asdm-cli 0.1.0

package/registry/skills/threat-modeling/SKILL.asdm.md

@@ -0,0 +1,87 @@
+---
+name: threat-modeling
+type: skill
+description: "Security threat modeling using the STRIDE framework for application and infrastructure"
+version: 1.0.0
+tags: [security, threat-modeling, stride, risk, architecture]
+trigger: "When designing new features, reviewing security architecture, or assessing risk of system changes"
+
+providers:
+  opencode:
+    location: skills/threat-modeling/
+  claude-code:
+    location: skills/threat-modeling/
+  copilot:
+    applyTo: "**/*"
+---
+
+# Threat Modeling Skill
+
+## Purpose
+
+Threat modeling is the practice of systematically identifying, classifying, and mitigating security risks before they are built into a system. It is most effective when applied at design time — retrofitting security is exponentially more expensive than designing it in.
+
+## STRIDE Framework
+
+STRIDE categorizes threats by the property of a secure system they violate:
+
+| Threat | Violated Property | Example |
+|--------|-----------------|---------|
+| **S**poofing | Authentication | Attacker impersonates a legitimate user |
+| **T**ampering | Integrity | Attacker modifies data in transit or at rest |
+| **R**epudiation | Non-repudiation | User denies performing an action; no audit trail |
+| **I**nformation Disclosure | Confidentiality | Sensitive data exposed in error messages or logs |
+| **D**enial of Service | Availability | Attacker exhausts resources, making the service unavailable |
+| **E**levation of Privilege | Authorization | User gains access beyond their permission level |
+
+## Threat Modeling Process
+
+### Step 1: Define Scope
+Identify the components, data flows, and trust boundaries in scope. Draw a Data Flow Diagram (DFD):
+- **External entities**: Actors outside the system boundary (users, third-party services)
+- **Processes**: Code that transforms data
+- **Data stores**: Databases, caches, files, queues
+- **Data flows**: How data moves between entities, processes, and stores
+- **Trust boundaries**: Lines a threat actor must cross to reach sensitive components
+
+### Step 2: Identify Threats (STRIDE per Element)
+For each element in the DFD, apply STRIDE systematically. Not every category applies to every element:
+- External entities: primarily Spoofing, Repudiation
+- Processes: all STRIDE categories
+- Data stores: primarily Tampering, Information Disclosure, Denial of Service
+- Data flows: primarily Tampering, Information Disclosure, Denial of Service
+
+### Step 3: Assess Risk
+For each identified threat, score using DREAD or CVSS v3.1:
+- **Damage potential**: How severe is the impact?
+- **Reproducibility**: How reliably can the attack be repeated?
+- **Exploitability**: What skill level is required?
+- **Affected users**: How many users are impacted?
+- **Discoverability**: How easy is the attack to discover?
+
+### Step 4: Define Mitigations
+For each threat above the accepted risk threshold, define a specific technical control:
+
+| Threat Category | Common Mitigations |
+|----------------|-------------------|
+| Spoofing | Strong authentication (MFA, passkeys), certificate pinning |
+| Tampering | HMAC signatures, TLS mutual auth, database row-level security |
+| Repudiation | Immutable audit logs, digital signatures, structured event logging |
+| Information Disclosure | Encryption at rest and in transit, field-level masking, minimal logging |
+| Denial of Service | Rate limiting, circuit breakers, autoscaling, WAF rules |
+| Elevation of Privilege | Principle of least privilege, RBAC/ABAC, input validation |
+
+### Step 5: Document and Track
+Produce a threat model document with:
+1. DFD diagram with trust boundaries annotated
+2. Threat inventory: ID, STRIDE category, affected element, risk score
+3. Mitigation plan: control, owner, target resolution date
+4. Accepted risks: threats below threshold with explicit justification
+
+## Rules
+
+- Threat model BEFORE implementation — design-time fixes cost 30× less than production fixes
+- NEVER accept a risk without explicit sign-off from a security lead
+- Update the threat model when the architecture changes — stale models create false confidence
+- Prioritize by exploitability × impact; theoretical low-exploitability threats are low priority
+- Document the trust boundaries explicitly — most security failures occur at boundary crossings

