Skip to content

Doppelvoice v0.2.3 — review tier-1 follow-ups

Choose a tag to compare

@Tianqi-Bu Tianqi-Bu released this 26 Apr 13:07

Tier-1 follow-ups from the v0.2.2 20-agent adversarial review.
Tests 86 → 93. No behavior changes for normal usage.

Download

Doppelvoice-v0.2.3-win64.zip (61 MB)

SHA256: 789446E15607D535AA825BF253E3750829C8C36857A7F0B337B2DC79F36D3B0E

Same install as v0.2.2 — see README.txt inside the zip.

What changed since v0.2.2

Fixed

  • Credentials is now frozen=True — was the one mutable sub-config that escaped the v0.2.0 frozen sweep. Three sites mutated it in-place; because AppConfig.snapshot() is a shallow copy, those writes silently leaked into already-running orchestrator sessions. All callers now use replace() and the type system enforces it.
  • SubtitleView clamps each block to 4096 chars. QTextDocument layout is O(n²) on a single huge run; a malicious or buggy server sending a 4 MB text field would freeze the GUI thread.
  • gui/env_io.py _dequote now matches python-dotenv exactly. The old .strip().strip('"').strip("'") chain ate unmatched quotes ("'weird'"weird instead of 'weird') and exposed inner padding (" spaced " spaced instead of spaced). The GUI display path now agrees with what Credentials.from_env actually loads at runtime.
  • utils/log.py _patcher no longer silently swallows arg-rewrite failures — falls through to sys.stderr (cannot use loguru without recursing into the patcher itself).

Tests (86 → 93)

  • OggOpusDecoder.MAX_BUF_BYTES guard (sentence_end-never-fires DoS).
  • _dequote parity with python-dotenv (matched / unmatched / inner padding).
  • read_env UTF-8 BOM round-trip.
  • Credentials FrozenInstanceError + replace-path.

Full changelog: CHANGELOG.md