Add Supertonic as the default TTS provider, introduce browser backend plumbing, make the Settings UI template-driven, and tighten Threads discovery/auth behavior with regression coverage.
- Enable spaCy 3.8.13 (3.8.14 was not on PyPI)
- Remove `pip cache purge` — conflicts with PIP_NO_CACHE_DIR=1
- Model en_core_web_sm auto-downloads at runtime
Co-Authored-By: RuFlo <ruv@ruv.net>
Bump base image from 3.10 to 3.14 to match host Python version.
Add pip cache purge after install to reduce image size.
Note: spaCy remains commented out (no 3.14 wheel yet).
All other dependencies verified working on Python 3.14.4.
Co-Authored-By: RuFlo <ruv@ruv.net>
Replace eval() with safe type-coercion dicts in console/settings/gui_utils.
Replace os.system() with subprocess.run() in TTS engine_wrapper.
Remove shell=True from all subprocess/Popen calls in main + ffmpeg_install.
Redact credentials from error logs and settings page HTML.
Fix 6 bare except clauses across the codebase.
Bug fixes:
- Config overwrite crash: set config={} after writing empty file
- Playwright TimeoutError: import correct exception class
- Lambda closure: default arg captures loop variable value
- Redundant ffmpeg: single concat run after all segments generated
- Audio IndexError: explicit check before accessing clips_durations[0]
- NSFW selector: use generic role-based button instead of hardcoded post ID
- Dead macOS branch: sys.platform == "darwin" instead of os.name == "mac"
Hardening:
- Flask secret_key from env var, rotate per startup
- Docker non-root user (appuser)
- CSRF check via Origin header on mutating requests
- Security headers: X-Content-Type-Options, X-Frame-Options
- Citation path traversal sanitization
- Temp file cleanup in ProgressFfmpeg.__exit__
Co-Authored-By: RuFlo <ruv@ruv.net>
Build one shared container image for the Flask GUI and CLI pipeline, with Playwright, FFmpeg, and spaCy preinstalled so first runs are reliable. Add bootstrap logic for missing runtime files, bind the GUI to 0.0.0.0 in containers, and preserve state through a repo mount.
Constraint: Local development needs a single image that supports both entrypoints without introducing extra services or dependencies.
Rejected: Separate GUI and CLI images | duplicated maintenance and no runtime benefit for this repo.
Confidence: high
Scope-risk: moderate
Directive: Keep runtime state creation in the container bootstrap layer; do not reintroduce host-specific assumptions into GUI startup.
Tested: docker compose build; docker compose run --rm gui python -c '...'; docker compose run --rm cli python -c 'import main'; docker compose up -d gui; curl -I http://localhost:4000
Not-tested: Full end-to-end video generation with live credentials in this environment.
Hong Phuc
Jason
Shayan Jizan
ali
andronedev
andronedev