Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
138 commits
Select commit Hold shift + click to select a range
cdeee0c
chore(deps-dev): bump vite from 6.4.1 to 6.4.2 in /landing-website (#28)
dependabot[bot] Apr 18, 2026
cf70ba2
docs(changelog): 2026-04-24 evening — 12 more PRs merged, puzzle-page…
ahmetabdullahgultekin Apr 24, 2026
47d212f
docs(changelog): PR #38 — frontend RBAC gating (Rules 2+3) live on ap…
ahmetabdullahgultekin Apr 24, 2026
a51ae4f
chore(submodule): bump identity-core-api → 4bee6d7 (4 PRs landed 2026…
ahmetabdullahgultekin Apr 25, 2026
6a6e93f
chore(submodule): bump web-app → 1689177 (PR #39 biometric-puzzles)
ahmetabdullahgultekin Apr 25, 2026
3e123c2
chore(submodule): bump biometric-processor → 4a9383d (PR #36 anti-spo…
ahmetabdullahgultekin Apr 25, 2026
ea8448b
chore(submodule): bump web-app → 9d7f0c2 (PR #40 lint sweep, 78→17 wa…
ahmetabdullahgultekin Apr 25, 2026
6098744
chore(submodule): bump client-apps → acd395d (PRs #27/#28/#29 — Andro…
ahmetabdullahgultekin Apr 25, 2026
1719e38
chore(submodule): bump client-apps → 2af501f (PR #30 V16 i18n — 12 lo…
ahmetabdullahgultekin Apr 25, 2026
540c4bc
chore(submodule): bump biometric-processor → ee1e870 (PR #51 anti-spo…
ahmetabdullahgultekin Apr 25, 2026
06e3cfa
chore(submodule): bump web-app → 07f34d0 (PR #41 CI fix unblocks #39+…
ahmetabdullahgultekin Apr 25, 2026
a085449
chore(submodule): bump biometric-processor → bdd8203 (PR #52 config v…
ahmetabdullahgultekin Apr 25, 2026
876922f
chore(submodules): bump for today's afternoon-evening wave
ahmetabdullahgultekin Apr 25, 2026
27b2f0e
chore(submodule): bump identity-core-api → 07b6bcf (PR #30 V47 enroll…
ahmetabdullahgultekin Apr 25, 2026
32ee217
chore(submodules): bump for next wave (4 more PRs landed + 2 deploys)
ahmetabdullahgultekin Apr 25, 2026
a82700b
chore(submodules): bump for 3 Dependabot security/patch merges (web #…
ahmetabdullahgultekin Apr 25, 2026
fe220d2
chore(submodule): bump biometric-processor → f6c6fcb (PR #55 gesture …
ahmetabdullahgultekin Apr 25, 2026
fdbedad
chore(submodules): bump client-apps + biometric-processor (post-PR-#3…
ahmetabdullahgultekin Apr 26, 2026
cdb116b
chore(submodule): bump web-app → 0c61076 (PR #31 GestureLivenessStep …
ahmetabdullahgultekin Apr 26, 2026
276671f
chore(submodule): bump client-apps → 0104d15 (PR #35 polish: i18n + U…
ahmetabdullahgultekin Apr 26, 2026
70cf885
docs: strip iOS/macOS from forward roadmap (out of scope, no Apple ha…
ahmetabdullahgultekin Apr 26, 2026
a192a7d
docs: refresh CLAUDE.md + add login surfaces comparison + close-out s…
ahmetabdullahgultekin Apr 26, 2026
862f081
chore(submodule): bump identity-core-api → 82b3a48 (V48 drop biometri…
ahmetabdullahgultekin Apr 26, 2026
fa69dc0
chore(submodule): bump web-app → $(git -C web-app rev-parse --short H…
ahmetabdullahgultekin Apr 26, 2026
a366bd3
chore(submodule): bump identity-core-api → 462c062 (PR #36 PKCE D5a/b)
ahmetabdullahgultekin Apr 26, 2026
46dd45f
chore(biometric): bump submodules + roadmap docs
ahmetabdullahgultekin Apr 28, 2026
12241c8
chore(submodule): bump biometric-processor (compose centerface+anti-s…
