{"id":"c0150","filename":"c0150_genesis_sso_master_plan_za_cc.dok.json","weise3_id":"WEISE3::c0150::genesis_sso_master_plan::CC_EXECUTOR::FENIX2026","tip":"PLAN_ZA_CC","naziv":"Genesis SSO Master Plan — P1-P5 + 3 FUTURE + BORG 5-Node + no-limit.world elevacija","kreator":"Ivan + Claude (Sonnet 4.6) — sesija asimilirana","datum":"2026-05-08","snippet":"","status":"SPREMAN_ZA_IZVRSENJE","prev_weise3":"","bunker_l":"#00d4ff","full":{"weise3_id":"WEISE3::c0150::genesis_sso_master_plan::CC_EXECUTOR::FENIX2026","tip":"PLAN_ZA_CC","naziv":"Genesis SSO Master Plan — P1-P5 + 3 FUTURE + BORG 5-Node + no-limit.world elevacija","verzija":"1.0","datum":"2026-05-08","autor":"Ivan + Claude (Sonnet 4.6) — sesija asimilirana","status":"SPREMAN_ZA_IZVRSENJE","cc_executor":"PRAZNA_SESIJA","prioritet":"P0_KRITICNO","kontekst_za_cc":{"opis":"Ovo je kompletni, samodostatni plan koji CC (prazna sesija) može izvršiti bez pitanja. Svaki zadatak ima: što, gdje, kako, zašto. Slijedi redosljed — ne preskaći. Na kraju svake faze commitaj sa formatom: feat(genesis): opis","server":{"ip":"37.27.248.86","ssh":"ssh -p 2222 -i ~/.ssh/ivan_key root@37.27.248.86","mcp":"SSE https://limit-connect.com/mcp/sse — token u ~/.claude.json"},"projekti":{"genesis":"/var/www/genesis/ — FastAPI port 8010, python 3.13, .venv/","fenix_v3":"/var/www/fenix-v3/ — Django, port 8001, venv/","genesispos":"/var/www/genesispos.online/ — Django, port ?, static POS","genesislogin":"/var/www/genesislogin/ — nginx static, pwa/"},"kljucni_fajlovi":{"genesis_sso_views":"/var/www/fenix-v3/genesis_connect/views.py","genesis_client":"/var/www/fenix-v3/genesis_connect/client.py","genesis_middleware":"/var/www/fenix-v3/core/middleware/genesis_auth_middleware.py","webauthn_api":"/var/www/genesis/api/webauthn_auth.py","genesis_auth_api":"/var/www/genesis/api/genesis_auth.py","fluid_service":"/var/www/genesis/services/fluid.py","no_limit_models":"/var/www/fenix-v3/no_limit/models.py","no_limit_views":"/var/www/fenix-v3/no_limit/views.py","no_limit_urls":"/var/www/fenix-v3/no_limit/urls.py","genesis_models":"/var/www/fenix-v3/genesis_connect/models.py","genesislogin_nginx":"/etc/nginx/sites-available/genesislogin.conf","fenixv3_nginx":"/etc/nginx/sites-available/limit-connect.conf","genesispos_nginx":"/etc/nginx/sites-available/genesispos.conf"},"arhitektura_genesis_sso":{"genesis_server":"FastAPI na genesis.limit-connect.com — izdaje genesis_token, čuva u Redis DB4","redis_session":"genesis:session:{token} — TTL 3600s","fenix_v3_verify":"GenesisVerifyView dohvaća token → verify via client.py → Django session","platform_redirect_map":{"fenix-v3":"/hr/","sati-ink":"/dashboard/","digigraf":"/vozac/","genesispos":"/hr/pos/omega/","no-limit":"/no-limit/"},"tier_sustav":"native(30d) > trusted(7d) > standard(24h) — WebAuthn daje native","anomaly_detection":">10 failed tokens iz istog IP → VATRA alarm → Ivan WhatsApp"}},"matematika_borg_5_node":{"naslov":"BORG 5-Node Arhitektura — Matematika Otpornosti","filozofija":"Nevidljivi čvorovi ne mogu biti napadnuti. Samo Node 1 je javan. Ostali PULL.","trenutno_stanje":{"node1":"37.27.248.86 — JAVAN — svi servisi — DNS za sve domene","node2":"grosmarkt-online.eu/brsljani — PHP lite — već postoji — pull sync"},"predlozeni_plan_5_node":{"node3":"Hetzner CX11 — 2vCPU 2GB RAM 20GB — 3.29 