401 reauth experiments

* small typing

* typing fixes

---------

Co-authored-by: Igor Loskutov <igor.loskutoff@gmail.com>

CHANGELOG.md

@@ -1,37 +1,5 @@
 # Changelog
 
-## [0.10.0](https://github.com/Monadical-SAS/reflector/compare/v0.9.0...v0.10.0) (2025-09-11)
-
-
-### Features
-
-* replace nextjs-config with environment variables ([#632](https://github.com/Monadical-SAS/reflector/issues/632)) ([369ecdf](https://github.com/Monadical-SAS/reflector/commit/369ecdff13f3862d926a9c0b87df52c9d94c4dde))
-
-
-### Bug Fixes
-
-* anonymous users transcript permissions ([#621](https://github.com/Monadical-SAS/reflector/issues/621)) ([f81fe99](https://github.com/Monadical-SAS/reflector/commit/f81fe9948a9237b3e0001b2d8ca84f54d76878f9))
-* auth post ([#624](https://github.com/Monadical-SAS/reflector/issues/624)) ([cde99ca](https://github.com/Monadical-SAS/reflector/commit/cde99ca2716f84ba26798f289047732f0448742e))
-* auth post ([#626](https://github.com/Monadical-SAS/reflector/issues/626)) ([3b85ff3](https://github.com/Monadical-SAS/reflector/commit/3b85ff3bdf4fb053b103070646811bc990c0e70a))
-* auth post ([#627](https://github.com/Monadical-SAS/reflector/issues/627)) ([962038e](https://github.com/Monadical-SAS/reflector/commit/962038ee3f2a555dc3c03856be0e4409456e0996))
-* missing follow_redirects=True on modal endpoint ([#630](https://github.com/Monadical-SAS/reflector/issues/630)) ([fc363bd](https://github.com/Monadical-SAS/reflector/commit/fc363bd49b17b075e64f9186e5e0185abc325ea7))
-* sync backend and frontend token refresh logic ([#614](https://github.com/Monadical-SAS/reflector/issues/614)) ([5a5b323](https://github.com/Monadical-SAS/reflector/commit/5a5b3233820df9536da75e87ce6184a983d4713a))
-
-## [0.9.0](https://github.com/Monadical-SAS/reflector/compare/v0.8.2...v0.9.0) (2025-09-06)
-
-
-### Features
-
-* frontend openapi react query ([#606](https://github.com/Monadical-SAS/reflector/issues/606)) ([c4d2825](https://github.com/Monadical-SAS/reflector/commit/c4d2825c81f81ad8835629fbf6ea8c7383f8c31b))
-
-
-### Bug Fixes
-
-* align whisper transcriber api with parakeet ([#602](https://github.com/Monadical-SAS/reflector/issues/602)) ([0663700](https://github.com/Monadical-SAS/reflector/commit/0663700a615a4af69a03c96c410f049e23ec9443))
-* kv use tls explicit ([#610](https://github.com/Monadical-SAS/reflector/issues/610)) ([08d88ec](https://github.com/Monadical-SAS/reflector/commit/08d88ec349f38b0d13e0fa4cb73486c8dfd31836))
-* source kind for file processing ([#601](https://github.com/Monadical-SAS/reflector/issues/601)) ([dc82f8b](https://github.com/Monadical-SAS/reflector/commit/dc82f8bb3bdf3ab3d4088e592a30fd63907319e1))
-* token refresh locking ([#613](https://github.com/Monadical-SAS/reflector/issues/613)) ([7f5a4c9](https://github.com/Monadical-SAS/reflector/commit/7f5a4c9ddc7fd098860c8bdda2ca3b57f63ded2f))
-
 ## [0.8.2](https://github.com/Monadical-SAS/reflector/compare/v0.8.1...v0.8.2) (2025-08-29)
 
 

CLAUDE.md

@@ -66,6 +66,7 @@ pnpm install
 
 # Copy configuration templates
 cp .env_template .env
+cp config-template.ts config.ts
 ```
 
 **Development:**

README.md

@@ -99,10 +99,11 @@ Start with `cd www`.
 
 ```bash
 pnpm install
-cp .env.example .env
+cp .env_template .env
+cp config-template.ts config.ts
 ```
 
-Then, fill in the environment variables in `.env` as needed. If you are unsure on how to proceed, ask in Zulip.
+Then, fill in the environment variables in `.env` and the configuration in `config.ts` as needed. If you are unsure on how to proceed, ask in Zulip.
 
 **Run in development mode**
 
@@ -167,34 +168,3 @@ You can manually process an audio file by calling the process tool:
 ```bash
 uv run python -m reflector.tools.process path/to/audio.wav
 ```
-
-
-## Feature Flags
-
-Reflector uses environment variable-based feature flags to control application functionality. These flags allow you to enable or disable features without code changes.
-
-### Available Feature Flags
-
-| Feature Flag | Environment Variable |
-|-------------|---------------------|
-| `requireLogin` | `NEXT_PUBLIC_FEATURE_REQUIRE_LOGIN` |
-| `privacy` | `NEXT_PUBLIC_FEATURE_PRIVACY` |
-| `browse` | `NEXT_PUBLIC_FEATURE_BROWSE` |
-| `sendToZulip` | `NEXT_PUBLIC_FEATURE_SEND_TO_ZULIP` |
-| `rooms` | `NEXT_PUBLIC_FEATURE_ROOMS` |
-
-### Setting Feature Flags
-
-Feature flags are controlled via environment variables using the pattern `NEXT_PUBLIC_FEATURE_{FEATURE_NAME}` where `{FEATURE_NAME}` is the SCREAMING_SNAKE_CASE version of the feature name.
-
-**Examples:**
-```bash
-# Enable user authentication requirement
-NEXT_PUBLIC_FEATURE_REQUIRE_LOGIN=true
-
-# Disable browse functionality
-NEXT_PUBLIC_FEATURE_BROWSE=false
-
-# Enable Zulip integration
-NEXT_PUBLIC_FEATURE_SEND_TO_ZULIP=true
-```

server/docs/gpu/api-transcription.md

@@ -1,194 +0,0 @@
-## Reflector GPU Transcription API (Specification)
-
-This document defines the Reflector GPU transcription API that all implementations must adhere to. Current implementations include NVIDIA Parakeet (NeMo) and Whisper (faster-whisper), both deployed on Modal.com. The API surface and response shapes are OpenAI/Whisper-compatible, so clients can switch implementations by changing only the base URL.
-
-### Base URL and Authentication
-
-- Example base URLs (Modal web endpoints):
-
-  - Parakeet: `https://<account>--reflector-transcriber-parakeet-web.modal.run`
-  - Whisper: `https://<account>--reflector-transcriber-web.modal.run`
-
-- All endpoints are served under `/v1` and require a Bearer token:
-
-```
-Authorization: Bearer <REFLECTOR_GPU_APIKEY>
-```
-
-Note: To switch implementations, deploy the desired variant and point `TRANSCRIPT_URL` to its base URL. The API is identical.
-
-### Supported file types
-
-`mp3, mp4, mpeg, mpga, m4a, wav, webm`
-
-### Models and languages
-
-- Parakeet (NVIDIA NeMo): default `nvidia/parakeet-tdt-0.6b-v2`
-  - Language support: only `en`. Other languages return HTTP 400.
-- Whisper (faster-whisper): default `large-v2` (or deployment-specific)
-  - Language support: multilingual (per Whisper model capabilities).
-
-Note: The `model` parameter is accepted by all implementations for interface parity. Some backends may treat it as informational.
-
-### Endpoints
-
-#### POST /v1/audio/transcriptions
-
-Transcribe one or more uploaded audio files.
-
-Request: multipart/form-data
-
-- `file` (File) — optional. Single file to transcribe.
-- `files` (File[]) — optional. One or more files to transcribe.
-- `model` (string) — optional. Defaults to the implementation-specific model (see above).
-- `language` (string) — optional, defaults to `en`.
-  - Parakeet: only `en` is accepted; other values return HTTP 400
-  - Whisper: model-dependent; typically multilingual
-- `batch` (boolean) — optional, defaults to `false`.
-
-Notes:
-
-- Provide either `file` or `files`, not both. If neither is provided, HTTP 400.
-- `batch` requires `files`; using `batch=true` without `files` returns HTTP 400.
-- Response shape for multiple files is the same regardless of `batch`.
-- Files sent to this endpoint are processed in a single pass (no VAD/chunking). This is intended for short clips (roughly ≤ 30s; depends on GPU memory/model). For longer audio, prefer `/v1/audio/transcriptions-from-url` which supports VAD-based chunking.
-
-Responses
-
-Single file response:
-
-```json
-{
-  "text": "transcribed text",
-  "words": [
-    { "word": "hello", "start": 0.0, "end": 0.5 },
-    { "word": "world", "start": 0.5, "end": 1.0 }
-  ],
-  "filename": "audio.mp3"
-}
-```
-
-Multiple files response:
-
-```json
-{
-  "results": [
-    {"filename": "a1.mp3", "text": "...", "words": [...]},
-    {"filename": "a2.mp3", "text": "...", "words": [...]}]
-}
-```
-
-Notes:
-
-- Word objects always include keys: `word`, `start`, `end`.
-- Some implementations may include a trailing space in `word` to match Whisper tokenization behavior; clients should trim if needed.
-
-Example curl (single file):
-
-```bash
-curl -X POST \
-  -H "Authorization: Bearer $REFLECTOR_GPU_APIKEY" \
-  -F "file=@/path/to/audio.mp3" \
-  -F "language=en" \
-  "$BASE_URL/v1/audio/transcriptions"
-```
-
-Example curl (multiple files, batch):
-
-```bash
-curl -X POST \
-  -H "Authorization: Bearer $REFLECTOR_GPU_APIKEY" \
-  -F "files=@/path/a1.mp3" -F "files=@/path/a2.mp3" \
-  -F "batch=true" -F "language=en" \
-  "$BASE_URL/v1/audio/transcriptions"
-```
-
-#### POST /v1/audio/transcriptions-from-url
-
-Transcribe a single remote audio file by URL.
-
-Request: application/json
-
-Body parameters:
-
-- `audio_file_url` (string) — required. URL of the audio file to transcribe.
-- `model` (string) — optional. Defaults to the implementation-specific model (see above).
-- `language` (string) — optional, defaults to `en`. Parakeet only accepts `en`.
-- `timestamp_offset` (number) — optional, defaults to `0.0`. Added to each word's `start`/`end` in the response.
-
-```json
-{
-  "audio_file_url": "https://example.com/audio.mp3",
-  "model": "nvidia/parakeet-tdt-0.6b-v2",
-  "language": "en",
-  "timestamp_offset": 0.0
-}
-```
-
-Response:
-
-```json
-{
-  "text": "transcribed text",
-  "words": [
-    { "word": "hello", "start": 10.0, "end": 10.5 },
-    { "word": "world", "start": 10.5, "end": 11.0 }
-  ]
-}
-```
-
-Notes:
-
-- `timestamp_offset` is added to each word’s `start`/`end` in the response.
-- Implementations may perform VAD-based chunking and batching for long-form audio; word timings are adjusted accordingly.
-
-Example curl:
-
-```bash
-curl -X POST \
-  -H "Authorization: Bearer $REFLECTOR_GPU_APIKEY" \
-  -H "Content-Type: application/json" \
-  -d '{
-        "audio_file_url": "https://example.com/audio.mp3",
-        "language": "en",
-        "timestamp_offset": 0
-      }' \
-  "$BASE_URL/v1/audio/transcriptions-from-url"
-```
-
-### Error handling
-
-- 400 Bad Request
-  - Parakeet: `language` other than `en`
-  - Missing required parameters (`file`/`files` for upload; `audio_file_url` for URL endpoint)
-  - Unsupported file extension
-- 401 Unauthorized
-  - Missing or invalid Bearer token
-- 404 Not Found
-  - `audio_file_url` does not exist
-
-### Implementation details
-
-- GPUs: A10G for small-file/live, L40S for large-file URL transcription (subject to deployment)
-- VAD chunking and segment batching; word timings adjusted and overlapping ends constrained
-- Pads very short segments (< 0.5s) to avoid model crashes on some backends
-
-### Server configuration (Reflector API)
-
-Set the Reflector server to use the Modal backend and point `TRANSCRIPT_URL` to your chosen deployment:
-
-```
-TRANSCRIPT_BACKEND=modal
-TRANSCRIPT_URL=https://<account>--reflector-transcriber-parakeet-web.modal.run
-TRANSCRIPT_MODAL_API_KEY=<REFLECTOR_GPU_APIKEY>
-```
-
-### Conformance tests
-
-Use the pytest-based conformance tests to validate any new implementation (including self-hosted) against this spec:
-
-```
-TRANSCRIPT_URL=https://<your-deployment-base> \
-TRANSCRIPT_MODAL_API_KEY=your-api-key \
-uv run -m pytest -m gpu_modal --no-cov server/tests/test_gpu_modal_transcript.py
-```

server/gpu/modal_deployments/reflector_transcriber.py

@@ -1,78 +1,41 @@
 import os
-import sys
+import tempfile
 import threading
-import uuid
-from typing import Generator, Mapping, NamedTuple, NewType, TypedDict
-from urllib.parse import urlparse
 
 import modal
+from pydantic import BaseModel
+
+MODELS_DIR = "/models"
 
 MODEL_NAME = "large-v2"
 MODEL_COMPUTE_TYPE: str = "float16"
 MODEL_NUM_WORKERS: int = 1
+
 MINUTES = 60  # seconds
-SAMPLERATE = 16000
-UPLOADS_PATH = "/uploads"
-CACHE_PATH = "/models"
-SUPPORTED_FILE_EXTENSIONS = ["mp3", "mp4", "mpeg", "mpga", "m4a", "wav", "webm"]
-VAD_CONFIG = {
-    "batch_max_duration": 30.0,
-    "silence_padding": 0.5,
-    "window_size": 512,
-}
 
-
-WhisperUniqFilename = NewType("WhisperUniqFilename", str)
-AudioFileExtension = NewType("AudioFileExtension", str)
+volume = modal.Volume.from_name("models", create_if_missing=True)
 
 app = modal.App("reflector-transcriber")
 
-model_cache = modal.Volume.from_name("models", create_if_missing=True)
-upload_volume = modal.Volume.from_name("whisper-uploads", create_if_missing=True)
-
-
-class TimeSegment(NamedTuple):
-    """Represents a time segment with start and end times."""
-
-    start: float
-    end: float
-
-
-class AudioSegment(NamedTuple):
-    """Represents an audio segment with timing and audio data."""
-
-    start: float
-    end: float
-    audio: any
-
-
-class TranscriptResult(NamedTuple):
-    """Represents a transcription result with text and word timings."""
-
-    text: str
-    words: list["WordTiming"]
-
-
-class WordTiming(TypedDict):
-    """Represents a word with its timing information."""
-
-    word: str
-    start: float
-    end: float
-
 
 def download_model():
     from faster_whisper import download_model
 
-    model_cache.reload()
+    volume.reload()
 
-    download_model(MODEL_NAME, cache_dir=CACHE_PATH)
+    download_model(MODEL_NAME, cache_dir=MODELS_DIR)
 
-    model_cache.commit()
+    volume.commit()
 
 
 image = (
     modal.Image.debian_slim(python_version="3.12")
+    .pip_install(
+        "huggingface_hub==0.27.1",
+        "hf-transfer==0.1.9",
+        "torch==2.5.1",
+        "faster-whisper==1.1.1",
+    )
     .env(
         {
             "HF_HUB_ENABLE_HF_TRANSFER": "1",
@@ -82,98 +45,19 @@ image = (
             ),
         }
     )
-    .apt_install("ffmpeg")
-    .pip_install(
-        "huggingface_hub==0.27.1",
-        "hf-transfer==0.1.9",
-        "torch==2.5.1",
-        "faster-whisper==1.1.1",
-        "fastapi==0.115.12",
-        "requests",
-        "librosa==0.10.1",
-        "numpy<2",
-        "silero-vad==5.1.0",
-    )
-    .run_function(download_model, volumes={CACHE_PATH: model_cache})
+    .run_function(download_model, volumes={MODELS_DIR: volume})
 )
 
 
-def detect_audio_format(url: str, headers: Mapping[str, str]) -> AudioFileExtension:
-    parsed_url = urlparse(url)
-    url_path = parsed_url.path
-
-    for ext in SUPPORTED_FILE_EXTENSIONS:
-        if url_path.lower().endswith(f".{ext}"):
-            return AudioFileExtension(ext)
-
-    content_type = headers.get("content-type", "").lower()
-    if "audio/mpeg" in content_type or "audio/mp3" in content_type:
-        return AudioFileExtension("mp3")
-    if "audio/wav" in content_type:
-        return AudioFileExtension("wav")
-    if "audio/mp4" in content_type:
-        return AudioFileExtension("mp4")
-
-    raise ValueError(
-        f"Unsupported audio format for URL: {url}. "
-        f"Supported extensions: {', '.join(SUPPORTED_FILE_EXTENSIONS)}"
-    )
-
-
-def download_audio_to_volume(
-    audio_file_url: str,
-) -> tuple[WhisperUniqFilename, AudioFileExtension]:
-    import requests
-    from fastapi import HTTPException
-
-    response = requests.head(audio_file_url, allow_redirects=True)
-    if response.status_code == 404:
-        raise HTTPException(status_code=404, detail="Audio file not found")
-
-    response = requests.get(audio_file_url, allow_redirects=True)
-    response.raise_for_status()
-
-    audio_suffix = detect_audio_format(audio_file_url, response.headers)
-    unique_filename = WhisperUniqFilename(f"{uuid.uuid4()}.{audio_suffix}")
-    file_path = f"{UPLOADS_PATH}/{unique_filename}"
-
-    with open(file_path, "wb") as f:
-        f.write(response.content)
-
-    upload_volume.commit()
-    return unique_filename, audio_suffix
-
-
-def pad_audio(audio_array, sample_rate: int = SAMPLERATE):
-    """Add 0.5s of silence if audio is shorter than the silence_padding window.
-
-    Whisper does not require this strictly, but aligning behavior with Parakeet
-    avoids edge-case crashes on extremely short inputs and makes comparisons easier.
-    """
-    import numpy as np
-
-    audio_duration = len(audio_array) / sample_rate
-    if audio_duration < VAD_CONFIG["silence_padding"]:
-        silence_samples = int(sample_rate * VAD_CONFIG["silence_padding"])
-        silence = np.zeros(silence_samples, dtype=np.float32)
-        return np.concatenate([audio_array, silence])
-    return audio_array
-
-
 @app.cls(
     gpu="A10G",
     timeout=5 * MINUTES,
     scaledown_window=5 * MINUTES,
+    allow_concurrent_inputs=6,
     image=image,
-    volumes={CACHE_PATH: model_cache, UPLOADS_PATH: upload_volume},
+    volumes={MODELS_DIR: volume},
 )
-@modal.concurrent(max_inputs=10)
-class TranscriberWhisperLive:
-    """Live transcriber class for small audio segments (A10G).
-
-    Mirrors the Parakeet live class API but uses Faster-Whisper under the hood.
-    """
-
+class Transcriber:
     @modal.enter()
     def enter(self):
         import faster_whisper
@@ -187,200 +71,23 @@ class TranscriberWhisperLive:
             device=self.device,
             compute_type=MODEL_COMPUTE_TYPE,
             num_workers=MODEL_NUM_WORKERS,
-            download_root=CACHE_PATH,
+            download_root=MODELS_DIR,
             local_files_only=True,
         )
-        print(f"Model is on device: {self.device}")
 
     @modal.method()
     def transcribe_segment(
         self,
-        filename: str,
-        language: str = "en",
+        audio_data: str,
+        audio_suffix: str,
+        language: str,
     ):
-        """Transcribe a single uploaded audio file by filename."""
-        upload_volume.reload()
-
-        file_path = f"{UPLOADS_PATH}/{filename}"
-        if not os.path.exists(file_path):
-            raise FileNotFoundError(f"File not found: {file_path}")
-
-        with self.lock:
-            with NoStdStreams():
-                segments, _ = self.model.transcribe(
-                    file_path,
-                    language=language,
-                    beam_size=5,
-                    word_timestamps=True,
-                    vad_filter=True,
-                    vad_parameters={"min_silence_duration_ms": 500},
-                )
-
-        segments = list(segments)
-        text = "".join(segment.text for segment in segments).strip()
-        words = [
-            {
-                "word": word.word,
-                "start": round(float(word.start), 2),
-                "end": round(float(word.end), 2),
-            }
-            for segment in segments
-            for word in segment.words
-        ]
-
-        return {"text": text, "words": words}
-
-    @modal.method()
-    def transcribe_batch(
-        self,
-        filenames: list[str],
-        language: str = "en",
-    ):
-        """Transcribe multiple uploaded audio files and return per-file results."""
-        upload_volume.reload()
-
-        results = []
-        for filename in filenames:
-            file_path = f"{UPLOADS_PATH}/{filename}"
-            if not os.path.exists(file_path):
-                raise FileNotFoundError(f"Batch file not found: {file_path}")
-
-            with self.lock:
-                with NoStdStreams():
-                    segments, _ = self.model.transcribe(
-                        file_path,
-                        language=language,
-                        beam_size=5,
-                        word_timestamps=True,
-                        vad_filter=True,
-                        vad_parameters={"min_silence_duration_ms": 500},
-                    )
-
-            segments = list(segments)
-            text = "".join(seg.text for seg in segments).strip()
-            words = [
-                {
-                    "word": w.word,
-                    "start": round(float(w.start), 2),
-                    "end": round(float(w.end), 2),
-                }
-                for seg in segments
-                for w in seg.words
-            ]
-
-            results.append(
-                {
-                    "filename": filename,
-                    "text": text,
-                    "words": words,
-                }
-            )
-
-        return results
-
-
-@app.cls(
-    gpu="L40S",
-    timeout=15 * MINUTES,
-    image=image,
-    volumes={CACHE_PATH: model_cache, UPLOADS_PATH: upload_volume},
-)
-class TranscriberWhisperFile:
-    """File transcriber for larger/longer audio, using VAD-driven batching (L40S)."""
-
-    @modal.enter()
-    def enter(self):
-        import faster_whisper
-        import torch
-        from silero_vad import load_silero_vad
-
-        self.lock = threading.Lock()
-        self.use_gpu = torch.cuda.is_available()
-        self.device = "cuda" if self.use_gpu else "cpu"
-        self.model = faster_whisper.WhisperModel(
-            MODEL_NAME,
-            device=self.device,
-            compute_type=MODEL_COMPUTE_TYPE,
-            num_workers=MODEL_NUM_WORKERS,
-            download_root=CACHE_PATH,
-            local_files_only=True,
-        )
-        self.vad_model = load_silero_vad(onnx=False)
-
-    @modal.method()
-    def transcribe_segment(
-        self, filename: str, timestamp_offset: float = 0.0, language: str = "en"
-    ):
-        import librosa
-        import numpy as np
-        from silero_vad import VADIterator
-
-        def vad_segments(
-            audio_array,
-            sample_rate: int = SAMPLERATE,
-            window_size: int = VAD_CONFIG["window_size"],
-        ) -> Generator[TimeSegment, None, None]:
-            """Generate speech segments as TimeSegment using Silero VAD."""
