tasks/todo.md

# Sprint 0 — Mimic

Repo skeleton + foundational modules. Nothing that depends on PR1/PR2/PR3.

## Backend (`backend`) — done in `feature/backend-skeleton`

- [x] B0.1 — `backend/` Python 3.12+ project: `pyproject.toml` (ruff, mypy strict, pytest,
      coverage 70 %), `Makefile` (Docker/Podman auto), multi-stage `Dockerfile`,
      `docker-compose.yml` for Postgres dev DB, `.env.example`.
- [x] B0.2 — Alembic baseline migration `202605210001_initial_schema` creates every table,
      enum, index, and the idempotent grants for the audit write-only Postgres role. **No
      `ttp_version` table** (D-009). Groups `rt_operator`, `rt_lead`, `soc_analyst` seeded
      with the exact F11 permission matrix (D-008).
- [x] B0.3 — SQLAlchemy 2 typed mapped classes for every spec §8 aggregate (engagement,
      host, user/group RBAC, ttp, scenario/scenario_step, run/run_step/cleanup, detection,
      evidence, report, soc_session, c2_credential, audit_log).
- [x] B0.4 — `C2Connector` ABC + dataclasses + `payload_type` enum + factory keyed on
      `c2_type`. Mythic payload map populated; Home stays empty until PR2.
- [x] B0.5 — Jinja2 SandboxedEnvironment, `regex_extract` filter (`google-re2` hard
      dependency per D-011, raises `RuntimeError` at boot if absent — no `re` fallback),
      fail-loud no-match, `{{ outputs.text }}` / `{{ outputs.blob() }}` accessors
      reading gzip-compressed blobs with 10 MB cap.
- [x] B0.6 — bcrypt password helpers + SOC opaque token (256-bit url-safe, bcrypt-hashed) +
      group-based RBAC matrix matching F11 + `@require_perm` decorator.
- [x] B0.7 — Flat CRUD blueprints for engagements / hosts / TTPs / scenarios (incl. step
      composition with F3 invariant `host.c2_type == scenario.c2_type`).
- [x] B0.8 — pytest baseline: unit tests passing, integration scaffold ready
      (testcontainers Postgres + `/healthz` smoke).

## Backend follow-ups (sprint 1+)

Tracked from code-review verdict on `feature/backend-skeleton` @ 12d131c:

### MINOR (8) — to schedule

- **M1** — Replace `parse_uuid` integer-ish lookup with `werkzeug` UUID converter on
  the routes (`<uuid:eid>`) to avoid the 404 on malformed strings being hidden by
  the 400 path.
- **M2** — Add OpenAPI generation (Pydantic 2 + `flask-pydantic-openapi` or hand-rolled).
- **M3** — Wire `flask-limiter` for `/auth/local/login` (NF-network).
- **M4** — Replace string-based `Engagement.status` setter with a typed transition method.
- **M5** — Introduce per-engagement read view that pre-joins `engagement_member` for
  RT operator dashboards (current per-request join is fine for v1 traffic, but
  re-evaluate at scale).
- **M6** — `mimic-cli user create` does not handle the SOC user-type (intended, but
  document and gate explicitly with a clean error message).
- **M7** — Add a `mimic-cli` `engagement add-member <uid> --role rt_operator` shortcut so
  the F11 scoping in MA6 is reachable from the CLI without manual SQL.
- **M8** — _(fixed in MA1 follow-up commit)_ Initial migration docstring no longer
  references `ttp_version`.

### NIT (6) — opportunistic

- **N1** — Sort imports inside `mimic.db.models.__init__` alphabetically for diff
  stability.
- **N2** — Extract the `_engagement_or_404` duplicated body into a shared helper.
- **N3** — Replace the inline `Permission.TTP_PROMOTE not in perms` check in `ttps.py`
  with a second `@require_perm`-style decorator.
- **N4** — _(fixed)_ `gunicorn` added to `pyproject.toml` dependencies.
- **N5** — Replace bare `getattr(current_user, "groups", frozenset())` accesses by a
  thin `current_groups()` helper.
- **N6** — `tests/integration/conftest.py` uses `db.create_all()` instead of running
  Alembic. Marked with a TODO; switch over once the F11 seed must be exercised in
  integration. Plan: convert to `alembic upgrade head` once the audit role
  bootstrap lives in the playbook (D-010).

