[88] Create the va microservice#144
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview STS now calls VA per turn (optional, timeout-bound), embeds results as Docker wires VA on port 8006 with healthchecks, GPU reservation for STS, and STS startup depending on healthy VA. Web shows live scores via Reviewed by Cursor Bugbot for commit 264f67b. Bugbot is set up for automated code reviews on this repo. Configure here. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 5 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 264f67b. Configure here.
| ) | ||
| if va_payload is not None: | ||
| payload["verbal_analysis"] = va_payload | ||
|
|
There was a problem hiding this comment.
VA call blocks STS reply
High Severity
Each turn awaits the verbal-analyzer HTTP call (up to VA_TIMEOUT_SEC, default 3s) before sending sts_result, so AI audio and transcription are delayed even though the comment says a VA failure must not block the reply.
Reviewed by Cursor Bugbot for commit 264f67b. Configure here.
| secret = _jwt_secret() | ||
| if not secret: | ||
| # Dev fallback: auth requested but secret not configured. | ||
| return True, None |
There was a problem hiding this comment.
Auth skipped without JWT secret
High Severity
When STS_WS_AUTH_REQUIRED is enabled but JWT_SECRET is empty, authenticate_websocket accepts the connection with no token and no claims, so interview binding is not enforced despite auth being turned on.
Reviewed by Cursor Bugbot for commit 264f67b. Configure here.
| if isinstance(end_interview_id, str) and end_interview_id.strip(): | ||
| asyncio.create_task( | ||
| asyncio.to_thread(finalize_session, end_interview_id.strip()), | ||
| ) |
There was a problem hiding this comment.
Finalize races in-flight turns
Medium Severity
session_end triggers immediate VA finalize in a background task while the per-connection audio worker may still be processing utterances, so the session can be torn down before the last turns are analyzed or persisted.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 264f67b. Configure here.
| if summary is None: | ||
| raise HTTPException(status_code=404, detail="Session not found") | ||
| await asyncio.to_thread(_persist_summary_to_backend, summary) | ||
| return summary |
There was a problem hiding this comment.
VA HTTP API unauthenticated
Medium Severity
The new verbal-analyzer exposes /analyze-turn and /sessions/{id}/finalize on port 8006 without authentication, while Docker publishes that port, so anyone who can reach the service can mutate or finalize arbitrary interview sessions by ID.
Reviewed by Cursor Bugbot for commit 264f67b. Configure here.
| networks: | ||
| server-tier: | ||
| talkup-ai: | ||
| external: true |
There was a problem hiding this comment.
External network breaks compose
Medium Severity
Marking talkup-ai as external: true stops Compose from creating that network, so a server-only docker compose up fails unless talkup-ai already exists from the AI stack.
Reviewed by Cursor Bugbot for commit 264f67b. Configure here.


What type of PR is this? (check all applicable)
Description
This pull request introduces major improvements to the speech-to-speech (STS) microservice, focusing on enhanced speech recognition accuracy, integration with the Verbal Analyzer (VA) microservice, and robust WebSocket authentication. The changes optimize the Whisper model for GPU use, add hallucination filtering to reduce false transcriptions, embed real-time verbal analysis in STS responses, and enforce session-level security using JWT tokens. Additionally, the Docker and deployment configuration is updated to support these new features.
Linked GitHub Ticket
Closes EpitechPromo2027/G-EIP-600-NAN-6-1-eip-tugdual.de-reviers#88
Workspace
Screenshots