This comprehensive session management system tracks and automatically cleans up resources associated with user sessions, preventing resource exhaustion and disk space issues.
Key features:
- Automatic tracking of all session resources (audio files, temp files, streams)
- Per-session resource limits (100 files max, 100MB storage max)
- Automatic cleanup of idle sessions (15 minutes) and expired sessions (1 hour)
- Background cleanup thread runs every minute
- Real-time monitoring via admin endpoints
- CLI commands for manual management
- Integration with Flask request lifecycle
Implementation details:
- SessionManager class manages lifecycle of UserSession objects
- Each session tracks resources with metadata (type, size, creation time)
- Automatic resource eviction when limits are reached (LRU policy)
- Orphaned file detection and cleanup
- Thread-safe operations with proper locking
- Comprehensive metrics and statistics export
- Admin API endpoints for monitoring and control
Security considerations:
- Sessions tied to IP address and user agent
- Admin endpoints require authentication
- Secure file path handling
- Resource limits prevent DoS attacks
This addresses the critical issue of temporary file accumulation that could lead to disk exhaustion in production environments.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove hardcoded TTS API key from app.py (major security vulnerability)
- Add python-dotenv support for secure environment variable management
- Create .env.example with configuration template
- Add comprehensive SECURITY.md documentation
- Update README with security configuration instructions
- Add warning when TTS_API_KEY is not configured
- Enhance .gitignore to prevent accidental commits of .env files
BREAKING CHANGE: TTS_API_KEY must now be set via environment variable or .env file
Security measures:
- API keys must be provided via environment variables
- Added dotenv support for local development
- Clear documentation on secure deployment practices
- Multiple .env file patterns in .gitignore
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Implement ConnectionManager with exponential backoff retry strategy
- Add automatic connection monitoring and health checks
- Update RequestQueueManager to integrate with connection state
- Create ConnectionUI component for visual connection status
- Queue requests during offline periods and process when online
- Add comprehensive error handling for network-related failures
- Create detailed documentation for connection retry features
- Support manual retry and automatic recovery
Features:
- Real-time connection status indicator
- Offline banner with retry button
- Request queue visualization
- Priority-based request processing
- Configurable retry parameters
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add flask-cors dependency and configure CORS with security best practices
- Support configurable CORS origins via environment variables
- Separate admin endpoint CORS configuration for enhanced security
- Create comprehensive CORS configuration documentation
- Add apiClient utility for CORS-aware frontend requests
- Include CORS test page for validation
- Update README with CORS configuration instructions
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