ahmetabdullahgultekin Apr 28, 2026
f79372d
chore(submodule): bump biometric-processor (mtcnn fix)
ahmetabdullahgultekin Apr 28, 2026
030705c
chore(submodule): bump web-app (CI env fix + FaceLandmarker + passive…
ahmetabdullahgultekin Apr 28, 2026
d83d88d
docs(2026-04-28): refresh CLAUDE.md + add session roadmap and client-…
ahmetabdullahgultekin Apr 28, 2026
5199952
chore(submodules): bump web-app + identity-core-api + biometric-proce…
ahmetabdullahgultekin Apr 28, 2026
d0d9931
chore(submodule): bump identity-core-api → c25b731 (users-list lastLo…
ahmetabdullahgultekin Apr 28, 2026
38f5e83
chore(submodule): bump identity-core-api → 5446d57 (V42 + tenant-lock)
ahmetabdullahgultekin Apr 28, 2026
f3f185e
docs: multi-email / multi-tenant identity design note
ahmetabdullahgultekin Apr 28, 2026
41aecdf
docs(archive): move 16 superseded reports into archive/2026-04-pre-ro…
ahmetabdullahgultekin Apr 28, 2026
bd388ea
chore(2026-04-28-evening): 4 audit reports + bump submodules
ahmetabdullahgultekin Apr 28, 2026
014109d
docs(audit): 2026-04-29 ops follow-up — closes 2 P0 + 2 P1 from yeste…
ahmetabdullahgultekin Apr 29, 2026
385c745
chore(submodule): bump web-app → eef1657 (Sec-P0b — biometric API key…
ahmetabdullahgultekin Apr 29, 2026
0f487c0
chore(submodule): bump identity-core-api → d4c4d43 (5 P1 carryovers +…
ahmetabdullahgultekin Apr 29, 2026
91e0905
chore(submodule): bump web-app → c641d4e (basic-audit P1 sweep)
ahmetabdullahgultekin Apr 29, 2026
574351c
chore(submodules): bump api → 69bfa09 + web-app → c580822 (5-team wave)
ahmetabdullahgultekin Apr 29, 2026
02db026
chore(deploy): tag :latest images with :sha-<short> after build (Ops-…
ahmetabdullahgultekin Apr 29, 2026
8480c8a
chore(audit): close DRAFT audit PRs api#32 + web#45 as superseded
ahmetabdullahgultekin Apr 29, 2026
01135c0
docs(changelog): add 2026-04-28 + 2026-04-29 hardening wave entries
ahmetabdullahgultekin Apr 29, 2026
3cf98bf
chore: bump submodules — bio→22563fd (file-size guard), web→5b8f876 (…
ahmetabdullahgultekin Apr 29, 2026
dcbb592
chore(submodules): bump api → 30371e8 (Z1) + web-app → 9e151bf (Z2)
ahmetabdullahgultekin Apr 29, 2026
5f7464e
docs(claude): refresh status to 2026-04-29 — Z-wave shipped
ahmetabdullahgultekin Apr 29, 2026
dbfb778
chore(submodule): bump web-app → 9231f4d (Z2 vitest exclude)
ahmetabdullahgultekin Apr 29, 2026
a49ad5f
chore: bump docs+bio submodules + ignore verify-widget/html build art…
ahmetabdullahgultekin Apr 30, 2026
cec373a
chore(submodules): bump api+web to ship gitleaks CI
ahmetabdullahgultekin Apr 30, 2026
77d1c1c
chore(submodules): bump api+web — gitleaks CLI fix + allowlist
ahmetabdullahgultekin Apr 30, 2026
71e24a3
docs(claude): mark all reachable Z-wave + ops follow-ups as completed…
ahmetabdullahgultekin Apr 30, 2026
9cff734
docs(claude): record biometric-API-key rotation + Grafana ops-email +…
ahmetabdullahgultekin Apr 30, 2026
14d2877
chore(submodule): web-app 7365003 — CI SKIP_MODEL_FETCH
ahmetabdullahgultekin Apr 30, 2026
83c0ff7
chore(submodule): web-app c791923 — fix dashboard/profile mismatches
ahmetabdullahgultekin Apr 30, 2026
b9548a3
