047583eb9c
- .gitignore (Python, Node, RT/maldev hygiene, secrets) - README.md (project framing, stack, conventions, status) - CHANGELOG.md (team kickoff decisions Q1/Q2/Q3, T2/T3/T4, auth strategy) - tasks/spec-decisions.md (D-001..D-007 arbitrations on top of frozen spec) - tasks/todo.md (sprint 0 backlog: B0.* / F0.* / S0.* / R0.*) - tasks/lessons.md (empty, populated as work progresses) - backend/ frontend/ docs/ scaffolding Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
27 lines
1.4 KiB
Markdown
27 lines
1.4 KiB
Markdown
# Changelog
|
|
|
|
All notable changes to Mimic. Format inspired by [Keep a Changelog](https://keepachangelog.com).
|
|
Versioning starts at `0.1.0` when sprint 0 lands.
|
|
|
|
## [Unreleased]
|
|
|
|
### Team decisions (2026-05-21)
|
|
|
|
- **Q1** — SOC client collaboration in the live cockpit is assumed valid (no PoC sheet).
|
|
- **Q2** — Mimic is deployed on RT infrastructure (not at client). SOC client connects over
|
|
the internet through the existing RT reverse proxy (out of Mimic scope).
|
|
- **Q3** — Project framed as "improve the existing shared sheet workflow", not "rebuild Caldera".
|
|
- **T2** — C2 credentials stored in a dedicated `c2_credential` table with version + retirement
|
|
(Fernet-encrypted `config_json`). Active row per engagement = `retired_at IS NULL`, max version.
|
|
- **T3** — Jinja templating exposes two accessors: `{{outputs.text}}` (stdout) and
|
|
`{{outputs.blob("key")}}` (binary, 10 MB cap, UTF-8 with latin-1 fallback).
|
|
- **T4** — `soc_session.token_opaque` stores a bcrypt hash; the clear token is delivered
|
|
out-of-band and never re-displayable.
|
|
- **Auth** — v1: local user/password (bcrypt + Flask session). v2: Keycloak OIDC mapping
|
|
onto the same group model. RBAC is group-based from day one.
|
|
|
|
### Sprint 0 in progress
|
|
|
|
Repo skeleton, data model, `C2Connector` ABC, Jinja2 sandbox, local auth + RBAC, flat CRUD,
|
|
UX wireframes (mock data). No real connector, no reporting until PR1/PR2/PR3 land.
|