Status: Experimental · Phase: Verify, Deploy · Priority: P1.2
Pre-deployment security analysis for autonomous systems declared in Spanda source.
spanda threat-model rover.sd
spanda threat-model rover.sd --json
| Category | Sources in .sd |
|---|---|
| Connectivity | requires_network, connectivity policies |
| MQTT / WiFi / LTE / BLE | Transport and package imports |
| OTA | deploy, OTA rollout declarations |
| Remote commands | remote_signed, operator topics |
| Agent permissions | agent can[] capability grants |
| Provider permissions | Provider registry + dispatch |
ThreatReport — full assessmentThreatModel — structured attack surfaceThreatAssessment — per-threat risk levelEach report includes: Attack Surface, Threats, Risk Levels, Recommended Mitigations.
Builds on spanda-security (security check), trust-boundaries.md, and capability analysis.
Complements spanda verify and deployment gates.
spanda-threat — static analysis composing spanda-security, connectivity declarations, and deploy
surfaces.