Add podcli ui + backend hardening and audit fixes#30
Merged
Conversation
- cli: add `podcli ui` (alias `webui`) to launch the Studio dashboard - transcription: run diarization + face analysis for the whisper.cpp engine too, so speaker-aware framing works on native installs (not just whisper-py) - clips: select suggestions by score before truncating (was earliest-by- timeline); dedupe by temporal overlap instead of exact rounded range - captions: hold each chunk through short pauses to stop boundary flicker - bridge: kill the process group on timeout (no orphaned ffmpeg/whisper), handle stdin EPIPE, buffer stderr across chunks, scan stdout for result - studio: stream-source serves only user-selected/uploaded media + a media- extension gate (blocks arbitrary file reads via a forged ui-state) - cli: require PODCLI_INSECURE_SSL=1 before disabling TLS verification - ui: round clip-card media top corners
- face_analysis: sample frames via grab()/retrieve() instead of a POS_MSEC seek per frame — ~5x faster (1.3s vs 6.6s on a 29s clip), identical crop output; offsets the face-analysis cost the whisper.cpp path now incurs - clips-history: clean up the temp file if the atomic save fails - web-server: exit with a clear message on EADDRINUSE instead of crashing - video_processor: drop a dead always-false branch - CLAUDE.md: /prep-episode -> /produce-shorts (command was renamed)
The shared post-transcription stage imported speaker_detection (torch) for diarization on every engine. On native installs the whisper.cpp path has no working torch, and the import hard-crashes the process (uncatchable, exit 144) mid-transcription. whisper.cpp is the no-torch path by design, so skip diarization there and keep only face analysis (OpenCV). Caught by an end-to-end render smoke test; locked with a regression test.
- stream-source: allow image MIME types so logo/asset previews work again (still gated by the allowlist; secrets stay non-streamable) - face_analysis: derive frame step from max(reported, duration*fps) so under-reported frame counts don't confine sampling to the video's start; label observations by real playback timestamp (VFR-safe) - README: /prep-episode -> /produce-shorts (matches .claude/commands) - strip restating comments added in the audit; keep only the why
|
Caution Review failedPull request was closed or merged during review 📝 WalkthroughWalkthroughThis PR renames the ChangesCommand rename: /prep-episode → /produce-shorts
Web UI command and stream-source access control
Transcription refactor and face/speaker post-processing
Clip suggestion ranking and deduplication
Caption renderer gap-filling
Process lifecycle and storage robustness
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies" Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the
podcli uicommand and a batch of backend hardening / output-quality fixes from a full code audit. All tests green (341 pytest, 47 vitest, tsc, go build+test); full pipeline verified end-to-end (renders a 1080×1920 clip).Changes
podcli ui(aliaswebui) — launches the Studio dashboard (http://localhost:3847); wired in the Python CLI and the Go launcher (help + runtime gating). The landing site already documents this command.grab()/retrieve()instead of a per-frame seek (~5× faster, identical crop output); robust to under-reported frame counts and VFR./api/stream-sourceserves only user-selected/uploaded media via an allowlist + realpath + extension gate (blocks arbitrary file reads via a forgedui-state); image types allowed so logo previews still work.PODCLI_INSECURE_SSL=1before disabling TLS verification./prep-episode→/produce-shortsdocs.Test plan
pytest tests/→ 341 passednpm test→ 47 passed;tsc --noEmitcleancd cli && go build && go test ./...→ passpodcli ui→ serves localhost:3847 (verified)podcli process sample.mp4 --top 1→ renders a valid 1080×1920 h264/aac clipui-statepath → 403; legitselect-file→ 200Summary by CodeRabbit
New Features
Bug Fixes