Context
The Phase 1 threat-modeling integration plan adds itemdb/notes/threat-model.md as a required Phase 1b artifact. The initial implementation will explicitly wire this artifact into Phase 2 and Phase 3, but Phase 4 consumption is intentionally deferred.
Phase 4 validation could benefit from the operational threat model when designing realistic validation attempts.
Proposal
Update Phase 4 prompts and gates, where appropriate, so validation planning considers:
- attacker capabilities and explicit non-capabilities,
- documented trust boundaries,
- affected assets and security objectives,
- existing controls that may block or narrow validation,
- open assumptions that change exploitability or validation strategy.
Acceptance criteria
- Phase 4 prompt explicitly references
itemdb/notes/threat-model.md when present.
- Validation plans avoid assuming attacker capabilities contradicted by the threat model.
- Validation evidence or notes mention material threat-model assumptions when they affect the result.
- Existing Phase 4 behavior remains compatible with projects that do not yet have threat-model artifacts.
Context
The Phase 1 threat-modeling integration plan adds
itemdb/notes/threat-model.mdas a required Phase 1b artifact. The initial implementation will explicitly wire this artifact into Phase 2 and Phase 3, but Phase 4 consumption is intentionally deferred.Phase 4 validation could benefit from the operational threat model when designing realistic validation attempts.
Proposal
Update Phase 4 prompts and gates, where appropriate, so validation planning considers:
Acceptance criteria
itemdb/notes/threat-model.mdwhen present.