feat: wire threat-model.md into Phase 5 exploitation planning

[pruiz]

Summary

Wires itemdb/notes/threat-model.md into Phase 5 (exploit development) so exploitation planning considers the project's operational threat model when present.

Closes #36.

Changes

File	Change
prompts/phase-5-exploit.md	Added threat-model.md to required reading (conditional), expanded "Threat model selection" section with project threat model consumption instructions, added threat-model sub-bullet to workflow step 3, added 2 self-validation checklist items, added final-response summary bullet
.opencode/agents/exploiter.md	Added conditional threat-model.md to required reading
templates/exploit-readme.md	Added new "Threat Model Assumptions" section with structured sub-items
tests/test_prompts_threat_model.py	Added 13 new tests covering Phase 5 prompt, exploiter agent, and exploit README template

Design decisions

• All references are conditional (If present, when present, when available) — projects without threat-model.md continue to work unchanged (acceptance criteria web: spaces #4).
• Wiring through the prompt file (not just the agent definition) — follows the established pattern from Phases 2–4.
• Self-validation checklist enforcement — ensures the exploiter cannot accidentally claim capabilities contradicted by the documented threat model.
• Exploit README template section — makes threat-model assumptions a first-class documented artifact in every exploitation attempt (acceptance criteria docs(README): add screenshots section #3).

Acceptance criteria coverage

• Phase 5 prompt explicitly references itemdb/notes/threat-model.md when present.
• Exploitation attempts do not assume capabilities contradicted by the threat model (enforced via checklist + threat-model selection guidance).
• Exploit documentation records material threat-model assumptions affecting feasibility (new template section).
• Existing Phase 5 behavior remains compatible with projects that do not yet have threat-model artifacts (all conditional).

Testing

make tests passes (798 tests, frontmatter validation, artifact checks).

Summary by CodeRabbit

• New Features

  • Exploitation workflow now consults threat-model documentation to scope attacker capabilities, respect documented non-capabilities, identify trust boundaries, and account for existing controls.
  • Exploit reports now include a “Threat Model Assumptions” section to record assumptions that materially affected feasibility or scope.

• Documentation

  • Added guidance to exploit development steps to apply threat-model constraints and checklist items.

• Tests

  • Added validation tests to ensure threat-model references and related checklist items appear across Phase 5 prompts and templates.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR wires optional project threat-model guidance into Phase 5 exploitation: exploiter agent instructions and exploit-development skill now consult itemdb/notes/threat-model.md when present; the Phase 5 prompt, exploit README template, and tests are updated to require documenting threat-model assumptions, non-capabilities, trust boundaries, and controls.

Changes

Phase 5 Threat-Model Integration

Layer / File(s)	Summary
Exploiter agent & skill inputs .opencode/agents/exploiter.md, .opencode/skills/exploit-development/SKILL.md	Adds conditional directive and Step 0/input guidance to consult itemdb/notes/threat-model.md when present to scope attacker capabilities, non-capabilities, trust boundaries, and controls.
Phase 5 exploitation prompt sections prompts/phase-5-exploit.md	Integrates threat-model guidance across opening reference, threat-model selection, attack-surface mapping, PoC self-validation checklist, and final-response checklist to record material threat-model assumptions.
Exploit README template templates/exploit-readme.md	Adds a "Threat Model Assumptions" section with a checklist for attacker capabilities, respected non-capabilities, crossed trust boundaries, controls navigated, and open assumptions.
Test coverage tests/test_prompts_threat_model.py	Adds multiple tests verifying conditional threat-model references and required phrasing (non-capabilities, attacker capabilities, trust boundaries, existing controls, open assumptions, checklist items, and final-response wording).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• pruiz/CodeCome#52: Related threat-model integration work that updates test harness and phase-specific prompt/agent/skill wiring for itemdb/notes/threat-model.md.

Poem

🐰
I hopped through docs and prompts today,
A threat model showed the careful way,
Capabilities bounded, assumptions penned,
Now Phase Five plans are truer, my friend!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the primary change: integrating threat-model.md into Phase 5 exploitation planning, matching the changeset's focus across prompts, agents, templates, and tests.
Linked Issues check	✅ Passed	All acceptance criteria from issue #36 are met: Phase 5 prompts reference threat-model.md conditionally, exploit planning considers attacker capabilities/non-capabilities/trust boundaries/controls/assumptions, and threat-model assumptions are documented in exploit README templates.
Out of Scope Changes check	✅ Passed	All changes are directly in-scope: documentation updates and tests strictly address threat-model integration into Phase 5 exploitation planning with no unrelated modifications to other subsystems or phases.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/36-threat-model-phase5

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report

Metric	Value
Line Coverage	75.8%
Lines Covered	0 / 0

Download detailed HTML coverage reports per OS/Python from the workflow artifacts.

Generated by pytest-cov on 2026-06-12T16:23:11.474Z

[greptile-apps]

Greptile Summary

This PR wires itemdb/notes/threat-model.md into the Phase 5 exploitation workflow by updating the prompt, exploiter agent, and exploit-development skill — addressing the gap noted in a prior review. All references are conditional, keeping projects without a threat model fully compatible.

• prompts/phase-5-exploit.md: Adds threat-model to required reading, expands the "Threat model selection" section with specific consumption rules (capabilities, non-capabilities, trust boundaries, controls, open assumptions), inserts a workflow sub-bullet in step 3, and adds two self-validation checklist items — both correctly guarded with when present / otherwise note its absence.
• .opencode/skills/exploit-development/SKILL.md: Adds threat-model.md to required reading and a new step 0 (conditionally gated) that aligns the attacker profile with the threat model before building the exploit.
• templates/exploit-readme.md and tests: A structured "Threat Model Assumptions" section is added to the exploit README template, and 13 new tests validate the integration across all three Phase 5 artifacts.

