@startuml
!define ATTACK_COLOR #FF6B6B
!define CONTROL_COLOR #4ECDC4
!define ASSET_COLOR #FFE66D

title Artifact Editor Threat Model

actor "Malicious User" as attacker ATTACK_COLOR
actor "Legitimate User" as user

package "Artifact Editor" {
  component "CLI Interface" as cli ASSET_COLOR
  component "AI Assistant\n(SmartTools)" as ai ASSET_COLOR
  component "Renderer Manager" as renderer ASSET_COLOR
  database "File System" as fs ASSET_COLOR
}

package "External Renderers" {
  component "PlantUML" as plantuml
  component "Mermaid CLI" as mermaid
  component "OpenSCAD" as openscad
}

package "Security Controls" CONTROL_COLOR {
  component "Input Validator" as validator
  component "Sandbox" as sandbox
  component "Resource Limiter" as limiter
}

' Attack vectors
attacker --> cli : "Path traversal\n(--output /etc/passwd)"
attacker --> ai : "Prompt injection\n(voice input)"
attacker --> renderer : "Command injection\n(malicious artifact code)"

' Legitimate flow
user --> cli : Launch with args
cli --> validator : Validate inputs
validator --> ai : Safe prompts
validator --> renderer : Sanitized code

' Renderer execution
renderer --> sandbox : Execute in sandbox
sandbox --> limiter : Apply resource limits
limiter --> plantuml : Timeout: 30s
limiter --> mermaid : Memory: 512MB
limiter --> openscad : CPU limit

' Output
renderer --> validator : Validate output path
validator --> fs : Write to allowed dir

' Threat annotations
note right of attacker
  **Attack Goals:**
  - Execute arbitrary commands
  - Write to sensitive paths
  - DoS via resource exhaustion
  - Steal sensitive data
end note

note right of validator
  **Validations:**
  - Path whitelist check
  - Code size limits
  - Character whitelist
  - AI output verification
end note

note bottom of sandbox
  **Isolation:**
  - firejail/bubblewrap
  - Read-only mounts
  - Network disabled
  - Minimal capabilities
end note

@enduml