fix: v1.9.18 comprehensive 6-phase audit — 26 bugs fixed across 22 files

P0: loudness_match completely broken (run_ffmpeg return type mismatch),
UXP CSRF header read wrong name, UXP chat/sequence-info hit 404 endpoints.

P1: WorkerPool shutdown TypeError on poison pill comparison, styled
captions progress crash (missing msg default), 4x bare "ffmpeg" in core
modules breaking bundled installs, GPU memory leaks in MusicGen/SAM2/
Florence-2, UXP JobPoller.start() called with wrong signature (7 handlers).

P2: path traversal in search/auto-index, sync route in queue allowlist,
bare float() on user input, unbounded safe_float params, unhandled
ValueError in validate_path, caption_style unsanitized, WorkerPool
shutdown_pool race condition.

453 tests pass, ruff lint clean.

Author: SysAdminDoc

CLAUDE.md

@@ -922,6 +922,44 @@ enhance = ["resemble-enhance>=0.0.1"]
 - **10 duplicate class attributes in HTML** — 10 elements had two `class=` attributes; HTML parser silently ignores the second, losing spacing utilities (mt-xs, mt-sm, mb-sm, mt-md). All merged into single attributes.
 - **pip install permission denied** — `safe_pip_install()` failed on Windows when both normal and `--user` installs hit Errno 13 (Microsoft Store Python, OneDrive-synced user dirs, restrictive ACLs). Added `--target ~/.opencut/packages` as third fallback strategy. server.py adds `~/.opencut/packages` to `sys.path` at startup.
 
