From 0d7130c49909d92c1567a2d52690d3842d0982f3 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" <nick@koston.org>
Date: Sun, 21 Jun 2026 16:48:21 -0500
Subject: [PATCH] [docs] Remove leftover dashboard references after dashboard
 removal (#17125)

---
 AGENTS.md       | 2 +-
 THREAT_MODEL.md | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index be2e912d48..21905ea356 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -14,7 +14,7 @@ This document provides essential context for AI models interacting with this pro
 *   **Build Systems:** PlatformIO is the primary build system. CMake is used as an alternative.
 *   **Configuration:** YAML.
 *   **Key Libraries/Dependencies:**
-    *   **Python:** `voluptuous` (for configuration validation), `PyYAML` (for parsing configuration files), `paho-mqtt` (for MQTT communication), `tornado` (for the web server), `aioesphomeapi` (for the native API).
+    *   **Python:** `voluptuous` (for configuration validation), `PyYAML` (for parsing configuration files), `paho-mqtt` (for MQTT communication), `aioesphomeapi` (for the native API).
     *   **C++:** `ArduinoJson` (for JSON serialization/deserialization), `AsyncMqttClient-esphome` (for MQTT), `ESPAsyncWebServer` (for the web server).
 *   **Package Manager(s):** `pip` (for Python dependencies), `platformio` (for C++/PlatformIO dependencies).
 *   **Communication Protocols:** Protobuf (for native API), MQTT, HTTP.
diff --git a/THREAT_MODEL.md b/THREAT_MODEL.md
index a4640467c9..a4355a5055 100644
--- a/THREAT_MODEL.md
+++ b/THREAT_MODEL.md
@@ -88,8 +88,6 @@ These *are* security bugs in this repo, and we want to hear about them privately
   holds the API key / OTA / web credentials).
 - Anything in the dashboard / device-builder — report that in its own repository
   (linked at the top).
-- The legacy bundled dashboard in this repo (`esphome/dashboard/`) — it is
-  deprecated and being replaced by Device Builder; report dashboard issues there.
 - Deployments where the operator removed protections or exposed credentials. See
   the security best practices guide:
   https://esphome.io/guides/security_best_practices/