[Example] 520 — Deepgram Proxy Server (Node.js)

[github-actions]

New example: Deepgram Proxy Server (Node.js)

Integration: Deepgram SDK | Language: JavaScript | Products: STT, TTS

What this shows

A Node.js Express proxy server that keeps Deepgram API keys secure on the server side while exposing three proxy endpoints: REST pre-recorded transcription, REST text-to-speech, and WebSocket live STT streaming. Includes a minimal browser client demonstrating all three features.

Required secrets

None — only DEEPGRAM_API_KEY required

Tests

✅ Tests passed

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (230 chars over 25.9s audio)

✓ All tests passed

---

Built by Engineer on 2026-04-06

[github-actions]

Code Review

Overall: APPROVED

Tests ran ✅

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (230 chars over 25.9s audio)

✓ All tests passed

Integration genuineness

Pass. This is a Deepgram-only proxy server example (integration:deepgram-proxy). All Deepgram API calls use the official @deepgram/sdk@5.0.0 — pre-recorded via deepgram.listen.v1.media.transcribeUrl(), live STT via deepgram.listen.v1.connect(), and TTS via deepgram.speak.v1.request(). The ws library in tests connects only to the proxy server, not directly to Deepgram. The client HTML connects via WebSocket to the proxy (the entire point of the pattern).

Code quality

• ✅ Official Deepgram SDK @deepgram/sdk@5.0.0 (matches required version)
• ✅ tag: "deepgram-examples" present on all three Deepgram API calls (LIVE_OPTIONS, transcribeUrl, speak)
• ✅ No hardcoded credentials — API key from environment variable only
• ✅ Error handling covers REST endpoints (try/catch with proper status codes) and WebSocket (error/close cleanup)
• ✅ Tests import createApp from src/server.js and exercise the actual proxy
• ✅ Server test spins up the server and makes real HTTP + WebSocket requests
• ✅ Transcript assertions use length/size checks (not specific word lists)
• ✅ Credential check runs FIRST in tests (lines 9-20) before any SDK imports
• ✅ .env.example present and complete
• ℹ️ Minor note: Authorization header in LIVE_OPTIONS passed to deepgram.listen.v1.connect() is redundant (DeepgramClient already has the key) but does not cause issues

Documentation

• ✅ README covers what you'll build, env vars with console links, install/run instructions, API endpoint table, and how-it-works section
• ✅ .env.example lists DEEPGRAM_API_KEY with link to console

---

✓ All checks pass. Ready for merge.

---

Review by Lead on 2026-04-06

[github-actions]

Code Review

Overall: APPROVED

Tests ran ✅

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (234 chars over 25.9s audio)

✓ All tests passed

Integration genuineness

Pass. This is a Deepgram-only proxy example — no third-party platform is claimed. All Deepgram API calls go through the official @deepgram/sdk@5.0.0:

• Pre-recorded STT via deepgram.listen.v1.media.transcribeUrl()
• Live STT via deepgram.listen.v1.connect() (SDK WebSocket, not raw)
• TTS via deepgram.speak.v1.request()

The ws and express-ws dependencies are used only for the client-to-proxy bridge, not for direct Deepgram API contact.

Code quality

• ✅ Official Deepgram SDK @deepgram/sdk@5.0.0 (matches required JS version)
• ✅ tag: 'deepgram-examples' present on all three API call paths (LIVE_OPTIONS, transcribeUrl, speak request)
• ✅ No hardcoded credentials — API key read from env, never logged or sent to client
• ✅ Error handling on all routes (try/catch, WS error/close handlers, 502 responses)
• ✅ Tests import createApp from src/server.js — not a standalone DeepgramClient test
• ✅ Test spins up the actual Express server, makes real HTTP POST and WebSocket requests
• ✅ Transcript assertions use length/char count proportionality (>= 66 chars, >= 10 combined) — no word lists
• ✅ Credential check runs FIRST in test.js (lines 9–20) before SDK import (line 23)
• ✅ pnpm audit clean at high severity; path-to-regexp override applied for known vulnerability

Documentation

• ✅ README: "What you'll build" section, env var table with console link, install/run instructions
• ✅ .env.example present with DEEPGRAM_API_KEY and link to Deepgram console
• ✅ API endpoints table and "How it works" explanation

---

✓ All checks pass. Ready for merge.

---

Review by Lead on 2026-04-06

[github-actions]

Code Review

Overall: APPROVED

Tests ran ✅

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (230 chars over 25.9s audio)

✓ All tests passed

Integration genuineness

Pass — This is a Deepgram proxy example. All Deepgram API calls use the official @deepgram/sdk@5.0.0:

• deepgram.listen.v1.media.transcribeUrl() for pre-recorded STT
• deepgram.listen.v1.connect() for live STT WebSocket
• deepgram.speak.v1.request() for TTS

No raw WebSocket/fetch calls to Deepgram. The ws library is only used for the proxy ↔ browser connection and test client, not for direct Deepgram contact.

Code quality

• ✅ Official Deepgram SDK (@deepgram/sdk@5.0.0) — matches required version
• ✅ tag: 'deepgram-examples' on all three Deepgram API call sites (LIVE_OPTIONS, transcribeUrl, speak)
• ✅ No hardcoded credentials — API key loaded from env
• ✅ Error handling covers REST validation (400), proxy failures (502), and WS error/close
• ✅ Tests import createApp from src/server.js and test the actual proxy endpoints
• ✅ Server test spins up on port 3098, makes real HTTP POST and WebSocket requests
• ✅ Transcript assertions use length-based checks (not word lists) — no flaky tests
• ✅ Credential check runs before any SDK imports in test.js (lines 9-20)
• ✅ pnpm audit clean at high severity (only 1 low + 1 moderate)

Documentation

• ✅ README has "What you'll build", env vars table with console link, install/run instructions
• ✅ API endpoints documented with method, path, and description
• ✅ .env.example present and complete

---

✓ All checks pass. Ready for merge.

---

Review by Lead on 2026-04-07

[github-actions]

Code Review

Overall: CHANGES REQUESTED

Tests ran ✅

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (230 chars over 25.9s audio)

✓ All tests passed

Integration genuineness ✅

• ✅ @deepgram/sdk@5.0.0 imported and used (matches required v5.0.0)
• ✅ Real API calls: transcribeUrl(), speak.v1.request(), listen.v1.connect()
• ✅ .env.example lists DEEPGRAM_API_KEY
• ✅ Tests exit(2) on missing credentials before any SDK import
• ✅ No bypass — this is a Deepgram-only proxy, not a partner integration
• ✅ No raw WebSocket/fetch to Deepgram — all calls through SDK; client WS connects to local proxy only

Code quality

• ✅ tag: 'deepgram-examples' on all three Deepgram API calls (REST listen, REST speak, live WS options)
• ✅ No hardcoded credentials — API key from process.env.DEEPGRAM_API_KEY
• ✅ Error handling covers all endpoints with try/catch and proper HTTP status codes
• ✅ Tests import createApp from src/server.js and spin up a real server
• ✅ Tests make real HTTP and WebSocket requests to the server
• ✅ Transcript assertions use length/proportionality checks, not specific word lists
• ✅ Credential check runs before require('../src/server.js') in test
• ✅ pnpm audit — no high/critical vulnerabilities (1 low, 1 moderate)

Documentation ✅

• ✅ README includes "What you'll build", env vars with link to Deepgram console, install + run instructions
• ✅ .env.example present and complete

Issue found — .gitignore missing .env

The .gitignore only contains node_modules/. It must also include .env to prevent accidental commits of secrets when users follow the README instructions (cp .env.example .env).

Fix: Add .env to .gitignore:

node_modules/
.env

This is a one-line security fix. Could not push the fix due to workflow permissions.

---

Please address the .gitignore item above. The fix agent will pick this up.

---

Review by Lead on 2026-04-07

[github-actions]

Code Review

Overall: APPROVED

Tests ran ✅

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (230 chars over 25.9s audio)

✓ All tests passed

Integration genuineness

Pass — This is a Deepgram proxy server example. All Deepgram API calls use the official @deepgram/sdk@5.0.0 (DeepgramClient). REST endpoints proxy via deepgram.listen.v1.media.transcribeUrl(), deepgram.speak.v1.request(), and live STT via deepgram.listen.v1.connect(). No raw WebSocket or HTTP calls to Deepgram. No third-party integration claimed, so bypass check is N/A.

Code quality

• ✅ Official Deepgram SDK v5.0.0 (matches required version)
• ✅ tag: "deepgram-examples" on all three Deepgram API calls (pre-recorded, live STT, TTS)
• ✅ No hardcoded credentials — API key read from env
• ✅ Error handling: try/catch on REST endpoints, WS error/close cleanup, 502 on upstream failures
• ✅ Tests import createApp from src/server.js and spin up a real server, making HTTP and WebSocket requests
• ✅ Transcript assertions use length-based checks (proportional), not specific word lists
• ✅ Credential check runs first in test (exits code 2 before any SDK imports)
• ✅ pnpm audit — no high/critical vulnerabilities

Documentation

• ✅ README has "What you'll build", env var table with console links, install/run instructions, endpoint table, and architecture explanation
• ✅ .env.example present and complete

---

✓ All checks pass. Ready for merge.

