ArchiteX Report — HIGH (9.0/10)

Severity: HIGH Status: FAIL Score: 9.0/10 Tool: ArchiteX 0.5.0 Generated: 2026-04-21T09:14:02Z

Plain-English Summary

Added 1 entry-point resource. Modified 1 access-control resource. Connectivity changed: 2 new dependency edges. A previously private resource is now publicly accessible, increasing the blast radius of this change.

Suggested Review Focus

Risk Reasons

Weight	Rule	Impact	Resource	Message
4.0	public_exposure_introduced	exposure	aws_security_group.web	Resource aws_security_group.web became publicly accessible.
3.0	new_entry_point	exposure	aws_lb.web	New public entry point aws_lb.web introduced.
2.0	potential_data_exposure	data_exposure	—	Public exposure introduced in presence of data resources or security-related changes. Review potential data exposure risk.

Weight

Rule

Impact

Resource

Message

4.0

public_exposure_introduced

exposure

aws_security_group.web

Resource aws_security_group.web became publicly accessible.

3.0

new_entry_point

exposure

aws_lb.web

New public entry point aws_lb.web introduced.

2.0

potential_data_exposure

data_exposure

—

Public exposure introduced in presence of data resources or security-related changes. Review potential data exposure risk.

Delta Summary

Metric	Count
Added nodes	1
Removed nodes	0
Changed nodes	1
Added edges	2
Removed edges	0

Metric

Count

Added nodes

Removed nodes

Changed nodes

Added edges

Removed edges

Delta Diagram (Mermaid source)

Open in Mermaid Live ↗ (this is the only network action and only fires when YOU click it)

flowchart LR classDef added stroke:#28a745,stroke-width:2px classDef removed stroke:#dc3545,stroke-width:2px,stroke-dasharray: 5 5 classDef changed stroke:#d39e00,stroke-width:2px classDef context stroke:#6c757d,stroke-width:1px classDef truncated stroke:#6f42c1,stroke-width:2px,stroke-dasharray: 2 2 aws_lb_web["+ entry_point: aws_lb.web"]:::added aws_security_group_web["~ access_control: aws_security_group.web"]:::changed aws_subnet_public["network: aws_subnet.public"]:::context aws_lb_web -->|attached_to| aws_security_group_web aws_lb_web -->|deployed_in| aws_subnet_public

Audit Manifest

SHA-256 checksums for each artifact in this bundle. Use them to verify nothing was tampered with after generation.

File	SHA-256
diagram.mmd	9e4c84f931b4d92c600100d4ef96a62ef3655c0fa39abe7646ec83253034674b
egress.json	acedc316d1ff653139ace403dccbedfc7ee954f9b38386e811a48444cfffec53
score.json	e14a7dcb7ee4f7d41774c64726b83ba2d6b675779dad553555fdb4b4d999e672
summary.md	b83bda022a8c4bf6fbfbd21c8ec3a7439d86450118a47ba261d58f5c46267744

File

SHA-256

diagram.mmd

9e4c84f931b4d92c600100d4ef96a62ef3655c0fa39abe7646ec83253034674b

egress.json

acedc316d1ff653139ace403dccbedfc7ee954f9b38386e811a48444cfffec53

score.json

e14a7dcb7ee4f7d41774c64726b83ba2d6b675779dad553555fdb4b4d999e672

summary.md

b83bda022a8c4bf6fbfbd21c8ec3a7439d86450118a47ba261d58f5c46267744