threatprism 0.1.0__tar.gz

threatprism-0.1.0/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,53 @@
+name: Bug Report
+description: Report a bug or unexpected behavior
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting a bug! Please fill out the details below.
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What happened? What did you expect to happen?
+      placeholder: Describe the bug...
+    validations:
+      required: true
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Steps to Reproduce
+      description: Minimal steps to reproduce the issue
+      placeholder: |
+        1. Run `threatprism ...`
+        2. Call tool `analyze_threats` with ...
+        3. See error ...
+    validations:
+      required: true
+  - type: input
+    id: python-version
+    attributes:
+      label: Python Version
+      placeholder: "3.12"
+    validations:
+      required: true
+  - type: input
+    id: os
+    attributes:
+      label: Operating System
+      placeholder: "macOS 15, Ubuntu 24.04, Windows 11"
+    validations:
+      required: true
+  - type: input
+    id: client
+    attributes:
+      label: MCP Client
+      description: Which client are you using?
+      placeholder: "Claude Desktop, VS Code Copilot, Cursor, etc."
+  - type: textarea
+    id: logs
+    attributes:
+      label: Error Output / Logs
+      description: Paste any error messages or stack traces
+      render: shell

threatprism-0.1.0/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,45 @@
+name: Feature Request
+description: Suggest a new feature or improvement
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Have an idea for ThreatPrism? We'd love to hear it!
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem or Motivation
+      description: What problem does this solve? Why is it needed?
+      placeholder: I often need to...
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed Solution
+      description: How should this work? What would the API or output look like?
+      placeholder: It would be great if...
+    validations:
+      required: true
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - STRIDE analysis
+        - DREAD scoring
+        - LINDDUN privacy
+        - PASTA modeling
+        - Attack trees
+        - CWE/MITRE mapping
+        - Report generation
+        - MCP server / integration
+        - Other
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Any other approaches you've considered?

threatprism-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync --all-extras --dev
+
+      - name: Lint
+        run: uv run ruff check .
+
+      - name: Type check
+        run: uv run pyright
+
+      - name: Test
+        run: uv run pytest -v --tb=short

threatprism-0.1.0/.gitignore

@@ -0,0 +1,29 @@
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+dist/
+build/
+.eggs/
+*.egg
+.venv/
+venv/
+.env
+.env.*
+*.log
+.pytest_cache/
+.ruff_cache/
+.pyright/
+.mypy_cache/
+.coverage
+htmlcov/
+*.db
+*.sqlite3
+threat-model.md
+.DS_Store
+Thumbs.db
+.vscode/
+.cursor/
+*.pptx
+evaluation/results/
+paper/

threatprism-0.1.0/CHANGELOG.md

@@ -0,0 +1,25 @@
+# Changelog
+
+All notable changes to ThreatPrism will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/), and this project adheres to [Semantic Versioning](https://semver.org/).
+
+## [0.1.0] - 2026-03-22
+
+### Added
+
+- **STRIDE** threat identification engine with category-based analysis
+- **DREAD** quantitative risk scoring (1-10 scale with weighted context)
+- **LINDDUN** privacy threat assessment with data type and activity detection
+- **PASTA** process-oriented threat modeling with attack simulation
+- **Attack tree** decomposition with AND/OR nodes and likelihood estimation
+- **CWE** cross-referencing with automatic ID mapping
+- **MITRE ATT&CK** technique correlation
+- **Cross-framework correlation** engine linking findings across all frameworks
+- **Markdown report generation** with comprehensive threat summaries
+- MCP server compatible with Claude Desktop, Claude Code, VS Code (Copilot), and Cursor
+- Full test suite (35 tests), ruff linting, and pyright type checking
+- GitHub Actions CI across Python 3.10–3.13
+- Evaluation framework with ground truth for 5 OWASP projects
+
+[0.1.0]: https://github.com/manambharadwaj/threatprism/releases/tag/v0.1.0