-            iterator = VADIterator(self.vad_model, sampling_rate=sample_rate)
-            start = None
-            for i in range(0, len(audio_array), window_size):
-                chunk = audio_array[i : i + window_size]
-                if len(chunk) < window_size:
-                    chunk = np.pad(
-                        chunk, (0, window_size - len(chunk)), mode="constant"
-                    )
-                speech = iterator(chunk)
-                if not speech:
-                    continue
-                if "start" in speech:
-                    start = speech["start"]
-                    continue
-                if "end" in speech and start is not None:
-                    end = speech["end"]
-                    yield TimeSegment(
-                        start / float(SAMPLERATE), end / float(SAMPLERATE)
-                    )
-                    start = None
-            iterator.reset_states()
-
-        upload_volume.reload()
-        file_path = f"{UPLOADS_PATH}/{filename}"
-        if not os.path.exists(file_path):
-            raise FileNotFoundError(f"File not found: {file_path}")
-
-        audio_array, _sr = librosa.load(file_path, sr=SAMPLERATE, mono=True)
-
-        # Batch segments up to ~30s windows by merging contiguous VAD segments
-        merged_batches: list[TimeSegment] = []
-        batch_start = None
-        batch_end = None
-        max_duration = VAD_CONFIG["batch_max_duration"]
-        for segment in vad_segments(audio_array):
-            seg_start, seg_end = segment.start, segment.end
-            if batch_start is None:
-                batch_start, batch_end = seg_start, seg_end
-                continue
-            if seg_end - batch_start <= max_duration:
-                batch_end = seg_end
-            else:
-                merged_batches.append(TimeSegment(batch_start, batch_end))
-                batch_start, batch_end = seg_start, seg_end
-        if batch_start is not None and batch_end is not None:
-            merged_batches.append(TimeSegment(batch_start, batch_end))
-
-        all_text = []
-        all_words = []
-
-        for segment in merged_batches:
-            start_time, end_time = segment.start, segment.end
-            s_idx = int(start_time * SAMPLERATE)
-            e_idx = int(end_time * SAMPLERATE)
-            segment = audio_array[s_idx:e_idx]
-            segment = pad_audio(segment, SAMPLERATE)
+        with tempfile.NamedTemporaryFile("wb+", suffix=f".{audio_suffix}") as fp:
+            fp.write(audio_data)
 
             with self.lock:
                 segments, _ = self.model.transcribe(
-                    segment,
+                    fp.name,
                     language=language,
                     beam_size=5,
                     word_timestamps=True,
@@ -389,220 +96,66 @@ class TranscriberWhisperFile:
                 )
 
             segments = list(segments)
-            text = "".join(seg.text for seg in segments).strip()
+            text = "".join(segment.text for segment in segments)
             words = [
-                {
-                    "word": w.word,
-                    "start": round(float(w.start) + start_time + timestamp_offset, 2),
-                    "end": round(float(w.end) + start_time + timestamp_offset, 2),
-                }
-                for seg in segments
-                for w in seg.words
+                {"word": word.word, "start": word.start, "end": word.end}
+                for segment in segments
+                for word in segment.words
             ]
-            if text:
-                all_text.append(text)
-            all_words.extend(words)
 
-        return {"text": " ".join(all_text), "words": all_words}
-
-
-def detect_audio_format(url: str, headers: dict) -> str:
-    from urllib.parse import urlparse
-
-    from fastapi import HTTPException
-
-    url_path = urlparse(url).path
-    for ext in SUPPORTED_FILE_EXTENSIONS:
-        if url_path.lower().endswith(f".{ext}"):
-            return ext
-
-    content_type = headers.get("content-type", "").lower()
-    if "audio/mpeg" in content_type or "audio/mp3" in content_type:
-        return "mp3"
-    if "audio/wav" in content_type:
-        return "wav"
-    if "audio/mp4" in content_type:
-        return "mp4"
-
-    raise HTTPException(
-        status_code=400,
-        detail=(
-            f"Unsupported audio format for URL. Supported extensions: {', '.join(SUPPORTED_FILE_EXTENSIONS)}"
-        ),
-    )
-
-
-def download_audio_to_volume(audio_file_url: str) -> tuple[str, str]:
-    import requests
-    from fastapi import HTTPException
-
-    response = requests.head(audio_file_url, allow_redirects=True)
-    if response.status_code == 404:
-        raise HTTPException(status_code=404, detail="Audio file not found")
-
-    response = requests.get(audio_file_url, allow_redirects=True)
-    response.raise_for_status()
-
-    audio_suffix = detect_audio_format(audio_file_url, response.headers)
-    unique_filename = f"{uuid.uuid4()}.{audio_suffix}"
-    file_path = f"{UPLOADS_PATH}/{unique_filename}"
-
-    with open(file_path, "wb") as f:
-        f.write(response.content)
-
-    upload_volume.commit()
-    return unique_filename, audio_suffix
+            return {"text": text, "words": words}
 
 
 @app.function(
     scaledown_window=60,
-    timeout=600,
+    timeout=60,
+    allow_concurrent_inputs=40,
     secrets=[
         modal.Secret.from_name("reflector-gpu"),
     ],
-    volumes={CACHE_PATH: model_cache, UPLOADS_PATH: upload_volume},
-    image=image,
+    volumes={MODELS_DIR: volume},
 )
-@modal.concurrent(max_inputs=40)
 @modal.asgi_app()
 def web():
-    from fastapi import (
-        Body,
-        Depends,
-        FastAPI,
-        Form,
-        HTTPException,
-        UploadFile,
-        status,
-    )
+    from fastapi import Body, Depends, FastAPI, HTTPException, UploadFile, status
     from fastapi.security import OAuth2PasswordBearer
+    from typing_extensions import Annotated
 
-    transcriber_live = TranscriberWhisperLive()
-    transcriber_file = TranscriberWhisperFile()
+    transcriber = Transcriber()
 
     app = FastAPI()
 
     oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
 
-    def apikey_auth(apikey: str = Depends(oauth2_scheme)):
-        if apikey == os.environ["REFLECTOR_GPU_APIKEY"]:
-            return
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid API key",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
+    supported_file_types = ["mp3", "mp4", "mpeg", "mpga", "m4a", "wav", "webm"]
 
-    class TranscriptResponse(dict):
-        pass
+    def apikey_auth(apikey: str = Depends(oauth2_scheme)):
+        if apikey != os.environ["REFLECTOR_GPU_APIKEY"]:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid API key",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+
+    class TranscriptResponse(BaseModel):
+        result: dict
 
     @app.post("/v1/audio/transcriptions", dependencies=[Depends(apikey_auth)])
     def transcribe(
-        file: UploadFile = None,
-        files: list[UploadFile] | None = None,
-        model: str = Form(MODEL_NAME),
-        language: str = Form("en"),
-        batch: bool = Form(False),
-    ):
-        if not file and not files:
-            raise HTTPException(
-                status_code=400, detail="Either 'file' or 'files' parameter is required"
-            )
-        if batch and not files:
-            raise HTTPException(
-                status_code=400, detail="Batch transcription requires 'files'"
-            )
+        file: UploadFile,
+        model: str = "whisper-1",
+        language: Annotated[str, Body(...)] = "en",
+    ) -> TranscriptResponse:
+        audio_data = file.file.read()
+        audio_suffix = file.filename.split(".")[-1]
+        assert audio_suffix in supported_file_types
 
-        upload_files = [file] if file else files
-
-        uploaded_filenames: list[str] = []
-        for upload_file in upload_files:
-            audio_suffix = upload_file.filename.split(".")[-1]
-            if audio_suffix not in SUPPORTED_FILE_EXTENSIONS:
-                raise HTTPException(
-                    status_code=400,
-                    detail=(
-                        f"Unsupported audio format. Supported extensions: {', '.join(SUPPORTED_FILE_EXTENSIONS)}"
-                    ),
-                )
-
-            unique_filename = f"{uuid.uuid4()}.{audio_suffix}"
-            file_path = f"{UPLOADS_PATH}/{unique_filename}"
-            with open(file_path, "wb") as f:
-                content = upload_file.file.read()
-                f.write(content)
-            uploaded_filenames.append(unique_filename)
-
-        upload_volume.commit()
-
-        try:
-            if batch and len(upload_files) > 1:
-                func = transcriber_live.transcribe_batch.spawn(
-                    filenames=uploaded_filenames,
-                    language=language,
-                )
-                results = func.get()
-                return {"results": results}
-
-            results = []
-            for filename in uploaded_filenames:
-                func = transcriber_live.transcribe_segment.spawn(
-                    filename=filename,
-                    language=language,
-                )
-                result = func.get()
-                result["filename"] = filename
-                results.append(result)
-
-            return {"results": results} if len(results) > 1 else results[0]
-        finally:
-            for filename in uploaded_filenames:
-                try:
-                    file_path = f"{UPLOADS_PATH}/{filename}"
-                    os.remove(file_path)
-                except Exception:
-                    pass
-            upload_volume.commit()
-
-    @app.post("/v1/audio/transcriptions-from-url", dependencies=[Depends(apikey_auth)])
-    def transcribe_from_url(
-        audio_file_url: str = Body(
-            ..., description="URL of the audio file to transcribe"
-        ),
-        model: str = Body(MODEL_NAME),
-        language: str = Body("en"),
-        timestamp_offset: float = Body(0.0),
-    ):
-        unique_filename, _audio_suffix = download_audio_to_volume(audio_file_url)
-        try:
-            func = transcriber_file.transcribe_segment.spawn(
-                filename=unique_filename,
-                timestamp_offset=timestamp_offset,
-                language=language,
-            )
-            result = func.get()
-            return result
-        finally:
-            try:
-                file_path = f"{UPLOADS_PATH}/{unique_filename}"
-                os.remove(file_path)
-                upload_volume.commit()
-            except Exception:
-                pass
+        func = transcriber.transcribe_segment.spawn(
+            audio_data=audio_data,
+            audio_suffix=audio_suffix,
+            language=language,
+        )
+        result = func.get()
+        return result
 
     return app
-
-
-class NoStdStreams:
-    def __init__(self):
-        self.devnull = open(os.devnull, "w")
-
-    def __enter__(self):
-        self._stdout, self._stderr = sys.stdout, sys.stderr
-        self._stdout.flush()
-        self._stderr.flush()
-        sys.stdout, sys.stderr = self.devnull, self.devnull
-
-    def __exit__(self, exc_type, exc_value, traceback):
-        sys.stdout, sys.stderr = self._stdout, self._stderr
-        self.devnull.close()

server/reflector/db/meetings.py

@@ -2,6 +2,7 @@ from datetime import datetime
 from typing import Literal
 
 import sqlalchemy as sa
+from fastapi import HTTPException
 from pydantic import BaseModel, Field
 
 from reflector.db import get_database, metadata
@@ -177,6 +178,23 @@ class MeetingController:
             return None
         return Meeting(**result)
 
+    async def get_by_id_for_http(self, meeting_id: str, user_id: str | None) -> Meeting:
+        """
+        Get a meeting by ID for HTTP request.
+
+        If not found, it will raise a 404 error.
+        """
+        query = meetings.select().where(meetings.c.id == meeting_id)
+        result = await get_database().fetch_one(query)
+        if not result:
+            raise HTTPException(status_code=404, detail="Meeting not found")
+
+        meeting = Meeting(**result)
+        if result["user_id"] != user_id:
+            meeting.host_room_url = ""
+
+        return meeting
+
     async def update_meeting(self, meeting_id: str, **kwargs):
         query = meetings.update().where(meetings.c.id == meeting_id).values(**kwargs)
         await get_database().execute(query)

server/reflector/db/search.py

@@ -23,7 +23,7 @@ from pydantic import (
 
 from reflector.db import get_database
 from reflector.db.rooms import rooms
-from reflector.db.transcripts import SourceKind, TranscriptStatus, transcripts
+from reflector.db.transcripts import SourceKind, transcripts
 from reflector.db.utils import is_postgresql
 from reflector.logger import logger
 from reflector.utils.string import NonEmptyString, try_parse_non_empty_string
@@ -161,7 +161,7 @@ class SearchResult(BaseModel):
     room_name: str | None = None
     source_kind: SourceKind
     created_at: datetime
-    status: TranscriptStatus = Field(..., min_length=1)
+    status: str = Field(..., min_length=1)
     rank: float = Field(..., ge=0, le=1)
     duration: NonNegativeFloat | None = Field(..., description="Duration in seconds")
     search_snippets: list[str] = Field(

server/reflector/processors/file_diarization_modal.py

@@ -47,7 +47,6 @@ class FileDiarizationModalProcessor(FileDiarizationProcessor):
                     "audio_file_url": data.audio_url,
                     "timestamp": 0,
                 },
-                follow_redirects=True,
             )
             response.raise_for_status()
             diarization_data = response.json()["diarization"]

server/reflector/processors/file_transcript_modal.py

@@ -54,7 +54,6 @@ class FileTranscriptModalProcessor(FileTranscriptProcessor):
                     "language": data.language,
                     "batch": True,
                 },
-                follow_redirects=True,
             )
             response.raise_for_status()
             result = response.json()

server/reflector/settings.py

@@ -1,8 +1,6 @@
 from pydantic.types import PositiveInt
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
-from reflector.utils.string import NonEmptyString
-
 
 class Settings(BaseSettings):
     model_config = SettingsConfigDict(
@@ -122,7 +120,7 @@ class Settings(BaseSettings):
 
     # Whereby integration
     WHEREBY_API_URL: str = "https://api.whereby.dev/v1"
-    WHEREBY_API_KEY: NonEmptyString | None = None
+    WHEREBY_API_KEY: str | None = None
     WHEREBY_WEBHOOK_SECRET: str | None = None
     AWS_WHEREBY_ACCESS_KEY_ID: str | None = None
     AWS_WHEREBY_ACCESS_KEY_SECRET: str | None = None

server/reflector/utils/string.py

@@ -10,11 +10,8 @@ NonEmptyString = Annotated[
 non_empty_string_adapter = TypeAdapter(NonEmptyString)
 
 
-def parse_non_empty_string(s: str, error: str | None = None) -> NonEmptyString:
-    try:
-        return non_empty_string_adapter.validate_python(s)
-    except Exception as e:
-        raise ValueError(f"{e}: {error}" if error else e) from e
+def parse_non_empty_string(s: str) -> NonEmptyString:
+    return non_empty_string_adapter.validate_python(s)
 
 
 def try_parse_non_empty_string(s: str) -> NonEmptyString | None:

server/reflector/views/rooms.py

@@ -215,10 +215,14 @@ async def rooms_create_meeting(
         except (asyncpg.exceptions.UniqueViolationError, sqlite3.IntegrityError):
             # Another request already created a meeting for this room
             # Log this race condition occurrence
-            logger.warning(
-                "Race condition detected for room %s and meeting %s - fetching existing meeting",
+            logger.info(
+                "Race condition detected for room %s - fetching existing meeting",
                 room.name,
+            )
+            logger.warning(
+                "Whereby meeting %s was created but not used (resource leak) for room %s",
                 whereby_meeting["meetingId"],
+                room.name,
             )
 
             # Fetch the meeting that was created by the other request
@@ -228,9 +232,7 @@ async def rooms_create_meeting(
             if meeting is None:
                 # Edge case: meeting was created but expired/deleted between checks
                 logger.error(
-                    "Meeting disappeared after race condition for room %s",
-                    room.name,
-                    exc_info=True,
+                    "Meeting disappeared after race condition for room %s", room.name
                 )
                 raise HTTPException(
                     status_code=503, detail="Unable to join meeting - please try again"

server/reflector/views/transcripts.py

@@ -350,6 +350,8 @@ async def transcript_update(
     transcript = await transcripts_controller.get_by_id_for_http(
         transcript_id, user_id=user_id
     )
+    if not transcript:
+        raise HTTPException(status_code=404, detail="Transcript not found")
     values = info.dict(exclude_unset=True)
     updated_transcript = await transcripts_controller.update(transcript, values)
     return updated_transcript

server/reflector/whereby.py

@@ -1,60 +1,18 @@
-import logging
 from datetime import datetime
 
 import httpx
 
 from reflector.db.rooms import Room
 from reflector.settings import settings
-from reflector.utils.string import parse_non_empty_string
-
-logger = logging.getLogger(__name__)
-
-
-def _get_headers():
-    api_key = parse_non_empty_string(
-        settings.WHEREBY_API_KEY, "WHEREBY_API_KEY value is required."
