Integrate 2026-05-12 branch into master: links hub, poster, docs-site, Traefik, amispoof subdomain#69
Merged
ahmetabdullahgultekin merged 46 commits intoMay 21, 2026
Conversation
P1 hygiene from 2026-05-12 senior reviews (backend, DB, infra, security):
* infra/traefik: vendored copy of /opt/projects/infra/traefik/config/
with forwardedHeaders.trustedIPs: [] on both :80 and :443 entryPoints.
RateLimitInterceptor.getClientIP in identity-core-api consumes
`XFF.split(",")[0]` so the prior config (no forwardedHeaders block)
let an attacker bypass every per-IP bucket (login, MFA, biometric,
qr-generate) by setting their own X-Forwarded-For. Empty trustedIPs
causes Traefik to strip incoming XFF and write its own using the peer
IP. Internal Docker bridge (172.20.0.0/24) is NOT trusted because
external clients never connect from that range — only Docker-network
containers, and those don't set XFF. README.md documents the
vendored-vs-live split and the sync workflow.
* OPERATOR_ACTIONS_2026-05-12.md: 5 items agents shouldn't autonomously
execute. Per-item severity, blast radius, maintenance window,
dependencies, explicit commands:
1. audit_logs partman bootstrap (V57 was a silent no-op; runbook
at infra/RUNBOOK_AUDIT_LOG_PARTMAN.md prepped Option A image)
2. RLS theatre (V25 left FORCE commented; 9 tables relforcerowsecurity=f;
app role is postgres superuser → RLS bypassed)
3. web-app/.env.production still byte-identical to leaked literal
6bdedd2; live bundle is clean but rebuild-from-tree would regress
4. parent main fast-forward: master 220 ahead, main 134 ahead but
all already merged via PR #51 — `git push origin master:main
--force-with-lease` reconciles
5. HS512 kid hs-2026-04 revocation pending Team Auth-Java PR;
rebuild api container after merge
Companion api PR fix/2026-05-12-infra-hygiene ships V61 NOT NULL for
audit_logs.tenant_id (locks down the V59 backfill).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… cleanup Closes loop on the 4th recurrence of feedback_readonly_rootfs_cache_dirs. Bio repo PR (`fix/2026-05-12-bake-mini-fasnet-models`) bakes the four DeepFace/Facenet weights into the image layer and adds an entrypoint shim that chowns the cache volume to 100:101 + seeds missing weights from /opt/baked-models on boot — so `docker volume rm` is now safe and operator memory of the manual `docker cp` MiniFASNet workaround is no longer load-bearing. Parent changes: - Bump `biometric-processor` submodule pointer to the merged tip (053e73d -> 726d3c3) with `fix(docker): bake DeepFace/Facenet weights + self-healing cache volume`. Includes new `model-fetcher` Dockerfile stage with SHA256 verification, deploy/entrypoint.sh shim with gosu privilege drop, explicit uid/gid 100/101 pinning, and `.env.example` documenting `DEEPFACE_FACENET512_SHA256` for the PR #102 runtime gate. - Add Operator Action item 11 to OPERATOR_ACTIONS_2026-05-12.md with the post-merge cleanup runbook (Option A: wipe + verify self-heal; Option B: chown in place + restart). Updates the dependency matrix and execution-order recipe to thread item 11 between items 8 and 1. No prod rebuild from this PR — operator owns deployment per the runbook in item 11. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…o main (#19 merged) - CLAUDE.md Production URLs: new row for the browser anti-spoof tester at fivucsas.com/amispoof/. - CLAUDE.md Key Commands: scp recipe for the amispoof bundle (rebuild + scp index.html + app.js + lib bundle to Hostinger). - spoof-detector submodule bumped from eb154e3 → b04856d (PR #19 squash merge: TypeScript port + browser tester + full Aysenur algorithmic surface landed on main). No changes to biometric-processor, identity-core-api, web-app submodule pointers (their staged status pre-dates this commit). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… + cache self-heal)
…warmup fix + lib cache-bust + gate smoother)