+## v1.9.18 Comprehensive 6-Phase Audit (April 2026)
+
+### P0 Fixes
+- **loudness_match COMPLETELY BROKEN** — `_run_ffmpeg()` wrapper returned consolidated helper's `str` but callers accessed `.returncode`/`.stderr` (CompletedProcess attributes). `measure_loudness()`, `normalize_to_lufs()`, `batch_loudness_match()` all crashed with `AttributeError`. Renamed to `_run_ffmpeg_raw()`, made it always return `str` and raise `RuntimeError` on failure. Removed all `.returncode`/`.stderr` access from callers.
+- **UXP CSRF token refresh reads wrong header** — `resp.headers.get("X-CSRF-Token")` instead of `"X-OpenCut-Token"`. After backend restarts, all UXP POST requests used stale token → 403 failures.
+- **UXP chat endpoint 404** — Posted to `/chat/message` but backend route is `/chat`. Chat completely non-functional in UXP.
+- **UXP sequence-info 404** — Fell back to non-existent `/sequence-info` endpoint. Removed dead backend fallback; PProBridge is the only source.
+
+### P1 Fixes
+- **WorkerPool shutdown TypeError** — `shutdown()` put `None` poison pills into `PriorityQueue`, but `None` is not comparable with `(int, int, tuple)` work items during heap insertion. Server shutdown crashed with `TypeError` if any jobs were queued. Fixed: poison pill is now `(-1, -1, None)`, worker loop checks `item[2] is None`.
+- **Styled captions progress crash** — `_on_render_progress(pct, msg)` in captions.py missing `msg=""` default. `render_styled_caption_video()` calls `on_progress(int)` with 1 arg → `TypeError` every time.
+- **scene_detect bare "ffmpeg"** — `detect_scenes_ml()` used bare `"ffmpeg"` in `extract_cmd` instead of `get_ffmpeg_path()`. TransNetV2 ML scene detection failed on bundled installs.
+- **shorts_pipeline 3x bare "ffmpeg"** — `_trim_clip()` and fallback crop in `generate_shorts()` all used bare `"ffmpeg"`. Added `get_ffmpeg_path` import and replaced all 3.
+- **silence.py spurious FFmpeg check** — `_extract_audio_wav()` checked `shutil.which("ffmpeg")` which returns `None` on bundled installs even though `get_ffmpeg_path()` resolves it. Changed to check `get_ffmpeg_path()` return value.
+- **audio_enhance bare "ffmpeg"** — `_extract_audio()` assigned `get_ffmpeg_path()` to `ffmpeg_path` but then used bare `"ffmpeg"` in the command list. Fixed to use `ffmpeg_path`.
+- **MusicGen GPU memory leak** — `generate_music()`, `generate_music_with_melody()`, and `continue_audio()` never freed 1.2-13GB MusicGen models after generation. Added `try/finally` with `del model` + `torch.cuda.empty_cache()` to all 3 functions.
+- **SAM2 GPU memory leak** — `generate_masks_sam2()` loaded SAM2 predictor (1-4GB VRAM) but never cleaned up. Added `del predictor, state` + `torch.cuda.empty_cache()` to existing `finally` block.
+- **Florence-2 GPU memory leak** — `detect_watermark_region()` loaded Florence-2 (~450MB) but never freed it. Added `try/finally` with cleanup around inference block.
+
+### P2 Fixes
+- **timeline.py bare float()** — OTIO segment export used `float(s.get("start", 0))` on user input; 500 on non-numeric. Changed to `safe_float()`.
+- **search/auto-index path traversal** — File paths validated only with `os.path.isfile()`, no null byte/symlink/traversal check. Added `validate_filepath()` on each path.
+- **search/auto-index in queue allowlist** — Sync route was in `_ALLOWED_QUEUE_ENDPOINTS`, causing queue entries to silently fail (no job_id returned). Removed from allowlist.
+- **video_core.py unbounded safe_float** — `threshold` and `min_scene_length` in scene detection had no `min_val`/`max_val` bounds. Added clamps.
+- **video_editing.py validate_path crash** — `multicam_xml_export()` called `validate_path()` without catching `ValueError`. Added try/except returning 400.
+- **video_specialty.py caption_style** — Unsanitized user string passed into shorts pipeline config. Added allowlist validation.
+- **WorkerPool shutdown_pool race** — `_pool = None` set without `_pool_lock`, allowing another thread to create a zombie pool. Now acquires lock before clearing.
+
+### Frontend Fixes (Phase 4)
+- **UXP JobPoller.start() wrong signature (7 handlers)** — `runDepthEffect`, `runEmotionHighlights`, `runBrollAnalysis`, `runUpscaleUxp`, `runSceneDetectUxp`, `runStyleTransferUxp`, `runShortsPipelineUxp` all passed `(jobId, callback)` to `JobPoller.start()` which expects `(endpoint, body, onProgress, onComplete, onError)`. All 7 handlers now use new `JobPoller.poll(jobId)` method (added to IIFE return).
+- **UXP .toFixed() crash** — Cut result display used raw `.toFixed()` on potentially string values. Added `Number()` coercion.
+- **CEP reframe "face" value** — HTML `<option value="face">` but backend expects `"auto"` since batch 22. Changed to `value="auto"`.
+
+### Test Updates
+- **test_core_modules_batch2** — `test_extract_audio_calls_ffmpeg` updated to accept resolved FFmpeg path (not bare `"ffmpeg"` string).
+- **test_new_features** — `test_extract_audio_wav_checks_ffmpeg` updated to mock `opencut.core.silence.get_ffmpeg_path` instead of `shutil.which`.
+- **test_new_modules** — 4 loudness_match tests updated: mock target changed from `_run_ffmpeg` to `_run_ffmpeg_raw`, mock return values changed from `MagicMock(returncode=0, stderr=...)` to plain `str`.
+
 ## v1.9.17 Full Audit & Repair (April 2026)
 - **test_clip_notes_plugin.py rewrite** — Old test fixture accessed `mod._thread_local.conn` after flaky `importlib` module load, causing `AttributeError` on Windows. The `temp_db` autouse fixture was a dead no-op (created module without executing it). Rewrote entire test file to use JSON storage backend (matching `test_plugin_clip_notes.py` pattern), eliminating `_thread_local` dependency. All 10 legacy route tests pass cleanly.
 - **LUT_SIZE parsing crash** — `_parse_cube()` in `lut_library.py` called `int(line.split()[-1])` without checking `split()` returned ≥2 parts. Malformed `.cube` files with bare `LUT_SIZE` keyword (no value) crashed with `ValueError`. Added `len(parts) >= 2` guard + `try/except ValueError`.

Install.ps1

@@ -155,7 +155,7 @@ Write-Host "  \___/| .__/ \___|_| |_|\____\__,_|\__|" -ForegroundColor Cyan
 Write-Host "       |_|                               " -ForegroundColor Cyan
 Write-Host ""
 Write-Host "  Open Source Video Editing Automation" -ForegroundColor DarkGray
-Write-Host "  Installer v1.9.16" -ForegroundColor DarkGray
+Write-Host "  Installer v1.9.18" -ForegroundColor DarkGray
 
 $isAdmin = Test-IsAdmin
 if ($isAdmin) {

OpenCut.iss

@@ -2,7 +2,7 @@
 ; Fully self-contained installer — bundles server exe, ffmpeg, and CEP extension
 
 #define MyAppName "OpenCut"
-#define MyAppVersion "1.9.16"
+#define MyAppVersion "1.9.18"
 #define MyAppPublisher "SysAdminDoc"
 #define MyAppURL "https://github.com/SysAdminDoc/OpenCut"
 

extension/com.opencut.panel/CSXS/manifest.xml

@@ -2,11 +2,11 @@
 <ExtensionManifest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    Version="7.0"
                    ExtensionBundleId="com.opencut.panel"
-                   ExtensionBundleVersion="1.9.16"
+                   ExtensionBundleVersion="1.9.18"
                    ExtensionBundleName="OpenCut">
 
     <ExtensionList>
-        <Extension Id="com.opencut.panel.main" Version="1.9.16" />
+        <Extension Id="com.opencut.panel.main" Version="1.9.18" />
     </ExtensionList>
 
     <ExecutionEnvironment>

extension/com.opencut.panel/client/index.html

@@ -2399,7 +2399,7 @@ <h3 class="media-sidecar-title">No media in the workspace yet.</h3>
                                 <option value="bottom">Bottom</option>
                                 <option value="left">Left</option>
                                 <option value="right">Right</option>
-                                <option value="face">Face Tracking (auto)</option>
+                                <option value="auto">Face Tracking (auto)</option>
                             </select>
                             <span class="hint-inline">Where to anchor the crop</span>
                         </div>
@@ -3388,7 +3388,7 @@ <h3 class="media-sidecar-title">No media in the workspace yet.</h3>
                     <div class="card-header"><div class="card-title" data-i18n="settings.about">About OpenCut</div></div>
                     <div class="settings-row">
                         <span class="settings-label">Version</span>
-                        <span class="settings-value">1.9.16</span>
+                        <span class="settings-value">1.9.18</span>
                     </div>
                     <div class="about-links">
                         <a href="https://github.com/SysAdminDoc/opencut" class="about-link" target="_blank">GitHub</a>

extension/com.opencut.panel/client/main.js

@@ -1,5 +1,5 @@
 /* ============================================================
-   OpenCut CEP Panel - Main Controller v1.9.16
+   OpenCut CEP Panel - Main Controller v1.9.18
    6-Tab Professional Toolkit
    ============================================================ */
 (function () {

extension/com.opencut.panel/client/style.css

@@ -1,5 +1,5 @@
 /* ============================================================
-   OpenCut CEP Panel v1.9.16 - ULTRA PREMIUM EDITION
+   OpenCut CEP Panel v1.9.18 - ULTRA PREMIUM EDITION
    Next-Generation AI Editing Suite for Adobe Premiere Pro
    ============================================================ */
 

extension/com.opencut.panel/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencut-panel",
-  "version": "1.9.16",
+  "version": "1.9.18",
   "private": true,
   "description": "OpenCut CEP Panel for Adobe Premiere Pro",
   "scripts": {

extension/com.opencut.uxp/index.html

@@ -16,7 +16,7 @@
           <path d="M4 2.5a3 3 0 00-1.76 5.43L7.33 11l-5.09 3.07A3 3 0 104.8 19.5a3 3 0 001.76-5.43L8.93 12.6 16.5 17V5L8.93 9.4 6.56 7.93A3 3 0 004 2.5z" fill="var(--accent)"/>
         </svg>
         <span class="oc-logo">OpenCut</span>
-        <span class="oc-version">v1.9.16</span>
+        <span class="oc-version">v1.9.18</span>
       </div>
       <div class="oc-header-right">
         <div class="oc-connection" id="connectionStatus" title="Backend connection status">

extension/com.opencut.uxp/main.js

@@ -26,7 +26,7 @@ const HEALTH_CHECK_MS  = 8000;
 const HEALTH_MAX_MS    = 60000;
 const MEDIA_SCAN_MS    = 30000;
 const SSE_AVAILABLE    = typeof EventSource !== "undefined";
-const VERSION          = "1.9.16";
+const VERSION          = "1.9.18";
 
 async function detectBackend() {
   // Try ports 5679-5689 like CEP panel does
@@ -349,7 +349,7 @@ const BackendClient = (() => {
       const resp = await fetch(url, opts);
 
       // Refresh CSRF token if provided in response headers
-      const newToken = resp.headers.get("X-CSRF-Token");
+      const newToken = resp.headers.get("X-OpenCut-Token");
       if (newToken) csrfToken = newToken;
 
       let data;
@@ -553,7 +553,25 @@ const JobPoller = (() => {
     _fireCompletionHooks();
   }
 