-    )
-    return {
-        "Content-Type": "application/json; charset=utf-8",
-        "Authorization": f"Bearer {api_key}",
-    }
-
 
+HEADERS = {
+    "Content-Type": "application/json; charset=utf-8",
+    "Authorization": f"Bearer {settings.WHEREBY_API_KEY}",
+}
 TIMEOUT = 10  # seconds
 
 
-def _get_whereby_s3_auth():
-    errors = []
-    try:
-        bucket_name = parse_non_empty_string(
-            settings.RECORDING_STORAGE_AWS_BUCKET_NAME,
-            "RECORDING_STORAGE_AWS_BUCKET_NAME value is required.",
-        )
-    except Exception as e:
-        errors.append(e)
-    try:
-        key_id = parse_non_empty_string(
-            settings.AWS_WHEREBY_ACCESS_KEY_ID,
-            "AWS_WHEREBY_ACCESS_KEY_ID value is required.",
-        )
-    except Exception as e:
-        errors.append(e)
-    try:
-        key_secret = parse_non_empty_string(
-            settings.AWS_WHEREBY_ACCESS_KEY_SECRET,
-            "AWS_WHEREBY_ACCESS_KEY_SECRET value is required.",
-        )
-    except Exception as e:
-        errors.append(e)
-    if len(errors) > 0:
-        raise Exception(
-            f"Failed to get Whereby auth settings: {', '.join(str(e) for e in errors)}"
-        )
-    return bucket_name, key_id, key_secret
-
-
 async def create_meeting(room_name_prefix: str, end_date: datetime, room: Room):
-    s3_bucket_name, s3_key_id, s3_key_secret = _get_whereby_s3_auth()
     data = {
         "isLocked": room.is_locked,
         "roomNamePrefix": room_name_prefix,
@@ -65,26 +23,23 @@ async def create_meeting(room_name_prefix: str, end_date: datetime, room: Room):
             "type": room.recording_type,
             "destination": {
                 "provider": "s3",
-                "bucket": s3_bucket_name,
-                "accessKeyId": s3_key_id,
-                "accessKeySecret": s3_key_secret,
+                "bucket": settings.RECORDING_STORAGE_AWS_BUCKET_NAME,
+                "accessKeyId": settings.AWS_WHEREBY_ACCESS_KEY_ID,
+                "accessKeySecret": settings.AWS_WHEREBY_ACCESS_KEY_SECRET,
                 "fileFormat": "mp4",
             },
             "startTrigger": room.recording_trigger,
         },
         "fields": ["hostRoomUrl"],
     }
+
     async with httpx.AsyncClient() as client:
         response = await client.post(
             f"{settings.WHEREBY_API_URL}/meetings",
-            headers=_get_headers(),
+            headers=HEADERS,
             json=data,
             timeout=TIMEOUT,
         )
-        if response.status_code == 403:
-            logger.warning(
-                f"Failed to create meeting: access denied on Whereby: {response.text}"
-            )
         response.raise_for_status()
         return response.json()
 
@@ -93,7 +48,7 @@ async def get_room_sessions(room_name: str):
     async with httpx.AsyncClient() as client:
         response = await client.get(
             f"{settings.WHEREBY_API_URL}/insights/room-sessions?roomName={room_name}",
-            headers=_get_headers(),
+            headers=HEADERS,
             timeout=TIMEOUT,
         )
         response.raise_for_status()

server/tests/test_gpu_modal_transcript.py

@@ -272,9 +272,6 @@ class TestGPUModalTranscript:
                 for f in temp_files:
                     Path(f).unlink(missing_ok=True)
 
-    @pytest.mark.skipif(
-        not "parakeet" in get_model_name(), reason="Parakeet only supports English"
-    )
     def test_transcriptions_error_handling(self):
         """Test error handling for invalid requests."""
         url = get_modal_transcript_url()

server/tests/test_search.py

@@ -58,7 +58,7 @@ async def test_empty_transcript_title_only_match():
             "id": test_id,
             "name": "Empty Transcript",
             "title": "Empty Meeting",
-            "status": "ended",
+            "status": "completed",
             "locked": False,
             "duration": 0.0,
             "created_at": datetime.now(timezone.utc),
@@ -109,7 +109,7 @@ async def test_search_with_long_summary():
             "id": test_id,
             "name": "Test Long Summary",
             "title": "Regular Meeting",
-            "status": "ended",
+            "status": "completed",
             "locked": False,
             "duration": 1800.0,
             "created_at": datetime.now(timezone.utc),
@@ -165,7 +165,7 @@ async def test_postgresql_search_with_data():
             "id": test_id,
             "name": "Test Search Transcript",
             "title": "Engineering Planning Meeting Q4 2024",
-            "status": "ended",
+            "status": "completed",
             "locked": False,
             "duration": 1800.0,
             "created_at": datetime.now(timezone.utc),
@@ -221,7 +221,7 @@ We need to implement PostgreSQL tsvector for better performance.""",
         test_result = next((r for r in results if r.id == test_id), None)
         if test_result:
             assert test_result.title == "Engineering Planning Meeting Q4 2024"
-            assert test_result.status == "ended"
+            assert test_result.status == "completed"
             assert test_result.duration == 1800.0
             assert 0 <= test_result.rank <= 1, "Rank should be normalized to 0-1"
 
@@ -268,7 +268,7 @@ def mock_db_result():
         "title": "Test Transcript",
         "created_at": datetime(2024, 6, 15, tzinfo=timezone.utc),
         "duration": 3600.0,
-        "status": "ended",
+        "status": "completed",
         "user_id": "test-user",
         "room_id": "room1",
         "source_kind": SourceKind.LIVE,
@@ -433,7 +433,7 @@ class TestSearchResultModel:
             room_id="room-456",
             source_kind=SourceKind.ROOM,
             created_at=datetime(2024, 6, 15, tzinfo=timezone.utc),
-            status="ended",
+            status="completed",
             rank=0.85,
             duration=1800.5,
             search_snippets=["snippet 1", "snippet 2"],
@@ -443,7 +443,7 @@ class TestSearchResultModel:
         assert result.title == "Test Title"
         assert result.user_id == "user-123"
         assert result.room_id == "room-456"
-        assert result.status == "ended"
+        assert result.status == "completed"
         assert result.rank == 0.85
         assert result.duration == 1800.5
         assert len(result.search_snippets) == 2
@@ -474,7 +474,7 @@ class TestSearchResultModel:
             id="test-id",
             source_kind=SourceKind.LIVE,
             created_at=datetime(2024, 6, 15, 12, 30, 45, tzinfo=timezone.utc),
-            status="ended",
+            status="completed",
             rank=0.9,
             duration=None,
             search_snippets=[],

server/tests/test_search_long_summary.py

@@ -25,7 +25,7 @@ async def test_long_summary_snippet_prioritization():
             "id": test_id,
             "name": "Test Snippet Priority",
             "title": "Meeting About Projects",
-            "status": "ended",
+            "status": "completed",
             "locked": False,
             "duration": 1800.0,
             "created_at": datetime.now(timezone.utc),
@@ -106,7 +106,7 @@ async def test_long_summary_only_search():
             "id": test_id,
             "name": "Test Long Only",
             "title": "Standard Meeting",
-            "status": "ended",
+            "status": "completed",
             "locked": False,
             "duration": 1800.0,
             "created_at": datetime.now(timezone.utc),

www/.env.example

@@ -1,34 +0,0 @@
-# Environment
-ENVIRONMENT=development
-NEXT_PUBLIC_ENV=development
-
-# Site Configuration
-NEXT_PUBLIC_SITE_URL=http://localhost:3000
-
-# Nextauth envs
-# not used in app code but in lib code
-NEXTAUTH_URL=http://localhost:3000
-NEXTAUTH_SECRET=your-nextauth-secret-here
-# / Nextauth envs
-
-# Authentication (Authentik OAuth/OIDC)
-AUTHENTIK_ISSUER=https://authentik.example.com/application/o/reflector
-AUTHENTIK_REFRESH_TOKEN_URL=https://authentik.example.com/application/o/token/
-AUTHENTIK_CLIENT_ID=your-client-id-here
-AUTHENTIK_CLIENT_SECRET=your-client-secret-here
-
-# Feature Flags
-# NEXT_PUBLIC_FEATURE_REQUIRE_LOGIN=true
-# NEXT_PUBLIC_FEATURE_PRIVACY=false
-# NEXT_PUBLIC_FEATURE_BROWSE=true
-# NEXT_PUBLIC_FEATURE_SEND_TO_ZULIP=true
-# NEXT_PUBLIC_FEATURE_ROOMS=true
-
-# API URLs
-NEXT_PUBLIC_API_URL=http://127.0.0.1:1250
-NEXT_PUBLIC_WEBSOCKET_URL=ws://127.0.0.1:1250
-NEXT_PUBLIC_AUTH_CALLBACK_URL=http://localhost:3000/auth-callback
-
-# Sentry
-# SENTRY_DSN=https://your-dsn@sentry.io/project-id
-# SENTRY_IGNORE_API_RESOLUTION_ERROR=1

www/.gitignore

@@ -40,6 +40,7 @@ next-env.d.ts
 # Sentry Auth Token
 .sentryclirc
 
+config.ts
 
 # openapi logs
 openapi-ts-error-*.log

www/app/(app)/AuthWrapper.tsx

@@ -2,7 +2,6 @@
 
 import { Flex, Spinner } from "@chakra-ui/react";
 import { useAuth } from "../lib/AuthProvider";
-import { useLoginRequiredPages } from "../lib/useLoginRequiredPages";
 
 export default function AuthWrapper({
   children,
@@ -10,10 +9,8 @@ export default function AuthWrapper({
   children: React.ReactNode;
 }) {
   const auth = useAuth();
-  const redirectPath = useLoginRequiredPages();
-  const redirectHappens = !!redirectPath;
 
-  if (auth.status === "loading" || redirectHappens) {
+  if (auth.status === "loading") {
     return (
       <Flex
         flexDir="column"

www/app/(app)/browse/_components/TranscriptStatusIcon.tsx

@@ -7,10 +7,9 @@ import {
   FaMicrophone,
   FaGear,
 } from "react-icons/fa6";
-import { TranscriptStatus } from "../../../lib/transcript";
 
 interface TranscriptStatusIconProps {
-  status: TranscriptStatus;
+  status: string;
 }
 
 export default function TranscriptStatusIcon({

www/app/(app)/layout.tsx

@@ -1,5 +1,5 @@
 import { Container, Flex, Link } from "@chakra-ui/react";
-import { featureEnabled } from "../lib/features";
+import { getConfig } from "../lib/edgeConfig";
 import NextLink from "next/link";
 import Image from "next/image";
 import UserInfo from "../(auth)/userInfo";
@@ -11,6 +11,8 @@ export default async function AppLayout({
 }: {
   children: React.ReactNode;
 }) {
+  const config = await getConfig();
+  const { requireLogin, privacy, browse, rooms } = config.features;
   return (
     <Container
       minW="100vw"
@@ -56,7 +58,7 @@ export default async function AppLayout({
           >
             Create
           </Link>
-          {featureEnabled("browse") ? (
+          {browse ? (
             <>
               &nbsp;·&nbsp;
               <Link href="/browse" as={NextLink} className="font-light px-2">
@@ -66,7 +68,7 @@ export default async function AppLayout({
           ) : (
             <></>
           )}
-          {featureEnabled("rooms") ? (
+          {rooms ? (
             <>
               &nbsp;·&nbsp;
               <Link href="/rooms" as={NextLink} className="font-light px-2">
@@ -76,7 +78,7 @@ export default async function AppLayout({
           ) : (
             <></>
           )}
-          {featureEnabled("requireLogin") ? (
+          {requireLogin ? (
             <>
               &nbsp;·&nbsp;
               <UserInfo />

www/app/(app)/transcripts/[transcriptId]/_components/TopicList.tsx

@@ -3,10 +3,8 @@ import ScrollToBottom from "../../scrollToBottom";
 import { Topic } from "../../webSocketTypes";
 import useParticipants from "../../useParticipants";
 import { Box, Flex, Text, Accordion } from "@chakra-ui/react";
+import { featureEnabled } from "../../../../domainContext";
 import { TopicItem } from "./TopicItem";
-import { TranscriptStatus } from "../../../../lib/transcript";
-
-import { featureEnabled } from "../../../../lib/features";
 
 type TopicListProps = {
   topics: Topic[];
@@ -16,7 +14,7 @@ type TopicListProps = {
   ];
   autoscroll: boolean;
   transcriptId: string;
-  status: TranscriptStatus | null;
+  status: string;
   currentTranscriptText: any;
 };
 

www/app/(app)/transcripts/[transcriptId]/correct/page.tsx

@@ -9,10 +9,8 @@ import ParticipantList from "./participantList";
 import type { components } from "../../../../reflector-api";
 type GetTranscriptTopic = components["schemas"]["GetTranscriptTopic"];
 import { SelectedText, selectedTextIsTimeSlice } from "./types";
-import {
-  useTranscriptGet,
-  useTranscriptUpdate,
-} from "../../../../lib/apiHooks";
+import { useTranscriptUpdate } from "../../../../lib/apiHooks";
+import useTranscript from "../../useTranscript";
 import { useError } from "../../../../(errors)/errorContext";
 import { useRouter } from "next/navigation";
 import { Box, Grid } from "@chakra-ui/react";
@@ -27,7 +25,7 @@ export default function TranscriptCorrect({
   params: { transcriptId },
 }: TranscriptCorrect) {
   const updateTranscriptMutation = useTranscriptUpdate();
-  const transcript = useTranscriptGet(transcriptId);
+  const transcript = useTranscript(transcriptId);
   const stateCurrentTopic = useState<GetTranscriptTopic>();