chore(submodule): web-app 91b1b6e — face mesh + hand skeleton overlay…
ahmetabdullahgultekin Apr 30, 2026
03bb6f0
chore(submodule): web-app 0654b27 — close P3 session-count UX
ahmetabdullahgultekin Apr 30, 2026
7239728
docs(claude): record late-day profile UX polish + puzzle landmark ove…
ahmetabdullahgultekin Apr 30, 2026
52e5659
refactor(landing): strip Marmara University from buyer-facing copy (P…
ahmetabdullahgultekin May 1, 2026
ba49025
chore(submodules): bump api+bio+web — 7 PRs landed (Phase 1+2 + Copilot)
ahmetabdullahgultekin May 1, 2026
7e2d61c
docs(triage): USER_BUGS_2026-04-30 — face-no-gate / YOLO wrong class …
ahmetabdullahgultekin May 1, 2026
7085a46
chore(submodules): bump api+bio+web — USER-BUG-1 + 3, JVM heap, post-…
ahmetabdullahgultekin May 1, 2026
19290cd
chore(submodules): bump api+bio+web — USER-BUG-2 closed (server+clien…
ahmetabdullahgultekin May 1, 2026
463411a
docs(user-bugs): all four closed; operator rebuild + E.164 phone foll…
ahmetabdullahgultekin May 1, 2026
cb68f91
chore(submodule): identity-core-api → 567ce25 — ShedLock for SoftDele…
ahmetabdullahgultekin May 1, 2026
d8a84ba
chore(submodules): bump api+web — auth-methods-testing real APIs (USE…
ahmetabdullahgultekin May 1, 2026
ff03346
chore(submodules): bump api+bio — Copilot post-merge round 2 fixes (r…
ahmetabdullahgultekin May 1, 2026
2544d2e
docs(user-bugs): USER-BUG-5 (auth-methods-testing mocks) closed; stat…
ahmetabdullahgultekin May 1, 2026
297f04e
chore(submodule): web-app → f2930ca — Copilot post-merge round 2 (PR …
ahmetabdullahgultekin May 1, 2026
930d132
chore(submodules): bump api+web — Copilot post-merge round 3
ahmetabdullahgultekin May 1, 2026
7fa269c
chore(submodule): biometric-processor — Copilot post-merge round 4 (P…
ahmetabdullahgultekin May 1, 2026
c7a56a6
chore(submodule): identity-core-api → V53 forbid hard-delete trigger …
ahmetabdullahgultekin May 1, 2026
dcebf0f
chore(submodule): web-app — wrong-password error fix (USER-BUG-6, PR …
ahmetabdullahgultekin May 1, 2026
a7c4372
chore(submodules): bump web+bio — face login cold-start (USER-BUG-7)
ahmetabdullahgultekin May 1, 2026
8ed110a
chore(submodules): bump api+web — admin-pages bug sweep (USER-BUG-8/9…
ahmetabdullahgultekin May 1, 2026
fb72666
chore(submodule): identity-core-api → V54 E.164 phone validation (PR …
ahmetabdullahgultekin May 1, 2026
a73c79f
chore(submodule): identity-core-api → AuthController.verifyMfaStep ex…
ahmetabdullahgultekin May 1, 2026
8a7cf89
chore(submodules): bump api+web+bio — Copilot post-merge round 5 (26 …
ahmetabdullahgultekin May 1, 2026
a1d3df0
chore(submodule): identity-core-api → Copilot round 6 on PR #50 (PR #52)
ahmetabdullahgultekin May 1, 2026
1efa889
chore(submodule): web-app — phone E.164 auto-prefix (USER-BUG-4 part …
ahmetabdullahgultekin May 1, 2026
72c2bfe
chore(submodule): identity-core-api → Copilot round 7 on PR #52 (PR #53)
ahmetabdullahgultekin May 1, 2026
694242e
docs(session): 2026-05-01 status snapshot + 4 historical 4-lens revie…
ahmetabdullahgultekin May 1, 2026
36411a6
chore(submodule): identity-core-api → P0 cross-tenant breach fixed (P…
