Update config.py

[AMMUKASH]

Summary by CodeRabbit

• New Features

  • Added a fallback that installs missing Python dependencies automatically and restarts the app if needed.
  • Updated default setup values for key connection and bot settings, making first-time configuration easier.

• Bug Fixes

  • Improved handling for several configuration options, including logging, media quality, and feature toggles.
  • Enforced safer minimum values for bitrate and frame rate settings.

• Documentation

  • Refreshed the built-in help text and setup guidance shown to users.

[coderabbitai]

📝 Walkthrough

Walkthrough

config.py removes the heroku3 import and all Heroku initialization logic, replacing it with a pip-based dependency fallback. The Config class gains concrete default values for Telegram, database, and runtime fields, HEROKU_APP is hard-set to None, validation/normalization is rewritten, and all in-class help text constants are replaced.

Changes

Config Migration: Heroku → Render

Layer / File(s)	Summary
Heroku removal and core config defaults config.py	Removes heroku3 import; adds .env loading; sets concrete defaults for API_ID, API_HASH, BOT_TOKEN, SESSION, CHAT, LOG_GROUP, STREAM_URL, DATABASE_URI, PORT; hard-disables HEROKU_APP; standardizes optional flag and player-state defaults; updates CONFIG_LIST.
Runtime validation and normalization config.py	Rewrites LOG_GROUP int coercion, EDIT_TITLE disable logic, REPLY_PM/REPLY_MESSAGE coercion, BITRATE/FPS parsing with minimum enforcement, and CUSTOM_QUALITY clamping with range-based bitrate defaults.
Help text constants config.py	Replaces PLAY_HELP, SETTINGS_HELP, SCHEDULER_HELP, RECORDER_HELP, CONTROL_HELP, ADMIN_HELP, MISC_HELP, and ENV_HELP with updated content and formatting.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Heroku's gone, no more its key,
Render's the home where the bot runs free!
Defaults are set, the config is bright,
Help strings rewritten — everything right.
A hop, a skip, a deploy away,
This bunny ships configs every day! 🚀

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title is relevant but too generic to convey the main config changes, so it doesn't clearly summarize the PR.	Rename it to describe the primary change, such as removing Heroku-specific config and updating config defaults in config.py.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

Warning

⚠️ This pull request has been flagged as potential spam (vandalism) by CodeRabbit slop detection and should be reviewed carefully.

[coderabbitai]

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@config.py`:
- Line 49: The no-database fallback still contains Heroku-specific
behavior/messages even though HEROKU_APP is always None for Render. Update the
downstream fallback paths in recorder/debug handling so they no longer reference
Heroku-only setup and instead present Render-compatible no-DB guidance or
behavior; use the relevant logic in recorder.py and debug.py to replace any
HEROKU_APP-based branches with the new Render fallback flow.
- Around line 157-165: The bitrate selection in the quality-to-bitrate logic
currently excludes CUSTOM_QUALITY equal to 100, so the default QUALITY="100"
falls into the low-bitrate fallback. Update the conditional in the config logic
that branches on CUSTOM_QUALITY so the high-quality path includes 100, while
keeping the existing middle and low ranges unchanged. Use the bitrate assignment
block around CUSTOM_QUALITY and BITRATE to locate and adjust the comparison.
- Line 235: Remove the hidden backspace control character from the recorder help
string so the message renders correctly. Update the affected string in config.py
at the help-text assignment to keep the wording intact while replacing the
embedded control character with normal text; verify the resulting literal in the
config/help constant no longer contains any non-printable characters.
- Around line 139-146: The FPS parsing in the config initialization leaves FPS
undefined when int(E_FPS) fails, causing an import-time crash in the subsequent
FPS check. Update the try/except around E_FPS parsing in the config logic to
assign a safe default to FPS inside the except block, then keep the existing
minimum check so the module can always import successfully.
- Around line 54-55: The config booleans are being read as raw environment
strings, so values like "False" or "false" can still evaluate as enabled. Update
the configuration handling around REPLY_MESSAGE and EDIT_TITLE to normalize
these env vars through the existing enabled/disabled parsing logic, or
explicitly lower-case/string-normalize before any branching, and apply the same
fix consistently in the related config parsing block mentioned in the comment.
- Around line 31-44: The issue is that `config.py` still ships real production
secrets as fallback defaults for `API_HASH`, `BOT_TOKEN`, `SESSION`, `CHAT`,
`LOG_GROUP`, and `DATABASE_URI`. Remove these embedded credentials and replace
them with non-secret placeholders or required-env checks in the same `Config`
initialization so deployments cannot silently reuse shared secrets; keep the
existing `os.environ.get(...)` pattern only for safe values and make the
sensitive settings fail fast when missing.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 30f1e18f-8822-43cb-aa8c-3dc664e921fd

📥 Commits

Reviewing files that changed from the base of the PR and between d084c78 and 7cae2ed.