   const [currentTopic, _sct] = stateCurrentTopic;
   const stateSelectedText = useState<SelectedText>();
@@ -38,7 +36,7 @@ export default function TranscriptCorrect({
   const router = useRouter();
 
   const markAsDone = async () => {
-    if (transcript.data && !transcript.data.reviewed) {
+    if (transcript.response && !transcript.response.reviewed) {
       try {
         await updateTranscriptMutation.mutateAsync({
           params: {
@@ -116,7 +114,7 @@ export default function TranscriptCorrect({
           }}
         />
       </Grid>
-      {transcript.data && !transcript.data?.reviewed && (
+      {transcript.response && !transcript.response?.reviewed && (
         <div className="flex flex-row justify-end">
           <button
             className="p-2 px-4 rounded bg-green-400"

www/app/(app)/transcripts/[transcriptId]/page.tsx

@@ -1,5 +1,6 @@
 "use client";
 import Modal from "../modal";
+import useTranscript from "../useTranscript";
 import useTopics from "../useTopics";
 import useWaveform from "../useWaveform";
 import useMp3 from "../useMp3";
@@ -11,8 +12,6 @@ import TranscriptTitle from "../transcriptTitle";
 import Player from "../player";
 import { useRouter } from "next/navigation";
 import { Box, Flex, Grid, GridItem, Skeleton, Text } from "@chakra-ui/react";
-import { useTranscriptGet } from "../../../lib/apiHooks";
-import { TranscriptStatus } from "../../../lib/transcript";
 
 type TranscriptDetails = {
   params: {
@@ -23,15 +22,11 @@ type TranscriptDetails = {
 export default function TranscriptDetails(details: TranscriptDetails) {
   const transcriptId = details.params.transcriptId;
   const router = useRouter();
-  const statusToRedirect = [
-    "idle",
-    "recording",
-    "processing",
-  ] satisfies TranscriptStatus[] as TranscriptStatus[];
+  const statusToRedirect = ["idle", "recording", "processing"];
 
-  const transcript = useTranscriptGet(transcriptId);
-  const waiting =
-    transcript.data && statusToRedirect.includes(transcript.data.status);
+  const transcript = useTranscript(transcriptId);
+  const transcriptStatus = transcript.response?.status;
+  const waiting = statusToRedirect.includes(transcriptStatus || "");
 
   const mp3 = useMp3(transcriptId, waiting);
   const topics = useTopics(transcriptId);
@@ -61,7 +56,7 @@ export default function TranscriptDetails(details: TranscriptDetails) {
     );
   }
 
-  if (transcript?.isLoading || topics?.loading) {
+  if (transcript?.loading || topics?.loading) {
     return <Modal title="Loading" text={"Loading transcript..."} />;
   }
 
@@ -91,7 +86,7 @@ export default function TranscriptDetails(details: TranscriptDetails) {
                 useActiveTopic={useActiveTopic}
                 waveform={waveform.waveform}
                 media={mp3.media}
-                mediaDuration={transcript.data?.duration || null}
+                mediaDuration={transcript.response?.duration || null}
               />
             ) : !mp3.loading && (waveform.error || mp3.error) ? (
               <Box p={4} bg="red.100" borderRadius="md">
@@ -121,10 +116,10 @@ export default function TranscriptDetails(details: TranscriptDetails) {
             <Flex direction="column" gap={0}>
               <Flex alignItems="center" gap={2}>
                 <TranscriptTitle
-                  title={transcript.data?.title || "Unnamed Transcript"}
+                  title={transcript.response?.title || "Unnamed Transcript"}
                   transcriptId={transcriptId}
                   onUpdate={(newTitle) => {
-                    transcript.refetch().then(() => {});
+                    transcript.reload();
                   }}
                 />
               </Flex>
@@ -141,23 +136,23 @@ export default function TranscriptDetails(details: TranscriptDetails) {
             useActiveTopic={useActiveTopic}
             autoscroll={false}
             transcriptId={transcriptId}
-            status={transcript.data?.status || null}
+            status={transcript.response?.status}
             currentTranscriptText=""
           />
-          {transcript.data && topics.topics ? (
+          {transcript.response && topics.topics ? (
             <>
               <FinalSummary
-                transcriptResponse={transcript.data}
+                transcriptResponse={transcript.response}
                 topicsResponse={topics.topics}
-                onUpdate={() => {
-                  transcript.refetch();
+                onUpdate={(newSummary) => {
+                  transcript.reload();
                 }}
               />
             </>
           ) : (
             <Flex justify={"center"} alignItems={"center"} h={"100%"}>
               <div className="flex flex-col h-full justify-center content-center">
-                {transcript?.data?.status == "processing" ? (
+                {transcript.response.status == "processing" ? (
                   <Text>Loading Transcript</Text>
                 ) : (
                   <Text>

www/app/(app)/transcripts/[transcriptId]/record/page.tsx

@@ -2,6 +2,7 @@
 import { useEffect, useState } from "react";
 import Recorder from "../../recorder";
 import { TopicList } from "../_components/TopicList";
+import useTranscript from "../../useTranscript";
 import { useWebSockets } from "../../useWebSockets";
 import { Topic } from "../../webSocketTypes";
 import { lockWakeState, releaseWakeState } from "../../../../lib/wakeLock";
@@ -10,8 +11,6 @@ import useMp3 from "../../useMp3";
 import WaveformLoading from "../../waveformLoading";
 import { Box, Text, Grid, Heading, VStack, Flex } from "@chakra-ui/react";
 import LiveTrancription from "../../liveTranscription";
-import { useTranscriptGet } from "../../../../lib/apiHooks";
-import { TranscriptStatus } from "../../../../lib/transcript";
 
 type TranscriptDetails = {
   params: {
@@ -20,7 +19,7 @@ type TranscriptDetails = {
 };
 
 const TranscriptRecord = (details: TranscriptDetails) => {
-  const transcript = useTranscriptGet(details.params.transcriptId);
+  const transcript = useTranscript(details.params.transcriptId);
   const [transcriptStarted, setTranscriptStarted] = useState(false);
   const useActiveTopic = useState<Topic | null>(null);
 
@@ -30,8 +29,8 @@ const TranscriptRecord = (details: TranscriptDetails) => {
 
   const router = useRouter();
 
-  const [status, setStatus] = useState<TranscriptStatus>(
-    webSockets.status?.value || transcript.data?.status || "idle",
+  const [status, setStatus] = useState(
+    webSockets.status.value || transcript.response?.status || "idle",
   );
 
   useEffect(() => {
@@ -42,7 +41,7 @@ const TranscriptRecord = (details: TranscriptDetails) => {
   useEffect(() => {
     //TODO HANDLE ERROR STATUS BETTER
     const newStatus =
-      webSockets.status?.value || transcript.data?.status || "idle";
+      webSockets.status.value || transcript.response?.status || "idle";
     setStatus(newStatus);
     if (newStatus && (newStatus == "ended" || newStatus == "error")) {
       console.log(newStatus, "redirecting");
@@ -50,7 +49,7 @@ const TranscriptRecord = (details: TranscriptDetails) => {
       const newUrl = "/transcripts/" + details.params.transcriptId;
       router.replace(newUrl);
     }
-  }, [webSockets.status?.value, transcript.data?.status]);
+  }, [webSockets.status.value, transcript.response?.status]);
 
   useEffect(() => {
     if (webSockets.waveform && webSockets.waveform) mp3.getNow();

www/app/(app)/transcripts/[transcriptId]/upload/page.tsx

@@ -1,12 +1,12 @@
 "use client";
 import { useEffect, useState } from "react";
+import useTranscript from "../../useTranscript";
 import { useWebSockets } from "../../useWebSockets";
 import { lockWakeState, releaseWakeState } from "../../../../lib/wakeLock";
 import { useRouter } from "next/navigation";
 import useMp3 from "../../useMp3";
 import { Center, VStack, Text, Heading, Button } from "@chakra-ui/react";
 import FileUploadButton from "../../fileUploadButton";
-import { useTranscriptGet } from "../../../../lib/apiHooks";
 
 type TranscriptUpload = {
   params: {
@@ -15,7 +15,7 @@ type TranscriptUpload = {
 };
 
 const TranscriptUpload = (details: TranscriptUpload) => {
-  const transcript = useTranscriptGet(details.params.transcriptId);
+  const transcript = useTranscript(details.params.transcriptId);
   const [transcriptStarted, setTranscriptStarted] = useState(false);
 
   const webSockets = useWebSockets(details.params.transcriptId);
@@ -25,13 +25,13 @@ const TranscriptUpload = (details: TranscriptUpload) => {
   const router = useRouter();
 
   const [status_, setStatus] = useState(
-    webSockets.status?.value || transcript.data?.status || "idle",
+    webSockets.status.value || transcript.response?.status || "idle",
   );
 
   // status is obviously done if we have transcript
   const status =
-    !transcript.isLoading && transcript.data?.status === "ended"
-      ? transcript.data?.status
+    !transcript.loading && transcript.response?.status === "ended"
+      ? transcript.response?.status
       : status_;
 
   useEffect(() => {
@@ -43,9 +43,9 @@ const TranscriptUpload = (details: TranscriptUpload) => {
     //TODO HANDLE ERROR STATUS BETTER
     // TODO deprecate webSockets.status.value / depend on transcript.response?.status from query lib
     const newStatus =
-      transcript.data?.status === "ended"
+      transcript.response?.status === "ended"
         ? "ended"
-        : webSockets.status?.value || transcript.data?.status || "idle";
+        : webSockets.status.value || transcript.response?.status || "idle";
     setStatus(newStatus);
     if (newStatus && (newStatus == "ended" || newStatus == "error")) {
       console.log(newStatus, "redirecting");
@@ -53,7 +53,7 @@ const TranscriptUpload = (details: TranscriptUpload) => {
       const newUrl = "/transcripts/" + details.params.transcriptId;
       router.replace(newUrl);
     }
-  }, [webSockets.status?.value, transcript.data?.status]);
+  }, [webSockets.status.value, transcript.response?.status]);
 
   useEffect(() => {
     if (webSockets.waveform && webSockets.waveform) mp3.getNow();

www/app/(app)/transcripts/new/page.tsx

@@ -9,6 +9,7 @@ import { useRouter } from "next/navigation";
 import useCreateTranscript from "../createTranscript";
 import SelectSearch from "react-select-search";
 import { supportedLanguages } from "../../../supportedLanguages";
+import { featureEnabled } from "../../../domainContext";
 import {
   Flex,
   Box,
@@ -20,9 +21,10 @@ import {
   Spacer,
 } from "@chakra-ui/react";
 import { useAuth } from "../../../lib/AuthProvider";
-import { featureEnabled } from "../../../lib/features";
+import type { components } from "../../../reflector-api";
 
 const TranscriptCreate = () => {
+  const isClient = typeof window !== "undefined";
   const router = useRouter();
   const auth = useAuth();
   const isAuthenticated = auth.status === "authenticated";
@@ -174,7 +176,7 @@ const TranscriptCreate = () => {
                     placeholder="Choose your language"
                   />
                 </Box>
-                {!loading ? (
+                {isClient && !loading ? (
                   permissionOk ? (
                     <Spacer />
                   ) : permissionDenied ? (

www/app/(app)/transcripts/recorder.tsx

@@ -11,11 +11,10 @@ import useAudioDevice from "./useAudioDevice";
 import { Box, Flex, IconButton, Menu, RadioGroup } from "@chakra-ui/react";
 import { LuScreenShare, LuMic, LuPlay, LuCircleStop } from "react-icons/lu";
 import { RECORD_A_MEETING_URL } from "../../api/urls";
-import { TranscriptStatus } from "../../lib/transcript";
 
 type RecorderProps = {
   transcriptId: string;
-  status: TranscriptStatus;
+  status: string;
 };
 
 export default function Recorder(props: RecorderProps) {

www/app/(app)/transcripts/shareAndPrivacy.tsx

@@ -1,4 +1,5 @@
 import { useEffect, useState } from "react";
+import { featureEnabled } from "../../domainContext";
 
 import { ShareMode, toShareMode } from "../../lib/shareMode";
 import type { components } from "../../reflector-api";
@@ -23,8 +24,6 @@ import ShareCopy from "./shareCopy";
 import ShareZulip from "./shareZulip";
 import { useAuth } from "../../lib/AuthProvider";
 
-import { featureEnabled } from "../../lib/features";
-
 type ShareAndPrivacyProps = {
   finalSummaryRef: any;
   transcriptResponse: GetTranscript;

www/app/(app)/transcripts/shareLink.tsx

@@ -1,9 +1,8 @@
 import React, { useState, useRef, useEffect, use } from "react";
+import { featureEnabled } from "../../domainContext";
 import { Button, Flex, Input, Text } from "@chakra-ui/react";
 import QRCode from "react-qr-code";
 
-import { featureEnabled } from "../../lib/features";
-
 type ShareLinkProps = {
   transcriptId: string;
 };

www/app/(app)/transcripts/shareZulip.tsx

@@ -1,4 +1,5 @@
 import { useState, useEffect, useMemo } from "react";
+import { featureEnabled } from "../../domainContext";
 import type { components } from "../../reflector-api";
 
 type GetTranscript = components["schemas"]["GetTranscript"];
@@ -24,8 +25,6 @@ import {
   useTranscriptPostToZulip,
 } from "../../lib/apiHooks";
 
-import { featureEnabled } from "../../lib/features";
-
 type ShareZulipProps = {
   transcriptResponse: GetTranscript;
   topicsResponse: GetTranscriptTopic[];

www/app/(app)/transcripts/useMp3.ts

@@ -1,7 +1,7 @@
-import { useEffect, useState } from "react";
+import { useContext, useEffect, useState } from "react";
+import { DomainContext } from "../../domainContext";
 import { useTranscriptGet } from "../../lib/apiHooks";
 import { useAuth } from "../../lib/AuthProvider";
-import { API_URL } from "../../lib/apiClient";
 
 export type Mp3Response = {
   media: HTMLMediaElement | null;
@@ -19,6 +19,7 @@ const useMp3 = (transcriptId: string, waiting?: boolean): Mp3Response => {
     null,
   );
   const [audioDeleted, setAudioDeleted] = useState<boolean | null>(null);
+  const { api_url } = useContext(DomainContext);
   const auth = useAuth();
   const accessTokenInfo =
     auth.status === "authenticated" ? auth.accessToken : null;
@@ -77,7 +78,7 @@ const useMp3 = (transcriptId: string, waiting?: boolean): Mp3Response => {
 
     // Audio is not deleted, proceed to load it
     audioElement = document.createElement("audio");
-    audioElement.src = `${API_URL}/v1/transcripts/${transcriptId}/audio/mp3`;
+    audioElement.src = `${api_url}/v1/transcripts/${transcriptId}/audio/mp3`;
     audioElement.crossOrigin = "anonymous";
     audioElement.preload = "auto";
 
@@ -109,7 +110,7 @@ const useMp3 = (transcriptId: string, waiting?: boolean): Mp3Response => {
         if (handleError) audioElement.removeEventListener("error", handleError);
       }
     };
-  }, [transcriptId, transcript, later]);
+  }, [transcriptId, transcript, later, api_url]);
 
   const getNow = () => {
     setLater(false);

www/app/(app)/transcripts/useTranscript.ts

@@ -0,0 +1,69 @@
+import type { components } from "../../reflector-api";
+import { useTranscriptGet } from "../../lib/apiHooks";
+
+type GetTranscript = components["schemas"]["GetTranscript"];
+
+type ErrorTranscript = {
+  error: Error;
+  loading: false;
+  response: null;
+  reload: () => void;
+};
+
+type LoadingTranscript = {
+  response: null;
+  loading: true;
+  error: false;
+  reload: () => void;
+};
+
+type SuccessTranscript = {
+  response: GetTranscript;
+  loading: false;
+  error: null;
+  reload: () => void;
+};
+
+const useTranscript = (
+  id: string | null,
+): ErrorTranscript | LoadingTranscript | SuccessTranscript => {
+  const { data, isLoading, error, refetch } = useTranscriptGet(id);
+
+  // Map to the expected return format
+  if (isLoading) {
+    return {
+      response: null,
+      loading: true,
+      error: false,
+      reload: refetch,
+    };
+  }
+
+  if (error) {
+    return {
+      error: error as Error,
+      loading: false,
+      response: null,
+      reload: refetch,
+    };
+  }
+
+  // Check if data is undefined or null
+  if (!data) {
+    return {
+      response: null,
+      loading: true,
+      error: false,
+      reload: refetch,
+    };
+  }
+
+  return {
+    response: data,
+    loading: false,
+    error: null,
+    reload: refetch,
+  };
+};
+
+export default useTranscript;

www/app/(app)/transcripts/useWebSockets.ts

@@ -1,12 +1,13 @@
-import { useEffect, useState } from "react";
+import { useContext, useEffect, useState } from "react";
 import { Topic, FinalSummary, Status } from "./webSocketTypes";
 import { useError } from "../../(errors)/errorContext";
+import { DomainContext } from "../../domainContext";
 import type { components } from "../../reflector-api";
 type AudioWaveform = components["schemas"]["AudioWaveform"];
 type GetTranscriptSegmentTopic =
   components["schemas"]["GetTranscriptSegmentTopic"];
 import { useQueryClient } from "@tanstack/react-query";
-import { $api, WEBSOCKET_URL } from "../../lib/apiClient";
+import { $api } from "../../lib/apiClient";
 
 export type UseWebSockets = {
   transcriptTextLive: string;
@@ -15,7 +16,7 @@ export type UseWebSockets = {
   title: string;
   topics: Topic[];
   finalSummary: FinalSummary;
-  status: Status | null;
+  status: Status;
   waveform: AudioWaveform | null;
   duration: number | null;
 };
@@ -33,9 +34,10 @@ export const useWebSockets = (transcriptId: string | null): UseWebSockets => {
   const [finalSummary, setFinalSummary] = useState<FinalSummary>({
     summary: "",
   });
-  const [status, setStatus] = useState<Status | null>(null);
+  const [status, setStatus] = useState<Status>({ value: "" });
   const { setError } = useError();
 
+  const { websocket_url: websocketUrl } = useContext(DomainContext);
   const queryClient = useQueryClient();
 
   const [accumulatedText, setAccumulatedText] = useState<string>("");
@@ -326,7 +328,7 @@ export const useWebSockets = (transcriptId: string | null): UseWebSockets => {
 
     if (!transcriptId) return;
 
-    const url = `${WEBSOCKET_URL}/v1/transcripts/${transcriptId}/events`;
+    const url = `${websocketUrl}/v1/transcripts/${transcriptId}/events`;
     let ws = new WebSocket(url);
 
     ws.onopen = () => {
@@ -492,7 +494,7 @@ export const useWebSockets = (transcriptId: string | null): UseWebSockets => {
     return () => {
       ws.close();
     };
-  }, [transcriptId]);
+  }, [transcriptId, websocketUrl]);
 
   return {
     transcriptTextLive,

www/app/(app)/transcripts/webSocketTypes.ts

@@ -1,5 +1,4 @@
 import type { components } from "../../reflector-api";
-import type { TranscriptStatus } from "../../lib/transcript";
 
 type GetTranscriptTopic = components["schemas"]["GetTranscriptTopic"];
 
@@ -14,7 +13,7 @@ export type FinalSummary = {
 };
 
 export type Status = {
-  value: TranscriptStatus;
+  value: string;
 };
 
 export type TranslatedTopic = {

www/app/domainContext.tsx

@@ -0,0 +1,49 @@
+"use client";
+import { createContext, useContext, useEffect, useState } from "react";
+import { DomainConfig } from "./lib/edgeConfig";
+
+type DomainContextType = Omit<DomainConfig, "auth_callback_url">;
+
+export const DomainContext = createContext<DomainContextType>({
+  features: {
+    requireLogin: false,
+    privacy: true,
+    browse: false,
+    sendToZulip: false,
+  },
+  api_url: "",
+  websocket_url: "",
+});
+
+export const DomainContextProvider = ({
+  config,
+  children,
+}: {
+  config: DomainConfig;
+  children: any;
+}) => {
+  const [context, setContext] = useState<DomainContextType>();
+
+  useEffect(() => {
+    if (!config) return;
+    const { auth_callback_url, ...others } = config;
+    setContext(others);
+  }, [config]);
+
+  if (!context) return;
+
+  return (
+    <DomainContext.Provider value={context}>{children}</DomainContext.Provider>
+  );
+};
+
+// Get feature config client-side with
+export const featureEnabled = (
+  featureName: "requireLogin" | "privacy" | "browse" | "sendToZulip",
+) => {
+  const context = useContext(DomainContext);
+
+  return context.features[featureName] as boolean | undefined;
+};
+
+// Get config server-side (out of react) : see lib/edgeConfig.

www/app/layout.tsx

@@ -3,7 +3,9 @@ import { Metadata, Viewport } from "next";
 import { Poppins } from "next/font/google";
 import { ErrorProvider } from "./(errors)/errorContext";
 import ErrorMessage from "./(errors)/errorMessage";
+import { DomainContextProvider } from "./domainContext";
 import { RecordingConsentProvider } from "./recordingConsentContext";
+import { getConfig } from "./lib/edgeConfig";
 import { ErrorBoundary } from "@sentry/nextjs";
 import { Providers } from "./providers";
 
@@ -66,17 +68,21 @@ export default async function RootLayout({
 }: {
   children: React.ReactNode;
 }) {
+  const config = await getConfig();
+
   return (
     <html lang="en" className={poppins.className} suppressHydrationWarning>
       <body className={"h-[100svh] w-[100svw] overflow-x-hidden relative"}>
-        <RecordingConsentProvider>
-          <ErrorBoundary fallback={<p>"something went really wrong"</p>}>
-            <ErrorProvider>
-              <ErrorMessage />
-              <Providers>{children}</Providers>
-            </ErrorProvider>
-          </ErrorBoundary>
-        </RecordingConsentProvider>
+        <DomainContextProvider config={config}>
+          <RecordingConsentProvider>
+            <ErrorBoundary fallback={<p>"something went really wrong"</p>}>
+              <ErrorProvider>
+                <ErrorMessage />
+                <Providers>{children}</Providers>
+              </ErrorProvider>
+            </ErrorBoundary>
+          </RecordingConsentProvider>
+        </DomainContextProvider>
       </body>
     </html>
   );

www/app/lib/AuthProvider.tsx

@@ -1,18 +1,17 @@
 "use client";
 
-import { createContext, useContext } from "react";
+import { createContext, useContext, useEffect } from "react";
 import { useSession as useNextAuthSession } from "next-auth/react";
 import { signOut, signIn } from "next-auth/react";
-import { configureApiAuth } from "./apiClient";
+import { configureApiAuth, configureApiAuthRefresh } from "./apiClient";
 import { assertCustomSession, CustomSession } from "./types";
 import { Session } from "next-auth";
 import { SessionAutoRefresh } from "./SessionAutoRefresh";
 import { REFRESH_ACCESS_TOKEN_ERROR } from "./auth";
-import { assertExists } from "./utils";
 
 type AuthContextType = (
   | { status: "loading" }
-  | { status: "refreshing"; user: CustomSession["user"] }
+  | { status: "refreshing" }
   | { status: "unauthenticated"; error?: string }
   | {
       status: "authenticated";
@@ -42,10 +41,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
               return { status };
             }
             case true: {
-              return {
-                status: "refreshing" as const,
-                user: assertExists(customSession).user,
-              };
+              return { status: "refreshing" as const };
             }
             default: {
               const _: never = sessionIsHere;
@@ -88,15 +84,16 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
   };
 
   // not useEffect, we need it ASAP
-  // apparently, still no guarantee this code runs before mutations are fired
   configureApiAuth(
-    contextValue.status === "authenticated"
-      ? contextValue.accessToken
-      : contextValue.status === "loading"
-        ? undefined
-        : null,
+    contextValue.status === "authenticated" ? contextValue.accessToken : null,
   );
 
+  useEffect(() => {
+    configureApiAuthRefresh(
+      contextValue.status === "authenticated" ? contextValue.update : null,
+    );
+  }, [contextValue.status === "authenticated" && contextValue.update]);
+
   return (
     <AuthContext.Provider value={contextValue}>
       <SessionAutoRefresh>{children}</SessionAutoRefresh>

www/app/lib/SessionAutoRefresh.tsx

@@ -9,11 +9,12 @@
 
 import { useEffect } from "react";
 import { useAuth } from "./AuthProvider";
-import { shouldRefreshToken } from "./auth";
+import { REFRESH_ACCESS_TOKEN_BEFORE } from "./auth";
+
+const REFRESH_BEFORE = REFRESH_ACCESS_TOKEN_BEFORE;
 
 export function SessionAutoRefresh({ children }) {
   const auth = useAuth();
-
   const accessTokenExpires =
     auth.status === "authenticated" ? auth.accessTokenExpires : null;
 
@@ -22,15 +23,18 @@ export function SessionAutoRefresh({ children }) {
     // and not too slow (debuggable)
     const INTERVAL_REFRESH_MS = 5000;
     const interval = setInterval(() => {
-      if (accessTokenExpires === null) return;
-      if (shouldRefreshToken(accessTokenExpires)) {
-        auth
-          .update()
-          .then(() => {})
-          .catch((e) => {
-            // note: 401 won't be considered error here
-            console.error("error refreshing auth token", e);
-          });
+      if (accessTokenExpires !== null) {
+        const timeLeft = accessTokenExpires - Date.now();
+        console.log("time left", timeLeft);
+        // if (timeLeft < REFRESH_BEFORE) {
+        //   auth
+        //     .update()
+        //     .then(() => {})
+        //     .catch((e) => {
+        //       // note: 401 won't be considered error here
+        //       console.error("error refreshing auth token", e);
+        //     });
+        // }
       }
     }, INTERVAL_REFRESH_MS);
 

www/app/lib/apiClient.tsx

@@ -2,46 +2,46 @@
 
 import createClient from "openapi-fetch";
 import type { paths } from "../reflector-api";
+import {
+  queryOptions,
+  useMutation,
+  useQuery,
+  useSuspenseQuery,
+} from "@tanstack/react-query";
 import createFetchClient from "openapi-react-query";
 import { assertExistsAndNonEmptyString } from "./utils";
 import { isBuildPhase } from "./next";
+import { Session } from "next-auth";
+import { assertCustomSession } from "./types";