## Frontend (`ux-frontend`)

- [ ] F0.1 — `frontend/` Vite + React + TypeScript strict + Tailwind 4 + TanStack Query 5,
      eslint strict + prettier, Playwright skeleton.
- [ ] F0.2 — Design system provisional: semantic tokens in `theme.css` (status colors, RT accent,
      data mono / UI sans), dark-first palette, placeholder logo.
- [ ] F0.3 — Wireframes (via `frontend-design` skill) on mock data:
      Login + engagement selection, Live cockpit, Scenario composer,
      Report + MITRE matrix, TTP library + import.
- [ ] F0.4 — Routing skeleton + role-aware layout shell (no real auth wired yet).

## Spec / Docs (`spec-analyst`)

- [ ] S0.1 — Cross-check the data model in B0.2 against §8 of the spec; report deltas before merge.
- [ ] S0.2 — Cross-check the RBAC matrix in B0.6 against F11; report deltas before merge.
- [ ] S0.3 — Maintain `tasks/spec-decisions.md` as new arbitrations land.
- [ ] S0.4 — Open `docs/architecture.md` once backend layout is committed.

## Review (`code-reviewer`)

- [ ] R0.1 — Review each PR per the published charter; block on security/OPSEC violations.
- [ ] R0.2 — Verify mypy strict and ruff clean before approving any backend PR.
- [ ] R0.3 — Verify TS strict, no `useEffect(fetch)`, exhaustive deps before approving any frontend PR.

## Conventions

- Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`.
- Commits: Conventional Commits (`feat:`, `fix:`, `chore:`, `docs:`, `test:`, `refactor:`).
- PRs: each branch → review (`code-reviewer`) → team-lead merges.
- No direct push to `main`.
chore: bootstrap repo skeleton with sprint 0 plan - .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:10:47 +02:00			`# Sprint 0 — Mimic`

