Skip to content

docs: reflect client-side Facenet512 embedding in prose (Phase-1C truth sweep)#23

Merged
ahmetabdullahgultekin merged 1 commit into
mainfrom
sp-phase1c-content-sweep
Jun 12, 2026
Merged

docs: reflect client-side Facenet512 embedding in prose (Phase-1C truth sweep)#23
ahmetabdullahgultekin merged 1 commit into
mainfrom
sp-phase1c-content-sweep

Conversation

@ahmetabdullahgultekin

Copy link
Copy Markdown
Contributor

Phase-1C content sweep — docs-book PROSE

Companion to SP-G PR #22 (which landed the client-side-embedding + puzzle-as-layer diagram pages and CLIENT_SIDE_ML_PLAN v3.0). This sweep updates the remaining architecture prose so the narrative matches.

Changes

  • 02-architecture/BIOMETRIC_ENGINE_ARCHITECTURE.mdEmbeddingComputer is now Facenet512 ONNX (was MobileFaceNet / 'geometry-512 landmark fallback'). The client-side path (flag app.auth.client-side-embedding, default OFF) computes the authoritative Facenet512 embedding in the browser and uploads only the 512-d vector; the server keeps the image→Facenet512 fallback and owns match + liveness verdict + decision.
  • adr/0004-facenet512-server-authoritative.md — amendment note (2026-06-11). The encoder choice (Facenet512, 512-d, cosine) is unchanged; the new client-side path computes that same embedding in-browser and is authoritative when the flag is ON. Corrects the old 'client embedding is a different model/shape, never compared against face_embeddings' — true of the old geometry-512 pre-filter (ADR 0003), not the new client Facenet512.
  • 09-auth-flows/01-PLATFORM_CAPABILITY_MATRIX.md (Face Recognition) — documents both the legacy image-upload path and the client-side-embedding path (data minimization: only the 512-d vector uploaded, raw image never leaves the device); anti-spoofing names the active Biometric Puzzle (randomized, server re-scored).

Honesty

Data-minimization framing throughout (derived, non-invertible 512-d embedding over TLS, Fernet at rest) — not 'biometric data never leaves the device'. No certification overclaim, no real-customer language, puzzle kept as the active anti-spoof mechanism under FACE (not promoted to a standalone factor — SP-B not yet shipped; honours the canonical 10-methods rule). Diagram pages unchanged (already correct via #22).

…th sweep)

Align the remaining architecture prose with the SP-G client-side-embedding
truth already landed in the diagram pages (PR #22) and CLIENT_SIDE_ML_PLAN v3.0.

- BIOMETRIC_ENGINE_ARCHITECTURE: EmbeddingComputer is Facenet512 ONNX (was
  labelled MobileFaceNet / geometry-512 fallback). The client-side path
  (flag app.auth.client-side-embedding, default OFF) computes the
  authoritative Facenet512 embedding in the browser and uploads only the
  512-d vector; raw image never leaves the device; server keeps the
  image->Facenet512 fallback and owns match + liveness verdict + decision.
- ADR 0004: add a 2026-06-11 amendment. Encoder (Facenet512, 512-d, cosine)
  unchanged; the new client-side path computes that SAME embedding in-browser
  and is authoritative when the flag is ON. Corrects the old 'client embedding
  is a different model/shape, never compared against face_embeddings' (true of
  the old geometry-512 pre-filter, NOT the new client Facenet512).
- PLATFORM_CAPABILITY_MATRIX (Face Recognition): document both the legacy
  image-upload path and the client-side-embedding path (data minimization:
  only the 512-d vector uploaded); anti-spoofing names the active Biometric
  Puzzle (randomized, server re-scored). Server remains authoritative for the
  match + liveness verdict + accept/reject in every case.

Honest framing throughout: data minimization (derived non-invertible 512-d
embedding over TLS, Fernet at rest), NOT 'biometric data never leaves the
device'.
@ahmetabdullahgultekin ahmetabdullahgultekin merged commit aa671bf into main Jun 12, 2026
5 checks passed
@ahmetabdullahgultekin ahmetabdullahgultekin deleted the sp-phase1c-content-sweep branch June 12, 2026 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant