Conversation
![managerbot-app[bot]](https://avatars.githubusercontent.com/in/853044?s=60&v=4){kind=small}
| enableSpeech: true, | ||
| enableTTS: true, | ||
| speechLanguage: 'en', | ||
| openaiApiKey: process.env.OPENAI_API_KEY || '', |
There was a problem hiding this comment.
Hardcoding the OpenAI API key in the client is a security risk. Consider fetching it from a secure backend or using a proxy service.
| return; | ||
| } | ||
|
|
||
| if (!this.options.openaiApiKey) { |
There was a problem hiding this comment.
Consider adding a check for empty API key to prevent unnecessary network requests when the key is empty but not undefined.
| this.mediaRecorder.start(); | ||
|
|
||
| // Auto-stop after max recording time | ||
| if (this.options.maxRecordingTime) { |
There was a problem hiding this comment.
The setTimeout creates a memory leak if the component is disposed before the timeout completes. Store the timeout ID and clear it in the dispose method.
|
|
||
| const response = await fetch(`${this.options.openaiBaseUrl}/audio/transcriptions`, { | ||
| method: 'POST', | ||
| headers: { |
There was a problem hiding this comment.
API key is being sent in the headers which could be logged in server logs. Consider using a more secure approach for API key handling.
| // const sentences = this.splitIntoSentences(text); | ||
| this.speechQueue.push(text.trim()); | ||
|
|
||
| // debugger; |
There was a problem hiding this comment.
There's a debugger statement that should be removed before production.
| } | ||
|
|
||
| try { | ||
| const response = await fetch(`${this.options.openaiBaseUrl}/chat/completions`, { |
There was a problem hiding this comment.
Similar to the speech component, the OpenAI API key is included in the request headers. This is a security concern.
| overlayAddon.showOverlay('Reconnected', 300); | ||
| } else { | ||
| this.opened = true; | ||
| // Auto-enter 'claude' command when terminal first opens |
There was a problem hiding this comment.
Auto-entering 'claude' on terminal open may cause unexpected behavior for users. Consider making this configurable or removing it.
| openaiApiKey: prefs.openaiApiKey, | ||
| openaiBaseUrl: prefs.openaiBaseUrl || 'https://api.openai.com/v1', | ||
| model: prefs.speechModel || 'whisper-1', | ||
| maxRecordingTime: prefs.maxRecordingTime || 60000, |
There was a problem hiding this comment.
API key is passed directly to the client-side component. Consider securing API key access through a backend service.
1 participant
install this tool github.com/tsl0922/ttyd
run it in a repo dir ttyd -W zsh|bash
export OPENAI_API_KEY=
then in html dir npm install
npm start
visit the url
the html will connect to the tools default port
Current issues is that claude rerenders all the time so it will keep saying trash, the contious rendering needs to be dedup need to remove all the fancy lines, this can be sort of embedded into the summary prompt like last message was this current message is this is there any point updateing user for example