Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
2c1e272
ops(bake-in): bump bio submodule + add Operator Action #11 for volume…
ahmetabdullahgultekin May 12, 2026
1381609
docs(CLAUDE+submodule): add /amispoof/ deploy + bump spoof-detector t…
ahmetabdullahgultekin May 16, 2026
783817d
chore(submodule): bump spoof-detector to main (PR #20)
ahmetabdullahgultekin May 16, 2026
82aa160
chore(submodule): bump spoof-detector to main (PR #21 — SEO + overlay…
ahmetabdullahgultekin May 16, 2026
feca90d
chore(submodule): bump spoof-detector to main (PR #22 — verdict-lock …
ahmetabdullahgultekin May 16, 2026
31a1ae5
feat(landing): add amispoof CTA + footer link + spoof-detector repo +…
ahmetabdullahgultekin May 16, 2026
3dba6bc
chore(submodule): bump spoof-detector to main (PR #23 — Phase 4 quali…
ahmetabdullahgultekin May 16, 2026
249e48b
chore(submodule): bump spoof-detector to main (PR #24 — post-Phase-4 …
ahmetabdullahgultekin May 16, 2026
bf048d0
bump(spoof-detector): pin to 4f601e7 — verdict-latch fix + confidence…
ahmetabdullahgultekin May 16, 2026
4b8e2fd
bump(spoof-detector): pin to 806b291 — proof panel + 2 hidden analyze…
ahmetabdullahgultekin May 16, 2026
db02663
bump(spoof-detector): pin to e6cd5d4 — passive-only proctoring mode
ahmetabdullahgultekin May 16, 2026
9adefb4
bump(spoof-detector): pin to e359860 — fps-aware no-blink, head-pose …
ahmetabdullahgultekin May 17, 2026
9c5ee0f
bump(spoof-detector): pin to 99b6f36 — Phase A: blendshapes + 3D matr…
ahmetabdullahgultekin May 17, 2026
d4bc25d
bump(spoof-detector): pin to e4ef68f — Phase B: behavioral pattern an…
ahmetabdullahgultekin May 17, 2026
83975a5
bump(spoof-detector): pin to 32b6bda — Phase C: skin colour-temperatu…
ahmetabdullahgultekin May 17, 2026
72ba85d
bump(spoof-detector): pin to d026b04 — Phase D1 selfie-segmenter back…
ahmetabdullahgultekin May 17, 2026
e7d2b6a
bump(spoof-detector): pin to 99376cc — Phase D2 hand tracking
ahmetabdullahgultekin May 17, 2026
9fc7234
bump(spoof-detector): pin to b5a45f2 — Phase D3 audio + audio-mouth sync
ahmetabdullahgultekin May 17, 2026
7d7a81d
bump(spoof-detector): pin to a8e4c1e — Pose3D column-major + Gaze wal…
ahmetabdullahgultekin May 17, 2026
082be14
bump(spoof-detector): pin to 3bf31a7 — eye/mouth motion decoupled fro…
ahmetabdullahgultekin May 17, 2026
058e504
bump(spoof-detector): pin to ce7fd4a — blink rate window + tab-visibi…
ahmetabdullahgultekin May 17, 2026
932a172
bump(spoof-detector): pin to a8f668a — bench preflight + hand toggle …
ahmetabdullahgultekin May 17, 2026
2da2f7b
bump(spoof-detector): pin to 9b01a73 — camera recovery + SEO + replay
ahmetabdullahgultekin May 17, 2026
3c4222a
bump(spoof-detector): pin to f127909 — mobile buttons + auto-record
ahmetabdullahgultekin May 17, 2026
0181884
bump(spoof-detector): pin to d6363d1 — replay FileReader fallback + p…
ahmetabdullahgultekin May 17, 2026
2ef5952
bump(spoof-detector): pin to d1b3a1b — subdomain migration runbook + …
ahmetabdullahgultekin May 17, 2026
9c503f5
bump(spoof-detector): pin to 5f9d49c — paper reframed browser-first
ahmetabdullahgultekin May 17, 2026
51f999f
bump(spoof-detector): pin to a6cdbed — subdomain migration cutover live
ahmetabdullahgultekin May 17, 2026
e20daba
bump(spoof-detector): pin to 66fec6c — sitemap/robots + paper honesty…
ahmetabdullahgultekin May 17, 2026
39ffdb0
feat(landing): point amispoof button to amispoof.fivucsas.com subdomain
ahmetabdullahgultekin May 17, 2026
dad81de
bump(spoof-detector): pin to 603508e — og:image + ROADMAP + v0.3.0 re…
ahmetabdullahgultekin May 17, 2026
ac7a173
bump(spoof-detector): pin to 5b518a9 — am-i-spoof SEO + FAQ JSON-LD +…
ahmetabdullahgultekin May 17, 2026
99266da
bump(spoof-detector): pin to fc5dbe4 — replay loader Android-handle fix
ahmetabdullahgultekin May 18, 2026
80baf2c
feat(verify-widget): static landing block + SEO meta for verify.fivuc…
ahmetabdullahgultekin May 18, 2026
5a9d36a
feat(cross-site-nav): suite-bar links across bys-demo + amispoof
ahmetabdullahgultekin May 18, 2026
65e731a
feat(cross-site-nav): suite-bar across remaining 8 surfaces (docs + d…
ahmetabdullahgultekin May 18, 2026
c60726f
chore(submodule): bump practice-and-test → 8e9bb5b (cleanup 220M → 21M)
ahmetabdullahgultekin May 19, 2026
99c51b3
chore(submodule): bump spoof-detector → 9f587ec (paper polish + 7 acu…
ahmetabdullahgultekin May 19, 2026
6928d7e
feat(links-website): add link hub + fix API tile, TR i18n, team contact
ahmetabdullahgultekin May 21, 2026
410f9c8
feat(links-website): signpost API/Swagger tile as access-gated
ahmetabdullahgultekin May 21, 2026
af12131
chore(poster): commit regenerated A0 PDF + preview PNG
ahmetabdullahgultekin May 21, 2026
3f6bead
fix(links-website): correct Ayşenur LinkedIn URL
ahmetabdullahgultekin May 21, 2026
90792e8
chore: add poster suite artifacts + bilingual switchers (bys-demo, do…
ahmetabdullahgultekin May 21, 2026
7287aa3
docs(CLAUDE): record 2026-05-21 work + links-website + poster deploy …
ahmetabdullahgultekin May 21, 2026
d6e8d6c
docs(deploy): add verify.fivucsas.com build+deploy runbook + envDir c…
ahmetabdullahgultekin May 28, 2026
1fc3617
docs: record execution-autonomy + keep-docs-updated working agreement…
ahmetabdullahgultekin May 28, 2026
5afec25
feat(suite): unify cross-site nav + language on the shared launcher
ahmetabdullahgultekin May 28, 2026
6a95ed2
chore(launcher): one-time ?v=2026-05-28 cache-bust on launcher refs
ahmetabdullahgultekin May 28, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 37 additions & 2 deletions CLAUDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
Multi-tenant biometric auth platform | Marmara University CSE4297 | Hexagonal Architecture

