feat: Add threat-model-architect template#211
Conversation
WalkthroughChangesThe Threat Model Architect kit adds an API-triggered intake flow that extracts architecture context into structured session state, applies prompt and constitution rules, and packages the flow with metadata and documentation. Threat Model Architect intake
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
:robot_face: AgentKit Structural ValidationNew Contributions Detected
Check Results
🎉 All checks passed! This contribution follows the AgentKit structure. |
There was a problem hiding this comment.
Actionable comments posted: 5
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
kits/threat-model-architect/prompts/intake_user.md (1)
1-10: 🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy liftTreat interpolated request fields as untrusted data.
messageandsession_stateare user-controlled and are inserted directly into the prompt. An attacker can include instructions that attempt to override the system rules, skip confirmation, or inject fabricated architecture into the returned state. Delimit each value and add a system-level instruction that these blocks are data, not instructions.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@kits/threat-model-architect/prompts/intake_user.md` around lines 1 - 10, Update the intake prompt to treat the interpolated `triggerNode_1.output.message` and `triggerNode_1.output.session_state` values as untrusted data: clearly delimit each block and add an explicit instruction that their contents are data only, not instructions, and must not override system rules or confirmation requirements. Preserve the existing merge-and-respond behavior while ensuring fabricated instructions inside either value are not followed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kits/threat-model-architect/flows/intake.ts`:
- Around line 56-116: Add required arrays to outputSchema for assistant_message,
is_complete, session_state, and missing_info at the top level, and for the
expected session_state fields. Keep the existing property definitions unchanged
so validation rejects responses missing any required intake contract fields.
In `@kits/threat-model-architect/prompts/intake_system.md`:
- Line 1: Add a top-level Markdown heading at the beginning of the intake
prompt, and ensure blank lines appear immediately before and after the fenced
JSON block referenced in the document (including lines 44–49), resolving MD041
and MD031 without changing the prompt’s content.
- Around line 21-35: The deployment context required by the completion gate is
missing from the documented session state and output schema. Add a
deployment_context field to the session_state fields and outputSchema, defining
its expected value and default cloud SaaS assumption, so consumers can verify
the is_complete requirement.
In `@kits/threat-model-architect/prompts/intake_user.md`:
- Line 1: Add a top-level Markdown heading before the existing “Today's date”
content in the intake prompt so the file begins with an H1 and satisfies MD041.
In `@kits/threat-model-architect/README.md`:
- Around line 37-54: Correct the sample JSON so the captured stack is
represented consistently: populate session_state.components and tech_stack with
the Next.js frontend, Node API, Postgres, Stripe billing, Clerk auth, and S3
file storage referenced by assistant_message, following the system-prompt
example.
---
Outside diff comments:
In `@kits/threat-model-architect/prompts/intake_user.md`:
- Around line 1-10: Update the intake prompt to treat the interpolated
`triggerNode_1.output.message` and `triggerNode_1.output.session_state` values
as untrusted data: clearly delimit each block and add an explicit instruction
that their contents are data only, not instructions, and must not override
system rules or confirmation requirements. Preserve the existing
merge-and-respond behavior while ensuring fabricated instructions inside either
value are not followed.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: 31703ff5-c2c6-4972-b167-45979058c1ac
📒 Files selected for processing (8)
kits/threat-model-architect/.gitignorekits/threat-model-architect/README.mdkits/threat-model-architect/agent.mdkits/threat-model-architect/constitutions/default.mdkits/threat-model-architect/flows/intake.tskits/threat-model-architect/lamatic.config.tskits/threat-model-architect/prompts/intake_system.mdkits/threat-model-architect/prompts/intake_user.md
| const outputSchema = { | ||
| type: "object", | ||
| properties: { | ||
| language: { type: "string" }, | ||
| assistant_message: { type: "string" }, | ||
| is_complete: { type: "boolean" }, | ||
| session_state: { | ||
| type: "object", | ||
| properties: { | ||
| system_name: { type: "string" }, | ||
| purpose: { type: "string" }, | ||
| components: { | ||
| type: "array", | ||
| items: { | ||
| type: "object", | ||
| properties: { | ||
| id: { type: "string" }, | ||
| name: { type: "string" }, | ||
| type: { type: "string" }, | ||
| description: { type: "string" }, | ||
| technologies: { type: "array", items: { type: "string" } }, | ||
| }, | ||
| additionalProperties: true, | ||
| }, | ||
| }, | ||
| data_assets: { | ||
| type: "array", | ||
| items: { | ||
| type: "object", | ||
| properties: { | ||
| id: { type: "string" }, | ||
| name: { type: "string" }, | ||
| sensitivity: { type: "string" }, | ||
| description: { type: "string" }, | ||
| }, | ||
| additionalProperties: true, | ||
| }, | ||
| }, | ||
| trust_boundaries: { | ||
| type: "array", | ||
| items: { | ||
| type: "object", | ||
| properties: { | ||
| id: { type: "string" }, | ||
| from_component_id: { type: "string" }, | ||
| to_component_id: { type: "string" }, | ||
| data_flows: { type: "array", items: { type: "string" } }, | ||
| protocol: { type: "string" }, | ||
| }, | ||
| additionalProperties: true, | ||
| }, | ||
| }, | ||
| user_roles: { type: "array", items: { type: "string" } }, | ||
| compliance_notes: { type: "array", items: { type: "string" } }, | ||
| tech_stack: { type: "array", items: { type: "string" } }, | ||
| }, | ||
| additionalProperties: true, | ||
| }, | ||
| missing_info: { type: "array", items: { type: "string" } }, | ||
| }, | ||
| }; |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Make the intake output contract required.
