frontend/package.json

{
  "name": "mimic-frontend",
  "version": "0.1.0",
  "private": true,
  "type": "module",
  "scripts": {
    "dev": "vite",
    "build": "tsc -b && vite build",
    "preview": "vite preview",
    "typecheck": "tsc --noEmit",
    "lint": "eslint . --max-warnings=0",
    "test": "vitest"
  },
  "dependencies": {
    "@fontsource-variable/jetbrains-mono": "^5.2.8",
    "@tanstack/react-query": "^5.59.0",
    "axios": "^1.7.7",
    "lucide-react": "^1.16.0",
    "react": "^18.3.1",
    "react-dom": "^18.3.1",
    "react-router-dom": "^6.27.0"
  },
  "devDependencies": {
    "@fontsource-variable/inter": "^5.1.0",
    "@testing-library/dom": "^10.4.0",
    "@testing-library/jest-dom": "^6.6.0",
    "@testing-library/react": "^16.0.1",
    "@testing-library/user-event": "^14.5.2",
    "@types/node": "^22.7.5",
    "@types/react": "^18.3.11",
    "@types/react-dom": "^18.3.0",
    "@typescript-eslint/eslint-plugin": "^8.8.1",
    "@typescript-eslint/parser": "^8.8.1",
    "@vitejs/plugin-react": "^4.3.2",
    "autoprefixer": "^10.4.20",
    "axios-mock-adapter": "^2.1.0",
    "eslint": "^8.57.1",
    "eslint-plugin-react": "^7.37.1",
    "eslint-plugin-react-hooks": "^4.6.2",
    "jsdom": "^25.0.1",
    "postcss": "^8.4.47",
    "tailwindcss": "^3.4.13",
    "typescript": "^5.6.2",
    "vite": "^5.4.8",
    "vitest": "^2.1.2"
  }
}
feat: sprint 1 — auth + CRUD engagements Ship the first feature end-to-end on the UI: users log in with JWT, admins manage user accounts, and any authenticated user (per RBAC) can create, list, view, edit, and delete engagements. Backend (Flask + SQLAlchemy + SQLite, 63 pytest) - User / Engagement models, Alembic 0001 initial schema - argon2 password hashing, JWT bearer (60-min TTL), @login_required and @role_required decorators - 13 API endpoints under /api/, including last-admin protection on DELETE/PATCH user and JSON 404 on unknown /api/ paths - `flask create-admin` CLI with duplicate / short-password handling Frontend (React + Vite + Tailwind + TanStack Query, 20 vitest) - Inter font bundled locally (no CDN), DESIGN.md tokens in Tailwind - LoginPage / EngagementsList / EngagementForm / EngagementDetail / UsersAdmin pages with role-aware UI - Layout, ProtectedRoute, StatusBadge, FormField, LoadingState, ErrorState, EmptyState, Toast + provider - Axios client: Bearer interceptor, 401 → purge + /login + "Session expirée" toast, 403 → "Accès refusé" toast (declarative <Navigate> for already-authed users, Fragment-keyed admin user rows) Deployment - Single multistage Dockerfile (node:20-alpine → python:3.12-slim) - docker/entrypoint.sh runs `flask db upgrade` before `flask run` - Makefile: build/start/stop/restart/update/logs/create-admin/ update-mitre/test-{backend,frontend,e2e}/clean - .env.example documenting MIMIC_JWT_SECRET / MIMIC_DB_PATH / MIMIC_PORT - SQLite at /data/mimic.sqlite on named volume mimic-data Acceptance suite (Playwright, 36 tests, all 27 ACs) - e2e/ scaffold with playwright.config + auth/api fixtures - One spec per user story (us1-bootstrap through us6-deployment) - Portable via MIMIC_CONTAINER_CMD / MIMIC_BASE_URL (docker or podman) Docs - README.md with quick-start and architecture overview - CHANGELOG.md updated with Sprint 1 deliverables - pyrightconfig.json so the Python LSP sees backend/.venv and resolves the `backend.app.*` absolute imports Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-26 09:37:53 +02:00			`{`
			`"name": "mimic-frontend",`
			`"version": "0.1.0",`
			`"private": true,`
			`"type": "module",`
			`"scripts": {`
			`"dev": "vite",`
			`"build": "tsc -b && vite build",`
			`"preview": "vite preview",`
			`"typecheck": "tsc --noEmit",`
			`"lint": "eslint . --max-warnings=0",`
			`"test": "vitest"`
			`},`
			`"dependencies": {`
feat(design): bundle JetBrains Mono for data cells 2026-06-09 18:39:13 +02:00			`"@fontsource-variable/jetbrains-mono": "^5.2.8",`
feat: sprint 1 — auth + CRUD engagements Ship the first feature end-to-end on the UI: users log in with JWT, admins manage user accounts, and any authenticated user (per RBAC) can create, list, view, edit, and delete engagements. Backend (Flask + SQLAlchemy + SQLite, 63 pytest) - User / Engagement models, Alembic 0001 initial schema - argon2 password hashing, JWT bearer (60-min TTL), @login_required and @role_required decorators - 13 API endpoints under /api/, including last-admin protection on DELETE/PATCH user and JSON 404 on unknown /api/ paths - `flask create-admin` CLI with duplicate / short-password handling Frontend (React + Vite + Tailwind + TanStack Query, 20 vitest) - Inter font bundled locally (no CDN), DESIGN.md tokens in Tailwind - LoginPage / EngagementsList / EngagementForm / EngagementDetail / UsersAdmin pages with role-aware UI - Layout, ProtectedRoute, StatusBadge, FormField, LoadingState, ErrorState, EmptyState, Toast + provider - Axios client: Bearer interceptor, 401 → purge + /login + "Session expirée" toast, 403 → "Accès refusé" toast (declarative <Navigate> for already-authed users, Fragment-keyed admin user rows) Deployment - Single multistage Dockerfile (node:20-alpine → python:3.12-slim) - docker/entrypoint.sh runs `flask db upgrade` before `flask run` - Makefile: build/start/stop/restart/update/logs/create-admin/ update-mitre/test-{backend,frontend,e2e}/clean - .env.example documenting MIMIC_JWT_SECRET / MIMIC_DB_PATH / MIMIC_PORT - SQLite at /data/mimic.sqlite on named volume mimic-data Acceptance suite (Playwright, 36 tests, all 27 ACs) - e2e/ scaffold with playwright.config + auth/api fixtures - One spec per user story (us1-bootstrap through us6-deployment) - Portable via MIMIC_CONTAINER_CMD / MIMIC_BASE_URL (docker or podman) Docs - README.md with quick-start and architecture overview - CHANGELOG.md updated with Sprint 1 deliverables - pyrightconfig.json so the Python LSP sees backend/.venv and resolves the `backend.app.*` absolute imports Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-26 09:37:53 +02:00			`"@tanstack/react-query": "^5.59.0",`
			`"axios": "^1.7.7",`
feat(frontend): sprint 4 — dark mode + matrix overhaul + tactic selection + done read-only + UI polish US-17: fix duplicate "Create engagement" button, icon conventions (Save/RotateCcw/Grid2x2), UsersAdminPage form baseline alignment US-18: done status fully read-only + Reopen button (done → review_required) for all roles US-19: invalidate engagement queries on simulation PATCH/transition for auto-status propagation US-20: MitreMatrixModal rewritten — CSS grid 12-column layout, no horizontal scroll, attack.mitre.org compact look US-21: tactic header clickable in matrix, tactic chips (MitreTacticTag) in field, single atomic PATCH with technique_ids + tactic_ids US-22: MitreTechniquesField chips-only area + inline search input + matrix icon button; chips show ID-only (name in title=) US-23: useTheme hook — 3-state light/dark/system, CSS variables, Tailwind darkMode class, localStorage persistence 92/92 tests passing, typecheck and lint clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-27 20:06:01 +02:00			`"lucide-react": "^1.16.0",`
feat: sprint 1 — auth + CRUD engagements Ship the first feature end-to-end on the UI: users log in with JWT, admins manage user accounts, and any authenticated user (per RBAC) can create, list, view, edit, and delete engagements. Backend (Flask + SQLAlchemy + SQLite, 63 pytest) - User / Engagement models, Alembic 0001 initial schema - argon2 password hashing, JWT bearer (60-min TTL), @login_required and @role_required decorators - 13 API endpoints under /api/, including last-admin protection on DELETE/PATCH user and JSON 404 on unknown /api/ paths - `flask create-admin` CLI with duplicate / short-password handling Frontend (React + Vite + Tailwind + TanStack Query, 20 vitest) - Inter font bundled locally (no CDN), DESIGN.md tokens in Tailwind - LoginPage / EngagementsList / EngagementForm / EngagementDetail / UsersAdmin pages with role-aware UI - Layout, ProtectedRoute, StatusBadge, FormField, LoadingState, ErrorState, EmptyState, Toast + provider - Axios client: Bearer interceptor, 401 → purge + /login + "Session expirée" toast, 403 → "Accès refusé" toast (declarative <Navigate> for already-authed users, Fragment-keyed admin user rows) Deployment - Single multistage Dockerfile (node:20-alpine → python:3.12-slim) - docker/entrypoint.sh runs `flask db upgrade` before `flask run` - Makefile: build/start/stop/restart/update/logs/create-admin/ update-mitre/test-{backend,frontend,e2e}/clean - .env.example documenting MIMIC_JWT_SECRET / MIMIC_DB_PATH / MIMIC_PORT - SQLite at /data/mimic.sqlite on named volume mimic-data Acceptance suite (Playwright, 36 tests, all 27 ACs) - e2e/ scaffold with playwright.config + auth/api fixtures - One spec per user story (us1-bootstrap through us6-deployment) - Portable via MIMIC_CONTAINER_CMD / MIMIC_BASE_URL (docker or podman) Docs - README.md with quick-start and architecture overview - CHANGELOG.md updated with Sprint 1 deliverables - pyrightconfig.json so the Python LSP sees backend/.venv and resolves the `backend.app.*` absolute imports Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-26 09:37:53 +02:00			`"react": "^18.3.1",`
			`"react-dom": "^18.3.1",`
			`"react-router-dom": "^6.27.0"`
			`},`
			`"devDependencies": {`
			`"@fontsource-variable/inter": "^5.1.0",`
			`"@testing-library/dom": "^10.4.0",`
			`"@testing-library/jest-dom": "^6.6.0",`
			`"@testing-library/react": "^16.0.1",`
			`"@testing-library/user-event": "^14.5.2",`
			`"@types/node": "^22.7.5",`
			`"@types/react": "^18.3.11",`
			`"@types/react-dom": "^18.3.0",`
			`"@typescript-eslint/eslint-plugin": "^8.8.1",`
			`"@typescript-eslint/parser": "^8.8.1",`
			`"@vitejs/plugin-react": "^4.3.2",`
			`"autoprefixer": "^10.4.20",`
			`"axios-mock-adapter": "^2.1.0",`
			`"eslint": "^8.57.1",`
			`"eslint-plugin-react": "^7.37.1",`
			`"eslint-plugin-react-hooks": "^4.6.2",`
			`"jsdom": "^25.0.1",`
			`"postcss": "^8.4.47",`
			`"tailwindcss": "^3.4.13",`
			`"typescript": "^5.6.2",`
			`"vite": "^5.4.8",`
			`"vitest": "^2.1.2"`
			`}`
			`}`