threat-model-gate

# Threat Model Gate ## Overview Security cannot be added later. Features that touch user data, system boundaries, or trust relationships require threat modeling during planning — not after code is written. ## Core Principle **Every feature that handles user data, authentication, or system boundaries requires explicit threat modeling before implementation.** "We'll secure it in the next sprint" is a commitment that never gets honored. The cost of retrofitting security is 10x the cost of designing it in. Threat modeling during planning is the minimum viable security practice. ## When to Activate Apply this gate when planning involves any of the following: **Authentication and Identity** - Login flows, session management, token issuance or validation - Multi-factor authentication, SSO, OAuth, OIDC, SAML - Password storage, credential management, account recovery **Authorization and Access Control** - Role-based or attribute-based access control (RBAC, ABAC) - Resource ownership and sharing models - Admin capabilities, privilege escalation paths - API key or service account permissions **Data Handling** - PII collection, storage, or transmission - Payment card data, health records, or regulated data categories - Encryption at rest or in transit - Data retention, deletion, or export features **API Design** - Public-facing endpoints, webhooks, or callbacks - Inter-service communication with trust implications - Rate limiting and abuse prevention - Input validation and ou...