mimic-big

knacky/mimic-big

Fork 0

Commit Graph

Author	SHA1	Message	Date
ux-frontend	2eefd11019	feat(frontend): wire LoginPage + EngagementsPage + create dialog to backend LoginPage - RT mode now POSTs /api/v1/auth/login with controlled username/password fields. Success seeds the session cache via queryClient.setQueryData and navigates to /engagements. 401 surfaces as the generic "Identifiants invalides" — no echo of the backend detail (avoids user enumeration leaks). - SOC mode kept visually for masthead continuity but disabled with a "sprint 2" placeholder pointing at the deferred POST /api/v1/auth/soc/session endpoint. - Removed the sprint-0 mock role-picker. EngagementsPage - MOCK_ENGAGEMENTS dropped. useQuery against fetchEngagements (handles both bare-array and { items: [] } envelope shapes — backend has not pinned this yet). - Distinct loading / empty / error states. Error row surfaces an HTTP code and a Retry button. Empty state offers the create dialog. - Column shape aligned with the real Engagement schema (snake_case: name, client_name, c2_type, start_date, end_date). Dropped mock-only columns (operators, socAnalysts) — those land when backend exposes /engagements/:id/members and /engagements/:id/soc-sessions counts. engagementsApi.ts - fetchEngagements + createEngagement, both bound to /api/v1/engagements. - ENGAGEMENTS_QUERY_KEY exported so the dialog can invalidate without re-knowing the key. EngagementCreateDialog (frontend-design skill — new non-trivial component) - "Arm engagement" mission-control dialog. Backdrop is a graphite dim with a faint scanline overlay (no soft blur) — reads as "cockpit paused while you issue a command", not as a SaaS modal. - Surface --surface-3 with corner-marks and an amber hairline accent under the title; underline-style inputs that light amber on focus; label-system uppercase microtypography throughout. - Esc + outside-click close (suspended while the mutation is in flight). - Rudimentary tab focus trap. - 422 Pydantic errors map per-field via the last loc segment; 401/5xx surface as a generic top-of-form alert. - On 201 invalidates ['engagements'] and closes.	2026-05-23 04:26:48 +02:00
ux-frontend	12bc33469c	feat(frontend): wireframes for 5 MVP screens + audit (F0.3) Mock-data wireframes covering spec §5 / §9 surface area. All read from src/mocks/fixtures.ts — no backend wiring yet. Each screen is built from the design-system primitives (Panel, Pill, Button, label-system, status-dot) and adheres to the instrumentation-grade visual grammar. Screens: - /login LoginPage — RT vs SOC mode switch (segmented), role-tinted. RT form picks rt_operator / rt_lead at sign-in (mock only). SOC form takes a session token (out-of-band, D-006). Left rail carries mission brief + platform telemetry. - /engagements EngagementsPage — mission roster table (codename, client, status, c2_type, operators, SOC count, window). - /runs LiveCockpitPage — the cornerstone screen. 3-column layout: steps timeline \| step detail (resolved command, output, evidence, detection) \| side rail (DetectionPanel for SOC; EvidencePanel + DetectionPanel readonly + CleanupPanel for RT). Control bar (F6 pause/skip/retry/abort) is lead-RT-only. Stats header: steps done, detected/partial/missed counts. - /scenarios ScenarioComposerPage — 3-column composer: filterable TTP library \| ordered steps with delays \| inspector (params from params_schema_json, target host list, jinja2 cleanup template preview). c2_type locked at scenario level (D-F3 / H33). - /library TtpLibraryPage — catalog table with stealth-variant flagging, source provenance (custom/atr/mission), payload_type chip, tags. Import journal / ATR buttons. - /reports ReportPage — restricted MITRE matrix (techniques played only, H29), narration timeline, integrity hash footer (SHA-256, H19/H24/F9). PDF/JSON/MD export buttons. - /audit AuditPage — append-only journal viewer (lead RT only, F13). Tabular timestamp/actor/role/action/resource. UX guardrails baked in: - SOC analysts never see RT-only controls (conditional rendering, not just disabled state). UI layer mirrors backend RBAC but does not replace it. - Layout density and dark-first palette tuned for long purple sessions (sober contrast, no flash, status colors carry information without being shouted). - Live cockpit reserves a clear visual slot for cleanup-failed alerts (R-T5) — currently a Pill, real alert UX lands when the WebSocket is wired in sprint 1+.	2026-05-21 20:31:24 +02:00

Author

SHA1

Message

Date

ux-frontend

2eefd11019

feat(frontend): wire LoginPage + EngagementsPage + create dialog to backend

LoginPage
- RT mode now POSTs /api/v1/auth/login with controlled username/password
  fields. Success seeds the session cache via queryClient.setQueryData and
  navigates to /engagements. 401 surfaces as the generic
  "Identifiants invalides" — no echo of the backend detail (avoids
  user enumeration leaks).
- SOC mode kept visually for masthead continuity but disabled with a
  "sprint 2" placeholder pointing at the deferred
  POST /api/v1/auth/soc/session endpoint.
- Removed the sprint-0 mock role-picker.

