feat(subapp): CORS for Vercel sub-apps + ElevenLabs TTS proxy#29
Merged
dougdevitre merged 1 commit intomainfrom Apr 18, 2026
Merged
feat(subapp): CORS for Vercel sub-apps + ElevenLabs TTS proxy#29dougdevitre merged 1 commit intomainfrom
dougdevitre merged 1 commit intomainfrom
Conversation
…S proxy Adds a server-side TTS proxy so the 49 cotrackpro-* Vercel sub-apps can synthesize speech without shipping provider keys in the browser bundle. The proxy authenticates with Clerk, rate-limits per user, and only accepts origins on *.cotrackpro.com or cotrackpro-*.vercel.app. Also switches the sub-app AI proxy default model to ANTHROPIC_SUBAPP_MODEL (claude-opus-4-7) so the voice pipeline keeps its Sonnet default independently. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enables the 49
cotrackpro-*Vercel sub-apps to use this server as a shared AI/TTS proxy, so provider API keys stay server-side instead of being inlined into browser bundles.cotrackpro-*.vercel.app(including Vercel's team-suffixed preview URLs), in addition to the existing*.cotrackpro.comand localhost origins. Lookalike domains and non-cotrackpro-Vercel tenants stay rejected.POST /api/ai/tts— Clerk JWT required, per-user rate-limited, calls ElevenLabs REST (text-to-speech/{voiceId}) and streams the mp3 back to the caller. Voice ID, output format, and per-request char cap are all configurable via env.ANTHROPIC_SUBAPP_MODELenv (defaults toclaude-opus-4-7) for/api/ai/complete, so the voice pipeline keeps its Sonnet default independently.ANTHROPIC_SUBAPP_MODEL,ELEVENLABS_TTS_VOICE_ID,ELEVENLABS_TTS_OUTPUT_FORMAT,TTS_MAX_CHARS_PER_REQUEST,TTS_RATE_LIMIT_PER_MIN,TTS_RATE_LIMIT_PER_HOUR.This is infrastructure only — no sub-app is migrated yet. A follow-up PR will pilot the swap in
cotrackpro-storybefore rolling out to the rest.Test plan
npm run typecheckclean.env.exampleadditions)POST /api/ai/ttsfrom a sub-app origin with a valid Clerk session → expectaudio/mpegbyteshttps://cotrackpro-story.vercel.appreturns the origin echo +Access-Control-Allow-Credentials: true*.vercel.apporigin returns no CORS headers (fail-closed)Retry-AfterFollow-ups (not in this PR)
cotrackpro-storyGEMINI_API_KEY— it's been inlined into production browser bundles across the sub-apps.🤖 Generated with Claude Code