commit 248ac1deeadfd60f1bbf8a05e64b72ca2663d1ac
Author: root <root@debian5825u>
Date:   Mon Apr 20 20:39:24 2026 +0900

    fix: --pool=solo SIGSEGV 해결 및 전체 설정 정리

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..554a7c8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,585 @@
+# VoiceScript — 음성 변환(STT) + 이미지 인식(OCR) 통합 툴
+
+> **Debian OS + Docker Compose** 기반 자체 호스팅 서비스  
+> faster-whisper(STT) + PaddleOCR 3.x / Ollama Vision(OCR) 듀얼 백엔드
+
+---
+
+## 목차
+
+1. [기능 개요](#기능-개요)
+2. [프로젝트 구조](#프로젝트-구조)
+3. [시스템 요구사항](#시스템-요구사항)
+4. [설치 전 필수 확인사항 ⚠️](#설치-전-필수-확인사항)
+5. [환경 변수 설정](#환경-변수-설정)
+6. [빌드 및 실행](#빌드-및-실행)
+7. [Nginx 연동 SSL](#nginx-연동-ssl)
+8. [Ollama 모델 준비](#ollama-모델-준비)
+9. [운영 관리](#운영-관리)
+10. [트러블슈팅 알려진 이슈](#트러블슈팅-알려진-이슈)
+11. [API 엔드포인트](#api-엔드포인트)
+
+---
+
+## 기능 개요
+
+### 🎙 STT — 음성 텍스트 변환
+- **엔진**: [faster-whisper](https://github.com/SYSTRAN/faster-whisper) (OpenAI Whisper 최적화 포크)
+- 지원 형식: `mp3` `wav` `m4a` `ogg` `flac` `aac` `mp4` `webm` `mkv` 등
+- VAD(무음 구간 자동 제거) 적용
+- 타임스탬프 세그먼트 분리 출력
+- TXT 파일 다운로드
+
+### 🔍 OCR — 이미지 텍스트 인식
+- 지원 형식: `jpg` `png` `bmp` `tiff` `webp` `gif`
+- **PaddleOCR 모드**: 로컬 실행, 표 구조 분석(PP-Structure), Excel 다운로드
+- **Ollama Vision 모드**: 기존 Ollama 서버 활용, 자연어 지시, 커스텀 프롬프트
+
+### 🔐 인증
+- JWT 기반 로그인 (만료 시간 설정 가능)
+- 모든 API 토큰 인증 필수
+
+---
+
+## 프로젝트 구조
+
+```
+whisper-stt/
+│
+├── docker-compose.yml          # 전체 서비스 정의
+│
+├── app/
+│   ├── Dockerfile              # Python 3.11-slim + ffmpeg + PaddlePaddle 3.0.0
+│   ├── requirements.txt        # Python 패키지 목록
+│   │
+│   ├── main.py                 # FastAPI 앱 (인증 + STT + OCR 엔드포인트)
+│   ├── auth.py                 # JWT 인증 모듈
+│   ├── tasks.py                # Celery STT 태스크 (faster-whisper)
+│   ├── ocr_tasks.py            # Celery OCR 태스크 (PaddleOCR / Ollama)
+│   │
+│   └── static/
+│       └── index.html          # 웹 프론트엔드 (로그인 + STT + OCR 탭)
+│
+└── nginx/                      # 참고용 (호스트 Nginx 사용 시 불필요)
+    ├── Dockerfile
+    └── nginx.conf
+```
+
+### 컨테이너 구성
+
+```
+┌─────────────────────────────────────────┐
+│  호스트 Nginx (SSL/certbot)              │
+│  → 리버스 프록시 → 127.0.0.1:8800       │
+└─────────────────────────────────────────┘
+           │
+           ▼
+┌──────────────────┐    ┌──────────────────────┐
+│   whisper_app    │    │   whisper_worker     │
+│   FastAPI:8000   │    │   Celery (solo pool) │
+│   (포트 8800)    │    │   STT + OCR 처리     │
+└────────┬─────────┘    └──────────┬───────────┘
+         │                         │
+         └────────────┬────────────┘
+                      ▼
+           ┌──────────────────┐
+           │  whisper_redis   │
+           │  Redis:6379      │
+           │  (작업 큐/결과)  │
+           └──────────────────┘
+```
+
+---
+
+## 시스템 요구사항
+
+| 항목 | 최소 | 권장 |
+|------|------|------|
+| CPU | 4코어 | AMD 5825u 이상 |
+| RAM | 8GB | 16GB (medium 모델 기준) |
+| 디스크 | 20GB | 50GB 이상 |
+| OS | Debian 11+ | Debian 12 (Bookworm) |
+| Docker | 24.0+ | 최신 |
+| Docker Compose | v2.0+ | 최신 (`version:` 필드 불필요) |
+
+### 의존 서비스
+- **Ollama**: 호스트에서 `11434` 포트로 실행 중이어야 함 (OCR Vision 모드 사용 시)
+
+---
+
+## 설치 전 필수 확인사항
+
+> ⚠️ 이 섹션을 건너뛰면 빌드 후 오류가 발생합니다.
+
+### 1. 호스트 IP 확인 — OLLAMA_URL 설정
+
+`host.docker.internal`은 Linux에서 동작하지 않습니다.  
+반드시 실제 LAN IP를 확인하여 설정하세요.
+
+```bash
+ip addr show | grep "inet " | grep -v 127.0.0.1
+```
+
+`docker-compose.yml` 두 곳(app, worker) 모두 변경:
+```yaml
+- OLLAMA_URL=http://실제호스트IP:11434
+```
+
+### 2. 인증 정보 변경
+
+```yaml
+# app, worker 두 서비스 모두 동일하게 변경
+- AUTH_USERNAME=원하는아이디
+- AUTH_PASSWORD=강력한비밀번호
+- JWT_SECRET=랜덤문자열   # openssl rand -hex 32
+```
+
+```bash
+# JWT 시크릿 생성
+openssl rand -hex 32
+```
+
+### 3. 포트 충돌 확인
+
+```bash
+ss -tlnp | grep 8800
+```
+
+충돌 시 `docker-compose.yml`에서 변경:
+```yaml
+ports:
+  - "원하는포트:8000"
+```
+
+### 4. 디스크 용량 확인
+
+| 항목 | 크기 | 시점 |
+|------|------|------|
+| Whisper medium 모델 | ~1.5GB | 첫 STT 실행 시 자동 다운로드 |
+| PaddleOCR korean 모델 | ~700MB | 첫 OCR 실행 시 자동 다운로드 |
+| PaddlePaddle 3.0.0 | ~300MB | 빌드 시 |
+| Docker 이미지 | ~3GB | 빌드 시 |
+
+```bash
+df -h /
+# 여유 공간 10GB 이상 권장
+```
+
+### 5. Ollama 서버 실행 확인
+
+```bash
+curl http://localhost:11434/api/tags
+# 응답 없으면 Ollama 미실행 상태
+```
+
+### 6. Docker Compose v2 확인
+
+```bash
+docker compose version
+# v2.x 이상이어야 함 (docker-compose가 아닌 docker compose)
+```
+
+---
+
+## 환경 변수 설정
+
+`docker-compose.yml`의 `app`과 `worker` 두 서비스에 **동일하게** 설정.
+
+### 인증
+
+| 변수 | 기본값 | 설명 |
+|------|--------|------|
+| `AUTH_USERNAME` | `admin` | 로그인 아이디 |
+| `AUTH_PASSWORD` | `changeme1234` | 로그인 비밀번호 **변경 필수** |
+| `JWT_SECRET` | *(변경 필수)* | JWT 서명 키 |
+| `JWT_EXPIRE_HOURS` | `12` | 토큰 유효 시간 (시간 단위) |
+
+### Whisper STT
+
+| 변수 | 기본값 | 설명 |
+|------|--------|------|
+| `WHISPER_MODEL` | `medium` | `tiny` `base` `small` `medium` `large-v3` |
+| `WHISPER_DEVICE` | `cpu` | GPU 없는 경우 `cpu` |
+| `WHISPER_COMPUTE_TYPE` | `int8` | CPU 최적화: `int8` 권장 |
+| `WHISPER_LANGUAGE` | `ko` | 언어 고정. 비우면 자동 감지 |
+| `WHISPER_BEAM_SIZE` | `5` | 정확도↑ vs 속도↓ |
+| `WHISPER_INITIAL_PROMPT` | 비어있음 | 도메인 힌트 예: `"고객 상담 녹취록입니다."` |
+
+**모델별 성능 (5825u CPU 기준)**
+
+| 모델 | 크기 | 1분 변환 시간 | 한국어 정확도 |
+|------|------|-------------|--------------|
+| tiny | 75MB | ~5초 | 보통 |
+| base | 145MB | ~10초 | 보통 |
+| small | 484MB | ~30초 | 양호 |
+| **medium** | **1.5GB** | **~90초** | **우수 ← 권장** |
+| large-v3 | 3GB | ~5분+ | 최고 |
+
+### PaddleOCR
+
+| 변수 | 기본값 | 설명 |
+|------|--------|------|
+| `OCR_LANG` | `korean` | `korean` `en` `japan` `chinese_cht` `ch` |
+
+### Ollama OCR
+
+| 변수 | 기본값 | 설명 |
+|------|--------|------|
+| `OLLAMA_URL` | `http://192.168.0.126:11434` | **실제 호스트 IP로 변경 필수** |
+| `OLLAMA_TIMEOUT` | `180` | 초 단위. 11b 이상 모델은 `300` 이상 권장 |
+
+### 파일 관리
+
+| 변수 | 기본값 | 설명 |
+|------|--------|------|
+| `MAX_UPLOAD_MB` | `500` | 업로드 최대 파일 크기 (MB) |
+| `OUTPUT_KEEP_HOURS` | `48` | 결과 파일 보관 시간. `0`=무제한 |
+
+---
+
+## 빌드 및 실행
+
+```bash
+# 1. 저장소 클론
+git clone http://gitea.byunc.com/byun/whisper-stt.git
+cd whisper-stt
+
+# 2. 필수 설정 변경 (docker-compose.yml)
+#    - AUTH_USERNAME, AUTH_PASSWORD, JWT_SECRET
+#    - OLLAMA_URL (호스트 실제 IP)
+
+# 3. 빌드 및 시작
+docker compose up -d --build
+
+# 4. 빌드 후 모델 다운로드 완료까지 대기
+docker compose logs -f worker
+# "[Whisper] 로드 완료" + "celery@... ready." 확인
+```
+
+접속:
+```
+http://서버IP:8800
+```
+
+### 이후 코드 변경 시 재배포
+
+```bash
+# 코드만 변경된 경우 (재빌드 필요)
+docker compose build --no-cache app worker
+docker compose up -d
+
+# 환경변수만 변경된 경우 (재빌드 불필요)
+docker compose up -d --force-recreate app worker
+
+# Docker 이미지 정리 (빌드 반복 후 용량 정리)
+docker system prune -f
+```
+
+---
+
+## Nginx 연동 SSL
+
+호스트 Nginx + certbot SSL 운용 중인 경우:
+
+```nginx
+# /etc/nginx/sites-available/voicescript.conf
+
+server {
+    listen 443 ssl;
+    server_name stt.yourdomain.com;
+
+    ssl_certificate     /etc/letsencrypt/live/stt.yourdomain.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/stt.yourdomain.com/privkey.pem;
+
+    # ⚠️ 음성 파일 업로드를 위해 반드시 설정 (기본 1MB → 초과 시 413 에러)
+    client_max_body_size 500M;
+    client_body_timeout  300s;
+    proxy_read_timeout   600s;
+    proxy_send_timeout   600s;
+
+    location / {
+        proxy_pass         http://127.0.0.1:8800;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    listen 80;
+    server_name stt.yourdomain.com;
+    return 301 https://$host$request_uri;
+}
+```
+
+```bash
+sudo certbot --nginx -d stt.yourdomain.com
+sudo nginx -t && sudo systemctl reload nginx
+```
+
+---
+
+## Ollama 모델 준비
+
+호스트에서 미리 pull:
+
+```bash
+# 문서/표 특화 — 약 2GB ← 기본값, 권장
+ollama pull granite3.2-vision
+
+# OCR 전용 경량 — 약 2GB
+ollama pull deepseek-ocr:3b
+
+# 범용 고정확도 — 약 8GB (RAM 16GB+ 필요)
+ollama pull llama3.2-vision:11b
+
+# 최고 정확도 — 약 9GB (RAM 16GB+ 필요)
+ollama pull richardyoung/olmocr2:7b-q8
+```
+
+> **참고**: `granite3.2-vision`만 설치되어 있어도 즉시 사용 가능합니다.  
+> 큰 모델 사용 시 `OLLAMA_TIMEOUT=300` 이상으로 설정하세요.
+
+---
+
+## 운영 관리
+
+```bash
+# 상태 확인
+docker compose ps
+
+# 로그 확인
+docker compose logs app --tail=30
+docker compose logs worker --tail=30
+docker compose logs -f              # 전체 실시간
+
+# 재시작
+docker compose restart
+
+# 중지
+docker compose down
+
+# 설정 변경 후 재시작 (재빌드 없이)
+docker compose up -d --force-recreate app worker
+```
+
+### Docker 이미지 정리
+
+빌드를 반복하면 dangling 이미지가 누적됩니다.
+
+```bash
+docker system df                    # 사용량 확인
+docker system prune -f              # 불필요한 이미지/컨테이너 정리
+docker compose down -v              # 볼륨 포함 완전 초기화 (모델 재다운로드 필요)
+```
+
+### 볼륨 정보
+
+| 볼륨 | 내용 | 삭제 시 영향 |
+|------|------|------------|
+| `whisper_models` | Whisper 모델 (~1.5GB) | 재다운로드 필요 |
+| `paddle_models` | PaddleOCR 모델 (~700MB) | 재다운로드 필요 |
+| `stt_data` | 업로드/결과 파일 | 데이터 손실 |
+| `redis_data` | 작업 큐 상태 | 진행 중 작업 손실 |
+
+---
+
+## 트러블슈팅 알려진 이슈
+
+실제 배포 과정에서 겪은 오류와 해결 방법입니다.
+
+---
+
+### ❌ `signal 11 (SIGSEGV)` — Worker 크래시
+
+**원인**: faster-whisper 내부 CTranslate2 라이브러리가 Celery `prefork` 방식과 충돌  
+**해결**: `docker-compose.yml` worker command에 `--pool=solo` 추가
+
+```yaml
+command: >
+  celery -A tasks worker
+  --loglevel=info
+  --pool=solo          # ← 이 옵션이 핵심
+  --max-tasks-per-child=50
+  -Q stt,ocr
+```
+
+> `--pool=solo`는 포크 없이 메인 프로세스에서 직접 실행합니다.  
+> `--concurrency=1`이었으므로 성능 차이는 없습니다.
