fix: batch P3 correctness fixes across backend and installers

- VBS launcher: use WshShell.Environment instead of cmd /c string
  concatenation to prevent injection from paths containing & or ^
- auth.json: restrict Windows DACL via icacls (was POSIX-only chmod)
- CLI: fix bare-filename CWD issue in loudness-match (os.path.abspath)
- CLI: use .get() for auto-zoom width/height to prevent KeyError
- CLI/InstallerBuilder: fix placeholder github.com/opencut URLs
- Export cancel: add proc.wait() after kill before unlinking partial file
- preview_frame: check ffmpeg returncode and output file size > 0
- Multiview routes: validate_filepath on video_paths, content_path,
  reaction_path before forwarding to core
- smart_trim: surface TimeoutExpired/SubprocessError instead of
  swallowing as "no speech detected"
- waveform_timeline: use array.array instead of list for PCM samples
  (~8x less memory for long audio)
- Installers: prefer requirements.txt / requirements-lock.txt over
  loose pip specs in fallback paths

Author: SysAdminDoc

Install.ps1

@@ -381,8 +381,14 @@ Write-Header "Step 4/7: Python Dependencies"
 
 Write-Step "Installing core dependencies..."
 & $pythonCmd -m pip install --upgrade pip --quiet 2>$null
-& $pythonCmd -m pip install click rich flask flask-cors --quiet 2>&1 | Out-Null
-Write-Ok "Core packages installed (click, rich, flask, flask-cors)"
+$reqFile = Join-Path $script:InstallDir "requirements.txt"
+if (Test-Path $reqFile) {
+    & $pythonCmd -m pip install -r $reqFile --quiet 2>&1 | Out-Null
+    Write-Ok "Core packages installed from requirements.txt"
+} else {
+    & $pythonCmd -m pip install click rich flask flask-cors --quiet 2>&1 | Out-Null
+    Write-Ok "Core packages installed (click, rich, flask, flask-cors)"
+}
 
 # Install OpenCut package
 Write-Step "Installing OpenCut package..."

InstallerBuilder.ps1

@@ -579,7 +579,7 @@ pause
 #define MyAppName "OpenCut"
 #define MyAppVersion "0.6.5"
 #define MyAppPublisher "OpenCut"
-#define MyAppURL "https://github.com/opencut"
+#define MyAppURL "https://github.com/SysAdminDoc/OpenCut"
 
 [Setup]
 AppId={{8A7B9C0D-1E2F-3A4B-5C6D-7E8F9A0B1C2D}

OpenCut-Server.vbs

@@ -1,30 +1,29 @@
 Set WshShell = CreateObject("WScript.Shell")
 Set fso = CreateObject("Scripting.FileSystemObject")
+Set env = WshShell.Environment("Process")
 
 strPath = fso.GetParentFolderName(WScript.ScriptFullName)
 
-' Build environment
-strPython = "python"
-strEnv = "set OPENCUT_HOME=" & strPath
+' Build environment via WshShell.Environment (safe for paths with & ^ etc.)
+env("OPENCUT_HOME") = strPath
 
+strPython = "python"
 If fso.FileExists(strPath & "\python\python.exe") Then
     strPython = """" & strPath & "\python\python.exe"""
-    strEnv = strEnv & " & set PATH=" & strPath & "\python;" & strPath & "\python\Scripts;%PATH%"
+    env("PATH") = strPath & "\python;" & strPath & "\python\Scripts;" & env("PATH")
 End If
 
 If fso.FolderExists(strPath & "\ffmpeg") Then
-    strEnv = strEnv & " & set PATH=" & strPath & "\ffmpeg;%PATH%"
+    env("PATH") = strPath & "\ffmpeg;" & env("PATH")
 End If
 
 If fso.FolderExists(strPath & "\models") Then
-    strEnv = strEnv & " & set OPENCUT_BUNDLED=true"
-    strEnv = strEnv & " & set WHISPER_MODELS_DIR=" & strPath & "\models\whisper"
-    strEnv = strEnv & " & set TORCH_HOME=" & strPath & "\models\demucs"
-    strEnv = strEnv & " & set OPENCUT_FLORENCE_DIR=" & strPath & "\models\florence"
-    strEnv = strEnv & " & set OPENCUT_LAMA_DIR=" & strPath & "\models\lama"
+    env("OPENCUT_BUNDLED") = "true"
+    env("WHISPER_MODELS_DIR") = strPath & "\models\whisper"
+    env("TORCH_HOME") = strPath & "\models\demucs"
+    env("OPENCUT_FLORENCE_DIR") = strPath & "\models\florence"
+    env("OPENCUT_LAMA_DIR") = strPath & "\models\lama"
 End If
 
-strCmd = "cmd /c """ & strEnv & " & " & strPython & " -m opencut.server"""
-
 ' Run completely hidden (0 = hidden, False = don't wait)
-WshShell.Run strCmd, 0, False
+WshShell.Run strPython & " -m opencut.server", 0, False

install.py

@@ -73,15 +73,24 @@ def install_deps():
                 check=True, timeout=pip_timeout,
             )
         else:
-            subprocess.run(
-                [sys.executable, "-m", "pip", "install",
-                 "click>=8.0", "rich>=13.0", "flask>=3.0", "flask-cors>=4.0",
-                 "python-json-logger>=2.0", "psutil>=5.9",
-                 "faster-whisper>=1.0", "opencv-python-headless>=4.8",
-                 "Pillow>=10.0", "numpy>=1.24",
-                 "--prefer-binary", "--progress-bar", "on"],
-                check=True, timeout=pip_timeout,
-            )
+            lock_file = os.path.join(base_dir, "requirements-lock.txt")
+            fallback_req = lock_file if os.path.exists(lock_file) else None
+            if fallback_req:
+                subprocess.run(
+                    [sys.executable, "-m", "pip", "install", "-r", fallback_req,
+                     "--prefer-binary", "--progress-bar", "on"],
+                    check=True, timeout=pip_timeout,
+                )
+            else:
+                subprocess.run(
+                    [sys.executable, "-m", "pip", "install",
+                     "click>=8.0", "rich>=13.0", "flask>=3.0", "flask-cors>=4.0",
+                     "python-json-logger>=2.0", "psutil>=5.9",
+                     "faster-whisper>=1.0", "opencv-python-headless>=4.8",
+                     "Pillow>=10.0", "numpy>=1.24",
+                     "--prefer-binary", "--progress-bar", "on"],
+                    check=True, timeout=pip_timeout,
+                )
     except subprocess.TimeoutExpired:
         print(f"  [!!] pip install timed out after {pip_timeout // 60} minutes.")
         print("       Check your network connection and try again.")

opencut/auth.py

@@ -71,6 +71,22 @@ def as_dict(self) -> dict:
         return {"token": self.token, "issued_at": self.issued_at, "label": self.label}
 
 
+def _restrict_windows_acl(path: Path) -> None:
+    """Restrict file to current user only via icacls (best-effort)."""
+    import subprocess as _sp
+    try:
+        target = str(path)
+        username = os.environ.get("USERNAME", "")
+        if not username:
+            return
+        _sp.run(
+            ["icacls", target, "/inheritance:r", "/grant:r", f"{username}:(R,W)"],
+            capture_output=True, timeout=10,
+        )
+    except Exception as exc:
+        logger.warning("opencut.auth: could not restrict ACL on %s: %s", path, exc)
+
+
 def _atomic_write(path: Path, payload: dict) -> None:
     path.parent.mkdir(parents=True, exist_ok=True)
     fd, tmp_name = tempfile.mkstemp(dir=str(path.parent), prefix="auth_", suffix=".json")
@@ -83,6 +99,8 @@ def _atomic_write(path: Path, payload: dict) -> None:
             except OSError as exc:  # pragma: no cover - filesystem oddity
                 logger.warning("opencut.auth: could not chmod %s: %s", tmp_name, exc)
         os.replace(tmp_name, path)
+        if os.name == "nt":
+            _restrict_windows_acl(path)
     except Exception:
         try:
             os.unlink(tmp_name)

opencut/cli.py

@@ -45,7 +45,7 @@
 
 def print_banner():
     console.print(Panel(
-        BANNER + "  Open Source Video Editing Automation\n  github.com/opencut",
+        BANNER + "  Open Source Video Editing Automation\n  github.com/SysAdminDoc/OpenCut",
         style="bold cyan",
         box=box.ROUNDED,
         padding=(0, 2),
@@ -1046,7 +1046,7 @@ def loudness_match(files, target_lufs, output_dir):
     ) as progress:
         task = progress.add_task(f"Normalizing {len(files)} file(s)...", total=None)
         start_time = time.time()
-        results = batch_loudness_match(list(files), output_dir=output_dir or os.path.dirname(files[0]), target_lufs=target_lufs)
+        results = batch_loudness_match(list(files), output_dir=output_dir or os.path.dirname(os.path.abspath(files[0])), target_lufs=target_lufs)
         elapsed = time.time() - start_time
         progress.update(task, description=f"[green]Normalization complete ({elapsed:.1f}s)")
         progress.stop()
@@ -1110,10 +1110,12 @@ def auto_zoom(file, zoom_amount, easing, output_dir, apply):
         console.print("[bold]Applying zoom to video...[/bold]")
         # Build zoompan filter — simplified: use first keyframe zoom for now
         zoom_val = keyframes[0].get("zoom", zoom_amount) if keyframes else zoom_amount
+        w = info.get("width", 1920)
+        h = info.get("height", 1080)
         run_ffmpeg([
             get_ffmpeg_path(), "-hide_banner", "-loglevel", "error", "-y",
             "-i", file,
-            "-vf", f"zoompan=z={zoom_val}:d=1:s={info['width']}x{info['height']}:fps={fps}",
+            "-vf", f"zoompan=z={zoom_val}:d=1:s={w}x{h}:fps={fps}",
             "-c:a", "copy", output_path,
         ])
         console.print(f"\n[green bold]Saved:[/green bold] {output_path}\n")

