* Update submodule pointers — final session cleanup
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Update web-app submodule — E2E fixes final
* chore: update docs, README, and submodule pointers
- Update CLAUDE.md with CI/CD info, shared infrastructure, Vite 8
- Update README.md status to Production
- Update submodule pointers for docs, web-app, biometric-processor
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Phase 0-5 fixes + CRUD/RBAC test scripts
- identity-core-api: 3 domain ports + 3 adapters, services use ports not JPA
- biometric-processor: FP endpoints → 501, voice async thread pool, HNSW script
- client-apps: iOS TokenStorage, Desktop storage, tenantId + X-Tenant-Id header
- web-app: widget SDK fixes (URL params, sandbox, postMessage origin)
- scripts: test-health.sh, test-crud.sh, test-rbac.sh (1,311 lines)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update docs submodule pointer (dead links fix)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: test script lastName validation — digits not allowed, use letters
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix 3 failing CRUD tests and harden RBAC test script
- Update tenant: remove `slug` field from PUT body (not in UpdateTenantRequest DTO)
- Update role: replace `tenantId` with `active` field (match UpdateRoleRequest DTO)
- Create auth flow: use tenant-scoped endpoint /api/v1/tenants/{id}/auth-flows
with authMethodType string instead of authMethodId UUID (match CreateAuthFlowCommand)
- Fix all auth-flow read/update/delete paths to use tenant-scoped URLs
- Add 1s sleep between login calls in RBAC script to avoid rate limiting
- Fix RBAC privilege escalation test to use correct UpdateRoleRequest fields
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: complete Phase 7 — integration guide, demo app, roadmap update
Mark Phase 7 (Client Integration Story) as complete in ROADMAP_V2.md.
Update docs submodule with INTEGRATION_GUIDE.md and demo/third-party-demo.html.
Old Phase 7 (iOS + Desktop) renumbered to Phase 8.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Phase 6 domain restructure + Phase 7 complete + production fixes
- Phase 6: pure domain models (User/Tenant/Role/Permission), mappers, V25 RLS
- Phase 7: integration guide, Acme Bank demo, roadmap updated
- Fix: Unicode name validation, CSP frame-ancestors, CORS biometric-api
- Fix: liveness frame count, redux-persist CJS interop
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: UI polish — NFC UX, responsive, i18n, settings audit, CORS fix
- NFC: browser-specific message + role-based buttons
- Widget demo + Developer portal: mobile responsive
- i18n: WidgetDemoPage (44 keys) + DeveloperPortalPage (8 keys) translated
- Settings: avatar upload + weekly reports disabled as "Coming soon"
- CORS: fixed env var name (CORS_ALLOWED_ORIGINS → CORS_ORIGINS)
- CSP: frame-ancestors 'self' for widget iframe
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: admin-only pages, hardware key info, login page cleanup
- Widget Demo + Developer Portal restricted to admin roles
- Hardware key enrollment: FIDO2 requirement info alert
- Login page: biometric methods behind "More options" toggle
- Card detection: display class_name from YOLO model
- Theme tokens for password icon (no hardcoded colors)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add Phase 8: Identity Verification Pipeline to roadmap
FIVUCSAS evolves from authentication-only to full Identity Verification
Platform (IVP). Phase 8 adds 5 sub-phases (8A-8E) covering verification
schema, document processing (YOLO + Tesseract OCR), face-to-document
matching (DeepFace), admin UI with flow builder, and advanced integrations.
Includes 7 Turkish industry templates (BDDK Banking KYC, SGK Healthcare,
YOK Education, e-Devlet Government, TCMB Fintech, BTK Telecom, Gig Economy).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Phase 8A — Verification Pipeline backend deployed
V26 migration applied, 6 API endpoints live, 5 industry templates.
22 files, 941 lines of new code. identity-core-api healthy.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: Verification Pipeline Architecture (1,971 lines)
13-section architecture document covering unified flow engine,
verification step types, industry templates, database schema,
API contracts, security, compliance, and implementation roadmap.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Phase 8B-8E — verification pipeline endpoints + step handlers deployed
- biometric-processor: 5 verification endpoints (document-scan, data-extract,
face-match, liveness-check, pipeline/test) + MRZ parser
- identity-core-api: 9 step handlers, handler registry, biometric client,
orchestrated pipeline execution
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Phase 8D — Verification Admin UI deployed
- VerificationFlowBuilderPage, VerificationDashboardPage
- VerificationSessionDetailPage, TemplateSelector
- VerificationRepository + useVerification hook
- Sidebar items + routes (admin-only)
- i18n keys for EN/TR
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: RLS enforcement, liveness 415, Phase 6 domain adapters, E2E tests
- RLS: SET LOCAL app.current_tenant_id wired via AOP
- Liveness: explicit multipart/form-data header (415 fix)
- Phase 6: User/Role/Permission domain repos + 3 services migrated
- E2E: 28 Playwright tests for verification pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add verification pipeline E2E test script
Comprehensive test script for the verification pipeline covering:
- Identity API: templates, sessions, step submission, user status
- Biometric Processor: document-scan, data-extract, face-match, liveness
- MRZ parsing: TD3 passport and TD1 ID card ICAO test cases
- Auto-detects Docker container IPs for direct access on Hetzner
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: verification pipeline E2E tested — client path fix + V27 seeds + test script
- BiometricProcessorClient: removed double /api/v1 prefix (was 404)
- V27 migration: 3 VERIFICATION flows seeded (Simple, Healthcare, Fintech)
- scripts/test-verification.sh: 13/13 tests pass
- All verification endpoints confirmed working in production
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Android CI, Tesseract OCR, Video Interview — all remaining items fixed
- client-apps: GitHub Actions APK build workflow (debug + release)
- biometric-processor: Tesseract OCR for TC Kimlik + video interview upload
- identity-core-api: VideoInterviewHandler + admin review endpoint + V28
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: update all documentation to reflect Phase 8 completion
All phases 0-8 are now complete. Updated status markers, test counts,
migration versions (V1-V28), and completion dates across all docs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update web-app submodule pointer for CLAUDE.md docs update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci: add iOS build workflow to client-apps
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: mobile app fully wired + APK v1.0.0 released
- All screens wired to real backend (Face, Voice, TOTP, Dashboard, Profile)
- Dashboard API path fix + StatisticsDto alignment
- Profile editing wired to PUT /users/{id}
- Debug APK (54MB) + Release APK (33MB) built and released
- ProGuard fix for SLF4J
- GitHub Release: v1.0.0-debug
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: final CLAUDE.md updates + submodule pointer sync
- Parent CLAUDE.md: APK v1.0.0 released, mobile apps 90%
- identity-core-api: verification pipeline details, Flyway V1-V28 summary
- biometric-processor: Phase 8B/8C verification endpoints documented
- client-apps: submodule pointer updated
- All phases 0-8 complete, 103 API + 28 Playwright + 304 unit tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add step-up auth docs and Cloudflare tunnel script
- docs: Step-up auth guide for mobile integration (3 endpoints, Android Keystore examples)
- scripts: cloudflare-tunnel.sh for routing biometric-processor through local GPU
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: 90/90 mobile tests passing + desktop kiosk mode + ProGuard fix
- Fixed 7 test files for API drift, all 90 shared unit tests pass
- Desktop kiosk mode: --kiosk flag, fullscreen, password-protected exit
- Desktop compilation verified
- SLF4J ProGuard rule for release APK builds
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* security: full audit & remediation — 42 of 43 findings fixed
Audit Tools Installed: Semgrep, Trivy, Hadolint, ShellCheck
Custom Review Commands: /security-audit, /arch-review, /test-gaps, /docker-review, /perf-review
Critical (8/9 fixed):
- Spring Boot 3.4.5→3.4.7, Security→6.4.13, Tomcat→10.1.53, Netty→4.1.132
- PostgreSQL JDBC→42.7.7, Commons-IO→2.21.0
- JWT tokens removed from settings, shell injection fixed
- 1 remaining: CVE-2026-22732 awaits upstream Spring Security 6.5.x
High (34/34 fixed):
- All dependency CVEs resolved via Spring Boot upgrade
- Docker: no-new-privileges on all services, read_only where safe
- Nginx: security headers fixed in location blocks
Medium (19/19 fixed):
- SRI integrity hashes on CDN scripts
- Dockerfile consolidation and --no-install-recommends
- Python 3.13: imghdr→magic byte detection
- Template literals in auth-test
Full report: docs/audit/AUDIT-2026-03-31.md
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: enrollment page 10-bug fix — submodule pointers + docs update
