Upload files to "/"

This commit is contained in:
2026-04-23 16:22:48 +00:00
parent 7a06dd6ce1
commit df25a8efa6
5 changed files with 418 additions and 0 deletions

36
.cleanignore Normal file
View File

@@ -0,0 +1,36 @@
# Paths to exclude from the clean branch
# One path per line. Directories end with /
# Lines starting with # are comments
# Claude Code artifacts (everywhere in the repo)
.claude/
**/.claude/
# Management workspace — not part of the product
features/
# Marketing and presentations
presentation.html
# Not shipping in 0.10 — zero readiness
services/calendar-service/
# Not shipping in 0.10 — not properly tested
services/telegram-bot/
# Dashboard development artifacts
services/dashboard/agent-flow.js
services/dashboard/agent-inspect.js
services/dashboard/auth-validate.js
services/dashboard/auth-validate2.js
services/dashboard/auth-validate3.js
services/dashboard/auth-validate-final.js
services/dashboard/check-pages.js
services/dashboard/deliver-validate.js
services/dashboard/deliver-validate.ts
services/dashboard/feature-validate.js
services/dashboard/test-agent-panel.mjs
services/dashboard/docs/screenshots/
# Orphaned docs
docs/tests/

4
.dockerignore Normal file
View File

@@ -0,0 +1,4 @@
hub/
.git/
**/__pycache__/
**/*.pyc

117
.env Normal file
View File

@@ -0,0 +1,117 @@
# ---------------------------------------------------------------------------
# Base de données externe (Supabase)
# Project Settings → Database → Connection string
# ---------------------------------------------------------------------------
DB_HOST=aws-0-eu-west-1.pooler.supabase.com
DB_PORT=5432
DB_NAME=postgres
DB_USER=postgres.ogjzkmbvorbcdbfltiib
DB_PASSWORD=o2FeWHSz04kgVRL4
DB_SSL_MODE=require
# ---------------------------------------------------------------------------
# Secrets (générer chacun avec : openssl rand -hex 32)
# ---------------------------------------------------------------------------
# Token pour les endpoints /admin/* de admin-api (header X-Admin-API-Key)
ADMIN_API_TOKEN=3209a9a3af263757e2803625ff7c5931c7f2d61c37aaf9629cd888fd172b553d68
ADMIN_TOKEN=5622b7e0de1a38e613ba8442231120fb3b94e49ec427abaacf629ad8ac440a81
# Secret partagé entre admin-api et api-gateway pour /internal/validate
# DOIT être identique dans les deux services
INTERNAL_API_SECRET=a499796b63273356f599a5d592a1c4d0af8009ecd1f6d1729235331197639ffa
# Token partagé entre meeting-api et runtime-api
RUNTIME_API_TOKEN=408fdf4e7e80f015f6ceb2da182a70d9439e1504c613dd9044ec8eba2cfd4bc2
# Token read-only pour les endpoints analytics (optionnel)
# ANALYTICS_API_TOKEN=
# ---------------------------------------------------------------------------
# Bot
# ---------------------------------------------------------------------------
# En prod (image publique) :
BOT_IMAGE_NAME=vexaai/vexa-bot:latest
# URL callback baked dans la config des bots spawned
# En local (réseau interne Docker) :
MEETING_API_URL=http://meeting-api:8080
# En prod :
# MEETING_API_URL=https://cr-meet.ashia.sn
# ---------------------------------------------------------------------------
# Services optionnels
# La gateway démarre avec ces URLs fictives si les services ne sont pas déployés.
# Les endpoints /transcripts et /mcp retourneront des erreurs à l'usage.
# ---------------------------------------------------------------------------
TRANSCRIPTION_COLLECTOR_URL=http://meeting-api:8080
TRANSCRIPTION_SERVICE_URL=http://transcription:8083/v1/audio/transcriptions
