v3.4.1 β Lock the Door, Then Build the Robot
v3.4.1 β Lock the Door, Then Build the Robot
Beatify grew up this release. The admin panel is no longer wide open to anyone who can reach your Home Assistant β and the music library can now build itself with a sentence of help from you.
π Security Gate β your admin is finally your admin
If your Home Assistant is reachable from the internet β Nabu Casa, port-forward, or otherwise β anyone who knew the URL could open /beatify/admin, pick a speaker, and start blasting music on your porch. No warning, no log, no way to stop it from inside Beatify. That's gone.
The admin panel and every WebSocket command behind it now require an authenticated Home Assistant session. The first time you open Beatify after upgrading you'll be bounced to the HA login screen; from then on it follows the same session as the rest of your dashboard. Strangers see the login form; you see the game. No password to remember, no PIN to share β Beatify just trusts the auth you've already set up.
Thanks to @orths for filing the report that made this the headline of the release.
π€ LLM-Assisted Playlist Generator β describe a vibe, get a playlist
Beatify now ships a playlist generator that takes a sentence ("90s dance hits with a Eurodance lean") and produces a 40-track candidate list, fully enriched with provider URIs and release years, ready for the game. It runs through Claude (your key, your prompt) with a validator and sanitizer on top β no hallucinated B-sides, no fake songs, no songs from the wrong decade. You can save the result locally as a personal playlist, or submit it back to the project so the community gets it next release.
It's the first time Beatify's "ask for a playlist" funnel doesn't need anyone to manually scrape Spotify for 100 tracks. The bottleneck is gone.
βοΈ Auto-Advance, now with a countdown you can see
v3.3.7 shipped Auto-Advance. v3.4.0 finishes it: the REVEAL screen now shows the countdown on the sticky "Next round" button itself ("Next round (4)"). No more wondering whether the timer is running, no more second-guessing yourself. Tap it any time to advance immediately; ignore it and the next round starts on its own.
π― Two paper-cuts from @ludgerbeckmann, both fixed
TTS-Entity-Dropdown β picking the TTS service in the setup wizard used to be a free-form text field. One typo and you got silence with no error. The wizard now lists every tts.* entity registered in HA as a dropdown β type-and-pray is over.
Selected Playlists sheet β the bottom-nav showed "5 playlists selected" but the only way to remove one was to hunt for it across the playlist hub. Tap that pill now and you get a sheet with every selected playlist and a one-tap remove button.
π§ Under the Hood
Eight RCs of auth hardening sit behind the security gate. Nabu Casa SniTun drops urlencoded POSTs in some configurations β token exchange now uses FormData to survive the relay. Zombie tokens β admin sessions that survived a HA restart with stale refresh state β are detected and re-authed automatically instead of leaving the user stuck on a blank admin screen. Safari 18 on macOS Sequoia and iOS 18 silently refuses same-origin POSTs from the OAuth-callback page (a regression Safari shipped this spring); the token exchange now runs entirely server-side, with cookies for transport, so Safari 18 sees one redirect and a normal page load. Self-healing service worker β upgrades no longer require users to "Quit Safari and Clear Storage"; the SW unregisters and reloads itself when it sees a version mismatch.
Three mobile fixes from @laberning: the song-year on the REVEAL screen no longer truncates on narrow phones, the artist-vote tiles land above the fold on the in-game view, and @BK0101xx's "Start New Game keeps the old speaker" bug is closed (the wizard state now clears on reset). Two playlist data fixes (Danube Incident 1968β1969, Alcazar "Crying At the Discoteque" 2012β2000) round out the cycle.
π Thank you
To @orths for the security report that became this release's name. To @ludgerbeckmann for two UX wins in one cycle (TTS dropdown + Selected Playlists sheet). To @laberning for three sharp mobile reports. To @BK0101xx for catching the reset bug. To everyone who tested an RC through fifteen iterations β especially the Safari users β and kept reporting until the bug was real and not "works on my machine."
35 playlists Β· 4,013 songs Β· 5 music platforms Β· 5 languages
