Go to file

Kitos 591b5df250 feat: Phase 7 - Frontend scaffolding and auth (T-023, T-024, T-025)

T-023: Initialize React project
- Vite + React 19 + TypeScript scaffold
- Tailwind CSS v4 with @tailwindcss/vite plugin
- Dependencies: react-router-dom, axios, @tanstack/react-query, lucide-react
- Project structure: api/, components/, pages/, context/, types/, hooks/, lib/

T-024: API client and auth context
- Axios client with JWT interceptor (auto-attach token, clear on 401)
- login() and getMe() API functions
- AuthContext: user state, login, logout, isAuthenticated, isLoading
- Token persistence via localStorage with hydration on mount
- TypeScript types for all backend models

T-025: Login page and layout
- LoginPage with form, error handling, redirect on success
- Layout with sidebar + header + Outlet
- Sidebar with role-aware navigation (System only for admin)
- ProtectedRoute wrapper with role-based access control
- Routes: /login, /dashboard, /techniques, /tests, /system

2026-02-06 16:09:50 +01:00

backend

feat: Phase 6 - Automated intel scanning (T-021, T-022)

2026-02-06 15:48:57 +01:00

frontend

feat: Phase 7 - Frontend scaffolding and auth (T-023, T-024, T-025)

2026-02-06 16:09:50 +01:00

.gitignore

feat: Phase 0 - Infrastructure and scaffolding (T-001 to T-003)

2026-02-06 11:28:30 +01:00

AegisTestPlan.md

feat: Phase 0 - Infrastructure and scaffolding (T-001 to T-003)

2026-02-06 11:28:30 +01:00

docker-compose.yml

feat: Phase 0 - Infrastructure and scaffolding (T-001 to T-003)

2026-02-06 11:28:30 +01:00

README.md

feat: Phase 7 - Frontend scaffolding and auth (T-023, T-024, T-025)

2026-02-06 16:09:50 +01:00

README.md

Aegis - MITRE ATT&CK Coverage Platform

Aegis is a comprehensive platform for tracking and managing security coverage against the MITRE ATT&CK framework. It enables security teams to document, validate, and visualize their defensive capabilities against known adversary techniques.

Features

MITRE ATT&CK Integration: Automatic synchronization with the MITRE ATT&CK framework via TAXII (with GitHub fallback), scheduled every 24h
Coverage Tracking: Track validation status for each technique (validated, partial, not covered, in progress)
Test Management: Document and manage security tests with full audit trail
Evidence Storage: Secure evidence file storage with SHA256 integrity verification
Role-Based Access Control: Granular permissions for red team, blue team, and leadership roles
Intel Monitoring: Automated scanning for new threat intelligence related to techniques
Metrics Dashboard: Real-time coverage metrics and reporting by tactic

Tech Stack

Backend: FastAPI (Python 3.11)
Database: PostgreSQL 15
Object Storage: MinIO (S3-compatible)
ORM: SQLAlchemy with Alembic migrations
Frontend: React 19 + TypeScript + Vite + Tailwind CSS v4

Quick Start

Prerequisites

Docker and Docker Compose
Git

Installation

Clone the repository:

git clone <repository-url>
cd Aegis

Start all services:

docker-compose up -d

Run database migrations:

docker exec -w /app aegis-backend-1 alembic upgrade head

Seed the admin user:

docker exec -w /app aegis-backend-1 python -m app.seed

Start the frontend (requires Node.js 20+ or Docker):

# Option A — with Node.js installed locally
cd frontend && npm install && npm run dev

# Option B — via Docker
docker run --rm -v ./frontend:/app -w /app -p 5173:5173 node:20-alpine sh -c "npm run dev"

Verify the installation:

# Backend health
curl http://localhost:8000/health
# Expected: {"status":"ok"}

# Frontend
# Open http://localhost:5173 — should show the Aegis login page

Authentication

The platform uses JWT-based authentication. After seeding, log in with the default admin credentials:

# Obtain a token
curl -X POST http://localhost:8000/api/v1/auth/login \
  -d "username=admin&password=admin123"

# Use the token to access protected endpoints
curl http://localhost:8000/api/v1/auth/me \
  -H "Authorization: Bearer <your-token>"

Important: Change the default admin123 password and SECRET_KEY in production.

Services

Service	Port	Description
Frontend	5173	React dev server (Vite)
Backend	8000	FastAPI REST API
PostgreSQL	5433	Database (mapped to 5433 to avoid conflicts)
MinIO API	9000	S3-compatible object storage
MinIO Console	9001	MinIO web interface

API Documentation

Once the backend is running, access the interactive API documentation at:

Swagger UI: http://localhost:8000/docs
ReDoc: http://localhost:8000/redoc

API Endpoints

Auth

Method	Route	Auth	Description
POST	`/api/v1/auth/login`	Public	Obtain JWT token
GET	`/api/v1/auth/me`	Authenticated	Current user profile

Techniques

Method	Route	Auth	Description
GET	`/api/v1/techniques`	Authenticated	List all (filters: `?tactic=`, `?status=`, `?review_required=`)
GET	`/api/v1/techniques/{mitre_id}`	Authenticated	Detail with associated tests
POST	`/api/v1/techniques`	Admin	Create technique
PATCH	`/api/v1/techniques/{mitre_id}`	Admin	Update technique fields
PATCH	`/api/v1/techniques/{mitre_id}/review`	Lead, Admin	Mark as reviewed

Tests

Method	Route	Auth	Description
POST	`/api/v1/tests`	Red Tech, Admin	Create test (state=draft)
GET	`/api/v1/tests/{id}`	Authenticated	Detail with evidences
PATCH	`/api/v1/tests/{id}`	Creator, Admin	Update (only draft/rejected)
POST	`/api/v1/tests/{id}/validate`	Lead, Admin	Validate + recalculate technique status
POST	`/api/v1/tests/{id}/reject`	Lead, Admin	Reject test

Evidence

Method	Route	Auth	Description
POST	`/api/v1/tests/{test_id}/evidence`	Authenticated	Upload evidence file (SHA-256 verified)
GET	`/api/v1/evidence/{id}`	Authenticated	Get metadata + presigned download URL

System

Method	Route	Auth	Description
POST	`/api/v1/system/sync-mitre`	Admin	Manually trigger MITRE ATT&CK sync
POST	`/api/v1/system/run-intel-scan`	Admin	Manually trigger threat-intel RSS scan
GET	`/api/v1/system/scheduler-status`	Admin	Background scheduler health & job list

Metrics

Method	Route	Auth	Description
GET	`/api/v1/metrics/summary`	Authenticated	Global coverage summary (counts + percentage)
GET	`/api/v1/metrics/by-tactic`	Authenticated	Coverage breakdown per MITRE tactic

