; --radius-md: 8px; --radius-lg: 12px;
+  --drawer-w: 440px; --sidebar-w: 220px;
+}
 
-/* ══ DARK THEME (Bravos) ══ */
+/* ══ DARK THEME — Modern deep-slate ══ */
 [data-theme="dark"] {
-  --bg: #0a0d10; --surface: #0d1117; --surface2: #1a1f25; --border: #1f3943; --border-subtle: #162028;
-  --text: #f0f0f0; --muted: #55899e; --text-dim: #3b6779;
-  --accent: #2dd4a7; --blue: #0360a2; --green: #10b981; --red: #ea1d1d;
-  --orange: #f97316; --yellow: #f59e0b; --purple: #a78bfa;
-  --sev-crit: #ef4444; --sev-high: #f97316; --sev-med: #f59e0b; --sev-low: #3b82f6; --sev-unset: #6b7280;
-  --badge-red-bg: #7f1d1d; --badge-green-bg: #065f46; --badge-blue-bg: #1e3a5f;
-  --risk-f: #7f1d1d; --risk-d: #7c2d12; --risk-c: #78350f; --risk-b: #1e3a5f; --risk-a: #065f46;
-  --heatmap-crit: #7f1d1d; --heatmap-high: #7c2d12; --heatmap-med: #78350f;
-  --heatmap-low: #1e3a5f; --heatmap-none: #1a1f25;
-  --table-alt: #141a20; --table-hover: #1e2830; --shadow: 0 1px 3px rgba(0,0,0,.4);
-  --logo-bg: #2dd4a7; --logo-text: #0a0d10;
-  --drawer-w: 420px; --sidebar-w: 210px;
-}
-
-/* ══ LIGHT THEME ══ */
+  --bg: #000000;
+  --bg-gradient: radial-gradient(ellipse 1000px 500px at 15% 0%, rgba(51,212,157,.09), transparent 58%),
+                 radial-gradient(ellipse 800px 400px at 95% 10%, rgba(3,96,162,.10), transparent 60%);
+  --surface: #0f1b20;
+  --surface2: #172930;
+  --surface3: #1f3943;
+  --border: #1f3943;
+  --border-subtle: #1a3139;
+  --border-strong: #55899e;
+
+  --text: #f0f0f0;
+  --muted: #55899e;
+  --text-dim: #3b6779;
+
+  --accent: #33d49d;
+  --accent-soft: rgba(51,212,157,.12);
+  --accent-dim: rgba(51,212,157,.22);
+  --accent-hover: #ffffff;
+
+  --blue: #0360a2;
+  --green: #33d49d;
+  --red: #ea1d1d;
+  --orange: #ea1d1d;
+  --yellow: #55899e;
+  --purple: #0360a2;
+
+  --sev-crit: #ea1d1d;
+  --sev-high: #ea1d1d;
+  --sev-med:  #55899e;
+  --sev-low:  #0360a2;
+  --sev-unset:#3b6779;
+
+  --sev-crit-bg: rgba(234,29,29,.14);
+  --sev-high-bg: rgba(234,29,29,.10);
+  --sev-med-bg:  rgba(85,137,158,.16);
+  --sev-low-bg:  rgba(3,96,162,.16);
+
+  --badge-red-bg:   rgba(234,29,29,.16);
+  --badge-green-bg: rgba(51,212,157,.16);
+  --badge-blue-bg:  rgba(3,96,162,.16);
+  --badge-red-fg:   #f0f0f0;
+  --badge-green-fg: #33d49d;
+  --badge-blue-fg:  #f0f0f0;
+
+  --risk-f: linear-gradient(135deg, rgba(234,29,29,.20), rgba(234,29,29,.05));
+  --risk-d: linear-gradient(135deg, rgba(234,29,29,.14), rgba(234,29,29,.04));
+  --risk-c: linear-gradient(135deg, rgba(85,137,158,.18), rgba(85,137,158,.05));
+  --risk-b: linear-gradient(135deg, rgba(3,96,162,.18), rgba(3,96,162,.05));
+  --risk-a: linear-gradient(135deg, rgba(51,212,157,.20), rgba(51,212,157,.05));
+  --risk-border-f: rgba(234,29,29,.40);
+  --risk-border-d: rgba(234,29,29,.28);
+  --risk-border-c: rgba(85,137,158,.35);
+  --risk-border-b: rgba(3,96,162,.35);
+  --risk-border-a: rgba(51,212,157,.35);
+
+  --heatmap-crit: linear-gradient(135deg, rgba(234,29,29,.20), rgba(234,29,29,.05));
+  --heatmap-high: linear-gradient(135deg, rgba(234,29,29,.14), rgba(234,29,29,.04));
+  --heatmap-med:  linear-gradient(135deg, rgba(85,137,158,.16), rgba(85,137,158,.04));
+  --heatmap-low:  linear-gradient(135deg, rgba(3,96,162,.16), rgba(3,96,162,.04));
+  --heatmap-none: #172930;
+
+  --table-alt: #13232a;
+  --table-hover: #1c323a;
+  --shadow-sm: 0 1px 2px rgba(0,0,0,.3);
+  --shadow-md: 0 4px 12px rgba(0,0,0,.35), 0 1px 2px rgba(0,0,0,.4);
+  --shadow-lg: 0 12px 32px rgba(0,0,0,.45), 0 2px 6px rgba(0,0,0,.4);
+  --glow-accent: 0 0 0 1px rgba(45,212,191,.25), 0 8px 24px rgba(45,212,191,.12);
+
+  --logo-bg: linear-gradient(135deg, #33d49d, #0360a2);
+  --logo-text: #000000;
+}
+
+/* ══ LIGHT THEME — Refined off-white ══ */
 [data-theme="light"] {
-  --bg: #f8fafc; --surface: #ffffff; --surface2: #f1f5f9; --border: #d1d5db; --border-subtle: #e5e7eb;
-  --text: #1a1a2e; --muted: #4a5568; --text-dim: #9ca3af;
-  --accent: #0d9373; --blue: #2563eb; --green: #059669; --red: #dc2626;
-  --orange: #ea580c; --yellow: #d97706; --purple: #7c3aed;
-  --sev-crit: #dc2626; --sev-high: #ea580c; --sev-med: #d97706; --sev-low: #2563eb; --sev-unset: #6b7280;
-  --badge-red-bg: #fef2f2; --badge-green-bg: #ecfdf5; --badge-blue-bg: #eff6ff;
-  --risk-f: #fef2f2; --risk-d: #fff7ed; --risk-c: #fffbeb; --risk-b: #eff6ff; --risk-a: #ecfdf5;
-  --heatmap-crit: #fef2f2; --heatmap-high: #fff7ed; --heatmap-med: #fffbeb;
-  --heatmap-low: #eff6ff; --heatmap-none: #f9fafb;
-  --table-alt: #f9fafb; --table-hover: #f1f5f9; --shadow: 0 1px 3px rgba(0,0,0,.08);
-  --logo-bg: #0d9373; --logo-text: #ffffff;
-  --drawer-w: 420px; --sidebar-w: 210px;
-}
-
-body { font-family: var(--font-ui); background: var(--bg); color: var(--text); line-height: 1.5; overflow: hidden; height: 100vh; }
-a { color: var(--accent); text-decoration: none; }
-code { background: var(--border); padding: 1px 4px; border-radius: 3px; font-size: .75rem; font-family: var(--font-mono); }
+  --bg: #f0f0f0;
+  --bg-gradient: radial-gradient(ellipse 1000px 500px at 15% 0%, rgba(51,212,157,.10), transparent 58%),
+                 radial-gradient(ellipse 800px 400px at 95% 10%, rgba(3,96,162,.08), transparent 60%);
+  --surface: #ffffff;
+  --surface2: #f0f0f0;
+  --surface3: #e8eef0;
+  --border: #55899e;
+  --border-subtle: #d9e4e8;
+  --border-strong: #1f3943;
+
+  --text: #1f3943;
+  --muted: #55899e;
+  --text-dim: #3b6779;
+
+  --accent: #33d49d;
+  --accent-soft: rgba(51,212,157,.12);
+  --accent-dim: rgba(51,212,157,.20);
+  --accent-hover: #0360a2;
+
+  --blue: #0360a2;
+  --green: #33d49d;
+  --red: #ea1d1d;
+  --orange: #ea1d1d;
+  --yellow: #55899e;
+  --purple: #0360a2;
+
+  --sev-crit: #ea1d1d;
+  --sev-high: #ea1d1d;
+  --sev-med:  #3b6779;
+  --sev-low:  #0360a2;
+  --sev-unset:#55899e;
+
+  --sev-crit-bg: rgba(234,29,29,.10);
+  --sev-high-bg: rgba(234,29,29,.08);
+  --sev-med-bg:  rgba(59,103,121,.10);
+  --sev-low-bg:  rgba(3,96,162,.10);
+
+  --badge-red-bg:   rgba(234,29,29,.12);
+  --badge-green-bg: rgba(51,212,157,.14);
+  --badge-blue-bg:  rgba(3,96,162,.14);
+  --badge-red-fg:   #ea1d1d;
+  --badge-green-fg: #1f3943;
+  --badge-blue-fg:  #0360a2;
+
+  --risk-f: linear-gradient(135deg, rgba(234,29,29,.12), rgba(234,29,29,.02));
+  --risk-d: linear-gradient(135deg, rgba(234,29,29,.09), rgba(234,29,29,.02));
+  --risk-c: linear-gradient(135deg, rgba(59,103,121,.12), rgba(59,103,121,.02));
+  --risk-b: linear-gradient(135deg, rgba(3,96,162,.12), rgba(3,96,162,.02));
+  --risk-a: linear-gradient(135deg, rgba(51,212,157,.14), rgba(51,212,157,.02));
+  --risk-border-f: rgba(234,29,29,.28);
+  --risk-border-d: rgba(234,29,29,.2);
+  --risk-border-c: rgba(59,103,121,.26);
+  --risk-border-b: rgba(3,96,162,.24);
+  --risk-border-a: rgba(51,212,157,.28);
+
+  --heatmap-crit: linear-gradient(135deg, rgba(234,29,29,.14), rgba(234,29,29,.02));
+  --heatmap-high: linear-gradient(135deg, rgba(234,29,29,.10), rgba(234,29,29,.02));
+  --heatmap-med:  linear-gradient(135deg, rgba(59,103,121,.10), rgba(59,103,121,.02));
+  --heatmap-low:  linear-gradient(135deg, rgba(3,96,162,.10), rgba(3,96,162,.02));
+  --heatmap-none: #f0f0f0;
+
+  --table-alt: #f7f9fa;
+  --table-hover: #edf3f5;
+  --shadow-sm: 0 1px 2px rgba(15,23,42,.04);
+  --shadow-md: 0 4px 12px rgba(15,23,42,.06), 0 1px 2px rgba(15,23,42,.04);
+  --shadow-lg: 0 12px 32px rgba(15,23,42,.08), 0 2px 6px rgba(15,23,42,.04);
+  --glow-accent: 0 0 0 1px rgba(13,148,136,.20), 0 8px 24px rgba(13,148,136,.10);
+
+  --logo-bg: linear-gradient(135deg, #33d49d, #0360a2);
+  --logo-text: #ffffff;
+}
+
+html, body { height: 100%; }
+body {
+  font-family: var(--font-ui);
+  background: var(--bg-gradient), var(--bg);
+  color: var(--text);
+  line-height: 1.5;
+  font-size: 13.5px;
+  overflow: hidden;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+  letter-spacing: -0.005em;
+}
+a { color: var(--accent); text-decoration: none; transition: color .15s var(--ease); }
+a:hover { color: var(--accent-hover); }
+code {
+  background: var(--surface2);
+  border: 1px solid var(--border-subtle);
+  padding: 1px 5px;
+  border-radius: 4px;
+  font-size: .76rem;
+  font-family: var(--font-mono);
+  color: var(--text);
+}
+::-webkit-scrollbar { width: 10px; height: 10px; }
+::-webkit-scrollbar-track { background: transparent; }
+::-webkit-scrollbar-thumb { background: var(--border); border-radius: 10px; border: 2px solid var(--bg); }
+::-webkit-scrollbar-thumb:hover { background: var(--border-strong); }
 
 /* ── Top Nav ── */
-.topnav { height: 48px; background: var(--surface); border-bottom: 1px solid var(--border); display: flex; align-items: center; padding: 0 1.2rem; gap: 1rem; z-index: 100; }
-.topnav-left { display: flex; align-items: center; gap: .6rem; }
-.topnav-right { margin-left: auto; display: flex; align-items: center; gap: 1rem; }
-.topnav h1 { font-size: 1.1rem; font-weight: 700; white-space: nowrap; }
-.badge { background: var(--accent); color: var(--logo-text); padding: 2px 8px; border-radius: 10px; font-size: .65rem; font-weight: 600; }
-.tn-stat { font-size: .72rem; color: var(--muted); display: flex; align-items: center; gap: 4px; }
-.tn-stat .tn-v { font-weight: 700; font-size: .82rem; }
-.tn-v.red { color: var(--red); } .tn-v.green { color: var(--green); } .tn-v.blue { color: var(--accent); } .tn-v.yellow { color: var(--yellow); }
-.logo { width: 32px; height: 32px; background: var(--logo-bg); color: var(--logo-text); border-radius: 6px; display: flex; align-items: center; justify-content: center; font-weight: 700; font-size: 13px; }
-#themeToggle { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; padding: 4px 8px; cursor: pointer; font-size: 14px; line-height: 1; }
-#themeToggle:hover { background: var(--border); }
+.topnav {
+  height: 52px;
+  background: color-mix(in oklab, var(--surface) 92%, transparent);
+  backdrop-filter: saturate(160%) blur(12px);
+  -webkit-backdrop-filter: saturate(160%) blur(12px);
+  border-bottom: 1px solid var(--border);
+  display: flex; align-items: center;
+  padding: 0 1.4rem; gap: 1rem;
+  z-index: 100;
+  position: relative;
+}
+.topnav::after {
+  content: ''; position: absolute; left: 0; right: 0; bottom: -1px; height: 1px;
+  background: linear-gradient(90deg, transparent, var(--accent-dim) 40%, var(--accent-dim) 60%, transparent);
+  opacity: .55; pointer-events: none;
+}
+.topnav-left { display: flex; align-items: center; gap: .7rem; }
+.topnav-right { margin-left: auto; display: flex; align-items: center; gap: .75rem; }
+.topnav-metrics { display: flex; align-items: center; gap: .5rem; }
+.topnav h1 { font-size: 1.02rem; font-weight: 650; white-space: nowrap; letter-spacing: -0.01em; }
+.badge {
+  background: var(--accent-soft);
+  color: var(--accent);
+  border: 1px solid var(--accent-dim);
+  padding: 2px 9px; border-radius: 999px;
+  font-size: .64rem; font-weight: 600;
+  text-transform: uppercase; letter-spacing: .6px;
+}
+.tn-stat {
+  font-size: .72rem; color: var(--muted); display: flex; align-items: center; gap: 6px;
+  background: color-mix(in oklab, var(--surface2) 88%, transparent);
+  border: 1px solid var(--border);
+  border-radius: 999px;
+  padding: 4px 10px;
+  backdrop-filter: blur(4px);
+}
+.tn-stat .tn-k { letter-spacing: .2px; }
+.tn-stat .tn-v { font-weight: 700; font-size: .85rem; color: var(--text); font-variant-numeric: tabular-nums; }
+.tn-v.red { color: var(--sev-crit); } .tn-v.green { color: var(--green); }
+.tn-v.blue { color: var(--accent); } .tn-v.yellow { color: var(--yellow); }
+.feature-filter-wrap { display: flex; align-items: center; }
+.feature-filter-select {
+  max-width: 170px;
+  background: var(--surface2);
+  color: var(--text);
+  border: 1px solid var(--border);
+  border-radius: 999px;
+  padding: 5px 10px;
+  font-size: .74rem;
+  font-family: var(--font-ui);
+  cursor: pointer;
+  transition: all .15s var(--ease);
+}
+.feature-filter-select:hover { border-color: var(--border-strong); background: var(--surface3); }
+.feature-filter-select:focus { outline: none; border-color: var(--accent); box-shadow: var(--glow-accent); }
+.logo {
+  width: 34px; height: 34px;
+  background: var(--logo-bg); color: var(--logo-text);
+  border-radius: 9px;
+  display: flex; align-items: center; justify-content: center;
+  font-weight: 700; font-size: 12px; letter-spacing: .3px;
+  box-shadow: var(--shadow-sm);
+}
+#themeToggle {
+  background: var(--surface2); border: 1px solid var(--border);
+  border-radius: 8px; padding: 5px 9px; cursor: pointer;
+  font-size: 14px; line-height: 1; color: var(--text);
+  transition: all .15s var(--ease);
+}
+#themeToggle:hover { background: var(--surface3); border-color: var(--border-strong); }
 [data-theme="dark"] .icon-sun { display: none; }
 [data-theme="light"] .icon-moon { display: none; }
+.feature-banner {
+  display: none;
+  align-items: center;
+  gap: 8px;
+  padding: 8px 16px;
+  background: color-mix(in oklab, var(--accent) 88%, var(--surface));
+  color: #fff;
+  font-size: .8rem;
+  font-weight: 600;
+  border-bottom: 1px solid color-mix(in oklab, var(--accent) 45%, var(--border));
+}
+.feature-banner-files { opacity: .75; font-weight: 500; }
+.feature-banner-clear {
+  margin-left: auto;
+  background: rgba(255,255,255,.18);
+  border: 1px solid rgba(255,255,255,.28);
+  color: #fff;
+  padding: 4px 10px;
+  border-radius: 999px;
+  cursor: pointer;
+  font-size: .72rem;
+  font-weight: 600;
+}
+.feature-banner-clear:hover { background: rgba(255,255,255,.28); }
 
 /* ── Layout ── */
-.layout { display: flex; height: calc(100vh - 48px); position: relative; }
-.sidebar { width: var(--sidebar-w); min-width: var(--sidebar-w); background: var(--surface); border-right: 1px solid var(--border); display: flex; flex-direction: column; transition: all .25s ease; }
-.sidebar-nav { flex: 1; overflow-y: auto; padding: .6rem 0; }
-.sidebar.collapsed { width: 50px; min-width: 50px; }
+.layout { display: flex; height: calc(100vh - 54px); position: relative; }
+.sidebar {
+  width: var(--sidebar-w); min-width: var(--sidebar-w);
+  background: var(--surface);
+  border-right: 1px solid var(--border);
+  display: flex; flex-direction: column;
+  transition: width .25s var(--ease), min-width .25s var(--ease);
+}
+.sidebar-nav { flex: 1; overflow-y: auto; padding: .75rem .55rem; }
+.sidebar.collapsed { width: 52px; min-width: 52px; }
 .sidebar.collapsed .nav-text { display: none; }
 .sidebar.collapsed .sep { margin: .5rem .5rem; }
 .sidebar.collapsed .chevron-left { display: none; }
 .sidebar.collapsed .chevron-right { display: block; }
-#sidebarToggle { background: var(--surface2); border: none; border-top: 1px solid var(--border); padding: .8rem; cursor: pointer; color: var(--muted); transition: all .2s; display: flex; align-items: center; justify-content: center; width: 100%; }
-#sidebarToggle:hover { background: var(--border); color: var(--accent); }
+#sidebarToggle {
+  background: transparent; border: none; border-top: 1px solid var(--border);
+  padding: .7rem; cursor: pointer; color: var(--muted);
+  transition: all .15s var(--ease);
+  display: flex; align-items: center; justify-content: center; width: 100%;
+}
+#sidebarToggle:hover { background: var(--surface2); color: var(--accent); }
 #sidebarToggle svg { display: block; }
 #sidebarToggle .chevron-right { display: none; }
-.sidebar a { display: flex; align-items: center; gap: .6rem; padding: .55rem 1rem; font-size: .8rem; color: var(--muted); cursor: pointer; border-left: 3px solid transparent; transition: all .12s; user-select: none; }
+.sidebar a {
+  display: flex; align-items: center; gap: .65rem;
+  padding: .52rem .75rem; margin: 1px .1rem;
+  font-size: .8rem; color: var(--muted); cursor: pointer;
+  border-radius: 7px;
+  transition: background .12s var(--ease), color .12s var(--ease);
+  user-select: none;
+  position: relative;
+}
 .sidebar a:hover { background: var(--surface2); color: var(--text); }
-.sidebar a.active { color: var(--accent); border-left-color: var(--accent); background: rgba(45,212,167,.08); }
-.sidebar .nav-icon { width: 20px; display: flex; align-items: center; justify-content: center; flex-shrink: 0; }
+.sidebar a.active {
+  color: var(--accent);
+  background: var(--accent-soft);
+  font-weight: 550;
+}
+.sidebar a.active::before {
+  content: ''; position: absolute; left: -.1rem; top: 20%; bottom: 20%; width: 2px;
+  background: var(--accent); border-radius: 2px;
+}
+.sidebar .nav-icon { width: 18px; display: flex; align-items: center; justify-content: center; flex-shrink: 0; opacity: .85; }
+.sidebar a.active .nav-icon { opacity: 1; }
 .sidebar .nav-icon svg { display: block; }
-.sidebar .sep { height: 1px; background: var(--border); margin: .5rem 1rem; }
+.sidebar .sep { height: 1px; background: var(--border); margin: .6rem .8rem; }
 .main { flex: 1; overflow-y: auto; padding: 0; }
-.section-content { display: none; padding: 1.2rem 1.5rem; } .section-content.active { display: block; }
+.section-content { display: none; padding: 1.6rem 2rem 3rem; max-width: 1400px; }
+.section-content.active { display: block; animation: fadeIn .2s var(--ease); }
+@keyframes fadeIn { from { opacity: 0; transform: translateY(3px); } to { opacity: 1; transform: none; } }
+.panel {
+  background: color-mix(in oklab, var(--surface) 94%, transparent);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+  padding: 1rem 1.1rem;
+  box-shadow: var(--shadow-sm);
+  margin-bottom: 1rem;
+}
+.panel-row { display: flex; align-items: center; gap: .8rem; margin-bottom: .35rem; }
+.panel-muted { color: var(--muted); font-size: .82rem; }
+.summary-panels {
+  display: grid;
+  grid-template-columns: minmax(250px, 1fr) minmax(320px, 1.3fr);
+  gap: .9rem;
+}
+.ai-analysis-panel { padding-top: .9rem; }
 
 /* ── Drawer ── */
-.drawer-overlay { position: fixed; top: 0; left: 0; right: 0; bottom: 0; background: rgba(0,0,0,.4); z-index: 200; display: none; }
-.drawer-overlay.open { display: block; }
-.drawer { position: fixed; top: 0; right: 0; width: var(--drawer-w); height: 100vh; background: var(--surface); border-left: 1px solid var(--border); z-index: 201; transform: translateX(100%); transition: transform .25s ease; overflow-y: auto; }
+.drawer-overlay {
+  position: fixed; inset: 0;
+  background: rgba(0,0,0,.48);
+  backdrop-filter: blur(2px);
+  -webkit-backdrop-filter: blur(2px);
+  z-index: 200; display: none;
+}
+.drawer-overlay.open { display: block; animation: fadeIn .15s var(--ease); }
+.drawer {
+  position: fixed; top: 0; right: 0;
+  width: var(--drawer-w); height: 100vh;
+  background: var(--surface);
+  border-left: 1px solid var(--border);
+  z-index: 201;
+  transform: translateX(100%);
+  transition: transform .28s var(--ease);
+  overflow-y: auto;
+  box-shadow: var(--shadow-lg);
+}
 .drawer.open { transform: translateX(0); }
-.drawer-header { display: flex; align-items: center; justify-content: space-between; padding: .8rem 1rem; border-bottom: 1px solid var(--border); position: sticky; top: 0; background: var(--surface); z-index: 1; }
-.drawer-header h3 { font-size: .95rem; color: var(--accent); }
-.drawer-close { background: none; border: 1px solid var(--border); color: var(--muted); cursor: pointer; padding: 4px 10px; border-radius: 4px; font-size: .8rem; }
-.drawer-close:hover { color: var(--text); border-color: var(--muted); }
-.drawer-body { padding: 1rem; }
-.d-section { margin-bottom: 1rem; } .d-label { font-size: .7rem; text-transform: uppercase; color: var(--muted); letter-spacing: .5px; margin-bottom: .3rem; } .d-value { font-size: .82rem; }
-.d-code { background: var(--bg); border: 1px solid var(--border); border-radius: 6px; padding: .5rem .7rem; font-family: var(--font-mono); font-size: .72rem; line-height: 1.6; color: var(--muted); white-space: pre; overflow-x: auto; }
+.drawer-header {
+  display: flex; align-items: center; justify-content: space-between;
+  padding: 1rem 1.2rem;
+  border-bottom: 1px solid var(--border);
+  position: sticky; top: 0;
+  background: color-mix(in oklab, var(--surface) 94%, transparent);
+  backdrop-filter: blur(8px);
+  -webkit-backdrop-filter: blur(8px);
+  z-index: 1;
+}
+.drawer-header h3 { font-size: .95rem; color: var(--text); font-weight: 650; letter-spacing: -.01em; }
+.drawer-close {
+  background: var(--surface2); border: 1px solid var(--border);
+  color: var(--muted); cursor: pointer;
+  padding: 5px 11px; border-radius: 6px; font-size: .78rem;
+  transition: all .15s var(--ease);
+}
+.drawer-close:hover { color: var(--text); border-color: var(--border-strong); background: var(--surface3); }
+.drawer-body { padding: 1.2rem; }
+.d-section { margin-bottom: 1.2rem; }
+.d-label { font-size: .68rem; text-transform: uppercase; color: var(--muted); letter-spacing: .8px; margin-bottom: .35rem; font-weight: 600; }
+.d-value { font-size: .85rem; }
+.d-code {
+  background: var(--bg); border: 1px solid var(--border); border-radius: var(--radius-md);
+  padding: .65rem .8rem; font-family: var(--font-mono); font-size: .72rem;
+  line-height: 1.65; color: var(--muted); white-space: pre; overflow-x: auto;
+}
 
 /* ── Section headings ── */
-.sec-h { font-size: 1.1rem; font-weight: 700; margin-bottom: .8rem; display: flex; align-items: center; gap: .5rem; }
-.sec-icon { font-size: 1.2rem; }
-.sub-h { font-size: .9rem; font-weight: 600; color: var(--accent); margin: 1rem 0 .5rem 0; }
+.sec-h {
+  font-size: 1.25rem; font-weight: 700;
+  margin-bottom: 1rem;
+  display: flex; align-items: center; gap: .6rem;
+  letter-spacing: -.02em;
+}
+.sec-icon {
+  font-size: 1rem;
+  width: 30px; height: 30px;
+  display: inline-flex; align-items: center; justify-content: center;
+  background: var(--accent-soft);
+  color: var(--accent);
+  border: 1px solid var(--accent-dim);
+  border-radius: 8px;
+}
+.sub-h {
+  font-size: .78rem; font-weight: 600; color: var(--muted);
+  margin: 1.2rem 0 .55rem 0;
+  text-transform: uppercase; letter-spacing: .7px;
+  display: flex; align-items: center; gap: .5rem;
+}
+.sub-h::after {
+  content: ''; flex: 1; height: 1px;
+  background: linear-gradient(90deg, var(--border), transparent);
+}
+.sub-h-alert { color: var(--red); }
+.sub-h-critical { color: var(--sev-crit); }
+.sub-h-ok { color: var(--green); }
+.sub-h-neutral { color: var(--yellow); }
+.sub-h-info { color: var(--blue); }
+.section-note { color: var(--muted); font-size: .78rem; margin-bottom: .55rem; }
+.flow-arrow { color: var(--muted); font-weight: 700; font-size: .88rem; text-align: center; }
 
 /* ── Stats Grid ── */
-.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(100px, 1fr)); gap: .5rem; margin-bottom: 1.2rem; }
-.stat-card { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; padding: .5rem; text-align: center; }
-.stat-card .value { font-size: 1.3rem; font-weight: 700; color: var(--accent); }
-.stat-card .label { font-size: .65rem; color: var(--muted); margin-top: 2px; }
-.stat-danger .value { color: var(--red); } .stat-success .value { color: var(--green); }
-.stat-muted .value { color: var(--muted); } .stat-muted .label { color: var(--text-dim); }
+.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(118px, 1fr)); gap: .6rem; margin-bottom: 1.2rem; }
+.stat-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  padding: .75rem .7rem;
+  text-align: center;
+  transition: transform .15s var(--ease), border-color .15s var(--ease), box-shadow .15s var(--ease);
+  position: relative; overflow: hidden;
+}
+.stat-card::before {
+  content: ''; position: absolute; inset: 0 0 auto 0; height: 2px;
+  background: var(--accent); opacity: 0; transition: opacity .15s var(--ease);
+}
+.stat-card:hover { transform: translateY(-1px); border-color: var(--border-strong); box-shadow: var(--shadow-sm); }
+.stat-card:hover::before { opacity: .8; }
+.stat-card .value { font-size: 1.5rem; font-weight: 700; color: var(--accent); font-variant-numeric: tabular-nums; letter-spacing: -.02em; line-height: 1.1; }
+.stat-card .label { font-size: .68rem; color: var(--muted); margin-top: 4px; text-transform: uppercase; letter-spacing: .4px; font-weight: 500; }
+.stat-danger .value { color: var(--sev-crit); } .stat-danger::before { background: var(--sev-crit); }
+.stat-success .value { color: var(--green); } .stat-success::before { background: var(--green); }
+.stat-muted .value { color: var(--muted); } .stat-muted::before { background: var(--muted); }
+.stat-muted .label { color: var(--text-dim); }
 
 /* ── Risk Banner ── */
-.risk-banner { display: flex; align-items: center; gap: 20px; padding: 16px 20px; border-radius: 10px; border: 1px solid var(--border); margin-bottom: 1rem; }
-.risk-grade { font-size: 40px; font-weight: 700; width: 60px; height: 60px; display: flex; align-items: center; justify-content: center; border-radius: 10px; }
-.risk-detail { display: flex; flex-direction: column; gap: 2px; }
-.risk-detail strong { font-size: 15px; } .risk-detail span { font-size: 13px; color: var(--muted); }
-.risk-f { background: var(--risk-f); } .risk-f .risk-grade { background: var(--sev-crit); color: #fff; }
-.risk-d { background: var(--risk-d); } .risk-d .risk-grade { background: var(--sev-high); color: #fff; }
-.risk-c { background: var(--risk-c); } .risk-c .risk-grade { background: var(--sev-med); color: #fff; }
-.risk-b { background: var(--risk-b); } .risk-b .risk-grade { background: var(--sev-low); color: #fff; }
-.risk-a { background: var(--risk-a); } .risk-a .risk-grade { background: var(--green); color: #fff; }
+.risk-banner {
+  display: flex; align-items: center; gap: 22px;
+  padding: 18px 22px;
+  border-radius: var(--radius-lg);
+  border: 1px solid var(--border);
+  margin-bottom: 1.2rem;
+  box-shadow: var(--shadow-sm);
+}
+.risk-grade {
+  font-size: 34px; font-weight: 800;
+  width: 58px; height: 58px;
+  display: flex; align-items: center; justify-content: center;
+  border-radius: var(--radius-md);
+  letter-spacing: -.03em;
+  box-shadow: 0 6px 16px rgba(0,0,0,.22), inset 0 1px 0 rgba(255,255,255,.15);
+}
+.risk-detail { display: flex; flex-direction: column; gap: 3px; }
+.risk-detail strong { font-size: 15px; font-weight: 650; letter-spacing: -.01em; }
+.risk-detail span { font-size: 13px; color: var(--muted); }
+.risk-f { background: var(--risk-f); border-color: var(--risk-border-f); } .risk-f .risk-grade { background: var(--sev-crit); color: #fff; }
+.risk-d { background: var(--risk-d); border-color: var(--risk-border-d); } .risk-d .risk-grade { background: var(--sev-high); color: #fff; }
+.risk-c { background: var(--risk-c); border-color: var(--risk-border-c); } .risk-c .risk-grade { background: var(--sev-med); color: #fff; }
+.risk-b { background: var(--risk-b); border-color: var(--risk-border-b); } .risk-b .risk-grade { background: var(--sev-low); color: #fff; }
+.risk-a { background: var(--risk-a); border-color: var(--risk-border-a); } .risk-a .risk-grade { background: var(--green); color: #fff; }
 
 /* ── Coverage Bar ── */
-.coverage-pct { font-size: 1.8rem; font-weight: 700; }
-.coverage-pct.good { color: var(--green); } .coverage-pct.warn { color: var(--yellow); } .coverage-pct.bad { color: var(--red); }
-.posture-bar { height: 8px; border-radius: 4px; background: var(--border); margin: .6rem 0; overflow: hidden; }
-.posture-fill { height: 100%; border-radius: 4px; transition: width .4s; }
-.posture-fill.good { background: var(--green); } .posture-fill.warn { background: var(--yellow); } .posture-fill.bad { background: var(--red); }
+.coverage-pct { font-size: 2rem; font-weight: 700; font-variant-numeric: tabular-nums; letter-spacing: -.03em; }
+.coverage-pct.good { color: var(--green); } .coverage-pct.warn { color: var(--yellow); } .coverage-pct.bad { color: var(--sev-crit); }
+.posture-bar { height: 10px; border-radius: 999px; background: var(--surface2); margin: .7rem 0; overflow: hidden; border: 1px solid var(--border-subtle); }
+.posture-fill { height: 100%; border-radius: 999px; transition: width .6s var(--ease); }
+.posture-fill.good { background: linear-gradient(90deg, var(--green), var(--accent)); }
+.posture-fill.warn { background: linear-gradient(90deg, var(--yellow), var(--muted)); }
+.posture-fill.bad  { background: linear-gradient(90deg, var(--sev-crit), var(--red)); }
 
 /* ── Severity Chart ── */
-.severity-chart { display: flex; flex-direction: column; gap: 8px; margin-bottom: 1rem; }
-.sev-row { display: flex; align-items: center; gap: 10px; }
-.sev-label { width: 55px; font-size: 13px; font-weight: 500; text-align: right; }
-.sev-track { flex: 1; height: 22px; background: var(--surface2); border-radius: 5px; overflow: hidden; }
-.sev-fill { height: 100%; border-radius: 5px; min-width: 2px; transition: width .6s; }
-.sev-fill-crit { background: var(--sev-crit); } .sev-fill-high { background: var(--sev-high); }
-.sev-fill-med { background: var(--sev-med); } .sev-fill-low { background: var(--sev-low); }
+.severity-chart { display: flex; flex-direction: column; gap: 9px; margin-bottom: 1rem; }
+.sev-row { display: flex; align-items: center; gap: 12px; }
+.sev-label { width: 62px; font-size: 12.5px; font-weight: 550; text-align: right; color: var(--muted); }
+.sev-track { flex: 1; height: 22px; background: var(--surface2); border-radius: 6px; overflow: hidden; border: 1px solid var(--border-subtle); }
+.sev-fill { height: 100%; border-radius: 6px; min-width: 2px; transition: width .6s var(--ease); }
+.sev-fill-crit { background: linear-gradient(90deg, var(--sev-crit), var(--red)); }
+.sev-fill-high { background: linear-gradient(90deg, var(--sev-high), var(--red)); }
+.sev-fill-med  { background: linear-gradient(90deg, var(--sev-med), var(--text-dim)); }
+.sev-fill-low  { background: linear-gradient(90deg, var(--sev-low), var(--blue)); }
 .sev-fill-unset { background: var(--sev-unset); }
-.sev-count { width: 28px; font-size: 14px; font-weight: 600; font-family: var(--font-mono); }
+.sev-count { width: 32px; font-size: 14px; font-weight: 700; font-family: var(--font-mono); color: var(--text); font-variant-numeric: tabular-nums; }
 
 /* ── Finding Cards ── */
-.finding-card { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; padding: .7rem 1rem; margin-bottom: .5rem; cursor: pointer; transition: border-color .15s; }
-.finding-card:hover { border-color: var(--accent); }
-.fc-top { display: flex; align-items: center; gap: .5rem; margin-bottom: .2rem; }
-.fc-risk { font-weight: 600; font-size: .85rem; } .fc-desc { font-size: .78rem; color: var(--muted); }
-.fc-assets { font-size: .72rem; color: var(--muted); margin-top: .2rem; font-family: var(--font-mono); }
-.fc-sev { font-size: .7rem; padding: 1px 6px; border-radius: 3px; font-weight: 600; }
-.fc-sev.crit { background: var(--sev-crit); color: #fff; } .fc-sev.high { background: var(--sev-high); color: #fff; }
-.fc-sev.med { background: var(--sev-med); color: #000; } .fc-sev.low { background: var(--border); color: var(--muted); }
-.fc-sev.unset { background: var(--border); color: var(--muted); }
+.finding-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  padding: .8rem 1rem;
+  margin-bottom: .55rem;
+  cursor: pointer;
+  transition: all .15s var(--ease);
+  position: relative;
+}
+.finding-card::before {
+  content: ''; position: absolute; left: 0; top: 0; bottom: 0; width: 3px;
+  background: var(--sev-crit); border-radius: 3px 0 0 3px;
+  opacity: .7;
+}
+.finding-card:hover {
+  border-color: var(--border-strong);
+  transform: translateX(2px);
+  box-shadow: var(--shadow-sm);
+}
+.fc-top { display: flex; align-items: center; gap: .55rem; margin-bottom: .25rem; }
+.fc-risk { font-weight: 600; font-size: .88rem; letter-spacing: -.005em; }
+.fc-desc { font-size: .8rem; color: var(--muted); line-height: 1.5; }
+.fc-assets { font-size: .72rem; color: var(--muted); margin-top: .3rem; font-family: var(--font-mono); }
+.fc-sev {
+  font-size: .66rem;
+  padding: 2px 8px;
+  border-radius: 999px;
+  font-weight: 700;
+  text-transform: uppercase;
+  letter-spacing: .4px;
+  border: 1px solid transparent;
+}
+.fc-sev.crit  { background: var(--sev-crit-bg); color: var(--sev-crit); border-color: color-mix(in oklab, var(--sev-crit) 35%, transparent); }
+.fc-sev.high  { background: var(--sev-high-bg); color: var(--sev-high); border-color: color-mix(in oklab, var(--sev-high) 35%, transparent); }
+.fc-sev.med   { background: var(--sev-med-bg);  color: var(--sev-med);  border-color: color-mix(in oklab, var(--sev-med) 35%, transparent); }
+.fc-sev.low   { background: var(--sev-low-bg);  color: var(--sev-low);  border-color: color-mix(in oklab, var(--sev-low) 35%, transparent); }
+.fc-sev.unset { background: var(--surface2);    color: var(--muted);    border-color: var(--border); }
 
 /* ── Tables ── */
-table { width: 100%; border-collapse: collapse; background: var(--surface2); border-radius: 6px; overflow: hidden; margin-bottom: .8rem; }
-th, td { padding: .45rem .7rem; text-align: left; border-bottom: 1px solid var(--border); font-size: .78rem; }
-th { background: var(--border); color: var(--muted); font-weight: 600; text-transform: uppercase; font-size: .68rem; }
-tr.clickable { cursor: pointer; } tr.clickable:hover { background: var(--table-hover); }
-.row-open { border-left: 3px solid var(--red); }
+table {
+  width: 100%; border-collapse: separate; border-spacing: 0;
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  overflow: hidden;
+  margin-bottom: 1rem;
+  box-shadow: var(--shadow-sm);
+}
+th, td { padding: .6rem .85rem; text-align: left; border-bottom: 1px solid var(--border-subtle); font-size: .8rem; }
+tr:last-child td { border-bottom: none; }
+th {
+  background: var(--surface2);
+  color: var(--muted); font-weight: 650;
+  text-transform: uppercase; font-size: .66rem; letter-spacing: .7px;
+  position: sticky; top: 0;
+}
+tbody tr { transition: background .12s var(--ease); }
+tbody tr:nth-child(even) { background: var(--table-alt); }
+tr.clickable { cursor: pointer; }
+tr.clickable:hover { background: var(--table-hover); }
+.row-open { box-shadow: inset 3px 0 0 var(--sev-crit); }
 .loc { color: var(--muted); font-family: var(--font-mono); font-size: .72rem; white-space: nowrap; }
-.empty-state { color: var(--muted); font-style: italic; padding: .8rem; font-size: .82rem; }
+.empty-state {
+  color: var(--muted); font-style: italic;
+  padding: 1.2rem;
+  font-size: .82rem; text-align: center;
+  background: var(--surface); border: 1px dashed var(--border);
+  border-radius: var(--radius-md);
+}
 
 /* ── Badges ── */
-.badge-red { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; background: var(--badge-red-bg); color: var(--sev-crit); }
-.badge-green { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; background: var(--badge-green-bg); color: var(--green); }
-.badge-blue { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; background: var(--badge-blue-bg); color: var(--sev-low); }
-
-/* ── Annotation badges ── */
-.ann-badge { display: inline-block; padding: 1px 7px; border-radius: 4px; font-size: .68rem; font-weight: 600; text-transform: uppercase; letter-spacing: .3px; }
-.ann-asset { background: #1c3a5e; color: #58a6ff; } .ann-threat { background: #4a1a1a; color: #f85149; }
-.ann-control { background: #1a3a1a; color: #3fb950; } .ann-exposes { background: #4a1a1a; color: #f85149; }
-.ann-mitigates { background: #1a3a1a; color: #3fb950; } .ann-accepts { background: #3a3a1a; color: #d29922; }
-.ann-transfers { background: #2a1a3a; color: #bc8cff; } .ann-flow { background: #2a2a2a; color: #8b949e; }
-.ann-boundary { background: #2a1a3a; color: #bc8cff; } .ann-data { background: #3a2a1a; color: #db6d28; }
-.ann-handles { background: #3a2a1a; color: #db6d28; } .ann-validates { background: #1a3a1a; color: #3fb950; }
-.ann-owns { background: #1c3a5e; color: #58a6ff; } .ann-audit { background: #3a3a1a; color: #d29922; }
-.ann-assumes { background: #3a3a1a; color: #d29922; } .ann-shield { background: #2a2a2a; color: #8b949e; }
-.ann-comment { background: var(--surface2); color: var(--muted); border: 1px solid var(--border); }
+.badge-red, .badge-green, .badge-blue {
+  display: inline-block; padding: 2px 9px;
+  border-radius: 999px;
+  font-size: .66rem; font-weight: 650;
+  text-transform: uppercase; letter-spacing: .4px;
+  border: 1px solid transparent;
+}
+.badge-red   { background: var(--badge-red-bg);   color: var(--badge-red-fg);   border-color: color-mix(in oklab, var(--sev-crit) 25%, transparent); }
+.badge-green { background: var(--badge-green-bg); color: var(--badge-green-fg); border-color: color-mix(in oklab, var(--green) 25%, transparent); }
+.badge-blue  { background: var(--badge-blue-bg);  color: var(--badge-blue-fg);  border-color: color-mix(in oklab, var(--sev-low) 25%, transparent); }
+
+/* ── Annotation badges (theme-aware) ── */
+.ann-badge {
+  display: inline-block; padding: 2px 8px;
+  border-radius: 5px;
+  font-size: .66rem; font-weight: 650;
+  text-transform: uppercase; letter-spacing: .35px;
+  border: 1px solid transparent;
+}
+.ann-asset    { background: rgba(3,96,162,.14);    color: #f0f0f0; border-color: rgba(3,96,162,.3); }
+.ann-threat   { background: rgba(234,29,29,.14);   color: #f0f0f0; border-color: rgba(234,29,29,.3); }
+.ann-control  { background: rgba(51,212,157,.14);  color: #33d49d; border-color: rgba(51,212,157,.3); }
+.ann-exposes  { background: rgba(234,29,29,.14);   color: #f0f0f0; border-color: rgba(234,29,29,.3); }
+.ann-mitigates{ background: rgba(51,212,157,.14);  color: #33d49d; border-color: rgba(51,212,157,.3); }
+.ann-accepts  { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-transfers{ background: rgba(59,103,121,.18);  color: #f0f0f0; border-color: rgba(59,103,121,.3); }
+.ann-flow     { background: var(--surface2);       color: var(--muted); border-color: var(--border); }
+.ann-boundary { background: rgba(59,103,121,.18);  color: #f0f0f0; border-color: rgba(59,103,121,.3); }
+.ann-data     { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-handles  { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-validates{ background: rgba(51,212,157,.14);  color: #33d49d; border-color: rgba(51,212,157,.3); }
+.ann-owns     { background: rgba(3,96,162,.14);    color: #f0f0f0; border-color: rgba(3,96,162,.3); }
+.ann-audit    { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-assumes  { background: rgba(85,137,158,.16);  color: #f0f0f0; border-color: rgba(85,137,158,.3); }
+.ann-shield   { background: var(--surface2);       color: var(--muted); border-color: var(--border); }
+.ann-comment  { background: var(--surface2);       color: var(--muted); border: 1px solid var(--border); }
+[data-theme="light"] .ann-asset    { color: #0360a2; background: rgba(3,96,162,.10); border-color: rgba(3,96,162,.25); }
+[data-theme="light"] .ann-threat,
+[data-theme="light"] .ann-exposes  { color: #ea1d1d; background: rgba(234,29,29,.10); border-color: rgba(234,29,29,.25); }
+[data-theme="light"] .ann-control,
+[data-theme="light"] .ann-mitigates,
+[data-theme="light"] .ann-validates{ color: #1f3943; background: rgba(51,212,157,.16); border-color: rgba(51,212,157,.25); }
+[data-theme="light"] .ann-accepts,
+[data-theme="light"] .ann-audit,
+[data-theme="light"] .ann-assumes  { color: #3b6779; background: rgba(85,137,158,.14); border-color: rgba(85,137,158,.25); }
+[data-theme="light"] .ann-transfers,
+[data-theme="light"] .ann-boundary { color: #1f3943; background: rgba(59,103,121,.12); border-color: rgba(59,103,121,.25); }
+[data-theme="light"] .ann-data,
+[data-theme="light"] .ann-handles  { color: #3b6779; background: rgba(85,137,158,.14); border-color: rgba(85,137,158,.25); }
+[data-theme="light"] .ann-owns     { color: #0360a2; background: rgba(3,96,162,.10); border-color: rgba(3,96,162,.25); }
 
 /* ── File Cards (Code Browser) ── */
-.file-card { background: var(--surface2); border: 1px solid var(--border); border-radius: 6px; margin-bottom: .7rem; overflow: hidden; }
-.file-card-header { display: flex; align-items: center; justify-content: space-between; padding: .5rem .8rem; background: var(--surface); cursor: pointer; user-select: none; }
-.file-card-header:hover { background: var(--border); }
+.file-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  margin-bottom: .7rem;
+  overflow: hidden;
+  transition: border-color .15s var(--ease);
+}
+.file-card:hover { border-color: var(--border-strong); }
+.file-card-header {
+  display: flex; align-items: center; justify-content: space-between;
+  padding: .65rem .9rem;
+  background: var(--surface2);
+  cursor: pointer; user-select: none;
+  transition: background .12s var(--ease);
+}
+.file-card-header:hover { background: var(--surface3); }
 .file-path { font-family: var(--font-mono); font-size: .78rem; color: var(--accent); font-weight: 600; }
-.file-count { font-size: .68rem; color: var(--muted); background: var(--border); padding: 1px 7px; border-radius: 10px; }
-.chevron { color: var(--muted); transition: transform .2s; font-size: .75rem; }
+.file-count {
+  font-size: .68rem; color: var(--muted);
+  background: var(--surface); border: 1px solid var(--border);
+  padding: 2px 9px; border-radius: 999px; font-weight: 600;
+}
+.chevron { color: var(--muted); transition: transform .2s var(--ease); font-size: .75rem; }
 .file-card-header.open .chevron { transform: rotate(90deg); }
-.file-card-body { display: none; border-top: 1px solid var(--border); } .file-card-body.open { display: block; }
-.ann-entry { padding: .6rem .8rem; border-bottom: 1px solid var(--border); cursor: pointer; }
-.ann-entry:hover { background: rgba(45,212,167,.04); } .ann-entry:last-child { border-bottom: none; }
-.ann-header { display: flex; align-items: center; gap: .4rem; margin-bottom: .2rem; }
-.ann-line { font-family: var(--font-mono); font-size: .68rem; color: var(--muted); min-width: 35px; }
-.ann-summary { font-size: .78rem; font-weight: 500; }
-.ann-desc { font-size: .75rem; color: var(--muted); margin: .15rem 0 .25rem 0; padding-left: .5rem; border-left: 2px solid var(--border); }
+.file-card-body { display: none; border-top: 1px solid var(--border); }
+.file-card-body.open { display: block; animation: fadeIn .2s var(--ease); }
+.ann-entry {
+  padding: .7rem .9rem;
+  border-bottom: 1px solid var(--border-subtle);
+  cursor: pointer;
+  transition: background .1s var(--ease);
+}
+.ann-entry:hover { background: var(--accent-soft); }
+.ann-entry:last-child { border-bottom: none; }
+.ann-header { display: flex; align-items: center; gap: .5rem; margin-bottom: .25rem; }
+.ann-line { font-family: var(--font-mono); font-size: .68rem; color: var(--muted); min-width: 38px; }
+.ann-summary { font-size: .8rem; font-weight: 550; }
+.ann-desc {
+  font-size: .76rem; color: var(--muted);
+  margin: .2rem 0 .3rem 0;
+  padding-left: .6rem; border-left: 2px solid var(--border);
+}
 
 /* ── Diagrams ── */
-.diagram-hint { font-size: .75rem; color: var(--muted); margin-bottom: .6rem; }
-.mermaid-wrap { background: var(--surface); border: 1px solid var(--border); border-radius: 6px; padding: 16px; overflow: auto; margin-bottom: 1rem; }
+.diagram-hint { font-size: .78rem; color: var(--muted); margin-bottom: .7rem; }
+.diagram-shell {
+  background: color-mix(in oklab, var(--surface) 92%, transparent);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-lg);
+  box-shadow: var(--shadow-sm);
+  overflow: hidden;
+  margin-bottom: 1rem;
+}
+.diagram-toolbar {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: .8rem;
+  padding: .65rem .8rem;
+  border-bottom: 1px solid var(--border);
+  background: color-mix(in oklab, var(--surface2) 92%, transparent);
+}
+.diagram-title {
+  font-size: .8rem;
+  font-weight: 650;
+  letter-spacing: .3px;
+  color: var(--text);
+  text-transform: uppercase;
+}
+.diagram-actions { display: flex; align-items: center; gap: .35rem; }
+.diagram-btn {
+  min-width: 28px;
+  height: 28px;
+  border-radius: 7px;
+  border: 1px solid var(--border);
+  background: var(--surface);
+  color: var(--text);
+  font-size: .78rem;
+  font-weight: 650;
+  cursor: pointer;
+  transition: all .15s var(--ease);
+}
+.diagram-btn:hover { border-color: var(--border-strong); background: var(--surface3); }
+.diagram-meta {
+  padding: .55rem .8rem;
+  border-top: 1px solid var(--border);
+  color: var(--muted);
+  font-size: .74rem;
+}
+.mermaid-wrap {
+  background: var(--surface);
+  border: none;
+  border-radius: 0;
+  padding: 16px 18px;
+  overflow: auto;
+  margin-bottom: 0;
+  box-shadow: none;
+}
 .mermaid { text-align: left; width: max-content; min-width: 100%; }
 .mermaid svg { max-width: none; height: auto; display: block; }
+.mermaid svg .cluster rect,
+.mermaid svg .cluster polygon {
+  rx: 10;
+  ry: 10;
+  stroke-dasharray: 4 3;
+  stroke-opacity: .72;
+}
+.mermaid svg .cluster-label .nodeLabel,
+.mermaid svg .cluster .cluster-label text {
+  font-weight: 700 !important;
+  letter-spacing: .3px;
+}
+.mermaid svg .edgeLabel { font-size: 11px !important; }
+.mermaid svg .edgeLabel rect { opacity: .92; }
+.mermaid svg .node rect,
+.mermaid svg .node polygon,
+.mermaid svg .node circle {
+  filter: drop-shadow(0 2px 4px rgba(0,0,0,.18));
+}
+.mermaid svg path.flowchart-link {
+  stroke-linecap: round;
+}
+.topology-shell { min-height: 720px; }
+.topology-toolbar { border-bottom-color: var(--border-subtle); }
+.topology-controls {
+  display: flex;
+  align-items: center;
+  gap: .7rem;
+  flex-wrap: wrap;
+  padding: .7rem .85rem;
+  border-bottom: 1px solid var(--border-subtle);
+  background: color-mix(in oklab, var(--surface) 96%, transparent);
+}
+.diagram-search {
+  min-width: 240px;
+  flex: 1;
+  max-width: 380px;
+  height: 34px;
+  border-radius: 8px;
+  border: 1px solid var(--border);
+  background: var(--surface2);
+  color: var(--text);
+  padding: 0 .85rem;
+  font-family: var(--font-ui);
+  font-size: .82rem;
+  outline: none;
+  transition: border-color .15s var(--ease), box-shadow .15s var(--ease);
+}
+.diagram-search:focus { border-color: var(--accent); box-shadow: 0 0 0 3px var(--accent-soft); }
+.topology-kind-toggles { display: inline-flex; align-items: center; gap: .35rem; flex-wrap: wrap; }
+.topology-kind-pill {
+  display: inline-flex; align-items: center; gap: .4rem;
+  padding: .3rem .65rem;
+  border-radius: 999px;
+  border: 1px solid var(--border);
+  background: var(--surface2);
+  color: var(--muted);
+  font-size: .72rem;
+  font-weight: 600;
+  cursor: pointer;
+  user-select: none;
+  transition: all .15s var(--ease);
+}
+.topology-kind-pill:hover { border-color: var(--border-strong); color: var(--text); }
+.topology-kind-pill:has(input:checked) { background: var(--accent-soft); border-color: var(--accent-dim); color: var(--text); }
+.topology-kind-pill.topology-kind-asset:has(input:checked) { border-color: color-mix(in oklab, var(--blue) 50%, transparent); }
+.topology-kind-pill.topology-kind-threat:has(input:checked) { border-color: color-mix(in oklab, var(--sev-crit) 50%, transparent); }
+.topology-kind-pill.topology-kind-control:has(input:checked) { border-color: color-mix(in oklab, var(--green) 50%, transparent); }
+.topology-kind-pill input { position: absolute; opacity: 0; pointer-events: none; }
+.topology-kind-pill::before {
+  content: '';
+  width: 8px; height: 8px; border-radius: 50%;
+  background: var(--muted);
+  transition: background .15s var(--ease);
+}
+.topology-kind-pill.topology-kind-asset::before { background: var(--blue); }
+.topology-kind-pill.topology-kind-threat::before { background: var(--sev-crit); }
+.topology-kind-pill.topology-kind-control::before { background: var(--green); }
+.topology-kind-pill:not(:has(input:checked))::before { background: var(--text-dim); opacity: .5; }
+
+.topology-link-filters {
+  display: flex;
+  align-items: center;
+  gap: .5rem;
+  flex-wrap: wrap;
+  padding: .55rem .85rem;
+  border-bottom: 1px solid var(--border-subtle);
+  background: color-mix(in oklab, var(--surface2) 55%, var(--surface));
+}
+.topology-link-filters-k {
+  color: var(--muted);
+  font-size: .65rem;
+  text-transform: uppercase;
+  letter-spacing: .8px;
+  font-weight: 700;
+  margin-right: .2rem;
+}
+.topology-link-pill {
+  display: inline-flex; align-items: center; gap: .35rem;
+  padding: .22rem .55rem;
+  border-radius: 999px;
+  border: 1px solid var(--border);
+  background: var(--surface);
+  color: var(--muted);
+  font-size: .68rem;
+  font-weight: 600;
+  cursor: pointer;
+  user-select: none;
+  transition: all .12s var(--ease);
+}
+.topology-link-pill input { position: absolute; opacity: 0; pointer-events: none; }
+.topology-link-pill::before {
+  content: '';
+  display: inline-block;
+  width: 14px; height: 0;
+  border-top: 2px solid currentColor;
+}
+.topology-link-pill:has(input:checked) { color: var(--text); border-color: var(--border-strong); }
+.topology-link-pill:not(:has(input:checked)) { opacity: .45; }
+.topology-link-pill-exposes::before,
+.topology-link-pill-confirmed::before { border-color: var(--sev-crit); border-top-style: solid; }
+.topology-link-pill-mitigates::before,
+.topology-link-pill-protects::before,
+.topology-link-pill-validates::before { border-color: var(--green); border-top-style: solid; }
+.topology-link-pill-flows::before { border-color: var(--blue); border-top-style: dashed; }
+.topology-link-pill-boundary::before { border-color: var(--purple); border-top-style: dashed; }
+.topology-link-pill-transfers::before,
+.topology-link-pill-accepts::before { border-color: var(--sev-med); border-top-style: dashed; }
+
+.topology-count {
+  margin-left: auto;
+  color: var(--muted);
+  font-size: .7rem;
+  font-family: var(--font-mono);
+  white-space: nowrap;
+  letter-spacing: .4px;
+}
+.topology-layout {
+  display: grid;
+  grid-template-columns: minmax(0, 1fr) 300px;
+  min-height: 600px;
+  background: var(--surface);
+}
+.topology-graph {
+  min-height: 600px;
+  overflow: hidden;
+  border-right: 1px solid var(--border-subtle);
+  background:
+    radial-gradient(ellipse 600px 320px at 30% 40%, color-mix(in oklab, var(--accent) 4%, transparent), transparent 70%),
+    radial-gradient(ellipse 500px 280px at 75% 70%, color-mix(in oklab, var(--sev-crit) 5%, transparent), transparent 70%),
+    linear-gradient(color-mix(in oklab, var(--border-subtle) 55%, transparent) 1px, transparent 1px),
+    linear-gradient(90deg, color-mix(in oklab, var(--border-subtle) 55%, transparent) 1px, transparent 1px),
+    var(--surface);
+  background-size: auto, auto, 36px 36px, 36px 36px, auto;
+  background-position: 0 0, 0 0, -1px -1px, -1px -1px, 0 0;
+}
+.topology-graph svg { width: 100%; height: 100%; display: block; cursor: grab; }
+.topology-graph svg:active { cursor: grabbing; }
+
+.topology-lane-label {
+  fill: color-mix(in oklab, var(--muted) 55%, transparent);
+  font-size: 10px;
+  font-weight: 800;
+  letter-spacing: 3.5px;
+  text-transform: uppercase;
+  pointer-events: none;
+  user-select: none;
+}
+
+.topology-link {
+  stroke: var(--muted);
+  stroke-width: 1.4;
+  stroke-opacity: .42;
+  transition: stroke-opacity .2s var(--ease), stroke-width .2s var(--ease);
+}
+.topology-link-exposes { stroke: var(--sev-crit); stroke-opacity: .58; stroke-width: 1.6; }
+.topology-link-confirmed { stroke: var(--sev-crit); stroke-opacity: .9; stroke-width: 2.6; }
+.topology-link-mitigates,
+.topology-link-validates { stroke: var(--green); stroke-opacity: .62; stroke-width: 1.6; }
+.topology-link-protects { stroke: var(--green); stroke-opacity: .48; stroke-dasharray: 4 3; }
+.topology-link-flows { stroke: var(--blue); stroke-dasharray: 6 4; stroke-opacity: .6; stroke-width: 1.5; }
+.topology-link-boundary { stroke: var(--purple); stroke-dasharray: 2 5; stroke-width: 1.9; stroke-opacity: .75; }
+.topology-link-accepts { stroke: var(--sev-med); stroke-dasharray: 6 4; stroke-opacity: .7; }
+.topology-link-transfers { stroke: var(--sev-med); stroke-dasharray: 8 3; stroke-opacity: .7; }
+.topology-link-status-mitigated { stroke-opacity: .32; }
+.topology-link.emphasis { stroke-opacity: 1 !important; stroke-width: 2.4 !important; }
+.topology-link.dim { stroke-opacity: .08 !important; }
+
+.topology-node { cursor: pointer; transition: opacity .2s var(--ease); }
+.topology-node circle.topology-node-body {
+  stroke: var(--border-strong);
+  stroke-width: 1.4;
+  filter: drop-shadow(0 4px 10px rgba(0,0,0,.28));
+  transition: stroke-width .15s var(--ease), filter .15s var(--ease), r .25s var(--ease);
+}
+.topology-node:hover circle.topology-node-body,
+.topology-node.active circle.topology-node-body,
+.topology-node.emphasis circle.topology-node-body {
+  stroke-width: 2.6;
+  filter: drop-shadow(0 0 14px color-mix(in oklab, var(--accent) 48%, transparent));
+}
+.topology-node.active circle.topology-node-body { stroke: var(--accent); }
+.topology-node.dim { opacity: .18; }
+
+.topology-node-halo {
+  fill: transparent;
+  stroke: var(--sev-crit);
+  stroke-width: 2;
+  stroke-opacity: .55;
+  pointer-events: none;
+  filter: url(#topology-glow);
+  animation: topology-pulse 1.9s ease-in-out infinite;
+}
+.topology-fully-covered .topology-node-halo { display: none; }
+
+@keyframes topology-pulse {
+  0%, 100% { stroke-opacity: .3; transform: scale(1); }
+  50% { stroke-opacity: .75; transform: scale(1.08); }
+}
+
+.topology-coverage-arc {
+  fill: none;
+  stroke: var(--green);
+  stroke-width: 2.5;
+  stroke-linecap: round;
+  opacity: .85;
+  pointer-events: none;
+}
+
+.topology-asset circle.topology-node-body { fill: color-mix(in oklab, var(--blue) 60%, var(--surface)); }
+.topology-threat circle.topology-node-body { fill: color-mix(in oklab, var(--sev-med) 60%, var(--surface)); }
+.topology-control circle.topology-node-body { fill: color-mix(in oklab, var(--green) 58%, var(--surface)); }
+.topology-has-open circle.topology-node-body { stroke: var(--sev-crit); }
+.topology-has-confirmed circle.topology-node-body { stroke: var(--sev-crit); stroke-width: 2; }
+.topology-fully-covered circle.topology-node-body { stroke: var(--green); }
+
+.topology-sev-critical circle.topology-node-body,
+.topology-sev-p0 circle.topology-node-body { fill: color-mix(in oklab, var(--sev-crit) 72%, var(--surface)); }
+.topology-sev-high circle.topology-node-body,
+.topology-sev-p1 circle.topology-node-body { fill: color-mix(in oklab, var(--red) 60%, var(--surface)); }
+
+.topology-node-icon {
+  fill: #fff;
+  font-size: 11px;
+  font-weight: 800;
+  letter-spacing: .4px;
+  pointer-events: none;
+}
+.topology-node-label {
+  fill: var(--text);
+  paint-order: stroke;
+  stroke: var(--surface);
+  stroke-width: 4px;
+  stroke-linejoin: round;
+  font-size: 11px;
+  font-weight: 650;
+  pointer-events: none;
+}
+.topology-node.emphasis .topology-node-label { font-weight: 750; }
+
+.topology-inspector {
+  padding: 1rem .95rem;
+  overflow-y: auto;
+  background: color-mix(in oklab, var(--surface2) 78%, var(--surface));
+  border-left: 1px solid var(--border-subtle);
+}
+.topology-inspector-head {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: .6rem;
+  margin-bottom: .35rem;
+}
+.topology-inspector-k {
+  color: var(--muted);
+  font-size: .66rem;
+  text-transform: uppercase;
+  letter-spacing: .8px;
+  font-weight: 700;
+}
+.topology-badge {
+  font-size: .62rem;
+  font-weight: 800;
+  text-transform: uppercase;
+  letter-spacing: .5px;
+  padding: 2px 7px;
+  border-radius: 999px;
+  border: 1px solid transparent;
+}
+.topology-badge-open { background: var(--sev-crit-bg); color: var(--sev-crit); border-color: color-mix(in oklab, var(--sev-crit) 35%, transparent); }
+.topology-badge-confirmed { background: var(--sev-crit-bg); color: var(--sev-crit); border-color: var(--sev-crit); animation: topology-pulse 2s ease-in-out infinite; }
+.topology-badge-covered { background: color-mix(in oklab, var(--green) 15%, transparent); color: var(--green); border-color: color-mix(in oklab, var(--green) 40%, transparent); }
+
+.topology-inspector h3 {
+  font-size: 1rem;
+  line-height: 1.25;
+  margin-bottom: .75rem;
+  word-break: break-word;
+}
+.topology-bar-wrap { margin: 0 0 .9rem 0; }
+.topology-bar-label {
+  display: flex; justify-content: space-between; align-items: baseline;
+  font-size: .68rem;
+  color: var(--muted);
+  text-transform: uppercase;
+  letter-spacing: .8px;
+  font-weight: 700;
+  margin-bottom: .3rem;
+}
+.topology-bar-label strong { color: var(--text); font-family: var(--font-mono); }
+.topology-bar {
+  height: 7px;
+  border-radius: 999px;
+  background: var(--surface3);
+  overflow: hidden;
+}
+.topology-bar-fill { height: 100%; border-radius: 999px; transition: width .5s var(--ease); }
+.topology-bar-fill.good { background: linear-gradient(90deg, color-mix(in oklab, var(--green) 70%, transparent), var(--green)); }
+.topology-bar-fill.warn { background: linear-gradient(90deg, color-mix(in oklab, var(--sev-med) 65%, transparent), var(--sev-med)); }
+.topology-bar-fill.bad { background: linear-gradient(90deg, color-mix(in oklab, var(--sev-crit) 65%, transparent), var(--sev-crit)); }
+
+.topology-detail-grid {
+  display: grid;
+  grid-template-columns: 88px 1fr;
+  gap: .4rem .7rem;
+  align-items: baseline;
+  font-size: .78rem;
+}
+.topology-detail-grid span { color: var(--muted); }
+.topology-detail-grid strong { color: var(--text); font-weight: 700; word-break: break-word; }
+.topology-detail-grid .danger,
+.topology-detail-grid .status-open,
+.topology-detail-grid .status-confirmed,
+.topology-detail-grid .sev-critical,
+.topology-detail-grid .sev-p0,
+.topology-detail-grid .sev-high,
+.topology-detail-grid .sev-p1 { color: var(--sev-crit); }
+.topology-detail-grid .good,
+.topology-detail-grid .status-mitigated { color: var(--green); }
+.topology-chip-row {
+  display: flex;
+  flex-wrap: wrap;
+  gap: .35rem;
+  margin-top: .9rem;
+}
+.topology-chip-row span {
+  border: 1px solid var(--accent-dim);
+  background: var(--accent-soft);
+  color: var(--accent);
+  border-radius: 999px;
+  padding: 2px 8px;
+  font-size: .65rem;
+  font-weight: 700;
+}
+.topology-related-title {
+  margin: 1rem 0 .45rem;
+  color: var(--muted);
+  font-size: .68rem;
+  text-transform: uppercase;
+  letter-spacing: .7px;
+  font-weight: 700;
+}
+.topology-related { display: flex; flex-direction: column; gap: .35rem; }
+.topology-related-row {
+  display: grid;
+  grid-template-columns: 88px 1fr auto;
+  gap: .45rem;
+  align-items: center;
+  padding: .42rem .55rem;
+  border: 1px solid var(--border-subtle);
+  border-radius: 7px;
+  background: var(--surface);
+  font-size: .72rem;
+  transition: border-color .12s var(--ease);
+}
+.topology-related-row:hover { border-color: var(--border-strong); }
+.topology-related-exposes,
+.topology-related-confirmed { border-left: 2px solid var(--sev-crit); }
+.topology-related-mitigates,
+.topology-related-protects,
+.topology-related-validates { border-left: 2px solid var(--green); }
+.topology-related-flows { border-left: 2px solid var(--blue); }
+.topology-related-boundary { border-left: 2px solid var(--purple); }
+.topology-related-transfers,
+.topology-related-accepts { border-left: 2px solid var(--sev-med); }
+.topology-related-kind {
+  color: var(--muted);
+  font-family: var(--font-mono);
+  font-size: .64rem;
+  font-weight: 600;
+}
+.topology-related-row em { color: var(--muted); font-style: normal; font-family: var(--font-mono); }
+.topology-inspector-note {
+  margin-top: .9rem;
+  color: var(--muted);
+  font-size: .74rem;
+  line-height: 1.5;
+}
+.topology-legend {
+  display: flex;
+  align-items: center;
+  gap: .9rem;
+  flex-wrap: wrap;
+}
+.topology-legend span { display: inline-flex; align-items: center; gap: .35rem; }
+.legend-dot {
+  width: 10px;
+  height: 10px;
+  border-radius: 50%;
+  display: inline-block;
+  border: 1px solid color-mix(in oklab, currentColor 30%, transparent);
+}
+.legend-dot.asset { background: var(--blue); }
+.legend-dot.threat { background: var(--sev-med); }
+.legend-dot.control { background: var(--green); }
+.legend-dot.confirmed { background: var(--sev-crit); box-shadow: 0 0 8px color-mix(in oklab, var(--sev-crit) 60%, transparent); }
+.legend-line {
+  display: inline-block;
+  width: 20px;
+  height: 0;
+  border-top: 2px solid var(--muted);
+}
+.legend-line.exposes { border-color: var(--sev-crit); }
+.legend-line.open { border-color: var(--sev-crit); }
+.legend-line.mitigates { border-color: var(--green); }
+.legend-line.flow { border-color: var(--blue); border-top-style: dashed; }
+.legend-line.boundary { border-color: var(--purple); border-top-style: dashed; }
 
 /* ── Heatmap ── */
-.heatmap { display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); gap: 10px; }
-.heatmap-cell { border-radius: 8px; padding: 12px; border: 1px solid var(--border); transition: border-color 0.15s; }
+.heatmap { display: grid; grid-template-columns: repeat(auto-fill, minmax(220px, 1fr)); gap: 12px; }
+.heatmap-cell {
+  border-radius: var(--radius-md);
+  padding: 14px;
+  border: 1px solid var(--border);
+  transition: all .15s var(--ease);
+  box-shadow: var(--shadow-sm);
+}
 .heatmap-cell.clickable { cursor: pointer; }
-.heatmap-cell.clickable:hover { border-color: var(--accent); }
-.heatmap-name { font-weight: 600; font-size: 13px; margin-bottom: 4px; font-family: var(--font-mono); word-break: break-all; }
-.heatmap-stats { display: flex; gap: 10px; font-size: 12px; color: var(--muted); }
-.heatmap-data { margin-top: 4px; display: flex; gap: 4px; flex-wrap: wrap; }
-.data-badge { font-size: 10px; padding: 1px 6px; border-radius: 4px; background: rgba(45,212,167,.15); color: var(--accent); font-weight: 600; text-transform: uppercase; }
-.risk-cell-critical { background: var(--heatmap-crit); } .risk-cell-high { background: var(--heatmap-high); }
-.risk-cell-medium { background: var(--heatmap-med); } .risk-cell-low { background: var(--heatmap-low); }
-.risk-cell-none { background: var(--heatmap-none); }
+.heatmap-cell.clickable:hover {
+  border-color: var(--border-strong);
+  transform: translateY(-2px);
+  box-shadow: var(--shadow-md);
+}
+.heatmap-name { font-weight: 650; font-size: 13px; margin-bottom: 6px; font-family: var(--font-mono); word-break: break-all; color: var(--text); }
+.heatmap-stats { display: flex; gap: 12px; font-size: 12px; color: var(--muted); }
+.heatmap-data { margin-top: 6px; display: flex; gap: 4px; flex-wrap: wrap; }
+.data-badge {
+  font-size: 10px; padding: 2px 7px;
+  border-radius: 999px;
+  background: var(--accent-soft);
+  color: var(--accent);
+  border: 1px solid var(--accent-dim);
+  font-weight: 650; text-transform: uppercase; letter-spacing: .3px;
+}
+.risk-cell-critical { background: var(--heatmap-crit); border-color: var(--risk-border-f); }
+.risk-cell-high     { background: var(--heatmap-high); border-color: var(--risk-border-d); }
+.risk-cell-medium   { background: var(--heatmap-med);  border-color: var(--risk-border-c); }
+.risk-cell-low      { background: var(--heatmap-low);  border-color: var(--risk-border-b); }
+.risk-cell-none     { background: var(--heatmap-none); }
 
 /* ── Code Blocks ── */
-.code-block { background: var(--bg); border: 1px solid var(--border); border-radius: 5px; padding: .3rem .6rem; overflow-x: auto; margin-top: .25rem; font-family: var(--font-mono); font-size: .72rem; line-height: 1.45; tab-size: 2; }
+.code-block {
+  background: var(--bg);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-md);
+  padding: .4rem .7rem;
+  overflow-x: auto;
+  margin-top: .3rem;
+  font-family: var(--font-mono);
+  font-size: .72rem; line-height: 1.5;
+  tab-size: 2;
+}
 .code-line-code { display: block; color: var(--muted); white-space: pre; }
-.code-line-ann { display: block; color: var(--accent); background: rgba(45,212,167,.08); margin: 0 -.6rem; padding: 0 .6rem; border-left: 2px solid var(--accent); white-space: pre; }
+.code-line-ann {
+  display: block; color: var(--accent);
+  background: var(--accent-soft);
+  margin: 0 -.7rem; padding: 0 .7rem;
+  border-left: 2px solid var(--accent);
+  white-space: pre;
+}
 
 /* ── Diagram Tabs ── */
-.diagram-tabs { display: flex; gap: 0; border-bottom: 1px solid var(--border); margin-bottom: 1rem; }
-.diagram-tab { background: none; border: none; border-bottom: 2px solid transparent; padding: .5rem 1rem; color: var(--muted); font-size: .82rem; cursor: pointer; font-family: var(--font-ui); transition: all .15s; }
+.diagram-tabs { display: flex; gap: .25rem; border-bottom: 1px solid var(--border); margin-bottom: 1rem; padding: 0 .2rem; }
+.diagram-tab {
+  background: none; border: none; border-bottom: 2px solid transparent;
+  padding: .55rem 1rem; color: var(--muted);
+  font-size: .82rem; font-weight: 550;
+  cursor: pointer; font-family: var(--font-ui);
+  transition: all .15s var(--ease);
+  border-radius: 6px 6px 0 0;
+}
 .diagram-tab:hover { color: var(--text); background: var(--surface2); }
-.diagram-tab.active { color: var(--accent); border-bottom-color: var(--accent); }
+.diagram-tab.active {
+  color: var(--accent);
+  border-bottom-color: var(--accent);
+  background: var(--accent-soft);
+}
 .diagram-panel { display: none; } .diagram-panel.active { display: block; }
 
 /* ── AI Analysis Controls ── */
-.ai-analysis-controls { display: flex; align-items: center; gap: 0.75rem; margin: 0.75rem 0 1.25rem; }
-.report-selector-label { font-weight: 600; font-size: 0.88rem; color: var(--text); }
-.report-selector { flex: 1; max-width: 600px; padding: 0.5rem 0.75rem; font-size: 0.88rem; font-family: var(--font-base); background: var(--surface2); color: var(--text); border: 1px solid var(--border); border-radius: 6px; cursor: pointer; transition: border-color 0.15s, background 0.15s; }
-.report-selector:hover { background: var(--surface3); border-color: var(--accent); }
-.report-selector:focus { outline: none; border-color: var(--accent); box-shadow: 0 0 0 3px rgba(45,212,167,0.1); }
-.report-selector option { background: var(--surface); color: var(--text); padding: 0.5rem; }
-.ai-analysis-main { margin-top: 0.5rem; }
-.md-content h1 { font-size: 1.4rem; font-weight: 700; margin: 1.2rem 0 .6rem; color: var(--text); }
-.md-content h2 { font-size: 1.15rem; font-weight: 600; margin: 1rem 0 .5rem; color: var(--text); border-bottom: 1px solid var(--border); padding-bottom: .3rem; }
-.md-content h3 { font-size: 1rem; font-weight: 600; margin: .8rem 0 .4rem; color: var(--text); }
-.md-content p { margin: .4rem 0; line-height: 1.6; }
-.md-content ul, .md-content ol { margin: .4rem 0 .4rem 1.5rem; }
-.md-content li { margin: .2rem 0; line-height: 1.5; }
-.md-content code { font-family: var(--font-mono); font-size: .82rem; background: var(--surface2); padding: 1px 5px; border-radius: 3px; }
-.md-content pre { background: var(--bg); border: 1px solid var(--border); border-radius: 6px; padding: .8rem; overflow-x: auto; margin: .6rem 0; }
-.md-content pre code { background: none; padding: 0; }
-.md-content blockquote { border-left: 3px solid var(--accent); padding-left: .8rem; margin: .6rem 0; color: var(--muted); }
-.md-content table { width: 100%; border-collapse: collapse; margin: .6rem 0; font-size: .82rem; }
-.md-content th, .md-content td { padding: .4rem .6rem; border: 1px solid var(--border); text-align: left; }
-.md-content th { background: var(--surface2); font-weight: 600; }
-.md-content strong { color: var(--text); }
+.ai-analysis-controls { display: flex; align-items: center; gap: .85rem; margin: .75rem 0 1.5rem; }
+.report-selector-label { font-weight: 600; font-size: .85rem; color: var(--text); }
+.report-selector {
+  flex: 1; max-width: 600px;
+  padding: .55rem .85rem;
+  font-size: .88rem; font-family: var(--font-ui);
+  background: var(--surface);
+  color: var(--text);
+  border: 1px solid var(--border);
+  border-radius: 8px;
+  cursor: pointer;
+  transition: all .15s var(--ease);
+  box-shadow: var(--shadow-sm);
+}
+.report-selector:hover { background: var(--surface2); border-color: var(--border-strong); }
+.report-selector:focus {
+  outline: none; border-color: var(--accent);
+  box-shadow: 0 0 0 3px var(--accent-soft);
+}
+.report-selector option { background: var(--surface); color: var(--text); padding: .5rem; }
+.ai-analysis-main { margin-top: .5rem; }
+
+/* ── Markdown content ── */
+.md-content h1 { font-size: 1.5rem; font-weight: 700; margin: 1.3rem 0 .7rem; color: var(--text); letter-spacing: -.02em; }
+.md-content h2 {
+  font-size: 1.2rem; font-weight: 650; margin: 1.2rem 0 .6rem;
+  color: var(--text); border-bottom: 1px solid var(--border);
+  padding-bottom: .4rem; letter-spacing: -.01em;
+}
+.md-content h3 { font-size: 1.02rem; font-weight: 650; margin: 1rem 0 .45rem; color: var(--text); letter-spacing: -.01em; }
+.md-content p { margin: .5rem 0; line-height: 1.65; color: var(--text); }
+.md-content ul, .md-content ol { margin: .5rem 0 .5rem 1.6rem; }
+.md-content li { margin: .25rem 0; line-height: 1.6; }
+.md-content code { font-family: var(--font-mono); font-size: .82rem; background: var(--surface2); border: 1px solid var(--border-subtle); padding: 1px 6px; border-radius: 4px; }
+.md-content pre { background: var(--bg); border: 1px solid var(--border); border-radius: var(--radius-md); padding: .9rem 1rem; overflow-x: auto; margin: .8rem 0; box-shadow: var(--shadow-sm); }
+.md-content pre code { background: none; padding: 0; border: none; font-size: .8rem; }
+.md-content blockquote { border-left: 3px solid var(--accent); padding: .1rem 0 .1rem .9rem; margin: .7rem 0; color: var(--muted); background: var(--accent-soft); border-radius: 0 6px 6px 0; }
+.md-content table { width: 100%; border-collapse: separate; border-spacing: 0; margin: .7rem 0; font-size: .82rem; border: 1px solid var(--border); border-radius: var(--radius-md); overflow: hidden; }
+.md-content th, .md-content td { padding: .5rem .75rem; border-bottom: 1px solid var(--border-subtle); text-align: left; }
+.md-content tr:last-child td { border-bottom: none; }
+.md-content th { background: var(--surface2); font-weight: 650; color: var(--muted); text-transform: uppercase; font-size: .68rem; letter-spacing: .5px; }
+.md-content strong { color: var(--text); font-weight: 650; }
 
 /* ── Responsive ── */
+@media (max-width: 900px) {
+  .section-content { padding: 1.2rem 1rem 2rem; }
+  .summary-panels { grid-template-columns: 1fr; }
+  .topology-layout { grid-template-columns: 1fr; }
+  .topology-graph { border-right: none; border-bottom: 1px solid var(--border); }
+  .topology-inspector { min-height: 220px; }
+}
 @media (max-width: 768px) {
-  .sidebar { width: 50px; min-width: 50px; } .sidebar .nav-text { display: none; }
-  .topnav .tn-stat { display: none; }
+  .sidebar { width: 52px; min-width: 52px; } .sidebar .nav-text { display: none; }
+  .topnav .topnav-metrics { display: none; }
+  .feature-filter-select { max-width: 130px; }
+  .risk-banner { flex-direction: column; align-items: flex-start; gap: 12px; }
+  .diagram-search { min-width: 100%; max-width: none; }
+  .topology-count { margin-left: 0; width: 100%; }
+  :root { --drawer-w: 100vw; }
+}
+@media print {
+  .topnav, .sidebar, #sidebarToggle, #themeToggle { display: none; }
+  .main { margin: 0; } .layout { display: block; }
+  body { overflow: auto; height: auto; background: #fff; color: #000; }
 }
-@media print { .topnav, .sidebar, #sidebarToggle { display: none; } .main { margin: 0; } .layout { display: block; } #themeToggle { display: none; } }
 
 
 
@@ -268,12 +1322,14 @@ 
guardlink

     Threat Model
   

   

-    
Assets 16

-    
Open 16

-    
Controls 12

-    
Coverage 0%

-    

-      
         
         
         
@@ -286,11 +1342,11 @@ 
guardlink

 

 
 
-

     
SourceThreatTargetDescriptionLocation

     

@@ -524,519 +1589,543 @@ 
guardlink

-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-    
-      
-      
-      
-      
-      
+    
+      
+      
+      
+      
+      
-    
-      
-      
-      
-      
-      
+    
+      
+      
+      
+      
+      
-      
+      
+    
+      
+      
+      
+      
+      
+    
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-    
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
+    
+      
+      
+      
+      
+      
-    
-      
-      
-      
-      
-      
+    
+      
+      
+      
+      
+      
-      
+      
-      
+      
-      
+      
-      
+      
+    
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+    
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      
-      
+      

     
SourceTargetMechanismLocation

     
     

       EnvVars
       #agent-launcher
       process.env
       src/agents/config.ts:19
     

     

       ConfigFile
       #agent-launcher
       readFileSync
       src/agents/config.ts:20
     

     

       #agent-launcher
       ConfigFile
       writeFileSync
       src/agents/config.ts:21
     

     

       UserPrompt
       #agent-launcher
       launchAgent
       src/agents/launcher.ts:17
     

     

       #agent-launcher
       AgentProcess
       spawn
       src/agents/launcher.ts:18
     

     

       AgentProcess
       #agent-launcher
       stdout
       src/agents/launcher.ts:19
     

     

       UserPrompt
       #agent-launcher
       buildAnnotatePrompt
       src/agents/prompts.ts:12
     

     

       UserPrompt
       #agent-launcher
       buildTranslatePrompt
       src/agents/prompts.ts:13
     

     

       UserPrompt
       #agent-launcher
       buildAskPrompt
       src/agents/prompts.ts:14
     

     

       ThreatModel
       #agent-launcher
       model
       src/agents/prompts.ts:15
     

     

       #agent-launcher
       AgentPrompt
       return
       src/agents/prompts.ts:16
     

     

       ThreatModel
       #llm-client
       serializeModel
       src/analyze/index.ts:14
     

     

       ProjectFiles
       #llm-client
       readFileSync
       src/analyze/index.ts:15
     

     

       #llm-client
       ReportFile
       writeFileSync
       src/analyze/index.ts:16
     

     

       PentestFindings
       #llm-client
       readFileSync
       src/analyze/index.ts:686
     

     

       LLMConfig
       #llm-client
       chatCompletion
       src/analyze/llm.ts:19
     

     

       #llm-client
       LLMProvider
       fetch
       src/analyze/llm.ts:20
     

     

       LLMProvider
       #llm-client
       response
       src/analyze/llm.ts:21
     

     

       LLMToolCall
       #llm-client
       createToolExecutor
       src/analyze/tools.ts:15
     

     

       #llm-client
       NVD
       fetch
       src/analyze/tools.ts:16
     

     

       ProjectFiles
       #llm-client
       readFileSync
       src/analyze/tools.ts:17
     

     

       ThreatModel
       #sarif
       generateSarif
       src/analyzer/sarif.ts:19
     

     

       #sarif
       SarifLog
       return
       src/analyzer/sarif.ts:20
     
UserArgs#cliprocess.argvsrc/cli/index.ts:35
ThreatModel#dashboardgenerateThreatGraphsrc/dashboard/diagrams.ts:15
     
#cliFileSystemwriteFilesrc/cli/index.ts:36
ThreatModel#dashboardgenerateTopologyDatasrc/dashboard/diagrams.ts:16
     

     

       ThreatModel
       #dashboard
       computeStats
       src/dashboard/generate.ts:12
     
ThreatModel#dashboardtopologyDatasrc/dashboard/generate.ts:13

     

       SourceFiles
       #dashboard
       readFileSyncsrc/dashboard/generate.ts:13src/dashboard/generate.ts:14
     

     

       #dashboard
       HTML
       returnsrc/dashboard/generate.ts:14src/dashboard/generate.ts:15
     

     

       ThreatModel
       #dashboard
       generateDashboardHTML
       src/dashboard/index.ts:6
     
ProjectRoot#initdetectProjectsrc/init/detect.ts:7
ProjectRoot#initoptions.rootsrc/init/index.ts:14
#initAgentFileswriteFileSyncsrc/init/index.ts:15
UserArgs#cliprocess.argvsrc/cli/index.ts:35
     
#initConfigFilewriteFileSyncsrc/init/index.ts:16
#cliFileSystemwriteFilesrc/cli/index.ts:36
     

     

       GitRef
       #diff
       execSync
       src/diff/git.ts:12
     

     

       #diff
       TempDir
       writeFileSync
       src/diff/git.ts:13
     

     

       #diff
       ThreatModel
       parseProject
       src/diff/git.ts:14
     

     

       GitRef
       #diff
       parseAtRef
       src/diff/index.ts:6
     
ProjectRoot#initdetectProjectsrc/init/detect.ts:7
ProjectRoot#initoptions.rootsrc/init/index.ts:14
#initAgentFileswriteFileSyncsrc/init/index.ts:15
#initConfigFilewriteFileSyncsrc/init/index.ts:16

     

       MCPClient
       #mcp
       stdio
       src/mcp/index.ts:6
     

     

       QueryString
       #mcp
       lookup
       src/mcp/lookup.ts:19
     

     

       MCPClient
       #mcp
       tool_call
       src/mcp/server.ts:36
     

     

       #mcp
       FileSystem
       writeFile
       src/mcp/server.ts:37
     

     

       #mcp
       #llm-client
       generateThreatReport
       src/mcp/server.ts:38
     

     

       #mcp
       MCPClient
       resource
       src/mcp/server.ts:39
     

     

       FilePath
       #suggest
       readFileSync
       src/mcp/suggest.ts:18
     

     

       #suggest
       Suggestions
       suggestAnnotations
       src/mcp/suggest.ts:19
     

     

       ProjectRoot
       #parser
       fast-glob
       src/parser/clear.ts:11
     

     

       #parser
       SourceFiles
       writeFile
       src/parser/clear.ts:12
     

     

       FilePath
       #parser
       readFile
       src/parser/parse-file.ts:8
     

     

       #parser
       Annotations
       parseString
       src/parser/parse-file.ts:9
     

     

       ProjectRoot
       #parser
       fast-glob
       src/parser/parse-project.ts:9
     

     

       #parser
       ThreatModel
       assembleModel
       src/parser/parse-project.ts:10
     

     

       ThreatModel
       #report
       generateReport
       src/report/report.ts:8
     

     

       #report
       Markdown
       return
       src/report/report.ts:9
     

     

       ThreatModel
       #report
       generateSequenceDiagram
       src/report/sequence.ts:7
     

     

       ThreatModel
       #cli
       getReviewableExposures
       src/review/index.ts:13
     

     

       #cli
       SourceFiles
       writeFile
       src/review/index.ts:14
     

     

       UserArgs
       #tui
       args
       src/tui/commands.ts:17
     

     

       #tui
       FileSystem
       writeFile
       src/tui/commands.ts:18
     

     

       #tui
       #agent-launcher
       launchAgent
       src/tui/commands.ts:19
     

     

       #tui
       #llm-client
       chatCompletion
       src/tui/commands.ts:20
     

     

       ConfigFile
       #tui
       loadProjectConfig
       src/tui/config.ts:9
     

     

       #tui
       ConfigFile
       saveProjectConfig
       src/tui/config.ts:10
     

     

       UserInput
       #tui
       readline
       src/tui/index.ts:13
     

     

       #tui
       Commands
       dispatch
       src/tui/index.ts:14
     

     

       RawStdin
       #tui
       process.stdin
       src/tui/input.ts:17
     

     

       #tui
       Terminal
       process.stdout
       src/tui/input.ts:18
     

     

       UserArgs
       #workspace-link
       linkProject
       src/workspace/link.ts:8
     

     

       #workspace-link
       AgentFiles
       updateAgentWorkspaceContext
       src/workspace/link.ts:9
     

     

       ReportJSON
       #merge-engine
       mergeReports
       src/workspace/merge.ts:10
     

     

       #merge-engine
       MergedReport
       mergeReports
       src/workspace/merge.ts:11
     

     

       GitRepo
       #report-metadata
       execSync
       src/workspace/metadata.ts:8
     

     

       #report-metadata
       ThreatModel
       populateMetadata
       src/workspace/metadata.ts:9
     

     
   

+  

 

 
 

   
 Threat Reports

+  

   

     
     
   

   

+  

 

 
 

@@ -1050,7 +2139,7 @@ 
guardlink

     
4High

     
2Medium

     
3Low

-    
13Templates

+    
0Templates

     
1Scans

   

 
@@ -1136,115 +2225,6 @@ 
guardlink

   
 
   
-    
Templates (13)

-    
CXG templates in .guardlink/cxg-templates/ — click for details.

-    

-      
-      

-        

-          guardlink-arbitrary-write-clear
-          high
-        

-        
arbitrary-write-clear.py · python

-        
-      

-      

-        

-          guardlink-cmd-injection-cli
-          critical
-        

-        
cmd-injection-cli.py · python

-        
-      

-      

-        

-          es
-          medium
-        

-        
config-tamper-env.py · python

-        
-      

-      

-        

-          guardlink-data-exposure-mcp
-          medium
-        

-        
data-exposure-mcp.py · python

-        
-      

-      

-        

-          guardlink-cli-cmd-injection
-          critical
-        

-        
guardlink-cli-cmd-injection.py · python

-        
-      

-      

-        

-          guardlink-config-tamper
-          medium
-        

-        
guardlink-config-tamper.py · python

-        
-      

-      

-        

-          guardlink-mcp-cmd-injection
-          high
-        

-        
guardlink-mcp-cmd-injection.py · python

-        
-      

-      

-        

-          guardlink-mcp-data-exposure
-          medium
-        

-        
guardlink-mcp-data-exposure.py · python

-        
-      

-      

-        

-          guardlink-parser-arbitrary-write
-          high
-        

-        
guardlink-parser-arbitrary-write.py · python

-        
-      

-      

-        

-          guardlink-prompt-injection
-          high
-        

-        
guardlink-prompt-injection.py · python

-        
-      

-      

-        

-          guardlink-tui-cmd-injection
-          high
-        

-        
guardlink-tui-cmd-injection.py · python

-        
-      

-      

-        

-          guardlink-path-traversal-mcp
-          high
-        

-        
path-traversal-mcp.py · python

-        
-      

-      

-        

-          guardlink-prompt-injection-agent
-          high
-        

-        
prompt-injection-agent.py · python

-        
-      

-    

   
 

 
@@ -1253,8 +2233,8 @@ 
guardlink

 
   
 
-  
Open Threats (16)

-  
Exposed in code but not mitigated by any control.

+  
Open Threats (16)

+  
Exposed in code but not mitigated by any control.

   
   
@@ -1375,7 +2355,7 @@ 
guardlink

     
AssetThreatSeverityDescriptionLocation

     
   

 
-  
Mitigated Threats (45)

+  
Mitigated Threats (45)

   
   
@@ -1465,97 +2445,97 @@ 
guardlink

-    
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-    
-    
+    
-    
+    
-    
+    
-    
-      
+    
+      
-      
-      
-      
+      
+      
+      
-    
-      
+    
+      
-      
-      
+      
+      
-    
-      
-      
-      
-      
-      
+    
+      
+      
+      
+      
+      
-    
+    
-    
+    
-    
+    
-    
+    
+    
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+    
@@ -1861,7 +2841,31 @@ 
guardlink

-    
+    
+      
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+      
+    
+    
@@ -1869,7 +2873,7 @@ 
guardlink

-    
+    
@@ -1877,7 +2881,7 @@ 
guardlink

-    
+    
@@ -1885,7 +2889,7 @@ 
guardlink

-    
+    
@@ -1893,31 +2897,39 @@ 
guardlink

-    
+    
-      
-      
+      
+      
-      
-      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+      
-    
+    
-      
+      
-      
-      
+      
+      
-    
+    
-      
-      
+      
+      
-      
-      
+      
+      
-    
+    
@@ -1925,7 +2937,7 @@ 
guardlink

-    
+    
@@ -1933,7 +2945,7 @@ 
guardlink

-    
+    
@@ -1941,7 +2953,7 @@ 
guardlink

-    
+    
@@ -1949,38 +2961,6 @@ 
guardlink

-    
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-    
@@ -2203,426 +3183,504 @@ 
guardlink

   
 Diagrams

-  
Interactive diagrams from annotations. Scroll to zoom, drag to pan, double-click to reset.

+  
Interactive diagrams generated from annotations. The topology view supports search, filtering, drag, pan, and node inspection.

