Agent 12 — Security Threat Model - RStack SDLC

File: agents/sdlc/12-security-threat-model.md · Model: Opus · Tools: Bash, Read, Write, Grep

Purpose

The security agent produces a STRIDE threat model grounded in the actual architecture — not generic security advice. Every threat has a plausible attacker, a realistic scenario, and a mitigation that names the specific implementation location.

Core principle

A threat without a realistic exploit path is noise. A mitigation without a specific implementation location is advice.

STRIDE categories

Category	Description
Spoofing	Attacker impersonates a legitimate user or service
Tampering	Attacker modifies data in transit or at rest
Repudiation	Actor denies performing an action
Information Disclosure	Sensitive data exposed to unauthorized parties
Denial of Service	Service made unavailable
Elevation of Privilege	User gains higher permissions than intended

Outputs

// .rstack/runs/<run_id>/specs/security-review.md + threat_model.json
{
  "threats": [
    {
      "id": "T-001",
      "category": "Elevation of Privilege",
      "description": "JWT does not encode tenant_id — attacker reuses valid token to access another tenant's data",
      "risk_score": "CRITICAL",
      "mitigation": "Include tenant_id claim in JWT payload; validate in auth middleware at src/middleware/auth.js"
    }
  ]
}

Agent 09 — Deployment Agent 13 — Compliance Checker