From 4ecf4b0b0e52126c96d91cb3b07ce64ba7549731 Mon Sep 17 00:00:00 2001 From: knacky Date: Thu, 21 May 2026 20:16:40 +0200 Subject: [PATCH] chore: tighten gitignore, align README stack, formalize D-010 (Ansible) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - .gitignore: add Keycloak/Mythic/Fernet secret patterns (pfx, p12, token, kdbx, credentials.json, secrets.json, service-account*.json), MSVC artifacts (lib, exp, idb, ilk, tlog), dedup dist/build/ between Python and Node blocks. - README.md: align Storage line on H38 (testcontainers Postgres for Postgres- specific behavior, incl. unit tests of audit log / RBAC / write-only role). - README.md: align Deploy line on D-007/D-010 — Docker + Ansible playbook, reverse proxy explicitly out-of-Mimic. - README.md: add proprietary internal use notice. - CHANGELOG.md: convert markdown link to inline URL (no dangling reference). - tasks/spec-decisions.md: add D-010 (Ansible for deployment playbook). Addresses code-reviewer M1/M2/M3 + N2/N3/N4/N6 on commit 047583e. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitignore | 14 ++++++++++++-- CHANGELOG.md | 2 +- README.md | 8 ++++++-- tasks/spec-decisions.md | 9 +++++++++ 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 7fed7c1..34cbf23 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,13 @@ .env.*.local *.pem *.key +*.pfx +*.p12 +*.token +*.kdbx +credentials.json +secrets.json +service-account*.json # Python __pycache__/ @@ -25,8 +32,6 @@ build/ # Node / Frontend node_modules/ -dist/ -build/ .vite/ coverage/ .eslintcache @@ -40,6 +45,11 @@ test-results/ *.o *.obj *.pdb +*.lib +*.exp +*.idb +*.ilk +*.tlog # IDE .vscode/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 38b3b9c..739f3e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -All notable changes to Mimic. Format inspired by [Keep a Changelog](https://keepachangelog.com). +All notable changes to Mimic. Format inspired by Keep a Changelog (https://keepachangelog.com). Versioning starts at `0.1.0` when sprint 0 lands. ## [Unreleased] diff --git a/README.md b/README.md index 01d2e6f..861426e 100644 --- a/README.md +++ b/README.md @@ -32,8 +32,8 @@ In-repo documentation: - **Backend** Python 3.12 / Flask / Flask-SocketIO / SQLAlchemy 2 / Pydantic 2 / Alembic / WeasyPrint / pytest + testcontainers / ruff / mypy strict - **Frontend** TypeScript / React 18+ / Vite / Tailwind 4 / TanStack Query 5 / Recharts / Playwright -- **Storage** Postgres (prod) / SQLite (unit tests only) -- **Deploy** Docker + Ansible +- **Storage** Postgres (prod) / SQLite (pure-logic unit tests) / testcontainers Postgres (audit log, RBAC, write-only role — incl. unit tests of Postgres-specific behavior, per H38) +- **Deploy** Docker images + Ansible deployment playbook (per D-010). Reverse proxy (Caddy + TLS + IP allowlist) handled by existing RT infrastructure, out of Mimic scope (D-007). ## Layout @@ -54,3 +54,7 @@ mimic/ ## Build & run `make` targets land at the end of sprint 0. For now the repo is skeleton-only. + +## Licensing + +Internal — proprietary, RT use only. Do not redistribute. diff --git a/tasks/spec-decisions.md b/tasks/spec-decisions.md index d4f3c2a..e6ac316 100644 --- a/tasks/spec-decisions.md +++ b/tasks/spec-decisions.md @@ -72,6 +72,15 @@ scope extension: - Any drift between seeded group permissions and the F11 matrix is a spec violation, not a configuration choice. +### D-010 — Ansible for the deployment playbook +**Context.** Spec §7 names `Docker` only on the deploy line, but D-007 references +a "deployment playbook" wiring Mimic behind the existing reverse proxy. The RT +team uses Ansible for infrastructure automation across projects. +**Decision.** Deployment artifacts are Docker images (built in repo) plus an +Ansible playbook (lives outside the application repo, in the RT infra repo). +Mimic itself ships only the Dockerfile and a sample compose for dev; production +roll-out is Ansible-driven. The README stack line is updated accordingly. + ### D-009 — `ttp_version` table forbidden (H32 reaffirmed) **Context.** Sprint 0 plan (B0.2) lists `ttp_version` among the initial tables. Spec hypothesis **H32** explicitly excludes this: *"Snapshot de rejouabilité =