OpenVoiceOS · JarbasAl · Mar 17, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
diff --git a/.github/workflows/build_tests.yml b/.github/workflows/build_tests.yml
@@ -0,0 +1,10 @@
+name: Build Tests
+on:
+  push:
+    branches: [dev]
+  pull_request:
+    branches: [dev]
+jobs:
+  build_tests:
+    uses: OpenVoiceOS/gh-automations/.github/workflows/build-tests.yml@dev
+    secrets: inherit
diff --git a/.github/workflows/license_tests.yml b/.github/workflows/license_tests.yml
@@ -0,0 +1,10 @@
+name: License Check
+on:
+  push:
+    branches: [dev]
+  pull_request:
+    branches: [dev]
+jobs:
+  license_tests:
+    uses: OpenVoiceOS/gh-automations/.github/workflows/license-check.yml@dev
+    secrets: inherit
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,10 @@
+name: Lint
+on:
+  push:
+    branches: [dev]
+  pull_request:
+    branches: [dev]
+jobs:
+  lint:
+    uses: OpenVoiceOS/gh-automations/.github/workflows/lint.yml@dev
+    secrets: inherit
diff --git a/.github/workflows/notify_matrix.yml b/.github/workflows/notify_matrix.yml
@@ -1,23 +1,13 @@
-name: Close Pull Request
+name: Notify Matrix on PR Merge
 
-# only trigger on pull request closed events
 on:
   pull_request:
-    types: [ closed ]
+    types: [closed]
 
 jobs:
-  merge_job:
-    # this job will only run if the PR has been merged
+  notify:
     if: github.event.pull_request.merged == true
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Send message to Matrix bots channel
-        id: matrix-chat-message
-        uses: fadenb/matrix-chat-message@v0.0.6
-        with:
-          homeserver: 'matrix.org'
-          token: ${{ secrets.MATRIX_TOKEN }}
-          channel: '!WjxEKjjINpyBRPFgxl:krbel.duckdns.org'
-          message: |
-            new ovos-stt-http-server PR merged! https://github.com/OpenVoiceOS/ovos-bus-client/pull/${{ github.event.number }}
+    uses: OpenVoiceOS/gh-automations/.github/workflows/notify-matrix.yml@master
+    secrets: inherit
+    with:
+      message: "new ${{ github.event.repository.name }} PR merged! https://github.com/${{ github.repository }}/pull/${{ github.event.number }}"
diff --git a/.github/workflows/pip_audit.yml b/.github/workflows/pip_audit.yml
@@ -0,0 +1,10 @@
+name: Pip Audit
+on:
+  push:
+    branches: [dev]
+  pull_request:
+    branches: [dev]
+jobs:
+  pip_audit:
+    uses: OpenVoiceOS/gh-automations/.github/workflows/pip-audit.yml@dev
+    secrets: inherit
diff --git a/.github/workflows/publish_stable.yml b/.github/workflows/publish_stable.yml
@@ -6,53 +6,12 @@ on:
 
 jobs:
   publish_stable:
-    uses: TigreGotico/gh-automations/.github/workflows/publish-stable.yml@master
+    if: github.actor != 'github-actions[bot]'
+    uses: OpenVoiceOS/gh-automations/.github/workflows/publish-stable.yml@dev
     secrets: inherit
     with:
       branch: 'master'
       version_file: 'ovos_persona_server/version.py'
-      setup_py: 'setup.py'
+      publish_pypi: true
+      sync_dev: true
       publish_release: true
-
-  publish_pypi:
-    needs: publish_stable
-    if: success()  # Ensure this job only runs if the previous job succeeds
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          ref: dev
-          fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
-      - name: Setup Python
-        uses: actions/setup-python@v1
-        with:
-          python-version: "3.14"
-      - name: Install Build Tools
-        run: |
-          python -m pip install build wheel
-      - name: version
-        run: echo "::set-output name=version::$(python setup.py --version)"
-        id: version
-      - name: Build Distribution Packages
-        run: |
-          python setup.py sdist bdist_wheel
-      - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          password: ${{secrets.PYPI_TOKEN}}
-
-
-  sync_dev:
-    needs: publish_stable
-    if: success()  # Ensure this job only runs if the previous job succeeds
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
-          ref: master
-      - name: Push master -> dev
-        uses: ad-m/github-push-action@master
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          branch: dev
diff --git a/.github/workflows/release_workflow.yml b/.github/workflows/release_workflow.yml
@@ -1,108 +1,23 @@
 name: Release Alpha and Propose Stable
 
 on:
+  workflow_dispatch:
   pull_request:
     types: [closed]
     branches: [dev]
 
