add_asset
Add a new asset to a threat model with automated factor reasoning and optional component scoping for deployment context.
Instructions
Add a new asset to a threat model. Creates a new version.
The caller supplies identity-bearing fields (name, description,
security_properties, notes) plus optional component scoping; the
backend LLM-reasons the factor decomposition (and composes the
impact rating from it). The same prompt the generation
pipeline uses for LLM-produced assets is reused here, so factors
are calibrated consistently regardless of who introduced the
asset. Override any factor post-create via edit_asset with a
change_reason for the audit trail.
component_ids (optional) links the asset to one or more
deployable units. Components are the canonical bridge between
security architecture (trust boundaries) and code organization
(repos); linking assets here flows boundary context into the
reachability graph. Multi-component is the right shape for
multi-instance assets (e.g., a session token on client + cache).
LLM-gated against a re-add of a previously soft-deleted asset on the same model. Three possible outcomes:
Normal create — fresh asset with a new ID. Returns the envelope
{"model": ThreatModel, "controls_carried": N, ...}.Auto-restore — proposal matched a soft-deleted asset; that asset is un-deleted (CO tombstones revive). Response carries
auto_restored: True,restored_asset_id, anddiscarded_fields.Similar-verdict rejection —
{"accepted": False, "classification": "similar", "candidate_restore_id": "A-N", ...}; nothing saved.
Fails with a tool error on:
503 — restore-candidate evaluator OR factor-reasoning evaluator unavailable. Retry with backoff.
502 — restore-candidate evaluator returned malformed response. Retry same prompt.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | Asset name (required). | |
| notes | No | Optional notes. | |
| model_id | Yes | ID of the threat model. | |
| description | No | Optional description (recommended — feeds the factor-reasoning prompt). | |
| component_ids | No | Comma-separated component IDs scoping the asset (e.g., "CMP1,CMP2"). Empty / omitted = unscoped. Validated against components declared on the model. | |
| server_version | Yes | ||
| security_properties | No | Comma-separated properties, e.g. "C,I,A" (default: "C"). |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||