feat: build core API, fraud engine, notifier, and frontend

Phase 1 — Core API (Go):
- Events, guests, tokens, RSVPs CRUD on PostgreSQL via pgx/v5
- HMAC-signed per-guest tokens with format validation
- Health endpoint with DB ping, slog JSON logging, graceful shutdown

Phase 2 — NATS + Fraud Engine:
- NATS JetStream pub/sub with explicit-ack consumers
- Python/FastAPI fraud engine with heuristic risk scoring
  (fingerprint mismatch, IP change, missing signals, repeated access)
- gRPC sync scoring with 250ms fail-open timeout
- Per-guest baseline tracking; risk bands low/medium/high/block

Phase 3 — Notifications + Frontend:
- Notification worker scaffolding (Twilio/SES stubs, retry/backoff)
- Nuxt 3 frontend with Tailwind dark theme + brand green
- Live monitor via WebSocket with auto-reconnect
- Activity history endpoint backfills monitor with RSVPs +
  scored access checks (including blocked attempts)

UX polish:
- Marketing-friendly landing page (hero mockup, how-it-works,
  features, use cases, testimonials, FAQ, final CTA)
- Animated layered card mockups on landing + new-event page
- Plus-ones stepper, RSVP status badges, filter buttons
- Friendly access-check labels (Verified/Review/Suspicious/Blocked)
- Dashboard hydration fix via ClientOnly wrapper

Infrastructure:
- docker-compose for full local dev (postgres, nats, api,
  fraud-engine, notifier, frontend)
- Multi-stage Dockerfiles, non-root UID 1000
- Integration tests with testcontainers-go

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

fraud-engine/app/main.py

@@ -0,0 +1,80 @@
+from __future__ import annotations
+
+import logging
+from contextlib import asynccontextmanager
+
+import structlog
+import uvicorn
+from fastapi import FastAPI
+
+from app.config import load_settings
+from app.consumer import FraudConsumer
+from app.grpc_server import serve_grpc, stop_grpc
+from app.nats_bus import NatsBus
+from app.scoring import HeuristicScorer
+
+logger = structlog.get_logger()
+
+
+def _configure_logging(env: str) -> None:
+    level = logging.DEBUG if env == "development" else logging.INFO
+    logging.basicConfig(level=level, format="%(asctime)s %(levelname)s %(name)s %(message)s")
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    settings = load_settings()
+    _configure_logging(settings.env)
+
+    bus = NatsBus(settings.nats_url, settings.stream_name)
+    await bus.connect()
+
+    scorer = HeuristicScorer()
+    consumer = FraudConsumer(bus, settings.consumer_durable, scorer)
+    await consumer.start()
+
+    grpc_server = await serve_grpc(scorer, settings.grpc_addr)
+
+    app.state.bus = bus
+    app.state.consumer = consumer
+    app.state.scorer = scorer
+    app.state.grpc = grpc_server
+    app.state.settings = settings
+
+    try:
+        yield
+    finally:
+        await stop_grpc(grpc_server)
+        await consumer.stop()
+        await bus.close()
+
+
+app = FastAPI(title="GuestGuard Fraud Engine", lifespan=lifespan)
+
+
+@app.get("/health")
+async def health() -> dict[str, str]:
+    return {"status": "ok"}
+
+
+@app.get("/health/ready")
+async def ready() -> dict[str, str]:
+    bus = getattr(app.state, "bus", None)
+    if bus is None:
+        return {"status": "starting"}
+    return {"status": "ok", "nats": "up"}
+
+
+def serve() -> None:
+    settings = load_settings()
+    uvicorn.run(
+        "app.main:app",
+        host=settings.host,
+        port=settings.port,
+        log_level="info",
+        access_log=True,
+    )
+
+
+if __name__ == "__main__":
+    serve()