Project Structure

Aegis/
├── docker-compose.yml          # Docker services configuration
├── backend/
│   ├── Dockerfile              # Backend container definition
│   ├── requirements.txt        # Python dependencies
│   ├── alembic.ini             # Alembic configuration
│   ├── alembic/                # Database migrations
│   │   ├── env.py
│   │   ├── versions/           # Migration files
│   │   └── ...
│   └── app/
│       ├── __init__.py
│       ├── main.py             # FastAPI application entry point
│       ├── config.py           # Application settings
│       ├── database.py         # SQLAlchemy configuration
│       ├── auth.py             # Password hashing & JWT utilities
│       ├── seed.py             # Admin seed script (python -m app.seed)
│       ├── models/             # SQLAlchemy models
│       │   ├── user.py         # User authentication model
│       │   ├── technique.py    # MITRE ATT&CK techniques
│       │   ├── test.py         # Security tests
│       │   ├── evidence.py     # Test evidence files
│       │   ├── intel.py        # Threat intelligence items
│       │   ├── audit.py        # Audit logging
│       │   └── enums.py        # Shared enumerations
│       ├── storage.py          # MinIO/S3 client (upload, presigned URLs)
│       ├── schemas/            # Pydantic request/response schemas
│       │   ├── auth.py         # LoginRequest, TokenResponse, UserOut
│       │   ├── technique.py    # TechniqueCreate/Update/Out/Summary
│       │   ├── test.py         # TestCreate/Update/Out/Validate
│       │   └── evidence.py     # EvidenceOut
│       ├── routers/            # API endpoint routers
│       │   ├── auth.py         # POST /auth/login, GET /auth/me
│       │   ├── techniques.py   # CRUD techniques (list, detail, create, update, review)
│       │   ├── tests.py        # CRUD tests (create, detail, update, validate, reject)
│       │   ├── evidence.py     # Upload evidence, presigned download
│       │   ├── system.py       # MITRE sync trigger, scheduler status
│       │   └── metrics.py      # Coverage summary & per-tactic breakdown
│       ├── dependencies/       # FastAPI dependencies (DI)
│       │   └── auth.py         # get_current_user, require_role, require_any_role
│       ├── jobs/               # Background scheduled jobs
│       │   └── mitre_sync_job.py  # APScheduler: MITRE sync (24h) + Intel scan (7d)
│       └── services/           # Business logic services
│           ├── audit_service.py
│           ├── status_service.py  # Recalculate technique status from tests
│           ├── mitre_sync_service.py  # MITRE ATT&CK sync via TAXII / GitHub
│           └── intel_service.py   # Automated intel scan via RSS feeds
└── frontend/                   # React + TypeScript frontend
    ├── index.html
    ├── package.json
    ├── tsconfig.json
    ├── vite.config.ts
    └── src/
        ├── main.tsx              # App entry point
        ├── App.tsx               # Route definitions
        ├── index.css             # Tailwind CSS entry
        ├── api/                  # Axios clients
        │   ├── client.ts         # Base axios instance with JWT interceptor
        │   └── auth.ts           # login(), getMe()
        ├── context/
        │   └── AuthContext.tsx    # Auth state: user, login, logout, isLoading
        ├── components/
        │   ├── Layout.tsx        # Sidebar + header + <Outlet/>
        │   ├── Sidebar.tsx       # Nav links (role-aware)
        │   └── ProtectedRoute.tsx
        ├── pages/
        │   ├── LoginPage.tsx
        │   ├── DashboardPage.tsx
        │   ├── TechniquesPage.tsx
        │   ├── TestsPage.tsx
        │   └── SystemPage.tsx
        ├── types/
        │   └── models.ts         # TS interfaces matching backend schemas
        ├── hooks/
        └── lib/

Database Schema

The platform uses the following data models:

Table	Description
`users`	User accounts with role-based access
`techniques`	MITRE ATT&CK techniques with coverage status
`tests`	Security tests validating technique coverage
`evidences`	File evidence attached to tests (stored in MinIO)
`intel_items`	Threat intelligence items linked to techniques
`audit_logs`	System-wide audit trail for all actions

Configuration

The application can be configured via environment variables:

Variable	Default	Description
`DATABASE_URL`	`postgresql://postgres:postgres@postgres:5432/attackdb`	PostgreSQL connection string
`SECRET_KEY`	`change-me-in-production`	JWT signing key
`ALGORITHM`	`HS256`	JWT signing algorithm
`ACCESS_TOKEN_EXPIRE_MINUTES`	`60`	JWT token lifetime in minutes
`MINIO_ENDPOINT`	`minio:9000`	MinIO server endpoint
`MINIO_ACCESS_KEY`	`minioadmin`	MinIO access key
`MINIO_SECRET_KEY`	`minioadmin`	MinIO secret key
`MINIO_BUCKET`	`evidence`	Bucket for evidence files

Development

Running Migrations

# Generate a new migration after model changes
docker exec -w /app aegis-backend-1 alembic revision --autogenerate -m "description"

# Apply migrations
docker exec -w /app aegis-backend-1 alembic upgrade head

# Rollback one migration
docker exec -w /app aegis-backend-1 alembic downgrade -1

# Check current migration
docker exec -w /app aegis-backend-1 alembic current

Accessing Services

MinIO Console: http://localhost:9001 (login: minioadmin / minioadmin)
PostgreSQL: psql -h localhost -p 5433 -U postgres -d attackdb

User Roles

Role	Description
`admin`	Full system access
`red_tech`	Red team technician - can create and edit tests
`blue_tech`	Blue team technician - can create and edit tests
`red_lead`	Red team lead - can validate tests
`blue_lead`	Blue team lead - can validate tests
`viewer`	Read-only access

License

Contributing

Please read the contribution guidelines before submitting pull requests.

Languages

Python 65.1%

TypeScript 33.1%

Shell 1%

HTML 0.5%

CSS 0.2%