Skip to content

Correct VAD and Embedding URL for dev and prod #3990

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
beastoin merged 1 commit into from
Dec 31, 2025
Merged

Correct VAD and Embedding URL for dev and prod #3990

beastoin merged 1 commit into from
Dec 31, 2025
+8 −8

Conversation

@thainguyensunya
Copy link
Collaborator

@thainguyensunya thainguyensunya commented Dec 31, 2025

Changes:

  • Correct VAD and Embedding URL for dev and prod

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 31, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the URLs for VAD and Embedding services in the development and production Kubernetes configurations, replacing hardcoded IP addresses with domain names. This is a good improvement for maintainability. However, all the updated URLs use http, which is a critical security risk as it sends data unencrypted. My review includes critical feedback to switch all service URLs to https to ensure secure communication.

backend/charts/backend-listen/dev_omi_backend_listen_values.yaml
Comment on lines 113 to +118
- name: HOSTED_VAD_API_URL
value: "http://34.172.155.20:80/v1/vad"
value: "http://vad.omiapi.com:80/v1/vad"
- name: HOSTED_SPEECH_PROFILE_API_URL
value: "http://34.172.155.20:80/v1/speaker-identification"
value: "http://vad.omiapi.com:80/v1/speaker-identification"
- name: HOSTED_SPEAKER_EMBEDDING_API_URL
value: "http://34.172.155.20:80"
value: "http://diarizer.omiapi.com:80"
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

The service URLs are configured to use http, which is insecure as it sends data in plaintext. This can expose sensitive information to network sniffing and man-in-the-middle attacks. It is critical to use https for all API endpoints to ensure data is encrypted in transit. This applies to HOSTED_VAD_API_URL, HOSTED_SPEECH_PROFILE_API_URL, and HOSTED_SPEAKER_EMBEDDING_API_URL.

  - name: HOSTED_VAD_API_URL
    value: "https://vad.omiapi.com/v1/vad"
  - name: HOSTED_SPEECH_PROFILE_API_URL
    value: "https://vad.omiapi.com/v1/speaker-identification"
  - name: HOSTED_SPEAKER_EMBEDDING_API_URL
    value: "https://diarizer.omiapi.com"

backend/charts/backend-listen/prod_omi_backend_listen_values.yaml
Comment on lines 106 to +109
- name: HOSTED_VAD_API_URL
value: "http://172.16.128.101:8080/v1/vad"
value: "http://vad.omi.me:80/v1/vad"
- name: HOSTED_SPEECH_PROFILE_API_URL
value: "http://172.16.128.101:8080/v1/speaker-identification"
value: "http://vad.omi.me:80/v1/speaker-identification"
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

The service URLs for the production environment are configured to use http. This is a critical security vulnerability as it transmits data without encryption. All production endpoints must use https to protect data integrity and confidentiality. While not part of this change, please note that HOSTED_SPEAKER_EMBEDDING_API_URL on line 110 should also be updated to use https for consistency and security.

  - name: HOSTED_VAD_API_URL
    value: "https://vad.omi.me/v1/vad"
  - name: HOSTED_SPEECH_PROFILE_API_URL
    value: "https://vad.omi.me/v1/speaker-identification"

backend/charts/pusher/dev_omi_pusher_values.yaml
Comment on lines 105 to +110
- name: HOSTED_VAD_API_URL
value: "http://34.172.155.20:80/v1/vad"
value: "http://vad.omiapi.com:80/v1/vad"
- name: HOSTED_SPEECH_PROFILE_API_URL
value: "http://34.172.155.20:80/v1/speaker-identification"
value: "http://vad.omiapi.com:80/v1/speaker-identification"
- name: HOSTED_SPEAKER_EMBEDDING_API_URL
value: "http://34.172.155.20:80"
value: "http://diarizer.omiapi.com:80"
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

The service URLs are configured with http, which is insecure. All communication should be over https to encrypt the data in transit and prevent potential security breaches. This applies to HOSTED_VAD_API_URL, HOSTED_SPEECH_PROFILE_API_URL, and HOSTED_SPEAKER_EMBEDDING_API_URL.

  - name: HOSTED_VAD_API_URL
    value: "https://vad.omiapi.com/v1/vad"
  - name: HOSTED_SPEECH_PROFILE_API_URL
    value: "https://vad.omiapi.com/v1/speaker-identification"
  - name: HOSTED_SPEAKER_EMBEDDING_API_URL
    value: "https://diarizer.omiapi.com"

@beastoin beastoin merged commit 85b6c25 into main Dec 31, 2025
1 check passed
@beastoin beastoin deleted the task/adjust-embedding-api-url-on-dev branch December 31, 2025 03:40
@beastoin
Copy link
Collaborator

beastoin commented Dec 31, 2025

lgtm @thainguyensunya

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beastoin beastoin beastoin approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thainguyensunya @beastoin