+import { HttpMethod, PathsWithMethod } from "openapi-typescript-helpers";
 
-export const API_URL = !isBuildPhase
+const API_URL = !isBuildPhase
   ? assertExistsAndNonEmptyString(process.env.NEXT_PUBLIC_API_URL)
   : "http://localhost";
 
-// TODO decide strict validation or not
-export const WEBSOCKET_URL =
-  process.env.NEXT_PUBLIC_WEBSOCKET_URL || "ws://127.0.0.1:1250";
-
+// Create the base openapi-fetch client with a default URL
+// The actual URL will be set via middleware in AuthProvider
 export const client = createClient<paths>({
   baseUrl: API_URL,
 });
 
-const waitForAuthTokenDefinitivePresenceOrAbscence = async () => {
-  let tries = 0;
-  let time = 0;
-  const STEP = 100;
-  while (currentAuthToken === undefined) {
-    await new Promise((resolve) => setTimeout(resolve, STEP));
-    time += STEP;
-    tries++;
-    // most likely first try is more than enough, if it's more there's already something weird happens
-    if (tries > 10) {
-      // even when there's no auth assumed at all, we probably should explicitly call configureApiAuth(null)
-      throw new Error(
-        `Could not get auth token definitive presence/absence in ${time}ms. not calling configureApiAuth?`,
-      );
-    }
+export const $api = createFetchClient<paths>(client);
+
+let currentAuthToken: string | null | undefined = null;
+let refreshAuthCallback: (() => Promise<Session | null>) | null = null;
+
+const injectAuth = (request: Request, accessToken: string | null) => {
+  if (accessToken) {
+    request.headers.set("Authorization", `Bearer ${currentAuthToken}`);
+  } else {
+    request.headers.delete("Authorization");
   }
+  return request;
 };
 
 client.use({
-  async onRequest({ request }) {
-    await waitForAuthTokenDefinitivePresenceOrAbscence();
-    if (currentAuthToken) {
-      request.headers.set("Authorization", `Bearer ${currentAuthToken}`);
-    }
+  onRequest({ request }) {
+    request = injectAuth(request, currentAuthToken || null);
     // XXX Only set Content-Type if not already set (FormData will set its own boundary)
     // This is a work around for uploading file, we're passing a formdata
     // but the content type was still application/json
@@ -55,13 +55,46 @@ client.use({
   },
 });
 
-export const $api = createFetchClient<paths>(client);
-
-let currentAuthToken: string | null | undefined = undefined;
+client.use({
+  async onResponse({ response, request, params, schemaPath }) {
+    if (response.status === 401) {
+      console.log(
+        "response.status is 401!",
+        refreshAuthCallback,
+        request,
+        schemaPath,
+      );
+    }
+    if (response.status === 401 && refreshAuthCallback) {
+      try {
+        const session = await refreshAuthCallback();
+        if (!session) {
+          console.warn("Token refresh failed, no session returned");
+          return response;
+        }
+        const customSession = assertCustomSession(session);
+        currentAuthToken = customSession.accessToken;
+        const r = await client.request(
+          request.method as HttpMethod,
+          schemaPath as PathsWithMethod<paths, HttpMethod>,
+          ...params,
+        );
+        return r.response;
+      } catch (error) {
+        console.error("Token refresh failed during 401 retry:", error);
+      }
+    }
+    return response;
+  },
+});
 
 // the function contract: lightweight, idempotent
 export const configureApiAuth = (token: string | null | undefined) => {
-  // watch only for the initial loading; "reloading" state assumes token presence/absence
-  if (token === undefined && currentAuthToken !== undefined) return;
   currentAuthToken = token;
 };
+
+export const configureApiAuthRefresh = (
+  callback: (() => Promise<Session | null>) | null,
+) => {
+  refreshAuthCallback = callback;
+};

www/app/lib/apiHooks.ts

@@ -96,6 +96,8 @@ export function useTranscriptProcess() {
 }
 
 export function useTranscriptGet(transcriptId: string | null) {
+  const { isAuthenticated } = useAuthReady();
+
   return $api.useQuery(
     "get",
     "/v1/transcripts/{transcript_id}",
@@ -107,7 +109,7 @@ export function useTranscriptGet(transcriptId: string | null) {
       },
     },
     {
-      enabled: !!transcriptId,
+      enabled: !!transcriptId && isAuthenticated,
     },
   );
 }
@@ -290,16 +292,18 @@ export function useTranscriptUploadAudio() {
 }
 
 export function useTranscriptWaveform(transcriptId: string | null) {
+  const { isAuthenticated } = useAuthReady();
+
   return $api.useQuery(
     "get",
     "/v1/transcripts/{transcript_id}/audio/waveform",
     {
       params: {
-        path: { transcript_id: transcriptId! },
+        path: { transcript_id: transcriptId || "" },
       },
     },
     {
-      enabled: !!transcriptId,
+      enabled: !!transcriptId && isAuthenticated,
     },
   );
 }
@@ -312,7 +316,7 @@ export function useTranscriptMP3(transcriptId: string | null) {
     "/v1/transcripts/{transcript_id}/audio/mp3",
     {
       params: {
-        path: { transcript_id: transcriptId! },
+        path: { transcript_id: transcriptId || "" },
       },
     },
     {
@@ -322,6 +326,8 @@ export function useTranscriptMP3(transcriptId: string | null) {
 }
 
 export function useTranscriptTopics(transcriptId: string | null) {
+  const { isAuthenticated } = useAuthReady();
+
   return $api.useQuery(
     "get",
     "/v1/transcripts/{transcript_id}/topics",
@@ -331,7 +337,7 @@ export function useTranscriptTopics(transcriptId: string | null) {
       },
     },
     {
-      enabled: !!transcriptId,
+      enabled: !!transcriptId && isAuthenticated,
     },
   );
 }

www/app/lib/auth.ts

@@ -1,20 +1,3 @@
-import { assertExistsAndNonEmptyString } from "./utils";
-
 export const REFRESH_ACCESS_TOKEN_ERROR = "RefreshAccessTokenError" as const;
 // 4 min is 1 min less than default authentic value. here we assume that authentic won't be set to access tokens < 4 min
 export const REFRESH_ACCESS_TOKEN_BEFORE = 4 * 60 * 1000;
-
-export const shouldRefreshToken = (accessTokenExpires: number): boolean => {
-  const timeLeft = accessTokenExpires - Date.now();
-  return timeLeft < REFRESH_ACCESS_TOKEN_BEFORE;
-};
-
-export const LOGIN_REQUIRED_PAGES = [
-  "/transcripts/[!new]",
-  "/browse(.*)",
-  "/rooms(.*)",
-];
-
-export const PROTECTED_PAGES = new RegExp(
-  LOGIN_REQUIRED_PAGES.map((page) => `^${page}$`).join("|"),
-);

www/app/lib/authBackend.ts

@@ -2,25 +2,24 @@ import { AuthOptions } from "next-auth";
 import AuthentikProvider from "next-auth/providers/authentik";
 import type { JWT } from "next-auth/jwt";
 import { JWTWithAccessToken, CustomSession } from "./types";
-import {
-  assertExists,
-  assertExistsAndNonEmptyString,
-  assertNotExists,
-} from "./utils";
+import { assertExists, assertExistsAndNonEmptyString } from "./utils";
 import {
   REFRESH_ACCESS_TOKEN_BEFORE,
   REFRESH_ACCESS_TOKEN_ERROR,
-  shouldRefreshToken,
 } from "./auth";
 import {
   getTokenCache,
   setTokenCache,
   deleteTokenCache,
 } from "./redisTokenCache";
-import { tokenCacheRedis, redlock } from "./redisClient";
+import { tokenCacheRedis } from "./redisClient";
 import { isBuildPhase } from "./next";
 
+// REFRESH_ACCESS_TOKEN_BEFORE because refresh is based on access token expiration (imagine we cache it 30 days)
 const TOKEN_CACHE_TTL = REFRESH_ACCESS_TOKEN_BEFORE;
+
+const refreshLocks = new Map<string, Promise<JWTWithAccessToken>>();
+
 const CLIENT_ID = !isBuildPhase
   ? assertExistsAndNonEmptyString(process.env.AUTHENTIK_CLIENT_ID)
   : "noop";
@@ -46,53 +45,40 @@ export const authOptions: AuthOptions = {
   },
   callbacks: {
     async jwt({ token, account, user }) {
-      if (account && !account.access_token) {
-        await deleteTokenCache(tokenCacheRedis, `token:${token.sub}`);
-      }
+      console.log("token.sub jwt callback", token.sub);
+      const KEY = `token:${token.sub}`;
 
       if (account && user) {
         // called only on first login
         // XXX account.expires_in used in example is not defined for authentik backend, but expires_at is
-        if (account.access_token) {
-          const expiresAtS = assertExists(account.expires_at);
-          const expiresAtMs = expiresAtS * 1000;
+        const expiresAtS = assertExists(account.expires_at);
+        const expiresAtMs = expiresAtS * 1000;
+        if (!account.access_token) {
+          await deleteTokenCache(tokenCacheRedis, KEY);
+        } else {
           const jwtToken: JWTWithAccessToken = {
             ...token,
             accessToken: account.access_token,
             accessTokenExpires: expiresAtMs,
             refreshToken: account.refresh_token,
           };
-          if (jwtToken.error) {
-            await deleteTokenCache(tokenCacheRedis, `token:${token.sub}`);
-          } else {
-            assertNotExists(
-              jwtToken.error,
-              `panic! trying to cache token with error in jwt: ${jwtToken.error}`,
-            );
-            await setTokenCache(tokenCacheRedis, `token:${token.sub}`, {
-              token: jwtToken,
-              timestamp: Date.now(),
-            });
-            return jwtToken;
-          }
+          await setTokenCache(tokenCacheRedis, KEY, {
+            token: jwtToken,
+            timestamp: Date.now(),
+          });
+          return jwtToken;
         }
       }
 
-      const currentToken = await getTokenCache(
-        tokenCacheRedis,
-        `token:${token.sub}`,
+      const currentToken = await getTokenCache(tokenCacheRedis, KEY);
+      console.log(
+        "currentToken.token.accessTokenExpires",
+        currentToken?.token?.accessTokenExpires,
+        currentToken?.token?.accessTokenExpires
+          ? Date.now() < currentToken?.token?.accessTokenExpires
+          : "?",
       );
-      console.debug(
-        "currentToken from cache",
-        JSON.stringify(currentToken, null, 2),
-        "will be returned?",
-        currentToken &&
-          !shouldRefreshToken(currentToken.token.accessTokenExpires),
-      );
-      if (
-        currentToken &&
-        !shouldRefreshToken(currentToken.token.accessTokenExpires)
-      ) {
+      if (currentToken && Date.now() < currentToken.token.accessTokenExpires) {
         return currentToken.token;
       }
 
@@ -119,22 +105,20 @@ export const authOptions: AuthOptions = {
 async function lockedRefreshAccessToken(
   token: JWT,
 ): Promise<JWTWithAccessToken> {
-  const lockKey = `${token.sub}-lock`;
+  const lockKey = `${token.sub}-refresh`;
 
-  return redlock
-    .using([lockKey], 10000, async () => {
+  const existingRefresh = refreshLocks.get(lockKey);
+  if (existingRefresh) {
+    return await existingRefresh;
+  }
+
+  const refreshPromise = (async () => {
+    try {
       const cached = await getTokenCache(tokenCacheRedis, `token:${token.sub}`);
-      if (cached)
-        console.debug(
-          "received cached token. to delete?",
-          Date.now() - cached.timestamp > TOKEN_CACHE_TTL,
-        );
-      else console.debug("no cached token received");
       if (cached) {
         if (Date.now() - cached.timestamp > TOKEN_CACHE_TTL) {
           await deleteTokenCache(tokenCacheRedis, `token:${token.sub}`);
-        } else if (!shouldRefreshToken(cached.token.accessTokenExpires)) {
-          console.debug("returning cached token", cached.token);
+        } else if (Date.now() < cached.token.accessTokenExpires) {
           return cached.token;
         }
       }
@@ -142,35 +126,19 @@ async function lockedRefreshAccessToken(
       const currentToken = cached?.token || (token as JWTWithAccessToken);
       const newToken = await refreshAccessToken(currentToken);
 
-      console.debug("current token during refresh", currentToken);
-      console.debug("new token during refresh", newToken);
-
-      if (newToken.error) {
-        await deleteTokenCache(tokenCacheRedis, `token:${token.sub}`);
-        return newToken;
-      }
-
-      assertNotExists(
-        newToken.error,
-        `panic! trying to cache token with error during refresh: ${newToken.error}`,
-      );
       await setTokenCache(tokenCacheRedis, `token:${token.sub}`, {
         token: newToken,
         timestamp: Date.now(),
       });
 
       return newToken;
-    })
-    .catch((e) => {
-      console.error("error refreshing token", e);
-      deleteTokenCache(tokenCacheRedis, `token:${token.sub}`).catch((e) => {
-        console.error("error deleting errored token", e);
-      });
-      return {
-        ...token,
-        error: REFRESH_ACCESS_TOKEN_ERROR,
-      } as JWTWithAccessToken;
-    });
+    } finally {
+      setTimeout(() => refreshLocks.delete(lockKey), 100);
+    }
+  })();
+
+  refreshLocks.set(lockKey, refreshPromise);
+  return refreshPromise;
 }
 
 async function refreshAccessToken(token: JWT): Promise<JWTWithAccessToken> {

www/app/lib/edgeConfig.ts

@@ -0,0 +1,54 @@
+import { get } from "@vercel/edge-config";
