Skip to content

[88] Create the va microservice#144

Open
Andriamanampisoa wants to merge 4 commits into
stagingfrom
88-create-the-va-microservice
Open

[88] Create the va microservice#144
Andriamanampisoa wants to merge 4 commits into
stagingfrom
88-create-the-va-microservice

Conversation

@Andriamanampisoa

Copy link
Copy Markdown
Collaborator

What type of PR is this? (check all applicable)

  • ✨ Feature
  • 🛑 Bug
  • ⚠️ Anomaly
  • 📝 Doc
  • 🎨 Style
  • 🧑‍💻 Refactor
  • 🛠️ Setup
  • 🏗️ Build
  • 🔥 Perfs
  • ✅ Test
  • 🔁 CI
  • ⏩ Revert

Description

This pull request introduces major improvements to the speech-to-speech (STS) microservice, focusing on enhanced speech recognition accuracy, integration with the Verbal Analyzer (VA) microservice, and robust WebSocket authentication. The changes optimize the Whisper model for GPU use, add hallucination filtering to reduce false transcriptions, embed real-time verbal analysis in STS responses, and enforce session-level security using JWT tokens. Additionally, the Docker and deployment configuration is updated to support these new features.

Linked GitHub Ticket

Closes EpitechPromo2027/G-EIP-600-NAN-6-1-eip-tugdual.de-reviers#88

Workspace

  • 🖥️ Web
  • 🛠️ Server
  • 🔁 CI
  • 🤖 Ai
  • 📱 App

Screenshots

Screenshot From 2026-06-30 18-21-46 Screenshot From 2026-06-30 16-41-52 Screenshot From 2026-06-30 16-40-23

@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
talk-up-ai-dev Ready Ready Preview, Comment Jun 30, 2026 10:01am

@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Cross-service session flow, optional JWT enforcement, and GPU compose changes affect production behavior; VA/STS failures are mostly degraded but interview scores and auth misconfiguration could impact users.

Overview
Introduces a Verbal Analyzer (VA) FastAPI microservice with rules-based French turn scoring (register, clarity, politeness, vocabulary), per-interview session state, and finalize that POSTs aggregates to the NestJS internal API for persistence on ai_verbal_analysis.

STS now calls VA per turn (optional, timeout-bound), embeds results as verbal_analysis inside sts_result for the C++ proxy, handles session_end → VA finalize, and adds optional JWT WebSocket auth (simulation_ws) with interview_id binding. Whisper loading prefers GPU, and transcription adds VAD, hallucination phrase filtering, and interview-biased French prompts.

Docker wires VA on port 8006 with healthchecks, GPU reservation for STS, and STS startup depending on healthy VA. Web shows live scores via useVerbalAnalysis / VerbalAnalysisPanel and sends session_end before disconnect; users can fetch saved reports via GET .../verbal-analysis.

Reviewed by Cursor Bugbot for commit 264f67b. Bugbot is set up for automated code reviews on this repo. Configure here.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 5 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 264f67b. Configure here.

)
if va_payload is not None:
payload["verbal_analysis"] = va_payload

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VA call blocks STS reply

High Severity

Each turn awaits the verbal-analyzer HTTP call (up to VA_TIMEOUT_SEC, default 3s) before sending sts_result, so AI audio and transcription are delayed even though the comment says a VA failure must not block the reply.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 264f67b. Configure here.

secret = _jwt_secret()
if not secret:
# Dev fallback: auth requested but secret not configured.
return True, None

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth skipped without JWT secret

High Severity

When STS_WS_AUTH_REQUIRED is enabled but JWT_SECRET is empty, authenticate_websocket accepts the connection with no token and no claims, so interview binding is not enforced despite auth being turned on.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 264f67b. Configure here.

if isinstance(end_interview_id, str) and end_interview_id.strip():
asyncio.create_task(
asyncio.to_thread(finalize_session, end_interview_id.strip()),
)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finalize races in-flight turns

Medium Severity

session_end triggers immediate VA finalize in a background task while the per-connection audio worker may still be processing utterances, so the session can be torn down before the last turns are analyzed or persisted.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 264f67b. Configure here.

if summary is None:
raise HTTPException(status_code=404, detail="Session not found")
await asyncio.to_thread(_persist_summary_to_backend, summary)
return summary

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VA HTTP API unauthenticated

Medium Severity

The new verbal-analyzer exposes /analyze-turn and /sessions/{id}/finalize on port 8006 without authentication, while Docker publishes that port, so anyone who can reach the service can mutate or finalize arbitrary interview sessions by ID.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 264f67b. Configure here.

Comment thread server/docker-compose.yml
networks:
server-tier:
talkup-ai:
external: true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

External network breaks compose

Medium Severity

Marking talkup-ai as external: true stops Compose from creating that network, so a server-only docker compose up fails unless talkup-ai already exists from the AI stack.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 264f67b. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant