Extend Sapat Providers in Daytona

[jjoanna2-debug]

Summary

• Refresh the Daytona guide for current Sapat provider-registry architecture and the dynamic --provider CLI flow.
• Ground the guide in live Sapat source behavior: provider discovery, TranscriptionProvider, ProviderConfig, TranscriptionResult, mocked validation, and security/privacy guardrails.
• Add a provider selection matrix, provider acceptance matrix, provider security checklist, maintainer review checklist, transcription provider adapter definition, original workflow PNG, and first-time author profile.

Decisive review points

• Wrong architecture avoided: the guide targets current Sapat provider modules under sapat/providers/, @register, and dynamic --provider discovery. It does not teach the stale hard-coded --api path.
• Abstract-contract gap closed: the AssemblyAIProvider(AsyncPollProvider) sample includes all required async hooks: _upload, _poll, and _fetch_result.
• Review burden reduced: the acceptance matrix gives maintainers concrete rows to check: CLI selection, secret loading, audio handoff, job lifecycle, retry/timeout behavior, return shape, error privacy, and regression guard.
• Content-only risk bounded: the branch adds one guide, one definition, one author profile, and one PNG. It does not modify Daytona runtime code or introduce executable dependencies.

Security / privacy hardening

• API keys stay in environment variables or workspace secrets; no keys belong in README examples, screenshots, logs, PR bodies, or fixtures.
• Endpoint overrides must be HTTPS, must not carry query-string secrets, and should point only at the provider host or an approved test double.
• Live validation uses short non-sensitive clips only; private calls, unreleased demos, medical files, legal recordings, generated transcripts, and payout details stay out of commits.
• Provider errors must not log authorization headers, raw .env values, full provider responses, or full transcript text.
• Temporary MP3 output and smoke-test artifacts are explicitly part of the cleanup/review checklist.

Current validation

• npx --yes markdownlint-cli@0.45.0 guides/20260511_extend_sapat_providers_in_daytona.md definitions/20260511_definition_transcription_provider_adapter.md authors/jean_claude_joanna.md
• git diff --check origin/main...HEAD
• Secret-pattern scan across the changed author, definition, guide, and PNG paths: no high-confidence token/private-key/API-key hits.
• PNG asset verification: guides/assets/20260511_extend_sapat_providers_in_daytona_img1.png parses as a valid 1600x900 PNG.
• Live Sapat source re-check: provider registry, @register, dynamic --provider, ProviderConfig, TranscriptionResult, AsyncPollProvider, and temporary-audio cleanup are still present upstream.
• DCO is green on the latest pushed commit.

/claim #13