Fix code-review findings: JSON list output, agent/TTS robustness, auth-flow structure#62
Merged
Merged
Conversation
…h-flow structure Correctness: - aai agent --list-voices and aai llm --list-models now route through run_command, so --json emits a machine-readable array instead of plain text. - File-driven agent runs fail loudly (APIError) when the session-ready wait times out, instead of silently consuming and dropping the clip's audio. - Malformed TTS Audio frames (missing or undecodable payload) map to a clear APIError; base64 is now strictly validated so junk bytes can't corrupt PCM. Structure: - New aai_cli/ws.py deduplicates the WebSocket auth-error classification and websockets logger silencing that agent/session.py and tts/session.py carried as identical copies. - NotAuthenticated gains a structured rejected_key flag; auto-login suppression keys off it instead of matching error message text. - login/logout opt out of auto-login at their run_command call sites (auto_login=False) instead of a hardcoded command-name set in context.py. - TTS PCM duration formula extracted into one helper. https://claude.ai/code/session_01RriYLpxVebHxots7yyPUo3
Security review follow-up: a session.error with UNAUTHORIZED/FORBIDDEN means a credential was presented and refused, so it must carry rejected_key=True — otherwise an interactive `aai agent` run with a bad ASSEMBLYAI_API_KEY would trigger a browser auto-login that cannot fix the failure (the env key still wins on rerun) and clobbers the profile's stored key. https://claude.ai/code/session_01RriYLpxVebHxots7yyPUo3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Correctness:
run_command, so --json emits a machine-readable array instead of plain text.
times out, instead of silently consuming and dropping the clip's audio.
APIError; base64 is now strictly validated so junk bytes can't corrupt PCM.
Structure:
websockets logger silencing that agent/session.py and tts/session.py carried
as identical copies.
keys off it instead of matching error message text.
(auto_login=False) instead of a hardcoded command-name set in context.py.
https://claude.ai/code/session_01RriYLpxVebHxots7yyPUo3