Updates identity-core-api and web-app submodule pointers for enrollment
page fixes: status auto-complete, face mobile UX, WebAuthn delete,
floating Snackbar, human-readable messages, TOTP/WebAuthn records.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: WebAuthn credential filtering by transport type — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: NFC enrollment + face search permission fix — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: biometric tools consolidation + camera flip + fixes — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: face enrollment, test buttons, voice silence, NFC UX, CI lint — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: face detection feedback, voice passphrase, remove self-enrollment — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: CI/CD fixes across all repos — lint, Storybook, self-hosted runner
- web-app: remove unused e2e variable (lint error)
- biometric-processor: remove Storybook (incompatible with Next 16)
- client-apps: Android CI switched to self-hosted runner (billing fix)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: face enrollment 400 + voice silence detection — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: FIDO2/WebAuthn complete in client-apps — submodule update
19 files, 1058 lines: full Credential Manager integration for
Android hardware keys and platform biometrics.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: face enrollment timing — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: face instant capture + client-apps roadmap — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: client-apps Phase 1 complete — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: client-apps docs rewrite + CLAUDE.md Phase 1 update — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: NFC auth + card detection crash — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Phase 2.1+2.3 complete — multi-step auth + voice search — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Phase 2 near-complete — icons, verification, roles, audit, step-up — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: face search + NFC verify — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: roadmap + feedback backlog update — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: W10+W11 + Phase 3.1+3.2+3.7 — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: W7-W11 + Phase 3 complete — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: dashboard + i18n + Terms/Privacy + login cleanup — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: dashboard 403 + NFC scanner + auth token — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: FACE/VOICE enrollment complete + viewport — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: auto-complete enrollment + responsive biometric tools — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: user activity + notifications for all — submodule update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: i18n + date mapping + NFC cleanup — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: end-of-session roadmap — submodule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: WebAuthn endpoints, iOS/Desktop platform, perf fixes, W20-W26
- identity-core-api: 4 WebAuthn REST endpoints + 22 tests
- client-apps: Phase 2 complete (iOS AVFoundation/LocalAuth/WebAuthn + Desktop ECDSA/WebAuthn)
- web-app: W20 mobile responsive, W21 2FA crash fix, W22 i18n audit, W25+W26 translations
- biometric-processor: /ping endpoint, HNSW indexes for face_embeddings
- CLAUDE.md updated with session progress
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: client-apps Phase 3 complete + v3.0.0 release — submodule update
- 277 tests (21 ViewModel test classes), CSV export, E2E framework
- Gradle 10 compat, all deprecated APIs cleaned
- Phases 1-3 all DONE, roadmap 100%
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: update all READMEs + repo descriptions + submodule pointers
- Parent README: v2.0.0, production URLs, current status
- identity-core-api: fix Maven refs, auth methods all working
- GitHub topics and descriptions set for all 5 repos
- Submodule pointers updated
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update web-app submodule — W16 cross-device session awareness
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(W24): update web-app submodule — remove duplicate enrollment from Settings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: update all documentation for 2026-04-05 session
Update ROADMAP_V2, CLAUDE.md, and submodule pointers to reflect W14/W16/W24
completion, public widget-demo/developer-portal, Python 3.12 revert, and
session awareness UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: update docs submodule — SMS OTP activation plan
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update web-app and client-apps submodules (test coverage)
- web-app: E2E auth stabilization + 28 new unit tests (useSessions, SessionsSection, useDevices)
- client-apps: 32 new ViewModel tests (AuthFlow, MultiStepAuth, UserProfile)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update docs submodule (5 future feature design documents)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: update submodule pointers for client-apps and web-app test additions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: create ROADMAP_MASTER.md consolidating all project roadmaps
Single source of truth replacing ROADMAP.md, ROADMAP_V2.md, and
MASTER_PLAN.md. Includes executive summary, architecture overview,
completion dashboard, phase history (0-8), future roadmap (phases 5-10),
test coverage, deployment status, tech stack, and risk register.
Old files marked as deprecated with pointer to new document.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add Marmara BYS demo site for FIVUCSAS third-party auth integration
Static demo website showing how a university student information system
integrates FIVUCSAS as a third-party authentication provider via the
OAuth widget SDK. Hosted at bys-demo.rollingcatsoftware.com.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update submodules for tenant-controlled 2FA
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update submodule pointers after OAuth 2.0/OIDC compliance audit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: optimize CLAUDE.md, update ROADMAP_MASTER with April 5 accomplishments
- CLAUDE.md: reduced from ~500 to ~130 lines (concise, structured)
- ROADMAP_MASTER: added 20 completed items from April 5 session
- Updated submodule pointers for all repos
- Added AUDIT_REPORT, CONTRIBUTING, LICENSE, SECURITY from CI/CD agent
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: audit log device info, tenant name fix, BYS demo redesign
Backend: Wire User-Agent to audit_logs for device tracking
Web-app: Fix tenant name (use API), parse device info in activity logs
BYS demo: Redesigned to match real bys.marmara.edu.tr (light theme,
CAPTCHA, e-Devlet button, forgot password links, institutional styling)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: polished BYS demo, policies footer, settings fix
BYS demo: Google Fonts, gradient navbar, detailed SVG crest,
input icons, modern card styling, hover effects, better CAPTCHA
Web-app: policies footer links, 2FA chip overflow fix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: BYS dashboard responsive + Google Fonts on all pages
Added Inter font import to dashboard.html and callback.html.
Enhanced mobile responsive: navbar wraps, smaller fonts, hide user name,
compact stat cards, better table sizing, stacked powered-by section.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: adaptive MFA engine backend (Phase B complete)
identity-core-api: V30 migration, CHOICE steps, MFA sessions,
method picker response with enrollment status.
Marmara Adaptive Login flow set as default (PASSWORD + CHOICE[9 methods]).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: all 3 MFA phases complete — widget fix + method picker + deploy
Phase A: Widget responsiveness (iframe-aware, resize, overflow)
Phase C: Method picker UI (MethodPickerStep, LoginPage, i18n)
BYS demo: overlay scroll fix deployed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: correct stale docs metrics + setup-twilio.sh env var bug
- setup-twilio.sh: TWILIO_ENABLED→SMS_ENABLED (matched application.yml)
- ROADMAP_MASTER.md: controllers 25→21, pages 17→30, screens 31→78,
tests 1250→1800+, migrations 28→30, codebase 15K→224K lines,
containers 16→19, APK v3→v4, added missing known limitations
- CLAUDE.md: test counts updated (633+619+401+27), migrations V0-V30,
added MULTI_METHOD_2FA_DESIGN.md to plans list
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: MFA login flow, UI fixes, remove Aysenur TODO item
- identity-core-api: MFA fields now passed through AuthController
- web-app: fingerprint labels, breadcrumbs, settings cleanup, i18n
- TODO: removed Aysenur coordination item (no longer needed)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update submodule pointers after domain migration to fivucsas.com
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: N-step MFA flow — JWT deferred until all steps complete
Update submodule pointers for identity-core-api and web-app.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add SEO for landing-website and bys-demo
Landing (fivucsas.com): robots.txt, sitemap.xml, JSON-LD Organization
structured data, apple-touch-icon link. OG tags already complete.