package/registry/v0.1.0.json

@@ -0,0 +1,253 @@
+{
+  "$schema": "https://asdm.dev/schemas/manifest.schema.json",
+  "version": "0.1.0",
+  "policy": {
+    "locked_fields": [
+      "telemetry",
+      "install_hooks",
+      "auto_verify"
+    ],
+    "telemetry": true,
+    "auto_verify": true,
+    "install_hooks": true,
+    "allowed_profiles": [
+      "base",
+      "fullstack-engineer",
+      "data-analytics",
+      "mobile",
+      "security"
+    ],
+    "allowed_providers": [
+      "opencode",
+      "claude-code",
+      "copilot"
+    ],
+    "min_cli_version": "0.1.0"
+  },
+  "profiles": {
+    "base": {
+      "agents": [
+        "code-reviewer",
+        "documentation-writer"
+      ],
+      "skills": [
+        "plan-protocol",
+        "code-review"
+      ],
+      "commands": [
+        "check-file",
+        "summarize"
+      ],
+      "providers": [
+        "opencode",
+        "claude-code",
+        "copilot"
+      ]
+    },
+    "data-analytics": {
+      "extends": [
+        "base"
+      ],
+      "agents": [
+        "code-reviewer",
+        "data-analyst",
+        "documentation-writer"
+      ],
+      "skills": [
+        "plan-protocol",
+        "code-review",
+        "data-pipeline"
+      ],
+      "commands": [
+        "check-file",
+        "summarize",
+        "analyze-schema"
+      ],
+      "providers": [
+        "opencode",
+        "claude-code",
+        "copilot"
+      ]
+    },
+    "fullstack-engineer": {
+      "extends": [
+        "base"
+      ],
+      "agents": [
+        "code-reviewer",
+        "documentation-writer",
+        "architect",
+        "test-engineer"
+      ],
+      "skills": [
+        "plan-protocol",
+        "code-review",
+        "frontend-design",
+        "api-design"
+      ],
+      "commands": [
+        "check-file",
+        "summarize",
+        "generate-types",
+        "scaffold-component"
+      ],
+      "providers": [
+        "opencode",
+        "claude-code",
+        "copilot"
+      ]
+    },
+    "mobile": {
+      "extends": [
+        "base"
+      ],
+      "agents": [
+        "code-reviewer",
+        "documentation-writer",
+        "mobile-engineer"
+      ],
+      "skills": [
+        "plan-protocol",
+        "code-review",
+        "mobile-patterns"
+      ],
+      "commands": [
+        "check-file",
+        "summarize",
+        "scaffold-component"
+      ],
+      "providers": [
+        "opencode",
+        "claude-code",
+        "copilot"
+      ]
+    },
+    "security": {
+      "extends": [
+        "base"
+      ],
+      "agents": [
+        "code-reviewer",
+        "security-auditor",
+        "documentation-writer"
+      ],
+      "skills": [
+        "plan-protocol",
+        "code-review",
+        "threat-modeling"
+      ],
+      "commands": [
+        "check-file",
+        "summarize",
+        "audit-deps"
+      ],
+      "providers": [
+        "opencode",
+        "claude-code",
+        "copilot"
+      ]
+    }
+  },
+  "assets": {
+    "agents/architect.asdm.md": {
+      "sha256": "cac0b010fd350f9d23bfbb090327dc2e8e971be9daafa764269619224c5ca742",
+      "size": 3011,
+      "version": "1.0.0"
+    },
+    "agents/code-reviewer.asdm.md": {
+      "sha256": "682c73710a84ad8c40e3d8548f82811390ce3db32c6f136116afcde7f87fc75d",
+      "size": 2911,
+      "version": "1.0.0"
+    },
+    "agents/data-analyst.asdm.md": {
+      "sha256": "bb0ce105b9dd19eaef3be5d6b76f5ad273b4b95057d3bb2c998acbaf3dfc7589",
+      "size": 2865,
+      "version": "1.0.0"
+    },
+    "agents/documentation-writer.asdm.md": {
+      "sha256": "05f22780898bdc7dc9e842caab967241b99e02ca7d43d30b09ca8d19fc85d63a",
+      "size": 2788,
+      "version": "1.0.0"
+    },
+    "agents/mobile-engineer.asdm.md": {
+      "sha256": "ab51f952dcc8ce72cf3f48359e11c30fc7a3f5b32b534e56b04ee47cd382c3bd",
+      "size": 2903,
+      "version": "1.0.0"
+    },
+    "agents/security-auditor.asdm.md": {
+      "sha256": "8285378a7b30009a02f537d9fc882344c50444c1c1fe1b0ff35b8e49e475b2eb",
+      "size": 3167,
+      "version": "1.0.0"
+    },
+    "agents/test-engineer.asdm.md": {
+      "sha256": "e23266b82c0e3ccb96d613167c3c27d88651ff159fcb8e9b8eaf34b125681278",
+      "size": 2811,
+      "version": "1.0.0"
+    },
+    "skills/api-design/SKILL.asdm.md": {
+      "sha256": "637fc8014c22ddd8fa9122a44eb68cef70ffecfed724e8535b8d7d54091c579c",
+      "size": 3506,
+      "version": "1.0.0"
+    },
+    "skills/code-review/SKILL.asdm.md": {
+      "sha256": "de2011667b7f9e5c07cef878d43e85bb2d9fa2109c4ba64e161b6038012fab20",
+      "size": 3112,
+      "version": "1.0.0"
+    },
+    "skills/data-pipeline/SKILL.asdm.md": {
+      "sha256": "35e45153c4eafc4f1654b46865a226509634b3659365b03e19de482d10233699",
+      "size": 3686,
+      "version": "1.0.0"
+    },
+    "skills/frontend-design/SKILL.asdm.md": {
+      "sha256": "9cdddedd6f2b6caa8bafb8f8fa9864b6473c89170c4feedd05aaa9f1a30a8d3f",
+      "size": 3267,
+      "version": "1.0.0"
+    },
+    "skills/mobile-patterns/SKILL.asdm.md": {
+      "sha256": "9f336da4b1979cbdadad95012a4347f0e9830597f60e98e9084d6a0d07459acd",
+      "size": 3561,
+      "version": "1.0.0"
+    },
+    "skills/plan-protocol/SKILL.asdm.md": {
+      "sha256": "c0226a04e91caedc6dd9b51946508b9c05c29b51aa3402217c176161c0e7a16c",
+      "size": 2781,
+      "version": "1.0.0"
+    },
+    "skills/threat-modeling/SKILL.asdm.md": {
+      "sha256": "255ec1cc1773315b994bff8f09e647750210bc34f233c5ff83053fb6568f67e5",
+      "size": 4256,
+      "version": "1.0.0"
+    },
+    "commands/analyze-schema.asdm.md": {
+      "sha256": "2c855b9b02257cecc71c5a03faa05da52e215df148aa141c9258db8e0d2b6174",
+      "size": 2538,
+      "version": "1.0.0"
+    },
+    "commands/audit-deps.asdm.md": {
+      "sha256": "b5d54e07d9596b996090aae8e83476fb2d53b62301dd3feef82facd3d08f7150",
+      "size": 2781,
+      "version": "1.0.0"
+    },
+    "commands/check-file.asdm.md": {
+      "sha256": "3090793fb1eb3484626f7a4c9569df87ff486586e2e3f4046c15749003a4af73",
+      "size": 1700,
+      "version": "1.0.0"
+    },
+    "commands/generate-types.asdm.md": {
+      "sha256": "d1b1401c495410ee68aedc055700cfb11794228d8f363bdf6463b75e58bdff20",
+      "size": 2259,
+      "version": "1.0.0"
+    },
+    "commands/scaffold-component.asdm.md": {
+      "sha256": "312cf07c16a44fe334037281213aed99d8410070acbfe35e6ae0968ec8a5263f",
+      "size": 2327,
+      "version": "1.0.0"
+    },
+    "commands/summarize.asdm.md": {
+      "sha256": "0f52ab9a25f6f802aa2a9025d8a4e9a5825aa04ba94173884bb189566ad07ad0",
+      "size": 1919,
+      "version": "1.0.0"
+    }
+  }
+}

package/registry/v1.0.0.json

@@ -0,0 +1,153 @@
+{
+  "$schema": "https://asdm.dev/schemas/manifest.schema.json",
+  "version": "1.0.0",
+  "built_at": "2026-04-01T00:00:00Z",
+  "commit_sha": "0000000000000000000000000000000000000000",
+  "policy": {
+    "locked_fields": ["telemetry", "install_hooks", "auto_verify"],
+    "telemetry": true,
+    "auto_verify": true,
+    "install_hooks": true,
+    "allowed_profiles": ["base", "fullstack-engineer", "data-analytics", "mobile", "security"],
+    "allowed_providers": ["opencode", "claude-code", "copilot"],
+    "min_cli_version": "1.0.0"
+  },
+  "profiles": {
+    "base": {
+      "extends": [],
+      "agents": ["code-reviewer", "documentation-writer"],
+      "skills": ["plan-protocol", "code-review"],
+      "commands": ["check-file", "summarize"]
+    },
+    "fullstack-engineer": {
+      "extends": ["base"],
+      "agents": ["code-reviewer", "documentation-writer", "architect", "test-engineer"],
+      "skills": ["plan-protocol", "code-review", "frontend-design", "api-design"],
+      "commands": ["check-file", "summarize", "generate-types", "scaffold-component"],
+      "providers": ["opencode", "claude-code", "copilot"]
+    },
+    "data-analytics": {
+      "extends": ["base"],
+      "agents": ["code-reviewer", "data-analyst", "documentation-writer"],
+      "skills": ["plan-protocol", "code-review", "data-pipeline"],
+      "commands": ["check-file", "summarize", "analyze-schema"],
+      "providers": ["opencode", "claude-code", "copilot"]
+    },
+    "mobile": {
+      "extends": ["base"],
+      "agents": ["code-reviewer", "documentation-writer", "mobile-engineer"],
+      "skills": ["plan-protocol", "code-review", "mobile-patterns"],
+      "commands": ["check-file", "summarize", "scaffold-component"],
+      "providers": ["opencode", "claude-code", "copilot"]
+    },
+    "security": {
+      "extends": ["base"],
+      "agents": ["code-reviewer", "security-auditor", "documentation-writer"],
+      "skills": ["plan-protocol", "code-review", "threat-modeling"],
+      "commands": ["check-file", "summarize", "audit-deps"],
+      "providers": ["opencode", "claude-code", "copilot"]
+    }
+  },
+  "assets": {
+    "agents/code-reviewer.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "agents/documentation-writer.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "agents/architect.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "agents/test-engineer.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "agents/data-analyst.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "agents/mobile-engineer.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "agents/security-auditor.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "skills/plan-protocol/SKILL.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "skills/code-review/SKILL.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "skills/frontend-design/SKILL.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "skills/api-design/SKILL.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "skills/data-pipeline/SKILL.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "skills/mobile-patterns/SKILL.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "skills/threat-modeling/SKILL.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "commands/check-file.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "commands/summarize.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "commands/generate-types.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "commands/scaffold-component.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "commands/analyze-schema.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    },
+    "commands/audit-deps.asdm.md": {
+      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
+      "size": 0,
+      "version": "1.0.0"
+    }
+  }
+}