threatprism-0.1.0/CONTRIBUTING.md

@@ -0,0 +1,93 @@
+# Contributing to ThreatPrism
+
+Thanks for your interest in contributing! This guide covers everything you need to get started.
+
+## Development Setup
+
+```bash
+# Clone the repo
+git clone https://github.com/manambharadwaj/threatprism.git
+cd threatprism
+
+# Install uv (if you don't have it)
+curl -LsSf https://astral.sh/uv/install.sh | sh
+
+# Install dependencies (including dev tools)
+uv sync --all-extras
+
+# Verify everything works
+uv run pytest -q
+uv run ruff check .
+uv run pyright
+```
+
+## Making Changes
+
+1. **Fork** the repository and create a branch from `master`
+2. **Write code** — follow the existing style (ruff handles formatting)
+3. **Add tests** for any new functionality in `tests/`
+4. **Run the full check suite** before committing:
+
+```bash
+uv run pytest -q          # Tests pass
+uv run ruff check .       # Lint clean
+uv run pyright            # Types clean
+```
+
+## Project Structure
+
+```
+src/threatprism/
+├── __init__.py          # Package entry point and CLI
+├── server.py            # MCP server and tool definitions
+├── models.py            # Pydantic models (Threat, DreadScore, etc.)
+├── correlation.py       # Cross-framework correlation engine
+├── reports.py           # Markdown report generation
+└── frameworks/
+    ├── stride.py        # STRIDE analysis engine
+    ├── dread.py         # DREAD risk scoring
+    ├── linddun.py       # LINDDUN privacy analysis
+    ├── pasta.py         # PASTA threat modeling
+    └── attack_tree.py   # Attack tree decomposition
+```
+
+## What to Contribute
+
+**Good first issues:**
+- Improve keyword heuristics in LINDDUN/PASTA detection
+- Add new CWE mappings for under-covered threat categories
+- Expand MITRE ATT&CK technique coverage
+- Improve test coverage for edge cases
+
+**Larger contributions:**
+- SARIF output format for CI/CD integration
+- Architecture diagram parsing (Mermaid/PlantUML)
+- New analysis frameworks
+- Performance optimizations
+
+## Pull Request Guidelines
+
+- Keep PRs focused — one feature or fix per PR
+- Include tests for new functionality
+- Ensure all three checks pass (pytest, ruff, pyright)
+- Write a clear PR description explaining *what* and *why*
+
+## Code Style
+
+- Line length: 88 characters
+- Python 3.10+ syntax (use `X | Y` union types, not `Union[X, Y]`)
+- Type annotations on all public functions
+- Pydantic models for data structures
+
+These are enforced by ruff and pyright — just run the checks and fix what they flag.
+
+## Reporting Bugs
+
+Open an issue at [github.com/manambharadwaj/threatprism/issues](https://github.com/manambharadwaj/threatprism/issues) with:
+- What you expected vs what happened
+- Minimal reproduction steps
+- Python version and OS
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the [MIT License](LICENSE).

threatprism-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Manam Bharadwaj
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