opencut/core/smart_trim.py

@@ -186,6 +186,10 @@ def _detect_silence_regions(
                     "end": total_duration,
                     "duration": total_duration - start,
                 })
+    except _sp.TimeoutExpired:
+        raise RuntimeError(f"Silence detection timed out for {file_path}")
+    except _sp.SubprocessError as exc:
+        raise RuntimeError(f"Silence detection failed for {file_path}: {exc}") from exc
     except Exception as exc:
         logger.debug("Silence detection failed for %s: %s", file_path, exc)
 
@@ -244,6 +248,10 @@ def _detect_scene_changes(
         # Parse pts_time from showinfo output
         times = re.findall(r"pts_time:\s*([\d.]+)", stderr)
         timestamps = [float(t) for t in times[:max_scenes]]
+    except _sp.TimeoutExpired:
+        raise RuntimeError(f"Scene detection timed out for {file_path}")
+    except _sp.SubprocessError as exc:
+        raise RuntimeError(f"Scene detection failed for {file_path}: {exc}") from exc
     except Exception as exc:
         logger.debug("Scene detection failed for %s: %s", file_path, exc)
 

opencut/core/waveform_timeline.py

@@ -5,12 +5,12 @@
 timeline rendering and visualization.
 """
 
+import array
 import logging
 import os
-import struct
 import subprocess
 import tempfile
-from typing import Callable, Dict, List, Optional, Tuple
+from typing import Callable, Dict, Optional, Tuple
 
 from opencut.helpers import FFmpegCmd, get_ffmpeg_path, run_ffmpeg
 
@@ -36,10 +36,11 @@ def _extract_pcm(audio_path: str, sample_rate: int = 8000) -> Tuple[bytes, int]:
     return result.stdout, sample_rate
 
 
-def _pcm_to_samples(pcm_data: bytes) -> List[int]:
-    """Convert raw PCM bytes (16-bit signed LE) to sample list."""
-    n_samples = len(pcm_data) // 2
-    return list(struct.unpack(f"<{n_samples}h", pcm_data[:n_samples * 2]))
+def _pcm_to_samples(pcm_data: bytes) -> array.array:
+    """Convert raw PCM bytes (16-bit signed LE) to sample array."""
+    samples = array.array("h")
+    samples.frombytes(pcm_data[:len(pcm_data) // 2 * 2])
+    return samples
 
 
 # ------------------------------------------------------------------

opencut/routes/multiview_repurpose_routes.py

@@ -28,6 +28,7 @@
     safe_bool,
     safe_float,
     safe_int,
+    validate_filepath,
     validate_output_path,
     validate_path,
 )
@@ -62,6 +63,7 @@ def split_screen_create(job_id, filepath, data):
     video_paths = data.get("video_paths", [])
     if not video_paths:
         raise ValueError("video_paths is required (list of file paths)")
+    video_paths = [validate_filepath(p) for p in video_paths]
 
     layout_name = data.get("layout", "side_by_side")
     custom_layout = data.get("custom_layout")
@@ -114,6 +116,8 @@ def reaction_create(job_id, filepath, data):
     reaction_path = data.get("reaction_path", "")
     if not content_path or not reaction_path:
         raise ValueError("content_path and reaction_path are required")
+    content_path = validate_filepath(content_path)
+    reaction_path = validate_filepath(reaction_path)
 
     preset_name = data.get("preset", "corner_pip")
     output_width = safe_int(data.get("width", 1920), 1920, min_val=320, max_val=7680)

opencut/routes/video_core.py

@@ -708,9 +708,10 @@ def _seg_len(seg):
 
         if _is_cancelled(job_id):
             proc.kill()
+            proc.wait(timeout=10)
             _unregister_job_process(job_id)
             _cleanup_filter_script()
-            # Clean up partial file
+            # Clean up partial file (wait() above ensures the handle is released)
             if os.path.exists(output_path):
                 try:
                     os.unlink(output_path)
@@ -1496,8 +1497,8 @@ def preview_frame(job_id, filepath, data):
             "-vframes", "1", "-vf", f"scale={width}:-1",
             "-q:v", "2", "-y", tmp
         ]
-        _sp.run(cmd, capture_output=True, timeout=30)
-        if not os.path.isfile(tmp):
+        result = _sp.run(cmd, capture_output=True, timeout=30)
+        if result.returncode != 0 or not os.path.isfile(tmp) or os.path.getsize(tmp) == 0:
             raise ValueError("Frame extraction failed")
         with open(tmp, "rb") as f:
             img_data = base64.b64encode(f.read()).decode("utf-8")