chore(backend): bootstrap Python 3.12+ project skeleton (B0.1)

- pyproject.toml with ruff + mypy strict + pytest + coverage >=70% - Makefile with Docker/Podman auto-detect - Multi-stage Dockerfile (python:3.12-slim-bookworm, non-root user) - docker-compose.yml for Postgres dev DB - alembic.ini wired to src/mimic/db/migrations - scripts/postgres-init/00-roles.sql seeds the audit writer role - .env.example documents every MIMIC_* var (no secrets committed)
2026-05-21 20:32:29 +02:00
parent 047583eb9c
commit 72a0e857a4
9 changed files with 448 additions and 0 deletions
--- a/backend/README.md
+++ b/backend/README.md
@@ -0,0 +1,56 @@
+# Mimic — backend
+
+Sprint 0 skeleton. Python 3.12+ / Flask / SQLAlchemy 2 / Alembic / Pydantic 2.
+
+## Layout
+
+```
+backend/
+├── src/mimic/
+│   ├── app.py                # Flask app factory + SocketIO init
+│   ├── config.py             # Pydantic Settings
+│   ├── extensions.py         # db, migrate, socketio, login_manager
+│   ├── db/
+│   │   ├── models/           # SQLAlchemy 2 typed models
+│   │   ├── repositories/     # data access per aggregate
+│   │   └── migrations/       # Alembic
+│   ├── schemas/              # Pydantic 2 DTOs
+│   ├── api/                  # Flask blueprints (REST)
+│   ├── ws/                   # Flask-SocketIO namespaces
+│   ├── connectors/           # C2Connector ABC + payload mapping
+│   ├── orchestrator/         # run state machine (stub in sprint 0)
+│   ├── templating/           # Jinja2 sandbox + regex_extract
+│   ├── audit/                # append-only writer + rotation
+│   ├── reporting/            # WeasyPrint builder (stub in sprint 0)
+│   ├── rbac/                 # group-based permission matrix (F11)
+│   ├── importers/            # ATR + C2 journal (stub in sprint 0)
+│   └── cli/                  # mimic-cli (click)
+└── tests/
+    ├── unit/                 # SQLite, pure logic
+    └── integration/          # testcontainers Postgres
+```
+
+## Local dev
+
+```bash
+make install      # uv venv + pip install -e .[dev]
+make db-up        # docker compose up -d postgres
+make db-migrate   # alembic upgrade head
+make run          # flask run (debug)
+make test         # pytest unit
+make test-int     # pytest integration (testcontainers)
+make lint         # ruff + mypy strict
+```
+
+## What sprint 0 ships
+
+- Full §8 data model + Alembic initial migration (Postgres-specific constraints: audit_log write-only role, soc_session hash, c2_credential Fernet column).
+- `C2Connector` ABC + dataclasses + `payload_type` enum + factory. **No real Mythic/Home implementation** (blocked on PR1/PR2).
+- Jinja2 SandboxedEnvironment + `regex_extract` filter (re2).
+- Local auth (bcrypt + Flask session) + group-based RBAC matching the F11 permission matrix.
+- Flat CRUD on engagements / hosts / TTPs / scenarios.
+- pytest baseline + testcontainers Postgres scaffolding.
+
+## Out of sprint 0
+
+Orchestrator, WebSocket cockpit, real connectors, report generation, audit rotation.