… Turkish-locale casing fix User asked: are amispoof/spoof-detector/paper surfaced on fivucsas.com? Adding the landing-page hooks now: - Hero CTA row: amber/rose pill button → /amispoof/ (browser anti-spoof tester, /amispoof/ slug on fivucsas.com). - Footer link row: amispoof + spoof-detector GitHub link (new) + rename FIVUCSAS GitHub link, keeping all existing rows. Also fixes a Turkish-locale casing leak in the navbar tagline: "identity · verified" was being uppercased by CSS text-transform under <html lang="tr">, which applies Turkish casing rules and turned lowercase "i" into "İ" (dotted capital I) — rendering as "İDENTİTY · VERİFİED". Tagged the span lang="en" so the CSS engine uses English casing rules regardless of the document lang. Added a :lang(en) defensive rule in index.css so future English-tagged spans inside Turkish pages get the same treatment. Live: amispoof button appears on https://fivucsas.com/ once the JS hydrates. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ty + perf overhaul)
… normalization Submodule spoof-detector dae24c8..4f601e7 (3 PRs, all merged to main): #25 fix(session): remove verdictLockedSpoof latch — live faces wrongly verdicted as SPOOF on slow-fps cameras (Chrome/Brave mobile @ ~9 fps). Wires LivenessProver into SessionEngine. Adds 7 regression tests on a previously-untested engine. 126 → 133 vitest green. #26 fix(amispoof): normalize displayed confidence to [0, 100] — engine confidence is structurally capped at 0.88, normalized at the display layer so a clearly-live face reads as 92% instead of 81%. Engine v.summary untouched (SDK consumers keep the raw scale). #27 fix(amispoof): also normalize on-screen verdict-text line — extracts a single displaySummary(v) helper so badge, on-screen text, and copy-to-clipboard all read the same number. Verified live at https://fivucsas.com/amispoof/ at 2026-05-16 16:04 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…rs surfaced Submodule spoof-detector 4f601e7..806b291 (PR #28): feat(amispoof): surface LivenessProver proof panel + 2 hidden analyzers - Added 2 analyzer rows to the panel (Face motion + Background grid) that were running but unrendered. - New "Liveness proof" panel reading detector.getProof(): total /100, per-axis bars (blink/landmark/rotation/expression/challenge points), active-challenge banner, yaw/pitch range seen in degrees, challenges passed/failed counter. - Per-row tooltips now include live per-region/per-axis details (eye_var/mouth_var/forehead_var, tremor_x/y, EAR + blink rate, etc). - Download report + Copy-to-clipboard include the proof payload. - Tiny additive SDK change: LivenessProof now exposes yaw_range_seen_deg + pitch_range_seen_deg. 133 vitest still green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-16 16:39 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Submodule spoof-detector 806b291..e6cd5d4 (PR #29): feat(prover): passive-only proctoring mode — track every movement, no challenges - 3 new passive movement axes (additive, no breaking change): eye_motion_points / 12, mouth_motion_points / 10, face_motion_points / 8 sourced from LandmarkVarianceAnalyzer eye_var + mouth_var and TemporalAnalyzer motion (data was already computed, just unscored). Passive max 75 → 105; 60-pt proven-live threshold reachable from natural webcam observation alone. - Made 3 prover gates tunable via constructor options (Python defaults preserved): expressionRatioGate, rotationThreshold, landmarkVarThreshold. - SpoofDetector gains enableLivenessChallenges + livenessProverThresholds pass-through options. - amispoof switched to proctoring profile: enableLivenessChallenges: false livenessProverThresholds: { 0.4, 2.0°, 0.5 } UI hides ACTIVE CHALLENGES section + active-challenge banner; adds Eye/Mouth/Face motion proof-panel rows. - LivenessProver tests 10 → 16; full suite 133 → 139, all green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-16 16:45 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…clamp, visible bars Submodule spoof-detector e6cd5d4..e359860 (PR #30): - SessionEngine: NO_BLINK_ALERT_SEC stretches linearly when measured fps < 15 (clamped at 4×). Eliminates the 2026-05-17 Chrome-mobile false positive where a real user blinking 22× had a "static-image attack suspected" incident in their ledger. - LivenessProver: estimateHeadPose() clamps per-frame yaw/pitch to ±60° to absorb degenerate MediaPipe outliers. yawRangeSeen now caps at 120° instead of 180° — fixes the "yaw 112.8°" display bug; score path unchanged (rotation_points already capped at 15). - amispoof CSS: display: block on .fill (was inline span, ignored width). Bars in all three score panels now render proportional fills instead of empty rails. - Tests: 5 new (139 → 144 green). Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 07:28 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ix unlock Submodule spoof-detector e359860..99b6f36 (PR #31): feat(phase-A): unlock MediaPipe blendshapes + 3D matrix → 5 new analyzers + 5 new proof axes - Flipped outputFaceBlendshapes + outputFacialTransformationMatrixes to true on the existing FaceLandmarker (zero new model load). - Extended FaceROI with optional blendshapes (Map<string, number>) and transformMatrix (Float32Array, 16 floats). - Added 5 main-thread analyzers (Eyebrow, BlinkSymmetry, Gaze, ExpressionDynamics, Pose3DConsistency) reading directly from the new blendshape + matrix data. - Added 5 LivenessProver passive axes: eyebrow_motion (cap 8), blink_symmetry (cap 6, corr≥0.7), gaze_variation (cap 8), expression_dynamics (cap 8), pose_3d_consistency (cap 6). Passive ceiling 105 → 141 pts. - amispoof UI: 5 new analyzer rows, 5 new proof panel rows, per-row detail tooltips for the new analyzers. - Bundle delta: +3.4 kB gz (plan budget +10). - Tests 144 → 176 green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 07:50 UTC. First phase of the multi-signal liveness roadmap; Phases B–D queued. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…alyzer PR #32: BehavioralPatternAnalyzer + behavioral_pattern_points axis. Passive ceiling 141 → 151. Tests 176 → 183 green. Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 08:02 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…re drift PR #33: TextureAnalyzer gains a 300-frame ring buffer of mean HSV per face crop; folds into existing texture score via rebalanced weights (0.35/0.27/0.27/0.11). No new proof axis (per plan). Tests 183 → 187. Operator note: also need to scp the regenerated lazy chunks spoof-detector-TextureAnalyzer-*.js to Hostinger (CLAUDE.md deploy runbook is missing this; fixed manually for PR #33). Verified live at https://fivucsas.com/amispoof/ at 2026-05-17 08:06 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ground motion PR #34. Optional MediaPipe SelfieSegmenter (~250 KB) lazy-loaded; BackgroundMotionAnalyzer rate-limited 1/5 frames; new axis background_motion_points (cap 8). Passive ceiling 151 → 159. Tests 187 → 193 green. Verified live at fivucsas.com/amispoof/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #35. Optional MediaPipe HandLandmarker (~6 MB) lazy-loaded; HandTrackingAnalyzer rate-limited 1/4 frames; new axis hand_naturalness_points (cap 8). Passive ceiling 159 → 167. amispoof opt-in via ?hand=1 URL param. Tests 193 → 199 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #36 completes Phases A-D of the multi-signal roadmap. AudioCapture (Web Audio API, rolling RMS), VoiceActivityAnalyzer, AudioMouthSyncAnalyzer. New axes voice_activity_points (cap 6) + audio_mouth_sync_points (cap 12). Passive ceiling 167 → 185. amispoof gets a 🎤 button. Tests 199 → 209 green. Verified live at fivucsas.com/amispoof/ at 2026-05-17 08:18 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…l-clock rate PR #37 fixes two correctness bugs surfaced in the post-Phase-D3 mobile trace: Pose3DConsistencyAnalyzer was reading the transform matrix as row-major (MediaPipe is column-major; tz was always 0); GazeAnalyzer saccade rate divided by historyLen/30 (inflated 3.3× on mobile). Tests 209 → 212 green. Verified live at fivucsas.com/amispoof/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…m head pose PR #38: re-routes eye_motion_points + mouth_motion_points from raw landmark variance (head-pose contaminated) to face-relative blendshape stddevs (blink_symmetry + gaze + expression_dynamics). Tests 212 → 214. Verified live at fivucsas.com/amispoof/ at 2026-05-17 08:43 UTC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…lity pause PR #39: blink_points becomes a rolling 60s rate (decays if blinking stops), amispoof loop skips analyzeFrame() while document.hidden (closes the backgrounded-tab static-incident false