			`Repo skeleton + foundational modules. Nothing that depends on PR1/PR2/PR3.`

docs: update CHANGELOG + tasks for the backend skeleton sprint 0 - CHANGELOG.md: detail every B0.1..B0.8 deliverable + spec deltas D-008 (ttp_version coexists), D-009 (audit hash chain v1), D-010 (no type_annotation_map on declarative base). - tasks/todo.md: tick every B0.x item. - tasks/spec-decisions.md: log D-008, D-009, D-010 alongside the pre-existing D-001..D-007. 2026-05-21 20:34:19 +02:00			## Backend (`backend`) — done in `feature/backend-skeleton`
chore: bootstrap repo skeleton with sprint 0 plan - .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:10:47 +02:00
docs: update CHANGELOG + tasks for the backend skeleton sprint 0 - CHANGELOG.md: detail every B0.1..B0.8 deliverable + spec deltas D-008 (ttp_version coexists), D-009 (audit hash chain v1), D-010 (no type_annotation_map on declarative base). - tasks/todo.md: tick every B0.x item. - tasks/spec-decisions.md: log D-008, D-009, D-010 alongside the pre-existing D-001..D-007. 2026-05-21 20:34:19 +02:00			- [x] B0.1 — `backend/` Python 3.12+ project: `pyproject.toml` (ruff, mypy strict, pytest,
			coverage 70 %), `Makefile` (Docker/Podman auto), multi-stage `Dockerfile`,
			`docker-compose.yml` for Postgres dev DB, `.env.example`.
			- [x] B0.2 — Alembic baseline migration `202605210001_initial_schema` creates every table,
			`enum, index, and the idempotent grants for the audit write-only Postgres role. **No`
			`ttp_version` table** (D-009). Groups `rt_operator`, `rt_lead`, `soc_analyst` seeded
			`with the exact F11 permission matrix (D-008).`
			`- [x] B0.3 — SQLAlchemy 2 typed mapped classes for every spec §8 aggregate (engagement,`
			`host, user/group RBAC, ttp, scenario/scenario_step, run/run_step/cleanup, detection,`
			`evidence, report, soc_session, c2_credential, audit_log).`
			- [x] B0.4 — `C2Connector` ABC + dataclasses + `payload_type` enum + factory keyed on
			`c2_type`. Mythic payload map populated; Home stays empty until PR2.
docs(backend): track sprint-0 follow-ups + flag integration migration gap - `tasks/todo.md`: B0.5 description updated (re2 hard dep, no fallback); add a "Backend follow-ups (sprint 1+)" section with M1-M7 + N1-N6 from the code-review verdict. - `CHANGELOG.md`: backend skeleton bullets refreshed (no re fallback, streaming blob store, audit + scope on CRUD, 56 unit tests); new "Code-review remediation" subsection lists B1 / MA1-MA6 / N4 / N6 / M8 with one-line rationale each. - `tests/integration/conftest.py`: leave `db.create_all()` in place but add an inline TODO (N6) pointing at the Alembic switchover that will exercise the F11 seed + audit-log role grants in CI. 2026-05-22 05:25:04 +02:00			- [x] B0.5 — Jinja2 SandboxedEnvironment, `regex_extract` filter (`google-re2` hard
			dependency per D-011, raises `RuntimeError` at boot if absent — no `re` fallback),
			fail-loud no-match, `{{ outputs.text }}` / `{{ outputs.blob() }}` accessors
			`reading gzip-compressed blobs with 10 MB cap.`
docs: update CHANGELOG + tasks for the backend skeleton sprint 0 - CHANGELOG.md: detail every B0.1..B0.8 deliverable + spec deltas D-008 (ttp_version coexists), D-009 (audit hash chain v1), D-010 (no type_annotation_map on declarative base). - tasks/todo.md: tick every B0.x item. - tasks/spec-decisions.md: log D-008, D-009, D-010 alongside the pre-existing D-001..D-007. 2026-05-21 20:34:19 +02:00			`- [x] B0.6 — bcrypt password helpers + SOC opaque token (256-bit url-safe, bcrypt-hashed) +`
			group-based RBAC matrix matching F11 + `@require_perm` decorator.
			`- [x] B0.7 — Flat CRUD blueprints for engagements / hosts / TTPs / scenarios (incl. step`
			composition with F3 invariant `host.c2_type == scenario.c2_type`).
			`- [x] B0.8 — pytest baseline: unit tests passing, integration scaffold ready`
			(testcontainers Postgres + `/healthz` smoke).
chore: bootstrap repo skeleton with sprint 0 plan - .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:10:47 +02:00
docs(backend): track sprint-0 follow-ups + flag integration migration gap - `tasks/todo.md`: B0.5 description updated (re2 hard dep, no fallback); add a "Backend follow-ups (sprint 1+)" section with M1-M7 + N1-N6 from the code-review verdict. - `CHANGELOG.md`: backend skeleton bullets refreshed (no re fallback, streaming blob store, audit + scope on CRUD, 56 unit tests); new "Code-review remediation" subsection lists B1 / MA1-MA6 / N4 / N6 / M8 with one-line rationale each. - `tests/integration/conftest.py`: leave `db.create_all()` in place but add an inline TODO (N6) pointing at the Alembic switchover that will exercise the F11 seed + audit-log role grants in CI. 2026-05-22 05:25:04 +02:00			`## Backend follow-ups (sprint 1+)`

			Tracked from code-review verdict on `feature/backend-skeleton` @ 12d131c:

