Frontend (app.js):
- Serialize the stateful adaptive-codec decoder through a promise chain.
decode() awaits a real async DecompressionStream, so the previous
concurrent .then() let a small DELTA resolve before its keyframe and
patch a stale/null prev -> corrupt frames. Adds .catch + stale-decoder
guard so a re-INIT drops in-flight frames from the previous segment.
- Flush frameBuffer on INIT so playlist transitions don't stall the reset
master clock on the previous video's tail frames (or render them under
the new renderer on a mode change).
- Request /audio?v=<idx> using the new INIT queue-index field so audio is
correct when multiple clients are connected.
Server (stream_server.py):
- Bind 127.0.0.1 by default (--host to opt into LAN); same-origin Origin
check before streaming (CSWSH defense that still allows LAN same-origin).
- Scope /static to an app.js/style.css/codec.js whitelist (was serving the
whole repo: source, playlist, any local .env/notes).
- Per-session audio: INIT carries the queue index; /audio?v= reads it
(bounds-checked) instead of the shared global current_index.
- Validate/clamp playlist+CLI mode/vol/pixel/cols/rows; guard malformed
playlist JSON. ffmpeg gets -nostdin + terminate/kill-with-timeout.
- Re-enable WS keepalive (reap dead clients); release VideoCapture on the
isOpened()-false path.
Adds experiments/test_decode_order.js: dependency-free regression proving
serialized decode is bit-exact + in-order and that delta-before-keyframe
throws (no video fixtures needed).
Server fixes built by Codex from a Claude spec; Claude integrated + reviewed
(tightened the Origin check to same-origin so --host 0.0.0.0 LAN mode works).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
