What's New
Security Fixes
- Sanitized TTS voice parameter to prevent shell injection (espeak, system, coqui engines)
- PID-based mpv kill in reset.js (no longer kills all system mpv processes)
Improvements
- Replaced CPU busy-wait with
Atomics.waitin BGM lock acquisition - Removed no-op on-file-write hook (reduces unnecessary process spawns)
- Synced README Event Map with actual config messages
- Added MIT LICENSE file
- Added ROUND_LOG for pipeline integration
Tests
- 65 tests, all passing
- 4 cycles of adversarial evaluation (14 bugs found and fixed)
Full Changelog
See CHANGELOG.md for details.