			`### MINOR (8) — to schedule`

			- M1 — Replace `parse_uuid` integer-ish lookup with `werkzeug` UUID converter on
			the routes (`<uuid:eid>`) to avoid the 404 on malformed strings being hidden by
			`the 400 path.`
			- M2 — Add OpenAPI generation (Pydantic 2 + `flask-pydantic-openapi` or hand-rolled).
			- M3 — Wire `flask-limiter` for `/auth/local/login` (NF-network).
			- M4 — Replace string-based `Engagement.status` setter with a typed transition method.
			- M5 — Introduce per-engagement read view that pre-joins `engagement_member` for
			`RT operator dashboards (current per-request join is fine for v1 traffic, but`
			`re-evaluate at scale).`
			- M6 — `mimic-cli user create` does not handle the SOC user-type (intended, but
			`document and gate explicitly with a clean error message).`
			- M7 — Add a `mimic-cli` `engagement add-member <uid> --role rt_operator` shortcut so
			`the F11 scoping in MA6 is reachable from the CLI without manual SQL.`
			`- M8 — _(fixed in MA1 follow-up commit)_ Initial migration docstring no longer`
			references `ttp_version`.

			`### NIT (6) — opportunistic`

			- N1 — Sort imports inside `mimic.db.models.__init__` alphabetically for diff
			`stability.`
			- N2 — Extract the `_engagement_or_404` duplicated body into a shared helper.
			- N3 — Replace the inline `Permission.TTP_PROMOTE not in perms` check in `ttps.py`
			with a second `@require_perm`-style decorator.
			- N4 — _(fixed)_ `gunicorn` added to `pyproject.toml` dependencies.
			- N5 — Replace bare `getattr(current_user, "groups", frozenset())` accesses by a
			thin `current_groups()` helper.
			- N6 — `tests/integration/conftest.py` uses `db.create_all()` instead of running
			`Alembic. Marked with a TODO; switch over once the F11 seed must be exercised in`
			integration. Plan: convert to `alembic upgrade head` once the audit role
			`bootstrap lives in the playbook (D-010).`

chore: bootstrap repo skeleton with sprint 0 plan - .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:10:47 +02:00			## Frontend (`ux-frontend`)

			- [ ] F0.1 — `frontend/` Vite + React + TypeScript strict + Tailwind 4 + TanStack Query 5,
			`eslint strict + prettier, Playwright skeleton.`
			- [ ] F0.2 — Design system provisional: semantic tokens in `theme.css` (status colors, RT accent,
			`data mono / UI sans), dark-first palette, placeholder logo.`
			- [ ] F0.3 — Wireframes (via `frontend-design` skill) on mock data:
			`Login + engagement selection, Live cockpit, Scenario composer,`
			`Report + MITRE matrix, TTP library + import.`
			`- [ ] F0.4 — Routing skeleton + role-aware layout shell (no real auth wired yet).`

			## Spec / Docs (`spec-analyst`)

			`- [ ] S0.1 — Cross-check the data model in B0.2 against §8 of the spec; report deltas before merge.`
			`- [ ] S0.2 — Cross-check the RBAC matrix in B0.6 against F11; report deltas before merge.`
			- [ ] S0.3 — Maintain `tasks/spec-decisions.md` as new arbitrations land.
			- [ ] S0.4 — Open `docs/architecture.md` once backend layout is committed.

			## Review (`code-reviewer`)

			`- [ ] R0.1 — Review each PR per the published charter; block on security/OPSEC violations.`
			`- [ ] R0.2 — Verify mypy strict and ruff clean before approving any backend PR.`
			- [ ] R0.3 — Verify TS strict, no `useEffect(fetch)`, exhaustive deps before approving any frontend PR.

			`## Conventions`

			- Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`.
			- Commits: Conventional Commits (`feat:`, `fix:`, `chore:`, `docs:`, `test:`, `refactor:`).
			- PRs: each branch → review (`code-reviewer`) → team-lead merges.
			- No direct push to `main`.