knacky/mimic-big
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
524c6f1eb4aa947be58a3630a83b574bf38582a2
mimic-big/tasks/todo.md
knacky b144c041a7 docs: drop ttp_version from B0.2 + seed groups requirement per D-008/D-009 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 20:14:44 +02:00

54 lines
3.0 KiB
Markdown
Raw Blame History

# Sprint 0 — Mimic
Repo skeleton + foundational modules. Nothing that depends on PR1/PR2/PR3.
## Backend (`backend`)
- [ ] B0.1 — `backend/` Python project: `pyproject.toml` (ruff, mypy strict, pytest, coverage),
`Makefile`, `Dockerfile`, `docker-compose.yml` for Postgres dev DB.
- [ ] B0.2 — Alembic init + complete initial migration covering the §8 schema (incl.
`c2_credential`, `user`, `group`, `user_group`, `permission`, `group_permission`,
`soc_session`, audit_log with write-only Postgres role). **No `ttp_version` table** (D-009).
Seed groups `rt_operator`, `rt_lead`, `soc_analyst` with F11 permissions (D-008).
- [ ] B0.3 — SQLAlchemy 2 typed mapped classes for every table + repositories scaffold.
- [ ] B0.4 — `C2Connector` ABC + dataclasses (`Payload`, `TaskHandle`, `TaskResult`) + enum
`payload_type` + factory keyed on `c2_type`. **No real implementation.**
- [ ] B0.5 — Jinja2 SandboxedEnvironment + `regex_extract` filter via `google-re2` +
`{{outputs.text}}` and `{{outputs.blob(key)}}` accessors with 10 MB cap.
- [ ] B0.6 — Local auth (login/password bcrypt + Flask server-side sessions) + RBAC
group-based decorators + F11 permission matrix declared in code.
- [ ] B0.7 — Flat CRUD endpoints (engagements, hosts, TTPs, scenarios) — no orchestration,
no WebSocket, no reporting yet.
- [ ] B0.8 — pytest baseline: unit (SQLite) + integration scaffold (testcontainers Postgres).
## Frontend (`ux-frontend`)
- [ ] F0.1 — `frontend/` Vite + React + TypeScript strict + Tailwind 4 + TanStack Query 5,
eslint strict + prettier, Playwright skeleton.
- [ ] F0.2 — Design system provisional: semantic tokens in `theme.css` (status colors, RT accent,
data mono / UI sans), dark-first palette, placeholder logo.
- [ ] F0.3 — Wireframes (via `frontend-design` skill) on mock data:
Login + engagement selection, Live cockpit, Scenario composer,
Report + MITRE matrix, TTP library + import.
- [ ] F0.4 — Routing skeleton + role-aware layout shell (no real auth wired yet).
## Spec / Docs (`spec-analyst`)
- [ ] S0.1 — Cross-check the data model in B0.2 against §8 of the spec; report deltas before merge.
- [ ] S0.2 — Cross-check the RBAC matrix in B0.6 against F11; report deltas before merge.
- [ ] S0.3 — Maintain `tasks/spec-decisions.md` as new arbitrations land.
- [ ] S0.4 — Open `docs/architecture.md` once backend layout is committed.
## Review (`code-reviewer`)
- [ ] R0.1 — Review each PR per the published charter; block on security/OPSEC violations.
- [ ] R0.2 — Verify mypy strict and ruff clean before approving any backend PR.
- [ ] R0.3 — Verify TS strict, no `useEffect(fetch)`, exhaustive deps before approving any frontend PR.
## Conventions
- Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`.
- Commits: Conventional Commits (`feat:`, `fix:`, `chore:`, `docs:`, `test:`, `refactor:`).
- PRs: each branch → review (`code-reviewer`) → team-lead merges.
- No direct push to `main`.
Reference in New Issue View Git Blame Copy Permalink