Skip to content

SuperfiedStudd/trust-pulse

BranchesTags

Repository files navigation

Trust Graph — Subscription Abuse Ops

An abuse operations console for subscription platforms. Detects coordinated abuse patterns — trial cycling, refund fraud, promo exploitation, payment reuse, device burst signups — clusters linked entities, scores risk with a configurable heuristic pipeline, and gives operators a full investigation-to-action workflow.

Built with React, TypeScript, Supabase, D3, and Recharts.

Overview Dashboard

What This Demo Shows

This is a working prototype, not a mock. The codebase includes:

  • Event ingestion — a Supabase Edge Function that accepts, validates, and deduplicates raw abuse events (ingest-event)
  • Derived features — a scoring pipeline that extracts 14 behavioral features per cluster from account, device, payment, and IP data (compute-scores)
  • Heuristic scoring — weighted signal-based scorer producing 0–100 risk scores with risk bands and top-reason explanations, configurable via policy weights
  • Operator workflows — triage queue with bulk actions, deep entity investigation, trust graph visualization, policy simulation with projected tradeoffs
  • Realtime sync — Supabase channels invalidate React Query caches on DB changes
  • Pipeline observability — run auditing, event stats, and version tracking visible in the dashboard

Data is synthetic (loaded via a seed-data edge function), not connected to a live payment processor. Scoring is heuristic, not ML. AI summaries are pre-written. See Real vs. Simulated below.

Screenshots

Operations Dashboard

KPI cards, pipeline health, event volume trends, and priority actions queue.

Overview

Risk Inbox

Sortable cluster queue with risk badges, exposure, abuse patterns, and bulk operator actions.

Risk Inbox

Entity Investigation

Deep-dive into a cluster: linked accounts, topology, timeline, rule triggers, case guidance, and operator actions.

Entity Detail

Trust Graph

D3 force-directed graph showing entity relationships — accounts, devices, payment methods, and IPs — color-coded by risk.

Trust Graph

Policy Simulator

Tune scoring weights and preview projected impact on abuse catch rate, false positives, queue volume, and revenue.

Policy Simulator

Demo Pages

Route Page What It Does
/ Overview KPI dashboard with pending clusters, exposure, flagged accounts, pipeline health, event trends, and priority actions
/risk-inbox Risk Inbox Filterable/sortable cluster queue with bulk actions (approve, block, review, verify, restrict promo)
/entity/:id Entity Detail Investigation view: cluster stats, topology, timeline, rule triggers, case guidance, analyst notes, operator actions
/trust-graph Trust Graph D3 graph of entity relationships with inspection panel, edge filters, and risk overlays
/entities Entities Tabbed browser across accounts, devices, payment methods, and IPs
/policy-simulator Policy Simulator Adjust scoring weights, preview risk distribution shifts, save baseline, trigger score recomputation
/settings Settings Policy config, review capacity, pipeline controls

Problem Statement

Subscription platforms lose revenue to coordinated abuse: users create multiple accounts to exploit free trials, cycle refunds, stack promo codes, or share payment methods across fake identities. These patterns are invisible at the individual account level but become clear when you link entities — shared devices, IPs, payment methods, and behavioral timing.

Most fraud tooling focuses on payment authorization. Trust Graph focuses on the post-signup, pre-churn abuse lifecycle: the operational gap between "this account exists" and "this account is costing us money."

Why this matters for Stripe / payment ops:

  • Trial abuse inflates conversion funnels and wastes onboarding spend
  • Refund cycling directly erodes revenue and triggers processor risk flags
  • Promo abuse defeats acquisition economics
  • Dispute escalation from denied refunds creates chargeback liability
  • Device burst signups indicate automated farming operations

Architecture

External Events (webhook / API)
        │
        ▼
┌─────────────────────────┐
│   ingest-event          │  Supabase Edge Function
│   validate → dedupe →   │  writes to raw_events table
│   store                 │
└────────┬────────────────┘
         │
         ▼
┌─────────────────────────┐
│   compute-scores        │  Supabase Edge Function
│   extract 14 features → │  writes to derived_features
│   weighted heuristic →  │  writes to score_results
│   audit pipeline run    │  writes to pipeline_runs
└────────┬────────────────┘
         │
         ▼
┌─────────────────────────┐
│   React Frontend        │  Reads all tables via
│   Vite + shadcn/ui      │  Supabase client + React Query
│   D3 + Recharts         │  Realtime sync via channels
└─────────────────────────┘

Pipeline Tables

Table Role
raw_events Ingested events with dedupe keys and ingestion status
derived_features 14 computed features per entity (velocity, reuse rates, counts)
score_results Risk scores with band, top reasons, and version
pipeline_runs Audit log of each scoring run

Operator Tables

Table Role
clusters Abuse clusters with scores, exposure, status, AI summaries
accounts / devices / payment_methods / ip_addresses Entity records with linkage counts
link_edges Graph edges connecting entities within clusters
events Activity timeline entries per cluster
rule_triggers Fired detection rules per cluster
policy_config Scoring weights, thresholds, and review capacity
policy_actions Operator action audit trail
analyst_notes Investigation notes

For full pipeline details, see docs/architecture.md.

