fix: logout redirect (#802)

* Identify action items

* Add action items to mock summary

* Add action items validator

* Remove final prefix from action items

* Make on action items callback required

* Don't mutation action items response

* Assign action items to none on error

* Use timeout constant

* Exclude action items from transcript list

.github/workflows/deploy.yml

@@ -1,90 +0,0 @@
-name: Deploy to Amazon ECS
-
-on: [workflow_dispatch]
-
-env:
-  # 950402358378.dkr.ecr.us-east-1.amazonaws.com/reflector
-  AWS_REGION: us-east-1
-  ECR_REPOSITORY: reflector
-
-jobs:
-  build:
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runner: linux-amd64
-            arch: amd64
-          - platform: linux/arm64
-            runner: linux-arm64
-            arch: arm64
-
-    runs-on: ${{ matrix.runner }}
-
-    permissions:
-      contents: read
-
-    outputs:
-      registry: ${{ steps.login-ecr.outputs.registry }}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push ${{ matrix.arch }}
-        uses: docker/build-push-action@v5
-        with:
-          context: server
-          platforms: ${{ matrix.platform }}
-          push: true
-          tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest-${{ matrix.arch }}
-          cache-from: type=gha,scope=${{ matrix.arch }}
-          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
-          github-token: ${{ secrets.GHA_CACHE_TOKEN }}
-          provenance: false
-
-  create-manifest:
-    runs-on: ubuntu-latest
-    needs: [build]
-
-    permissions:
-      deployments: write
-      contents: read
-
-    steps:
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
-
-      - name: Login to Amazon ECR
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Create and push multi-arch manifest
-        run: |
-          # Get the registry URL (since we can't easily access job outputs in matrix)
-          ECR_REGISTRY=$(aws ecr describe-registry --query 'registryId' --output text).dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
-
-          docker manifest create \
-            $ECR_REGISTRY/${{ env.ECR_REPOSITORY }}:latest \
-            $ECR_REGISTRY/${{ env.ECR_REPOSITORY }}:latest-amd64 \
-            $ECR_REGISTRY/${{ env.ECR_REPOSITORY }}:latest-arm64
-
-          docker manifest push $ECR_REGISTRY/${{ env.ECR_REPOSITORY }}:latest
-
-          echo "✅ Multi-arch manifest pushed: $ECR_REGISTRY/${{ env.ECR_REPOSITORY }}:latest"

.github/workflows/dockerhub-backend.yml

@@ -0,0 +1,53 @@
+name: Build and Push Backend Docker Image (Docker Hub)
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: monadicalsas/reflector-backend
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: monadicalsas
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./server
+          file: ./server/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64

.github/workflows/dockerhub-frontend.yml

@@ -0,0 +1,70 @@
+name: Build and Push Frontend Docker Image
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: monadicalsas/reflector-frontend
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: monadicalsas
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=raw,value=latest,enable={{is_default_branch}}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./www
+          file: ./www/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+
+  deploy:
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    if: success()
+    strategy:
+      matrix:
+        environment: [reflector-monadical, reflector-media]
+    environment: ${{ matrix.environment }}
+    steps:
+      - name: Trigger Coolify deployment
+        run: |
+          curl -X POST "${{ secrets.COOLIFY_WEBHOOK_URL }}" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_WEBHOOK_TOKEN }}" \
+            -f || (echo "Failed to trigger Coolify deployment for ${{ matrix.environment }}" && exit 1)

.gitignore

@@ -18,3 +18,4 @@ CLAUDE.local.md
 www/.env.development
 www/.env.production
 .playwright-mcp
+.secrets

.secrets.example

@@ -0,0 +1,24 @@
+# Example secrets file for GitHub Actions workflows
+# Copy this to .secrets and fill in your values
+# These secrets should be configured in GitHub repository settings:
+# Settings > Secrets and variables > Actions
+
+# DockerHub Configuration (required for frontend and backend deployment)
+# Create a Docker Hub access token at https://hub.docker.com/settings/security
+# Username: monadicalsas
+DOCKERHUB_TOKEN=your-dockerhub-access-token
+
+# GitHub Token (required for frontend and backend deployment)
+# Used by docker/metadata-action for extracting image metadata
+# Can use the default GITHUB_TOKEN or create a personal access token
+GITHUB_TOKEN=your-github-token-or-use-default-GITHUB_TOKEN
+
+# Coolify Deployment Webhook (required for frontend deployment)
+# Used to trigger automatic deployment after image push
+# Configure these secrets in GitHub Environments:
+# Each environment should have:
+#   - COOLIFY_WEBHOOK_URL: The webhook URL for that specific deployment
+#   - COOLIFY_WEBHOOK_TOKEN: The webhook token (can be the same for both if using same token)
+
+# Optional: GitHub Actions Cache Token (for local testing with act)
+GHA_CACHE_TOKEN=your-github-token-or-empty

CHANGELOG.md

@@ -1,5 +1,221 @@
 # Changelog
 
+## [0.24.0](https://github.com/Monadical-SAS/reflector/compare/v0.23.2...v0.24.0) (2025-12-18)
+
+
+### Features
+
+* identify action items ([#790](https://github.com/Monadical-SAS/reflector/issues/790)) ([964cd78](https://github.com/Monadical-SAS/reflector/commit/964cd78bb699d83d012ae4b8c96565df25b90a5d))
+
+
+### Bug Fixes
+
+* automatically reprocess daily recordings ([#797](https://github.com/Monadical-SAS/reflector/issues/797)) ([5f458aa](https://github.com/Monadical-SAS/reflector/commit/5f458aa4a7ec3d00ca5ec49d62fcc8ad232b138e))
+* daily video optimisation ([#789](https://github.com/Monadical-SAS/reflector/issues/789)) ([16284e1](https://github.com/Monadical-SAS/reflector/commit/16284e1ac3faede2b74f0d91b50c0b5612af2c35))
+* main menu login ([#800](https://github.com/Monadical-SAS/reflector/issues/800)) ([0bc971b](https://github.com/Monadical-SAS/reflector/commit/0bc971ba966a52d719c8c240b47dc7b3bdea4391))
+* retry on workflow timeout ([#798](https://github.com/Monadical-SAS/reflector/issues/798)) ([5f7dfad](https://github.com/Monadical-SAS/reflector/commit/5f7dfadabd3e8017406ad3720ba495a59963ee34))
+
+## [0.23.2](https://github.com/Monadical-SAS/reflector/compare/v0.23.1...v0.23.2) (2025-12-11)
+
+
+### Bug Fixes
+
+* build on push tags ([#785](https://github.com/Monadical-SAS/reflector/issues/785)) ([d7f140b](https://github.com/Monadical-SAS/reflector/commit/d7f140b7d1f4660d5da7a0da1357f68869e0b5cd))
+
+## [0.23.1](https://github.com/Monadical-SAS/reflector/compare/v0.23.0...v0.23.1) (2025-12-11)
+
+
+### Bug Fixes
+
+* populate room_name in transcript GET endpoint ([#783](https://github.com/Monadical-SAS/reflector/issues/783)) ([0eba147](https://github.com/Monadical-SAS/reflector/commit/0eba1470181c7b9e0a79964a1ef28c09bcbdd9d7))
+
+## [0.23.0](https://github.com/Monadical-SAS/reflector/compare/v0.22.4...v0.23.0) (2025-12-10)
+
+
+### Features
+
+* dockerhub ci ([#772](https://github.com/Monadical-SAS/reflector/issues/772)) ([00549f1](https://github.com/Monadical-SAS/reflector/commit/00549f153ade922cf4cb6c5358a7d11a39c426d2))
+* llm retries ([#739](https://github.com/Monadical-SAS/reflector/issues/739)) ([61f0e29](https://github.com/Monadical-SAS/reflector/commit/61f0e29d4c51eab54ee67af92141fbb171e8ccaa))
+
+
+### Bug Fixes
+
+* celery inspect bug sidestep in restart script ([#766](https://github.com/Monadical-SAS/reflector/issues/766)) ([ec17ed7](https://github.com/Monadical-SAS/reflector/commit/ec17ed7b587cf6ee143646baaee67a7c017044d4))
+* deploy frontend to coolify ([#779](https://github.com/Monadical-SAS/reflector/issues/779)) ([91650ec](https://github.com/Monadical-SAS/reflector/commit/91650ec65f65713faa7ee0dcfb75af427b7c4ba0))
+* hide rooms settings instead of disabling ([#763](https://github.com/Monadical-SAS/reflector/issues/763)) ([3ad78be](https://github.com/Monadical-SAS/reflector/commit/3ad78be7628c0d029296b301a0e87236c76b7598))
+* return participant emails from transcript endpoint ([#769](https://github.com/Monadical-SAS/reflector/issues/769)) ([d3a5cd1](https://github.com/Monadical-SAS/reflector/commit/d3a5cd12d2d0d9c32af2d5bd9322e030ef69b85d))
+
+## [0.22.4](https://github.com/Monadical-SAS/reflector/compare/v0.22.3...v0.22.4) (2025-12-02)
+
+
+### Bug Fixes
+
+* Multitrack mixdown optimisation 2 ([#764](https://github.com/Monadical-SAS/reflector/issues/764)) ([bd5df1c](https://github.com/Monadical-SAS/reflector/commit/bd5df1ce2ebf35d7f3413b295e56937a9a28ef7b))
+
+## [0.22.3](https://github.com/Monadical-SAS/reflector/compare/v0.22.2...v0.22.3) (2025-12-02)
+
+
+### Bug Fixes
+
+* align daily room settings ([#759](https://github.com/Monadical-SAS/reflector/issues/759)) ([28f87c0](https://github.com/Monadical-SAS/reflector/commit/28f87c09dc459846873d0dde65b03e3d7b2b9399))
+
+## [0.22.2](https://github.com/Monadical-SAS/reflector/compare/v0.22.1...v0.22.2) (2025-12-02)
+
+
+### Bug Fixes
+
+* daily auto refresh fix ([#755](https://github.com/Monadical-SAS/reflector/issues/755)) ([fe47c46](https://github.com/Monadical-SAS/reflector/commit/fe47c46489c5aa0cc538109f7559cc9accb35c01))
+* Skip mixdown for multitrack ([#760](https://github.com/Monadical-SAS/reflector/issues/760)) ([b51b7aa](https://github.com/Monadical-SAS/reflector/commit/b51b7aa9176c1a53ba57ad99f5e976c804a1e80c))
+
+## [0.22.1](https://github.com/Monadical-SAS/reflector/compare/v0.22.0...v0.22.1) (2025-11-27)
+
+
+### Bug Fixes
+
+* participants update from daily ([#749](https://github.com/Monadical-SAS/reflector/issues/749)) ([7f0b728](https://github.com/Monadical-SAS/reflector/commit/7f0b728991c1b9f9aae702c96297eae63b561ef5))
+
+## [0.22.0](https://github.com/Monadical-SAS/reflector/compare/v0.21.0...v0.22.0) (2025-11-26)
+
+
+### Features
+
+* Multitrack segmentation ([#747](https://github.com/Monadical-SAS/reflector/issues/747)) ([d63040e](https://github.com/Monadical-SAS/reflector/commit/d63040e2fdc07e7b272e85a39eb2411cd6a14798))
+
+## [0.21.0](https://github.com/Monadical-SAS/reflector/compare/v0.20.0...v0.21.0) (2025-11-26)
+
+
+### Features
+
+* add transcript format parameter to GET endpoint ([#709](https://github.com/Monadical-SAS/reflector/issues/709)) ([f6ca075](https://github.com/Monadical-SAS/reflector/commit/f6ca07505f34483b02270a2ef3bd809e9d2e1045))
+
+## [0.20.0](https://github.com/Monadical-SAS/reflector/compare/v0.19.0...v0.20.0) (2025-11-25)
+
+
+### Features
+
+* link transcript participants ([#737](https://github.com/Monadical-SAS/reflector/issues/737)) ([9bec398](https://github.com/Monadical-SAS/reflector/commit/9bec39808fc6322612d8b87e922a6f7901fc01c1))
+* transcript restart script ([#742](https://github.com/Monadical-SAS/reflector/issues/742)) ([86d5e26](https://github.com/Monadical-SAS/reflector/commit/86d5e26224bb55a0f1cc785aeda52065bb92ee6f))
+
+## [0.19.0](https://github.com/Monadical-SAS/reflector/compare/v0.18.0...v0.19.0) (2025-11-25)
+
+
+### Features
+
+* dailyco api module ([#725](https://github.com/Monadical-SAS/reflector/issues/725)) ([4287f8b](https://github.com/Monadical-SAS/reflector/commit/4287f8b8aeee60e51db7539f4dcbda5f6e696bd8))
+* dailyco poll ([#730](https://github.com/Monadical-SAS/reflector/issues/730)) ([8e438ca](https://github.com/Monadical-SAS/reflector/commit/8e438ca285152bd48fdc42767e706fb448d3525c))
+* multitrack cli ([#735](https://github.com/Monadical-SAS/reflector/issues/735)) ([11731c9](https://github.com/Monadical-SAS/reflector/commit/11731c9d38439b04e93b1c3afbd7090bad11a11f))
+
+
+### Bug Fixes
+
+* default platform fix ([#736](https://github.com/Monadical-SAS/reflector/issues/736)) ([c442a62](https://github.com/Monadical-SAS/reflector/commit/c442a627873ca667656eeaefb63e54ab10b8d19e))
+* parakeet vad not getting the end timestamp ([#728](https://github.com/Monadical-SAS/reflector/issues/728)) ([18ed713](https://github.com/Monadical-SAS/reflector/commit/18ed7133693653ef4ddac6c659a8c14b320d1657))
+* start raw tracks recording ([#729](https://github.com/Monadical-SAS/reflector/issues/729)) ([3e47c2c](https://github.com/Monadical-SAS/reflector/commit/3e47c2c0573504858e0d2e1798b6ed31f16b4a5d))
+
+## [0.18.0](https://github.com/Monadical-SAS/reflector/compare/v0.17.0...v0.18.0) (2025-11-14)
+
+
+### Features
+
+* daily QOL: participants dictionary ([#721](https://github.com/Monadical-SAS/reflector/issues/721)) ([b20cad7](https://github.com/Monadical-SAS/reflector/commit/b20cad76e69fb6a76405af299a005f1ddcf60eae))
+
+
+### Bug Fixes
+
+* add proccessing page to file upload and reprocessing ([#650](https://github.com/Monadical-SAS/reflector/issues/650)) ([28a7258](https://github.com/Monadical-SAS/reflector/commit/28a7258e45317b78e60e6397be2bc503647eaace))
+* copy transcript ([#674](https://github.com/Monadical-SAS/reflector/issues/674)) ([a9a4f32](https://github.com/Monadical-SAS/reflector/commit/a9a4f32324f66c838e081eee42bb9502f38c1db1))
+
+## [0.17.0](https://github.com/Monadical-SAS/reflector/compare/v0.16.0...v0.17.0) (2025-11-13)
+
+
+### Features
+
+* add API key management UI ([#716](https://github.com/Monadical-SAS/reflector/issues/716)) ([372202b](https://github.com/Monadical-SAS/reflector/commit/372202b0e1a86823900b0aa77be1bfbc2893d8a1))
+* daily.co support as alternative to whereby ([#691](https://github.com/Monadical-SAS/reflector/issues/691)) ([1473fd8](https://github.com/Monadical-SAS/reflector/commit/1473fd82dc472c394cbaa2987212ad662a74bcac))
+
+## [0.16.0](https://github.com/Monadical-SAS/reflector/compare/v0.15.0...v0.16.0) (2025-10-24)
+
+
+### Features
+
+* search date filter ([#710](https://github.com/Monadical-SAS/reflector/issues/710)) ([962c40e](https://github.com/Monadical-SAS/reflector/commit/962c40e2b6428ac42fd10aea926782d7a6f3f902))
+
+## [0.15.0](https://github.com/Monadical-SAS/reflector/compare/v0.14.0...v0.15.0) (2025-10-20)
+
+
+### Features
+
+* api tokens  ([#705](https://github.com/Monadical-SAS/reflector/issues/705)) ([9a258ab](https://github.com/Monadical-SAS/reflector/commit/9a258abc0209b0ac3799532a507ea6a9125d703a))
+
+## [0.14.0](https://github.com/Monadical-SAS/reflector/compare/v0.13.1...v0.14.0) (2025-10-08)
+
+
+### Features
+
+* Add calendar event data to transcript webhook payload ([#689](https://github.com/Monadical-SAS/reflector/issues/689)) ([5f6910e](https://github.com/Monadical-SAS/reflector/commit/5f6910e5131b7f28f86c9ecdcc57fed8412ee3cd))
+* container build for www / github ([#672](https://github.com/Monadical-SAS/reflector/issues/672)) ([969bd84](https://github.com/Monadical-SAS/reflector/commit/969bd84fcc14851d1a101412a0ba115f1b7cde82))
+* docker-compose for production frontend ([#664](https://github.com/Monadical-SAS/reflector/issues/664)) ([5bf64b5](https://github.com/Monadical-SAS/reflector/commit/5bf64b5a41f64535e22849b4bb11734d4dbb4aae))
+
+
+### Bug Fixes
+
+* restore feature boolean logic ([#671](https://github.com/Monadical-SAS/reflector/issues/671)) ([3660884](https://github.com/Monadical-SAS/reflector/commit/36608849ec64e953e3be456172502762e3c33df9))
+* security review ([#656](https://github.com/Monadical-SAS/reflector/issues/656)) ([5d98754](https://github.com/Monadical-SAS/reflector/commit/5d98754305c6c540dd194dda268544f6d88bfaf8))
+* update transcript list on reprocess ([#676](https://github.com/Monadical-SAS/reflector/issues/676)) ([9a71af1](https://github.com/Monadical-SAS/reflector/commit/9a71af145ee9b833078c78d0c684590ab12e9f0e))
+* upgrade nemo toolkit ([#678](https://github.com/Monadical-SAS/reflector/issues/678)) ([eef6dc3](https://github.com/Monadical-SAS/reflector/commit/eef6dc39037329b65804297786d852dddb0557f9))
+
+## [0.13.1](https://github.com/Monadical-SAS/reflector/compare/v0.13.0...v0.13.1) (2025-09-22)
+
+
+### Bug Fixes
+
+* TypeError on not all arguments converted during string formatting in logger ([#667](https://github.com/Monadical-SAS/reflector/issues/667)) ([565a629](https://github.com/Monadical-SAS/reflector/commit/565a62900f5a02fc946b68f9269a42190ed70ab6))
+
+## [0.13.0](https://github.com/Monadical-SAS/reflector/compare/v0.12.1...v0.13.0) (2025-09-19)
+
+
+### Features
+
+* room form edit with enter ([#662](https://github.com/Monadical-SAS/reflector/issues/662)) ([47716f6](https://github.com/Monadical-SAS/reflector/commit/47716f6e5ddee952609d2fa0ffabdfa865286796))
+
+
+### Bug Fixes
+
+* invalid cleanup call ([#660](https://github.com/Monadical-SAS/reflector/issues/660)) ([0abcebf](https://github.com/Monadical-SAS/reflector/commit/0abcebfc9491f87f605f21faa3e53996fafedd9a))
+
+## [0.12.1](https://github.com/Monadical-SAS/reflector/compare/v0.12.0...v0.12.1) (2025-09-17)
+
+
+### Bug Fixes
+
+* production blocked because having existing meeting with room_id null ([#657](https://github.com/Monadical-SAS/reflector/issues/657)) ([870e860](https://github.com/Monadical-SAS/reflector/commit/870e8605171a27155a9cbee215eeccb9a8d6c0a2))
+
+## [0.12.0](https://github.com/Monadical-SAS/reflector/compare/v0.11.0...v0.12.0) (2025-09-17)
+
+
+### Features
+
+* calendar integration ([#608](https://github.com/Monadical-SAS/reflector/issues/608)) ([6f680b5](https://github.com/Monadical-SAS/reflector/commit/6f680b57954c688882c4ed49f40f161c52a00a24))
+* self-hosted gpu api ([#636](https://github.com/Monadical-SAS/reflector/issues/636)) ([ab859d6](https://github.com/Monadical-SAS/reflector/commit/ab859d65a6bded904133a163a081a651b3938d42))
+
+
+### Bug Fixes
+
+* ignore player hotkeys for text inputs ([#646](https://github.com/Monadical-SAS/reflector/issues/646)) ([fa049e8](https://github.com/Monadical-SAS/reflector/commit/fa049e8d068190ce7ea015fd9fcccb8543f54a3f))
+
+## [0.11.0](https://github.com/Monadical-SAS/reflector/compare/v0.10.0...v0.11.0) (2025-09-16)
+
+
+### Features
+
+* remove profanity filter that was there for conference ([#652](https://github.com/Monadical-SAS/reflector/issues/652)) ([b42f7cf](https://github.com/Monadical-SAS/reflector/commit/b42f7cfc606783afcee792590efcc78b507468ab))
+
+
+### Bug Fixes
+
+* zulip and consent handler on the file pipeline ([#645](https://github.com/Monadical-SAS/reflector/issues/645)) ([5f143fe](https://github.com/Monadical-SAS/reflector/commit/5f143fe3640875dcb56c26694254a93189281d17))
+* zulip stream and topic selection in share dialog ([#644](https://github.com/Monadical-SAS/reflector/issues/644)) ([c546e69](https://github.com/Monadical-SAS/reflector/commit/c546e69739e68bb74fbc877eb62609928e5b8de6))
+
 ## [0.10.0](https://github.com/Monadical-SAS/reflector/compare/v0.9.0...v0.10.0) (2025-09-11)
 
 

CLAUDE.md

@@ -151,7 +151,7 @@ All endpoints prefixed `/v1/`:
 
 **Frontend** (`www/.env`):
 - `NEXTAUTH_URL`, `NEXTAUTH_SECRET` - Authentication configuration
-- `NEXT_PUBLIC_REFLECTOR_API_URL` - Backend API endpoint
+- `REFLECTOR_API_URL` - Backend API endpoint
 - `REFLECTOR_DOMAIN_CONFIG` - Feature flags and domain settings
 
 ## Testing Strategy

README.md

@@ -168,6 +168,19 @@ You can manually process an audio file by calling the process tool:
 uv run python -m reflector.tools.process path/to/audio.wav
 ```
 
+## Reprocessing any transcription
+
+```bash
+uv run -m reflector.tools.process_transcript 81ec38d1-9dd7-43d2-b3f8-51f4d34a07cd --sync
+```
+
+## Build-time env variables
+
+Next.js projects are more used to NEXT_PUBLIC_ prefixed buildtime vars. We don't have those for the reason we need to serve a ccustomizable prebuild docker container.
+
+Instead, all the variables are runtime. Variables needed to the frontend are served to the frontend app at initial render.
+
+It also means there's no static prebuild and no static files to serve for js/html.
 
 ## Feature Flags
 
@@ -177,24 +190,24 @@ Reflector uses environment variable-based feature flags to control application f
 
 | Feature Flag | Environment Variable |
 |-------------|---------------------|
-| `requireLogin` | `NEXT_PUBLIC_FEATURE_REQUIRE_LOGIN` |
-| `privacy` | `NEXT_PUBLIC_FEATURE_PRIVACY` |
-| `browse` | `NEXT_PUBLIC_FEATURE_BROWSE` |
-| `sendToZulip` | `NEXT_PUBLIC_FEATURE_SEND_TO_ZULIP` |
-| `rooms` | `NEXT_PUBLIC_FEATURE_ROOMS` |
+| `requireLogin` | `FEATURE_REQUIRE_LOGIN` |
+| `privacy` | `FEATURE_PRIVACY` |
+| `browse` | `FEATURE_BROWSE` |
+| `sendToZulip` | `FEATURE_SEND_TO_ZULIP` |
+| `rooms` | `FEATURE_ROOMS` |
 
 ### Setting Feature Flags
 
-Feature flags are controlled via environment variables using the pattern `NEXT_PUBLIC_FEATURE_{FEATURE_NAME}` where `{FEATURE_NAME}` is the SCREAMING_SNAKE_CASE version of the feature name.
+Feature flags are controlled via environment variables using the pattern `FEATURE_{FEATURE_NAME}` where `{FEATURE_NAME}` is the SCREAMING_SNAKE_CASE version of the feature name.
 
 **Examples:**
 ```bash
 # Enable user authentication requirement
-NEXT_PUBLIC_FEATURE_REQUIRE_LOGIN=true
+FEATURE_REQUIRE_LOGIN=true
 
 # Disable browse functionality
-NEXT_PUBLIC_FEATURE_BROWSE=false
+FEATURE_BROWSE=false
 
 # Enable Zulip integration
-NEXT_PUBLIC_FEATURE_SEND_TO_ZULIP=true
+FEATURE_SEND_TO_ZULIP=true
 ```

docker-compose.prod.yml

@@ -0,0 +1,37 @@
+# Production Docker Compose configuration for Frontend
+# Usage: docker compose -f docker-compose.prod.yml up -d
+
+services:
+  web:
+    image: monadicalsas/reflector-frontend:latest
+    pull_policy: always
+    environment:
+      - KV_URL=${KV_URL:-redis://redis:6379}
+      - SITE_URL=${SITE_URL}
+      - API_URL=${API_URL}
+      - WEBSOCKET_URL=${WEBSOCKET_URL}
+      - NEXTAUTH_URL=${NEXTAUTH_URL:-http://localhost:3000}
+      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET:-changeme-in-production}
+      - AUTHENTIK_ISSUER=${AUTHENTIK_ISSUER}
+      - AUTHENTIK_CLIENT_ID=${AUTHENTIK_CLIENT_ID}
+      - AUTHENTIK_CLIENT_SECRET=${AUTHENTIK_CLIENT_SECRET}
+      - AUTHENTIK_REFRESH_TOKEN_URL=${AUTHENTIK_REFRESH_TOKEN_URL}
+      - SENTRY_DSN=${SENTRY_DSN}
+      - SENTRY_IGNORE_API_RESOLUTION_ERROR=${SENTRY_IGNORE_API_RESOLUTION_ERROR:-1}
+    depends_on:
+      - redis
+    restart: unless-stopped
+
+  redis:
+    image: redis:7.2-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+    volumes:
+      - redis_data:/data
+
+volumes:
+  redis_data:

docker-compose.yml

@@ -39,7 +39,7 @@ services:
     ports:
       - 6379:6379
   web:
-    image: node:18
+    image: node:22-alpine
     ports:
       - "3000:3000"
     command: sh -c "corepack enable && pnpm install && pnpm dev"
@@ -50,6 +50,8 @@ services:
       - /app/node_modules
     env_file:
       - ./www/.env.local
+    environment:
+      - NODE_ENV=development
 
   postgres:
     image: postgres:17

docs/transcript.md

@@ -0,0 +1,241 @@
+# Transcript Formats
+
+The Reflector API provides multiple output formats for transcript data through the `transcript_format` query parameter on the GET `/v1/transcripts/{id}` endpoint.
+
+## Overview
+
+When retrieving a transcript, you can specify the desired format using the `transcript_format` query parameter. The API supports four formats optimized for different use cases:
+
+- **text** - Plain text with speaker names (default)
+- **text-timestamped** - Timestamped text with speaker names
+- **webvtt-named** - WebVTT subtitle format with participant names
+- **json** - Structured JSON segments with full metadata
+
+All formats include participant information when available, resolving speaker IDs to actual names.
+
+## Query Parameter Usage
+
+```
+GET /v1/transcripts/{id}?transcript_format={format}
+```
+
+### Parameters
+
+- `transcript_format` (optional): The desired output format
+  - Type: `"text" | "text-timestamped" | "webvtt-named" | "json"`
+  - Default: `"text"`
+
+## Format Descriptions
+
+### Text Format (`text`)
+
+**Use case:** Simple, human-readable transcript for display or export.
+
+**Format:** Speaker names followed by their dialogue, one line per segment.
+
+**Example:**
+```
+John Smith: Hello everyone
+Jane Doe: Hi there
+John Smith: How are you today?
+```
+
+**Request:**
+```bash
+GET /v1/transcripts/{id}?transcript_format=text
+```
+
+**Response:**
+```json
+{
+  "id": "transcript_123",
+  "name": "Meeting Recording",
+  "transcript_format": "text",
+  "transcript": "John Smith: Hello everyone\nJane Doe: Hi there\nJohn Smith: How are you today?",
+  "participants": [
+    {"id": "p1", "speaker": 0, "name": "John Smith"},
+    {"id": "p2", "speaker": 1, "name": "Jane Doe"}
+  ],
+  ...
+}
+```
+
+### Text Timestamped Format (`text-timestamped`)
+
+**Use case:** Transcript with timing information for navigation or reference.
+
+**Format:** `[MM:SS]` timestamp prefix before each speaker and dialogue.
+
+**Example:**
+```
+[00:00] John Smith: Hello everyone
+[00:05] Jane Doe: Hi there
+[00:12] John Smith: How are you today?
+```
+
+**Request:**
+```bash
+GET /v1/transcripts/{id}?transcript_format=text-timestamped
+```
+
+**Response:**
+```json
+{
+  "id": "transcript_123",
+  "name": "Meeting Recording",
+  "transcript_format": "text-timestamped",
+  "transcript": "[00:00] John Smith: Hello everyone\n[00:05] Jane Doe: Hi there\n[00:12] John Smith: How are you today?",
+  "participants": [
+    {"id": "p1", "speaker": 0, "name": "John Smith"},
+    {"id": "p2", "speaker": 1, "name": "Jane Doe"}
+  ],
+  ...
+}
+```
+
+### WebVTT Named Format (`webvtt-named`)
+
+**Use case:** Subtitle files for video players, accessibility tools, or video editing.
+
+**Format:** Standard WebVTT subtitle format with voice tags using participant names.
+
+**Example:**
+```
+WEBVTT
+
+00:00:00.000 --> 00:00:05.000
+<v John Smith>Hello everyone
+
+00:00:05.000 --> 00:00:12.000
+<v Jane Doe>Hi there
+
+00:00:12.000 --> 00:00:18.000
+<v John Smith>How are you today?
+```
+
+**Request:**
+```bash
+GET /v1/transcripts/{id}?transcript_format=webvtt-named
+```
+
+**Response:**
+```json
+{
+  "id": "transcript_123",
+  "name": "Meeting Recording",
+  "transcript_format": "webvtt-named",
+  "transcript": "WEBVTT\n\n00:00:00.000 --> 00:00:05.000\n<v John Smith>Hello everyone\n\n...",
+  "participants": [
+    {"id": "p1", "speaker": 0, "name": "John Smith"},
+    {"id": "p2", "speaker": 1, "name": "Jane Doe"}
+  ],
+  ...
+}
+```
+
+### JSON Format (`json`)
+
+**Use case:** Programmatic access with full timing and speaker metadata.
+
+**Format:** Array of segment objects with speaker information, text content, and precise timing.
+
+**Example:**
+```json
+[
+  {
+    "speaker": 0,
+    "speaker_name": "John Smith",
+    "text": "Hello everyone",
+    "start": 0.0,
+    "end": 5.0
+  },
+  {
+    "speaker": 1,
+    "speaker_name": "Jane Doe",
+    "text": "Hi there",
+    "start": 5.0,
+    "end": 12.0
+  },
+  {
+    "speaker": 0,
+    "speaker_name": "John Smith",
+    "text": "How are you today?",
+    "start": 12.0,
+    "end": 18.0
+  }
+]
+```
+
+**Request:**
+```bash
+GET /v1/transcripts/{id}?transcript_format=json
+```
+
+**Response:**
+```json
+{
+  "id": "transcript_123",
+  "name": "Meeting Recording",
+  "transcript_format": "json",
+  "transcript": [
+    {
+      "speaker": 0,
+      "speaker_name": "John Smith",
+      "text": "Hello everyone",
+      "start": 0.0,
+      "end": 5.0
+    },
+    {
+      "speaker": 1,
+      "speaker_name": "Jane Doe",
+      "text": "Hi there",
+      "start": 5.0,
+      "end": 12.0
+    }
+  ],
+  "participants": [
+    {"id": "p1", "speaker": 0, "name": "John Smith"},
+    {"id": "p2", "speaker": 1, "name": "Jane Doe"}
+  ],
+  ...
+}
+```
+
+## Response Structure
+
+All formats return the same base transcript metadata with an additional `transcript_format` field and format-specific `transcript` field:
+
+### Common Fields
+
+- `id`: Transcript identifier
+- `user_id`: Owner user ID (if authenticated)
+- `name`: Transcript name
+- `status`: Processing status
+- `locked`: Whether transcript is locked for editing
+- `duration`: Total duration in seconds
+- `title`: Auto-generated or custom title
+- `short_summary`: Brief summary
+- `long_summary`: Detailed summary
+- `created_at`: Creation timestamp
+- `share_mode`: Access control setting
+- `source_language`: Original audio language
+- `target_language`: Translation target language
+- `reviewed`: Whether transcript has been reviewed
+- `meeting_id`: Associated meeting ID (if applicable)
+- `source_kind`: Source type (live, file, room)
+- `room_id`: Associated room ID (if applicable)
+- `audio_deleted`: Whether audio has been deleted
+- `participants`: Array of participant objects with speaker mappings
+
+### Format-Specific Fields
+
+- `transcript_format`: The format identifier (discriminator field)
+- `transcript`: The formatted transcript content (string for text/webvtt formats, array for json format)
+
+## Speaker Name Resolution
+
+All formats resolve speaker IDs to participant names when available:
+
+- If a participant exists for the speaker ID, their name is used
+- If no participant exists, a default name like "Speaker 0" is generated
+- Speaker IDs are integers (0, 1, 2, etc.) assigned during diarization

gpu/modal_deployments/.gitignore

@@ -0,0 +1,33 @@
+# OS / Editor
+.DS_Store
+.vscode/
+.idea/
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Logs
+*.log
+
+# Env and secrets
+.env
+.env.*
+*.env
+*.secret
+
+# Build / dist
+build/
+dist/
+.eggs/
+*.egg-info/
+
+# Coverage / test
+.pytest_cache/
+.coverage*
+htmlcov/
+
+# Modal local state (if any)
+modal_mounts/
+.modal_cache/

gpu/modal_deployments/reflector_transcriber_parakeet.py

@@ -77,13 +77,13 @@ image = (
     .pip_install(
         "hf_transfer==0.1.9",
         "huggingface_hub[hf-xet]==0.31.2",
-        "nemo_toolkit[asr]==2.3.0",
+        "nemo_toolkit[asr]==2.5.0",
         "cuda-python==12.8.0",
         "fastapi==0.115.12",
         "numpy<2",
-        "librosa==0.10.1",
+        "librosa==0.11.0",
         "requests",
-        "silero-vad==5.1.0",
+        "silero-vad==6.2.0",
         "torch",
     )
     .entrypoint([])  # silence chatty logs by container on start
@@ -306,6 +306,7 @@ class TranscriberParakeetFile:
         ) -> Generator[TimeSegment, None, None]:
             """Generate speech segments using VAD with start/end sample indices"""
             vad_iterator = VADIterator(self.vad_model, sampling_rate=SAMPLERATE)
+            audio_duration = len(audio_array) / float(SAMPLERATE)
             window_size = VAD_CONFIG["window_size"]
             start = None
 
@@ -332,6 +333,10 @@ class TranscriberParakeetFile:
                     yield TimeSegment(start_time, end_time)
                     start = None
 
+            if start is not None:
+                start_time = start / float(SAMPLERATE)
+                yield TimeSegment(start_time, audio_duration)
+
             vad_iterator.reset_states()
 
         def batch_speech_segments(

gpu/self_hosted/.env.example

@@ -0,0 +1,2 @@
+REFLECTOR_GPU_APIKEY=
+HF_TOKEN=

gpu/self_hosted/.gitignore

@@ -0,0 +1,38 @@
+cache/
+
+# OS / Editor
+.DS_Store
+.vscode/
+.idea/
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Env and secrets
+.env
+*.env
+*.secret
+HF_TOKEN
+REFLECTOR_GPU_APIKEY
+
+# Virtual env / uv
+.venv/
+venv/
+ENV/
+uv/
+
+# Build / dist
+build/
+dist/
+.eggs/
+*.egg-info/
+
+# Coverage / test
+.pytest_cache/
+.coverage*
+htmlcov/
+
+# Logs
+*.log

gpu/self_hosted/Dockerfile

@@ -0,0 +1,46 @@
+FROM python:3.12-slim
+
+ENV PYTHONUNBUFFERED=1 \
+    UV_LINK_MODE=copy \
+    UV_NO_CACHE=1
+
+WORKDIR /tmp
+RUN apt-get update \
+ && apt-get install -y \
+    ffmpeg \
+    curl \
+    ca-certificates \
+    gnupg \
+    wget \
+ && apt-get clean
+# Add NVIDIA CUDA repo for Debian 12 (bookworm) and install cuDNN 9 for CUDA 12
+ADD https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/cuda-keyring_1.1-1_all.deb /cuda-keyring.deb
+RUN dpkg -i /cuda-keyring.deb \
+ && rm /cuda-keyring.deb \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
+    cuda-cudart-12-6 \
+    libcublas-12-6 \
+    libcudnn9-cuda-12 \
+    libcudnn9-dev-cuda-12 \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
+ADD https://astral.sh/uv/install.sh /uv-installer.sh
+RUN sh /uv-installer.sh && rm /uv-installer.sh
+ENV PATH="/root/.local/bin/:$PATH"
+ENV LD_LIBRARY_PATH="/usr/local/cuda/lib64:/usr/lib/x86_64-linux-gnu:$LD_LIBRARY_PATH"
+
+RUN mkdir -p /app
+WORKDIR /app
+COPY pyproject.toml uv.lock /app/
+
+
+COPY ./app /app/app
+COPY ./main.py /app/
+COPY ./runserver.sh /app/
+
+EXPOSE 8000
+
+CMD ["sh", "/app/runserver.sh"]
+
+

gpu/self_hosted/README.md

@@ -0,0 +1,73 @@
+# Self-hosted Model API
+
+Run transcription, translation, and diarization services compatible with Reflector's GPU Model API. Works on CPU or GPU.
+
+Environment variables
+
+- REFLECTOR_GPU_APIKEY: Optional Bearer token. If unset, auth is disabled.
+- HF_TOKEN: Optional. Required for diarization to download pyannote pipelines
+
+Requirements
+
+- FFmpeg must be installed and on PATH (used for URL-based and segmented transcription)
+- Python 3.12+
+- NVIDIA GPU optional. If available, it will be used automatically
+
+Local run
+Set env vars in self_hosted/.env file
+uv sync
+
+uv run uvicorn main:app --host 0.0.0.0 --port 8000
+
+Authentication
+
+- If REFLECTOR_GPU_APIKEY is set, include header: Authorization: Bearer <key>
+
+Endpoints
+
+- POST /v1/audio/transcriptions
+
+  - multipart/form-data
+  - fields: file (single file) OR files[] (multiple files), language, batch (true/false)
+  - response: single { text, words, filename } or { results: [ ... ] }
+
+- POST /v1/audio/transcriptions-from-url
+
+  - application/json
+  - body: { audio_file_url, language, timestamp_offset }
+  - response: { text, words }
+
+- POST /translate
+
+  - text: query parameter
+  - body (application/json): { source_language, target_language }
+  - response: { text: { <src>: original, <tgt>: translated } }
+
+- POST /diarize
+  - query parameters: audio_file_url, timestamp (optional)
+  - requires HF_TOKEN to be set (for pyannote)
+  - response: { diarization: [ { start, end, speaker } ] }
+
+OpenAPI docs
+
+- Visit /docs when the server is running
+
+Docker
+
+- Not yet provided in this directory. A Dockerfile will be added later. For now, use Local run above
+
+Conformance tests
+
+# From this directory
+
+TRANSCRIPT_URL=http://localhost:8000 \
+TRANSCRIPT_API_KEY=dev-key \
+uv run -m pytest -m model_api --no-cov ../../server/tests/test_model_api_transcript.py
+
+TRANSLATION_URL=http://localhost:8000 \
+TRANSLATION_API_KEY=dev-key \
+uv run -m pytest -m model_api --no-cov ../../server/tests/test_model_api_translation.py
+
+DIARIZATION_URL=http://localhost:8000 \
+DIARIZATION_API_KEY=dev-key \
+uv run -m pytest -m model_api --no-cov ../../server/tests/test_model_api_diarization.py

gpu/self_hosted/app/auth.py

@@ -0,0 +1,19 @@
+import os
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
+
+
+def apikey_auth(apikey: str = Depends(oauth2_scheme)):
+    required_key = os.environ.get("REFLECTOR_GPU_APIKEY")
+    if not required_key:
+        return
+    if apikey == required_key:
+        return
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Invalid API key",
+        headers={"WWW-Authenticate": "Bearer"},
+    )

gpu/self_hosted/app/config.py

@@ -0,0 +1,12 @@
+from pathlib import Path
+
+SUPPORTED_FILE_EXTENSIONS = ["mp3", "mp4", "mpeg", "mpga", "m4a", "wav", "webm"]
+SAMPLE_RATE = 16000
+VAD_CONFIG = {
+    "batch_max_duration": 30.0,
+    "silence_padding": 0.5,
+    "window_size": 512,
+}
+
+# App-level paths
+UPLOADS_PATH = Path("/tmp/whisper-uploads")

gpu/self_hosted/app/factory.py

@@ -0,0 +1,30 @@
+from contextlib import asynccontextmanager
+
+from fastapi import FastAPI
+
+from .routers.diarization import router as diarization_router
+from .routers.transcription import router as transcription_router
+from .routers.translation import router as translation_router
+from .services.transcriber import WhisperService
+from .services.diarizer import PyannoteDiarizationService
+from .utils import ensure_dirs
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    ensure_dirs()
+    whisper_service = WhisperService()
+    whisper_service.load()
+    app.state.whisper = whisper_service
+    diarization_service = PyannoteDiarizationService()
+    diarization_service.load()
+    app.state.diarizer = diarization_service
+    yield
+
+
+def create_app() -> FastAPI:
+    app = FastAPI(lifespan=lifespan)
+    app.include_router(transcription_router)
+    app.include_router(translation_router)
+    app.include_router(diarization_router)
+    return app

gpu/self_hosted/app/routers/diarization.py

@@ -0,0 +1,30 @@
+from typing import List
+
+from fastapi import APIRouter, Depends, Request
+from pydantic import BaseModel
+
+from ..auth import apikey_auth
+from ..services.diarizer import PyannoteDiarizationService
+from ..utils import download_audio_file
+
+router = APIRouter(tags=["diarization"])
+
+
+class DiarizationSegment(BaseModel):
+    start: float
+    end: float
+    speaker: int
+
+
+class DiarizationResponse(BaseModel):
+    diarization: List[DiarizationSegment]
+
+
+@router.post(
+    "/diarize", dependencies=[Depends(apikey_auth)], response_model=DiarizationResponse
+)
+def diarize(request: Request, audio_file_url: str, timestamp: float = 0.0):
+    with download_audio_file(audio_file_url) as (file_path, _ext):
+        file_path = str(file_path)
+        diarizer: PyannoteDiarizationService = request.app.state.diarizer
+        return diarizer.diarize_file(file_path, timestamp=timestamp)

gpu/self_hosted/app/routers/transcription.py

@@ -0,0 +1,109 @@
+import uuid
+from typing import Optional, Union
+
+from fastapi import APIRouter, Body, Depends, Form, HTTPException, Request, UploadFile
+from pydantic import BaseModel
+from pathlib import Path
+from ..auth import apikey_auth
+from ..config import SUPPORTED_FILE_EXTENSIONS, UPLOADS_PATH
+from ..services.transcriber import MODEL_NAME
+from ..utils import cleanup_uploaded_files, download_audio_file
+
+router = APIRouter(prefix="/v1/audio", tags=["transcription"])
+
+
+class WordTiming(BaseModel):
+    word: str
+    start: float
+    end: float
+
+
+class TranscriptResult(BaseModel):
+    text: str
+    words: list[WordTiming]
+    filename: Optional[str] = None
+
+
+class TranscriptBatchResponse(BaseModel):
+    results: list[TranscriptResult]
+
+
+@router.post(
+    "/transcriptions",
+    dependencies=[Depends(apikey_auth)],
+    response_model=Union[TranscriptResult, TranscriptBatchResponse],
+)
+def transcribe(
+    request: Request,
+    file: UploadFile = None,
+    files: list[UploadFile] | None = None,
+    model: str = Form(MODEL_NAME),
+    language: str = Form("en"),
+    batch: bool = Form(False),
+):
+    service = request.app.state.whisper
+    if not file and not files:
+        raise HTTPException(
+            status_code=400, detail="Either 'file' or 'files' parameter is required"
+        )
+    if batch and not files:
+        raise HTTPException(
+            status_code=400, detail="Batch transcription requires 'files'"
+        )
+
+    upload_files = [file] if file else files
+
+    uploaded_paths: list[Path] = []
+    with cleanup_uploaded_files(uploaded_paths):
+        for upload_file in upload_files:
+            audio_suffix = upload_file.filename.split(".")[-1].lower()
+            if audio_suffix not in SUPPORTED_FILE_EXTENSIONS:
+                raise HTTPException(
+                    status_code=400,
+                    detail=(
+                        f"Unsupported audio format. Supported extensions: {', '.join(SUPPORTED_FILE_EXTENSIONS)}"
+                    ),
+                )
+            unique_filename = f"{uuid.uuid4()}.{audio_suffix}"
+            file_path = UPLOADS_PATH / unique_filename
+            with open(file_path, "wb") as f:
+                content = upload_file.file.read()
+                f.write(content)
+            uploaded_paths.append(file_path)
+
+        if batch and len(upload_files) > 1:
+            results = []
+            for path in uploaded_paths:
+                result = service.transcribe_file(str(path), language=language)
+                result["filename"] = path.name
+                results.append(result)
+            return {"results": results}
+
+        results = []
+        for path in uploaded_paths:
+            result = service.transcribe_file(str(path), language=language)
+            result["filename"] = path.name
+            results.append(result)
+
+        return {"results": results} if len(results) > 1 else results[0]
+
+
+@router.post(
+    "/transcriptions-from-url",
+    dependencies=[Depends(apikey_auth)],
+    response_model=TranscriptResult,
+)
+def transcribe_from_url(
+    request: Request,
+    audio_file_url: str = Body(..., description="URL of the audio file to transcribe"),
+    model: str = Body(MODEL_NAME),
+    language: str = Body("en"),
+    timestamp_offset: float = Body(0.0),
+):
+    service = request.app.state.whisper
+    with download_audio_file(audio_file_url) as (file_path, _ext):
+        file_path = str(file_path)
+        result = service.transcribe_vad_url_segment(
+            file_path=file_path, timestamp_offset=timestamp_offset, language=language
+        )
+        return result

gpu/self_hosted/app/routers/translation.py

@@ -0,0 +1,28 @@
+from typing import Dict
+
+from fastapi import APIRouter, Body, Depends
+from pydantic import BaseModel
+
+from ..auth import apikey_auth
+from ..services.translator import TextTranslatorService
+
+router = APIRouter(tags=["translation"])
+
+translator = TextTranslatorService()
+
+
+class TranslationResponse(BaseModel):
+    text: Dict[str, str]
+
+
+@router.post(
+    "/translate",
+    dependencies=[Depends(apikey_auth)],
+    response_model=TranslationResponse,
+)
+def translate(
+    text: str,
+    source_language: str = Body("en"),
+    target_language: str = Body("fr"),
+):
+    return translator.translate(text, source_language, target_language)

gpu/self_hosted/app/services/diarizer.py

@@ -0,0 +1,42 @@
+import os
+import threading
+
+import torch
+import torchaudio
+from pyannote.audio import Pipeline
+
+
+class PyannoteDiarizationService:
+    def __init__(self):
+        self._pipeline = None
+        self._device = "cpu"
+        self._lock = threading.Lock()
+
+    def load(self):
+        self._device = "cuda" if torch.cuda.is_available() else "cpu"
+        self._pipeline = Pipeline.from_pretrained(
+            "pyannote/speaker-diarization-3.1",
+            use_auth_token=os.environ.get("HF_TOKEN"),
+        )
+        self._pipeline.to(torch.device(self._device))
+
+    def diarize_file(self, file_path: str, timestamp: float = 0.0) -> dict:
+        if self._pipeline is None:
+            self.load()
+        waveform, sample_rate = torchaudio.load(file_path)
+        with self._lock:
+            diarization = self._pipeline(
+                {"waveform": waveform, "sample_rate": sample_rate}
+            )
+        words = []
+        for diarization_segment, _, speaker in diarization.itertracks(yield_label=True):
+            words.append(
+                {
+                    "start": round(timestamp + diarization_segment.start, 3),
+                    "end": round(timestamp + diarization_segment.end, 3),
+                    "speaker": int(speaker[-2:])
+                    if speaker and speaker[-2:].isdigit()
+                    else 0,
+                }
+            )
+        return {"diarization": words}

gpu/self_hosted/app/services/transcriber.py

@@ -0,0 +1,208 @@
+import os
+import shutil
+import subprocess
+import threading
+from typing import Generator
+
+import faster_whisper
+import librosa
+import numpy as np
+import torch
+from fastapi import HTTPException
+from silero_vad import VADIterator, load_silero_vad
+
+from ..config import SAMPLE_RATE, VAD_CONFIG
+
+# Whisper configuration (service-local defaults)
+MODEL_NAME = "large-v2"
+# None delegates compute type to runtime: float16 on CUDA, int8 on CPU
+MODEL_COMPUTE_TYPE = None
+MODEL_NUM_WORKERS = 1
+CACHE_PATH = os.path.join(os.path.expanduser("~"), ".cache", "reflector-whisper")
+from ..utils import NoStdStreams
+
+
+class WhisperService:
+    def __init__(self):
+        self.model = None
+        self.device = "cpu"
+        self.lock = threading.Lock()
+
+    def load(self):
+        self.device = "cuda" if torch.cuda.is_available() else "cpu"
+        compute_type = MODEL_COMPUTE_TYPE or (
+            "float16" if self.device == "cuda" else "int8"
+        )
+        self.model = faster_whisper.WhisperModel(
+            MODEL_NAME,
+            device=self.device,
+            compute_type=compute_type,
+            num_workers=MODEL_NUM_WORKERS,
+            download_root=CACHE_PATH,
+        )
+
+    def pad_audio(self, audio_array, sample_rate: int = SAMPLE_RATE):
+        audio_duration = len(audio_array) / sample_rate
+        if audio_duration < VAD_CONFIG["silence_padding"]:
+            silence_samples = int(sample_rate * VAD_CONFIG["silence_padding"])
+            silence = np.zeros(silence_samples, dtype=np.float32)
+            return np.concatenate([audio_array, silence])
+        return audio_array
+
+    def enforce_word_timing_constraints(self, words: list[dict]) -> list[dict]:
+        if len(words) <= 1:
+            return words
+        enforced: list[dict] = []
+        for i, word in enumerate(words):
+            current = dict(word)
+            if i < len(words) - 1:
+                next_start = words[i + 1]["start"]
+                if current["end"] > next_start:
+                    current["end"] = next_start
+            enforced.append(current)
+        return enforced
+
+    def transcribe_file(self, file_path: str, language: str = "en") -> dict:
+        input_for_model: str | "object" = file_path
+        try:
+            audio_array, _sample_rate = librosa.load(
+                file_path, sr=SAMPLE_RATE, mono=True
+            )
+            if len(audio_array) / float(SAMPLE_RATE) < VAD_CONFIG["silence_padding"]:
+                input_for_model = self.pad_audio(audio_array, SAMPLE_RATE)
+        except Exception:
+            pass
+
+        with self.lock:
+            with NoStdStreams():
+                segments, _ = self.model.transcribe(
+                    input_for_model,
+                    language=language,
+                    beam_size=5,
+                    word_timestamps=True,
+                    vad_filter=True,
+                    vad_parameters={"min_silence_duration_ms": 500},
+                )
+
+        segments = list(segments)
+        text = "".join(segment.text for segment in segments).strip()
+        words = [
+            {
+                "word": word.word,
+                "start": round(float(word.start), 2),
+                "end": round(float(word.end), 2),
+            }
+            for segment in segments
+            for word in segment.words
+        ]
+        words = self.enforce_word_timing_constraints(words)
+        return {"text": text, "words": words}
+
+    def transcribe_vad_url_segment(
+        self, file_path: str, timestamp_offset: float = 0.0, language: str = "en"
+    ) -> dict:
+        def load_audio_via_ffmpeg(input_path: str, sample_rate: int) -> np.ndarray:
+            ffmpeg_bin = shutil.which("ffmpeg") or "ffmpeg"
+            cmd = [
+                ffmpeg_bin,
+                "-nostdin",
+                "-threads",
+                "1",
+                "-i",
+                input_path,
+                "-f",
+                "f32le",
+                "-acodec",
+                "pcm_f32le",
+                "-ac",
+                "1",
+                "-ar",
+                str(sample_rate),
+                "pipe:1",
+            ]
+            try:
+                proc = subprocess.run(
+                    cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=True
+                )
+            except Exception as e:
+                raise HTTPException(status_code=400, detail=f"ffmpeg failed: {e}")
+            audio = np.frombuffer(proc.stdout, dtype=np.float32)
+            return audio
+
+        def vad_segments(
+            audio_array,
+            sample_rate: int = SAMPLE_RATE,
+            window_size: int = VAD_CONFIG["window_size"],
+        ) -> Generator[tuple[float, float], None, None]:
+            vad_model = load_silero_vad(onnx=False)
+            iterator = VADIterator(vad_model, sampling_rate=sample_rate)
+            start = None
+            for i in range(0, len(audio_array), window_size):
+                chunk = audio_array[i : i + window_size]
+                if len(chunk) < window_size:
+                    chunk = np.pad(
+                        chunk, (0, window_size - len(chunk)), mode="constant"
+                    )
+                speech = iterator(chunk)
+                if not speech:
+                    continue
+                if "start" in speech:
+                    start = speech["start"]
+                    continue
+                if "end" in speech and start is not None:
+                    end = speech["end"]
+                    yield (start / float(SAMPLE_RATE), end / float(SAMPLE_RATE))
+                    start = None
+            iterator.reset_states()
+
+        audio_array = load_audio_via_ffmpeg(file_path, SAMPLE_RATE)
+
+        merged_batches: list[tuple[float, float]] = []
+        batch_start = None
+        batch_end = None
+        max_duration = VAD_CONFIG["batch_max_duration"]
+        for seg_start, seg_end in vad_segments(audio_array):
+            if batch_start is None:
+                batch_start, batch_end = seg_start, seg_end
+                continue
+            if seg_end - batch_start <= max_duration:
+                batch_end = seg_end
+            else:
+                merged_batches.append((batch_start, batch_end))
+                batch_start, batch_end = seg_start, seg_end
+        if batch_start is not None and batch_end is not None:
+            merged_batches.append((batch_start, batch_end))
+
+        all_text = []
+        all_words = []
+        for start_time, end_time in merged_batches:
+            s_idx = int(start_time * SAMPLE_RATE)
+            e_idx = int(end_time * SAMPLE_RATE)
+            segment = audio_array[s_idx:e_idx]
+            segment = self.pad_audio(segment, SAMPLE_RATE)
+            with self.lock:
+                segments, _ = self.model.transcribe(
+                    segment,
+                    language=language,
+                    beam_size=5,
+                    word_timestamps=True,
+                    vad_filter=True,
+                    vad_parameters={"min_silence_duration_ms": 500},
+                )
+            segments = list(segments)
+            text = "".join(seg.text for seg in segments).strip()
+            words = [
+                {
+                    "word": w.word,
+                    "start": round(float(w.start) + start_time + timestamp_offset, 2),
+                    "end": round(float(w.end) + start_time + timestamp_offset, 2),
+                }
+                for seg in segments
+                for w in seg.words
+            ]
+            if text:
+                all_text.append(text)
+            all_words.extend(words)
+
+        all_words = self.enforce_word_timing_constraints(all_words)
+        return {"text": " ".join(all_text), "words": all_words}

gpu/self_hosted/app/services/translator.py

@@ -0,0 +1,44 @@
+import threading
+
+from transformers import MarianMTModel, MarianTokenizer, pipeline
+
+
+class TextTranslatorService:
+    """Simple text-to-text translator using HuggingFace MarianMT models.
+
+    This mirrors the modal translator API shape but uses text translation only.
+    """
+
+    def __init__(self):
+        self._pipeline = None
+        self._lock = threading.Lock()
+
+    def load(self, source_language: str = "en", target_language: str = "fr"):
+        # Pick a default MarianMT model pair if available; fall back to Helsinki-NLP en->fr
+        model_name = self._resolve_model_name(source_language, target_language)
+        tokenizer = MarianTokenizer.from_pretrained(model_name)
+        model = MarianMTModel.from_pretrained(model_name)
+        self._pipeline = pipeline("translation", model=model, tokenizer=tokenizer)
+
+    def _resolve_model_name(self, src: str, tgt: str) -> str:
+        # Minimal mapping; extend as needed
+        pair = (src.lower(), tgt.lower())
+        mapping = {
+            ("en", "fr"): "Helsinki-NLP/opus-mt-en-fr",
+            ("fr", "en"): "Helsinki-NLP/opus-mt-fr-en",
+            ("en", "es"): "Helsinki-NLP/opus-mt-en-es",
+            ("es", "en"): "Helsinki-NLP/opus-mt-es-en",
+            ("en", "de"): "Helsinki-NLP/opus-mt-en-de",
+            ("de", "en"): "Helsinki-NLP/opus-mt-de-en",
+        }
+        return mapping.get(pair, "Helsinki-NLP/opus-mt-en-fr")
+
+    def translate(self, text: str, source_language: str, target_language: str) -> dict:
+        if self._pipeline is None:
+            self.load(source_language, target_language)
+        with self._lock:
+            results = self._pipeline(
+                text, src_lang=source_language, tgt_lang=target_language
+            )
+        translated = results[0]["translation_text"] if results else ""
+        return {"text": {source_language: text, target_language: translated}}

gpu/self_hosted/app/utils.py

@@ -0,0 +1,107 @@
+import logging
+import os
+import sys
+import uuid
+from contextlib import contextmanager
+from typing import Mapping
+from urllib.parse import urlparse
+from pathlib import Path
+
+import requests
+from fastapi import HTTPException
+
+from .config import SUPPORTED_FILE_EXTENSIONS, UPLOADS_PATH
+
+logger = logging.getLogger(__name__)
+
+
+class NoStdStreams:
+    def __init__(self):
+        self.devnull = open(os.devnull, "w")
+
+    def __enter__(self):
+        self._stdout, self._stderr = sys.stdout, sys.stderr
+        self._stdout.flush()
+        self._stderr.flush()
+        sys.stdout, sys.stderr = self.devnull, self.devnull
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        sys.stdout, sys.stderr = self._stdout, self._stderr
+        self.devnull.close()
+
+
+def ensure_dirs():
+    UPLOADS_PATH.mkdir(parents=True, exist_ok=True)
+
+
+def detect_audio_format(url: str, headers: Mapping[str, str]) -> str:
+    url_path = urlparse(url).path
+    for ext in SUPPORTED_FILE_EXTENSIONS:
+        if url_path.lower().endswith(f".{ext}"):
+            return ext
+
+    content_type = headers.get("content-type", "").lower()
+    if "audio/mpeg" in content_type or "audio/mp3" in content_type:
+        return "mp3"
+    if "audio/wav" in content_type:
+        return "wav"
+    if "audio/mp4" in content_type:
+        return "mp4"
+
+    raise HTTPException(
+        status_code=400,
+        detail=(
+            f"Unsupported audio format for URL. Supported extensions: {', '.join(SUPPORTED_FILE_EXTENSIONS)}"
+        ),
+    )
+
+
+def download_audio_to_uploads(audio_file_url: str) -> tuple[Path, str]:
+    response = requests.head(audio_file_url, allow_redirects=True)
+    if response.status_code == 404:
+        raise HTTPException(status_code=404, detail="Audio file not found")
+
+    response = requests.get(audio_file_url, allow_redirects=True)
+    response.raise_for_status()
+
+    audio_suffix = detect_audio_format(audio_file_url, response.headers)
+    unique_filename = f"{uuid.uuid4()}.{audio_suffix}"
+    file_path: Path = UPLOADS_PATH / unique_filename
+
+    with open(file_path, "wb") as f:
+        f.write(response.content)
+
+    return file_path, audio_suffix
+
+
+@contextmanager
+def download_audio_file(audio_file_url: str):
+    """Download an audio file to UPLOADS_PATH and remove it after use.
+
+    Yields (file_path: Path, audio_suffix: str).
+    """
+    file_path, audio_suffix = download_audio_to_uploads(audio_file_url)
+    try:
+        yield file_path, audio_suffix
+    finally:
+        try:
+            file_path.unlink(missing_ok=True)
+        except Exception as e:
+            logger.error("Error deleting temporary file %s: %s", file_path, e)
+
+
+@contextmanager
+def cleanup_uploaded_files(file_paths: list[Path]):
+    """Ensure provided file paths are removed after use.
+
+    The provided list can be populated inside the context; all present entries
+    at exit will be deleted.
+    """
+    try:
+        yield file_paths
+    finally:
+        for path in list(file_paths):
+            try:
+                path.unlink(missing_ok=True)
+            except Exception as e:
+                logger.error("Error deleting temporary file %s: %s", path, e)

gpu/self_hosted/compose.yml

@@ -0,0 +1,10 @@
+services:
+  reflector_gpu:
+    build:
+      context: .
+    ports:
+      - "8000:8000"
+    env_file:
+      - .env
+    volumes:
+      - ./cache:/root/.cache

gpu/self_hosted/main.py

@@ -0,0 +1,3 @@
+from app.factory import create_app
+
+app = create_app()

gpu/self_hosted/pyproject.toml

@@ -0,0 +1,19 @@
+[project]
+name = "reflector-gpu"
+version = "0.1.0"
+description = "Self-hosted GPU service for speech transcription, diarization, and translation via FastAPI."
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "fastapi[standard]>=0.116.1",
+    "uvicorn[standard]>=0.30.0",
+    "torch>=2.3.0",
+    "faster-whisper>=1.1.0",
+    "librosa==0.10.1",
+    "numpy<2",
+    "silero-vad==5.1.0",
+    "transformers>=4.35.0",
+    "sentencepiece",
+    "pyannote.audio==3.1.0",
+    "torchaudio>=2.3.0",
+]

gpu/self_hosted/runserver.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+export PATH="/root/.local/bin:$PATH"
+cd /app
+
+# Install Python dependencies at runtime (first run or when FORCE_SYNC=1)
+if [ ! -d "/app/.venv" ] || [ "$FORCE_SYNC" = "1" ]; then
+  echo "[startup] Installing Python dependencies with uv..."
+  uv sync --compile-bytecode --locked
+else
+  echo "[startup] Using existing virtual environment at /app/.venv"
+fi
+
+exec uv run uvicorn main:app --host 0.0.0.0 --port 8000
+
+

server/README.md

@@ -1,3 +1,29 @@
+## API Key Management
+
+### Finding Your User ID
+
+```bash
+# Get your OAuth sub (user ID) - requires authentication
+curl -H "Authorization: Bearer <your_jwt>" http://localhost:1250/v1/me
+# Returns: {"sub": "your-oauth-sub-here", "email": "...", ...}
+```
+
+### Creating API Keys
+
+```bash
+curl -X POST http://localhost:1250/v1/user/api-keys \
+  -H "Authorization: Bearer <your_jwt>" \
+  -H "Content-Type: application/json" \
+  -d '{"name": "My API Key"}'
+```
+
+### Using API Keys
+
+```bash
+# Use X-API-Key header instead of Authorization
+curl -H "X-API-Key: <your_api_key>" http://localhost:1250/v1/transcripts
+```
+
 ## AWS S3/SQS usage clarification
 
 Whereby.com uploads recordings directly to our S3 bucket when meetings end.

server/docs/gpu/api-transcription.md

@@ -190,5 +190,5 @@ Use the pytest-based conformance tests to validate any new implementation (inclu
 ```
 TRANSCRIPT_URL=https://<your-deployment-base> \
 TRANSCRIPT_MODAL_API_KEY=your-api-key \
-uv run -m pytest -m gpu_modal --no-cov server/tests/test_gpu_modal_transcript.py
+uv run -m pytest -m model_api --no-cov server/tests/test_model_api_transcript.py
 ```

server/docs/video-platforms/README.md

@@ -0,0 +1,236 @@
+# Reflector Architecture: Whereby + Daily.co Recording Storage
+
+## System Overview
+
+```mermaid
+graph TB
+    subgraph "Actors"
+        APP[Our App<br/>Reflector]
+        WHEREBY[Whereby Service<br/>External]
+        DAILY[Daily.co Service<br/>External]
+    end
+
+    subgraph "AWS S3 Buckets"
+        TRANSCRIPT_BUCKET[Transcript Bucket<br/>reflector-transcripts<br/>Output: Processed MP3s]
+        WHEREBY_BUCKET[Whereby Bucket<br/>reflector-whereby-recordings<br/>Input: Raw MP4s]
+        DAILY_BUCKET[Daily.co Bucket<br/>reflector-dailyco-recordings<br/>Input: Raw WebM tracks]
+    end
+
+    subgraph "AWS Infrastructure"
+        SQS[SQS Queue<br/>Whereby notifications]
+    end
+
+    subgraph "Database"
+        DB[(PostgreSQL<br/>Recordings, Transcripts, Meetings)]
+    end
+
+    APP -->|Write processed| TRANSCRIPT_BUCKET
+    APP -->|Read/Delete| WHEREBY_BUCKET
+    APP -->|Read/Delete| DAILY_BUCKET
+    APP -->|Poll| SQS
+    APP -->|Store metadata| DB
+
+    WHEREBY -->|Write recordings| WHEREBY_BUCKET
+    WHEREBY_BUCKET -->|S3 Event| SQS
+    WHEREBY -->|Participant webhooks<br/>room.client.joined/left| APP
+
+    DAILY -->|Write recordings| DAILY_BUCKET
+    DAILY -->|Recording webhook<br/>recording.ready-to-download| APP
+```
+
+**Note on Webhook vs S3 Event for Recording Processing:**
+- **Whereby**: Uses S3 Events → SQS for recording availability (S3 as source of truth, no race conditions)
+- **Daily.co**: Uses webhooks for recording availability (more immediate, built-in reliability)
+- **Both**: Use webhooks for participant tracking (real-time updates)
+
+## Credentials & Permissions
+
+```mermaid
+graph LR
+    subgraph "Master Credentials"
+        MASTER[TRANSCRIPT_STORAGE_AWS_*<br/>Access Key ID + Secret]
+    end
+
+    subgraph "Whereby Upload Credentials"
+        WHEREBY_CREDS[AWS_WHEREBY_ACCESS_KEY_*<br/>Access Key ID + Secret]
+    end
+
+    subgraph "Daily.co Upload Role"
+        DAILY_ROLE[DAILY_STORAGE_AWS_ROLE_ARN<br/>IAM Role ARN]
+    end
+
+    subgraph "Our App Uses"
+        MASTER -->|Read/Write/Delete| TRANSCRIPT_BUCKET[Transcript Bucket]
+        MASTER -->|Read/Delete| WHEREBY_BUCKET[Whereby Bucket]
+        MASTER -->|Read/Delete| DAILY_BUCKET[Daily.co Bucket]
+        MASTER -->|Poll/Delete| SQS[SQS Queue]
+    end
+
+    subgraph "We Give To Services"
+        WHEREBY_CREDS -->|Passed in API call| WHEREBY_SERVICE[Whereby Service]
+        WHEREBY_SERVICE -->|Write Only| WHEREBY_BUCKET
+
+        DAILY_ROLE -->|Passed in API call| DAILY_SERVICE[Daily.co Service]
+        DAILY_SERVICE -->|Assume Role| DAILY_ROLE
+        DAILY_SERVICE -->|Write Only| DAILY_BUCKET
+    end
+```
+
+# Video Platform Recording Integration
+
+This document explains how Reflector receives and identifies multitrack audio recordings from different video platforms.
+
+## Platform Comparison
+
+| Platform | Delivery Method | Track Identification |
+|----------|----------------|---------------------|
+| **Daily.co** | Webhook | Explicit track list in payload |
+| **Whereby** | SQS (S3 notifications) | Single file per notification |
+
+---
+
+## Daily.co
+
+**Note:** Primary discovery via polling (`poll_daily_recordings`), webhooks as backup.
+
+Daily.co uses **webhooks** to notify Reflector when recordings are ready.
+
+### How It Works
+
+1. **Daily.co sends webhook** when recording is ready
+   - Event type: `recording.ready-to-download`
+   - Endpoint: `/v1/daily/webhook` (`reflector/views/daily.py:46-102`)
+
+2. **Webhook payload explicitly includes track list**:
+```json
+{
+  "recording_id": "7443ee0a-dab1-40eb-b316-33d6c0d5ff88",
+  "room_name": "daily-20251020193458",
+  "tracks": [
+    {
+      "type": "audio",
+      "s3Key": "monadical/daily-20251020193458/1760988935484-52f7f48b-fbab-431f-9a50-87b9abfc8255-cam-audio-1760988935922",
+      "size": 831843
+    },
+    {
+      "type": "audio",
+      "s3Key": "monadical/daily-20251020193458/1760988935484-a37c35e3-6f8e-4274-a482-e9d0f102a732-cam-audio-1760988943823",
+      "size": 408438
+    },
+    {
+      "type": "video",
+      "s3Key": "monadical/daily-20251020193458/...-video.webm",
+      "size": 30000000
+    }
+  ]
+}
+```
+
+3. **System extracts audio tracks** (`daily.py:211`):
+```python
+track_keys = [t.s3Key for t in tracks if t.type == "audio"]
+```
+
+4. **Triggers multitrack processing** (`daily.py:213-218`):
+```python
+process_multitrack_recording.delay(
+    bucket_name=bucket_name,  # reflector-dailyco-local
+    room_name=room_name,      # daily-20251020193458
+    recording_id=recording_id, # 7443ee0a-dab1-40eb-b316-33d6c0d5ff88
+    track_keys=track_keys      # Only audio s3Keys
+)
+```
+
+### Key Advantage: No Ambiguity
+
+Even though multiple meetings may share the same S3 bucket/folder (`monadical/`), **there's no ambiguity** because:
+- Each webhook payload contains the exact `s3Key` list for that specific `recording_id`
+- No need to scan folders or guess which files belong together
+- Each track's s3Key includes the room timestamp subfolder (e.g., `daily-20251020193458/`)
+
+The room name includes timestamp (`daily-20251020193458`) to keep recordings organized, but **the webhook's explicit track list is what prevents mixing files from different meetings**.
+
+### Track Timeline Extraction
+
+Daily.co provides timing information in two places:
+
+**1. PyAV WebM Metadata (current approach)**:
+```python
+# Read from WebM container stream metadata
+stream.start_time = 8.130s  # Meeting-relative timing
+```
+
+**2. Filename Timestamps (alternative approach, commit 3bae9076)**:
+```
+Filename format: {recording_start_ts}-{uuid}-cam-audio-{track_start_ts}.webm
+Example: 1760988935484-52f7f48b-fbab-431f-9a50-87b9abfc8255-cam-audio-1760988935922.webm
+
+Parse timestamps:
+- recording_start_ts: 1760988935484 (Unix ms)
+- track_start_ts: 1760988935922 (Unix ms)
+- offset: (1760988935922 - 1760988935484) / 1000 = 0.438s
+```
+
+**Time Difference (PyAV vs Filename)**:
+```
+Track 0:
+  Filename offset: 438ms
+  PyAV metadata:   229ms
+  Difference:      209ms
+
+Track 1:
+  Filename offset: 8339ms
+  PyAV metadata:   8130ms
+  Difference:      209ms
+```
+
+**Consistent 209ms delta** suggests network/encoding delay between file upload initiation (filename) and actual audio stream start (metadata).
+
+**Current implementation uses PyAV metadata** because:
+- More accurate (represents when audio actually started)
+- Padding BEFORE transcription produces correct Whisper timestamps automatically
+- No manual offset adjustment needed during transcript merge
+
+### Why Re-encoding During Padding
+
+Padding coincidentally involves re-encoding, which is important for Daily.co + Whisper:
+
+**Problem:** Daily.co skips frames in recordings when microphone is muted or paused
+- WebM containers have gaps where audio frames should be
+- Whisper doesn't understand these gaps and produces incorrect timestamps
+- Example: 5s of audio with 2s muted → file has frames only for 3s, Whisper thinks duration is 3s
+
+**Solution:** Re-encoding via PyAV filter graph (`adelay` + `aresample`)
+- Restores missing frames as silence
+- Produces continuous audio stream without gaps
+- Whisper now sees correct duration and produces accurate timestamps
+
+**Why combined with padding:**
+- Already re-encoding for padding (adding initial silence)
+- More performant to do both operations in single PyAV pipeline
+- Padded values needed for mixdown anyway (creating final MP3)
+
+Implementation: `main_multitrack_pipeline.py:_apply_audio_padding_streaming()`
+
+---
+
+## Whereby (SQS-based)
+
+Whereby uses **AWS SQS** (via S3 notifications) to notify Reflector when files are uploaded.
+
+### How It Works
+
+1. **Whereby uploads recording** to S3
+2. **S3 sends notification** to SQS queue (one notification per file)
+3. **Reflector polls SQS queue** (`worker/process.py:process_messages()`)
+4. **System processes single file** (`worker/process.py:process_recording()`)
+
+### Key Difference from Daily.co
+
+**Whereby (SQS):** System receives S3 notification "file X was created" - only knows about one file at a time, would need to scan folder to find related files
+
+**Daily.co (Webhook):** Daily explicitly tells system which files belong together in the webhook payload
+
+---
+
+

server/docs/webhook.md

@@ -14,7 +14,7 @@ Webhooks are configured at the room level with two fields:
 
 ### `transcript.completed`
 
-Triggered when a transcript has been fully processed, including transcription, diarization, summarization, and topic detection.
+Triggered when a transcript has been fully processed, including transcription, diarization, summarization, topic detection and calendar event integration.
 
 ### `test`
 
@@ -128,6 +128,27 @@ This event includes a convenient URL for accessing the transcript:
   "room": {
     "id": "room-789",
     "name": "Product Team Room"
+  },
+  "calendar_event": {
+    "id": "calendar-event-123",
+    "ics_uid": "event-123",
+    "title": "Q3 Product Planning Meeting",
+    "start_time": "2025-08-27T12:00:00Z",
+    "end_time": "2025-08-27T12:30:00Z",
+    "description": "Team discussed Q3 product roadmap, prioritizing mobile app features and API improvements.",
+    "location": "Conference Room 1",
+    "attendees": [
+      {
+        "id": "participant-1",
+        "name": "John Doe",
+        "speaker": "Speaker 1"
+      },
+      {
+        "id": "participant-2",
+        "name": "Jane Smith",
+        "speaker": "Speaker 2"
+      }
+    ]
   }
 }
 ```

server/env.example

@@ -27,7 +27,7 @@ AUTH_JWT_AUDIENCE=
 #TRANSCRIPT_MODAL_API_KEY=xxxxx
 
 TRANSCRIPT_BACKEND=modal
-TRANSCRIPT_URL=https://monadical-sas--reflector-transcriber-web.modal.run
+TRANSCRIPT_URL=https://monadical-sas--reflector-transcriber-parakeet-web.modal.run
 TRANSCRIPT_MODAL_API_KEY=
 
 ## =======================================================
@@ -71,3 +71,30 @@ DIARIZATION_URL=https://monadical-sas--reflector-diarizer-web.modal.run
 
 ## Sentry DSN configuration
 #SENTRY_DSN=
+
+## =======================================================
+## Video Platform Configuration
+## =======================================================
+
+## Whereby
+#WHEREBY_API_KEY=your-whereby-api-key
+#WHEREBY_WEBHOOK_SECRET=your-whereby-webhook-secret
+#WHEREBY_STORAGE_AWS_ACCESS_KEY_ID=your-aws-key
+#WHEREBY_STORAGE_AWS_SECRET_ACCESS_KEY=your-aws-secret
+#AWS_PROCESS_RECORDING_QUEUE_URL=https://sqs.us-west-2.amazonaws.com/...
+
+## Daily.co
+#DAILY_API_KEY=your-daily-api-key
+#DAILY_WEBHOOK_SECRET=your-daily-webhook-secret
+#DAILY_SUBDOMAIN=your-subdomain
+#DAILY_WEBHOOK_UUID=  # Auto-populated by recreate_daily_webhook.py script
+#DAILYCO_STORAGE_AWS_ROLE_ARN=...  # IAM role ARN for Daily.co S3 access
+#DAILYCO_STORAGE_AWS_BUCKET_NAME=reflector-dailyco
+#DAILYCO_STORAGE_AWS_REGION=us-west-2
+
+## Whereby (optional separate bucket)
+#WHEREBY_STORAGE_AWS_BUCKET_NAME=reflector-whereby
+#WHEREBY_STORAGE_AWS_REGION=us-east-1
+
+## Platform Configuration
+#DEFAULT_VIDEO_PLATFORM=whereby          # Default platform for new rooms

server/migrations/versions/05f8688d6895_add_action_items.py

@@ -0,0 +1,26 @@
+"""add_action_items
+
+Revision ID: 05f8688d6895
+Revises: bbafedfa510c
+Create Date: 2025-12-12 11:57:50.209658
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "05f8688d6895"
+down_revision: Union[str, None] = "bbafedfa510c"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.add_column("transcript", sa.Column("action_items", sa.JSON(), nullable=True))
+
+
+def downgrade() -> None:
+    op.drop_column("transcript", "action_items")

server/migrations/versions/1e49625677e4_add_platform_support.py

@@ -0,0 +1,50 @@
+"""add_platform_support
+
+Revision ID: 1e49625677e4
+Revises: 9e3f7b2a4c8e
+Create Date: 2025-10-08 13:17:29.943612
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "1e49625677e4"
+down_revision: Union[str, None] = "9e3f7b2a4c8e"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Add platform field with default 'whereby' for backward compatibility."""
+    with op.batch_alter_table("room", schema=None) as batch_op:
+        batch_op.add_column(
+            sa.Column(
+                "platform",
+                sa.String(),
+                nullable=True,
+                server_default=None,
+            )
+        )
+
+    with op.batch_alter_table("meeting", schema=None) as batch_op:
+        batch_op.add_column(
+            sa.Column(
+                "platform",
+                sa.String(),
+                nullable=False,
+                server_default="whereby",
+            )
+        )
+
+
+def downgrade() -> None:
+    """Remove platform field."""
+    with op.batch_alter_table("meeting", schema=None) as batch_op:
+        batch_op.drop_column("platform")
+
+    with op.batch_alter_table("room", schema=None) as batch_op:
+        batch_op.drop_column("platform")

server/migrations/versions/2b92a1b03caa_add_daily_participant_session_table_.py

@@ -0,0 +1,79 @@
+"""add daily participant session table with immutable left_at
+
+Revision ID: 2b92a1b03caa
+Revises: f8294b31f022
+Create Date: 2025-11-13 20:29:30.486577
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "2b92a1b03caa"
+down_revision: Union[str, None] = "f8294b31f022"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # Create table
+    op.create_table(
+        "daily_participant_session",
+        sa.Column("id", sa.String(), nullable=False),
+        sa.Column("meeting_id", sa.String(), nullable=False),
+        sa.Column("room_id", sa.String(), nullable=False),
+        sa.Column("session_id", sa.String(), nullable=False),
+        sa.Column("user_id", sa.String(), nullable=True),
+        sa.Column("user_name", sa.String(), nullable=False),
+        sa.Column("joined_at", sa.DateTime(timezone=True), nullable=False),
+        sa.Column("left_at", sa.DateTime(timezone=True), nullable=True),
+        sa.ForeignKeyConstraint(["meeting_id"], ["meeting.id"], ondelete="CASCADE"),
+        sa.ForeignKeyConstraint(["room_id"], ["room.id"], ondelete="CASCADE"),
+        sa.PrimaryKeyConstraint("id"),
+    )
+    with op.batch_alter_table("daily_participant_session", schema=None) as batch_op:
+        batch_op.create_index(
+            "idx_daily_session_meeting_left", ["meeting_id", "left_at"], unique=False
+        )
+        batch_op.create_index("idx_daily_session_room", ["room_id"], unique=False)
+
+    # Create trigger function to prevent left_at from being updated once set
+    op.execute("""
+        CREATE OR REPLACE FUNCTION prevent_left_at_update()
+        RETURNS TRIGGER AS $$
+        BEGIN
+            IF OLD.left_at IS NOT NULL THEN
+                RAISE EXCEPTION 'left_at is immutable once set';
+            END IF;
+            RETURN NEW;
+        END;
+        $$ LANGUAGE plpgsql;
+    """)
+
+    # Create trigger
+    op.execute("""
+        CREATE TRIGGER prevent_left_at_update_trigger
+        BEFORE UPDATE ON daily_participant_session
+        FOR EACH ROW
+        EXECUTE FUNCTION prevent_left_at_update();
+    """)
+
+
+def downgrade() -> None:
+    # Drop trigger
+    op.execute(
+        "DROP TRIGGER IF EXISTS prevent_left_at_update_trigger ON daily_participant_session;"
+    )
+
+    # Drop trigger function
+    op.execute("DROP FUNCTION IF EXISTS prevent_left_at_update();")
+
+    # Drop indexes and table
+    with op.batch_alter_table("daily_participant_session", schema=None) as batch_op:
+        batch_op.drop_index("idx_daily_session_room")
+        batch_op.drop_index("idx_daily_session_meeting_left")
+
+    op.drop_table("daily_participant_session")

server/migrations/versions/5d6b9df9b045_make_room_platform_non_nullable_with_.py

@@ -0,0 +1,30 @@
+"""Make room platform non-nullable with dynamic default
+
+Revision ID: 5d6b9df9b045
+Revises: 2b92a1b03caa
+Create Date: 2025-11-21 13:22:25.756584
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "5d6b9df9b045"
+down_revision: Union[str, None] = "2b92a1b03caa"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.execute("UPDATE room SET platform = 'whereby' WHERE platform IS NULL")
+
+    with op.batch_alter_table("room", schema=None) as batch_op:
+        batch_op.alter_column("platform", existing_type=sa.String(), nullable=False)
+
+
+def downgrade() -> None:
+    with op.batch_alter_table("room", schema=None) as batch_op:
+        batch_op.alter_column("platform", existing_type=sa.String(), nullable=True)

server/migrations/versions/6025e9b2bef2_remove_one_active_meeting_per_room_.py

@@ -0,0 +1,53 @@
+"""remove_one_active_meeting_per_room_constraint
+
+Revision ID: 6025e9b2bef2
+Revises: 2ae3db106d4e
+Create Date: 2025-08-18 18:45:44.418392
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "6025e9b2bef2"
+down_revision: Union[str, None] = "2ae3db106d4e"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # Remove the unique constraint that prevents multiple active meetings per room
+    # This is needed to support calendar integration with overlapping meetings
+    # Check if index exists before trying to drop it
+    from alembic import context
+
+    if context.get_context().dialect.name == "postgresql":
+        conn = op.get_bind()
+        result = conn.execute(
+            sa.text(
+                "SELECT 1 FROM pg_indexes WHERE indexname = 'idx_one_active_meeting_per_room'"
+            )
+        )
+        if result.fetchone():
+            op.drop_index("idx_one_active_meeting_per_room", table_name="meeting")
+    else:
+        # For SQLite, just try to drop it
+        try:
+            op.drop_index("idx_one_active_meeting_per_room", table_name="meeting")
+        except:
+            pass
+
+
+def downgrade() -> None:
+    # Restore the unique constraint
+    op.create_index(
+        "idx_one_active_meeting_per_room",
+        "meeting",
+        ["room_id"],
+        unique=True,
+        postgresql_where=sa.text("is_active = true"),
+        sqlite_where=sa.text("is_active = 1"),
+    )

server/migrations/versions/6dec9fb5b46c_make_meeting_room_id_required_and_add_.py

