fieldwitness

alee/fieldwitness

Fork 0

Commit Graph

Author	SHA1	Message	Date
Aaron D. Lee	490f9d4a1d	Rebrand SooSeF to FieldWitness Complete project rebrand for better positioning in the press freedom and digital security space. FieldWitness communicates both field deployment and evidence testimony — appropriate for the target audience of journalists, NGOs, and human rights organizations. Rename mapping: - soosef → fieldwitness (package, CLI, all imports) - soosef.stegasoo → fieldwitness.stego - soosef.verisoo → fieldwitness.attest - ~/.soosef/ → ~/.fwmetadata/ (innocuous data dir name) - SOOSEF_DATA_DIR → FIELDWITNESS_DATA_DIR - SoosefConfig → FieldWitnessConfig - SoosefError → FieldWitnessError Also includes: - License switch from MIT to GPL-3.0 - C2PA bridge module (Phase 0-2 MVP): cert.py, export.py, vendor_assertions.py - README repositioned to lead with provenance/federation, stego backgrounded - Threat model skeleton at docs/security/threat-model.md - Planning docs: docs/planning/c2pa-integration.md, docs/planning/gtm-feasibility.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-02 15:05:13 -04:00
Aaron D. Lee	496198d49a	Add three-tier deployment infrastructure Some checks failed CI / lint (push) Failing after 55s Details CI / typecheck (push) Failing after 31s Details Platform pivot from Raspberry Pi to three-tier model: - Tier 1: Bootable Debian Live USB for field reporters - Tier 2: Docker/K8s org server for newsrooms - Tier 3: Docker/K8s federation relay for VPS Tier 1 — Live USB (deploy/live-usb/): - build.sh: live-build based image builder for amd64 - Package list: Python + system deps + minimal GUI (openbox + Firefox) - Install hook: creates venv, pip installs soosef[web,cli,attest,...] - Hardening hook: disable swap/coredumps, UFW, auto-login to web UI - systemd service with security hardening (NoNewPrivileges, ProtectSystem) - Auto-opens Firefox kiosk to http://127.0.0.1:5000 on boot Tier 2+3 — Docker (deploy/docker/): - Multi-stage Dockerfile with two targets: - server: full web UI + stego + attestation + federation (Tier 2) - relay: lightweight FastAPI attestation API only (Tier 3) - docker-compose.yml with both services and persistent volumes - .dockerignore for clean builds Kubernetes (deploy/kubernetes/): - namespace.yaml, server-deployment.yaml, relay-deployment.yaml - PVCs, services, health checks, resource limits - Single-writer strategy (Recreate, not RollingUpdate) for SQLite safety - README with architecture diagram and deployment instructions Config presets (deploy/config-presets/): - low-threat.json: press freedom country (no killswitch, 30min sessions) - medium-threat.json: restricted press (48h deadman, USB monitoring) - high-threat.json: conflict zone (12h deadman, tamper monitoring, 5min sessions) - critical-threat.json: targeted surveillance (127.0.0.1 only, 6h deadman, 3min sessions) Deployment guide rewritten for three-tier model with RPi as legacy appendix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-01 22:52:38 -04:00

Author

SHA1

Message

Date

Aaron D. Lee

490f9d4a1d

Rebrand SooSeF to FieldWitness

Complete project rebrand for better positioning in the press freedom
and digital security space. FieldWitness communicates both field
deployment and evidence testimony — appropriate for the target audience
of journalists, NGOs, and human rights organizations.

Rename mapping:
- soosef → fieldwitness (package, CLI, all imports)
- soosef.stegasoo → fieldwitness.stego
- soosef.verisoo → fieldwitness.attest
- ~/.soosef/ → ~/.fwmetadata/ (innocuous data dir name)
- SOOSEF_DATA_DIR → FIELDWITNESS_DATA_DIR
- SoosefConfig → FieldWitnessConfig
- SoosefError → FieldWitnessError

Also includes:
- License switch from MIT to GPL-3.0
- C2PA bridge module (Phase 0-2 MVP): cert.py, export.py, vendor_assertions.py
- README repositioned to lead with provenance/federation, stego backgrounded
- Threat model skeleton at docs/security/threat-model.md
- Planning docs: docs/planning/c2pa-integration.md, docs/planning/gtm-feasibility.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-02 15:05:13 -04:00

Aaron D. Lee

496198d49a

Add three-tier deployment infrastructure

CI / lint (push) Failing after 55s

Details

CI / typecheck (push) Failing after 31s

Details

Platform pivot from Raspberry Pi to three-tier model:
- Tier 1: Bootable Debian Live USB for field reporters
- Tier 2: Docker/K8s org server for newsrooms
- Tier 3: Docker/K8s federation relay for VPS

Tier 1 — Live USB (deploy/live-usb/):
- build.sh: live-build based image builder for amd64
- Package list: Python + system deps + minimal GUI (openbox + Firefox)
- Install hook: creates venv, pip installs soosef[web,cli,attest,...]
- Hardening hook: disable swap/coredumps, UFW, auto-login to web UI
- systemd service with security hardening (NoNewPrivileges, ProtectSystem)
- Auto-opens Firefox kiosk to http://127.0.0.1:5000 on boot

Tier 2+3 — Docker (deploy/docker/):
- Multi-stage Dockerfile with two targets:
  - server: full web UI + stego + attestation + federation (Tier 2)
  - relay: lightweight FastAPI attestation API only (Tier 3)
- docker-compose.yml with both services and persistent volumes
- .dockerignore for clean builds

Kubernetes (deploy/kubernetes/):
- namespace.yaml, server-deployment.yaml, relay-deployment.yaml
- PVCs, services, health checks, resource limits
- Single-writer strategy (Recreate, not RollingUpdate) for SQLite safety
- README with architecture diagram and deployment instructions

Config presets (deploy/config-presets/):
- low-threat.json: press freedom country (no killswitch, 30min sessions)
- medium-threat.json: restricted press (48h deadman, USB monitoring)
- high-threat.json: conflict zone (12h deadman, tamper monitoring, 5min sessions)
- critical-threat.json: targeted surveillance (127.0.0.1 only, 6h deadman, 3min sessions)

Deployment guide rewritten for three-tier model with RPi as legacy appendix.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-01 22:52:38 -04:00

2 Commits