BYS Demo (demo.fivucsas.com): robots.txt, meta descriptions, OG tags,
Twitter Card tags on all 3 pages. Dashboard and callback marked noindex.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update submodules, CLAUDE.md verified date
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: replace inline auth SDK with official FivucsasAuth from verify.fivucsas.com
Replaced ~147 lines of inline iframe/overlay code with the official
FivucsasAuth SDK loaded from verify.fivucsas.com/fivucsas-auth.js.
Updated callback.html to display accessToken and refreshToken fields.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: N-step MFA widget + mobile app v5.0.0 + verify.fivucsas.com deployment
Widget:
- LoginMfaFlow component for embedded login + MFA flow
- VerifyApp supports login mode (no session_id) and session mode
- MultiStepAuthFlow fully i18n (EN+TR)
- Built and deployed to verify.fivucsas.com (Docker + Traefik)
- SDK available at verify.fivucsas.com/fivucsas-auth.js
Mobile (v5.0.0):
- Full N-step MFA API integration (verifyMfaStep, sendOtp, generateQr)
- MfaFlowViewModel + MfaFlowScreen with method picker
- LoginViewModel handles mfaRequired state
- APK v5.0.0 released on GitHub
BYS Demo:
- Replaced inline SDK with official FivucsasAuth from verify.fivucsas.com
- Deployed to demo.fivucsas.com
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: SDK IIFE export + redeploy verify-widget with fixed SDK
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: bio security lockdown, domain redirects, docs update
- Biometric API: internal only (3-layer security)
- fivucsas.com.tr/.online/.info → 301 redirect to fivucsas.com
- status.fivucsas.com → Uptime Kuma
- All CLAUDE.md files updated
- SDK IIFE export fix deployed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update submodule refs (bio security fix, web-app docs)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: docs.fivucsas.com API documentation site + security levels v2
Docs site (Docker + nginx + Traefik):
- Landing page with FIVUCSAS branding
- Identity API docs (Swagger UI)
- Biometric API docs (internal, OpenAPI spec)
- Widget SDK documentation with examples
Auth method security levels design v2:
- Variant-aware: 30+ subtypes across 10 methods
- Dynamic score computation based on configuration
- Shield system (1-5) with user-friendly labels
- Implementation scope for all affected files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: docs site SEO (robots.txt, sitemap.xml)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: enhanced SEO — JSON-LD SoftwareApplication + WebSite schemas
- SoftwareApplication schema with featureList (12 features)
- WebSite schema for sitelinks search box
- Sitemap expanded: 5 URLs across subdomains
- Rebuilt and deployed to Hostinger
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update docs submodule (security levels v3)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: widget UX fixes, WebAuthn rpId fix, code quality refactoring
- BYS demo callback: redirect 3s→10s
- Update submodule refs: web-app (auth constants, i18n, widget fixes),
identity-core-api (WebAuthn MFA crypto verification)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: landing page — supervisor name, Demo/Status links, hero CTA
- Supervisor: 'Marmara University Faculty' → Assoc. Prof. Dr. Mustafa Ağaoğlu
- Nav: add Demo (demo.fivucsas.com) and Status (status.fivucsas.com) links
- Hero: add 'Live Demo' CTA button
- Footer: add Demo and Status subdomain links
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: complete Mobile QA Sprint tracking — 15/23 fixed, P3 status updated
- P3 table: add Status column (M19/M20 DONE, M21-M23 PLANNED)
- QR section: mark 403 spam and CSP noise as FIXED
- Phase 5: update to reflect Twilio Verify code complete, awaiting Auth Token
- Overall: 93% completion, SMS activation one command away
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: update submodule refs (web-app PWA, docs analytics plan)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: update identity-core-api submodule (SMS env wiring)
* chore: update submodule refs (enrollment bug fixes)
* chore: update submodule refs (SMS OTP verification + voice numba fix)
- identity-core-api: Twilio Verify native check for SMS_OTP (25c8a40)
- biometric-processor: NUMBA_DISABLE_JIT=1 fixes voice 500 errors (cec5bb1)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: update submodule refs (CORS OPTIONS fix + enrollment race conditions)
- biometric-processor: OPTIONS bypass for CORS preflight (efb106f)
- web-app: voice/NFC createEnrollment await + NFC 409 auto-succeed (67e1871)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: update submodule refs (fingerprint allowCredentials + voice/face complete)
- identity-core-api: allowCredentials in fingerprint challenge (00f0893)
- web-app: allowCredentials threading + VOICE/FACE complete PUT (e11a354)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: update web-app submodule ref (voice/face complete PUT + audit log gate)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: auth method audit + biometric flow research + WebAuthn fixes
- Add docs/AUTH_METHOD_AUDIT.md — complete data contract audit (4 dispatchers × 2 backend paths)
- Add docs/BIOMETRIC_FLOW_RESEARCH.md — browser→DB trace for face/voice/fingerprint
- Add docs/AUTH_TEST_VS_WEBAPP_ANALYSIS.md — auth-test vs web-app forensic comparison
- Update identity-core-api submodule (base64 fix, allowCredentials)
- Update web-app submodule (assertion format, field name fixes)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: update docs submodule with auth research reports
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: update submodules — session path fixes, face camera, NFC enrollment
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: update web-app submodule — WebAuthn diagnostic logging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: update submodules — i18n, rate limits, face camera, mobile debug
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: entity professionalization, error UX, breadcrumb i18n, CLAUDE.md trimmed
- Update submodule refs (web-app, identity-core-api)
- ROADMAP_MASTER.md: add S14-S19 session fixes
- CLAUDE.md: update last verified date to 2026-04-11
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: publish-ready cleanup across all repos
Parent repo:
- Remove 14 internal docs (audits, reviews, TODOs, roadmap duplicates)
- Remove auth-test/ and docs-site/ directories
- Clean docs/ submodule (137 academic/archive files removed)
- Add READMEs for landing-website and scripts
- Update .gitignore, CLAUDE.md, consolidate ROADMAP.md
Submodules updated:
- identity-core-api: remove 6 internal docs
- web-app: remove 13 docs + 2 zips, untrack .env.production
- biometric-processor: remove 4 docs, reorganize tests into tests/
- client-apps: remove 28 docs + archive/, add CHANGELOG.md
- practice-and-test: add proper README
- docs: remove 137 academic/archive files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* build: rebuild verify-app with postMessage bridge fixes
Updated from web-app dist-verify:
- MultiStepAuthFlow: onStepChange prop via useEffect (not render body)
- LoginMfaFlow: onStepChange prop wired through phase/method/step changes
- VerifyApp: removed illegal render-body step-change calls
Fixes fivucsas:step-change events to parent SDK.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: remove accidentally staged auth-test embedded repo
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: verify and update roadmap — mark completed items, update open issues
- Mark getAllUsers() pagination as done (verified: Spring Data PageRequest)
- Mark EnrollmentManagementController as done (verified: EnrollmentRepository.ts)
- Mark postMessage bridge as done (verified: all 5 events emitted, deployed 2026-04-13)
- Update Phase 7 progress 75% → 90%
- Update last-updated date to 2026-04-13
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* ci: stop silencing all docker compose validation errors