positive + the proctoring backdoor where stale frames kept reporting LIVE). Tests 214 → 217 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…+ recorder PR #40 (UI-only): bench gets a HEAD-probe preflight and explains 'samples not bundled' instead of a stack trace; new ✋ Hand toggle button mirrors the 🎤 Mic button two-step UX; new ⏺ Record session button captures MediaRecorder webm + per-frame analytics JSON downloads on stop. No SDK changes, 217 tests still green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #41 (UI-only): camera-recovery on visibility-return (fixes the 'face frozen after backgrounding' bug from PR #39 — mobile suspends MediaStreamTrack, we now call play()/re-acquire); tighter SEO meta description (Google snippet ready); in-page replay UI loads recorded session JSON and shows verdict + proof timeline. No SDK changes, 217 tests still green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #42: shortened all button labels (titles preserved) so they fit on mobile widths; added ?autorec=1 URL param that auto-starts MediaRecorder on session Start and auto-stops on session Stop. No SDK changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…aper §10.1 update PR #43: fixes mobile NotFoundError on .json replay file pick (FileReader snapshot instead of Blob.text); refreshes paper conclusion §10.1 to reflect the current 19-analyzer / 15-axis / 173 kB browser bundle state plus README count update. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…paper §7.6 PR #44: docs-only. Operator runbook for amispoof.fivucsas.com migration (accounts for TurkTicaret-registered + Hostinger-hosted topology) plus .htaccess 301 template plus paper §7.6 refresh (projection → measured). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #45 (docs only). Per user direction, the academic paper now leads with the browser/client-side bundle as the primary deliverable and documents the Python reference as the prototyping starting point + evaluation harness rather than the production target. No empirical claims changed; §6-§8 evaluation still produced by Python because the dataset benchmarks live there. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #46 in spoof-detector flips canonical/og:url/JSON-LD to amispoof.fivucsas.com. Deployed to both locations. Old URL serves a 301 via Hostinger .htaccess. Also updated this CLAUDE.md to document the new deploy commands + the 301 fallback path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Migrated 2026-05-17. The src/App.tsx had two anchors pointing to the old /amispoof/ relative path which served from fivucsas.com/amispoof/ (now 301s to the subdomain). Updated both to absolute https://amispoof.fivucsas.com/ with target=_blank + rel=noopener for the SEO/UX signal. Rebuilt + deployed to Hostinger. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… roadmap tooling PR #50: surfaces 'Am I spoof?' query intent across title/h1/meta/og/twitter, adds FAQPage JSON-LD with 5 Q&A entries for natural-language SERP visibility, documents analytics + error-tracking + Cloudflare next-steps in ROADMAP. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Hardens amispoof.fivucsas.com replay loader against Android Chrome 148 picker-handle revocation: snapshotFile() races Blob.arrayBuffer() and FileReader in parallel inside the change handler, drag-and-drop on #replayPanel, clipboard-paste fallback when both readers fail. Version 2026-05-18-replayfix deployed to Hostinger. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…sas.com root Previously verify.fivucsas.com served a noindex shell that was blank for direct visitors. Now the index.html ships a static landing block (#verify-landing) with brand, value prop, 3 method cards, 10 auth-method pills, integration snippet, footer — visible to crawlers and direct visitors. React main.tsx sets #verify-root[data-mounted=true] on first paint; a CSS sibling selector hides the landing for iframe/OAuth consumers with no flash. Robots lifted to "index, follow"; added description, canonical, og, twitter, JSON-LD SoftwareApplication. /login behaviour unchanged — same shell, React routes to HostedLoginApp. Deployed: docker compose build verify-widget && up -d. Image f7af736a. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Closes the cross-site navigation gap supervisor flagged (couldn't navigate from demo to landing). Two scoped changes: * bys-demo/index.html: replaces dead onclick="return false;" placeholders in the utility-bar with real links to landing + Dashboard + Widget + amispoof + Status. * spoof-detector bump 310b746: adds same suite-bar to amispoof page, which previously had no outbound link to any sister site. (web-app dashboard sidebar also got the suite-bar, in feature branch fix/2026-05-12-liveness-and-puzzles — parent pointer not bumped here since that branch has unrelated in-flight work; will land via PR.) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…emo subpages + download) Earlier today's nav-fix only covered top-level pages. Audit found 7 surfaces still missing cross-site links. This commit closes the gap: * docs.fivucsas.com (4 pages: index + identity + biometric + sdk) — recreated the docs-site/ source dir which had been deleted (extracted Dockerfile + nginx.conf + html/ + compose from the running fivucsas-docs container), patched each HTML with the suite-bar, rebuilt + redeployed. * bys-demo callback.html + dashboard.html + test-elements.html — suite-bar block injected right after <body>. Previously only index.html had nav. * landing-website/public/download.html — extended primary nav with amispoof + Widget + Status links (was missing). Also corrected an earlier mis-statement: status.fivucsas.com is NOT an external service — it's our self-hosted Uptime Kuma at /opt/projects/uptime-kuma/, multi-hosted on the same container as status.rollingcatsoftware.com via Traefik label. 8 surfaces verified live with the suite-bar. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pulls in practice-and-test/8e9bb5b which removes build artifacts (gradle-temp, old report zips, regeneratable demo output) + abandoned R&D dirs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…te fixes) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
links-website/ (links.fivucsas.com hub): API tile now points to /swagger-ui.html instead of the raw API root (which returned a bare 401); real Turkish translations for the Ahmet/Ayşe role labels (were English under lang=tr, which Turkish-uppercased Latin i into dotted İ); de-mixed the Grafana tooltip; Ayşe Gülsüm GitHub @aysegulsum + ayse.gulsum@marun.edu.tr; Ayşenur aysenurarici@marun.edu.tr. poster (FIVUCSAS_Poster_v3.html + landing-website/public/poster/files/fivucsas-poster.html): add marun.edu.tr academic emails + Gülsüm GitHub to the author contact block. Bump spoof-detector + practice-and-test submodule pointers (attribution-doc commits). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Swagger is admin-IP gated (works for operator/VPN/Marmara campus, 403 for public). Keep the tile clickable but add a 'kısıtlı'/'gated' badge + tooltip so the restriction is visible — a middle tier between fully-public tiles and the disabled (no-public-DNS) Grafana card. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Re-rendered from fivucsas-poster.html (headless Chrome, A0 841×1189mm) so the binaries match the updated author contact block (marun.edu.tr emails + github.com/aysegulsum). PDF 1pp A0 558KB; PNG 3179×4494px. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The ASCII slug aysenur-arici 404s; restore the originally-provided ayşenur-arıcı (percent-encoded ay%C5%9Fenur-ar%C4%B1c%C4%B1). LinkedIn blocks server-side verification (999), so this needs a browser confirm. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR integrates the fix/2026-05-12-bake-mini-fasnet-models working branch into master, adding new public-facing static sites (links hub + docs), updating the verify-widget root landing/SEO, and vendoring Traefik configuration + cross-site navigation updates across the suite.
Changes:
- Add new
links-website/static link hub (TR/EN toggle + QR asset). - Add
docs-site/static docs site (Identity + Biometric + SDK pages) and a production compose for Traefik. - Update verify-widget root HTML for SEO + a static landing section, and add cross-site navigation links across landing + BYS demo + docs.
