feat(voice): move composed session prompt off WS query string (first-message or REST pre-handoff)

[heavygee]

Summary

The current Gemini Live and Qwen Realtime voice session implementations pass the composed system prompt as a base64url query parameter in the WebSocket upgrade URL:

wss://hub/api/voice/gemini-ws?token=...&systemPrompt=<base64url-encoded-prompt>

This is mitigated in the current implementation by truncatePromptForProxy() which caps the raw prompt at 9,000 bytes before encoding, keeping the URL well within practical limits. However, the architecture has two theoretical weaknesses:

1. URL length limits — if the cap is ever raised, prompts could exceed proxy request-line limits
2. URL logging — prompt content appears in access logs (not a concern for Tailscale-only hubs, but worth noting for multi-tenant deployments)

Proposed improvement

Move the composed prompt off the URL onto a dedicated transport:

Option A — First WebSocket message: Browser sends prompt as the first message after ws.onopen fires; hub buffers it before proceeding with its own setup. Requires a new hub-side message type and careful ordering relative to the existing setup gate.

Option B — REST pre-handoff: Browser POSTs prompt to POST /api/voice/prompts, receives a short-lived promptId, includes only the ID in the WS URL. Hub looks up the stored prompt on upgrade. More robust for large prompts but adds a round-trip and ephemeral storage.

Context

• Introduced in feat(voice): backend voice picker + advanced controls behind disclosure (#742) #743
• Current truncation cap: 9,000 bytes raw / ~12,000 chars encoded
• Hub deployment is Tailscale-only — URL logging exposure is low priority for current users
• Tracked here so it isn't lost if the cap ever needs raising

[github-actions]

I checked current main; the described systemPrompt=<base64url-encoded-prompt> WebSocket query transport is not present now. The Gemini/Qwen proxy URLs built by the web client include auth token plus optional language only, and the hub owns the initial provider setup/session update.

So this looks already addressed in the current codebase. I also did not find truncatePromptForProxy, systemPrompt= query usage, or searchParams.get('systemPrompt') in the repo.

Relevant code:

• web/src/realtime/GeminiLiveVoiceSession.tsx:123 - Gemini proxied WS URL is built with token and optional language only.
• web/src/realtime/QwenVoiceSession.tsx:136 - Qwen proxied WS URL is built with token and optional language only.
• hub/src/web/routes/voice.ts:208 - Gemini token endpoint returns /api/voice/gemini-ws proxy URL; no prompt handoff field.
• hub/src/web/routes/voice.ts:231 - Qwen token endpoint returns /api/voice/qwen-ws proxy URL; no prompt handoff field.
• hub/src/web/server.ts:92 - Gemini proxy sends hub-owned setup upstream on upstream open.
• hub/src/web/server.ts:175 - Qwen proxy stores the hub-owned session.update and sends it after session.created.
• shared/src/voice.ts:421 - Gemini system instruction is composed server/shared-side from VOICE_SYSTEM_PROMPT plus language block.
• shared/src/voice.ts:436 - Qwen initial instructions are composed in buildQwenSessionUpdateMessage().

---

HAPI Bot