Sprint 5 plan §0 added a new ## Templates de simulations section to SPEC.md
(between § Fonctionnement and § Authentification & rôles). The edit sat in
the sprint 5 worktree but was never committed across the 9 sprint commits,
so PR #8 currently does not include the corresponding spec text.
This is the THIRD sprint running this happens (sprint 3 → fixed at sprint 4
start; sprint 4 → fixed at sprint 5 start; sprint 5 → fixed here mid-PR
because I caught the M SPEC.md before merge).
Lesson updated in tasks/lessons.md to make the "git status pre-sprint-close"
discipline harder to forget.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- tasks/todo.md: sprint 4 plan with 9 user stories (US-17 → US-25), 9 décisions arrêtées
- SPEC.md § Fonctionnement: Done is terminal, Reopen returns to review_required (open to all roles); engagement auto-flips planned → active when any simulation hits in_progress, no auto-rollback
- SPEC.md § Référentiel MITRE: sprint 3 multi-tech + sprint 4 tactic_ids separated field
- SPEC.md § UI/UX (new): theming light/dark/system with system default, button convention (icon + ≤8-char label), modal focus trap V1
- SPEC.md § Workflows: design-reviewer inserted between frontend-builder and code-reviewer; PR via make open-pr
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The sprint 3 plan §0 updated SPEC.md § Simulation to reflect multi-techniques
(plural + autocomplete + matrix modal + sub-techniques). That edit sat in the
sprint 3 worktree but was never committed, so PR #6 merged the multi-tech
code without the corresponding spec text. Applying it here at the start of
sprint 4 so SPEC and main are aligned again.
Lesson captured in tasks/lessons.md for sprint 4 wrap-up: always
git status before declaring sprint complete.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Lay down the project foundation before Sprint 1 implementation:
- SPEC.md enriched with a "Décisions techniques" section that pins
down 3-role auth (admin super-user / redteam / soc), JWT bearer,
single-container Flask+React topology, minimal Engagement model,
local MITRE STIX bundle, and the Makefile target list.
- .claude/agents/ defines the 6 sub-agents per SPEC.md § Team:
backend-builder, frontend-builder, spec-reviewer (project override
covering plan-vs-spec + code-vs-spec), code-reviewer, test-verifier,
devil-advocate.
- tasks/todo.md holds the full Sprint 1 plan (Auth + CRUD Engagement)
validated by spec-reviewer on 2026-05-26 after one round of fixes.
- CHANGELOG.md and tasks/lessons.md scaffolded.
- .gitignore covers Python, Node, Playwright, secrets, build artifacts
and Claude Code worktrees.
No application code is shipped in this commit — Sprint 1 will be a
separate branch and PR.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