+
+---
+
+### ❌ `No matching distribution found for paddlepaddle==2.6.1`
+
+**원인**: 미러에서 해당 버전 제거됨  
+**해결**: `Dockerfile`에서 `3.0.0`으로 변경
+
+```dockerfile
+RUN pip install --no-cache-dir paddlepaddle==3.0.0 \
+    -i https://pypi.tuna.tsinghua.edu.cn/simple
+```
+
+---
+
+### ❌ `ValueError: password cannot be longer than 72 bytes`
+
+**원인**: `passlib[bcrypt]` 초기화 버그  
+**해결**: `auth.py`에서 bcrypt 완전 제거, 직접 문자열 비교 방식 사용  
+`requirements.txt`에서 `passlib` 줄 삭제
+
+---
+
+### ❌ `AttributeError: 'DisabledBackend'`
+
+**원인**: `from celery.result import AsyncResult` 사용 시 백엔드 설정 누락  
+**해결**: `celery_app.AsyncResult()` 방식으로 변경
+
+```python
+# main.py
+from tasks import celery_app
+r = celery_app.AsyncResult(task_id)  # ✅
+```
+
+---
+
+### ❌ `ModuleNotFoundError: No module named 'ocr_tasks'`
+
+**원인**: `celery_app.autodiscover_tasks(["ocr_tasks"])` 동작 안 함  
+**해결**: `tasks.py`에서 직접 import
+
+```python
+from ocr_tasks import ocr_task  # noqa: F401
+```
+
+---
+
+### ❌ `Unknown argument: use_gpu` / `Unknown argument: show_log`
+
+**원인**: PaddleOCR 3.x에서 파라미터 제거됨  
+**해결**: `ocr_tasks.py`에서 해당 파라미터 삭제
+
+```python
+_ocr_engine = PaddleOCR(use_angle_cls=True, lang=OCR_LANG)  # ✅
+```
+
+---
+
+### ❌ `PaddleOCR.predict() got an unexpected keyword argument 'cls'`
+
+**원인**: PaddleOCR 3.x API 변경  
+**해결**: `ocr(img, cls=True)` → `ocr(img)`
+
+---
+
+### ❌ `'AnalysisConfig' object has no attribute 'set_optimization_level'`
+
+**원인**: PaddleOCR 3.x와 paddlepaddle 2.x 버전 불일치  
+**해결**: paddlepaddle `3.0.0`으로 업그레이드
+
+---
+
+### ❌ `too many values to unpack (expected 2)`
+
+**원인**: PaddleOCR 3.x 결과 구조 변경  
+**해결**: `rec_texts` / `rec_scores` 방식으로 파싱
+
+```python
+r = result[0]
+texts  = r.get("rec_texts", [])
+scores = r.get("rec_scores", [])
+```
+
+---
+
+### ❌ `MISCONF Redis is configured to save RDB snapshots`
+
+**원인**: 디스크 부족으로 Redis RDB 저장 실패 → 쓰기 차단  
+**해결**: `docker-compose.yml` Redis command에 옵션 추가
+
+```yaml
+command: redis-server --stop-writes-on-bgsave-error no
+```
+
+---
+
+### ❌ Ollama 연결 타임아웃
+
+**원인**: `host.docker.internal`이 Linux에서 불안정  
+**해결**: 실제 호스트 LAN IP로 변경
+
+```yaml
+- OLLAMA_URL=http://192.168.x.x:11434
+```
+
+---
+
+### ❌ STT 진행률 5%/15%에서 멈춤
+
+| 단계 | 원인 | 대기 시간 |
+|------|------|---------|
+| 5% `모델 준비 중` | Whisper 모델 첫 다운로드 (~1.5GB) | 5~20분 |
+| 15% `오디오 분석 중` | 첫 변환 시 내부 초기화 | 1~3분 |
+| `변환 중... Xs / Xs` | 정상 진행 | 파일 길이에 비례 |
+
+```bash
+# 진행 상황 실시간 확인
+docker compose logs worker -f
+```
+
+---
+
+## API 엔드포인트
+
+### 인증
+
+| 메서드 | 경로 | 설명 |
+|--------|------|------|
+| `POST` | `/api/login` | 로그인 (`username`, `password` form) |
+| `GET` | `/api/me` | 현재 사용자 확인 |
+
+### STT
+
+| 메서드 | 경로 | 설명 |
+|--------|------|------|
+| `POST` | `/api/transcribe` | 음성 파일 업로드 및 변환 시작 |
+| `GET` | `/api/status/{task_id}` | 작업 진행 상태 조회 |
+| `GET` | `/api/download/{filename}` | 결과 파일 다운로드 |
+
+### OCR
+
+| 메서드 | 경로 | 설명 |
+|--------|------|------|
+| `POST` | `/api/ocr` | 이미지 업로드 및 인식 시작 |
+
+**OCR 파라미터**
+
+| 파라미터 | 기본값 | 설명 |
+|---------|--------|------|
+| `file` | — | 이미지 파일 |
+| `mode` | `text` | `text` \| `structure` |
+| `backend` | `paddle` | `paddle` \| `ollama` |
+| `ollama_model` | `granite3.2-vision` | Ollama 모델명 |
+| `custom_prompt` | 비어있음 | Ollama 커스텀 프롬프트 |
+
+### 관리
+
+| 메서드 | 경로 | 설명 |
+|--------|------|------|
+| `POST` | `/api/cleanup` | 오래된 결과 파일 정리 |
+
+---
+
+## 기술 스택
+
+| 구성요소 | 버전 | 역할 |
+|---------|------|------|
+| Python | 3.11 | 런타임 |
+| FastAPI | 0.115 | API 서버 |
+| Celery | 5.4 (`--pool=solo`) | 비동기 태스크 큐 |
+| Redis | 7 alpine | 메시지 브로커 |
+| faster-whisper | 1.0.3 | STT 엔진 |
+| PaddlePaddle | 3.0.0 | OCR 딥러닝 프레임워크 |
+| PaddleOCR | 3.x | OCR 엔진 |
+| httpx | 0.27+ | Ollama API 호출 |
+| Ollama | 호스트 운용 | Vision 모델 서버 |
diff --git a/app/Dockerfile b/app/Dockerfile
new file mode 100644
index 0000000..fd2eb75
--- /dev/null
+++ b/app/Dockerfile
@@ -0,0 +1,34 @@
+FROM python:3.11-slim
+
+RUN apt-get update && apt-get install -y \
+    ffmpeg \
+    libsndfile1 \
+    libgomp1 \
+    libglib2.0-0 \
+    libsm6 \
+    libxext6 \
+    libxrender1 \
+    libgl1 \
+    libgles2 \
+    libegl1 \
+    wget \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY requirements.txt .
+
+# PaddlePaddle CPU — PyPI 공식 서버
+RUN pip install --no-cache-dir paddlepaddle==3.0.0
+
+# 나머지 패키지
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+RUN mkdir -p /data/uploads /data/outputs
+
+EXPOSE 8000
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
diff --git a/app/auth.py b/app/auth.py
new file mode 100644
index 0000000..3efb0d9
--- /dev/null
+++ b/app/auth.py
@@ -0,0 +1,146 @@
+"""
+인증 모듈 — 다중 사용자 JSON 파일 기반
+/data/users.json 에 사용자 정보 저장
+관리자(admin)는 환경변수 AUTH_USERNAME/AUTH_PASSWORD 기준으로 초기화
+"""
+import os, json, threading
+from pathlib import Path
+from datetime import datetime, timedelta
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from jose import JWTError, jwt
+
+SECRET_KEY     = os.getenv("JWT_SECRET", "fallback-secret-change-this")
+ALGORITHM      = "HS256"
+EXPIRE_HOURS   = int(os.getenv("JWT_EXPIRE_HOURS", "12"))
+ADMIN_USERNAME = os.getenv("AUTH_USERNAME", "admin")
+ADMIN_PASSWORD = os.getenv("AUTH_PASSWORD", "changeme1234")
+
+DATA_DIR   = Path(os.getenv("UPLOAD_DIR", "/data/uploads")).parent
+USERS_FILE = DATA_DIR / "users.json"
+
+_lock = threading.Lock()
+bearer = HTTPBearer(auto_error=False)
+
+
+# ── 파일 I/O ───────────────────────────────────────────────────
+def _load() -> dict:
+    if not USERS_FILE.exists():
+        return {}
+    with open(USERS_FILE, "r", encoding="utf-8") as f:
+        return json.load(f)
+
+def _save(users: dict):
+    USERS_FILE.parent.mkdir(parents=True, exist_ok=True)
+    with open(USERS_FILE, "w", encoding="utf-8") as f:
+        json.dump(users, f, ensure_ascii=False, indent=2)
+
+
+# ── 초기화 (앱 시작 시 1회) ────────────────────────────────────
+def init_users():
+    with _lock:
+        users = _load()
+        # 관리자 계정은 항상 env var 기준으로 동기화
+        users[ADMIN_USERNAME] = {
+            "password":    ADMIN_PASSWORD,
+            "role":        "admin",
+            "permissions": {"stt": True, "ocr": True},
+        }
+        _save(users)
+
+
+# ── CRUD ──────────────────────────────────────────────────────
+def authenticate(username: str, password: str):
+    """성공 시 user dict, 실패 시 None"""
+    with _lock:
+        users = _load()
+    u = users.get(username)
+    if not u or u["password"] != password:
+        return None
+    return {"username": username, **u}
+
+def get_user(username: str):
+    with _lock:
+        return _load().get(username)
+
+def list_users() -> dict:
+    with _lock:
+        users = _load()
+    # 비밀번호 마스킹
+    return {k: {**{kk: vv for kk, vv in v.items() if kk != "password"}}
+            for k, v in users.items()}
+
+def create_user(username: str, password: str, permissions: dict) -> tuple:
+    with _lock:
+        users = _load()
+        if username in users:
+            return False, "이미 존재하는 사용자입니다"
+        users[username] = {"password": password, "role": "user",
+                           "permissions": permissions}
+        _save(users)
+    return True, "사용자가 생성되었습니다"
+
+def update_user(username: str, permissions: dict, password: str = None) -> tuple:
+    if username == ADMIN_USERNAME:
+        return False, "기본 관리자 계정은 수정할 수 없습니다"
+    with _lock:
+        users = _load()
+        if username not in users:
+            return False, "사용자를 찾을 수 없습니다"
+        users[username]["permissions"] = permissions
+        if password:
+            users[username]["password"] = password
+        _save(users)
+    return True, "업데이트되었습니다"
+
+def delete_user(username: str) -> tuple:
+    if username == ADMIN_USERNAME:
+        return False, "기본 관리자 계정은 삭제할 수 없습니다"
+    with _lock:
+        users = _load()
+        if username not in users:
+            return False, "사용자를 찾을 수 없습니다"
+        del users[username]
+        _save(users)
+    return True, "삭제되었습니다"
+
+
+# ── JWT ───────────────────────────────────────────────────────
+def create_access_token(username: str) -> str:
+    exp = datetime.utcnow() + timedelta(hours=EXPIRE_HOURS)
+    return jwt.encode({"sub": username, "exp": exp}, SECRET_KEY, algorithm=ALGORITHM)
+
+
+# ── FastAPI 의존성 ────────────────────────────────────────────
+def require_auth(credentials: HTTPAuthorizationCredentials = Depends(bearer)) -> dict:
+    if credentials is None:
+        raise HTTPException(401, "인증이 필요합니다",
+                            headers={"WWW-Authenticate": "Bearer"})
+    try:
+        payload = jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM])
+        username = payload.get("sub")
+        if not username:
+            raise JWTError()
+        u = get_user(username)
+        if not u:
+            raise JWTError()
+        return {"username": username, **u}
+    except JWTError:
+        raise HTTPException(401, "토큰이 유효하지 않거나 만료되었습니다",
+                            headers={"WWW-Authenticate": "Bearer"})
+
+def require_admin(user: dict = Depends(require_auth)) -> dict:
+    if user.get("role") != "admin":
+        raise HTTPException(403, "관리자 권한이 필요합니다")
+    return user
+
+def require_stt(user: dict = Depends(require_auth)) -> dict:
+    if not user.get("permissions", {}).get("stt", False):
+        raise HTTPException(403, "STT 사용 권한이 없습니다")
+    return user
+
+def require_ocr(user: dict = Depends(require_auth)) -> dict:
+    if not user.get("permissions", {}).get("ocr", False):
+        raise HTTPException(403, "OCR 사용 권한이 없습니다")
+    return user
diff --git a/app/main.py b/app/main.py
new file mode 100644
index 0000000..a409dbf
--- /dev/null
+++ b/app/main.py
@@ -0,0 +1,275 @@
+import os, uuid, time, glob, json
+import httpx
+import aiofiles
+from pathlib import Path
+from fastapi import FastAPI, UploadFile, File, HTTPException, Depends, Form, Request
+from fastapi.staticfiles import StaticFiles
+from fastapi.responses import FileResponse
+from pydantic import BaseModel
+
+from auth import (authenticate, create_access_token, init_users,
+                  require_auth, require_admin, require_stt, require_ocr,
+                  list_users, create_user, update_user, delete_user)
+from tasks import celery_app, transcribe_task
+from ocr_tasks import ocr_task
+
+app = FastAPI(title="VoiceScript API")
+
+UPLOAD_DIR       = os.getenv("UPLOAD_DIR", "/data/uploads")
+OUTPUT_DIR       = os.getenv("OUTPUT_DIR", "/data/outputs")
+OLLAMA_URL       = os.getenv("OLLAMA_URL", "http://192.168.0.126:11434")
+MAX_UPLOAD_BYTES = int(os.getenv("MAX_UPLOAD_MB", "500")) * 1024 * 1024
+OUTPUT_KEEP_SECS = int(os.getenv("OUTPUT_KEEP_HOURS", "48")) * 3600
+
+DATA_DIR      = Path(UPLOAD_DIR).parent
+SETTINGS_FILE = DATA_DIR / "settings.json"
+
+os.makedirs(UPLOAD_DIR, exist_ok=True)
+os.makedirs(OUTPUT_DIR, exist_ok=True)
+
+AUDIO_EXT = {"mp3","mp4","wav","m4a","ogg","flac","aac","wma","webm","mkv","avi","mov"}
+IMAGE_EXT  = {"jpg","jpeg","png","bmp","tiff","tif","webp","gif"}
+
+
+# ── 설정 I/O ─────────────────────────────────────────────────
+def _load_settings() -> dict:
+    if not SETTINGS_FILE.exists():
+        return {"stt_ollama_model": "", "ocr_ollama_model": "granite3.2-vision:latest"}
+    with open(SETTINGS_FILE, "r", encoding="utf-8") as f:
+        return json.load(f)
+
+def _save_settings(data: dict):
+    SETTINGS_FILE.parent.mkdir(parents=True, exist_ok=True)
+    with open(SETTINGS_FILE, "w", encoding="utf-8") as f:
+        json.dump(data, f, ensure_ascii=False, indent=2)
+
+
+# ════════════════════════════════════════════════════════════════
+#  시작 이벤트
+# ════════════════════════════════════════════════════════════════
+@app.on_event("startup")
+async def on_startup():
+    init_users()
+    _cleanup_outputs()
+
+
+# ════════════════════════════════════════════════════════════════
+#  인증
+# ════════════════════════════════════════════════════════════════
+@app.post("/api/login")
+def login(username: str = Form(...), password: str = Form(...)):
+    user = authenticate(username, password)
+    if not user:
+        raise HTTPException(401, "아이디 또는 비밀번호가 올바르지 않습니다")
+    return {"access_token": create_access_token(username), "token_type": "bearer"}
+
+@app.get("/api/me")
+def me(user: dict = Depends(require_auth)):
+    return {
+        "username":    user["username"],
+        "role":        user.get("role", "user"),
+        "permissions": user.get("permissions", {"stt": False, "ocr": False}),
+    }
+
+
+# ════════════════════════════════════════════════════════════════
+#  STT
+# ════════════════════════════════════════════════════════════════
+@app.post("/api/transcribe")
+async def transcribe(
+    request:      Request,
+    file:         UploadFile = File(...),
+    use_ollama:   str        = Form("false"),
+    ollama_model: str        = Form(""),
+    user: dict = Depends(require_stt),
+):
+    _check_size(request)
+    ext = _ext(file.filename)
+    if ext not in AUDIO_EXT:
+        raise HTTPException(400, f"지원하지 않는 형식: {', '.join(sorted(AUDIO_EXT))}")
+    file_id   = str(uuid.uuid4())
+    save_path = os.path.join(UPLOAD_DIR, f"{file_id}.{ext}")
+    await _save(file, save_path)
+
+    _use_ollama = use_ollama.lower() == "true"
+    # 모델 미지정 시 설정에서 가져옴
+    if _use_ollama and not ollama_model.strip():
+        ollama_model = _load_settings().get("stt_ollama_model", "")
+
+    task = transcribe_task.delay(file_id, save_path, _use_ollama, ollama_model)
+    return {"task_id": task.id, "file_id": file_id, "filename": file.filename}
+
+
+# ════════════════════════════════════════════════════════════════
+#  OCR
+# ════════════════════════════════════════════════════════════════
+@app.post("/api/ocr")
+async def ocr(
+    request:       Request,
+    file:          UploadFile = File(...),
+    mode:          str        = Form("text"),
+    backend:       str        = Form("paddle"),
+    ollama_model:  str        = Form(""),
+    custom_prompt: str        = Form(""),
+    user: dict = Depends(require_ocr),
+):
+    _check_size(request)
+    ext = _ext(file.filename)
+    if ext not in IMAGE_EXT:
+        raise HTTPException(400, f"지원하지 않는 형식: {', '.join(sorted(IMAGE_EXT))}")
+    if mode    not in ("text", "structure"): mode    = "text"
+    if backend not in ("paddle", "ollama"):  backend = "paddle"
+
+    # 모델 미지정 시 설정에서 가져옴
+    if backend == "ollama" and not ollama_model.strip():
+        ollama_model = _load_settings().get("ocr_ollama_model", "granite3.2-vision:latest")
+
+    file_id   = str(uuid.uuid4())
+    save_path = os.path.join(UPLOAD_DIR, f"{file_id}.{ext}")
+    await _save(file, save_path)
+    task = ocr_task.delay(file_id, save_path, mode, backend, ollama_model, custom_prompt)
+    return {"task_id": task.id, "file_id": file_id,
+            "filename": file.filename, "mode": mode, "backend": backend}
+
+
+# ════════════════════════════════════════════════════════════════
+#  작업 상태 / 다운로드
+# ════════════════════════════════════════════════════════════════
+@app.get("/api/status/{task_id}")
+def get_status(task_id: str, user: dict = Depends(require_auth)):
+    r = celery_app.AsyncResult(task_id)
+    if r.state == "PENDING":  return {"state": "pending",  "progress": 0,   "message": "대기 중..."}
+    if r.state == "PROGRESS": m = r.info or {}; return {"state": "progress","progress": m.get("progress",0),"message": m.get("message","처리 중...")}
+    if r.state == "SUCCESS":  return {"state": "success",  "progress": 100, **r.result}
+    if r.state == "FAILURE":  return {"state": "failure",  "progress": 0,   "message": str(r.info)}
+    return {"state": r.state.lower(), "progress": 0}
+
+@app.get("/api/download/{filename}")
+def download(filename: str, user: dict = Depends(require_auth)):
+    if ".." in filename or "/" in filename:
+        raise HTTPException(400, "잘못된 파일명")
+    path = os.path.join(OUTPUT_DIR, filename)
+    if not os.path.exists(path):
+        raise HTTPException(404, "파일을 찾을 수 없습니다")
+    media = ("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+             if filename.endswith(".xlsx") else "text/plain")
