Skip to content

feat: embedded draw.io diagram editor for threat modelling#132

Open
Mavi9412 wants to merge 2 commits into
mrwadams:masterfrom
Mavi9412:feature/drawio-integration
Open

feat: embedded draw.io diagram editor for threat modelling#132
Mavi9412 wants to merge 2 commits into
mrwadams:masterfrom
Mavi9412:feature/drawio-integration

Conversation

@Mavi9412

Copy link
Copy Markdown

Summary

  • Integrates the official diagrams.net embed editor directly into the Threat Model tab as an optional alternative to image upload
  • Diagram XML is parsed with stdlib xml.etree.ElementTree to extract components, data flows, and trust boundaries — this structured context is injected into the LLM prompt, producing richer threat models than image analysis alone
  • App description text area auto-fills from the saved diagram (mirrors existing PNG upload behaviour)
  • Existing image upload workflow is completely unchanged

New files

File Purpose
stride_gpt/core/drawio_parser.py draw.io XML parser — extracts components, connections, trust boundaries. Includes __main__ self-test. No new dependencies (stdlib only).
apps/web/components/drawio_editor/__init__.py Streamlit declare_component wrapper returning {action, xml}
apps/web/components/drawio_editor/frontend/index.html Pure HTML/JS embedding embed.diagrams.net via the official proto=json postMessage API. No npm build step required.

Changed files

File Change
apps/web/main.py Editor toggle button in col1 alongside image upload; full-width editor renders above the input columns; XML context injected at prompt-build time
README.md Feature entry added to the features list

How it works

User draws diagram in editor
        ↓
Save & Close → draw.io postMessage → XML returned to Python
        ↓
stride_gpt/core/drawio_parser.py extracts:
  • Components (User, Web App, Database …)
  • Data Flows (User → Web App (HTTPS) …)
  • Trust Boundaries (Internal Network …)
        ↓
Structured text prepended to LLM prompt
        ↓
Higher-quality, diagram-aware threat model

Test plan

  • Click Open Diagram Editor — editor opens full-width above the form, no loading error
  • Draw shapes and arrows, click Save & Close — app description text area auto-fills with extracted architecture
  • Click Generate Threat Model — threats reference the diagram components by name
  • Click Clear diagram — text area clears, next generation uses only manual input
  • Upload a PNG as before — existing flow unaffected
  • Run python stride_gpt/core/drawio_parser.py — all assertions pass

Mavi9412 added 2 commits June 30, 2026 16:09
Integrates the diagrams.net embed editor directly into the Threat Model
tab so users can create and edit architecture diagrams without leaving
STRIDE-GPT. The diagram XML is parsed to extract components, data flows,
and trust boundaries, which are injected into the LLM prompt as structured
context before generating a threat model.

New files:
- stride_gpt/core/drawio_parser.py  — stdlib XML parser with self-test
- apps/web/components/drawio_editor/ — Streamlit custom component wrapping
  the diagrams.net embed postMessage API (pure HTML/JS, no build step)

Changed files:
- apps/web/main.py — toggle button in col1, full-width editor widget below
  the input section, XML context injection at prompt-build time
- README.md — feature entry in the feature list

Backward-compatible: existing image upload flow is unchanged.
- Add isStreamlitMessage:true to all component postMessages so Streamlit
  registers componentReady and does not show the loading error banner
- Auto-fill app description text area from parsed diagram XML on save,
  mirroring the existing PNG upload flow
- Move editor to render full-width above the input columns so it opens
  immediately in view after clicking the button in col1
- Move Open Diagram Editor button into col1 alongside the image uploader
@Mavi9412

Mavi9412 commented Jul 2, 2026

Copy link
Copy Markdown
Author
Screenshot 2026-07-02 125642

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant