ops(bake-in): bump bio submodule + Operator Action #11 for volume cleanup#68
Closed
ahmetabdullahgultekin wants to merge 48 commits into
Closed
Conversation
… cleanup Closes loop on the 4th recurrence of feedback_readonly_rootfs_cache_dirs. Bio repo PR (`fix/2026-05-12-bake-mini-fasnet-models`) bakes the four DeepFace/Facenet weights into the image layer and adds an entrypoint shim that chowns the cache volume to 100:101 + seeds missing weights from /opt/baked-models on boot — so `docker volume rm` is now safe and operator memory of the manual `docker cp` MiniFASNet workaround is no longer load-bearing. Parent changes: - Bump `biometric-processor` submodule pointer to the merged tip (053e73d -> 726d3c3) with `fix(docker): bake DeepFace/Facenet weights + self-healing cache volume`. Includes new `model-fetcher` Dockerfile stage with SHA256 verification, deploy/entrypoint.sh shim with gosu privilege drop, explicit uid/gid 100/101 pinning, and `.env.example` documenting `DEEPFACE_FACENET512_SHA256` for the PR #102 runtime gate. - Add Operator Action item 11 to OPERATOR_ACTIONS_2026-05-12.md with the post-merge cleanup runbook (Option A: wipe + verify self-heal; Option B: chown in place + restart). Updates the dependency matrix and execution-order recipe to thread item 11 between items 8 and 1. No prod rebuild from this PR — operator owns deployment per the runbook in item 11. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…o main (#19 merged) - CLAUDE.md Production URLs: new row for the browser anti-spoof tester at fivucsas.com/amispoof/. - CLAUDE.md Key Commands: scp recipe for the amispoof bundle (rebuild + scp index.html + app.js + lib bundle to Hostinger). - spoof-detector submodule bumped from eb154e3 → b04856d (PR #19 squash merge: TypeScript port + browser tester + full Aysenur algorithmic surface landed on main). No changes to biometric-processor, identity-core-api, web-app submodule pointers (their staged status pre-dates this commit). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… + cache self-heal)
…warmup fix + lib cache-bust + gate smoother)
… Turkish-locale casing fix User asked: are amispoof/spoof-detector/paper surfaced on fivucsas.com? Adding the landing-page hooks now: - Hero CTA row: amber/rose pill button → /amispoof/ (browser anti-spoof tester, /amispoof/ slug on fivucsas.com). - Footer link row: amispoof + spoof-detector GitHub link (new) + rename FIVUCSAS GitHub link, keeping all existing rows. Also fixes a Turkish-locale casing leak in the navbar tagline: "identity · verified" was being uppercased by CSS text-transform under <html lang="tr">, which applies Turkish casing rules and turned lowercase "i" into "İ" (dotted capital I) — rendering as "İDENTİTY · VERİFİED". Tagged the span lang="en" so the CSS engine uses English casing rules regardless of the document lang. Added a :lang(en) defensive rule in index.css so future English-tagged spans inside Turkish pages get the same treatment. Live: amispoof button appears on https://fivucsas.com/ once the JS hydrates. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ty + perf overhaul)
… normalization Submodule spoof-detector dae24c8..4f601e7 (3 PRs, all merged to main): #25 fix(session): remove verdictLockedSpoof latch — live faces wrongly verdicted as SPOOF on slow-fps cameras (Chrome/Brave mobile @ ~9 fps). Wires LivenessProver into SessionEngine. Adds 7 regression tests on a previously-untested engine. 126 → 133 vitest green. #26 fix(amispoof): normalize displayed confidence to [0, 100] — engine confidence is structurally capped at 0.88, normalized at the display layer so a clearly-live face reads as 92% instead of 81%. Engine v.summary untouched (SDK consumers keep the raw scale). #27 fix(amispoof): also normalize on-screen verdict-text line — extracts a single displaySummary(v) helper so badge, on-screen text, and copy-to-clipboard all read the same number. Verified live at https://fivucsas.com/amispoof/ at 2026-05-16 16:04 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…rs surfaced Submodule spoof-detector 4f601e7..806b291 (PR #28): feat(amispoof): surface LivenessProver proof panel + 2 hidden analyzers - Added 2 analyzer rows to the panel (Face motion + Background