chore: bootstrap repo skeleton with sprint 0 plan
- .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
knacky
7
tasks/lessons.md
Normal file
7
tasks/lessons.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# Lessons
|
||||
|
||||
Patterns to remember across sprints. Updated after every correction or non-obvious decision.
|
||||
|
||||
---
|
||||
|
||||
(empty — populated as work progresses)
|
||||
58
tasks/spec-decisions.md
Normal file
58
tasks/spec-decisions.md
Normal file
@@ -0,0 +1,58 @@
|
||||
# Spec decisions log
|
||||
|
||||
This file tracks implementation arbitrations *on top* of the frozen spec
|
||||
(`Projects/Mimic — Spec.md` in the RT-SecondBrain vault).
|
||||
|
||||
Format: one entry per decision, newest first.
|
||||
|
||||
---
|
||||
|
||||
## 2026-05-21 — Team kickoff decisions
|
||||
|
||||
### D-001 — SOC collaboration hypothesis
|
||||
**Context.** Devils-advocate flagged the sociological assumption that SOC analysts
|
||||
will cote in the live cockpit.
|
||||
**Decision.** Hypothesis accepted as-is. No paper PoC. Risk owned by lead RT.
|
||||
|
||||
### D-002 — Mimic deployment location
|
||||
**Context.** Spec §6 NF-network did not pin where Mimic is physically deployed.
|
||||
**Decision.** Mimic runs on RT infrastructure. SOC client connects through the
|
||||
existing RT reverse proxy (Caddy, out of Mimic scope). Mimic → Mythic / Home C2
|
||||
through outbound VPN. RT R&D (TTP library, stealthy variants) never sits on
|
||||
client premises.
|
||||
|
||||
### D-003 — Authentication strategy
|
||||
**Context.** Spec mentions OIDC Keycloak but lab onboarding cost is high.
|
||||
**Decision.** v1 ships **local auth** (username/password, bcrypt, Flask server-side
|
||||
sessions). v2 adds Keycloak OIDC. The RBAC model is **group-based from day one**,
|
||||
so OIDC will map claims to existing groups without touching application code.
|
||||
SOC sessions remain a distinct mechanism (`soc_session.token_opaque` bcrypt hash,
|
||||
clear token out-of-band).
|
||||
|
||||
### D-004 — C2 credential storage (T2)
|
||||
**Context.** Engagement.config_json (encrypted JSON column) vs dedicated table.
|
||||
**Decision.** Dedicated table `c2_credential (id, engagement_id, c2_type,
|
||||
config_json_fernet, version, created_at, retired_at)`. Active row per engagement =
|
||||
`retired_at IS NULL`, highest version. Rotation = insert + retire previous.
|
||||
Fernet key in env, never in DB.
|
||||
|
||||
### D-005 — Cleanup template variable sources (T3)
|
||||
**Context.** Jinja `{{outputs.X}}` source ambiguity.
|
||||
**Decision.** Two accessors:
|
||||
- `{{outputs.text}}` → `run_step.output_text` (stdout/UTF-8 text).
|
||||
- `{{outputs.blob("<key>")}}` → reads from `output_blob_ref`, hard cap **10 MB**
|
||||
(consistent with F8 evidence limit), UTF-8 decoding with latin-1 fallback,
|
||||
silent refusal + log entry if the blob is non-decodable.
|
||||
`regex_extract` always operates on the resulting string.
|
||||
|
||||
### D-006 — SOC session token storage (T4)
|
||||
**Context.** `soc_session.token_opaque` storage form.
|
||||
**Decision.** bcrypt hash. Clear token generated server-side at session creation,
|
||||
returned **once** in the API response, delivered out-of-band to the SOC analyst.
|
||||
Never re-displayable.
|
||||
|
||||
### D-007 — Reverse proxy scope
|
||||
**Context.** Mimic exposure to internet for SOC client access.
|
||||
**Decision.** Reverse proxy (Caddy + TLS + IP allowlist) handled by existing RT
|
||||
infrastructure. Mimic ships an HTTP listener on localhost only; the deployment
|
||||
playbook wires it behind the existing proxy.