@@ -8,7 +8,6 @@ Create Date: 2025-09-10 10:47:06.006819
 
 from typing import Sequence, Union
 
-import sqlalchemy as sa
 from alembic import op
 
 # revision identifiers, used by Alembic.
@@ -21,7 +20,6 @@ depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
     # ### commands auto generated by Alembic - please adjust! ###
     with op.batch_alter_table("meeting", schema=None) as batch_op:
-        batch_op.alter_column("room_id", existing_type=sa.VARCHAR(), nullable=False)
         batch_op.create_foreign_key(
             None, "room", ["room_id"], ["id"], ondelete="CASCADE"
         )
@@ -33,6 +31,5 @@ def downgrade() -> None:
     # ### commands auto generated by Alembic - please adjust! ###
     with op.batch_alter_table("meeting", schema=None) as batch_op:
         batch_op.drop_constraint("meeting_room_id_fkey", type_="foreignkey")
-        batch_op.alter_column("room_id", existing_type=sa.VARCHAR(), nullable=True)
 
     # ### end Alembic commands ###

server/migrations/versions/9e3f7b2a4c8e_add_user_api_keys.py

@@ -0,0 +1,38 @@
+"""add user api keys
+
+Revision ID: 9e3f7b2a4c8e
+Revises: dc035ff72fd5
+Create Date: 2025-10-17 00:00:00.000000
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "9e3f7b2a4c8e"
+down_revision: Union[str, None] = "dc035ff72fd5"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "user_api_key",
+        sa.Column("id", sa.String(), nullable=False),
+        sa.Column("user_id", sa.String(), nullable=False),
+        sa.Column("key_hash", sa.String(), nullable=False),
+        sa.Column("name", sa.String(), nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
+        sa.PrimaryKeyConstraint("id"),
+    )
+
+    with op.batch_alter_table("user_api_key", schema=None) as batch_op:
+        batch_op.create_index("idx_user_api_key_hash", ["key_hash"], unique=True)
+        batch_op.create_index("idx_user_api_key_user_id", ["user_id"], unique=False)
+
+
+def downgrade() -> None:
+    op.drop_table("user_api_key")

server/migrations/versions/bbafedfa510c_add_user_table.py

@@ -0,0 +1,38 @@
+"""add user table
+
+Revision ID: bbafedfa510c
+Revises: 5d6b9df9b045
+Create Date: 2025-11-19 21:06:30.543262
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "bbafedfa510c"
+down_revision: Union[str, None] = "5d6b9df9b045"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "user",
+        sa.Column("id", sa.String(), nullable=False),
+        sa.Column("email", sa.String(), nullable=False),
+        sa.Column("authentik_uid", sa.String(), nullable=False),
+        sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
+        sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
+        sa.PrimaryKeyConstraint("id"),
+    )
+
+    with op.batch_alter_table("user", schema=None) as batch_op:
+        batch_op.create_index("idx_user_authentik_uid", ["authentik_uid"], unique=True)
+        batch_op.create_index("idx_user_email", ["email"], unique=False)
+
+
+def downgrade() -> None:
+    op.drop_table("user")

server/migrations/versions/d4a1c446458c_add_grace_period_fields_to_meeting.py

@@ -0,0 +1,34 @@
+"""add_grace_period_fields_to_meeting
+
+Revision ID: d4a1c446458c
+Revises: 6025e9b2bef2
+Create Date: 2025-08-18 18:50:37.768052
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "d4a1c446458c"
+down_revision: Union[str, None] = "6025e9b2bef2"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # Add fields to track when participants left for grace period logic
+    op.add_column(
+        "meeting", sa.Column("last_participant_left_at", sa.DateTime(timezone=True))
+    )
+    op.add_column(
+        "meeting",
+        sa.Column("grace_period_minutes", sa.Integer, server_default=sa.text("15")),
+    )
+
+
+def downgrade() -> None:
+    op.drop_column("meeting", "grace_period_minutes")
+    op.drop_column("meeting", "last_participant_left_at")

server/migrations/versions/d8e204bbf615_add_calendar.py

@@ -0,0 +1,129 @@
+"""add calendar
+
+Revision ID: d8e204bbf615
+Revises: d4a1c446458c
+Create Date: 2025-09-10 19:56:22.295756
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision: str = "d8e204bbf615"
+down_revision: Union[str, None] = "d4a1c446458c"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "calendar_event",
+        sa.Column("id", sa.String(), nullable=False),
+        sa.Column("room_id", sa.String(), nullable=False),
+        sa.Column("ics_uid", sa.Text(), nullable=False),
+        sa.Column("title", sa.Text(), nullable=True),
+        sa.Column("description", sa.Text(), nullable=True),
+        sa.Column("start_time", sa.DateTime(timezone=True), nullable=False),
+        sa.Column("end_time", sa.DateTime(timezone=True), nullable=False),
+        sa.Column("attendees", postgresql.JSONB(astext_type=sa.Text()), nullable=True),
+        sa.Column("location", sa.Text(), nullable=True),
+        sa.Column("ics_raw_data", sa.Text(), nullable=True),
+        sa.Column("last_synced", sa.DateTime(timezone=True), nullable=False),
+        sa.Column(
+            "is_deleted", sa.Boolean(), server_default=sa.text("false"), nullable=False
+        ),
+        sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
+        sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
+        sa.ForeignKeyConstraint(
+            ["room_id"],
+            ["room.id"],
+            name="fk_calendar_event_room_id",
+            ondelete="CASCADE",
+        ),
+        sa.PrimaryKeyConstraint("id"),
+        sa.UniqueConstraint("room_id", "ics_uid", name="uq_room_calendar_event"),
+    )
+    with op.batch_alter_table("calendar_event", schema=None) as batch_op:
+        batch_op.create_index(
+            "idx_calendar_event_deleted",
+            ["is_deleted"],
+            unique=False,
+            postgresql_where=sa.text("NOT is_deleted"),
+        )
+        batch_op.create_index(
+            "idx_calendar_event_room_start", ["room_id", "start_time"], unique=False
+        )
+
+    with op.batch_alter_table("meeting", schema=None) as batch_op:
+        batch_op.add_column(sa.Column("calendar_event_id", sa.String(), nullable=True))
+        batch_op.add_column(
+            sa.Column(
+                "calendar_metadata",
+                postgresql.JSONB(astext_type=sa.Text()),
+                nullable=True,
+            )
+        )
+        batch_op.create_index(
+            "idx_meeting_calendar_event", ["calendar_event_id"], unique=False
+        )
+        batch_op.create_foreign_key(
+            "fk_meeting_calendar_event_id",
+            "calendar_event",
+            ["calendar_event_id"],
+            ["id"],
+            ondelete="SET NULL",
+        )
+
+    with op.batch_alter_table("room", schema=None) as batch_op:
+        batch_op.add_column(sa.Column("ics_url", sa.Text(), nullable=True))
+        batch_op.add_column(
+            sa.Column(
+                "ics_fetch_interval", sa.Integer(), server_default="300", nullable=True
+            )
+        )
+        batch_op.add_column(
+            sa.Column(
+                "ics_enabled",
+                sa.Boolean(),
+                server_default=sa.text("false"),
+                nullable=False,
+            )
+        )
+        batch_op.add_column(
+            sa.Column("ics_last_sync", sa.DateTime(timezone=True), nullable=True)
+        )
+        batch_op.add_column(sa.Column("ics_last_etag", sa.Text(), nullable=True))
+        batch_op.create_index("idx_room_ics_enabled", ["ics_enabled"], unique=False)
+
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("room", schema=None) as batch_op:
+        batch_op.drop_index("idx_room_ics_enabled")
+        batch_op.drop_column("ics_last_etag")
+        batch_op.drop_column("ics_last_sync")
+        batch_op.drop_column("ics_enabled")
+        batch_op.drop_column("ics_fetch_interval")
+        batch_op.drop_column("ics_url")
+
+    with op.batch_alter_table("meeting", schema=None) as batch_op:
+        batch_op.drop_constraint("fk_meeting_calendar_event_id", type_="foreignkey")
+        batch_op.drop_index("idx_meeting_calendar_event")
+        batch_op.drop_column("calendar_metadata")
+        batch_op.drop_column("calendar_event_id")
+
+    with op.batch_alter_table("calendar_event", schema=None) as batch_op:
+        batch_op.drop_index("idx_calendar_event_room_start")
+        batch_op.drop_index(
+            "idx_calendar_event_deleted", postgresql_where=sa.text("NOT is_deleted")
+        )
+
+    op.drop_table("calendar_event")
+    # ### end Alembic commands ###

server/migrations/versions/dc035ff72fd5_remove_grace_period_fields.py

@@ -0,0 +1,43 @@
+"""remove_grace_period_fields
+
+Revision ID: dc035ff72fd5
+Revises: d8e204bbf615
+Create Date: 2025-09-11 10:36:45.197588
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "dc035ff72fd5"
+down_revision: Union[str, None] = "d8e204bbf615"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # Remove grace period columns from meeting table
+    op.drop_column("meeting", "last_participant_left_at")
+    op.drop_column("meeting", "grace_period_minutes")
+
+
+def downgrade() -> None:
+    # Add back grace period columns to meeting table
+    op.add_column(
+        "meeting",
+        sa.Column(
+            "last_participant_left_at", sa.DateTime(timezone=True), nullable=True
+        ),
+    )
+    op.add_column(
+        "meeting",
+        sa.Column(
+            "grace_period_minutes",
+            sa.Integer(),
+            server_default=sa.text("15"),
+            nullable=True,
+        ),
+    )

server/migrations/versions/f8294b31f022_add_track_keys.py

@@ -0,0 +1,28 @@
+"""add_track_keys
+
+Revision ID: f8294b31f022
+Revises: 1e49625677e4
+Create Date: 2025-10-27 18:52:17.589167
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "f8294b31f022"
+down_revision: Union[str, None] = "1e49625677e4"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    with op.batch_alter_table("recording", schema=None) as batch_op:
+        batch_op.add_column(sa.Column("track_keys", sa.JSON(), nullable=True))
+
+
+def downgrade() -> None:
+    with op.batch_alter_table("recording", schema=None) as batch_op:
+        batch_op.drop_column("track_keys")

server/pyproject.toml

@@ -12,7 +12,6 @@ dependencies = [
     "requests>=2.31.0",
     "aiortc>=1.5.0",
     "sortedcontainers>=2.4.0",
-    "loguru>=0.7.0",
     "pydantic-settings>=2.0.2",
     "structlog>=23.1.0",
     "uvicorn[standard]>=0.23.1",
@@ -39,6 +38,7 @@ dependencies = [
     "llama-index-llms-openai-like>=0.4.0",
     "pytest-env>=1.1.5",
     "webvtt-py>=0.5.0",
+    "icalendar>=6.0.0",
 ]
 
 [dependency-groups]
@@ -112,25 +112,27 @@ source = ["reflector"]
 [tool.pytest_env]
 ENVIRONMENT = "pytest"
 DATABASE_URL = "postgresql://test_user:test_password@localhost:15432/reflector_test"
+AUTH_BACKEND = "jwt"
 
 [tool.pytest.ini_options]
 addopts = "-ra -q --disable-pytest-warnings --cov --cov-report html -v"
 testpaths = ["tests"]
 asyncio_mode = "auto"
 markers = [
-    "gpu_modal: mark test to run only with GPU Modal endpoints (deselect with '-m \"not gpu_modal\"')",
+    "model_api: tests for the unified model-serving HTTP API (backend- and hardware-agnostic)",
 ]
 
 [tool.ruff.lint]
 select = [
     "I",       # isort - import sorting
     "F401",    # unused imports
+    "E402",    # module level import not at top of file
     "PLC0415", # import-outside-top-level - detect inline imports
 ]
 
 [tool.ruff.lint.per-file-ignores]
 "reflector/processors/summary/summary_builder.py" = ["E501"]
-"gpu/**.py" = ["PLC0415"]
+"gpu/modal_deployments/**.py" = ["PLC0415"]
 "reflector/tools/**.py" = ["PLC0415"]
 "migrations/versions/**.py" = ["PLC0415"]
 "tests/**.py" = ["PLC0415"]

server/reflector/app.py

@@ -12,6 +12,7 @@ from reflector.events import subscribers_shutdown, subscribers_startup
 from reflector.logger import logger
 from reflector.metrics import metrics_init
 from reflector.settings import settings
+from reflector.views.daily import router as daily_router
 from reflector.views.meetings import router as meetings_router
 from reflector.views.rooms import router as rooms_router
 from reflector.views.rtc_offer import router as rtc_offer_router
@@ -26,6 +27,8 @@ from reflector.views.transcripts_upload import router as transcripts_upload_rout
 from reflector.views.transcripts_webrtc import router as transcripts_webrtc_router
 from reflector.views.transcripts_websocket import router as transcripts_websocket_router
 from reflector.views.user import router as user_router
+from reflector.views.user_api_keys import router as user_api_keys_router
+from reflector.views.user_websocket import router as user_ws_router
 from reflector.views.whereby import router as whereby_router
 from reflector.views.zulip import router as zulip_router
 
@@ -65,6 +68,12 @@ app.add_middleware(
     allow_headers=["*"],
 )
 
+
+@app.get("/health")
+async def health():
+    return {"status": "healthy"}
+
+
 # metrics
 instrumentator = Instrumentator(
     excluded_handlers=["/docs", "/metrics"],
@@ -84,8 +93,11 @@ app.include_router(transcripts_websocket_router, prefix="/v1")
 app.include_router(transcripts_webrtc_router, prefix="/v1")
 app.include_router(transcripts_process_router, prefix="/v1")
 app.include_router(user_router, prefix="/v1")
+app.include_router(user_api_keys_router, prefix="/v1")
+app.include_router(user_ws_router, prefix="/v1")
 app.include_router(zulip_router, prefix="/v1")
 app.include_router(whereby_router, prefix="/v1")
+app.include_router(daily_router, prefix="/v1/daily")
 add_pagination(app)
 
 # prepare celery

server/reflector/asynctask.py

@@ -1,13 +1,19 @@
 import asyncio
 import functools
+from uuid import uuid4
+
+from celery import current_task
 
 from reflector.db import get_database
+from reflector.llm import llm_session_id
 
 
 def asynctask(f):
     @functools.wraps(f)
     def wrapper(*args, **kwargs):
         async def run_with_db():
+            task_id = current_task.request.id if current_task else None
+            llm_session_id.set(task_id or f"random-{uuid4().hex}")
             database = get_database()
             await database.connect()
             try:

server/reflector/auth/auth_jwt.py

@@ -1,14 +1,18 @@
-from typing import Annotated, Optional
+from typing import Annotated, List, Optional
 
 from fastapi import Depends, HTTPException
-from fastapi.security import OAuth2PasswordBearer
+from fastapi.security import APIKeyHeader, OAuth2PasswordBearer
 from jose import JWTError, jwt
 from pydantic import BaseModel
 
+from reflector.db.user_api_keys import user_api_keys_controller
+from reflector.db.users import user_controller
 from reflector.logger import logger
 from reflector.settings import settings
+from reflector.utils import generate_uuid4
 
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token", auto_error=False)
+api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
 
 jwt_public_key = open(f"reflector/auth/jwt/keys/{settings.AUTH_JWT_PUBLIC_KEY}").read()
 jwt_algorithm = settings.AUTH_JWT_ALGORITHM
@@ -26,7 +30,7 @@ class JWTException(Exception):
 
 class UserInfo(BaseModel):
     sub: str
-    email: str
+    email: Optional[str] = None
 
     def __getitem__(self, key):
         return getattr(self, key)
@@ -58,33 +62,65 @@ def authenticated(token: Annotated[str, Depends(oauth2_scheme)]):
     return None
 
 
-def current_user(
-    token: Annotated[Optional[str], Depends(oauth2_scheme)],
-    jwtauth: JWTAuth = Depends(),
-):
-    if token is None:
-        raise HTTPException(status_code=401, detail="Not authenticated")
-    try:
-        payload = jwtauth.verify_token(token)
-        sub = payload["sub"]
-        return UserInfo(sub=sub)
-    except JWTError as e:
-        logger.error(f"JWT error: {e}")
-        raise HTTPException(status_code=401, detail="Invalid authentication")
+async def _authenticate_user(
+    jwt_token: Optional[str],
+    api_key: Optional[str],
+    jwtauth: JWTAuth,
+) -> UserInfo | None:
+    user_infos: List[UserInfo] = []
+    if api_key:
+        user_api_key = await user_api_keys_controller.verify_key(api_key)
+        if user_api_key:
+            user_infos.append(UserInfo(sub=user_api_key.user_id, email=None))
 
+    if jwt_token:
+        try:
+            payload = jwtauth.verify_token(jwt_token)
+            authentik_uid = payload["sub"]
+            email = payload["email"]
 
-def current_user_optional(
-    token: Annotated[Optional[str], Depends(oauth2_scheme)],
-    jwtauth: JWTAuth = Depends(),
-):
-    # we accept no token, but if one is provided, it must be a valid one.
-    if token is None:
+            user = await user_controller.get_by_authentik_uid(authentik_uid)
+            if not user:
+                logger.info(
+                    f"Creating new user on first login: {authentik_uid} ({email})"
+                )
+                user = await user_controller.create_or_update(
+                    id=generate_uuid4(),
+                    authentik_uid=authentik_uid,
+                    email=email,
+                )
+
+            user_infos.append(UserInfo(sub=user.id, email=email))
+        except JWTError as e:
+            logger.error(f"JWT error: {e}")
+            raise HTTPException(status_code=401, detail="Invalid authentication")
+
+    if len(user_infos) == 0:
         return None
-    try:
-        payload = jwtauth.verify_token(token)
-        sub = payload["sub"]
-        email = payload["email"]
-        return UserInfo(sub=sub, email=email)
-    except JWTError as e:
-        logger.error(f"JWT error: {e}")
-        raise HTTPException(status_code=401, detail="Invalid authentication")
+
+    if len(set([x.sub for x in user_infos])) > 1:
+        raise JWTException(
+            status_code=401,
+            detail="Invalid authentication: more than one user provided",
+        )
+
+    return user_infos[0]
+
+
+async def current_user(
+    jwt_token: Annotated[Optional[str], Depends(oauth2_scheme)],
+    api_key: Annotated[Optional[str], Depends(api_key_header)],
+    jwtauth: JWTAuth = Depends(),
+):
+    user = await _authenticate_user(jwt_token, api_key, jwtauth)
+    if user is None:
+        raise HTTPException(status_code=401, detail="Not authenticated")
+    return user
+
+
+async def current_user_optional(
+    jwt_token: Annotated[Optional[str], Depends(oauth2_scheme)],
+    api_key: Annotated[Optional[str], Depends(api_key_header)],
+    jwtauth: JWTAuth = Depends(),
+):
+    return await _authenticate_user(jwt_token, api_key, jwtauth)

server/reflector/dailyco_api/README.md

@@ -0,0 +1,6 @@
+anything about Daily.co api interaction
+
+- webhook event shapes
+- REST api client
+
+No REST api client existing found in the wild; the official lib is about working with videocall as a bot

server/reflector/dailyco_api/__init__.py

@@ -0,0 +1,110 @@
+"""
+Daily.co API Module
+"""
+
+# Client
+from .client import DailyApiClient, DailyApiError
+
+# Request models
+from .requests import (
+    CreateMeetingTokenRequest,
+    CreateRoomRequest,
+    CreateWebhookRequest,
+    MeetingTokenProperties,
+    RecordingsBucketConfig,
+    RoomProperties,
+    UpdateWebhookRequest,
+)
+
+# Response models
+from .responses import (
+    FinishedRecordingResponse,
+    MeetingParticipant,
+    MeetingParticipantsResponse,
+    MeetingResponse,
+    MeetingTokenResponse,
+    RecordingResponse,
+    RecordingS3Info,
+    RoomPresenceParticipant,
+    RoomPresenceResponse,
+    RoomResponse,
+    WebhookResponse,
+)
+
+# Webhook utilities
+from .webhook_utils import (
+    extract_room_name,
+    parse_participant_joined,
+    parse_participant_left,
+    parse_recording_error,
+    parse_recording_ready,
+    parse_recording_started,
+    parse_webhook_payload,
+    verify_webhook_signature,
+)
+
+# Webhook models
+from .webhooks import (
+    DailyTrack,
+    DailyWebhookEvent,
+    DailyWebhookEventUnion,
+    ParticipantJoinedEvent,
+    ParticipantJoinedPayload,
+    ParticipantLeftEvent,
+    ParticipantLeftPayload,
+    RecordingErrorEvent,
+    RecordingErrorPayload,
+    RecordingReadyEvent,
+    RecordingReadyToDownloadPayload,
+    RecordingStartedEvent,
+    RecordingStartedPayload,
+)
+
+__all__ = [
+    # Client
+    "DailyApiClient",
+    "DailyApiError",
+    # Requests
+    "CreateRoomRequest",
+    "RoomProperties",
+    "RecordingsBucketConfig",
+    "CreateMeetingTokenRequest",
+    "MeetingTokenProperties",
+    "CreateWebhookRequest",
+    "UpdateWebhookRequest",
+    # Responses
+    "RoomResponse",
+    "RoomPresenceResponse",
+    "RoomPresenceParticipant",
+    "MeetingParticipantsResponse",
+    "MeetingParticipant",
+    "MeetingResponse",
+    "RecordingResponse",
+    "FinishedRecordingResponse",
+    "RecordingS3Info",
+    "MeetingTokenResponse",
+    "WebhookResponse",
+    # Webhooks
+    "DailyWebhookEvent",
+    "DailyWebhookEventUnion",
+    "DailyTrack",
+    "ParticipantJoinedEvent",
+    "ParticipantJoinedPayload",
+    "ParticipantLeftEvent",
+    "ParticipantLeftPayload",
+    "RecordingStartedEvent",
+    "RecordingStartedPayload",
+    "RecordingReadyEvent",
+    "RecordingReadyToDownloadPayload",
+    "RecordingErrorEvent",
+    "RecordingErrorPayload",
+    # Webhook utilities
+    "verify_webhook_signature",
+    "extract_room_name",
+    "parse_webhook_payload",
+    "parse_participant_joined",
+    "parse_participant_left",
+    "parse_recording_started",
+    "parse_recording_ready",
+    "parse_recording_error",
+]

server/reflector/dailyco_api/client.py

@@ -0,0 +1,573 @@
+"""
+Daily.co API Client
+
+Complete async client for Daily.co REST API with Pydantic models.
+
+Reference: https://docs.daily.co/reference/rest-api
+"""
+
+from http import HTTPStatus
+from typing import Any
+
+import httpx
+import structlog
+
+from reflector.utils.string import NonEmptyString
+
+from .requests import (
+    CreateMeetingTokenRequest,
+    CreateRoomRequest,
+    CreateWebhookRequest,
+    UpdateWebhookRequest,
+)
+from .responses import (
+    MeetingParticipantsResponse,
+    MeetingResponse,
+    MeetingTokenResponse,
+    RecordingResponse,
+    RoomPresenceResponse,
+    RoomResponse,
+    WebhookResponse,
+)
+
+logger = structlog.get_logger(__name__)
+
+
+class DailyApiError(Exception):
+    """Daily.co API error with full request/response context."""
+
+    def __init__(self, operation: str, response: httpx.Response):
+        self.operation = operation
+        self.response = response
+        self.status_code = response.status_code
+        self.response_body = response.text
+        self.url = str(response.url)
+        self.request_body = (
+            response.request.content.decode() if response.request.content else None
+        )
+
+        super().__init__(
+            f"Daily.co API error: {operation} failed with status {self.status_code}"
+        )
+
+
+class DailyApiClient:
+    """
+    Complete async client for Daily.co REST API.
+
+    Usage:
+        # Direct usage
+        client = DailyApiClient(api_key="your_api_key")
+        room = await client.create_room(CreateRoomRequest(name="my-room"))
+        await client.close()  # Clean up when done
+
+        # Context manager (recommended)
+        async with DailyApiClient(api_key="your_api_key") as client:
+            room = await client.create_room(CreateRoomRequest(name="my-room"))
+    """
+
+    BASE_URL = "https://api.daily.co/v1"
+    DEFAULT_TIMEOUT = 10.0
+
+    def __init__(
+        self,
+        api_key: NonEmptyString,
+        webhook_secret: NonEmptyString | None = None,
+        timeout: float = DEFAULT_TIMEOUT,
+        base_url: NonEmptyString | None = None,
+    ):
+        """
+        Initialize Daily.co API client.
+
+        Args:
+            api_key: Daily.co API key (Bearer token)
+            webhook_secret: Base64-encoded HMAC secret for webhook verification.
+                Must match the 'hmac' value provided when creating webhooks.
+                Generate with: base64.b64encode(os.urandom(32)).decode()
+            timeout: Default request timeout in seconds
+            base_url: Override base URL (for testing)
+        """
+        self.api_key = api_key
+        self.webhook_secret = webhook_secret
+        self.timeout = timeout
+        self.base_url = base_url or self.BASE_URL
+
+        self.headers = {
+            "Authorization": f"Bearer {api_key}",
+            "Content-Type": "application/json",
+        }
+
+        self._client: httpx.AsyncClient | None = None
+
+    async def __aenter__(self):
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        await self.close()
+
+    async def _get_client(self) -> httpx.AsyncClient:
+        if self._client is None:
+            self._client = httpx.AsyncClient(timeout=self.timeout)
+        return self._client
+
+    async def close(self):
+        if self._client is not None:
+            await self._client.aclose()
+            self._client = None
+
+    async def _handle_response(
+        self, response: httpx.Response, operation: str
+    ) -> dict[str, Any]:
+        """
+        Handle API response with error logging.
+
+        Args:
+            response: HTTP response
+            operation: Operation name for logging (e.g., "create_room")
+
+        Returns:
+            Parsed JSON response
+
+        Raises:
+            DailyApiError: If request failed with full context
+        """
+        if response.status_code >= 400:
+            logger.error(
+                f"Daily.co API error: {operation}",
+                status_code=response.status_code,
+                response_body=response.text,
+                request_body=response.request.content.decode()
+                if response.request.content
+                else None,
+                url=str(response.url),
+            )
+            raise DailyApiError(operation, response)
+
+        return response.json()
+
+    # ============================================================================
+    # ROOMS
+    # ============================================================================
+
+    async def create_room(self, request: CreateRoomRequest) -> RoomResponse:
+        """
+        Create a new Daily.co room.
+
+        Reference: https://docs.daily.co/reference/rest-api/rooms/create-room
+
+        Args:
+            request: Room creation request with name, privacy, and properties
+
+        Returns:
+            Created room data including URL and ID
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.post(
+            f"{self.base_url}/rooms",
+            headers=self.headers,
+            json=request.model_dump(exclude_none=True),
+        )
+
+        data = await self._handle_response(response, "create_room")
+        return RoomResponse(**data)
+
+    async def get_room(self, room_name: NonEmptyString) -> RoomResponse:
+        """
+        Get room configuration.
+
+        Args:
+            room_name: Daily.co room name
+
+        Returns:
+            Room configuration data
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.get(
+            f"{self.base_url}/rooms/{room_name}",
+            headers=self.headers,
+        )
+
+        data = await self._handle_response(response, "get_room")
+        return RoomResponse(**data)
+
+    async def get_room_presence(
+        self, room_name: NonEmptyString
+    ) -> RoomPresenceResponse:
+        """
+        Get current participants in a room (real-time presence).
+
+        Reference: https://docs.daily.co/reference/rest-api/rooms/get-room-presence
+
+        Args:
+            room_name: Daily.co room name
+
+        Returns:
+            List of currently present participants with join time and duration
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.get(
+            f"{self.base_url}/rooms/{room_name}/presence",
+            headers=self.headers,
+        )
+
+        data = await self._handle_response(response, "get_room_presence")
+        return RoomPresenceResponse(**data)
+
+    async def delete_room(self, room_name: NonEmptyString) -> None:
+        """
+        Delete a room (idempotent - succeeds even if room doesn't exist).
+
+        Reference: https://docs.daily.co/reference/rest-api/rooms/delete-room
+
+        Args:
+            room_name: Daily.co room name
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails (except 404)
+        """
+        client = await self._get_client()
+        response = await client.delete(
+            f"{self.base_url}/rooms/{room_name}",
+            headers=self.headers,
+        )
+
+        # Idempotent delete - 404 means already deleted
+        if response.status_code == HTTPStatus.NOT_FOUND:
+            logger.debug("Room not found (already deleted)", room_name=room_name)
+            return
+
+        await self._handle_response(response, "delete_room")
+
+    # ============================================================================
+    # MEETINGS
+    # ============================================================================
+
+    async def get_meeting(self, meeting_id: NonEmptyString) -> MeetingResponse:
+        """
+        Get full meeting information including participants.
+
+        Reference: https://docs.daily.co/reference/rest-api/meetings/get-meeting-information
+
+        Args:
+            meeting_id: Daily.co meeting/session ID
+
+        Returns:
+            Meeting metadata including room, duration, participants, and status
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.get(
+            f"{self.base_url}/meetings/{meeting_id}",
+            headers=self.headers,
+        )
+
+        data = await self._handle_response(response, "get_meeting")
+        return MeetingResponse(**data)
+
+    async def get_meeting_participants(
+        self,
+        meeting_id: NonEmptyString,
+        limit: int | None = None,
+        joined_after: NonEmptyString | None = None,
+        joined_before: NonEmptyString | None = None,
+    ) -> MeetingParticipantsResponse:
+        """
+        Get historical participant data from a completed meeting (paginated).
+
+        Reference: https://docs.daily.co/reference/rest-api/meetings/get-meeting-participants
+
+        Args:
+            meeting_id: Daily.co meeting/session ID
+            limit: Maximum number of participant records to return
+            joined_after: Return participants who joined after this participant_id
+            joined_before: Return participants who joined before this participant_id
+
+        Returns:
+            List of participants with join times and duration
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails (404 when no more participants)
+
+        Note:
+            For pagination, use joined_after with the last participant_id from previous response.
+            Returns 404 when no more participants remain.
+        """
+        params = {}
+        if limit is not None:
+            params["limit"] = limit
+        if joined_after is not None:
+            params["joined_after"] = joined_after
+        if joined_before is not None:
+            params["joined_before"] = joined_before
+
+        client = await self._get_client()
+        response = await client.get(
+            f"{self.base_url}/meetings/{meeting_id}/participants",
+            headers=self.headers,
+            params=params,
+        )
+
+        data = await self._handle_response(response, "get_meeting_participants")
+        return MeetingParticipantsResponse(**data)
+
+    # ============================================================================
+    # RECORDINGS
+    # ============================================================================
+
+    async def get_recording(self, recording_id: NonEmptyString) -> RecordingResponse:
+        """
+        https://docs.daily.co/reference/rest-api/recordings/get-recording-information
+        Get recording metadata and status.
+        """
+        client = await self._get_client()
+        response = await client.get(
+            f"{self.base_url}/recordings/{recording_id}",
+            headers=self.headers,
+        )
+
+        data = await self._handle_response(response, "get_recording")
+        return RecordingResponse(**data)
+
+    async def list_recordings(
+        self,
+        room_name: NonEmptyString | None = None,
+        starting_after: str | None = None,
+        ending_before: str | None = None,
+        limit: int = 100,
+    ) -> list[RecordingResponse]:
+        """
+        List recordings with optional filters.
+
+        Reference: https://docs.daily.co/reference/rest-api/recordings
+
+        Args:
+            room_name: Filter by room name
+            starting_after: Pagination cursor - recording ID to start after
+            ending_before: Pagination cursor - recording ID to end before
+            limit: Max results per page (default 100, max 100)
+
+        Note: starting_after/ending_before are pagination cursors (recording IDs),
+        NOT time filters. API returns recordings in reverse chronological order.
+        """
+        client = await self._get_client()
+
+        params = {"limit": limit}
+        if room_name:
+            params["room_name"] = room_name
+        if starting_after:
+            params["starting_after"] = starting_after
+        if ending_before:
+            params["ending_before"] = ending_before
+
+        response = await client.get(
+            f"{self.base_url}/recordings",
+            headers=self.headers,
+            params=params,
+        )
+
+        data = await self._handle_response(response, "list_recordings")
+
+        if not isinstance(data, dict) or "data" not in data:
+            logger.error(
+                "Daily.co API returned unexpected format for list_recordings",
+                data_type=type(data).__name__,
+                data_keys=list(data.keys()) if isinstance(data, dict) else None,
+                data_sample=str(data)[:500],
+                room_name=room_name,
+                operation="list_recordings",
+            )
+            raise httpx.HTTPStatusError(
+                message=f"Unexpected response format from list_recordings: {type(data).__name__}",
+                request=response.request,
+                response=response,
+            )
+
+        return [RecordingResponse(**r) for r in data["data"]]
+
+    # ============================================================================
+    # MEETING TOKENS
+    # ============================================================================
+
+    async def create_meeting_token(
+        self, request: CreateMeetingTokenRequest
+    ) -> MeetingTokenResponse:
+        """
+        Create a meeting token for participant authentication.
+
+        Reference: https://docs.daily.co/reference/rest-api/meeting-tokens/create-meeting-token
+
+        Args:
+            request: Token properties including room name, user_id, permissions
+
+        Returns:
+            JWT meeting token
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.post(
+            f"{self.base_url}/meeting-tokens",
+            headers=self.headers,
+            json=request.model_dump(exclude_none=True),
+        )
+
+        data = await self._handle_response(response, "create_meeting_token")
+        return MeetingTokenResponse(**data)
+
+    # ============================================================================
+    # WEBHOOKS
+    # ============================================================================
+
+    async def list_webhooks(self) -> list[WebhookResponse]:
+        """
+        List all configured webhooks for this account.
+
+        Reference: https://docs.daily.co/reference/rest-api/webhooks
+
+        Returns:
+            List of webhook configurations
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.get(
+            f"{self.base_url}/webhooks",
+            headers=self.headers,
+        )
+
+        data = await self._handle_response(response, "list_webhooks")
+
+        # Daily.co returns array directly (not paginated)
+        if isinstance(data, list):
+            return [WebhookResponse(**wh) for wh in data]
+
+        # Future-proof: handle potential pagination envelope
+        if isinstance(data, dict) and "data" in data:
+            return [WebhookResponse(**wh) for wh in data["data"]]
+
+        logger.warning("Unexpected webhook list response format", data=data)
+        return []
+
+    async def create_webhook(self, request: CreateWebhookRequest) -> WebhookResponse:
+        """
+        Create a new webhook subscription.
+
+        Reference: https://docs.daily.co/reference/rest-api/webhooks
+
+        Args:
+            request: Webhook configuration with URL, event types, and HMAC secret
+
+        Returns:
+            Created webhook with UUID and state
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.post(
+            f"{self.base_url}/webhooks",
+            headers=self.headers,
+            json=request.model_dump(exclude_none=True),
+        )
+
+        data = await self._handle_response(response, "create_webhook")
+        return WebhookResponse(**data)
+
+    async def update_webhook(
+        self, webhook_uuid: NonEmptyString, request: UpdateWebhookRequest
+    ) -> WebhookResponse:
+        """
+        Update webhook configuration.
+
+        Note: Daily.co may not support PATCH for all fields.
+        Common pattern is delete + recreate.
+
+        Reference: https://docs.daily.co/reference/rest-api/webhooks
+
+        Args:
+            webhook_uuid: Webhook UUID to update
+            request: Updated webhook configuration
+
+        Returns:
+            Updated webhook configuration
+
+        Raises:
+            httpx.HTTPStatusError: If API request fails
+        """
+        client = await self._get_client()
+        response = await client.patch(
+            f"{self.base_url}/webhooks/{webhook_uuid}",
+            headers=self.headers,
+            json=request.model_dump(exclude_none=True),
+        )
+
+        data = await self._handle_response(response, "update_webhook")
+        return WebhookResponse(**data)
+
+    async def delete_webhook(self, webhook_uuid: NonEmptyString) -> None:
+        """
+        Delete a webhook.
+
+        Reference: https://docs.daily.co/reference/rest-api/webhooks
+
+        Args:
+            webhook_uuid: Webhook UUID to delete
+
+        Raises:
+            httpx.HTTPStatusError: If webhook not found or deletion fails
+        """
+        client = await self._get_client()
+        response = await client.delete(
+            f"{self.base_url}/webhooks/{webhook_uuid}",
+            headers=self.headers,
+        )
+
+        await self._handle_response(response, "delete_webhook")
+
+    # ============================================================================
+    # HELPER METHODS
+    # ============================================================================
+
+    async def find_webhook_by_url(self, url: NonEmptyString) -> WebhookResponse | None:
+        """
+        Find a webhook by its URL.
+
+        Args:
+            url: Webhook endpoint URL to search for
+
+        Returns:
+            Webhook if found, None otherwise
+        """
+        webhooks = await self.list_webhooks()
+        for webhook in webhooks:
+            if webhook.url == url:
+                return webhook
+        return None
+
+    async def find_webhooks_by_pattern(
+        self, pattern: NonEmptyString
+    ) -> list[WebhookResponse]:
+        """
+        Find webhooks matching a URL pattern (e.g., 'ngrok').
+
+        Args:
+            pattern: String to match in webhook URLs
+
+        Returns:
+            List of matching webhooks
+        """
+        webhooks = await self.list_webhooks()
+        return [wh for wh in webhooks if pattern in wh.url]

server/reflector/dailyco_api/requests.py

@@ -0,0 +1,162 @@
+"""
+Daily.co API Request Models
+
+Reference: https://docs.daily.co/reference/rest-api
+"""
+
+from typing import List, Literal
+
+from pydantic import BaseModel, Field
+
+from reflector.utils.string import NonEmptyString
+
+
+class RecordingsBucketConfig(BaseModel):
+    """
+    S3 bucket configuration for raw-tracks recordings.
+
+    Reference: https://docs.daily.co/reference/rest-api/rooms/create-room
+    """
+
+    bucket_name: NonEmptyString = Field(description="S3 bucket name")
+    bucket_region: NonEmptyString = Field(description="AWS region (e.g., 'us-east-1')")
+    assume_role_arn: NonEmptyString = Field(
+        description="AWS IAM role ARN that Daily.co will assume to write recordings"
+    )
+    allow_api_access: bool = Field(
+        default=True,
+        description="Whether to allow API access to recording metadata",
+    )
+
+
+class RoomProperties(BaseModel):
+    """
+    Room configuration properties.
+    """
+
+    enable_recording: Literal["cloud", "local", "raw-tracks"] | None = Field(
+        default=None,
+        description="Recording mode: 'cloud' for mixed, 'local' for local recording, 'raw-tracks' for multitrack, None to disable",
+    )
+    enable_chat: bool = Field(default=True, description="Enable in-meeting chat")
+    enable_screenshare: bool = Field(default=True, description="Enable screen sharing")
+    enable_knocking: bool = Field(
+        default=False,
+        description="Enable knocking for private rooms (allows participants to request access)",
+    )
+    start_video_off: bool = Field(
+        default=False, description="Start with video off for all participants"
+    )
+    start_audio_off: bool = Field(
+        default=False, description="Start with audio muted for all participants"
+    )
+    exp: int | None = Field(
+        None, description="Room expiration timestamp (Unix epoch seconds)"
+    )
+    recordings_bucket: RecordingsBucketConfig | None = Field(
+        None, description="S3 bucket configuration for raw-tracks recordings"
+    )
+
+
+class CreateRoomRequest(BaseModel):
+    """
+    Request to create a new Daily.co room.
+
+    Reference: https://docs.daily.co/reference/rest-api/rooms/create-room
+    """
+
+    name: NonEmptyString = Field(description="Room name (must be unique within domain)")
+    privacy: Literal["public", "private"] = Field(
+        default="public", description="Room privacy setting"
+    )
+    properties: RoomProperties = Field(
+        default_factory=RoomProperties, description="Room configuration properties"
+    )
+
+
+class MeetingTokenProperties(BaseModel):
+    """
+    Properties for meeting token creation.
+
+    Reference: https://docs.daily.co/reference/rest-api/meeting-tokens/create-meeting-token
+    """
+
+    room_name: NonEmptyString = Field(description="Room name this token is valid for")
+    user_id: NonEmptyString | None = Field(
+        None, description="User identifier to associate with token"
+    )
+    is_owner: bool = Field(
+        default=False, description="Grant owner privileges to token holder"
+    )
+    start_cloud_recording: bool = Field(
+        default=False, description="Automatically start cloud recording on join"
+    )
+    enable_recording_ui: bool = Field(
+        default=True, description="Show recording controls in UI"
+    )
+    eject_at_token_exp: bool = Field(
+        default=False, description="Eject participant when token expires"
+    )
+    nbf: int | None = Field(
+        None, description="Not-before timestamp (Unix epoch seconds)"
+    )
+    exp: int | None = Field(
+        None, description="Expiration timestamp (Unix epoch seconds)"
+    )
+
+
+class CreateMeetingTokenRequest(BaseModel):
+    """
+    Request to create a meeting token for participant authentication.
+
+    Reference: https://docs.daily.co/reference/rest-api/meeting-tokens/create-meeting-token
+    """
+
+    properties: MeetingTokenProperties = Field(description="Token properties")
+
+
+class CreateWebhookRequest(BaseModel):
+    """
+    Request to create a webhook subscription.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks
+    """
+
+    url: NonEmptyString = Field(description="Webhook endpoint URL (must be HTTPS)")
+    eventTypes: List[
+        Literal[
+            "participant.joined",
+            "participant.left",
+            "recording.started",
+            "recording.ready-to-download",
+            "recording.error",
+        ]
+    ] = Field(
+        description="Array of event types to subscribe to (only events we handle)"
+    )
+    hmac: NonEmptyString = Field(
+        description="Base64-encoded HMAC secret for webhook signature verification"
+    )
+    basicAuth: NonEmptyString | None = Field(
+        None, description="Optional basic auth credentials for webhook endpoint"
+    )
+
+
+class UpdateWebhookRequest(BaseModel):
+    """
+    Request to update an existing webhook.
+
+    Note: Daily.co API may not support PATCH for webhooks.
+    Common pattern is to delete and recreate.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks
+    """
+
+    url: NonEmptyString | None = Field(None, description="New webhook endpoint URL")
+    eventTypes: List[NonEmptyString] | None = Field(
+        None, description="New array of event types"
+    )
+    hmac: NonEmptyString | None = Field(None, description="New HMAC secret")
+    basicAuth: NonEmptyString | None = Field(
+        None, description="New basic auth credentials"
+    )

server/reflector/dailyco_api/responses.py

@@ -0,0 +1,217 @@
+"""
+Daily.co API Response Models
+"""
+
+from typing import Any, Dict, List, Literal
+
+from pydantic import BaseModel, Field
+
+from reflector.dailyco_api.webhooks import DailyTrack
+from reflector.utils.string import NonEmptyString
+
+# not documented in daily; we fill it according to observations
+RecordingStatus = Literal["in-progress", "finished"]
+
+
+class RoomResponse(BaseModel):
+    """
+    Response from room creation or retrieval.
+
+    Reference: https://docs.daily.co/reference/rest-api/rooms/create-room
+    """
+
+    id: NonEmptyString = Field(description="Unique room identifier (UUID)")
+    name: NonEmptyString = Field(description="Room name used in URLs")
+    api_created: bool = Field(description="Whether room was created via API")
+    privacy: Literal["public", "private"] = Field(description="Room privacy setting")
+    url: NonEmptyString = Field(description="Full room URL")
+    created_at: NonEmptyString = Field(description="ISO 8601 creation timestamp")
+    config: Dict[NonEmptyString, Any] = Field(
+        default_factory=dict, description="Room configuration properties"
+    )
+
+
+class RoomPresenceParticipant(BaseModel):
+    """
+    Participant presence information in a room.
+
+    Reference: https://docs.daily.co/reference/rest-api/rooms/get-room-presence
+    """
+
+    room: NonEmptyString = Field(description="Room name")
+    id: NonEmptyString = Field(description="Participant session ID")
+    userId: NonEmptyString | None = Field(None, description="User ID if provided")
+    userName: NonEmptyString | None = Field(None, description="User display name")
+    joinTime: NonEmptyString = Field(description="ISO 8601 join timestamp")
+    duration: int = Field(description="Duration in room (seconds)")
+
+
+class RoomPresenceResponse(BaseModel):
+    """
+    Response from room presence endpoint.
+
+    Reference: https://docs.daily.co/reference/rest-api/rooms/get-room-presence
+    """
+
+    total_count: int = Field(
+        description="Total number of participants currently in room"
+    )
+    data: List[RoomPresenceParticipant] = Field(
+        default_factory=list, description="Array of participant presence data"
+    )
+
+
+class MeetingParticipant(BaseModel):
+    """
+    Historical participant data from a meeting.
+
+    Reference: https://docs.daily.co/reference/rest-api/meetings/get-meeting-participants
+    """
+
+    user_id: NonEmptyString | None = Field(None, description="User identifier")
+    participant_id: NonEmptyString = Field(description="Participant session identifier")
+    user_name: NonEmptyString | None = Field(None, description="User display name")
+    join_time: int = Field(description="Join timestamp (Unix epoch seconds)")
+    duration: int = Field(description="Duration in meeting (seconds)")
+
+
+class MeetingParticipantsResponse(BaseModel):
+    """
+    Response from meeting participants endpoint.
+
+    Reference: https://docs.daily.co/reference/rest-api/meetings/get-meeting-participants
+    """
+
+    data: List[MeetingParticipant] = Field(
+        default_factory=list, description="Array of participant data"
+    )
+
+
+class MeetingResponse(BaseModel):
+    """
+    Response from meeting information endpoint.
+
+    Reference: https://docs.daily.co/reference/rest-api/meetings/get-meeting-information
+    """
+
+    id: NonEmptyString = Field(description="Meeting session identifier (UUID)")
+    room: NonEmptyString = Field(description="Room name where meeting occurred")
+    start_time: int = Field(
+        description="Meeting start Unix timestamp (~15s granularity)"
+    )
+    duration: int = Field(description="Total meeting duration in seconds")
+    ongoing: bool = Field(description="Whether meeting is currently active")
+    max_participants: int = Field(description="Peak concurrent participant count")
+    participants: List[MeetingParticipant] = Field(
+        default_factory=list, description="Array of participant session data"
+    )
+
+
+class RecordingS3Info(BaseModel):
+    """
+    S3 bucket information for a recording.
+
+    Reference: https://docs.daily.co/reference/rest-api/recordings
+    """
+
+    bucket_name: NonEmptyString
+    bucket_region: NonEmptyString
+    endpoint: NonEmptyString | None = None
+
+
+class RecordingResponse(BaseModel):
+    """
+    Response from recording retrieval endpoint (network layer).
+
+    Duration may be None for recordings still being processed by Daily.
+    Use FinishedRecordingResponse for recordings ready for processing.
+
+    Reference: https://docs.daily.co/reference/rest-api/recordings
+    """
+
+    id: NonEmptyString = Field(description="Recording identifier")
+    room_name: NonEmptyString = Field(description="Room where recording occurred")
+    start_ts: int = Field(description="Recording start timestamp (Unix epoch seconds)")
+    status: RecordingStatus = Field(
+        description="Recording status ('in-progress' or 'finished')"
+    )
+    max_participants: int | None = Field(
+        None, description="Maximum participants during recording (may be missing)"
+    )
+    duration: int | None = Field(
+        None, description="Recording duration in seconds (None if still processing)"
+    )
+    share_token: NonEmptyString | None = Field(
+        None, description="Token for sharing recording"
+    )
+    s3: RecordingS3Info | None = Field(None, description="S3 bucket information")
+    tracks: list[DailyTrack] = Field(
+        default_factory=list,
+        description="Track list for raw-tracks recordings (always array, never null)",
+    )
+    # this is not a mistake but a deliberate Daily.co naming decision
+    mtgSessionId: NonEmptyString | None = Field(
+        None, description="Meeting session identifier (may be missing)"
+    )
+
+    def to_finished(self) -> "FinishedRecordingResponse | None":
+        """Convert to FinishedRecordingResponse if duration is available and status is finished."""
+        if self.duration is None or self.status != "finished":
+            return None
+        return FinishedRecordingResponse(**self.model_dump())
+
+
+class FinishedRecordingResponse(RecordingResponse):
+    """
+    Recording with confirmed duration - ready for processing.
+
+    This model guarantees duration is present and status is finished.
+    """
+
+    status: Literal["finished"] = Field(
+        description="Recording status (always 'finished')"
+    )
+    duration: int = Field(description="Recording duration in seconds")
+
+
+class MeetingTokenResponse(BaseModel):
+    """
+    Response from meeting token creation.
+
+    Reference: https://docs.daily.co/reference/rest-api/meeting-tokens/create-meeting-token
+    """
+
+    token: NonEmptyString = Field(
+        description="JWT meeting token for participant authentication"
+    )
+
+
+class WebhookResponse(BaseModel):
+    """
+    Response from webhook creation or retrieval.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks
+    """
+
+    uuid: NonEmptyString = Field(description="Unique webhook identifier")
+    url: NonEmptyString = Field(description="Webhook endpoint URL")
+    hmac: NonEmptyString | None = Field(
+        None, description="Base64-encoded HMAC secret for signature verification"
+    )
+    basicAuth: NonEmptyString | None = Field(
+        None, description="Basic auth credentials if configured"
+    )
+    eventTypes: List[NonEmptyString] = Field(
+        default_factory=list,
+        description="Array of event types (e.g., ['recording.started', 'participant.joined'])",
+    )
+    state: Literal["ACTIVE", "FAILED"] = Field(
+        description="Webhook state - FAILED after 3+ consecutive failures"
+    )
+    failedCount: int = Field(default=0, description="Number of consecutive failures")
+    lastMomentPushed: NonEmptyString | None = Field(
+        None, description="ISO 8601 timestamp of last successful push"
+    )
+    domainId: NonEmptyString = Field(description="Daily.co domain/account identifier")
+    createdAt: NonEmptyString = Field(description="ISO 8601 creation timestamp")
+    updatedAt: NonEmptyString = Field(description="ISO 8601 last update timestamp")

server/reflector/dailyco_api/webhook_utils.py

@@ -0,0 +1,228 @@
+"""
+Daily.co Webhook Utilities
+
+Utilities for verifying and parsing Daily.co webhook events.
+
+Reference: https://docs.daily.co/reference/rest-api/webhooks
+"""
+
+import base64
+import hmac
+from hashlib import sha256
+
+import structlog
+
+from .webhooks import (
+    DailyWebhookEvent,
+    ParticipantJoinedPayload,
+    ParticipantLeftPayload,
+    RecordingErrorPayload,
+    RecordingReadyToDownloadPayload,
+    RecordingStartedPayload,
+)
+
+logger = structlog.get_logger(__name__)
+
+
+def verify_webhook_signature(
+    body: bytes,
+    signature: str,
+    timestamp: str,
+    webhook_secret: str,
+) -> bool:
+    """
+    Verify Daily.co webhook signature using HMAC-SHA256.
+
+    Daily.co signature verification:
+    1. Base64-decode the webhook secret
+    2. Create signed content: timestamp + '.' + body
+    3. Compute HMAC-SHA256(secret, signed_content)
+    4. Base64-encode the result
+    5. Compare with provided signature using constant-time comparison
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks
+
+    Args:
+        body: Raw request body bytes
+        signature: X-Webhook-Signature header value
+        timestamp: X-Webhook-Timestamp header value
+        webhook_secret: Base64-encoded HMAC secret
+
+    Returns:
+        True if signature is valid, False otherwise
+
+    Example:
+        >>> body = b'{"version":"1.0.0","type":"participant.joined",...}'
+        >>> signature = "abc123..."
+        >>> timestamp = "1234567890"
+        >>> secret = "your-base64-secret"
+        >>> is_valid = verify_webhook_signature(body, signature, timestamp, secret)
+    """
+    if not signature or not timestamp or not webhook_secret:
+        logger.warning(
+            "Missing required data for webhook verification",
+            has_signature=bool(signature),
+            has_timestamp=bool(timestamp),
+            has_secret=bool(webhook_secret),
+        )
+        return False
+
+    try:
+        secret_bytes = base64.b64decode(webhook_secret)
+        signed_content = timestamp.encode() + b"." + body
+        expected = hmac.new(secret_bytes, signed_content, sha256).digest()
+        expected_b64 = base64.b64encode(expected).decode()
+
+        # Constant-time comparison to prevent timing attacks
+        return hmac.compare_digest(expected_b64, signature)
+
+    except (base64.binascii.Error, ValueError, TypeError, UnicodeDecodeError) as e:
+        logger.error(
+            "Webhook signature verification failed",
+            error=str(e),
+            error_type=type(e).__name__,
+        )
+        return False
+
+
+def extract_room_name(event: DailyWebhookEvent) -> str | None:
+    """
+    Extract room name from Daily.co webhook event payload.
+
+    Args:
+        event: Parsed webhook event
+
+    Returns:
+        Room name if present and is a string, None otherwise
+
+    Example:
+        >>> event = DailyWebhookEvent(**webhook_payload)
+        >>> room_name = extract_room_name(event)
+    """
+    room = event.payload.get("room_name")
+    # Ensure we return a string, not any falsy value that might be in payload
+    return room if isinstance(room, str) else None
+
+
+def parse_participant_joined(event: DailyWebhookEvent) -> ParticipantJoinedPayload:
+    """
+    Parse participant.joined webhook event payload.
+
+    Args:
+        event: Webhook event with type "participant.joined"
+
+    Returns:
+        Parsed participant joined payload
+
+    Raises:
+        pydantic.ValidationError: If payload doesn't match expected schema
+    """
+    return ParticipantJoinedPayload(**event.payload)
+
+
+def parse_participant_left(event: DailyWebhookEvent) -> ParticipantLeftPayload:
+    """
+    Parse participant.left webhook event payload.
+
+    Args:
+        event: Webhook event with type "participant.left"
+
+    Returns:
+        Parsed participant left payload
+
+    Raises:
+        pydantic.ValidationError: If payload doesn't match expected schema
+    """
+    return ParticipantLeftPayload(**event.payload)
+
+
+def parse_recording_started(event: DailyWebhookEvent) -> RecordingStartedPayload:
+    """
+    Parse recording.started webhook event payload.
+
+    Args:
+        event: Webhook event with type "recording.started"
+
+    Returns:
+        Parsed recording started payload
+
+    Raises:
+        pydantic.ValidationError: If payload doesn't match expected schema
+    """
+    return RecordingStartedPayload(**event.payload)
+
+
+def parse_recording_ready(
+    event: DailyWebhookEvent,
+) -> RecordingReadyToDownloadPayload:
+    """
+    Parse recording.ready-to-download webhook event payload.
+
+    This event is sent when raw-tracks recordings are complete and uploaded to S3.
+    The payload includes a 'tracks' array with individual audio/video files.
+
+    Args:
+        event: Webhook event with type "recording.ready-to-download"
+
+    Returns:
+        Parsed recording ready payload with tracks array
+
+    Raises:
+        pydantic.ValidationError: If payload doesn't match expected schema
+
+    Example:
+        >>> event = DailyWebhookEvent(**webhook_payload)
+        >>> if event.type == "recording.ready-to-download":
+        ...     payload = parse_recording_ready(event)
+        ...     audio_tracks = [t for t in payload.tracks if t.type == "audio"]
+    """
+    return RecordingReadyToDownloadPayload(**event.payload)
+
+
+def parse_recording_error(event: DailyWebhookEvent) -> RecordingErrorPayload:
+    """
+    Parse recording.error webhook event payload.
+
+    Args:
+        event: Webhook event with type "recording.error"
+
+    Returns:
+        Parsed recording error payload
+
+    Raises:
+        pydantic.ValidationError: If payload doesn't match expected schema
+    """
+    return RecordingErrorPayload(**event.payload)
+
+
+WEBHOOK_PARSERS = {
+    "participant.joined": parse_participant_joined,
+    "participant.left": parse_participant_left,
+    "recording.started": parse_recording_started,
+    "recording.ready-to-download": parse_recording_ready,
+    "recording.error": parse_recording_error,
+}
+
+
+def parse_webhook_payload(event: DailyWebhookEvent):
+    """
+    Parse webhook event payload based on event type.
+
+    Args:
+        event: Webhook event
+
+    Returns:
+        Typed payload model based on event type, or raw dict if unknown
+
+    Example:
+        >>> event = DailyWebhookEvent(**webhook_payload)
+        >>> payload = parse_webhook_payload(event)
+        >>> if isinstance(payload, ParticipantJoinedPayload):
+        ...     print(f"User {payload.user_name} joined")
+    """
+    parser = WEBHOOK_PARSERS.get(event.type)
+    if parser:
+        return parser(event)
+    else:
+        logger.warning("Unknown webhook event type", event_type=event.type)
+        return event.payload

server/reflector/dailyco_api/webhooks.py

@@ -0,0 +1,271 @@
+"""
+Daily.co Webhook Event Models
+
+Reference: https://docs.daily.co/reference/rest-api/webhooks
+"""
+
+from typing import Annotated, Any, Dict, Literal, Union
+
+from pydantic import BaseModel, Field, field_validator
+
+from reflector.utils.string import NonEmptyString
+
+
+def normalize_timestamp_to_int(v):
+    """
+    Normalize float timestamps to int by truncating decimal part.
+
+    Daily.co sometimes sends timestamps as floats (e.g., 1708972279.96).
+    Pydantic expects int for fields typed as `int`.
+    """
+    if v is None:
+        return v
+    if isinstance(v, float):
+        return int(v)
+    return v
+
+
+WebhookEventType = Literal[
+    "participant.joined",
+    "participant.left",
+    "recording.started",
+    "recording.ready-to-download",
+    "recording.error",
+]
+
+
+class DailyTrack(BaseModel):
+    """
+    Individual audio or video track from a multitrack recording.
+
+    Reference: https://docs.daily.co/reference/rest-api/recordings
+    """
+
+    type: Literal["audio", "video"]
+    s3Key: NonEmptyString = Field(description="S3 object key for the track file")
+    size: int = Field(description="File size in bytes")
+
+
+class DailyWebhookEvent(BaseModel):
+    """
+    Base structure for all Daily.co webhook events.
+    All events share five common fields documented below.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks
+    """
+
+    version: NonEmptyString = Field(
+        description="Represents the version of the event. This uses semantic versioning to inform a consumer if the payload has introduced any breaking changes"
+    )
+    type: WebhookEventType = Field(
+        description="Represents the type of the event described in the payload"
+    )
+    id: NonEmptyString = Field(
+        description="An identifier representing this specific event"
+    )
+    payload: Dict[NonEmptyString, Any] = Field(
+        description="An object representing the event, whose fields are described in the corresponding payload class"
+    )
+    event_ts: int = Field(
+        description="Documenting when the webhook itself was sent. This timestamp is different than the time of the event the webhook describes. For example, a recording.started event will contain a start_ts timestamp of when the actual recording started, and a slightly later event_ts timestamp indicating when the webhook event was sent"
+    )
+
+    _normalize_event_ts = field_validator("event_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class ParticipantJoinedPayload(BaseModel):
+    """
+    Payload for participant.joined webhook event.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks/events/participant-joined
+    """
+
+    room_name: NonEmptyString | None = Field(None, description="Daily.co room name")
+    session_id: NonEmptyString = Field(description="Daily.co session identifier")
+    user_id: NonEmptyString = Field(description="User identifier (may be encoded)")
+    user_name: NonEmptyString | None = Field(None, description="User display name")
+    joined_at: int = Field(description="Join timestamp in Unix epoch seconds")
+
+    _normalize_joined_at = field_validator("joined_at", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class ParticipantLeftPayload(BaseModel):
+    """
+    Payload for participant.left webhook event.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks/events/participant-left
+    """
+
+    room_name: NonEmptyString | None = Field(None, description="Daily.co room name")
+    session_id: NonEmptyString = Field(description="Daily.co session identifier")
+    user_id: NonEmptyString = Field(description="User identifier (may be encoded)")
+    user_name: NonEmptyString | None = Field(None, description="User display name")
+    joined_at: int = Field(description="Join timestamp in Unix epoch seconds")
+    duration: int | None = Field(
+        None, description="Duration of participation in seconds"
+    )
+
+    _normalize_joined_at = field_validator("joined_at", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class RecordingStartedPayload(BaseModel):
+    """
+    Payload for recording.started webhook event.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks/events/recording-started
+    """
+
+    room_name: NonEmptyString | None = Field(None, description="Daily.co room name")
+    recording_id: NonEmptyString = Field(description="Recording identifier")
+    start_ts: int | None = Field(None, description="Recording start timestamp")
+
+    _normalize_start_ts = field_validator("start_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class RecordingReadyToDownloadPayload(BaseModel):
+    """
+    Payload for recording.ready-to-download webhook event.
+    This is sent when raw-tracks recordings are complete and uploaded to S3.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks/events/recording-ready-to-download
+    """
+
+    type: Literal["cloud", "raw-tracks"] = Field(
+        description="The type of recording that was generated"
+    )
+    recording_id: NonEmptyString = Field(
+        description="An ID identifying the recording that was generated"
+    )
+    room_name: NonEmptyString = Field(
+        description="The name of the room where the recording was made"
+    )
+    start_ts: int = Field(
+        description="The Unix epoch time in seconds representing when the recording started"
+    )
+    status: Literal["finished"] = Field(
+        description="The status of the given recording (always 'finished' in ready-to-download webhook, see RecordingStatus in responses.py for full API statuses)"
+    )
+    max_participants: int = Field(
+        description="The number of participants on the call that were recorded"
+    )
+    duration: int = Field(description="The duration in seconds of the call")
+    s3_key: NonEmptyString = Field(
+        description="The location of the recording in the provided S3 bucket"
+    )
+    share_token: NonEmptyString | None = Field(
+        None, description="undocumented documented secret field"
+    )
+    tracks: list[DailyTrack] | None = Field(
+        None,
+        description="If the recording is a raw-tracks recording, a tracks field will be provided. If role permissions have been removed, the tracks field may be null",
+    )
+
+    _normalize_start_ts = field_validator("start_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class RecordingErrorPayload(BaseModel):
+    """
+    Payload for recording.error webhook event.
+
+    Reference: https://docs.daily.co/reference/rest-api/webhooks/events/recording-error
+    """
+
+    action: Literal["clourd-recording-err", "cloud-recording-error"] = Field(
+        description="A string describing the event that was emitted (both variants are documented)"
+    )
+    error_msg: NonEmptyString = Field(description="The error message returned")
+    instance_id: NonEmptyString = Field(
+        description="The recording instance ID that was passed into the start recording command"
+    )
+    room_name: NonEmptyString = Field(
+        description="The name of the room where the recording was made"
+    )
+    timestamp: int = Field(
+        description="The Unix epoch time in seconds representing when the error was emitted"
+    )
+
+    _normalize_timestamp = field_validator("timestamp", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class ParticipantJoinedEvent(BaseModel):
+    version: NonEmptyString
+    type: Literal["participant.joined"]
+    id: NonEmptyString
+    payload: ParticipantJoinedPayload
+    event_ts: int
+
+    _normalize_event_ts = field_validator("event_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class ParticipantLeftEvent(BaseModel):
+    version: NonEmptyString
+    type: Literal["participant.left"]
+    id: NonEmptyString
+    payload: ParticipantLeftPayload
+    event_ts: int
+
+    _normalize_event_ts = field_validator("event_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class RecordingStartedEvent(BaseModel):
+    version: NonEmptyString
+    type: Literal["recording.started"]
+    id: NonEmptyString
+    payload: RecordingStartedPayload
+    event_ts: int
+
+    _normalize_event_ts = field_validator("event_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class RecordingReadyEvent(BaseModel):
+    version: NonEmptyString
+    type: Literal["recording.ready-to-download"]
+    id: NonEmptyString
+    payload: RecordingReadyToDownloadPayload
+    event_ts: int
+
+    _normalize_event_ts = field_validator("event_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+class RecordingErrorEvent(BaseModel):
+    version: NonEmptyString
+    type: Literal["recording.error"]
+    id: NonEmptyString
+    payload: RecordingErrorPayload
+    event_ts: int
+
+    _normalize_event_ts = field_validator("event_ts", mode="before")(
+        normalize_timestamp_to_int
+    )
+
+
+DailyWebhookEventUnion = Annotated[
+    Union[
+        ParticipantJoinedEvent,
+        ParticipantLeftEvent,
+        RecordingStartedEvent,
+        RecordingReadyEvent,
+        RecordingErrorEvent,
+    ],
+    Field(discriminator="type"),
+]

server/reflector/db/__init__.py

@@ -24,10 +24,14 @@ def get_database() -> databases.Database:
 
 
 # import models
+import reflector.db.calendar_events  # noqa
+import reflector.db.daily_participant_sessions  # noqa
 import reflector.db.meetings  # noqa
 import reflector.db.recordings  # noqa
 import reflector.db.rooms  # noqa
 import reflector.db.transcripts  # noqa
+import reflector.db.user_api_keys  # noqa
+import reflector.db.users  # noqa
 
 kwargs = {}
 if "postgres" not in settings.DATABASE_URL:

server/reflector/db/calendar_events.py

@@ -0,0 +1,187 @@
+from datetime import datetime, timedelta, timezone
+from typing import Any
+
+import sqlalchemy as sa
+from pydantic import BaseModel, Field
+from sqlalchemy.dialects.postgresql import JSONB
+
+from reflector.db import get_database, metadata
+from reflector.utils import generate_uuid4
+
+calendar_events = sa.Table(
+    "calendar_event",
+    metadata,
+    sa.Column("id", sa.String, primary_key=True),
+    sa.Column(
+        "room_id",
+        sa.String,
+        sa.ForeignKey("room.id", ondelete="CASCADE", name="fk_calendar_event_room_id"),
+        nullable=False,
+    ),
+    sa.Column("ics_uid", sa.Text, nullable=False),
+    sa.Column("title", sa.Text),
+    sa.Column("description", sa.Text),
+    sa.Column("start_time", sa.DateTime(timezone=True), nullable=False),
+    sa.Column("end_time", sa.DateTime(timezone=True), nullable=False),
+    sa.Column("attendees", JSONB),
+    sa.Column("location", sa.Text),
+    sa.Column("ics_raw_data", sa.Text),
+    sa.Column("last_synced", sa.DateTime(timezone=True), nullable=False),
+    sa.Column("is_deleted", sa.Boolean, nullable=False, server_default=sa.false()),
+    sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
+    sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
+    sa.UniqueConstraint("room_id", "ics_uid", name="uq_room_calendar_event"),
+    sa.Index("idx_calendar_event_room_start", "room_id", "start_time"),
+    sa.Index(
+        "idx_calendar_event_deleted",
+        "is_deleted",
+        postgresql_where=sa.text("NOT is_deleted"),
+    ),
+)
+
+
+class CalendarEvent(BaseModel):
+    id: str = Field(default_factory=generate_uuid4)
+    room_id: str
+    ics_uid: str
+    title: str | None = None
+    description: str | None = None
+    start_time: datetime
+    end_time: datetime
+    attendees: list[dict[str, Any]] | None = None
+    location: str | None = None
+    ics_raw_data: str | None = None
+    last_synced: datetime = Field(default_factory=lambda: datetime.now(timezone.utc))
+    is_deleted: bool = False
+    created_at: datetime = Field(default_factory=lambda: datetime.now(timezone.utc))
+    updated_at: datetime = Field(default_factory=lambda: datetime.now(timezone.utc))
+
+
+class CalendarEventController:
+    async def get_by_room(
+        self,
+        room_id: str,
+        include_deleted: bool = False,
+        start_after: datetime | None = None,
+        end_before: datetime | None = None,
+    ) -> list[CalendarEvent]:
+        query = calendar_events.select().where(calendar_events.c.room_id == room_id)
+
+        if not include_deleted:
+            query = query.where(calendar_events.c.is_deleted == False)
+
+        if start_after:
+            query = query.where(calendar_events.c.start_time >= start_after)
+
+        if end_before:
+            query = query.where(calendar_events.c.end_time <= end_before)
+
+        query = query.order_by(calendar_events.c.start_time.asc())
+
+        results = await get_database().fetch_all(query)
+        return [CalendarEvent(**result) for result in results]
+
+    async def get_upcoming(
+        self, room_id: str, minutes_ahead: int = 120
+    ) -> list[CalendarEvent]:
+        """Get upcoming events for a room within the specified minutes, including currently happening events."""
+        now = datetime.now(timezone.utc)
+        future_time = now + timedelta(minutes=minutes_ahead)
+
+        query = (
+            calendar_events.select()
+            .where(
+                sa.and_(
+                    calendar_events.c.room_id == room_id,
+                    calendar_events.c.is_deleted == False,
+                    calendar_events.c.start_time <= future_time,
+                    calendar_events.c.end_time >= now,
+                )
+            )
+            .order_by(calendar_events.c.start_time.asc())
+        )
+
+        results = await get_database().fetch_all(query)
+        return [CalendarEvent(**result) for result in results]
+
+    async def get_by_id(self, event_id: str) -> CalendarEvent | None:
+        query = calendar_events.select().where(calendar_events.c.id == event_id)
+        result = await get_database().fetch_one(query)
+        return CalendarEvent(**result) if result else None
+
+    async def get_by_ics_uid(self, room_id: str, ics_uid: str) -> CalendarEvent | None:
+        query = calendar_events.select().where(
+            sa.and_(
+                calendar_events.c.room_id == room_id,
+                calendar_events.c.ics_uid == ics_uid,
+            )
+        )
+        result = await get_database().fetch_one(query)
+        return CalendarEvent(**result) if result else None
+
+    async def upsert(self, event: CalendarEvent) -> CalendarEvent:
+        existing = await self.get_by_ics_uid(event.room_id, event.ics_uid)
+
+        if existing:
+            event.id = existing.id
+            event.created_at = existing.created_at
+            event.updated_at = datetime.now(timezone.utc)
+
+            query = (
+                calendar_events.update()
+                .where(calendar_events.c.id == existing.id)
+                .values(**event.model_dump())
+            )
+        else:
+            query = calendar_events.insert().values(**event.model_dump())
+
+        await get_database().execute(query)
+        return event
+
+    async def soft_delete_missing(
+        self, room_id: str, current_ics_uids: list[str]
+    ) -> int:
+        """Soft delete future events that are no longer in the calendar."""
+        now = datetime.now(timezone.utc)
+
+        select_query = calendar_events.select().where(
+            sa.and_(
+                calendar_events.c.room_id == room_id,
+                calendar_events.c.start_time > now,
+                calendar_events.c.is_deleted == False,
+                calendar_events.c.ics_uid.notin_(current_ics_uids)
+                if current_ics_uids
+                else True,
+            )
+        )
+
+        to_delete = await get_database().fetch_all(select_query)
+        delete_count = len(to_delete)
+
+        if delete_count > 0:
+            update_query = (
+                calendar_events.update()
+                .where(
+                    sa.and_(
+                        calendar_events.c.room_id == room_id,
+                        calendar_events.c.start_time > now,
+                        calendar_events.c.is_deleted == False,
+                        calendar_events.c.ics_uid.notin_(current_ics_uids)
+                        if current_ics_uids
+                        else True,
+                    )
+                )
+                .values(is_deleted=True, updated_at=now)
+            )
+
+            await get_database().execute(update_query)
+
+        return delete_count
+
+    async def delete_by_room(self, room_id: str) -> int:
+        query = calendar_events.delete().where(calendar_events.c.room_id == room_id)
+        result = await get_database().execute(query)
+        return result.rowcount
+
+
+calendar_events_controller = CalendarEventController()

server/reflector/db/daily_participant_sessions.py

@@ -0,0 +1,229 @@
+"""Daily.co participant session tracking.
+
+Stores webhook data for participant.joined and participant.left events to provide
+historical session information (Daily.co API only returns current participants).
+"""
+
+from datetime import datetime
+
+import sqlalchemy as sa
+from pydantic import BaseModel
+from sqlalchemy.dialects.postgresql import insert
+
+from reflector.db import get_database, metadata
+from reflector.utils.string import NonEmptyString
+
+daily_participant_sessions = sa.Table(
+    "daily_participant_session",
+    metadata,
+    sa.Column("id", sa.String, primary_key=True),
+    sa.Column(
+        "meeting_id",
+        sa.String,
+        sa.ForeignKey("meeting.id", ondelete="CASCADE"),
+        nullable=False,
+    ),
+    sa.Column(
+        "room_id",
+        sa.String,
+        sa.ForeignKey("room.id", ondelete="CASCADE"),
+        nullable=False,
+    ),
+    sa.Column("session_id", sa.String, nullable=False),
+    sa.Column("user_id", sa.String, nullable=True),
+    sa.Column("user_name", sa.String, nullable=False),
+    sa.Column("joined_at", sa.DateTime(timezone=True), nullable=False),
+    sa.Column("left_at", sa.DateTime(timezone=True), nullable=True),
+    sa.Index("idx_daily_session_meeting_left", "meeting_id", "left_at"),
+    sa.Index("idx_daily_session_room", "room_id"),
+)
+
+
+class DailyParticipantSession(BaseModel):
+    """Daily.co participant session record.
+
+    Tracks when a participant joined and left a meeting. Populated from webhooks:
+    - participant.joined: Creates record with left_at=None
+    - participant.left: Updates record with left_at
+
+    ID format: {meeting_id}:{user_id}:{joined_at_ms}
+    - Ensures idempotency (duplicate webhooks don't create duplicates)
+    - Allows same user to rejoin (different joined_at = different session)
+
+    Duration is calculated as: left_at - joined_at (not stored)
+    """
+
+    id: NonEmptyString
+    meeting_id: NonEmptyString
+    room_id: NonEmptyString
+    session_id: NonEmptyString  # Daily.co's session_id (identifies room session)
+    user_id: NonEmptyString | None = None
+    user_name: str
+    joined_at: datetime
+    left_at: datetime | None = None
+
+
+class DailyParticipantSessionController:
+    """Controller for Daily.co participant session persistence."""
+
+    async def get_by_id(self, id: str) -> DailyParticipantSession | None:
+        """Get a session by its ID."""
+        query = daily_participant_sessions.select().where(
+            daily_participant_sessions.c.id == id
+        )
+        result = await get_database().fetch_one(query)
+        return DailyParticipantSession(**result) if result else None
+
+    async def get_open_session(
+        self, meeting_id: NonEmptyString, session_id: NonEmptyString
+    ) -> DailyParticipantSession | None:
+        """Get the open (not left) session for a user in a meeting."""
+        query = daily_participant_sessions.select().where(
+            sa.and_(
+                daily_participant_sessions.c.meeting_id == meeting_id,
+                daily_participant_sessions.c.session_id == session_id,
+                daily_participant_sessions.c.left_at.is_(None),
+            )
+        )
+        results = await get_database().fetch_all(query)
+
+        if len(results) > 1:
+            raise ValueError(
+                f"Multiple open sessions for daily session {session_id} in meeting {meeting_id}: "
+                f"found {len(results)} sessions"
+            )
+
+        return DailyParticipantSession(**results[0]) if results else None
+
+    async def upsert_joined(self, session: DailyParticipantSession) -> None:
+        """Insert or update when participant.joined webhook arrives.
+
+        Idempotent: Duplicate webhooks with same ID are safely ignored.
+        Out-of-order: If left webhook arrived first, preserves left_at.
+        """
+        query = insert(daily_participant_sessions).values(**session.model_dump())
+        query = query.on_conflict_do_update(
+            index_elements=["id"],
+            set_={"user_name": session.user_name},
+        )
+        await get_database().execute(query)
+
+    async def upsert_left(self, session: DailyParticipantSession) -> None:
+        """Update session when participant.left webhook arrives.
+
+        Finds the open session for this user in this meeting and updates left_at.
+        Works around Daily.co webhook timestamp inconsistency (joined_at differs by ~4ms between webhooks).
+
+        Handles three cases:
+        1. Normal flow: open session exists → updates left_at
+        2. Out-of-order: left arrives first → creates new record with left data
+        3. Duplicate: left arrives again → idempotent (DB trigger prevents left_at modification)
+        """
+        if session.left_at is None:
+            raise ValueError("left_at is required for upsert_left")
+
+        if session.left_at <= session.joined_at:
+            raise ValueError(
+                f"left_at ({session.left_at}) must be after joined_at ({session.joined_at})"
+            )
+
+        # Find existing open session (works around timestamp mismatch in webhooks)
+        existing = await self.get_open_session(session.meeting_id, session.session_id)
+
+        if existing:
+            # Update existing open session
+            query = (
+                daily_participant_sessions.update()
+                .where(daily_participant_sessions.c.id == existing.id)
+                .values(left_at=session.left_at)
+            )
+            await get_database().execute(query)
+        else:
+            # Out-of-order or first webhook: insert new record
+            query = insert(daily_participant_sessions).values(**session.model_dump())
+            query = query.on_conflict_do_nothing(index_elements=["id"])
+            await get_database().execute(query)
+
+    async def get_by_meeting(self, meeting_id: str) -> list[DailyParticipantSession]:
+        """Get all participant sessions for a meeting (active and ended)."""
+        query = daily_participant_sessions.select().where(
+            daily_participant_sessions.c.meeting_id == meeting_id
+        )
+        results = await get_database().fetch_all(query)
+        return [DailyParticipantSession(**result) for result in results]
+
+    async def get_active_by_meeting(
+        self, meeting_id: str
+    ) -> list[DailyParticipantSession]:
+        """Get only active (not left) participant sessions for a meeting."""
+        query = daily_participant_sessions.select().where(
+            sa.and_(
+                daily_participant_sessions.c.meeting_id == meeting_id,
+                daily_participant_sessions.c.left_at.is_(None),
+            )
+        )
+        results = await get_database().fetch_all(query)
+        return [DailyParticipantSession(**result) for result in results]
+
+    async def get_all_sessions_for_meeting(
+        self, meeting_id: NonEmptyString
+    ) -> dict[NonEmptyString, DailyParticipantSession]:
+        query = daily_participant_sessions.select().where(
+            daily_participant_sessions.c.meeting_id == meeting_id
+        )
+        results = await get_database().fetch_all(query)
+        # TODO DailySessionId custom type
+        return {row["session_id"]: DailyParticipantSession(**row) for row in results}
+
+    async def batch_upsert_sessions(
+        self, sessions: list[DailyParticipantSession]
+    ) -> None:
+        """Upsert multiple sessions in single query.
+
+        Uses ON CONFLICT for idempotency. Updates user_name on conflict since they may change it during a meeting.
+
+        """
+        if not sessions:
+            return
+
+        values = [session.model_dump() for session in sessions]
+        query = insert(daily_participant_sessions).values(values)
+        query = query.on_conflict_do_update(
+            index_elements=["id"],
+            set_={
+                # Preserve existing left_at to prevent race conditions
+                "left_at": sa.func.coalesce(
+                    daily_participant_sessions.c.left_at,
+                    query.excluded.left_at,
+                ),
+                "user_name": query.excluded.user_name,
+            },
+        )
+        await get_database().execute(query)
+
+    async def batch_close_sessions(
+        self, session_ids: list[NonEmptyString], left_at: datetime
+    ) -> None:
+        """Mark multiple sessions as left in single query.
+
+        Only updates sessions where left_at is NULL (protects already-closed sessions).
+
+        Left_at mismatch for existing sessions is ignored, assumed to be not important issue if ever happens.
+        """
+        if not session_ids:
+            return
+
+        query = (
+            daily_participant_sessions.update()
+            .where(
+                sa.and_(
+                    daily_participant_sessions.c.id.in_(session_ids),
+                    daily_participant_sessions.c.left_at.is_(None),
+                )
+            )
+            .values(left_at=left_at)
+        )
+        await get_database().execute(query)
+
+
+daily_participant_sessions_controller = DailyParticipantSessionController()

server/reflector/db/meetings.py

@@ -1,12 +1,15 @@
 from datetime import datetime
-from typing import Literal
+from typing import Any, Literal
 
 import sqlalchemy as sa
 from pydantic import BaseModel, Field
+from sqlalchemy.dialects.postgresql import JSONB
 
 from reflector.db import get_database, metadata
 from reflector.db.rooms import Room
+from reflector.schemas.platform import WHEREBY_PLATFORM, Platform
 from reflector.utils import generate_uuid4
+from reflector.utils.string import assert_equal
 
 meetings = sa.Table(
     "meeting",
@@ -44,13 +47,24 @@ meetings = sa.Table(
         nullable=False,
         server_default=sa.true(),
     ),
-    sa.Index("idx_meeting_room_id", "room_id"),
-    sa.Index(
-        "idx_one_active_meeting_per_room",
-        "room_id",
-        unique=True,
-        postgresql_where=sa.text("is_active = true"),
+    sa.Column(
+        "calendar_event_id",
+        sa.String,
+        sa.ForeignKey(
+            "calendar_event.id",
+            ondelete="SET NULL",
+            name="fk_meeting_calendar_event_id",
+        ),
     ),
+    sa.Column("calendar_metadata", JSONB),
+    sa.Column(
+        "platform",
+        sa.String,
+        nullable=False,
+        server_default=assert_equal(WHEREBY_PLATFORM, "whereby"),
+    ),
+    sa.Index("idx_meeting_room_id", "room_id"),
+    sa.Index("idx_meeting_calendar_event", "calendar_event_id"),
 )
 
 meeting_consent = sa.Table(
@@ -88,10 +102,14 @@ class Meeting(BaseModel):
     is_locked: bool = False
     room_mode: Literal["normal", "group"] = "normal"
     recording_type: Literal["none", "local", "cloud"] = "cloud"
-    recording_trigger: Literal[
+    recording_trigger: Literal[  # whereby-specific
         "none", "prompt", "automatic", "automatic-2nd-participant"
     ] = "automatic-2nd-participant"
     num_clients: int = 0
+    is_active: bool = True
+    calendar_event_id: str | None = None
+    calendar_metadata: dict[str, Any] | None = None
+    platform: Platform = WHEREBY_PLATFORM
 
 
 class MeetingController:
@@ -104,6 +122,8 @@ class MeetingController:
         start_date: datetime,
         end_date: datetime,
         room: Room,
+        calendar_event_id: str | None = None,
+        calendar_metadata: dict[str, Any] | None = None,
     ):
         meeting = Meeting(
             id=id,
@@ -117,27 +137,45 @@ class MeetingController:
             room_mode=room.room_mode,
             recording_type=room.recording_type,
             recording_trigger=room.recording_trigger,
+            calendar_event_id=calendar_event_id,
+            calendar_metadata=calendar_metadata,
+            platform=room.platform,
         )
         query = meetings.insert().values(**meeting.model_dump())
         await get_database().execute(query)
         return meeting
 
-    async def get_all_active(self) -> list[Meeting]:
-        query = meetings.select().where(meetings.c.is_active)
-        return await get_database().fetch_all(query)
+    async def get_all_active(self, platform: str | None = None) -> list[Meeting]:
+        conditions = [meetings.c.is_active]
+        if platform is not None:
+            conditions.append(meetings.c.platform == platform)
+        query = meetings.select().where(sa.and_(*conditions))
+        results = await get_database().fetch_all(query)
+        return [Meeting(**result) for result in results]
 
     async def get_by_room_name(
         self,
         room_name: str,
     ) -> Meeting | None:
-        query = meetings.select().where(meetings.c.room_name == room_name)
+        """
+        Get a meeting by room name.
+        For backward compatibility, returns the most recent meeting.
+        """
+        query = (
+            meetings.select()
+            .where(meetings.c.room_name == room_name)
+            .order_by(meetings.c.end_date.desc())
+        )
         result = await get_database().fetch_one(query)
         if not result:
             return None
-
         return Meeting(**result)
 
     async def get_active(self, room: Room, current_time: datetime) -> Meeting | None:
+        """
+        Get latest active meeting for a room.
+        For backward compatibility, returns the most recent active meeting.
+        """
         end_date = getattr(meetings.c, "end_date")
         query = (
             meetings.select()
@@ -153,11 +191,66 @@ class MeetingController:
         result = await get_database().fetch_one(query)
         if not result:
             return None
-
         return Meeting(**result)
 
