knacky/mimic-big
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ead16114d3908c74ab1e29525dc537fd1e22581
mimic-big/tasks/todo.md
knacky b144c041a7 docs: drop ttp_version from B0.2 + seed groups requirement per D-008/D-009 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 20:14:44 +02:00

3.0 KiB
Raw Blame History

Sprint 0 — Mimic

Repo skeleton + foundational modules. Nothing that depends on PR1/PR2/PR3.

Backend (backend)

  • B0.1 — backend/ Python project: pyproject.toml (ruff, mypy strict, pytest, coverage), Makefile, Dockerfile, docker-compose.yml for Postgres dev DB.
  • B0.2 — Alembic init + complete initial migration covering the §8 schema (incl. c2_credential, user, group, user_group, permission, group_permission, soc_session, audit_log with write-only Postgres role). No ttp_version table (D-009). Seed groups rt_operator, rt_lead, soc_analyst with F11 permissions (D-008).
  • B0.3 — SQLAlchemy 2 typed mapped classes for every table + repositories scaffold.
  • B0.4 — C2Connector ABC + dataclasses (Payload, TaskHandle, TaskResult) + enum payload_type + factory keyed on c2_type. No real implementation.
  • B0.5 — Jinja2 SandboxedEnvironment + regex_extract filter via google-re2 + {{outputs.text}} and {{outputs.blob(key)}} accessors with 10 MB cap.
  • B0.6 — Local auth (login/password bcrypt + Flask server-side sessions) + RBAC group-based decorators + F11 permission matrix declared in code.
  • B0.7 — Flat CRUD endpoints (engagements, hosts, TTPs, scenarios) — no orchestration, no WebSocket, no reporting yet.
  • B0.8 — pytest baseline: unit (SQLite) + integration scaffold (testcontainers Postgres).

Frontend (ux-frontend)

  • F0.1 — frontend/ Vite + React + TypeScript strict + Tailwind 4 + TanStack Query 5, eslint strict + prettier, Playwright skeleton.
  • F0.2 — Design system provisional: semantic tokens in theme.css (status colors, RT accent, data mono / UI sans), dark-first palette, placeholder logo.
  • F0.3 — Wireframes (via frontend-design skill) on mock data: Login + engagement selection, Live cockpit, Scenario composer, Report + MITRE matrix, TTP library + import.
  • F0.4 — Routing skeleton + role-aware layout shell (no real auth wired yet).

Spec / Docs (spec-analyst)

  • S0.1 — Cross-check the data model in B0.2 against §8 of the spec; report deltas before merge.
  • S0.2 — Cross-check the RBAC matrix in B0.6 against F11; report deltas before merge.
  • S0.3 — Maintain tasks/spec-decisions.md as new arbitrations land.
  • S0.4 — Open docs/architecture.md once backend layout is committed.

Review (code-reviewer)

  • R0.1 — Review each PR per the published charter; block on security/OPSEC violations.
  • R0.2 — Verify mypy strict and ruff clean before approving any backend PR.
  • R0.3 — Verify TS strict, no useEffect(fetch), exhaustive deps before approving any frontend PR.

Conventions

  • Branches: feature/<scope>, fix/<scope>, docs/<scope>, chore/<scope>. Long-lived: main.
  • Commits: Conventional Commits (feat:, fix:, chore:, docs:, test:, refactor:).
  • PRs: each branch → review (code-reviewer) → team-lead merges.
  • No direct push to main.
Reference in New Issue View Git Blame Copy Permalink