Reviewed changes
Copilot reviewed 29 out of 35 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| verify-widget/html/index.html | SEO metadata and static landing content for verify root; CSP tweaks. |
| links-website/index.html | New links hub page with TR/EN language toggle, team cards, and subdomain links. |
| links-website/qr-links.svg | QR SVG asset for the links hub. |
| landing-website/src/index.css | Add TR-locale casing workaround for English uppercase text. |
| landing-website/src/App.tsx | Add amispoof + spoof-detector links; set lang="en" for uppercase English tagline. |
| landing-website/public/download.html | Add cross-site nav links (Widget/amispoof/Status). |
| infra/traefik/README.md | Document “vendored reference” workflow and XFF hardening rationale. |
| infra/traefik/config/traefik.yml | Traefik static config including forwardedHeaders hardening and access logs. |
| infra/traefik/config/dynamic.yml | Traefik dynamic routers/middlewares incl. redirects, admin gating, headers, rate limiting. |
| docs-site/nginx.conf | Nginx SPA config with /health endpoint and gzip enabled. |
| docs-site/Dockerfile | Nginx image for docs-site. |
| docs-site/docker-compose.prod.yml | Traefik-labeled production compose for docs-site container. |
| docs-site/html/index.html | Docs landing page (cards + quickstart + suite-bar). |
| docs-site/html/identity/index.html | Identity API Swagger UI page + fallback endpoint listing. |
| docs-site/html/identity/openapi.json | Identity OpenAPI spec shipped with the static docs. |
| docs-site/html/biometric/index.html | Biometric API Swagger UI page. |
| docs-site/html/biometric/openapi.json | Biometric OpenAPI spec shipped with the static docs. |
| docs-site/html/robots.txt | Robots + sitemap for docs site. |
| docs-site/html/sitemap.xml | Sitemap for docs site. |
| docs-site/html/sdk/index.html | Widget SDK documentation page. |
| CLAUDE.md | Update deployment notes and surface list (amispoof subdomain + deploy commands). |
| bys-demo/index.html | Replace placeholder utility links with suite navigation. |
| bys-demo/dashboard.html | Add suite-bar cross-site navigation. |
| bys-demo/callback.html | Add suite-bar cross-site navigation. |
| bys-demo/test-elements.html | Add suite-bar cross-site navigation. |
| archive/2026-05/plans/PHASE_4_PRODUCTIZATION_PLAN_2026-05-11.md | New archived Phase 4 productization plan document. |
| archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md | New operator runbook/checklist document for infra/security items. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <div id="fallback" style="display: none;"> | ||
| <div class="fallback-message"> | ||
| <h2>Identity Core API Reference</h2> | ||
| <p>The OpenAPI specification is available for authenticated users. Below is a summary of all available endpoints.</p> |
Comment on lines
+25
to
+33
| * Force English-locale casing on any uppercase'd English text in | ||
| * Turkish-mode pages. CSS text-transform uses the html lang attribute | ||
| * to pick casing rules — Turkish maps lowercase "i" to "İ" (dotted | ||
| * capital), so "identity" becomes "İDENTİTY" even though the source | ||
| * text is English. Marking the element `lang="en"` solves it cleanly. | ||
| * | ||
| * Belt-and-braces: also force the codepoints below to render with | ||
| * Latin small/capital "I" inside English-attributed nodes regardless | ||
| * of which font fallback the browser picks. |
| - "traefik.http.routers.fivucsas-docs.tls.certresolver=letsencrypt" | ||
| - "traefik.http.services.fivucsas-docs.loadbalancer.server.port=80" | ||
| healthcheck: | ||
| test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://127.0.0.1:80/ || exit 1"] |