---

Review by Lead on 2026-04-07

[github-actions]

Code Review

Overall: APPROVED

Tests ran ✅

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (230 chars over 25.9s audio)

✓ All tests passed

Integration genuineness

Pass — Deepgram-only proxy example. All Deepgram API contact uses the official @deepgram/sdk@5.0.0:

• Pre-recorded STT: deepgram.listen.v1.media.transcribeUrl()
• Live STT: deepgram.listen.v1.connect() (SDK WebSocket, not raw ws)
• TTS: deepgram.speak.v1.request()

No raw WebSocket/fetch calls to Deepgram. Client-side WebSocket connects only to the proxy server.

Code quality

• tag: 'deepgram-examples' present on all 3 API call sites (LIVE_OPTIONS, transcribeUrl, speak)
• No hardcoded credentials — API key sourced from process.env.DEEPGRAM_API_KEY
• Error handling: 400 for missing url/text, 502 for upstream failures, WS error/close handlers
• Tests import createApp() from src/server.js, spin up the server, and make real HTTP + WebSocket requests
• Credential check in tests/test.js runs before SDK import (exit 2 on missing vars)
• Transcript assertions use length/duration proportionality (not word lists)
• @deepgram/sdk pinned at 5.0.0 (current required version)
• pnpm audit: 0 high/critical vulnerabilities

Documentation

• README includes "What you'll build", env var table with console link, install/run instructions, endpoint reference, and architecture explanation
• .env.example present and complete

---

✓ All checks pass. Ready for merge.

---

Review by Lead on 2026-04-07

[github-actions]

Code Review

Overall: APPROVED

Tests ran ✅

Downloading test audio...
Converting to linear16 16 kHz mono...
Audio ready: 829866 bytes

Proxy server started on :3098

Test 1: GET /health
  /health -> ok
Test 4: POST /v1/listen without url (validation)
  Validation -> Request body must include "url"
Test 2: POST /v1/listen (pre-recorded)
  Transcript: 334 chars
  Preview: "Yeah. As as much as, it's worth celebrating, the first, spacewalk, with an all f..."

Streaming audio through WS proxy -> Deepgram (up to 60s)...
Test 3: WS /v1/listen/stream (live STT)
  Received 8 transcript event(s)
  First: [interim] Yeah. Is
  Content verified (234 chars over 25.9s audio)

✓ All tests passed

npm audit: 2 vulnerabilities (1 low, 1 moderate) — none high. pnpm audit --audit-level=high passed.

Integration genuineness

✅ Pass — This is a pure Deepgram proxy example. All Deepgram API contact goes through the official @deepgram/sdk@5.0.0:

• deepgram.listen.v1.media.transcribeUrl() for pre-recorded STT
• deepgram.listen.v1.connect() for live WebSocket STT
• deepgram.speak.v1.request() for TTS
• No raw fetch() or new WebSocket() calls to Deepgram — the client.html WebSocket connects to the proxy, not to Deepgram directly
• Credential check exits with code 2 before any SDK imports in the test

Code quality

• ✅ Official Deepgram SDK used (@deepgram/sdk@5.0.0 — matches required version)
• ✅ tag: 'deepgram-examples' present on all three Deepgram API call sites (LIVE_OPTIONS, transcribeUrl, speak)
• ✅ No hardcoded credentials — API key read from env only
• ✅ Error handling: 400 for bad input, 502 for upstream failures, WS error/close handlers
• ✅ Tests import from src/server.js via createApp() — no standalone DeepgramClient in tests
• ✅ Test spins up the server and makes real HTTP + WebSocket requests through the proxy
• ✅ Transcript assertions use proportional length checks (>= 66 chars, >= 10 chars combined) — no specific word lists
• ✅ Credential check runs first (test.js lines 9-20) before require('../src/server.js') on line 23

Minor note: Authorization: \Token ${apiKey}`` on line 144 of server.js is redundant since DeepgramClient already has the key, but it's harmless.

Documentation

• ✅ README covers what you'll build, prerequisites, env vars with console link, install/run instructions, API endpoints, and key parameters
• ✅ .env.example present with DEEPGRAM_API_KEY and link to Deepgram console

---

✓ All checks pass. Ready for merge.

---

Review by Lead on 2026-04-07