knacky/mimic-big
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6aa0078fd35311271068da7b74265b9ecf97c35d
mimic-big/backend/README.md
knacky 9ece352659 chore(backend): rename docker-compose.yml -> compose.yml + podman notes 
Compose v2 canonical filename (compose.yml) is recognized by both
docker compose and podman compose without preference. The previous
docker-compose.yml worked but signalled a Docker-first stance, while
target deployment is Podman 5.8+ rootless.

- Rename backend/docker-compose.yml -> backend/compose.yml.
- backend/README.md `make db-up` comment uses $(CONTAINER) to mirror
  the Makefile auto-detect (lines 14-16: docker || podman).
- backend/README.md audit-writer bootstrap snippet hints at podman
  fallback explicitly with `command -v` runtime sniff.
- backend/compose.yml comment for audit-writer mentions both runtimes.

No functional change. Makefile $(COMPOSE) target unchanged: Compose v2
discovers compose.yml first in its search order.
2026-05-22 19:41:38 +02:00

74 lines
3.2 KiB
Markdown
Raw Blame History

# Mimic — backend
Sprint 0 skeleton. Python 3.12+ / Flask / SQLAlchemy 2 / Alembic / Pydantic 2.
## Layout
```
backend/
├── src/mimic/
│ ├── app.py # Flask app factory + SocketIO init
│ ├── config.py # Pydantic Settings
│ ├── extensions.py # db, migrate, socketio, login_manager
│ ├── db/
│ │ ├── models/ # SQLAlchemy 2 typed models
│ │ ├── repositories/ # data access per aggregate
│ │ └── migrations/ # Alembic
│ ├── schemas/ # Pydantic 2 DTOs
│ ├── api/ # Flask blueprints (REST)
│ ├── ws/ # Flask-SocketIO namespaces
│ ├── connectors/ # C2Connector ABC + payload mapping
│ ├── orchestrator/ # run state machine (stub in sprint 0)
│ ├── templating/ # Jinja2 sandbox + regex_extract
│ ├── audit/ # append-only writer + rotation
│ ├── reporting/ # WeasyPrint builder (stub in sprint 0)
│ ├── rbac/ # group-based permission matrix (F11)
│ ├── importers/ # ATR + C2 journal (stub in sprint 0)
│ └── cli/ # mimic-cli (click)
└── tests/
├── unit/ # SQLite, pure logic
└── integration/ # testcontainers Postgres
```
## Local dev
```bash
make install # uv venv + pip install -e .[dev]
make db-up # $(CONTAINER) compose up -d postgres (auto-detect docker|podman)
make db-bootstrap # one-time: create the mimic_audit_writer role (see below)
make db-migrate # alembic upgrade head
make run # flask run (debug)
make test # pytest unit
make test-int # pytest integration (testcontainers)
make lint # ruff + mypy strict
```
### Audit writer role (dev)
`mimic_audit_writer` is provisioned by the Ansible playbook in production
(decision D-010). For local development, create it manually after `make db-up`:
```bash
# Substitute "podman" for "docker" if your runtime is Podman.
$(command -v docker || command -v podman) exec -it mimic-postgres \
psql -U mimic_app -d mimic \
-c "CREATE ROLE mimic_audit_writer LOGIN PASSWORD 'pick-a-dev-secret';"
```
Then expose the same secret in `MIMIC_DATABASE_AUDIT_URL` in your `.env`. The
Alembic migration grants the INSERT-only permission on `audit_log` against
this role; if it does not exist, the grant block is a no-op (idempotent).
## What sprint 0 ships
- Full §8 data model + Alembic initial migration (Postgres-specific constraints: audit_log write-only role, soc_session hash, c2_credential Fernet column).
- `C2Connector` ABC + dataclasses + `payload_type` enum + factory. **No real Mythic/Home implementation** (blocked on PR1/PR2).
- Jinja2 SandboxedEnvironment + `regex_extract` filter (re2).
- Local auth (bcrypt + Flask session) + group-based RBAC matching the F11 permission matrix.
- Flat CRUD on engagements / hosts / TTPs / scenarios.
- pytest baseline + testcontainers Postgres scaffolding.
## Out of sprint 0
Orchestrator, WebSocket cockpit, real connectors, report generation, audit rotation.
Reference in New Issue View Git Blame Copy Permalink