…cs-site, verify-widget) Poster suite: POSTER_BRIEF.md + landing-website/public/poster/ (viewer, brief, presentation script, assets) + poster/ design brief + script + assets + 4 style variants (showcase/visual). bys-demo / docs-site / verify-widget: complete the TR/EN language switcher + data-tr/data-en i18n (matches the links-hub pattern; toggles <html lang> so locale-aware uppercasing is correct). Deliberately EXCLUDES node_modules/ and the WIP submodule pointer bumps (biometric-processor / identity-core-api / web-app fix branches; web-app is -dirty) so no WIP submodule state ships to master. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…commands Status carry-forward for the links hub / poster / attribution / i18n work; add links-website/ to Repository Structure; add links-hub + poster-regeneration deploy commands; note api.fivucsas.com gate behavior (401 root / 403 swagger / 200 OIDC discovery). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 28, 2026
Low-risk doc/config polish for items Copilot flagged on PR #67 (and PR #69 where those files reached master). No behavior change to running services; the only executable change is a more-robust docs-site healthcheck path. - archive/.../OPERATOR_ACTIONS_2026-05-12.md: - redact partial live secret (API_KEY_SECRET=fcb06b7… → <redacted>) - main update: normal fast-forward `git push origin master:main`, reserve --force-with-lease for documented recovery only - add LOW to the severity legend (items 9-11 use it) - make item-count self-reference consistent (states 11; notes five→11 growth) - grammar: "a deliberately misuse" → "a deliberate misuse" - docs-site/html/identity/index.html: fallback copy now says the OpenAPI spec is publicly available at /identity/openapi.json (it ships public) - landing-website/src/index.css: comment now accurately describes the locale-aware :lang(en) uppercasing; drop the false belt-and-braces / codepoint-forcing claim and the duplicate text-transform line - docs-site/docker-compose.prod.yml: healthcheck probes /health (the dedicated nginx endpoint) instead of / - infra/traefik/README.md: add a Traefik-config dry-run validate step (compose config only validates the Compose file) and note access logs go to /var/log/traefik/access.log per accessLog.filePath, not stdout Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 28, 2026
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 31, 2026
…5-31) (#107) Concurrent 4-repo read-only audit (api/web/bio/spoof) against SOLID/DRY/YAGNI/ KISS/clean-code/design-patterns, focused on hardcoded strings + sloppy impls. Prioritized P1/P2/P3 backlog with file:line evidence + a remediation order. Already fixed this session: amispoof UNCERTAIN tri-state (spoof #69). Captures the amispoof runtime regressions (flash branch unmerged; replay-passes-as-live Nyquist+planarity) as DECISION-NEEDED items. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 31, 2026
…5-31) (#112) api: SMS-OTP prefix constant + dead authz service removed + email-token log dropped (#171). web: dead userEnrollment feature deleted, useCamera relocated (#146); dashboard chip (#145). spoof: amispoof single-source weight badges (#70) + UNCERTAIN tri-state (#69). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Integrates the
fix/2026-05-12-bake-mini-fasnet-modelsworking branch intomaster— 41 commits, ~+7,831 / −14 across 35 files. Combines today's links-hub / poster / attribution work with the accumulated 2026-05-12 branch work (docs-site, Traefik, amispoof subdomain migration, cross-site nav, operator actions).What's included
Links hub (
links.fivucsas.com) — newlinks-website/static hub (+ QR assets)./swagger-ui.html(was the raw API root → bare401) with agated/kısıtlıbadge + tooltip — Swagger is admin-IP gated (operator / VPN / Marmara campus).lang="tr"was İ-mangling Latinivia locale-awaretext-transform:uppercase); de-mixed the Grafana tooltip.Poster (
fivucsas.com/poster/)marun.edu.tracademic emails +github.com/aysegulsum.Attribution (submodule bumps)
spoof-detector+practice-and-test: confirm Ayşe Gülsüm Eren's GitHub@aysegulsum+ academic email across AUTHORS / ATTRIBUTION / research / iBeta docs. Forensic git-author records (real commit emails) left intact.Prior 2026-05-12 branch work
amispoof.fivucsas.com(301 from old path), proctoring phases A–D, SEO, replay fixes, paper updates (many pointer bumps).verify.fivucsas.comroot.OPERATOR_ACTIONS_2026-05-12.md+ bio submodule bump.Notes
fix/2026-05-12-infra-hygiene); this is the direct-to-masterpath and shares the same head branch.bys-demoedits) are NOT part of this PR.🤖 Generated with Claude Code