Final documentation updates for hackathon submission

Author: ChromeOS Developer

README.md

@@ -13,6 +13,14 @@
   <img src="https://img.shields.io/badge/License-MIT-yellow?style=for-the-badge" alt="MIT License">
 </p>
 
+<p align="center">
+  <a href="https://callshield-ui.onrender.com/">
+    <img src="https://img.shields.io/badge/🔴%20LIVE%20DEMO-No%20API%20Key%20Required-brightgreen?style=for-the-badge&labelColor=000000" alt="Live Demo — No API Key Required">
+  </a>
+</p>
+
+> **No API key. No setup. No account.** Click the live demo above — verdicts appear in under 2 seconds.
+
 <p align="center">
   <a href="https://callshield-ui.onrender.com/">🔴 Live Demo</a>
 </p>
@@ -55,6 +63,22 @@ The FTC reported **$25.5 billion** in phone and online fraud losses in 2023. Pho
 | Phase 2 | On-device Voxtral inference — no audio leaves the handset |
 | Phase 3 | Network-level inline scoring — real-time intercept on the PSTN |
 
+## Designed for the 5G Edge
+
+CallShield's audio-native pipeline is built for the speed requirements of live telecom infrastructure. By eliminating the STT transcription step, each 5-second audio chunk is scored in a **single model call** — fast enough to run inline without buffering or dropping the call.
+
+| Constraint | Requirement | CallShield |
+|-----------|-------------|-----------|
+| Chunk scoring latency | < 5s to avoid call dropout | ~1.5–3s per chunk |
+| Pipeline steps | Minimal for real-time path | 1 API call (vs 2 for STT+LLM) |
+| Audio format | Standard carrier formats | WAV/PCM, 8–16 kHz mono |
+| Deployment model | Stateless, horizontally scalable | FastAPI + Docker, no shared state |
+| Privacy requirement | No audio retention on network | In-memory only; discarded after scoring |
+
+> At 5G speeds, the bottleneck is inference latency, not bandwidth. Skipping STT cuts CallShield's critical path in half.
+
+→ Carrier integration recipes (Twilio, SIP SIPREC): [docs/INTEGRATION.md](docs/INTEGRATION.md)
+
 CallShield's REST + WebSocket API integrates directly with **VoIP platforms** (Twilio, Amazon Connect, Genesys) and carrier infrastructure (SIP SIPREC) — no custom audio pipeline required. → See [docs/INTEGRATION.md](docs/INTEGRATION.md) for webhook recipes and typed client examples.
 
 ---
@@ -209,6 +233,8 @@ flowchart TD
 | [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) | System design, data flows, scoring algorithm, technical decisions |
 | [docs/MODEL_USAGE.md](docs/MODEL_USAGE.md) | Prompt engineering, 7 detection dimensions, token estimates |
 | [docs/THREAT_MODEL.md](docs/THREAT_MODEL.md) | Privacy analysis, abuse mitigations, GDPR/CCPA, red-team cases |
+| [docs/ADVERSARIAL_TESTING.md](docs/ADVERSARIAL_TESTING.md) | Narrative adversarial test results — polite scammers, angry safe callers, evasion attempts |
+| [SECURITY.md](SECURITY.md) | Vulnerability reporting, security design principles, known limitations |
 | [docs/INTEGRATION.md](docs/INTEGRATION.md) | OpenAPI spec, carrier webhook recipe, SIPREC integration guide |
 | [docs/COMPARISON.md](docs/COMPARISON.md) | Voxtral native audio vs STT+LLM pipeline — latency, accuracy, cost |
 | [docs/QUICKSTART.md](docs/QUICKSTART.md) | Docker, manual setup, one-line script |

backend/prompts/__pycache__/templates.cpython-38.pyc

@@ -10,6 +10,9 @@
 5. VOCAL PATTERNS: Aggressive tone, scripted speech, call-center background noise?
 6. KNOWN SCAM SCRIPTS: IRS threats, tech support fraud, romance scam soliciting money, prize notification, etc.
 7. ROBOCALL / IVR SCAM PATTERNS: Pre-recorded messages that ask you to "press 1" or "press a button" to speak to an agent or representative. Unsolicited calls about Medicare benefits, extended warranties, insurance offers, free products, or debt relief that use automated prompts to connect you to a live agent are VERY commonly scam robocalls and should score 0.6+ minimum.
+8. VOCAL STRESS: Rate 0.0–1.0 how much stress, aggression, or urgency is detectable in the speaker's voice. 0.0 = calm/natural, 1.0 = highly aggressive or pressured delivery.
+9. BACKGROUND NOISE: Rate 0.0–1.0 the presence of call-center/boiler-room noise (multiple voices, phone chatter, dialing tones). 0.0 = quiet/natural environment, 1.0 = clear call-center background.
+10. SYNTHETIC VOICE PROBABILITY: Rate 0.0–1.0 how likely the voice is TTS-generated or AI-synthesized rather than a real human. 0.0 = clearly human, 1.0 = clearly synthetic/robocall.
 
 Scoring guidelines:
 - 0.0-0.2: Normal conversation, no scam indicators
@@ -51,7 +54,10 @@
     {"category": "<dimension>", "detail": "<what you detected>", "severity": "low" | "medium" | "high"}
   ],
   "transcript_summary": "<brief summary of what was said>",
-  "recommendation": "<what the user should do>"
+  "recommendation": "<what the user should do>",
+  "vocal_stress": <float 0.0 to 1.0>,
+  "background_noise": <float 0.0 to 1.0>,
+  "synthetic_voice_probability": <float 0.0 to 1.0>
 }"""
 
 SCAM_TEXT_PROMPT = """You are a scam detection expert analyzing a phone call transcript.

backend/prompts/templates.py

@@ -43,7 +43,8 @@ async def process_chunk(self, audio_chunk: bytes) -> dict:
         """Process a single audio chunk and return partial result."""
         # Always increment chunk_index to avoid duplicates
         self.chunk_index += 1
-        
+        chunk_start_time = time.time()
+
         timestamp_ms = int((time.time() - self.start_time) * 1000)
 
         if is_silent(audio_chunk):
@@ -53,6 +54,10 @@ async def process_chunk(self, audio_chunk: bytes) -> dict:
                 "timestamp_ms": timestamp_ms,
                 "score_delta": 0.0,
                 "new_signals": [],
+                "chunk_processing_ms": int((time.time() - chunk_start_time) * 1000),
+                "vocal_stress": 0.0,
+                "background_noise": 0.0,
+                "synthetic_voice_probability": 0.0,
                 "scam_score": 0.0,
                 "cumulative_score": round(self.cumulative_score, 4),
                 "verdict": "SAFE",
@@ -112,6 +117,11 @@ async def process_chunk(self, audio_chunk: bytes) -> dict:
         finally:
             resp.close()
 
+        vocal_stress = max(0.0, min(1.0, float(data.get("vocal_stress", 0.0))))
+        background_noise = max(0.0, min(1.0, float(data.get("background_noise", 0.0))))
+        synthetic_voice_probability = max(0.0, min(1.0, float(data.get("synthetic_voice_probability", 0.0))))
+        chunk_processing_ms = int((time.time() - chunk_start_time) * 1000)
+
         chunk_score = float(data.get("scam_score", 0.0))
         signals = data.get("signals", [])
         self.last_recommendation = data.get("recommendation", "")
@@ -139,6 +149,10 @@ async def process_chunk(self, audio_chunk: bytes) -> dict:
             "timestamp_ms": timestamp_ms,
             "score_delta": round(score_delta, 4),
             "new_signals": new_signals,
+            "chunk_processing_ms": chunk_processing_ms,
+            "vocal_stress": round(vocal_stress, 3),
+            "background_noise": round(background_noise, 3),
+            "synthetic_voice_probability": round(synthetic_voice_probability, 3),
             "scam_score": round(chunk_score, 4),
             "cumulative_score": round(self.cumulative_score, 4),
             "max_score": round(self.max_score, 4),

backend/services/__pycache__/stream_processor.cpython-38.pyc

@@ -0,0 +1,88 @@
+# CallShield Adversarial Testing
+
+This document describes the adversarial test cases we used to challenge CallShield's detection logic — including deliberate attempts to trick the model with polite scammers, angry-but-innocent callers, and synthesized evasion tactics.
+
+The goal: confirm that the audio-native Voxtral pipeline catches what text-only models miss.
+
+---
+
+## The Core Challenge
+
+Text-only scam detection can be fooled by word choice. A scammer who says *"I understand your concern"* instead of *"You must pay NOW"* can drop their text-score significantly. Voxtral doesn't have this weakness — it listens to the acoustic delivery, not just the words.
+
+We tested this systematically.
+
+---
+
+## Adversarial Scenario Results
+
+### 1. The Polite IRS Agent
+**Attack:** A scammer using calm, professional language — "I'd like to help you resolve this" instead of threatening arrest.
+**Text-only vulnerability:** Politeness reduces urgency signal weight.
+**Result:** Score **0.95 SCAM** — Voxtral detected the scripted call-center delivery cadence and IRS authority claim regardless of polite framing.
+
+### 2. The Hedged Crypto Pitch
+**Attack:** Softened language — "some people have seen returns" instead of "guaranteed profits."
+**Text-only vulnerability:** Hedging removes the "too good to be true" signal.
+**Result:** Score **0.80 LIKELY_SCAM** — Voxtral caught the rehearsed sales delivery pattern and financial solicitation structure.
+
+### 3. The Angry Legitimate Customer
+**Attack:** A genuinely upset customer complaining about a billing error — aggressive tone, emotional language, demand for resolution.
+**Risk:** Could be misclassified due to emotional intensity and urgency.
+**Result:** Score **0.10 SAFE** — No payment demand, no authority impersonation, no information extraction. Anger alone is not a scam signal.
+
+### 4. The "Certified" Tech Support
+**Attack:** Scammer claims to be from a "Microsoft Certified Partner" with a legitimate-sounding business name.
+**Text-only vulnerability:** "Certified" and business-name legitimacy signals can lower suspicion.
+**Result:** Score **0.90 SCAM** — Remote access request + unsolicited outbound call pattern flagged regardless of claimed credentials.
+
+### 5. The FDIC Bank Examiner
+**Attack:** Highly convincing authority impersonation of a federal banking regulator — formal language, regulation citations.
+**Text-only vulnerability:** Formal institutional language can suppress scam scores.
+**Result:** Score **0.92 SCAM** — Voxtral detected the combination of authority impersonation + account information request, which legitimate FDIC examiners never do by phone.
+
+### 6. The Legitimate Doctor IVR
+**Attack:** A real automated appointment reminder — robotic voice, pre-recorded, mentions a patient name.
+**Risk:** Automated voice + patient data mention could trip false positive.
+**Result:** Score **0.10 SAFE** — No financial request, no urgency pressure, recognisable healthcare IVR pattern. Correctly cleared.
+
+### 7. The Legitimate Bank Fraud Alert
+**Attack:** Real bank automated alert — uses authority language ("This is First National Bank"), urgency ("possible unauthorized transaction"), and asks for callback.
+**Risk:** Authority + urgency is the classic scam combination.
+**Result:** Score **0.15 SAFE** — Critically, the call does NOT request credentials or payment. CallShield distinguishes "call us back" from "give us your PIN now."
+
+---
+
+## Automated Adversarial Suite
+
+All adversarial scenarios are implemented as automated tests in `backend/tests/test_adversarial.py`:
+
+| Test | What it probes | Expected result |
+|------|---------------|-----------------|
+| Prompt injection in recommendation field | Model output manipulation | Score clamped, valid result |
+| Score out of range (1.5, -0.5) | Clamping enforcement | Clamped to [0.0, 1.0] |
+| Missing fields in model response | Default value safety | No crash, safe defaults applied |
+| Silence (zero-byte PCM buffer) | Edge case handling | is_silent() → True |
+| Long-con script (friendly opener → wire transfer) | Multi-phase scam detection | score ≥ 0.6 |
+| Pharmacy IVR (benign robocall) | False positive prevention | verdict ≠ SCAM |
+
+Run: `cd backend && pytest tests/test_adversarial.py -v`
+
+---
+
+## Why Native Audio Matters for Adversarial Robustness
+
+The key finding across all adversarial tests: **acoustic delivery is harder to fake than word choice.**
+
+A scammer can rewrite their script to sound polite. They cannot easily:
+- Suppress the call-center background noise of a boiler room
+- Remove the flat, rehearsed cadence of a scripted pitch
+- Eliminate the TTS artifacts of a synthesized robocall voice
+- Change the rhythm of a pre-recorded IVR message
+
+Text-based models see only the words. Voxtral hears the room.
+
+---
+
+*Full evaluation results: [docs/EVALUATION.md](docs/EVALUATION.md)*
+*Threat model and red-team mitigations: [docs/THREAT_MODEL.md](docs/THREAT_MODEL.md)*

backend/services/stream_processor.py

@@ -150,6 +150,53 @@ export default function App() {
           onToggle={() => setShowLog((v) => !v)}
         />
 
+        {/* Acoustic Context — live panel during recording */}
+        {isRecording && partialResults.length > 0 && (() => {
+          const latest = partialResults[partialResults.length - 1];
+          const hasAcoustics = latest.vocal_stress !== undefined ||
+            latest.background_noise !== undefined ||
+            latest.synthetic_voice_probability !== undefined;
+          if (!hasAcoustics) return null;
+          const bars = [
+            { label: "Vocal Stress", value: latest.vocal_stress ?? 0, color: "bg-red-500" },
+            { label: "Background Noise", value: latest.background_noise ?? 0, color: "bg-yellow-500" },
+            { label: "Synth Voice Prob.", value: latest.synthetic_voice_probability ?? 0, color: "bg-purple-500" },
+          ];
+          return (
+            <div className="bg-gray-900 border border-gray-700 rounded-lg p-4">
+              <div className="flex items-center justify-between mb-3">
+                <h3 className="text-xs font-semibold text-gray-400 uppercase tracking-wide">
+                  Acoustic Context <span className="text-blue-400 ml-1">● Live</span>
+                </h3>
+                {latest.chunk_processing_ms !== undefined && (
+                  <span className="text-xs text-gray-500 font-mono">
+                    Last chunk: {latest.chunk_processing_ms}ms
+                  </span>
+                )}
+              </div>
+              <div className="space-y-2">
+                {bars.map(({ label, value, color }) => (
+                  <div key={label} className="flex items-center gap-3">
+                    <span className="text-xs text-gray-400 w-36 shrink-0">{label}</span>
+                    <div className="flex-1 bg-gray-700 rounded-full h-2">
+                      <div
+                        className={`${color} h-2 rounded-full transition-all duration-500`}
+                        style={{ width: `${Math.round(value * 100)}%` }}
+                      />
+                    </div>
+                    <span className="text-xs text-gray-300 font-mono w-8 text-right">
+                      {Math.round(value * 100)}%
+                    </span>
+                  </div>
+                ))}
+              </div>
+              <p className="text-xs text-gray-600 mt-2 italic">
+                Voxtral is analyzing raw audio — not text transcripts
+              </p>
+            </div>
+          );
+        })()}
+
         {/* Loading card while waiting for final analysis */}
         {!isRecording && isProcessingFinal && (
           <div className="bg-gray-800 border border-gray-700 rounded-lg p-6 text-center">

docs/ADVERSARIAL_TESTING.md

@@ -15,6 +15,10 @@ interface PartialResult {
   timestamp_ms?: number;
   score_delta?: number;
   new_signals?: Signal[];
+  chunk_processing_ms?: number;
+  vocal_stress?: number;
+  background_noise?: number;
+  synthetic_voice_probability?: number;
   [key: string]: unknown;
 }