alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16318daea3
fieldwitness/deploy/kubernetes
History
Aaron D. Lee 490f9d4a1d Rebrand SooSeF to FieldWitness 
Complete project rebrand for better positioning in the press freedom
and digital security space. FieldWitness communicates both field
deployment and evidence testimony — appropriate for the target audience
of journalists, NGOs, and human rights organizations.

Rename mapping:
- soosef → fieldwitness (package, CLI, all imports)
- soosef.stegasoo → fieldwitness.stego
- soosef.verisoo → fieldwitness.attest
- ~/.soosef/ → ~/.fwmetadata/ (innocuous data dir name)
- SOOSEF_DATA_DIR → FIELDWITNESS_DATA_DIR
- SoosefConfig → FieldWitnessConfig
- SoosefError → FieldWitnessError

Also includes:
- License switch from MIT to GPL-3.0
- C2PA bridge module (Phase 0-2 MVP): cert.py, export.py, vendor_assertions.py
- README repositioned to lead with provenance/federation, stego backgrounded
- Threat model skeleton at docs/security/threat-model.md
- Planning docs: docs/planning/c2pa-integration.md, docs/planning/gtm-feasibility.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 15:05:13 -04:00
..
namespace.yaml Rebrand SooSeF to FieldWitness 2026-04-02 15:05:13 -04:00
README.md Rebrand SooSeF to FieldWitness 2026-04-02 15:05:13 -04:00
relay-deployment.yaml Rebrand SooSeF to FieldWitness 2026-04-02 15:05:13 -04:00
server-deployment.yaml Rebrand SooSeF to FieldWitness 2026-04-02 15:05:13 -04:00

README.md

FieldWitness Kubernetes Deployment

Architecture

                Field Devices (Tier 1)
                (Bootable USB + laptop)
                        |
                        | LAN / sneakernet
                        v
            ┌───────────────────────┐
            │  Org Server (Tier 2)  │  <-- server-deployment.yaml
            │  Full web UI + stego  │
            │  + attestation + fed  │
            │  Newsroom mini PC     │
            └───────────┬───────────┘
                        |
                        | gossip / federation API
                        v
            ┌───────────────────────┐
            │  Fed Relay (Tier 3)   │  <-- relay-deployment.yaml
            │  Attestation API only │
            │  VPS (Iceland, CH)    │
            │  Zero key knowledge   │
            └───────────────────────┘

Quick Start

# Build images
docker build -t fieldwitness-server --target server -f deploy/docker/Dockerfile .
docker build -t fieldwitness-relay --target relay -f deploy/docker/Dockerfile .

# Deploy to Kubernetes
kubectl apply -f deploy/kubernetes/namespace.yaml
kubectl apply -f deploy/kubernetes/server-deployment.yaml
kubectl apply -f deploy/kubernetes/relay-deployment.yaml

Notes

  • Single writer: Both deployments use replicas: 1 with Recreate strategy. FieldWitness uses SQLite and append-only binary logs that require single-writer access. Do not scale horizontally.
  • PVCs: Both deployments require persistent volumes. The server needs 10Gi, the relay needs 5Gi. Adjust based on expected attestation volume.
  • Security: The relay stores only attestation records (image hashes + signatures). It never sees encryption keys, plaintext messages, or original images. If the relay is seized, the attacker gets cryptographic hashes — nothing actionable.
  • Ingress: Not included. Configure your own ingress controller with TLS termination. The federation API should be TLS-encrypted in transit.