threatcl
diff --git a/‎CHANGELOG.md‎
Lines changed: 8 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎cmd/threatcl/generate_interactive.go‎
Lines changed: 11 additions & 1 deletion b/‎cmd/threatcl/generate_interactive.go‎
Lines changed: 11 additions & 1 deletion
diff --git a/‎cmd/threatcl/server_test.go‎
Lines changed: 15 additions & 8 deletions b/‎cmd/threatcl/server_test.go‎
Lines changed: 15 additions & 8 deletions
diff --git a/‎docs/graphql-api.md‎
Lines changed: 17 additions & 0 deletions b/‎docs/graphql-api.md‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎examples/graphql-queries.md‎
Lines changed: 43 additions & 14 deletions b/‎examples/graphql-queries.md‎
Lines changed: 43 additions & 14 deletions
diff --git a/‎examples/tm3.hcl‎
Lines changed: 1 addition & 1 deletion b/‎examples/tm3.hcl‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 0 additions & 4 deletions b/‎go.sum‎
Lines changed: 0 additions & 4 deletions
@@ -1,3 +1,11 @@
+## 0.3.1
+
+### Dec 26, 2025
+
+CHANGES:
+
+* Adjusted GraphQL to support unique `threat` names
+
 ## 0.3.0
 
 ### Dec 24, 2025
 
@@ -535,6 +535,14 @@ func (c *GenerateInteractiveCommand) Run(args []string) int {
 			break
 		} else {
 			var tQs = []*survey.Question{
+				{
+				Name: "tname",
+				Prompt: &survey.Input{
+					Message: "[Threat] Name:",
+					Help:    "A unique name for this threat. For example, 'User Impersonation via Stolen Credentials'",
+				},
+				Validate: survey.Required,
+			},
 				{
 					Name: "tdescription",
 					Prompt: &survey.Input{
@@ -560,6 +568,7 @@ func (c *GenerateInteractiveCommand) Run(args []string) int {
 			}
 
 			tAnswers := struct {
+				Tname        string
 				Tdescription string
 				Timpacttypes []string
 				Tcontrol     string
@@ -568,7 +577,8 @@ func (c *GenerateInteractiveCommand) Run(args []string) int {
 			err = survey.Ask(tQs, &tAnswers)
 
 			t := spec.Threat{
-				Description: tAnswers.Tdescription,
+				Name:        tAnswers.Tname,
+			Description: tAnswers.Tdescription,
 				ImpactType:  tAnswers.Timpacttypes,
 				Control:     tAnswers.Tcontrol,
 			}
 
@@ -149,13 +149,22 @@ func TestServerIntegration(t *testing.T) {
 		done <- code
 	}()
 
-	// Give server time to start
-	time.Sleep(2 * time.Second)
+	// Wait for server to be ready with retry logic
+	var resp *http.Response
+	var err error
+	maxRetries := 300 // 30 retries * 100ms = 30 seconds max
+	client := &http.Client{Timeout: 1 * time.Second}
+
+	for range maxRetries {
+		resp, err = client.Get(fmt.Sprintf("http://127.0.0.1:%d/health", port))
+		if err == nil {
+			break
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
 
-	// Test health endpoint
-	resp, err := http.Get(fmt.Sprintf("http://localhost:%d/health", port))
 	if err != nil {
-		t.Fatalf("Failed to connect to server: %s", err)
+		t.Fatalf("Failed to connect to server after %d retries: %s", maxRetries, err)
 	}
 	defer resp.Body.Close()
 
@@ -169,10 +178,9 @@ func TestServerIntegration(t *testing.T) {
 	}
 
 	// Test GraphQL endpoint with a simple query
-	client := &http.Client{Timeout: 5 * time.Second}
 	graphqlReq := strings.NewReader(`{"query": "{ stats { totalThreatModels } }"}`)
 	resp, err = client.Post(
-		fmt.Sprintf("http://localhost:%d/graphql", port),
+		fmt.Sprintf("http://127.0.0.1:%d/graphql", port),
 		"application/json",
 		graphqlReq,
 	)
@@ -541,4 +549,3 @@ func TestServerHelpNoLongerMentionsNotImplemented(t *testing.T) {
 		t.Error("Help text should still mention -watch flag")
 	}
 }
-
 
@@ -159,6 +159,7 @@ threats(filter: ThreatFilter): [Threat!]!
 
