CHANGELOG.md

# Changelog

All notable changes to Mimic. Format inspired by [Keep a Changelog](https://keepachangelog.com).
Versioning starts at `0.1.0` when sprint 0 lands.

## [Unreleased]

### Team decisions (2026-05-21)

- **Q1** — SOC client collaboration in the live cockpit is assumed valid (no PoC sheet).
- **Q2** — Mimic is deployed on RT infrastructure (not at client). SOC client connects over
  the internet through the existing RT reverse proxy (out of Mimic scope).
- **Q3** — Project framed as "improve the existing shared sheet workflow", not "rebuild Caldera".
- **T2** — C2 credentials stored in a dedicated `c2_credential` table with version + retirement
  (Fernet-encrypted `config_json`). Active row per engagement = `retired_at IS NULL`, max version.
- **T3** — Jinja templating exposes two accessors: `{{outputs.text}}` (stdout) and
  `{{outputs.blob("key")}}` (binary, 10 MB cap, UTF-8 with latin-1 fallback).
- **T4** — `soc_session.token_opaque` stores a bcrypt hash; the clear token is delivered
  out-of-band and never re-displayable.
- **Auth** — v1: local user/password (bcrypt + Flask session). v2: Keycloak OIDC mapping
  onto the same group model. RBAC is group-based from day one.

### Sprint 0 in progress

Repo skeleton, data model, `C2Connector` ABC, Jinja2 sandbox, local auth + RBAC, flat CRUD,
UX wireframes (mock data). No real connector, no reporting until PR1/PR2/PR3 land.
chore: bootstrap repo skeleton with sprint 0 plan - .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-21 20:10:47 +02:00			`# Changelog`

			`All notable changes to Mimic. Format inspired by [Keep a Changelog](https://keepachangelog.com).`
			Versioning starts at `0.1.0` when sprint 0 lands.

			`## [Unreleased]`

			`### Team decisions (2026-05-21)`

			`- Q1 — SOC client collaboration in the live cockpit is assumed valid (no PoC sheet).`
			`- Q2 — Mimic is deployed on RT infrastructure (not at client). SOC client connects over`
			`the internet through the existing RT reverse proxy (out of Mimic scope).`
			`- Q3 — Project framed as "improve the existing shared sheet workflow", not "rebuild Caldera".`
			- T2 — C2 credentials stored in a dedicated `c2_credential` table with version + retirement
			(Fernet-encrypted `config_json`). Active row per engagement = `retired_at IS NULL`, max version.
			- T3 — Jinja templating exposes two accessors: `{{outputs.text}}` (stdout) and
			`{{outputs.blob("key")}}` (binary, 10 MB cap, UTF-8 with latin-1 fallback).
			- T4 — `soc_session.token_opaque` stores a bcrypt hash; the clear token is delivered
			`out-of-band and never re-displayable.`
			`- Auth — v1: local user/password (bcrypt + Flask session). v2: Keycloak OIDC mapping`
			`onto the same group model. RBAC is group-based from day one.`

			`### Sprint 0 in progress`

			Repo skeleton, data model, `C2Connector` ABC, Jinja2 sandbox, local auth + RBAC, flat CRUD,
			`UX wireframes (mock data). No real connector, no reporting until PR1/PR2/PR3 land.`