ahmetabdullahgultekin May 1, 2026
15e6ddf
chore(api-submodule): bump to security wave 2026-05-02 (P0-SEC-2/4 + …
ahmetabdullahgultekin May 2, 2026
758ef69
docs(2026-05-02): session status + proctoring/amispoof.com design memo
ahmetabdullahgultekin May 2, 2026
a4f9051
chore(api-submodule): bump to WebAuthn fix wave (PR #57)
ahmetabdullahgultekin May 2, 2026
4fce7e7
chore(2026-05-02): api bump + optimized roadmap
ahmetabdullahgultekin May 2, 2026
f6e9f91
docs(session-status): record CustomUserDetails blast-radius + upgrade…
ahmetabdullahgultekin May 2, 2026
d6811bf
chore(submodules): bump web-app + biometric-processor to 2026-05-02 main
ahmetabdullahgultekin May 2, 2026
54bb412
chore(submodule): web-app → F3 Playwright tags + nightly cron (PR #65)
ahmetabdullahgultekin May 2, 2026
65d53a2
chore(submodule): web-app → P1-FE error-surfacing batch (PR #66)
ahmetabdullahgultekin May 2, 2026
ce0a6ae
chore(submodule): identity-core-api → backend quality + YAML hotfix (…
ahmetabdullahgultekin May 2, 2026
e74b20e
docs(2026-05-02): rebuild executed + JWT/User analysis + soak plan
ahmetabdullahgultekin May 2, 2026
5e7ace5
chore(submodules): land PR-#63/#64/#67/#68 — backend/bio quality batc…
ahmetabdullahgultekin May 4, 2026
adfa6f8
chore(web-submodule): T-FRONTEND-HYGIENE P3 batch
ahmetabdullahgultekin May 4, 2026
e0e87b5
docs(2026-05-04): roadmap refresh + CHANGELOG entry for Wave 1
ahmetabdullahgultekin May 4, 2026
725ea44
chore(api-submodule): T-SEC-TAIL DeviceController boundary + P2 cleanup
ahmetabdullahgultekin May 4, 2026
044d537
docs(review): senior UI/UX designer review of verify + app — 2026-05-04
ahmetabdullahgultekin May 4, 2026
b5291f2
docs(review): senior DB engineer deep review — 2026-05-04
ahmetabdullahgultekin May 4, 2026
4eeae57
chore(api-submodule): T-ARCH V57 pg_partman migration
ahmetabdullahgultekin May 4, 2026
0be0bca
chore(2026-05-04): land Wave 1 + Wave 2 + senior reviews — final bumps
ahmetabdullahgultekin May 4, 2026
ac0b78d
docs(audit): CI/CD pipeline deep review — 2026-05-04
ahmetabdullahgultekin May 4, 2026
28f2b33
docs(2026-05-04): doc-sweep — ROADMAP refresh + CHANGELOG + submodule…
ahmetabdullahgultekin May 4, 2026
b386c21
chore(web-submodule): T-UIUX-P1 batch (PR #72)
ahmetabdullahgultekin May 4, 2026
3e59a0e
chore(2026-05-04): late-day — P0 deployed + Copilot/UIUX/CICD waves l…
ahmetabdullahgultekin May 4, 2026
46bf751
docs(roadmap): professional rewrite — Tier 1-7 stack post-late-day de…
ahmetabdullahgultekin May 4, 2026
5a427fb
docs(roadmap): T4.10 — fold T-COPILOT-DEEP late-arriving deferred items
ahmetabdullahgultekin May 4, 2026
f2efeac
docs(audit): documentation audit + organization recommendations 2026-…
ahmetabdullahgultekin May 4, 2026
ea4da37
chore(2026-05-04 PM): USER-BUG-2 guest invitation jsonb fix DEPLOYED
ahmetabdullahgultekin May 4, 2026
08ad4bf
docs(roadmap): T4.12 — fold T-DOC-AUDIT findings into roadmap
ahmetabdullahgultekin May 4, 2026
604738f
docs: SECURITY.md + LICENSE + landing-website README (T4.12.a/b/c) (#39)
ahmetabdullahgultekin May 6, 2026
bab809e
chore(ci): rewrite deploy-landing on ubuntu-latest (#38)