# ---------------------------------------------------------------------------
# Divers
# ---------------------------------------------------------------------------
LOG_LEVEL=INFO
CORS_ORIGINS=*
BOT_STOP_DELAY_SECONDS=90
VEXA_ENV=development # désactive /docs et /openapi.json sur admin-api
# ---------------------------------------------------------------------------
# Divers
# ---------------------------------------------------------------------------
# Model configuration
MODEL_SIZE=medium
# Available models (all multilingual):
# - tiny, base, small, medium, large-v2, large-v3, large-v3-turbo
#
# Recommended: large-v3-turbo + INT8
# - GPU VRAM: ~2.1 GB (validated)
# - Quality: Excellent (95-98% accuracy)
# - Speed: Very fast (>10x real-time)
# - Multilingual: 99+ languages
# Device configuration
# DEVICE=cuda # For GPU (default)
DEVICE=cpu # For CPU-only
# Compute type (optimization)
COMPUTE_TYPE=int8 # Default: 50-60% VRAM reduction, 2-4x CPU speedup, minimal accuracy loss
# COMPUTE_TYPE=float16 # GPU only: Maximum speed, higher VRAM usage (~6-8 GB)
# CPU optimization (only used when DEVICE=cpu)
# CPU_THREADS=4 # Set to number of physical CPU cores (0 = auto-detect)
# Load management / backpressure
# These control how the service behaves under load.
# Recommended for WhisperLive streaming: FAIL_FAST_WHEN_BUSY=true
MAX_CONCURRENT_TRANSCRIPTIONS=2 # Max concurrent model calls per worker
MAX_QUEUE_SIZE=10 # Max requests waiting (ignored when FAIL_FAST_WHEN_BUSY=true)
FAIL_FAST_WHEN_BUSY=true # Return 503 immediately when busy (lets WhisperLive keep buffering/coalescing)
BUSY_RETRY_AFTER_S=1 # Retry-After header value (seconds) for busy/overload responses
# Quality parameters (derived from WhisperLive best practices)
# These parameters improve transcription quality and accuracy
BEAM_SIZE=5 # Beam size: 1 = greedy (fast), 5 = beam search (better quality, slower)
BEST_OF=5 # Number of candidates when sampling with non-zero temperature
COMPRESSION_RATIO_THRESHOLD=1.8 # If gzip compression ratio > this, treat as failed (hallucination detection) - lowered to catch repetitions
LOG_PROB_THRESHOLD=-1.0 # If avg log probability < this, treat as failed
NO_SPEECH_THRESHOLD=0.6 # If no_speech_prob > this AND log_prob < threshold, consider silent
CONDITION_ON_PREVIOUS_TEXT=false # Use previous output as prompt for next window - DISABLED to prevent repetition loops
PROMPT_RESET_ON_TEMPERATURE=0.3 # Reset prompt if temperature > this (prevents stuck loops) - lowered for more aggressive reset
REPETITION_PENALTY=1.1 # Penalize repeated tokens (>1.0 = penalize). Prevents "they are saying they are saying..."
NO_REPEAT_NGRAM_SIZE=3 # Hard-block any 3-word phrase from repeating
# VAD (Voice Activity Detection) parameters
VAD_FILTER=true # Enable VAD to filter out non-speech audio
VAD_FILTER_THRESHOLD=0.5 # VAD onset threshold (0-1): higher = less sensitive to noise
VAD_MIN_SILENCE_DURATION_MS=160 # Minimum silence duration in milliseconds
# Temperature fallback chain (for quality improvement)
# Uses multiple temperatures and falls back if compression_ratio or log_prob thresholds are exceeded
USE_TEMPERATURE_FALLBACK=true # Enable temperature fallback chain [0.0, 0.2, 0.4, 0.6, 0.8, 1.0]
# API Token for securing the service
# This token must match TRANSCRIPTION_SERVICE_API_TOKEN in the gateway
# If not set, service will accept all requests (not recommended for production)
API_TOKEN=271f1e185abcebdf7f610b95d388d7ce3fe7a3a7c28c565cc88ad51a165198c6