-    async def get_by_id(self, meeting_id: str, **kwargs) -> Meeting | None:
+    async def get_all_active_for_room(
+        self, room: Room, current_time: datetime
+    ) -> list[Meeting]:
+        end_date = getattr(meetings.c, "end_date")
+        query = (
+            meetings.select()
+            .where(
+                sa.and_(
+                    meetings.c.room_id == room.id,
+                    meetings.c.end_date > current_time,
+                    meetings.c.is_active,
+                )
+            )
+            .order_by(end_date.desc())
+        )
+        results = await get_database().fetch_all(query)
+        return [Meeting(**result) for result in results]
+
+    async def get_active_by_calendar_event(
+        self, room: Room, calendar_event_id: str, current_time: datetime
+    ) -> Meeting | None:
+        """
+        Get active meeting for a specific calendar event.
+        """
+        query = meetings.select().where(
+            sa.and_(
+                meetings.c.room_id == room.id,
+                meetings.c.calendar_event_id == calendar_event_id,
+                meetings.c.end_date > current_time,
+                meetings.c.is_active,
+            )
+        )
+        result = await get_database().fetch_one(query)
+        if not result:
+            return None
+        return Meeting(**result)
+
+    async def get_by_id(
+        self, meeting_id: str, room: Room | None = None
+    ) -> Meeting | None:
         query = meetings.select().where(meetings.c.id == meeting_id)
+
+        if room:
+            query = query.where(meetings.c.room_id == room.id)
+
+        result = await get_database().fetch_one(query)
+        if not result:
+            return None
+        return Meeting(**result)
+
+    async def get_by_calendar_event(
+        self, calendar_event_id: str, room: Room
+    ) -> Meeting | None:
+        query = meetings.select().where(
+            meetings.c.calendar_event_id == calendar_event_id
+        )
+        if room:
+            query = query.where(meetings.c.room_id == room.id)
         result = await get_database().fetch_one(query)
         if not result:
             return None
@@ -167,6 +260,28 @@ class MeetingController:
         query = meetings.update().where(meetings.c.id == meeting_id).values(**kwargs)
         await get_database().execute(query)
 
+    async def increment_num_clients(self, meeting_id: str) -> None:
+        """Atomically increment participant count."""
+        query = (
+            meetings.update()
+            .where(meetings.c.id == meeting_id)
+            .values(num_clients=meetings.c.num_clients + 1)
+        )
+        await get_database().execute(query)
+
+    async def decrement_num_clients(self, meeting_id: str) -> None:
+        """Atomically decrement participant count (min 0)."""
+        query = (
+            meetings.update()
+            .where(meetings.c.id == meeting_id)
+            .values(
+                num_clients=sa.case(
+                    (meetings.c.num_clients > 0, meetings.c.num_clients - 1), else_=0
+                )
+            )
+        )
+        await get_database().execute(query)
+
 
 class MeetingConsentController:
     async def get_by_meeting_id(self, meeting_id: str) -> list[MeetingConsent]:
@@ -190,7 +305,6 @@ class MeetingConsentController:
         return MeetingConsent(**result)
 
     async def upsert(self, consent: MeetingConsent) -> MeetingConsent:
-        """Create new consent or update existing one for authenticated users"""
         if consent.user_id:
             # For authenticated users, check if consent already exists
             # not transactional but we're ok with that; the consents ain't deleted anyways

server/reflector/db/recordings.py

@@ -3,6 +3,7 @@ from typing import Literal
 
 import sqlalchemy as sa
 from pydantic import BaseModel, Field
+from sqlalchemy import or_
 
 from reflector.db import get_database, metadata
 from reflector.utils import generate_uuid4
@@ -21,6 +22,7 @@ recordings = sa.Table(
         server_default="pending",
     ),
     sa.Column("meeting_id", sa.String),
+    sa.Column("track_keys", sa.JSON, nullable=True),
     sa.Index("idx_recording_meeting_id", "meeting_id"),
 )
 
@@ -28,10 +30,20 @@ recordings = sa.Table(
 class Recording(BaseModel):
     id: str = Field(default_factory=generate_uuid4)
     bucket_name: str
+    # for single-track
     object_key: str
     recorded_at: datetime
     status: Literal["pending", "processing", "completed", "failed"] = "pending"
     meeting_id: str | None = None
+    # for multitrack reprocessing
+    # track_keys can be empty list [] if recording finished but no audio was captured (silence/muted)
+    # None means not a multitrack recording, [] means multitrack with no tracks
+    track_keys: list[str] | None = None
+
+    @property
+    def is_multitrack(self) -> bool:
+        """True if recording has separate audio tracks (1+ tracks counts as multitrack)."""
+        return self.track_keys is not None and len(self.track_keys) > 0
 
 
 class RecordingController:
@@ -40,12 +52,14 @@ class RecordingController:
         await get_database().execute(query)
         return recording
 
-    async def get_by_id(self, id: str) -> Recording:
+    async def get_by_id(self, id: str) -> Recording | None:
         query = recordings.select().where(recordings.c.id == id)
         result = await get_database().fetch_one(query)
         return Recording(**result) if result else None
 
-    async def get_by_object_key(self, bucket_name: str, object_key: str) -> Recording:
+    async def get_by_object_key(
+        self, bucket_name: str, object_key: str
+    ) -> Recording | None:
         query = recordings.select().where(
             recordings.c.bucket_name == bucket_name,
             recordings.c.object_key == object_key,
@@ -57,5 +71,44 @@ class RecordingController:
         query = recordings.delete().where(recordings.c.id == id)
         await get_database().execute(query)
 
+    # no check for existence
+    async def get_by_ids(self, recording_ids: list[str]) -> list[Recording]:
+        if not recording_ids:
+            return []
+
+        query = recordings.select().where(recordings.c.id.in_(recording_ids))
+        results = await get_database().fetch_all(query)
+        return [Recording(**row) for row in results]
+
+    async def get_multitrack_needing_reprocessing(
+        self, bucket_name: str
+    ) -> list[Recording]:
+        """
+        Get multitrack recordings that need reprocessing:
+        - Have track_keys (multitrack)
+        - Either have no transcript OR transcript has error status
+
+        This is more efficient than fetching all recordings and filtering in Python.
+        """
+        from reflector.db.transcripts import (
+            transcripts,  # noqa: PLC0415 cyclic import
+        )
+
+        query = (
+            recordings.select()
+            .outerjoin(transcripts, recordings.c.id == transcripts.c.recording_id)
+            .where(
+                recordings.c.bucket_name == bucket_name,
+                recordings.c.track_keys.isnot(None),
+                or_(
+                    transcripts.c.id.is_(None),
+                    transcripts.c.status == "error",
+                ),
+            )
+        )
+        results = await get_database().fetch_all(query)
+        recordings_list = [Recording(**row) for row in results]
+        return [r for r in recordings_list if r.is_multitrack]
+
 
 recordings_controller = RecordingController()

server/reflector/db/rooms.py

@@ -9,6 +9,8 @@ from pydantic import BaseModel, Field
 from sqlalchemy.sql import false, or_
 
 from reflector.db import get_database, metadata
+from reflector.schemas.platform import Platform
+from reflector.settings import settings
 from reflector.utils import generate_uuid4
 
 rooms = sqlalchemy.Table(
@@ -43,7 +45,20 @@ rooms = sqlalchemy.Table(
     ),
     sqlalchemy.Column("webhook_url", sqlalchemy.String, nullable=True),
     sqlalchemy.Column("webhook_secret", sqlalchemy.String, nullable=True),
+    sqlalchemy.Column("ics_url", sqlalchemy.Text),
+    sqlalchemy.Column("ics_fetch_interval", sqlalchemy.Integer, server_default="300"),
+    sqlalchemy.Column(
+        "ics_enabled", sqlalchemy.Boolean, nullable=False, server_default=false()
+    ),
+    sqlalchemy.Column("ics_last_sync", sqlalchemy.DateTime(timezone=True)),
+    sqlalchemy.Column("ics_last_etag", sqlalchemy.Text),
+    sqlalchemy.Column(
+        "platform",
+        sqlalchemy.String,
+        nullable=False,
+    ),
     sqlalchemy.Index("idx_room_is_shared", "is_shared"),
+    sqlalchemy.Index("idx_room_ics_enabled", "ics_enabled"),
 )
 
 
@@ -58,12 +73,18 @@ class Room(BaseModel):
     is_locked: bool = False
     room_mode: Literal["normal", "group"] = "normal"
     recording_type: Literal["none", "local", "cloud"] = "cloud"
-    recording_trigger: Literal[
+    recording_trigger: Literal[  # whereby-specific
         "none", "prompt", "automatic", "automatic-2nd-participant"
     ] = "automatic-2nd-participant"
     is_shared: bool = False
     webhook_url: str | None = None
     webhook_secret: str | None = None
+    ics_url: str | None = None
+    ics_fetch_interval: int = 300
+    ics_enabled: bool = False
+    ics_last_sync: datetime | None = None
+    ics_last_etag: str | None = None
+    platform: Platform = Field(default_factory=lambda: settings.DEFAULT_VIDEO_PLATFORM)
 
 
 class RoomController:
@@ -114,6 +135,10 @@ class RoomController:
         is_shared: bool,
         webhook_url: str = "",
         webhook_secret: str = "",
+        ics_url: str | None = None,
+        ics_fetch_interval: int = 300,
+        ics_enabled: bool = False,
+        platform: Platform = settings.DEFAULT_VIDEO_PLATFORM,
     ):
         """
         Add a new room
@@ -121,20 +146,26 @@ class RoomController:
         if webhook_url and not webhook_secret:
             webhook_secret = secrets.token_urlsafe(32)
 
-        room = Room(
-            name=name,
-            user_id=user_id,
-            zulip_auto_post=zulip_auto_post,
-            zulip_stream=zulip_stream,
-            zulip_topic=zulip_topic,
-            is_locked=is_locked,
-            room_mode=room_mode,
-            recording_type=recording_type,
-            recording_trigger=recording_trigger,
-            is_shared=is_shared,
-            webhook_url=webhook_url,
-            webhook_secret=webhook_secret,
-        )
+        room_data = {
+            "name": name,
+            "user_id": user_id,
+            "zulip_auto_post": zulip_auto_post,
+            "zulip_stream": zulip_stream,
+            "zulip_topic": zulip_topic,
+            "is_locked": is_locked,
+            "room_mode": room_mode,
+            "recording_type": recording_type,
+            "recording_trigger": recording_trigger,
+            "is_shared": is_shared,
+            "webhook_url": webhook_url,
+            "webhook_secret": webhook_secret,
+            "ics_url": ics_url,
+            "ics_fetch_interval": ics_fetch_interval,
+            "ics_enabled": ics_enabled,
+            "platform": platform,
+        }
+
+        room = Room(**room_data)
         query = rooms.insert().values(**room.model_dump())
         try:
             await get_database().execute(query)
@@ -198,6 +229,13 @@ class RoomController:
 
         return room
 
+    async def get_ics_enabled(self) -> list[Room]:
+        query = rooms.select().where(
+            rooms.c.ics_enabled == True, rooms.c.ics_url != None
+        )
+        results = await get_database().fetch_all(query)
+        return [Room(**result) for result in results]
+
     async def remove_by_id(
         self,
         room_id: str,

server/reflector/db/search.py

@@ -135,6 +135,8 @@ class SearchParameters(BaseModel):
     user_id: str | None = None
     room_id: str | None = None
     source_kind: SourceKind | None = None
+    from_datetime: datetime | None = None
+    to_datetime: datetime | None = None
 
 
 class SearchResultDB(BaseModel):
@@ -402,6 +404,14 @@ class SearchController:
             base_query = base_query.where(
                 transcripts.c.source_kind == params.source_kind
             )
+        if params.from_datetime:
+            base_query = base_query.where(
+                transcripts.c.created_at >= params.from_datetime
+            )
+        if params.to_datetime:
+            base_query = base_query.where(
+                transcripts.c.created_at <= params.to_datetime
+            )
 
         if params.query_text is not None:
             order_by = sqlalchemy.desc(sqlalchemy.text("rank"))

server/reflector/db/transcripts.py

@@ -21,7 +21,7 @@ from reflector.db.utils import is_postgresql
 from reflector.logger import logger
 from reflector.processors.types import Word as ProcessorWord
 from reflector.settings import settings
-from reflector.storage import get_recordings_storage, get_transcripts_storage
+from reflector.storage import get_transcripts_storage
 from reflector.utils import generate_uuid4
 from reflector.utils.webvtt import topics_to_webvtt
 
@@ -44,6 +44,7 @@ transcripts = sqlalchemy.Table(
     sqlalchemy.Column("title", sqlalchemy.String),
     sqlalchemy.Column("short_summary", sqlalchemy.String),
     sqlalchemy.Column("long_summary", sqlalchemy.String),
+    sqlalchemy.Column("action_items", sqlalchemy.JSON),
     sqlalchemy.Column("topics", sqlalchemy.JSON),
     sqlalchemy.Column("events", sqlalchemy.JSON),
     sqlalchemy.Column("participants", sqlalchemy.JSON),
@@ -164,6 +165,10 @@ class TranscriptFinalLongSummary(BaseModel):
     long_summary: str
 
 
+class TranscriptActionItems(BaseModel):
+    action_items: dict
+
+
 class TranscriptFinalTitle(BaseModel):
     title: str
 
@@ -186,6 +191,7 @@ class TranscriptParticipant(BaseModel):
     id: str = Field(default_factory=generate_uuid4)
     speaker: int | None
     name: str
+    user_id: str | None = None
 
 
 class Transcript(BaseModel):
@@ -203,6 +209,7 @@ class Transcript(BaseModel):
     locked: bool = False
     short_summary: str | None = None
     long_summary: str | None = None
+    action_items: dict | None = None
     topics: list[TranscriptTopic] = []
     events: list[TranscriptEvent] = []
     participants: list[TranscriptParticipant] | None = []
@@ -367,7 +374,12 @@ class TranscriptController:
         room_id: str | None = None,
         search_term: str | None = None,
         return_query: bool = False,
-        exclude_columns: list[str] = ["topics", "events", "participants"],
+        exclude_columns: list[str] = [
+            "topics",
+            "events",
+            "participants",
+            "action_items",
+        ],
     ) -> list[Transcript]:
         """
         Get all transcripts
@@ -623,7 +635,9 @@ class TranscriptController:
                 )
                 if recording:
                     try:
-                        await get_recordings_storage().delete_file(recording.object_key)
+                        await get_transcripts_storage().delete_file(
+                            recording.object_key, bucket=recording.bucket_name
+                        )
                     except Exception as e:
                         logger.warning(
                             "Failed to delete recording object from S3",
@@ -647,6 +661,19 @@ class TranscriptController:
         query = transcripts.delete().where(transcripts.c.recording_id == recording_id)
         await get_database().execute(query)
 
+    @staticmethod
+    def user_can_mutate(transcript: Transcript, user_id: str | None) -> bool:
+        """
+        Returns True if the given user is allowed to modify the transcript.
+
+        Policy:
+        - Anonymous transcripts (user_id is None) cannot be modified via API
+        - Only the owner (matching user_id) can modify their transcript
+        """
+        if transcript.user_id is None:
+            return False
+        return user_id and transcript.user_id == user_id
+
     @asynccontextmanager
     async def transaction(self):
         """
@@ -712,11 +739,13 @@ class TranscriptController:
         """
         Download audio from storage
         """
-        transcript.audio_mp3_filename.write_bytes(
-            await get_transcripts_storage().get_file(
-                transcript.storage_audio_path,
-            )
-        )
+        storage = get_transcripts_storage()
+        try:
+            with open(transcript.audio_mp3_filename, "wb") as f:
+                await storage.stream_to_fileobj(transcript.storage_audio_path, f)
+        except Exception:
+            transcript.audio_mp3_filename.unlink(missing_ok=True)
+            raise
 
     async def upsert_participant(
         self,

server/reflector/db/user_api_keys.py

@@ -0,0 +1,91 @@
+import hmac
+import secrets
+from datetime import datetime, timezone
+from hashlib import sha256
+
+import sqlalchemy
+from pydantic import BaseModel, Field
+
+from reflector.db import get_database, metadata
+from reflector.settings import settings
+from reflector.utils import generate_uuid4
+from reflector.utils.string import NonEmptyString
+
+user_api_keys = sqlalchemy.Table(
+    "user_api_key",
+    metadata,
+    sqlalchemy.Column("id", sqlalchemy.String, primary_key=True),
+    sqlalchemy.Column("user_id", sqlalchemy.String, nullable=False),
+    sqlalchemy.Column("key_hash", sqlalchemy.String, nullable=False),
+    sqlalchemy.Column("name", sqlalchemy.String, nullable=True),
+    sqlalchemy.Column("created_at", sqlalchemy.DateTime(timezone=True), nullable=False),
+    sqlalchemy.Index("idx_user_api_key_hash", "key_hash", unique=True),
+    sqlalchemy.Index("idx_user_api_key_user_id", "user_id"),
+)
+
+
+class UserApiKey(BaseModel):
+    id: NonEmptyString = Field(default_factory=generate_uuid4)
+    user_id: NonEmptyString
+    key_hash: NonEmptyString
+    name: NonEmptyString | None = None
+    created_at: datetime = Field(default_factory=lambda: datetime.now(timezone.utc))
+
+
+class UserApiKeyController:
+    @staticmethod
+    def generate_key() -> NonEmptyString:
+        return secrets.token_urlsafe(48)
+
+    @staticmethod
+    def hash_key(key: NonEmptyString) -> str:
+        return hmac.new(
+            settings.SECRET_KEY.encode(), key.encode(), digestmod=sha256
+        ).hexdigest()
+
+    @classmethod
+    async def create_key(
+        cls,
+        user_id: NonEmptyString,
+        name: NonEmptyString | None = None,
+    ) -> tuple[UserApiKey, NonEmptyString]:
+        plaintext = cls.generate_key()
+        api_key = UserApiKey(
+            user_id=user_id,
+            key_hash=cls.hash_key(plaintext),
+            name=name,
+        )
+        query = user_api_keys.insert().values(**api_key.model_dump())
+        await get_database().execute(query)
+        return api_key, plaintext
+
+    @classmethod
+    async def verify_key(cls, plaintext_key: NonEmptyString) -> UserApiKey | None:
+        key_hash = cls.hash_key(plaintext_key)
+        query = user_api_keys.select().where(
+            user_api_keys.c.key_hash == key_hash,
+        )
+        result = await get_database().fetch_one(query)
+        return UserApiKey(**result) if result else None
+
+    @staticmethod
+    async def list_by_user_id(user_id: NonEmptyString) -> list[UserApiKey]:
+        query = (
+            user_api_keys.select()
+            .where(user_api_keys.c.user_id == user_id)
+            .order_by(user_api_keys.c.created_at.desc())
+        )
+        results = await get_database().fetch_all(query)
+        return [UserApiKey(**r) for r in results]
+
+    @staticmethod
+    async def delete_key(key_id: NonEmptyString, user_id: NonEmptyString) -> bool:
+        query = user_api_keys.delete().where(
+            (user_api_keys.c.id == key_id) & (user_api_keys.c.user_id == user_id)
+        )
+        result = await get_database().execute(query)
+        # asyncpg returns None for DELETE, consider it success if no exception
+        return result is None or result > 0
+
+
+user_api_keys_controller = UserApiKeyController()

server/reflector/db/users.py

@@ -0,0 +1,98 @@
+"""User table for storing Authentik user information."""
+
+from datetime import datetime, timezone
+
+import sqlalchemy
+from pydantic import BaseModel, Field
+
+from reflector.db import get_database, metadata
+from reflector.utils import generate_uuid4
+from reflector.utils.string import NonEmptyString
+
+users = sqlalchemy.Table(
+    "user",
+    metadata,
+    sqlalchemy.Column("id", sqlalchemy.String, primary_key=True),
+    sqlalchemy.Column("email", sqlalchemy.String, nullable=False),
+    sqlalchemy.Column("authentik_uid", sqlalchemy.String, nullable=False),
+    sqlalchemy.Column("created_at", sqlalchemy.DateTime(timezone=True), nullable=False),
+    sqlalchemy.Column("updated_at", sqlalchemy.DateTime(timezone=True), nullable=False),
+    sqlalchemy.Index("idx_user_authentik_uid", "authentik_uid", unique=True),
+    sqlalchemy.Index("idx_user_email", "email", unique=False),
+)
+
+
+class User(BaseModel):
+    id: NonEmptyString = Field(default_factory=generate_uuid4)
+    email: NonEmptyString
+    authentik_uid: NonEmptyString
+    created_at: datetime = Field(default_factory=lambda: datetime.now(timezone.utc))
+    updated_at: datetime = Field(default_factory=lambda: datetime.now(timezone.utc))
+
+
+class UserController:
+    @staticmethod
+    async def get_by_id(user_id: NonEmptyString) -> User | None:
+        query = users.select().where(users.c.id == user_id)
+        result = await get_database().fetch_one(query)
+        return User(**result) if result else None
+
+    @staticmethod
+    async def get_by_authentik_uid(authentik_uid: NonEmptyString) -> User | None:
+        query = users.select().where(users.c.authentik_uid == authentik_uid)
+        result = await get_database().fetch_one(query)
+        return User(**result) if result else None
+
+    @staticmethod
+    async def get_by_email(email: NonEmptyString) -> User | None:
+        query = users.select().where(users.c.email == email)
+        result = await get_database().fetch_one(query)
+        return User(**result) if result else None
+
+    @staticmethod
+    async def create_or_update(
+        id: NonEmptyString, authentik_uid: NonEmptyString, email: NonEmptyString
+    ) -> User:
+        existing = await UserController.get_by_authentik_uid(authentik_uid)
+        now = datetime.now(timezone.utc)
+
+        if existing:
+            query = (
+                users.update()
+                .where(users.c.authentik_uid == authentik_uid)
+                .values(email=email, updated_at=now)
+            )
+            await get_database().execute(query)
+            return User(
+                id=existing.id,
+                authentik_uid=authentik_uid,
+                email=email,
+                created_at=existing.created_at,
+                updated_at=now,
+            )
+        else:
+            user = User(
+                id=id,
+                authentik_uid=authentik_uid,
+                email=email,
+                created_at=now,
+                updated_at=now,
+            )
+            query = users.insert().values(**user.model_dump())
+            await get_database().execute(query)
+            return user
+
+    @staticmethod
+    async def list_all() -> list[User]:
+        query = users.select().order_by(users.c.created_at.desc())
+        results = await get_database().fetch_all(query)
+        return [User(**r) for r in results]
+
+    @staticmethod
+    async def get_by_ids(user_ids: list[NonEmptyString]) -> dict[str, User]:
+        query = users.select().where(users.c.id.in_(user_ids))
+        results = await get_database().fetch_all(query)
+        return {user.id: User(**user) for user in results}
+
+
+user_controller = UserController()

server/reflector/llm.py

@@ -1,13 +1,32 @@
-from typing import Type, TypeVar
+import logging
+from contextvars import ContextVar
+from typing import Generic, Type, TypeVar
+from uuid import uuid4
 
 from llama_index.core import Settings
 from llama_index.core.output_parsers import PydanticOutputParser
-from llama_index.core.program import LLMTextCompletionProgram
 from llama_index.core.response_synthesizers import TreeSummarize
+from llama_index.core.workflow import (
+    Context,
+    Event,
+    StartEvent,
+    StopEvent,
+    Workflow,
+    step,
+)
 from llama_index.llms.openai_like import OpenAILike
-from pydantic import BaseModel
+from pydantic import BaseModel, ValidationError
+from workflows.errors import WorkflowTimeoutError
+
+from reflector.utils.retry import retry
 
 T = TypeVar("T", bound=BaseModel)
+OutputT = TypeVar("OutputT", bound=BaseModel)
+
+# Session ID for LiteLLM request grouping - set per processing run
+llm_session_id: ContextVar[str | None] = ContextVar("llm_session_id", default=None)
+
+logger = logging.getLogger(__name__)
 
 STRUCTURED_RESPONSE_PROMPT_TEMPLATE = """
 Based on the following analysis, provide the information in the requested JSON format:
@@ -19,6 +38,158 @@ Analysis:
 """
 
 
+class LLMParseError(Exception):
+    """Raised when LLM output cannot be parsed after retries."""
+
+    def __init__(self, output_cls: Type[BaseModel], error_msg: str, attempts: int):
+        self.output_cls = output_cls
+        self.error_msg = error_msg
+        self.attempts = attempts
+        super().__init__(
+            f"Failed to parse {output_cls.__name__} after {attempts} attempts: {error_msg}"
+        )
+
+
+class ExtractionDone(Event):
+    """Event emitted when LLM JSON formatting completes."""
+
+    output: str
+
+
+class ValidationErrorEvent(Event):
+    """Event emitted when validation fails."""
+
+    error: str
+    wrong_output: str
+
+
+class StructuredOutputWorkflow(Workflow, Generic[OutputT]):
+    """Workflow for structured output extraction with validation retry.
+
+    This workflow handles parse/validation retries only. Network error retries
+    are handled internally by Settings.llm (OpenAILike max_retries=3).
+    The caller should NOT wrap this workflow in additional retry logic.
+    """
+
+    def __init__(
+        self,
+        output_cls: Type[OutputT],
+        max_retries: int = 3,
+        **kwargs,
+    ):
+        super().__init__(**kwargs)
+        self.output_cls: Type[OutputT] = output_cls
+        self.max_retries = max_retries
+        self.output_parser = PydanticOutputParser(output_cls)
+
+    @step
+    async def extract(
+        self, ctx: Context, ev: StartEvent | ValidationErrorEvent
+    ) -> StopEvent | ExtractionDone:
+        """Extract structured data from text using two-step LLM process.
+
+        Step 1 (first call only): TreeSummarize generates text analysis
+        Step 2 (every call): Settings.llm.acomplete formats analysis as JSON
+        """
+        current_retries = await ctx.store.get("retries", default=0)
+        await ctx.store.set("retries", current_retries + 1)
+
+        if current_retries >= self.max_retries:
+            last_error = await ctx.store.get("last_error", default=None)
+            logger.error(
+                f"Max retries ({self.max_retries}) reached for {self.output_cls.__name__}"
+            )
+            return StopEvent(result={"error": last_error, "attempts": current_retries})
+
+        if isinstance(ev, StartEvent):
+            # First call: run TreeSummarize to get analysis, store in context
+            prompt = ev.get("prompt")
+            texts = ev.get("texts")
+            tone_name = ev.get("tone_name")
+            if not prompt or not isinstance(texts, list):
+                raise ValueError(
+                    "StartEvent must contain 'prompt' (str) and 'texts' (list)"
+                )
+
+            summarizer = TreeSummarize(verbose=False)
+            analysis = await summarizer.aget_response(
+                prompt, texts, tone_name=tone_name
+            )
+            await ctx.store.set("analysis", str(analysis))
+            reflection = ""
+        else:
+            # Retry: reuse analysis from context
+            analysis = await ctx.store.get("analysis")
+            if not analysis:
+                raise RuntimeError("Internal error: analysis not found in context")
+
+            wrong_output = ev.wrong_output
+            if len(wrong_output) > 2000:
+                wrong_output = wrong_output[:2000] + "... [truncated]"
+            reflection = (
+                f"\n\nYour previous response could not be parsed:\n{wrong_output}\n\n"
+                f"Error:\n{ev.error}\n\n"
+                "Please try again. Return ONLY valid JSON matching the schema above, "
+                "with no markdown formatting or extra text."
+            )
+
+        # Step 2: Format analysis as JSON using LLM completion
+        format_instructions = self.output_parser.format(
+            "Please structure the above information in the following JSON format:"
+        )
+
+        json_prompt = STRUCTURED_RESPONSE_PROMPT_TEMPLATE.format(
+            analysis=analysis,
+            format_instructions=format_instructions + reflection,
+        )
+
+        # Network retries handled by OpenAILike (max_retries=3)
+        response = await Settings.llm.acomplete(json_prompt)
+        return ExtractionDone(output=response.text)
+
+    @step
+    async def validate(
+        self, ctx: Context, ev: ExtractionDone
+    ) -> StopEvent | ValidationErrorEvent:
+        """Validate extracted output against Pydantic schema."""
+        raw_output = ev.output
+        retries = await ctx.store.get("retries", default=0)
+
+        try:
+            parsed = self.output_parser.parse(raw_output)
+            if retries > 1:
+                logger.info(
+                    f"LLM parse succeeded on attempt {retries}/{self.max_retries} "
+                    f"for {self.output_cls.__name__}"
+                )
+            return StopEvent(result={"success": parsed})
+
+        except (ValidationError, ValueError) as e:
+            error_msg = self._format_error(e, raw_output)
+            await ctx.store.set("last_error", error_msg)
+
+            logger.error(
+                f"LLM parse error (attempt {retries}/{self.max_retries}): "
+                f"{type(e).__name__}: {e}\nRaw response: {raw_output[:500]}"
+            )
+
+            return ValidationErrorEvent(
+                error=error_msg,
+                wrong_output=raw_output,
+            )
+
+    def _format_error(self, error: Exception, raw_output: str) -> str:
+        """Format error for LLM feedback."""
+        if isinstance(error, ValidationError):
+            error_messages = []
+            for err in error.errors():
+                field = ".".join(str(loc) for loc in err["loc"])
+                error_messages.append(f"- {err['msg']} in field '{field}'")
+            return "Schema validation errors:\n" + "\n".join(error_messages)
+        else:
+            return f"Parse error: {str(error)}"
+
+
 class LLM:
     def __init__(self, settings, temperature: float = 0.4, max_tokens: int = 2048):
         self.settings_obj = settings
@@ -29,11 +200,12 @@ class LLM:
         self.temperature = temperature
         self.max_tokens = max_tokens
 
-        # Configure llamaindex Settings
         self._configure_llamaindex()
 
     def _configure_llamaindex(self):
         """Configure llamaindex Settings with OpenAILike LLM"""
+        session_id = llm_session_id.get() or f"fallback-{uuid4().hex}"
+
         Settings.llm = OpenAILike(
             model=self.model_name,
             api_base=self.url,
@@ -43,6 +215,7 @@ class LLM:
             is_function_calling_model=False,
             temperature=self.temperature,
             max_tokens=self.max_tokens,
+            additional_kwargs={"extra_body": {"litellm_session_id": session_id}},
         )
 
     async def get_response(
@@ -59,25 +232,38 @@ class LLM:
         texts: list[str],
         output_cls: Type[T],
         tone_name: str | None = None,
+        timeout: int | None = None,
     ) -> T:
-        """Get structured output from LLM for non-function-calling models"""
-        summarizer = TreeSummarize(verbose=True)
-        response = await summarizer.aget_response(prompt, texts, tone_name=tone_name)
+        """Get structured output from LLM with validation retry via Workflow."""
+        if timeout is None:
+            timeout = self.settings_obj.LLM_STRUCTURED_RESPONSE_TIMEOUT
 
-        output_parser = PydanticOutputParser(output_cls)
+        async def run_workflow():
+            workflow = StructuredOutputWorkflow(
+                output_cls=output_cls,
+                max_retries=self.settings_obj.LLM_PARSE_MAX_RETRIES + 1,
+                timeout=timeout,
+            )
 
-        program = LLMTextCompletionProgram.from_defaults(
-            output_parser=output_parser,
-            prompt_template_str=STRUCTURED_RESPONSE_PROMPT_TEMPLATE,
-            verbose=False,
+            result = await workflow.run(
+                prompt=prompt,
+                texts=texts,
+                tone_name=tone_name,
+            )
+
+            if "error" in result:
+                error_msg = result["error"] or "Max retries exceeded"
+                raise LLMParseError(
+                    output_cls=output_cls,
+                    error_msg=error_msg,
+                    attempts=result.get("attempts", 0),
+                )
+
+            return result["success"]
+
+        return await retry(run_workflow)(
+            retry_attempts=3,
+            retry_backoff_interval=1.0,
+            retry_backoff_max=30.0,
+            retry_ignore_exc_types=(WorkflowTimeoutError,),
         )
-
-        format_instructions = output_parser.format(
-            "Please structure the above information in the following JSON format:"
-        )
-
-        output = await program.acall(
-            analysis=str(response), format_instructions=format_instructions
-        )
-
-        return output

server/reflector/pipelines/__init__.py

@@ -0,0 +1 @@
+"""Pipeline modules for audio processing."""

server/reflector/pipelines/main_file_pipeline.py

@@ -23,23 +23,18 @@ from reflector.db.transcripts import (
     transcripts_controller,
 )
 from reflector.logger import logger
+from reflector.pipelines import topic_processing
 from reflector.pipelines.main_live_pipeline import (
     PipelineMainBase,
     broadcast_to_sockets,
     task_cleanup_consent,
     task_pipeline_post_to_zulip,
 )
-from reflector.processors import (
-    AudioFileWriterProcessor,
-    TranscriptFinalSummaryProcessor,
-    TranscriptFinalTitleProcessor,
-    TranscriptTopicDetectorProcessor,
-)
+from reflector.pipelines.transcription_helpers import transcribe_file_with_processor
+from reflector.processors import AudioFileWriterProcessor
 from reflector.processors.audio_waveform_processor import AudioWaveformProcessor
 from reflector.processors.file_diarization import FileDiarizationInput
 from reflector.processors.file_diarization_auto import FileDiarizationAutoProcessor
-from reflector.processors.file_transcript import FileTranscriptInput
-from reflector.processors.file_transcript_auto import FileTranscriptAutoProcessor
 from reflector.processors.transcript_diarization_assembler import (
     TranscriptDiarizationAssemblerInput,
     TranscriptDiarizationAssemblerProcessor,
@@ -56,19 +51,6 @@ from reflector.storage import get_transcripts_storage
 from reflector.worker.webhook import send_transcript_webhook
 
 
-class EmptyPipeline:
-    """Empty pipeline for processors that need a pipeline reference"""
-
-    def __init__(self, logger: structlog.BoundLogger):
-        self.logger = logger
-
-    def get_pref(self, k, d=None):
-        return d
-
-    async def emit(self, event):
-        pass
-
-
 class PipelineMainFile(PipelineMainBase):
     """
     Optimized file processing pipeline.
@@ -81,7 +63,7 @@ class PipelineMainFile(PipelineMainBase):
     def __init__(self, transcript_id: str):
         super().__init__(transcript_id=transcript_id)
         self.logger = logger.bind(transcript_id=self.transcript_id)
-        self.empty_pipeline = EmptyPipeline(logger=self.logger)
+        self.empty_pipeline = topic_processing.EmptyPipeline(logger=self.logger)
 
     def _handle_gather_exceptions(self, results: list, operation: str) -> None:
         """Handle exceptions from asyncio.gather with return_exceptions=True"""
@@ -131,7 +113,7 @@ class PipelineMainFile(PipelineMainBase):
 
         self.logger.info("File pipeline complete")
 
-        await transcripts_controller.set_status(transcript.id, "ended")
+        await self.set_status(transcript.id, "ended")
 
     async def extract_and_write_audio(
         self, file_path: Path, transcript: Transcript
@@ -262,24 +244,7 @@ class PipelineMainFile(PipelineMainBase):
 
     async def transcribe_file(self, audio_url: str, language: str) -> TranscriptType:
         """Transcribe complete file"""
-        processor = FileTranscriptAutoProcessor()
-        input_data = FileTranscriptInput(audio_url=audio_url, language=language)
-
-        # Store result for retrieval
-        result: TranscriptType | None = None
-
-        async def capture_result(transcript):
-            nonlocal result
-            result = transcript
-
-        processor.on(capture_result)
-        await processor.push(input_data)
-        await processor.flush()
-
-        if not result:
-            raise ValueError("No transcript captured")
-
-        return result
+        return await transcribe_file_with_processor(audio_url, language)
 
     async def diarize_file(self, audio_url: str) -> list[DiarizationSegment] | None:
         """Get diarization for file"""
@@ -322,63 +287,32 @@ class PipelineMainFile(PipelineMainBase):
     async def detect_topics(
         self, transcript: TranscriptType, target_language: str
     ) -> list[TitleSummary]:
-        """Detect topics from complete transcript"""
-        chunk_size = 300
-        topics: list[TitleSummary] = []
-
-        async def on_topic(topic: TitleSummary):
-            topics.append(topic)
-            return await self.on_topic(topic)
-
-        topic_detector = TranscriptTopicDetectorProcessor(callback=on_topic)
-        topic_detector.set_pipeline(self.empty_pipeline)
-
-        for i in range(0, len(transcript.words), chunk_size):
-            chunk_words = transcript.words[i : i + chunk_size]
-            if not chunk_words:
-                continue
-
-            chunk_transcript = TranscriptType(
-                words=chunk_words, translation=transcript.translation
-            )
-
-            await topic_detector.push(chunk_transcript)
-
-        await topic_detector.flush()
-        return topics
+        return await topic_processing.detect_topics(
+            transcript,
+            target_language,
+            on_topic_callback=self.on_topic,
+            empty_pipeline=self.empty_pipeline,
+        )
 
     async def generate_title(self, topics: list[TitleSummary]):
-        """Generate title from topics"""
-        if not topics:
-            self.logger.warning("No topics for title generation")
-            return
-
-        processor = TranscriptFinalTitleProcessor(callback=self.on_title)
-        processor.set_pipeline(self.empty_pipeline)
-
-        for topic in topics:
-            await processor.push(topic)
-
-        await processor.flush()
+        return await topic_processing.generate_title(
+            topics,
+            on_title_callback=self.on_title,
+            empty_pipeline=self.empty_pipeline,
+            logger=self.logger,
+        )
 
     async def generate_summaries(self, topics: list[TitleSummary]):
-        """Generate long and short summaries from topics"""
-        if not topics:
-            self.logger.warning("No topics for summary generation")
-            return
-
         transcript = await self.get_transcript()
-        processor = TranscriptFinalSummaryProcessor(
-            transcript=transcript,
-            callback=self.on_long_summary,
-            on_short_summary=self.on_short_summary,
+        return await topic_processing.generate_summaries(
+            topics,
+            transcript,
+            on_long_summary_callback=self.on_long_summary,
+            on_short_summary_callback=self.on_short_summary,
+            on_action_items_callback=self.on_action_items,
+            empty_pipeline=self.empty_pipeline,
+            logger=self.logger,
         )
-        processor.set_pipeline(self.empty_pipeline)
-
-        for topic in topics:
-            await processor.push(topic)
-
-        await processor.flush()
 
 
 @shared_task
@@ -407,7 +341,6 @@ async def task_send_webhook_if_needed(*, transcript_id: str):
 @asynctask
 async def task_pipeline_file_process(*, transcript_id: str):
     """Celery task for file pipeline processing"""
-
     transcript = await transcripts_controller.get_by_id(transcript_id)
     if not transcript:
         raise Exception(f"Transcript {transcript_id} not found")
@@ -426,7 +359,12 @@ async def task_pipeline_file_process(*, transcript_id: str):
 
         await pipeline.process(audio_file)
 
-    except Exception:
+    except Exception as e:
+        logger.error(
+            f"File pipeline failed for transcript {transcript_id}: {type(e).__name__}: {str(e)}",
+            exc_info=True,
+            transcript_id=transcript_id,
+        )
         await pipeline.set_status(transcript_id, "error")
         raise
 

server/reflector/pipelines/main_live_pipeline.py

@@ -17,7 +17,6 @@ from contextlib import asynccontextmanager
 from typing import Generic
 
 import av
-import boto3
 from celery import chord, current_task, group, shared_task
 from pydantic import BaseModel
 from structlog import BoundLogger as Logger
@@ -28,6 +27,7 @@ from reflector.db.recordings import recordings_controller
 from reflector.db.rooms import rooms_controller
 from reflector.db.transcripts import (
     Transcript,
+    TranscriptActionItems,
     TranscriptDuration,
     TranscriptFinalLongSummary,
     TranscriptFinalShortSummary,
@@ -85,6 +85,20 @@ def broadcast_to_sockets(func):
             message=resp.model_dump(mode="json"),
         )
 
+        transcript = await transcripts_controller.get_by_id(self.transcript_id)
+        if transcript and transcript.user_id:
+            # Emit only relevant events to the user room to avoid noisy updates.
+            # Allowed: STATUS, FINAL_TITLE, DURATION. All are prefixed with TRANSCRIPT_
+            allowed_user_events = {"STATUS", "FINAL_TITLE", "DURATION"}
+            if resp.event in allowed_user_events:
+                await self.ws_manager.send_json(
+                    room_id=f"user:{transcript.user_id}",
+                    message={
+                        "event": f"TRANSCRIPT_{resp.event}",
+                        "data": {"id": self.transcript_id, **resp.data},
+                    },
+                )
+
     return wrapper
 
 
@@ -293,6 +307,23 @@ class PipelineMainBase(PipelineRunner[PipelineMessage], Generic[PipelineMessage]
                 data=final_short_summary,
             )
 
+    @broadcast_to_sockets
+    async def on_action_items(self, data):
+        action_items = TranscriptActionItems(action_items=data.action_items)
+        async with self.transaction():
+            transcript = await self.get_transcript()
+            await transcripts_controller.update(
+                transcript,
+                {
+                    "action_items": action_items.action_items,
+                },
+            )
+            return await transcripts_controller.append_event(
+                transcript=transcript,
+                event="ACTION_ITEMS",
+                data=action_items,
+            )
+
     @broadcast_to_sockets
     async def on_duration(self, data):
         async with self.transaction():
@@ -452,6 +483,7 @@ class PipelineMainFinalSummaries(PipelineMainFromTopics):
                 transcript=self._transcript,
                 callback=self.on_long_summary,
                 on_short_summary=self.on_short_summary,
+                on_action_items=self.on_action_items,
             ),
         ]
 
@@ -570,6 +602,7 @@ async def cleanup_consent(transcript: Transcript, logger: Logger):
 
     consent_denied = False
     recording = None
+    meeting = None
     try:
         if transcript.recording_id:
             recording = await recordings_controller.get_by_id(transcript.recording_id)
@@ -580,8 +613,8 @@ async def cleanup_consent(transcript: Transcript, logger: Logger):
                         meeting.id
                     )
     except Exception as e:
-        logger.error(f"Failed to get fetch consent: {e}", exc_info=e)
-        consent_denied = True
+        logger.error(f"Failed to fetch consent: {e}", exc_info=e)
+        raise
 
     if not consent_denied:
         logger.info("Consent approved, keeping all files")
@@ -589,25 +622,24 @@ async def cleanup_consent(transcript: Transcript, logger: Logger):
 
     logger.info("Consent denied, cleaning up all related audio files")
 
