Doppelvoice v0.2.3 — review tier-1 follow-ups
Tier-1 follow-ups from the v0.2.2 20-agent adversarial review.
Tests 86 → 93. No behavior changes for normal usage.
Download
Doppelvoice-v0.2.3-win64.zip (61 MB)
SHA256: 789446E15607D535AA825BF253E3750829C8C36857A7F0B337B2DC79F36D3B0E
Same install as v0.2.2 — see README.txt inside the zip.
What changed since v0.2.2
Fixed
Credentialsis nowfrozen=True— was the one mutable sub-config that escaped the v0.2.0 frozen sweep. Three sites mutated it in-place; becauseAppConfig.snapshot()is a shallow copy, those writes silently leaked into already-running orchestrator sessions. All callers now usereplace()and the type system enforces it.SubtitleViewclamps each block to 4096 chars. QTextDocument layout is O(n²) on a single huge run; a malicious or buggy server sending a 4 MBtextfield would freeze the GUI thread.gui/env_io.py _dequotenow matches python-dotenv exactly. The old.strip().strip('"').strip("'")chain ate unmatched quotes ("'weird'"→weirdinstead of'weird') and exposed inner padding (" spaced "→spacedinstead ofspaced). The GUI display path now agrees with whatCredentials.from_envactually loads at runtime.utils/log.py _patcherno longer silently swallows arg-rewrite failures — falls through tosys.stderr(cannot use loguru without recursing into the patcher itself).
Tests (86 → 93)
OggOpusDecoder.MAX_BUF_BYTESguard (sentence_end-never-fires DoS)._dequoteparity with python-dotenv (matched / unmatched / inner padding).read_envUTF-8 BOM round-trip.CredentialsFrozenInstanceError+replace-path.
Full changelog: CHANGELOG.md