|
||||
52
tasks/todo.md
Normal file
52
tasks/todo.md
Normal file
@@ -0,0 +1,52 @@
|
||||
# Sprint 0 — Mimic
|
||||
|
||||
Repo skeleton + foundational modules. Nothing that depends on PR1/PR2/PR3.
|
||||
|
||||
## Backend (`backend`)
|
||||
|
||||
- [ ] B0.1 — `backend/` Python project: `pyproject.toml` (ruff, mypy strict, pytest, coverage),
|
||||
`Makefile`, `Dockerfile`, `docker-compose.yml` for Postgres dev DB.
|
||||
- [ ] B0.2 — Alembic init + complete initial migration covering the §8 schema (incl. `ttp_version`,
|
||||
`c2_credential`, `user`, `group`, `user_group`, `permission`, `group_permission`,
|
||||
`soc_session`, audit_log with write-only Postgres role).
|
||||
- [ ] B0.3 — SQLAlchemy 2 typed mapped classes for every table + repositories scaffold.
|
||||
- [ ] B0.4 — `C2Connector` ABC + dataclasses (`Payload`, `TaskHandle`, `TaskResult`) + enum
|
||||
`payload_type` + factory keyed on `c2_type`. **No real implementation.**
|
||||
- [ ] B0.5 — Jinja2 SandboxedEnvironment + `regex_extract` filter via `google-re2` +
|
||||
`{{outputs.text}}` and `{{outputs.blob(key)}}` accessors with 10 MB cap.
|
||||
- [ ] B0.6 — Local auth (login/password bcrypt + Flask server-side sessions) + RBAC
|
||||
group-based decorators + F11 permission matrix declared in code.
|
||||
- [ ] B0.7 — Flat CRUD endpoints (engagements, hosts, TTPs, scenarios) — no orchestration,
|
||||
no WebSocket, no reporting yet.
|
||||
- [ ] B0.8 — pytest baseline: unit (SQLite) + integration scaffold (testcontainers Postgres).
|
||||
|
||||
## Frontend (`ux-frontend`)
|
||||
|
||||
- [ ] F0.1 — `frontend/` Vite + React + TypeScript strict + Tailwind 4 + TanStack Query 5,
|
||||
eslint strict + prettier, Playwright skeleton.
|
||||
- [ ] F0.2 — Design system provisional: semantic tokens in `theme.css` (status colors, RT accent,
|
||||
data mono / UI sans), dark-first palette, placeholder logo.
|
||||
- [ ] F0.3 — Wireframes (via `frontend-design` skill) on mock data:
|
||||
Login + engagement selection, Live cockpit, Scenario composer,
|
||||
Report + MITRE matrix, TTP library + import.
|
||||
- [ ] F0.4 — Routing skeleton + role-aware layout shell (no real auth wired yet).
|
||||
|
||||
## Spec / Docs (`spec-analyst`)
|
||||
|
||||
- [ ] S0.1 — Cross-check the data model in B0.2 against §8 of the spec; report deltas before merge.
|
||||
- [ ] S0.2 — Cross-check the RBAC matrix in B0.6 against F11; report deltas before merge.
|
||||
- [ ] S0.3 — Maintain `tasks/spec-decisions.md` as new arbitrations land.
|
||||
- [ ] S0.4 — Open `docs/architecture.md` once backend layout is committed.
|
||||
|
||||
## Review (`code-reviewer`)
|
||||
|
||||
- [ ] R0.1 — Review each PR per the published charter; block on security/OPSEC violations.
|
||||
- [ ] R0.2 — Verify mypy strict and ruff clean before approving any backend PR.
|
||||
- [ ] R0.3 — Verify TS strict, no `useEffect(fetch)`, exhaustive deps before approving any frontend PR.
|
||||
|
||||
## Conventions
|
||||
|
||||
- Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`.
|
||||
- Commits: Conventional Commits (`feat:`, `fix:`, `chore:`, `docs:`, `test:`, `refactor:`).
|
||||
- PRs: each branch → review (`code-reviewer`) → team-lead merges.
|
||||
- No direct push to `main`.
|
||||
Reference in New Issue
Block a user