DEV Community

Rizzy65
Rizzy65

Posted on

Dev Log #2 - From Scaffolding to First Telemetry

#security #programming #ai #development

If Dev Log #1 was about laying bricks, this one is about seeing the first lights turn on (and as a dev, it feels good.) Mirage/Apate went from “neatly stacked parts” to “a system that actually notices and remembers what touches it.” It’s still early to call it alive, but it’s real—and that’s a good feeling.

TL;DR

  • Shipped: working backbone (API + SSH/HTTP emulators), data persistence (DB + Redis), and a CI that has my back.
  • First telemetry: login attempts, HTTP pokes, and early session traces.
  • Lesson: real signals beat perfect plans—ship the simplest believable thing, then iterate.
  • Next: smoothing the emulators’ “personality,” better dashboards, and a tiny predictive prototype

What changed since Log #1

  • The API has a heartbeat. You can browse the docs locally (Swagger UI) and poke at endpoints without spelunking through code.
  • SSH and HTTP emulators are alive. They respond, they log, and they do it in a way that feels “real enough” to keep curious hands around a bit longer.
  • Data is sticky. Sessions, attempts, and a basic threat score now land in a database, with Redis helping keep things snappy.
  • The boring-but-critical stuff is there: Docker to run it all, iptables to keep it contained, and CI to tell me when I broke something.

In short: it’s not just a blueprint—it’s a house with lights, doors, and a guestbook, that forgets everything after a while, But I am working on it.

A tiny demo (60 seconds)

  • Start it up (Docker makes this painless).
  • Visit the API docs in your browser.
  • Trigger a simple request to see it flow through. 
# bring services up (example)
docker compose up -d

# check API is alive
curl -s http://localhost:8000/health

# explore the interactive docs
# open http://localhost:8000/docs
Enter fullscreen mode Exit fullscreen mode

What you should notice:

  • Health endpoint is up
  • Docs are browsable
  • New events show up as you interact with the emulators

No heroics, just proof.

DO SEND AN ISSUE IN MY REPO IF THE ABOVE ISN'T WORKING, AS I AM STILL LEARNING THE ROPES.

Design notes, without the PhD

  • Start with “believable enough.” If the emulators feel roughly like a real box, attackers will stay long enough to teach us something.
  • Keep the core tight. FastAPI for orchestration, Rust for fast/precise network handling, Redis/SQL for state. Fewer moving parts = fewer surprises.
  • Observe first, outsmart later. The “cognitive” layers will come, but the best training data is real behavior—so step one is to listen well.

What didn’t work (and what I changed)

  • I tried to over-script the SSH conversation early on. It felt brittle. I pared it back to a realistic baseline, then made room to layer nuance later.
  • I flirted with Postgres too soon. Switched to a simpler default (SQLite) for local flow, kept the door open for Postgres when it earns its keep.
  • I wanted dashboards on day one. Reality: get clean events first; pretty plots after. The data is now solid, so charts are next.

What’s next

  • Make the emulators more “human”: better prompts, more natural delays, fewer tells.
  • Dashboards that make sense at a glance (Grafana first, then iterate).
  • A tiny predictive experiment off to the side: can a simple model guess the next command on a toy dataset? Not production—just curiosity with a yardstick.
  • Safer defaults and more guardrails as I harden the container boundaries.

If you’ve read this far

Thanks. Building Mirage/Apate feels a bit like putting together a stage play: sets, lights, and a story that’s convincing enough for the audience to stay. The first claps (telemetry) are in. Now it’s about deepening the act—slowly, carefully, and with a smile. Hopefully, my drive for this lives on to finish the play.

Top comments (0)