README.md

# Mimic

Internal BAS (Breach & Attack Simulation) platform for the Red Team.
Replays TTPs from engagement journals or an internal ATT&CK library against
client infrastructure through VPN/relay, in white-glove coordination with the SOC.

**Output**: a coverage report mapped to MITRE ATT&CK — measurable, reproducible, archived.

## Status

`ready-with-prereqs` — spec frozen on 2026-05-19, 23 review patches integrated.
Code start blocked on:

- **PR1** — Mythic API documentation + pinned version (lead RT)
- **PR2** — Internal C2 interface spec + journal export example (internal C2 team)
- **PR3** — RT graphic charter for the PDF report (lead RT)

While PR1/PR2/PR3 are open, sprint 0 focuses on the unblocked skeleton.

## Spec

The authoritative spec lives in the RT-SecondBrain vault:
`Projects/Mimic — Spec.md`. Do not duplicate it here.

In-repo documentation:

- `CHANGELOG.md` — chronological log of features, decisions, rollbacks.
- `tasks/spec-decisions.md` — implementation arbitrations on top of the spec.
- `tasks/todo.md` — current sprint backlog.

## Stack (frozen)

- **Backend** Python 3.12 / Flask / Flask-SocketIO / SQLAlchemy 2 / Pydantic 2 / Alembic / WeasyPrint / pytest + testcontainers / ruff / mypy strict
- **Frontend** TypeScript / React 18+ / Vite / Tailwind 4 / TanStack Query 5 / Recharts / Playwright
- **Storage** Postgres (prod) / SQLite (pure-logic unit tests) / testcontainers Postgres (audit log, RBAC, write-only role — incl. unit tests of Postgres-specific behavior, per H38)
- **Deploy** Docker images + Ansible deployment playbook (per D-010). Reverse proxy (Caddy + TLS + IP allowlist) handled by existing RT infrastructure, out of Mimic scope (D-007).

## Layout

```
mimic/
├── backend/    # Flask app, connectors, orchestrator, reporting, CLI
├── frontend/   # Vite + React app
├── docs/       # Architecture notes, ADRs, deployment
└── tasks/      # Sprint backlog, decisions, lessons
```

## Conventions

- Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`.
- Commits: Conventional Commits (`feat:`, `fix:`, `chore:`, `docs:`, `test:`, `refactor:`).
- PRs: each branch → review (`code-reviewer`) → team-lead merges. No direct push to `main`.

## Build & run

`make` targets land at the end of sprint 0. For now the repo is skeleton-only.

## Licensing

Internal — proprietary, RT use only. Do not redistribute.
chore: bootstrap repo skeleton with sprint 0 plan - .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:10:47 +02:00			`# Mimic`

			`Internal BAS (Breach & Attack Simulation) platform for the Red Team.`
			`Replays TTPs from engagement journals or an internal ATT&CK library against`
			`client infrastructure through VPN/relay, in white-glove coordination with the SOC.`

			`Output: a coverage report mapped to MITRE ATT&CK — measurable, reproducible, archived.`

			`## Status`

			`ready-with-prereqs` — spec frozen on 2026-05-19, 23 review patches integrated.
			`Code start blocked on:`

			`- PR1 — Mythic API documentation + pinned version (lead RT)`
			`- PR2 — Internal C2 interface spec + journal export example (internal C2 team)`
			`- PR3 — RT graphic charter for the PDF report (lead RT)`

			`While PR1/PR2/PR3 are open, sprint 0 focuses on the unblocked skeleton.`

			`## Spec`

			`The authoritative spec lives in the RT-SecondBrain vault:`
			`Projects/Mimic — Spec.md`. Do not duplicate it here.

			`In-repo documentation:`

			- `CHANGELOG.md` — chronological log of features, decisions, rollbacks.
			- `tasks/spec-decisions.md` — implementation arbitrations on top of the spec.
			- `tasks/todo.md` — current sprint backlog.

			`## Stack (frozen)`

			`- Backend Python 3.12 / Flask / Flask-SocketIO / SQLAlchemy 2 / Pydantic 2 / Alembic / WeasyPrint / pytest + testcontainers / ruff / mypy strict`
			`- Frontend TypeScript / React 18+ / Vite / Tailwind 4 / TanStack Query 5 / Recharts / Playwright`
chore: tighten gitignore, align README stack, formalize D-010 (Ansible) - .gitignore: add Keycloak/Mythic/Fernet secret patterns (pfx, p12, token, kdbx, credentials.json, secrets.json, service-account*.json), MSVC artifacts (lib, exp, idb, ilk, tlog), dedup dist/build/ between Python and Node blocks. - README.md: align Storage line on H38 (testcontainers Postgres for Postgres- specific behavior, incl. unit tests of audit log / RBAC / write-only role). - README.md: align Deploy line on D-007/D-010 — Docker + Ansible playbook, reverse proxy explicitly out-of-Mimic. - README.md: add proprietary internal use notice. - CHANGELOG.md: convert markdown link to inline URL (no dangling reference). - tasks/spec-decisions.md: add D-010 (Ansible for deployment playbook). Addresses code-reviewer M1/M2/M3 + N2/N3/N4/N6 on commit 047583e. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:16:40 +02:00			`- Storage Postgres (prod) / SQLite (pure-logic unit tests) / testcontainers Postgres (audit log, RBAC, write-only role — incl. unit tests of Postgres-specific behavior, per H38)`
			`- Deploy Docker images + Ansible deployment playbook (per D-010). Reverse proxy (Caddy + TLS + IP allowlist) handled by existing RT infrastructure, out of Mimic scope (D-007).`
chore: bootstrap repo skeleton with sprint 0 plan - .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:10:47 +02:00
			`## Layout`

			```
			`mimic/`
			`├── backend/ # Flask app, connectors, orchestrator, reporting, CLI`
			`├── frontend/ # Vite + React app`
			`├── docs/ # Architecture notes, ADRs, deployment`
			`└── tasks/ # Sprint backlog, decisions, lessons`
			```

			`## Conventions`

			- Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`.
			- Commits: Conventional Commits (`feat:`, `fix:`, `chore:`, `docs:`, `test:`, `refactor:`).
			- PRs: each branch → review (`code-reviewer`) → team-lead merges. No direct push to `main`.

			`## Build & run`

			`make` targets land at the end of sprint 0. For now the repo is skeleton-only.
chore: tighten gitignore, align README stack, formalize D-010 (Ansible) - .gitignore: add Keycloak/Mythic/Fernet secret patterns (pfx, p12, token, kdbx, credentials.json, secrets.json, service-account*.json), MSVC artifacts (lib, exp, idb, ilk, tlog), dedup dist/build/ between Python and Node blocks. - README.md: align Storage line on H38 (testcontainers Postgres for Postgres- specific behavior, incl. unit tests of audit log / RBAC / write-only role). - README.md: align Deploy line on D-007/D-010 — Docker + Ansible playbook, reverse proxy explicitly out-of-Mimic. - README.md: add proprietary internal use notice. - CHANGELOG.md: convert markdown link to inline URL (no dangling reference). - tasks/spec-decisions.md: add D-010 (Ansible for deployment playbook). Addresses code-reviewer M1/M2/M3 + N2/N3/N4/N6 on commit 047583e. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:16:40 +02:00
			`## Licensing`

			`Internal — proprietary, RT use only. Do not redistribute.`