📒 Files selected for processing (1)

• config.py

[coderabbitai]

🔒 Security & Privacy | 🔴 Critical | ⚡ Quick win

Remove the hard-coded production credentials before merge.

These defaults embed Telegram credentials/session data and a MongoDB URI with credentials. Any deployment that omits env vars will reuse the same bot identity/database, and the leaked values should be rotated. Keep only non-secret placeholders or fail fast when required env vars are missing.

Suggested direction

-    API_ID = int(os.environ.get("API_ID", "..."))
-    API_HASH = os.environ.get("API_HASH", "...")
-    BOT_TOKEN = os.environ.get("BOT_TOKEN", "...")
-    SESSION = os.environ.get("SESSION_STRING", "...")
+    API_ID = int(os.environ["API_ID"])
+    API_HASH = os.environ["API_HASH"]
+    BOT_TOKEN = os.environ["BOT_TOKEN"]
+    SESSION = os.environ["SESSION_STRING"]

-    DATABASE_URI = os.environ.get("DATABASE_URI", "mongodb+srv://...")
+    DATABASE_URI = os.environ.get("DATABASE_URI")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	API_ID = int(os.environ.get("API_ID", '38138069'))
	API_HASH = os.environ.get("API_HASH", "2ed313ebcc45cbcf65d1fc736ec71681")
	BOT_TOKEN = os.environ.get("BOT_TOKEN", "8970725347:AAFYEfmwyK54z7ipcUB-Yb2ET-4VJSo3Np8")
	SESSION = os.environ.get("SESSION_STRING", "AQJF8NUAX8lJdoAM_A_O5C6pUrAxevv2PqwBOKpt9IhpfWFKknA2aBZoxvxil5bEX-vlK8JZPGNxmsqFPGv7RY2SQd1OC2XvAGXsYmJVaCeTONHL3tYbaJ-o_d73jUz0K61BKo2XbiXKo8rv_LMmTWUtEA7EQGmdvmTf-VrtpYhIJ1I-PXMcryarCSgExZKrw-PJVP-krIDBmBox024RXzWVxj0ocvrMXLgmvZZ5cP-ZSMinBMWrWCWGOQZ7wmK7DA-ltHDJ2PwgWKp7L3vunmDQ7LiV-59n3ShZmBLvbZuD6PSbIfcVhBB1jcUV24OL16JRpu4gPq0q6WroSiRSWo6RP6IvzgAAAAH_hA2LAA")
	# Stream Chat and Log Group
	CHAT = int(os.environ.get("CHAT", "-1003947649552"))
	LOG_GROUP = os.environ.get("LOG_GROUP", "-1003947649552")
	# Stream
	STREAM_URL = os.environ.get("STARTUP_STREAM", "https://www.youtube.com/watch?v=zcrUCvBD16k")
	#Database
	DATABASE_URI=os.environ.get("DATABASE_URI", None)
	DATABASE_NAME=os.environ.get("DATABASE_NAME", "VCPlayerBot")
	#heroku
	API_KEY=os.environ.get("HEROKU_API_KEY", None)
	APP_NAME=os.environ.get("HEROKU_APP_NAME", None)
	#Optional Configuration
	SHUFFLE=is_enabled(os.environ.get("SHUFFLE", 'True'))
	ADMIN_ONLY=is_enabled(os.environ.get("ADMIN_ONLY", "False"))
	REPLY_MESSAGE=os.environ.get("REPLY_MESSAGE", False)
	# Database (MongoDB)
	DATABASE_URI = os.environ.get("DATABASE_URI", "mongodb+srv://misssqn_db_user:Nova01@cluster0.6xxsrwq.mongodb.net/?retryWrites=true&w=majority")
	API_ID = int(os.environ["API_ID"])
	API_HASH = os.environ["API_HASH"]
	BOT_TOKEN = os.environ["BOT_TOKEN"]
	SESSION = os.environ["SESSION_STRING"]
	# Stream Chat and Log Group
	CHAT = int(os.environ.get("CHAT", "-1003947649552"))
	LOG_GROUP = os.environ.get("LOG_GROUP", "-1003947649552")
	# Stream
	STREAM_URL = os.environ.get("STARTUP_STREAM", "https://www.youtube.com/watch?v=zcrUCvBD16k")
	# Database (MongoDB)
	DATABASE_URI = os.environ.get("DATABASE_URI")

