@maintainabilityai/research-runner 0.1.1

package/dist/mesh/get-mesh-sha.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getMeshSha = getMeshSha;
+/**
+ * get-mesh-sha — pure helper for resolving the mesh repo's git HEAD SHA.
+ *
+ * Mirrors the canonical impl in vscode-extension/src/core/mesh-sha.ts. We
+ * duplicate rather than depend on the extension because the runner ships as
+ * a separate npm package and pulling in the extension would be a layering
+ * violation.
+ */
+const node_child_process_1 = require("node:child_process");
+const SHA_RE = /^[0-9a-f]{7,40}$/;
+function getMeshSha(meshPath) {
+    try {
+        const out = (0, node_child_process_1.execFileSync)('git', ['rev-parse', 'HEAD'], {
+            cwd: meshPath,
+            encoding: 'utf8',
+            stdio: ['ignore', 'pipe', 'ignore'],
+        });
+        const sha = out.trim();
+        return SHA_RE.test(sha) ? sha : null;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/mesh/mesh-reader.d.ts

@@ -0,0 +1,14 @@
+import type { MeshContext } from '../schemas';
+export interface GatherMeshContextOpts {
+    meshDir: string;
+    /** Scope: 'platform' or 'bar'. Portfolio scope was removed — runs
+     *  must anchor to a specific platform or BAR for the agents to
+     *  produce a targeted PRD. */
+    scope: {
+        level: 'platform' | 'bar';
+        id: string;
+    };
+}
+/** Normalize a GitHub URL (or already-slug form) to `owner/repo`. */
+export declare function normalizeRepoSlug(value: string): string | null;
+export declare function gatherMeshContext(opts: GatherMeshContextOpts): MeshContext;

