Angular-based user interface for the TMI application.
TMI (Threat Modeling Improved) is a server based threat modeling web application.
- TMI makes threat modeling easier and more accurate with real-time colloboration
- TMI makes threat modeling faster and less toilsome with agent-driven or agent-assisted threat model creation
- TMI uses your workflows - it fits into your existing security tool chains
- Full REST API - threat models and their associated data flow diagrams (DFDs) and threats are human- and machine-readable and editable
- OpenAPI 3.0 specification
- Threats, threat models, diagrams and objects can be extended with arbitrary key-value metadata
- Real-time collaborative diagram editing
- Role-based access control (reader, writer, owner)
- OAuth authentication with configurable OAuth providers
- Supports multiple threat model frameworks (STRIDE, CIA, etc.)
- Supports integration with issue tracking systems
- Apache licensed for customizability
- LLM & agentic functionality will be a separate component under a different license
The associated back-end server, written in Go, is called TMI.
- Demo 2025-09-09 Demonstration of collaborative presentation of a data flow diagram
- Demo 2025-08-05 Nearly feature complete; walkthrough of all basic functionality with voiceover
- Demo 2025-05-20 Early build, shows detailed threat editing
- Demo 2025-05-16 Early build, shows localization, basic functionality
Comprehensive documentation is organized as follows:
- /docs - Central documentation directory with guides, standards, and decision records
- CLAUDE.md - AI assistant instructions and comprehensive project overview
- /docs/agent - AI agent context and implementation guides
- Architecture Guide - Complete architecture overview and patterns
- Service Provisioning Standards - Where and how to provide services
- Architecture Validation - How to validate architecture compliance
This repository includes shared resources from the TMI backend repository via git subtree:
- Location:
shared-api/directory - Source: Subtree from the TMI repository
- Contents:
- API Specifications: OpenAPI 3.0 REST API spec and AsyncAPI WebSocket spec
- Documentation: Client integration guides, OAuth setup, authorization patterns
- SDK Examples: Reference implementations (Python SDK)
shared-api/api-specs/tmi-openapi.json- OpenAPI 3.0 REST API specificationshared-api/api-specs/tmi-asyncapi.yaml- AsyncAPI WebSocket specificationshared-api/docs/AUTHORIZATION.md- Authorization and RBAC documentationshared-api/docs/CLIENT_INTEGRATION_GUIDE.md- Complete client integration guideshared-api/docs/CLIENT_OAUTH_INTEGRATION.md- OAuth setup and configuration
- Clone this repo and change to the repo root
- Download and install Node.js (latest LTS version recommended; I use 20.19.2)
- Download and Install pnpm
# Install dependencies
pnpm install
# Start application server
pnpm run devThe application supports multiple environment configurations:
-
Default Configuration
pnpm run dev # Uses environment.ts file; this starts the app listening on port 4200 -
Environment-specific Configurations
pnpm run dev:staging # Uses environment.staging.ts file pnpm run dev:test # Uses environment.test.ts file pnpm run dev:prod # Uses environment.prod.ts file pnpm run dev:local # Uses environment.local.ts file
-
Custom Configuration with Environment Variables
# Set environment variables first export TMI_INTERFACE=0.0.0.0 # Listen on all interfaces export TMI_PORT=8080 # Custom port export TMI_SSL=true # Enable HTTPS export TMI_SSL_KEY=./certs/key.pem # Path to SSL key export TMI_SSL_CERT=./certs/cert.pem # Path to SSL certificate # Run with custom configuration pnpm run dev:custom
Environment files are located in src/environments/. The application uses:
environment.ts- Default environmentenvironment.dev.ts- Development environment (when configured)environment.local.ts- Local development environmentenvironment.prod.ts- Production environmentenvironment.staging.ts- Staging environmentenvironment.test.ts- Test environmentenvironment.example.ts- Example with documentation
To create a custom environment:
- Copy
environment.example.tsto a new file (e.g.,environment.custom.ts) - Configure values as needed - at a minimum you need to configure apiUrl to your development TMI server, typically http://localhost:8080
- Update
angular.jsonwith a new configuration if needed
| Setting | Description | Default |
|---|---|---|
production |
Enable production mode | false |
logLevel |
Logging verbosity ('DEBUG', 'INFO', 'WARN', 'ERROR') | 'ERROR' |
apiUrl |
API server URL | 'https://api.example.com/v1' |
authTokenExpiryMinutes |
Authentication token validity | 60 |
operatorName |
Name of service operator | 'TMI Operator' |
operatorContact |
Contact information | '[email protected]' |
serverPort |
Server listening port | 4200 |
serverInterface |
Server listening interface | '0.0.0.0' |
enableTLS |
Enable HTTPS | false |
tlsKeyPath |
Path to TLS private key | undefined |
tlsCertPath |
Path to TLS certificate | undefined |
tlsSubjectName |
TLS subject name | System hostname |
# Development build
pnpm run build
# Production build
pnpm run build:prodAll important commands for building, linting, testing, file validation, and a lot of utilities are exposed through pnpm scripts.
Get a list of pnpm scripts with pnpm run.