-    if recording and recording.bucket_name and recording.object_key:
-        s3_whereby = boto3.client(
-            "s3",
-            aws_access_key_id=settings.AWS_WHEREBY_ACCESS_KEY_ID,
-            aws_secret_access_key=settings.AWS_WHEREBY_ACCESS_KEY_SECRET,
-        )
-        try:
-            s3_whereby.delete_object(
-                Bucket=recording.bucket_name, Key=recording.object_key
-            )
-            logger.info(
-                f"Deleted original Whereby recording: {recording.bucket_name}/{recording.object_key}"
-            )
-        except Exception as e:
-            logger.error(f"Failed to delete Whereby recording: {e}", exc_info=e)
+    deletion_errors = []
+    if recording and recording.bucket_name:
+        keys_to_delete = []
+        if recording.track_keys:
+            keys_to_delete = recording.track_keys
+        elif recording.object_key:
+            keys_to_delete = [recording.object_key]
+
+        master_storage = get_transcripts_storage()
+        for key in keys_to_delete:
+            try:
+                await master_storage.delete_file(key, bucket=recording.bucket_name)
+                logger.info(f"Deleted recording file: {recording.bucket_name}/{key}")
+            except Exception as e:
+                error_msg = f"Failed to delete {key}: {e}"
+                logger.error(error_msg, exc_info=e)
+                deletion_errors.append(error_msg)
 
-    # non-transactional, files marked for deletion not actually deleted is possible
-    await transcripts_controller.update(transcript, {"audio_deleted": True})
-    # 2. Delete processed audio from transcript storage S3 bucket
     if transcript.audio_location == "storage":
         storage = get_transcripts_storage()
         try:
@@ -616,18 +648,28 @@ async def cleanup_consent(transcript: Transcript, logger: Logger):
                 f"Deleted processed audio from storage: {transcript.storage_audio_path}"
             )
         except Exception as e:
-            logger.error(f"Failed to delete processed audio: {e}", exc_info=e)
+            error_msg = f"Failed to delete processed audio: {e}"
+            logger.error(error_msg, exc_info=e)
+            deletion_errors.append(error_msg)
 
-    # 3. Delete local audio files
     try:
         if hasattr(transcript, "audio_mp3_filename") and transcript.audio_mp3_filename:
             transcript.audio_mp3_filename.unlink(missing_ok=True)
         if hasattr(transcript, "audio_wav_filename") and transcript.audio_wav_filename:
             transcript.audio_wav_filename.unlink(missing_ok=True)
     except Exception as e:
-        logger.error(f"Failed to delete local audio files: {e}", exc_info=e)
+        error_msg = f"Failed to delete local audio files: {e}"
+        logger.error(error_msg, exc_info=e)
+        deletion_errors.append(error_msg)
 
-    logger.info("Consent cleanup done")
+    if deletion_errors:
+        logger.warning(
+            f"Consent cleanup completed with {len(deletion_errors)} errors",
+            errors=deletion_errors,
+        )
+    else:
+        await transcripts_controller.update(transcript, {"audio_deleted": True})
+        logger.info("Consent cleanup done - all audio deleted")
 
 
 @get_transcript

server/reflector/pipelines/main_multitrack_pipeline.py

@@ -0,0 +1,799 @@
+import asyncio
+import math
+import tempfile
+from fractions import Fraction
+from pathlib import Path
+
+import av
+from av.audio.resampler import AudioResampler
+from celery import chain, shared_task
+
+from reflector.asynctask import asynctask
+from reflector.dailyco_api import MeetingParticipantsResponse
+from reflector.db.transcripts import (
+    Transcript,
+    TranscriptParticipant,
+    TranscriptStatus,
+    TranscriptWaveform,
+    transcripts_controller,
+)
+from reflector.logger import logger
+from reflector.pipelines import topic_processing
+from reflector.pipelines.main_file_pipeline import task_send_webhook_if_needed
+from reflector.pipelines.main_live_pipeline import (
+    PipelineMainBase,
+    broadcast_to_sockets,
+    task_cleanup_consent,
+    task_pipeline_post_to_zulip,
+)
+from reflector.pipelines.transcription_helpers import transcribe_file_with_processor
+from reflector.processors import AudioFileWriterProcessor
+from reflector.processors.audio_waveform_processor import AudioWaveformProcessor
+from reflector.processors.types import TitleSummary
+from reflector.processors.types import Transcript as TranscriptType
+from reflector.storage import Storage, get_transcripts_storage
+from reflector.utils.daily import (
+    filter_cam_audio_tracks,
+    parse_daily_recording_filename,
+)
+from reflector.utils.string import NonEmptyString
+from reflector.video_platforms.factory import create_platform_client
+
+# Audio encoding constants
+OPUS_STANDARD_SAMPLE_RATE = 48000
+OPUS_DEFAULT_BIT_RATE = 128000
+
+# Storage operation constants
+PRESIGNED_URL_EXPIRATION_SECONDS = 7200  # 2 hours
+
+
+class PipelineMainMultitrack(PipelineMainBase):
+    def __init__(self, transcript_id: str):
+        super().__init__(transcript_id=transcript_id)
+        self.logger = logger.bind(transcript_id=self.transcript_id)
+        self.empty_pipeline = topic_processing.EmptyPipeline(logger=self.logger)
+
+    async def pad_track_for_transcription(
+        self,
+        track_url: NonEmptyString,
+        track_idx: int,
+        storage: Storage,
+    ) -> NonEmptyString:
+        """
+        Pad a single track with silence based on stream metadata start_time.
+        Downloads from S3 presigned URL, processes via PyAV using tempfile, uploads to S3.
+        Returns presigned URL of padded track (or original URL if no padding needed).
+
+        Memory usage:
+        - Pattern: fixed_overhead(2-5MB) for PyAV codec/filters
+        - PyAV streams input efficiently (no full download, verified)
+        - Output written to tempfile (disk-based, not memory)
+        - Upload streams from file handle (boto3 chunks, typically 5-10MB)
+
+        Daily.co raw-tracks timing - Two approaches:
+
+            CURRENT APPROACH (PyAV metadata):
+            The WebM stream.start_time field encodes MEETING-RELATIVE timing:
+            - t=0: When Daily.co recording started (first participant joined)
+            - start_time=8.13s: This participant's track began 8.13s after recording started
+            - Purpose: Enables track alignment without external manifest files
+
+            This is NOT:
+            - Stream-internal offset (first packet timestamp relative to stream start)
+            - Absolute/wall-clock time
+            - Recording duration
+
+            ALTERNATIVE APPROACH (filename parsing):
+            Daily.co filenames contain Unix timestamps (milliseconds):
+            Format: {recording_start_ts}-{participant_id}-cam-audio-{track_start_ts}.webm
+            Example: 1760988935484-52f7f48b-fbab-431f-9a50-87b9abfc8255-cam-audio-1760988935922.webm
+
+            Can calculate offset: (track_start_ts - recording_start_ts) / 1000
+            - Track 0: (1760988935922 - 1760988935484) / 1000 = 0.438s
+            - Track 1: (1760988943823 - 1760988935484) / 1000 = 8.339s
+
+            TIME DIFFERENCE: PyAV metadata vs filename timestamps differ by ~209ms:
+            - Track 0: filename=438ms, metadata=229ms (diff: 209ms)
+            - Track 1: filename=8339ms, metadata=8130ms (diff: 209ms)
+
+            Consistent delta suggests network/encoding delay. PyAV metadata is ground truth
+            (represents when audio stream actually started vs when file upload initiated).
+
+            Example with 2 participants:
+                Track A: start_time=0.2s → Joined 200ms after recording began
+                Track B: start_time=8.1s → Joined 8.1 seconds later
+
+                After padding:
+                    Track A: [0.2s silence] + [speech...]
+                    Track B: [8.1s silence] + [speech...]
+
+                Whisper transcription timestamps are now synchronized:
+                    Track A word at 5.0s → happened at meeting t=5.0s
+                    Track B word at 10.0s → happened at meeting t=10.0s
+
+                Merging just sorts by timestamp - no offset calculation needed.
+
+        Padding coincidentally involves re-encoding. It's important when we work with Daily.co + Whisper.
+        This is because Daily.co returns recordings with skipped frames e.g. when microphone muted.
+        Daily.co doesn't understand those frames and ignores them, causing timestamp issues in transcription.
+        Re-encoding restores those frames. We do padding and re-encoding together just because it's convenient and more performant:
+        we need padded values for mix mp3 anyways
+        """
+
+        transcript = await self.get_transcript()
+
+        try:
+            # PyAV streams input from S3 URL efficiently (2-5MB fixed overhead for codec/filters)
+            with av.open(track_url) as in_container:
+                start_time_seconds = self._extract_stream_start_time_from_container(
+                    in_container, track_idx
+                )
+
+                if start_time_seconds <= 0:
+                    self.logger.info(
+                        f"Track {track_idx} requires no padding (start_time={start_time_seconds}s)",
+                        track_idx=track_idx,
+                    )
+                    return track_url
+
+                # Use tempfile instead of BytesIO for better memory efficiency
+                # Reduces peak memory usage during encoding/upload
+                with tempfile.NamedTemporaryFile(
+                    suffix=".webm", delete=False
+                ) as temp_file:
+                    temp_path = temp_file.name
+
+                try:
+                    self._apply_audio_padding_to_file(
+                        in_container, temp_path, start_time_seconds, track_idx
+                    )
+
+                    storage_path = (
+                        f"file_pipeline/{transcript.id}/tracks/padded_{track_idx}.webm"
+                    )
+
+                    # Upload using file handle for streaming
+                    with open(temp_path, "rb") as padded_file:
+                        await storage.put_file(storage_path, padded_file)
+                finally:
+                    # Clean up temp file
+                    Path(temp_path).unlink(missing_ok=True)
+
+                padded_url = await storage.get_file_url(
+                    storage_path,
+                    operation="get_object",
+                    expires_in=PRESIGNED_URL_EXPIRATION_SECONDS,
+                )
+
+                self.logger.info(
+                    f"Successfully padded track {track_idx}",
+                    track_idx=track_idx,
+                    start_time_seconds=start_time_seconds,
+                    padded_url=padded_url,
+                )
+
+                return padded_url
+
+        except Exception as e:
+            self.logger.error(
+                f"Failed to process track {track_idx}",
+                track_idx=track_idx,
+                url=track_url,
+                error=str(e),
+                exc_info=True,
+            )
+            raise Exception(
+                f"Track {track_idx} padding failed - transcript would have incorrect timestamps"
+            ) from e
+
+    def _extract_stream_start_time_from_container(
+        self, container, track_idx: int
+    ) -> float:
+        """
+        Extract meeting-relative start time from WebM stream metadata.
+        Uses PyAV to read stream.start_time from WebM container.
+        More accurate than filename timestamps by ~209ms due to network/encoding delays.
+        """
+        start_time_seconds = 0.0
+        try:
+            audio_streams = [s for s in container.streams if s.type == "audio"]
+            stream = audio_streams[0] if audio_streams else container.streams[0]
+
+            # 1) Try stream-level start_time (most reliable for Daily.co tracks)
+            if stream.start_time is not None and stream.time_base is not None:
+                start_time_seconds = float(stream.start_time * stream.time_base)
+
+            # 2) Fallback to container-level start_time (in av.time_base units)
+            if (start_time_seconds <= 0) and (container.start_time is not None):
+                start_time_seconds = float(container.start_time * av.time_base)
+
+            # 3) Fallback to first packet DTS in stream.time_base
+            if start_time_seconds <= 0:
+                for packet in container.demux(stream):
+                    if packet.dts is not None:
+                        start_time_seconds = float(packet.dts * stream.time_base)
+                        break
+        except Exception as e:
+            self.logger.warning(
+                "PyAV metadata read failed; assuming 0 start_time",
+                track_idx=track_idx,
+                error=str(e),
+            )
+            start_time_seconds = 0.0
+
+        self.logger.info(
+            f"Track {track_idx} stream metadata: start_time={start_time_seconds:.3f}s",
+            track_idx=track_idx,
+        )
+        return start_time_seconds
+
+    def _apply_audio_padding_to_file(
+        self,
+        in_container,
+        output_path: str,
+        start_time_seconds: float,
+        track_idx: int,
+    ) -> None:
+        """Apply silence padding to audio track using PyAV filter graph, writing to file"""
+        delay_ms = math.floor(start_time_seconds * 1000)
+
+        self.logger.info(
+            f"Padding track {track_idx} with {delay_ms}ms delay using PyAV",
+            track_idx=track_idx,
+            delay_ms=delay_ms,
+        )
+
+        try:
+            with av.open(output_path, "w", format="webm") as out_container:
+                in_stream = next(
+                    (s for s in in_container.streams if s.type == "audio"), None
+                )
+                if in_stream is None:
+                    raise Exception("No audio stream in input")
+
+                out_stream = out_container.add_stream(
+                    "libopus", rate=OPUS_STANDARD_SAMPLE_RATE
+                )
+                out_stream.bit_rate = OPUS_DEFAULT_BIT_RATE
+                graph = av.filter.Graph()
+
+                abuf_args = (
+                    f"time_base=1/{OPUS_STANDARD_SAMPLE_RATE}:"
+                    f"sample_rate={OPUS_STANDARD_SAMPLE_RATE}:"
+                    f"sample_fmt=s16:"
+                    f"channel_layout=stereo"
+                )
+                src = graph.add("abuffer", args=abuf_args, name="src")
+                aresample_f = graph.add("aresample", args="async=1", name="ares")
+                # adelay requires one delay value per channel separated by '|'
+                delays_arg = f"{delay_ms}|{delay_ms}"
+                adelay_f = graph.add(
+                    "adelay", args=f"delays={delays_arg}:all=1", name="delay"
+                )
+                sink = graph.add("abuffersink", name="sink")
+
+                src.link_to(aresample_f)
+                aresample_f.link_to(adelay_f)
+                adelay_f.link_to(sink)
+                graph.configure()
+
+                resampler = AudioResampler(
+                    format="s16", layout="stereo", rate=OPUS_STANDARD_SAMPLE_RATE
+                )
+                # Decode -> resample -> push through graph -> encode Opus
+                for frame in in_container.decode(in_stream):
+                    out_frames = resampler.resample(frame) or []
+                    for rframe in out_frames:
+                        rframe.sample_rate = OPUS_STANDARD_SAMPLE_RATE
+                        rframe.time_base = Fraction(1, OPUS_STANDARD_SAMPLE_RATE)
+                        src.push(rframe)
+
+                        while True:
+                            try:
+                                f_out = sink.pull()
+                            except Exception:
+                                break
+                            f_out.sample_rate = OPUS_STANDARD_SAMPLE_RATE
+                            f_out.time_base = Fraction(1, OPUS_STANDARD_SAMPLE_RATE)
+                            for packet in out_stream.encode(f_out):
+                                out_container.mux(packet)
+
+                src.push(None)
+                while True:
+                    try:
+                        f_out = sink.pull()
+                    except Exception:
+                        break
+                    f_out.sample_rate = OPUS_STANDARD_SAMPLE_RATE
+                    f_out.time_base = Fraction(1, OPUS_STANDARD_SAMPLE_RATE)
+                    for packet in out_stream.encode(f_out):
+                        out_container.mux(packet)
+
+                for packet in out_stream.encode(None):
+                    out_container.mux(packet)
+        except Exception as e:
+            self.logger.error(
+                "PyAV padding failed for track",
+                track_idx=track_idx,
+                delay_ms=delay_ms,
+                error=str(e),
+                exc_info=True,
+            )
+            raise
+
+    async def mixdown_tracks(
+        self,
+        track_urls: list[str],
+        writer: AudioFileWriterProcessor,
+        offsets_seconds: list[float] | None = None,
+    ) -> None:
+        """Multi-track mixdown using PyAV filter graph (amix), reading from S3 presigned URLs"""
+
+        target_sample_rate: int | None = None
+        for url in track_urls:
+            if not url:
+                continue
+            container = None
+            try:
+                container = av.open(url)
+                for frame in container.decode(audio=0):
+                    target_sample_rate = frame.sample_rate
+                    break
+            except Exception:
+                continue
+            finally:
+                if container is not None:
+                    container.close()
+            if target_sample_rate:
+                break
+
+        if not target_sample_rate:
+            self.logger.error("Mixdown failed - no decodable audio frames found")
+            raise Exception("Mixdown failed: No decodable audio frames in any track")
+        # Build PyAV filter graph:
+        # N abuffer (s32/stereo)
+        #   -> optional adelay per input (for alignment)
+        #   -> amix (s32)
+        #   -> aformat(s16)
+        #   -> sink
+        graph = av.filter.Graph()
+        inputs = []
+        valid_track_urls = [url for url in track_urls if url]
+        input_offsets_seconds = None
+        if offsets_seconds is not None:
+            input_offsets_seconds = [
+                offsets_seconds[i] for i, url in enumerate(track_urls) if url
+            ]
+        for idx, url in enumerate(valid_track_urls):
+            args = (
+                f"time_base=1/{target_sample_rate}:"
+                f"sample_rate={target_sample_rate}:"
+                f"sample_fmt=s32:"
+                f"channel_layout=stereo"
+            )
+            in_ctx = graph.add("abuffer", args=args, name=f"in{idx}")
+            inputs.append(in_ctx)
+
+        if not inputs:
+            self.logger.error("Mixdown failed - no valid inputs for graph")
+            raise Exception("Mixdown failed: No valid inputs for filter graph")
+
+        mixer = graph.add("amix", args=f"inputs={len(inputs)}:normalize=0", name="mix")
+
+        fmt = graph.add(
+            "aformat",
+            args=(
+                f"sample_fmts=s32:channel_layouts=stereo:sample_rates={target_sample_rate}"
+            ),
+            name="fmt",
+        )
+
+        sink = graph.add("abuffersink", name="out")
+
+        # Optional per-input delay before mixing
+        delays_ms: list[int] = []
+        if input_offsets_seconds is not None:
+            base = min(input_offsets_seconds) if input_offsets_seconds else 0.0
+            delays_ms = [
+                max(0, int(round((o - base) * 1000))) for o in input_offsets_seconds
+            ]
+        else:
+            delays_ms = [0 for _ in inputs]
+
+        for idx, in_ctx in enumerate(inputs):
+            delay_ms = delays_ms[idx] if idx < len(delays_ms) else 0
+            if delay_ms > 0:
+                # adelay requires one value per channel; use same for stereo
+                adelay = graph.add(
+                    "adelay",
+                    args=f"delays={delay_ms}|{delay_ms}:all=1",
+                    name=f"delay{idx}",
+                )
+                in_ctx.link_to(adelay)
+                adelay.link_to(mixer, 0, idx)
+            else:
+                in_ctx.link_to(mixer, 0, idx)
+        mixer.link_to(fmt)
+        fmt.link_to(sink)
+        graph.configure()
+
+        containers = []
+        try:
+            # Open all containers with cleanup guaranteed
+            for i, url in enumerate(valid_track_urls):
+                try:
+                    c = av.open(
+                        url,
+                        options={
+                            # it's trying to stream from s3 by default
+                            "reconnect": "1",
+                            "reconnect_streamed": "1",
+                            "reconnect_delay_max": "5",
+                        },
+                    )
+                    containers.append(c)
+                except Exception as e:
+                    self.logger.warning(
+                        "Mixdown: failed to open container from URL",
+                        input=i,
+                        url=url,
+                        error=str(e),
+                    )
+
+            if not containers:
+                self.logger.error("Mixdown failed - no valid containers opened")
+                raise Exception("Mixdown failed: Could not open any track containers")
+
+            decoders = [c.decode(audio=0) for c in containers]
+            active = [True] * len(decoders)
+            resamplers = [
+                AudioResampler(format="s32", layout="stereo", rate=target_sample_rate)
+                for _ in decoders
+            ]
+
+            while any(active):
+                for i, (dec, is_active) in enumerate(zip(decoders, active)):
+                    if not is_active:
+                        continue
+                    try:
+                        frame = next(dec)
+                    except StopIteration:
+                        active[i] = False
+                        # causes stream to move on / unclogs memory
+                        inputs[i].push(None)
+                        continue
+
+                    if frame.sample_rate != target_sample_rate:
+                        continue
+                    out_frames = resamplers[i].resample(frame) or []
+                    for rf in out_frames:
+                        rf.sample_rate = target_sample_rate
+                        rf.time_base = Fraction(1, target_sample_rate)
+                        inputs[i].push(rf)
+
+                    while True:
+                        try:
+                            mixed = sink.pull()
+                        except Exception:
+                            break
+                        mixed.sample_rate = target_sample_rate
+                        mixed.time_base = Fraction(1, target_sample_rate)
+                        await writer.push(mixed)
+
+            while True:
+                try:
+                    mixed = sink.pull()
+                except Exception:
+                    break
+                mixed.sample_rate = target_sample_rate
+                mixed.time_base = Fraction(1, target_sample_rate)
+                await writer.push(mixed)
+        finally:
+            # Cleanup all containers, even if processing failed
+            for c in containers:
+                if c is not None:
+                    try:
+                        c.close()
+                    except Exception:
+                        pass  # Best effort cleanup
+
+    @broadcast_to_sockets
+    async def set_status(self, transcript_id: str, status: TranscriptStatus):
+        async with self.lock_transaction():
+            return await transcripts_controller.set_status(transcript_id, status)
+
+    async def on_waveform(self, data):
+        async with self.transaction():
+            waveform = TranscriptWaveform(waveform=data)
+            transcript = await self.get_transcript()
+            return await transcripts_controller.append_event(
+                transcript=transcript, event="WAVEFORM", data=waveform
+            )
+
+    async def update_participants_from_daily(
+        self, transcript: Transcript, track_keys: list[str]
+    ) -> None:
+        """Update transcript participants with user_id and names from Daily.co API."""
+        if not transcript.recording_id:
+            return
+
+        try:
+            async with create_platform_client("daily") as daily_client:
+                id_to_name = {}
+                id_to_user_id = {}
+
+                try:
+                    rec_details = await daily_client.get_recording(
+                        transcript.recording_id
+                    )
+                    mtg_session_id = rec_details.mtgSessionId
+                    if mtg_session_id:
+                        try:
+                            payload: MeetingParticipantsResponse = (
+                                await daily_client.get_meeting_participants(
+                                    mtg_session_id
+                                )
+                            )
+                            for p in payload.data:
+                                pid = p.participant_id
+                                name = p.user_name
+                                user_id = p.user_id
+                                if name:
+                                    id_to_name[pid] = name
+                                if user_id:
+                                    id_to_user_id[pid] = user_id
+                        except Exception as e:
+                            self.logger.warning(
+                                "Failed to fetch Daily meeting participants",
+                                error=str(e),
+                                mtg_session_id=mtg_session_id,
+                                exc_info=True,
+                            )
+                    else:
+                        self.logger.warning(
+                            "No mtgSessionId found for recording; participant names may be generic",
+                            recording_id=transcript.recording_id,
+                        )
+                except Exception as e:
+                    self.logger.warning(
+                        "Failed to fetch Daily recording details",
+                        error=str(e),
+                        recording_id=transcript.recording_id,
+                        exc_info=True,
+                    )
+                    return
+
+                cam_audio_keys = filter_cam_audio_tracks(track_keys)
+
+                for idx, key in enumerate(cam_audio_keys):
+                    try:
+                        parsed = parse_daily_recording_filename(key)
+                        participant_id = parsed.participant_id
+                    except ValueError as e:
+                        self.logger.error(
+                            "Failed to parse Daily recording filename",
+                            error=str(e),
+                            key=key,
+                            exc_info=True,
+                        )
+                        continue
+
+                    default_name = f"Speaker {idx}"
+                    name = id_to_name.get(participant_id, default_name)
+                    user_id = id_to_user_id.get(participant_id)
+
+                    participant = TranscriptParticipant(
+                        id=participant_id, speaker=idx, name=name, user_id=user_id
+                    )
+                    await transcripts_controller.upsert_participant(
+                        transcript, participant
+                    )
+
+        except Exception as e:
+            self.logger.warning(
+                "Failed to map participant names", error=str(e), exc_info=True
+            )
+
+    async def process(self, bucket_name: str, track_keys: list[str]):
+        transcript = await self.get_transcript()
+        async with self.transaction():
+            await transcripts_controller.update(
+                transcript,
+                {
+                    "events": [],
+                    "topics": [],
+                    "participants": [],
+                },
+            )
+
+        await self.update_participants_from_daily(transcript, track_keys)
+
+        source_storage = get_transcripts_storage()
+        transcript_storage = source_storage
+
+        track_urls: list[str] = []
+        for key in track_keys:
+            url = await source_storage.get_file_url(
+                key,
+                operation="get_object",
+                expires_in=PRESIGNED_URL_EXPIRATION_SECONDS,
+                bucket=bucket_name,
+            )
+            track_urls.append(url)
+            self.logger.info(
+                f"Generated presigned URL for track from {bucket_name}",
+                key=key,
+            )
+
+        created_padded_files = set()
+        padded_track_urls: list[str] = []
+        for idx, url in enumerate(track_urls):
+            padded_url = await self.pad_track_for_transcription(
+                url, idx, transcript_storage
+            )
+            padded_track_urls.append(padded_url)
+            if padded_url != url:
+                storage_path = f"file_pipeline/{transcript.id}/tracks/padded_{idx}.webm"
+                created_padded_files.add(storage_path)
+            self.logger.info(f"Track {idx} processed, padded URL: {padded_url}")
+
+        transcript.data_path.mkdir(parents=True, exist_ok=True)
+
+        mp3_writer = AudioFileWriterProcessor(
+            path=str(transcript.audio_mp3_filename),
+            on_duration=self.on_duration,
+        )
+        await self.mixdown_tracks(padded_track_urls, mp3_writer, offsets_seconds=None)
+        await mp3_writer.flush()
+
+        if not transcript.audio_mp3_filename.exists():
+            raise Exception(
+                "Mixdown failed - no MP3 file generated. Cannot proceed without playable audio."
+            )
+
+        storage_path = f"{transcript.id}/audio.mp3"
+        # Use file handle streaming to avoid loading entire MP3 into memory
+        mp3_size = transcript.audio_mp3_filename.stat().st_size
+        with open(transcript.audio_mp3_filename, "rb") as mp3_file:
+            await transcript_storage.put_file(storage_path, mp3_file)
+        mp3_url = await transcript_storage.get_file_url(storage_path)
+
+        await transcripts_controller.update(transcript, {"audio_location": "storage"})
+
+        self.logger.info(
+            f"Uploaded mixed audio to storage",
+            storage_path=storage_path,
+            size=mp3_size,
+            url=mp3_url,
+        )
+
+        self.logger.info("Generating waveform from mixed audio")
+        waveform_processor = AudioWaveformProcessor(
+            audio_path=transcript.audio_mp3_filename,
+            waveform_path=transcript.audio_waveform_filename,
+            on_waveform=self.on_waveform,
+        )
+        waveform_processor.set_pipeline(self.empty_pipeline)
+        await waveform_processor.flush()
+        self.logger.info("Waveform generated successfully")
+
+        speaker_transcripts: list[TranscriptType] = []
+        for idx, padded_url in enumerate(padded_track_urls):
+            if not padded_url:
+                continue
+
+            t = await self.transcribe_file(padded_url, transcript.source_language)
+
+            if not t.words:
+                self.logger.debug(f"no words in track {idx}")
+                # not skipping, it may be silence or indistinguishable mumbling
+
+            for w in t.words:
+                w.speaker = idx
+
+            speaker_transcripts.append(t)
+            self.logger.info(
+                f"Track {idx} transcribed successfully with {len(t.words)} words",
+                track_idx=idx,
+            )
+
+        valid_track_count = len([url for url in padded_track_urls if url])
+        if valid_track_count > 0 and len(speaker_transcripts) != valid_track_count:
+            raise Exception(
+                f"Only {len(speaker_transcripts)}/{valid_track_count} tracks transcribed successfully. "
+                f"All tracks must succeed to avoid incomplete transcripts."
+            )
+
+        if not speaker_transcripts:
+            raise Exception("No valid track transcriptions")
+
+        self.logger.info(f"Cleaning up {len(created_padded_files)} temporary S3 files")
+        cleanup_tasks = []
+        for storage_path in created_padded_files:
+            cleanup_tasks.append(transcript_storage.delete_file(storage_path))
+
+        if cleanup_tasks:
+            cleanup_results = await asyncio.gather(
+                *cleanup_tasks, return_exceptions=True
+            )
+            for storage_path, result in zip(created_padded_files, cleanup_results):
+                if isinstance(result, Exception):
+                    self.logger.warning(
+                        "Failed to cleanup temporary padded track",
+                        storage_path=storage_path,
+                        error=str(result),
+                    )
+
+        merged_words = []
+        for t in speaker_transcripts:
+            merged_words.extend(t.words)
+        merged_words.sort(
+            key=lambda w: w.start if hasattr(w, "start") and w.start is not None else 0
+        )
+
+        merged_transcript = TranscriptType(words=merged_words, translation=None)
+
+        await self.on_transcript(merged_transcript)
+
+        topics = await self.detect_topics(merged_transcript, transcript.target_language)
+        await asyncio.gather(
+            self.generate_title(topics),
+            self.generate_summaries(topics),
+            return_exceptions=False,
+        )
+
+        await self.set_status(transcript.id, "ended")
+
+    async def transcribe_file(self, audio_url: str, language: str) -> TranscriptType:
+        return await transcribe_file_with_processor(audio_url, language)
+
+    async def detect_topics(
+        self, transcript: TranscriptType, target_language: str
+    ) -> list[TitleSummary]:
+        return await topic_processing.detect_topics(
+            transcript,
+            target_language,
+            on_topic_callback=self.on_topic,
+            empty_pipeline=self.empty_pipeline,
+        )
+
+    async def generate_title(self, topics: list[TitleSummary]):
+        return await topic_processing.generate_title(
+            topics,
+            on_title_callback=self.on_title,
+            empty_pipeline=self.empty_pipeline,
+            logger=self.logger,
+        )
+
+    async def generate_summaries(self, topics: list[TitleSummary]):
+        transcript = await self.get_transcript()
+        return await topic_processing.generate_summaries(
+            topics,
+            transcript,
+            on_long_summary_callback=self.on_long_summary,
+            on_short_summary_callback=self.on_short_summary,
+            on_action_items_callback=self.on_action_items,
+            empty_pipeline=self.empty_pipeline,
+            logger=self.logger,
+        )
+
+
+@shared_task
+@asynctask
+async def task_pipeline_multitrack_process(
+    *, transcript_id: str, bucket_name: str, track_keys: list[str]
+):
+    pipeline = PipelineMainMultitrack(transcript_id=transcript_id)
+    try:
+        await pipeline.set_status(transcript_id, "processing")
+        await pipeline.process(bucket_name, track_keys)
+    except Exception:
+        await pipeline.set_status(transcript_id, "error")
+        raise
+
+    post_chain = chain(
+        task_cleanup_consent.si(transcript_id=transcript_id),
+        task_pipeline_post_to_zulip.si(transcript_id=transcript_id),
+        task_send_webhook_if_needed.si(transcript_id=transcript_id),
+    )
+    post_chain.delay()

server/reflector/pipelines/topic_processing.py

@@ -0,0 +1,113 @@
+"""
+Topic processing utilities
+==========================
+
+Shared topic detection, title generation, and summarization logic
+used across file and multitrack pipelines.
+"""
+
+from typing import Callable
+
+import structlog
+
+from reflector.db.transcripts import Transcript
+from reflector.processors import (
+    TranscriptFinalSummaryProcessor,
+    TranscriptFinalTitleProcessor,
+    TranscriptTopicDetectorProcessor,
+)
+from reflector.processors.types import TitleSummary
+from reflector.processors.types import Transcript as TranscriptType
+
+
+class EmptyPipeline:
+    def __init__(self, logger: structlog.BoundLogger):
+        self.logger = logger
+
+    def get_pref(self, k, d=None):
+        return d
+
+    async def emit(self, event):
+        pass
+
+
+async def detect_topics(
+    transcript: TranscriptType,
+    target_language: str,
+    *,
+    on_topic_callback: Callable,
+    empty_pipeline: EmptyPipeline,
+) -> list[TitleSummary]:
+    chunk_size = 300
+    topics: list[TitleSummary] = []
+
+    async def on_topic(topic: TitleSummary):
+        topics.append(topic)
+        return await on_topic_callback(topic)
+
+    topic_detector = TranscriptTopicDetectorProcessor(callback=on_topic)
+    topic_detector.set_pipeline(empty_pipeline)
+
+    for i in range(0, len(transcript.words), chunk_size):
+        chunk_words = transcript.words[i : i + chunk_size]
+        if not chunk_words:
+            continue
+
+        chunk_transcript = TranscriptType(
+            words=chunk_words, translation=transcript.translation
+        )
+
+        await topic_detector.push(chunk_transcript)
+
+    await topic_detector.flush()
+    return topics
+
+
+async def generate_title(
+    topics: list[TitleSummary],
+    *,
+    on_title_callback: Callable,
+    empty_pipeline: EmptyPipeline,
+    logger: structlog.BoundLogger,
+):
+    if not topics:
+        logger.warning("No topics for title generation")
+        return
+
+    processor = TranscriptFinalTitleProcessor(callback=on_title_callback)
+    processor.set_pipeline(empty_pipeline)
+
+    for topic in topics:
+        await processor.push(topic)
+
+    await processor.flush()
+
+
+async def generate_summaries(
+    topics: list[TitleSummary],
+    transcript: Transcript,
+    *,
+    on_long_summary_callback: Callable,
+    on_short_summary_callback: Callable,
+    on_action_items_callback: Callable,
+    empty_pipeline: EmptyPipeline,
+    logger: structlog.BoundLogger,
+):
+    if not topics:
+        logger.warning("No topics for summary generation")
+        return
+
+    processor_kwargs = {
+        "transcript": transcript,
+        "callback": on_long_summary_callback,
+        "on_short_summary": on_short_summary_callback,
+        "on_action_items": on_action_items_callback,
+    }
+
+    processor = TranscriptFinalSummaryProcessor(**processor_kwargs)
+    processor.set_pipeline(empty_pipeline)
+
+    for topic in topics:
+        await processor.push(topic)
+
+    await processor.flush()

server/reflector/pipelines/transcription_helpers.py

@@ -0,0 +1,34 @@
+from reflector.processors.file_transcript import FileTranscriptInput
+from reflector.processors.file_transcript_auto import FileTranscriptAutoProcessor
+from reflector.processors.types import Transcript as TranscriptType
+
+
+async def transcribe_file_with_processor(
+    audio_url: str,
+    language: str,
+    processor_name: str | None = None,
+) -> TranscriptType:
+    processor = (
+        FileTranscriptAutoProcessor(name=processor_name)
+        if processor_name
+        else FileTranscriptAutoProcessor()
+    )
+    input_data = FileTranscriptInput(audio_url=audio_url, language=language)
+
+    result: TranscriptType | None = None
+
+    async def capture_result(transcript):
+        nonlocal result
+        result = transcript
+
+    processor.on(capture_result)
+    await processor.push(input_data)
+    await processor.flush()
+
+    if not result:
+        processor_label = processor_name or "default"
+        raise ValueError(
+            f"No transcript captured from {processor_label} processor for audio: {audio_url}"
+        )
+
+    return result

server/reflector/processors/file_transcript_modal.py

@@ -56,6 +56,16 @@ class FileTranscriptModalProcessor(FileTranscriptProcessor):
                 },
                 follow_redirects=True,
             )
+
+            if response.status_code != 200:
+                error_body = response.text
+                self.logger.error(
+                    "Modal API error",
+                    audio_url=data.audio_url,
+                    status_code=response.status_code,
+                    error_body=error_body,
+                )
+
             response.raise_for_status()
             result = response.json()
 

server/reflector/processors/summary/summary_builder.py

@@ -96,6 +96,36 @@ RECAP_PROMPT = dedent(
     """
 ).strip()
 
+ACTION_ITEMS_PROMPT = dedent(
+    """
+    Identify action items from this meeting transcript. Your goal is to identify what was decided and what needs to happen next.
+
+    Look for:
+
+    1. **Decisions Made**: Any decisions, choices, or conclusions reached during the meeting. For each decision:
+       - What was decided? (be specific)
+       - Who made the decision or was involved? (use actual participant names)
+       - Why was this decision made? (key factors, reasoning, or rationale)
+
+    2. **Next Steps / Action Items**: Any tasks, follow-ups, or actions that were mentioned or assigned. For each action item:
+       - What specific task needs to be done? (be concrete and actionable)
+       - Who is responsible? (use actual participant names if mentioned, or "team" if unclear)
+       - When is it due? (any deadlines, timeframes, or "by next meeting" type commitments)
+       - What context is needed? (any additional details that help understand the task)
+
+    Guidelines:
+    - Be thorough and identify all action items, even if they seem minor
+    - Include items that were agreed upon, assigned, or committed to
+    - Include decisions even if they seem obvious or implicit
+    - If someone says "I'll do X" or "We should do Y", that's an action item
+    - If someone says "Let's go with option A", that's a decision
+    - Use the exact participant names from the transcript
+    - If no participant name is mentioned, you can leave assigned_to/decided_by as null
+
+    Only return empty lists if the transcript contains NO decisions and NO action items whatsoever.
+    """
+).strip()
+
 STRUCTURED_RESPONSE_PROMPT_TEMPLATE = dedent(
     """
     Based on the following analysis, provide the information in the requested JSON format:
@@ -155,6 +185,53 @@ class SubjectsResponse(BaseModel):
     )
 
 
+class ActionItem(BaseModel):
+    """A single action item from the meeting"""
+
+    task: str = Field(description="The task or action item to be completed")
+    assigned_to: str | None = Field(
+        default=None, description="Person or team assigned to this task (name)"
+    )
+    assigned_to_participant_id: str | None = Field(
+        default=None, description="Participant ID if assigned_to matches a participant"
+    )
+    deadline: str | None = Field(
+        default=None, description="Deadline or timeframe mentioned for this task"
+    )
+    context: str | None = Field(
+        default=None, description="Additional context or notes about this task"
+    )
+
+
+class Decision(BaseModel):
+    """A decision made during the meeting"""
+
+    decision: str = Field(description="What was decided")
+    rationale: str | None = Field(
+        default=None,
+        description="Reasoning or key factors that influenced this decision",
+    )
+    decided_by: str | None = Field(
+        default=None, description="Person or group who made the decision (name)"
+    )
+    decided_by_participant_id: str | None = Field(
+        default=None, description="Participant ID if decided_by matches a participant"
+    )
+
+
+class ActionItemsResponse(BaseModel):
+    """Pydantic model for identified action items"""
+
+    decisions: list[Decision] = Field(
+        default_factory=list,
+        description="List of decisions made during the meeting",
+    )
+    next_steps: list[ActionItem] = Field(
+        default_factory=list,
+        description="List of action items and next steps to be taken",
+    )
+
+
 class SummaryBuilder:
     def __init__(self, llm: LLM, filename: str | None = None, logger=None) -> None:
         self.transcript: str | None = None
@@ -165,6 +242,9 @@ class SummaryBuilder:
         self.llm: LLM = llm
         self.model_name: str = llm.model_name
         self.logger = logger or structlog.get_logger()
+        self.participant_instructions: str | None = None
+        self.action_items: ActionItemsResponse | None = None
+        self.participant_name_to_id: dict[str, str] = {}
         if filename:
             self.read_transcript_from_file(filename)
 
@@ -188,17 +268,81 @@ class SummaryBuilder:
         self.llm = llm
 
     async def _get_structured_response(
-        self, prompt: str, output_cls: Type[T], tone_name: str | None = None
+        self,
+        prompt: str,
+        output_cls: Type[T],
+        tone_name: str | None = None,
+        timeout: int | None = None,
     ) -> T:
         """Generic function to get structured output from LLM for non-function-calling models."""
+        enhanced_prompt = self._enhance_prompt_with_participants(prompt)
         return await self.llm.get_structured_response(
-            prompt, [self.transcript], output_cls, tone_name=tone_name
+            enhanced_prompt,
+            [self.transcript],
+            output_cls,
+            tone_name=tone_name,
+            timeout=timeout,
         )
 
+    async def _get_response(
+        self, prompt: str, texts: list[str], tone_name: str | None = None
+    ) -> str:
+        """Get text response with automatic participant instructions injection."""
+        enhanced_prompt = self._enhance_prompt_with_participants(prompt)
+        return await self.llm.get_response(enhanced_prompt, texts, tone_name=tone_name)
+
+    def _enhance_prompt_with_participants(self, prompt: str) -> str:
+        """Add participant instructions to any prompt if participants are known."""
+        if self.participant_instructions:
+            self.logger.debug("Adding participant instructions to prompt")
+            return f"{prompt}\n\n{self.participant_instructions}"
+        return prompt
+
     # ----------------------------------------------------------------------------
     # Participants
     # ----------------------------------------------------------------------------
 
+    def set_known_participants(
+        self,
+        participants: list[str],
+        participant_name_to_id: dict[str, str] | None = None,
+    ) -> None:
+        """
+        Set known participants directly without LLM identification.
+        This is used when participants are already identified and stored.
+        They are appended at the end of the transcript, providing more context for the assistant.
+
+        Args:
+            participants: List of participant names
+            participant_name_to_id: Optional mapping of participant names to their IDs
+        """
+        if not participants:
+            self.logger.warning("No participants provided")
+            return
+
+        self.logger.info(
+            "Using known participants",
+            participants=participants,
+        )
+
+        if participant_name_to_id:
+            self.participant_name_to_id = participant_name_to_id
+
+        participants_md = self.format_list_md(participants)
+        self.transcript += f"\n\n# Participants\n\n{participants_md}"
+
+        participants_list = ", ".join(participants)
+        self.participant_instructions = dedent(
+            f"""
+            # IMPORTANT: Participant Names
+            The following participants are identified in this conversation: {participants_list}
+
+            You MUST use these specific participant names when referring to people in your response.
+            Do NOT use generic terms like "a participant", "someone", "attendee", "Speaker 1", "Speaker 2", etc.
+            Always refer to people by their actual names (e.g., "John suggested..." not "A participant suggested...").
+            """
+        ).strip()
+
     async def identify_participants(self) -> None:
         """
         From a transcript, try to identify the participants using TreeSummarize with structured output.
@@ -232,6 +376,19 @@ class SummaryBuilder:
             if unique_participants:
                 participants_md = self.format_list_md(unique_participants)
                 self.transcript += f"\n\n# Participants\n\n{participants_md}"
+
+                # Set instructions that will be automatically added to all prompts
+                participants_list = ", ".join(unique_participants)
+                self.participant_instructions = dedent(
+                    f"""
+                    # IMPORTANT: Participant Names
+                    The following participants are identified in this conversation: {participants_list}
+
+                    You MUST use these specific participant names when referring to people in your response.
+                    Do NOT use generic terms like "a participant", "someone", "attendee", "Speaker 1", "Speaker 2", etc.
+                    Always refer to people by their actual names (e.g., "John suggested..." not "A participant suggested...").
+                    """
+                ).strip()
             else:
                 self.logger.warning("No participants identified in the transcript")
 