EUR/mj — NEVIDLJIV","node4":"Hetzner CX11 — isti specs — 3.29 EUR/mj — NEVIDLJIV","node5":"Hetzner CX11 — isti specs — 3.29 EUR/mj — NEVIDLJIV"},"troskovi":{"trenutno":"0 EUR extra (Node 2 je besplatan hosting)","novo_3_noda":"9.87 EUR/mj (3x CX11)","ukupno_5_nodova":"~10 EUR/mj za 5x Hetzner (Node 1 već plaćen)","alternativa_dedicirani_no_limit":"Node 3 = no-limit.world dedicated VPS ~6 EUR/mj"},"topologija":{"node1_public":{"ip":"37.27.248.86","uloga":"JEDINI JAVNI NODE — frontend, API, nginx, Postgres master","domene_koje_pokazuju_na_njega":"limit-connect.com, genesis.limit-connect.com, sati.ink, fina-connect.online, digigraf.online, genesispos.online, genesislogin.online, no-limit.world","borg_health":"genesis.limit-connect.com/borg/health.json"},"node2_grosmarkt":{"url":"grosmarkt-online.eu/brsljani","uloga":"PHP lite gossip node — pull sync svakih 30min","vidljivost":"JAVNA DOMENA ali servis je na /brsljani/ putanji","sinkronizira":"DokArh chain (do 2000 dok/poziv)"},"node3_nevidljiv":{"uloga":"Postgres hot standby + DokArh replika + Celery worker","vidljivost":"BEZ DNS — IP samo Ivan zna — pristupu samo Node1 pull","sync_protokol":"WAL streaming iz Node1 Postgres + BORG pull health.json svakih 30s","borg_health":"http://{PRIVATE_IP}:9999/borg/health.json — samo Node1 smije čitati"},"node4_nevidljiv":{"uloga":"Cold DokArh backup + Shamir dionica 4 + FLUID F4 backup","vidljivost":"BEZ DNS — PULL only — čita Node1 health, ne piše ništa","sync_protokol":"BORG ZAKON 17 — samo GET tuđeg health.json — nikad push"},"node5_nevidljiv":{"uloga":"no-limit.world dedicated node — member portal, ambassadors, Genesis ID","vidljivost":"BEZ JAVNOG DNS osim no-limit.world koji pokazuje na Node1 nginx proxy","arhitektura":"Node1 nginx → proxy_pass Node5:8020 — Node5 nikad direktno dostupan","posebnost":"Genesis member data = DokArh chain entries zaštićeni BELA + BunkerSeal + FLUID"}},"matematika_otpornosti":{"pretpostavka":"Svaki čvor ima 99.9% uptime (0.1% downtime = 8.76h/god)","P_jedan_pada":0.001,"P_dva_padaju_istovremeno":"0.001^2 = 10^-6 (jednom u 1000 godina)","P_tri_padaju_istovremeno":"0.001^3 = 10^-9 (jednom u 10^9 dana = nikad u praksi)","P_svi_5_padaju_istovremeno":"0.001^5 = 10^-15 (manje od toplinske fluktuacije svemira)","raspored_podataka":{"postgres_master":"Node1 (jedini write)","postgres_hot_standby":"Node3 (async WAL, 0-delay failover)","dokarh_chain_puna_kopija":["Node1","Node2","Node3"],"dokarh_chain_cold_backup":["Node4"],"shamir_dionice":{"dionica_1":"Redis Node1 — genesis:shamir:{id}:1","dionica_2":"Redis Node1 — genesis:shamir:{id}:2","dionica_3":"Redis Node1 — genesis:shamir:{id}:3","dionica_4":"Node4 cold storage — encrypted","dionica_5":"Node5 member portal storage — encrypted","rekonstrukcija":"3-of-5 dovoljan — Node1 ima 1-3, Node4 ima 4, Node5 ima 5"}},"scenariji_napada":{"ddos_na_node1":"Node3 preuzima read traffic, Node1 samo API — nginx rate limit + Cloudflare","kompromitacija_node1":"Attacker dobiva Node1 ali NE Shamir dionice 4+5 — FLUID recoverable","fizicka_konfiskacija_node1":"Node3 hot standby preuzima, Ivan mijenja DNS za 5 min, Node4+5 imaju backup","node1_i_node3_istovremeno":"P=10^-6, Node2 i Node4 imaju DokArh, Node5 ima member data"},"zakljucak":"5 čvorova gdje su 4 NEVIDLJIVI za internet = arhitektura kojoj ne možeš naći napadnu površinu. Jedini vektor je Node1 — koji je hardened, rate-limited, anomaly-detected. Cijena: 10 EUR/mj. Vrijednost: matematička besmrtnost podataka."