+    return FileResponse(path, media_type=media, filename=filename)
+
+
+# ════════════════════════════════════════════════════════════════
+#  Ollama 모델 목록
+# ════════════════════════════════════════════════════════════════
+@app.get("/api/ollama/models")
+def ollama_models(user: dict = Depends(require_auth)):
+    try:
+        resp = httpx.get(f"{OLLAMA_URL}/api/tags", timeout=8.0)
+        resp.raise_for_status()
+        models = [m["name"] for m in resp.json().get("models", [])]
+        return {"models": models, "connected": True}
+    except Exception as e:
+        return {"models": [], "connected": False, "error": str(e)}
+
+
+# ════════════════════════════════════════════════════════════════
+#  설정
+# ════════════════════════════════════════════════════════════════
+@app.get("/api/settings")
+def get_settings(user: dict = Depends(require_auth)):
+    return _load_settings()
+
+@app.post("/api/settings")
+def save_settings_endpoint(
+    stt_ollama_model: str = Form(""),
+    ocr_ollama_model: str = Form(""),
+    user: dict = Depends(require_auth),
+):
+    data = {"stt_ollama_model": stt_ollama_model,
+            "ocr_ollama_model": ocr_ollama_model}
+    _save_settings(data)
+    return {"ok": True, "settings": data}
+
+
+# ════════════════════════════════════════════════════════════════
+#  관리자 — 사용자 관리
+# ════════════════════════════════════════════════════════════════
+@app.get("/api/admin/users")
+def admin_list_users(user: dict = Depends(require_admin)):
+    return {"users": list_users()}
+
+@app.post("/api/admin/users")
+def admin_create_user(
+    username:   str  = Form(...),
+    password:   str  = Form(...),
+    perm_stt:   str  = Form("false"),
+    perm_ocr:   str  = Form("false"),
+    user: dict = Depends(require_admin),
+):
+    perms = {"stt": perm_stt.lower()=="true", "ocr": perm_ocr.lower()=="true"}
+    ok, msg = create_user(username, password, perms)
+    if not ok:
+        raise HTTPException(400, msg)
+    return {"ok": True, "message": msg}
+
+@app.put("/api/admin/users/{username}")
+def admin_update_user(
+    username:  str,
+    perm_stt:  str = Form("false"),
+    perm_ocr:  str = Form("false"),
+    password:  str = Form(""),
+    user: dict = Depends(require_admin),
+):
+    perms = {"stt": perm_stt.lower()=="true", "ocr": perm_ocr.lower()=="true"}
+    ok, msg = update_user(username, perms, password or None)
+    if not ok:
+        raise HTTPException(400, msg)
+    return {"ok": True, "message": msg}
+
+@app.delete("/api/admin/users/{username}")
+def admin_delete_user(username: str, user: dict = Depends(require_admin)):
+    ok, msg = delete_user(username)
+    if not ok:
+        raise HTTPException(400, msg)
+    return {"ok": True, "message": msg}
+
+
+# ════════════════════════════════════════════════════════════════
+#  정리
+# ════════════════════════════════════════════════════════════════
+@app.post("/api/cleanup")
+def cleanup(user: dict = Depends(require_auth)):
+    return {"removed": _cleanup_outputs()}
+
+
+# ════════════════════════════════════════════════════════════════
+#  유틸
+# ════════════════════════════════════════════════════════════════
+def _check_size(request: Request):
+    cl = request.headers.get("content-length")
+    if cl and int(cl) > MAX_UPLOAD_BYTES:
+        raise HTTPException(413, f"파일이 너무 큽니다. 최대 {MAX_UPLOAD_BYTES//1024//1024}MB")
+
+def _cleanup_outputs() -> int:
+    if OUTPUT_KEEP_SECS == 0:
+        return 0
+    cutoff = time.time() - OUTPUT_KEEP_SECS
+    removed = 0
+    for f in glob.glob(os.path.join(OUTPUT_DIR, "*")):
+        try:
+            if os.path.getmtime(f) < cutoff:
+                os.remove(f); removed += 1
+        except: pass
+    return removed
+
+def _ext(fn): return fn.rsplit(".", 1)[-1].lower() if "." in fn else ""
+
+async def _save(file: UploadFile, path: str):
+    written = 0
+    async with aiofiles.open(path, "wb") as f:
+        while chunk := await file.read(1024 * 1024):
+            written += len(chunk)
+            if written > MAX_UPLOAD_BYTES:
+                await f.close(); os.remove(path)
+                raise HTTPException(413, f"파일이 너무 큽니다. 최대 {MAX_UPLOAD_BYTES//1024//1024}MB")
+            await f.write(chunk)
+
+app.mount("/", StaticFiles(directory="static", html=True), name="static")
diff --git a/app/ocr_tasks.py b/app/ocr_tasks.py
new file mode 100644
index 0000000..c5bc231
--- /dev/null
+++ b/app/ocr_tasks.py
@@ -0,0 +1,288 @@
+"""
+OCR Celery Tasks
+- PaddleOCR 3.x 호환 (use_gpu/show_log/cls 파라미터 제거, 결과구조 변경 반영)
+- backend="paddle"  → PaddleOCR 로컬 실행
+- backend="ollama"  → Ollama Vision API 호출
+"""
+import os
+import base64
+
+import httpx
+from celery import Celery
+import openpyxl
+from openpyxl.styles import Font, PatternFill, Alignment, Border, Side
+
+REDIS_URL      = os.getenv("REDIS_URL", "redis://redis:6379/0")
+OUTPUT_DIR     = os.getenv("OUTPUT_DIR", "/data/outputs")
+OCR_LANG       = os.getenv("OCR_LANG", "korean")
+OLLAMA_URL     = os.getenv("OLLAMA_URL", "http://192.168.0.126:11434")
+OLLAMA_TIMEOUT = int(os.getenv("OLLAMA_TIMEOUT", "180"))
+
+celery_app = Celery("ocr_tasks", broker=REDIS_URL, backend=REDIS_URL)
+celery_app.conf.update(
+    task_serializer="json",
+    result_serializer="json",
+    accept_content=["json"],
+    task_track_started=True,
+    result_expires=3600,
+)
+
+# PaddleOCR 싱글톤
+_ocr_engine    = None
+_struct_engine = None
+
+def get_ocr():
+    global _ocr_engine
+    if _ocr_engine is None:
+        from paddleocr import PaddleOCR
+        print(f"[PaddleOCR] 로딩 (lang={OCR_LANG})")
+        # PaddleOCR 3.x: use_gpu/show_log 파라미터 제거됨
+        _ocr_engine = PaddleOCR(use_angle_cls=True, lang=OCR_LANG)
+        print("[PaddleOCR] 완료")
+    return _ocr_engine
+
+def get_structure():
+    global _struct_engine
+    if _struct_engine is None:
+        from paddleocr import PPStructure
+        print("[PPStructure] 로딩")
+        _struct_engine = PPStructure(table=True, ocr=True, lang=OCR_LANG)
+        print("[PPStructure] 완료")
+    return _struct_engine
+
+
+# ════════════════════════════════════════════════════════════════
+#  메인 Task
+# ════════════════════════════════════════════════════════════════
+@celery_app.task(bind=True, name="tasks.ocr_task", queue="ocr")
+def ocr_task(self, file_id, image_path, mode="text",
+             backend="paddle", ollama_model="granite3.2-vision", custom_prompt=""):
+    self.update_state(state="PROGRESS", meta={"progress": 8, "message": "엔진 준비 중..."})
+    try:
+        if backend == "ollama":
+            result = _run_ollama(self, file_id, image_path, mode, ollama_model, custom_prompt)
+        else:
+            result = _run_paddle(self, file_id, image_path, mode)
+        try: os.remove(image_path)
+        except: pass
+        return result
+    except Exception as e:
+        try: os.remove(image_path)
+        except: pass
+        raise Exception(f"OCR 실패: {str(e)}")
+
+
+# ════════════════════════════════════════════════════════════════
+#  Ollama 백엔드
+# ════════════════════════════════════════════════════════════════
+_OLLAMA_PROMPTS = {
+    "text":      "이 이미지에서 모든 텍스트를 정확하게 추출해줘. 원본의 줄 구분과 단락 구조를 유지해줘.",
+    "structure": "이 이미지를 분석해서 표는 마크다운 표 형식으로, 나머지 텍스트는 원본 구조를 유지하며 추출해줘.",
+}
+
+def _run_ollama(task, file_id, image_path, mode, ollama_model, custom_prompt):
+    task.update_state(state="PROGRESS",
+                      meta={"progress": 15, "message": f"Ollama ({ollama_model}) 연결 중..."})
+    with open(image_path, "rb") as f:
+        img_b64 = base64.b64encode(f.read()).decode()
+    prompt = custom_prompt.strip() or _OLLAMA_PROMPTS.get(mode, _OLLAMA_PROMPTS["text"])
+    task.update_state(state="PROGRESS", meta={"progress": 30, "message": "모델 추론 중..."})
+    try:
+        resp = httpx.post(f"{OLLAMA_URL}/api/chat", json={
+            "model": ollama_model,
+            "messages": [{"role": "user", "content": prompt, "images": [img_b64]}],
+            "stream": False,
+            "options": {"temperature": 0.1},
+        }, timeout=float(OLLAMA_TIMEOUT))
+        resp.raise_for_status()
+    except httpx.ConnectError:
+        raise Exception(f"Ollama 서버 연결 실패 ({OLLAMA_URL})")
+    except httpx.TimeoutException:
+        raise Exception(f"Ollama 응답 시간 초과 ({OLLAMA_TIMEOUT}초). OLLAMA_TIMEOUT 값을 늘려주세요.")
+
+    task.update_state(state="PROGRESS", meta={"progress": 85, "message": "결과 저장 중..."})
+    full_text = resp.json().get("message", {}).get("content", "").strip()
+    if not full_text:
+        raise Exception("Ollama 빈 응답. 모델이 설치되어 있는지 확인하세요.")
+
+    tables = _parse_md_tables(full_text) if mode == "structure" else []
+    os.makedirs(OUTPUT_DIR, exist_ok=True)
+    txt_file = f"{file_id}_ocr.txt"
+    with open(os.path.join(OUTPUT_DIR, txt_file), "w", encoding="utf-8") as f:
+        f.write(f"# OCR 결과 (Ollama / {ollama_model})\n\n{full_text}")
+    xlsx_file = None
+    if tables:
+        xlsx_file = f"{file_id}_tables.xlsx"
+        _save_excel(tables, os.path.join(OUTPUT_DIR, xlsx_file))
+    tables_html = [_md_table_to_html(t) for t in tables]
+    lines = [{"text": l, "confidence": 1.0, "bbox": []}
+             for l in full_text.splitlines() if l.strip()]
+    return {
+        "mode": mode, "backend": "ollama", "ollama_model": ollama_model,
+        "full_text": full_text, "lines": lines, "line_count": len(lines),
+        "txt_file": txt_file,
+        "tables": [{"html": h, "rows": len(t),
+                    "cols": max(len(r) for r in t) if t else 0}
+                   for h, t in zip(tables_html, tables)],
+        "xlsx_file": xlsx_file,
+    }
+
+
+# ════════════════════════════════════════════════════════════════
+#  PaddleOCR 백엔드
+# ════════════════════════════════════════════════════════════════
+def _run_paddle(task, file_id, image_path, mode):
+    import cv2
+    img = cv2.imread(image_path)
+    if img is None:
+        raise ValueError("이미지를 읽을 수 없습니다")
+    os.makedirs(OUTPUT_DIR, exist_ok=True)
+    return _paddle_structure(task, file_id, img) if mode == "structure" \
+           else _paddle_text(task, file_id, img)
+
+
+def _paddle_text(task, file_id, img):
+    task.update_state(state="PROGRESS", meta={"progress": 30, "message": "텍스트 인식 중..."})
+    # PaddleOCR 3.x: cls 파라미터 제거, 결과 구조 변경
+    result = get_ocr().ocr(img)
+    task.update_state(state="PROGRESS", meta={"progress": 80, "message": "결과 정리 중..."})
+
+    lines = []
+    if result and len(result) > 0:
+        r = result[0]
+        # PaddleOCR 3.x 결과 구조: dict with rec_texts, rec_scores
+        if isinstance(r, dict):
+            texts  = r.get("rec_texts", [])
+            scores = r.get("rec_scores", [])
+            for text, conf in zip(texts, scores):
+                if text.strip():
+                    lines.append({"text": text,
+                                  "confidence": round(float(conf), 3),
+                                  "bbox": []})
+        # 구버전 호환 (list of [bbox, (text, conf)])
+        elif isinstance(r, list):
+            for item in r:
+                if item and len(item) == 2:
+                    _, (text, conf) = item
+                    if text.strip():
+                        lines.append({"text": text,
+                                      "confidence": round(float(conf), 3),
+                                      "bbox": []})
+
+    full_text = "\n".join(l["text"] for l in lines)
+    txt_file  = f"{file_id}_ocr.txt"
+    with open(os.path.join(OUTPUT_DIR, txt_file), "w", encoding="utf-8") as f:
+        f.write(full_text)
+    return {"mode": "text", "backend": "paddle",
+            "full_text": full_text, "lines": lines,
+            "line_count": len(lines), "txt_file": txt_file,
+            "tables": [], "xlsx_file": None}
+
+
+def _paddle_structure(task, file_id, img):
+    task.update_state(state="PROGRESS", meta={"progress": 20, "message": "레이아웃 분석 중..."})
+    result = get_structure()(img)
+    task.update_state(state="PROGRESS", meta={"progress": 60, "message": "표 구조 추출 중..."})
+
+    text_blocks, tables_html, tables_data = [], [], []
+    for region in result:
+        rtype = region.get("type", "").lower()
+        if rtype == "table":
+            html = region.get("res", {}).get("html", "")
+            if html:
+                tables_html.append(html)
+                tables_data.append(_html_table_to_list(html))
+        elif rtype in ("text", "title", "figure_caption"):
+            for line in (region.get("res", []) or []):
+                if isinstance(line, (list, tuple)) and len(line) == 2:
+                    _, (text, _conf) = line
+                    text_blocks.append(text)
+
+    full_text = "\n".join(text_blocks)
+    task.update_state(state="PROGRESS", meta={"progress": 80, "message": "Excel 생성 중..."})
+
+    xlsx_file = None
+    if tables_data:
+        xlsx_file = f"{file_id}_tables.xlsx"
+        _save_excel(tables_data, os.path.join(OUTPUT_DIR, xlsx_file))
+
+    txt_file = f"{file_id}_ocr.txt"
+    with open(os.path.join(OUTPUT_DIR, txt_file), "w", encoding="utf-8") as f:
+        f.write("# 텍스트\n\n" + full_text)
+
+    lines      = [{"text": t, "confidence": 1.0, "bbox": []} for t in text_blocks]
+    tables_meta = [{"html": h, "rows": len(d),
+                    "cols": max(len(r) for r in d) if d else 0}
+                   for h, d in zip(tables_html, tables_data)]
+    return {"mode": "structure", "backend": "paddle",
+            "full_text": full_text, "lines": lines,
+            "line_count": len(lines), "txt_file": txt_file,
+            "tables": tables_meta, "xlsx_file": xlsx_file}
+
+
+# ════════════════════════════════════════════════════════════════
+#  공통 유틸
+# ════════════════════════════════════════════════════════════════
+def _parse_md_tables(text):
+    tables, current = [], []
+    for line in text.splitlines():
+        s = line.strip()
+        if s.startswith("|") and s.endswith("|"):
+            if all(c in "| -:" for c in s): continue
+            current.append([c.strip() for c in s.strip("|").split("|")])
+        else:
+            if len(current) >= 2: tables.append(current)
+            current = []
+    if len(current) >= 2: tables.append(current)
+    return tables
+
+def _md_table_to_html(table):
+    if not table: return ""
+    rows = ""
+    for i, row in enumerate(table):
+        tag = "th" if i == 0 else "td"
+        cells = "".join(f"<{tag}>{c}</{tag}>" for c in row)
+        rows += f"<tr>{cells}</tr>"
+    return f"<table>{rows}</table>"
+
+def _html_table_to_list(html):
+    from html.parser import HTMLParser
+    class P(HTMLParser):
+        def __init__(self):
+            super().__init__()
+            self.rows, self._row, self._cell, self._in = [], [], [], False
+        def handle_starttag(self, tag, attrs):
+            if tag == "tr":          self._row = []
+            elif tag in ("td","th"): self._cell = []; self._in = True
+        def handle_endtag(self, tag):
+            if tag in ("td","th"):
+                self._row.append("".join(self._cell).strip()); self._in = False
+            elif tag == "tr":
+                if self._row: self.rows.append(self._row)
+        def handle_data(self, data):
+            if self._in: self._cell.append(data)
+    p = P(); p.feed(html); return p.rows
+
+def _save_excel(tables, path):
+    wb = openpyxl.Workbook()
+    wb.remove(wb.active)
+    for i, table in enumerate(tables, 1):
+        ws   = wb.create_sheet(f"표 {i}")
+        thin = Side(style="thin", color="2A2A33")
+        bdr  = Border(left=thin, right=thin, top=thin, bottom=thin)
+        for r_idx, row in enumerate(table, 1):
+            for c_idx, val in enumerate(row, 1):
+                cell = ws.cell(row=r_idx, column=c_idx, value=val)
+                cell.border    = bdr
+                cell.alignment = Alignment(horizontal="center",
+                                           vertical="center", wrap_text=True)