What Is Real vs. Simulated

Implemented and Working

  • ✅ Event ingestion edge function with validation and dedupe
  • ✅ Feature extraction (14 derived features from accounts, edges, events)
  • ✅ Weighted heuristic scoring with configurable policy weights
  • ✅ Score recomputation triggered from the UI
  • ✅ Pipeline run auditing with event/entity counts
  • ✅ Full operator workflows: approve, block, review, escalate, verify, restrict
  • ✅ Bulk actions on cluster queue
  • ✅ Realtime UI updates via Supabase channels
  • ✅ D3 force-directed trust graph with interactive inspection
  • ✅ Policy simulator with projected tradeoff metrics
  • ✅ Analyst notes and action history

Simulated / Demo-Grade

  • 🟡 Data is synthetic, loaded via seed-data edge function — not from a live processor
  • 🟡 AI summaries and case guidance are pre-written, not LLM-generated at runtime
  • 🟡 No live Stripe webhook connector (ingestion endpoint is built and ready)
  • 🟡 No authentication or RBAC
  • 🟡 No streaming ingestion — uses request-based edge functions
  • 🟡 Scoring is heuristic rules, not trained ML model inference
  • 🟡 No outbound egestion to Stripe, CRMs, or ticketing systems

Local Setup

Prerequisites

  • Node.js 18+
  • npm
  • A Supabase project (free tier works)
  • Supabase CLI (optional, for edge function deployment)

Quick Start

# Clone
git clone https://github.com/SuperfiedStudd/trust-pulse.git
cd trust-pulse

# Install
npm install

# Configure environment
cp .env.example .env
# Edit .env — add your Supabase project URL and anon key from:
# Supabase Dashboard → Settings → API

# Set up the database (choose one):
# Option A: Supabase CLI
supabase db push

# Option B: Manual — paste each file in supabase/migrations/
# into the Supabase SQL Editor, in filename order

# Seed demo data (choose one):
# Option A: Deploy and invoke the seed function
supabase functions deploy seed-data
curl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/seed-data \
  -H "Authorization: Bearer YOUR_ANON_KEY"

# Option B: The app will show empty states until data is seeded

# Deploy scoring pipeline (optional — enables "Recompute Scores" in UI)
supabase functions deploy compute-scores
supabase functions deploy ingest-event

# Run
npm run dev
# → http://localhost:8080

Scripts

Command What
npm run dev Vite dev server (port 8080)
npm run build Production build
npm run preview Serve production build
npm run lint ESLint
npm run test Vitest

Tech Stack

Layer Tech
Frontend React 18, TypeScript, Vite, Tailwind CSS, shadcn/ui
Visualization D3 (force graph), Recharts (charts)
Backend Supabase — Postgres, Edge Functions (Deno), Realtime
State TanStack React Query
Build Vite + SWC

Limitations

  • No auth — any visitor can read/write. This is a portfolio demo.
  • No streaming — ingestion is request-based, not Kafka/Flink.
  • Heuristic scoring — weighted rules, not ML. Code is structured to swap in model inference.
  • Synthetic data — demo runs on seeded data, no live connectors.
  • Single-tenant — hardcoded to demo_merchant. Multi-tenant requires schema changes.
  • No egestion — operator actions are recorded but not pushed to Stripe or external systems.

Future Work

  • Stripe webhook integration for live event ingestion
  • ML model scoring (swap heuristic for trained classifier)
  • Authentication and role-based access
  • Streaming ingestion layer
  • Outbound actions to Stripe (auto-block, restrict trials) and ticketing systems
  • Graph-based cluster auto-detection (currently clusters are pre-defined)
  • Time-series anomaly detection on velocity features

License

MIT — see LICENSE.

About

Subscription abuse operations console — event ingestion, heuristic risk scoring, trust graph visualization, and operator workflows. Built with React, Supabase, D3.

Topics

react typescript recharts fraud-detection trust-and-safety supabase abuse-prevention risk-ops subscription-abuse-prevention

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages