Oliver/video-accessibility
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
video-accessibility/backend
History
Vadym Samoilenko b427ee9f49 fix(authz): MT-3/6/7/8 org isolation + P1 English-first QC enforcement 
Multi-tenancy isolation (P0):
- MT-3: Add get_job_or_403 (org membership check) to all 19+ job action endpoints
- MT-6: Same gate added to all review_notes (5) and vtt_versions (4) handlers
- MT-7: WebSocket /ws/jobs/{job_id} closes with 4403 on org mismatch;
  /ws/jobs passes accessible_org_ids to ConnectionManager; server-side
  keepalive at 20 s (asyncio.wait_for timeout) prevents proxy idle drops
- MT-8: list_users scoped to org memberships for non-platform-admins

WebSocket fixes (Mod Comms 2026-03-18 incident):
- Frontend heartbeat lowered 30 000 → 20 000 ms (was at Apache timeout edge)
- Terminal close codes 4001/4003/4004/4403 no longer trigger reconnect loop
- Silently discard server "keepalive" frames alongside existing "pong"

English-first QC (P1):
- _assert_can_approve blocks target language approval until source is APPROVED
- PRODUCTION/ADMIN roles bypass the gate
- Source VTT edits reset stale APPROVED/PENDING_REVIEW/IN_REVIEW target states

Tests (all passing):
- backend/tests/unit/test_language_qc_english_first.py (15 cases)
- backend/tests/unit/test_routes_jobs_org_isolation.py (12 cases)
- backend/tests/unit/test_review_notes_org_isolation.py (16 parametrized cases)
- backend/tests/unit/test_vtt_versions_org_isolation.py (16 parametrized cases)
- backend/tests/unit/test_websocket_org_isolation.py (11 cases)
- backend/tests/unit/test_admin_users_org_filter.py (7 cases)
- frontend: useJobStatusWebSocket.terminal.test.ts (9 cases)
- frontend: useJobStatusWebSocket.heartbeat.test.ts (9 cases)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 11:43:10 +01:00
..
app fix(authz): MT-3/6/7/8 org isolation + P1 English-first QC enforcement 2026-05-01 11:43:10 +01:00
tests fix(authz): MT-3/6/7/8 org isolation + P1 English-first QC enforcement 2026-05-01 11:43:10 +01:00
.dockerignore fixed dockerignore 2025-10-08 17:17:39 -05:00
.env.example feat: Client → Team → Project isolation system with Project Manager role 2026-04-27 15:11:13 +01:00
.gitignore feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
celery_worker.py fix: pause at start of gap + add explicit whisper_transcribe import 2025-12-27 09:11:29 -06:00
cors-config.json initial commit 2025-08-24 16:28:33 -05:00
create_test_users.py added production user role and made it default for new MSAL users - production can access everything EXCEPT user management - that's only for admin 2025-10-10 10:07:30 -05:00
debug_login.py initial commit 2025-08-24 16:28:33 -05:00
Dockerfile fix(docker): add ffmpeg to base image — fixes pydub AudioSegment in worker 2026-04-30 19:12:57 +01:00
Dockerfile.cloudrun feat(infra): move heavy workers to Cloud Run Jobs 2026-04-29 21:47:10 +01:00
Dockerfile.ffmpeg-service feat: add Cloud Run HTTP services for Whisper and FFmpeg 2026-01-02 10:12:50 -06:00
Dockerfile.whisper-service fix: add --no-root to poetry install in Dockerfiles (Poetry 2.x) 2026-04-29 14:35:28 +01:00
gunicorn_conf.py initial commit 2025-08-24 16:28:33 -05:00
migrate.py initial commit 2025-08-24 16:28:33 -05:00
optical-414516-80e2475f6412.json initial commit 2025-08-24 16:28:33 -05:00
poetry.lock chore: update poetry.lock after adding lameenc dependency 2026-04-30 18:34:04 +01:00
pyproject.toml fix(tts): replace pydub MP3 export with lameenc (pure Python, no system ffmpeg) 2026-04-30 18:24:15 +01:00
setup_secrets.py initial commit 2025-08-24 16:28:33 -05:00
simple_login_test.py initial commit 2025-08-24 16:28:33 -05:00
test_auth.py initial commit 2025-08-24 16:28:33 -05:00
test_db.py initial commit 2025-08-24 16:28:33 -05:00
test_endpoint.py initial commit 2025-08-24 16:28:33 -05:00
test_mp3_serving.py initial commit 2025-08-24 16:28:33 -05:00
uv.lock docs: add canonical documentation + audit cleanup 2026-04-29 14:22:51 +01:00