+                if r_idx == 1:
+                    cell.fill = PatternFill("solid", fgColor="1A1A2E")
+                    cell.font = Font(color="00E5A0", bold=True, size=10)
+                else:
+                    cell.font = Font(size=10)
+        for col in ws.columns:
+            w = max((len(str(c.value or "")) for c in col), default=8)
+            ws.column_dimensions[col[0].column_letter].width = min(w + 4, 40)
+    if not wb.sheetnames: wb.create_sheet("Sheet1")
+    wb.save(path)
diff --git a/app/requirements.txt b/app/requirements.txt
new file mode 100644
index 0000000..65bc35e
--- /dev/null
+++ b/app/requirements.txt
@@ -0,0 +1,21 @@
+fastapi==0.115.0
+uvicorn[standard]==0.30.6
+python-multipart==0.0.9
+celery==5.4.0
+redis==5.0.8
+faster-whisper==1.0.3
+aiofiles==23.2.1
+
+# 인증 (bcrypt 제거 — 직접 비교 방식 사용)
+python-jose[cryptography]==3.3.0
+
+# PaddleOCR 3.x
+paddleocr>=3.0.0
+opencv-python-headless>=4.8.0
+
+# Ollama API 호출
+httpx>=0.27.0
+
+# Excel 출력
+openpyxl==3.1.2
+Pillow>=10.0.0
diff --git a/app/static/index.html b/app/static/index.html
new file mode 100644
index 0000000..773ca3a
--- /dev/null
+++ b/app/static/index.html
@@ -0,0 +1,1131 @@
+<!DOCTYPE html>
+<html lang="ko">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>VoiceScript — STT & OCR</title>
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:wght@400;500;600&family=IBM+Plex+Sans+KR:wght@300;400;500;600&display=swap" rel="stylesheet">
+<style>
+:root{
+  --bg:#08080a;--surf:#0f0f14;--surf2:#141419;--border:#1c1c24;--border2:#272730;
+  --accent:#00e5a0;--accent2:#00b37a;--blue:#4da6ff;--purple:#a78bfa;
+  --orange:#fb923c;--warn:#ff6b35;--text:#e4e4f0;--muted:#52526a;
+  --mono:'IBM Plex Mono',monospace;--sans:'IBM Plex Sans KR',sans-serif;
+}
+*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}
+body{background:var(--bg);color:var(--text);font-family:var(--sans);min-height:100vh;display:flex;flex-direction:column}
+
+/* LOGIN */
+#login-overlay{position:fixed;inset:0;background:var(--bg);display:flex;align-items:center;justify-content:center;z-index:999}
+.login-box{width:380px;padding:48px 40px;background:var(--surf);border:1px solid var(--border2);border-radius:6px}
+.login-logo{display:flex;align-items:center;gap:12px;margin-bottom:36px}
+.login-mark{width:28px;height:28px;background:var(--accent);clip-path:polygon(0 20%,100% 0,100% 80%,0 100%)}
+.login-title{font-family:var(--mono);font-size:1rem;font-weight:600;letter-spacing:.08em}
+.login-title span{color:var(--accent)}
+.field{margin-bottom:16px}
+.field label{display:block;font-family:var(--mono);font-size:.65rem;letter-spacing:.12em;color:var(--muted);text-transform:uppercase;margin-bottom:6px}
+.field input{width:100%;padding:10px 12px;background:var(--bg);border:1px solid var(--border2);border-radius:3px;color:var(--text);font-family:var(--mono);font-size:.85rem;outline:none;transition:border-color .15s}
+.field input:focus{border-color:var(--accent)}
+#btn-login{width:100%;margin-top:8px;padding:12px;background:var(--accent);color:#000;border:none;border-radius:3px;font-family:var(--mono);font-size:.82rem;font-weight:600;letter-spacing:.1em;cursor:pointer;transition:all .15s;text-transform:uppercase}
+#btn-login:hover{background:#00ffb3}
+#login-err{display:none;margin-top:12px;padding:10px 12px;background:rgba(255,107,53,.08);border:1px solid rgba(255,107,53,.3);border-radius:3px;font-family:var(--mono);font-size:.72rem;color:var(--warn)}
+
+/* HEADER */
+header{border-bottom:1px solid var(--border);padding:12px 24px;display:flex;align-items:center;gap:12px;position:sticky;top:0;background:rgba(8,8,10,.94);backdrop-filter:blur(12px);z-index:100}
+.logo-mark{width:26px;height:26px;background:var(--accent);clip-path:polygon(0 20%,100% 0,100% 80%,0 100%)}
+header h1{font-family:var(--mono);font-size:.95rem;font-weight:600;letter-spacing:.08em}
+header h1 span{color:var(--accent)}
+#user-info{margin-left:auto;display:flex;align-items:center;gap:10px;font-family:var(--mono);font-size:.68rem;color:var(--muted)}
+#user-badge{padding:3px 8px;border-radius:2px;font-size:.6rem;font-weight:600;letter-spacing:.08em;text-transform:uppercase}
+#user-badge.admin{background:rgba(251,146,60,.12);color:var(--orange);border:1px solid rgba(251,146,60,.3)}
+#user-badge.user{background:rgba(0,229,160,.08);color:var(--accent);border:1px solid rgba(0,229,160,.2)}
+#btn-logout{background:none;border:1px solid var(--border2);color:var(--muted);padding:4px 10px;border-radius:2px;font-family:var(--mono);font-size:.65rem;cursor:pointer;letter-spacing:.08em;transition:all .15s;text-transform:uppercase}
+#btn-logout:hover{border-color:var(--warn);color:var(--warn)}
+
+/* NAV */
+.nav-tabs{display:flex;border-bottom:1px solid var(--border);padding:0 24px;background:var(--surf)}
+.nav-tab{font-family:var(--mono);font-size:.7rem;letter-spacing:.1em;text-transform:uppercase;padding:13px 18px;background:none;border:none;color:var(--muted);cursor:pointer;border-bottom:2px solid transparent;transition:all .15s;display:flex;align-items:center;gap:7px}
+.nav-tab.active{color:var(--accent);border-bottom-color:var(--accent)}
+.nav-tab:hover:not(.active){color:var(--text)}
+.nav-tab.admin-tab{color:var(--orange)}
+.nav-tab.admin-tab.active{color:var(--orange);border-bottom-color:var(--orange)}
+.nav-tab.settings-tab.active{color:var(--blue);border-bottom-color:var(--blue)}
+
+/* PAGE / PANEL */
+.page{display:none;flex:1}
+.page.active{display:flex}
+.two-panel{display:grid;grid-template-columns:1fr 1fr;width:100%;max-width:1360px;margin:0 auto}
+.panel{padding:28px 32px;border-right:1px solid var(--border);min-height:calc(100vh - 110px)}
+.panel:last-child{border-right:none}
+.panel-title{font-family:var(--mono);font-size:.63rem;letter-spacing:.15em;color:var(--muted);text-transform:uppercase;margin-bottom:20px;display:flex;align-items:center;gap:10px}
+.panel-title::after{content:'';flex:1;height:1px;background:var(--border)}
+
+/* DROPZONE */
+.dropzone{border:1px dashed var(--border2);border-radius:4px;padding:40px 24px;text-align:center;cursor:pointer;transition:all .2s;position:relative;background:var(--surf)}
+.dropzone:hover,.dropzone.dragover{border-color:var(--accent);background:rgba(0,229,160,.04)}
+.dropzone input[type=file]{position:absolute;inset:0;opacity:0;cursor:pointer}
+.drop-icon{font-size:2rem;margin-bottom:10px;display:block;opacity:.35}
+.drop-label{font-size:.88rem;color:var(--muted);line-height:1.7}
+.drop-label strong{color:var(--text);font-weight:500}
+.drop-formats{margin-top:8px;font-family:var(--mono);font-size:.6rem;color:var(--muted);letter-spacing:.05em}
+.file-info{display:none;margin-top:12px;padding:10px 12px;background:var(--surf);border:1px solid var(--border2);border-radius:3px;font-family:var(--mono);font-size:.73rem}
+.file-info .fname{color:var(--accent);margin-bottom:2px;word-break:break-all}
+.file-info .fsize{color:var(--muted)}
+
+/* SECTION LABEL */
+.sec-label{font-family:var(--mono);font-size:.62rem;letter-spacing:.1em;color:var(--muted);text-transform:uppercase;margin-bottom:7px;margin-top:16px}
+
+/* ENGINE SELECTOR */
+.engine-btns{display:grid;grid-template-columns:1fr 1fr;gap:8px}
+.engine-btn{padding:11px 8px;background:var(--surf);border:1px solid var(--border2);color:var(--muted);border-radius:4px;font-family:var(--mono);font-size:.7rem;letter-spacing:.05em;cursor:pointer;transition:all .18s;text-align:center;display:flex;flex-direction:column;align-items:center;gap:4px}
+.engine-btn .e-icon{font-size:1.3rem;opacity:.5;transition:opacity .18s}
+.engine-btn .e-name{font-weight:600}
+.engine-btn .e-desc{font-size:.58rem;color:var(--muted);line-height:1.4}
+.engine-btn.active[data-engine="whisper"]{background:rgba(0,229,160,.07);border-color:var(--accent2);color:var(--accent)}
+.engine-btn.active[data-engine="whisper"] .e-icon{opacity:1}
+.engine-btn.active[data-engine="ollama"],.engine-btn.active[data-engine="whisper+ollama"]{background:rgba(167,139,250,.07);border-color:#7c6cd4;color:var(--purple)}
+.engine-btn.active[data-engine="ollama"] .e-icon,.engine-btn.active[data-engine="whisper+ollama"] .e-icon{opacity:1}
+.engine-btn.active[data-engine="paddle"]{background:rgba(0,229,160,.07);border-color:var(--accent2);color:var(--accent)}
+.engine-btn.active[data-engine="paddle"] .e-icon{opacity:1}
+
+/* OLLAMA OPTIONS */
+.ollama-opts{display:none;margin-top:12px;padding:12px;background:var(--surf2);border:1px solid #272040;border-radius:4px}
+.ollama-opts.visible{display:block}
+.model-select{width:100%;background:var(--surf);border:1px solid var(--border2);color:var(--text);padding:8px 10px;border-radius:3px;font-family:var(--mono);font-size:.75rem;outline:none;cursor:pointer;appearance:none;-webkit-appearance:none;background-image:url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='10' height='6'%3E%3Cpath d='M0 0l5 6 5-6z' fill='%2352526a'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:right 10px center;margin-top:6px}
+.model-select:focus{border-color:#7c6cd4}
+.cprompt-toggle{display:inline-flex;align-items:center;gap:6px;font-family:var(--mono);font-size:.63rem;color:var(--muted);cursor:pointer;margin-top:10px}
+.cprompt-toggle:hover{color:var(--text)}
+textarea.cprompt{width:100%;background:var(--surf);border:1px solid var(--border2);color:var(--text);padding:10px 12px;border-radius:3px;font-family:var(--mono);font-size:.72rem;line-height:1.6;resize:vertical;min-height:64px;outline:none;margin-top:6px;display:none}
+textarea.cprompt:focus{border-color:#7c6cd4}
+
+/* MODE TOGGLE */
+.mode-btns{display:grid;grid-template-columns:1fr 1fr;gap:8px;margin-top:7px}
+.mode-btn{padding:9px;background:var(--surf);border:1px solid var(--border2);color:var(--muted);border-radius:3px;font-family:var(--mono);font-size:.68rem;letter-spacing:.07em;cursor:pointer;transition:all .15s;text-align:center;text-transform:uppercase}
+.mode-btn.active{background:rgba(0,229,160,.07);border-color:var(--accent2);color:var(--accent)}
+
+/* BUTTONS */
+.btn-start{margin-top:14px;width:100%;padding:12px;border:none;border-radius:3px;font-family:var(--mono);font-size:.8rem;font-weight:600;letter-spacing:.1em;cursor:pointer;transition:all .15s;text-transform:uppercase}
+.btn-start.green{background:var(--accent);color:#000}
+.btn-start.green:hover:not(:disabled){background:#00ffb3;transform:translateY(-1px)}
+.btn-start.purple{background:var(--purple);color:#fff}
+.btn-start.purple:hover:not(:disabled){background:#c4b5fd;transform:translateY(-1px)}
+.btn-start:disabled{background:var(--border2);color:var(--muted);cursor:not-allowed;transform:none}
+
+/* PROGRESS */
+.prog-box{display:none;margin-top:14px}
+.prog-header{display:flex;justify-content:space-between;margin-bottom:6px}
+.prog-msg{font-family:var(--mono);font-size:.7rem;color:var(--muted)}
+.prog-pct{font-family:var(--mono);font-size:.7rem;color:var(--accent)}
+.prog-track{height:2px;background:var(--border);border-radius:1px;overflow:hidden}
+.prog-fill{height:100%;transition:width .4s ease;width:0%;border-radius:1px;background:var(--accent)}
+.waveform{display:flex;align-items:center;justify-content:center;gap:3px;margin-top:14px;height:26px}
+.wave-bar{width:3px;border-radius:2px;opacity:.6;animation:wave 1s ease-in-out infinite;background:var(--accent)}
+.wave-bar:nth-child(1){animation-delay:0s;height:8px}.wave-bar:nth-child(2){animation-delay:.1s;height:14px}
+.wave-bar:nth-child(3){animation-delay:.2s;height:22px}.wave-bar:nth-child(4){animation-delay:.3s;height:18px}
+.wave-bar:nth-child(5){animation-delay:.4s;height:26px}.wave-bar:nth-child(6){animation-delay:.3s;height:18px}
+.wave-bar:nth-child(7){animation-delay:.2s;height:22px}.wave-bar:nth-child(8){animation-delay:.1s;height:14px}
+.wave-bar:nth-child(9){animation-delay:0s;height:8px}
+@keyframes wave{0%,100%{transform:scaleY(.4);opacity:.3}50%{transform:scaleY(1.2);opacity:.9}}
+.err-box{display:none;margin-top:10px;padding:10px 12px;background:rgba(255,107,53,.08);border:1px solid rgba(255,107,53,.3);border-radius:3px;font-family:var(--mono);font-size:.7rem;color:var(--warn);white-space:pre-wrap;line-height:1.6}
+
+/* RESULT */
+.result-meta{display:none;flex-wrap:wrap;gap:8px;margin-bottom:14px}
+.meta-chip{font-family:var(--mono);font-size:.63rem;padding:4px 9px;border:1px solid var(--border2);border-radius:2px;color:var(--muted);letter-spacing:.04em}
+.meta-chip span{color:var(--accent)}
+.result-tabs{display:none;border-bottom:1px solid var(--border);margin-bottom:12px}
+.tab-btn{font-family:var(--mono);font-size:.66rem;letter-spacing:.1em;padding:8px 14px;background:none;border:none;color:var(--muted);cursor:pointer;border-bottom:2px solid transparent;transition:all .15s;text-transform:uppercase}
+.tab-btn.active{color:var(--accent);border-bottom-color:var(--accent)}
+.tab-btn:hover:not(.active){color:var(--text)}
+.tab-content{display:none;flex-direction:column;flex:1}
+.tab-content.active{display:flex}
+.result-textarea{flex:1;min-height:340px;background:var(--surf);border:1px solid var(--border);color:var(--text);padding:14px;border-radius:3px;font-family:var(--mono);font-size:.77rem;line-height:1.8;resize:vertical;outline:none;white-space:pre-wrap}
+.segments-list,.lines-list{flex:1;min-height:340px;overflow-y:auto;background:var(--surf);border:1px solid var(--border);border-radius:3px}
+.seg-item{display:grid;grid-template-columns:110px 1fr;border-bottom:1px solid var(--border)}
+.seg-item:last-child{border-bottom:none}
+.seg-item:hover{background:rgba(255,255,255,.015)}
+.seg-time{padding:10px 12px;font-family:var(--mono);font-size:.63rem;color:var(--muted);border-right:1px solid var(--border);white-space:nowrap;line-height:1.6}
+.seg-text{padding:10px 14px;font-size:.8rem;line-height:1.6}
+.line-item{display:grid;grid-template-columns:55px 1fr;border-bottom:1px solid var(--border)}
+.line-item:last-child{border-bottom:none}
+.line-conf{padding:9px 8px;font-family:var(--mono);font-size:.6rem;border-right:1px solid var(--border);text-align:center;display:flex;align-items:center;justify-content:center}
+.line-conf.high{color:var(--accent)}.line-conf.mid{color:#f0b42a}.line-conf.low{color:var(--warn)}
+.line-text{padding:9px 12px;font-size:.8rem;line-height:1.5}
+.table-wrapper{overflow-x:auto;margin-bottom:12px;border:1px solid var(--border);border-radius:3px}
+.ocr-table{width:100%;border-collapse:collapse;font-size:.77rem;font-family:var(--mono)}
+.ocr-table th{background:#1a1a2e;color:var(--accent);padding:8px 12px;text-align:left;border:1px solid var(--border2);font-weight:500}
+.ocr-table td{padding:8px 12px;border:1px solid var(--border);line-height:1.5}
+.ocr-table tr:nth-child(even) td{background:rgba(255,255,255,.015)}
+.table-title{font-family:var(--mono);font-size:.66rem;color:var(--muted);letter-spacing:.08em;padding:9px 12px;background:var(--surf2);border-bottom:1px solid var(--border);text-transform:uppercase}
+.result-actions{display:none;gap:8px;margin-top:10px}
+.btn-act{flex:1;padding:8px;background:none;border:1px solid var(--border2);color:var(--text);border-radius:3px;font-family:var(--mono);font-size:.66rem;letter-spacing:.08em;cursor:pointer;transition:all .15s;text-transform:uppercase}
+.btn-act:hover{border-color:var(--accent);color:var(--accent)}
+.btn-act.primary{background:rgba(0,229,160,.07);border-color:var(--accent2);color:var(--accent)}
+.btn-act.excel{background:rgba(77,166,255,.07);border-color:#3a7cc4;color:var(--blue)}
+.empty-state{flex:1;display:flex;flex-direction:column;align-items:center;justify-content:center;gap:10px;color:var(--muted);padding:50px 0}
+.empty-icon{font-size:2rem;opacity:.18}
+.empty-text{font-family:var(--mono);font-size:.66rem;letter-spacing:.1em;text-align:center;line-height:1.9;text-transform:uppercase}
+
+/* ══ SETTINGS PAGE ══ */
+#page-settings{display:none;flex-direction:column}
+#page-settings.active{display:flex}
+.settings-wrap{max-width:680px;margin:0 auto;padding:36px 32px;width:100%}