   

-    
+    
   

-  
+  

+      

+        

+          Risk Topology
+          

+            
+            
+            
+            
+          

+        

+        

+          
+          

+            
+            
+            
+            
+          

+          78 nodes · 174 links
+        

+        

+          Edges
+          
+          
+          
+          
+          
+        

+        

+          

+          
+        

+        

+          Asset
+          Threat
+          Control
+          Confirmed
+          Exposure
+          Mitigates
+          Flow
+          Boundary
+        

+      

+    

+

+      

+        

+          Threat Graph
+          

+            
+            
+            
+            
+          

+        

+        

+          
+%%{init: {"flowchart": {"nodeSpacing": 55, "rankSpacing": 150, "curve": "monotoneX", "htmlLabels": false, "padding": 24}}}%%
 graph LR
-  subgraph TZ0["🧱 #agent-launcher"]
-    _agent_launcher["🔷 #agent-launcher [SECRETS, INTERNAL]"]
-  end
-  subgraph TZ1["🧱 AgentProcess"]
-  end
-  subgraph TZ2["🧱 #llm-client"]
-    _llm_client["🔷 #llm-client [INTERNAL, INTERNAL, SECRETS]"]
-  end
-  subgraph TZ3["🧱 LLMProvider"]
-  end
-  subgraph TZ4["🧱 NVD"]
-  end
-  subgraph TZ5["🧱 #cli"]
-    _cli["🔷 #cli [SECRETS, INTERNAL]"]
+  subgraph TZ0["🧱 Trust boundary at process spawn"]
+    agent_launcher["🔷 GuardLink.Agent_Launcher [SECRETS, INTERNAL]"]
   end
-  subgraph TZ6["🧱 UserInput"]
+  subgraph TZ1["🧱 Trust boundary at external API call"]
+    llm_client["🔷 GuardLink.LLM_Client [INTERNAL, SECRETS]"]
   end
-  subgraph TZ7["🧱 #diff"]
-    _diff["🔷 #diff"]
+  subgraph TZ3["🧱 Trust boundary at CLI argument parsing"]
+    cli["🔷 GuardLink.CLI [SECRETS, INTERNAL]"]
   end
-  subgraph TZ8["🧱 GitRepo"]
+  subgraph TZ4["🧱 Trust boundary at git command execution"]
+    diff["🔷 GuardLink.Diff"]
   end
-  subgraph TZ9["🧱 #mcp"]
-    _mcp["🔷 #mcp [INTERNAL]"]
+  subgraph TZ5["🧱 Trust boundary at MCP protocol"]
+    mcp["🔷 GuardLink.MCP [INTERNAL]"]
   end
-  subgraph TZ10["🧱 MCPClient"]
+  subgraph TZ7["🧱 Trust boundary between parser and disk …"]
+    parser["🔷 GuardLink.Parser [INTERNAL]"]
   end
-  subgraph TZ11["🧱 #parser"]
-    _parser["🔷 #parser [INTERNAL]"]
+  subgraph TZ8["🧱 Trust boundary at interactive input"]
+    tui["🔷 GuardLink.TUI [SECRETS]"]
   end
-  subgraph TZ12["🧱 FileSystem"]
-  end
-  subgraph TZ13["🧱 #tui"]
-    _tui["🔷 #tui [SECRETS, SECRETS, SECRETS]"]
-  end
-  _sarif["🔷 #sarif"]
-  _dashboard["🔷 #dashboard [INTERNAL]"]
-  _init["🔷 #init [INTERNAL]"]
-  _suggest["🔷 #suggest"]
-  _merge_engine["🔷 #merge-engine"]
-  _workspace_config["🔷 #workspace-config"]
-  _api_key_exposure["🟠 API_Key_Exposure (cwe:CWE-798)"]:::threat
-  _path_traversal["🟠 Path_Traversal (cwe:CWE-22)"]:::threat
-  _arbitrary_write["🟠 Arbitrary_File_Write (cwe:CWE-73)"]:::threat
-  _child_proc_injection["🔴 Child_Process_Injection (cwe:CWE-78)"]:::threat
-  _prompt_injection["🟠 Prompt_Injection (cwe:CWE-77)"]:::threat
-  _dos["🟡 Denial_of_Service (cwe:CWE-400)"]:::threat
-  _config_tamper["🟡 Config_Tampering (cwe:CWE-15)"]:::threat
-  _data_exposure["🟡 Sensitive_Data_Exposure (cwe:CWE-200)"]:::threat
-  _ssrf["🟡 Server_Side_Request_Forgery (cwe:CWE-918)"]:::threat
-  _cmd_injection["🔴 Command_Injection (cwe:CWE-78)"]:::threat
-  _xss["🟠 Cross_Site_Scripting (cwe:CWE-79)"]:::threat
-  _redos["🟡 ReDoS (cwe:CWE-1333)"]:::threat
-  _tag_collision["🟡 Tag_Collision"]:::threat
-  _key_redaction["🛡️ key-redaction"]:::control
-  _path_validation["🛡️ path-validation"]:::control
-  _param_commands["🛡️ param-commands"]:::control
-  _config_validation["🛡️ config-validation"]:::control
-  _input_sanitize["🛡️ input-sanitize"]:::control
-  _glob_filtering["🛡️ glob-filtering"]:::control
-  _resource_limits["🛡️ resource-limits"]:::control
-  _output_encoding["🛡️ output-encoding"]:::control
-  _regex_anchoring["🛡️ regex-anchoring"]:::control
-  _prefix_ownership["🛡️ prefix-ownership"]:::control
-  _yaml_validation["🛡️ yaml-validation"]:::control
-  _agent_launcher -. exposed .-> _api_key_exposure
-  _agent_launcher -. exposed .-> _path_traversal
-  _agent_launcher -. exposed .-> _arbitrary_write
-  _agent_launcher -. exposed .-> _child_proc_injection
-  _agent_launcher -. exposed .-> _prompt_injection
-  _agent_launcher -. exposed .-> _dos
-  _agent_launcher -. exposed .-> _config_tamper
-  _llm_client -. exposed .-> _path_traversal
-  _llm_client -. exposed .-> _arbitrary_write
-  _llm_client -. exposed .-> _data_exposure
-  _llm_client -. exposed .-> _ssrf
-  _llm_client -. exposed .-> _api_key_exposure
-  _llm_client -. exposed .-> _prompt_injection
-  _llm_client -. exposed .-> _dos
-  _sarif -. exposed .-> _data_exposure
-  _cli -. exposed .-> _path_traversal
-  _cli -. exposed .-> _arbitrary_write
-  _cli -. exposed .-> _api_key_exposure
-  _cli -. exposed .-> _cmd_injection
-  _dashboard -. exposed .-> _xss
-  _dashboard -. exposed .-> _path_traversal
-  _init -. exposed .-> _path_traversal
-  _init -. exposed .-> _arbitrary_write
-  _init -. exposed .-> _data_exposure
-  _diff -. exposed .-> _cmd_injection
-  _diff -. exposed .-> _arbitrary_write
-  _diff -. exposed .-> _path_traversal
-  _mcp -. exposed .-> _cmd_injection
-  _mcp -. exposed .-> _redos
-  _mcp -. exposed .-> _path_traversal
-  _mcp -. exposed .-> _arbitrary_write
-  _mcp -. exposed .-> _prompt_injection
-  _mcp -. exposed .-> _api_key_exposure
-  _mcp -. exposed .-> _data_exposure
-  _suggest -. exposed .-> _path_traversal
-  _suggest -. exposed .-> _redos
-  _suggest -. exposed .-> _dos
-  _parser -. exposed .-> _arbitrary_write
-  _parser -. exposed .-> _path_traversal
-  _parser -. exposed .-> _dos
-  _parser -. exposed .-> _redos
-  _tui -. exposed .-> _path_traversal
-  _tui -. exposed .-> _arbitrary_write
-  _tui -. exposed .-> _cmd_injection
-  _tui -. exposed .-> _api_key_exposure
-  _tui -. exposed .-> _prompt_injection
-  _tui -. exposed .-> _dos
-  _key_redaction -- mitigates --> _api_key_exposure
-  _key_redaction -.- _agent_launcher
-  _path_validation -- mitigates --> _path_traversal
-  _path_validation -.- _agent_launcher
-  _path_validation -- mitigates --> _arbitrary_write
-  _param_commands -- mitigates --> _child_proc_injection
-  _param_commands -.- _agent_launcher
-  _param_commands -- mitigates --> _cmd_injection
-  _path_validation -.- _llm_client
-  _config_validation -- mitigates --> _ssrf
-  _config_validation -.- _llm_client
-  _key_redaction -.- _llm_client
-  _input_sanitize -- mitigates --> _ssrf
-  _input_sanitize -.- _llm_client
-  _glob_filtering -- mitigates --> _path_traversal
-  _glob_filtering -.- _llm_client
-  _resource_limits -- mitigates --> _dos
-  _resource_limits -.- _llm_client
-  _path_validation -.- _cli
-  _key_redaction -.- _cli
-  _output_encoding -- mitigates --> _xss
-  _output_encoding -.- _dashboard
-  _path_validation -.- _dashboard
-  _path_validation -.- _init
-  _input_sanitize -- mitigates --> _cmd_injection
-  _input_sanitize -.- _diff
-  _path_validation -.- _diff
-  _glob_filtering -.- _diff
-  _regex_anchoring -- mitigates --> _redos
-  _regex_anchoring -.- _mcp
-  _path_validation -.- _mcp
-  _key_redaction -.- _mcp
-  _path_validation -.- _suggest
-  _regex_anchoring -.- _suggest
-  _glob_filtering -.- _parser
-  _regex_anchoring -.- _parser
-  _resource_limits -.- _parser
-  _prefix_ownership -- mitigates --> _tag_collision
-  _prefix_ownership -.- _parser
-  _path_validation -.- _tui
-  _key_redaction -.- _tui
-  _resource_limits -.- _tui
-  _prefix_ownership -.- _merge_engine
-  _yaml_validation -- mitigates --> _config_tamper
-  _yaml_validation -.- _workspace_config
-  _mcp -- "📡 generateThreatReport" --> _llm_client
-  _tui -- "📡 launchAgent" --> _agent_launcher
-  _tui -- "📡 chatCompletion" --> _llm_client
-  classDef threat fill:#991b1b,stroke:#ef4444,color:#fecaca
-  classDef control fill:#065f46,stroke:#10b981,color:#a7f3d0
-

-
-%%{init: {"flowchart": {"nodeSpacing": 43, "rankSpacing": 59, "curve": "basis"}}}%%
+  sarif["🔷 GuardLink.SARIF"]
+  dashboard["🔷 GuardLink.Dashboard [INTERNAL]"]
+  init["🔷 GuardLink.Init [INTERNAL]"]
+  suggest["🔷 GuardLink.Suggest"]
+  merge_engine["🔷 Workspace.Merge"]
+  workspace_config["🔷 Workspace.Config"]
+  api_key_exposure["🟠 API_Key_Exposure (cwe:CWE-798)"]:::threat
+  path_traversal["🟠 Path_Traversal (cwe:CWE-22)"]:::threat
+  arbitrary_write["🟠 Arbitrary_File_Write (cwe:CWE-73)"]:::threat
+  child_proc_injection["🔴 Child_Process_Injection (cwe:CWE-78)"]:::threat
+  prompt_injection["🟠 Prompt_Injection (cwe:CWE-77)"]:::threat
+  dos["🟡 Denial_of_Service (cwe:CWE-400)"]:::threat
+  config_tamper["🟡 Config_Tampering (cwe:CWE-15)"]:::threat
+  data_exposure["🟡 Sensitive_Data_Exposure (cwe:CWE-200)"]:::threat
+  ssrf["🟡 Server_Side_Request_Forgery (cwe:CWE-918)"]:::threat
+  xss["🟠 Cross_Site_Scripting (cwe:CWE-79)"]:::threat
+  cmd_injection["🔴 Command_Injection (cwe:CWE-78)"]:::threat
+  redos["🟡 ReDoS (cwe:CWE-1333)"]:::threat
+  tag_collision["🟡 Tag_Collision"]:::threat
+  key_redaction["🛡️ Key_Redaction"]:::control
+  path_validation["🛡️ Path_Validation"]:::control
+  param_commands["🛡️ Parameterized_Commands"]:::control
+  config_validation["🛡️ Config_Validation"]:::control
+  input_sanitize["🛡️ Input_Sanitization"]:::control
+  glob_filtering["🛡️ Glob_Pattern_Filtering"]:::control
+  resource_limits["🛡️ Resource_Limits"]:::control
+  output_encoding["🛡️ Output_Encoding"]:::control
+  regex_anchoring["🛡️ Regex_Anchoring"]:::control
+  prefix_ownership["🛡️ Prefix_Ownership"]:::control
+  yaml_validation["🛡️ YAML_Validation"]:::control
+  agent_launcher -. exposes .-> api_key_exposure
+  agent_launcher -. exposes .-> path_traversal
+  agent_launcher -. exposes .-> arbitrary_write
+  agent_launcher -. exposes .-> child_proc_injection
+  agent_launcher -. exposes .-> prompt_injection
+  agent_launcher -. exposes .-> dos
+  agent_launcher -. exposes .-> config_tamper
+  llm_client -. exposes .-> path_traversal
+  llm_client -. exposes .-> arbitrary_write
+  llm_client -. exposes .-> data_exposure
+  llm_client -. exposes .-> ssrf
+  llm_client -. exposes .-> api_key_exposure
+  llm_client -. exposes .-> prompt_injection
+  llm_client -. exposes .-> dos
+  sarif -. exposes .-> data_exposure
+  dashboard -. exposes .-> xss
+  dashboard -. exposes .-> path_traversal
+  cli -. exposes .-> path_traversal
+  cli -. exposes .-> arbitrary_write
+  cli -. exposes .-> api_key_exposure
+  cli -. exposes .-> cmd_injection
+  diff -. exposes .-> cmd_injection
+  diff -. exposes .-> arbitrary_write
+  diff -. exposes .-> path_traversal
+  init -. exposes .-> path_traversal
+  init -. exposes .-> arbitrary_write
+  init -. exposes .-> data_exposure
+  mcp -. exposes .-> cmd_injection
+  mcp -. exposes .-> redos
+  mcp -. exposes .-> path_traversal
+  mcp -. exposes .-> arbitrary_write
+  mcp -. exposes .-> prompt_injection
+  mcp -. exposes .-> api_key_exposure
+  mcp -. exposes .-> data_exposure
+  suggest -. exposes .-> path_traversal
+  suggest -. exposes .-> redos
+  suggest -. exposes .-> dos
+  parser -. exposes .-> arbitrary_write
+  parser -. exposes .-> path_traversal
+  parser -. exposes .-> dos
+  parser -. exposes .-> redos
+  tui -. exposes .-> path_traversal
+  tui -. exposes .-> arbitrary_write
+  tui -. exposes .-> cmd_injection
+  tui -. exposes .-> api_key_exposure
+  tui -. exposes .-> prompt_injection
+  tui -. exposes .-> dos
+  key_redaction -- mitigates --> api_key_exposure
+  key_redaction -. protects .-> agent_launcher
+  path_validation -- mitigates --> path_traversal
+  path_validation -. protects .-> agent_launcher
+  path_validation -- mitigates --> arbitrary_write
+  param_commands -- mitigates --> child_proc_injection
+  param_commands -. protects .-> agent_launcher
+  param_commands -- mitigates --> cmd_injection
+  path_validation -. protects .-> llm_client
+  config_validation -- mitigates --> ssrf
+  config_validation -. protects .-> llm_client
+  key_redaction -. protects .-> llm_client
+  input_sanitize -- mitigates --> ssrf
+  input_sanitize -. protects .-> llm_client
+  glob_filtering -- mitigates --> path_traversal
+  glob_filtering -. protects .-> llm_client
+  resource_limits -- mitigates --> dos
+  resource_limits -. protects .-> llm_client
+  output_encoding -- mitigates --> xss
+  output_encoding -. protects .-> dashboard
+  path_validation -. protects .-> dashboard
+  path_validation -. protects .-> cli
+  key_redaction -. protects .-> cli
+  input_sanitize -- mitigates --> cmd_injection
+  input_sanitize -. protects .-> diff
+  path_validation -. protects .-> diff
+  glob_filtering -. protects .-> diff
+  path_validation -. protects .-> init
+  regex_anchoring -- mitigates --> redos
+  regex_anchoring -. protects .-> mcp
+  path_validation -. protects .-> mcp
+  key_redaction -. protects .-> mcp
+  path_validation -. protects .-> suggest
+  regex_anchoring -. protects .-> suggest
+  glob_filtering -. protects .-> parser
+  regex_anchoring -. protects .-> parser
+  resource_limits -. protects .-> parser
+  prefix_ownership -- mitigates --> tag_collision
+  prefix_ownership -. protects .-> parser
+  path_validation -. protects .-> tui
+  key_redaction -. protects .-> tui
+  resource_limits -. protects .-> tui
+  prefix_ownership -. protects .-> merge_engine
+  yaml_validation -- mitigates --> config_tamper
+  yaml_validation -. protects .-> workspace_config
+  mcp -- "📡 generateThreatReport" --> llm_client
+  tui -- "📡 launchAgent" --> agent_launcher
+  tui -- "📡 chatCompletion" --> llm_client
+  classDef threat fill:#3a1010,stroke:#ea1d1d,color:#f0f0f0,stroke-width:1.3px
+  classDef control fill:#102a24,stroke:#33d49d,color:#f0f0f0,stroke-width:1.3px
+

+          
+        

+        
Assets, threats, controls, and mitigations. 

+      

+    

+

+      

+        

+          Data Flow
+
+          

+            
+            
+            
+          

+        

+        
+%%{init: {"flowchart": {"nodeSpacing": 47, "rankSpacing": 67, "curve": "basis", "htmlLabels": false}}}%%
 graph LR
-  subgraph Z0["🧱 Trust Zone · #agent-launcher"]
-    _agent_launcher["🧩 #agent-launcher"]
+  subgraph Z0["🧱 GuardLink.Agent_Launcher · Trust boundary at process spawn"]
+    agent_launcher["🧩 GuardLink.Agent_Launcher · secrets, internal"]
   end
-  subgraph Z1["🧱 Trust Zone · AgentProcess"]
-    AgentProcess["🧩 AgentProcess"]
+  subgraph Z1["🧱 AgentProcess · Trust boundary at process spawn"]
+    agentprocess["🧩 AgentProcess"]
   end
-  subgraph Z2["🧱 Trust Zone · #llm-client"]
-    _llm_client["👤 #llm-client"]
+  subgraph Z2["🧱 GuardLink.LLM_Client · Trust boundary at external API call"]
+    llm_client["👤 GuardLink.LLM_Client · internal, secrets"]
   end
-  subgraph Z3["🧱 Trust Zone · LLMProvider"]
-    LLMProvider["🧩 LLMProvider"]
+  subgraph Z3["🧱 LLMProvider · Trust boundary at external API call"]
+    llmprovider["🧩 LLMProvider"]
   end
-  subgraph Z4["🧱 Trust Zone · NVD"]
-    NVD["🧩 NVD"]
+  subgraph Z4["🧱 NVD · Trust boundary at external API"]
+    nvd["🧩 NVD"]
   end
-  subgraph Z5["🧱 Trust Zone · #cli"]
-    _cli["🧩 #cli"]
+  subgraph Z5["🧱 GuardLink.CLI · Trust boundary at CLI argument parsing"]
+    cli["🧩 GuardLink.CLI · secrets, internal"]
   end
-  subgraph Z6["🧱 Trust Zone · UserInput"]
-    UserInput["👤 UserInput"]
+  subgraph Z6["🧱 UserInput · Trust boundary at CLI argument parsing"]
+    userinput["👤 UserInput"]
   end
-  subgraph Z7["🧱 Trust Zone · #diff"]
-    _diff["🧩 #diff"]
+  subgraph Z7["🧱 GuardLink.Diff · Trust boundary at git command execution"]
+    diff["🧩 GuardLink.Diff"]
   end
-  subgraph Z8["🧱 Trust Zone · GitRepo"]
-    GitRepo["🧩 GitRepo"]
+  subgraph Z8["🧱 GitRepo · Trust boundary at git command execution"]
+    gitrepo["🧩 GitRepo"]
   end
-  subgraph Z9["🧱 Trust Zone · #mcp"]
-    _mcp["🧩 #mcp"]
+  subgraph Z9["🧱 GuardLink.MCP · Trust boundary at MCP protocol"]
+    mcp["🧩 GuardLink.MCP · internal"]
   end
-  subgraph Z10["🧱 Trust Zone · MCPClient"]
-    MCPClient["👤 MCPClient"]
+  subgraph Z10["🧱 MCPClient · Trust boundary at MCP protocol"]
+    mcpclient["👤 MCPClient"]
   end
-  subgraph Z11["🧱 Trust Zone · #parser"]
-    _parser["🧩 #parser"]
+  subgraph Z11["🧱 GuardLink.Parser · Trust boundary between parser and disk I/O"]
+    parser["🧩 GuardLink.Parser · internal"]
   end
-  subgraph Z12["🧱 Trust Zone · FileSystem"]
-    FileSystem["🧩 FileSystem"]
+  subgraph Z12["🧱 FileSystem · Trust boundary between parser and disk I/O"]
+    filesystem["🧩 FileSystem"]
   end
-  subgraph Z13["🧱 Trust Zone · #tui"]
-    _tui["👤 #tui"]
+  subgraph Z13["🧱 GuardLink.TUI · Trust boundary at interactive input"]
+    tui["👤 GuardLink.TUI · secrets"]
   end
-  _agent_launcher -.-|🧱 Trust boundary at process spawn| AgentProcess
-  _llm_client -.-|🧱 Trust boundary at external API call| LLMProvider
-  _llm_client -.-|🧱 Trust boundary at external API| NVD
-  _cli -.-|🧱 Trust boundary at CLI argument parsing| UserInput
-  _diff -.-|🧱 Trust boundary at git command execution| GitRepo
-  _mcp -.-|🧱 Trust boundary at MCP protocol| MCPClient
-  _mcp -.-|🧱 Trust boundary at tool argument parsing| MCPClient
-  _parser -.-|🧱 Trust boundary between parser and disk I/O| FileSystem
-  _tui -.-|🧱 Trust boundary at interactive input| UserInput
-  EnvVars["🧩 EnvVars"]
-  ConfigFile["🧩 ConfigFile"]
-  UserPrompt["👤 UserPrompt"]
-  ThreatModel["🧩 ThreatModel"]
-  AgentPrompt["🧩 AgentPrompt"]
-  ProjectFiles["🧩 ProjectFiles"]
-  ReportFile["🧩 ReportFile"]
-  PentestFindings["🧩 PentestFindings"]
-  LLMConfig["🧩 LLMConfig"]
-  LLMToolCall["🧩 LLMToolCall"]
-  _sarif["🧩 #sarif"]
-  SarifLog["🧩 SarifLog"]
-  UserArgs["👤 UserArgs"]
-  _dashboard["🧩 #dashboard · internal"]
-  SourceFiles["🧩 SourceFiles"]
-  HTML["🧩 HTML"]
-  ProjectRoot["🧩 ProjectRoot"]
-  _init["🧩 #init · internal"]
-  AgentFiles["🧩 AgentFiles"]
-  GitRef["🧩 GitRef"]
-  TempDir["🧩 TempDir"]
-  QueryString["🧩 QueryString"]
-  FilePath["🧩 FilePath"]
-  _suggest["🧩 #suggest"]
-  Suggestions["🧩 Suggestions"]
-  Annotations["🧩 Annotations"]
-  _report["🧩 #report"]
-  Markdown["🧩 Markdown"]
-  Commands["🧩 Commands"]
-  RawStdin["🧩 RawStdin"]
-  Terminal["🧩 Terminal"]
-  _workspace_link["🧩 #workspace-link"]
-  ReportJSON["🧩 ReportJSON"]
-  _merge_engine["🧩 #merge-engine"]
-  MergedReport["🧩 MergedReport"]
-  _report_metadata["🧩 #report-metadata"]
-  EnvVars -- "📡 process.env" --> _agent_launcher
-  ConfigFile -- "🗄️ readFileSync" --> _agent_launcher
-  _agent_launcher -- "🗄️ writeFileSync" --> ConfigFile
-  UserPrompt -- "📡 launchAgent" --> _agent_launcher
-  _agent_launcher -- "📡 spawn" --> AgentProcess
-  AgentProcess -- "📡 stdout" --> _agent_launcher
-  UserPrompt -- "📡 buildAnnotatePrompt" --> _agent_launcher
-  UserPrompt -- "📡 buildTranslatePrompt" --> _agent_launcher
-  UserPrompt -- "📡 buildAskPrompt" --> _agent_launcher
-  ThreatModel -- "📡 model" --> _agent_launcher
-  _agent_launcher -- "📡 return" --> AgentPrompt
-  ThreatModel -- "📡 serializeModel" --> _llm_client
-  ProjectFiles -- "🗄️ readFileSync" --> _llm_client
-  _llm_client -- "🗄️ writeFileSync" --> ReportFile
-  PentestFindings -- "🗄️ readFileSync" --> _llm_client
-  LLMConfig -- "📡 chatCompletion" --> _llm_client
-  _llm_client -- "📡 fetch" --> LLMProvider
-  LLMProvider -- "📡 response" --> _llm_client
-  LLMToolCall -- "📡 createToolExecutor" --> _llm_client
-  _llm_client -- "📡 fetch" --> NVD
-  ProjectFiles -- "🗄️ readFileSync" --> _llm_client
-  ThreatModel -- "📡 generateSarif" --> _sarif
-  _sarif -- "📡 return" --> SarifLog
-  UserArgs -- "📡 process.argv" --> _cli
-  _cli -- "🗄️ writeFile" --> FileSystem
-  ThreatModel -- "📡 computeStats" --> _dashboard
-  SourceFiles -- "🗄️ readFileSync" --> _dashboard
-  _dashboard -- "📡 return" --> HTML
-  ThreatModel -- "📡 generateDashboardHTML" --> _dashboard
-  ProjectRoot -- "📡 detectProject" --> _init
-  ProjectRoot -- "📡 options.root" --> _init
-  _init -- "🗄️ writeFileSync" --> AgentFiles
-  _init -- "🗄️ writeFileSync" --> ConfigFile
-  GitRef -- "📡 execSync" --> _diff
-  _diff -- "🗄️ writeFileSync" --> TempDir
-  _diff -- "📡 parseProject" --> ThreatModel
-  GitRef -- "📡 parseAtRef" --> _diff
-  MCPClient -- "📡 stdio" --> _mcp
-  QueryString -- "📡 lookup" --> _mcp
-  MCPClient -- "📡 tool_call" --> _mcp
-  _mcp -- "🗄️ writeFile" --> FileSystem
-  _mcp -- "📡 generateThreatReport" --> _llm_client
-  _mcp -- "📡 resource" --> MCPClient
-  FilePath -- "🗄️ readFileSync" --> _suggest
-  _suggest -- "📡 suggestAnnotations" --> Suggestions
-  ProjectRoot -- "📡 fast-glob" --> _parser
-  _parser -- "🗄️ writeFile" --> SourceFiles
-  FilePath -- "🗄️ readFile" --> _parser
-  _parser -- "📡 parseString" --> Annotations
-  ProjectRoot -- "📡 fast-glob" --> _parser
-  _parser -- "📡 assembleModel" --> ThreatModel
-  ThreatModel -- "📡 generateReport" --> _report
-  _report -- "📡 return" --> Markdown
-  ThreatModel -- "📡 generateSequenceDiagram" --> _report
-  ThreatModel -- "📡 getReviewableExposures" --> _cli
-  _cli -- "🗄️ writeFile" --> SourceFiles
-  UserArgs -- "📡 args" --> _tui
-  _tui -- "🗄️ writeFile" --> FileSystem
-  _tui -- "📡 launchAgent" --> _agent_launcher
-  _tui -- "📡 chatCompletion" --> _llm_client
-  ConfigFile -- "📡 loadProjectConfig" --> _tui
-  _tui -- "📡 saveProjectConfig" --> ConfigFile
-  UserInput -- "📡 readline" --> _tui
-  _tui -- "📡 dispatch" --> Commands
-  RawStdin -- "📡 process.stdin" --> _tui
-  _tui -- "📡 process.stdout" --> Terminal
-  UserArgs -- "📡 linkProject" --> _workspace_link
-  _workspace_link -- "📡 updateAgentWorkspaceContext" --> AgentFiles
-  ReportJSON -- "📡 mergeReports" --> _merge_engine
-  _merge_engine -- "📡 mergeReports" --> MergedReport
-  GitRepo -- "📡 execSync" --> _report_metadata
-  _report_metadata -- "📡 populateMetadata" --> ThreatModel
-

-
-graph LR
-  subgraph A__agent_launcher["#agent-launcher"]
+  envvars["🧩 EnvVars"]
+  configfile["🧩 ConfigFile"]
+  userprompt["👤 UserPrompt"]
+  threatmodel["🧩 ThreatModel"]
+  agentprompt["🧩 AgentPrompt"]
+  projectfiles["🧩 ProjectFiles"]
+  reportfile["🧩 ReportFile"]
+  pentestfindings["🧩 PentestFindings"]
+  llmconfig["🧩 LLMConfig"]
+  llmtoolcall["🧩 LLMToolCall"]
+  sarif["🧩 GuardLink.SARIF"]
+  sariflog["🧩 SarifLog"]
+  dashboard["🧩 GuardLink.Dashboard · internal"]
+  sourcefiles["🧩 SourceFiles"]
+  html["🧩 HTML"]
+  userargs["👤 UserArgs"]
+  gitref["🧩 GitRef"]
+  tempdir["🧩 TempDir"]
+  projectroot["🧩 ProjectRoot"]
+  init["🧩 GuardLink.Init · internal"]
+  agentfiles["🧩 AgentFiles"]
+  querystring["🧩 QueryString"]
+  filepath["🧩 FilePath"]
+  suggest["🧩 GuardLink.Suggest"]
+  suggestions["🧩 Suggestions"]
+  annotations["🧩 Annotations"]
+  report["🧩 GuardLink.Report"]
+  markdown["🧩 Markdown"]
+  commands["🧩 Commands"]
+  rawstdin["🧩 RawStdin"]
+  terminal["🧩 Terminal"]
+  workspace_link["🧩 Workspace.Link"]
+  reportjson["🧩 ReportJSON"]
+  merge_engine["🧩 Workspace.Merge"]
+  mergedreport["🧩 MergedReport"]
+  report_metadata["🧩 Workspace.Metadata"]
+  agent_launcher -.-|🧱 Trust boundary at process spawn| agentprocess
+  llm_client -.-|🧱 Trust boundary at external API call| llmprovider
+  llm_client -.-|🧱 Trust boundary at external API| nvd
+  cli -.-|🧱 Trust boundary at CLI argument parsing| userinput
+  diff -.-|🧱 Trust boundary at git command execution| gitrepo
+  mcp -.-|🧱 Trust boundary at MCP protocol| mcpclient
+  parser -.-|🧱 Trust boundary between parser and disk I/O| filesystem
+  tui -.-|🧱 Trust boundary at interactive input| userinput
+  envvars -- "📡 process.env" --> agent_launcher
+  configfile -- "🗄️ readFileSync" --> agent_launcher
+  agent_launcher -- "🗄️ writeFileSync" --> configfile
+  userprompt -- "📡 launchAgent" --> agent_launcher
+  agent_launcher -- "📡 spawn" --> agentprocess
+  agentprocess -- "📡 stdout" --> agent_launcher
+  userprompt -- "📡 buildAnnotatePrompt" --> agent_launcher
+  userprompt -- "📡 buildTranslatePrompt" --> agent_launcher
+  userprompt -- "📡 buildAskPrompt" --> agent_launcher
+  threatmodel -- "📡 model" --> agent_launcher
+  agent_launcher -- "📡 return" --> agentprompt
+  threatmodel -- "📡 serializeModel" --> llm_client
+  projectfiles -- "🗄️ readFileSync" --> llm_client
+  llm_client -- "🗄️ writeFileSync" --> reportfile
+  pentestfindings -- "🗄️ readFileSync" --> llm_client
+  llmconfig -- "📡 chatCompletion" --> llm_client
+  llm_client -- "📡 fetch" --> llmprovider
+  llmprovider -- "📡 response" --> llm_client
+  llmtoolcall -- "📡 createToolExecutor" --> llm_client
+  llm_client -- "📡 fetch" --> nvd
+  threatmodel -- "📡 generateSarif" --> sarif
+  sarif -- "📡 return" --> sariflog
+  threatmodel -- "📡 generateThreatGraph" --> dashboard
+  threatmodel -- "📡 generateTopologyData" --> dashboard
+  threatmodel -- "📡 computeStats" --> dashboard
+  threatmodel -- "📡 topologyData" --> dashboard
+  sourcefiles -- "🗄️ readFileSync" --> dashboard
+  dashboard -- "📡 return" --> html
+  threatmodel -- "📡 generateDashboardHTML" --> dashboard
+  userargs -- "📡 process.argv" --> cli
+  cli -- "🗄️ writeFile" --> filesystem
+  gitref -- "📡 execSync" --> diff
+  diff -- "🗄️ writeFileSync" --> tempdir
+  diff -- "📡 parseProject" --> threatmodel
+  gitref -- "📡 parseAtRef" --> diff
+  projectroot -- "📡 detectProject" --> init
+  projectroot -- "📡 options.root" --> init
+  init -- "🗄️ writeFileSync" --> agentfiles
+  init -- "🗄️ writeFileSync" --> configfile
+  mcpclient -- "📡 stdio" --> mcp
+  querystring -- "📡 lookup" --> mcp
+  mcpclient -- "📡 tool_call" --> mcp
+  mcp -- "🗄️ writeFile" --> filesystem
+  mcp -- "📡 generateThreatReport" --> llm_client
+  mcp -- "📡 resource" --> mcpclient
+  filepath -- "🗄️ readFileSync" --> suggest
+  suggest -- "📡 suggestAnnotations" --> suggestions
+  projectroot -- "📡 fast-glob" --> parser
+  parser -- "🗄️ writeFile" --> sourcefiles
+  filepath -- "🗄️ readFile" --> parser
+  parser -- "📡 parseString" --> annotations
+  parser -- "📡 assembleModel" --> threatmodel
+  threatmodel -- "📡 generateReport" --> report
+  report -- "📡 return" --> markdown
+  threatmodel -- "📡 generateSequenceDiagram" --> report
+  threatmodel -- "📡 getReviewableExposures" --> cli
+  cli -- "🗄️ writeFile" --> sourcefiles
+  userargs -- "📡 args" --> tui
+  tui -- "🗄️ writeFile" --> filesystem
+  tui -- "📡 launchAgent" --> agent_launcher
+  tui -- "📡 chatCompletion" --> llm_client
+  configfile -- "📡 loadProjectConfig" --> tui
+  tui -- "📡 saveProjectConfig" --> configfile
+  userinput -- "📡 readline" --> tui
+  tui -- "📡 dispatch" --> commands
+  rawstdin -- "📡 process.stdin" --> tui
+  tui -- "📡 process.stdout" --> terminal
+  userargs -- "📡 linkProject" --> workspace_link
+  workspace_link -- "📡 updateAgentWorkspaceContext" --> agentfiles
+  reportjson -- "📡 mergeReports" --> merge_engine
+  merge_engine -- "📡 mergeReports" --> mergedreport
+  gitrepo -- "📡 execSync" --> report_metadata
+  report_metadata -- "📡 populateMetadata" --> threatmodel
+

+        
Trust zones (🧱) and data movement across system boundaries. Each boundary shows both sides of the trust line.

+      

+    

+

+      

+        

+          Attack Surface
+
+          

+            
+            
+            
+          

+        

+        
+%%{init: {"flowchart": {"nodeSpacing": 38, "rankSpacing": 48, "curve": "linear", "htmlLabels": false}}}%%
+graph TB
+  subgraph A_agent_launcher["GuardLink.Agent_Launcher · ⚠ 3 open"]
     direction TB
-    E0["✅ child-proc-injection"]:::sev_crit
-    E1["✅ api-key-exposure"]:::sev_high
-    E2["⚠️ prompt-injection x2"]:::sev_high
-    E3["✅ path-traversal x2"]:::sev_med
-    E4["✅ arbitrary-write"]:::sev_med
-    E5["⚠️ config-tamper"]:::sev_med
-    E6["⚠️ dos"]:::sev_low
+    E0["✅ Child_Process_Injection"]:::sev_crit
+    E1["✅ API_Key_Exposure"]:::sev_high
+    E2["⚠️ Prompt_Injection ×2"]:::sev_high
+    E3["✅ Path_Traversal ×2"]:::sev_med
+    E4["✅ Arbitrary_File_Write"]:::sev_med
+    E5["⚠️ Config_Tampering"]:::sev_med
+    E6["⚠️ Denial_of_Service"]:::sev_low
   end
-  subgraph A__llm_client["#llm-client"]
+  subgraph A_mcp["GuardLink.MCP · ⚠ 3 open"]
     direction TB
-    E7["✅ api-key-exposure"]:::sev_high
-    E8["✅ path-traversal x2"]:::sev_med
-    E9["✅ arbitrary-write"]:::sev_med
-    E10["✅ ssrf x2"]:::sev_med
-    E11["⚠️ prompt-injection"]:::sev_med
-    E12["⚠️ data-exposure"]:::sev_low
-    E13["✅ dos"]:::sev_low
+    E7["⚠️ Command_Injection"]:::sev_high
+    E8["✅ Path_Traversal"]:::sev_high
+    E9["✅ Arbitrary_File_Write"]:::sev_high
+    E10["⚠️ Prompt_Injection"]:::sev_med
+    E11["✅ API_Key_Exposure"]:::sev_med
+    E12["⚠️ Sensitive_Data_Exposure"]:::sev_med
+    E13["✅ ReDoS"]:::sev_low
   end
-  subgraph A__sarif["#sarif"]
+  subgraph A_llm_client["GuardLink.LLM_Client · ⚠ 2 open"]
     direction TB
-    E14["⚠️ data-exposure"]:::sev_low
+    E14["✅ API_Key_Exposure"]:::sev_high
+    E15["✅ Path_Traversal ×2"]:::sev_med
+    E16["✅ Arbitrary_File_Write"]:::sev_med
+    E17["✅ Server_Side_Request_Forgery ×2"]:::sev_med
+    E18["⚠️ Prompt_Injection"]:::sev_med
+    E19["⚠️ Sensitive_Data_Exposure"]:::sev_low
+    E20["✅ Denial_of_Service"]:::sev_low
   end
-  subgraph A__cli["#cli"]
+  subgraph A_tui["GuardLink.TUI · ⚠ 2 open"]
     direction TB
-    E15["⚠️ cmd-injection"]:::sev_crit
-    E16["✅ path-traversal"]:::sev_high
-    E17["✅ arbitrary-write x2"]:::sev_high
-    E18["✅ api-key-exposure"]:::sev_high
+    E21["✅ Path_Traversal ×2"]:::sev_high
+    E22["✅ Arbitrary_File_Write"]:::sev_high
+    E23["⚠️ Command_Injection"]:::sev_high
+    E24["✅ API_Key_Exposure ×3"]:::sev_high
+    E25["⚠️ Prompt_Injection"]:::sev_med
+    E26["✅ Denial_of_Service"]:::sev_low
   end
-  subgraph A__dashboard["#dashboard"]
+  subgraph A_cli["GuardLink.CLI · ⚠ 1 open"]
     direction TB
-    E19["✅ xss x2"]:::sev_high
-    E20["✅ path-traversal"]:::sev_med
+    E27["⚠️ Command_Injection"]:::sev_crit
+    E28["✅ Path_Traversal"]:::sev_high
+    E29["✅ Arbitrary_File_Write ×2"]:::sev_high
+    E30["✅ API_Key_Exposure"]:::sev_high
   end
-  subgraph A__init["#init"]
+  subgraph A_init["GuardLink.Init · ⚠ 1 open"]
     direction TB
-    E21["✅ arbitrary-write"]:::sev_high
-    E22["✅ path-traversal x2"]:::sev_med
-    E23["⚠️ data-exposure"]:::sev_low
+    E31["✅ Arbitrary_File_Write"]:::sev_high
+    E32["✅ Path_Traversal ×2"]:::sev_med
+    E33["⚠️ Sensitive_Data_Exposure"]:::sev_low
   end
-  subgraph A__diff["#diff"]
+  subgraph A_parser["GuardLink.Parser · ⚠ 1 open"]
     direction TB
-    E24["✅ cmd-injection x2"]:::sev_high
-    E25["✅ arbitrary-write"]:::sev_med
-    E26["✅ path-traversal"]:::sev_med
+    E34["⚠️ Arbitrary_File_Write"]:::sev_high
+    E35["✅ Path_Traversal ×3"]:::sev_high
+    E36["✅ Denial_of_Service ×2"]:::sev_med
+    E37["✅ ReDoS"]:::sev_med
   end
-  subgraph A__mcp["#mcp"]
+  subgraph A_sarif["GuardLink.SARIF · ⚠ 1 open"]
     direction TB
-    E27["⚠️ cmd-injection"]:::sev_high
-    E28["✅ path-traversal"]:::sev_high
-    E29["✅ arbitrary-write"]:::sev_high
-    E30["⚠️ prompt-injection"]:::sev_med
-    E31["✅ api-key-exposure"]:::sev_med
-    E32["⚠️ data-exposure"]:::sev_med
-    E33["✅ redos"]:::sev_low
+    E38["⚠️ Sensitive_Data_Exposure"]:::sev_low
   end
-  subgraph A__suggest["#suggest"]
+  subgraph A_suggest["GuardLink.Suggest · ⚠ 1 open"]
     direction TB
-    E34["✅ path-traversal"]:::sev_high
-    E35["✅ redos"]:::sev_med
-    E36["⚠️ dos"]:::sev_low
+    E39["✅ Path_Traversal"]:::sev_high
+    E40["✅ ReDoS"]:::sev_med
+    E41["⚠️ Denial_of_Service"]:::sev_low
   end
-  subgraph A__parser["#parser"]
+  subgraph A_dashboard["GuardLink.Dashboard · ✅ 100% covered"]
     direction TB
-    E37["⚠️ arbitrary-write"]:::sev_high
-    E38["✅ path-traversal x3"]:::sev_high
-    E39["✅ dos x2"]:::sev_med
-    E40["✅ redos"]:::sev_med
+    E42["✅ Cross_Site_Scripting ×2"]:::sev_high
+    E43["✅ Path_Traversal"]:::sev_med
   end
-  subgraph A__tui["#tui"]
+  subgraph A_diff["GuardLink.Diff · ✅ 100% covered"]
     direction TB
-    E41["✅ path-traversal x2"]:::sev_high
-    E42["✅ arbitrary-write"]:::sev_high
-    E43["⚠️ cmd-injection"]:::sev_high
-    E44["✅ api-key-exposure x3"]:::sev_high
-    E45["⚠️ prompt-injection"]:::sev_med
-    E46["✅ dos"]:::sev_low
+    E44["✅ Command_Injection ×2"]:::sev_high
+    E45["✅ Arbitrary_File_Write"]:::sev_med
+    E46["✅ Path_Traversal"]:::sev_med
   end
-  classDef sev_crit fill:#7f1d1d,stroke:#ef4444,color:#fecaca
-  classDef sev_high fill:#7c2d12,stroke:#f97316,color:#fed7aa
-  classDef sev_med fill:#78350f,stroke:#f59e0b,color:#fef3c7
-  classDef sev_low fill:#1e3a5f,stroke:#3b82f6,color:#bfdbfe
-  classDef sev_unset fill:#374151,stroke:#9ca3af,color:#e5e7eb
-

+  classDef sev_crit fill:#3a1010,stroke:#ea1d1d,color:#f0f0f0,stroke-width:1.4px
+  classDef sev_high fill:#402019,stroke:#ea1d1d,color:#f0f0f0,stroke-width:1.2px
+  classDef sev_med fill:#1f3943,stroke:#55899e,color:#f0f0f0
+  classDef sev_low fill:#10263b,stroke:#0360a2,color:#f0f0f0
+  classDef sev_unset fill:#223942,stroke:#3b6779,color:#f0f0f0
+

+        
Exposures per asset, severity-coloured. 💥 confirmed, ⚠️ open, ✅ mitigated, 🟦 accepted.

+      

+    

@@ -2635,7 +3693,7 @@ 
guardlink

     

       .guardlink/definitions.ts
       
-        38
+        37
         
       
     

@@ -2828,7 +3886,7 @@ 
guardlink

           Denial_of_Service
         
Resource exhaustion from processing large files or deep directory trees

-        
  34 │ // @threat API_Key_Exposure (#api-key-exposure) [high] cwe:CWE-798 -- "API keys leaked in logs, error messages, or unintended output"  35 │ // @threat Server_Side_Request_Forgery (#ssrf) [medium] cwe:CWE-918 -- "LLM API requests to attacker-controlled URLs via config override"  36 │ // @threat ReDoS (#redos) [medium] cwe:CWE-1333 -- "Regular expression denial of service from crafted annotation content"  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │ // @threat Secret_Exposure (#secret-exposure) [critical] cwe:CWE-798 cwe:CWE-312 -- "Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive"

+        
  34 │ // @threat API_Key_Exposure (#api-key-exposure) [high] cwe:CWE-798 -- "API keys leaked in logs, error messages, or unintended output"  35 │ // @threat Server_Side_Request_Forgery (#ssrf) [medium] cwe:CWE-918 -- "LLM API requests to attacker-controlled URLs via config override"  36 │ // @threat ReDoS (#redos) [medium] cwe:CWE-1333 -- "Regular expression denial of service from crafted annotation content"  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │ 

         

@@ -2837,7 +3895,7 @@ 
guardlink

           Sensitive_Data_Exposure
         

         
Threat model details exposed to unauthorized parties

-        
  35 │ // @threat Server_Side_Request_Forgery (#ssrf) [medium] cwe:CWE-918 -- "LLM API requests to attacker-controlled URLs via config override"  36 │ // @threat ReDoS (#redos) [medium] cwe:CWE-1333 -- "Regular expression denial of service from crafted annotation content"  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │ // @threat Secret_Exposure (#secret-exposure) [critical] cwe:CWE-798 cwe:CWE-312 -- "Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive"  45 │ 

+        
  35 │ // @threat Server_Side_Request_Forgery (#ssrf) [medium] cwe:CWE-918 -- "LLM API requests to attacker-controlled URLs via config override"  36 │ // @threat ReDoS (#redos) [medium] cwe:CWE-1333 -- "Regular expression denial of service from crafted annotation content"  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │   45 │ // ─── CONTROLS ─────────────────────────────────────────────────────────

       

         

@@ -2846,7 +3904,7 @@ 
guardlink

           Insecure_Deserialization
         

         
Unsafe parsing of JSON/YAML configuration files

-        
  36 │ // @threat ReDoS (#redos) [medium] cwe:CWE-1333 -- "Regular expression denial of service from crafted annotation content"  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │ // @threat Secret_Exposure (#secret-exposure) [critical] cwe:CWE-798 cwe:CWE-312 -- "Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive"  45 │   46 │ // ─── CONTROLS ─────────────────────────────────────────────────────────

+        
  36 │ // @threat ReDoS (#redos) [medium] cwe:CWE-1333 -- "Regular expression denial of service from crafted annotation content"  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │   45 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  46 │ // Security controls that mitigate threats

       

         

@@ -2855,7 +3913,7 @@ 
guardlink

           Child_Process_Injection
         

         
Agent launcher executing attacker-controlled commands via process spawn

-        
  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │ // @threat Secret_Exposure (#secret-exposure) [critical] cwe:CWE-798 cwe:CWE-312 -- "Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive"  45 │   46 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  47 │ // Security controls that mitigate threats

+        
  37 │ // @threat Arbitrary_File_Write (#arbitrary-write) [high] cwe:CWE-73 -- "Writing files to attacker-controlled paths outside project"  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │   45 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  46 │ // Security controls that mitigate threats  47 │ 

       

         

@@ -2864,124 +3922,115 @@ 
guardlink

           Information_Disclosure
         

         
Unintended exposure of internal paths, structure, or implementation details

-        
  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │ // @threat Secret_Exposure (#secret-exposure) [critical] cwe:CWE-798 cwe:CWE-312 -- "Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive"  45 │   46 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  47 │ // Security controls that mitigate threats  48 │ 

+        
  38 │ // @threat Prompt_Injection (#prompt-injection) [medium] cwe:CWE-77 -- "Malicious content in annotations injected into LLM prompts"  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │   45 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  46 │ // Security controls that mitigate threats  47 │   48 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"

       

         

-          L44
-          threat
-          Secret_Exposure
-        

-        
Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive

-        
  39 │ // @threat Denial_of_Service (#dos) [medium] cwe:CWE-400 -- "Resource exhaustion from processing large files or deep directory trees"  40 │ // @threat Sensitive_Data_Exposure (#data-exposure) [medium] cwe:CWE-200 -- "Threat model details exposed to unauthorized parties"  41 │ // @threat Insecure_Deserialization (#insecure-deser) [medium] cwe:CWE-502 -- "Unsafe parsing of JSON/YAML configuration files"  42 │ // @threat Child_Process_Injection (#child-proc-injection) [high] cwe:CWE-78 -- "Agent launcher executing attacker-controlled commands via process spawn"  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │ // @threat Secret_Exposure (#secret-exposure) [critical] cwe:CWE-798 cwe:CWE-312 -- "Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive"  45 │   46 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  47 │ // Security controls that mitigate threats  48 │   49 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"

-      

-      

-        

-          L49
+          L48
           control
           Path_Validation
         

         
Validates file paths using resolve() + startsWith() to ensure access within allowed directories

-        
  44 │ // @threat Secret_Exposure (#secret-exposure) [critical] cwe:CWE-798 cwe:CWE-312 -- "Confirmed exposure of secrets (API keys, tokens, credentials) in code, config, logs, or responses — verified, not false positive"  45 │   46 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  47 │ // Security controls that mitigate threats  48 │   49 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  50 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"

+        
  43 │ // @threat Information_Disclosure (#info-disclosure) [low] cwe:CWE-200 -- "Unintended exposure of internal paths, structure, or implementation details"  44 │   45 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  46 │ // Security controls that mitigate threats  47 │   48 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  49 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"

       

-      

+      

         

-          L50
+          L49
           control
           Input_Sanitization
         

         
Input validation with anchored regex patterns and length limits

-        
  45 │   46 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  47 │ // Security controls that mitigate threats  48 │   49 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  50 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"

+        
  44 │   45 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  46 │ // Security controls that mitigate threats  47 │   48 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  49 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"

       

-      

+      

         

-          L51
+          L50
           control
           Output_Encoding
         

         
HTML entity encoding for untrusted data in generated output

-        
  46 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  47 │ // Security controls that mitigate threats  48 │   49 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  50 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"

+        
  45 │ // ─── CONTROLS ─────────────────────────────────────────────────────────  46 │ // Security controls that mitigate threats  47 │   48 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  49 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"

       

-      

+      

         

-          L52
+          L51
           control
           Key_Redaction
         

         
Masking API keys in logs and error messages

-        
  47 │ // Security controls that mitigate threats  48 │   49 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  50 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"

+        
  46 │ // Security controls that mitigate threats  47 │   48 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  49 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"

       

-      

+      

         

-          L53
+          L52
           control
           Process_Sandboxing
         

         
Controlled child process spawning with explicit args array, no shell

-        
  48 │   49 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  50 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"

+        
  47 │   48 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  49 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"

       

-      

+      

         

-          L54
+          L53
           control
           Config_Validation
         

         
Schema validation for configuration files before use

-        
  49 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  50 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  59 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"

+        
  48 │ // @control Path_Validation (#path-validation) -- "Validates file paths using resolve() + startsWith() to ensure access within allowed directories"  49 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  58 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"

       

-      

+      

         

-          L55
+          L54
           control
           Resource_Limits
         

         
File size limits, recursion depth limits, timeout constraints

-        
  50 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  59 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  60 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"

+        
  49 │ // @control Input_Sanitization (#input-sanitize) -- "Input validation with anchored regex patterns and length limits"  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  58 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  59 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"

       

-      

+      

         

-          L56
+          L55
           control
           Parameterized_Commands
         

         
Using spawn with args array instead of shell string interpolation

-        
  51 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  59 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  60 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  61 │ 

+        
  50 │ // @control Output_Encoding (#output-encoding) -- "HTML entity encoding for untrusted data in generated output"  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  58 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  59 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  60 │ 

       

-      

+      

         

-          L57
+          L56
           control
           Glob_Pattern_Filtering
         

         
Filtering files using glob patterns with explicit excludes

-        
  52 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  59 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  60 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  61 │ 

+        
  51 │ // @control Key_Redaction (#key-redaction) -- "Masking API keys in logs and error messages"  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  58 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  59 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  60 │ 

       

-      

+      

         

-          L58
+          L57
           control
           Regex_Anchoring
         

         
Using anchored regex patterns (^...$) to prevent backtracking

-        
  53 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  59 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  60 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  61 │ 

+        
  52 │ // @control Process_Sandboxing (#process-sandbox) -- "Controlled child process spawning with explicit args array, no shell"  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  58 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  59 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  60 │ 

       

-      

+      

         

-          L59
+          L58
           control
           Prefix_Ownership
         

         
Tag prefix determines owning repo, preventing cross-repo tag collisions

-        
  54 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  59 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  60 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  61 │ 

+        
  53 │ // @control Config_Validation (#config-validation) -- "Schema validation for configuration files before use"  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  58 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  59 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  60 │ 

       

-      

+      

         

-          L60
+          L59
           control
           YAML_Validation
         

         
Schema validation for workspace.yaml configuration files

-        
  55 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  56 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  57 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  58 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  59 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  60 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  61 │ 

+        
  54 │ // @control Resource_Limits (#resource-limits) -- "File size limits, recursion depth limits, timeout constraints"  55 │ // @control Parameterized_Commands (#param-commands) -- "Using spawn with args array instead of shell string interpolation"  56 │ // @control Glob_Pattern_Filtering (#glob-filtering) -- "Filtering files using glob patterns with explicit excludes"  57 │ // @control Regex_Anchoring (#regex-anchoring) -- "Using anchored regex patterns (^...$) to prevent backtracking"  58 │ // @control Prefix_Ownership (#prefix-ownership) -- "Tag prefix determines owning repo, preventing cross-repo tag collisions"  59 │ // @control YAML_Validation (#yaml-validation) -- "Schema validation for workspace.yaml configuration files"  60 │ 

       

     

   

@@ -4071,87 +5120,153 @@ 
guardlink

       

     

   

+  

+    

+      src/dashboard/diagrams.ts
+      
+        4
+        
+      
+    

+    

+      
+      

+        

+          L15
+          flow
+          ThreatModel → #dashboard
+        

+        
Threat model relationships rendered as Mermaid source

+        
  10 │  * All four generators share a single alias map so that #id, bare id, name, and  11 │  * path.join() forms of an asset/threat/control collapse onto the same node.  12 │  * This removes the long-standing duplicate-node bug that made the Mermaid  13 │  * diagrams render the same asset twice whenever sources mixed ref forms.  14 │  *  15 │  * @flows ThreatModel -> #dashboard via generateThreatGraph -- "Threat model relationships rendered as Mermaid source"  16 │  * @flows ThreatModel -> #dashboard via generateTopologyData -- "Threat model relationships rendered as structured D3 graph data"  17 │  * @mitigates #dashboard against #xss using #output-encoding -- "Diagram labels are sanitized for Mermaid and emitted to D3 as text data"  18 │  * @comment -- "Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identity"  19 │  */  20 │ 

+      

+      

+        

+          L16
+          flow
+          ThreatModel → #dashboard
+        

+        
Threat model relationships rendered as structured D3 graph data

+        
  11 │  * path.join() forms of an asset/threat/control collapse onto the same node.  12 │  * This removes the long-standing duplicate-node bug that made the Mermaid  13 │  * diagrams render the same asset twice whenever sources mixed ref forms.  14 │  *  15 │  * @flows ThreatModel -> #dashboard via generateThreatGraph -- "Threat model relationships rendered as Mermaid source"  16 │  * @flows ThreatModel -> #dashboard via generateTopologyData -- "Threat model relationships rendered as structured D3 graph data"  17 │  * @mitigates #dashboard against #xss using #output-encoding -- "Diagram labels are sanitized for Mermaid and emitted to D3 as text data"  18 │  * @comment -- "Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identity"  19 │  */  20 │   21 │ import type { ThreatModel } from '../types/index.js';

+      

+      

+        

+          L17
+          mitigates
+          #output-encoding mitigates #xss
+        

+        
Diagram labels are sanitized for Mermaid and emitted to D3 as text data

+        
  12 │  * This removes the long-standing duplicate-node bug that made the Mermaid  13 │  * diagrams render the same asset twice whenever sources mixed ref forms.  14 │  *  15 │  * @flows ThreatModel -> #dashboard via generateThreatGraph -- "Threat model relationships rendered as Mermaid source"  16 │  * @flows ThreatModel -> #dashboard via generateTopologyData -- "Threat model relationships rendered as structured D3 graph data"  17 │  * @mitigates #dashboard against #xss using #output-encoding -- "Diagram labels are sanitized for Mermaid and emitted to D3 as text data"  18 │  * @comment -- "Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identity"  19 │  */  20 │   21 │ import type { ThreatModel } from '../types/index.js';  22 │ 

+      

+      

+        

+          L18
+          comment
+          Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identity
+        

+        
Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identity

+        
  13 │  * diagrams render the same asset twice whenever sources mixed ref forms.  14 │  *  15 │  * @flows ThreatModel -> #dashboard via generateThreatGraph -- "Threat model relationships rendered as Mermaid source"  16 │  * @flows ThreatModel -> #dashboard via generateTopologyData -- "Threat model relationships rendered as structured D3 graph data"  17 │  * @mitigates #dashboard against #xss using #output-encoding -- "Diagram labels are sanitized for Mermaid and emitted to D3 as text data"  18 │  * @comment -- "Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identity"  19 │  */  20 │   21 │ import type { ThreatModel } from '../types/index.js';  22 │   23 │ /* ══════════════════════════════════════════════════════════════════════════

+      

+    

+  

   

     

       src/dashboard/generate.ts
       
-        8
+        10
         
       
     

     

       
-      

+      

         

           L8
           exposes
           #dashboard → #xss
         

         
Generates HTML with user-controlled threat model data

-        
   3 │  *   4 │  * Sidebar navigation + drawer detail panel + dark/light toggle.   5 │  * 7 pages: Summary, AI Analysis, Threats, Diagrams, Code, Data, Assets.   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"

+        
   3 │  *   4 │  * Sidebar navigation + drawer detail panel + dark/light toggle.   5 │  * 7 pages: Summary, AI Analysis, Threats, Diagrams, Code, Data, Assets.   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"

       

-      

+      

         

           L9
           mitigates
           #output-encoding mitigates #xss
         

         
esc() HTML-encodes all interpolated values

-        
   4 │  * Sidebar navigation + drawer detail panel + dark/light toggle.   5 │  * 7 pages: Summary, AI Analysis, Threats, Diagrams, Code, Data, Assets.   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  14 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"

+        
   4 │  * Sidebar navigation + drawer detail panel + dark/light toggle.   5 │  * 7 pages: Summary, AI Analysis, Threats, Diagrams, Code, Data, Assets.   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"

       

-      

+      

         

           L10
           exposes
           #dashboard → #path-traversal
         

         
readFileSync reads code files for annotation context

-        
   5 │  * 7 pages: Summary, AI Analysis, Threats, Diagrams, Code, Data, Assets.   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  14 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  15 │  * @handles internal on #dashboard -- "Processes and displays threat model data"

+        
   5 │  * 7 pages: Summary, AI Analysis, Threats, Diagrams, Code, Data, Assets.   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"

       

-      

+      

         

           L11
           mitigates
           #path-validation mitigates #path-traversal
         

         
resolve() with root constrains file access

-        
   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  14 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  15 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  16 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"

+        
   6 │  * Mermaid.js via CDN for diagrams. Zero build step.   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  16 │  * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"

       

-      

+      

         

           L12
           flow
           ThreatModel → #dashboard
         

         
Model statistics input

-        
   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  14 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  15 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  16 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  17 │  */

+        
   7 │  *   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  16 │  * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"  17 │  * @handles internal on #dashboard -- "Processes and displays threat model data"

       

-      

+      

         

           L13
           flow
+          ThreatModel → #dashboard
+        

+        
Serialized diagram graph consumed by client-side D3 renderer

+        
   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  16 │  * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"  17 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  18 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"

+      

+      

+        

+          L14
+          flow
           SourceFiles → #dashboard
         

         
Code snippet reads

-        
   8 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with user-controlled threat model data"   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  14 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  15 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  16 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  17 │  */  18 │ 

+        
   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  16 │  * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"  17 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  18 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  19 │  */

       

-      

+      

         

-          L14
+          L15
           flow
           #dashboard → HTML
         

         
Generated HTML output

-        
   9 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() HTML-encodes all interpolated values"  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  14 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  15 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  16 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  17 │  */  18 │   19 │ import type { ThreatModel } from '../types/index.js';

+        
  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  16 │  * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"  17 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  18 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  19 │  */  20 │ 

       

-      

+      

         

-          L15
+          L16
+          mitigates
+          #output-encoding mitigates #xss
+        

+        
Serialized diagram data escapes closing script tags; D3 writes labels as text

+        
  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  16 │  * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"  17 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  18 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  19 │  */  20 │   21 │ import type { ThreatModel } from '../types/index.js';

+      

+      

+        

+          L17
           handles
           #dashboard: internal
         

         
Processes and displays threat model data

-        
  10 │  * @exposes #dashboard to #path-traversal [medium] cwe:CWE-22 -- "readFileSync reads code files for annotation context"  11 │  * @mitigates #dashboard against #path-traversal using #path-validation -- "resolve() with root constrains file access"  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  14 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  15 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  16 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  17 │  */  18 │   19 │ import type { ThreatModel } from '../types/index.js';  20 │ import { listFeatures } from '../parser/feature-filter.js';

+        
  12 │  * @flows ThreatModel -> #dashboard via computeStats -- "Model statistics input"  13 │  * @flows ThreatModel -> #dashboard via topologyData -- "Serialized diagram graph consumed by client-side D3 renderer"  14 │  * @flows SourceFiles -> #dashboard via readFileSync -- "Code snippet reads"  15 │  * @flows #dashboard -> HTML via return -- "Generated HTML output"  16 │  * @mitigates #dashboard against #xss using #output-encoding -- "Serialized diagram data escapes closing script tags; D3 writes labels as text"  17 │  * @handles internal on #dashboard -- "Processes and displays threat model data"  18 │  * @feature "Dashboard" -- "Interactive HTML threat model dashboard"  19 │  */  20 │   21 │ import type { ThreatModel } from '../types/index.js';  22 │ import { listFeatures } from '../parser/feature-filter.js';

       

     

   

@@ -4165,7 +5280,7 @@ 
guardlink

     

     

       
-      

+      

         

           L4
           exposes
@@ -4174,7 +5289,7 @@ 
guardlink

         
Generates HTML with threat model data

         
   1 │ /**   2 │  * GuardLink Dashboard — Self-contained HTML threat model dashboard.   3 │  *   4 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with threat model data"   5 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() function encodes all interpolated values"   6 │  * @flows ThreatModel -> #dashboard via generateDashboardHTML -- "Model to HTML transformation"   7 │  * @comment -- "Self-contained HTML; no external data injection after generation"   8 │  */   9 │ 

       

-      

+      

         

           L5
           mitigates
@@ -4183,7 +5298,7 @@ 
guardlink

         
esc() function encodes all interpolated values

         
   1 │ /**   2 │  * GuardLink Dashboard — Self-contained HTML threat model dashboard.   3 │  *   4 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with threat model data"   5 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() function encodes all interpolated values"   6 │  * @flows ThreatModel -> #dashboard via generateDashboardHTML -- "Model to HTML transformation"   7 │  * @comment -- "Self-contained HTML; no external data injection after generation"   8 │  */   9 │   10 │ export { generateDashboardHTML } from './generate.js';

       

-      

+      

         

           L6
           flow
@@ -4192,7 +5307,7 @@ 
guardlink

         
Model to HTML transformation

         
   1 │ /**   2 │  * GuardLink Dashboard — Self-contained HTML threat model dashboard.   3 │  *   4 │  * @exposes #dashboard to #xss [high] cwe:CWE-79 -- "Generates HTML with threat model data"   5 │  * @mitigates #dashboard against #xss using #output-encoding -- "esc() function encodes all interpolated values"   6 │  * @flows ThreatModel -> #dashboard via generateDashboardHTML -- "Model to HTML transformation"   7 │  * @comment -- "Self-contained HTML; no external data injection after generation"   8 │  */   9 │   10 │ export { generateDashboardHTML } from './generate.js';  11 │ export { computeStats, computeSeverity, computeExposures, computeAssetHeatmap } from './data.js';

       

-      

+      

         

           L7
           comment
@@ -4213,7 +5328,7 @@ 
guardlink

     

     

       
-      

+      

         

           L6
           exposes
@@ -4222,7 +5337,7 @@ 
guardlink

         
execSync runs git commands with ref argument

         
   1 │ /**   2 │  * GuardLink Diff — Git integration.   3 │  * Resolves git refs to threat models by checking out files at a given commit   4 │  * and parsing them in a temp directory.   5 │  *   6 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "execSync runs git commands with ref argument"   7 │  * @mitigates #diff against #cmd-injection using #input-sanitize -- "rev-parse validates ref exists before use in other commands"   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"

       

-      

+      

         

           L7
           mitigates
@@ -4231,7 +5346,7 @@ 
guardlink

         
rev-parse validates ref exists before use in other commands

         
   2 │  * GuardLink Diff — Git integration.   3 │  * Resolves git refs to threat models by checking out files at a given commit   4 │  * and parsing them in a temp directory.   5 │  *   6 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "execSync runs git commands with ref argument"   7 │  * @mitigates #diff against #cmd-injection using #input-sanitize -- "rev-parse validates ref exists before use in other commands"   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"

       

-      

+      

         

           L8
           exposes
@@ -4240,7 +5355,7 @@ 
guardlink

         
writeFileSync creates files in temp directory

         
   3 │  * Resolves git refs to threat models by checking out files at a given commit   4 │  * and parsing them in a temp directory.   5 │  *   6 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "execSync runs git commands with ref argument"   7 │  * @mitigates #diff against #cmd-injection using #input-sanitize -- "rev-parse validates ref exists before use in other commands"   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"  13 │  * @flows #diff -> TempDir via writeFileSync -- "Extracted file writes"

       

-      

+      

         

           L9
           mitigates
@@ -4249,7 +5364,7 @@ 
guardlink

         
mkdtempSync creates isolated temp dir; rmSync cleans up

         
   4 │  * and parsing them in a temp directory.   5 │  *   6 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "execSync runs git commands with ref argument"   7 │  * @mitigates #diff against #cmd-injection using #input-sanitize -- "rev-parse validates ref exists before use in other commands"   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"  13 │  * @flows #diff -> TempDir via writeFileSync -- "Extracted file writes"  14 │  * @flows #diff -> ThreatModel via parseProject -- "Parsed model output"

       

-      

+      

         

           L10
           exposes
@@ -4258,7 +5373,7 @@ 
guardlink

         
git show extracts files based on ls-tree output

         
   5 │  *   6 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "execSync runs git commands with ref argument"   7 │  * @mitigates #diff against #cmd-injection using #input-sanitize -- "rev-parse validates ref exists before use in other commands"   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"  13 │  * @flows #diff -> TempDir via writeFileSync -- "Extracted file writes"  14 │  * @flows #diff -> ThreatModel via parseProject -- "Parsed model output"  15 │  * @boundary #diff and GitRepo (#git-boundary) -- "Trust boundary at git command execution"

       

-      

+      

         

           L11
           mitigates
@@ -4267,7 +5382,7 @@ 
guardlink

         
Files constrained to relevantFiles from git ls-tree

         
   6 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "execSync runs git commands with ref argument"   7 │  * @mitigates #diff against #cmd-injection using #input-sanitize -- "rev-parse validates ref exists before use in other commands"   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"  13 │  * @flows #diff -> TempDir via writeFileSync -- "Extracted file writes"  14 │  * @flows #diff -> ThreatModel via parseProject -- "Parsed model output"  15 │  * @boundary #diff and GitRepo (#git-boundary) -- "Trust boundary at git command execution"  16 │  */

       

-      

+      

         

           L12
           flow
@@ -4276,7 +5391,7 @@ 
guardlink

         
Git command execution

         
   7 │  * @mitigates #diff against #cmd-injection using #input-sanitize -- "rev-parse validates ref exists before use in other commands"   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"  13 │  * @flows #diff -> TempDir via writeFileSync -- "Extracted file writes"  14 │  * @flows #diff -> ThreatModel via parseProject -- "Parsed model output"  15 │  * @boundary #diff and GitRepo (#git-boundary) -- "Trust boundary at git command execution"  16 │  */  17 │ 

       

-      

+      

         

           L13
           flow
@@ -4285,7 +5400,7 @@ 
guardlink

         
Extracted file writes

         
   8 │  * @exposes #diff to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync creates files in temp directory"   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"  13 │  * @flows #diff -> TempDir via writeFileSync -- "Extracted file writes"  14 │  * @flows #diff -> ThreatModel via parseProject -- "Parsed model output"  15 │  * @boundary #diff and GitRepo (#git-boundary) -- "Trust boundary at git command execution"  16 │  */  17 │   18 │ import { execSync } from 'node:child_process';

       

-      

+      

         

           L14
           flow
@@ -4294,7 +5409,7 @@ 
guardlink

         
Parsed model output

         
   9 │  * @mitigates #diff against #arbitrary-write using #path-validation -- "mkdtempSync creates isolated temp dir; rmSync cleans up"  10 │  * @exposes #diff to #path-traversal [medium] cwe:CWE-22 -- "git show extracts files based on ls-tree output"  11 │  * @mitigates #diff against #path-traversal using #glob-filtering -- "Files constrained to relevantFiles from git ls-tree"  12 │  * @flows GitRef -> #diff via execSync -- "Git command execution"  13 │  * @flows #diff -> TempDir via writeFileSync -- "Extracted file writes"  14 │  * @flows #diff -> ThreatModel via parseProject -- "Parsed model output"  15 │  * @boundary #diff and GitRepo (#git-boundary) -- "Trust boundary at git command execution"  16 │  */  17 │   18 │ import { execSync } from 'node:child_process';  19 │ import { mkdtempSync, writeFileSync, rmSync, mkdirSync } from 'node:fs';

       

-      

+      

         

           L15
           boundary
@@ -4315,7 +5430,7 @@ 
guardlink

     

     

       
-      

+      

         

           L4
           exposes
@@ -4324,7 +5439,7 @@ 
guardlink

         
git.ts uses execSync with ref argument

         
   1 │ /**   2 │  * GuardLink Diff — exports.   3 │  *   4 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "git.ts uses execSync with ref argument"   5 │  * @audit #diff -- "Git commands use execSync; ref is validated with rev-parse before use"   6 │  * @flows GitRef -> #diff via parseAtRef -- "Git reference input"   7 │  */   8 │    9 │ export { diffModels, type ThreatModelDiff, type DiffSummary, type Change, type ChangeKind } from './engine.js';

       

-      

+      

         

           L5
           audit
@@ -4333,7 +5448,7 @@ 
guardlink

         
Git commands use execSync; ref is validated with rev-parse before use

         
   1 │ /**   2 │  * GuardLink Diff — exports.   3 │  *   4 │  * @exposes #diff to #cmd-injection [high] cwe:CWE-78 -- "git.ts uses execSync with ref argument"   5 │  * @audit #diff -- "Git commands use execSync; ref is validated with rev-parse before use"   6 │  * @flows GitRef -> #diff via parseAtRef -- "Git reference input"   7 │  */   8 │    9 │ export { diffModels, type ThreatModelDiff, type DiffSummary, type Change, type ChangeKind } from './engine.js';  10 │ export { formatDiff, formatDiffMarkdown } from './format.js';

       

-      

+      

         

           L6
           flow
@@ -4354,7 +5469,7 @@ 
guardlink

     

     

       
-      

+      

         

           L5
           exposes
@@ -4363,7 +5478,7 @@ 
guardlink

         
Reads package.json, pyproject.toml, etc. from root

         
   1 │ /**   2 │  * GuardLink init — Project detection utilities.   3 │  * Detects language, project name, and existing agent instruction files.   4 │  *   5 │  * @exposes #init to #path-traversal [low] cwe:CWE-22 -- "Reads package.json, pyproject.toml, etc. from root"   6 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with root constrains; reads well-known files only"   7 │  * @flows ProjectRoot -> #init via detectProject -- "Project detection input"   8 │  * @comment -- "Detection is read-only; no file writes"   9 │  */  10 │ 

       

-      

+      

         

           L6
           mitigates
@@ -4372,7 +5487,7 @@ 
guardlink

         
join() with root constrains; reads well-known files only

         
   1 │ /**   2 │  * GuardLink init — Project detection utilities.   3 │  * Detects language, project name, and existing agent instruction files.   4 │  *   5 │  * @exposes #init to #path-traversal [low] cwe:CWE-22 -- "Reads package.json, pyproject.toml, etc. from root"   6 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with root constrains; reads well-known files only"   7 │  * @flows ProjectRoot -> #init via detectProject -- "Project detection input"   8 │  * @comment -- "Detection is read-only; no file writes"   9 │  */  10 │   11 │ import { existsSync, readdirSync, readFileSync, statSync } from 'node:fs';

       

-      

+      

         

           L7
           flow
@@ -4381,7 +5496,7 @@ 
guardlink

         
Project detection input

         
   2 │  * GuardLink init — Project detection utilities.   3 │  * Detects language, project name, and existing agent instruction files.   4 │  *   5 │  * @exposes #init to #path-traversal [low] cwe:CWE-22 -- "Reads package.json, pyproject.toml, etc. from root"   6 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with root constrains; reads well-known files only"   7 │  * @flows ProjectRoot -> #init via detectProject -- "Project detection input"   8 │  * @comment -- "Detection is read-only; no file writes"   9 │  */  10 │   11 │ import { existsSync, readdirSync, readFileSync, statSync } from 'node:fs';  12 │ import { join, basename } from 'node:path';

       

-      

+      

         

           L8
           comment
@@ -4402,7 +5517,7 @@ 
guardlink

     

     

       
-      

+      

         

           L8
           exposes
@@ -4411,7 +5526,7 @@ 
guardlink

         
Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc.

         
   3 │  *   4 │  * Detects project language and existing agent files, creates .guardlink/   5 │  * directory with shared definitions, and injects GuardLink instructions   6 │  * into agent instruction files (CLAUDE.md, .cursorrules, etc.).   7 │  *   8 │  * @exposes #init to #arbitrary-write [high] cwe:CWE-73 -- "Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc."   9 │  * @mitigates #init against #arbitrary-write using #path-validation -- "All paths are relative to root; join() constrains"  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"

       

-      

+      

         

           L9
           mitigates
@@ -4420,7 +5535,7 @@ 
guardlink

         
All paths are relative to root; join() constrains

         
   4 │  * Detects project language and existing agent files, creates .guardlink/   5 │  * directory with shared definitions, and injects GuardLink instructions   6 │  * into agent instruction files (CLAUDE.md, .cursorrules, etc.).   7 │  *   8 │  * @exposes #init to #arbitrary-write [high] cwe:CWE-73 -- "Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc."   9 │  * @mitigates #init against #arbitrary-write using #path-validation -- "All paths are relative to root; join() constrains"  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"

       

-      

+      

         

           L10
           exposes
@@ -4429,7 +5544,7 @@ 
guardlink

         
Reads/writes files based on root argument

         
   5 │  * directory with shared definitions, and injects GuardLink instructions   6 │  * into agent instruction files (CLAUDE.md, .cursorrules, etc.).   7 │  *   8 │  * @exposes #init to #arbitrary-write [high] cwe:CWE-73 -- "Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc."   9 │  * @mitigates #init against #arbitrary-write using #path-validation -- "All paths are relative to root; join() constrains"  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"  15 │  * @flows #init -> AgentFiles via writeFileSync -- "Agent instruction file writes"

       

-      

+      

         

           L11
           mitigates
@@ -4438,7 +5553,7 @@ 
guardlink

         
join() with explicit root constrains file access

         
   6 │  * into agent instruction files (CLAUDE.md, .cursorrules, etc.).   7 │  *   8 │  * @exposes #init to #arbitrary-write [high] cwe:CWE-73 -- "Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc."   9 │  * @mitigates #init against #arbitrary-write using #path-validation -- "All paths are relative to root; join() constrains"  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"  15 │  * @flows #init -> AgentFiles via writeFileSync -- "Agent instruction file writes"  16 │  * @flows #init -> ConfigFile via writeFileSync -- "Config file write"

       

-      

+      

         

           L12
           exposes
@@ -4447,7 +5562,7 @@ 
guardlink

         
Writes API key config to .guardlink/config.json

         
   7 │  *   8 │  * @exposes #init to #arbitrary-write [high] cwe:CWE-73 -- "Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc."   9 │  * @mitigates #init against #arbitrary-write using #path-validation -- "All paths are relative to root; join() constrains"  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"  15 │  * @flows #init -> AgentFiles via writeFileSync -- "Agent instruction file writes"  16 │  * @flows #init -> ConfigFile via writeFileSync -- "Config file write"  17 │  * @handles internal on #init -- "Generates definitions and agent instruction content"

       

-      

+      

         

           L13
           audit
@@ -4456,7 +5571,7 @@ 
guardlink

         
Config file may contain API keys; .gitignore entry added automatically

         
   8 │  * @exposes #init to #arbitrary-write [high] cwe:CWE-73 -- "Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc."   9 │  * @mitigates #init against #arbitrary-write using #path-validation -- "All paths are relative to root; join() constrains"  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"  15 │  * @flows #init -> AgentFiles via writeFileSync -- "Agent instruction file writes"  16 │  * @flows #init -> ConfigFile via writeFileSync -- "Config file write"  17 │  * @handles internal on #init -- "Generates definitions and agent instruction content"  18 │  */

       

-      

+      

         

           L14
           flow
@@ -4465,7 +5580,7 @@ 
guardlink

         
Project root input

         
   9 │  * @mitigates #init against #arbitrary-write using #path-validation -- "All paths are relative to root; join() constrains"  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"  15 │  * @flows #init -> AgentFiles via writeFileSync -- "Agent instruction file writes"  16 │  * @flows #init -> ConfigFile via writeFileSync -- "Config file write"  17 │  * @handles internal on #init -- "Generates definitions and agent instruction content"  18 │  */  19 │ 

       

-      

+      

         

           L15
           flow
@@ -4474,7 +5589,7 @@ 
guardlink

         
Agent instruction file writes

         
  10 │  * @exposes #init to #path-traversal [medium] cwe:CWE-22 -- "Reads/writes files based on root argument"  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"  15 │  * @flows #init -> AgentFiles via writeFileSync -- "Agent instruction file writes"  16 │  * @flows #init -> ConfigFile via writeFileSync -- "Config file write"  17 │  * @handles internal on #init -- "Generates definitions and agent instruction content"  18 │  */  19 │   20 │ import { existsSync, readFileSync, mkdirSync, writeFileSync, appendFileSync } from 'node:fs';

       

-      

+      

         

           L16
           flow
@@ -4483,7 +5598,7 @@ 
guardlink

         
Config file write

         
  11 │  * @mitigates #init against #path-traversal using #path-validation -- "join() with explicit root constrains file access"  12 │  * @exposes #init to #data-exposure [low] cwe:CWE-200 -- "Writes API key config to .guardlink/config.json"  13 │  * @audit #init -- "Config file may contain API keys; .gitignore entry added automatically"  14 │  * @flows ProjectRoot -> #init via options.root -- "Project root input"  15 │  * @flows #init -> AgentFiles via writeFileSync -- "Agent instruction file writes"  16 │  * @flows #init -> ConfigFile via writeFileSync -- "Config file write"  17 │  * @handles internal on #init -- "Generates definitions and agent instruction content"  18 │  */  19 │   20 │ import { existsSync, readFileSync, mkdirSync, writeFileSync, appendFileSync } from 'node:fs';  21 │ import { join, dirname } from 'node:path';

       

-      

+      

         

           L17
           handles
@@ -4504,7 +5619,7 @@ 
guardlink

     

     

       
-      

+      

         

           L4
           exposes
@@ -4513,7 +5628,7 @@ 
guardlink

         
Accepts tool calls from external MCP clients

         
   1 │ /**   2 │  * GuardLink MCP Server — exports and stdio entry point.   3 │  *   4 │  * @exposes #mcp to #cmd-injection [high] cwe:CWE-78 -- "Accepts tool calls from external MCP clients"   5 │  * @audit #mcp -- "All tool calls validated by server.ts before execution"   6 │  * @flows MCPClient -> #mcp via stdio -- "MCP protocol transport"   7 │  * @boundary #mcp and MCPClient (#mcp-boundary) -- "Trust boundary at MCP protocol"   8 │  */   9 │ 

       

-      

+      

         

           L5
           audit
@@ -4522,7 +5637,7 @@ 
guardlink

         
All tool calls validated by server.ts before execution

         
   1 │ /**   2 │  * GuardLink MCP Server — exports and stdio entry point.   3 │  *   4 │  * @exposes #mcp to #cmd-injection [high] cwe:CWE-78 -- "Accepts tool calls from external MCP clients"   5 │  * @audit #mcp -- "All tool calls validated by server.ts before execution"   6 │  * @flows MCPClient -> #mcp via stdio -- "MCP protocol transport"   7 │  * @boundary #mcp and MCPClient (#mcp-boundary) -- "Trust boundary at MCP protocol"   8 │  */   9 │   10 │ export { createServer } from './server.js';

       

-      

+      

         

           L6
           flow
@@ -4531,7 +5646,7 @@ 
guardlink

         
MCP protocol transport

         
   1 │ /**   2 │  * GuardLink MCP Server — exports and stdio entry point.   3 │  *   4 │  * @exposes #mcp to #cmd-injection [high] cwe:CWE-78 -- "Accepts tool calls from external MCP clients"   5 │  * @audit #mcp -- "All tool calls validated by server.ts before execution"   6 │  * @flows MCPClient -> #mcp via stdio -- "MCP protocol transport"   7 │  * @boundary #mcp and MCPClient (#mcp-boundary) -- "Trust boundary at MCP protocol"   8 │  */   9 │   10 │ export { createServer } from './server.js';  11 │ export { lookup, type LookupResult } from './lookup.js';

       

-      

+      

         

           L7
           boundary
@@ -4552,7 +5667,7 @@ 
guardlink

     

     

       
-      

+      

         

           L17
           exposes
@@ -4561,7 +5676,7 @@ 
guardlink

         
Regex patterns applied to query strings

         
  12 │  *   - "unmitigated" → all unmitigated exposures  13 │  *   - "confirmed" → @confirmed verified exploitable findings  14 │  *   - "boundary #config" → boundaries involving asset  15 │  *   - Free text → fuzzy match across assets, threats, controls  16 │  *  17 │  * @exposes #mcp to #redos [low] cwe:CWE-1333 -- "Regex patterns applied to query strings"  18 │  * @mitigates #mcp against #redos using #regex-anchoring -- "Patterns are simple and bounded"  19 │  * @flows QueryString -> #mcp via lookup -- "Query input path"  20 │  * @comment -- "Pure function; no I/O; operates on in-memory ThreatModel"  21 │  */  22 │ 

       

-      

+      

         

           L18
           mitigates
@@ -4570,7 +5685,7 @@ 
guardlink

         
Patterns are simple and bounded

         
  13 │  *   - "confirmed" → @confirmed verified exploitable findings  14 │  *   - "boundary #config" → boundaries involving asset  15 │  *   - Free text → fuzzy match across assets, threats, controls  16 │  *  17 │  * @exposes #mcp to #redos [low] cwe:CWE-1333 -- "Regex patterns applied to query strings"  18 │  * @mitigates #mcp against #redos using #regex-anchoring -- "Patterns are simple and bounded"  19 │  * @flows QueryString -> #mcp via lookup -- "Query input path"  20 │  * @comment -- "Pure function; no I/O; operates on in-memory ThreatModel"  21 │  */  22 │   23 │ import type {

       

-      

+      

         

           L19
           flow
@@ -4579,7 +5694,7 @@ 
guardlink

         
Query input path

         
  14 │  *   - "boundary #config" → boundaries involving asset  15 │  *   - Free text → fuzzy match across assets, threats, controls  16 │  *  17 │  * @exposes #mcp to #redos [low] cwe:CWE-1333 -- "Regex patterns applied to query strings"  18 │  * @mitigates #mcp against #redos using #regex-anchoring -- "Patterns are simple and bounded"  19 │  * @flows QueryString -> #mcp via lookup -- "Query input path"  20 │  * @comment -- "Pure function; no I/O; operates on in-memory ThreatModel"  21 │  */  22 │   23 │ import type {  24 │   ThreatModel, ThreatModelAsset, ThreatModelThreat, ThreatModelControl,

       

-      

+      

         

           L20
           comment
@@ -4600,7 +5715,7 @@ 
guardlink

     

     

       
-      

+      

         

           L26
           exposes
@@ -4609,7 +5724,7 @@ 
guardlink

         
Tool arguments include 'root' directory path from external client

         
  21 │  *   guardlink://definitions  — Assets, threats, controls  22 │  *   guardlink://unmitigated  — Unmitigated exposures list  23 │  *  24 │  * Transport: stdio (for Claude Code .mcp.json, Cursor, etc.)  25 │  *  26 │  * @exposes #mcp to #path-traversal [high] cwe:CWE-22 -- "Tool arguments include 'root' directory path from external client"  27 │  * @mitigates #mcp against #path-traversal using #path-validation -- "Zod schema validates root; resolve() canonicalizes"  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"

       

-      

+      

         

           L27
           mitigates
@@ -4618,7 +5733,7 @@ 
guardlink

         
Zod schema validates root; resolve() canonicalizes

         
  22 │  *   guardlink://unmitigated  — Unmitigated exposures list  23 │  *  24 │  * Transport: stdio (for Claude Code .mcp.json, Cursor, etc.)  25 │  *  26 │  * @exposes #mcp to #path-traversal [high] cwe:CWE-22 -- "Tool arguments include 'root' directory path from external client"  27 │  * @mitigates #mcp against #path-traversal using #path-validation -- "Zod schema validates root; resolve() canonicalizes"  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"

       

-      

+      

         

           L28
           exposes
@@ -4627,7 +5742,7 @@ 
guardlink

         
report, dashboard, sarif tools write files

         
  23 │  *  24 │  * Transport: stdio (for Claude Code .mcp.json, Cursor, etc.)  25 │  *  26 │  * @exposes #mcp to #path-traversal [high] cwe:CWE-22 -- "Tool arguments include 'root' directory path from external client"  27 │  * @mitigates #mcp against #path-traversal using #path-validation -- "Zod schema validates root; resolve() canonicalizes"  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"

       

-      

+      

         

           L29
           mitigates
@@ -4636,7 +5751,7 @@ 
guardlink

         
Output paths resolved relative to validated root

         
  24 │  * Transport: stdio (for Claude Code .mcp.json, Cursor, etc.)  25 │  *  26 │  * @exposes #mcp to #path-traversal [high] cwe:CWE-22 -- "Tool arguments include 'root' directory path from external client"  27 │  * @mitigates #mcp against #path-traversal using #path-validation -- "Zod schema validates root; resolve() canonicalizes"  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"

       

-      

+      

         

           L30
           exposes
@@ -4645,7 +5760,7 @@ 
guardlink

         
annotate and threat_report tools pass user prompts to LLM

         
  25 │  *  26 │  * @exposes #mcp to #path-traversal [high] cwe:CWE-22 -- "Tool arguments include 'root' directory path from external client"  27 │  * @mitigates #mcp against #path-traversal using #path-validation -- "Zod schema validates root; resolve() canonicalizes"  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"

       

-      

+      

         

           L31
           audit
@@ -4654,7 +5769,7 @@ 
guardlink

         
User prompts passed to LLM; model context is read-only

         
  26 │  * @exposes #mcp to #path-traversal [high] cwe:CWE-22 -- "Tool arguments include 'root' directory path from external client"  27 │  * @mitigates #mcp against #path-traversal using #path-validation -- "Zod schema validates root; resolve() canonicalizes"  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"

       

-      

+      

         

           L32
           exposes
@@ -4663,7 +5778,7 @@ 
guardlink

         
threat_report tool uses API keys from environment

         
  27 │  * @mitigates #mcp against #path-traversal using #path-validation -- "Zod schema validates root; resolve() canonicalizes"  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"

       

-      

+      

         

           L33
           mitigates
@@ -4672,7 +5787,7 @@ 
guardlink

         
Keys from env only; never logged or returned

         
  28 │  * @exposes #mcp to #arbitrary-write [high] cwe:CWE-73 -- "report, dashboard, sarif tools write files"  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"

       

-      

+      

         

           L34
           exposes
@@ -4681,7 +5796,7 @@ 
guardlink

         
Resources expose full threat model to MCP clients

         
  29 │  * @mitigates #mcp against #arbitrary-write using #path-validation -- "Output paths resolved relative to validated root"  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"  39 │  * @flows #mcp -> MCPClient via resource -- "Threat model data output"

       

-      

+      

         

           L35
           audit
@@ -4690,7 +5805,7 @@ 
guardlink

         
Threat model data intentionally exposed to connected agents

         
  30 │  * @exposes #mcp to #prompt-injection [medium] cwe:CWE-77 -- "annotate and threat_report tools pass user prompts to LLM"  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"  39 │  * @flows #mcp -> MCPClient via resource -- "Threat model data output"  40 │  * @boundary #mcp and MCPClient (#mcp-tool-boundary) -- "Trust boundary at tool argument parsing"

       

-      

+      

         

           L36
           flow
@@ -4699,7 +5814,7 @@ 
guardlink

         
Tool invocation input

         
  31 │  * @audit #mcp -- "User prompts passed to LLM; model context is read-only"  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"  39 │  * @flows #mcp -> MCPClient via resource -- "Threat model data output"  40 │  * @boundary #mcp and MCPClient (#mcp-tool-boundary) -- "Trust boundary at tool argument parsing"  41 │  * @handles internal on #mcp -- "Processes project annotations and threat model data"

       

-      

+      

         

           L37
           flow
@@ -4708,7 +5823,7 @@ 
guardlink

         
Report/dashboard output

         
  32 │  * @exposes #mcp to #api-key-exposure [medium] cwe:CWE-798 -- "threat_report tool uses API keys from environment"  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"  39 │  * @flows #mcp -> MCPClient via resource -- "Threat model data output"  40 │  * @boundary #mcp and MCPClient (#mcp-tool-boundary) -- "Trust boundary at tool argument parsing"  41 │  * @handles internal on #mcp -- "Processes project annotations and threat model data"  42 │  * @feature "MCP Integration" -- "Model Context Protocol server for AI agent tooling"

       

-      

+      

         

           L38
           flow
@@ -4717,7 +5832,7 @@ 
guardlink

         
LLM API call path

         
  33 │  * @mitigates #mcp against #api-key-exposure using #key-redaction -- "Keys from env only; never logged or returned"  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"  39 │  * @flows #mcp -> MCPClient via resource -- "Threat model data output"  40 │  * @boundary #mcp and MCPClient (#mcp-tool-boundary) -- "Trust boundary at tool argument parsing"  41 │  * @handles internal on #mcp -- "Processes project annotations and threat model data"  42 │  * @feature "MCP Integration" -- "Model Context Protocol server for AI agent tooling"  43 │  */

       

-      

+      

         

           L39
           flow
@@ -4726,7 +5841,7 @@ 
guardlink

         
Threat model data output

         
  34 │  * @exposes #mcp to #data-exposure [medium] cwe:CWE-200 -- "Resources expose full threat model to MCP clients"  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"  39 │  * @flows #mcp -> MCPClient via resource -- "Threat model data output"  40 │  * @boundary #mcp and MCPClient (#mcp-tool-boundary) -- "Trust boundary at tool argument parsing"  41 │  * @handles internal on #mcp -- "Processes project annotations and threat model data"  42 │  * @feature "MCP Integration" -- "Model Context Protocol server for AI agent tooling"  43 │  */  44 │ 

       

-      

+      

         

           L40
           boundary
@@ -4735,7 +5850,7 @@ 
guardlink

         
Trust boundary at tool argument parsing

         
  35 │  * @audit #mcp -- "Threat model data intentionally exposed to connected agents"  36 │  * @flows MCPClient -> #mcp via tool_call -- "Tool invocation input"  37 │  * @flows #mcp -> FileSystem via writeFile -- "Report/dashboard output"  38 │  * @flows #mcp -> #llm-client via generateThreatReport -- "LLM API call path"  39 │  * @flows #mcp -> MCPClient via resource -- "Threat model data output"  40 │  * @boundary #mcp and MCPClient (#mcp-tool-boundary) -- "Trust boundary at tool argument parsing"  41 │  * @handles internal on #mcp -- "Processes project annotations and threat model data"  42 │  * @feature "MCP Integration" -- "Model Context Protocol server for AI agent tooling"  43 │  */  44 │   45 │ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';

       

-      

+      

         

           L41
           handles
@@ -4756,7 +5871,7 @@ 
guardlink

     

     

       
-      

+      

         

           L12
           exposes
@@ -4765,7 +5880,7 @@ 
guardlink

         
File path from MCP client joined with root

         
   7 │  *   - HTTP handlers, auth checks, input parsing   8 │  *   - Missing annotations on files that handle sensitive data   9 │  *  10 │  * Designed for both file-based and diff-based analysis (§8.2).  11 │  *  12 │  * @exposes #suggest to #path-traversal [high] cwe:CWE-22 -- "File path from MCP client joined with root"  13 │  * @mitigates #suggest against #path-traversal using #path-validation -- "join() with validated root constrains access"  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"

       

-      

+      

         

           L13
           mitigates
@@ -4774,7 +5889,7 @@ 
guardlink

         
join() with validated root constrains access

         
   8 │  *   - Missing annotations on files that handle sensitive data   9 │  *  10 │  * Designed for both file-based and diff-based analysis (§8.2).  11 │  *  12 │  * @exposes #suggest to #path-traversal [high] cwe:CWE-22 -- "File path from MCP client joined with root"  13 │  * @mitigates #suggest against #path-traversal using #path-validation -- "join() with validated root constrains access"  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"  18 │  * @flows FilePath -> #suggest via readFileSync -- "File read path"

       

-      

+      

         

           L14
           exposes
@@ -4783,7 +5898,7 @@ 
guardlink

         
Complex regex patterns applied to source code

         
   9 │  *  10 │  * Designed for both file-based and diff-based analysis (§8.2).  11 │  *  12 │  * @exposes #suggest to #path-traversal [high] cwe:CWE-22 -- "File path from MCP client joined with root"  13 │  * @mitigates #suggest against #path-traversal using #path-validation -- "join() with validated root constrains access"  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"  18 │  * @flows FilePath -> #suggest via readFileSync -- "File read path"  19 │  * @flows #suggest -> Suggestions via suggestAnnotations -- "Suggestion output"

       

-      

+      

         

           L15
           mitigates
@@ -4792,7 +5907,7 @@ 
guardlink

         
Patterns designed with bounded quantifiers

         
  10 │  * Designed for both file-based and diff-based analysis (§8.2).  11 │  *  12 │  * @exposes #suggest to #path-traversal [high] cwe:CWE-22 -- "File path from MCP client joined with root"  13 │  * @mitigates #suggest against #path-traversal using #path-validation -- "join() with validated root constrains access"  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"  18 │  * @flows FilePath -> #suggest via readFileSync -- "File read path"  19 │  * @flows #suggest -> Suggestions via suggestAnnotations -- "Suggestion output"  20 │  * @comment -- "Skips node_modules and .guardlink directories"

       

-      

+      

         

           L16
           exposes
@@ -4801,7 +5916,7 @@ 
guardlink

         
Large files loaded into memory for pattern scanning

         
  11 │  *  12 │  * @exposes #suggest to #path-traversal [high] cwe:CWE-22 -- "File path from MCP client joined with root"  13 │  * @mitigates #suggest against #path-traversal using #path-validation -- "join() with validated root constrains access"  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"  18 │  * @flows FilePath -> #suggest via readFileSync -- "File read path"  19 │  * @flows #suggest -> Suggestions via suggestAnnotations -- "Suggestion output"  20 │  * @comment -- "Skips node_modules and .guardlink directories"  21 │  */

       

-      

+      

         

