feat(example): add LiveKit voice-agent quickstart

[LukasPoque]

Summary

• New examples/livekit-voice-agent/ — minimal LiveKit Agents worker driving Gemini Live (v2v), wired to xray via xray.attach(ctx). Four docker compose services: livekit, xray, agent, and a profile-gated pytest driver.
• One .dockerignore exception (!sdk/python/README.md) so the agent + driver images can pip-install the in-tree SDK editable. Verified the main production image still builds unchanged.

What the example demonstrates

• The one-line xray integration (async with xray.attach(ctx, ...) as session).
• One user-emitted span per recognized vocabulary lands on the replay:
  • xray.stage.tts (xray vocab)
  • example_langfuse_step via Langfuse @observe (langfuse vocab)
  • execute_tool via session.record_tool_call(...) (gen_ai vocab)
• The audio-ground-truth flow end-to-end: stereo WAV upload → POST /v1/replays/:id/analyze → SSE events → server-derived replay_turns + speech_segments.
• A transcript-republish bridge from conversation_item_added → rtc.Transcription, which is the missing link for getting Gemini Live's transcripts into the SDK's AgentResponse.transcript.

Repo rules followed

• Slice layout per .claude/rules/code-layout.md: agent/, driver/, fixtures/ sub-slices.
• Base images SHA-pinned per .claude/rules/supply-chain.md §4 (livekit/livekit-server, python:3.12-slim-bookworm).
• Host ports bound loopback-only (127.0.0.1:8080, 127.0.0.1:7890, 127.0.0.1:7891) so running this on shared wifi doesn't expose the inspector or LiveKit signaling.
• No secrets committed; .env ignored at the example root + by root .gitignore:17. .env.example shows the one required key.

Test plan

• docker compose --profile test run --rm driver passes locally (~8–18 s per run).
• GET /v1/replays/:id shows 3 server-derived turns from VAD (regression test for the SDK fix on the parent branch).
• All 3 vocabulary spans appear in replay["spans"].
• tool_calls row populated (get_current_year).
• model_usage rows extracted (langfuse stub + Gemini Live usage).
• Main xray image still builds after the .dockerignore change.
• SDK pytest still 12/12 green.

[basilebong]

Ideally, this PR would include a database snapshot containing an authentic Conversation and Replay, to replace the current pnpm seed script. What do you think?

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

examples/livekit-voice-agent/driver/pyproject.toml

Name	Version	Vulnerability	Severity
pytest	8.4.2	pytest has vulnerable tmpdir handling	moderate

Only included vulnerabilities with severity moderate or higher.

License Issues

examples/livekit-voice-agent/agent/pyproject.toml

Package	Version	License	Issue Type
livekit-agents	1.5.9	Null	Unknown License
livekit-plugins-google	1.5.9	Null	Unknown License

Denied Licenses:

GPL-1.0, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0, GPL-3.0-only, GPL-3.0-or-later, LGPL-2.0, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0, LGPL-3.0-only, LGPL-3.0-or-later, AGPL-1.0, AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0, AGPL-3.0-only, AGPL-3.0-or-later, SSPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, EPL-1.0, EPL-2.0, CDDL-1.0, CDDL-1.1, EUPL-1.0, EUPL-1.1, EUPL-1.2, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0

OpenSSF Scorecard

Package	Version	Score	Details
pip/langfuse	3.9.3	Unknown	Unknown
pip/livekit-agents	1.5.9	Unknown	Unknown
pip/livekit-plugins-google	1.5.9	Unknown	Unknown
pip/pytest	8.4.2	Unknown	Unknown
pip/httpx	0.28.1	Unknown	Unknown
pip/pytest-asyncio	1.3.0	Unknown	Unknown
npm/qs	6.15.2	🟢 5.3	Details Check Score Reason Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 13 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices 🟢 5 badge detected: Passing Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• examples/livekit-voice-agent/agent/pyproject.toml
• examples/livekit-voice-agent/driver/pyproject.toml
• pnpm-lock.yaml

[basilebong]

All seven review threads resolved in 7a83411. Quick rundown:

Agent loop (agent/main.py)

• Agent(instructions="") → moved the assistant prompt onto Agent(...) and dropped the instructions= kwarg from RealtimeModel(...) (it would have been overridden anyway).
• xray.stage.tts zero-duration span → captured the SpeechHandle from session.generate_reply(...) and awaited it inside the span, so the span now measures real TTS latency instead of microseconds.
• Session leak on non-room aborts → registered the disconnected listener before session.start(...) and wrapped the body in try/finally so disconnect.set() always fires. xray.attach's force-flush now runs on the partial-run path too.

Compose / quickstart

• Empty GEMINI_API_KEY → switched ${VAR:-} to ${VAR:?GEMINI_API_KEY must be set in examples/livekit-voice-agent/.env}. docker compose up now aborts immediately with a clear message instead of silently booting an agent that fails 30s later.
• README quickstart → added the missing cd examples/livekit-voice-agent step, a note that compose up streams logs (wait for worker registration before running the driver), and a one-liner explaining why the driver lives behind --profile test.
• Broken docs/integrate.md link → real relative markdown link now.

Supply chain

• Pinned livekit-agents, livekit-plugins-google, langfuse, pytest, pytest-asyncio, httpx to exact versions in both pyproject.toml files and both Dockerfiles. Each pin was the latest PyPI release >7 days old at audit time (2026-05-24).
• Added §6 to .claude/rules/supply-chain.md documenting that PyPI carries the same Shai-Hulud-class threat as npm but has no registry-side cooldown, and that until a hash-pinned requirements.txt is wired into CI, every Python dep here MUST be exact-pinned + manually cooldown-checked.

Verified locally

• python -m ast parses both agent/main.py and driver/test_e2e.py.
• docker compose config aborts cleanly without GEMINI_API_KEY and substitutes correctly with it set.
• Bun server tests: 247/247 pass (unchanged — I didn't touch server code).

Not verified

• Couldn't docker compose up with a real Gemini key from here; worth one manual smoke run before merging to confirm the greeting still fires and the TTS span shows a non-zero duration.

[basilebong]

Self-review pass: all 7 inline findings addressed in 7a83411 (see summary comment). Approving so this can ship once you've done a smoke run with a real Gemini key.