+.settings-section{background:var(--surf);border:1px solid var(--border2);border-radius:6px;padding:24px;margin-bottom:20px}
+.settings-section h3{font-family:var(--mono);font-size:.72rem;letter-spacing:.12em;color:var(--muted);text-transform:uppercase;margin-bottom:16px;padding-bottom:12px;border-bottom:1px solid var(--border)}
+.settings-row{display:flex;align-items:center;justify-content:space-between;gap:16px;margin-bottom:14px}
+.settings-row:last-child{margin-bottom:0}
+.settings-label{font-family:var(--mono);font-size:.75rem;color:var(--text);flex:1}
+.settings-label small{display:block;color:var(--muted);font-size:.62rem;margin-top:2px}
+.settings-select{flex:1;max-width:280px;background:var(--surf2);border:1px solid var(--border2);color:var(--text);padding:8px 10px;border-radius:3px;font-family:var(--mono);font-size:.75rem;outline:none;cursor:pointer;appearance:none;-webkit-appearance:none;background-image:url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='10' height='6'%3E%3Cpath d='M0 0l5 6 5-6z' fill='%2352526a'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:right 10px center}
+.settings-select:focus{border-color:var(--blue)}
+.btn-settings{padding:9px 18px;border:none;border-radius:3px;font-family:var(--mono);font-size:.72rem;font-weight:600;letter-spacing:.08em;cursor:pointer;transition:all .15s;text-transform:uppercase}
+.btn-settings.blue{background:var(--blue);color:#fff}
+.btn-settings.blue:hover{background:#6db8ff}
+.btn-settings.outline{background:none;border:1px solid var(--border2);color:var(--muted)}
+.btn-settings.outline:hover{border-color:var(--text);color:var(--text)}
+.ollama-status{font-family:var(--mono);font-size:.65rem;padding:4px 10px;border-radius:2px;margin-left:8px}
+.ollama-status.ok{background:rgba(0,229,160,.1);color:var(--accent);border:1px solid rgba(0,229,160,.2)}
+.ollama-status.fail{background:rgba(255,107,53,.1);color:var(--warn);border:1px solid rgba(255,107,53,.2)}
+
+/* ══ ADMIN PAGE ══ */
+#page-admin{display:none;flex-direction:column}
+#page-admin.active{display:flex}
+.admin-wrap{max-width:860px;margin:0 auto;padding:36px 32px;width:100%}
+.admin-section{background:var(--surf);border:1px solid var(--border2);border-radius:6px;margin-bottom:20px;overflow:hidden}
+.admin-section-head{padding:16px 20px;border-bottom:1px solid var(--border);display:flex;align-items:center;justify-content:space-between}
+.admin-section-head h3{font-family:var(--mono);font-size:.72rem;letter-spacing:.12em;color:var(--muted);text-transform:uppercase}
+.user-table{width:100%;border-collapse:collapse}
+.user-table th{font-family:var(--mono);font-size:.62rem;letter-spacing:.1em;color:var(--muted);text-transform:uppercase;padding:10px 16px;border-bottom:1px solid var(--border);text-align:left;background:var(--surf2)}
+.user-table td{padding:12px 16px;border-bottom:1px solid var(--border);font-size:.82rem;vertical-align:middle}
+.user-table tr:last-child td{border-bottom:none}
+.user-table tr:hover td{background:rgba(255,255,255,.015)}
+.perm-badge{font-family:var(--mono);font-size:.58rem;padding:3px 7px;border-radius:2px;margin-right:4px}
+.perm-badge.on{background:rgba(0,229,160,.1);color:var(--accent);border:1px solid rgba(0,229,160,.2)}
+.perm-badge.off{background:rgba(255,255,255,.04);color:var(--muted);border:1px solid var(--border)}
+.role-badge{font-family:var(--mono);font-size:.58rem;padding:3px 7px;border-radius:2px}
+.role-badge.admin{background:rgba(251,146,60,.1);color:var(--orange);border:1px solid rgba(251,146,60,.2)}
+.role-badge.user{background:rgba(255,255,255,.04);color:var(--muted);border:1px solid var(--border)}
+.btn-sm{padding:5px 10px;border:1px solid var(--border2);background:none;color:var(--muted);border-radius:2px;font-family:var(--mono);font-size:.62rem;cursor:pointer;transition:all .12s;margin-left:4px}
+.btn-sm:hover{border-color:var(--accent);color:var(--accent)}
+.btn-sm.danger:hover{border-color:var(--warn);color:var(--warn)}
+.add-user-form{padding:20px}
+.add-form-grid{display:grid;grid-template-columns:1fr 1fr;gap:10px;margin-bottom:14px}
+.form-group{display:flex;flex-direction:column;gap:5px}
+.form-group label{font-family:var(--mono);font-size:.62rem;letter-spacing:.1em;color:var(--muted);text-transform:uppercase}
+.form-input{background:var(--surf2);border:1px solid var(--border2);color:var(--text);padding:8px 10px;border-radius:3px;font-family:var(--mono);font-size:.78rem;outline:none}
+.form-input:focus{border-color:var(--accent)}
+.perm-checks{display:flex;gap:16px;align-items:center;margin-top:4px}
+.perm-check{display:flex;align-items:center;gap:6px;cursor:pointer;font-family:var(--mono);font-size:.72rem;color:var(--muted)}
+.perm-check input{accent-color:var(--accent);width:14px;height:14px;cursor:pointer}
+.perm-check:hover{color:var(--text)}
+.btn-add{padding:9px 20px;background:var(--accent);color:#000;border:none;border-radius:3px;font-family:var(--mono);font-size:.72rem;font-weight:600;letter-spacing:.08em;cursor:pointer;transition:all .15s;text-transform:uppercase}
+.btn-add:hover{background:#00ffb3}
+.admin-msg{font-family:var(--mono);font-size:.7rem;padding:8px 12px;border-radius:3px;margin-top:10px;display:none}
+.admin-msg.ok{background:rgba(0,229,160,.08);border:1px solid rgba(0,229,160,.2);color:var(--accent)}
+.admin-msg.err{background:rgba(255,107,53,.08);border:1px solid rgba(255,107,53,.2);color:var(--warn)}
+
+/* EDIT MODAL */
+.modal-overlay{display:none;position:fixed;inset:0;background:rgba(0,0,0,.7);z-index:200;align-items:center;justify-content:center}
+.modal-overlay.visible{display:flex}
+.modal-box{background:var(--surf);border:1px solid var(--border2);border-radius:6px;padding:28px;width:380px;max-width:90vw}
+.modal-title{font-family:var(--mono);font-size:.8rem;font-weight:600;letter-spacing:.08em;margin-bottom:20px}
+.modal-actions{display:flex;gap:8px;margin-top:20px;justify-content:flex-end}
+
+/* IMAGE PREVIEW */
+#ocr-preview-wrap{display:none;margin-top:12px}
+#ocr-preview{max-width:100%;max-height:180px;border:1px solid var(--border);border-radius:3px;object-fit:contain}
+
+@media(max-width:900px){.two-panel{grid-template-columns:1fr}.panel{border-right:none;border-bottom:1px solid var(--border);min-height:auto;padding:22px 16px}.panel:last-child{border-bottom:none}.add-form-grid{grid-template-columns:1fr}}
+</style>
+</head>
+<body>
+
+<!-- LOGIN -->
+<div id="login-overlay">
+  <div class="login-box">
+    <div class="login-logo"><div class="login-mark"></div><div class="login-title">Voice<span>Script</span></div></div>
+    <div class="field"><label>아이디</label><input type="text" id="inp-user" placeholder="username" autocomplete="username"></div>
+    <div class="field"><label>비밀번호</label><input type="password" id="inp-pass" placeholder="password" autocomplete="current-password"></div>
+    <button id="btn-login">로그인</button>
+    <div id="login-err"></div>
+  </div>
+</div>
+
+<!-- HEADER -->
+<header>
+  <div class="logo-mark"></div>
+  <h1>Voice<span>Script</span></h1>
+  <div id="user-info">
+    <span id="user-name" style="color:var(--text);font-size:.75rem"></span>
+    <span id="user-badge"></span>
+    <button id="btn-logout">로그아웃</button>
+  </div>
+</header>
+
+<!-- NAV -->
+<div class="nav-tabs" id="nav-tabs">
+  <button class="nav-tab active" data-page="stt">🎙 STT</button>
+  <button class="nav-tab" data-page="ocr">🔍 OCR</button>
+  <button class="nav-tab settings-tab" data-page="settings">⚙️ 설정</button>
+  <button class="nav-tab admin-tab" data-page="admin" id="admin-tab" style="display:none">👤 관리자</button>
+</div>
+
+<!-- ══════════════════ STT PAGE ══════════════════ -->
+<div class="page active" id="page-stt">
+  <div class="two-panel">
+    <section class="panel">
+      <div class="panel-title">파일 업로드</div>
+      <div class="dropzone" id="stt-drop">
+        <input type="file" id="stt-input" accept=".mp3,.mp4,.wav,.m4a,.ogg,.flac,.aac,.wma,.webm,.mkv,.avi,.mov">
+        <span class="drop-icon">🎵</span>
+        <div class="drop-label"><strong>드래그하거나 클릭하여 선택</strong><br>음성 또는 영상 파일</div>
+        <div class="drop-formats">mp3 · wav · m4a · ogg · flac · aac · mp4 · webm</div>
+      </div>
+      <div class="file-info" id="stt-info"><div class="fname" id="stt-fname"></div><div class="fsize" id="stt-fsize"></div></div>
+
+      <div class="sec-label">STT 엔진</div>
+      <div class="engine-btns">
+        <button class="engine-btn active" data-engine="whisper">
+          <span class="e-icon">⚡</span><span class="e-name">faster-whisper</span>
+          <span class="e-desc">로컬 CPU 변환<br>빠르고 안정적</span>
+        </button>
+        <button class="engine-btn" data-engine="whisper+ollama">
+          <span class="e-icon">🦙</span><span class="e-name">+ Ollama 후처리</span>
+          <span class="e-desc">Whisper 변환 후<br>Ollama로 교정</span>
+        </button>
+      </div>
+
+      <div class="ollama-opts" id="stt-ollama-opts">
+        <div class="sec-label" style="margin-top:0">후처리 모델</div>
+        <select class="model-select" id="stt-ollama-model">
+          <option value="">설정에서 선택한 모델 사용</option>
+        </select>
+        <div style="font-family:var(--mono);font-size:.6rem;color:var(--muted);margin-top:5px">
+          설정 페이지에서 기본 STT 모델을 지정하세요
+        </div>
+      </div>
+
+      <button class="btn-start green" id="stt-btn" disabled>변환 시작</button>
+      <div class="prog-box" id="stt-prog">
+        <div class="prog-header"><span class="prog-msg" id="stt-pmsg">처리 중...</span><span class="prog-pct" id="stt-ppct">0%</span></div>
+        <div class="prog-track"><div class="prog-fill" id="stt-pfill"></div></div>
+        <div class="waveform" id="stt-wave">
+          <div class="wave-bar"></div><div class="wave-bar"></div><div class="wave-bar"></div>
+          <div class="wave-bar"></div><div class="wave-bar"></div><div class="wave-bar"></div>
+          <div class="wave-bar"></div><div class="wave-bar"></div><div class="wave-bar"></div>
+        </div>
+      </div>
+      <div class="err-box" id="stt-err"></div>
+    </section>
+    <section class="panel">
+      <div class="panel-title">변환 결과</div>
+      <div class="result-meta" id="stt-meta">
+        <div class="meta-chip">언어 <span id="stt-mlang">—</span></div>
+        <div class="meta-chip">길이 <span id="stt-mdur">—</span></div>
+        <div class="meta-chip">세그먼트 <span id="stt-msegs">—</span></div>
+        <div class="meta-chip" id="stt-mollama-chip" style="display:none">후처리 <span id="stt-mollama">—</span></div>
+      </div>
+      <div class="result-tabs" id="stt-tabs">
+        <button class="tab-btn active" data-tab="stt-text">전체 텍스트</button>
+        <button class="tab-btn" data-tab="stt-segs">타임스탬프</button>
+      </div>
+      <div class="tab-content active" id="stt-text">
+        <div class="empty-state" id="stt-empty"><div class="empty-icon">📝</div><div class="empty-text">파일 업로드 후<br>변환을 시작하면<br>결과가 표시됩니다</div></div>
+        <textarea class="result-textarea" id="stt-result" style="display:none" readonly></textarea>
+      </div>
+      <div class="tab-content" id="stt-segs"><div class="segments-list" id="stt-seglist"></div></div>
+      <div class="result-actions" id="stt-actions">
+        <button class="btn-act" id="stt-copy">복사</button>
+        <button class="btn-act primary" id="stt-dl">TXT 저장</button>
+        <button class="btn-act" id="stt-new">새 파일</button>
+      </div>
+    </section>
+  </div>
+</div>
+
+<!-- ══════════════════ OCR PAGE ══════════════════ -->
+<div class="page" id="page-ocr">
+  <div class="two-panel">
+    <section class="panel">
+      <div class="panel-title">이미지 업로드</div>
+      <div class="dropzone" id="ocr-drop">
+        <input type="file" id="ocr-input" accept=".jpg,.jpeg,.png,.bmp,.tiff,.tif,.webp,.gif">
+        <span class="drop-icon">🖼</span>
+        <div class="drop-label"><strong>드래그하거나 클릭하여 선택</strong><br>이미지 파일</div>
+        <div class="drop-formats">jpg · png · bmp · tiff · webp · gif</div>
+      </div>
+      <div class="file-info" id="ocr-info"><div class="fname" id="ocr-fname"></div><div class="fsize" id="ocr-fsize"></div></div>
+      <div id="ocr-preview-wrap"><img id="ocr-preview"></div>
+
+      <div class="sec-label">OCR 엔진</div>
+      <div class="engine-btns">
+        <button class="engine-btn active" data-engine="paddle">
+          <span class="e-icon">🐾</span><span class="e-name">PaddleOCR</span>
+          <span class="e-desc">로컬 실행<br>표 구조 분석 지원</span>
+        </button>
+        <button class="engine-btn" data-engine="ollama">
+          <span class="e-icon">🦙</span><span class="e-name">Ollama Vision</span>
+          <span class="e-desc">자연어 지시 가능<br>커스텀 프롬프트</span>
+        </button>
+      </div>
+
+      <div class="ollama-opts" id="ocr-ollama-opts">
+        <div class="sec-label" style="margin-top:0">Vision 모델</div>
+        <select class="model-select" id="ocr-ollama-model">
+          <option value="">설정에서 선택한 모델 사용</option>
+        </select>
+        <span class="cprompt-toggle" id="cprompt-toggle">▶ 커스텀 프롬프트</span>
+        <textarea class="cprompt" id="custom-prompt" placeholder="예: 이 영수증의 품목과 금액을 JSON으로 추출해줘"></textarea>
+      </div>
+
+      <div class="sec-label">인식 모드</div>
+      <div class="mode-btns">
+        <button class="mode-btn active" data-mode="text">📄 텍스트 추출</button>
+        <button class="mode-btn" data-mode="structure">📊 표 구조 분석</button>
+      </div>
+      <div id="mode-desc" style="margin-top:6px;font-family:var(--mono);font-size:.62rem;color:var(--muted);line-height:1.6">일반 텍스트와 글자를 인식합니다</div>
+
+      <button class="btn-start green" id="ocr-btn" disabled>인식 시작</button>
+      <div class="prog-box" id="ocr-prog">
+        <div class="prog-header"><span class="prog-msg" id="ocr-pmsg">처리 중...</span><span class="prog-pct" id="ocr-ppct">0%</span></div>
+        <div class="prog-track"><div class="prog-fill" id="ocr-pfill"></div></div>
+        <div class="waveform" id="ocr-wave" style="display:none">
+          <div class="wave-bar"></div><div class="wave-bar"></div><div class="wave-bar"></div>
+          <div class="wave-bar"></div><div class="wave-bar"></div><div class="wave-bar"></div>
+          <div class="wave-bar"></div><div class="wave-bar"></div><div class="wave-bar"></div>
+        </div>
+      </div>
+      <div class="err-box" id="ocr-err"></div>
+    </section>
+    <section class="panel">
+      <div class="panel-title">인식 결과</div>
+      <div class="result-meta" id="ocr-meta">
+        <div class="meta-chip">줄 <span id="ocr-mlines">—</span></div>
+        <div class="meta-chip">모드 <span id="ocr-mmode">—</span></div>
+        <div class="meta-chip">엔진 <span id="ocr-mbackend">—</span></div>
+        <div class="meta-chip">표 <span id="ocr-mtables">—</span></div>
+      </div>
+      <div class="result-tabs" id="ocr-tabs">
+        <button class="tab-btn active" data-tab="ocr-text">전체 텍스트</button>
+        <button class="tab-btn" data-tab="ocr-lines">줄별</button>
+        <button class="tab-btn" data-tab="ocr-tables">표 뷰어</button>
+      </div>
+      <div class="tab-content active" id="ocr-text">
+        <div class="empty-state" id="ocr-empty"><div class="empty-icon">🔍</div><div class="empty-text">이미지 업로드 후<br>인식을 시작하면<br>결과가 표시됩니다</div></div>
+        <textarea class="result-textarea" id="ocr-result" style="display:none" readonly></textarea>
+      </div>
+      <div class="tab-content" id="ocr-lines"><div class="lines-list" id="ocr-linelist"></div></div>
+      <div class="tab-content" id="ocr-tables">
+        <div id="ocr-tablelist" style="overflow-y:auto;max-height:460px"></div>
+        <div class="empty-state" id="ocr-tableempty"><div class="empty-icon">📊</div><div class="empty-text">표 구조 분석 모드를<br>선택하면 표를<br>추출할 수 있습니다</div></div>
+      </div>
+      <div class="result-actions" id="ocr-actions">
+        <button class="btn-act" id="ocr-copy">복사</button>
+        <button class="btn-act primary" id="ocr-dl-txt">TXT 저장</button>
