# Mimic — backend Sprint 0 skeleton. Python 3.12+ / Flask / SQLAlchemy 2 / Alembic / Pydantic 2. ## Layout ``` backend/ ├── src/mimic/ │ ├── app.py # Flask app factory + SocketIO init │ ├── config.py # Pydantic Settings │ ├── extensions.py # db, migrate, socketio, login_manager │ ├── db/ │ │ ├── models/ # SQLAlchemy 2 typed models │ │ ├── repositories/ # data access per aggregate │ │ └── migrations/ # Alembic │ ├── schemas/ # Pydantic 2 DTOs │ ├── api/ # Flask blueprints (REST) │ ├── ws/ # Flask-SocketIO namespaces │ ├── connectors/ # C2Connector ABC + payload mapping │ ├── orchestrator/ # run state machine (stub in sprint 0) │ ├── templating/ # Jinja2 sandbox + regex_extract │ ├── audit/ # append-only writer + rotation │ ├── reporting/ # WeasyPrint builder (stub in sprint 0) │ ├── rbac/ # group-based permission matrix (F11) │ ├── importers/ # ATR + C2 journal (stub in sprint 0) │ └── cli/ # mimic-cli (click) └── tests/ ├── unit/ # SQLite, pure logic └── integration/ # testcontainers Postgres ``` ## Local dev ```bash make install # uv venv + pip install -e .[dev] make db-up # docker compose up -d postgres make db-migrate # alembic upgrade head make run # flask run (debug) make test # pytest unit make test-int # pytest integration (testcontainers) make lint # ruff + mypy strict ``` ## What sprint 0 ships - Full §8 data model + Alembic initial migration (Postgres-specific constraints: audit_log write-only role, soc_session hash, c2_credential Fernet column). - `C2Connector` ABC + dataclasses + `payload_type` enum + factory. **No real Mythic/Home implementation** (blocked on PR1/PR2). - Jinja2 SandboxedEnvironment + `regex_extract` filter (re2). - Local auth (bcrypt + Flask session) + group-based RBAC matching the F11 permission matrix. - Flat CRUD on engagements / hosts / TTPs / scenarios. - pytest baseline + testcontainers Postgres scaffolding. ## Out of sprint 0 Orchestrator, WebSocket cockpit, real connectors, report generation, audit rotation.