@@ -318,13 +475,13 @@ class SummaryBuilder:
         for subject in self.subjects:
             detailed_prompt = DETAILED_SUBJECT_PROMPT_TEMPLATE.format(subject=subject)
 
-            detailed_response = await self.llm.get_response(
+            detailed_response = await self._get_response(
                 detailed_prompt, [self.transcript], tone_name="Topic assistant"
             )
 
             paragraph_prompt = PARAGRAPH_SUMMARY_PROMPT
 
-            paragraph_response = await self.llm.get_response(
+            paragraph_response = await self._get_response(
                 paragraph_prompt, [str(detailed_response)], tone_name="Topic summarizer"
             )
 
@@ -345,13 +502,99 @@ class SummaryBuilder:
 
         recap_prompt = RECAP_PROMPT
 
-        recap_response = await self.llm.get_response(
+        recap_response = await self._get_response(
             recap_prompt, [summaries_text], tone_name="Recap summarizer"
         )
 
         self.recap = str(recap_response)
         self.logger.info(f"Quick recap: {self.recap}")
 
+    def _map_participant_names_to_ids(
+        self, response: ActionItemsResponse
+    ) -> ActionItemsResponse:
+        """Map participant names in action items to participant IDs."""
+        if not self.participant_name_to_id:
+            return response
+
+        decisions = []
+        for decision in response.decisions:
+            new_decision = decision.model_copy()
+            if (
+                decision.decided_by
+                and decision.decided_by in self.participant_name_to_id
+            ):
+                new_decision.decided_by_participant_id = self.participant_name_to_id[
+                    decision.decided_by
+                ]
+            decisions.append(new_decision)
+
+        next_steps = []
+        for item in response.next_steps:
+            new_item = item.model_copy()
+            if item.assigned_to and item.assigned_to in self.participant_name_to_id:
+                new_item.assigned_to_participant_id = self.participant_name_to_id[
+                    item.assigned_to
+                ]
+            next_steps.append(new_item)
+
+        return ActionItemsResponse(decisions=decisions, next_steps=next_steps)
+
+    async def identify_action_items(self) -> ActionItemsResponse | None:
+        """Identify action items (decisions and next steps) from the transcript."""
+        self.logger.info("--- identify action items using TreeSummarize")
+
+        if not self.transcript:
+            self.logger.warning(
+                "No transcript available for action items identification"
+            )
+            self.action_items = None
+            return None
+
+        action_items_prompt = ACTION_ITEMS_PROMPT
+
+        try:
+            response = await self._get_structured_response(
+                action_items_prompt,
+                ActionItemsResponse,
+                tone_name="Action item identifier",
+                timeout=settings.LLM_STRUCTURED_RESPONSE_TIMEOUT,
+            )
+
+            response = self._map_participant_names_to_ids(response)
+
+            self.action_items = response
+            self.logger.info(
+                f"Identified {len(response.decisions)} decisions and {len(response.next_steps)} action items",
+                decisions_count=len(response.decisions),
+                next_steps_count=len(response.next_steps),
+            )
+
+            if response.decisions:
+                self.logger.debug(
+                    "Decisions identified",
+                    decisions=[d.decision for d in response.decisions],
+                )
+            if response.next_steps:
+                self.logger.debug(
+                    "Action items identified",
+                    tasks=[item.task for item in response.next_steps],
+                )
+            if not response.decisions and not response.next_steps:
+                self.logger.warning(
+                    "No action items identified from transcript",
+                    transcript_length=len(self.transcript),
+                )
+
+            return response
+
+        except Exception as e:
+            self.logger.error(
+                f"Error identifying action items: {e}",
+                exc_info=True,
+            )
+            self.action_items = None
+            return None
+
     async def generate_summary(self, only_subjects: bool = False) -> None:
         """
         Generate summary by extracting subjects, creating summaries for each, and generating a recap.
@@ -363,6 +606,7 @@ class SummaryBuilder:
 
         await self.generate_subject_summaries()
         await self.generate_recap()
+        await self.identify_action_items()
 
     # ----------------------------------------------------------------------------
     # Markdown
@@ -465,8 +709,6 @@ if __name__ == "__main__":
         if args.summary:
             await sm.generate_summary()
 
-        # Note: action items generation has been removed
-
         print("")
         print("-" * 80)
         print("")

server/reflector/processors/transcript_final_summary.py

@@ -1,7 +1,12 @@
 from reflector.llm import LLM
 from reflector.processors.base import Processor
 from reflector.processors.summary.summary_builder import SummaryBuilder
-from reflector.processors.types import FinalLongSummary, FinalShortSummary, TitleSummary
+from reflector.processors.types import (
+    ActionItems,
+    FinalLongSummary,
+    FinalShortSummary,
+    TitleSummary,
+)
 from reflector.settings import settings
 
 
@@ -26,7 +31,30 @@ class TranscriptFinalSummaryProcessor(Processor):
     async def get_summary_builder(self, text) -> SummaryBuilder:
         builder = SummaryBuilder(self.llm, logger=self.logger)
         builder.set_transcript(text)
-        await builder.identify_participants()
+
+        if self.transcript and self.transcript.participants:
+            participant_names = [p.name for p in self.transcript.participants if p.name]
+            if participant_names:
+                self.logger.info(
+                    f"Using {len(participant_names)} known participants from transcript"
+                )
+                participant_name_to_id = {
+                    p.name: p.id
+                    for p in self.transcript.participants
+                    if p.name and p.id
+                }
+                builder.set_known_participants(
+                    participant_names, participant_name_to_id=participant_name_to_id
+                )
+            else:
+                self.logger.info(
+                    "Participants field exists but is empty, identifying participants"
+                )
+                await builder.identify_participants()
+        else:
+            self.logger.info("No participants stored, identifying participants")
+            await builder.identify_participants()
+
         await builder.generate_summary()
         return builder
 
@@ -45,22 +73,31 @@ class TranscriptFinalSummaryProcessor(Processor):
             self.logger.warning("No summary to output")
             return
 
-        # build the speakermap from the transcript
         speakermap = {}
         if self.transcript:
             speakermap = {
-                participant["speaker"]: participant["name"]
-                for participant in self.transcript.participants
+                p.speaker: p.name
+                for p in (self.transcript.participants or [])
+                if p.speaker is not None and p.name
             }
+            self.logger.info(
+                f"Built speaker map with {len(speakermap)} participants",
+                speakermap=speakermap,
+            )
 
-        # build the transcript as a single string
-        # XXX: unsure if the participants name as replaced directly in speaker ?
         text_transcript = []
+        unique_speakers = set()
         for topic in self.chunks:
             for segment in topic.transcript.as_segments():
                 name = speakermap.get(segment.speaker, f"Speaker {segment.speaker}")
+                unique_speakers.add((segment.speaker, name))
                 text_transcript.append(f"{name}: {segment.text}")
 
+        self.logger.info(
+            f"Built transcript with {len(unique_speakers)} unique speakers",
+            speakers=list(unique_speakers),
+        )
+
         text_transcript = "\n".join(text_transcript)
 
         last_chunk = self.chunks[-1]
@@ -81,4 +118,9 @@ class TranscriptFinalSummaryProcessor(Processor):
             )
             await self.emit(final_short_summary, name="short_summary")
 
+        if self.builder and self.builder.action_items:
+            action_items = self.builder.action_items.model_dump()
+            action_items = ActionItems(action_items=action_items)
+            await self.emit(action_items, name="action_items")
+
         await self.emit(final_long_summary)

server/reflector/processors/transcript_topic_detector.py

@@ -1,6 +1,6 @@
 from textwrap import dedent
 
-from pydantic import BaseModel, Field
+from pydantic import AliasChoices, BaseModel, Field
 
 from reflector.llm import LLM
 from reflector.processors.base import Processor
@@ -34,8 +34,14 @@ TOPIC_PROMPT = dedent(
 class TopicResponse(BaseModel):
     """Structured response for topic detection"""
 
-    title: str = Field(description="A descriptive title for the topic being discussed")
-    summary: str = Field(description="A concise 1-2 sentence summary of the discussion")
+    title: str = Field(
+        description="A descriptive title for the topic being discussed",
+        validation_alias=AliasChoices("title", "Title"),
+    )
+    summary: str = Field(
+        description="A concise 1-2 sentence summary of the discussion",
+        validation_alias=AliasChoices("summary", "Summary"),
+    )
 
 
 class TranscriptTopicDetectorProcessor(Processor):
@@ -72,7 +78,11 @@ class TranscriptTopicDetectorProcessor(Processor):
         """
         prompt = TOPIC_PROMPT.format(text=text)
         response = await self.llm.get_structured_response(
-            prompt, [text], TopicResponse, tone_name="Topic analyzer"
+            prompt,
+            [text],
+            TopicResponse,
+            tone_name="Topic analyzer",
+            timeout=settings.LLM_STRUCTURED_RESPONSE_TIMEOUT,
         )
         return response
 

server/reflector/processors/types.py

@@ -1,6 +1,7 @@
 import io
 import re
 import tempfile
+from collections import defaultdict
 from pathlib import Path
 from typing import Annotated, TypedDict
 
@@ -16,6 +17,17 @@ class DiarizationSegment(TypedDict):
 
 
 PUNC_RE = re.compile(r"[.;:?!…]")
+SENTENCE_END_RE = re.compile(r"[.?!…]$")
+
+# Max segment length for words_to_segments() - breaks on any punctuation (. ; : ? ! …)
+# when segment exceeds this limit. Used for non-multitrack recordings.
+MAX_SEGMENT_CHARS = 120
+
+# Max segment length for words_to_segments_by_sentence() - only breaks on sentence-ending
+# punctuation (. ? ! …) when segment exceeds this limit. Higher threshold allows complete
+# sentences in multitrack recordings where speakers overlap.
+# similar number to server/reflector/processors/transcript_liner.py
+MAX_SENTENCE_SEGMENT_CHARS = 1000
 
 
 class AudioFile(BaseModel):
@@ -76,7 +88,6 @@ def words_to_segments(words: list[Word]) -> list[TranscriptSegment]:
     # but separate if the speaker changes, or if the punctuation is a . , ; : ? !
     segments = []
     current_segment = None
-    MAX_SEGMENT_LENGTH = 120
 
     for word in words:
         if current_segment is None:
@@ -106,7 +117,7 @@ def words_to_segments(words: list[Word]) -> list[TranscriptSegment]:
         current_segment.end = word.end
 
         have_punc = PUNC_RE.search(word.text)
-        if have_punc and (len(current_segment.text) > MAX_SEGMENT_LENGTH):
+        if have_punc and (len(current_segment.text) > MAX_SEGMENT_CHARS):
             segments.append(current_segment)
             current_segment = None
 
@@ -116,6 +127,70 @@ def words_to_segments(words: list[Word]) -> list[TranscriptSegment]:
     return segments
 
 
+def words_to_segments_by_sentence(words: list[Word]) -> list[TranscriptSegment]:
+    """Group words by speaker, then split into sentences.
+
+    For multitrack recordings where words from different speakers are interleaved
+    by timestamp, this function first groups all words by speaker, then creates
+    segments based on sentence boundaries within each speaker's words.
+
+    This produces cleaner output than words_to_segments() which breaks on every
+    speaker change, resulting in many tiny segments when speakers overlap.
+    """
+    if not words:
+        return []
+
+    # Group words by speaker, preserving order within each speaker
+    by_speaker: dict[int, list[Word]] = defaultdict(list)
+    for w in words:
+        by_speaker[w.speaker].append(w)
+
+    segments: list[TranscriptSegment] = []
+
+    for speaker, speaker_words in by_speaker.items():
+        current_text = ""
+        current_start: float | None = None
+        current_end: float = 0.0
+
+        for word in speaker_words:
+            if current_start is None:
+                current_start = word.start
+
+            current_text += word.text
+            current_end = word.end
+
+            # Check for sentence end or max length
+            is_sentence_end = SENTENCE_END_RE.search(word.text.strip())
+            is_too_long = len(current_text) >= MAX_SENTENCE_SEGMENT_CHARS
+
+            if is_sentence_end or is_too_long:
+                segments.append(
+                    TranscriptSegment(
+                        text=current_text,
+                        start=current_start,
+                        end=current_end,
+                        speaker=speaker,
+                    )
+                )
+                current_text = ""
+                current_start = None
+
+        # Flush remaining words for this speaker
+        if current_text and current_start is not None:
+            segments.append(
+                TranscriptSegment(
+                    text=current_text,
+                    start=current_start,
+                    end=current_end,
+                    speaker=speaker,
+                )
+            )
+
+    # Sort segments by start time
+    segments.sort(key=lambda s: s.start)
+    return segments
+
+
 class Transcript(BaseModel):
     translation: str | None = None
     words: list[Word] = []
@@ -154,7 +229,9 @@ class Transcript(BaseModel):
             word.start += offset
             word.end += offset
 
-    def as_segments(self) -> list[TranscriptSegment]:
+    def as_segments(self, is_multitrack: bool = False) -> list[TranscriptSegment]:
+        if is_multitrack:
+            return words_to_segments_by_sentence(self.words)
         return words_to_segments(self.words)
 
 
@@ -187,6 +264,10 @@ class FinalShortSummary(BaseModel):
     duration: float
 
 
+class ActionItems(BaseModel):
+    action_items: dict  # JSON-serializable dict from ActionItemsResponse
+
+
 class FinalTitle(BaseModel):
     title: str
 

server/reflector/redis_cache.py

@@ -1,10 +1,17 @@
+import asyncio
 import functools
 import json
+from typing import Optional
 
 import redis
+import redis.asyncio as redis_async
+import structlog
+from redis.exceptions import LockError
 
 from reflector.settings import settings
 
+logger = structlog.get_logger(__name__)
+
 redis_clients = {}
 
 
@@ -21,6 +28,12 @@ def get_redis_client(db=0):
     return redis_clients[db]
 
 
+async def get_async_redis_client(db: int = 0):
+    return await redis_async.from_url(
+        f"redis://{settings.REDIS_HOST}:{settings.REDIS_PORT}/{db}"
+    )
+
+
 def redis_cache(prefix="cache", duration=3600, db=settings.REDIS_CACHE_DB, argidx=1):
     """
     Cache the result of a function in Redis.
@@ -49,3 +62,87 @@ def redis_cache(prefix="cache", duration=3600, db=settings.REDIS_CACHE_DB, argid
         return wrapper
 
     return decorator
+
+
+class RedisAsyncLock:
+    def __init__(
+        self,
+        key: str,
+        timeout: int = 120,
+        extend_interval: int = 30,
+        skip_if_locked: bool = False,
+        blocking: bool = True,
+        blocking_timeout: Optional[float] = None,
+    ):
+        self.key = f"async_lock:{key}"
+        self.timeout = timeout
+        self.extend_interval = extend_interval
+        self.skip_if_locked = skip_if_locked
+        self.blocking = blocking
+        self.blocking_timeout = blocking_timeout
+        self._lock = None
+        self._redis = None
+        self._extend_task = None
+        self._acquired = False
+
+    async def _extend_lock_periodically(self):
+        while True:
+            try:
+                await asyncio.sleep(self.extend_interval)
+                if self._lock:
+                    await self._lock.extend(self.timeout, replace_ttl=True)
+                    logger.debug("Extended lock", key=self.key)
+            except LockError:
+                logger.warning("Failed to extend lock", key=self.key)
+                break
+            except asyncio.CancelledError:
+                break
+            except Exception as e:
+                logger.error("Error extending lock", key=self.key, error=str(e))
+                break
+
+    async def __aenter__(self):
+        self._redis = await get_async_redis_client()
+        self._lock = self._redis.lock(
+            self.key,
+            timeout=self.timeout,
+            blocking=self.blocking,
+            blocking_timeout=self.blocking_timeout,
+        )
+
+        self._acquired = await self._lock.acquire()
+
+        if not self._acquired:
+            if self.skip_if_locked:
+                logger.warning(
+                    "Lock already acquired by another process, skipping", key=self.key
+                )
+                return self
+            else:
+                raise LockError(f"Failed to acquire lock: {self.key}")
+
+        self._extend_task = asyncio.create_task(self._extend_lock_periodically())
+        logger.info("Acquired lock", key=self.key)
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        if self._extend_task:
+            self._extend_task.cancel()
+            try:
+                await self._extend_task
+            except asyncio.CancelledError:
+                pass
+
+        if self._acquired and self._lock:
+            try:
+                await self._lock.release()
+                logger.info("Released lock", key=self.key)
+            except LockError:
+                logger.debug("Lock already released or expired", key=self.key)
+
+        if self._redis:
+            await self._redis.aclose()
+
+    @property
+    def acquired(self) -> bool:
+        return self._acquired

server/reflector/schemas/platform.py

@@ -0,0 +1,5 @@
+from typing import Literal
+
+Platform = Literal["whereby", "daily"]
+WHEREBY_PLATFORM: Platform = "whereby"
+DAILY_PLATFORM: Platform = "daily"

server/reflector/schemas/transcript_formats.py

@@ -0,0 +1,17 @@
+"""Schema definitions for transcript format types and segments."""
+
+from typing import Literal
+
+from pydantic import BaseModel
+
+TranscriptFormat = Literal["text", "text-timestamped", "webvtt-named", "json"]
+
+
+class TranscriptSegment(BaseModel):
+    """A single transcript segment with speaker and timing information."""
+
+    speaker: int
+    speaker_name: str
+    text: str
+    start: float
+    end: float

server/reflector/services/ics_sync.py

@@ -0,0 +1,408 @@
+"""
+ICS Calendar Synchronization Service
+
+This module provides services for fetching, parsing, and synchronizing ICS (iCalendar)
+calendar feeds with room booking data in the database.
+
+Key Components:
+- ICSFetchService: Handles HTTP fetching and parsing of ICS calendar data
+- ICSSyncService: Manages the synchronization process between ICS feeds and database
+
+Example Usage:
+    # Sync a room's calendar
+    room = Room(id="room1", name="conference-room", ics_url="https://cal.example.com/room.ics")
+    result = await ics_sync_service.sync_room_calendar(room)
+
+    # Result structure:
+    {
+        "status": "success",  # success|unchanged|error|skipped
+        "hash": "abc123...",  # MD5 hash of ICS content
+        "events_found": 5,    # Events matching this room
+        "total_events": 12,   # Total events in calendar within time window
+        "events_created": 2,  # New events added to database
+        "events_updated": 3,  # Existing events modified
+        "events_deleted": 1   # Events soft-deleted (no longer in calendar)
+    }
+
+Event Matching:
+    Events are matched to rooms by checking if the room's full URL appears in the
+    event's LOCATION or DESCRIPTION fields. Only events within a 25-hour window
+    (1 hour ago to 24 hours from now) are processed.
+
+Input: ICS calendar URL (e.g., "https://calendar.google.com/calendar/ical/...")
+Output: EventData objects with structured calendar information:
+    {
+        "ics_uid": "event123@google.com",
+        "title": "Team Meeting",
+        "description": "Weekly sync meeting",
+        "location": "https://meet.company.com/conference-room",
+        "start_time": datetime(2024, 1, 15, 14, 0, tzinfo=UTC),
+        "end_time": datetime(2024, 1, 15, 15, 0, tzinfo=UTC),
+        "attendees": [
+            {"email": "user@company.com", "name": "John Doe", "role": "ORGANIZER"},
+            {"email": "attendee@company.com", "name": "Jane Smith", "status": "ACCEPTED"}
+        ],
+        "ics_raw_data": "BEGIN:VEVENT\nUID:event123@google.com\n..."
+    }
+"""
+
+import hashlib
+from datetime import date, datetime, timedelta, timezone
+from enum import Enum
+from typing import TypedDict
+
+import httpx
+import pytz
+import structlog
+from icalendar import Calendar, Event
+
+from reflector.db.calendar_events import CalendarEvent, calendar_events_controller
+from reflector.db.rooms import Room, rooms_controller
+from reflector.redis_cache import RedisAsyncLock
+from reflector.settings import settings
+
+logger = structlog.get_logger()
+
+EVENT_WINDOW_DELTA_START = timedelta(hours=-1)
+EVENT_WINDOW_DELTA_END = timedelta(hours=24)
+
+
+class SyncStatus(str, Enum):
+    SUCCESS = "success"
+    UNCHANGED = "unchanged"
+    ERROR = "error"
+    SKIPPED = "skipped"
+
+
+class AttendeeData(TypedDict, total=False):
+    email: str | None
+    name: str | None
+    status: str | None
+    role: str | None
+
+
+class EventData(TypedDict):
+    ics_uid: str
+    title: str | None
+    description: str | None
+    location: str | None
+    start_time: datetime
+    end_time: datetime
+    attendees: list[AttendeeData]
+    ics_raw_data: str
+
+
+class SyncStats(TypedDict):
+    events_created: int
+    events_updated: int
+    events_deleted: int
+
+
+class SyncResultBase(TypedDict):
+    status: SyncStatus
+
+
+class SyncResult(SyncResultBase, total=False):
+    hash: str | None
+    events_found: int
+    total_events: int
+    events_created: int
+    events_updated: int
+    events_deleted: int
+    error: str | None
+    reason: str | None
+
+
+class ICSFetchService:
+    def __init__(self):
+        self.client = httpx.AsyncClient(
+            timeout=30.0, headers={"User-Agent": "Reflector/1.0"}
+        )
+
+    async def fetch_ics(self, url: str) -> str:
+        response = await self.client.get(url)
+        response.raise_for_status()
+
+        return response.text
+
+    def parse_ics(self, ics_content: str) -> Calendar:
+        return Calendar.from_ical(ics_content)
+
+    def extract_room_events(
+        self, calendar: Calendar, room_name: str, room_url: str
+    ) -> tuple[list[EventData], int]:
+        events = []
+        total_events = 0
+        now = datetime.now(timezone.utc)
+        window_start = now + EVENT_WINDOW_DELTA_START
+        window_end = now + EVENT_WINDOW_DELTA_END
+
+        for component in calendar.walk():
+            if component.name != "VEVENT":
+                continue
+
+            status = component.get("STATUS", "").upper()
+            if status == "CANCELLED":
+                continue
+
+            # Count total non-cancelled events in the time window
+            event_data = self._parse_event(component)
+            if event_data and window_start <= event_data["start_time"] <= window_end:
+                total_events += 1
+
+                # Check if event matches this room
+                if self._event_matches_room(component, room_name, room_url):
+                    events.append(event_data)
+
+        return events, total_events
+
+    def _event_matches_room(self, event: Event, room_name: str, room_url: str) -> bool:
+        location = str(event.get("LOCATION", ""))
+        description = str(event.get("DESCRIPTION", ""))
+
+        # Only match full room URL
+        # XXX leaved here as a patterns, to later be extended with tinyurl or such too
+        patterns = [
+            room_url,
+        ]
+
+        # Check location and description for patterns
+        text_to_check = f"{location} {description}".lower()
+        for pattern in patterns:
+            if pattern.lower() in text_to_check:
+                return True
+
+        return False
+
+    def _parse_event(self, event: Event) -> EventData | None:
+        uid = str(event.get("UID", ""))
+        summary = str(event.get("SUMMARY", ""))
+        description = str(event.get("DESCRIPTION", ""))
+        location = str(event.get("LOCATION", ""))
+        dtstart = event.get("DTSTART")
+        dtend = event.get("DTEND")
+
+        if not dtstart:
+            return None
+
+        # Convert fields
+        start_time = self._normalize_datetime(
+            dtstart.dt if hasattr(dtstart, "dt") else dtstart
+        )
+        end_time = (
+            self._normalize_datetime(dtend.dt if hasattr(dtend, "dt") else dtend)
+            if dtend
+            else start_time + timedelta(hours=1)
+        )
+        attendees = self._parse_attendees(event)
+
+        # Get raw event data for storage
+        raw_data = event.to_ical().decode("utf-8")
+
+        return {
+            "ics_uid": uid,
+            "title": summary,
+            "description": description,
+            "location": location,
+            "start_time": start_time,
+            "end_time": end_time,
+            "attendees": attendees,
+            "ics_raw_data": raw_data,
+        }
+
+    def _normalize_datetime(self, dt) -> datetime:
+        # Ensure datetime is with timezone, if not, assume UTC
+        if isinstance(dt, date) and not isinstance(dt, datetime):
+            dt = datetime.combine(dt, datetime.min.time())
+            dt = pytz.UTC.localize(dt)
+        elif isinstance(dt, datetime):
+            if dt.tzinfo is None:
+                dt = pytz.UTC.localize(dt)
+            else:
+                dt = dt.astimezone(pytz.UTC)
+
+        return dt
+
+    def _parse_attendees(self, event: Event) -> list[AttendeeData]:
+        # Extracts attendee information from both ATTENDEE and ORGANIZER properties.
+        # Handles malformed comma-separated email addresses in single ATTENDEE fields
+        # by splitting them into separate attendee entries. Returns a list of attendee
+        # data including email, name, status, and role information.
+        final_attendees = []
+
+        attendees = event.get("ATTENDEE", [])
+        if not isinstance(attendees, list):
+            attendees = [attendees]
+        for att in attendees:
+            email_str = str(att).replace("mailto:", "") if att else None
+
+            # Handle malformed comma-separated email addresses in a single ATTENDEE field
+            if email_str and "," in email_str:
+                # Split comma-separated emails and create separate attendee entries
+                email_parts = [email.strip() for email in email_str.split(",")]
+                for email in email_parts:
+                    if email and "@" in email:
+                        clean_email = email.replace("MAILTO:", "").replace(
+                            "mailto:", ""
+                        )
+                        att_data: AttendeeData = {
+                            "email": clean_email,
+                            "name": att.params.get("CN")
+                            if hasattr(att, "params") and email == email_parts[0]
+                            else None,
+                            "status": att.params.get("PARTSTAT")
+                            if hasattr(att, "params") and email == email_parts[0]
+                            else None,
+                            "role": att.params.get("ROLE")
+                            if hasattr(att, "params") and email == email_parts[0]
+                            else None,
+                        }
+                        final_attendees.append(att_data)
+            else:
+                # Normal single attendee
+                att_data: AttendeeData = {
+                    "email": email_str,
+                    "name": att.params.get("CN") if hasattr(att, "params") else None,
+                    "status": att.params.get("PARTSTAT")
+                    if hasattr(att, "params")
+                    else None,
+                    "role": att.params.get("ROLE") if hasattr(att, "params") else None,
+                }
+                final_attendees.append(att_data)
+
+        # Add organizer
+        organizer = event.get("ORGANIZER")
+        if organizer:
+            org_email = (
+                str(organizer).replace("mailto:", "").replace("MAILTO:", "")
+                if organizer
+                else None
+            )
+            org_data: AttendeeData = {
+                "email": org_email,
+                "name": organizer.params.get("CN")
+                if hasattr(organizer, "params")
+                else None,
+                "role": "ORGANIZER",
+            }
+            final_attendees.append(org_data)
+
+        return final_attendees
+
+
+class ICSSyncService:
+    def __init__(self):
+        self.fetch_service = ICSFetchService()
+
+    async def sync_room_calendar(self, room: Room) -> SyncResult:
+        async with RedisAsyncLock(
+            f"ics_sync_room:{room.id}", skip_if_locked=True
+        ) as lock:
+            if not lock.acquired:
+                logger.warning("ICS sync already in progress for room", room_id=room.id)
+                return {
+                    "status": SyncStatus.SKIPPED,
+                    "reason": "Sync already in progress",
+                }
+
+            return await self._sync_room_calendar(room)
+
+    async def _sync_room_calendar(self, room: Room) -> SyncResult:
+        if not room.ics_enabled or not room.ics_url:
+            return {"status": SyncStatus.SKIPPED, "reason": "ICS not configured"}
+
+        try:
+            if not self._should_sync(room):
+                return {"status": SyncStatus.SKIPPED, "reason": "Not time to sync yet"}
+
+            ics_content = await self.fetch_service.fetch_ics(room.ics_url)
+            calendar = self.fetch_service.parse_ics(ics_content)
+
+            content_hash = hashlib.md5(ics_content.encode()).hexdigest()
+            if room.ics_last_etag == content_hash:
+                logger.info("No changes in ICS for room", room_id=room.id)
+                room_url = f"{settings.UI_BASE_URL}/{room.name}"
+                events, total_events = self.fetch_service.extract_room_events(
+                    calendar, room.name, room_url
+                )
+                return {
+                    "status": SyncStatus.UNCHANGED,
+                    "hash": content_hash,
+                    "events_found": len(events),
+                    "total_events": total_events,
+                    "events_created": 0,
+                    "events_updated": 0,
+                    "events_deleted": 0,
+                }
+
+            # Extract matching events
+            room_url = f"{settings.UI_BASE_URL}/{room.name}"
+            events, total_events = self.fetch_service.extract_room_events(
+                calendar, room.name, room_url
+            )
+            sync_result = await self._sync_events_to_database(room.id, events)
+
+            # Update room sync metadata
+            await rooms_controller.update(
+                room,
+                {
+                    "ics_last_sync": datetime.now(timezone.utc),
+                    "ics_last_etag": content_hash,
+                },
+                mutate=False,
+            )
+
+            return {
+                "status": SyncStatus.SUCCESS,
+                "hash": content_hash,
+                "events_found": len(events),
+                "total_events": total_events,
+                **sync_result,
+            }
+
+        except Exception as e:
+            logger.error("Failed to sync ICS for room", room_id=room.id, error=str(e))
+            return {"status": SyncStatus.ERROR, "error": str(e)}
+
+    def _should_sync(self, room: Room) -> bool:
+        if not room.ics_last_sync:
+            return True
+
+        time_since_sync = datetime.now(timezone.utc) - room.ics_last_sync
+        return time_since_sync.total_seconds() >= room.ics_fetch_interval
+
+    async def _sync_events_to_database(
+        self, room_id: str, events: list[EventData]
+    ) -> SyncStats:
+        created = 0
+        updated = 0
+
+        current_ics_uids = []
+
+        for event_data in events:
+            calendar_event = CalendarEvent(room_id=room_id, **event_data)
+            existing = await calendar_events_controller.get_by_ics_uid(
+                room_id, event_data["ics_uid"]
+            )
+
+            if existing:
+                updated += 1
+            else:
+                created += 1
+
+            await calendar_events_controller.upsert(calendar_event)
+            current_ics_uids.append(event_data["ics_uid"])
+
+        # Soft delete events that are no longer in calendar
+        deleted = await calendar_events_controller.soft_delete_missing(
+            room_id, current_ics_uids
+        )
+
+        return {
+            "events_created": created,
+            "events_updated": updated,
+            "events_deleted": deleted,
+        }
+
+
+ics_sync_service = ICSSyncService()

server/reflector/services/transcript_process.py

@@ -0,0 +1,171 @@
+"""
+Transcript processing service - shared logic for HTTP endpoints and Celery tasks.
+
+This module provides result-based error handling that works in both contexts:
+- HTTP endpoint: converts errors to HTTPException
+- Celery task: converts errors to Exception
+"""
+
+from dataclasses import dataclass
+from typing import Literal, Union, assert_never
+
+import celery
+from celery.result import AsyncResult
+
+from reflector.db.recordings import recordings_controller
+from reflector.db.transcripts import Transcript
+from reflector.pipelines.main_file_pipeline import task_pipeline_file_process
+from reflector.pipelines.main_multitrack_pipeline import (
+    task_pipeline_multitrack_process,
+)
+from reflector.utils.string import NonEmptyString
+
+
+@dataclass
+class ProcessError:
+    detail: NonEmptyString
+
+
+@dataclass
+class FileProcessingConfig:
+    transcript_id: NonEmptyString
+    mode: Literal["file"] = "file"
+
+
+@dataclass
+class MultitrackProcessingConfig:
+    transcript_id: NonEmptyString
+    bucket_name: NonEmptyString
+    track_keys: list[str]
+    mode: Literal["multitrack"] = "multitrack"
+
+
+ProcessingConfig = Union[FileProcessingConfig, MultitrackProcessingConfig]
+PrepareResult = Union[ProcessingConfig, ProcessError]
+
+
+@dataclass
+class ValidationOk:
+    # transcript currently doesnt always have recording_id
+    recording_id: NonEmptyString | None
+    transcript_id: NonEmptyString
+
+
+@dataclass
+class ValidationLocked:
+    detail: NonEmptyString
+
+
+@dataclass
+class ValidationNotReady:
+    detail: NonEmptyString
+
+
+@dataclass
+class ValidationAlreadyScheduled:
+    detail: NonEmptyString
+
+
+ValidationError = Union[
+    ValidationNotReady, ValidationLocked, ValidationAlreadyScheduled
+]
+ValidationResult = Union[ValidationOk, ValidationError]
+
+
+@dataclass
+class DispatchOk:
+    status: Literal["ok"] = "ok"
+
+
+@dataclass
+class DispatchAlreadyRunning:
+    status: Literal["already_running"] = "already_running"
+
+
+DispatchResult = Union[
+    DispatchOk, DispatchAlreadyRunning, ProcessError, ValidationError
+]
+
+
+async def validate_transcript_for_processing(
+    transcript: Transcript,
+) -> ValidationResult:
+    if transcript.locked:
+        return ValidationLocked(detail="Recording is locked")
+
+    if transcript.status == "idle":
+        return ValidationNotReady(detail="Recording is not ready for processing")
+
+    if task_is_scheduled_or_active(
+        "reflector.pipelines.main_file_pipeline.task_pipeline_file_process",
+        transcript_id=transcript.id,
+    ) or task_is_scheduled_or_active(
+        "reflector.pipelines.main_multitrack_pipeline.task_pipeline_multitrack_process",
+        transcript_id=transcript.id,
+    ):
+        return ValidationAlreadyScheduled(detail="already running")
+
+    return ValidationOk(
+        recording_id=transcript.recording_id, transcript_id=transcript.id
+    )
+
+
+async def prepare_transcript_processing(validation: ValidationOk) -> PrepareResult:
+    """
+    Determine processing mode from transcript/recording data.
+    """
+    bucket_name: str | None = None
+    track_keys: list[str] | None = None
+
+    if validation.recording_id:
+        recording = await recordings_controller.get_by_id(validation.recording_id)
+        if recording:
+            bucket_name = recording.bucket_name
+            track_keys = recording.track_keys
+
+            if track_keys is not None and len(track_keys) == 0:
+                return ProcessError(
+                    detail="No track keys found, must be either > 0 or None",
+                )
+            if track_keys is not None and not bucket_name:
+                return ProcessError(
+                    detail="Bucket name must be specified",
+                )
+
+    if track_keys:
+        return MultitrackProcessingConfig(
+            bucket_name=bucket_name,  # type: ignore (validated above)
+            track_keys=track_keys,
+            transcript_id=validation.transcript_id,
+        )
+
+    return FileProcessingConfig(
+        transcript_id=validation.transcript_id,
+    )
+
+
+def dispatch_transcript_processing(config: ProcessingConfig) -> AsyncResult:
+    if isinstance(config, MultitrackProcessingConfig):
+        return task_pipeline_multitrack_process.delay(
+            transcript_id=config.transcript_id,
+            bucket_name=config.bucket_name,
+            track_keys=config.track_keys,
+        )
+    elif isinstance(config, FileProcessingConfig):
+        return task_pipeline_file_process.delay(transcript_id=config.transcript_id)
+    else:
+        assert_never(config)
+
+
+def task_is_scheduled_or_active(task_name: str, **kwargs):
+    inspect = celery.current_app.control.inspect()
+
+    scheduled = inspect.scheduled() or {}
+    active = inspect.active() or {}
+    all = scheduled | active
+    for worker, tasks in all.items():
+        for task in tasks:
+            if task["name"] == task_name and task["kwargs"] == kwargs:
+                return True
+
+    return False

server/reflector/settings.py

@@ -1,6 +1,7 @@
 from pydantic.types import PositiveInt
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
+from reflector.schemas.platform import WHEREBY_PLATFORM, Platform
 from reflector.utils.string import NonEmptyString
 
 
@@ -47,14 +48,17 @@ class Settings(BaseSettings):
     TRANSCRIPT_STORAGE_AWS_ACCESS_KEY_ID: str | None = None
     TRANSCRIPT_STORAGE_AWS_SECRET_ACCESS_KEY: str | None = None
 
-    # Recording storage
-    RECORDING_STORAGE_BACKEND: str | None = None
+    # Platform-specific recording storage (follows {PREFIX}_STORAGE_AWS_{CREDENTIAL} pattern)
+    # Whereby storage configuration
+    WHEREBY_STORAGE_AWS_BUCKET_NAME: str | None = None
+    WHEREBY_STORAGE_AWS_REGION: str | None = None
+    WHEREBY_STORAGE_AWS_ACCESS_KEY_ID: str | None = None
+    WHEREBY_STORAGE_AWS_SECRET_ACCESS_KEY: str | None = None
 
-    # Recording storage configuration for AWS
-    RECORDING_STORAGE_AWS_BUCKET_NAME: str = "recording-bucket"
-    RECORDING_STORAGE_AWS_REGION: str = "us-east-1"
-    RECORDING_STORAGE_AWS_ACCESS_KEY_ID: str | None = None
-    RECORDING_STORAGE_AWS_SECRET_ACCESS_KEY: str | None = None
+    # Daily.co storage configuration
+    DAILYCO_STORAGE_AWS_BUCKET_NAME: str | None = None
+    DAILYCO_STORAGE_AWS_REGION: str | None = None
+    DAILYCO_STORAGE_AWS_ROLE_ARN: str | None = None
 
     # Translate into the target language
     TRANSLATION_BACKEND: str = "passthrough"
@@ -70,6 +74,13 @@ class Settings(BaseSettings):
     LLM_API_KEY: str | None = None
     LLM_CONTEXT_WINDOW: int = 16000
 
+    LLM_PARSE_MAX_RETRIES: int = (
+        3  # Max retries for JSON/validation errors (total attempts = retries + 1)
+    )
+    LLM_STRUCTURED_RESPONSE_TIMEOUT: int = (
+        300  # Timeout in seconds for structured responses (5 minutes)
+    )
+
     # Diarization
     DIARIZATION_ENABLED: bool = True
     DIARIZATION_BACKEND: str = "modal"
@@ -124,11 +135,19 @@ class Settings(BaseSettings):
     WHEREBY_API_URL: str = "https://api.whereby.dev/v1"
     WHEREBY_API_KEY: NonEmptyString | None = None
     WHEREBY_WEBHOOK_SECRET: str | None = None
-    AWS_WHEREBY_ACCESS_KEY_ID: str | None = None
-    AWS_WHEREBY_ACCESS_KEY_SECRET: str | None = None
     AWS_PROCESS_RECORDING_QUEUE_URL: str | None = None
     SQS_POLLING_TIMEOUT_SECONDS: int = 60
 
+    # Daily.co integration
+    DAILY_API_KEY: str | None = None
+    DAILY_WEBHOOK_SECRET: str | None = None
+    DAILY_SUBDOMAIN: str | None = None
+    DAILY_WEBHOOK_UUID: str | None = (
+        None  # Webhook UUID for this environment. Not used by production code
+    )
+    # Platform Configuration
+    DEFAULT_VIDEO_PLATFORM: Platform = WHEREBY_PLATFORM
+
     # Zulip integration
     ZULIP_REALM: str | None = None
     ZULIP_API_KEY: str | None = None

server/reflector/storage/__init__.py

@@ -3,6 +3,13 @@ from reflector.settings import settings
 
 
 def get_transcripts_storage() -> Storage:
+    """
+    Get storage for processed transcript files (master credentials).
+
+    Also use this for ALL our file operations with bucket override:
+        master = get_transcripts_storage()
+        master.delete_file(key, bucket=recording.bucket_name)
+    """
     assert settings.TRANSCRIPT_STORAGE_BACKEND
     return Storage.get_instance(
         name=settings.TRANSCRIPT_STORAGE_BACKEND,
@@ -10,8 +17,53 @@ def get_transcripts_storage() -> Storage:
     )
 
 
-def get_recordings_storage() -> Storage:
+def get_whereby_storage() -> Storage:
+    """
+    Get storage config for Whereby (for passing to Whereby API).
+
+    Usage:
+        whereby_storage = get_whereby_storage()
+        key_id, secret = whereby_storage.key_credentials
+        whereby_api.create_meeting(
+            bucket=whereby_storage.bucket_name,
+            access_key_id=key_id,
+            secret=secret,
+        )
+
+    Do NOT use for our file operations - use get_transcripts_storage() instead.
+    """
+    if not settings.WHEREBY_STORAGE_AWS_BUCKET_NAME:
+        raise ValueError(
+            "WHEREBY_STORAGE_AWS_BUCKET_NAME required for Whereby with AWS storage"
+        )
+
     return Storage.get_instance(
-        name=settings.RECORDING_STORAGE_BACKEND,
-        settings_prefix="RECORDING_STORAGE_",
+        name="aws",
+        settings_prefix="WHEREBY_STORAGE_",
+    )
+
+
+def get_dailyco_storage() -> Storage:
+    """
+    Get storage config for Daily.co (for passing to Daily API).
+
+    Usage:
+        daily_storage = get_dailyco_storage()
+        daily_api.create_meeting(
+            bucket=daily_storage.bucket_name,
+            region=daily_storage.region,
+            role_arn=daily_storage.role_credential,
+        )
+
+    Do NOT use for our file operations - use get_transcripts_storage() instead.
+    """
+    # Fail fast if platform-specific config missing
+    if not settings.DAILYCO_STORAGE_AWS_BUCKET_NAME:
+        raise ValueError(
+            "DAILYCO_STORAGE_AWS_BUCKET_NAME required for Daily.co with AWS storage"
+        )
+
+    return Storage.get_instance(
+        name="aws",
+        settings_prefix="DAILYCO_STORAGE_",
     )

server/reflector/storage/base.py

@@ -1,10 +1,23 @@
 import importlib
+from typing import BinaryIO, Union
 
 from pydantic import BaseModel
 
 from reflector.settings import settings
 
 
+class StorageError(Exception):
+    """Base exception for storage operations."""
+
+    pass
+
+
+class StoragePermissionError(StorageError):
+    """Exception raised when storage operation fails due to permission issues."""
+
+    pass
+
+
 class FileResult(BaseModel):
     filename: str
     url: str
@@ -36,26 +49,113 @@ class Storage:
 
         return cls._registry[name](**config)
 