+        <button class="btn-act excel" id="ocr-dl-xlsx" style="display:none">Excel 저장</button>
+        <button class="btn-act" id="ocr-new">새 파일</button>
+      </div>
+    </section>
+  </div>
+</div>
+
+<!-- ══════════════════ SETTINGS PAGE ══════════════════ -->
+<div class="page" id="page-settings">
+  <div class="settings-wrap">
+    <div style="display:flex;align-items:center;gap:12px;margin-bottom:24px">
+      <h2 style="font-family:var(--mono);font-size:.9rem;font-weight:600;letter-spacing:.06em">설정</h2>
+      <span id="ollama-status-badge"></span>
+      <button class="btn-settings outline" id="btn-refresh-models" style="margin-left:auto">🔄 모델 새로고침</button>
+    </div>
+
+    <div class="settings-section">
+      <h3>🎙 STT Ollama 후처리 기본 모델</h3>
+      <div class="settings-row">
+        <div class="settings-label">
+          Whisper 변환 후 Ollama로 교정할 때 사용할 기본 모델
+          <small>STT 페이지에서 모델 미선택 시 이 모델이 사용됩니다</small>
+        </div>
+      </div>
+      <select class="settings-select" id="setting-stt-model" style="width:100%;max-width:100%">
+        <option value="">(없음 — Ollama 후처리 비활성)</option>
+      </select>
+    </div>
+
+    <div class="settings-section">
+      <h3>🔍 OCR Ollama 기본 모델</h3>
+      <div class="settings-row">
+        <div class="settings-label">
+          OCR에서 Ollama Vision 엔진 선택 시 사용할 기본 모델
+          <small>OCR 페이지에서 모델 미선택 시 이 모델이 사용됩니다</small>
+        </div>
+      </div>
+      <select class="settings-select" id="setting-ocr-model" style="width:100%;max-width:100%">
+        <option value="">(없음)</option>
+      </select>
+    </div>
+
+    <div style="display:flex;gap:10px;justify-content:flex-end">
+      <div id="settings-msg" style="font-family:var(--mono);font-size:.7rem;color:var(--accent);display:none;align-items:center">✓ 저장되었습니다</div>
+      <button class="btn-settings blue" id="btn-save-settings">설정 저장</button>
+    </div>
+  </div>
+</div>
+
+<!-- ══════════════════ ADMIN PAGE ══════════════════ -->
+<div class="page" id="page-admin">
+  <div class="admin-wrap">
+    <h2 style="font-family:var(--mono);font-size:.9rem;font-weight:600;letter-spacing:.06em;margin-bottom:24px">👤 사용자 관리</h2>
+
+    <!-- 사용자 목록 -->
+    <div class="admin-section">
+      <div class="admin-section-head">
+        <h3>사용자 목록</h3>
+        <button class="btn-sm" id="btn-reload-users">새로고침</button>
+      </div>
+      <table class="user-table" id="user-table">
+        <thead>
+          <tr>
+            <th>사용자명</th>
+            <th>역할</th>
+            <th>STT</th>
+            <th>OCR</th>
+            <th>관리</th>
+          </tr>
+        </thead>
+        <tbody id="user-tbody"></tbody>
+      </table>
+    </div>
+
+    <!-- 신규 사용자 추가 -->
+    <div class="admin-section">
+      <div class="admin-section-head"><h3>신규 사용자 추가</h3></div>
+      <div class="add-user-form">
+        <div class="add-form-grid">
+          <div class="form-group">
+            <label>아이디</label>
+            <input type="text" class="form-input" id="new-username" placeholder="username">
+          </div>
+          <div class="form-group">
+            <label>비밀번호</label>
+            <input type="password" class="form-input" id="new-password" placeholder="password">
+          </div>
+        </div>
+        <div class="form-group">
+          <label>사용 권한</label>
+          <div class="perm-checks">
+            <label class="perm-check"><input type="checkbox" id="new-perm-stt"> STT 음성변환</label>
+            <label class="perm-check"><input type="checkbox" id="new-perm-ocr"> OCR 이미지인식</label>
+          </div>
+        </div>
+        <div style="margin-top:14px">
+          <button class="btn-add" id="btn-add-user">사용자 추가</button>
+        </div>
+        <div class="admin-msg" id="add-msg"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<!-- 편집 모달 -->
+<div class="modal-overlay" id="edit-modal">
+  <div class="modal-box">
+    <div class="modal-title">권한 편집 — <span id="edit-modal-username"></span></div>
+    <div class="form-group">
+      <label>새 비밀번호 (변경 시에만 입력)</label>
+      <input type="password" class="form-input" id="edit-password" placeholder="비워두면 변경 안 함" style="width:100%;margin-top:5px">
+    </div>
+    <div class="form-group" style="margin-top:14px">
+      <label>사용 권한</label>
+      <div class="perm-checks" style="margin-top:6px">
+        <label class="perm-check"><input type="checkbox" id="edit-perm-stt"> STT 음성변환</label>
+        <label class="perm-check"><input type="checkbox" id="edit-perm-ocr"> OCR 이미지인식</label>
+      </div>
+    </div>
+    <div class="modal-actions">
+      <button class="btn-sm" id="btn-modal-cancel">취소</button>
+      <button class="btn-add" id="btn-modal-save">저장</button>
+    </div>
+    <div class="admin-msg" id="edit-msg"></div>
+  </div>
+</div>
+
+<script>
+// ══════════════════════════════════════════════════════════════
+//  STATE
+// ══════════════════════════════════════════════════════════════
+let token        = localStorage.getItem('vs_token') || null;
+let currentUser  = null;   // {username, role, permissions}
+let ollamaModels = [];     // 전체 Ollama 모델 목록
+let appSettings  = {};     // {stt_ollama_model, ocr_ollama_model}
+
+// STT
+let sttFile=null, sttOutputFile=null, sttEngine='whisper';
+// OCR
+let ocrFile=null, ocrOutputTxt=null, ocrOutputXlsx=null, ocrEngine='paddle', ocrMode='text';
+// Admin
+let editTarget=null;
+
+// ══════════════════════════════════════════════════════════════
+//  API 헬퍼
+// ══════════════════════════════════════════════════════════════
+const api = (method, url, body) => {
+  const opts = {method, headers: {Authorization: 'Bearer '+(token||'')}};
+  if(body) opts.body = body;
+  return fetch(url, opts);
+};
+const apiFD = (url, fd) => api('POST', url, fd);
+
+// ══════════════════════════════════════════════════════════════
+//  AUTH
+// ══════════════════════════════════════════════════════════════
+async function checkAuth(){
+  if(!token){showLogin();return}
+  try{
+    const r = await api('GET','/api/me');
+    if(r.ok){
+      currentUser = await r.json();
+      applyUserUI();
+      await Promise.all([loadOllamaModels(), loadSettings()]);
+      hideLogin();
+    } else showLogin();
+  } catch{showLogin()}
+}
+
+function applyUserUI(){
+  document.getElementById('user-name').textContent = currentUser.username;
+  const badge = document.getElementById('user-badge');
+  badge.textContent = currentUser.role === 'admin' ? 'ADMIN' : 'USER';
+  badge.className   = 'user-badge ' + currentUser.role;
+
+  // 관리자 탭 표시
+  document.getElementById('admin-tab').style.display =
+    currentUser.role === 'admin' ? 'flex' : 'none';
+
+  // 권한 없는 탭 비활성화
+  document.querySelectorAll('.nav-tab[data-page="stt"]').forEach(t => {
+    t.style.opacity = currentUser.permissions?.stt ? '1' : '0.35';
+    t.style.pointerEvents = currentUser.permissions?.stt ? '' : 'none';
+  });
+  document.querySelectorAll('.nav-tab[data-page="ocr"]').forEach(t => {
+    t.style.opacity = currentUser.permissions?.ocr ? '1' : '0.35';
+    t.style.pointerEvents = currentUser.permissions?.ocr ? '' : 'none';
+  });
+}
+
+function showLogin(){ document.getElementById('login-overlay').style.display='flex' }
+function hideLogin(){ document.getElementById('login-overlay').style.display='none' }
+
+document.getElementById('btn-login').addEventListener('click', doLogin);
+document.getElementById('inp-pass').addEventListener('keydown', e => { if(e.key==='Enter') doLogin() });
+
+async function doLogin(){
+  const u=document.getElementById('inp-user').value.trim();
+  const p=document.getElementById('inp-pass').value;
+  const err=document.getElementById('login-err');
+  err.style.display='none';
+  if(!u||!p){err.style.display='block';err.textContent='아이디와 비밀번호를 입력하세요';return}
+  const fd=new FormData();fd.append('username',u);fd.append('password',p);
+  try{
+    const r=await fetch('/api/login',{method:'POST',body:fd});
+    const d=await r.json();
+    if(!r.ok){err.style.display='block';err.textContent=d.detail||'로그인 실패';return}
+    token=d.access_token; localStorage.setItem('vs_token',token);
+    await checkAuth();
+  } catch{err.style.display='block';err.textContent='서버 연결 실패'}
+}
+
+document.getElementById('btn-logout').addEventListener('click',()=>{
+  token=null;currentUser=null;localStorage.removeItem('vs_token');
+  showLogin();document.getElementById('inp-pass').value='';
+});
+
+// ══════════════════════════════════════════════════════════════
+//  Ollama 모델 목록 로드
+// ══════════════════════════════════════════════════════════════
+async function loadOllamaModels(){
+  try{
+    const r = await api('GET','/api/ollama/models');
+    const d = await r.json();
+    ollamaModels = d.models || [];
+
+    // 상태 배지
+    const badge = document.getElementById('ollama-status-badge');
+    if(badge){
+      badge.className = 'ollama-status ' + (d.connected ? 'ok' : 'fail');
+      badge.textContent = d.connected ? `✓ Ollama 연결됨 (${ollamaModels.length}개 모델)` : '✗ Ollama 연결 실패';
+    }
+
+    // 모든 모델 드롭다운 갱신
+    populateModelSelects();
+  } catch(e){ console.error('모델 로드 실패', e) }
+}
+
+function populateModelSelects(){
+  const makeOptions = (sel, defaultVal, prefix='') => {
+    const cur = sel.value || defaultVal || '';
+    sel.innerHTML = `<option value="">${prefix || '(없음)'}</option>`;
+    ollamaModels.forEach(m => {
+      const opt = document.createElement('option');
+      opt.value = m; opt.textContent = m;
+      if(m === cur) opt.selected = true;
+      sel.appendChild(opt);
+    });
+  };
+
+  // STT 후처리 모델 드롭다운
+  makeOptions(document.getElementById('stt-ollama-model'),
+              appSettings.stt_ollama_model, '설정 기본 모델 사용');
+
+  // OCR Ollama 모델 드롭다운
+  makeOptions(document.getElementById('ocr-ollama-model'),
+              appSettings.ocr_ollama_model, '설정 기본 모델 사용');
+
+  // 설정 페이지 드롭다운
+  makeOptions(document.getElementById('setting-stt-model'),
+              appSettings.stt_ollama_model, '(없음 — Ollama 후처리 비활성)');
+  makeOptions(document.getElementById('setting-ocr-model'),
+              appSettings.ocr_ollama_model, '(없음)');
+}
+
+// ══════════════════════════════════════════════════════════════
+//  설정 로드/저장
+// ══════════════════════════════════════════════════════════════
+async function loadSettings(){
+  try{
+    const r = await api('GET','/api/settings');
+    appSettings = await r.json();
+    populateModelSelects();
+  } catch{}
+}
+
+document.getElementById('btn-save-settings')?.addEventListener('click', async()=>{
+  const fd = new FormData();
+  fd.append('stt_ollama_model', document.getElementById('setting-stt-model').value);
+  fd.append('ocr_ollama_model', document.getElementById('setting-ocr-model').value);
+  try{
+    const r = await api('POST','/api/settings',fd);
+    const d = await r.json();
+    if(r.ok){
+      appSettings = d.settings;
+      const msg = document.getElementById('settings-msg');
+      msg.style.display = 'flex'; setTimeout(()=>msg.style.display='none', 2000);
+    }
+  } catch{}
+});
+
+document.getElementById('btn-refresh-models')?.addEventListener('click', ()=>loadOllamaModels());
+
+// ══════════════════════════════════════════════════════════════
+//  NAV TABS
+// ══════════════════════════════════════════════════════════════
+document.querySelectorAll('.nav-tab').forEach(btn=>{
+  btn.addEventListener('click',()=>{
+    document.querySelectorAll('.nav-tab').forEach(b=>b.classList.remove('active'));
+    document.querySelectorAll('.page').forEach(p=>p.classList.remove('active'));
+    btn.classList.add('active');
+    const page = document.getElementById('page-'+btn.dataset.page);
+    if(page) page.classList.add('active');
+    if(btn.dataset.page==='admin') loadUsers();
+    if(btn.dataset.page==='settings') loadSettings();
+  });
+});
+
+// ══════════════════════════════════════════════════════════════
+//  STT
+// ══════════════════════════════════════════════════════════════
+const sttDrop=document.getElementById('stt-drop'), sttInput=document.getElementById('stt-input');
+sttInput.addEventListener('change',()=>setSttFile(sttInput.files[0]));
+sttDrop.addEventListener('dragover',e=>{e.preventDefault();sttDrop.classList.add('dragover')});
+sttDrop.addEventListener('dragleave',()=>sttDrop.classList.remove('dragover'));
+sttDrop.addEventListener('drop',e=>{e.preventDefault();sttDrop.classList.remove('dragover');setSttFile(e.dataTransfer.files[0])});
+
+function setSttFile(f){
+  if(!f)return; sttFile=f;
+  showFileInfo('stt',f); document.getElementById('stt-btn').disabled=false;
+  document.getElementById('stt-err').style.display='none';
+}
+
+// STT 엔진 버튼
+document.querySelectorAll('#page-stt .engine-btn').forEach(btn=>{
+  btn.addEventListener('click',()=>{
+    document.querySelectorAll('#page-stt .engine-btn').forEach(b=>b.classList.remove('active'));
+    btn.classList.add('active'); sttEngine=btn.dataset.engine;
+    const ollamaOpts=document.getElementById('stt-ollama-opts');
+    ollamaOpts.classList.toggle('visible', sttEngine==='whisper+ollama');
+    document.getElementById('stt-btn').className =
+      'btn-start ' + (sttEngine==='whisper+ollama'?'purple':'green');
+    if(sttFile) document.getElementById('stt-btn').disabled=false;
+  });
+});
+
+document.getElementById('stt-btn').addEventListener('click', async()=>{
+  if(!sttFile)return;
+  document.getElementById('stt-err').style.display='none';
+  setSttLoading(true);
+  const fd=new FormData(); fd.append('file',sttFile);
+  const useOllama = sttEngine==='whisper+ollama';
+  fd.append('use_ollama', useOllama?'true':'false');
+  fd.append('ollama_model', document.getElementById('stt-ollama-model').value||'');
+  try{
+    const r=await api('POST','/api/transcribe',fd);
+    const d=await r.json();
+    if(!r.ok) throw new Error(d.detail||'업로드 실패');
+    pollTask(d.task_id, dt=>setProg('stt',dt.progress||0,dt.message||'처리 중...'), showSttResult, e=>{
+      document.getElementById('stt-err').style.display='block';
+      document.getElementById('stt-err').textContent='⚠ '+e;
+      setSttLoading(false);
+    });
+  } catch(e){document.getElementById('stt-err').style.display='block';document.getElementById('stt-err').textContent='⚠ '+e.message;setSttLoading(false)}
+});
+
+function setSttLoading(on){
+  document.getElementById('stt-btn').disabled=on;
+  document.getElementById('stt-prog').style.display=on?'block':'none';
+  document.getElementById('stt-wave').style.display=on?'flex':'none';
+  if(on)setProg('stt',0,'준비 중...');
+}
+
+function showSttResult(d){
+  sttOutputFile=d.output_file;
+  document.getElementById('stt-mlang').textContent=(d.language||'').toUpperCase();
+  document.getElementById('stt-mdur').textContent=fmtDur(d.duration);
+  document.getElementById('stt-msegs').textContent=(d.segments||[]).length+'개';
+  const chip=document.getElementById('stt-mollama-chip');
+  if(d.ollama_used){
+    chip.style.display='block';
+    document.getElementById('stt-mollama').textContent=d.ollama_model||'Ollama';
+  } else chip.style.display='none';
+  document.getElementById('stt-meta').style.display='flex';
+  document.getElementById('stt-tabs').style.display='flex';
+  document.getElementById('stt-empty').style.display='none';
+  document.getElementById('stt-result').style.display='block';
+  document.getElementById('stt-result').value=d.text||'';
+  const sl=document.getElementById('stt-seglist'); sl.innerHTML='';
+  (d.segments||[]).forEach(s=>{
+    const row=document.createElement('div'); row.className='seg-item';
+    row.innerHTML=`<div class="seg-time">${fmtTime(s.start)}<br>→${fmtTime(s.end)}</div><div class="seg-text">${esc(s.text)}</div>`;
+    sl.appendChild(row);
+  });
+  document.getElementById('stt-actions').style.display='flex';
+  setSttLoading(false);
+}
+
+document.getElementById('stt-copy').addEventListener('click',()=>copyText(document.getElementById('stt-result').value,document.getElementById('stt-copy')));