package/schemas/agent.schema.json

@@ -0,0 +1,82 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://asdm.dev/schemas/agent.schema.json",
+  "title": "ASDM Agent",
+  "description": "Schema for ASDM agent .asdm.md frontmatter",
+  "type": "object",
+  "required": ["name", "type", "description", "version"],
+  "additionalProperties": false,
+  "properties": {
+    "name": {
+      "type": "string",
+      "pattern": "^[a-z][a-z0-9-]*$",
+      "description": "Kebab-case agent identifier"
+    },
+    "type": {
+      "type": "string",
+      "const": "agent"
+    },
+    "description": {
+      "type": "string",
+      "minLength": 10,
+      "maxLength": 200
+    },
+    "version": {
+      "type": "string",
+      "pattern": "^\\d+\\.\\d+\\.\\d+$",
+      "description": "Semantic version"
+    },
+    "tags": {
+      "type": "array",
+      "items": { "type": "string" },
+      "uniqueItems": true
+    },
+    "providers": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "opencode": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "model": { "type": "string" },
+            "permissions": {
+              "type": "array",
+              "items": { "type": "string" }
+            },
+            "tools": {
+              "type": "array",
+              "items": { "type": "string" }
+            }
+          }
+        },
+        "claude-code": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "model": { "type": "string" },
+            "allowedTools": {
+              "type": "array",
+              "items": { "type": "string" }
+            }
+          }
+        },
+        "copilot": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "on": { "type": "string" },
+            "safe-outputs": {
+              "type": "array",
+              "items": { "type": "string" }
+            },
+            "permissions": {
+              "type": "object",
+              "additionalProperties": { "type": "string" }
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/command.schema.json

@@ -0,0 +1,58 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://asdm.dev/schemas/command.schema.json",
+  "title": "ASDM Command",
+  "description": "Schema for ASDM command .asdm.md frontmatter",
+  "type": "object",
+  "required": ["name", "type", "description", "version"],
+  "additionalProperties": false,
+  "properties": {
+    "name": {
+      "type": "string",
+      "pattern": "^[a-z][a-z0-9-]*$"
+    },
+    "type": {
+      "type": "string",
+      "const": "command"
+    },
+    "description": {
+      "type": "string",
+      "minLength": 10,
+      "maxLength": 200
+    },
+    "version": {
+      "type": "string",
+      "pattern": "^\\d+\\.\\d+\\.\\d+$"
+    },
+    "providers": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "opencode": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "slash_command": { "type": "string" },
+            "agent": { "type": "string" }
+          }
+        },
+        "claude-code": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "slash_command": { "type": "string" },
+            "agent": { "type": "string" }
+          }
+        },
+        "copilot": {
+          "type": "object",
+          "additionalProperties": true,
+          "properties": {
+            "slash_command": { "type": "string" },
+            "agent": { "type": "string" }
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/config.schema.json

@@ -0,0 +1,29 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://asdm.dev/schemas/config.schema.json",
+  "title": "ASDM Project Config",
+  "description": "Schema for .asdm.json (committed project config)",
+  "type": "object",
+  "required": ["registry", "profile"],
+  "additionalProperties": false,
+  "properties": {
+    "$schema": { "type": "string" },
+    "registry": {
+      "type": "string",
+      "pattern": "^github://[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+$",
+      "description": "Registry URL in github://{org}/{repo} format"
+    },
+    "profile": {
+      "type": "string",
+      "pattern": "^[a-z][a-z0-9-]*$"
+    },
+    "providers": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": ["opencode", "claude-code", "copilot"]
+      },
+      "uniqueItems": true
+    }
+  }
+}