docs: open threat model and risk assesment

SECURITY.md

@@ -92,7 +92,7 @@ This framework includes several built-in security features:
 
 ## Documented security deviations (accepted risks)
 
-The product intentionally departs from stricter baselines in a few places. Each item below is **accepted** with compensating measures and a **review cadence**. Expanded register entries (BSI / ISMS-style fields, operator summaries, and withdrawal paths) live in **[docs/agenstra/security/accepted-risks.md](./docs/agenstra/security/accepted-risks.md)**. Additional threat context and backlog items may appear in [`thread-analysis.md`](./thread-analysis.md) (internal analysis note).
+The product intentionally departs from stricter baselines in a few places. Each item below is **accepted** with compensating measures and a **review cadence**. Expanded register entries (BSI / ISMS-style fields, operator summaries, and withdrawal paths) live in **[docs/agenstra/security/accepted-risks.md](./docs/agenstra/security/accepted-risks.md)**. CRA-oriented **threat modeling** and **risk profiling** (per-service, probability × impact) are in **[docs/agenstra/security/threat-model.md](./docs/agenstra/security/threat-model.md)** and **[docs/agenstra/security/risk-profile.md](./docs/agenstra/security/risk-profile.md)**.
 
 | ID         | Area                                                                                                                                             | What we accept                                                                                                                                                                                                                                                                                                                                     | Mitigations (short)                                                                                                                                                                                                                                                                                                                                                 | Next review                                                                            |
 | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------- |
@@ -127,7 +127,9 @@ Details: **[Software Bill of Materials (SBOM)](./docs/agenstra/security/vulnerab
 ### Documentation
 
 - [Project overview and docs](./docs/agenstra/README.md) - Architecture, deployment, and setup
-- [Security documentation](./docs/agenstra/security/README.md) - CRA- and BSI-oriented transparency, accepted-risk register, hardening, SBOM, disclosure, and CI scanning (Trivy)
+- [Security documentation](./docs/agenstra/security/README.md) - CRA threat model and risk profile, accepted-risk register, hardening, SBOM, disclosure, and CI scanning (Trivy)
+- [Threat model](./docs/agenstra/security/threat-model.md) - Trust boundaries and per-service threats
+- [Risk profile](./docs/agenstra/security/risk-profile.md) - Probability × impact risk register
 
 ### External Resources
 

apps/backend-agent-controller/README.md

@@ -105,7 +105,7 @@ For library testing information, see the [library documentation](../../libs/doma
 
 ## Security Considerations
 
-For security best practices and considerations, see the [library documentation](../../libs/domains/framework/backend/feature-agent-controller/README.md#security-considerations).
+For security best practices and considerations, see the [library documentation](../../libs/domains/framework/backend/feature-agent-controller/README.md#security-considerations). CRA-oriented **[threat model](../../docs/agenstra/security/threat-model.md#backend-agent-controller)** and **[risk profile](../../docs/agenstra/security/risk-profile.md#backend-agent-controller)** for this service are in the docs site.
 
 ## Rate Limiting
 

apps/backend-agent-manager/README.md

@@ -105,7 +105,7 @@ For library testing information, see the [library documentation](../../libs/doma
 
 ## Security Considerations
 
-For security best practices and considerations, see the [library documentation](../../libs/domains/framework/backend/feature-agent-manager/README.md#security-considerations).
+For security best practices and considerations, see the [library documentation](../../libs/domains/framework/backend/feature-agent-manager/README.md#security-considerations). CRA-oriented **[threat model](../../docs/agenstra/security/threat-model.md#backend-agent-manager)** and **[risk profile](../../docs/agenstra/security/risk-profile.md#backend-agent-manager)** for this service are in the docs site.
 
 ## Rate Limiting
 

docs/agenstra/README.md

@@ -83,7 +83,9 @@ Deployment guides and configuration:
 Public security and compliance-oriented documentation:
 
 - [Compliance and standards](./security/compliance-and-standards.md) - EU CRA and BSI IT-Grundschutz documentation themes (informative)
-- [Accepted risks](./security/accepted-risks.md) - Register AR-001 through AR-005 with mitigations and review dates
+- [Threat model](./security/threat-model.md) - Per-service threats and trust boundaries (monorepo `apps/*`)
+- [Risk profile](./security/risk-profile.md) - Probability × impact scoring (LOW / MEDIUM / HIGH / CRITICAL)
+- [Accepted risks](./security/accepted-risks.md) - Register AR-001 through AR-006 with mitigations and review dates
 - [Container image security](./security/container-images.md) - Non-root users, bind mounts, restricted sudo
 - [Operational hardening](./security/operational-hardening.md) - Implemented controls (including container image hardening) and operator notes
 - [Vulnerability reporting and artifacts](./security/vulnerability-reporting-and-artifacts.md) - Disclosure process, SBOM paths, desktop integrity

docs/agenstra/applications/README.md

@@ -90,6 +90,8 @@ graph TB
 
 ## Related Documentation
 
+- **[Security — Threat model](../security/threat-model.md)** - Per-application threats and trust boundaries
+- **[Security — Risk profile](../security/risk-profile.md)** - Scored risks per application
 - **[Architecture Overview](../architecture/system-overview.md)** - System architecture
 - **[Getting Started](../getting-started.md)** - Setup and configuration
 - **[Deployment Guide](../deployment/README.md)** - Deployment documentation

docs/agenstra/architecture/README.md

@@ -108,7 +108,7 @@ Agenstra uses a three-tier architecture:
 - **Secure Communication** - HTTPS and WSS in production
 - **Credential Management** - Secure storage and encryption
 
-See **[Security documentation](../security/README.md)** for the accepted-risk register, CRA- and BSI-oriented transparency notes, and operational controls.
+See **[Security documentation](../security/README.md)** for the **[threat model](../security/threat-model.md)**, **[risk profile](../security/risk-profile.md)**, accepted-risk register, CRA- and BSI-oriented transparency notes, and operational controls.
 
 ### Reliability
 

docs/agenstra/deployment/README.md

@@ -116,7 +116,7 @@ nx serve frontend-agent-console
 - **[Getting Started](../getting-started.md)** - Quick start guide
 - **[Architecture](../architecture/README.md)** - System architecture
 - **[Applications](../applications/README.md)** - Application details
-- **[Security](../security/README.md)** - Accepted risks, hardening, SBOM, and disclosure
+- **[Security](../security/README.md)** - Threat model, risk profile, accepted risks, hardening, SBOM, and disclosure
 
 ---
 

docs/agenstra/security/README.md

@@ -2,14 +2,22 @@
 
 This section collects **security, compliance-oriented transparency, and hardening** information for Agenstra: mapping to **EU Cyber Resilience Act (CRA)** and **BSI IT-Grundschutz** documentation themes, a formal **accepted-risk register**, **vulnerability reporting**, **SBOM** and **desktop integrity** artifacts, and pointers to **environment variables** for production.
 
-For disclosure, supported versions, SBOM paths, and response-time commitments, see **[Vulnerability reporting and artifacts](./vulnerability-reporting-and-artifacts.md)**. A concise risk summary table is in **[Accepted risks](./accepted-risks.md)**. The same reporting policy is also published at the repository root as the file `SECURITY.md` (for example on GitHub’s Security tab).
+For disclosure, supported versions, SBOM paths, and response-time commitments, see **[Vulnerability reporting and artifacts](./vulnerability-reporting-and-artifacts.md)**. A concise risk summary table is in **[Accepted risks](./accepted-risks.md)**. CRA-oriented **threat modeling** and **risk profiling** (probability × impact) are in **[Threat model](./threat-model.md)** and **[Risk profile](./risk-profile.md)**. The same reporting policy is also published at the repository root as the file `SECURITY.md` (for example on GitHub’s Security tab).
 
