Fix QA findings: non-interactive auth, input validation, error hygiene#56
Merged
Conversation
Auth/login: - Auto-login now only runs in interactive sessions; headless/CI runs get a clean not_authenticated error (exit 4) instead of a 120s browser wait - Explicit empty --api-key is a usage error instead of a browser flow - Loopback callback server binds before the browser opens - Browser flow prints a waiting hint with the --api-key alternative - Login timeout is typed not_authenticated; whoami exits 4 on rejected key Transcribe/transcripts/llm/account: - An explicit source plus --sample is now a usage error - A directory passed as the audio source fails fast before credentials - list-transcripts requests no longer carry a bogus model_config param (assemblyai 0.64.4 + pydantic 2.13.4 serialization workaround) - validate_key network errors compact to one line (no httpx Request repr) - transcribe --show-code honors -o (srt/utterances/json/id/status) - New client-side validation: --limit >= 1, --audio-start >= 0, --language-code vs --language-detection conflict, --speakers-expected requires speaker labels, unknown PII policies list valid values - yt-dlp errors no longer print twice (quiet logger) - llm --follow with empty piped stdin is a usage error, not silent exit 0 - usage validates --start/--end dates before session resolution https://claude.ai/code/session_01Uv7cEgJi2LgknkvfHP52g7
- stream --show-code generates code for the actual source: files/URLs decode through ffmpeg to PCM at the requested rate (mirroring the run path), stdin reads sys.stdin.buffer, mic stays mic; the hardcoded 16 kHz override is gone and --sample-rate/--config sample_rate win - agent <file> --show-code warns on stderr that the snippet is mic-based - stream <youtube-url> --show-code is a clean usage error - websockets logger silenced so reader-thread EOFs never dump tracebacks - agent maps a handshake 403 to api_error like stream; 401/policy-close still read as a rejected key - --json with -o text is rejected on stream and agent - the agent headphones notice routes to stderr in non-JSON modes - mic-open failures name the default microphone and suggest fixes https://claude.ai/code/session_01Uv7cEgJi2LgknkvfHP52g7
- aai dev (and share's inner server) now binds 127.0.0.1 by default; --host 0.0.0.0 is an explicit opt-in, and the printed URL matches the actual bind (template Procfiles keep 0.0.0.0 for deploy targets) - deploy checks for a Procfile before requiring a deploy CLI, and rejects --prod for non-Vercel targets - cloudflared/flyctl install hints are platform-aware (brew on macOS, official install docs elsewhere) - the init banner prints to stderr, keeping stdout pipeline-clean - init --help enumerates the template names - doctor names the active profile/environment and points its connectivity fix at the active environment's API host - keyring-write failures suggest ASSEMBLYAI_API_KEY on headless boxes - config validation errors compact to field: reason (no pydantic URLs) - unknown-env errors mention the profile's stored env as a third source - setup install's help summary is a complete sentence - AGENTS.md: --json is never auto-enabled; command list matches reality https://claude.ai/code/session_01Uv7cEgJi2LgknkvfHP52g7
Session lessons baked into AGENTS.md: probe API reachability before real-API testing (egress proxies often block AssemblyAI hosts), isolate XDG_CONFIG_HOME per manual test run (concurrent runs stomp the shared config.toml), keep scratch redirects out of the repo root, and wrap mic/browser paths in timeouts on headless boxes. pytest-timeout joins the dev group so a stuck test fails instead of wedging a session. https://claude.ai/code/session_01Uv7cEgJi2LgknkvfHP52g7
…ity gate Extract the auto-login flow from run_command and split render into header/transcribe/result helpers; behavior unchanged. https://claude.ai/code/session_01Uv7cEgJi2LgknkvfHP52g7
The audit auto-login test needed the same force-interactive shim as its eight siblings now that auto-login is TTY-gated, and the directory-source assertion must tolerate Rich wrapping long tmp paths. https://claude.ai/code/session_01Uv7cEgJi2LgknkvfHP52g7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Auth/login:
a clean not_authenticated error (exit 4) instead of a 120s browser wait
Transcribe/transcripts/llm/account:
(assemblyai 0.64.4 + pydantic 2.13.4 serialization workaround)
--language-code vs --language-detection conflict, --speakers-expected
requires speaker labels, unknown PII policies list valid values
https://claude.ai/code/session_01Uv7cEgJi2LgknkvfHP52g7