- Remove blanket `|| true` from docker-compose.yml and docker-compose.dev.yml
validation so real errors are no longer swallowed
- Replace fragile grep pipe on prod compose with a pattern that only fails
on actual Error lines, still suppressing the known submodule-context warning
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: ML split — CardDetector.ts, Web Components, V33 voice migration, ONNX warmup
- V33__create_voice_enrollments_table.sql: fix real voice auth crash (table was missing)
- biometric-processor/scripts/init-db.sql: add voice_enrollments + trigger + cleanup
- CardDetector.ts: ONNX Runtime Web YOLOv8n inference (WASM, letterbox, temporal smoothing)
- BiometricEngine.buildWithDefaults(): instantiate CardDetector + EmbeddingComputer
- onnxruntime-web@1.18.0 installed; onnxruntime>=1.18.0 in requirements.txt
- yolo_card_type_detector.py: startup warmup + per-inference timing log
- public/models/: README + .gitkeep scaffold for client model files
- src/elements/: FivucsasVerify.ts, FivucsasButton.ts, index.ts
- vite.config.elements.ts: build:elements → dist-elements/ (UMD+ESM, 6.6 kB)
- bys-demo/test-elements.html: live event log test page
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: bump submodules — client-side ML split Phases 1-4 + V33 deploy
- identity-core-api: NFC port fix + V33 voice_enrollments migration
(applied on production, Flyway history now at V33)
- biometric-processor: Alembic V4 client_embedding observation pipeline
(log-only per D2)
- web-app: Phase 3 model delivery (fetch-models + manifest + SHA256
verification) and Phase 4 Silero VAD V1 with graceful fallback
- docs: CLIENT_SIDE_ML_PLAN.md v2.0 rewrite (honest pre-filter-only
strategy, D1-D4 locked)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: sync root CLAUDE/ROADMAP/CHANGELOG + bump submodules for ML split + V33
- CLAUDE.md: Flyway V1-V33, Alembic 0001-0004, observations table note
- ROADMAP.md: last-updated bump
- CHANGELOG.md: 2026-04-14/15 entry (ML Phase 2-4, V33 deploy, known gaps)
- Submodule pointers bumped: identity-core-api, biometric-processor, web-app, docs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: bump web-app submodule — dashboard UX + VoiceStep WAV (VAD enabled)
Brings in two agent-produced fixes merged onto web-app/main:
- Dashboard UX: NotificationPanel date-fns relative time, SnackbarProvider preventDuplicate
- VoiceStep now emits 16kHz WAV, unblocking the Silero VAD upload gate
that had been bypassing WebM silently since Phase 4
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: demo.fivucsas MFA hardening — widget, API, demo, nginx
- web-app submodule: fingerprint base64url fix, QR 429 loop guard,
SMS button contrast, iframe allow syntax, success payload
completeness, device-auth i18n rename
- identity-core-api submodule: rate-limit /auth/mfa/qr-generate
- bys-demo/callback.html: Continue Now button, 5s redirect (was 10s),
conditional rendering relies on complete success payload
- verify-widget/nginx.conf: explicit Permissions-Policy allow-list for
camera, microphone, publickey-credentials on widget origin
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: bump submodules for changelog updates
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: bump web-app submodule — vite build unblocks
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: widget usePerf crash + unblock camera/mic on widget
- web-app submodule: usePerf() returns noop instead of throwing when no provider
- verify-widget: refreshed bundled assets with the PerfContext + prior MFA fixes
- docker-compose.prod.yml: reconfirm secure-headers@file (entrypoint already applies it)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: sync widget bundle (PerfContext noop) + identity-core-api reuse fix
- verify-widget/html: copied latest dist-verify bundle so the PerfContext
noop change actually ships (prior commit bumped submodule but forgot
to regenerate the widget static assets).
- identity-core-api submodule bump: TOTP+EMAIL_OTP reuse false-positive fix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(bys-demo): grant camera/mic to verify.fivucsas.com + fix redirect + mobile UX
- .htaccess: explicit verify.fivucsas.com allowlist in Permissions-Policy so
parent page delegates camera/mic/webauthn to widget iframe origin.
- index.html: include success:true, email, displayName, sessionId in
sessionStorage payload so callback/dashboard.html gate passes.
- styles.css: mobile (<=480px) overrides for login card padding + input sizing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(bys-demo): single-quote Permissions-Policy + Turkish chars + captcha overflow
Apache on Hostinger didn't unescape \\\" inside double-quoted Header values —
the literal backslashes leaked into the response header and broke the
structured header parser, killing camera/mic delegation to the widget iframe.
Switching the outer delimiter to single quotes allows unescaped double quotes
inside, producing a spec-compliant Permissions-Policy value.
Also:
- index.html: fix missing Turkish diacritics in the auth-failed alert.
- styles.css: captcha-row flex-wrap + captcha-input min-width:0 so the
"Kodu giriniz" box no longer overflows on narrow viewports.
- web-app submodule bump.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(bys-demo): Turkish diacritics + fully translated Turkish dashboard
The BYS demo targets Turkish users (lang=tr) but most of the copy was
written without diacritics (Universitesi, Ogrenci, Sifre, Giris…) and
the dashboard plus callback page shipped entirely in English (Welcome,
Student Number, GPA, Spring 2026, Good, Logout, Announcements…). Fixed
throughout index.html, callback.html, dashboard.html so the demo reads
like a real Turkish university portal.
Also bump identity-core-api submodule: Twilio Verify setLocale("tr") so
the SMS OTP body is delivered in Turkish rather than English.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: bump web-app — widget CSP allows tfhub.dev for BlazeFace
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: record 2026-04-15 evening MFA hardening + Twilio regulatory finding
- CHANGELOG: new [Unreleased] section for the evening continuation
(widget bundle sync, Apache .htaccess quoting, tfjs-converter,
CSP tfhub.dev, voice phrase prompt, Face back button, bys-demo
Turkification, success redirect gate, Twilio setLocale).
- docs submodule bump: SMS sender ID branding appendix explaining
why "TWVerify" shows in Turkey and the BTK/İYS registration path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: hosted-first auth pivot — parent repo CLAUDE + ROADMAP
Record architectural direction at the project root so future conversations
and teammates see the pivot before drilling into web-app.
CLAUDE.md:
- Add "Architectural direction (2026-04-16)" section: hosted-first
redirective OIDC as primary, widget iframe demoted to inline step-up
MFA; why (industry pattern + NFC/WebAuthn/ITP rationale); platform
coverage (web/iOS/Android/Electron/CLI via RFC 8252)
- Update Key Features to reflect hosted + widget dual-surface
ROADMAP.md:
- Bump overall completion 98% → 99%; refresh test counts
- Insert "Active initiative: Hosted-first auth + Round-5 hardening" at
top with Wave 0-4 breakdown
- Point to web-app/docs/AUDIT_REPORT_2026-04-16.md and web-app/TODO.md
for detail
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(bys-demo): flip primary CTA to hosted loginRedirect()
- index.html primary FIVUCSAS button now calls loginRedirect() →
browser navigates to verify.fivucsas.com/login (top-level context,
so NFC/passkeys/autofill work natively), then returns with
?code=...&state=... to callback.html.
- Inline iframe widget moved to secondary "İnline MFA (gelişmiş)"
link for step-up MFA demos.
- callback.html now calls handleRedirectCallback() to exchange the
authorization code for tokens via /oauth2/token with PKCE verifier.
Falls back to stashed widget tokens for backwards compat.
- Added secondary-button styling in styles.css.
* chore: submodule bumps — hosted-first OIDC + PR-1 test/i18n fixes
identity-core-api: 04c80e1 (RFC 6749 §4.1.2.1 authorize error code;
hosted-login endpoints; RFC 8252 loopback; echo completedMethods on MFA)
web-app: 6e221ad (HostedLoginApp + SDK loginRedirect/handleRedirectCallback;
widget NFC framed-context fallback; tests aligned with formatApiError;
audit-code i18n gaps filled; hosted-login integration guide)
* docs(roadmap): PR-1 in review — 9 blockers + demo-day safety note
Parent roadmap reflects the three-review consensus (Copilot + backend
reviewer + web-app reviewer) on PR-1: SecurityConfig permitAll is the
show-stopper; 9 total blockers tracked in web-app/TODO.md. Confirms
2026-04-16 demo runs the widget flow, not loginRedirect — prod
unaffected by the in-review code.
Bumps web-app submodule to c4d60ed (TODO.md punch list).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore(submodules): bump identity-core-api + web-app — PR-1 blockers complete
identity-core-api → ae1bb7f (11 commits):
B1 permitAll hosted-login OAuth2 endpoints
B2 bind client_id to MfaSession (cross-client replay)
B3 mandate PKCE S256 for public clients
B4 atomic @Transactional code-mint + consumed_at (V35)
B5 IPv4-only loopback + reject any incoming query (RFC 8252)
B6 parse redirect_uris via Jackson
smaller fixes: 403→400 on tenant mismatch, Retry-After 429,
drop isHtmlAccept branch, derive completedMethods from MfaSession
web-app → 519b035 (5 commits):
B7 nonce validation + redirect URI scheme allowlist
B8 hosted-login end-to-end test coverage
B9 per-route CSP frame-ancestors + frame-bust
Part D i18n: 5 dashboard pages + 3 date-locale + swallowed-catch logs
voice: wav16k conversion so Silero VAD gates uploads
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore(submodules): bump to main after PR-1 merge
identity-core-api → faeb1a4 (main, CHANGELOG + PR-1 merged)
web-app → 0d05ebd (main, TODO/CHANGELOG + PR-1 merged)
Both PRs merged via --merge strategy; per-blocker commits preserved
for security audit. See each repo's CHANGELOG [2026-04-16] for hashes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: update public-facing docs to reflect 2026-04-16 reality
README:
- Drop stale version badge (2.0.0) and Python 3.13 badge (actual: 3.12)
- Update tech-stack table: Spring 3.4.7, PostgreSQL 17, Redis 7.4, Traefik v3.6
- Replace "all 9 phases complete" narrative with concrete shipped features
including Flyway V36, hosted-first auth, GDPR Art. 17/20
- Fix test commands (Gradle→Maven, Vitest, pytest, Playwright)
ROADMAP:
- Replace "PR-1 In Review — Needs Revision" (stale) with merge record
(identity-core-api#16 → 8059ca9, web-app#22 → 048de42)
- Document all 9 B1-B9 blockers as merged
- Add GDPR follow-up + deploy-to-prod as Wave 0 remaining item
CHANGELOG:
- Convert 4× [Unreleased] with past dates to proper [YYYY-MM-DD] releases
- Add [2026-04-16] section for PR-1 + GDPR + CI consolidation + doc archive
CONTRIBUTING:
- Gradle → Maven 3.9+ (identity-core-api uses Maven)
- Python 3.11+ → 3.12+ (actual runtime)
- Node 20+ → 22+ (matches web-app + biometric-processor CI)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(submodules): bump to main after doc cleanup + CI consolidation
Submodule bumps:
- identity-core-api: CI workflow + README refresh
- web-app: README refresh + i18n audit (notifications.actions.* keys)
- biometric-processor: 4→2 workflow consolidation, 44-file archive sweep, README refresh
- client-apps: 13-file archive sweep
- docs: 45-file archive sweep (ADD_*, DOCS_MODULE_*, pgvector drafts, status reports)
- practice-and-test: 13-file archive sweep
CLAUDE.md: drop "Phases 0-8 complete" stock phrasing.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: verify-widget rebuild + biometric-processor submodule bump
- Widget: rebuild with new content hashes, widen CSP connect-src to allow
tfhub.dev and kaggle.com for client-side model downloads.
- biometric-processor: ML perf improvements (FP16 YOLO, demographics TTL
cache, optimized texture liveness, MediaPipe face detector, profiler
flag), Resemblyzer restore with librosa==0.9.2 pin for Py3.12 compat,
voice_enrollments table.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(content): correct stack versions, test count, external link rel + skip-to-content
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(demo): Turkish encoding, SRI integrity, CSP meta, remove dead EN toggle
- Fix 4 Turkish-char encoding issues in index.html (Güvenlik, İlk şifremi
oluştur, Erişebilirlik, Yardım)
- Add SHA-384 Subresource Integrity + crossorigin=anonymous to the
verify.fivucsas.com/fivucsas-auth.js script in index.html and
callback.html. Elements bundle at /elements/fivucsas-elements.js is
currently 404 on CDN, so test-elements.html gets crossorigin only
(integrity to be added once bundle is published).
- Add Content-Security-Policy meta tag to all three HTML files, matching
verify-widget's own policy (script-src includes 'unsafe-inline' to keep
existing inline scripts working).
- Remove dead EN language toggle anchor in index.html utility bar
(site is TR-only).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump web-app submodule + widget rebuild after parallel audit fixes
web-app:
- 4e07fd2 i18n(dashboard): wrap hardcoded strings on users + auth + shared tables
- 689d1af fix(hosted-login,widget): postMessage origin strict, i18n coverage, load timeout, NFC scan timeout copy
Widget html rebuilt from dist-verify/ (17 new i18n keys across en+tr included).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* a11y(landing): emoji icon aria-labels, mobile nav breakpoints
- Wrap feature/howItWorks/service/devRole emoji spans with role="img"
and aria-label sourced from new iconLabel fields so screen readers
announce semantic meaning (e.g. "Locked padlock", "Key", "Eye").
- Shift mobile hamburger from md:hidden to lg:hidden and desktop nav
from hidden md:flex to hidden lg:flex so the cramped md-range row
(which overflowed on narrow tablets and <320px) now uses the mobile
menu up to the lg (1024px) breakpoint.
- Build stays green: 422 modules, 0 TS errors.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(demo): guard console logs, SVG aria-labels
- Guard widget onStepChange and onCancel console.log calls behind
location.hostname === 'localhost' so production sessions no longer
emit step telemetry. console.error paths retained for real errors.
- Add role="img" + Turkish aria-label to the phone and email SVGs in
the header contact bar so screen readers announce them.
- Add aria-label="Güvenlik kodunu yenile" to the CAPTCHA refresh
button and mark its inner SVG aria-hidden so the button label is
the single a11y name.
EN language toggle was already removed from all HTML; only an orphan
.lang-link CSS rule remains, which is harmless.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat(landing): list all 3 team members with Turkish diacritics
Previous team section only showed Ahmet as solo lead plus 3 generic
role cards. Now shows Ahmet Abdullah Gültekin, Ayşe Gülsüm Eren,
Ayşenur Arıcı with their actual responsibilities.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat(landing): refine team scopes per owner contributions
Ahmet: Face/Voice/MRZ and full-stack leadership.
Ayşe Gülsüm: Mobile plus biometric-puzzle enhancements (hand &
finger tracking, puzzle mechanics).