+document.getElementById('stt-dl').addEventListener('click',()=>dlFile(sttOutputFile));
+document.getElementById('stt-new').addEventListener('click',resetStt);
+
+function resetStt(){
+  sttFile=null;sttInput.value='';sttOutputFile=null;
+  ['stt-info','stt-prog','stt-err','stt-meta','stt-tabs','stt-actions'].forEach(id=>document.getElementById(id).style.display='none');
+  document.getElementById('stt-empty').style.display='flex';
+  document.getElementById('stt-result').style.display='none';
+  document.getElementById('stt-result').value='';
+  document.getElementById('stt-seglist').innerHTML='';
+  document.getElementById('stt-btn').disabled=true;
+  resetTabs('stt-tabs');
+}
+
+// ══════════════════════════════════════════════════════════════
+//  OCR
+// ══════════════════════════════════════════════════════════════
+const ocrDrop=document.getElementById('ocr-drop'), ocrInput=document.getElementById('ocr-input');
+ocrInput.addEventListener('change',()=>setOcrFile(ocrInput.files[0]));
+ocrDrop.addEventListener('dragover',e=>{e.preventDefault();ocrDrop.classList.add('dragover')});
+ocrDrop.addEventListener('dragleave',()=>ocrDrop.classList.remove('dragover'));
+ocrDrop.addEventListener('drop',e=>{e.preventDefault();ocrDrop.classList.remove('dragover');setOcrFile(e.dataTransfer.files[0])});
+
+function setOcrFile(f){
+  if(!f)return; ocrFile=f;
+  showFileInfo('ocr',f); document.getElementById('ocr-btn').disabled=false;
+  document.getElementById('ocr-err').style.display='none';
+  const p=document.getElementById('ocr-preview'), w=document.getElementById('ocr-preview-wrap');
+  p.src=URL.createObjectURL(f); w.style.display='block';
+}
+
+// OCR 엔진 버튼
+document.querySelectorAll('#page-ocr .engine-btn').forEach(btn=>{
+  btn.addEventListener('click',()=>{
+    document.querySelectorAll('#page-ocr .engine-btn').forEach(b=>b.classList.remove('active'));
+    btn.classList.add('active'); ocrEngine=btn.dataset.engine;
+    const ollamaOpts=document.getElementById('ocr-ollama-opts');
+    ollamaOpts.classList.toggle('visible', ocrEngine==='ollama');
+    document.getElementById('ocr-btn').className='btn-start '+(ocrEngine==='ollama'?'purple':'green');
+    if(ocrFile) document.getElementById('ocr-btn').disabled=false;
+  });
+});
+
+// 커스텀 프롬프트 토글
+document.getElementById('cprompt-toggle').addEventListener('click',()=>{
+  const ta=document.getElementById('custom-prompt');
+  const arrow=document.getElementById('cprompt-toggle');
+  const open=ta.style.display!=='block';
+  ta.style.display=open?'block':'none';
+  arrow.textContent=(open?'▼':'▶')+' 커스텀 프롬프트';
+});
+
+// 모드 버튼
+document.querySelectorAll('.mode-btn').forEach(btn=>{
+  btn.addEventListener('click',()=>{
+    document.querySelectorAll('.mode-btn').forEach(b=>b.classList.remove('active'));
+    btn.classList.add('active'); ocrMode=btn.dataset.mode;
+    document.getElementById('mode-desc').textContent=
+      ocrMode==='structure'?'표 구조를 감지하고 Excel로 저장합니다':'일반 텍스트와 글자를 인식합니다';
+  });
+});
+
+document.getElementById('ocr-btn').addEventListener('click', async()=>{
+  if(!ocrFile)return;
+  document.getElementById('ocr-err').style.display='none';
+  setOcrLoading(true);
+  const fd=new FormData();
+  fd.append('file',ocrFile); fd.append('mode',ocrMode); fd.append('backend',ocrEngine);
+  fd.append('ollama_model', document.getElementById('ocr-ollama-model').value||'');
+  fd.append('custom_prompt', document.getElementById('custom-prompt').value||'');
+  try{
+    const r=await api('POST','/api/ocr',fd);
+    const d=await r.json();
+    if(!r.ok) throw new Error(d.detail||'업로드 실패');
+    pollTask(d.task_id, dt=>setProg('ocr',dt.progress||0,dt.message||'처리 중...'), showOcrResult, e=>{
+      document.getElementById('ocr-err').style.display='block';
+      document.getElementById('ocr-err').textContent='⚠ '+e;
+      setOcrLoading(false);
+    });
+  } catch(e){document.getElementById('ocr-err').style.display='block';document.getElementById('ocr-err').textContent='⚠ '+e.message;setOcrLoading(false)}
+});
+
+function setOcrLoading(on){
+  const isOllama=ocrEngine==='ollama';
+  const color=isOllama?'var(--purple)':'var(--accent)';
+  document.getElementById('ocr-btn').disabled=on;
+  document.getElementById('ocr-prog').style.display=on?'block':'none';
+  document.getElementById('ocr-wave').style.display=on?'flex':'none';
+  document.getElementById('ocr-pfill').style.background=color;
+  document.getElementById('ocr-ppct').style.color=color;
+  document.querySelectorAll('#ocr-wave .wave-bar').forEach(b=>b.style.background=color);
+  if(on)setProg('ocr',0,'준비 중...');
+}
+
+function showOcrResult(d){
+  ocrOutputTxt=d.txt_file||null; ocrOutputXlsx=d.xlsx_file||null;
+  const isOllama=d.backend==='ollama';
+  document.getElementById('ocr-mlines').textContent=(d.line_count||0)+'줄';
+  document.getElementById('ocr-mmode').textContent=d.mode==='structure'?'구조분석':'텍스트';
+  document.getElementById('ocr-mbackend').textContent=isOllama?`Ollama·${d.ollama_model||''}`:'Paddle';
+  document.getElementById('ocr-mtables').textContent=(d.tables||[]).length+'개';
+  document.getElementById('ocr-meta').style.display='flex';
+  document.getElementById('ocr-tabs').style.display='flex';
+  document.getElementById('ocr-empty').style.display='none';
+  document.getElementById('ocr-result').style.display='block';
+  document.getElementById('ocr-result').value=d.full_text||'';
+
+  const ll=document.getElementById('ocr-linelist'); ll.innerHTML='';
+  (d.lines||[]).forEach(line=>{
+    const conf=line.confidence||0, cls=conf>=.9?'high':conf>=.7?'mid':'low';
+    const row=document.createElement('div'); row.className='line-item';
+    row.innerHTML=`<div class="line-conf ${cls}">${isOllama?'AI':Math.round(conf*100)+'%'}</div><div class="line-text">${esc(line.text)}</div>`;
+    ll.appendChild(row);
+  });
+
+  const tl=document.getElementById('ocr-tablelist'), te=document.getElementById('ocr-tableempty');
+  tl.innerHTML='';
+  const tables=d.tables||[];
+  te.style.display=tables.length?'none':'flex';
+  tables.forEach((t,i)=>{
+    const w=document.createElement('div');
+    w.innerHTML=`<div class="table-title">표 ${i+1} — ${t.rows||0}행 × ${t.cols||0}열</div><div class="table-wrapper">${(t.html||'').replace(/<table/g,'<table class="ocr-table"')}</div>`;
+    tl.appendChild(w);
+  });
+
+  document.getElementById('ocr-actions').style.display='flex';
+  document.getElementById('ocr-dl-xlsx').style.display=ocrOutputXlsx?'inline-flex':'none';
+  setOcrLoading(false);
+  document.getElementById('ocr-prog').style.display='none';
+  document.getElementById('ocr-wave').style.display='none';
+}
+
+document.getElementById('ocr-copy').addEventListener('click',()=>copyText(document.getElementById('ocr-result').value,document.getElementById('ocr-copy')));
+document.getElementById('ocr-dl-txt').addEventListener('click',()=>dlFile(ocrOutputTxt));
+document.getElementById('ocr-dl-xlsx').addEventListener('click',()=>dlFile(ocrOutputXlsx));
+document.getElementById('ocr-new').addEventListener('click',resetOcr);
+
+function resetOcr(){
+  ocrFile=null;ocrInput.value='';ocrOutputTxt=null;ocrOutputXlsx=null;
+  ['ocr-info','ocr-preview-wrap','ocr-prog','ocr-err','ocr-meta','ocr-tabs','ocr-actions'].forEach(id=>document.getElementById(id).style.display='none');
+  document.getElementById('ocr-empty').style.display='flex';
+  document.getElementById('ocr-result').style.display='none';
+  document.getElementById('ocr-result').value='';
+  document.getElementById('ocr-linelist').innerHTML='';
+  document.getElementById('ocr-tablelist').innerHTML='';
+  document.getElementById('ocr-btn').disabled=true;
+  resetTabs('ocr-tabs');
+}
+
+// ══════════════════════════════════════════════════════════════
+//  ADMIN
+// ══════════════════════════════════════════════════════════════
+async function loadUsers(){
+  const tbody=document.getElementById('user-tbody'); tbody.innerHTML='';
+  try{
+    const r=await api('GET','/api/admin/users');
+    const d=await r.json();
+    Object.entries(d.users||{}).forEach(([name,info])=>{
+      const tr=document.createElement('tr');
+      const perms=info.permissions||{};
+      const isAdmin=info.role==='admin';
+      tr.innerHTML=`
+        <td style="font-family:var(--mono);font-size:.8rem">${esc(name)}</td>
+        <td><span class="role-badge ${info.role}">${info.role}</span></td>
+        <td><span class="perm-badge ${perms.stt?'on':'off'}">${perms.stt?'허용':'차단'}</span></td>
+        <td><span class="perm-badge ${perms.ocr?'on':'off'}">${perms.ocr?'허용':'차단'}</span></td>
+        <td>
+          ${isAdmin?'<span style="font-family:var(--mono);font-size:.62rem;color:var(--muted)">기본 관리자</span>':`
+            <button class="btn-sm" onclick="openEditModal('${esc(name)}',${perms.stt},${perms.ocr})">편집</button>
+            <button class="btn-sm danger" onclick="doDeleteUser('${esc(name)}')">삭제</button>
+          `}
+        </td>`;
+      tbody.appendChild(tr);
+    });
+  } catch{}
+}
+
+document.getElementById('btn-reload-users').addEventListener('click', loadUsers);
+
+document.getElementById('btn-add-user').addEventListener('click', async()=>{
+  const username=document.getElementById('new-username').value.trim();
+  const password=document.getElementById('new-password').value;
+  const stt=document.getElementById('new-perm-stt').checked;
+  const ocr=document.getElementById('new-perm-ocr').checked;
+  const msg=document.getElementById('add-msg');
+  if(!username||!password){showAdminMsg(msg,'아이디와 비밀번호를 입력하세요','err');return}
+  const fd=new FormData();
+  fd.append('username',username);fd.append('password',password);
+  fd.append('perm_stt',stt?'true':'false');fd.append('perm_ocr',ocr?'true':'false');
+  try{
+    const r=await api('POST','/api/admin/users',fd);
+    const d=await r.json();
+    if(r.ok){
+      showAdminMsg(msg,d.message,'ok');
+      document.getElementById('new-username').value='';
+      document.getElementById('new-password').value='';
+      document.getElementById('new-perm-stt').checked=false;
+      document.getElementById('new-perm-ocr').checked=false;
+      loadUsers();
+    } else showAdminMsg(msg,d.detail||'실패','err');
+  } catch{showAdminMsg(msg,'서버 오류','err')}
+});
+
+function openEditModal(username, stt, ocr){
+  editTarget=username;
+  document.getElementById('edit-modal-username').textContent=username;
+  document.getElementById('edit-perm-stt').checked=stt;
+  document.getElementById('edit-perm-ocr').checked=ocr;
+  document.getElementById('edit-password').value='';
+  document.getElementById('edit-msg').style.display='none';
+  document.getElementById('edit-modal').classList.add('visible');
+}
+
+document.getElementById('btn-modal-cancel').addEventListener('click',()=>{
+  document.getElementById('edit-modal').classList.remove('visible');
+});
+
+document.getElementById('btn-modal-save').addEventListener('click', async()=>{
+  if(!editTarget)return;
+  const fd=new FormData();
+  fd.append('perm_stt',document.getElementById('edit-perm-stt').checked?'true':'false');
+  fd.append('perm_ocr',document.getElementById('edit-perm-ocr').checked?'true':'false');
+  const pw=document.getElementById('edit-password').value;
+  if(pw) fd.append('password',pw);
+  try{
+    const r=await fetch(`/api/admin/users/${editTarget}`,{method:'PUT',headers:{Authorization:'Bearer '+(token||'')},body:fd});
+    const d=await r.json();
+    const msg=document.getElementById('edit-msg');
+    if(r.ok){
+      showAdminMsg(msg,d.message,'ok');
+      setTimeout(()=>{document.getElementById('edit-modal').classList.remove('visible');loadUsers()},800);
+    } else showAdminMsg(msg,d.detail||'실패','err');
+  } catch{showAdminMsg(document.getElementById('edit-msg'),'서버 오류','err')}
+});
+
+async function doDeleteUser(username){
+  if(!confirm(`"${username}" 사용자를 삭제하시겠습니까?`))return;
+  try{
+    const r=await fetch(`/api/admin/users/${username}`,{method:'DELETE',headers:{Authorization:'Bearer '+(token||'')}});
+    const d=await r.json();
+    if(r.ok) loadUsers();
+    else alert(d.detail||'삭제 실패');
+  } catch{alert('서버 오류')}
+}
+
+function showAdminMsg(el, msg, type){
+  el.style.display='block'; el.className='admin-msg '+type; el.textContent=msg;
+  setTimeout(()=>el.style.display='none',3000);
+}
+
+// ══════════════════════════════════════════════════════════════
+//  RESULT TABS
+// ══════════════════════════════════════════════════════════════
+document.addEventListener('click',e=>{
+  if(!e.target.classList.contains('tab-btn'))return;
+  const parent=e.target.closest('.result-tabs');
+  parent.querySelectorAll('.tab-btn').forEach(b=>b.classList.remove('active'));
+  e.target.classList.add('active');
+  const panel=parent.closest('.panel');
+  panel.querySelectorAll('.tab-content').forEach(c=>c.classList.remove('active'));
+  const t=document.getElementById(e.target.dataset.tab);if(t)t.classList.add('active');
+});
+
+function resetTabs(id){
+  const t=document.getElementById(id);if(!t)return;
+  t.querySelectorAll('.tab-btn').forEach((b,i)=>b.classList.toggle('active',i===0));
+  const p=t.closest('.panel');
+  p.querySelectorAll('.tab-content').forEach((c,i)=>c.classList.toggle('active',i===0));
+}
+
+// ══════════════════════════════════════════════════════════════
+//  POLLING / 공통 유틸
+// ══════════════════════════════════════════════════════════════
+function pollTask(taskId, onProgress, onSuccess, onError){
+  const t=setInterval(async()=>{
+    try{
+      const r=await api('GET','/api/status/'+taskId);
+      if(r.status===401){clearInterval(t);showLogin();return}
+      const d=await r.json();
+      onProgress(d);
+      if(d.state==='success'){clearInterval(t);onSuccess(d)}
+      else if(d.state==='failure'){clearInterval(t);onError(d.message||'실패')}
+    } catch{}
+  },1500);
+}
+
+async function dlFile(fn){
+  if(!fn)return;
+  try{
+    const r=await api('GET','/api/download/'+fn);if(!r.ok)return;
+    const b=await r.blob();const u=URL.createObjectURL(b);
+    const a=document.createElement('a');a.href=u;a.download=fn;a.click();URL.revokeObjectURL(u);
+  } catch{}
+}
+
+function setProg(prefix,pct,msg){
+  document.getElementById(prefix+'-pfill').style.width=pct+'%';
+  document.getElementById(prefix+'-pmsg').textContent=msg;
+  document.getElementById(prefix+'-ppct').textContent=pct+'%';
+}
+
+function showFileInfo(p,f){
+  document.getElementById(p+'-info').style.display='block';
+  document.getElementById(p+'-fname').textContent=f.name;
+  document.getElementById(p+'-fsize').textContent=fmtBytes(f.size);
+}
+
+function fmtBytes(b){if(b<1024)return b+' B';if(b<1048576)return(b/1024).toFixed(1)+' KB';return(b/1048576).toFixed(1)+' MB'}
+function fmtDur(s){if(!s)return '—';return Math.floor(s/60)+'분 '+Math.floor(s%60)+'초'}
+function fmtTime(s){const m=Math.floor(s/60),ss=Math.floor(s%60);return String(m).padStart(2,'0')+':'+String(ss).padStart(2,'0')}
+function esc(s){return String(s||'').replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;')}
+async function copyText(text,btn){try{await navigator.clipboard.writeText(text);const o=btn.textContent;btn.textContent='복사됨 ✓';setTimeout(()=>btn.textContent=o,1500)}catch{}}
+
+// ══════════════════════════════════════════════════════════════
+checkAuth();
+</script>
+</body>
+</html>
diff --git a/app/tasks.py b/app/tasks.py
new file mode 100644
index 0000000..cb9952f
--- /dev/null
+++ b/app/tasks.py
@@ -0,0 +1,155 @@
+import os
+import httpx
+from celery import Celery
+from ocr_tasks import ocr_task  # noqa: F401 — worker에 등록
+
+REDIS_URL      = os.getenv("REDIS_URL", "redis://redis:6379/0")
+MODEL_SIZE     = os.getenv("WHISPER_MODEL", "medium")
+DEVICE         = os.getenv("WHISPER_DEVICE", "cpu")
+COMPUTE_TYPE   = os.getenv("WHISPER_COMPUTE_TYPE", "int8")
+LANGUAGE       = os.getenv("WHISPER_LANGUAGE", "ko") or None
+BEAM_SIZE      = int(os.getenv("WHISPER_BEAM_SIZE", "5"))
+INITIAL_PROMPT = os.getenv("WHISPER_INITIAL_PROMPT", "") or None