ahmetabdullahgultekin May 6, 2026
d4fbf5f
chore(deps-dev): bump postcss from 8.5.6 to 8.5.14 in /landing-websit…
dependabot[bot] May 7, 2026
002198a
2026-05-07: 6-lens investigation + 10 P0 fixes (7 shipped) + user-bug…
ahmetabdullahgultekin May 7, 2026
52b24cb
2026-05-07 late: tenant pre-flight gate + verify.fivucsas Round 2 + s…
ahmetabdullahgultekin May 7, 2026
ebdfbec
chore(docs): archive stale 2026-04 review/audit/roadmap docs to archi…
ahmetabdullahgultekin May 7, 2026
957646e
2026-05-07 Round 3: P1 batch + P0-#7+#8+#9 + prod rebuild verified
ahmetabdullahgultekin May 7, 2026
7ee52de
chore(submodules): bump api/bio/web — P1 batch 2026-05-08
ahmetabdullahgultekin May 8, 2026
55d62da
chore(submodules): bump bio — compose-fix for FIVUCSAS_EMBEDDING_KEY …
ahmetabdullahgultekin May 8, 2026
c0614c6
chore(submodules): bump api — APP_PURGE_SOFT_DELETE_ENABLED wired (#91)
ahmetabdullahgultekin May 9, 2026
61e400a
chore(submodules): bump api — V29 Testcontainers FK fix (#92)
ahmetabdullahgultekin May 9, 2026
58436e3
chore(submodules): bump bio — CI infra round 1+2 (#80)
ahmetabdullahgultekin May 9, 2026
a6ac35a
chore(submodules): extract spoof-detector to standalone repo
ahmetabdullahgultekin May 9, 2026
3d60bec
chore(submodules): bump bio + spoof-detector — antispoof restructure
ahmetabdullahgultekin May 9, 2026
87500f6
chore(submodules): bump practice-and-test — liveness R&D collection (#7)
ahmetabdullahgultekin May 9, 2026
0db0270
chore(submodules): bump spoof-detector — research consolidation (#2)
ahmetabdullahgultekin May 9, 2026
be4129b
chore(submodules): bump bio→31a2667 + spoof-detector→99b5170
ahmetabdullahgultekin May 9, 2026
8671ccf
chore(submodule): bump spoof-detector → 23d10d0 (complete bio mirror)
ahmetabdullahgultekin May 9, 2026
8940066
chore(submodule): bump spoof-detector → paper-prep + hybrid arch + IS…
ahmetabdullahgultekin May 9, 2026
b264d5d
chore(submodule): bump spoof-detector → real-numbers in-house validat…
ahmetabdullahgultekin May 9, 2026
4888aa8
chore(submodule): bump spoof-detector → public-dataset benchmarks (CA…
ahmetabdullahgultekin May 9, 2026
01c40d6
chore(submodule): bump spoof-detector → all 6 bootstrap CIs + ablatio…
ahmetabdullahgultekin May 9, 2026
3187d88
chore(branch-protection): enable 1-review + admin-bypass on main acro…
ahmetabdullahgultekin May 11, 2026
51a28bf
chore(merge): reconcile master into main (session 2026-05-11) (#51)
ahmetabdullahgultekin May 11, 2026
81f7928
docs(claude): refresh "Last verified" to 2026-05-11 (#53)
ahmetabdullahgultekin May 11, 2026
d2ad5c4
docs(plan): Phase 4 productization — Stripe + amispoof decision + seq…
ahmetabdullahgultekin May 11, 2026
d7fc1b7
ops(db): runbook + helper SQL for prod unused-index 7-day audit
ahmetabdullahgultekin May 12, 2026
e753b07
docs(roadmap): point unused-index audit bullet at the new runbook
ahmetabdullahgultekin May 12, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .claude/commands/arch-review.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Analyze the architecture of $ARGUMENTS for violations of hexagonal architecture, SOLID principles, and clean architecture.

Check for:
- Domain layer importing infrastructure/adapter classes (DIP violation)
- Controllers containing business logic (SRP violation)
- God classes exceeding 500 lines
- Services implementing too many interfaces (ISP violation)
- Circular dependencies between modules
- JPA entities leaking into domain layer
- Missing port/adapter boundaries
- Feature envy (classes using other classes' data more than their own)
- Improper dependency injection patterns

Report violations with file paths, line numbers, and suggested fixes.
16 changes: 16 additions & 0 deletions .claude/commands/docker-review.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
Review all Dockerfiles, docker-compose files, and Traefik configuration in $ARGUMENTS.

Check for:
- Base image pinning (use digest, not just tag)
- Multi-stage builds to minimize image size
- Running as non-root user
- Health checks defined
- Resource limits (memory, CPU) in compose
- Secret exposure in build args or environment
- Unnecessary port exposure
- .dockerignore completeness
- Layer ordering for cache efficiency
- Unnecessary packages installed
- PID limits configured

Report each finding with file path, severity, and fix.
15 changes: 15 additions & 0 deletions .claude/commands/perf-review.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
Review $ARGUMENTS for performance issues.

Check for:
- N+1 query patterns in JPA/Hibernate (missing @EntityGraph, lazy loading in loops)
- Missing database indexes on frequently queried columns
- Unbounded queries (missing LIMIT/pagination)
- Memory leaks (unclosed resources, growing collections)
- Connection pool exhaustion risks
- Blocking calls in async/reactive code
- Oversized API payloads (missing field selection or pagination)
- Missing caching where appropriate
- Inefficient string concatenation in loops
- Image/file processing without streaming

Report each finding with file path, estimated impact, and fix.
18 changes: 18 additions & 0 deletions .claude/commands/security-audit.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
Review this project for security vulnerabilities following OWASP Top 10 2025.

Check for:
- Hardcoded secrets, API keys, tokens in code and config
- SQL injection (especially custom JPQL/native queries)
- XSS in frontend templates and API responses
- Broken access control (missing RBAC checks on endpoints)
- Security misconfiguration (CORS wildcards, debug mode, exposed Swagger)
- Authentication flaws (JWT validation gaps, session handling)
- Insecure deserialization
- SSRF in any URL-fetching code
- File upload validation (type, size, content sniffing)
- Exception handling that fails open instead of closed
- Biometric data handling (encryption at rest, secure transmission)

Focus on $ARGUMENTS or the entire codebase if no argument given.

Rate each finding as CRITICAL / HIGH / MEDIUM / LOW with file path and line number.
11 changes: 11 additions & 0 deletions .claude/commands/test-gaps.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Analyze the test suite for $ARGUMENTS. Identify:

- Untested critical paths (authentication, authorization, verification pipeline, biometric processing)
- Missing edge cases (null inputs, boundary values, concurrent access)
- Tests that don't actually assert anything meaningful
- Flaky test patterns (timing dependencies, order dependencies, shared state)
- Integration test gaps between services
- Missing error path testing (what happens when external services fail)
- API endpoints without corresponding controller tests

