بنقرة واحدة
architecture-review
Use this skill to evaluate proposed architecture changes against VoxBento's design principles.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Use this skill to evaluate proposed architecture changes against VoxBento's design principles.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Use this skill to find files, understand module ownership, and locate code in VoxBento.
Use this skill to analyse, audit, or modify HTTP and WebSocket routes in VoxBento. All routes live in `portal/routers/`.
Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model.
Use this skill for tasks involving transcription providers, caption streaming, or the audio pipeline. Reference: `portal/transcription/`, [TRANSCRIPTION_MAP.md](../../context/TRANSCRIPTION_MAP.md).
Use this skill to analyse, audit, or modify database models, migrations, and CRUD helpers. Reference: `portal/models.py`, `portal/database.py`, `alembic/versions/`.
Use this skill to review deployments, validate production readiness, or assist with deployment procedures. Reference: `DEPLOYMENT_GUIDE.md`, `docker-compose.yml`, `Caddyfile`, `Dockerfile`.
| name | architecture-review |
| description | Use this skill to evaluate proposed architecture changes against VoxBento's design principles. |
Use this skill to evaluate proposed architecture changes against VoxBento's design principles.
BoothRegistry.set_active_interpreter) and MediaMTX (overridePublisher: yes).BoothRegistry is module-level in portal/booth_state.py. No external state store yet (see TD-03 in TECHNICAL_DEBT_REPORT.md).| Component | Does | Does NOT do |
|---|---|---|
| FastAPI portal | Routes, auth, admin, WS coordination, DB queries | Audio processing, transcoding, media relay |
| MediaMTX | WHIP ingest, WHEP playback, RTSP for ffmpeg | Auth, coordination, UI |
| Jitsi Meet | Floor session monitoring (receive-only iframe) | Audio ingest, interpreter publishing |
| Browser JS | WebRTC/WHIP, WebSocket, Jitsi iframe, mic meter | Server-side logic, DB access |
| ffmpeg (spawned) | PCM extraction from RTSP for transcription | Anything else |
| Transcription providers | Text from PCM audio | Media relay, broadcast, DB write |
pyproject.toml.uv add {pkg} (not pip); never edit uv.lock manually.portal/transcription/ subsystem..github/instructions/js.instructions.md for JavaScript conventions.portal/models.py with proper Mapped typing.alembic/versions/.batch_alter_table in the migration (see migration 008 as reference).static/js/interpreter-booth.js — both files must change together.portal/websockets/manager.py ws_booth loop + _handle_* function.session.granted_role, never from client data['role'].session_token, user_token, admin_token). Do not conflate.settings.effective_jwt_secret.Session.granted_role.| Proposal | Risk |
|---|---|
| "Add a WebSocket message to send audio data" | Violates browser-first principle |
| "Use Redis for real-time booth state" | Valid but requires careful migration of BoothRegistry |
| "Add a REST endpoint that returns the JWT secret" | Security violation |
| "Encode the role in the WebSocket join message and trust it" | Violates role trust model |
| "Store all session data in a cookie" | Risk of cookie size limits + replay attacks |
| "Add Vue for the admin panel" | Violates no-framework constraint |
| "Use aiortc for SFU" | Explicitly forbidden in invariants |
| "Proxy WHIP through FastAPI" | Breaks browser-first media architecture |
safe_redirect(url) — validates redirects to prevent open redirect attacks. Use it for all redirects._ensure_mediamtx_path(channel_id) — creates alwaysAvailable paths. Call before returning WHIP URL.asyncio.Lock in BoothRegistry — all booth mutations serialized. Prevents race conditions._get_engine() in portal/database.py defers connection until first use.from __future__ import annotations — deferred evaluation prevents circular import issues.MultiFernet.