tm-init

# Threat Model Initialization

## Purpose

Initialize a comprehensive threat model by analyzing your system's architecture documentation. This skill discovers and catalogs:

- **Assets**: Systems, data stores, services, and integrations
- **Data Flows**: How data moves between components
- **Trust Boundaries**: Where privilege levels change
- **Attack Surface**: Entry points exposed to potential attackers

## Usage

```
/tm-init [--docs <path>] [--scope <pattern>] [--framework stride|pasta]
```

**Arguments** (parsed from $ARGUMENTS):
- `--docs <path>`: Path to architecture documentation (default: `./docs`)
- `--scope <pattern>`: Limit analysis to matching components
- `--framework`: Threat framework to use (default: `stride`)

## Process

### Step 1: Discover Documentation

Scan the documentation directory for architecture artifacts:

```
Glob patterns to search:
- **/*.md (Markdown documentation)
- **/README* (Project readmes)
- **/openapi.yaml, **/openapi.json (API specs)
- **/swagger.* (Swagger specs)
- **/*.mmd, **/*.puml (Diagrams)
- **/docker-compose.* (Infrastructure)
- **/Dockerfile* (Containerization)
- **/*.tf (Terraform)
- **/k8s/**, **/kubernetes/** (Kubernetes)
```

### Step 2: Extract Assets

For each component found, identify and classify:

**Asset Types**:
| Type | Description | Look For |
|------|-------------|----------|
| `data-store` | Persists data | PostgreSQL, MySQL, MongoDB, Redis, S3, etc. |
| `service` | Backend logic | API servers, microservices, workers |
| `client` | User interfaces | Web apps, mobile apps, CLIs |
| `integration` | External systems | Payment gateways, email services, third-party APIs |
| `infrastructure` | Platform components | Load balancers, CDN, DNS, queues |
| `identity` | Auth systems | IdP, OAuth providers, SSO |
| `secret` | Sensitive material | API keys, certificates, credentials |

**Data Classifications**:
- `public`: Publicly available information
- `internal`: Internal business data
- `confidential`: Sensiti