Ayşenur: Computer vision and ML research — YOLO card detector,
liveness, anti-spoofing, model training.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump submodules — team scopes + filtered Swagger
landing-website: refine team scopes per actual ownership (Face/Voice/
MRZ to Ahmet, hand/finger tracking + puzzles to Ayşe Gülsüm, CV/YOLO/
liveness to Ayşenur).
identity-core-api: expose filtered Swagger UI at /swagger-ui.html to
third-party integrators while hiding admin endpoints. Fix CSP so the
UI renders.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* docs: add CHANGELOG with 2026-04-16 team section entry
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump identity-core-api submodule — swagger CHANGELOG entry
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* style(landing): tighten team scopes + visual hierarchy
Consistent granularity across all 3 cards (8 / 3 / 3 items). Lead
card gets: "Lead" badge pill, gradient background, primary ring,
thicker border with glow shadow, slight lift on desktop. Scope
strings normalized to single-word tokens separated by middle dot.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* style(landing): tone down team card — remove Lead badge + card lift
Drop the promotional treatment (Lead pill, lift, glow, ring, bold
outline) in favor of a subtle primary-500/30 border on the lead
card. Scope trimmed from 8 to 7 items (dropped Desktop — rarely
shipped standalone). Role renamed "Principal Engineer" → "Full-Stack
Developer" to match how the project is actually built.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* style(landing): equal team cards, distinct avatar gradients
All three cards share the same container treatment — slate bg, slate
border, primary border on hover. Each avatar gets its own gradient
(blue-violet, fuchsia-pink, emerald-teal) so members feel individual
without any one looking elevated above the others.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(web-app): stop tracking generated verify-widget asset bundles
* chore: bump web-app + identity-core-api submodules (deploy round 2026-04-18)
web-app main: lazy-load ONNX+BlazeFace (perf), dashboard UX polish,
GDPR export wired to backend /users/{id}/export.
identity-core-api main: V37 oauth2_clients.tenant_id index
(reaffirmation no-op vs V24 for audit seq-scan finding).
Backend image rebuilt + container restarted (Flyway V34-V36 confirmed
already in prod DB from 2026-04-16). web-app dist rsync'd to Hostinger.
bys-demo rsync'd to Hostinger.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump submodules — V38 oauth2 public flip, MobileFaceNet deprecated, web-app CI → ubuntu-latest
- identity-core-api 06a9f78 → 4a0f58f (V38 + CI split)
- web-app 52f2fe1 → cd0c1ba (MobileFaceNet removal + CI to ubuntu-latest)
- docs 01d63b3 → 3fc031e (D2 clarification)
* docs(roadmap): refresh for 2026-04-18 — phase A–L restructure, post-V38 state
Rewrite ROADMAP.md header + active-initiative block to reflect today's
round: V38 OAuth2 public flip (fivucsas-web-dashboard → PKCE-only),
MobileFaceNet deprecated (landmark-geometry sole client embedding),
marmara-bys-demo client registered, web-app PR CI migrated to
ubuntu-latest, pre-existing lint debt (23 errors / 63 warnings)
surfaced.
Replace the former Wave 0 / 2 / 3 / 4 blocks with the new Phase A–H
structure from /home/deploy/.claude/plans/rustling-pondering-wind.md.
Historical Phase 1–7 sections retained verbatim.
Add 2026-04-18 Timeline table: April = A + B + L done; May = C + E +
D start; June = G quick wins + D continued; July = F observability;
Aug = H waves 2–4; Sept+ = G6 BYOD. Add AD-005 (landmark-geometry
only) + AD-006 (SPA public-client flip) to Architecture Decisions.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump submodules — roadmap + TODO refresh
web-app → 00c40b6 (docs(todo): mark deferred items done, add Phase A–H
open items)
identity-core-api → 31b33c5 (docs(todo): seed identity-core-api backlog
from Phase C/D/E/H plan)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump submodules — dependabot merges + CI perf
- web-app → 440c9fb (protobufjs 7.5.5, follow-redirects 1.16.0; 0 vulns)
- identity-core-api → f409df8 (mvn -T 2C unit-test parallelism)
* docs: 2026-04-18 round 2 — Phase A–L deploy round + submodule bump
- CHANGELOG: V37/V38 applied, CI unblock + dependabot sweep + MobileFaceNet strip
- CLAUDE.md: Last verified 2026-04-18, Flyway V1-V38, CI layout explained
- Submodule pointers: web-app a9713f2, identity-core-api d747cd1
* fix(demo): ship SDK bundle with loginRedirect + update SRI
verify.fivucsas.com was serving the Apr-15 SDK bundle which predates
loginRedirect(). demo.fivucsas.com called auth.loginRedirect() → TypeError,
caught by the demo's try/catch and surfaced as "Giriş başlatılamadı."
Rebuild dist-sdk (vite.sdk.config.ts), copy the new 15,684-byte bundle
into verify-widget/html/, and update both bys-demo pages' SRI hashes to
match. verify-widget docker image rebuilt + restarted so traefik now
serves the new JS. bys-demo rsynced to Hostinger.
* chore: file pollution cleanup
- biometric-processor: bump pointer after garbage removal
(=0.10.0, 2025-12-26-*.txt prompt scratch)
- bys-demo/robots.txt: disallow /test-elements.html
(dev Web Components demo, kept but not indexable)
- Remove orphan auth-test/ and empty .github/ISSUE_TEMPLATE/
from parent working tree (were untracked only)
* fix(verify-widget): short-cache SDK + cache-bust URL on demo
Browsers cached the Apr-15 SDK bundle under max-age=31536000 (1 year). When
we shipped a new bundle with the correct SRI hash today, the cached old
bytes failed the new SRI check → FivucsasAuth never loaded → demo buttons
failed with "Giriş başlatılamadı."
- nginx.conf: specific /fivucsas-auth.js location moved ABOVE the generic
.js rule so it actually takes effect (nginx regex locations are
first-match). SDK now serves max-age=300, must-revalidate. Other static
assets keep 1y immutable.
- bys-demo/{index,callback}.html: ?v=20260418 cache-bust on SDK URL so any
user with a stale cache re-fetches immediately.
Also bump identity-core-api pointer to 281e9e0 — IC CI test drift fix
(838/838 tests pass).
* docs: log 2026-04-18b evening round + bump IC submodule
Captures demo.fivucsas.com login recovery (SDK bundle update +
nginx cache-ordering fix + SRI bump + URL cache-bust), IC CI
green via test-source drift repair (838/838), Dependabot #28
Vite 6.4.2 merge, and file-pollution sweep (biometric-processor
junk + parent orphan dirs + robots.txt test-elements disallow).
Submodule pointer bumped to 91c0aaf (IC CHANGELOG docs commit).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* docs: 2026-04-18c — hosted-login UX recovery (callback/stepper/locale/face/copy)
Five coordinated UX fixes against the hosted-first OIDC flow observed on
https://demo.fivucsas.com. Full narrative in parent CHANGELOG.md
[2026-04-18c] section; per-repo detail in web-app (3e69fac) and
identity-core-api (bdc3fd9).
Summary of shipped work
- Fix 3 (highest priority): callback card now shows real userId / email
/ completedMethods. SDK decodes id_token + falls back to
/oauth2/userinfo. +2 Vitest tests.
- Fix 5: OIDC ui_locales threaded end-to-end — tenant loginRedirect
appends it, IC authorize parses + forwards on hosted redirect,
HostedLoginApp resolves ui_locales -> legacy locale ->
navigator.language -> en. +1 Maven test.
- Fix 1: face-failure UI replaced conflicting "Verification failed.
Captured face" string with contextual retry tips + grayscale-on-error
alt text. No biometric threshold change.
- Fix 4: new <StepProgress> component unified across all 10 methods.
- Fix 6: widget.* and mfa.face.* copy audit in en.json + tr.json.