package/dist/mesh/mesh-reader.js

@@ -0,0 +1,392 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeRepoSlug = normalizeRepoSlug;
+exports.gatherMeshContext = gatherMeshContext;
+/**
+ * mesh-reader — walks a governance mesh on disk and produces a MeshContext
+ * for the Archeologist / PRD agents.
+ *
+ * Scope resolution:
+ *   - portfolio: reads mesh.yaml only
+ *   - platform:  reads mesh.yaml + platforms/<slug>/platform.yaml + platform.arch.json
+ *   - bar:       reads everything above + the BAR's app.yaml + bar.arch.json
+ *                + threat-model.yaml + ADRs/ + research/ + prds/
+ *
+ * BAR id → path resolution walks platforms/*\/bars/* looking for an `app.yaml`
+ * whose `id:` field matches. Cheap on small portfolios, fine for v1.
+ */
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const yaml = __importStar(require("js-yaml"));
+const get_mesh_sha_1 = require("./get-mesh-sha");
+const threat_model_reader_1 = require("./threat-model-reader");
+const STALE_RESEARCH_DAYS = 90;
+/** Normalize a GitHub URL (or already-slug form) to `owner/repo`. */
+function normalizeRepoSlug(value) {
+    if (!value) {
+        return null;
+    }
+    const trimmed = value.trim().replace(/\.git$/, '').replace(/\/$/, '');
+    // Already in owner/repo form
+    if (/^[\w.-]+\/[\w.-]+$/.test(trimmed)) {
+        return trimmed;
+    }
+    // https://github.com/owner/repo or git@github.com:owner/repo
+    const httpsMatch = trimmed.match(/github\.com[:/]([\w.-]+\/[\w.-]+)$/i);
+    if (httpsMatch) {
+        return httpsMatch[1];
+    }
+    return null;
+}
+/** Pull repo URLs from app.yaml and normalize each to `owner/repo`; drop unparseable entries. */
+function extractLinkedRepos(appYaml) {
+    const raw = appYaml?.application?.repos;
+    if (!Array.isArray(raw)) {
+        return [];
+    }
+    const out = [];
+    for (const entry of raw) {
+        if (typeof entry !== 'string') {
+            continue;
+        }
+        const slug = normalizeRepoSlug(entry);
+        if (slug) {
+            out.push(slug);
+        }
+    }
+    return out;
+}
+function loadYamlFile(p) {
+    try {
+        return yaml.load(fs.readFileSync(p, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+function loadJsonFile(p) {
+    try {
+        return JSON.parse(fs.readFileSync(p, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+/** Scan a `<bar>/<subdir>/` for .md docs; return newest-first metadata. */
+function scanDocDir(barPath, subdir) {
+    const dir = path.join(barPath, subdir);
+    if (!fs.existsSync(dir)) {
+        return [];
+    }
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return [];
+    }
+    const summaries = [];
+    for (const entry of entries) {
+        if (!entry.isFile() || !entry.name.endsWith('.md')) {
+            continue;
+        }
+        const filePath = path.join(dir, entry.name);
+        const id = entry.name.replace(/\.md$/, '');
+        let mtimeMs = 0;
+        let publishedAt = new Date(0).toISOString();
+        let topic = id.replace(/[-_]/g, ' ');
+        try {
+            const stat = fs.statSync(filePath);
+            mtimeMs = stat.mtimeMs;
+            publishedAt = stat.mtime.toISOString();
+            const content = fs.readFileSync(filePath, 'utf8');
+            const headingMatch = content.match(/^#\s+(.+)$/m);
+            if (headingMatch) {
+                topic = headingMatch[1].trim();
+            }
+        }
+        catch { /* fall through with defaults */ }
+        summaries.push({ research_id: id, topic, published_at: publishedAt, _mtime_ms: mtimeMs });
+    }
+    return summaries.sort((a, b) => b._mtime_ms - a._mtime_ms);
+}
+function stripMtime(s) {
+    const { _mtime_ms: _unused, ...rest } = s;
+    void _unused;
+    return rest;
+}
+/** Locate a BAR by id by walking `platforms/<slug>/bars/<id>/app.yaml`. */
+function findBarPath(meshDir, barId) {
+    const platformsDir = path.join(meshDir, 'platforms');
+    if (!fs.existsSync(platformsDir)) {
+        return null;
+    }
+    for (const platformEntry of fs.readdirSync(platformsDir, { withFileTypes: true })) {
+        if (!platformEntry.isDirectory()) {
+            continue;
+        }
+        const barsDir = path.join(platformsDir, platformEntry.name, 'bars');
+        if (!fs.existsSync(barsDir)) {
+            continue;
+        }
+        for (const barEntry of fs.readdirSync(barsDir, { withFileTypes: true })) {
+            if (!barEntry.isDirectory()) {
+                continue;
+            }
+            const candidate = path.join(barsDir, barEntry.name);
+            const appYaml = loadYamlFile(path.join(candidate, 'app.yaml'));
+            if (appYaml?.application?.id === barId) {
+                return { barPath: candidate, platformSlug: platformEntry.name };
+            }
+        }
+    }
+    return null;
+}
+function listSiblingBars(platformDir, excludeBarId) {
+    const barsDir = path.join(platformDir, 'bars');
+    if (!fs.existsSync(barsDir)) {
+        return [];
+    }
+    const out = [];
+    for (const entry of fs.readdirSync(barsDir, { withFileTypes: true })) {
+        if (!entry.isDirectory()) {
+            continue;
+        }
+        const barPath = path.join(barsDir, entry.name);
+        const appYaml = loadYamlFile(path.join(barPath, 'app.yaml'));
+        const app = appYaml?.application;
+        if (!app?.id || app.id === excludeBarId) {
+            continue;
+        }
+        // CALM nodes the BAR owns — same shape as the bar-scope branch.
+        const calm = loadJsonFile(path.join(barPath, 'architecture', 'bar.arch.json'));
+        const calmNodeIds = extractCalmNodeIdsFromArchJson(calm);
+        // Threat ids — read via the same threat-model-reader used at bar scope.
+        const tm = (0, threat_model_reader_1.readThreatModelFromBar)(barPath);
+        const threatIds = Array.isArray(tm?.threats)
+            ? tm.threats.map(t => t.id).filter((id) => !!id)
+            : [];
+        out.push({
+            bar_id: app.id,
+            name: app.name || app.id,
+            composite_score: 0, // v1: scorer integration lands in phase 4
+            linked_repos: extractLinkedRepos(appYaml),
+            calm_node_ids: calmNodeIds,
+            threat_ids: threatIds,
+        });
+    }
+    return out;
+}
+/** Pull `unique-id` strings out of the nodes array of a parsed bar.arch.json. */
+function extractCalmNodeIdsFromArchJson(calm) {
+    if (!calm || typeof calm !== 'object') {
+        return [];
+    }
+    const nodes = calm.nodes;
+    if (!Array.isArray(nodes)) {
+        return [];
+    }
+    const out = [];
+    for (const n of nodes) {
+        const id = n['unique-id'];
+        if (typeof id === 'string' && id.length > 0) {
+            out.push(id);
+        }
+    }
+    return out;
+}
+function readAdrs(barPath) {
+    const adrDir = path.join(barPath, 'architecture', 'ADRs');
+    if (!fs.existsSync(adrDir)) {
+        return [];
+    }
+    const out = [];
+    for (const entry of fs.readdirSync(adrDir, { withFileTypes: true })) {
+        if (!entry.isFile() || !entry.name.endsWith('.md')) {
+            continue;
+        }
+        const content = (() => { try {
+            return fs.readFileSync(path.join(adrDir, entry.name), 'utf8');
+        }
+        catch {
+            return '';
+        } })();
+        if (!content) {
+            continue;
+        }
+        const idMatch = content.match(/^#\s*ADR[-\s]?(\d+)/im);
+        const titleMatch = content.match(/^#\s+(.+)/m);
+        const statusMatch = content.match(/^##\s+Status\s*\n+\s*(\S+)/im);
+        const decisionMatch = content.match(/^##\s+Decision\s*\n+([\s\S]*?)(?=\n##\s|\n$)/im);
+        out.push({
+            id: idMatch ? `ADR-${idMatch[1].padStart(4, '0')}` : entry.name.replace(/\.md$/, ''),
+            title: (titleMatch?.[1] || entry.name).trim(),
+            status: (statusMatch?.[1] || 'unknown').trim(),
+            decision: (decisionMatch?.[1] || '').trim().slice(0, 500),
+        });
+    }
+    return out.sort((a, b) => a.id.localeCompare(b.id));
+}
+/**
+ * Pillar-score loading is a phase-4 integration point. For phase 2 we return
+ * a zeroed placeholder so the schema validates; later we'll either re-export
+ * GovernanceScorer into a shared package or shell out to a `scorecard` CLI.
+ */
+function placeholderPillarScores() {
+    return { architecture: 0, security: 0, info_risk: 0, operations: 0 };
+}
+/**
+ * Detect mesh gaps from disk alone — does NOT require pillar scores. Mirrors
+ * the same gap-kind enum as GovernanceScorer.detectMeshGaps in vscode-extension.
+ * Returns the subset that can be detected without the scorer.
+ */
+function detectMeshGapsFromDisk(barPath, research, adrCount) {
+    const gaps = [];
+    if (!(0, threat_model_reader_1.readThreatModelFromBar)(barPath)) {
+        gaps.push('no_threat_model');
+    }
+    try {
+        const controlsStat = fs.statSync(path.join(barPath, 'security', 'security-controls.yaml'));
