> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase38-session08-voice-broker/tasks.md).

# Task Checklist

**Session ID**: `phase38-session08-voice-broker` **Total Tasks**: 20 **Estimated Duration**: 3-4 hours **Created**: 2026-06-30

***

## Progress Summary

| Metric              | Value   |
| ------------------- | ------- |
| Tasks Completed     | 20 / 20 |
| Estimated Remaining | 0 hours |
| Blockers            | 0       |

***

Legend: `[x]` completed; `[ ]` pending; `[P]` parallelizable; `[SNNMM]` session ref; `TNNN` task ID.

***

## Setup (3 tasks)

* [x] T001 \[S3808] Verify upstream voice server, env example, README, skipped standalone demo, package script, launch target, and Vite start endpoint against AI OS targets (`/home/aiwithapex/projects/claudeos/claude-os-v2.8.1/voice-lab/server.ts`, `/home/aiwithapex/projects/claudeos/claude-os-v2.8.1/voice-lab/.env.example`, `/home/aiwithapex/projects/claudeos/claude-os-v2.8.1/voice-lab/index.html`, `/home/aiwithapex/projects/claudeos/claude-os-v2.8.1/package.json`, `/home/aiwithapex/projects/claudeos/claude-os-v2.8.1/.claude/launch.json`, `/home/aiwithapex/projects/claudeos/claude-os-v2.8.1/vite.config.ts`)
* [x] T002 \[S3808] Characterize current AI OS local control-plane guard, token, bridge registration, env reader, package script, launch target, and typecheck ownership before editing (`scripts/lib/local-control-plane-guard.ts`, `vite.config.ts`, `package.json`, `.claude/launch.json`, `tsconfig.scripts.json`)
* [x] T003 \[S3808] Create the implementation evidence file for upstream skips, broker smoke, configured-token proof, secret sweeps, and verification outcomes (`.spec_system/specs/phase38-session08-voice-broker/implementation-notes.md`)

***

## Foundation (5 tasks)

* [x] T004 \[S3808] Create voice broker helper contracts for health payloads, token-gated session requests, allowed origins, Host validation, allowed base URLs, and safe error codes with schema-validated input and explicit error mapping (`scripts/lib/voice-broker.ts`)
* [x] T005 \[S3808] Implement Realtime provider request construction with env-only keys, default OpenAI base, approved `OPENAI_BASE_URL` overrides, timeout handling, sanitized provider failures, and no browser-supplied provider keys (`scripts/lib/voice-broker.ts`)
* [x] T006 \[S3808] Create launch bridge registration for `/__start_voice` with loopback, Host-header, same-run-token, idempotent process start, health polling, spawn failure, and timeout handling with duplicate-trigger prevention while in-flight (`scripts/lib/voice-launch-bridge.ts`)
* [x] T007 \[S3808] Create the loopback Bun broker server exposing `/api/health` and `/api/session` only, using the broker helper and rejecting unsupported methods, hostile origins, hostile Hosts, missing token, bad token, and missing key (`voice-lab/server.ts`)
* [x] T008 \[S3808] Add the voice env example with short placeholders and no secret-shaped values (`voice-lab/.env.example`)

***

## Implementation (6 tasks)

* [x] T009 \[S3808] Add the `voice` package script and include `voice-lab/**/*.ts` in script typechecking (`package.json`, `tsconfig.scripts.json`)
* [x] T010 \[S3808] Wire `/__start_voice` into Vite using the existing refresh token, `readProjectEnvValue`, `isLoopback`, and dev logger patterns without adding provider keys to request bodies or argv (`vite.config.ts`)
* [x] T011 \[S3808] Add the runnable `voice-lab` launch configuration for port 8099 now that the package script and broker entrypoint exist (`.claude/launch.json`)
* [x] T012 \[S3808] Update local voice setup docs from future-only policy to shipped broker setup, env-only provider policy, launch command, `OPENAI_BASE_URL` allowlist, and verification checklist (`docs/local-voice-setup.md`)
* [x] T013 \[S3808] Update Intelligence view docs to state that broker transport exists while the portal, visualizers, spoken Hermes loop, and `ask_hermes` tool-call bridge remain Session 09-owned (`docs/intelligence-view.md`)
* [x] T014 \[S3808] Record upstream `voice-lab/index.html` and `/api/sample` as skipped, with the Session 09 portal named as the real product surface (`.spec_system/specs/phase38-session08-voice-broker/implementation-notes.md`)

***

## Testing (6 tasks)

* [x] T015 \[S3808] \[P] Add broker tests for health, allowed base defaults, loopback base overrides, remote base rejection, token checks, origin checks, Host checks, missing key, provider success, provider failure, timeout, malformed provider payload, and redaction (`scripts/lib/__tests__/voice-broker.test.ts`)
* [x] T016 \[S3808] \[P] Add launch bridge tests for method rejection, non-loopback rejection, hostile Host rejection, bad token, missing key, env-only spawn, no key in argv, already-running health, spawn failure, health timeout, and in-flight duplicate prevention (`scripts/lib/__tests__/voice-launch-bridge.test.ts`)
* [x] T017 \[S3808] \[P] Add `/__start_voice` to representative privileged endpoint guard coverage (`scripts/lib/__tests__/local-control-plane-guard.test.ts`)
* [x] T018 \[S3808] Run targeted tests for voice broker, voice launch bridge, and local-control-plane guard, then record exact outcomes (`bun run test -- scripts/lib/__tests__/voice-broker.test.ts scripts/lib/__tests__/voice-launch-bridge.test.ts scripts/lib/__tests__/local-control-plane-guard.test.ts`)
* [x] T019 \[S3808] Run script typecheck, lint, and broker runtime smoke with loopback health verification, recording configured Realtime token proof when credentials are available (`bun run typecheck:scripts`, `bun run lint`, `bun run voice`)
* [x] T020 \[S3808] Validate ASCII/LF and secret-pattern requirements for all session deliverables and changed files (`.spec_system/specs/phase38-session08-voice-broker/`, `voice-lab/`, `scripts/lib/voice-broker.ts`, `scripts/lib/voice-launch-bridge.ts`, `docs/local-voice-setup.md`, `docs/intelligence-view.md`)

***

## Completion Checklist

* [x] All tasks marked `[x]`
* [x] All tests and checks passing
* [x] All files ASCII-encoded with LF line endings
* [x] implementation-notes.md updated
* [x] Ready for `creview` to start the creview -> validate sequence

***

## Next Steps

Run the `creview` workflow step.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase38-session08-voice-broker/tasks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