Every property is currently optional, so the model can omit assistant_message, is_complete, session_state, or missing_info. The downstream intake contract expects these fields on every response; add top-level and session-state required arrays so incomplete generations fail validation instead of silently producing partial state.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/threat-model-architect/flows/intake.ts` around lines 56 - 116, Add
required arrays to outputSchema for assistant_message, is_complete,
session_state, and missing_info at the top level, and for the expected
session_state fields. Keep the existing property definitions unchanged so
validation rejects responses missing any required intake contract fields.
| @@ -0,0 +1,75 @@ | |||
| You are **Threat Model Architect**, an AI security agent. You help users threat-model **their software system** — NOT yourself. | |||
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Fix the reported Markdown lint violations.
Add a top-level heading and blank lines around the fenced JSON block so this file passes the reported MD041 and MD031 checks.
Also applies to: 44-49
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 1-1: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/threat-model-architect/prompts/intake_system.md` at line 1, Add a
top-level Markdown heading at the beginning of the intake prompt, and ensure
blank lines appear immediately before and after the fenced JSON block referenced
in the document (including lines 44–49), resolving MD041 and MD031 without
changing the prompt’s content.
Source: Linters/SAST tools
| ## Required before is_complete: true | ||
|
|
||
| - System purpose (what the user's product does) | ||
| - At least 2 components extracted from their message | ||
| - Data sensitivity (ask if not stated) | ||
| - Deployment context (default to "cloud SaaS" if unstated, mention the assumption) | ||
|
|
||
| ## session_state fields | ||
|
|
||
| - `system_name` — user's product name or short label (e.g. "B2B SaaS") | ||
| - `purpose` — what the user's product does (from their words) | ||
| - `components[]` — `{ id, name, type, description, technologies[] }` | ||
| - Types: frontend, backend, database, auth, storage, third_party | ||
| - `data_assets[]` — `{ id, name, sensitivity, description }` | ||
| - `trust_boundaries[]`, `user_roles[]`, `compliance_notes[]`, `tech_stack[]` |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Add deployment context to the session-state contract.
The prompt requires deployment context before is_complete: true, but deployment_context is absent from the documented fields and outputSchema. Add it to both contracts, or remove it from the completion gate; otherwise consumers cannot reliably determine whether the gate was satisfied.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/threat-model-architect/prompts/intake_system.md` around lines 21 - 35,
The deployment context required by the completion gate is missing from the
documented session state and output schema. Add a deployment_context field to
the session_state fields and outputSchema, defining its expected value and
default cloud SaaS assumption, so consumers can verify the is_complete
requirement.
| @@ -0,0 +1,9 @@ | |||
| Today's date: {{triggerNode_1.output.today}} | |||
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Add the required top-level Markdown heading.
This file currently starts with prose, triggering the reported MD041 lint violation.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 1-1: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/threat-model-architect/prompts/intake_user.md` at line 1, Add a
top-level Markdown heading before the existing “Today's date” content in the
intake prompt so the file begins with an H1 and satisfies MD041.
Source: Linters/SAST tools
| ```json | ||
| { | ||
| "language": "English", | ||
| "assistant_message": "I captured your stack: Next.js frontend, Node API, Postgres, Stripe billing, Clerk auth, and S3 file storage. What sensitive data does your app handle?", | ||
| "is_complete": false, | ||
| "session_state": { | ||
| "system_name": "B2B SaaS", | ||
| "purpose": "B2B SaaS application", | ||
| "components": [], | ||
| "data_assets": [], | ||
| "trust_boundaries": [], | ||
| "user_roles": [], | ||
| "compliance_notes": [], | ||
| "tech_stack": [] | ||
| }, | ||
| "missing_info": ["data sensitivity"] | ||
| } | ||
| ``` |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
Correct the contradictory sample output.
The response says the stack was captured, but components and tech_stack are empty. Populate those arrays as shown in the system-prompt example, or change the assistant message; the current example misdocuments the flow contract.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/threat-model-architect/README.md` around lines 37 - 54, Correct the
sample JSON so the captured stack is represented consistently: populate
session_state.components and tech_stack with the Next.js frontend, Node API,
Postgres, Stripe billing, Clerk auth, and S3 file storage referenced by
assistant_message, following the system-prompt example.
…files
PR Checklist
1. Select Contribution Type
kits/<category>/<kit-name>/)bundles/<bundle-name>/)templates/<template-name>/)2. General Requirements
kebab-caseand matches the flow IDREADME.md(purpose, setup, usage)3. File Structure (Check what applies)
config.jsonpresent with valid metadata (name, description, tags, steps, author, env keys)flows/<flow-name>/(where applicable) include:config.json(Lamatic flow export)inputs.jsonmeta.jsonREADME.md.env.examplewith placeholder values only (kits only)config.jsonnode graphs (changes via Lamatic Studio export)4. Validation
npm install && npm run devworks locally (kits: UI runs; bundles/templates: flows are valid)[kit] Add <name> for <use case>).gitignorefor environment files, dependencies, build output, and logs.flow.jsonfile exists in the kit; flow behavior is defined inflows/intake.ts.