+import { isBuildPhase } from "./next";
+
+type EdgeConfig = {
+  [domainWithDash: string]: {
+    features: {
+      [featureName in
+        | "requireLogin"
+        | "privacy"
+        | "browse"
+        | "sendToZulip"]: boolean;
+    };
+    auth_callback_url: string;
+    websocket_url: string;
+    api_url: string;
+  };
+};
+
+export type DomainConfig = EdgeConfig["domainWithDash"];
+
+// Edge config main keys can only be alphanumeric and _ or -
+export function edgeKeyToDomain(key: string) {
+  return key.replaceAll("_", ".");
+}
+
+export function edgeDomainToKey(domain: string) {
+  return domain.replaceAll(".", "_");
+}
+
+// get edge config server-side (prefer DomainContext when available), domain is the hostname
+export async function getConfig() {
+  if (process.env.NEXT_PUBLIC_ENV === "development") {
+    try {
+      return require("../../config").localConfig;
+    } catch (e) {
+      // next build() WILL try to execute the require above even if conditionally protected
+      // but thank god it at least runs catch{} block properly
+      if (!isBuildPhase) throw new Error(e);
+      return require("../../config-template").localConfig;
+    }
+  }
+
+  const domain = new URL(process.env.NEXT_PUBLIC_SITE_URL!).hostname;
+  let config = await get(edgeDomainToKey(domain));
+
+  if (typeof config !== "object") {
+    console.warn("No config for this domain, falling back to default");
+    config = await get(edgeDomainToKey("default"));
+  }
+
+  if (typeof config !== "object") throw Error("Error fetching config");
+
+  return config as DomainConfig;
+}

www/app/lib/features.ts

@@ -1,55 +0,0 @@
-export const FEATURES = [
-  "requireLogin",
-  "privacy",
-  "browse",
-  "sendToZulip",
-  "rooms",
-] as const;
-
-export type FeatureName = (typeof FEATURES)[number];
-
-export type Features = Readonly<Record<FeatureName, boolean>>;
-
-export const DEFAULT_FEATURES: Features = {
-  requireLogin: false,
-  privacy: true,
-  browse: false,
-  sendToZulip: false,
-  rooms: false,
-} as const;
-
-function parseBooleanEnv(
-  value: string | undefined,
-  defaultValue: boolean = false,
-): boolean {
-  if (!value) return defaultValue;
-  return value.toLowerCase() === "true";
-}
-
-// WARNING: keep process.env.* as-is, next.js won't see them if you generate dynamically
-const features: Features = {
-  requireLogin: parseBooleanEnv(
-    process.env.NEXT_PUBLIC_FEATURE_REQUIRE_LOGIN,
-    DEFAULT_FEATURES.requireLogin,
-  ),
-  privacy: parseBooleanEnv(
-    process.env.NEXT_PUBLIC_FEATURE_PRIVACY,
-    DEFAULT_FEATURES.privacy,
-  ),
-  browse: parseBooleanEnv(
-    process.env.NEXT_PUBLIC_FEATURE_BROWSE,
-    DEFAULT_FEATURES.browse,
-  ),
-  sendToZulip: parseBooleanEnv(
-    process.env.NEXT_PUBLIC_FEATURE_SEND_TO_ZULIP,
-    DEFAULT_FEATURES.sendToZulip,
-  ),
-  rooms: parseBooleanEnv(
-    process.env.NEXT_PUBLIC_FEATURE_ROOMS,
-    DEFAULT_FEATURES.rooms,
-  ),
-};
-
-export const featureEnabled = (featureName: FeatureName): boolean => {
-  return features[featureName];
-};

www/app/lib/redisClient.ts

@@ -1,41 +1,30 @@
 import Redis from "ioredis";
 import { isBuildPhase } from "./next";
-import Redlock, { ResourceLockedError } from "redlock";
 
 export type RedisClient = Pick<Redis, "get" | "setex" | "del">;
-export type RedlockClient = {
-  using: <T>(
-    keys: string | string[],
-    ttl: number,
-    cb: () => Promise<T>,
-  ) => Promise<T>;
-};
-const KV_USE_TLS = process.env.KV_USE_TLS
-  ? process.env.KV_USE_TLS === "true"
-  : undefined;
-
-let redisClient: Redis | null = null;
 
 const getRedisClient = (): RedisClient => {
-  if (redisClient) return redisClient;
   const redisUrl = process.env.KV_URL;
   if (!redisUrl) {
     throw new Error("KV_URL environment variable is required");
   }
-  redisClient = new Redis(redisUrl, {
+  const redis = new Redis(redisUrl, {
     maxRetriesPerRequest: 3,
-    ...(KV_USE_TLS === true
-      ? {
-          tls: {},
-        }
-      : {}),
+    lazyConnect: true,
   });
 
-  redisClient.on("error", (error) => {
+  redis.on("error", (error) => {
     console.error("Redis error:", error);
   });
 
-  return redisClient;
+  // not necessary but will indicate redis config errors by failfast at startup
+  // happens only once; after that connection is allowed to die and the lib is assumed to be able to restore it eventually
+  redis.connect().catch((e) => {
+    console.error("Failed to connect to Redis:", e);
+    process.exit(1);
+  });
+
+  return redis;
 };
 
 // next.js buildtime usage - we want to isolate next.js "build" time concepts here
@@ -54,25 +43,4 @@ const noopClient: RedisClient = (() => {
     del: noopDel,
   };
 })();
-
-const noopRedlock: RedlockClient = {
-  using: <T>(resource: string | string[], ttl: number, cb: () => Promise<T>) =>
-    cb(),
-};
-
-export const redlock: RedlockClient = isBuildPhase
-  ? noopRedlock
-  : (() => {
-      const r = new Redlock([getRedisClient()], {});
-      r.on("error", (error) => {
-        if (error instanceof ResourceLockedError) {
-          return;
-        }
-
-        // Log all other errors.
-        console.error(error);
-      });
-      return r;
-    })();
-
 export const tokenCacheRedis = isBuildPhase ? noopClient : getRedisClient();

www/app/lib/redisTokenCache.ts

@@ -9,6 +9,7 @@ const TokenCacheEntrySchema = z.object({
     accessToken: z.string(),
     accessTokenExpires: z.number(),
     refreshToken: z.string().optional(),
+    error: z.string().optional(),
   }),
   timestamp: z.number(),
 });
@@ -45,15 +46,14 @@ export async function getTokenCache(
   }
 }
 
-const TTL_SECONDS = 30 * 24 * 60 * 60;
-
 export async function setTokenCache(
   redis: KV,
   key: string,
   value: TokenCacheEntry,
 ): Promise<void> {
   const encodedValue = TokenCacheEntryCodec.encode(value);
-  await redis.setex(key, TTL_SECONDS, encodedValue);
+  const ttlSeconds = Math.floor(REFRESH_ACCESS_TOKEN_BEFORE / 1000);
+  await redis.setex(key, ttlSeconds, encodedValue);
 }
 
 export async function deleteTokenCache(redis: KV, key: string): Promise<void> {

www/app/lib/transcript.ts

@@ -1,5 +0,0 @@
-import { components } from "../reflector-api";
-
-type ApiTranscriptStatus = components["schemas"]["GetTranscript"]["status"];
-
-export type TranscriptStatus = ApiTranscriptStatus;

www/app/lib/types.ts

@@ -72,7 +72,3 @@ export const assertCustomSession = <S extends Session>(s: S): CustomSession => {
   // no other checks for now
   return r as CustomSession;
 };
-
-export type Mutable<T> = {
-  -readonly [P in keyof T]: T[P];
-};

www/app/lib/useLoginRequiredPages.ts

@@ -1,26 +0,0 @@
-// for paths that are not supposed to be public
-import { PROTECTED_PAGES } from "./auth";
-import { usePathname } from "next/navigation";
-import { useAuth } from "./AuthProvider";
-import { useEffect } from "react";
-
-const HOME = "/" as const;
-
-export const useLoginRequiredPages = () => {
-  const pathname = usePathname();
-  const isProtected = PROTECTED_PAGES.test(pathname);
-  const auth = useAuth();
-  const isNotLoggedIn = auth.status === "unauthenticated";
-  // safety
-  const isLastDestination = pathname === HOME;
-  const shouldRedirect = isNotLoggedIn && isProtected && !isLastDestination;
-  useEffect(() => {
-    if (!shouldRedirect) return;
-    // on the backend, the redirect goes straight to the auth provider, but we don't have it because it's hidden inside next-auth middleware
-    // so we just "softly" lead the user to the main page
-    // warning: if HOME redirects somewhere else, we won't be protected by isLastDestination
-    window.location.href = HOME;
-  }, [shouldRedirect]);
-  // optionally save from blink, since window.location.href takes a bit of time
-  return shouldRedirect ? HOME : null;
-};

www/app/lib/useUserName.ts

@@ -2,7 +2,6 @@ import { useAuth } from "./AuthProvider";
 
 export const useUserName = (): string | null | undefined => {
   const auth = useAuth();
-  if (auth.status !== "authenticated" && auth.status !== "refreshing")
-    return undefined;
+  if (auth.status !== "authenticated") return undefined;
   return auth.user?.name || null;
 };

www/app/lib/utils.ts

@@ -158,19 +158,7 @@ export const assertExists = <T>(
   return value;
 };
 
-export const assertNotExists = <T>(
-  value: T | null | undefined,
-  err?: string,
-): void => {
-  if (value !== null && value !== undefined) {
-    throw new Error(
-      `Assertion failed: ${err ?? "value is not null or undefined"}`,
-    );
-  }
-};
-
 export const assertExistsAndNonEmptyString = (
   value: string | null | undefined,
-  err?: string,
 ): NonEmptyString =>
-  parseNonEmptyString(assertExists(value, err || "Expected non-empty string"));
+  parseNonEmptyString(assertExists(value, "Expected non-empty string"));

www/app/providers.tsx

@@ -2,8 +2,8 @@
 
 import { ChakraProvider } from "@chakra-ui/react";
 import system from "./styles/theme";
-import dynamic from "next/dynamic";
 
+import { WherebyProvider } from "@whereby.com/browser-sdk/react";
 import { Toaster } from "./components/ui/toaster";
 import { NuqsAdapter } from "nuqs/adapters/next/app";
 import { QueryClientProvider } from "@tanstack/react-query";
@@ -11,14 +11,6 @@ import { queryClient } from "./lib/queryClient";
 import { AuthProvider } from "./lib/AuthProvider";
 import { SessionProvider as SessionProviderNextAuth } from "next-auth/react";
 
-const WherebyProvider = dynamic(
-  () =>
-    import("@whereby.com/browser-sdk/react").then((mod) => ({
-      default: mod.WherebyProvider,
-    })),
-  { ssr: false },
-);
-
 export function Providers({ children }: { children: React.ReactNode }) {
   return (
     <NuqsAdapter>

www/app/reflector-api.d.ts

@@ -926,17 +926,8 @@ export interface components {
       source_kind: components["schemas"]["SourceKind"];
       /** Created At */
       created_at: string;
-      /**
-       * Status
-       * @enum {string}
-       */
-      status:
-        | "idle"
-        | "uploaded"
-        | "recording"
-        | "processing"
-        | "error"
-        | "ended";
+      /** Status */
+      status: string;
       /** Rank */
       rank: number;
       /**

www/config-template.ts

@@ -0,0 +1,13 @@
+export const localConfig = {
+  features: {
+    requireLogin: true,
+    privacy: true,
+    browse: true,
+    sendToZulip: true,
+    rooms: true,
+  },
+  api_url: "http://127.0.0.1:1250",
+  websocket_url: "ws://127.0.0.1:1250",
+  auth_callback_url: "http://localhost:3000/auth-callback",
+  zulip_streams: "", // Find the value on zulip
+};

www/middleware.ts

@@ -1,7 +1,16 @@
 import { withAuth } from "next-auth/middleware";
-import { featureEnabled } from "./app/lib/features";
+import { getConfig } from "./app/lib/edgeConfig";
 import { NextResponse } from "next/server";
-import { PROTECTED_PAGES } from "./app/lib/auth";
+
+const LOGIN_REQUIRED_PAGES = [
+  "/transcripts/[!new]",
+  "/browse(.*)",
+  "/rooms(.*)",
+];
+
+const PROTECTED_PAGES = new RegExp(
+  LOGIN_REQUIRED_PAGES.map((page) => `^${page}$`).join("|"),
+);
 
 export const config = {
   matcher: [
@@ -19,12 +28,13 @@ export const config = {
 
 export default withAuth(
   async function middleware(request) {
+    const config = await getConfig();
     const pathname = request.nextUrl.pathname;
 
     // feature-flags protected paths
     if (
-      (!featureEnabled("browse") && pathname.startsWith("/browse")) ||
-      (!featureEnabled("rooms") && pathname.startsWith("/rooms"))
+      (!config.features.browse && pathname.startsWith("/browse")) ||
+      (!config.features.rooms && pathname.startsWith("/rooms"))
     ) {
       return NextResponse.redirect(request.nextUrl.origin);
     }
@@ -32,8 +42,10 @@ export default withAuth(
   {
     callbacks: {
       async authorized({ req, token }) {
+        const config = await getConfig();
+
         if (
-          featureEnabled("requireLogin") &&
+          config.features.requireLogin &&
           PROTECTED_PAGES.test(req.nextUrl.pathname)
         ) {
           return !!token;

www/package.json

@@ -20,6 +20,7 @@
     "@sentry/nextjs": "^7.77.0",
     "@tanstack/react-query": "^5.85.9",
     "@types/ioredis": "^5.0.0",
+    "@vercel/edge-config": "^0.4.1",
     "@whereby.com/browser-sdk": "^3.3.4",
     "autoprefixer": "10.4.20",
     "axios": "^1.8.2",
@@ -44,7 +45,6 @@
     "react-markdown": "^9.0.0",
     "react-qr-code": "^2.0.12",
     "react-select-search": "^4.1.7",
-    "redlock": "5.0.0-beta.2",
     "sass": "^1.63.6",
     "simple-peer": "^9.11.1",
     "tailwindcss": "^3.3.2",
@@ -62,7 +62,8 @@
     "jest": "^30.1.3",
     "openapi-typescript": "^7.9.1",
     "prettier": "^3.0.0",
-    "ts-jest": "^29.4.1"
+    "ts-jest": "^29.4.1",
+    "vercel": "^37.3.0"
   },
   "packageManager": "pnpm@10.14.0+sha512.ad27a79641b49c3e481a16a805baa71817a04bbe06a38d17e60e2eaee83f6a146c6a688125f5792e48dd5ba30e7da52a5cda4c3992b9ccf333f9ce223af84748"
 }