88
.gitguardian.yml Normal file
View File

@@ -0,0 +1,88 @@
# GitGuardian configuration
# See: https://docs.gitguardian.com/ggshield-docs/reference/gitguardian-yaml
secret:
# Paths that contain test fixtures, example files, and dev configs — not real secrets
ignored-paths:
- "**/tests/**"
- "**/test_*"
- "**/conftest.py"
- "**/*.test.*"
- "**/testdata/**"
- "deploy/env-example"
- "features/**/tests/**"
- "tests2/**"
- "tests3/**"
# Backup env files (deleted from tree, exist only in git history)
- ".env.backup"
- "deploy/compose/.env.bak"
# Notebook test fixtures with test API keys
- "packages/vexa-client/tests.ipynb"
- "packages/vexa-client/tests/tutorial.ipynb"
# Example/template files with placeholder credentials
- "**/.pypirc.example"
# Dashboard validation scripts with test tokens
- "services/dashboard/agent-inspect.js"
- "services/dashboard/agent-flow.js"
- "services/dashboard/auth-validate*.js"
- "services/dashboard/feature-validate.js"
# Known test/dev patterns that are not real secrets
ignored-matches:
# Test admin tokens (hardcoded in test fixtures)
- name: "test-admin-token"
match: "test-admin-token*"
- name: "changeme-default"
match: "changeme"
# Test API key prefixes (fake tokens in unit tests)
- name: "test-vxa-bot-tokens"
match: "vxa_bot_abc*"
- name: "test-vxa-bot-testkey"
match: "vxa_bot_testkey*"
- name: "test-vxa-user-tokens"
match: "vxa_user_*"
# Chrome password-store flag (not a secret)
- name: "chrome-password-store"
match: "password-store=basic"
# Helm chart template placeholders
- name: "helm-changeme"
match: "CHANGE_ME"
# vexa-internal-secret default (used in dev only)
- name: "internal-secret-default"
match: "vexa-internal-secret"
# staging admin token (dev-only, not production)
- name: "staging-admin-token"
match: "staging-admin-token"
# test-admin-token-t3 (tests3 test cluster)
- name: "test-cluster-token"
match: "test-admin-token-t3"
# Dev-only default database password (postgres:postgres for local dev)
- name: "dev-postgres-password"
match: "POSTGRES_PASSWORD=postgres"
- name: "dev-db-password"
match: "DB_PASSWORD=postgres"
- name: "dev-db-password-value"
match: "password: \"postgres\""
- name: "dev-db-url-password"
match: "postgres:postgres@"
# Dev-only MinIO defaults (non-production)
- name: "dev-minio-access-key"
match: "vexa-access-key"
- name: "dev-minio-secret-key"
match: "vexa-secret-key"
# Dev-only JWT secret
- name: "dev-jwt-secret"
match: "vexa-dev-jwt-secret"
# PyPI example placeholder
- name: "pypi-placeholder"
match: "your-pypi-api-token-here"

173
.gitignore vendored Normal file
View File

@@ -0,0 +1,173 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
!packages/transcript-rendering/dist/
downloads/
eggs/
.eggs/
lib/
!services/dashboard/src/lib/
!tests3/lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
.pytest_cache/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
.python-version
# celery beat schedule file
celerybeat-schedule
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
!deploy/env-example
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# IDE specific files
.idea/
.vscode/
*.swp
*.swo
# Project specific
model_weights/
*.pt
*.pth
# Node
node_modules/
# Docker
.docker/
docker-volumes/
.last-tag
hub/
*.mp3
# Service directories that should not be tracked
services/vexa-bot-zoom-sdk/
# Image files
*.png
# WhisperLive optimization outputs
data/
results/
test_data/
*.wav
!tests/testdata/test-speech-en.wav
*.webm
*.mp4
*.txt
!**/requirements.txt
manifest.csv
docker-compose.override.yml
.env.test
hub
test.log
.worktrees/
secrets/
# tests3: per-deployment state (VM IPs, tokens, kubeconfigs, per-run reports).
# Credentials live here. Never commit.
tests3/.state
tests3/.state-lite
tests3/.state-compose
tests3/.state-helm
tests3/.current-stage