EngagementsPage
- MOCK_ENGAGEMENTS dropped. useQuery against fetchEngagements (handles
  both bare-array and { items: [] } envelope shapes — backend has not
  pinned this yet).
- Distinct loading / empty / error states. Error row surfaces an HTTP
  code and a Retry button. Empty state offers the create dialog.
- Column shape aligned with the real Engagement schema (snake_case:
  name, client_name, c2_type, start_date, end_date). Dropped mock-only
  columns (operators, socAnalysts) — those land when backend exposes
  /engagements/:id/members and /engagements/:id/soc-sessions counts.

engagementsApi.ts
- fetchEngagements + createEngagement, both bound to /api/v1/engagements.
- ENGAGEMENTS_QUERY_KEY exported so the dialog can invalidate without
  re-knowing the key.

EngagementCreateDialog (frontend-design skill — new non-trivial component)
- "Arm engagement" mission-control dialog. Backdrop is a graphite dim
  with a faint scanline overlay (no soft blur) — reads as "cockpit
  paused while you issue a command", not as a SaaS modal.
- Surface --surface-3 with corner-marks and an amber hairline accent
  under the title; underline-style inputs that light amber on focus;
  label-system uppercase microtypography throughout.
- Esc + outside-click close (suspended while the mutation is in flight).
- Rudimentary tab focus trap.
- 422 Pydantic errors map per-field via the last loc segment;
  401/5xx surface as a generic top-of-form alert.
- On 201 invalidates ['engagements'] and closes.

2026-05-23 04:26:48 +02:00

ux-frontend

12bc33469c

feat(frontend): wireframes for 5 MVP screens + audit (F0.3)

Mock-data wireframes covering spec §5 / §9 surface area. All read from
src/mocks/fixtures.ts — no backend wiring yet. Each screen is built from
the design-system primitives (Panel, Pill, Button, label-system, status-dot)
and adheres to the instrumentation-grade visual grammar.

Screens:
- /login              LoginPage — RT vs SOC mode switch (segmented), role-tinted.
                       RT form picks rt_operator / rt_lead at sign-in (mock only).
                       SOC form takes a session token (out-of-band, D-006).
                       Left rail carries mission brief + platform telemetry.
- /engagements        EngagementsPage — mission roster table (codename, client,
                       status, c2_type, operators, SOC count, window).
- /runs               LiveCockpitPage — the cornerstone screen. 3-column layout:
                       steps timeline | step detail (resolved command,
                       output, evidence, detection) | side rail
                       (DetectionPanel for SOC; EvidencePanel +
                       DetectionPanel readonly + CleanupPanel for RT).
                       Control bar (F6 pause/skip/retry/abort) is lead-RT-only.
                       Stats header: steps done, detected/partial/missed counts.
- /scenarios          ScenarioComposerPage — 3-column composer:
                       filterable TTP library | ordered steps with delays
                       | inspector (params from params_schema_json, target
                       host list, jinja2 cleanup template preview).
                       c2_type locked at scenario level (D-F3 / H33).
- /library            TtpLibraryPage — catalog table with stealth-variant
                       flagging, source provenance (custom/atr/mission),
                       payload_type chip, tags. Import journal / ATR buttons.
- /reports            ReportPage — restricted MITRE matrix (techniques
                       played only, H29), narration timeline, integrity
                       hash footer (SHA-256, H19/H24/F9). PDF/JSON/MD
                       export buttons.
- /audit              AuditPage — append-only journal viewer (lead RT only,
                       F13). Tabular timestamp/actor/role/action/resource.

UX guardrails baked in:
- SOC analysts never see RT-only controls (conditional rendering, not just
  disabled state). UI layer mirrors backend RBAC but does not replace it.
- Layout density and dark-first palette tuned for long purple sessions
  (sober contrast, no flash, status colors carry information without
  being shouted).
- Live cockpit reserves a clear visual slot for cleanup-failed alerts
  (R-T5) — currently a Pill, real alert UX lands when the WebSocket is
  wired in sprint 1+.

2026-05-21 20:31:24 +02:00

2 Commits