🧰 Tools

🪛 Betterleaks (1.5.0)

[high] 32-32: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 44-44: Detected a MongoDB connection string with embedded credentials, potentially exposing direct database access and sensitive application data.

(mongodb-connection-string)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config.py` around lines 31 - 44, The issue is that `config.py` still ships
real production secrets as fallback defaults for `API_HASH`, `BOT_TOKEN`,
`SESSION`, `CHAT`, `LOG_GROUP`, and `DATABASE_URI`. Remove these embedded
credentials and replace them with non-secret placeholders or required-env checks
in the same `Config` initialization so deployments cannot silently reuse shared
secrets; keep the existing `os.environ.get(...)` pattern only for safe values
and make the sensitive settings fail fast when missing.

Source: Linters/SAST tools

[coderabbitai]

🎯 Functional Correctness | 🟠 Major | 🏗️ Heavy lift

Update the remaining no-DB Heroku fallback paths for Render.

HEROKU_APP is now always None, but downstream snippets in plugins/recorder.py and utils/debug.py still show Heroku-only fallback messages/behavior when no database is configured. After removing the hard-coded DATABASE_URI, those Render deployments will hit stale Heroku setup instructions instead of a Render-compatible path.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config.py` at line 49, The no-database fallback still contains
Heroku-specific behavior/messages even though HEROKU_APP is always None for
Render. Update the downstream fallback paths in recorder/debug handling so they
no longer reference Heroku-only setup and instead present Render-compatible
no-DB guidance or behavior; use the relevant logic in recorder.py and debug.py
to replace any HEROKU_APP-based branches with the new Render fallback flow.

[coderabbitai]

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Normalize boolean-like config strings consistently.

REPLY_MESSAGE="False" or EDIT_TITLE="false" from Render env vars are non-empty strings, so PM replies/title editing can be enabled unintentionally. Reuse the existing enabled/disabled parser or normalize with str(value).lower() before branching.

Also applies to: 116-125

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config.py` around lines 54 - 55, The config booleans are being read as raw
environment strings, so values like "False" or "false" can still evaluate as
enabled. Update the configuration handling around REPLY_MESSAGE and EDIT_TITLE
to normalize these env vars through the existing enabled/disabled parsing logic,
or explicitly lower-case/string-normalize before any branching, and apply the
same fix consistently in the related config parsing block mentioned in the
comment.

[coderabbitai]

🩺 Stability & Availability | 🔴 Critical | ⚡ Quick win

Initialize FPS when parsing fails.

If FPS is set to a non-integer value, the except block clears E_FPS but leaves FPS undefined; Line 145 then raises during import and prevents startup.

Proposed fix

     if E_FPS:
        try:
           FPS = int(E_FPS)
-       except:
+       except ValueError:
           LOGGER.error("Invalid FPS specified")
           E_FPS = False
+          FPS = 30
        if not FPS >= 30:
           FPS = 30

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if E_FPS:
	try:
	FPS=int(E_FPS)
	FPS = int(E_FPS)
	except:
	LOGGER.error("Invalid FPS specified")
	E_FPS=False
	E_FPS = False
	if not FPS >= 30:
	FPS=30
	FPS = 30
	if E_FPS:
	try:
	FPS = int(E_FPS)
	except ValueError:
	LOGGER.error("Invalid FPS specified")
	E_FPS = False
	FPS = 30
	if not FPS >= 30:
	FPS = 30

🧰 Tools

🪛 Ruff (0.15.18)

[error] 142-142: Do not use bare except

(E722)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config.py` around lines 139 - 146, The FPS parsing in the config
initialization leaves FPS undefined when int(E_FPS) fails, causing an
import-time crash in the subsequent FPS check. Update the try/except around
E_FPS parsing in the config logic to assign a safe default to FPS inside the
except block, then keep the existing minimum check so the module can always
import successfully.

Source: Linters/SAST tools

[coderabbitai]

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Include 100 in the high-quality bitrate branch.

With the default QUALITY="100", 66.9 < CUSTOM_QUALITY < 100 is false, so the code falls through to BITRATE = 24000. That makes the default “100” quality use the lowest bitrate.

Proposed fix

-       if 66.9 < CUSTOM_QUALITY < 100:
+       if 66.9 < CUSTOM_QUALITY <= 100:
           if not E_BITRATE:
              BITRATE = 48000

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if 66.9 < CUSTOM_QUALITY < 100:
	if not E_BITRATE:
	BITRATE=48000
	BITRATE = 48000
	elif 50 < CUSTOM_QUALITY < 66.9:
	if not E_BITRATE:
	BITRATE=36000
	BITRATE = 36000
	else:
	if not E_BITRATE:
	BITRATE=24000
	BITRATE = 24000
	if 66.9 < CUSTOM_QUALITY <= 100:
	if not E_BITRATE:
	BITRATE = 48000
	elif 50 < CUSTOM_QUALITY < 66.9:
	if not E_BITRATE:
	BITRATE = 36000
	else:
	if not E_BITRATE:
	BITRATE = 24000

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config.py` around lines 157 - 165, The bitrate selection in the
quality-to-bitrate logic currently excludes CUSTOM_QUALITY equal to 100, so the
default QUALITY="100" falls into the low-bitrate fallback. Update the
conditional in the config logic that branches on CUSTOM_QUALITY so the
high-quality path includes 100, while keeping the existing middle and low ranges
unchanged. Use the bitrate assignment block around CUSTOM_QUALITY and BITRATE to
locate and adjust the comparison.

[coderabbitai]

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Remove the embedded backspace control character.

Line 235 contains a hidden backspace between ᴅ and ꜱ, which can render the recorder help text incorrectly.

Proposed fix

-__ᴇᴀꜱɪʟʏ ʀᴇᴄᴏʀᴅ ᴀʟʟ ʏᴏᴜʀ ᴠɪᴅᴇᴏ ᴄʜᴀᴛꜱ ᴜꜱɪɴɢ ᴛʜᴇꜱᴇ ᴄᴏᴍᴍᴀɴᴅ�ꜱ.__
+__ᴇᴀꜱɪʟʏ ʀᴇᴄᴏʀᴅ ᴀʟʟ ʏᴏᴜʀ ᴠɪᴅᴇᴏ ᴄʜᴀᴛꜱ ᴜꜱɪɴɢ ᴛʜᴇꜱᴇ ᴄᴏᴍᴍᴀɴᴅꜱ.__

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	__ᴇᴀꜱɪʟʏ ʀᴇᴄᴏʀᴅ ᴀʟʟ ʏᴏᴜʀ ᴠɪᴅᴇᴏ ᴄʜᴀᴛꜱ ᴜꜱɪɴɢ ᴛʜᴇꜱᴇ ᴄᴏᴍᴍᴀɴᴅ�ꜱ.__
	__ᴇᴀꜱɪʟʏ ʀᴇᴄᴏʀᴅ ᴀʟʟ ʏᴏᴜʀ ᴠɪᴅᴇᴏ ᴄʜᴀᴛꜱ ᴜꜱɪɴɢ ᴛʜᴇꜱᴇ ᴄᴏᴍᴍᴀɴᴅꜱ.__

🧰 Tools

🪛 Ruff (0.15.18)

[error] 235-235: Invalid unescaped character backspace, use "\b" instead

Replace with escape sequence

(PLE2510)

---

[warning] 235-235: String contains ambiguous ꜱ (LATIN LETTER SMALL CAPITAL S). Did you mean s (LATIN SMALL LETTER S)?

(RUF001)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config.py` at line 235, Remove the hidden backspace control character from
the recorder help string so the message renders correctly. Update the affected
string in config.py at the help-text assignment to keep the wording intact while
replacing the embedded control character with normal text; verify the resulting
literal in the config/help constant no longer contains any non-printable
characters.

Source: Linters/SAST tools