Lock file was generated with npm 11 (Node 24), CI runs npm 10 (Node 22).
npm install avoids the strict sync check and matches the Dockerfile.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Run vitest before building the image so a failing test blocks the push.
build-and-push now depends on the test job passing.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add cancelJob() to whisper.ts: sends DELETE /jobs/:id to the whisper
server (best-effort, errors silently ignored)
- DELETE /api/jobs/[id] now calls cancelJob() when cancelling an active
job that has a whisperJobId, stopping GPU use immediately
- Webhook handler guards against locally-cancelled jobs: returns ok early
so whisper's late completion cannot overwrite cancelled status or send
a phantom 'Transcript ready' notification
- Replace blind sleep(Retry-After + 1s) in submitJob() with
waitForModelReady(): subscribes to /model/events SSE and proceeds as
soon as state:ready arrives; falls back to the Retry-After timeout if
SSE is unreachable or closes without model_ready
- Refactor retry tests to use URL-aware makeJobFetch() helper; add 7 new
tests (3 SSE-triggered retry, 3 cancelJob, 1 webhook cancelled-guard)
— 144/144 passing
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
submitJob — 503 retry behavior (10 new tests):
- calls onModelWaiting with correct state + retryAfterSecs on each 503
- retries until model ready and returns job_id
- tracks all three model states (unloaded, loading, waiting_for_gpu)
- uses retry_after_secs from response body
- falls back to Retry-After header when body field absent
- falls back to 15s when both body and header are absent
- throws after maxAttempts exhausted (fetch called exactly N times)
- does NOT call onModelWaiting for non-503 errors
- does NOT retry on non-503 errors (throws immediately, one fetch call)
- works correctly without an onModelWaiting callback
getModelStatus (6 new tests):
- returns parsed status for each model state tag
- includes optional fields (loaded_at, vram_*, retry_in_secs)
- calls the correct WHISPER_URL/model/status endpoint
- throws when server returns non-ok
Uses vi.useFakeTimers()/runAllTimersAsync() to eliminate real delays.
Rejection handler attached before timer advance to avoid unhandled-rejection
false positives from Vitest's detector.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- whisper.ts: add getModelStatus(); fix submitJob() to retry on 503 using
Retry-After header instead of throwing; optional onModelWaiting callback
lets the pipeline surface model state to the UI during the wait
- pipeline.ts: pass onModelWaiting callback → emits model_warming SSE event
so the job detail page can show 'Warming up model…' while waiting
- types.ts: add ModelStateTag union and ModelStatus interface
- api/model/status: GET route proxies whisper /model/status (falls back to
{state:'unloaded'} if whisper unreachable)
- api/model/events: GET route relays whisper SSE stream to the browser;
AbortController tied to request.signal cleans up on disconnect
- layout.svelte: status pill is now live — initial fetch + EventSource on
/api/model/events; dot colour + label reflect real model state with a
pulsing animation while loading or waiting_for_gpu
- jobs/[id]/+page.svelte: handle model_warming event type → show a yellow
'Warming up model…' sub-label with spinner inside the progress card
- whisper.test.ts: update submitJob mocks to status:202 to match real API
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Default SvelteKit node adapter body limit is 512KB — too small for
audio recordings (30s ~556KB, longer recordings much larger).
Set bodySize: 500MB in adapter config. Also set BODY_SIZE_LIMIT env
in production compose .env as belt-and-suspenders.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The prebuilt yt-dlp binary is compiled against glibc and fails on
Alpine Linux (musl libc) with 'cannot execute'. Install python3 +
py3-pip and use pip to install yt-dlp instead.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SvelteKit's CSRF check runs before the handle hook and blocks POSTs
whose Origin header doesn't match the site origin. Web Share Target
POSTs from any external app (YouTube, Chrome share sheet, etc.) are
legitimately cross-origin.
checkOrigin: false is safe here — the app has no cookie-based session
auth, so there is no CSRF attack surface.
Also remove the ineffective hooks.server.ts approach.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SvelteKit's CSRF guard rejects POST requests whose Origin header doesn't
match the site's own origin. Web Share Target POSTs legitimately arrive
from external origins (e.g. youtube.com, OS share sheet). Strip the
Origin header in a handle hook for /share POST only.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- runtime: use node user (uid=1000, gid=1000) instead of custom tonemark uid=1001
- add ffmpeg and yt-dlp to runtime image (required by audio pipeline)
- add tzdata, set TZ=Europe/Zurich
- +page.svelte: replace hardcoded ACCENT constant with $derived($accent.value)
so the home page reacts to accent store changes from Settings
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
npm ci fails with optional platform-specific dependencies (@emnapi/core,
@emnapi/runtime) that are not recorded in the lock file for Alpine Linux.
npm install handles optional dependencies correctly.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github.actor and github.token are the correct Gitea Actions context
variables (gitea.* context doesn't exist in act_runner).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Avoids needing to set custom REGISTRY_USERNAME/REGISTRY_TOKEN secrets.
The built-in secrets.GITEA_TOKEN has write:package access for pushing
to the Gitea container registry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Tonemark is a SvelteKit PWA for transcribing YouTube videos, audio
and video files, and microphone recordings using a local Whisper backend.
Features:
- Dark glassmorphic UI with electric-lime accent (5 switchable themes)
- Rail nav (desktop) / tab bar (mobile) layout
- Drop zone, YouTube URL input, and live audio recording inputs
- Audio mode waveform cards (none / standard / aggressive / auto)
- Real-time transcription progress with animated waveform
- Job queue with SSE streaming updates
- Push notifications on job completion
- PWA with native SvelteKit service worker
- SRT / TXT / MD / JSON transcript downloads
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