Confidence Score: 5/5

This PR is safe to merge — all changes are additive, conditional, and isolated to prompt/template/test files with no runtime code paths affected.

Every new addition is guarded with if present / when present language, preserving backward compatibility. The previously flagged gaps (SKILL.md not updated, checklist item missing a conditional qualifier) are both resolved in this revision. The test suite now covers the skill, agent, and prompt across the key threat-model properties. The one remaining asymmetry is a missing conditional-language test for the skill, which is a test-completeness gap only.

tests/test_prompts_threat_model.py — missing a conditional-language assertion for the exploit-development skill, unlike the parallel tests for the agent and prompt.

Important Files Changed

Filename	Overview
prompts/phase-5-exploit.md	Added conditional threat-model reading to required-reading list, expanded threat-model selection section, added workflow sub-bullet, and added two self-validation checklist items — all guarded correctly with when present/if present language.
.opencode/agents/exploiter.md	Added single conditional threat-model.md bullet to required reading, consistent with Phase 2–4 agent pattern.
.opencode/skills/exploit-development/SKILL.md	Added threat-model.md to required reading and inserted a step 0 (conditionally gated) before the existing numbered exploit-build steps.
templates/exploit-readme.md	New '# Threat Model Assumptions' section added between the exploitation-chain and exploitation-method sections, with clear fallback instruction when no threat model exists.
tests/test_prompts_threat_model.py	13 new tests cover the prompt, agent, and skill; conditional-language coverage is present for the agent and prompt but missing for the skill, leaving a minor asymmetry.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Phase 5 Exploit Prompt\nphase-5-exploit.md] -->|reads| TM{itemdb/notes/\nthreat-model.md\npresent?}
    B[Exploiter Agent\nexploiter.md] -->|reads| TM
    C[Exploit-Dev Skill\nSKILL.md] -->|reads| TM

    TM -->|Yes| D[Scope attacker posture\nvia documented capabilities]
    TM -->|Yes| E[Validate non-capabilities\nnot assumed by PoC]
    TM -->|Yes| F[Identify trust boundaries\n& existing controls]
    TM -->|No| G[Proceed with\nexisting threat model\nselection flow]

    D --> H[Checklist:\nPoC does not violate\nnon-capabilities]
    E --> H
    F --> H
    H --> I[exploits/README.md\nThreat Model Assumptions\nsection populated]
    G --> J[exploits/README.md\n'No project threat model\navailable' written]

Loading

_{Reviews (2): Last reviewed commit: "feat: wire threat-model.md into Phase 5 ..." | Re-trigger Greptile}

[coderabbitai]

🧹 Nitpick comments (1)

.opencode/skills/exploit-development/SKILL.md (1)

76-79: ⚡ Quick win

Include open assumptions in Step 0.

This step aligns capabilities, non-capabilities, and controls, but it still misses the open-assumption check the Phase 5 flow now needs. That leaves room for exploit plans to rely on an unverified feasibility assumption until documentation time.

♻️ Suggested tweak

 0. When `itemdb/notes/threat-model.md` is available, review how the finding's
    attacker profile, trust boundary, and impact align with the documented
-   capabilities, non-capabilities, and existing controls. Do not design an
+   capabilities, non-capabilities, existing controls, and open assumptions.
+   Do not design an
    exploit that assumes capabilities explicitly excluded as non-capabilities.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.opencode/skills/exploit-development/SKILL.md around lines 76 - 79, Step 0
currently aligns attacker profile, trust boundary, and controls with
itemdb/notes/threat-model.md but lacks an explicit open-assumptions capture;
update the Step 0 prose in SKILL.md to require recording any open/unguarded
assumptions (what is assumed, why, and what evidence is missing), tag each
assumption as "must-verify-in-Phase-5" if it affects exploit feasibility, and
refuse to design or document exploits that depend on unverified assumptions
until Phase 5 verification is completed; reference the Step 0 section, the
"Phase 5" flow, and the threat-model note so reviewers can find and enforce the
new check.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.opencode/skills/exploit-development/SKILL.md:
- Around line 76-79: Step 0 currently aligns attacker profile, trust boundary,
and controls with itemdb/notes/threat-model.md but lacks an explicit
open-assumptions capture; update the Step 0 prose in SKILL.md to require
recording any open/unguarded assumptions (what is assumed, why, and what
evidence is missing), tag each assumption as "must-verify-in-Phase-5" if it
affects exploit feasibility, and refuse to design or document exploits that
depend on unverified assumptions until Phase 5 verification is completed;
reference the Step 0 section, the "Phase 5" flow, and the threat-model note so
reviewers can find and enforce the new check.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 91228c06-a5a1-4c52-b607-83de0b969f59

📥 Commits

Reviewing files that changed from the base of the PR and between bd3ee48 and 90e696a.

📒 Files selected for processing (5)

• .opencode/agents/exploiter.md
• .opencode/skills/exploit-development/SKILL.md
• prompts/phase-5-exploit.md
• templates/exploit-readme.md
• tests/test_prompts_threat_model.py

✅ Files skipped from review due to trivial changes (2)

• templates/exploit-readme.md
• prompts/phase-5-exploit.md

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/test_prompts_threat_model.py