get_controls
Retrieve implementation controls for a threat model, with auto-generation if not yet created. Supports filtering by status, objective, or component, pagination, and inclusion of orphaned or deleted controls.
Instructions
Get implementation controls for a threat model.
Returns controls that should be implemented to satisfy control objectives. If controls haven't been generated yet, auto-generates them.
By default excludes ORPHANED controls — controls whose every mapped
CO is tombstoned (its asset/attacker pair was removed in a later
version). Pass include_orphaned=True to see them. Each returned
control carries a boolean orphaned field so callers can render
the distinction.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| co_id | No | Filter by control objective ID. | |
| limit | No | Max to return (0=all). | |
| offset | No | Skip first N (for pagination). | |
| status | No | Filter by "implemented", "not_implemented", "verified". | |
| model_id | Yes | ID of the threat model. | |
| control_id | No | Optional specific control for detail mode. | |
| component_id | No | Filter by component ID (e.g., "CMP1"). | |
| summary_only | No | If True, returns only id, description, status, assertion_count, and assumed_by per control (much smaller response). | |
| server_version | Yes | ||
| include_deleted | No | Include soft-deleted controls. | |
| include_orphaned | No | Include controls mapped only to tombstoned COs (default False). |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||