v1.1.3 — Adversarial Audit Hardening

v1.1.3 — Adversarial Audit Hardening

Full adversarial red-team audit covering ~50 issues across 4 severity tiers. All CRITICAL, HIGH, and actionable MEDIUM fixes applied.

Critical (C1–C7)

• C1: Fixed edit_timeline crash on t.type.value — type is Literal[str], not enum
• C2: Fixed audio-waveform CLI passing unknown output_path kwarg to engine
• C3: Fixed thumbnail/extract-frame CLI using wrong text formatter (showed N/A)
• C4: Fixed silence boundary logic bug creating inverted segments in ai_remove_silence
• C5: Fixed _parse_ffmpeg_time assuming centiseconds for variable fractional digits
• C6: Added try/except wrapper to video_batch server tool
• C7: Fixed _format_batch_text KeyError on validation error responses

High — Security & Robustness (H1–H5)

• H1: chroma_key color param now validated for FFmpeg injection characters (:, ], [, ;, \x00)
• H2: add_text text escaping now covers [, ], ; FFmpeg filter chars
• H3: Added _parse_json_arg helper for 11 CLI commands with friendly JSON error messages
• H4: _validate_input now checks null bytes in file paths
• H5: Added _validate_input_path calls to 5 effect functions and 3 transition functions

Medium — Validation (M1–M2)

• M1: 12 server validation additions (resize negative dims, font size bounds, fade non-negative, volume range, threshold 0-1, fps bounds, lufs -70 to -5, chroma_key similarity/blend 0-1, stabilize smoothing/zooming non-negative, apply_mask feather non-negative, waveform bins 1-1000)
• M2: Client export() format validation, video-layout-pip CLI --rounded-corners flag

Full Changelog: v1.1.2...v1.1.3