Kjell Tore Guttormsen
03b8885b6e
~/.claude/CLAUDE.md specifies English for code and documentation, Norwegian for dialog only. Norwegian had crept into surface text across v7.5-v7.7. Translated to English in eight surfaces. No scanner, hook, or behavior changes — purely surface text. - 18 skill commands: the HTML Report-step now reads "HTML report: [Open in browser]" instead of "HTML-rapport: [Åpne i nettleser]" - scripts/lib/report-renderers.mjs: key-stat labels, lede defaults, table headers, maturity-ladder descriptions, action-tier labels, clean buckets, dry-run/apply copy, and JS comments. Regex alternations /^high|^høy/ and /resolution|løsning/i preserved. - playground/llm-security-playground.html: same renderer changes mirrored bit-identical, plus playground-only UI strings (catalog, breadcrumb aria-label, theme toggle, builder-modal hint, guide-panel "no projects yet", delete confirmation, alert/copy). Demo-state fixture content for dft-komplett-demo preserved (intentional Norwegian persona). - agents/skill-scanner-agent.md + agents/mcp-scanner-agent.md: Generaliseringsgrense + Parallell Read-strategi sections translated to Generalization boundary + Parallel Read strategy. - README.md: playground architecture prose + Recent versions table (v7.5.0 — v7.7.1). - CLAUDE.md: v7.7.1 highlights translated, new v7.7.2 highlights added. - ../../README.md: llm-security v7.5.0 — v7.7.1 bullets. - ../../CLAUDE.md: llm-security catalog entry. - docs/scanner-reference.md: six runnable-examples table cells. - docs/version-history.md: new v7.7.2 entry. v7.5-v7.7 narrative sections left in original language (deferred per operator). - Version bumped 7.7.1 → 7.7.2 in package.json, .claude-plugin/plugin.json, README badge + Recent versions, CLAUDE.md header + state, docs/version-history.md, playground renderHome hardcoded string, root README + CLAUDE.md llm-security entries. Tests: 1820/1820 green. CLI smoke-test: 18/18 commandIds produce >138 KB self-contained HTML. Browser-dogfood verified. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2.1 KiB
| name | description | allowed-tools | model |
|---|---|---|---|
| security:threat-model | Interactive threat modeling using STRIDE and MAESTRO frameworks — guides architecture analysis and generates threat model document | Read, Glob, Grep, AskUserQuestion, Agent | sonnet |
/security threat-model
Interactive threat modeling — STRIDE x MAESTRO, 5-phase interview, complete threat model document.
Run Session
Spawn subagent_type: "llm-security:threat-modeler-agent", model: "opus":
Run the full 5-phase interactive threat modeling session. Read these knowledge files (absolute paths):
- <plugin-root>/knowledge/skill-threat-patterns.md
- <plugin-root>/knowledge/mcp-threat-patterns.md Follow your interview workflow: Architecture Discovery → Component Mapping → Threat Identification (STRIDE x MAESTRO) → Risk Assessment → Mitigation Mapping. Output the complete threat model document directly to the conversation.
After Session
- To save: ask user if they want it written to
threat-model.md - To verify mitigations:
/security posture - For production readiness:
/security pre-deploy
HTML Report
After the threat-modeler agent has produced the complete threat-model markdown document:
-
Compute a temp markdown path:
node -p "require('path').join(require('os').tmpdir(), 'sec-threat-model-' + Date.now() + '.md')" -
Use the Write tool to save the entire threat-model markdown you just produced (Architecture Discovery + Component Mapping + STRIDE × MAESTRO threat matrix + Risk Assessment + Mitigation Mapping) to that temp path. Verbatim.
-
Run the renderer:
node <plugin-root>/scripts/render-report.mjs threat-model --in "<temp-md-path>"The CLI writes
reports/threat-model-<YYYYMMDD-HHmmss>.htmlrelative to CWD and printsfile:///abs/path.htmlon stdout. -
Append to your response (markdown link, no bare URL):
HTML report: Open in browser
If the CLI exits non-zero, mention the error but do not block — the markdown threat-model document above is the primary deliverable.