Suggest the 10 most impactful tests to add, ordered by risk reduction.
10 changes: 2 additions & 8 deletions .claude/settings.local.json
Original file line number Diff line number Diff line change
Expand Up @@ -149,24 +149,18 @@
"Bash(gcloud compute ssh:*)",
"Bash(printf:*)",
"Bash(base64:*)",
"Bash(TOKEN=\"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAZXhhbXBsZS5jb20iLCJpYXQiOjE3NzAxNDM4ODEsImV4cCI6MTc3MDIzMDI4MX0.cR3TqZvLuxBIUSeWjcmMwzGXxcGUi7ZH79A4lXhhlVywqnxalIu_jFdnEbh8wo1Z10zBYqdlvtUVZtHdcdpvwg\")",
"Bash(TOKEN=:*)",
"Bash(bash scripts/test/run-backend-tests.sh:*)",
"Bash(bash:*)",
"Bash(mvn clean package:*)",
"Bash(mvn package:*)",
"Bash(gcloud compute scp:*)",
"Bash(gcloud compute firewall-rules list:*)",
"Bash(gcloud compute firewall-rules create:*)",
"Bash(TOKEN=\"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbkBmaXZ1Y3Nhcy5sb2NhbCIsImlhdCI6MTc3MDY1Mzk2MSwiZXhwIjoxNzcwNzQwMzYxfQ.k1CqIub10inUUxYYGwL9KxfWcvWZnDy02DecYi48Q6AfY1T4yG83jGUv6HsksIwzygprW827YT8V0Xb45rlxPw\")",
"Bash(Start-Sleep -Seconds 20)",
"WebFetch(domain:ica-fivucsas.rollingcatsoftware.com)",
"WebFetch(domain:app.fivucsas.com)",
"WebFetch(domain:34.116.233.134)",
"Bash(gcloud compute instances describe:*)",
"Bash(TOKEN=\"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbkBmaXZ1Y3Nhcy5sb2NhbCIsImlhdCI6MTc3MDcyMTM1OCwiZXhwIjoxNzcwODA3NzU4fQ.wx5G__I22TFxaBRCWfgjth3mpVB-FZKP5g0UyODEKgfSVx_8EH4RljDenN3O_bTB2K0c23_evV4si24h1Ti0Lw\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbkBmaXZ1Y3Nhcy5sb2NhbCIsImlhdCI6MTc3MDcyMjQyNiwiZXhwIjoxNzcwODA4ODI2fQ.uEB2Hiy7O93Fp_1FvYwoGjDZvDeP-3dCTK1SSwv0oARkkxYYgg8EHkjyqtTZ_jXW-dv5gMNUvzvaaKnq7KFuuA\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbkBmaXZ1Y3Nhcy5sb2NhbCIsImlhdCI6MTc3MDcyMjc3MSwiZXhwIjoxNzcwODA5MTcxfQ.JBVn3u2CjKEtCUxCCg5kgDhHhqnULnkHfHuF2sdKkTzehk3LMOH1kBx0OYyBIFwWS6KtVC13Kyq8TplC-x4m0w\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbkBmaXZ1Y3Nhcy5sb2NhbCIsImlhdCI6MTc3MDc1NjE0OSwiZXhwIjoxNzcwODQyNTQ5fQ.LBqLrvkOia9uyu-qmeOUyFE5k6kLbSBI_fGREjUKVSSBiq9Am4Gz2HhYOfEfI8NOrD-I22a3CZc41pmfcD0_1Q\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbkBmaXZ1Y3Nhcy5sb2NhbCIsImlhdCI6MTc3MDc1NzE4NywiZXhwIjoxNzcwODQzNTg3fQ.Zv6WCs_sxOgnHiTX7Hcz_0TwuoQvJLhBlztxRfrG5HYWV_2QSMWZkjkflR4LmVZVNrInq1dveXoXWq3fnqflJA\")",
"Bash(git log:*)",
"Bash(git -C .claude/worktrees/intelligent-swanson status)",
"Bash(git -C .claude/worktrees/intelligent-swanson diff .claude/settings.local.json)",
Expand Down
7 changes: 7 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,13 @@ REDIS_PASSWORD=change_me_in_production
JWT_SECRET=your-super-secret-256-bit-key-change-this-in-production
JWT_ACCESS_TOKEN_EXPIRATION=3600000
JWT_REFRESH_TOKEN_EXPIRATION=604800000
# BE-H1: signing algorithm. Default RS256 (asymmetric, OIDC best practice).
# HS512 is verify-only for legacy tokens minted before the 2026-04-20 flip.
JWT_DEFAULT_ALGO=RS256
JWT_RSA_KID=rs-2026-04
# RSA key pair (PEM). REQUIRED in prod; auto-generated in dev profile if omitted.
JWT_RSA_PRIVATE_KEY_PEM=
JWT_RSA_PUBLIC_KEY_PEM=

# ============================================================================
# Service URLs
Expand Down
10 changes: 6 additions & 4 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,12 @@ jobs:

