edit_trust_boundary
Update a trust boundary's attributes like description, allowed attack vectors, or isolation flag in a threat model. Changes create a new model version to reflect revised security boundaries.
Instructions
Edit a trust boundary. Creates a new model version.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| tb_id | Yes | ID of the trust boundary (e.g., "TB1"). | |
| passes | No | New comma-separated AttackVector values the boundary allows through (subset of "Network,Adjacent,Local,Physical"). Use the empty string to set "blocks all"; omit to leave unchanged. Reach-relevant — narrowing or widening this set can flip CO verdicts. | |
| sealed | No | New isolation flag. True declares NO lateral ingress (the only way in is crossing the perimeter — an air-gap / segmented enclave), which lets reachability decisively rule the boundary unreachable; False assumes a lateral pivot is possible. Reach-relevant — changing it can flip CO verdicts. Omit to leave unchanged. | |
| crosses | No | New comma-separated asset IDs. | |
| model_id | Yes | ID of the threat model. | |
| description | No | New description. | |
| change_reason | No | Required when ``passes`` or ``sealed`` actually changes. Captured in the audit trail; documents why the boundary's vector filter was tightened/widened or its isolation claim changed. | |
| server_version | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||