Skip to content

Implement cost-optimized bootstrap-ready ASL biometric system#3

Draft
pinkycollie with Copilot wants to merge 3 commits into
mainfrom
copilot/implement-cost-optimized-biometrics
Draft

Implement cost-optimized bootstrap-ready ASL biometric system#3
pinkycollie with Copilot wants to merge 3 commits into
mainfrom
copilot/implement-cost-optimized-biometrics

Conversation

Copilot AI commented Nov 30, 2025

Copy link
Copy Markdown
Contributor

Adds ASL-based biometric identity verification for telehealth, optimized for free-tier cloud deployment (Vercel, Supabase, Railway).

ASL Biometrics Service (services/asl-biometrics/)

  • Hand Motion Detection - Server-side validation of client-submitted MediaPipe hand landmarks
  • Identity Matching - Feature-based pattern comparison with configurable thresholds via BIOMETRIC_VERIFICATION_THRESHOLD
  • Motion Analysis - Gesture recognition for verification challenges (YES, HELLO, THANK_YOU, etc.)
  • Telehealth Verification - Session management, enrollment, and verification workflows

Free-Tier Deployment (configs/deployment/free-tier/)

  • Vercel serverless config
  • Railway deployment manifest
  • Supabase schema with RLS policies
  • Uptime Robot monitoring setup

Legal Templates (legal/)

  • Privacy policy template (HIPAA/GDPR aligned)
  • Biometric data protection agreement

Security

  • Rate limiting on /verify and /enroll endpoints (10 req/min per IP+session)
  • In-memory rate limiter for MVP; production should use Redis
// Client sends MediaPipe landmarks, server validates and matches
POST /api/telehealth/session/:id/verify
{
  "motionSequence": {
    "sessionId": "uuid",
    "frames": [{ "timestamp": 123, "handedness": "right", "landmarks": [...], "confidence": 0.95 }],
    "captureStartTime": 123,
    "captureEndTime": 456
  }
}

Lean dependencies: express, cors, helmet, sharp, zod, uuid. No cloud AI costs—detection runs client-side via MediaPipe.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com//advisories
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Implement a cost-optimized bootstrap-ready ASL biometric system as part of the DEAF-FIRST-PLATFORM repository. The key objectives for this implementation include:

  1. Lean and Cost Effective Stack

    • Optimize the stack to include only essential dependencies for ASL biometrics and consider free alternatives wherever possible.
  2. Free Cloud Deployment Strategy

    • Set up development and deployment configurations, utilizing free tiers of services such as Vercel, Supabase, Railway, and Uptime Robot.
  3. Bootstrap Components

    • Develop minimal functionalities, such as simple hand motion detection, basic identity matching, and basic motion analysis.
  4. Minimal Legal Compliance Setup

    • Use free creative commons templates for generating privacy policies and data protection agreements.
  5. Lean Backend Integration

    • Create an easily deployable telehealth demo with scalable APIs using only cost-minimized libraries (e.g., fluent-ffmpeg, sharp, tesseract.js, etc.).
  6. Launch Modules to Focus
    Telehealth Verification contextual targeting initialization. Components specific to healthcare, ready for MVP on smaller services.

This pull request was created as a result of the following prompt from Copilot chat.

Implement a cost-optimized bootstrap-ready ASL biometric system as part of the DEAF-FIRST-PLATFORM repository. The key objectives for this implementation include:

  1. Lean and Cost Effective Stack

    • Optimize the stack to include only essential dependencies for ASL biometrics and consider free alternatives wherever possible.
  2. Free Cloud Deployment Strategy

    • Set up development and deployment configurations, utilizing free tiers of services such as Vercel, Supabase, Railway, and Uptime Robot.
  3. Bootstrap Components

    • Develop minimal functionalities, such as simple hand motion detection, basic identity matching, and basic motion analysis.
  4. Minimal Legal Compliance Setup

    • Use free creative commons templates for generating privacy policies and data protection agreements.
  5. Lean Backend Integration

    • Create an easily deployable telehealth demo with scalable APIs using only cost-minimized libraries (e.g., fluent-ffmpeg, sharp, tesseract.js, etc.).
  6. Launch Modules to Focus
    Telehealth Verification contextual targeting initialization. Components specific to healthcare, ready for MVP on smaller services.


✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Comment thread services/asl-biometrics/src/index.ts Fixed
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Comment on lines +187 to +208
app.post('/api/telehealth/session/:sessionId/verify', rateLimitMiddleware, async (req, res) => {
try {
const { sessionId } = req.params;
const { motionSequence } = req.body;

if (!motionSequence) {
return res.status(400).json({
success: false,
error: 'motionSequence is required',
});
}

const result = await verifyPatientIdentity(sessionId, motionSequence);
res.json(result);
} catch (error) {
console.error('Verification error:', error);
res.status(500).json({
success: false,
error: 'Failed to verify identity',
});
}
});

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.

Copilot Autofix

AI 7 months ago

To properly rate-limit the authorization (verify identity) and enrollment endpoints, we should use a proven rate-limiting middleware such as express-rate-limit. We need to import express-rate-limit, define a suitable limiter instance that governs how many requests can be made to these endpoints within a given time window, and replace or add the rateLimitMiddleware reference to use it. The code block should also show the initialization of the limiter before route definitions, and apply it directly to the sensitive endpoints (enroll and verify). Specifically, add the following to services/asl-biometrics/src/index.ts:

  • Import the express-rate-limit package.
  • Define a limiter instance (e.g., 100 requests per 15 minutes, or a stricter limit as appropriate for biometric operations).
  • Remove/replace the placeholder rateLimitMiddleware with the new limiter in the route definitions.

Suggested changeset 2
services/asl-biometrics/src/index.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/services/asl-biometrics/src/index.ts b/services/asl-biometrics/src/index.ts
--- a/services/asl-biometrics/src/index.ts
+++ b/services/asl-biometrics/src/index.ts
@@ -9,7 +9,7 @@
 import cors from 'cors';
 import helmet from 'helmet';
 import dotenv from 'dotenv';
-
+import rateLimit from 'express-rate-limit';
 import { MotionSequenceSchema } from './modules/hand-motion-detection.js';
 import { getUserProfile, deleteUserBiometrics } from './modules/identity-matching.js';
 import { generateVerificationChallenge, analyzeGesture } from './modules/motion-analysis.js';
@@ -26,6 +26,16 @@
 
 dotenv.config();
 
+
+// Rate limiter for sensitive endpoints (biometrics and verification)
+const rateLimitMiddleware = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 20, // max 20 requests per windowMs per IP (adjust as appropriate)
+  message: {
+    success: false,
+    error: 'Too many requests, please try again later.'
+  },
+});
 const app = express();
 const PORT = process.env.ASL_BIOMETRICS_PORT || 3007;
 
EOF
@@ -9,7 +9,7 @@
import cors from 'cors';
import helmet from 'helmet';
import dotenv from 'dotenv';

import rateLimit from 'express-rate-limit';
import { MotionSequenceSchema } from './modules/hand-motion-detection.js';
import { getUserProfile, deleteUserBiometrics } from './modules/identity-matching.js';
import { generateVerificationChallenge, analyzeGesture } from './modules/motion-analysis.js';
@@ -26,6 +26,16 @@

dotenv.config();


// Rate limiter for sensitive endpoints (biometrics and verification)
const rateLimitMiddleware = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 20, // max 20 requests per windowMs per IP (adjust as appropriate)
message: {
success: false,
error: 'Too many requests, please try again later.'
},
});
const app = express();
const PORT = process.env.ASL_BIOMETRICS_PORT || 3007;

services/asl-biometrics/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/services/asl-biometrics/package.json b/services/asl-biometrics/package.json
--- a/services/asl-biometrics/package.json
+++ b/services/asl-biometrics/package.json
@@ -20,7 +20,8 @@
     "dotenv": "^16.4.5",
     "sharp": "^0.33.5",
     "zod": "^3.23.8",
-    "uuid": "^9.0.0"
+    "uuid": "^9.0.0",
+    "express-rate-limit": "^8.2.1"
   },
   "devDependencies": {
     "@types/express": "^5.0.0",
EOF
@@ -20,7 +20,8 @@
"dotenv": "^16.4.5",
"sharp": "^0.33.5",
"zod": "^3.23.8",
"uuid": "^9.0.0"
"uuid": "^9.0.0",
"express-rate-limit": "^8.2.1"
},
"devDependencies": {
"@types/express": "^5.0.0",
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 8.2.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Copilot AI changed the title [WIP] Implement cost-optimized ASL biometric system Implement cost-optimized bootstrap-ready ASL biometric system Nov 30, 2025
Copilot AI requested a review from pinkycollie November 30, 2025 05:09
@pinkycollie pinkycollie removed their request for review November 30, 2025 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants