MIT Licensed · Open Source

Built Deaf-First.
Powered by the Community.

A Deaf-centered, accessibility-native SaaS platform with AI-powered workflows, decentralized trust scoring, and government-grade compliance infrastructure. Five core services. One open ecosystem.

View on GitHub Quick Start Explore Services

Core Services

60+

API Endpoints

WCAG

2.1 AAA

MIT

License

Core Services

Five services. One unified mesh.

Each service is independently deployable, OpenAPI 3.1 documented, and connected through DeafAUTH's PASETO token fabric.

:3002 · auth.mbtq.dev

🔐

DeafAUTH — Identity Cortex

Secure authentication designed for Deaf users first. PASETO v4 tokens, MCP server support, accessible auth flows, and user preference management. The single auth source for all MBTQ services.

PASETO v4 MCP Server Register Login Verify Refresh

:3003 · sync.mbtq.dev

⚡

PinkSync — Accessibility Engine

Real-time accessibility synchronization with WebSocket-based pub/sub, Redis backbone, and Cloudflare Workers + Durable Objects. Handles accessibility preferences across all MBTQ subdomains.

WebSocket Redis Cloudflare Workers Durable Objects

:3004 · trust.mbtq.dev

🌿

Fibronrose — Trust & Blockchain

Fibonacci-decay trust scoring across all subdomains. ERC-1155 trust badges, ERC-20 FIBR token, and Neon.tech for numeric workloads. Golden-ratio threshold (0.382). ML scoring via Vertex AI / Gemini.

Trust Score ERC-1155 Fibonacci Decay Vertex AI

:3006 · dynamic · ai.mbtq.dev

🤖

360Magicians — AI Agents

Comprehensive AI agent platform: agent lifecycle, task execution, memory management, file ingestion, RAG search, tool registry, scheduling, webhooks, and cost analytics. Port resolved at runtime.

60+ Endpoints RAG Ollama Gemini Claude

:3007 · dynamic · dao.mbtq.dev

🏛️

MBTQ DAO — Governance

Decentralized governance and community management. Proposals, voting, member management, and community-driven autonomous platform evolution powered by RAG on Vertex AI. Port resolved at runtime.

DAO Proposals Voting Vertex AI

:3005 · a11y.mbtq.dev

♿

a11y — Accessibility Nodes

Modular accessibility features: sign language interpretation overlays, visual accessibility enhancements, MCP server for accessibility APIs, and the video SDK (MBTQVideoSDK) for Deaf-first communications.

ASL Video MCP Server Visual Alerts Captions

Deaf-First Design

Not accessible. Deaf-native.

These aren't guidelines — they're hard constraints enforced at the code and policy level across every service.

RULE 01

The 2-Second Rule

A Deaf user must understand system state within 2 seconds of first render. No audio dependency. Visual-first, always.

RULE 02

Caption-First Video

Captions are never hidden, never delayed, never optional. They are the primary communication channel — not a fallback.

RULE 03

Visual-Only Alerts

All system notifications, errors, and status changes are communicated visually. Zero audio-only notification paths exist in any service.

RULE 04

ASL Priority Overlays

Sign language interfaces receive the highest design priority. The a11y service's floating MBTQVideoSDK panel with drag, resize, and minimize is always accessible.

RULE 05

Lifetime Support Registration

Accommodation needs are registered permanently in the system. They never expire, never require re-verification, and propagate across all services via PinkSync.

RULE 06

WCAG 2.1 AAA Enforced

The ESLint plugin (eslint-plugin-mbtq) enforces WCAG 2.1 AAA compliance at the code level — not just as a guideline in a README.

Architecture

Edge-native. Vendor-agnostic.

Cloudflare Tunnel for all public traffic — no exposed ports. PASETO v4 over JWT. A single gateway entry point for all external requests.

EXTERNAL TRAFFIC

@mbtq/gateway

auth → trust → normalize → route → audit

↓

AUTH MESH

DeafAUTH

:3002

PinkSync

:3003

Fibronrose

:3004 · 0.382 threshold

a11y

:3005

↓

DYNAMIC PORTS (runtime resolved)

360Magicians / AI

:3006 · Deno tunnel

MBTQ DAO

:3007 · Cloudflare tunnel

↓

DATA FLOW

pinkflow.mbtq.dev → DAO gate → api.pinksync.io

🔒 PASETO v4 Token Fabric

All inter-service auth uses PASETO v4 (preferred over JWT). PinkSync activation requires a per-user or enterprise-level PASETO token. The gateway is upstream of PinkSync.

⚡ Five-Stage Gateway Pipeline

Every external request flows through: auth → trust score → normalize → route → audit. HotChannel WebSocket audit interception logs every significant event.

🌐 Cloudflare Tunnel — No Exposed Ports

All public traffic routes through Cloudflare Tunnel. Ports 3006+ are dynamic and must never be hardcoded — resolved at runtime via Deno and Cloudflare tunnel bindings.

📦 Monorepo with Package Standards

All packages use mbtq- prefix or @mbtq/ scope. Self-hosted Verdaccio for scoped packages. Two-repo split: mbtq-dev (public), mbtq-core (private).

Tech Stack

Production-grade, edge-native infrastructure.

🦕

Deno KV

⚡

Cloudflare Workers

🔥

Hono

🐘

Supabase (Auth/RLS)

🌿

Neon.tech

🤖

Ollama (local AI)

🧠

Vertex AI / Gemini

⚛️

Next.js (UI only)

🟢

Node.js ≥ 20

📘

TypeScript

🐳

Docker

🔄

Redis

🐙

GitHub Actions (CI)

🦀

Rust / Cargo (CI)

☁️

GCP / Kubernetes

🔐

PASETO v4

Quick Start

Up and running in four commands.

Node.js ≥ 20.0.0 and npm ≥ 10.0.0 required. PostgreSQL and Redis for full stack.

STEP 01

Clone & Install

bash

# Clone the repository
git clone https://github.com/pinkycollie/
  DEAF-FIRST-PLATFORM.git
cd DEAF-FIRST-PLATFORM
npm install
          

STEP 02

Configure Environment

.env

cp .env.example .env

# Required vars:
DATABASE_URL=postgresql://...
REDIS_URL=redis://localhost:6379
JWT_SECRET=your-secret-key
DEAFAUTH_PORT=3002
          

STEP 03

Validate & Test

bash

# Validate OpenAPI specs
npm run validate:openapi

# Run all tests
npm test

# Run with coverage
npm run test:coverage
          

STEP 04

Start All Services

bash

# All services
npm run dev

# Or individually
npm run dev:deafauth
npm run dev:pinksync
npm run dev:fibonrose
          

API Reference

OpenAPI 3.1 documented. Every endpoint.

All services share the DeafAUTH security scheme. Include Authorization: Bearer <token> in every request.

// DeafAUTH — :3002

POST /auth/register User registration with accessibility preference capture

POST /auth/login Authenticate and receive PASETO v4 token pair

GET /auth/verify Token verification and user context resolution

POST /auth/refresh Rotate refresh token and issue new access token

// PinkSync — :3003

GET /sync/status Check synchronization status across services

POST /sync/preferences Update accessibility preferences (propagates to all services)

GET /sync/features List available accessibility feature flags

// Fibronrose — :3004

POST /trust/verify Verify blockchain transaction against trust ledger

GET /trust/score Retrieve Fibonacci-decay trust score (threshold: 0.382)

POST /trust/record Record new interaction to trust ledger (ERC-1155)

// DAO — :3007 (dynamic)

GET /dao/proposals List open governance proposals with vote counts

POST /dao/vote Submit community vote on active proposal

GET /dao/members List DAO members with trust scores and roles

Open Source

Build with us.

All contributions must maintain WCAG 2.1 AAA compliance and Deaf-first principles. Use Conventional Commits. CI must pass.

🍴

Fork & Branch

Fork the repo, create a feature branch (feat/your-feature), and follow the Conventional Commits spec for all commit messages.

♿

Accessibility Required

Every PR must maintain WCAG 2.1 AAA compliance. The ESLint plugin (eslint-plugin-mbtq) enforces this at the code level — failing checks block merge.

✅

Tests & Linting

Run npm run lint && npm run test before opening a PR. All CI checks — lint, type-check, validate:openapi, and security scans — must pass.

📖

Document Everything

New endpoints require OpenAPI 3.1 spec updates. New services require a README, architecture notes, and service registration in the gateway config.

🤝

Community First

This platform serves the Deaf community. Contributions that improve accessibility, ASL video, captioning, or Deaf-user flows are prioritized in review.

🔐

Security Policy

Security vulnerabilities are reported privately — never as public issues. See SECURITY.md for the responsible disclosure process and scope.

Contribution Flow

# 1. Fork → clone → branch
git checkout -b feat/your-feature

# 2. Make changes · write tests

# 3. Validate
npm run lint && npm run test && npm run validate:openapi

# 4. Commit (Conventional Commits)
git commit -m "feat: add ASL overlay to video SDK"

# 5. Push → open PR
git push origin feat/your-feature
      

Built Deaf-First.Powered by the Community.