- name: Validate Docker Compose configs
run: |
docker compose -f docker-compose.yml config --quiet 2>&1 || true
docker compose -f docker-compose.dev.yml config --quiet 2>&1 || true
# prod compose depends on submodule build contexts, validate syntax only
docker compose -f docker-compose.prod.yml config 2>&1 | grep -v "has neither an image nor a build context" || true
docker compose -f docker-compose.yml config --quiet
docker compose -f docker-compose.dev.yml config --quiet
# prod compose references submodule build contexts not present in CI; suppress only that known warning
docker compose -f docker-compose.prod.yml config 2>&1 \
| grep -v "has neither an image nor a build context" \
| (grep -E "^(Error|error)" && exit 1 || exit 0)
Comment on lines +34 to +36

- name: Validate NGINX config syntax
run: |
Expand Down
8 changes: 5 additions & 3 deletions .github/workflows/deploy-landing.yml
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
name: Deploy Landing to Hostinger

on:
workflow_dispatch:
push:
branches: [master]
branches: [main, master]
paths:
- 'landing-website/**'
- '.github/workflows/deploy-landing.yml'
workflow_dispatch:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
deploy:
runs-on: [self-hosted, linux, x64]
runs-on: ubuntu-latest
defaults:
run:
working-directory: landing-website
Expand All @@ -35,7 +37,7 @@ jobs:
with:
switches: -avz --delete
path: landing-website/dist/
remote_path: ~/domains/fivucsas.rollingcatsoftware.com/public_html/
remote_path: ~/domains/fivucsas.com/public_html/
remote_host: 46.202.158.52
remote_port: 65002
remote_user: u349700627
Expand Down
13 changes: 9 additions & 4 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
.env
.env.local
.env.*.local
.env.prod
.env.gcp

# IDE
.idea/
Expand Down Expand Up @@ -38,9 +40,12 @@ nul
*.zip

# Archive and backup folders
/archive/
/_backup_before_submodules/

# Claude Code
.claude/settings.local.json
.claude/worktrees/
# Claude metadata
.claude/

# Generated verify-widget bundle artifacts (built via npm run build:widget)
verify-widget/html/assets/*.js
verify-widget/html/assets/*.js.map
verify-widget/html/assets/*.css
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,6 @@
[submodule "web-app"]
path = web-app
url = https://github.com/Rollingcat-Software/web-app.git
[submodule "spoof-detector"]
path = spoof-detector
url = https://github.com/Rollingcat-Software/spoof-detector.git
9 changes: 9 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Parent-repo pre-commit hooks (IN-M1 — 2026-04-19).
# Minimal set: gitleaks only. We deliberately skip detect-secrets to avoid
# baselining maintenance overhead. Per-submodule configs may add more
# (see biometric-processor/.pre-commit-config.yaml for the Python-heavy case).
repos:
- repo: https://github.com/gitleaks/gitleaks
rev: v8.21.2
hooks:
- id: gitleaks
31 changes: 31 additions & 0 deletions .pre-commit-install
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Helper: install pre-commit hooks in the parent repo and every submodule that
# has a .pre-commit-config.yaml (IN-M1 — 2026-04-19).
#
# Usage: ./.pre-commit-install
# Requires: pip install pre-commit (or `pipx install pre-commit`).
set -euo pipefail

if ! command -v pre-commit >/dev/null 2>&1; then
echo "pre-commit not found. Install it with:"
echo " pipx install pre-commit # recommended"
echo " pip install --user pre-commit"
exit 1
fi

ROOT="$(cd "$(dirname "$0")" && pwd)"

install_in() {
local dir="$1"
if [ -f "${dir}/.pre-commit-config.yaml" ]; then
echo "==> installing hooks in ${dir}"
(cd "${dir}" && pre-commit install)
fi
}

install_in "${ROOT}"
for sub in identity-core-api biometric-processor web-app client-apps landing-website bys-demo verify-widget; do
install_in "${ROOT}/${sub}"
done

echo "Done. 'git commit' will now run gitleaks before accepting a commit."
101 changes: 0 additions & 101 deletions API_EDGE_CASE_AUDIT.md

This file was deleted.

Loading