Submodule bumps
- web-app main: a9713f2 -> 3e69fac
- identity-core-api main: 91c0aaf -> bdc3fd9
Parent-tracked artefacts
- bys-demo/{index,callback}.html: cache-bust to v=20260418c + new SRI
sha384-LLegFtvECu4lDPINAMXGPM3C5lo3SCnj9jaqBAi1LDvxGILTG8Bm86Db5TIkP1G6
- verify-widget/html/fivucsas-auth{.js,.esm.js,.map}: rebuilt SDK bundle
synced into nginx container content root
- CHANGELOG.md: new [2026-04-18c] section
- CLAUDE.md: "Last verified" bumped to 2026-04-18c
Gates: Vitest 599/599, Maven 839/839, lint 0 errors, smoke tests live
against verify.fivucsas.com + api.fivucsas.com healthy.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(verify-widget): sync dist-verify/assets into html/assets pre-docker-build
Root cause: parent .gitignore line 50 excludes
verify-widget/html/assets/*.{js,css,map} so the Dockerfile
`COPY html/ /usr/share/nginx/html/` step was copying an empty assets
directory into the image — every /assets/*.js request 404'd on
verify.fivucsas.com.
Fix: new verify-widget/sync-assets.sh rsyncs
../web-app/dist-verify/assets/ → verify-widget/html/assets/ right
before `docker compose build`. Order is now:
1. npm run build:verify (web-app)
2. ./sync-assets.sh (verify-widget)
3. docker compose -f docker-compose.prod.yml up -d --build
matching feedback_widget_deploy_sync memory rule.
Also:
- bys-demo index.html + callback.html bumped to ?v=20260418d
cache-bust (SRI unchanged — SDK bundle not regenerated this round).
- verify-widget/html/index.html regenerated with new hashed asset
filenames from the latest build:verify output.
- web-app submodule pointer → bc5d069 (BlazeFace singleton +
dropConsole + i18n debug=false).
- CHANGELOG ## [2026-04-18d] appended with Ship A completion notes.
Verified live:
- curl -sI https://verify.fivucsas.com/assets/ort.min-CSPs-wzd.js → 200
- curl -sI https://verify.fivucsas.com/assets/index-DaHnXTBo.js → 200
- curl https://demo.fivucsas.com/ shows ?v=20260418d on SDK script tag
- OPTIONS preflight to api.fivucsas.com from verify origin → 200 with
correct Access-Control-Allow-* headers (no backend change needed).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* docs: 2026-04-18d — security incident log + keystore rotation plan + Phase C6
ROADMAP.md:
- New Phase C6 item: Android keystore rotation (GitGuardian incident
#29836028). Full rotation playbook in docs/SECURITY_INCIDENTS.md.
- Header note updated with 4-parallel-agent recovery round status.
docs submodule bump (3fc031e..7bdd8e8):
- SECURITY_INCIDENTS.md — GitGuardian #29836028 log, blast-radius
assessment, keytool rotation playbook, decision NOT to rewrite history.
- plans/NFC_PUSH_APPROVAL_PROTOCOL.md — e-Devlet-style cross-device NFC
handoff (fivucsas:// deep link, Ed25519 device reg, FCM/APNS push,
V39 migration sketch, 13-threat review).
- plans/CLIENT_APPS_PARITY.md — Android/iOS/Desktop 22-row feature
matrix, per-platform top-10 gaps, 4-phase rollout to 2026-08-01 GA.
client-apps submodule bump (0a69ad2..cb6eab9):
- Keystore secrets moved out of build.gradle.kts (env/Gradle properties).
- CI keystore decode gated behind workflow_dispatch + post-step wipe.
- docs/RELEASE.md seeded with 6-month rotation cadence.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(client-apps): bump submodule to v5.1.0 — RFC 6238 TOTP authenticator
Android-first: TotpGenerator (SHA1/256/512), otpauth URI parser, Base32
(RFC 4648 no-padding-tolerant), EncryptedSharedPreferences TotpVault
(AES256-GCM), Compose Material 3 AuthenticatorScreen wired into Settings.
KMP commonMain carries the engine + 23 new tests (all pass). iOS/Desktop
HMAC actuals are TODO stubs tracked in client-apps/docs/TODO.md. Manual
entry only in v5.1.0; QR scanner deferred to G2 per CLIENT_APPS_PARITY.md.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: Android v5.2.0-rc1 — close 5 feature-parity gaps to 20/20
Wave 2 consolidation of parallel-agent round (2026-04-18e):
20A Passport BAC NFC wired into multi-step MFA dispatcher
(NfcStepScreen + ported MrzScannerScreen from UniversalNfcReader)
20B GDPR/KVKK export mobile UI (DataExportViewModel + ExportDataRow)
20C FCM Allow/Deny action buttons + fivucsas://nfc-session deep-link
20D Dark-mode toggle — ThemeMode { SYSTEM, LIGHT, DARK }
20E Authenticator QR scanner — OtpQrScannerScreen reuses QrScannerScreen
Submodule pointer bumps:
client-apps → 1b378e1 (feat(android): v5.2.0-rc1)
docs → 5a10cf1 (docs(plans): add PATH_TO_20_20.md)
Parent doc sweep:
ROADMAP.md — Phase I section + "Known open incidents" block
CHANGELOG.md — ## [2026-04-18e] with gap-list and doc sweep notes
README.md — test counts (424 mobile / 619 web / 633 api) + mobile callout
CLAUDE.md — Last-verified 2026-04-18e + client-apps 424 tests
Builds: :androidApp:compileDebugKotlin PASS, :androidApp:testDebugUnitTest PASS,
:shared:testDebugUnitTest 425 tests / 1 pre-existing failure
(BiometricViewModelTest.enrollFace — unrelated to this round).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat(seo): structured data + sitemap + robots + meta audit
Ship C (SEO code-side) for the FIVUCSAS landing site. Team page skipped
this round (roster info still pending).
- index.html JSON-LD: split into three clean blocks — Organization
(logo, parentOrganization, sameAs, contactPoint), WebSite (with
SearchAction potentialAction pointing at app.fivucsas.com/search),
and SoftwareApplication retargeted at the Auth Widget / SDK
(verify.fivucsas.com, operatingSystem "Web iOS Android").
- public/sitemap.xml: pruned to the single HTML surface in this repo
(https://fivucsas.com/), lastmod bumped to the git date of
index.html (2026-04-16), changefreq set to monthly per spec.
- robots.txt already compliant (User-agent *, Allow /, Sitemap URL);
no test-*.html / dev-*.html pages exist in this repo to disallow.
- Meta audit: all required tags already present (description <=160,
keywords, og:title/description/image/url/type/site_name, twitter:card
summary_large_image, canonical) — no additions needed.
Deployed dist/* (index.html, sitemap.xml, robots.txt) to Hostinger;
https://fivucsas.com/{sitemap.xml,robots.txt} return HTTP 200.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(submodule): bump client-apps to 100fc64 — fix BiometricViewModelTest.enrollFace
client-apps commit 100fc64 unblocks the last red test in :shared:testDebugUnitTest
(425/425 passing, was 424/425). Root cause was stale enrollment-data placeholders
in the test that failed ValidationRules (invalid Turkish ID checksum + 8-char
address below 10-char minimum). Production ViewModel and use case code
unchanged.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(submodule): bump biometric-processor — add CVE_AUDIT_2026-04-18
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* docs(roadmap): Phase I complete — Android 20/20 shipped as v5.2.0-rc1
Tick I1-I5 checkboxes; update April 2026 timeline row to DONE for A/B/I/L.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(submodule): bump web-app — extract <StepLayout> across 10 step screens
Parent pointer bump for web-app 42de93d. Structural refactor only:
hoists the repeating motion + header + error-banner + canonical-action
shell from 10 auth step components into a shared StepLayout. No copy
changes, no i18n key renames, no redesign — the 20 reason-code strings
remain blocked on user copy-tone signoff.