}},"zadaci_za_cc":[{"id":"P1","naziv":"WebAuthn Native Tier — Verifikacija i Test","prioritet":"VISOK","trajanje_procjena":"2h","kontekst":"webauthn_auth.py POSTOJI na /var/www/genesis/api/webauthn_auth.py (296 linija). Već je includean u main.py router. Treba provjeriti radi li end-to-end i da fenix-v3 login template ima biometric gumb.","koraci":[{"korak":1,"sto":"Provjeri postoji li webauthn_auth.py i je li u main.py","cmd":"cat /var/www/genesis/api/webauthn_auth.py | head -30 && grep -n 'webauthn' /var/www/genesis/main.py"},{"korak":2,"sto":"Provjeri koji endpoints postoje","cmd":"grep -n 'router' /var/www/genesis/api/webauthn_auth.py | head -20"},{"korak":3,"sto":"Provjeri fenix-v3 login template ima li genesis login opciju","cmd":"find /var/www/fenix-v3 -name 'login*.html' | xargs grep -l 'genesis\\|biometric\\|webauthn' 2>/dev/null"},{"korak":4,"sto":"Provjeri genesis_connect URLs postoje li u fenix-v3 urls.py","cmd":"grep -rn 'genesis_connect\\|genesis/verify' /var/www/fenix-v3/fenix_v3/urls.py"},{"korak":5,"sto":"Ako login template nema genesis gumb — dodaj ga. Traži
za login i dodaj iznad gumb","gdje":"/var/www/fenix-v3/templates/registration/login.html","sto_dodati":"Gumb: 🔐 Prijava s Genesis ID-om","napomena":"Možda postoji već — provjeri prije pisanja"},{"korak":6,"sto":"Test: cURL genesis WebAuthn register options","cmd":"curl -s -X POST https://genesis.limit-connect.com/api/v1/webauthn/register/options -H 'Content-Type: application/json' -d '{\"weise3_id\": \"test_cc_p1_001\"}' | python3 -m json.tool | head -20"},{"korak":7,"sto":"Ako test uspije → P1 DONE. Ako 404 → provjeri main.py router include","napomena":"Trebao bi vratiti challenge, rpId, attestation options"}],"definicija_gotovo":"curl na /webauthn/register/options vraća 200 s challenge poljem. Login template ima genesis gumb. Commit: feat(genesis): P1 WebAuthn endpoints verified + login button"},{"id":"P2","naziv":"sati.ink — Genesis Login Gumb","prioritet":"VISOK","trajanje_procjena":"1h","kontekst":"sati.ink je nginx proxy na fenix-v3 port 8001. genesis_auth_middleware.py je već aktivan u settings.py MIDDLEWARE. Treba samo UI gumb na sati.ink login stranici.","koraci":[{"korak":1,"sto":"Pronađi sati.ink login template","cmd":"find /var/www/fenix-v3 -name '*.html' | xargs grep -l 'sati\\|sat\\.ink' 2>/dev/null | head -5"},{"korak":2,"sto":"Provjeri koji template serviraju za sati.ink","cmd":"grep -rn 'sati_ink\\|sati\\.ink\\|satiink' /var/www/fenix-v3 --include='*.py' | grep -v '.pyc' | head -10"},{"korak":3,"sto":"Provjeri nginx za sati.ink koji je template/view","cmd":"cat /etc/nginx/sites-available/sati-ink.conf 2>/dev/null || cat /etc/nginx/sites-enabled/sati* 2>/dev/null | head -30"},{"korak":4,"sto":"U login template dodaj Genesis gumb — ispred ili umjesto standardnog login forma","html":"
🔐 Prijava s Genesis ID-om

Ili nastavi s e-mail prijavom:

","stilovi_boja":"sati.ink je zelena/moderna tema — genesis gumb može biti --color: #2e7d32"},{"korak":5,"sto":"Provjeri PLATFORM_REDIRECT ima 'sati-ink'","cmd":"grep -n 'sati' /var/www/fenix-v3/genesis_connect/views.py"},{"korak":6,"sto":"Test: otvori https://sati.ink/accounts/login/ i provjeri gumb vidljiv","test":"curl -s https://sati.ink/accounts/login/ | grep -i 'genesis\\|Genesis' | head -5"}],"definicija_gotovo":"sati.ink login stranica ima Genesis gumb. Klik ide na /genesis/login/?platform=sati-ink. Commit: feat(genesis): P2 sati.ink Genesis login button"},{"id":"P3","naziv":"genesispos.online — nginx /genesis/ Proxy","prioritet":"VISOK","trajanje_procjena":"30min","kontekst":"POS login template ima 20+ genesis referenci ali nginx config ne proksira /genesis/ putanju na fenix-v3. Rješenje: 2 location bloka u nginx.","koraci":[{"korak":1,"sto":"Provjeri trenutni nginx config za genesispos","cmd":"cat /etc/nginx/sites-available/genesispos.conf 2>/dev/null || ls /etc/nginx/sites-enabled/ && cat /etc/nginx/sites-enabled/genesispos* 2>/dev/null"},{"korak":2,"sto":"Dodaj location blokove za /genesis/ putanje","gdje":"/etc/nginx/sites-available/genesispos.conf","sto_dodati":"Unutar server{} bloka PRIJE existing location /:\n\n location /genesis/ {\n proxy_pass http://127.0.0.1:8001;\n proxy_set_header Host genesispos.online;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Platform genesispos;\n }\n\n location /accounts/ {\n proxy_pass http://127.0.0.1:8001;\n proxy_set_header Host genesispos.online;\n proxy_set_header X-Real-IP $remote_addr;\n }\n\n location /static/ {\n proxy_pass http://127.0.0.1:8001;\n }"},{"korak":3,"cmd":"nginx -t && systemctl reload nginx"},{"korak":4,"sto":"Provjeri da PLATFORM_REDIRECT ima 'genesispos'","cmd":"grep -n 'genesispos\\|pos' /var/www/fenix-v3/genesis_connect/views.py"},{"korak":5,"test":"curl -s -o /dev/null -w '%{http_code}' https://genesispos.online/genesis/login/","ocekivano":"200 ili 302 (ne 404)"}],"definicija_gotovo":"genesispos.online/genesis/login/ vraća 200 ili redirect. Commit: feat(genesis): P3 genesispos nginx /genesis/ proxy"},{"id":"P4","naziv":"digigraf.online — Standalone Genesis SSO Bridge","prioritet":"SREDNJI","trajanje_procjena":"3-4h","kontekst":"digigraf.online je Django app na fenix-v3 ali možda nema vlastiti login flow. Treba provjeriti architekturu i dodati Genesis SSO kao primarnu prijavu za vozače.","koraci":[{"korak":1,"sto":"Mapirati digigraf arhitekturu","cmd":"find /var/www/fenix-v3 -name '*.py' | xargs grep -l 'digigraf' 2>/dev/null | head -10"},{"korak":2,"cmd":"cat /etc/nginx/sites-available/digigraf.conf 2>/dev/null | head -40"},{"korak":3,"sto":"Pronađi digigraf login view i template","cmd":"find /var/www/fenix-v3 -path '*/digigraf*' -name '*.html' | head -10"},{"korak":4,"sto":"Provjeri genesis_connect views.py da li 'digigraf' postoji u PLATFORM_REDIRECT","cmd":"grep -n 'digigraf\\|vozac' /var/www/fenix-v3/genesis_connect/views.py"},{"korak":5,"sto":"Ako ne postoji — dodaj u PLATFORM_REDIRECT: 'digigraf': '/vozac/'","gdje":"/var/www/fenix-v3/genesis_connect/views.py","linija_za_edit":"Nađi PLATFORM_REDIRECT dict i dodaj entry"},{"korak":6,"sto":"Dodaj digigraf login template s Genesis kao primarnom opcijom","template":"/var/www/fenix-v3/templates/digigraf/login.html","sadrzaj":"Minimalan login page s Genesis gumbom kao PRIMARY i standardnim loginom kao fallback. Vozači ne koriste lozinke — koriste Genesis ID."},{"korak":7,"sto":"Dodaj nginx /genesis/ proxy na digigraf.conf (isti pattern kao P3)"}],"definicija_gotovo":"digigraf.online/genesis/login/ radi. Vozači se mogu prijaviti Genesis ID-om. Commit: feat(genesis): P4 digigraf Genesis SSO bridge"},{"id":"P5","naziv":"no-limit.world — Full Member/Ambassador Portal (KRUNICA ZRNO)","prioritet":"STRATESKI","trajanje_procjena":"6-8h","kontekst":"no-limit.world mora postati puna član-portal stranica. Prijava obavezna za članove i ambasadore. Podaci prijave postaju SEGMENT KLJUČA u FLUID sustavu — zrno Krunice, cigla Dvorca, zaštićena BELA + BunkerSeal + FLUID. Planirani kao Node5 u BORG arhitekturi.","arhitektura_no_limit_portal":{"NoLimitMember_model":"Novi Django model — ZAKON 27 trinity obavezna","genesis_id_link":"Svaki član ima GenesisIdentityLink — vezan za genesis.limit-connect.com","fluid_integration":"member.genesis_id + member.weise3_id + IP + timestamp → FLUID F7_KONTAKT sloj","dokarh_chain":"Svaki novi član/ambasador → .dok.json entry u schema_dokarh","bela_zastita":"Pristup member profilu kroz BELA membrana — shadow key ako pogrešan PIN","bunker_seal":"Ambasadorski podaci zapečaćeni BunkerSeal BPZ-9 L5"},"koraci":[{"korak":1,"sto":"Pročitaj postojeće no_limit modele","cmd":"cat /var/www/fenix-v3/no_limit/models.py"},{"korak":2,"sto":"Dodaj NoLimitMember model u no_limit/models.py","model_code":"class NoLimitMember(models.Model):\n \"\"\"\n Krunica zrno — svaki član je čvor u mreži.\n ZAKON 27: weise3_id + bunker_seal_id + created_at obavezni.\n \"\"\"\n # ZAKON 27 trinity\n weise3_id = models.CharField(max_length=64, blank=True, default='', db_index=True)\n bunker_seal_id = models.CharField(max_length=64, blank=True, default='', db_index=True)\n created_at = models.DateTimeField(auto_now_add=True, db_index=True)\n\n # Genesis SSO veza\n genesis_id = models.CharField(max_length=64, blank=True, default='', db_index=True)\n identity_link = models.ForeignKey('genesis_connect.GenesisIdentityLink', null=True, blank=True, on_delete=models.SET_NULL)\n\n # Profil\n user = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='nolimit_member')\n display_name = models.CharField(max_length=128, blank=True, default='')\n role = models.CharField(max_length=32, choices=[('member','Član'),('ambassador','Ambasador'),('founder','Osnivač')], default='member')\n country = models.CharField(max_length=64, blank=True, default='')\n bio = models.TextField(blank=True, default='')\n avatar_url = models.URLField(blank=True, default='')\n\n # FLUID segment\n fluid_segment = models.CharField(max_length=128, blank=True, default='', help_text='SHA3-256 fragment za FLUID F7 sloj')\n\n # Status\n is_active = models.BooleanField(default=True)\n tier = models.CharField(max_length=16, choices=[('standard','Standard'),('trusted','Trusted'),('native','Native')], default='standard')\n\n class Meta:\n ordering = ['-created_at']\n verbose_name = 'NO LIMIT Član'\n verbose_name_plural = 'NO LIMIT Članovi'\n\n def __str__(self):\n return f'{self.display_name} ({self.role}) — {self.genesis_id[:12]}...'\n\n def izracunaj_fluid_segment(self):\n \"\"\"Izračunaj FLUID F7 segment iz genesis_id + weise3_id + user.date_joined.