+OUTPUT_DIR     = os.getenv("OUTPUT_DIR", "/data/outputs")
+OLLAMA_URL     = os.getenv("OLLAMA_URL", "http://192.168.0.126:11434")
+OLLAMA_TIMEOUT = int(os.getenv("OLLAMA_TIMEOUT", "180"))
+
+celery_app = Celery("whisper_tasks", broker=REDIS_URL, backend=REDIS_URL)
+celery_app.conf.update(
+    task_serializer="json",
+    result_serializer="json",
+    accept_content=["json"],
+    task_track_started=True,
+    result_expires=3600,
+)
+
+_model = None
+
+def get_model():
+    global _model
+    if _model is None:
+        from faster_whisper import WhisperModel
+        print(f"[Whisper] 로딩: {MODEL_SIZE} / {DEVICE} / {COMPUTE_TYPE}")
+        _model = WhisperModel(MODEL_SIZE, device=DEVICE, compute_type=COMPUTE_TYPE)
+        print("[Whisper] 로드 완료")
+    return _model
+
+
+# ── Ollama 후처리 ─────────────────────────────────────────────
+def _ollama_postprocess(text: str, model: str) -> str:
+    """Whisper 결과를 Ollama로 후처리 (문장부호·맞춤법·자연스러운 문장)"""
+    if not model or not text.strip():
+        return text
+    prompt = (
+        "다음은 음성 인식으로 추출된 텍스트입니다. "
+        "내용은 절대 변경하지 말고, 문장 부호를 추가하고 자연스럽게 다듬어줘. "
+        "결과 텍스트만 출력하고 설명은 하지 마.\n\n"
+        f"{text}"
+    )
+    try:
+        resp = httpx.post(
+            f"{OLLAMA_URL}/api/chat",
+            json={
+                "model":    model,
+                "messages": [{"role": "user", "content": prompt}],
+                "stream":   False,
+                "options":  {"temperature": 0.1},
+            },
+            timeout=float(OLLAMA_TIMEOUT),
+        )
+        resp.raise_for_status()
+        result = resp.json().get("message", {}).get("content", "").strip()
+        return result if result else text
+    except Exception as e:
+        print(f"[Ollama 후처리 실패] {e} — 원본 텍스트 사용")
+        return text
+
+
+# ════════════════════════════════════════════════════════════════
+#  STT Celery Task
+# ════════════════════════════════════════════════════════════════
+@celery_app.task(bind=True, name="tasks.transcribe_task", queue="stt")
+def transcribe_task(
+    self,
+    file_id:      str,
+    audio_path:   str,
+    use_ollama:   bool = False,
+    ollama_model: str  = "",
+):
+    self.update_state(state="PROGRESS", meta={"progress": 5, "message": "모델 준비 중..."})
+    try:
+        model = get_model()
+        self.update_state(state="PROGRESS", meta={"progress": 15, "message": "오디오 분석 중..."})
+
+        segments_gen, info = model.transcribe(
+            audio_path,
+            language=LANGUAGE,
+            beam_size=BEAM_SIZE,
+            initial_prompt=INITIAL_PROMPT,
+            vad_filter=True,
+            vad_parameters=dict(min_silence_duration_ms=500),
+            word_timestamps=False,
+        )
+
+        self.update_state(state="PROGRESS", meta={"progress": 30, "message": "텍스트 변환 중..."})
+
+        segments, parts = [], []
+        duration = info.duration
+
+        for seg in segments_gen:
+            segments.append({"start": round(seg.start,2),
+                             "end":   round(seg.end,2),
+                             "text":  seg.text.strip()})
+            parts.append(seg.text.strip())
+            if duration > 0:
+                pct = 30 + int((seg.end / duration) * 50)
+                self.update_state(
+                    state="PROGRESS",
+                    meta={"progress": min(pct, 80),
+                          "message": f"변환 중... {seg.end:.0f}s / {duration:.0f}s"},
+                )
+
+        raw_text  = "\n".join(parts)
+        full_text = raw_text
+
+        # Ollama 후처리
+        if use_ollama and ollama_model:
+            self.update_state(state="PROGRESS",
+                              meta={"progress": 85,
+                                    "message": f"Ollama({ollama_model}) 후처리 중..."})
+            full_text = _ollama_postprocess(raw_text, ollama_model)
+
+        self.update_state(state="PROGRESS", meta={"progress": 95, "message": "파일 저장 중..."})
+        os.makedirs(OUTPUT_DIR, exist_ok=True)
+        output_filename = f"{file_id}.txt"
+
+        with open(os.path.join(OUTPUT_DIR, output_filename), "w", encoding="utf-8") as f:
+            f.write(f"# 변환 결과\n# 언어: {info.language}  |  재생 시간: {duration:.1f}초")
+            if use_ollama and ollama_model:
+                f.write(f"  |  Ollama 후처리: {ollama_model}")
+            f.write("\n\n## 전체 텍스트\n\n" + full_text + "\n\n")
+            f.write("## 타임스탬프별 세그먼트\n\n")
+            for seg in segments:
+                f.write(f"[{_fmt(seg['start'])} → {_fmt(seg['end'])}]  {seg['text']}\n")
+
+        try: os.remove(audio_path)
+        except: pass
+
+        return {
+            "text":         full_text,
+            "raw_text":     raw_text,
+            "segments":     segments,
+            "language":     info.language,
+            "duration":     round(duration, 1),
+            "output_file":  output_filename,
+            "ollama_used":  use_ollama and bool(ollama_model),
+            "ollama_model": ollama_model if (use_ollama and ollama_model) else "",
+        }
+
+    except Exception as e:
+        raise Exception(f"변환 실패: {str(e)}")
+
+
+def _fmt(s):
+    m, sec = divmod(int(s), 60)
+    return f"{m:02d}:{sec:02d}"
diff --git a/auth.py b/auth.py
new file mode 100755
index 0000000..034987e
--- /dev/null
+++ b/auth.py
@@ -0,0 +1,45 @@
+import os
+from datetime import datetime, timedelta
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from jose import JWTError, jwt
+
+SECRET_KEY   = os.getenv("JWT_SECRET", "fallback-secret-change-this")
+ALGORITHM    = "HS256"
+EXPIRE_HOURS = int(os.getenv("JWT_EXPIRE_HOURS", "12"))
+
+AUTH_USERNAME = os.getenv("AUTH_USERNAME", "admin")
+AUTH_PASSWORD = os.getenv("AUTH_PASSWORD", "changeme1234")
+
+bearer = HTTPBearer(auto_error=False)
+
+
+def authenticate(username: str, password: str) -> bool:
+    return username == AUTH_USERNAME and password == AUTH_PASSWORD
+
+
+def create_access_token(username: str) -> str:
+    expire = datetime.utcnow() + timedelta(hours=EXPIRE_HOURS)
+    return jwt.encode({"sub": username, "exp": expire}, SECRET_KEY, algorithm=ALGORITHM)
+
+
+def require_auth(credentials: HTTPAuthorizationCredentials = Depends(bearer)):
+    if credentials is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="인증이 필요합니다",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    try:
+        payload = jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM])
+        username: str = payload.get("sub")
+        if username is None or username != AUTH_USERNAME:
+            raise JWTError()
+    except JWTError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="토큰이 유효하지 않거나 만료되었습니다",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return username
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..99ffd7d
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,113 @@
+services:
+  redis:
+    image: redis:7-alpine
+    container_name: whisper_redis
+    restart: unless-stopped
+    # RDB 스냅샷 저장 실패 시에도 쓰기 허용 (Celery 브로커 용도)
+    command: redis-server --stop-writes-on-bgsave-error no
+    environment:
+      - TZ=Asia/Seoul
+    volumes:
+      - redis_data:/data
+    networks:
+      - whisper_net
+
+  app:
+    build:
+      context: ./app
+      dockerfile: Dockerfile
+    container_name: whisper_app
+    restart: unless-stopped
+    ports:
+      - "8800:8000"              # 호스트 Nginx가 리버스 프록시
+    environment:
+      - TZ=Asia/Seoul
+
+      # ── 인증 (반드시 변경) ──────────────────────────────
+      - AUTH_USERNAME=byun
+      - AUTH_PASSWORD=admin
+      - JWT_SECRET=your-very-secret-key-change-this
+      - JWT_EXPIRE_HOURS=12
+
+      # ── Whisper STT ─────────────────────────────────────
+      - REDIS_URL=redis://redis:6379/0
+      - UPLOAD_DIR=/data/uploads
+      - OUTPUT_DIR=/data/outputs
+      - WHISPER_MODEL=medium      # tiny/base/small/medium/large-v3
+      - WHISPER_DEVICE=cpu
+      - WHISPER_COMPUTE_TYPE=int8
+      - WHISPER_LANGUAGE=ko
+      - WHISPER_BEAM_SIZE=5
+      - WHISPER_INITIAL_PROMPT=  # 예: "고객 상담 녹취록입니다."
+
+      # ── 파일 관리 ────────────────────────────────────────
+      - MAX_UPLOAD_MB=500
+      - OUTPUT_KEEP_HOURS=48
+
+      # ── PaddleOCR ────────────────────────────────────────
+      - OCR_LANG=korean           # korean/en/japan/chinese_cht/ch
+
+      # ── Ollama OCR ───────────────────────────────────────
+      # 호스트 실제 LAN IP 사용 (host.docker.internal은 Linux에서 불안정)
+      - OLLAMA_URL=http://192.168.0.126:11434
+      - OLLAMA_TIMEOUT=600       # 11b 이상 모델은 300 이상 권장
+
+    volumes:
+      - stt_data:/data
+      - whisper_models:/root/.cache/huggingface
+      - paddle_models:/root/.paddlex
+    depends_on:
+      - redis
+    networks:
+      - whisper_net
+
+  worker:
+    build:
+      context: ./app
+      dockerfile: Dockerfile
+    container_name: whisper_worker
+    restart: unless-stopped
+    # --pool=solo : CTranslate2(faster-whisper)가 prefork 방식과 충돌(SIGSEGV) 발생
+    #               solo 모드로 포크 없이 실행하여 해결
+    # --max-tasks-per-child=50 : Whisper/Paddle 모델 메모리 누수 방지
+    command: >
+      celery -A tasks worker
+      --loglevel=info
+      --pool=solo
+      --max-tasks-per-child=50
+      -Q stt,ocr
+    environment:
+      - TZ=Asia/Seoul
+      - REDIS_URL=redis://redis:6379/0
+      - UPLOAD_DIR=/data/uploads
+      - OUTPUT_DIR=/data/outputs
+      - WHISPER_MODEL=medium
+      - WHISPER_DEVICE=cpu
+      - WHISPER_COMPUTE_TYPE=int8
+      - WHISPER_LANGUAGE=ko
+      - WHISPER_BEAM_SIZE=5
+      - WHISPER_INITIAL_PROMPT=
+      - MAX_UPLOAD_MB=500
+      - OUTPUT_KEEP_HOURS=48
+      - OCR_LANG=korean
+      - OLLAMA_URL=http://192.168.0.126:11434
+      - OLLAMA_TIMEOUT=600
+      - JWT_SECRET=your-very-secret-key-change-this
+    volumes:
+      - stt_data:/data
+      - whisper_models:/root/.cache/huggingface
+      - paddle_models:/root/.paddlex
+    depends_on:
+      - redis
+    networks:
+      - whisper_net
+
+volumes:
+  redis_data:
+  stt_data:
+  whisper_models:
+  paddle_models:
+
+networks:
+  whisper_net:
+    driver: bridge
diff --git a/docker-compose.yml.bak b/docker-compose.yml.bak
new file mode 100644
index 0000000..b5a2605
--- /dev/null
+++ b/docker-compose.yml.bak
@@ -0,0 +1,141 @@
+
+# ════════════════════════════════════════════════════════════════════
+#  VoiceScript — 주요 설정 체크리스트
+#  빌드 전에 아래 항목을 반드시 확인하세요
+# ════════════════════════════════════════════════════════════════════
+#
+#  ✅ 필수 변경
+#     AUTH_USERNAME / AUTH_PASSWORD / JWT_SECRET
+#
+#  🔧 환경에 맞게 조정
+#     TZ              → 타임존 (기본: Asia/Seoul)
+#     WHISPER_MODEL   → tiny/base/small/medium/large-v3
+#                        5825u + 16GB RAM 기준: medium 권장
+#     MAX_UPLOAD_MB   → 업로드 최대 크기 (기본: 500MB)
+#     OUTPUT_KEEP_HOURS → 결과 파일 보관 시간 (기본: 48h, 0=삭제 안 함)
+#     JWT_EXPIRE_HOURS  → 로그인 세션 유지 시간 (기본: 12h)
+#
+#  🌐 Ollama 설정
+#     OLLAMA_URL      → 같은 호스트이므로 host.docker.internal:11434 그대로 사용
+#     OLLAMA_TIMEOUT  → 큰 모델(11b+) 사용 시 늘려주세요 (기본: 180초)
+#
+# ════════════════════════════════════════════════════════════════════
+
+services:
+  redis:
+    image: redis:7-alpine
+    container_name: whisper_redis
+    restart: unless-stopped
+    environment:
+      - TZ=Asia/Seoul
+    volumes:
+      - redis_data:/data
+    networks:
+      - whisper_net
+
+  app:
+    build:
+      context: ./app
+      dockerfile: Dockerfile
+    container_name: whisper_app
+    restart: unless-stopped
+    ports:
+      - "8800:8000"    # 호스트 Nginx가 프록시 → 외부 직접 접근 차단
+    environment:
+      # ── 타임존 ──────────────────────────────────────────
+      - TZ=Asia/Seoul             # 로그·파일 타임스탬프에 영향
+
+      # ── 인증 (반드시 변경) ──────────────────────────────
+      - AUTH_USERNAME=byun
+      - AUTH_PASSWORD=admin
+      - JWT_SECRET=your-very-secret-key-change-this
+      - JWT_EXPIRE_HOURS=12       # 로그인 세션 유지 시간 (1~720 사이)
+
+      # ── Whisper STT ─────────────────────────────────────
+      - REDIS_URL=redis://redis:6379/0
+      - UPLOAD_DIR=/data/uploads
+      - OUTPUT_DIR=/data/outputs
+      - WHISPER_MODEL=medium      # tiny/base/small/medium/large-v3
+      - WHISPER_DEVICE=cpu        # 5825u = CPU (GPU 없음)
+      - WHISPER_COMPUTE_TYPE=int8 # CPU 최적화: int8 권장
+      - WHISPER_LANGUAGE=ko       # 한국어 고정 (다국어 필요 시 비워두면 자동 감지)
+      - WHISPER_BEAM_SIZE=5       # 정확도↑ vs 속도↓, 기본 5 권장
+      - WHISPER_INITIAL_PROMPT=   # 한국어 인식 힌트 (예: "안녕하세요. 통화 내용입니다.")
+                                  # 도메인 특화 단어가 있으면 여기에 넣으면 정확도 향상
+
+      # ── 파일 관리 ────────────────────────────────────────
+      - MAX_UPLOAD_MB=500         # 업로드 최대 파일 크기 (MB)
+      - OUTPUT_KEEP_HOURS=48      # 결과 파일 보관 시간 (0=무제한, 디스크 관리 주의)
+
+      # ── PaddleOCR ────────────────────────────────────────
+      - OCR_LANG=korean           # korean/en/japan/chinese_cht/ch
+      - OCR_USE_GPU=false
+
+      # ── Ollama OCR ───────────────────────────────────────
+      # 같은 Debian 호스트의 Ollama(11434) → host.docker.internal 사용
+      - OLLAMA_URL=http://192.168.0.126:11434
+      - OLLAMA_TIMEOUT=180        # 초 단위, llama3.2-vision:11b 이상은 300 이상 권장
+
+    volumes:
+      - stt_data:/data
+      - whisper_models:/root/.cache/huggingface
+      - paddle_models:/root/.paddleocr
+    extra_hosts:
+      - "host.docker.internal:host-gateway"   # Linux에서 host 참조 필수
+    depends_on:
+      - redis
+    networks:
+      - whisper_net
+
+  worker:
+    build:
+      context: ./app
+      dockerfile: Dockerfile
+    container_name: whisper_worker
+    restart: unless-stopped
+    # --max-tasks-per-child: N개 태스크 처리 후 워커 재시작 → 메모리 누수 방지
+    # Whisper + PaddleOCR 모델이 메모리에 계속 쌓이는 것을 막아줌
+    command: >
+      celery -A tasks worker --pool=solo
+      --loglevel=info
+      --concurrency=1
+      --max-tasks-per-child=50
+      -Q stt,ocr
+    environment:
+      - TZ=Asia/Seoul
+      - REDIS_URL=redis://redis:6379/0
+      - UPLOAD_DIR=/data/uploads
+      - OUTPUT_DIR=/data/outputs
+      - WHISPER_MODEL=medium
+      - WHISPER_DEVICE=cpu
+      - WHISPER_COMPUTE_TYPE=int8
+      - WHISPER_LANGUAGE=ko
+      - WHISPER_BEAM_SIZE=5
+      - WHISPER_INITIAL_PROMPT=
+      - MAX_UPLOAD_MB=500
+      - OUTPUT_KEEP_HOURS=48
+      - OCR_LANG=korean
+      - OCR_USE_GPU=false
+      - OLLAMA_URL=http://192.168.0.126:11434
+      - OLLAMA_TIMEOUT=180
+      - JWT_SECRET=your-very-secret-key-change-this
+    volumes:
+      - stt_data:/data
+      - whisper_models:/root/.cache/huggingface
+      - paddle_models:/root/.paddleocr
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    depends_on:
+      - redis
+    networks:
+      - whisper_net
+
+volumes:
+  redis_data:
+  stt_data:
+  whisper_models:
+  paddle_models:
+
+networks:
+  whisper_net:
+    driver: bridge
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
new file mode 100644
index 0000000..b846f21
--- /dev/null
+++ b/nginx/Dockerfile
@@ -0,0 +1,2 @@
+FROM nginx:alpine
+COPY nginx.conf /etc/nginx/nginx.conf
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..c888bc2
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,43 @@
+worker_processes auto;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    sendfile      on;
+    keepalive_timeout 65;
+
+    # 업로드 파일 크기 제한 (통화 녹음 파일 고려)
+    client_max_body_size 500M;
+    client_body_timeout 300s;
+    proxy_read_timeout   300s;
+    proxy_send_timeout   300s;
+
+    upstream fastapi {
+        server app:8000;
+    }
+
+    server {
+        listen 80;
+        server_name _;
+
+        # 큰 파일 업로드 버퍼
+        client_body_buffer_size 10M;
+
+        location / {
+            proxy_pass         http://fastapi;
+            proxy_set_header   Host              $host;
+            proxy_set_header   X-Real-IP         $remote_addr;
+            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto $scheme;
+
+            # 대용량 업로드를 위한 타임아웃
+            proxy_connect_timeout 60s;
+            proxy_read_timeout    600s;
+            proxy_send_timeout    600s;
+        }
+    }
+}