Tests: 42 files / 599 passing.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(submodule): bump web-app — add 20 auth reasonCodes (EN + TR)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* docs: ROADMAP hosted-first pivot + submodule bumps (docs + client-apps)
- ROADMAP active-initiative section: adds Phase J (Desktop hosted-first)
alongside post-V38 stabilization + lint-debt burn-down.
- Phase I rewritten: "Android 20/20 close-out" -> "Android hosted-first
13/13 done". Work shipped (tag v5.2.0-rc1 2026-04-18e); the number
changed because the matrix shrank to 13 thin-OAuth-client columns
post 2026-04-16 pivot. Biometric surfaces live on
verify.fivucsas.com/login now.
- New Phase J section covering the Desktop (Windows + Linux) workstream
currently in flight (Agents B/C/D on OAuth loopback + SecureTokenStorage
+ installers). macOS explicitly out of scope for v6.
- docs submodule bump: plans/CLIENT_APPS_PARITY.md rewritten hosted-first.
- client-apps submodule bump: README + CHANGELOG reflect the shrink.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(submodule): bump client-apps to 1855b97 — SecureTokenStorage (DPAPI + libsecret + fallback)
Agent C deliverable merged into client-apps/main:
adds com.fivucsas.desktop.security package with
SecureTokenStorage interface + three backends
(DpapiTokenStorage, LibsecretTokenStorage, FallbackTokenStorage)
+ TokenStorageFactory + 10 JUnit 5 tests covering round-trip, IV
randomization, wrong-key rejection and tampered-blob handling on
the fallback backend.
Consumed by Agent B's OAuthLoopbackClient via
com.fivucsas.desktop.auth.FileBackedTokenStorage.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump client-apps + docs submodules, land 2026-04-18f session
client-apps f61d240:
- fix(android): MFA reload freeze (AppNavigation LaunchedEffect re-key + Idle-state defense-in-depth)
- fix(shared): restore ~600 Turkish diacritics in StringResources.kt (974 glyphs now)
- feat(desktop): OAuth loopback client + hosted-first scaffolding (RFC 8252, PKCE,
FileBackedTokenStorage, signing docs, installer workflow, icons)
docs b653ba6:
- Bump client-apps Kotlin test baseline from 424 → 425 in CLIENT_APPS_PARITY.md.
Parent:
- CHANGELOG.md: add [2026-04-18f] entry for the above.
- CLAUDE.md / README.md / ROADMAP.md: test count 424/401 → 425; CLAUDE.md
Last-verified bumped to 2026-04-19 with session summary.
- landing-website: /download page (signed .deb / .msi / APK), PGP public key,
.htaccess rule to map /download → /download.html before the SPA fallback.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump submodules — 2026-04-19 UX review round + Dependabot sweep
- web-app: MFA selector overflow fix, face enrollment deep-review
(MediaStream race, double-submit guard, per-frame rAF churn),
face login quality tags i18n, step-counter jumping fix, copy sweep.
- biometric-processor: merge 6 Dependabot PRs (python-multipart, gdown,
pytest 7→9, pillow 10→12, keras 2→3, vite+vitest demo-ui).
APK status: v5.2.0-rc1 tagged as GitHub pre-release 2026-04-18 but
no APK/AAB artifact attached yet — binary distribution blocked on
keystore rotation per GitGuardian #29836028.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump submodules + pre-commit — 2026-04-19 audit remediation round
Submodule pointer bumps following AUDIT_2026-04-19 remediation:
- biometric-processor → 1c51ba0 (ML-C1 tenant filter, ML-H2/H3/H4, ML-M1/M3/M5)
- identity-core-api → 06f0217 (BE-H2 PKCE extract, OAuth2 JSON metadata, refresh rotation)
- client-apps → 3181c81 (MO-H1 iOS keychain, MO-H3/H4/H6, MO-C3 desktop dedupe)
- web-app → 414067f (FE-H2 err.message sweep, FE-H3 per-route CSP, FE-H4 a11y, smoke tests)
Adds repo-root .pre-commit-config.yaml (gitleaks) and instal…
Summary
Adds a complete, ready-to-execute runbook for the prod Postgres
unused-index 7-day audit that the ROADMAP has been carrying as "not yet
kicked off." No production state is touched by this PR — the runbook is
the deliverable; execution is operator-controlled.
Files added:
infra/RUNBOOK_UNUSED_INDEX_AUDIT.md— main runbook (pre-flight, Day 0baseline, Day 1-7 monitoring, Day 7 verification, gated DROP, rollback,
cleanup).
infra/scripts/unused-index-baseline.sql— Day-0 snapshot intopublic.ops_unused_index_baseline(sidecar table — NOTpg_stat_reset).infra/scripts/unused-index-delta.sql— daily delta + recommended_action.infra/scripts/unused-index-verify.sql— strict Day-7 cut (delta == 0AND size > 10 MB AND table NOT in forbidden list), emits rollback DDL.
infra/scripts/unused-index-drop-template.sql— DESTRUCTIVE DROPtemplate wrapped in
BEGIN; ... ROLLBACK;by default; operator mustmanually flip the tail to
COMMIT;after eyeball review.ROADMAP.md unused-index bullet rewritten to point at the new runbook.
Scope
SENIOR_DB_REVIEW_2026-05-04.mdAppendix C/opt/projects/DB_REVIEW_2026-04-30.md§11.idx_scan = 0. Net expecteddrops after soak (subject to Day-7 verification):
idx_api_keys_key_hash— small, exact duplicate of UNIQUE.idx_voice_embeddings_ivfflat— 928 kB, largest single waste.Plus whatever the Step-4 verify query surfaces (target threshold > 10 MB).
Excluded tables (do NOT drop indexes on these — hard-coded in every script)
webauthn_credentialsoauth2_clientsrefresh_tokensaudit_logsRationale (per SENIOR_DB_REVIEW_2026-05-04 §2.4 and ROADMAP Ops + DB
hygiene): traffic patterns on these 4 tables are still settling; the
indexes there may flip from "unused" to "hot" once the corresponding
features mature.
7-day soak window
unused-index-baseline.sql→ createspublic.ops_unused_index_baseline.unused-index-delta.sql→ emits CSV withbaseline_scans / current_scans / delta / size / recommended_action.
Operator archives each CSV under
/opt/projects/infra/backups/.unused-index-verify.sql→ strict cut +per-candidate
pg_get_indexdef()rollback DDL.unused-index-drop-template.sql,fills in TODO markers from verify output, eyeballs every line, flips
ROLLBACK → COMMIT, then executes.
Rollback plan
Three layers (in order of severity):
ROLLBACK;until operatormanually edits it. A naive
psql ... < filedoes nothing destructive.pg_get_indexdef()for everycandidate to
/opt/projects/infra/backups/unused_index_rollback_<date>.sqlBEFORE the drop runs. If
pg_stat_statementsshows a queryregression post-drop, paste back the relevant
CREATE INDEXline.RUNBOOK_DR.mdrestore from/opt/projects/infra/backups/identity_core_*.dump.gz. Layer 3 hasnever been needed for an index drop and is documented for
completeness only.
Why NOT
pg_stat_reset()pg_stat_reset()nukes every per-DB counter (including ones that driveGrafana alerts). The sidecar-snapshot approach preserves all other
observability data and lets us compare against pre-reset traffic too.
Trade-off documented in the runbook (Step 2).
Test plan
infra/RUNBOOK_UNUSED_INDEX_AUDIT.mdend-to-end.pg_stat_user_indexes) to confirm the candidate list matches theDB_REVIEW_2026-04-30 §11 set.
DROP INDEXstatements once Step 5 is reviewed and authorised.Do NOT merge
This PR is for human + operator review. Execution against prod is
operator-controlled and scoped to a separate follow-up PR.
🤖 Generated with Claude Code