Oliver/video-accessibility
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
video-accessibility/backend/app/services
History
Vadym Samoilenko b427ee9f49 fix(authz): MT-3/6/7/8 org isolation + P1 English-first QC enforcement 
Multi-tenancy isolation (P0):
- MT-3: Add get_job_or_403 (org membership check) to all 19+ job action endpoints
- MT-6: Same gate added to all review_notes (5) and vtt_versions (4) handlers
- MT-7: WebSocket /ws/jobs/{job_id} closes with 4403 on org mismatch;
  /ws/jobs passes accessible_org_ids to ConnectionManager; server-side
  keepalive at 20 s (asyncio.wait_for timeout) prevents proxy idle drops
- MT-8: list_users scoped to org memberships for non-platform-admins

WebSocket fixes (Mod Comms 2026-03-18 incident):
- Frontend heartbeat lowered 30 000 → 20 000 ms (was at Apache timeout edge)
- Terminal close codes 4001/4003/4004/4403 no longer trigger reconnect loop
- Silently discard server "keepalive" frames alongside existing "pong"

English-first QC (P1):
- _assert_can_approve blocks target language approval until source is APPROVED
- PRODUCTION/ADMIN roles bypass the gate
- Source VTT edits reset stale APPROVED/PENDING_REVIEW/IN_REVIEW target states

Tests (all passing):
- backend/tests/unit/test_language_qc_english_first.py (15 cases)
- backend/tests/unit/test_routes_jobs_org_isolation.py (12 cases)
- backend/tests/unit/test_review_notes_org_isolation.py (16 parametrized cases)
- backend/tests/unit/test_vtt_versions_org_isolation.py (16 parametrized cases)
- backend/tests/unit/test_websocket_org_isolation.py (11 cases)
- backend/tests/unit/test_admin_users_org_filter.py (7 cases)
- frontend: useJobStatusWebSocket.terminal.test.ts (9 cases)
- frontend: useJobStatusWebSocket.heartbeat.test.ts (9 cases)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 11:43:10 +01:00
..
audit_logger.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
cloud_run_dispatch.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
cost_tracker.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
descriptive_transcript.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
elevenlabs_voices.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
emailer.py test: fix all unit tests — 168 passing, 0 failures 2026-04-30 14:02:04 +01:00
embedding_service.py fix: switch embedding model to gemini-embedding-001 2026-04-29 16:02:12 +01:00
ffmpeg_http_service.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
gcs.py test: fix all unit tests — 168 passing, 0 failures 2026-04-30 14:02:04 +01:00
gemini.py feat(ai): upgrade Gemini models to 3.1-pro-preview and 3.1-pro-tts-preview 2026-04-30 21:00:32 +01:00
gemini_tts.py fix(tts): convert lameenc bytearray to bytes before GCS upload 2026-04-30 19:35:28 +01:00
glossary_service.py fix(glossary+jobs): add debug logging for glossary failures and fix AllJobs filter stale state 2026-04-30 21:25:41 +01:00
language_qc.py fix(authz): MT-3/6/7/8 org isolation + P1 English-first QC enforcement 2026-05-01 11:43:10 +01:00
membership_service.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
microsoft_auth.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
secrets_manager.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
tts.py test: fix all unit tests — 168 passing, 0 failures 2026-04-30 14:02:04 +01:00
validation.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
video_renderer.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
vtt_retimer.py fix: use actual freeze segment durations for VTT subtitle retiming 2026-01-05 15:52:57 -06:00
vtt_versioning.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
websocket.py fix(authz): MT-3/6/7/8 org isolation + P1 English-first QC enforcement 2026-05-01 11:43:10 +01:00
websocket_publisher.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
whisper_http_service.py chore: push all session changes — backend hardening, tests, apache config, deploy scripts 2026-04-30 15:52:14 +01:00
whisper_service.py fix: enforce AD cue pause_point monotonicity to preserve cue order 2026-02-26 08:15:06 -06:00
zip_download.py feat: DCMP compliance, descriptive transcript, new languages, QA bug fixes 2026-03-27 11:50:43 +00:00