 **Arguments:**
 - `filter` (optional): Filter criteria
+  - `name`: String - Filter by threat name (case-insensitive substring match)
   - `impacts`: [String!] - Filter by impact types (e.g., ["Confidentiality", "Integrity"])
   - `stride`: [String!] - Filter by STRIDE categories (e.g., ["Spoofing", "Tampering"])
   - `hasImplementedControls`: Boolean - Filter threats with/without implemented controls
@@ -167,6 +168,7 @@ threats(filter: ThreatFilter): [Threat!]!
 ```graphql
 query {
   threats(filter: { stride: ["Spoofing", "Elevation Of Privilege"] }) {
+    name
     description
     stride
     impacts
@@ -178,6 +180,20 @@ query {
 }
 ```
 
+**Example (filtering by name):**
+```graphql
+query {
+  threats(filter: { name: "theft" }) {
+    name
+    description
+    impacts
+    threatModel {
+      name
+    }
+  }
+}
+```
+
 #### `informationAssets`
 
 Retrieve all information assets, optionally filtered by classification.
@@ -275,6 +291,7 @@ Represents a security threat.
 **Fields:**
 ```graphql
 type Threat {
+  name: String!
   description: String!
   impacts: [String!]!
   stride: [String!]!
 
@@ -122,6 +122,7 @@ Find all threats categorized as "Spoofing":
 ```graphql
 query SpoofingThreats {
   threats(filter: { stride: ["Spoofing"] }) {
+    name
     description
     stride
     impacts
@@ -139,6 +140,25 @@ Find threats that impact confidentiality:
 ```graphql
 query ConfidentialityThreats {
   threats(filter: { impacts: ["Confidentiality"] }) {
+    name
+    description
+    impacts
+    stride
+    threatModel {
+      name
+    }
+  }
+}
+```
+
+### 9. Threats by Name
+
+Search for threats by name (supports partial, case-insensitive matching):
+
+```graphql
+query ThreatsByName {
+  threats(filter: { name: "theft" }) {
+    name
     description
     impacts
     stride
@@ -149,7 +169,7 @@ query ConfidentialityThreats {
 }
 ```
 
-### 9. Confidential Information Assets
+### 10. Confidential Information Assets
 
 Find all assets classified as confidential:
 
@@ -168,7 +188,7 @@ query ConfidentialAssets {
 
 ## Detailed Queries
 
-### 10. Threat Model with All Details
+### 11. Threat Model with All Details
 
 Get complete information about a threat model:
 
@@ -194,6 +214,7 @@ query CompleteThreatModel {
     }
 
     threats {
+      name
       description
       impacts
       stride
@@ -228,7 +249,7 @@ query CompleteThreatModel {
 }
 ```
 
-### 11. All Threats with Controls
+### 12. All Threats with Controls
 
 Get all threats and their associated controls:
 
@@ -237,6 +258,7 @@ query AllThreatsWithControls {
   threatModels {
     name
     threats {
+      name
       description
       impacts
       stride
@@ -251,7 +273,7 @@ query AllThreatsWithControls {
 }
 ```
 
-### 12. Threat Models with Data Flow Diagrams
+### 13. Threat Models with Data Flow Diagrams
 
 Find threat models that have DFDs:
 
@@ -290,7 +312,7 @@ query ModelsWithDFDs {
 
 ## Analysis Queries
 
-### 13. Security Control Coverage
+### 14. Security Control Coverage
 
 Analyze which threat models have the most controls:
 
@@ -300,6 +322,7 @@ query ControlCoverage {
     name
     author
     threats {
+      name
       description
       controls {
         name
@@ -310,7 +333,7 @@ query ControlCoverage {
 }
 ```
 
-### 14. Implementation Status
+### 15. Implementation Status
 
 Find threats with unimplemented controls:
 
@@ -319,6 +342,7 @@ query UnimplementedControls {
   threatModels {
     name
     threats {
+      name
       description
       controls {
         name
@@ -332,7 +356,7 @@ query UnimplementedControls {
 
 Note: You'll need to filter client-side for `implemented: false`.
 
-### 15. Risk Reduction Analysis
+### 16. Risk Reduction Analysis
 
 Analyze risk reduction across all controls:
 
@@ -341,6 +365,7 @@ query RiskReductionAnalysis {
   threatModels {
     name
     threats {
+      name
       description
       controls {
         name
@@ -358,7 +383,7 @@ query RiskReductionAnalysis {
 }
 ```
 
-### 16. Third-Party Dependency Audit
+### 17. Third-Party Dependency Audit
 
 Find all third-party dependencies and their criticality:
 
@@ -380,7 +405,7 @@ query ThirdPartyAudit {
 
 ## Multiple Queries in One Request
 
-### 17. Dashboard Data
+### 18. Dashboard Data
 
 Get all data needed for a dashboard in one query:
 
@@ -413,6 +438,7 @@ query Dashboard {
   }
 
   allThreats: threats {
+    name
     description
     stride
     threatModel {
@@ -422,7 +448,7 @@ query Dashboard {
 }
 ```
 
-### 18. Security Posture Report
+### 19. Security Posture Report
 
 Generate a comprehensive security posture report:
 
@@ -439,6 +465,7 @@ query SecurityPostureReport {
   internetFacing: threatModels(filter: { internetFacing: true }) {
     name
     threats {
+      name
       description
       impacts
       controls {
@@ -459,7 +486,7 @@ query SecurityPostureReport {
 
 ## Advanced Queries
 
-### 19. Using Query Variables
+### 20. Using Query Variables
 
 Define reusable queries with variables:
 
@@ -470,6 +497,7 @@ query GetModelByName($modelName: String!) {
     author
     description
     threats {
+      name
       description
       impacts
     }
@@ -484,12 +512,13 @@ Variables:
 }
 ```
 
-### 20. Fragments for Reusable Fields
+### 21. Fragments for Reusable Fields
 
 Use fragments to avoid repeating field selections:
 
 ```graphql
 fragment ThreatDetails on Threat {
+  name
   description
   impacts
   stride
@@ -522,7 +551,7 @@ query ModelsWithThreatDetails {
 
 While the API provides server-side filtering, sometimes you need client-side filtering. Here are some examples using JavaScript:
 
-### 21. Find Threats Without Implemented Controls
+### 22. Find Threats Without Implemented Controls
 
 ```javascript
 const query = `
@@ -551,7 +580,7 @@ const threatsWithoutControls = data.threatModels.flatMap(tm =>
 );
 ```
 
-### 22. Calculate Control Implementation Rate
+### 23. Calculate Control Implementation Rate
 
 ```javascript
 const query = `
 
@@ -1,7 +1,7 @@
  spec_version = "0.2.3"
 
  threatmodel "Modelly model" {
-   imports = ["https://raw.githubusercontent.com/xntrik/hcltm/main/examples/aws-security-checklist.hcl", "https://raw.githubusercontent.com/xntrik/hcltm/main/examples/owasp-proactive-controls.hcl"]
+   imports = ["https://raw.githubusercontent.com/threatcl/threatcl/main/examples/aws-security-checklist.hcl", "https://raw.githubusercontent.com/threatcl/threatcl/main/examples/owasp-proactive-controls.hcl"]
    author = "@xntrik"
 
    diagram_link = "https://link.to.somewhere/diagram"
 
@@ -328,10 +328,6 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/threatcl/go-otm v0.0.2 h1:zN/Wwiy6QVw0SRm+YiZA7lDf2yI0jVyxPmNW1k9kgpw=
 github.com/threatcl/go-otm v0.0.2/go.mod h1:U1CNSpdQQ8S0lqr5LNn3tFZxsLgBKOz27+5k+IzFho0=
-github.com/threatcl/spec v0.2.1 h1:hWaM/40s3X/9e1QiJX+CfCNKP5TZI1RnvYlXNTFlclg=
-github.com/threatcl/spec v0.2.1/go.mod h1:Qe8mAmBX1tC/BRb0ydtZXBkpiTki9Fj0v1GzL9kSDzk=
-github.com/threatcl/spec v0.2.2 h1:CwOHdHbHeIu6sOpoJN+9YenQIcSOyjLzAy4U2daDgAU=
-github.com/threatcl/spec v0.2.2/go.mod h1:Qe8mAmBX1tC/BRb0ydtZXBkpiTki9Fj0v1GzL9kSDzk=
 github.com/threatcl/spec v0.2.3 h1:mSPhsZDd9FJtDKLuDKD7qHle4H4vqyKyHP9cKj26F2g=
 github.com/threatcl/spec v0.2.3/go.mod h1:Qe8mAmBX1tC/BRb0ydtZXBkpiTki9Fj0v1GzL9kSDzk=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=