           L17
           audit
@@ -4810,7 +5925,7 @@ 
guardlink

         
File size is bounded by project scope; production use involves reasonable file sizes

         
  12 │  * @exposes #suggest to #path-traversal [high] cwe:CWE-22 -- "File path from MCP client joined with root"  13 │  * @mitigates #suggest against #path-traversal using #path-validation -- "join() with validated root constrains access"  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"  18 │  * @flows FilePath -> #suggest via readFileSync -- "File read path"  19 │  * @flows #suggest -> Suggestions via suggestAnnotations -- "Suggestion output"  20 │  * @comment -- "Skips node_modules and .guardlink directories"  21 │  */  22 │ 

       

-      

+      

         

           L18
           flow
@@ -4819,7 +5934,7 @@ 
guardlink

         
File read path

         
  13 │  * @mitigates #suggest against #path-traversal using #path-validation -- "join() with validated root constrains access"  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"  18 │  * @flows FilePath -> #suggest via readFileSync -- "File read path"  19 │  * @flows #suggest -> Suggestions via suggestAnnotations -- "Suggestion output"  20 │  * @comment -- "Skips node_modules and .guardlink directories"  21 │  */  22 │   23 │ import { readFileSync, existsSync } from 'node:fs';

       

-      

+      

         

           L19
           flow
@@ -4828,7 +5943,7 @@ 
guardlink

         
Suggestion output

         
  14 │  * @exposes #suggest to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to source code"  15 │  * @mitigates #suggest against #redos using #regex-anchoring -- "Patterns designed with bounded quantifiers"  16 │  * @exposes #suggest to #dos [low] cwe:CWE-400 -- "Large files loaded into memory for pattern scanning"  17 │  * @audit #suggest -- "File size is bounded by project scope; production use involves reasonable file sizes"  18 │  * @flows FilePath -> #suggest via readFileSync -- "File read path"  19 │  * @flows #suggest -> Suggestions via suggestAnnotations -- "Suggestion output"  20 │  * @comment -- "Skips node_modules and .guardlink directories"  21 │  */  22 │   23 │ import { readFileSync, existsSync } from 'node:fs';  24 │ import { join, extname } from 'node:path';

       

-      

+      

         

           L20
           comment
@@ -4849,7 +5964,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           exposes
@@ -4858,7 +5973,7 @@ 
guardlink

         
Writes modified content back to discovered files

         
   2 │  * GuardLink — Annotation clearing utility.   3 │  * Scans project source files and removes all GuardLink annotation comment lines.   4 │  *   5 │  * Used by `guardlink clear` and `/clear` to let users start fresh with annotations.   6 │  *   7 │  * @exposes #parser to #arbitrary-write [high] cwe:CWE-73 -- "Writes modified content back to discovered files"   8 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns determine which files are modified"   9 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks sensitive dirs; cwd constrains scope"  10 │  * @audit #parser -- "Destructive operation requires explicit user confirmation via dryRun flag"  11 │  * @flows ProjectRoot -> #parser via fast-glob -- "File discovery path"  12 │  * @flows #parser -> SourceFiles via writeFile -- "Modified file write path"

       

-      

+      

         

           L8
           exposes
@@ -4867,7 +5982,7 @@ 
guardlink

         
Glob patterns determine which files are modified

         
   3 │  * Scans project source files and removes all GuardLink annotation comment lines.   4 │  *   5 │  * Used by `guardlink clear` and `/clear` to let users start fresh with annotations.   6 │  *   7 │  * @exposes #parser to #arbitrary-write [high] cwe:CWE-73 -- "Writes modified content back to discovered files"   8 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns determine which files are modified"   9 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks sensitive dirs; cwd constrains scope"  10 │  * @audit #parser -- "Destructive operation requires explicit user confirmation via dryRun flag"  11 │  * @flows ProjectRoot -> #parser via fast-glob -- "File discovery path"  12 │  * @flows #parser -> SourceFiles via writeFile -- "Modified file write path"  13 │  * @handles internal on #parser -- "Operates on project source files only"

       

-      

+      

         

           L9
           mitigates
@@ -4876,7 +5991,7 @@ 
guardlink

         
DEFAULT_EXCLUDE blocks sensitive dirs; cwd constrains scope

         
   4 │  *   5 │  * Used by `guardlink clear` and `/clear` to let users start fresh with annotations.   6 │  *   7 │  * @exposes #parser to #arbitrary-write [high] cwe:CWE-73 -- "Writes modified content back to discovered files"   8 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns determine which files are modified"   9 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks sensitive dirs; cwd constrains scope"  10 │  * @audit #parser -- "Destructive operation requires explicit user confirmation via dryRun flag"  11 │  * @flows ProjectRoot -> #parser via fast-glob -- "File discovery path"  12 │  * @flows #parser -> SourceFiles via writeFile -- "Modified file write path"  13 │  * @handles internal on #parser -- "Operates on project source files only"  14 │  */

       

-      

+      

         

           L10
           audit
@@ -4885,7 +6000,7 @@ 
guardlink

         
Destructive operation requires explicit user confirmation via dryRun flag

         
   5 │  * Used by `guardlink clear` and `/clear` to let users start fresh with annotations.   6 │  *   7 │  * @exposes #parser to #arbitrary-write [high] cwe:CWE-73 -- "Writes modified content back to discovered files"   8 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns determine which files are modified"   9 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks sensitive dirs; cwd constrains scope"  10 │  * @audit #parser -- "Destructive operation requires explicit user confirmation via dryRun flag"  11 │  * @flows ProjectRoot -> #parser via fast-glob -- "File discovery path"  12 │  * @flows #parser -> SourceFiles via writeFile -- "Modified file write path"  13 │  * @handles internal on #parser -- "Operates on project source files only"  14 │  */  15 │ 

       

-      

+      

         

           L11
           flow
@@ -4894,7 +6009,7 @@ 
guardlink

         
File discovery path

         
   6 │  *   7 │  * @exposes #parser to #arbitrary-write [high] cwe:CWE-73 -- "Writes modified content back to discovered files"   8 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns determine which files are modified"   9 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks sensitive dirs; cwd constrains scope"  10 │  * @audit #parser -- "Destructive operation requires explicit user confirmation via dryRun flag"  11 │  * @flows ProjectRoot -> #parser via fast-glob -- "File discovery path"  12 │  * @flows #parser -> SourceFiles via writeFile -- "Modified file write path"  13 │  * @handles internal on #parser -- "Operates on project source files only"  14 │  */  15 │   16 │ import fg from 'fast-glob';

       

-      

+      

         

           L12
           flow
@@ -4903,7 +6018,7 @@ 
guardlink

         
Modified file write path

         
   7 │  * @exposes #parser to #arbitrary-write [high] cwe:CWE-73 -- "Writes modified content back to discovered files"   8 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns determine which files are modified"   9 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks sensitive dirs; cwd constrains scope"  10 │  * @audit #parser -- "Destructive operation requires explicit user confirmation via dryRun flag"  11 │  * @flows ProjectRoot -> #parser via fast-glob -- "File discovery path"  12 │  * @flows #parser -> SourceFiles via writeFile -- "Modified file write path"  13 │  * @handles internal on #parser -- "Operates on project source files only"  14 │  */  15 │   16 │ import fg from 'fast-glob';  17 │ import { readFile, writeFile } from 'node:fs/promises';

       

-      

+      

         

           L13
           handles
@@ -4924,7 +6039,7 @@ 
guardlink

     

     

       
-      

+      

         

           L9
           comment
@@ -4945,7 +6060,7 @@ 
guardlink

     

     

       
-      

+      

         

           L5
           exposes
@@ -4954,7 +6069,7 @@ 
guardlink

         
File path from caller read via readFile; no validation here

         
   1 │ /**   2 │  * GuardLink — File-level parser.   3 │  * Reads source files and extracts all GuardLink annotations.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "File path from caller read via readFile; no validation here"   6 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large files loaded entirely into memory"   7 │  * @audit #parser -- "Path validation delegated to callers (CLI/MCP validate root)"   8 │  * @flows FilePath -> #parser via readFile -- "Disk read path"   9 │  * @flows #parser -> Annotations via parseString -- "Parsed annotation output"  10 │  */

       

-      

+      

         

           L6
           exposes
@@ -4963,7 +6078,7 @@ 
guardlink

         
Large files loaded entirely into memory

         
   1 │ /**   2 │  * GuardLink — File-level parser.   3 │  * Reads source files and extracts all GuardLink annotations.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "File path from caller read via readFile; no validation here"   6 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large files loaded entirely into memory"   7 │  * @audit #parser -- "Path validation delegated to callers (CLI/MCP validate root)"   8 │  * @flows FilePath -> #parser via readFile -- "Disk read path"   9 │  * @flows #parser -> Annotations via parseString -- "Parsed annotation output"  10 │  */  11 │ 

       

-      

+      

         

           L7
           audit
@@ -4972,7 +6087,7 @@ 
guardlink

         
Path validation delegated to callers (CLI/MCP validate root)

         
   2 │  * GuardLink — File-level parser.   3 │  * Reads source files and extracts all GuardLink annotations.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "File path from caller read via readFile; no validation here"   6 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large files loaded entirely into memory"   7 │  * @audit #parser -- "Path validation delegated to callers (CLI/MCP validate root)"   8 │  * @flows FilePath -> #parser via readFile -- "Disk read path"   9 │  * @flows #parser -> Annotations via parseString -- "Parsed annotation output"  10 │  */  11 │   12 │ import { readFile } from 'node:fs/promises';

       

-      

+      

         

           L8
           flow
@@ -4981,7 +6096,7 @@ 
guardlink

         
Disk read path

         
   3 │  * Reads source files and extracts all GuardLink annotations.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "File path from caller read via readFile; no validation here"   6 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large files loaded entirely into memory"   7 │  * @audit #parser -- "Path validation delegated to callers (CLI/MCP validate root)"   8 │  * @flows FilePath -> #parser via readFile -- "Disk read path"   9 │  * @flows #parser -> Annotations via parseString -- "Parsed annotation output"  10 │  */  11 │   12 │ import { readFile } from 'node:fs/promises';  13 │ import { basename, extname } from 'node:path';

       

-      

+      

         

           L9
           flow
@@ -5002,7 +6117,7 @@ 
guardlink

     

     

       
-      

+      

         

           L5
           exposes
@@ -5011,7 +6126,7 @@ 
guardlink

         
Complex regex patterns applied to annotation text

         
   1 │ /**   2 │  * GuardLink — Line-level annotation parser.   3 │  * Parses a single comment line into a typed Annotation.   4 │  *   5 │  * @exposes #parser to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to annotation text"   6 │  * @mitigates #parser against #redos using #regex-anchoring -- "All patterns are anchored (^...$) to prevent backtracking"   7 │  * @comment -- "Regex patterns designed with bounded quantifiers and explicit structure"   8 │  */   9 │   10 │ import type {

       

-      

+      

         

           L6
           mitigates
@@ -5020,7 +6135,7 @@ 
guardlink

         
All patterns are anchored (^...$) to prevent backtracking

         
   1 │ /**   2 │  * GuardLink — Line-level annotation parser.   3 │  * Parses a single comment line into a typed Annotation.   4 │  *   5 │  * @exposes #parser to #redos [medium] cwe:CWE-1333 -- "Complex regex patterns applied to annotation text"   6 │  * @mitigates #parser against #redos using #regex-anchoring -- "All patterns are anchored (^...$) to prevent backtracking"   7 │  * @comment -- "Regex patterns designed with bounded quantifiers and explicit structure"   8 │  */   9 │   10 │ import type {  11 │   Annotation, AnnotationVerb, Severity, DataClassification,

       

-      

+      

         

           L7
           comment
@@ -5041,7 +6156,7 @@ 
guardlink

     

     

       
-      

+      

         

           L5
           exposes
@@ -5050,7 +6165,7 @@ 
guardlink

         
Glob patterns could escape root directory

         
   1 │ /**   2 │  * GuardLink — Project-level parser.   3 │  * Walks a directory, parses all source files, and assembles a ThreatModel.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns could escape root directory"   6 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks node_modules, .git; fast-glob cwd constrains scan"   7 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large projects with many files could exhaust memory"   8 │  * @mitigates #parser against #dos using #resource-limits -- "DEFAULT_EXCLUDE skips build artifacts, tests; limits effective file count"   9 │  * @flows ProjectRoot -> #parser via fast-glob -- "Directory traversal path"  10 │  * @flows #parser -> ThreatModel via assembleModel -- "Aggregated threat model output"

       

-      

+      

         

           L6
           mitigates
@@ -5059,7 +6174,7 @@ 
guardlink

         
DEFAULT_EXCLUDE blocks node_modules, .git; fast-glob cwd constrains scan

         
   1 │ /**   2 │  * GuardLink — Project-level parser.   3 │  * Walks a directory, parses all source files, and assembles a ThreatModel.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns could escape root directory"   6 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks node_modules, .git; fast-glob cwd constrains scan"   7 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large projects with many files could exhaust memory"   8 │  * @mitigates #parser against #dos using #resource-limits -- "DEFAULT_EXCLUDE skips build artifacts, tests; limits effective file count"   9 │  * @flows ProjectRoot -> #parser via fast-glob -- "Directory traversal path"  10 │  * @flows #parser -> ThreatModel via assembleModel -- "Aggregated threat model output"  11 │  * @boundary #parser and FileSystem (#fs-boundary) -- "Trust boundary between parser and disk I/O"

       

-      

+      

         

           L7
           exposes
@@ -5068,7 +6183,7 @@ 
guardlink

         
Large projects with many files could exhaust memory

         
   2 │  * GuardLink — Project-level parser.   3 │  * Walks a directory, parses all source files, and assembles a ThreatModel.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns could escape root directory"   6 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks node_modules, .git; fast-glob cwd constrains scan"   7 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large projects with many files could exhaust memory"   8 │  * @mitigates #parser against #dos using #resource-limits -- "DEFAULT_EXCLUDE skips build artifacts, tests; limits effective file count"   9 │  * @flows ProjectRoot -> #parser via fast-glob -- "Directory traversal path"  10 │  * @flows #parser -> ThreatModel via assembleModel -- "Aggregated threat model output"  11 │  * @boundary #parser and FileSystem (#fs-boundary) -- "Trust boundary between parser and disk I/O"  12 │  */

       

-      

+      

         

           L8
           mitigates
@@ -5077,7 +6192,7 @@ 
guardlink

         
DEFAULT_EXCLUDE skips build artifacts, tests; limits effective file count

         
   3 │  * Walks a directory, parses all source files, and assembles a ThreatModel.   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns could escape root directory"   6 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks node_modules, .git; fast-glob cwd constrains scan"   7 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large projects with many files could exhaust memory"   8 │  * @mitigates #parser against #dos using #resource-limits -- "DEFAULT_EXCLUDE skips build artifacts, tests; limits effective file count"   9 │  * @flows ProjectRoot -> #parser via fast-glob -- "Directory traversal path"  10 │  * @flows #parser -> ThreatModel via assembleModel -- "Aggregated threat model output"  11 │  * @boundary #parser and FileSystem (#fs-boundary) -- "Trust boundary between parser and disk I/O"  12 │  */  13 │ 

       

-      

+      

         

           L9
           flow
@@ -5086,7 +6201,7 @@ 
guardlink

         
Directory traversal path

         
   4 │  *   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns could escape root directory"   6 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks node_modules, .git; fast-glob cwd constrains scan"   7 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large projects with many files could exhaust memory"   8 │  * @mitigates #parser against #dos using #resource-limits -- "DEFAULT_EXCLUDE skips build artifacts, tests; limits effective file count"   9 │  * @flows ProjectRoot -> #parser via fast-glob -- "Directory traversal path"  10 │  * @flows #parser -> ThreatModel via assembleModel -- "Aggregated threat model output"  11 │  * @boundary #parser and FileSystem (#fs-boundary) -- "Trust boundary between parser and disk I/O"  12 │  */  13 │   14 │ import fg from 'fast-glob';

       

-      

+      

         

           L10
           flow
@@ -5095,7 +6210,7 @@ 
guardlink

         
Aggregated threat model output

         
   5 │  * @exposes #parser to #path-traversal [high] cwe:CWE-22 -- "Glob patterns could escape root directory"   6 │  * @mitigates #parser against #path-traversal using #glob-filtering -- "DEFAULT_EXCLUDE blocks node_modules, .git; fast-glob cwd constrains scan"   7 │  * @exposes #parser to #dos [medium] cwe:CWE-400 -- "Large projects with many files could exhaust memory"   8 │  * @mitigates #parser against #dos using #resource-limits -- "DEFAULT_EXCLUDE skips build artifacts, tests; limits effective file count"   9 │  * @flows ProjectRoot -> #parser via fast-glob -- "Directory traversal path"  10 │  * @flows #parser -> ThreatModel via assembleModel -- "Aggregated threat model output"  11 │  * @boundary #parser and FileSystem (#fs-boundary) -- "Trust boundary between parser and disk I/O"  12 │  */  13 │   14 │ import fg from 'fast-glob';  15 │ import { relative } from 'node:path';

       

-      

+      

         

           L11
           boundary
@@ -5116,7 +6231,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           mitigates
@@ -5125,7 +6240,7 @@ 
guardlink

         
findDanglingRefs ensures #id refs resolve to definitions

         
   2 │  * GuardLink — Shared validation helpers.   3 │  *   4 │  * Extracted from cli/index.ts and tui/commands.ts to eliminate duplication   5 │  * and ensure consistent validation logic across all entry points.   6 │  *   7 │  * @mitigates #parser against #tag-collision using #prefix-ownership -- "findDanglingRefs ensures #id refs resolve to definitions"   8 │  * @comment -- "@confirmed refs validated same as @exposes for asset and threat"   9 │  */  10 │   11 │ import type { ThreatModel, ThreatModelExposure, ParseDiagnostic } from '../types/index.js';  12 │ 

       

-      

+      

         

           L8
           comment
@@ -5146,7 +6261,7 @@ 
guardlink

     

     

       
-      

+      

         

           L4
           comment
@@ -5155,7 +6270,7 @@ 
guardlink

         
Report generation is pure transformation; no I/O in this module

         
   1 │ /**   2 │  * GuardLink Report — exports.   3 │  *   4 │  * @comment -- "Report generation is pure transformation; no I/O in this module"   5 │  * @comment -- "File writes handled by CLI/MCP callers"   6 │  */   7 │    8 │ export { generateMermaid } from './mermaid.js';   9 │ export { generateReport } from './report.js';

       

-      

+      

         

           L5
           comment
@@ -5176,7 +6291,7 @@ 
guardlink

     

     

       
-      

+      

         

           L6
           comment
@@ -5185,7 +6300,7 @@ 
guardlink

         
Pure function: transforms ThreatModel to markdown string

         
   1 │ /**   2 │  * GuardLink Report — Markdown report generator.   3 │  * Produces a human-readable threat model report with   4 │  * embedded Mermaid diagram, finding tables, and coverage stats.   5 │  *   6 │  * @comment -- "Pure function: transforms ThreatModel to markdown string"   7 │  * @comment -- "No file I/O; caller (CLI/MCP) handles write"   8 │  * @flows ThreatModel -> #report via generateReport -- "Model input"   9 │  * @flows #report -> Markdown via return -- "Report output"  10 │  */  11 │ 

       

-      

+      

         

           L7
           comment
@@ -5194,7 +6309,7 @@ 
guardlink

         
No file I/O; caller (CLI/MCP) handles write

         
   2 │  * GuardLink Report — Markdown report generator.   3 │  * Produces a human-readable threat model report with   4 │  * embedded Mermaid diagram, finding tables, and coverage stats.   5 │  *   6 │  * @comment -- "Pure function: transforms ThreatModel to markdown string"   7 │  * @comment -- "No file I/O; caller (CLI/MCP) handles write"   8 │  * @flows ThreatModel -> #report via generateReport -- "Model input"   9 │  * @flows #report -> Markdown via return -- "Report output"  10 │  */  11 │   12 │ import type { ThreatModel, ThreatModelExposure, Severity } from '../types/index.js';

       

-      

+      

         

           L8
           flow
@@ -5203,7 +6318,7 @@ 
guardlink

         
Model input

         
   3 │  * Produces a human-readable threat model report with   4 │  * embedded Mermaid diagram, finding tables, and coverage stats.   5 │  *   6 │  * @comment -- "Pure function: transforms ThreatModel to markdown string"   7 │  * @comment -- "No file I/O; caller (CLI/MCP) handles write"   8 │  * @flows ThreatModel -> #report via generateReport -- "Model input"   9 │  * @flows #report -> Markdown via return -- "Report output"  10 │  */  11 │   12 │ import type { ThreatModel, ThreatModelExposure, Severity } from '../types/index.js';  13 │ import { generateMermaid } from './mermaid.js';

       

-      

+      

         

           L9
           flow
@@ -5224,7 +6339,7 @@ 
guardlink

     

     

       
-      

+      

         

           L6
           comment
@@ -5233,7 +6348,7 @@ 
guardlink

         
Pure function: transforms ThreatModel flows to Mermaid sequence diagram

         
   1 │ /**   2 │  * GuardLink Report — Mermaid sequence diagram generator.   3 │  * Builds a sequence diagram from @flows annotations showing   4 │  * the step-by-step interactions between system participants.   5 │  *   6 │  * @comment -- "Pure function: transforms ThreatModel flows to Mermaid sequence diagram"   7 │  * @flows ThreatModel -> #report via generateSequenceDiagram -- "Sequence diagram generation"   8 │  */   9 │   10 │ import type { ThreatModel } from '../types/index.js';  11 │ 

       

-      

+      

         

           L7
           flow
@@ -5254,7 +6369,7 @@ 
guardlink

     

     

       
-      

+      

         

           L10
           exposes
@@ -5263,7 +6378,7 @@ 
guardlink

         
Writes @accepts/@audit annotations into source files

         
   5 │  * Users walk through the GAL (Governance Acceptance List) and decide:   6 │  *   accept  — write @accepts + @audit (risk acknowledged, intentional)   7 │  *   remediate — write @audit with planned-fix note   8 │  *   skip    — leave open for now   9 │  *  10 │  * @exposes #cli to #arbitrary-write [medium] cwe:CWE-73 -- "Writes @accepts/@audit annotations into source files"  11 │  * @mitigates #cli against #arbitrary-write using #path-validation -- "Only modifies files already in the parsed project"  12 │  * @audit #cli -- "Review decisions require human justification; no empty accepts allowed"  13 │  * @flows ThreatModel -> #cli via getReviewableExposures -- "Exposure list input"  14 │  * @flows #cli -> SourceFiles via writeFile -- "Annotation insertion output"  15 │  * @handles internal on #cli -- "Processes exposure metadata and user justification text"

       

-      

+      

         

           L11
           mitigates
@@ -5272,7 +6387,7 @@ 
guardlink

         
Only modifies files already in the parsed project

         
   6 │  *   accept  — write @accepts + @audit (risk acknowledged, intentional)   7 │  *   remediate — write @audit with planned-fix note   8 │  *   skip    — leave open for now   9 │  *  10 │  * @exposes #cli to #arbitrary-write [medium] cwe:CWE-73 -- "Writes @accepts/@audit annotations into source files"  11 │  * @mitigates #cli against #arbitrary-write using #path-validation -- "Only modifies files already in the parsed project"  12 │  * @audit #cli -- "Review decisions require human justification; no empty accepts allowed"  13 │  * @flows ThreatModel -> #cli via getReviewableExposures -- "Exposure list input"  14 │  * @flows #cli -> SourceFiles via writeFile -- "Annotation insertion output"  15 │  * @handles internal on #cli -- "Processes exposure metadata and user justification text"  16 │  */

       

-      

+      

         

           L12
           audit
@@ -5281,7 +6396,7 @@ 
guardlink

         
Review decisions require human justification; no empty accepts allowed

         
   7 │  *   remediate — write @audit with planned-fix note   8 │  *   skip    — leave open for now   9 │  *  10 │  * @exposes #cli to #arbitrary-write [medium] cwe:CWE-73 -- "Writes @accepts/@audit annotations into source files"  11 │  * @mitigates #cli against #arbitrary-write using #path-validation -- "Only modifies files already in the parsed project"  12 │  * @audit #cli -- "Review decisions require human justification; no empty accepts allowed"  13 │  * @flows ThreatModel -> #cli via getReviewableExposures -- "Exposure list input"  14 │  * @flows #cli -> SourceFiles via writeFile -- "Annotation insertion output"  15 │  * @handles internal on #cli -- "Processes exposure metadata and user justification text"  16 │  */  17 │ 

       

-      

+      

         

           L13
           flow
@@ -5290,7 +6405,7 @@ 
guardlink

         
Exposure list input

         
   8 │  *   skip    — leave open for now   9 │  *  10 │  * @exposes #cli to #arbitrary-write [medium] cwe:CWE-73 -- "Writes @accepts/@audit annotations into source files"  11 │  * @mitigates #cli against #arbitrary-write using #path-validation -- "Only modifies files already in the parsed project"  12 │  * @audit #cli -- "Review decisions require human justification; no empty accepts allowed"  13 │  * @flows ThreatModel -> #cli via getReviewableExposures -- "Exposure list input"  14 │  * @flows #cli -> SourceFiles via writeFile -- "Annotation insertion output"  15 │  * @handles internal on #cli -- "Processes exposure metadata and user justification text"  16 │  */  17 │   18 │ import { readFile, writeFile } from 'node:fs/promises';

       

-      

+      

         

           L14
           flow
@@ -5299,7 +6414,7 @@ 
guardlink

         
Annotation insertion output

         
   9 │  *  10 │  * @exposes #cli to #arbitrary-write [medium] cwe:CWE-73 -- "Writes @accepts/@audit annotations into source files"  11 │  * @mitigates #cli against #arbitrary-write using #path-validation -- "Only modifies files already in the parsed project"  12 │  * @audit #cli -- "Review decisions require human justification; no empty accepts allowed"  13 │  * @flows ThreatModel -> #cli via getReviewableExposures -- "Exposure list input"  14 │  * @flows #cli -> SourceFiles via writeFile -- "Annotation insertion output"  15 │  * @handles internal on #cli -- "Processes exposure metadata and user justification text"  16 │  */  17 │   18 │ import { readFile, writeFile } from 'node:fs/promises';  19 │ import { resolve } from 'node:path';

       

-      

+      

         

           L15
           handles
@@ -5320,7 +6435,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           exposes
@@ -5329,7 +6444,7 @@ 
guardlink

         
File paths from user args in /view, /sarif -o

         
   2 │  * GuardLink TUI — Command implementations.   3 │  *   4 │  * Each command function takes (args, ctx) and prints output directly.   5 │  * Returns void. Throws on fatal errors.   6 │  *   7 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"   8 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"

       

-      

+      

         

           L8
           mitigates
@@ -5338,7 +6453,7 @@ 
guardlink

         
resolve() with ctx.root constrains file access

         
   3 │  *   4 │  * Each command function takes (args, ctx) and prints output directly.   5 │  * Returns void. Throws on fatal errors.   6 │  *   7 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"   8 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"

       

-      

+      

         

           L9
           exposes
@@ -5347,7 +6462,7 @@ 
guardlink

         
/report, /sarif, /dashboard write files

         
   4 │  * Each command function takes (args, ctx) and prints output directly.   5 │  * Returns void. Throws on fatal errors.   6 │  *   7 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"   8 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"

       

-      

+      

         

           L10
           mitigates
@@ -5356,7 +6471,7 @@ 
guardlink

         
Output paths resolved relative to project root

         
   5 │  * Returns void. Throws on fatal errors.   6 │  *   7 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"   8 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"

       

-      

+      

         

           L11
           exposes
@@ -5365,7 +6480,7 @@ 
guardlink

         
/annotate and /threat-report spawn child processes

         
   6 │  *   7 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"   8 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"

       

-      

+      

         

           L12
           audit
@@ -5374,7 +6489,7 @@ 
guardlink

         
Child process spawning delegated to agents/launcher.ts

         
   7 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "File paths from user args in /view, /sarif -o"   8 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"

       

-      

+      

         

           L13
           exposes
@@ -5383,7 +6498,7 @@ 
guardlink

         
/model handles API key input and storage

         
   8 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() with ctx.root constrains file access"   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"

       

-      

+      

         

           L14
           mitigates
@@ -5392,7 +6507,7 @@ 
guardlink

         
API keys masked in /model show output

         
   9 │  * @exposes #tui to #arbitrary-write [high] cwe:CWE-73 -- "/report, /sarif, /dashboard write files"  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"  19 │  * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"

       

-      

+      

         

           L15
           exposes
@@ -5401,7 +6516,7 @@ 
guardlink

         
Freeform chat sends user text to LLM

         
  10 │  * @mitigates #tui against #arbitrary-write using #path-validation -- "Output paths resolved relative to project root"  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"  19 │  * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"  20 │  * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"

       

-      

+      

         

           L16
           audit
@@ -5410,7 +6525,7 @@ 
guardlink

         
User freeform text passed to LLM via cmdChat; model context is read-only

         
  11 │  * @exposes #tui to #cmd-injection [high] cwe:CWE-78 -- "/annotate and /threat-report spawn child processes"  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"  19 │  * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"  20 │  * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"  21 │  * @handles secrets on #tui -- "Processes and stores API keys via /model"

       

-      

+      

         

           L17
           flow
@@ -5419,7 +6534,7 @@ 
guardlink

         
Command argument input

         
  12 │  * @audit #tui -- "Child process spawning delegated to agents/launcher.ts"  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"  19 │  * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"  20 │  * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"  21 │  * @handles secrets on #tui -- "Processes and stores API keys via /model"  22 │  */

       

-      

+      

         

           L18
           flow
@@ -5428,7 +6543,7 @@ 
guardlink

         
Report/config output

         
  13 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "/model handles API key input and storage"  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"  19 │  * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"  20 │  * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"  21 │  * @handles secrets on #tui -- "Processes and stores API keys via /model"  22 │  */  23 │ 

       

-      

+      

         

           L19
           flow
@@ -5437,7 +6552,7 @@ 
guardlink

         
Agent spawn path

         
  14 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "API keys masked in /model show output"  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"  19 │  * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"  20 │  * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"  21 │  * @handles secrets on #tui -- "Processes and stores API keys via /model"  22 │  */  23 │   24 │ import { resolve, basename, isAbsolute } from 'node:path';

       

-      

+      

         

           L20
           flow
@@ -5446,7 +6561,7 @@ 
guardlink

         
LLM API call path

         
  15 │  * @exposes #tui to #prompt-injection [medium] cwe:CWE-77 -- "Freeform chat sends user text to LLM"  16 │  * @audit #tui -- "User freeform text passed to LLM via cmdChat; model context is read-only"  17 │  * @flows UserArgs -> #tui via args -- "Command argument input"  18 │  * @flows #tui -> FileSystem via writeFile -- "Report/config output"  19 │  * @flows #tui -> #agent-launcher via launchAgent -- "Agent spawn path"  20 │  * @flows #tui -> #llm-client via chatCompletion -- "LLM API call path"  21 │  * @handles secrets on #tui -- "Processes and stores API keys via /model"  22 │  */  23 │   24 │ import { resolve, basename, isAbsolute } from 'node:path';  25 │ import { readFileSync, existsSync, writeFileSync, mkdirSync } from 'node:fs';

       

-      

+      

         

           L21
           handles
@@ -5467,7 +6582,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           exposes
@@ -5476,7 +6591,7 @@ 
guardlink

         
API keys loaded from and saved to config files

         
   2 │  * GuardLink TUI — Config persistence for LLM settings.   3 │  *   4 │  * Now delegates to the unified agents/config.ts resolution chain.   5 │  * Keeps backward compatibility with tui-config.json (legacy).   6 │  *   7 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "API keys loaded from and saved to config files"   8 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "Delegates to agents/config.ts with masking"   9 │  * @flows ConfigFile -> #tui via loadProjectConfig -- "Config load path"  10 │  * @flows #tui -> ConfigFile via saveProjectConfig -- "Config save path"  11 │  * @handles secrets on #tui -- "API keys stored in .guardlink/config.json"  12 │  */

       

-      

+      

         

           L8
           mitigates
@@ -5485,7 +6600,7 @@ 
guardlink

         
Delegates to agents/config.ts with masking

         
   3 │  *   4 │  * Now delegates to the unified agents/config.ts resolution chain.   5 │  * Keeps backward compatibility with tui-config.json (legacy).   6 │  *   7 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "API keys loaded from and saved to config files"   8 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "Delegates to agents/config.ts with masking"   9 │  * @flows ConfigFile -> #tui via loadProjectConfig -- "Config load path"  10 │  * @flows #tui -> ConfigFile via saveProjectConfig -- "Config save path"  11 │  * @handles secrets on #tui -- "API keys stored in .guardlink/config.json"  12 │  */  13 │ 

       

-      

+      

         

           L9
           flow
@@ -5494,7 +6609,7 @@ 
guardlink

         
Config load path

         
   4 │  * Now delegates to the unified agents/config.ts resolution chain.   5 │  * Keeps backward compatibility with tui-config.json (legacy).   6 │  *   7 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "API keys loaded from and saved to config files"   8 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "Delegates to agents/config.ts with masking"   9 │  * @flows ConfigFile -> #tui via loadProjectConfig -- "Config load path"  10 │  * @flows #tui -> ConfigFile via saveProjectConfig -- "Config save path"  11 │  * @handles secrets on #tui -- "API keys stored in .guardlink/config.json"  12 │  */  13 │   14 │ import type { LLMConfig, LLMProvider } from '../analyze/llm.js';

       

-      

+      

         

           L10
           flow
@@ -5503,7 +6618,7 @@ 
guardlink

         
Config save path

         
   5 │  * Keeps backward compatibility with tui-config.json (legacy).   6 │  *   7 │  * @exposes #tui to #api-key-exposure [high] cwe:CWE-798 -- "API keys loaded from and saved to config files"   8 │  * @mitigates #tui against #api-key-exposure using #key-redaction -- "Delegates to agents/config.ts with masking"   9 │  * @flows ConfigFile -> #tui via loadProjectConfig -- "Config load path"  10 │  * @flows #tui -> ConfigFile via saveProjectConfig -- "Config save path"  11 │  * @handles secrets on #tui -- "API keys stored in .guardlink/config.json"  12 │  */  13 │   14 │ import type { LLMConfig, LLMProvider } from '../analyze/llm.js';  15 │ import { resolveConfig, saveProjectConfig, loadProjectConfig } from '../agents/config.js';

       

-      

+      

         

           L11
           handles
@@ -5524,7 +6639,7 @@ 
guardlink

     

     

       
-      

+      

         

           L9
           exposes
@@ -5533,7 +6648,7 @@ 
guardlink

         
User-supplied dir argument resolved via path.resolve

         
   4 │  * GuardLink TUI — Interactive terminal interface.   5 │  *   6 │  * Claude Code-style inline REPL: stays in your terminal,   7 │  * slash commands + freeform AI chat, Ctrl+C to exit.   8 │  *   9 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "User-supplied dir argument resolved via path.resolve"  10 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() canonicalizes paths; starts from cwd"  11 │  * @exposes #tui to #api-key-exposure [medium] cwe:CWE-798 -- "API keys displayed in banner via resolveLLMConfig"  12 │  * @audit #tui -- "API keys masked via maskKey() in banner display"  13 │  * @flows UserInput -> #tui via readline -- "Interactive command input"  14 │  * @flows #tui -> Commands via dispatch -- "Command routing"

       

-      

+      

         

           L10
           mitigates
@@ -5542,7 +6657,7 @@ 
guardlink

         
resolve() canonicalizes paths; starts from cwd

         
   5 │  *   6 │  * Claude Code-style inline REPL: stays in your terminal,   7 │  * slash commands + freeform AI chat, Ctrl+C to exit.   8 │  *   9 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "User-supplied dir argument resolved via path.resolve"  10 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() canonicalizes paths; starts from cwd"  11 │  * @exposes #tui to #api-key-exposure [medium] cwe:CWE-798 -- "API keys displayed in banner via resolveLLMConfig"  12 │  * @audit #tui -- "API keys masked via maskKey() in banner display"  13 │  * @flows UserInput -> #tui via readline -- "Interactive command input"  14 │  * @flows #tui -> Commands via dispatch -- "Command routing"  15 │  * @boundary #tui and UserInput (#tui-input-boundary) -- "Trust boundary at interactive input"

       

-      

+      

         

           L11
           exposes
@@ -5551,7 +6666,7 @@ 
guardlink

         
API keys displayed in banner via resolveLLMConfig

         
   6 │  * Claude Code-style inline REPL: stays in your terminal,   7 │  * slash commands + freeform AI chat, Ctrl+C to exit.   8 │  *   9 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "User-supplied dir argument resolved via path.resolve"  10 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() canonicalizes paths; starts from cwd"  11 │  * @exposes #tui to #api-key-exposure [medium] cwe:CWE-798 -- "API keys displayed in banner via resolveLLMConfig"  12 │  * @audit #tui -- "API keys masked via maskKey() in banner display"  13 │  * @flows UserInput -> #tui via readline -- "Interactive command input"  14 │  * @flows #tui -> Commands via dispatch -- "Command routing"  15 │  * @boundary #tui and UserInput (#tui-input-boundary) -- "Trust boundary at interactive input"  16 │  * @handles secrets on #tui -- "Displays LLM config including masked API keys"

       

-      

+      

         

           L12
           audit
@@ -5560,7 +6675,7 @@ 
guardlink

         
API keys masked via maskKey() in banner display

         
   7 │  * slash commands + freeform AI chat, Ctrl+C to exit.   8 │  *   9 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "User-supplied dir argument resolved via path.resolve"  10 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() canonicalizes paths; starts from cwd"  11 │  * @exposes #tui to #api-key-exposure [medium] cwe:CWE-798 -- "API keys displayed in banner via resolveLLMConfig"  12 │  * @audit #tui -- "API keys masked via maskKey() in banner display"  13 │  * @flows UserInput -> #tui via readline -- "Interactive command input"  14 │  * @flows #tui -> Commands via dispatch -- "Command routing"  15 │  * @boundary #tui and UserInput (#tui-input-boundary) -- "Trust boundary at interactive input"  16 │  * @handles secrets on #tui -- "Displays LLM config including masked API keys"  17 │  */

       

-      

+      

         

           L13
           flow
@@ -5569,7 +6684,7 @@ 
guardlink

         
Interactive command input

         
   8 │  *   9 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "User-supplied dir argument resolved via path.resolve"  10 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() canonicalizes paths; starts from cwd"  11 │  * @exposes #tui to #api-key-exposure [medium] cwe:CWE-798 -- "API keys displayed in banner via resolveLLMConfig"  12 │  * @audit #tui -- "API keys masked via maskKey() in banner display"  13 │  * @flows UserInput -> #tui via readline -- "Interactive command input"  14 │  * @flows #tui -> Commands via dispatch -- "Command routing"  15 │  * @boundary #tui and UserInput (#tui-input-boundary) -- "Trust boundary at interactive input"  16 │  * @handles secrets on #tui -- "Displays LLM config including masked API keys"  17 │  */  18 │ 

       

-      

+      

         

           L14
           flow
@@ -5578,7 +6693,7 @@ 
guardlink

         
Command routing

         
   9 │  * @exposes #tui to #path-traversal [high] cwe:CWE-22 -- "User-supplied dir argument resolved via path.resolve"  10 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() canonicalizes paths; starts from cwd"  11 │  * @exposes #tui to #api-key-exposure [medium] cwe:CWE-798 -- "API keys displayed in banner via resolveLLMConfig"  12 │  * @audit #tui -- "API keys masked via maskKey() in banner display"  13 │  * @flows UserInput -> #tui via readline -- "Interactive command input"  14 │  * @flows #tui -> Commands via dispatch -- "Command routing"  15 │  * @boundary #tui and UserInput (#tui-input-boundary) -- "Trust boundary at interactive input"  16 │  * @handles secrets on #tui -- "Displays LLM config including masked API keys"  17 │  */  18 │   19 │ import { createInterface, type Interface } from 'node:readline';

       

-      

+      

         

           L15
           boundary
@@ -5587,7 +6702,7 @@ 
guardlink

         
Trust boundary at interactive input

         
  10 │  * @mitigates #tui against #path-traversal using #path-validation -- "resolve() canonicalizes paths; starts from cwd"  11 │  * @exposes #tui to #api-key-exposure [medium] cwe:CWE-798 -- "API keys displayed in banner via resolveLLMConfig"  12 │  * @audit #tui -- "API keys masked via maskKey() in banner display"  13 │  * @flows UserInput -> #tui via readline -- "Interactive command input"  14 │  * @flows #tui -> Commands via dispatch -- "Command routing"  15 │  * @boundary #tui and UserInput (#tui-input-boundary) -- "Trust boundary at interactive input"  16 │  * @handles secrets on #tui -- "Displays LLM config including masked API keys"  17 │  */  18 │   19 │ import { createInterface, type Interface } from 'node:readline';  20 │ import { resolve, basename } from 'node:path';

       

-      

+      

         

           L16
           handles
@@ -5608,7 +6723,7 @@ 
guardlink

     

     

       
-      

+      

         

           L15
           exposes
@@ -5617,7 +6732,7 @@ 
guardlink

         
Rapid keystrokes could consume CPU in raw mode

         
  10 │  *     /files       Browse files  11 │  *     /assets      Asset tree  12 │  *  13 │  * Uses raw stdin mode for full keystroke control.  14 │  *  15 │  * @exposes #tui to #dos [low] cwe:CWE-400 -- "Rapid keystrokes could consume CPU in raw mode"  16 │  * @mitigates #tui against #dos using #resource-limits -- "Keystroke buffer bounded by terminal width"  17 │  * @flows RawStdin -> #tui via process.stdin -- "Raw keystroke input"  18 │  * @flows #tui -> Terminal via process.stdout -- "ANSI escape sequence output"  19 │  * @comment -- "Raw mode enables full keystroke control for command palette"  20 │  */

       

-      

+      

         

           L16
           mitigates
@@ -5626,7 +6741,7 @@ 
guardlink

         
Keystroke buffer bounded by terminal width

         
  11 │  *     /assets      Asset tree  12 │  *  13 │  * Uses raw stdin mode for full keystroke control.  14 │  *  15 │  * @exposes #tui to #dos [low] cwe:CWE-400 -- "Rapid keystrokes could consume CPU in raw mode"  16 │  * @mitigates #tui against #dos using #resource-limits -- "Keystroke buffer bounded by terminal width"  17 │  * @flows RawStdin -> #tui via process.stdin -- "Raw keystroke input"  18 │  * @flows #tui -> Terminal via process.stdout -- "ANSI escape sequence output"  19 │  * @comment -- "Raw mode enables full keystroke control for command palette"  20 │  */  21 │ 

       

-      

+      

         

           L17
           flow
@@ -5635,7 +6750,7 @@ 
guardlink

         
Raw keystroke input

         
  12 │  *  13 │  * Uses raw stdin mode for full keystroke control.  14 │  *  15 │  * @exposes #tui to #dos [low] cwe:CWE-400 -- "Rapid keystrokes could consume CPU in raw mode"  16 │  * @mitigates #tui against #dos using #resource-limits -- "Keystroke buffer bounded by terminal width"  17 │  * @flows RawStdin -> #tui via process.stdin -- "Raw keystroke input"  18 │  * @flows #tui -> Terminal via process.stdout -- "ANSI escape sequence output"  19 │  * @comment -- "Raw mode enables full keystroke control for command palette"  20 │  */  21 │   22 │ import chalk from 'chalk';

       

-      

+      

         

           L18
           flow
@@ -5644,7 +6759,7 @@ 
guardlink

         
ANSI escape sequence output

         
  13 │  * Uses raw stdin mode for full keystroke control.  14 │  *  15 │  * @exposes #tui to #dos [low] cwe:CWE-400 -- "Rapid keystrokes could consume CPU in raw mode"  16 │  * @mitigates #tui against #dos using #resource-limits -- "Keystroke buffer bounded by terminal width"  17 │  * @flows RawStdin -> #tui via process.stdin -- "Raw keystroke input"  18 │  * @flows #tui -> Terminal via process.stdout -- "ANSI escape sequence output"  19 │  * @comment -- "Raw mode enables full keystroke control for command palette"  20 │  */  21 │   22 │ import chalk from 'chalk';  23 │ 

       

-      

+      

         

           L19
           comment
@@ -5665,7 +6780,7 @@ 
guardlink

     

     

       
-      

+      

         

           L4
           comment
@@ -5686,7 +6801,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           asset
@@ -5695,7 +6810,7 @@ 
guardlink

         
Multi-repo workspace linking setup

         
   2 │  * GuardLink Workspace — link-project command logic.   3 │  *   4 │  * Scaffolds workspace.yaml in each repo and updates agent instruction   5 │  * files with workspace context so agents write cross-repo-aware annotations.   6 │  *   7 │  * @asset Workspace.Link (#workspace-link) -- "Multi-repo workspace linking setup"   8 │  * @flows UserArgs -> #workspace-link via linkProject -- "CLI args to workspace scaffolding"   9 │  * @flows #workspace-link -> AgentFiles via updateAgentWorkspaceContext -- "Inject workspace context"  10 │  */  11 │   12 │ import { existsSync, readFileSync, mkdirSync, readdirSync, statSync, unlinkSync } from 'node:fs';

       

-      

+      

         

           L8
           flow
@@ -5704,7 +6819,7 @@ 
guardlink

         
CLI args to workspace scaffolding

         
   3 │  *   4 │  * Scaffolds workspace.yaml in each repo and updates agent instruction   5 │  * files with workspace context so agents write cross-repo-aware annotations.   6 │  *   7 │  * @asset Workspace.Link (#workspace-link) -- "Multi-repo workspace linking setup"   8 │  * @flows UserArgs -> #workspace-link via linkProject -- "CLI args to workspace scaffolding"   9 │  * @flows #workspace-link -> AgentFiles via updateAgentWorkspaceContext -- "Inject workspace context"  10 │  */  11 │   12 │ import { existsSync, readFileSync, mkdirSync, readdirSync, statSync, unlinkSync } from 'node:fs';  13 │ import { writeFileSync } from 'node:fs';

       

-      

+      

         

           L9
           flow
@@ -5725,7 +6840,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           asset
@@ -5734,7 +6849,7 @@ 
guardlink

         
Cross-repo threat model unification

         
   2 │  * GuardLink Workspace — Merge engine for multi-repo reports.   3 │  *   4 │  * Takes N per-repo report JSONs and produces a unified MergedReport   5 │  * with cross-repo tag resolution, warning detection, and aggregated stats.   6 │  *   7 │  * @asset Workspace.Merge (#merge-engine) -- "Cross-repo threat model unification"   8 │  * @threat Tag_Collision (#tag-collision) [medium] -- "Duplicate tag definitions across repos"   9 │  * @mitigates #merge-engine against #tag-collision using #prefix-ownership -- "Tag prefix determines owning repo"  10 │  * @flows ReportJSON -> #merge-engine via mergeReports -- "Per-repo reports feed into merge"  11 │  * @flows #merge-engine -> MergedReport via mergeReports -- "Unified output"  12 │  */

       

-      

+      

         

           L8
           threat
@@ -5743,7 +6858,7 @@ 
guardlink

         
Duplicate tag definitions across repos

         
   3 │  *   4 │  * Takes N per-repo report JSONs and produces a unified MergedReport   5 │  * with cross-repo tag resolution, warning detection, and aggregated stats.   6 │  *   7 │  * @asset Workspace.Merge (#merge-engine) -- "Cross-repo threat model unification"   8 │  * @threat Tag_Collision (#tag-collision) [medium] -- "Duplicate tag definitions across repos"   9 │  * @mitigates #merge-engine against #tag-collision using #prefix-ownership -- "Tag prefix determines owning repo"  10 │  * @flows ReportJSON -> #merge-engine via mergeReports -- "Per-repo reports feed into merge"  11 │  * @flows #merge-engine -> MergedReport via mergeReports -- "Unified output"  12 │  */  13 │ 

       

-      

+      

         

           L9
           mitigates
@@ -5752,7 +6867,7 @@ 
guardlink

         
Tag prefix determines owning repo

         
   4 │  * Takes N per-repo report JSONs and produces a unified MergedReport   5 │  * with cross-repo tag resolution, warning detection, and aggregated stats.   6 │  *   7 │  * @asset Workspace.Merge (#merge-engine) -- "Cross-repo threat model unification"   8 │  * @threat Tag_Collision (#tag-collision) [medium] -- "Duplicate tag definitions across repos"   9 │  * @mitigates #merge-engine against #tag-collision using #prefix-ownership -- "Tag prefix determines owning repo"  10 │  * @flows ReportJSON -> #merge-engine via mergeReports -- "Per-repo reports feed into merge"  11 │  * @flows #merge-engine -> MergedReport via mergeReports -- "Unified output"  12 │  */  13 │   14 │ import { readFile } from 'node:fs/promises';

       

-      

+      

         

           L10
           flow
@@ -5761,7 +6876,7 @@ 
guardlink

         
Per-repo reports feed into merge

         
   5 │  * with cross-repo tag resolution, warning detection, and aggregated stats.   6 │  *   7 │  * @asset Workspace.Merge (#merge-engine) -- "Cross-repo threat model unification"   8 │  * @threat Tag_Collision (#tag-collision) [medium] -- "Duplicate tag definitions across repos"   9 │  * @mitigates #merge-engine against #tag-collision using #prefix-ownership -- "Tag prefix determines owning repo"  10 │  * @flows ReportJSON -> #merge-engine via mergeReports -- "Per-repo reports feed into merge"  11 │  * @flows #merge-engine -> MergedReport via mergeReports -- "Unified output"  12 │  */  13 │   14 │ import { readFile } from 'node:fs/promises';  15 │ import { basename } from 'node:path';

       

-      

+      

         

           L11
           flow
@@ -5782,7 +6897,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           asset
@@ -5791,7 +6906,7 @@ 
guardlink

         
Report provenance data

         
   2 │  * GuardLink Workspace — Report metadata population.   3 │  *   4 │  * Enriches a ThreatModel with provenance metadata (git SHA, branch,   5 │  * workspace info) for the report JSON contract.   6 │  *   7 │  * @asset Workspace.Metadata (#report-metadata) -- "Report provenance data"   8 │  * @flows GitRepo -> #report-metadata via execSync -- "Git info extraction"   9 │  * @flows #report-metadata -> ThreatModel via populateMetadata -- "Metadata injection"  10 │  */  11 │   12 │ import { execSync } from 'node:child_process';

       

-      

+      

         

           L8
           flow
@@ -5800,7 +6915,7 @@ 
guardlink

         
Git info extraction

         
   3 │  *   4 │  * Enriches a ThreatModel with provenance metadata (git SHA, branch,   5 │  * workspace info) for the report JSON contract.   6 │  *   7 │  * @asset Workspace.Metadata (#report-metadata) -- "Report provenance data"   8 │  * @flows GitRepo -> #report-metadata via execSync -- "Git info extraction"   9 │  * @flows #report-metadata -> ThreatModel via populateMetadata -- "Metadata injection"  10 │  */  11 │   12 │ import { execSync } from 'node:child_process';  13 │ import { readFileSync, existsSync } from 'node:fs';

       

-      

+      

         

           L9
           flow
@@ -5821,7 +6936,7 @@ 
guardlink

     

     

       
-      

+      

         

           L7
           asset
@@ -5830,7 +6945,7 @@ 
guardlink

         
Multi-repo workspace definition

         
   2 │  * GuardLink Workspace — Types for multi-repo linking.   3 │  *   4 │  * workspace.yaml lives in each repo's .guardlink/ directory.   5 │  * It declares membership in a workspace and lists sibling repos.   6 │  *   7 │  * @asset Workspace.Config (#workspace-config) -- "Multi-repo workspace definition"   8 │  * @threat Config_Tampering (#config-tamper) [medium] cwe:CWE-15 -- "Malicious workspace.yaml could misdirect agent annotations"   9 │  * @mitigates #workspace-config against #config-tamper using #yaml-validation -- "Schema validation on load"  10 │  */  11 │   12 │ import type { ThreatModel, Severity, ExternalRef } from '../types/index.js';

       

-      

+      

         

           L8
           threat
@@ -5839,7 +6954,7 @@ 
guardlink

         
Malicious workspace.yaml could misdirect agent annotations

         
   3 │  *   4 │  * workspace.yaml lives in each repo's .guardlink/ directory.   5 │  * It declares membership in a workspace and lists sibling repos.   6 │  *   7 │  * @asset Workspace.Config (#workspace-config) -- "Multi-repo workspace definition"   8 │  * @threat Config_Tampering (#config-tamper) [medium] cwe:CWE-15 -- "Malicious workspace.yaml could misdirect agent annotations"   9 │  * @mitigates #workspace-config against #config-tamper using #yaml-validation -- "Schema validation on load"  10 │  */  11 │   12 │ import type { ThreatModel, Severity, ExternalRef } from '../types/index.js';  13 │ 

       

-      

+      

         

           L9
           mitigates
@@ -5854,18 +6969,18 @@ 
guardlink

   
   
File Coverage

   

-    41 of 64 files
+    42 of 64 files
     have GuardLink annotations
   

-  

+  

 
   
-  
⚠ Unannotated Files (23)

+  
⚠ Unannotated Files (22)

   

     Source files with no GuardLink annotations. Not all files need annotations — only those touching security boundaries.
   

   

-    
.github/ISSUE_TEMPLATE/bug_report.yml
.github/ISSUE_TEMPLATE/config.yml
.github/ISSUE_TEMPLATE/feature_request.yml
.github/workflows/ci.yml
.github/workflows/release.yml
examples/ci/per-repo-report.yml
examples/ci/workspace-merge.yml
examples/github-action.yml
guardlink-pentest.html
src/dashboard/data.ts
src/dashboard/diagrams.ts
src/diff/engine.ts
src/diff/format.ts
src/index.ts
src/init/picker.ts
src/init/templates.ts
src/parser/comment-strip.ts
src/parser/index.ts
src/parser/normalize.ts
src/report/mermaid.ts
src/tui/format.ts
src/types/index.ts
threat-dashboard.html

+    
.github/ISSUE_TEMPLATE/bug_report.yml
.github/ISSUE_TEMPLATE/config.yml
.github/ISSUE_TEMPLATE/feature_request.yml
.github/workflows/ci.yml
.github/workflows/release.yml
examples/ci/per-repo-report.yml
examples/ci/workspace-merge.yml
examples/github-action.yml
guardlink-pentest.html
src/dashboard/data.ts
src/diff/engine.ts
src/diff/format.ts
src/index.ts
src/init/picker.ts
src/init/templates.ts
src/parser/comment-strip.ts
src/parser/index.ts
src/parser/normalize.ts
src/report/mermaid.ts
src/tui/format.ts
src/types/index.ts
threat-dashboard.html

   

 

 
@@ -5980,18 +7095,18 @@ 
guardlink

       

+    
+      
+      
+      
+      
+    
-    
-      
-      
-      
-      
-    
@@ -6087,16 +7202,16 @@ 
guardlink

-    
-      
-      
-      
-    
+    
+      
+      
+      
+    
@@ -6227,7 +7342,7 @@ 
guardlink

     
AssetThreatSeverityDescriptionLocation

       
searchCodebase reads many files; bounded by maxResults
       src/analyze/tools.ts:13
     
#cli#path-traversalhighUser-supplied dir argument resolved via path.resolvesrc/cli/index.ts:27
#cli#arbitrary-writehighinit/report/sarif/dashboard write files to user-specified pathssrc/cli/index.ts:29
#cli#api-key-exposurehighAPI keys handled in config set/show commandssrc/cli/index.ts:31

       #dashboard
       #xss
       high
       Generates HTML with user-controlled threat model data
       src/dashboard/generate.ts:8
     

       #dashboard
       #path-traversal
       medium
       readFileSync reads code files for annotation context
       src/dashboard/generate.ts:10
     

       #dashboard
       #xss
       high
       Generates HTML with threat model data
       src/dashboard/index.ts:4
     
#init
#cli
       #path-traversallowReads package.json, pyproject.toml, etc. from rootsrc/init/detect.ts:5highUser-supplied dir argument resolved via path.resolvesrc/cli/index.ts:27
     
#init
#cli
       #arbitrary-write
       highCreates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc.src/init/index.ts:8init/report/sarif/dashboard write files to user-specified pathssrc/cli/index.ts:29
     
#init#path-traversalmediumReads/writes files based on root argumentsrc/init/index.ts:10
#cli#api-key-exposurehighAPI keys handled in config set/show commandssrc/cli/index.ts:31
     

       #diff
       #cmd-injection
       high
       execSync runs git commands with ref argument
       src/diff/git.ts:6
     

       #diff
       #arbitrary-write
       medium
       writeFileSync creates files in temp directory
       src/diff/git.ts:8
     

       #diff
       #path-traversal
       medium
       git show extracts files based on ls-tree output
       src/diff/git.ts:10
     

       #diff
       #cmd-injection
       high
       git.ts uses execSync with ref argument
       src/diff/index.ts:4
     
#init#path-traversallowReads package.json, pyproject.toml, etc. from rootsrc/init/detect.ts:5
#init#arbitrary-writehighCreates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc.src/init/index.ts:8
#init#path-traversalmediumReads/writes files based on root argumentsrc/init/index.ts:10

     

       #mcp
       #redos
       Exposes threat model findings to SARIF consumers
       src/analyzer/sarif.ts:16
     
Mitigated#dashboard#xsshighGenerates HTML with user-controlled threat model datasrc/dashboard/generate.ts:8
Mitigated#dashboard#path-traversalmediumreadFileSync reads code files for annotation contextsrc/dashboard/generate.ts:10
Mitigated#dashboard#xsshighGenerates HTML with threat model datasrc/dashboard/index.ts:4

       Mitigated
       #cli
       #path-traversal
       User-supplied dir argument resolved via path.resolve
       src/cli/index.ts:27
     

       Mitigated
       #cli
       #arbitrary-write
       init/report/sarif/dashboard write files to user-specified paths
       src/cli/index.ts:29
     

       Mitigated
       #cli
       #api-key-exposure
       API keys handled in config set/show commands
       src/cli/index.ts:31
     

       Open
       #cli
       #cmd-injection
       Agent launcher spawns child processes
       src/cli/index.ts:33
     

       Mitigated#dashboard#xss#diff#cmd-injection
       highGenerates HTML with user-controlled threat model datasrc/dashboard/generate.ts:8execSync runs git commands with ref argumentsrc/diff/git.ts:6
Mitigated#diff#arbitrary-writemediumwriteFileSync creates files in temp directorysrc/diff/git.ts:8
     

       Mitigated#dashboard#diff
       #path-traversal
       mediumreadFileSync reads code files for annotation contextsrc/dashboard/generate.ts:10git show extracts files based on ls-tree outputsrc/diff/git.ts:10
     

       Mitigated#dashboard#xss#diff#cmd-injection
       highGenerates HTML with threat model datasrc/dashboard/index.ts:4git.ts uses execSync with ref argumentsrc/diff/index.ts:4
     

       Mitigated
       #init
       #path-traversal
       Reads package.json, pyproject.toml, etc. from root
       src/init/detect.ts:5
     

       Mitigated
       #init
       #arbitrary-write
       Creates/modifies files: .guardlink/, CLAUDE.md, .cursorrules, etc.
       src/init/index.ts:8
     

       Mitigated
       #init
       #path-traversal
       Reads/writes files based on root argument
       src/init/index.ts:10
     

       Open
       #init
       #data-exposure
       Writes API key config to .guardlink/config.json
       src/init/index.ts:12
     
Mitigated#diff#cmd-injectionhighexecSync runs git commands with ref argumentsrc/diff/git.ts:6
Mitigated#diff#arbitrary-writemediumwriteFileSync creates files in temp directorysrc/diff/git.ts:8
Mitigated#diff#path-traversalmediumgit show extracts files based on ls-tree outputsrc/diff/git.ts:10
Mitigated#diff#cmd-injectionhighgit.ts uses execSync with ref argumentsrc/diff/index.ts:4

     

       Open
       #mcp
 
 
 
 
 
         
       
       
       
       
       
       Processes API keys for authentication
       src/analyze/llm.ts:23
     
internal#dashboardProcesses and displays threat model datasrc/dashboard/generate.ts:17

     

       secrets
       #cli
       Processes API keys via config commands
       src/cli/index.ts:38
     
internal#dashboardProcesses and displays threat model datasrc/dashboard/generate.ts:15

     

       internal
       #init
       Child process spawning delegated to agents/launcher.ts with explicit args
       src/cli/index.ts:34
     
#initConfig file may contain API keys; .gitignore entry added automaticallysrc/init/index.ts:13

     

       #diff
       Git commands use execSync; ref is validated with rev-parse before use
       src/diff/index.ts:5
     
#initConfig file may contain API keys; .gitignore entry added automaticallysrc/init/index.ts:13

     

       #mcp
       All tool calls validated by server.ts before execution
   

 
   
-  
Developer Comments (21)

+  
Developer Comments (22)

   
@@ -6260,6 +7375,10 @@ 
guardlink

+    
+      
+      
+    
@@ -6391,23 +7510,23 @@ 
guardlink
secretsinternal

-    

-      
#init

+    

+      
#diff

       

         ⚠ 4
         🛡 3
         ↔ 4
       

-      
internal

+      
     

-    

-      
#diff

+    

+      
#init

       

         ⚠ 4
         🛡 3
         ↔ 4
       

-      
+      
internal

     

     

       
#suggest

@@ -6422,8 +7541,8 @@ 
guardlink

       
#dashboard

       

         ⚠ 3
-        🛡 3
-        ↔ 4
+        🛡 5
+        ↔ 7
       

       
internal

     

@@ -6630,7 +7749,7 @@ 
guardlink

       

         ⚠ 0
         🛡 0
-        ↔ 11
+        ↔ 14
       

       
     

@@ -6715,8 +7834,8 @@ 
guardlink

       

-    

-      
UserArgs

+    

+      
SourceFiles

       

         ⚠ 0
         🛡 0
@@ -6724,17 +7843,17 @@ 
guardlink

       

       
     

-    

-      
FileSystem

+    

+      
HTML

       

         ⚠ 0
         🛡 0
-        ↔ 3
+        ↔ 1
       

       
     

-    

-      
SourceFiles

+    

+      
UserArgs

       

         ⚠ 0
         🛡 0
@@ -6742,48 +7861,48 @@ 
guardlink

       

       
     

-    

-      
HTML

+    

+      
FileSystem

       

         ⚠ 0
         🛡 0
-        ↔ 1
+        ↔ 3
       

       
     

-    

-      
ProjectRoot

+    

+      
GitRef

       

         ⚠ 0
         🛡 0
-        ↔ 4
+        ↔ 2
       

       
     

-    

-      
AgentFiles

+    

+      
TempDir

       

         ⚠ 0
         🛡 0
-        ↔ 2
+        ↔ 1
       

       
     

-    

-      
GitRef

+    

+      
ProjectRoot

       

         ⚠ 0
         🛡 0
-        ↔ 2
+        ↔ 4
       

       
     

-    

-      
TempDir

+    

+      
AgentFiles

       

         ⚠ 0
         🛡 0
-        ↔ 1
+        ↔ 2
       

       
     

@@ -6949,14 +8068,15 @@ 
Details

 
 

     
CommentLocation

     
       
Pure function: transforms ThreatModel to SARIF JSON; no I/O
       src/analyzer/sarif.ts:18
     
Alias map collapses #id / name / path-joined ref forms so Mermaid and D3 views agree on identitysrc/dashboard/diagrams.ts:18

     

       Self-contained HTML; no external data injection after generation
       src/dashboard/index.ts:7