-  return { start, cancel, onJobFinished };
+  /**
+   * Poll an already-started job by ID until completion.
+   * Returns the final result object or throws.
+   */
+  function poll(jobId) {
+    return new Promise((resolve, reject) => {
+      activeJobId = jobId;
+      const onProgress = () => {};
+      const onComplete = (result) => resolve(result);
+      const onError = (msg) => reject(new Error(msg));
+      if (SSE_AVAILABLE) {
+        trackJobSSE(jobId, onProgress, onComplete, onError);
+      } else {
+        pollJob(jobId, onProgress, onComplete, onError);
+      }
+    });
+  }
+
+  return { start, poll, cancel, onJobFinished };
 })();
 
 // ─────────────────────────────────────────────────────────────
@@ -890,7 +908,7 @@ function showCutResult(result) {
   if (!area || !body) return;
   area.classList.remove("hidden");
   const lines = (result.cuts ?? []).map((c, i) =>
-    `Cut ${i + 1}: ${c.start.toFixed(3)}s → ${c.end.toFixed(3)}s (${((c.end - c.start) * 1000).toFixed(0)} ms)`
+    `Cut ${i + 1}: ${Number(c.start).toFixed(3)}s → ${Number(c.end).toFixed(3)}s (${((Number(c.end) - Number(c.start)) * 1000).toFixed(0)} ms)`
   );
   body.textContent = lines.join("\n") || "No cuts.";
 }
@@ -1569,10 +1587,9 @@ async function loadSequenceInfo() {
     info = await PProBridge.getSequenceInfo();
   }
 
-  // Fall back to backend
+  // No backend equivalent for sequence-info; PProBridge is the only source
   if (!info) {
-    const r = await BackendClient.get("/sequence-info");
-    if (r.ok) info = r.data;
+    info = null;
   }
 
   UIController.setButtonLoading("loadSeqInfoBtn", false);
@@ -2162,17 +2179,15 @@ async function runDepthEffect() {
   UIController.setButtonLoading("runDepthBtnUxp", true);
   const r = await BackendClient.post(endpoint, payload);
   if (r.ok && r.data?.job_id) {
-    activeJobId = r.data.job_id;
     UIController.showProcessing("Running depth effect...");
-    JobPoller.start(r.data.job_id, (job) => {
-      UIController.hideProcessing();
-      UIController.setButtonLoading("runDepthBtnUxp", false);
-      if (job.status === "complete") {
-        UIController.showToast(`Depth effect complete: ${job.result?.output_path?.split(/[/\\]/).pop() ?? "done"}`, "success");
-      } else {
-        UIController.showToast(`Depth effect failed: ${job.error || "unknown"}`, "error");
-      }
-    });
+    try {
+      const result = await JobPoller.poll(r.data.job_id);
+      UIController.showToast(`Depth effect complete: ${result?.output_path?.split(/[/\\]/).pop() ?? "done"}`, "success");
+    } catch (e) {
+      UIController.showToast(`Depth effect failed: ${e.message || "unknown"}`, "error");
+    }
+    UIController.hideProcessing();
+    UIController.setButtonLoading("runDepthBtnUxp", false);
   } else {
     UIController.setButtonLoading("runDepthBtnUxp", false);
     UIController.showToast(`Error: ${r.error || "Failed to start depth effect"}`, "error");
@@ -2189,18 +2204,16 @@ async function runEmotionHighlights() {
   UIController.setButtonLoading("runEmotionBtnUxp", true);
   const r = await BackendClient.post("/video/emotion-highlights", { filepath: clipPath });
   if (r.ok && r.data?.job_id) {
-    activeJobId = r.data.job_id;
     UIController.showProcessing("Analyzing emotions...");
-    JobPoller.start(r.data.job_id, (job) => {
-      UIController.hideProcessing();
-      UIController.setButtonLoading("runEmotionBtnUxp", false);
-      if (job.status === "complete") {
-        const peaks = job.result?.peaks?.length ?? 0;
-        UIController.showToast(`Emotion analysis complete: ${peaks} emotional peaks found.`, "success");
-      } else {
-        UIController.showToast(`Emotion analysis failed: ${job.error || "unknown"}`, "error");
-      }
-    });
+    try {
+      const result = await JobPoller.poll(r.data.job_id);
+      const peaks = result?.peaks?.length ?? 0;
+      UIController.showToast(`Emotion analysis complete: ${peaks} emotional peaks found.`, "success");
+    } catch (e) {
+      UIController.showToast(`Emotion analysis failed: ${e.message || "unknown"}`, "error");
+    }
+    UIController.hideProcessing();
+    UIController.setButtonLoading("runEmotionBtnUxp", false);
   } else {
     UIController.setButtonLoading("runEmotionBtnUxp", false);
     UIController.showToast(`Error: ${r.error || "Failed to start emotion analysis"}`, "error");
@@ -2217,18 +2230,16 @@ async function runBrollAnalysis() {
   UIController.setButtonLoading("runBrollPlanBtnUxp", true);
   const r = await BackendClient.post("/video/broll-plan", { filepath: clipPath });
   if (r.ok && r.data?.job_id) {
-    activeJobId = r.data.job_id;
     UIController.showProcessing("Analyzing B-roll points...");
-    JobPoller.start(r.data.job_id, (job) => {
-      UIController.hideProcessing();
-      UIController.setButtonLoading("runBrollPlanBtnUxp", false);
-      if (job.status === "complete") {
-        const windows = job.result?.windows?.length ?? 0;
-        UIController.showToast(`B-roll analysis complete: ${windows} insertion points found.`, "success");
-      } else {
-        UIController.showToast(`B-roll analysis failed: ${job.error || "unknown"}`, "error");
-      }
-    });
+    try {
+      const result = await JobPoller.poll(r.data.job_id);
+      const windows = result?.windows?.length ?? 0;
+      UIController.showToast(`B-roll analysis complete: ${windows} insertion points found.`, "success");
+    } catch (e) {
+      UIController.showToast(`B-roll analysis failed: ${e.message || "unknown"}`, "error");
+    }
+    UIController.hideProcessing();
+    UIController.setButtonLoading("runBrollPlanBtnUxp", false);
   } else {
     UIController.setButtonLoading("runBrollPlanBtnUxp", false);
     UIController.showToast(`Error: ${r.error || "Failed to start B-roll analysis"}`, "error");
@@ -2260,7 +2271,7 @@ async function sendChatMessage() {
 
