fix: remove unsafe file deletion in audio-transcriber cleanup

Remove cleanup_temp_files() function that was deleting fixed-name files (metadata.json, transcription.json) without verifying script ownership. This addresses security concern raised by Codex review: - Risk: Could delete user's existing files with same names - Solution: Removed cleanup since no temp JSON files are actually created Changes: - Remove cleanup_temp_files() function entirely - Remove --keep-temp argument (no longer needed) - Remove all cleanup_temp_files() calls Fixes #62 (review comment)
2026-02-04 18:35:17 -03:00
parent 801c8fa475
commit eb493121d3
1 changed files with 2 additions and 26 deletions
--- a/skills/audio-transcriber/scripts/transcribe.py
+++ b/skills/audio-transcriber/scripts/transcribe.py
@@ -407,24 +407,6 @@ def save_outputs(transcript_text, ata_text, audio_file, output_dir="."):
    return str(transcript_path), str(ata_path) if ata_path else None


-def cleanup_temp_files(output_dir=".", keep_temp=False):
-    """Remove arquivos temporários JSON se não for para manter."""
-    if keep_temp:
-        return
-    
-    temp_files = ["metadata.json", "transcription.json"]
-    removed = []
-    
-    for filename in temp_files:
-        filepath = Path(output_dir) / filename
-        if filepath.exists():
-            filepath.unlink()
-            removed.append(filename)
-    
-    if removed:
-        console.print(f"[dim]🧹 Removidos arquivos temporários: {', '.join(removed)}[/dim]")
-
-
 def main():
    """Função principal."""
    import argparse
@@ -434,7 +416,6 @@ def main():
    parser.add_argument("--prompt", help="Prompt customizado para processar transcript")
    parser.add_argument("--model", default="base", help="Modelo Whisper (tiny/base/small/medium/large)")
    parser.add_argument("--output-dir", default=".", help="Diretório de saída")
-    parser.add_argument("--keep-temp", action="store_true", help="Manter arquivos temporários JSON")
    
    args = parser.parse_args()
    
@@ -470,7 +451,6 @@ def main():
        console.print("[dim]ℹ️  Salvando apenas transcript.md...[/dim]")
        
        save_outputs(transcript_text, None, args.audio_file, args.output_dir)
-        cleanup_temp_files(args.output_dir, args.keep_temp)

        console.print("\n[cyan]💡 Para gerar ata/resumo:[/cyan]")
        console.print("  - Instale Claude CLI: pip install claude-cli")
@@ -485,7 +465,6 @@ def main():
    if final_prompt is None:
        # Usuário recusou processamento
        save_outputs(transcript_text, None, args.audio_file, args.output_dir)
-        cleanup_temp_files(args.output_dir, args.keep_temp)
        return
    
    # Step 4: Processar com LLM
@@ -500,9 +479,6 @@ def main():
    console.print("\n[cyan]💾 Salvando arquivos...[/cyan]")
    save_outputs(transcript_text, ata_text, args.audio_file, args.output_dir)

-    # Step 6: Cleanup
-    cleanup_temp_files(args.output_dir, args.keep_temp)
-    
    console.print("\n[bold green]✅ Concluído![/bold green]")