grid) that were running but unrendered. - New "Liveness proof" panel reading detector.getProof(): total /100, per-axis bars (blink/landmark/rotation/expression/challenge points), active-challenge banner, yaw/pitch range seen in degrees, challenges passed/failed counter. - Per-row tooltips now include live per-region/per-axis details (eye_var/mouth_var/forehead_var, tremor_x/y, EAR + blink rate, etc). - Download report + Copy-to-clipboard include the proof payload. - Tiny additive SDK change: LivenessProof now exposes yaw_range_seen_deg + pitch_range_seen_deg. 133 vitest still green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-16 16:39 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Submodule spoof-detector 806b291..e6cd5d4 (PR #29): feat(prover): passive-only proctoring mode — track every movement, no challenges - 3 new passive movement axes (additive, no breaking change): eye_motion_points / 12, mouth_motion_points / 10, face_motion_points / 8 sourced from LandmarkVarianceAnalyzer eye_var + mouth_var and TemporalAnalyzer motion (data was already computed, just unscored). Passive max 75 → 105; 60-pt proven-live threshold reachable from natural webcam observation alone. - Made 3 prover gates tunable via constructor options (Python defaults preserved): expressionRatioGate, rotationThreshold, landmarkVarThreshold. - SpoofDetector gains enableLivenessChallenges + livenessProverThresholds pass-through options. - amispoof switched to proctoring profile: enableLivenessChallenges: false livenessProverThresholds: { 0.4, 2.0°, 0.5 } UI hides ACTIVE CHALLENGES section + active-challenge banner; adds Eye/Mouth/Face motion proof-panel rows. - LivenessProver tests 10 → 16; full suite 133 → 139, all green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-16 16:45 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…clamp, visible bars Submodule spoof-detector e6cd5d4..e359860 (PR #30): - SessionEngine: NO_BLINK_ALERT_SEC stretches linearly when measured fps < 15 (clamped at 4×). Eliminates the 2026-05-17 Chrome-mobile false positive where a real user blinking 22× had a "static-image attack suspected" incident in their ledger. - LivenessProver: estimateHeadPose() clamps per-frame yaw/pitch to ±60° to absorb degenerate MediaPipe outliers. yawRangeSeen now caps at 120° instead of 180° — fixes the "yaw 112.8°" display bug; score path unchanged (rotation_points already capped at 15). - amispoof CSS: display: block on .fill (was inline span, ignored width). Bars in all three score panels now render proportional fills instead of empty rails. - Tests: 5 new (139 → 144 green). Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 07:28 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ix unlock Submodule spoof-detector e359860..99b6f36 (PR #31): feat(phase-A): unlock MediaPipe blendshapes + 3D matrix → 5 new analyzers + 5 new proof axes - Flipped outputFaceBlendshapes + outputFacialTransformationMatrixes to true on the existing FaceLandmarker (zero new model load). - Extended FaceROI with optional blendshapes (Map<string, number>) and transformMatrix (Float32Array, 16 floats). - Added 5 main-thread analyzers (Eyebrow, BlinkSymmetry, Gaze, ExpressionDynamics, Pose3DConsistency) reading directly from the new blendshape + matrix data. - Added 5 LivenessProver passive axes: eyebrow_motion (cap 8), blink_symmetry (cap 6, corr≥0.7), gaze_variation (cap 8), expression_dynamics (cap 8), pose_3d_consistency (cap 6). Passive ceiling 105 → 141 pts. - amispoof UI: 5 new analyzer rows, 5 new proof panel rows, per-row detail tooltips for the new analyzers. - Bundle delta: +3.4 kB gz (plan budget +10). - Tests 144 → 176 green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 07:50 UTC. First phase of the multi-signal liveness roadmap; Phases B–D queued. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…alyzer PR #32: BehavioralPatternAnalyzer + behavioral_pattern_points axis. Passive ceiling 141 → 151. Tests 176 → 183 green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 08:02 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…re drift PR #33: TextureAnalyzer gains a 300-frame ring buffer of mean HSV per face crop; folds into existing texture score via rebalanced weights (0.35/0.27/0.27/0.11). No new proof axis (per plan). Tests 183 → 187. Operator note: also need to scp the regenerated lazy chunks spoof-detector-TextureAnalyzer-*.js to Hostinger (CLAUDE.md deploy runbook is missing this; fixed manually for PR #33). Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 08:06 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ground motion PR #34. Optional MediaPipe SelfieSegmenter (~250 KB) lazy-loaded; BackgroundMotionAnalyzer rate-limited 1/5 frames; new axis background_motion_points (cap 8). Passive ceiling 151 → 159. Tests 187 → 193 green. Verified live at fivucsas.com/amispoof/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #35. Optional MediaPipe HandLandmarker (~6 MB) lazy-loaded; HandTrackingAnalyzer rate-limited 1/4 frames; new axis hand_naturalness_points (cap 8). Passive ceiling 159 → 167. amispoof opt-in via ?hand=1 URL param. Tests 193 → 199 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #36 completes Phases A-D of the multi-signal roadmap. AudioCapture (Web Audio API, rolling RMS), VoiceActivityAnalyzer, AudioMouthSyncAnalyzer. New axes voice_activity_points (cap 6) + audio_mouth_sync_points (cap 12). Passive ceiling 167 → 185. amispoof gets a 🎤 button. Tests 199 → 209 green. Verified live at fivucsas.com/amispoof/ at 2026-05-17 08:18 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…l-clock rate PR #37 fixes two correctness bugs surfaced in the post-Phase-D3 mobile trace: Pose3DConsistencyAnalyzer was reading the transform matrix as row-major (MediaPipe is column-major; tz was always 0); GazeAnalyzer saccade rate divided by historyLen/30 (inflated 3.3× on mobile). Tests 209 → 212 green. Verified live at fivucsas.com/amispoof/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…m head pose PR #38: re-routes eye_motion_points + mouth_motion_points from raw landmark variance (head-pose contaminated) to face-relative blendshape stddevs (blink_symmetry + gaze + expression_dynamics). Tests 212 → 214. Verified live at fivucsas.com/amispoof/ at 2026-05-17 08:43 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…lity pause PR #39: blink_points becomes a rolling 60s rate (decays if blinking stops), amispoof loop skips analyzeFrame() while document.hidden (closes the backgrounded-tab static-incident false positive + the proctoring backdoor where stale frames kept reporting LIVE). Tests 214 → 217 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…+ recorder PR #40 (UI-only): bench gets a HEAD-probe preflight and explains 'samples not bundled' instead of a stack trace; new ✋ Hand toggle button mirrors the 🎤 Mic button two-step UX; new ⏺ Record session button captures MediaRecorder webm + per-frame analytics JSON downloads on stop. No SDK changes, 217 tests still green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #41 (UI-only): camera-recovery on visibility-return (fixes the 'face frozen after backgrounding' bug from PR #39 — mobile suspends MediaStreamTrack, we now call play()/re-acquire); tighter SEO meta description (Google snippet ready); in-page replay UI loads recorded session JSON and shows verdict + proof timeline. No SDK changes, 217 tests still green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #42: shortened all button labels (titles preserved) so they fit on mobile widths; added ?autorec=1 URL param that auto-starts MediaRecorder on session Start and auto-stops on session Stop. No SDK changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…aper §10.1 update PR #43: fixes mobile NotFoundError on .json replay file pick (FileReader snapshot instead of Blob.text); refreshes paper conclusion §10.1 to reflect the current 19-analyzer / 15-axis / 173 kB browser bundle state plus README count update. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…paper §7.6 PR #44: docs-only. Operator runbook for amispoof.fivucsas.com migration (accounts for TurkTicaret-registered + Hostinger-hosted topology) plus .htaccess 301 template plus paper §7.6 refresh (projection → measured). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #45 (docs only). Per user direction, the academic paper now leads with the browser/client-side bundle as the primary deliverable and documents the Python reference as the prototyping starting point + evaluation harness rather than the production target. No empirical claims changed; §6-§8 evaluation still produced by Python because the dataset benchmarks live there. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #46 in spoof-detector flips canonical/og:url/JSON-LD to amispoof.fivucsas.com. Deployed to both locations. Old URL serves a 301 via Hostinger .htaccess. Also updated this CLAUDE.md to document the new deploy commands + the 301 fallback path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Migrated 2026-05-17. The src/App.tsx had two anchors pointing to the old /amispoof/ relative path which served from fivucsas.com/amispoof/ (now 301s to the subdomain). Updated both to absolute https://amispoof.fivucsas.com/ with target=_blank + rel=noopener for the SEO/UX signal. Rebuilt + deployed to Hostinger. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… roadmap tooling PR #50: surfaces 'Am I spoof?' query intent across title/h1/meta/og/twitter, adds FAQPage JSON-LD with 5 Q&A entries for natural-language SERP visibility, documents analytics + error-tracking + Cloudflare next-steps in ROADMAP. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Hardens amispoof.fivucsas.com replay loader against Android Chrome 148 picker-handle revocation: snapshotFile() races Blob.arrayBuffer() and FileReader in parallel inside the change handler, drag-and-drop on #replayPanel, clipboard-paste fallback when both readers fail. Version 2026-05-18-replayfix deployed to Hostinger. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…sas.com root Previously verify.fivucsas.com served a noindex shell that was blank for direct visitors. Now the index.html ships a static landing block (#verify-landing) with brand, value prop, 3 method cards, 10 auth-method pills, integration snippet, footer — visible to crawlers and direct visitors. React main.tsx sets #verify-root[data-mounted=true] on first paint; a CSS sibling selector hides the landing for iframe/OAuth consumers with no flash. Robots lifted to "index, follow"; added description, canonical, og, twitter, JSON-LD SoftwareApplication. /login behaviour unchanged — same shell, React routes to HostedLoginApp. Deployed: docker compose build verify-widget && up -d. Image f7af736a. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Closes the cross-site navigation gap supervisor flagged (couldn't navigate from demo to landing). Two scoped changes: * bys-demo/index.html: replaces dead onclick="return false;" placeholders in the utility-bar with real links to landing + Dashboard + Widget + amispoof + Status. * spoof-detector bump 310b746: adds same suite-bar to amispoof page, which previously had no outbound link to any sister site. (web-app dashboard sidebar also got the suite-bar, in feature branch fix/2026-05-12-liveness-and-puzzles — parent pointer not bumped here since that branch has unrelated in-flight work; will land via PR.) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…emo subpages + download) Earlier today's nav-fix only covered top-level pages. Audit found 7 surfaces still missing cross-site links. This commit closes the gap: * docs.fivucsas.com (4 pages: index + identity + biometric + sdk) — recreated the docs-site/ source dir which had been deleted (extracted Dockerfile + nginx.conf + html/ + compose from the running fivucsas-docs container), patched each HTML with the suite-bar, rebuilt + redeployed. * bys-demo callback.html + dashboard.html + test-elements.html — suite-bar block injected right after <body>. Previously only index.html had nav. * landing-website/public/download.html — extended primary nav with amispoof + Widget + Status links (was missing). Also corrected an earlier mis-statement: status.fivucsas.com is NOT an external service — it's our self-hosted Uptime Kuma at /opt/projects/uptime-kuma/, multi-hosted on the same container as status.rollingcatsoftware.com via Traefik label. 8 surfaces verified live with the suite-bar. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pulls in practice-and-test/8e9bb5b which removes build artifacts (gradle-temp, old report zips, regeneratable demo output) + abandoned R&D dirs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…te fixes) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
links-website/ (links.fivucsas.com hub): API tile now points to /swagger-ui.html instead of the raw API root (which returned a bare 401); real Turkish translations for the Ahmet/Ayşe role labels (were English under lang=tr, which Turkish-uppercased Latin i into dotted İ); de-mixed the Grafana tooltip; Ayşe Gülsüm GitHub @aysegulsum + ayse.gulsum@marun.edu.tr; Ayşenur aysenurarici@marun.edu.tr. poster (FIVUCSAS_Poster_v3.html + landing-website/public/poster/files/fivucsas-poster.html): add marun.edu.tr academic emails + Gülsüm GitHub to the author contact block. Bump spoof-detector + practice-and-test submodule pointers (attribution-doc commits). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Swagger is admin-IP gated (works for operator/VPN/Marmara campus, 403 for public). Keep the tile clickable but add a 'kısıtlı'/'gated' badge + tooltip so the restriction is visible — a middle tier between fully-public tiles and the disabled (no-public-DNS) Grafana card. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Re-rendered from fivucsas-poster.html (headless Chrome, A0 841×1189mm) so the binaries match the updated author contact block (marun.edu.tr emails + github.com/aysegulsum). PDF 1pp A0 558KB; PNG 3179×4494px. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The ASCII slug aysenur-arici 404s; restore the originally-provided ayşenur-arıcı (percent-encoded ay%C5%9Fenur-ar%C4%B1c%C4%B1). LinkedIn blocks server-side verification (999), so this needs a browser confirm. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…cs-site, verify-widget) Poster suite: POSTER_BRIEF.md + landing-website/public/poster/ (viewer, brief, presentation script, assets) + poster/ design brief + script + assets + 4 style variants (showcase/visual). bys-demo / docs-site / verify-widget: complete the TR/EN language switcher + data-tr/data-en i18n (matches the links-hub pattern; toggles <html lang> so locale-aware uppercasing is correct). Deliberately EXCLUDES node_modules/ and the WIP submodule pointer bumps (biometric-processor / identity-core-api / web-app fix branches; web-app is -dirty) so no WIP submodule state ships to master. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…commands Status carry-forward for the links hub / poster / attribution / i18n work; add links-website/ to Repository Structure; add links-hub + poster-regeneration deploy commands; note api.fivucsas.com gate behavior (401 root / 403 swagger / 200 OIDC discovery). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…aveat Documents the verify-widget Docker deploy (was missing from Key Commands) and the VITE_API_BASE_URL/envDir requirement whose absence blanked /login for ~11 days (env.ts fail-fast threw at boot). See web-app PR #98. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… (2026-05-28) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Roll the redesigned <fivucsas-launcher> (app.fivucsas.com/launcher.js) out to demo, docs (+biometric/identity/sdk), and landing; delete each site's bespoke "FIVUCSAS suite" cross-site bar and per-site EN/TR switch so there is one global toggle. Static sites localize via html[data-lang]; landing (React) listens for the launcher's fivucsas:languagechange event. bys-demo keeps its simulated-portal content; links stays as the hub. Also commits the demo widget museum note. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
app.fivucsas.com serves .js as immutable; a shared stable URL is needed so all sites hit the same cache entry. Bump retires existing immutable copies; launcher.js itself is moved to a revalidating cache (web-app .htaccess) so future updates propagate without further ?v= bumps. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Author
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 28, 2026
api rebuilt (8 security fixes live + JWT-aud env fix + #112 go-offline fix); scan merges (#70/#94/#101/#102/#99 + bio #104/#106/#108/#109), closes (#18/#68/#107), and holds (#105/#90/#54/#56); card detection now client-side but the deployed model is the 51MB YOLOv8m — Ayşenur's 12MB nano binary is not in the repo (gitignored) and must be delivered. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 30, 2026
…/P2-1/P2-2/P0-2b + frontend tests) (#101) - identity-core-api → 3180c5c: P1-1 isolation ITs CI gate (#155) + unit-test mocks (#156) + P1-5 V29/V40/V41 DR-safety fix (#157, deployed w/ flyway repair). - web-app → c5fc878: 80 frontend edge-case specs (#133, 831→911) locking the consent-path + userType-authority regressions. - biometric-processor → 4b956d4: P2-2 bio CI honestly green (#124-#129) + P0-2b canonical digest-pinned reproducible build (#125, DEPLOYED — segfault retired). spoof-detector #68 (P2-1 integrity) + parent #100 (P2-3 runbooks) also merged. Co-authored-by: Ahmet Abdullah Gultekin <rollingcat.help@gmail.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 30, 2026
…30 + bump submodule pointers (#103) Records the merged+deployed 2026-05-30 stabilize-&-harden backlog (P0-1/P0-2/P0-2b, P1-1..P1-5, P2-1/P2-2/P2-3 + frontend tests) as COMPLETE in ROADMAP.md + CHANGELOG.md, with the two remaining operator follow-ups (branch-protection IT status check; execute OPERATOR_SECURITY_RUNBOOKS.md). Existing 2026-05-30 Identity/ROOT entries left intact. Submodule pointer bumps to each origin/main (doc-only PRs just merged + spoof-detector #68 results-integrity): - identity-core-api -> 0c50841 (#158 P1-1/P1-5 operator-reality docs) - biometric-processor -> 84a4f4c (#130 P0-2b/P2-2 changelog) - spoof-detector -> 851d4d2 (#68 results-integrity cleanup, P2-1) - web-app -> 8d08646 (#135 frontend-tests changelog) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Parent-side companion to bio repo PR
Rollingcat-Software/biometric-processor#104
which closes the 4th recurrence of
feedback_readonly_rootfs_cache_dirs(prior offenders: DeepFace, Numba, UniFace; now MiniFASNet).
biometric-processorsubmodule from053e73d→726d3c3(
fix(docker): bake DeepFace/Facenet weights + self-healing cache volume).OPERATOR_ACTIONS_2026-05-12.mdwith the post-merge cleanup runbook + dependency-matrix update.
Why the bug existed
Bio container runs with
read_only: truerootfs and a named volumebiometric_modelsmounted at/tmp/.deepface. The volume is created byDocker owned by
root:root. The app runs as uid 100. When DeepFace triesto download MiniFASNet
.pthweights on first inference it cannot writethe cache → silently degrades → anti-spoof verdict collapses to
false-positive.
Today's hot-fix manually
docker cp'd the two.pthfiles into thelive volume. That fix was load-bearing on operator memory: next
docker volume rmwould have re-triggered the bug.What ships with the bio submodule bump
model-fetcherDockerfile builder stage downloads the fourcritical weight files with SHA256 verification at build time:
facenet512_weights.h5(3f76b51...)centerface.onnx(77e394b...)2.7_80x80_MiniFASNetV2.pth(a5eb02e...)4_0_0_80x80_MiniFASNetV1SE.pth(84ee1d3...)deploy/entrypoint.shruns as root, chowns/tmp/.deepfaceto100:101, seeds missing weights from
/opt/baked-models/, then dropsto uid 100 via
gosu..env.exampledocumentsDEEPFACE_FACENET512_SHA256required by PRinfra(submodule): bump web (suite green) #102 (
DEEPFACE_SHA256_REQUIRED=true).Operator Action item 11 (added here)
Post-rebuild cleanup runbook. Two paths:
A — Wipe & verify self-heal (recommended).
B — Keep & re-own the existing volume.
Acceptance:
docker exec biometric-api stat -c '%u:%g' /tmp/.deepface/.deepface/weights/facenet512_weights.h5returns100:101.Base branch
This PR targets
fix/2026-05-12-infra-hygiene(the open PR #67 whichintroduces
OPERATOR_ACTIONS_2026-05-12.md). Once PR #67 merges tomaster, this PR will retargetmasterautomatically. The submodulebump and the new item 11 are independent of items 1–10 and do not
conflict.
Test plan
/verifycall against the testbed and confirm anti-spoof verdict no longer returnsblockdue to missing MiniFASNet.OPERATOR_ACTIONS_2026-05-12.mdreads cleanly end-to-end and the dependency matrix lists 11 rows.Memory references
feedback_readonly_rootfs_cache_dirs(4th sighting)feedback_env_file_docker(commands use--env-file .env.prod)feedback_git_push(baregit push -u origin <branch>)reference_fivucsas_branch_model(parent integration ismaster, defaultmain; targeted intermediatefix/2026-05-12-infra-hygienebecause the OPERATOR_ACTIONS file is only on that branch today)🤖 Generated with Claude Code