   if (!_chatSessionId) _chatSessionId = `uxp-${Date.now()}`;
 
-  const r = await BackendClient.post("/chat/message", {
+  const r = await BackendClient.post("/chat", {
     session_id: _chatSessionId,
     message: message,
     filepath: clipPath,
@@ -2474,9 +2485,12 @@ async function runUpscaleUxp() {
   UIController.setButtonLoading("runUpscaleBtnUxp", false);
 
   if (r.ok && r.data?.job_id) {
-    JobPoller.start(r.data.job_id, (result) => {
+    try {
+      const result = await JobPoller.poll(r.data.job_id);
       UIController.showToast(`Upscaled: ${result?.output_path || "done"}`, "success");
-    });
+    } catch (e) {
+      UIController.showToast(`Upscale failed: ${e.message}`, "error");
+    }
   } else {
     UIController.showToast(r.data?.error || "Upscale failed.", "error");
   }
@@ -2496,10 +2510,13 @@ async function runSceneDetectUxp() {
   UIController.setButtonLoading("runSceneDetectBtnUxp", false);
 
   if (r.ok && r.data?.job_id) {
-    JobPoller.start(r.data.job_id, (result) => {
+    try {
+      const result = await JobPoller.poll(r.data.job_id);
       const count = result?.scenes?.length || result?.total_scenes || 0;
       UIController.showToast(`Found ${count} scene boundaries.`, "success");
-    });
+    } catch (e) {
+      UIController.showToast(`Scene detection failed: ${e.message}`, "error");
+    }
   } else {
     UIController.showToast(r.data?.error || "Scene detection failed.", "error");
   }
@@ -2519,9 +2536,12 @@ async function runStyleTransferUxp() {
   UIController.setButtonLoading("runStyleTransferBtnUxp", false);
 
   if (r.ok && r.data?.job_id) {
-    JobPoller.start(r.data.job_id, (result) => {
+    try {
+      const result = await JobPoller.poll(r.data.job_id);
       UIController.showToast(`Style applied: ${result?.output_path || "done"}`, "success");
-    });
+    } catch (e) {
+      UIController.showToast(`Style transfer failed: ${e.message}`, "error");
+    }
   } else {
     UIController.showToast(r.data?.error || "Style transfer failed.", "error");
   }
@@ -2547,10 +2567,13 @@ async function runShortsPipelineUxp() {
   UIController.setButtonLoading("runShortsPipelineBtnUxp", false);
 
   if (r.ok && r.data?.job_id) {
-    JobPoller.start(r.data.job_id, (result) => {
+    try {
+      const result = await JobPoller.poll(r.data.job_id);
       const count = result?.total_clips || result?.clips?.length || 0;
       UIController.showToast(`Generated ${count} short-form clips.`, "success");
-    });
+    } catch (e) {
+      UIController.showToast(`Shorts pipeline failed: ${e.message}`, "error");
+    }
   } else {
     UIController.showToast(r.data?.error || "Shorts pipeline failed.", "error");
   }