\"\"\"\n import hashlib\n raw = f'NOLIMIT::{self.genesis_id}::{self.weise3_id}::{self.user.date_joined.isoformat()}::FENIX2026'\n return hashlib.sha3_256(raw.encode()).hexdigest()"},{"korak":3,"sto":"Dodaj genesis_id polje na AmbassadorApplication model (ZAKON 27 zahtijeva)","gdje":"/var/www/fenix-v3/no_limit/models.py","sto_dodati":"U class AmbassadorApplication dodaj tri ZAKON 27 polja:\n weise3_id = models.CharField(max_length=64, blank=True, default='', db_index=True)\n bunker_seal_id = models.CharField(max_length=64, blank=True, default='', db_index=True)\n genesis_id = models.CharField(max_length=64, blank=True, default='', db_index=True)"},{"korak":4,"sto":"Kreiraj i apliciraj migracije","cmd":"cd /var/www/fenix-v3 && venv/bin/python manage.py makemigrations no_limit && venv/bin/python manage.py migrate"},{"korak":5,"sto":"Dodaj member dashboard view u no_limit/views.py","view_code":"class NoLimitMemberDashboardView(LoginRequiredMixin, TemplateView):\n template_name = 'no_limit/member_dashboard.html'\n\n def get_context_data(self, **kwargs):\n ctx = super().get_context_data(**kwargs)\n try:\n ctx['member'] = self.request.user.nolimit_member\n except NoLimitMember.DoesNotExist:\n ctx['member'] = None\n ctx['genesis_identity'] = getattr(self.request, 'genesis_identity', None)\n return ctx\n\n\nclass NoLimitMemberRegisterView(LoginRequiredMixin, FormView):\n \"\"\"Kreiranje NoLimitMember profila za prijavljenog usera.\"\"\"\n template_name = 'no_limit/member_register.html'\n success_url = '/no-limit/member/dashboard/'\n\n def get(self, request, *args, **kwargs):\n if hasattr(request.user, 'nolimit_member'):\n return redirect(self.success_url)\n return super().get(request, *args, **kwargs)\n\n def form_valid(self, form):\n import hashlib\n genesis_id = getattr(self.request, 'genesis_identity', {}).get('weise3_id', '') if self.request.genesis_identity else ''\n weise3_id = hashlib.sha3_256(\n f'NOLIMIT::MEMBER::{self.request.user.pk}::{genesis_id}::FENIX2026'.encode()\n ).hexdigest()\n member = NoLimitMember.objects.create(\n user=self.request.user,\n weise3_id=weise3_id,\n genesis_id=genesis_id,\n display_name=form.cleaned_data.get('display_name', self.request.user.get_full_name()),\n role=form.cleaned_data.get('role', 'member'),\n country=form.cleaned_data.get('country', ''),\n )\n member.fluid_segment = member.izracunaj_fluid_segment()\n member.save(update_fields=['fluid_segment'])\n return super().form_valid(form)"},{"korak":6,"sto":"Dodaj URL-ove u no_limit/urls.py","urls":"path('member/dashboard/', views.NoLimitMemberDashboardView.as_view(), name='member_dashboard'),\npath('member/register/', views.NoLimitMemberRegisterView.as_view(), name='member_register'),"},{"korak":7,"sto":"Kreiraj member_dashboard.html template","gdje":"/var/www/fenix-v3/templates/no_limit/member_dashboard.html","sadrzaj":"Dark tema (#06060d, gold #d4af37). Prikaži: genesis_id (prvih 16 znakova + ...), role badge, tier badge, fluid_segment status. Ako nema member profila — redirect na register. Ako nema genesis prijave — prikaz upozorenja s linkom na /genesis/login/?platform=no-limit"},{"korak":8,"sto":"Dodaj no-limit.world login stranicu s Genesis kao primarnom opcijom","gdje":"/var/www/fenix-v3/templates/no_limit/genesis_auth.html","napomena":"Ovaj template već postoji (genesis_auth.html) — provjeri i unaprijedi. Dodaj NoLimitMember registraciju flow."},{"korak":9,"sto":"Provjeri da PLATFORM_REDIRECT ima 'no-limit'","cmd":"grep -n 'no-limit\\|no_limit' /var/www/fenix-v3/genesis_connect/views.py"},{"korak":10,"sto":"Test: manage.py check mora biti 0 errors","cmd":"cd /var/www/fenix-v3 && venv/bin/python manage.py check && venv/bin/python manage.py migrate --check"},{"korak":11,"sto":"Reload i test","cmd":"systemctl reload gunicorn-fenix-v3.service && curl -s -o /dev/null -w '%{http_code}' https://no-limit.world/no-limit/member/dashboard/"}],"definicija_gotovo":"no-limit.world ima member dashboard, NoLimitMember model s ZAKON 27, genesis_id vezan za FLUID F7. Commit: feat(no-limit): P5 member portal + NoLimitMember model + Genesis ID integration"},{"id":"FUTURE1","naziv":"Genesis SSO Discovery — Zero-Friction Cross-Domain","prioritet":"FUTURE","opis":"Ako korisnik je prijavljen na jednoj domeni, na drugoj dobiva tihi SSO bez klikanja. Implementacija: 1x1 pixel hidden iframe na svakoj domeni koji pita genesis.limit-connect.com/api/v1/genesis/auth/check — ako aktivan token postoji → automatski login. Privacy-first: samo ako korisnik prethodno dao pristanak (GDPR).","baza_za_implementaciju":"genesis:session:{token} Redis DB4 već postoji. Dodati JWT short-lived cross-domain token (15min) s allowed_domains listom."},{"id":"FUTURE2","naziv":"DokArh Audit Trail — Cross-Domain Login Log","prioritet":"FUTURE","opis":"Svaki login event kroz Genesis SSO → automatski .dok.json entry u schema_dokarh/genesis/logins/. Sadrži: weise3_id, platforma, ip_hash (ne plain IP — SHA3), timestamp, tier, anomaly_score. Ova lista postaje 'Knjiga Svjedočanstava' — VIVUS format, WeisE3λ potpisana.","implementacija":"Dodati hook u GenesisVerifyView.post() koji async kreira DokArh entry. Koristiti existing put() metodu DokArhResolversvc."},{"id":"FUTURE3","naziv":"Tier Cascade Policy — Native Tier Propagira","prioritet":"FUTURE","opis":"Korisnik koji ima native tier (WebAuthn) na genesis.limit-connect.com → automatski dobiva elevated pristup na svim domenama. Implementacija: genesis_token payload sadrži tier field. GenesisAuthMiddleware čita tier i setira request.genesis_tier. Svaki view može raditi @require_genesis_tier('native') decorator.","kod_skica":"@require_genesis_tier('native')\ndef sensitive_view(request):\n pass # Dostupno samo native tier korisnicima"}],"no_limit_world_elevacija":{"filozofija":"Svaki registrirani član NO LIMIT mreže postaje čvor znanja. Njihov Genesis ID nije samo prijava — on je DIO KRIPTOGRAFSKOG KLJUČA koji štiti naše dokumente. Zrno Krunice. Cigla Dvorca.","tier_hijerarhija":{"visitor":"Čita javne stranice — bez prijave","member":"Prijava putem Genesis SSO — pristup member dashboard","ambassador":"Potvrđen ambasador — pristup partner materijali, API ključevi, dokarh segment","founder":"Ivan + 3 osnivača — puni pristup"},"fluid_integracija":{"opis":"member.fluid_segment koristi se kao F7_KONTAKT u FLUID identity recovery","formula":"SHA3-256('NOLIMIT::' + genesis_id + '::' + weise3_id + '::' + date_joined + '::FENIX2026')","svrha":"Ako Ivan izgubi pristup, može rekonstruirati identitet ako ima 3+ ambasadora koji potvrde — Shamir SSS filozofija primjenjena na ljudsku mrežu"},"dokarh_integracija":{"opis":"Svaki novi član → c{NNNN}_nolimit_novi_clan_{datum}.dok.json","tip":"CLAN_REGISTRACIJA","zakon":"ZAKON 2 + ZAKON 3 — trojna pohrana obavezna"}},"borg_deploy_plan":{"faza1_odmah":{"opis":"Iskoristi Node1 + Node2 koji već postoje — ojačaj BORG sync","zadatak":"Provjeri health.json na Node1: curl https://genesis.limit-connect.com/borg/health.json","zadatak2":"Provjeri Node2 sync: curl https://grosmarkt-online.eu/brsljani/sync-now"},"faza2_node345":{"opis":"Naruči 3x Hetzner CX11 — 9.87 EUR/mj","uputa":"https://console.hetzner.cloud → New Server → CX11 → Nuremberg (EU) → Ubuntu 22.04","konfiguracija_svakog_novog_noda":["apt install python3.13 postgresql-client redis-tools nginx","Generiraj BORG agent_id: python3 -c \"import secrets; print(secrets.token_hex(16))\"","Postavi /borg/health.json writeable by www-data","Cron svakih 30s: pull Node1 health + diff + pull missing .dok.json","NIKAD ne instaliraj javni DNS za ove nodove","Firewall: dopusti samo Node1 IP za inbound (osim Hetzner management)"]},"faza3_no_limit_node5":{"opis":"Node5 = dedicated no-limit.world server","arhitektura":"nginx na Node5 servira no-limit.world Django app (ili FastAPI v4)","proxy_chain":"DNS: no-limit.world → Node1 IP. Node1 nginx proxy_pass http://NODE5_PRIVATE_IP:8020","prednost":"Node5 nikad nije direktno dostupan internetu. Sve ide kroz Node1 firewall."}},"faze_izvrsenja":{"tjedan1":["P1 WebAuthn verifikacija","P2 sati.ink gumb","P3 genesispos nginx"],"tjedan2":["P4 digigraf bridge","P5 no-limit.world elevacija"],"tjedan3":["Naruči Node3+Node4+Node5","Konfiguracija BORG health.json","Test Shamir dionice na Node4+5"],"tjedan4":["FUTURE1 preview implementation","FUTURE2 audit trail","Dokumentacija za EU grant prijavu"]},"commit_format":"feat(genesis): {opis} — koristiti za svaki korak","reload_komande":{"genesis":"systemctl restart genesis.service","fenix_v3":"systemctl reload gunicorn-fenix-v3.service","nginx":"nginx -t && systemctl reload nginx"},"test_komande":{"genesis_health":"curl https://genesis.limit-connect.com/api/v1/genesis/health","borg_health":"curl https://genesis.limit-connect.com/borg/health.json","fenix_check":"cd /var/www/fenix-v3 && venv/bin/python manage.py check","webauthn_test":"curl -X POST https://genesis.limit-connect.com/api/v1/webauthn/register/options -H 'Content-Type: application/json' -d '{\"weise3_id\": \"test_001\"}'","fluid_test":"cd /var/www/genesis && .venv/bin/python3 -c \"from services.fluid import FluidService; print('FLUID OK')\""},"zakon_provjere":["ZAKON 0: Svaki mod u svom projektu — ne mijesaj fenix-v3 i fina-connect","ZAKON 2: Svaki novi dok idi kroz DokArhResolver + Brsljani push","ZAKON 3: Trojna pohrana za sve clanove i ambasadore","ZAKON 17: NIKAD push prema drugim nodovima — samo PULL","ZAKON 26: Svaki TypedDict/dataclass za strukturirane podatke","ZAKON 27: NoLimitMember mora imati weise3_id + bunker_seal_id + created_at","ZAKON 29: SecurityHeaders nepromijenjeni — samo dodaj, nikad brisi","ZAKON 30: Nakon deploya chown -R www-data:www-data /var/www/fenix-v3/","ZAKON 32: Svaki fix ima chain entry PRIJE merge-a"],"kraj_sesije_obaveze":["Ažuriraj FENIX_STATUS.md: /var/www/fenix-v3/FENIX_STATUS.md","Kreiraj chain entry za sesiju: c0151_genesis_sso_sesija_{datum}.dok.json","git log --oneline -5 u oba projekta","Commitaj FENIX_STATUS.md: docs(memory): update session context"],"_chain_meta":{"prev_entry":"c0149_inovacije_nastanak_i_filozofija.dok.json","opp_seal":"WEISE3::c0150::CHAIN_INTEGRITY::FENIX2026","lanac_visina":150,"tip_lanca":"PLAN_DOKUMENT","vidljivost":"CC_INTERNAL"}}}