 jobs:
   publish_alpha:
-    if: github.event.pull_request.merged == true
-    uses: TigreGotico/gh-automations/.github/workflows/publish-alpha.yml@master
+    if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+    uses: OpenVoiceOS/gh-automations/.github/workflows/publish-alpha.yml@dev
     secrets: inherit
     with:
       branch: 'dev'
       version_file: 'ovos_persona_server/version.py'
-      setup_py: 'setup.py'
       update_changelog: true
       publish_prerelease: true
+      propose_release: true
       changelog_max_issues: 100
-
-  notify:
-    if: github.event.pull_request.merged == true
-    needs: publish_alpha
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Send message to Matrix bots channel
-        id: matrix-chat-message
-        uses: fadenb/matrix-chat-message@v0.0.6
-        with:
-          homeserver: 'matrix.org'
-          token: ${{ secrets.MATRIX_TOKEN }}
-          channel: '!WjxEKjjINpyBRPFgxl:krbel.duckdns.org'
-          message: |
-            new ${{ github.event.repository.name }} PR merged! https://github.com/${{ github.repository }}/pull/${{ github.event.number }}
-
-  publish_pypi:
-    needs: publish_alpha
-    if: success()  # Ensure this job only runs if the previous job succeeds
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          ref: dev
-          fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
-      - name: Setup Python
-        uses: actions/setup-python@v1
-        with:
-          python-version: "3.14"
-      - name: Install Build Tools
-        run: |
-          python -m pip install build wheel
-      - name: version
-        run: echo "::set-output name=version::$(python setup.py --version)"
-        id: version
-      - name: Build Distribution Packages
-        run: |
-          python setup.py sdist bdist_wheel
-      - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          password: ${{secrets.PYPI_TOKEN}}
-
-
-  propose_release:
-    needs: publish_alpha
-    if: success()  # Ensure this job only runs if the previous job succeeds
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout dev branch
-        uses: actions/checkout@v3
-        with:
-          ref: dev
-
-      - name: Setup Python
-        uses: actions/setup-python@v2
-        with:
-          python-version: '3.14'
-
-      - name: Get version from setup.py
-        id: get_version
-        run: |
-          VERSION=$(python setup.py --version)
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-
-      - name: Create and push new branch
-        run: |
-          git checkout -b release-${{ env.VERSION }}
-          git push origin release-${{ env.VERSION }}
-
-      - name: Open Pull Request from dev to master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Variables
-          BRANCH_NAME="release-${{ env.VERSION }}"
-          BASE_BRANCH="master"
-          HEAD_BRANCH="release-${{ env.VERSION }}"
-          PR_TITLE="Release ${{ env.VERSION }}"
-          PR_BODY="Human review requested!"
-
-          # Create a PR using GitHub API
-          curl -X POST \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: token $GITHUB_TOKEN" \
-            -d "{\"title\":\"$PR_TITLE\",\"body\":\"$PR_BODY\",\"head\":\"$HEAD_BRANCH\",\"base\":\"$BASE_BRANCH\"}" \
-            https://api.github.com/repos/${{ github.repository }}/pulls
+      publish_pypi: true
+      notify_matrix: true
 
diff --git a/AUDIT.md b/AUDIT.md
@@ -0,0 +1,51 @@
+# ovos-persona-server — Audit Report
+
+_Last updated: 2026-03-18_
+
+## Documentation Status
+
+- [x] `docs/index.md`
+- [x] `docs/api-compatibility.md`
+- [x] `docs/deprecation.md`
+- [x] `docs/streaming.md`
+- [x] `docs/embeddings.md`
+- [x] `docs/bedrock-models.md`
+- [x] `QUICK_FACTS.md`
+- [x] `FAQ.md`
+- [x] `MAINTENANCE_REPORT.md`
+- [x] `AUDIT.md`
+- [x] `SUGGESTIONS.md`
+
+## Known Issues
+
+### Critical
+
+_None._
+
+### Major
+
+- `[MAJOR]` **ci**: `publish_stable.yml` and `release_workflow.yml` reference `pypa/gh-action-pypi-publish@master` — should be `@release/v1`. (`release_workflow.yml`)
+
+### Minor
+
+- `[MINOR]` **code**: `create_persona_app` uses a module-level global (`ovos_persona_server.persona.default_persona`) with a TODO comment. Blocks multi-persona support and makes test isolation harder. (`ovos_persona_server/__init__.py:38`)
+- `[MINOR]` **code**: Token counts in `usage` use `len(text.split())` — not real tokenizer counts. Affects OpenAI, Anthropic, Cohere, Bedrock, TGI responses. (`ovos_persona_server/chat.py`, `anthropic.py`, `cohere.py`, `aws_bedrock.py`, `huggingface_tgi.py`)
+- `[MINOR]` **docs**: `pyproject.toml` description says "simple flask server" — server uses FastAPI. (`pyproject.toml:8`)
+- `[MINOR]` **code**: `ollama.py` uses `asynccontextmanager` `lifespan` on `ollama_router` (line 36) — lifespans on `APIRouter` are not supported in FastAPI; the lifespan silently has no effect when included via `app.include_router()`. (`ovos_persona_server/ollama.py:36`)
+- `[MINOR]` **code**: Same lifespan issue in `chat.py:30`. (`ovos_persona_server/chat.py:30`)
+
+### Info
+
+- `[INFO]` **packaging**: `requires-python = ">=3.9"` — workspace standard is >= 3.10.
+- `[INFO]` **security**: No authentication on any endpoint. Intentional but should be prominent in deployment docs.
+- `[INFO]` **code**: Bedrock `/invoke` body parsing uses field presence heuristics (`"messages"`, `"prompt"`, `"inputText"`, `"message"`) rather than `model_id` prefix. Ambiguous if a body contains multiple keys. (`ovos_persona_server/aws_bedrock.py:38`)
+- `[INFO]` **code**: Ollama `/pull` and `/push` are stubs that always return `{"status": "success"}` without downloading or uploading anything. (`ovos_persona_server/ollama.py:460-483`)
+
+## Technical Debt
+
+| Item | File | Notes |
+| :--- | :--- | :--- |
+| Global persona state | `ovos_persona_server/__init__.py:38` | TODO present; blocks multi-persona and clean test isolation |
+| Approximate token counts | `chat.py`, `anthropic.py`, `cohere.py`, `aws_bedrock.py`, `huggingface_tgi.py` | word-split, not tokenizer |
+| Flask reference in description | `pyproject.toml:8` | Stale copy-paste |
+| Router-level lifespan | `chat.py:30`, `ollama.py:36` | FastAPI ignores lifespan on `APIRouter` |