Where Security Analysis Lives
What this page is
Stigmem uses one protocol-level threat model plus feature-local security files for features. This page tells you where to look.
Canonical risk register
The numbered R-XX risk register lives in
spec/security/threat-model.md.
Cross-cutting protocol risks stay there.
Transport security
Quota enforcement
Prompt-injection controls
CID integrity
Release supply-chain integrity
Storage immutability
Feature-local security files
Per ADR-018 and ADR-020, a feature that owns or materially contributes to a numbered risk keeps its feature analysis in its feature record. Legacy experimental security files may remain as compatibility pointers during migration.
features/lazy-instruction-discovery/security.mdFeature-local files do not replace the risk register.
They give operators and contributors the local threat-model delta, operator scenarios, conformance pointers, and ADR-008 reintroduction gates for the feature.
Features without security files
Not every directory under experimental/ receives a security.md
automatically. Adapter, deployment, SDK, dashboard, and workbench
directories remain covered by their STATUS.md, contributor checks,
and the protocol-level threat model until they own or materially
contribute to a numbered risk. When that happens, the same PR must
add or update the feature-local security.md and cross-link the risk
register.
Contributor rule
When adding a feature-owned R-XX risk:
- Add the risk to the unified threat model.
- Add or update
features/<feature>/security.md. - Link the risk row in the threat model to the feature-local file.
- Run the security documentation validator.
python scripts/check_security_documentation.py