**Status**: Production deployed. Phases 0-8 complete. ~1,900+ tests. All services healthy.
**Last verified**: 2026-05-12 (Carry-forward from 2026-05-11: 11 PRs shipped across 5 repos + Flyway repair on prod, V59/V60 applied, branch protection on 6 branches, master/main reconciled, INVESTIGATION 2026-05-07 P1 residue closed, tenant onboarding playbook + 8 ADRs + docs/ hierarchy consolidated, spoof-detector blink cache + EAR recalibration paper-P0. **Added today**: parent PR #57 (poster suite: A0 default + 4 style variants compliant with CSE4198 §5.1) + parent PR #58 (archived 18 dated 2026-04/2026-05-04 docs into `archive/2026-05/{audits,plans,reviews,roadmaps,sessions}/`, tidied `.gitignore`); bio PR #99 (closed issue #91: 32 stale unit tests + 3 asyncio-fixture leaks fixed, no production code touched, module-scoped TestClient pattern documented for follow-ups); bio Dependabot #97/#98 in flight (rebased post-#99). Submodule pointer for biometric-processor bumped to post-#99 main.)
**Last verified**: 2026-05-28 (2026-05-28: **Suite launcher unified + security backlog.** Redesigned shared `<fivucsas-launcher>` web component (web-app #103) — hosted at `app.fivucsas.com/launcher.js` (ships in web-app `public/` → Hostinger deploy), it is the ONE cross-site app switcher + global EN/TR toggle. Rolled out to `demo`, `docs` (+3 subpages: biometric/identity/sdk), `amispoof` (web-app #104 removed the amispoof auto-skip), and `landing`; deleted every site's bespoke "FIVUCSAS suite" cross-site bar + per-site EN/TR switch, incl. the dashboard TopBar toggle (Settings-page language `<select>` kept). One toggle drives `html[data-lang]` (static sites localize via `[data-lang]` CSS) and fires a `fivucsas:languagechange` CustomEvent → `i18n.changeLanguage` for the React surfaces (dashboard + verify share `web-app/src/i18n/index.ts`; landing listens in `App.tsx`). `links.fivucsas.com` keeps its own controls — it IS the hub. **api #111 (S13)**: TOTP used-code replay prevention — bounded ~120s Redis `SET key 1 EX NX` marker per `(userId, timeStep)`, max ~3 in-window markers/user, in-memory fallback capped 50k; NOT an infinite blacklist; enrollment keeps plain verify (legit retries). **web #102 (F13/F9)**: surfaced swallowed voice-enrollment errors via `formatApiError` + the `OTP_ATTEMPTS_EXHAUSTED` state. **F12** voice threshold verified CORRECT (verify = cosine *similarity* `>=` 0.65; search = pgvector `<=>` cosine *distance* `< 0.6`) — no change. 2026-05-21: `links.fivucsas.com` hub — API tile → `/swagger-ui.html` with admin-IP "gated" badge (raw API root returned 401), Turkish i18n role-label fixes (English under `lang=tr` was İ-mangling Latin `i` under uppercase), team contact info, Ayşenur LinkedIn URL fix; poster author contact block + **regenerated A0 PDF/PNG** from `landing-website/public/poster/files/fivucsas-poster.html`; attribution — Ayşe Gülsüm Eren GitHub `@aysegulsum` + `marun.edu.tr` academic emails across `spoof-detector` + `practice-and-test` (forensic git-author records left intact); bilingual TR/EN switchers completed on `bys-demo`/`docs-site`/`verify-widget`. Consolidated into PR #69 → `master` (whole `fix/2026-05-12-bake-mini-fasnet-models` branch). NOTE: `api.fivucsas.com/` returns 401 by design (it's an API origin, not a page); Swagger/`/v3/api-docs`/`/actuator` are admin-IP gated (403 public), OIDC discovery is public (200). Carry-forward from 2026-05-12 / 2026-05-11: 11 PRs shipped across 5 repos + Flyway repair on prod, V59/V60 applied, branch protection on 6 branches, master/main reconciled, INVESTIGATION 2026-05-07 P1 residue closed, tenant onboarding playbook + 8 ADRs + docs/ hierarchy consolidated, spoof-detector blink cache + EAR recalibration paper-P0. **Added today**: parent PR #57 (poster suite: A0 default + 4 style variants compliant with CSE4198 §5.1) + parent PR #58 (archived 18 dated 2026-04/2026-05-04 docs into `archive/2026-05/{audits,plans,reviews,roadmaps,sessions}/`, tidied `.gitignore`); bio PR #99 (closed issue #91: 32 stale unit tests + 3 asyncio-fixture leaks fixed, no production code touched, module-scoped TestClient pattern documented for follow-ups); bio Dependabot #97/#98 in flight (rebased post-#99). Submodule pointer for biometric-processor bumped to post-#99 main.)

## Architecture

Expand All @@ -26,6 +26,7 @@ Storage: PostgreSQL 17 + pgvector | Redis 7.4
| Landing Site | https://fivucsas.com |
| Auth Widget / SDK | https://verify.fivucsas.com |
| BYS Demo | https://demo.fivucsas.com |
| amispoof — browser anti-spoof tester | https://amispoof.fivucsas.com/ (old https://fivucsas.com/amispoof/ now 301s to the subdomain) |
| Uptime Monitor | https://status.fivucsas.com |
| Swagger | https://api.fivucsas.com/swagger-ui.html (admin-IP-gated since IN-H2 2026-04-19; allowlist in `infra/traefik/config/dynamic.yml`) |

Expand Down Expand Up @@ -62,6 +63,38 @@ scp -P 65002 -r dist/* u349700627@46.202.158.52:~/domains/app.fivucsas.com/publi
# BYS demo deploy
scp -P 65002 -r /opt/projects/fivucsas/bys-demo/* u349700627@46.202.158.52:~/domains/demo.fivucsas.com/public_html/

# amispoof deploy (TypeScript spoof-detector + webcam tester to amispoof.fivucsas.com)
# Migrated 2026-05-17 from fivucsas.com/amispoof/ → amispoof.fivucsas.com subdomain.
# Old URL serves a 301 to the new one via ~/domains/fivucsas.com/public_html/amispoof/.htaccess.
# We deploy to the NEW subdomain root; the lazy chunks under lib/ + models/ need to be sent too.
cd /opt/projects/fivucsas/spoof-detector/web
npm run build && npm run amispoof:bundle
scp -P 65002 amispoof/index.html amispoof/app.js u349700627@46.202.158.52:~/domains/amispoof.fivucsas.com/public_html/
scp -P 65002 amispoof/lib/spoof-detector.js amispoof/lib/spoof-detector.js.map amispoof/lib/spoof-detector-*.js amispoof/lib/spoof-detector-*.js.map u349700627@46.202.158.52:~/domains/amispoof.fivucsas.com/public_html/lib/
# Models only need to be sent once after the subdomain is created; subsequent deploys can skip these.
# scp -P 65002 amispoof/models/minifasnet_v2.onnx amispoof/models/face_landmarker.task u349700627@46.202.158.52:~/domains/amispoof.fivucsas.com/public_html/models/

# Deploy links hub (links.fivucsas.com — single static index.html)
scp -P 65002 /opt/projects/fivucsas/links-website/index.html u349700627@46.202.158.52:~/domains/links.fivucsas.com/public_html/index.html

# Deploy verify.fivucsas.com (hosted login + auth widget — Docker/nginx via Traefik, NOT Hostinger)
# CRITICAL: build:verify needs VITE_API_BASE_URL. vite.verify.config.ts sets envDir=project root
# so .env.production is loaded — without it env.ts throws at boot and /login renders blank
# (#verify-root never mounts). Preserve the SDK files (fivucsas-auth*.js) at the html root.
cd /opt/projects/fivucsas/web-app && npm run build:verify
rsync -a --delete dist-verify/assets/ ../verify-widget/html/assets/ # assets/ = verify build only
cp dist-verify/index.html ../verify-widget/html/index.html # keep html/fivucsas-auth*.js
cd /opt/projects/fivucsas/verify-widget
docker compose -f docker-compose.prod.yml build && docker compose -f docker-compose.prod.yml up -d
# Verify: curl -s https://verify.fivucsas.com/ | grep assets/index- (new hash) — /login must mount React

# Regenerate + deploy the poster PDF/PNG from the canonical HTML (A0 841×1189mm).
# Canonical poster = landing-website/public/poster/files/fivucsas-poster.html (served at fivucsas.com/poster/files/; the viewer poster/index.html links only to files/*).
cd /opt/projects/fivucsas/landing-website/public/poster/files
google-chrome-stable --headless=new --no-sandbox --virtual-time-budget=20000 --no-pdf-header-footer --print-to-pdf=fivucsas-poster.pdf "file://$PWD/fivucsas-poster.html"
google-chrome-stable --headless=new --no-sandbox --virtual-time-budget=20000 --window-size=3179,4494 --screenshot=fivucsas-poster-preview.png "file://$PWD/fivucsas-poster.html"
scp -P 65002 fivucsas-poster.pdf fivucsas-poster-preview.png u349700627@46.202.158.52:~/domains/fivucsas.com/public_html/poster/files/

# Check all services
docker ps --format "table {{.Names}}\t{{.Status}}"
```
Expand All @@ -80,6 +113,7 @@ FIVUCSAS/ # Parent repo (submodules)
├── docs/ # Architecture docs + plans
├── bys-demo/ # Demo site (static HTML)
├── landing-website/ # Landing page → Hostinger
├── links-website/ # links.fivucsas.com hub (static index.html) → Hostinger
├── practice-and-test/ # R&D experiments
├── scripts/ # Deploy scripts, setup-twilio.sh
└── ROADMAP.md # Product roadmap
Expand Down Expand Up @@ -193,4 +227,5 @@ CX43 CPU-only — GPU ihtiyacı doğmaz (Faz 1-3 roadmap CPU-safe).
- **Python**: Clean Architecture, Pydantic, async/await
- No hardcoded secrets — use .env.prod
- Do NOT dockerize static sites (keep on Hostinger)
- Recommend first, implement only after explicit approval
- Autonomy (2026-05-28): commit/push/merge (incl. PR `--admin`) without per-action approval; spawn concurrent agents for independent stacked tasks. Recommend-first is reserved for significant DESIGN/product choices and destructive/irreversible actions.
- Always keep related docs up to date (CLAUDE.md, READMEs, deploy runbooks) and commit them with the change.
Loading