-    async def put_file(self, filename: str, data: bytes) -> FileResult:
-        return await self._put_file(filename, data)
-
-    async def _put_file(self, filename: str, data: bytes) -> FileResult:
+    # Credential properties for API passthrough
+    @property
+    def bucket_name(self) -> str:
+        """Default bucket name for this storage instance."""
         raise NotImplementedError
 
-    async def delete_file(self, filename: str):
-        return await self._delete_file(filename)
-
-    async def _delete_file(self, filename: str):
+    @property
+    def region(self) -> str:
+        """AWS region for this storage instance."""
         raise NotImplementedError
 
-    async def get_file_url(self, filename: str) -> str:
-        return await self._get_file_url(filename)
+    @property
+    def access_key_id(self) -> str | None:
+        """AWS access key ID (None for role-based auth). Prefer key_credentials property."""
+        return None
 
-    async def _get_file_url(self, filename: str) -> str:
+    @property
+    def secret_access_key(self) -> str | None:
+        """AWS secret access key (None for role-based auth). Prefer key_credentials property."""
+        return None
+
+    @property
+    def role_arn(self) -> str | None:
+        """AWS IAM role ARN for role-based auth (None for key-based auth). Prefer role_credential property."""
+        return None
+
+    @property
+    def key_credentials(self) -> tuple[str, str]:
+        """
+        Get (access_key_id, secret_access_key) for key-based auth.
+        Raises ValueError if storage uses IAM role instead.
+        """
         raise NotImplementedError
 
-    async def get_file(self, filename: str):
-        return await self._get_file(filename)
-
-    async def _get_file(self, filename: str):
+    @property
+    def role_credential(self) -> str:
+        """
+        Get IAM role ARN for role-based auth.
+        Raises ValueError if storage uses access keys instead.
+        """
+        raise NotImplementedError
+
+    async def put_file(
+        self, filename: str, data: Union[bytes, BinaryIO], *, bucket: str | None = None
+    ) -> FileResult:
+        """Upload data. bucket: override instance default if provided."""
+        return await self._put_file(filename, data, bucket=bucket)
+
+    async def _put_file(
+        self, filename: str, data: Union[bytes, BinaryIO], *, bucket: str | None = None
+    ) -> FileResult:
+        raise NotImplementedError
+
+    async def delete_file(self, filename: str, *, bucket: str | None = None):
+        """Delete file. bucket: override instance default if provided."""
+        return await self._delete_file(filename, bucket=bucket)
+
+    async def _delete_file(self, filename: str, *, bucket: str | None = None):
+        raise NotImplementedError
+
+    async def get_file_url(
+        self,
+        filename: str,
+        operation: str = "get_object",
+        expires_in: int = 3600,
+        *,
+        bucket: str | None = None,
+    ) -> str:
+        """Generate presigned URL. bucket: override instance default if provided."""
+        return await self._get_file_url(filename, operation, expires_in, bucket=bucket)
+
+    async def _get_file_url(
+        self,
+        filename: str,
+        operation: str = "get_object",
+        expires_in: int = 3600,
+        *,
+        bucket: str | None = None,
+    ) -> str:
+        raise NotImplementedError
+
+    async def get_file(self, filename: str, *, bucket: str | None = None):
+        """Download file. bucket: override instance default if provided."""
+        return await self._get_file(filename, bucket=bucket)
+
+    async def _get_file(self, filename: str, *, bucket: str | None = None):
+        raise NotImplementedError
+
+    async def list_objects(
+        self, prefix: str = "", *, bucket: str | None = None
+    ) -> list[str]:
+        """List object keys. bucket: override instance default if provided."""
+        return await self._list_objects(prefix, bucket=bucket)
+
+    async def _list_objects(
+        self, prefix: str = "", *, bucket: str | None = None
+    ) -> list[str]:
+        raise NotImplementedError
+
+    async def stream_to_fileobj(
+        self, filename: str, fileobj: BinaryIO, *, bucket: str | None = None
+    ):
+        """Stream file directly to file object without loading into memory.
+        bucket: override instance default if provided."""
+        return await self._stream_to_fileobj(filename, fileobj, bucket=bucket)
+
+    async def _stream_to_fileobj(
+        self, filename: str, fileobj: BinaryIO, *, bucket: str | None = None
+    ):
         raise NotImplementedError

server/reflector/storage/storage_aws.py

@@ -1,79 +1,236 @@
+from functools import wraps
+from typing import BinaryIO, Union
+
 import aioboto3
+from botocore.config import Config
+from botocore.exceptions import ClientError
 
 from reflector.logger import logger
-from reflector.storage.base import FileResult, Storage
+from reflector.storage.base import FileResult, Storage, StoragePermissionError
+
+
+def handle_s3_client_errors(operation_name: str):
+    """Decorator to handle S3 ClientError with bucket-aware messaging.
+
+    Args:
+        operation_name: Human-readable operation name for error messages (e.g., "upload", "delete")
+    """
+
+    def decorator(func):
+        @wraps(func)
+        async def wrapper(self, *args, **kwargs):
+            bucket = kwargs.get("bucket")
+            try:
+                return await func(self, *args, **kwargs)
+            except ClientError as e:
+                error_code = e.response.get("Error", {}).get("Code")
+                if error_code in ("AccessDenied", "NoSuchBucket"):
+                    actual_bucket = bucket or self._bucket_name
+                    bucket_context = (
+                        f"overridden bucket '{actual_bucket}'"
+                        if bucket
+                        else f"default bucket '{actual_bucket}'"
+                    )
+                    raise StoragePermissionError(
+                        f"S3 {operation_name} failed for {bucket_context}: {error_code}. "
+                        f"Check TRANSCRIPT_STORAGE_AWS_* credentials have permission."
+                    ) from e
+                raise
+
+        return wrapper
+
+    return decorator
 
 
 class AwsStorage(Storage):
+    """AWS S3 storage with bucket override for multi-platform recording architecture.
+    Master credentials access all buckets via optional bucket parameter in operations."""
+
     def __init__(
         self,
-        aws_access_key_id: str,
-        aws_secret_access_key: str,
         aws_bucket_name: str,
         aws_region: str,
+        aws_access_key_id: str | None = None,
+        aws_secret_access_key: str | None = None,
+        aws_role_arn: str | None = None,
     ):
-        if not aws_access_key_id:
-            raise ValueError("Storage `aws_storage` require `aws_access_key_id`")
-        if not aws_secret_access_key:
-            raise ValueError("Storage `aws_storage` require `aws_secret_access_key`")
         if not aws_bucket_name:
             raise ValueError("Storage `aws_storage` require `aws_bucket_name`")
         if not aws_region:
             raise ValueError("Storage `aws_storage` require `aws_region`")
+        if not aws_access_key_id and not aws_role_arn:
+            raise ValueError(
+                "Storage `aws_storage` require either `aws_access_key_id` or `aws_role_arn`"
+            )
+        if aws_role_arn and (aws_access_key_id or aws_secret_access_key):
+            raise ValueError(
+                "Storage `aws_storage` cannot use both `aws_role_arn` and access keys"
+            )
 
         super().__init__()
-        self.aws_bucket_name = aws_bucket_name
+        self._bucket_name = aws_bucket_name
+        self._region = aws_region
+        self._access_key_id = aws_access_key_id
+        self._secret_access_key = aws_secret_access_key
+        self._role_arn = aws_role_arn
+
         self.aws_folder = ""
         if "/" in aws_bucket_name:
-            self.aws_bucket_name, self.aws_folder = aws_bucket_name.split("/", 1)
+            self._bucket_name, self.aws_folder = aws_bucket_name.split("/", 1)
+        self.boto_config = Config(retries={"max_attempts": 3, "mode": "adaptive"})
         self.session = aioboto3.Session(
             aws_access_key_id=aws_access_key_id,
             aws_secret_access_key=aws_secret_access_key,
             region_name=aws_region,
         )
-        self.base_url = f"https://{aws_bucket_name}.s3.amazonaws.com/"
+        self.base_url = f"https://{self._bucket_name}.s3.amazonaws.com/"
 
-    async def _put_file(self, filename: str, data: bytes) -> FileResult:
-        bucket = self.aws_bucket_name
-        folder = self.aws_folder
-        logger.info(f"Uploading {filename} to S3 {bucket}/{folder}")
-        s3filename = f"{folder}/{filename}" if folder else filename
-        async with self.session.client("s3") as client:
-            await client.put_object(
-                Bucket=bucket,
-                Key=s3filename,
-                Body=data,
+    # Implement credential properties
+    @property
+    def bucket_name(self) -> str:
+        return self._bucket_name
+
+    @property
+    def region(self) -> str:
+        return self._region
+
+    @property
+    def access_key_id(self) -> str | None:
+        return self._access_key_id
+
+    @property
+    def secret_access_key(self) -> str | None:
+        return self._secret_access_key
+
+    @property
+    def role_arn(self) -> str | None:
+        return self._role_arn
+
+    @property
+    def key_credentials(self) -> tuple[str, str]:
+        """Get (access_key_id, secret_access_key) for key-based auth."""
+        if self._role_arn:
+            raise ValueError(
+                "Storage uses IAM role authentication. "
+                "Use role_credential property instead of key_credentials."
             )
+        if not self._access_key_id or not self._secret_access_key:
+            raise ValueError("Storage access key credentials not configured")
+        return (self._access_key_id, self._secret_access_key)
 
-    async def _get_file_url(self, filename: str) -> FileResult:
-        bucket = self.aws_bucket_name
+    @property
+    def role_credential(self) -> str:
+        """Get IAM role ARN for role-based auth."""
+        if self._access_key_id or self._secret_access_key:
+            raise ValueError(
+                "Storage uses access key authentication. "
+                "Use key_credentials property instead of role_credential."
+            )
+        if not self._role_arn:
+            raise ValueError("Storage IAM role ARN not configured")
+        return self._role_arn
+
+    @handle_s3_client_errors("upload")
+    async def _put_file(
+        self, filename: str, data: Union[bytes, BinaryIO], *, bucket: str | None = None
+    ) -> FileResult:
+        actual_bucket = bucket or self._bucket_name
         folder = self.aws_folder
         s3filename = f"{folder}/{filename}" if folder else filename
-        async with self.session.client("s3") as client:
+        logger.info(f"Uploading {filename} to S3 {actual_bucket}/{folder}")
+
+        async with self.session.client("s3", config=self.boto_config) as client:
+            if isinstance(data, bytes):
+                await client.put_object(Bucket=actual_bucket, Key=s3filename, Body=data)
+            else:
+                # boto3 reads file-like object in chunks
+                # avoids creating extra memory copy vs bytes.getvalue() approach
+                await client.upload_fileobj(data, Bucket=actual_bucket, Key=s3filename)
+
+        url = await self._get_file_url(filename, bucket=bucket)
+        return FileResult(filename=filename, url=url)
+
+    @handle_s3_client_errors("presign")
+    async def _get_file_url(
+        self,
+        filename: str,
+        operation: str = "get_object",
+        expires_in: int = 3600,
+        *,
+        bucket: str | None = None,
+    ) -> str:
+        actual_bucket = bucket or self._bucket_name
+        folder = self.aws_folder
+        s3filename = f"{folder}/{filename}" if folder else filename
+        async with self.session.client("s3", config=self.boto_config) as client:
             presigned_url = await client.generate_presigned_url(
-                "get_object",
-                Params={"Bucket": bucket, "Key": s3filename},
-                ExpiresIn=3600,
+                operation,
+                Params={"Bucket": actual_bucket, "Key": s3filename},
+                ExpiresIn=expires_in,
             )
 
             return presigned_url
 
-    async def _delete_file(self, filename: str):
-        bucket = self.aws_bucket_name
+    @handle_s3_client_errors("delete")
+    async def _delete_file(self, filename: str, *, bucket: str | None = None):
+        actual_bucket = bucket or self._bucket_name
         folder = self.aws_folder
-        logger.info(f"Deleting {filename} from S3 {bucket}/{folder}")
+        logger.info(f"Deleting {filename} from S3 {actual_bucket}/{folder}")
         s3filename = f"{folder}/{filename}" if folder else filename
-        async with self.session.client("s3") as client:
-            await client.delete_object(Bucket=bucket, Key=s3filename)
+        async with self.session.client("s3", config=self.boto_config) as client:
+            await client.delete_object(Bucket=actual_bucket, Key=s3filename)
 
-    async def _get_file(self, filename: str):
-        bucket = self.aws_bucket_name
+    @handle_s3_client_errors("download")
+    async def _get_file(self, filename: str, *, bucket: str | None = None):
+        actual_bucket = bucket or self._bucket_name
         folder = self.aws_folder
-        logger.info(f"Downloading {filename} from S3 {bucket}/{folder}")
+        logger.info(f"Downloading {filename} from S3 {actual_bucket}/{folder}")
         s3filename = f"{folder}/{filename}" if folder else filename
-        async with self.session.client("s3") as client:
-            response = await client.get_object(Bucket=bucket, Key=s3filename)
+        async with self.session.client("s3", config=self.boto_config) as client:
+            response = await client.get_object(Bucket=actual_bucket, Key=s3filename)
             return await response["Body"].read()
 
+    @handle_s3_client_errors("list_objects")
+    async def _list_objects(
+        self, prefix: str = "", *, bucket: str | None = None
+    ) -> list[str]:
+        actual_bucket = bucket or self._bucket_name
+        folder = self.aws_folder
+        # Combine folder and prefix
+        s3prefix = f"{folder}/{prefix}" if folder else prefix
+        logger.info(f"Listing objects from S3 {actual_bucket} with prefix '{s3prefix}'")
+
+        keys = []
+        async with self.session.client("s3", config=self.boto_config) as client:
+            paginator = client.get_paginator("list_objects_v2")
+            async for page in paginator.paginate(Bucket=actual_bucket, Prefix=s3prefix):
+                if "Contents" in page:
+                    for obj in page["Contents"]:
+                        # Strip folder prefix from keys if present
+                        key = obj["Key"]
+                        if folder:
+                            if key.startswith(f"{folder}/"):
+                                key = key[len(folder) + 1 :]
+                            elif key == folder:
+                                # Skip folder marker itself
+                                continue
+                        keys.append(key)
+
+        return keys
+
+    @handle_s3_client_errors("stream")
+    async def _stream_to_fileobj(
+        self, filename: str, fileobj: BinaryIO, *, bucket: str | None = None
+    ):
+        """Stream file from S3 directly to file object without loading into memory."""
+        actual_bucket = bucket or self._bucket_name
+        folder = self.aws_folder
+        logger.info(f"Streaming {filename} from S3 {actual_bucket}/{folder}")
+        s3filename = f"{folder}/{filename}" if folder else filename
+        async with self.session.client("s3", config=self.boto_config) as client:
+            await client.download_fileobj(
+                Bucket=actual_bucket, Key=s3filename, Fileobj=fileobj
+            )
+
 
 Storage.register("aws", AwsStorage)

server/reflector/tools/cli_multitrack.py

@@ -0,0 +1,347 @@
+import asyncio
+import sys
+import time
+from dataclasses import dataclass
+from typing import Any, Dict, List, Optional, Protocol
+
+import structlog
+from celery.result import AsyncResult
+
+from reflector.db import get_database
+from reflector.db.transcripts import SourceKind, Transcript, transcripts_controller
+from reflector.pipelines.main_multitrack_pipeline import (
+    task_pipeline_multitrack_process,
+)
+from reflector.storage import get_transcripts_storage
+from reflector.tools.process import (
+    extract_result_from_entry,
+    parse_s3_url,
+    validate_s3_objects,
+)
+
+logger = structlog.get_logger(__name__)
+
+DEFAULT_PROCESSING_TIMEOUT_SECONDS = 3600
+
+MAX_ERROR_MESSAGE_LENGTH = 500
+
+TASK_POLL_INTERVAL_SECONDS = 2
+
+
+class StatusCallback(Protocol):
+    def __call__(self, state: str, elapsed_seconds: int) -> None: ...
+
+
+@dataclass
+class MultitrackTaskResult:
+    success: bool
+    transcript_id: str
+    error: Optional[str] = None
+
+
+async def create_multitrack_transcript(
+    bucket_name: str,
+    track_keys: List[str],
+    source_language: str,
+    target_language: str,
+    user_id: Optional[str] = None,
+) -> Transcript:
+    num_tracks = len(track_keys)
+    track_word = "track" if num_tracks == 1 else "tracks"
+    transcript_name = f"Multitrack ({num_tracks} {track_word})"
+
+    transcript = await transcripts_controller.add(
+        transcript_name,
+        source_kind=SourceKind.FILE,
+        source_language=source_language,
+        target_language=target_language,
+        user_id=user_id,
+    )
+
+    logger.info(
+        "Created multitrack transcript",
+        transcript_id=transcript.id,
+        name=transcript_name,
+        bucket=bucket_name,
+        num_tracks=len(track_keys),
+    )
+
+    return transcript
+
+
+def submit_multitrack_task(
+    transcript_id: str, bucket_name: str, track_keys: List[str]
+) -> AsyncResult:
+    result = task_pipeline_multitrack_process.delay(
+        transcript_id=transcript_id,
+        bucket_name=bucket_name,
+        track_keys=track_keys,
+    )
+
+    logger.info(
+        "Multitrack task submitted",
+        transcript_id=transcript_id,
+        task_id=result.id,
+        bucket=bucket_name,
+        num_tracks=len(track_keys),
+    )
+
+    return result
+
+
+async def wait_for_task(
+    result: AsyncResult,
+    transcript_id: str,
+    timeout_seconds: int = DEFAULT_PROCESSING_TIMEOUT_SECONDS,
+    poll_interval: int = TASK_POLL_INTERVAL_SECONDS,
+    status_callback: Optional[StatusCallback] = None,
+) -> MultitrackTaskResult:
+    start_time = time.time()
+    last_status = None
+
+    while not result.ready():
+        elapsed = time.time() - start_time
+        if elapsed > timeout_seconds:
+            error_msg = (
+                f"Task {result.id} did not complete within {timeout_seconds}s "
+                f"for transcript {transcript_id}"
+            )
+            logger.error(
+                "Task timeout",
+                task_id=result.id,
+                transcript_id=transcript_id,
+                elapsed_seconds=elapsed,
+            )
+            raise TimeoutError(error_msg)
+
+        if result.state != last_status:
+            if status_callback:
+                status_callback(result.state, int(elapsed))
+            last_status = result.state
+
+        await asyncio.sleep(poll_interval)
+
+    if result.failed():
+        error_info = result.info
+        traceback_info = getattr(result, "traceback", None)
+
+        logger.error(
+            "Multitrack task failed",
+            transcript_id=transcript_id,
+            task_id=result.id,
+            error=str(error_info),
+            has_traceback=bool(traceback_info),
+        )
+
+        error_detail = str(error_info)
+        if traceback_info:
+            error_detail += f"\nTraceback:\n{traceback_info}"
+
+        return MultitrackTaskResult(
+            success=False, transcript_id=transcript_id, error=error_detail
+        )
+
+    logger.info(
+        "Multitrack task completed",
+        transcript_id=transcript_id,
+        task_id=result.id,
+        state=result.state,
+    )
+
+    return MultitrackTaskResult(success=True, transcript_id=transcript_id)
+
+
+async def update_transcript_status(
+    transcript_id: str,
+    status: str,
+    error: Optional[str] = None,
+    max_error_length: int = MAX_ERROR_MESSAGE_LENGTH,
+) -> None:
+    database = get_database()
+    connected = False
+
+    try:
+        await database.connect()
+        connected = True
+
+        transcript = await transcripts_controller.get_by_id(transcript_id)
+        if transcript:
+            update_data: Dict[str, Any] = {"status": status}
+
+            if error:
+                if len(error) > max_error_length:
+                    error = error[: max_error_length - 3] + "..."
+                update_data["error"] = error
+
+            await transcripts_controller.update(transcript, update_data)
+
+            logger.info(
+                "Updated transcript status",
+                transcript_id=transcript_id,
+                status=status,
+                has_error=bool(error),
+            )
+    except Exception as e:
+        logger.warning(
+            "Failed to update transcript status",
+            transcript_id=transcript_id,
+            error=str(e),
+        )
+    finally:
+        if connected:
+            try:
+                await database.disconnect()
+            except Exception as e:
+                logger.warning(f"Database disconnect failed: {e}")
+
+
+async def process_multitrack(
+    bucket_name: str,
+    track_keys: List[str],
+    source_language: str,
+    target_language: str,
+    user_id: Optional[str] = None,
+    timeout_seconds: int = DEFAULT_PROCESSING_TIMEOUT_SECONDS,
+    status_callback: Optional[StatusCallback] = None,
+) -> MultitrackTaskResult:
+    """High-level orchestration for multitrack processing."""
+    database = get_database()
+    transcript = None
+    connected = False
+
+    try:
+        await database.connect()
+        connected = True
+
+        transcript = await create_multitrack_transcript(
+            bucket_name=bucket_name,
+            track_keys=track_keys,
+            source_language=source_language,
+            target_language=target_language,
+            user_id=user_id,
+        )
+
+        result = submit_multitrack_task(
+            transcript_id=transcript.id, bucket_name=bucket_name, track_keys=track_keys
+        )
+
+    except Exception as e:
+        if transcript:
+            try:
+                await update_transcript_status(
+                    transcript_id=transcript.id, status="failed", error=str(e)
+                )
+            except Exception as update_error:
+                logger.error(
+                    "Failed to update transcript status after error",
+                    original_error=str(e),
+                    update_error=str(update_error),
+                    transcript_id=transcript.id,
+                )
+        raise
+    finally:
+        if connected:
+            try:
+                await database.disconnect()
+            except Exception as e:
+                logger.warning(f"Database disconnect failed: {e}")
+
+    # Poll outside database connection
+    task_result = await wait_for_task(
+        result=result,
+        transcript_id=transcript.id,
+        timeout_seconds=timeout_seconds,
+        poll_interval=2,
+        status_callback=status_callback,
+    )
+
+    if not task_result.success:
+        await update_transcript_status(
+            transcript_id=transcript.id, status="failed", error=task_result.error
+        )
+
+    return task_result
+
+
+def print_progress(message: str) -> None:
+    """Print progress message to stderr for CLI visibility."""
+    print(f"{message}", file=sys.stderr)
+
+
+def create_status_callback() -> StatusCallback:
+    """Create callback for task status updates during polling."""
+
+    def callback(state: str, elapsed_seconds: int) -> None:
+        print_progress(
+            f"Multitrack pipeline status: {state} (elapsed: {elapsed_seconds}s)"
+        )
+
+    return callback
+
+
+async def process_multitrack_cli(
+    s3_urls: List[str],
+    source_language: str,
+    target_language: str,
+    output_path: Optional[str] = None,
+) -> None:
+    if not s3_urls:
+        raise ValueError("At least one track required for multitrack processing")
+
+    bucket_keys = []
+    for url in s3_urls:
+        try:
+            bucket, key = parse_s3_url(url)
+            bucket_keys.append((bucket, key))
+        except ValueError as e:
+            raise ValueError(f"Invalid S3 URL '{url}': {e}") from e
+
+    buckets = set(bucket for bucket, _ in bucket_keys)
+    if len(buckets) > 1:
+        raise ValueError(
+            f"All tracks must be in the same S3 bucket. "
+            f"Found {len(buckets)} different buckets: {sorted(buckets)}. "
+            f"Please upload all files to a single bucket."
+        )
+
+    primary_bucket = bucket_keys[0][0]
+    track_keys = [key for _, key in bucket_keys]
+
+    print_progress(
+        f"Starting multitrack CLI processing: "
+        f"bucket={primary_bucket}, num_tracks={len(track_keys)}, "
+        f"source_language={source_language}, target_language={target_language}"
+    )
+
+    storage = get_transcripts_storage()
+    await validate_s3_objects(storage, bucket_keys)
+    print_progress(f"S3 validation complete: {len(bucket_keys)} objects verified")
+
+    result = await process_multitrack(
+        bucket_name=primary_bucket,
+        track_keys=track_keys,
+        source_language=source_language,
+        target_language=target_language,
+        user_id=None,
+        timeout_seconds=3600,
+        status_callback=create_status_callback(),
+    )
+
+    if not result.success:
+        error_msg = (
+            f"Multitrack pipeline failed for transcript {result.transcript_id}\n"
+        )
+        if result.error:
+            error_msg += f"Error: {result.error}\n"
+        raise RuntimeError(error_msg)
+
+    print_progress(
+        f"Multitrack processing complete for transcript {result.transcript_id}"
+    )
+
+    database = get_database()
+    await database.connect()
+    try:
+        await extract_result_from_entry(result.transcript_id, output_path)
+    finally:
+        await database.disconnect()

server/reflector/tools/process.py

@@ -9,7 +9,10 @@ import shutil
 import sys
 import time
 from pathlib import Path
-from typing import Any, Dict, List, Literal
+from typing import Any, Dict, List, Literal, Tuple
+from urllib.parse import unquote, urlparse
+
+from botocore.exceptions import BotoCoreError, ClientError, NoCredentialsError
 
 from reflector.db.transcripts import SourceKind, TranscriptTopic, transcripts_controller
 from reflector.logger import logger
@@ -20,10 +23,119 @@ from reflector.pipelines.main_live_pipeline import pipeline_post as live_pipelin
 from reflector.pipelines.main_live_pipeline import (
     pipeline_process as live_pipeline_process,
 )
+from reflector.storage import Storage
+
+
+def validate_s3_bucket_name(bucket: str) -> None:
+    if not bucket:
+        raise ValueError("Bucket name cannot be empty")
+    if len(bucket) > 255:  # Absolute max for any region
+        raise ValueError(f"Bucket name too long: {len(bucket)} characters (max 255)")
+
+
+def validate_s3_key(key: str) -> None:
+    if not key:
+        raise ValueError("S3 key cannot be empty")
+    if len(key) > 1024:
+        raise ValueError(f"S3 key too long: {len(key)} characters (max 1024)")
+
+
+def parse_s3_url(url: str) -> Tuple[str, str]:
+    parsed = urlparse(url)
+
+    if parsed.scheme == "s3":
+        bucket = parsed.netloc
+        key = parsed.path.lstrip("/")
+        if parsed.fragment:
+            logger.debug(
+                "URL fragment ignored (not part of S3 key)",
+                url=url,
+                fragment=parsed.fragment,
+            )
+        if not bucket or not key:
+            raise ValueError(f"Invalid S3 URL: {url} (missing bucket or key)")
+        bucket = unquote(bucket)
+        key = unquote(key)
+        validate_s3_bucket_name(bucket)
+        validate_s3_key(key)
+        return bucket, key
+
+    elif parsed.scheme in ("http", "https"):
+        if ".s3." in parsed.netloc or parsed.netloc.endswith(".s3.amazonaws.com"):
+            bucket = parsed.netloc.split(".")[0]
+            key = parsed.path.lstrip("/")
+            if parsed.fragment:
+                logger.debug("URL fragment ignored", url=url, fragment=parsed.fragment)
+            if not bucket or not key:
+                raise ValueError(f"Invalid S3 URL: {url} (missing bucket or key)")
+            bucket = unquote(bucket)
+            key = unquote(key)
+            validate_s3_bucket_name(bucket)
+            validate_s3_key(key)
+            return bucket, key
+
+        elif parsed.netloc.startswith("s3.") and "amazonaws.com" in parsed.netloc:
+            path_parts = parsed.path.lstrip("/").split("/", 1)
+            if len(path_parts) != 2:
+                raise ValueError(f"Invalid S3 URL: {url} (missing bucket or key)")
+            bucket, key = path_parts
+            if parsed.fragment:
+                logger.debug("URL fragment ignored", url=url, fragment=parsed.fragment)
+            bucket = unquote(bucket)
+            key = unquote(key)
+            validate_s3_bucket_name(bucket)
+            validate_s3_key(key)
+            return bucket, key
+
+        else:
+            raise ValueError(f"Invalid S3 URL format: {url} (not recognized as S3 URL)")
+
+    else:
+        raise ValueError(f"Invalid S3 URL scheme: {url} (must be s3:// or https://)")
+
+
+async def validate_s3_objects(
+    storage: Storage, bucket_keys: List[Tuple[str, str]]
+) -> None:
+    async with storage.session.client("s3") as client:
+
+        async def check_object(bucket: str, key: str) -> None:
+            try:
+                await client.head_object(Bucket=bucket, Key=key)
+            except ClientError as e:
+                error_code = e.response["Error"]["Code"]
+                if error_code in ("404", "NoSuchKey"):
+                    raise ValueError(f"S3 object not found: s3://{bucket}/{key}") from e
+                elif error_code in ("403", "Forbidden", "AccessDenied"):
+                    raise ValueError(
+                        f"Access denied for S3 object: s3://{bucket}/{key}. "
+                        f"Check AWS credentials and permissions"
+                    ) from e
+                else:
+                    raise ValueError(
+                        f"S3 error {error_code} for s3://{bucket}/{key}: "
+                        f"{e.response['Error'].get('Message', 'Unknown error')}"
+                    ) from e
+            except NoCredentialsError as e:
+                raise ValueError(
+                    "AWS credentials not configured. Set AWS_ACCESS_KEY_ID and "
+                    "AWS_SECRET_ACCESS_KEY environment variables"
+                ) from e
+            except BotoCoreError as e:
+                raise ValueError(
+                    f"AWS service error for s3://{bucket}/{key}: {str(e)}"
+                ) from e
+            except Exception as e:
+                raise ValueError(
+                    f"Unexpected error validating s3://{bucket}/{key}: {str(e)}"
+                ) from e
+
+        await asyncio.gather(
+            *(check_object(bucket, key) for bucket, key in bucket_keys)
+        )
 
 
 def serialize_topics(topics: List[TranscriptTopic]) -> List[Dict[str, Any]]:
-    """Convert TranscriptTopic objects to JSON-serializable dicts"""
     serialized = []
     for topic in topics:
         topic_dict = topic.model_dump()
@@ -32,7 +144,6 @@ def serialize_topics(topics: List[TranscriptTopic]) -> List[Dict[str, Any]]:
 
 
 def debug_print_speakers(serialized_topics: List[Dict[str, Any]]) -> None:
-    """Print debug info about speakers found in topics"""
     all_speakers = set()
     for topic_dict in serialized_topics:
         for word in topic_dict.get("words", []):
@@ -47,8 +158,6 @@ def debug_print_speakers(serialized_topics: List[Dict[str, Any]]) -> None:
 TranscriptId = str
 
 
-# common interface for every flow: it needs an Entry in db with specific ceremony (file path + status + actual file in file system)
-# ideally we want to get rid of it at some point
 async def prepare_entry(
     source_path: str,
     source_language: str,
@@ -65,9 +174,7 @@ async def prepare_entry(
         user_id=None,
     )
 
-    logger.info(
-        f"Created empty transcript {transcript.id} for file {file_path.name} because technically we need an empty transcript before we start transcript"
-    )
+    logger.info(f"Created transcript {transcript.id} for {file_path.name}")
 
     # pipelines expect files as upload.*
 
@@ -83,7 +190,6 @@ async def prepare_entry(
     return transcript.id
 
 
-# same reason as prepare_entry
 async def extract_result_from_entry(
     transcript_id: TranscriptId, output_path: str
 ) -> None:
@@ -193,13 +299,20 @@ if __name__ == "__main__":
     parser = argparse.ArgumentParser(
         description="Process audio files with speaker diarization"
     )
-    parser.add_argument("source", help="Source file (mp3, wav, mp4...)")
+    parser.add_argument(
+        "source",
+        help="Source file (mp3, wav, mp4...) or comma-separated S3 URLs with --multitrack",
+    )
     parser.add_argument(
         "--pipeline",
-        required=True,
         choices=["live", "file"],
         help="Pipeline type to use for processing (live: streaming/incremental, file: batch/parallel)",
     )
+    parser.add_argument(
+        "--multitrack",
+        action="store_true",
+        help="Process multiple audio tracks from comma-separated S3 URLs",
+    )
     parser.add_argument(
         "--source-language", default="en", help="Source language code (default: en)"
     )
@@ -209,12 +322,40 @@ if __name__ == "__main__":
     parser.add_argument("--output", "-o", help="Output file (output.jsonl)")
     args = parser.parse_args()
 
-    asyncio.run(
-        process(
-            args.source,
-            args.source_language,
-            args.target_language,
-            args.pipeline,
-            args.output,
+    if args.multitrack:
+        if not args.source:
+            parser.error("Source URLs required for multitrack processing")
+
+        s3_urls = [url.strip() for url in args.source.split(",") if url.strip()]
+
+        if not s3_urls:
+            parser.error("At least one S3 URL required for multitrack processing")
+
+        from reflector.tools.cli_multitrack import process_multitrack_cli
+
+        asyncio.run(
+            process_multitrack_cli(
+                s3_urls,
+                args.source_language,
+                args.target_language,
+                args.output,
+            )
+        )
+    else:
+        if not args.pipeline:
+            parser.error("--pipeline is required for single-track processing")
+
+        if "," in args.source:
+            parser.error(
+                "Multiple files detected. Use --multitrack flag for multitrack processing"
+            )
+
+        asyncio.run(
+            process(
+                args.source,
+                args.source_language,
+                args.target_language,
+                args.pipeline,
+                args.output,
+            )
         )
-    )

server/reflector/tools/process_transcript.py

@@ -0,0 +1,127 @@
+"""
+Process transcript by ID - auto-detects multitrack vs file pipeline.
+
+Usage:
+    uv run -m reflector.tools.process_transcript <transcript_id>
+
+    # Or via docker:
+    docker compose exec server uv run -m reflector.tools.process_transcript <transcript_id>
+"""
+
+import argparse
+import asyncio
+import sys
+import time
+from typing import Callable
+
+from celery.result import AsyncResult
+
+from reflector.db.transcripts import Transcript, transcripts_controller
+from reflector.services.transcript_process import (
+    FileProcessingConfig,
+    MultitrackProcessingConfig,
+    PrepareResult,
+    ProcessError,
+    ValidationError,
+    ValidationResult,
+    dispatch_transcript_processing,
+    prepare_transcript_processing,
+    validate_transcript_for_processing,
+)
+
+
+async def process_transcript_inner(
+    transcript: Transcript,
+    on_validation: Callable[[ValidationResult], None],
+    on_preprocess: Callable[[PrepareResult], None],
+) -> AsyncResult:
+    validation = await validate_transcript_for_processing(transcript)
+    on_validation(validation)
+    config = await prepare_transcript_processing(validation)
+    on_preprocess(config)
+    return dispatch_transcript_processing(config)
+
+
+async def process_transcript(transcript_id: str, sync: bool = False) -> None:
+    """
+    Process a transcript by ID, auto-detecting multitrack vs file pipeline.
+
+    Args:
+        transcript_id: The transcript UUID
+        sync: If True, wait for task completion. If False, dispatch and exit.
+    """
+    from reflector.db import get_database
+
+    database = get_database()
+    await database.connect()
+
+    try:
+        transcript = await transcripts_controller.get_by_id(transcript_id)
+        if not transcript:
+            print(f"Error: Transcript {transcript_id} not found", file=sys.stderr)
+            sys.exit(1)
+
+        print(f"Found transcript: {transcript.title or transcript_id}", file=sys.stderr)
+        print(f"  Status: {transcript.status}", file=sys.stderr)
+        print(f"  Recording ID: {transcript.recording_id or 'None'}", file=sys.stderr)
+
+        def on_validation(validation: ValidationResult) -> None:
+            if isinstance(validation, ValidationError):
+                print(f"Error: {validation.detail}", file=sys.stderr)
+                sys.exit(1)
+
+        def on_preprocess(config: PrepareResult) -> None:
+            if isinstance(config, ProcessError):
+                print(f"Error: {config.detail}", file=sys.stderr)
+                sys.exit(1)
+            elif isinstance(config, MultitrackProcessingConfig):
+                print(f"Dispatching multitrack pipeline", file=sys.stderr)
+                print(f"  Bucket: {config.bucket_name}", file=sys.stderr)
+                print(f"  Tracks: {len(config.track_keys)}", file=sys.stderr)
+            elif isinstance(config, FileProcessingConfig):
+                print(f"Dispatching file pipeline", file=sys.stderr)
+
+        result = await process_transcript_inner(
+            transcript, on_validation=on_validation, on_preprocess=on_preprocess
+        )
+
+        if sync:
+            print("Waiting for task completion...", file=sys.stderr)
+            while not result.ready():
+                print(f"  Status: {result.state}", file=sys.stderr)
+                time.sleep(5)
+
+            if result.successful():
+                print("Task completed successfully", file=sys.stderr)
+            else:
+                print(f"Task failed: {result.result}", file=sys.stderr)
+                sys.exit(1)
+        else:
+            print(
+                "Task dispatched (use --sync to wait for completion)", file=sys.stderr
+            )
+
+    finally:
+        await database.disconnect()
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Process transcript by ID - auto-detects multitrack vs file pipeline"
+    )
+    parser.add_argument(
+        "transcript_id",
+        help="Transcript UUID to process",
+    )
+    parser.add_argument(
+        "--sync",
+        action="store_true",
+        help="Wait for task completion instead of just dispatching",
+    )
+
+    args = parser.parse_args()
+    asyncio.run(process_transcript(args.transcript_id, sync=args.sync))
+
+
+if __name__ == "__main__":
+    main()

server/reflector/utils/daily.py

@@ -0,0 +1,92 @@
+import os
+import re
+from typing import NamedTuple
+
+from reflector.utils.string import NonEmptyString
+
+DailyRoomName = NonEmptyString
+
+
+class DailyRecordingFilename(NamedTuple):
+    """Parsed components from Daily.co recording filename.
+
+    Format: {recording_start_ts}-{participant_id}-cam-audio-{track_start_ts}
+    Example: 1763152299562-12f0b87c-97d4-4dd3-a65c-cee1f854a79c-cam-audio-1763152314582
+
+    Note: S3 object keys have no extension, but browsers add .webm when downloading
+    from S3 UI due to MIME type headers. If you download manually and wonder.
+    """
+
+    recording_start_ts: int
+    participant_id: str
+    track_start_ts: int
+
+
+def parse_daily_recording_filename(filename: str) -> DailyRecordingFilename:
+    """Parse Daily.co recording filename to extract timestamps and participant ID.
+
+    Args:
+        filename: Full path or basename of Daily.co recording file
+                 Format: {recording_start_ts}-{participant_id}-cam-audio-{track_start_ts}
+
+    Returns:
+        DailyRecordingFilename with parsed components
+
+    Raises:
+        ValueError: If filename doesn't match expected format
+
+    Examples:
+        >>> parse_daily_recording_filename("1763152299562-12f0b87c-97d4-4dd3-a65c-cee1f854a79c-cam-audio-1763152314582")
+        DailyRecordingFilename(recording_start_ts=1763152299562, participant_id='12f0b87c-97d4-4dd3-a65c-cee1f854a79c', track_start_ts=1763152314582)
+    """
+    base = os.path.basename(filename)
+    pattern = r"(\d{13,})-([0-9a-fA-F-]{36})-cam-audio-(\d{13,})"
+    match = re.search(pattern, base)
+
+    if not match:
+        raise ValueError(
+            f"Invalid Daily.co recording filename: {filename}. "
+            f"Expected format: {{recording_start_ts}}-{{participant_id}}-cam-audio-{{track_start_ts}}"
+        )
+
+    recording_start_ts = int(match.group(1))
+    participant_id = match.group(2)
+    track_start_ts = int(match.group(3))
+
+    return DailyRecordingFilename(
+        recording_start_ts=recording_start_ts,
+        participant_id=participant_id,
+        track_start_ts=track_start_ts,
+    )
+
+
+def recording_lock_key(recording_id: NonEmptyString) -> NonEmptyString:
+    return f"recording:{recording_id}"
+
+
+def filter_cam_audio_tracks(track_keys: list[str]) -> list[str]:
+    """Filter track keys to cam-audio tracks only (skip screen-audio, etc.)."""
+    return [k for k in track_keys if "cam-audio" in k]
+
+
+def extract_base_room_name(daily_room_name: DailyRoomName) -> NonEmptyString:
+    """
+    Extract base room name from Daily.co timestamped room name.
+
+    Daily.co creates rooms with timestamp suffix: {base_name}-YYYYMMDDHHMMSS
+    This function removes the timestamp to get the original room name.
+
+    Examples:
+        "daily-20251020193458" → "daily"
+        "daily-2-20251020193458" → "daily-2"
+        "my-room-name-20251020193458" → "my-room-name"
+
+    Args:
+        daily_room_name: Full Daily.co room name with optional timestamp
+
+    Returns:
+        Base room name without timestamp suffix
+    """
+    base_name = daily_room_name.rsplit("-", 1)[0]
+    assert base_name, f"Extracted base name is empty from: {daily_room_name}"
+    return base_name

server/reflector/utils/datetime.py

@@ -0,0 +1,9 @@
+from datetime import datetime, timezone
+
+
+def parse_datetime_with_timezone(iso_string: str) -> datetime:
+    """Parse ISO datetime string and ensure timezone awareness (defaults to UTC if naive)."""
+    dt = datetime.fromisoformat(iso_string)
+    if dt.tzinfo is None:
+        dt = dt.replace(tzinfo=timezone.utc)
+    return dt