threatprism-0.1.0/PKG-INFO

@@ -0,0 +1,297 @@
+Metadata-Version: 2.4
+Name: threatprism
+Version: 0.1.0
+Summary: Multi-framework threat intelligence MCP server — STRIDE, DREAD, LINDDUN, and PASTA analysis for AI coding agents
+Project-URL: Homepage, https://github.com/manambharadwaj/threatprism
+Project-URL: Repository, https://github.com/manambharadwaj/threatprism
+Project-URL: Issues, https://github.com/manambharadwaj/threatprism/issues
+Author: Manam Bharadwaj
+License: MIT
+License-File: LICENSE
+Keywords: ai-security,dread,linddun,mcp,pasta,security,stride,threat-modeling
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.10
+Requires-Dist: click>=8.0.0
+Requires-Dist: fastmcp>=2.3.4
+Requires-Dist: pydantic>=2.0.0
+Provides-Extra: dev
+Requires-Dist: pre-commit>=4.0.0; extra == 'dev'
+Requires-Dist: pyright>=1.1.390; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.24.0; extra == 'dev'
+Requires-Dist: pytest>=8.0.0; extra == 'dev'
+Requires-Dist: ruff>=0.8.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# ThreatPrism
+
+**Multi-framework threat intelligence for AI coding agents**
+
+[![CI](https://github.com/manambharadwaj/threatprism/actions/workflows/ci.yml/badge.svg)](https://github.com/manambharadwaj/threatprism/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
+
+ThreatPrism is an MCP (Model Context Protocol) server that provides **simultaneous threat analysis across four security frameworks** — STRIDE, DREAD, LINDDUN, and PASTA — with automatic cross-referencing to CWE and MITRE ATT&CK.
+
+Unlike single-framework tools, ThreatPrism gives you a **multi-dimensional view** of every threat: *what category* (STRIDE), *how severe* (DREAD), *what privacy impact* (LINDDUN), and *what attack process* (PASTA), all correlated in one analysis.
+
+---
+
+## What Makes This Different
+
+| Capability | ThreatPrism | Typical Security Tools |
+|---|---|---|
+| Multi-framework correlation | STRIDE + DREAD + LINDDUN + PASTA in one pass | Usually one framework |
+| Quantitative scoring | DREAD 1-10 scores with weighted context | Qualitative High/Med/Low |
+| Privacy-first analysis | Built-in LINDDUN engine | Usually separate DPIA tool |
+| Attack tree generation | AND/OR decomposition with likelihood | Manual diagramming |
+| CWE + MITRE ATT&CK mapping | Automatic cross-reference | Manual lookup |
+| AI agent workflow | MCP server with auto-instructions | IDE plugin or CLI |
+
+---
+
+## Tools
+
+### Analysis
+
+| Tool | Framework | Purpose |
+|------|-----------|---------|
+| `analyze_threat_landscape` | STRIDE | Categorise threats from a system description |
+| `score_risks` | DREAD | Quantitative risk scoring (1-10 per dimension) |
+| `assess_privacy_impact` | LINDDUN | Privacy threat assessment for personal data |
+| `run_pasta_analysis` | PASTA | 7-stage attack simulation process |
+| `build_attack_tree` | Attack Trees | AND/OR decomposition of attack paths |
+
+### Cross-Reference
+
+| Tool | Purpose |
+|------|---------|
+| `correlate_frameworks` | Map threats across STRIDE → DREAD → LINDDUN → CWE → MITRE ATT&CK |
+| `map_to_cwe` | Link threats to CWE entries with remediation links |
+| `suggest_mitigations` | Prioritised mitigation strategies |
+
+### Documentation
+
+| Tool | Purpose |
+|------|---------|
+| `generate_threat_report` | Full markdown report combining all frameworks |
+
+---
+
+## Quick Start
+
+### Install
+
+```bash
+# Using uv (recommended)
+uv pip install .
+
+# Or with pip
+pip install .
+```
+
+### Run the Server
+
+```bash
+# stdio (default — for IDE integration)
+threatprism
+
+# HTTP transport (for shared/team use)
+threatprism --transport streamable-http --port 8000
+
+# SSE transport
+threatprism --transport sse --port 8000
+```
+
+---
+
+## IDE Integration
+
+### Cursor
+
+Add to `.cursor/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "threatprism": {
+      "command": "threatprism",
+      "args": []
+    }
+  }
+}
+```