 ## Overview
 
-Agenstra spans browsers, multiple NestJS backends, Express frontends, optional Electron distribution, and customer-controlled remote endpoints. Security is enforced through authentication modes, SSRF guardrails, sanitized logging, content security policy choices, **hardened container images** (non-root users, no default secrets in images, least-privilege Docker socket access), and **documented** residual risks where product or deployment constraints apply.
+Agenstra spans browsers, multiple NestJS backends, Express frontends, optional Electron distribution, and customer-controlled remote endpoints. Security is enforced through authentication modes, SSRF guardrails, sanitized logging, content security policy choices, **hardened container images** (non-root users, no default secrets in images, least-privilege Docker socket access), **documented threat models and risk registers** for monorepo services, and **documented** residual risks where product or deployment constraints apply.
 
 ## Documentation structure
 
+### [Threat model](./threat-model.md)
+
+Trust boundaries, threat actors, and per-service threats (STRIDE-style) for all `apps/*` deployables, including controller, manager, frontends, billing, MCP, and desktop shell.
+
+### [Risk profile](./risk-profile.md)
+
+Scored risks per service using **LOW / MEDIUM / HIGH / CRITICAL** for **probability** and **impact**, with an **accumulated** score (P × I) and overall severity.
+
 ### [Compliance and standards](./compliance-and-standards.md)
 
 How public documentation relates to **CRA** (Regulation (EU) 2024/2847) and **BSI IT-Grundschutz** / typical **ISMS** practice: expected artifacts, transparency goals, and a high-level product mapping. **Informative only**; conformity and certification require your own legal and audit advisors.
@@ -40,6 +48,7 @@ For variable-by-variable deployment settings, including **`CLIENT_ENDPOINT_*`**,
 
 ## Related documentation
 
+- **[Threat model](./threat-model.md)** and **[Risk profile](./risk-profile.md)** — CRA Art. 13 evidence (informative)
 - **[Architecture](../architecture/README.md)** — Trust boundaries and component roles
 - **[Authentication feature](../features/authentication.md)** — User-facing authentication flows
 - **[Deployment](../deployment/README.md)** — Docker and production guides

docs/agenstra/security/accepted-risks.md

@@ -1,6 +1,6 @@
 # Accepted risks (register)
 
-This register records **explicit risk acceptance** for product and deployment constraints that deviate from stricter security baselines. It supports **BSI / ISMS-style** traceability and **CRA-oriented** technical documentation (risk treatment and transparency). A compact summary table may also be published at the repository root in `SECURITY.md` for hosts that surface that file. For vulnerability reporting, SBOM paths, and desktop checksum verification, see **[Vulnerability reporting and artifacts](./vulnerability-reporting-and-artifacts.md)**.
+This register records **explicit risk acceptance** for product and deployment constraints that deviate from stricter security baselines. It supports **BSI / ISMS-style** traceability and **CRA-oriented** technical documentation (risk treatment and transparency). Scored risks and threats are documented in **[Risk profile](./risk-profile.md)** and **[Threat model](./threat-model.md)**. A compact summary table may also be published at the repository root in `SECURITY.md` for hosts that surface that file. For vulnerability reporting, SBOM paths, and desktop checksum verification, see **[Vulnerability reporting and artifacts](./vulnerability-reporting-and-artifacts.md)**.
 
 **Review cadence:** entries use acceptance **2026-05-06** and next review **2027-05-06** unless a row states otherwise; trigger an early review if the relevant templates, packaging, CSP integration, authentication resolution, or Electron shell policy change materially.
 
@@ -151,6 +151,7 @@ New windows are **allowed** by design. Risk is **lower** than in a general-purpo
 
 ## Related documentation
 
+- **[Threat model](./threat-model.md)** and **[Risk profile](./risk-profile.md)**
 - **[Compliance and standards](./compliance-and-standards.md)**
 - **[Operational hardening](./operational-hardening.md)**
 - **[Vulnerability reporting and artifacts](./vulnerability-reporting-and-artifacts.md)**