@startuml
!define AWSPUML https://raw.githubusercontent.com/awslabs/aws-icons-for-plantuml/v14.0/dist

title Threat Model - AI Home Lab Productivity Tool

' Trust Boundaries
package "Home Lab Network" {
  package "Productivity Tool" {
    component "Web UI" as web
    component "CLI Interface" as cli
    component "Scheduler" as scheduler
    database "Task/Goal Storage" as db
    component "AI Engine\n(Local LLM)" as ai
    component "Export/Summary" as export
  }
  
  actor "User" as user
  actor "Other Home Lab Services" as other_services
}

actor "External Attacker" as attacker
cloud "External Services\n(Optional)" as external

' Trust relationships
user --> web : Daily check-ins\n(personal data)
user --> cli : Task management
scheduler --> user : Notifications\n(task reminders)

web --> db : Store conversations
cli --> db : CRUD operations
ai --> db : Read context\nGenerate insights
scheduler --> ai : Trigger interviews
export --> db : Read history
export --> user : Reports\n(sensitive summaries)

' Attack surfaces
attacker ..> web : Network attack\n(if exposed)
attacker ..> db : File access\n(if unencrypted)
other_services ..> web : Lateral movement
other_services ..> db : File system access

web ..> external : API calls?\n(data exfiltration risk)
ai ..> external : Model updates?\n(supply chain risk)

' Key threats
note right of db
  **CRITICAL ASSETS**
  - Conversation histories
  - Goal failure interviews
  - Personal patterns
  - Work habits data
  
  **THREATS**
  - Unauthorized access
  - Data exfiltration
  - Unencrypted backups
end note

note right of ai
  **AI-SPECIFIC RISKS**
  - Prompt injection
  - Model poisoning
  - Context leakage
  - Malicious output
end note

note left of web
  **ACCESS CONTROL**
  - Authentication?
  - Session management?
  - Rate limiting?
  - HTTPS enforcement?
end note

@enduml