+        if (controlsStat.size === 0) {
+            gaps.push('no_controls_mapping');
+        }
+    }
+    catch {
+        gaps.push('no_controls_mapping');
+    }
+    if (adrCount === 0) {
+        gaps.push('no_adrs');
+    }
+    if (research.length > 0) {
+        const cutoff = Date.now() - STALE_RESEARCH_DAYS * 24 * 60 * 60 * 1000;
+        const allStale = research.every(r => r._mtime_ms < cutoff);
+        if (allStale) {
+            gaps.push('stale_research');
+        }
+    }
+    return gaps;
+}
+function gatherMeshContext(opts) {
+    const meshDir = path.resolve(opts.meshDir);
+    const meshSha = (0, get_mesh_sha_1.getMeshSha)(meshDir);
+    if (!meshSha) {
+        throw new Error(`Could not resolve mesh git SHA at ${meshDir}. Is it a git repo with at least one commit?`);
+    }
+    const portfolio = loadYamlFile(path.join(meshDir, 'mesh.yaml')) || {};
+    const portfolioRelatedResearch = scanDocDir(meshDir, 'research');
+    const baseContext = {
+        scope: { level: opts.scope.level, bar_id: undefined, platform_id: undefined },
+        mesh_sha: meshSha,
+        portfolio: {
+            name: portfolio.name || 'unnamed-portfolio',
+            governance_policy: null, // phase 4: parse policies/*.yaml
+            capability_models: [], // phase 4: parse capability-models/
+            related_research_summaries: portfolioRelatedResearch.map(stripMtime),
+        },
+        platform: null,
+        bar: null,
+    };
+    // -------- platform / bar branches --------
+    let platformSlug = null;
+    let platformDir = null;
+    let barPath = null;
+    let barId;
+    if (opts.scope.level === 'bar') {
+        if (!opts.scope.id) {
+            throw new Error('scope.level=bar requires scope.id');
+        }
+        const found = findBarPath(meshDir, opts.scope.id);
+        if (!found) {
+            throw new Error(`Could not find BAR with id ${opts.scope.id} in ${meshDir}`);
+        }
+        barPath = found.barPath;
+        platformSlug = found.platformSlug;
+        platformDir = path.join(meshDir, 'platforms', platformSlug);
+        barId = opts.scope.id;
+    }
+    else {
+        // platform scope: scope.id is the slug
+        platformSlug = opts.scope.id;
+        platformDir = path.join(meshDir, 'platforms', platformSlug);
+        if (!fs.existsSync(platformDir)) {
+            throw new Error(`Could not find platform "${platformSlug}" in ${meshDir}/platforms/`);
+        }
+    }
+    const platformYaml = loadYamlFile(path.join(platformDir, 'platform.yaml')) || {};
+    const platformArch = loadJsonFile(path.join(platformDir, 'platform.arch.json'));
+    const platformResearch = scanDocDir(platformDir, 'research').map(stripMtime);
+    const platformId = platformYaml.id || `PLT-${platformSlug.toUpperCase()}`;
+    const ctx = {
+        ...baseContext,
+        scope: { level: opts.scope.level, bar_id: barId, platform_id: platformId },
+        platform: {
+            platform_id: platformId,
+            architecture: platformArch,
+            sibling_bars: listSiblingBars(platformDir, barId || ''),
+            related_research_summaries: platformResearch,
+        },
+    };
+    if (opts.scope.level === 'platform') {
+        return ctx;
+    }
+    // bar branch
+    const appYaml = loadYamlFile(path.join(barPath, 'app.yaml')) || {};
+    const app = appYaml.application ?? {};
+    const calmModel = loadJsonFile(path.join(barPath, 'architecture', 'bar.arch.json'));
+    const threatModelParsed = (0, threat_model_reader_1.readThreatModelFromBar)(barPath);
+    const adrs = readAdrs(barPath);
+    const research = scanDocDir(barPath, 'research');
+    const prds = scanDocDir(barPath, 'prds');
+    const meshGaps = detectMeshGapsFromDisk(barPath, research, adrs.length);
+    return {
+        ...ctx,
+        bar: {
+            bar_id: app.id || barId,
+            name: app.name || barId,
+            composite_score: 0, // phase 4 integration
+            tier: 'restricted', // phase 4 integration
+            calm_model: calmModel,
+            threats: threatModelParsed ? threatModelParsed.threats : null,
+            controls: null, // phase 4: parse security-controls.yaml
+            adrs,
+            pillar_scores: placeholderPillarScores(),
+            related_research: research.map(stripMtime),
+            related_prds: prds.map(stripMtime),
+            mesh_gaps: meshGaps,
+            linked_repos: extractLinkedRepos(appYaml),
+        },
+    };
+}

package/dist/mesh/prompt-loader.d.ts

@@ -0,0 +1,22 @@
+export interface LoadedPrompt {
+    /** Path to the pack relative to the mesh root (for audit). */
+    packPath: string;
+    /** SHA-256 of the raw, pre-substitution prompt body. */
+    packSha256: string;
+    /** Body after `{placeholder}` substitution. */
+    filled: string;
+    /** Variables that the prompt asked for but weren't found in context. */
+    missingKeys: string[];
+}
+export interface LoadPromptOpts {
+    /** Mesh repo root. */
+    meshDir: string;
+    /** Pack id relative to `.caterpillar/prompts/`, e.g. "research/query-plan". */
+    packId: string;
+    /** Substitution context. Dotted keys are walked. */
+    context: Record<string, unknown>;
+    /** Inject the current year. Defaults to UTC now. */
+    now?: Date;
+}
+/** Read + hash + substitute a prompt pack. Throws if the pack file is missing. */
+export declare function loadPrompt(opts: LoadPromptOpts): LoadedPrompt;

package/dist/mesh/prompt-loader.js

@@ -0,0 +1,119 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadPrompt = loadPrompt;
+/**
+ * prompt-loader — reads a `.caterpillar/prompts/<pack>.md` file, hashes it
+ * for the audit log, and substitutes `{placeholder}` variables from a
+ * context object.
+ *
+ * Substitution semantics:
+ *   `{flat}`           → context.flat
+ *   `{nested.path}`    → context.nested.path (dot-walks)
+ *   `{current_year}`   → current 4-digit year (always injected)
+ *   value types are rendered as:
+ *     string/number/boolean → toString
+ *     null/undefined        → "(unset)"
+ *     string[]              → bullet list, one per line
+ *     other arrays/objects  → JSON.stringify with 2-space indent
+ *
+ * Unmatched `{tokens}` are left intact (so prompts can mention literal
+ * curly-brace content in code samples or YAML fences without surprise
+ * substitution; only top-level / dot-walked keys present in the context
+ * get replaced).
+ */
+const node_crypto_1 = require("node:crypto");
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const PROMPT_DIR = '.caterpillar/prompts';
+/** Read + hash + substitute a prompt pack. Throws if the pack file is missing. */
+function loadPrompt(opts) {
+    const relPath = `${PROMPT_DIR}/${opts.packId}.md`;
+    const absPath = path.join(opts.meshDir, relPath);
+    if (!fs.existsSync(absPath)) {
+        throw new Error(`Prompt pack not found at ${relPath} (looked under ${opts.meshDir}). Run "Refresh Prompts" in Looking Glass settings.`);
+    }
+    const raw = fs.readFileSync(absPath, 'utf8');
+    const sha256 = (0, node_crypto_1.createHash)('sha256').update(raw, 'utf8').digest('hex');
+    const augmented = {
+        current_year: (opts.now ?? new Date()).getUTCFullYear(),
+        ...opts.context,
+    };
+    const missingKeys = [];
+    const filled = raw.replace(/\{([a-zA-Z_][\w.]*)\}/g, (match, key) => {
+        const value = walk(augmented, key);
+        if (value === undefined) {
+            missingKeys.push(key);
+            return match;
+        }
+        return renderValue(value);
+    });
+    return { packPath: relPath, packSha256: sha256, filled, missingKeys };
+}
+function walk(ctx, key) {
+    const parts = key.split('.');
+    let cur = ctx;
+    for (const part of parts) {
+        if (cur == null || typeof cur !== 'object') {
+            return undefined;
+        }
+        cur = cur[part];
+    }
+    return cur;
+}
+function renderValue(value) {
+    if (value === null || value === undefined) {
+        return '(unset)';
+    }
+    if (typeof value === 'string') {
+        return value;
+    }
+    if (typeof value === 'number' || typeof value === 'boolean') {
+        return String(value);
+    }
+    if (Array.isArray(value)) {
+        if (value.length === 0) {
+            return '(none)';
+        }
+        if (value.every(v => typeof v === 'string')) {
+            return value.map(v => `- ${v}`).join('\n');
+        }
+        return '```json\n' + JSON.stringify(value, null, 2) + '\n```';
+    }
+    if (typeof value === 'object') {
+        return '```json\n' + JSON.stringify(value, null, 2) + '\n```';
+    }
+    return String(value);
+}

package/dist/mesh/threat-model-reader.d.ts

@@ -0,0 +1,33 @@
+export type StrideCategory = 'spoofing' | 'tampering' | 'repudiation' | 'information-disclosure' | 'denial-of-service' | 'elevation-of-privilege';
+export type ImpactLevel = 'critical' | 'high' | 'medium' | 'low';
+export type LikelihoodLevel = 'high' | 'medium' | 'low';
+export type ControlEffectiveness = 'full' | 'partial' | 'none';
+export type ResidualRisk = 'critical' | 'high' | 'medium' | 'low' | 'negligible';
+export interface ThreatEntry {
+    id: string;
+    category: StrideCategory;
+    target: string;
+    targetName: string;
+    dataClassification: string;
+    description: string;
+    attackVector: string;
+    impact: ImpactLevel;
+    likelihood: LikelihoodLevel;
+    existingControls: string[];
+    controlEffectiveness: ControlEffectiveness;
+    residualRisk: ResidualRisk;
+    recommendedMitigations: string[];
+    nistReferences: string[];
+}
+export interface ThreatModelSummary {
+    byCategory: Record<string, number>;
+    byRisk: Record<string, number>;
+    unmitigatedCount: number;
+}
+export interface ParsedThreatModel {
+    threats: ThreatEntry[];
+    summary: ThreatModelSummary;
+}
+export declare function parseThreatModelYaml(content: string): ThreatEntry[];
+export declare function summarizeThreatModel(threats: ThreatEntry[]): ThreatModelSummary;
+export declare function readThreatModelFromBar(barPath: string): ParsedThreatModel | null;