+
+Or with uv (no install required):
+
+```json
+{
+  "mcpServers": {
+    "threatprism": {
+      "command": "uv",
+      "args": ["run", "--directory", "/path/to/threatprism", "threatprism"]
+    }
+  }
+}
+```
+
+### Claude Desktop
+
+Add to `claude_desktop_config.json` (macOS: `~/Library/Application Support/Claude/`, Windows: `%APPDATA%\Claude\`):
+
+```json
+{
+  "mcpServers": {
+    "threatprism": {
+      "command": "threatprism",
+      "args": []
+    }
+  }
+}
+```
+
+Or with uv (no install required):
+
+```json
+{
+  "mcpServers": {
+    "threatprism": {
+      "command": "uv",
+      "args": ["run", "--directory", "/path/to/threatprism", "threatprism"]
+    }
+  }
+}
+```
+
+### Claude Code (CLI)
+
+```bash
+claude mcp add threatprism -- threatprism
+```
+
+Or with uv:
+
+```bash
+claude mcp add threatprism -- uv run --directory /path/to/threatprism threatprism
+```
+
+### VS Code (GitHub Copilot)
+
+Add to `.vscode/mcp.json`:
+
+```json
+{
+  "servers": {
+    "threatprism": {
+      "command": "threatprism",
+      "args": []
+    }
+  }
+}
+```
+
+### Docker
+
+```bash
+docker build -t threatprism:latest .
+```
+
+```json
+{
+  "mcpServers": {
+    "threatprism": {
+      "command": "docker",
+      "args": ["run", "--rm", "-i", "threatprism:latest"]
+    }
+  }
+}
+```
+
+---
+
+## Agent Workflow
+
+When an AI agent connects, ThreatPrism automatically sends workflow instructions via the MCP handshake. The agent will follow this flow:
+
+```
+┌─────────────────────────────┐
+│  1. analyze_threat_landscape │  ← STRIDE categorisation
+├─────────────────────────────┤
+│  2. score_risks              │  ← DREAD quantitative scoring
+├─────────────────────────────┤
+│  3. assess_privacy_impact    │  ← LINDDUN privacy analysis
+├─────────────────────────────┤
+│  4. build_attack_tree        │  ← Attack path decomposition
+├─────────────────────────────┤
+│  5. correlate_frameworks     │  ← Multi-framework mapping
+├─────────────────────────────┤
+│  6. generate_threat_report   │  ← Comprehensive documentation
+└─────────────────────────────┘
+```
+
+No manual configuration needed — the agent receives the instructions on connect.
+
+---
+
+## Example Output
+
+### DREAD Score Table
+
+| Threat | D | R | E | A | D | Overall | Rating |
+|--------|---|---|---|---|---|---------|--------|
+| Authentication Bypass | 8.0 | 7.5 | 7.0 | 8.5 | 6.5 | **7.5** | HIGH |
+| Input Manipulation | 9.0 | 6.0 | 6.5 | 7.0 | 5.5 | **6.8** | HIGH |
+| Session Hijacking | 7.5 | 6.0 | 5.5 | 7.0 | 5.5 | **6.3** | HIGH |
+
+### Cross-Framework Correlation
+
+| Threat | STRIDE | DREAD | LINDDUN | CWE | MITRE |
+|--------|--------|-------|---------|-----|-------|
+| Auth Bypass | SPOO | 7.5 | IDEN, NON_ | CWE-287, CWE-290 | T1078, T1110 |
+| Data Exposure | INFO | 6.8 | DISC, LINK, IDEN | CWE-200, CWE-312 | T1530, T1567 |
+
+---
+
+## Frameworks
+
+### STRIDE (Threat Categorisation)
+Classifies threats into six categories: **S**poofing, **T**ampering, **R**epudiation, **I**nformation Disclosure, **D**enial of Service, **E**levation of Privilege.
+
+### DREAD (Risk Scoring)
+Quantitative scoring on five dimensions (1-10 each): **D**amage, **R**eproducibility, **E**xploitability, **A**ffected Users, **D**iscoverability. Overall score = average.
+
+### LINDDUN (Privacy Threats)
+Privacy-specific analysis across seven categories: **L**inkability, **I**dentifiability, **N**on-repudiation, **D**etectability, **D**isclosure, **U**nawareness, **N**on-compliance.
+
+### PASTA (Attack Simulation)
+Seven-stage process: Business Objectives → Technical Scope → Decomposition → Threat Analysis → Vulnerability Analysis → Attack Modeling → Risk/Impact Analysis.
+
+---
+
+## Development
+
+```bash
+# Install with dev dependencies
+uv sync --frozen --all-extras --dev
+
+# Run tests
+uv run pytest
+
+# Lint & type-check
+uv run ruff check .
+uv run pyright
+```
+
+---
+
+## License
+
+MIT — see [LICENSE](LICENSE).