Replace eval() with safe type-coercion dicts in console/settings/gui_utils.
Replace os.system() with subprocess.run() in TTS engine_wrapper.
Remove shell=True from all subprocess/Popen calls in main + ffmpeg_install.
Redact credentials from error logs and settings page HTML.
Fix 6 bare except clauses across the codebase.
Bug fixes:
- Config overwrite crash: set config={} after writing empty file
- Playwright TimeoutError: import correct exception class
- Lambda closure: default arg captures loop variable value
- Redundant ffmpeg: single concat run after all segments generated
- Audio IndexError: explicit check before accessing clips_durations[0]
- NSFW selector: use generic role-based button instead of hardcoded post ID
- Dead macOS branch: sys.platform == "darwin" instead of os.name == "mac"
Hardening:
- Flask secret_key from env var, rotate per startup
- Docker non-root user (appuser)
- CSRF check via Origin header on mutating requests
- Security headers: X-Content-Type-Options, X-Frame-Options
- Citation path traversal sanitization
- Temp file cleanup in ProgressFfmpeg.__exit__
Co-Authored-By: RuFlo <ruv@ruv.net>
Add keywords input to Create page to override search_queries per run.
Split /create into two panels: left controls + progress, right
real-time scraper activity feed with stage diagram and typed event
cards. Emit structured events from scraper and auth modules. Add
blocked_words fields to Settings page Content tab.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Build one shared container image for the Flask GUI and CLI pipeline, with Playwright, FFmpeg, and spaCy preinstalled so first runs are reliable. Add bootstrap logic for missing runtime files, bind the GUI to 0.0.0.0 in containers, and preserve state through a repo mount.
Constraint: Local development needs a single image that supports both entrypoints without introducing extra services or dependencies.
Rejected: Separate GUI and CLI images | duplicated maintenance and no runtime benefit for this repo.
Confidence: high
Scope-risk: moderate
Directive: Keep runtime state creation in the container bootstrap layer; do not reintroduce host-specific assumptions into GUI startup.
Tested: docker compose build; docker compose run --rm gui python -c '...'; docker compose run --rm cli python -c 'import main'; docker compose up -d gui; curl -I http://localhost:4000
Not-tested: Full end-to-end video generation with live credentials in this environment.
Hong Phuc
github-actions
RiveN000
Callum Leslie
Simon