BasicFist
diff --git a/‎.bandit‎
Lines changed: 19 additions & 0 deletions b/‎.bandit‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.git-aliases‎
Lines changed: 49 additions & 0 deletions b/‎.git-aliases‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 175 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 175 additions & 0 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 69 additions & 0 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 36 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 36 additions & 0 deletions
@@ -0,0 +1,19 @@
+# Bandit security linting configuration
+[bandit]
+exclude_dirs = [
+    '/venv/',
+    '/.venv/',
+    '/tests/',
+    '/test_*',
+    '/__pycache__/',
+    '/.pytest_cache/',
+]
+
+# Skip specific tests
+skips = []
+
+# Test levels (LOW, MEDIUM, HIGH)
+level = MEDIUM
+
+# Confidence levels (LOW, MEDIUM, HIGH)
+confidence = MEDIUM
@@ -0,0 +1,49 @@
+# Git Aliases for RWC Project
+# Source this file or add to your ~/.gitconfig
+
+# Quick status and log
+alias gs='git status'
+alias gl='git log --oneline --graph --decorate -10'
+alias gla='git log --oneline --graph --decorate --all -20'
+
+# Branch management
+alias gb='git branch -vv'
+alias gba='git branch -avv'
+alias gco='git checkout'
+
+# View changes
+alias gd='git diff'
+alias gds='git diff --staged'
+alias gdm='git diff master..security-fixes-critical'
+
+# Show specific commits
+alias gshow='git show --stat'
+alias glast='git log -1 --stat'
+
+# Testing shortcuts
+alias test='pytest tests/ -v'
+alias testcov='pytest tests/ --cov=rwc --cov-report=term-missing'
+alias testfast='pytest tests/ -x --tb=short'
+alias testwatch='pytest-watch tests/ -v'
+
+# Pre-commit
+alias pc='pre-commit run --all-files'
+alias pci='pre-commit install'
+
+# Review this branch
+alias review-branch='git diff --stat master..security-fixes-critical'
+alias review-files='git diff --name-status master..security-fixes-critical'
+alias review-commits='git log --oneline master..security-fixes-critical'
+
+# Merge shortcuts (use with caution!)
+alias merge-to-master='git checkout master && git merge security-fixes-critical --no-ff'
+
+# Quick info
+alias project-stats='echo "Branch: $(git branch --show-current)" && echo "Commits: $(git rev-list --count HEAD)" && echo "Tests:" && pytest tests/ -q && echo "Coverage:" && pytest tests/ --cov=rwc --cov-report=term | tail -5'
+
+# Documentation
+alias docs='cat HIGH-PRIORITY-TASKS-COMPLETE.md'
+alias summary='cat FINAL-IMPROVEMENTS-REPORT.md | head -100'
+
+echo "Git aliases loaded for RWC project!"
+echo "Run 'alias' to see all available commands"
@@ -0,0 +1,175 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [ master, main, develop, security-fixes-* ]
+  pull_request:
+    branches: [ master, main ]
+
+jobs:
+  # Linting and code quality
+  lint:
+    name: Lint Code
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install black flake8 isort mypy bandit safety
+
+      - name: Check code formatting with Black
+        run: black --check --line-length=100 rwc/
+
+      - name: Check import sorting with isort
+        run: isort --check-only --profile black rwc/
+
+      - name: Lint with flake8
+        run: |
+          flake8 rwc/ --count --select=E9,F63,F7,F82 --show-source --statistics
+          flake8 rwc/ --count --max-line-length=100 --statistics
+
+      - name: Type check with mypy
+        run: mypy rwc/ --ignore-missing-imports --no-strict-optional
+        continue-on-error: true
+
+  # Security scanning
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install bandit safety
+
+      - name: Security scan with Bandit
+        run: bandit -r rwc/ -f json -o bandit-report.json || true
+
+      - name: Upload Bandit report
+        uses: actions/upload-artifact@v4
+        with:
+          name: bandit-security-report
+          path: bandit-report.json
+
+      - name: Check dependencies with Safety
+        run: |
+          pip install -r requirements.txt
+          safety check --json --output safety-report.json || true
+
+      - name: Upload Safety report
+        uses: actions/upload-artifact@v4
+        with:
+          name: safety-dependency-report
+          path: safety-report.json
+
+  # Unit tests
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.9', '3.10', '3.11', '3.12']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libsndfile1 ffmpeg portaudio19-dev
+
+      - name: Install Python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pytest pytest-cov pytest-xdist
+
+      - name: Run tests with pytest
+        run: |
+          pytest tests/ -v --cov=rwc --cov-report=xml --cov-report=html --cov-report=term -n auto
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage.xml
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false
+
+      - name: Upload coverage report
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report-python-${{ matrix.python-version }}
+          path: htmlcov/
+
+  # Build check
+  build:
+    name: Build Package
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+
+      - name: Install build dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build twine
+
+      - name: Build package
+        run: python -m build
+
+      - name: Check package with twine
+        run: twine check dist/*
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-package
+          path: dist/
+
+  # Integration tests (optional - requires models)
+  integration:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main')
+    needs: [lint, security, test]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pytest
+
+      - name: Run integration tests
+        run: pytest tests/ -v -m integration || echo "No integration tests found"
+        continue-on-error: true
@@ -0,0 +1,69 @@
+# Pre-commit hooks configuration for RWC
+# Install: pip install pre-commit
+# Setup: pre-commit install
+# Run manually: pre-commit run --all-files
+
+repos:
+  # Code formatting with Black
+  - repo: https://github.com/psf/black
+    rev: 24.10.0
+    hooks:
+      - id: black
+        language_version: python3
+        args: ['--line-length=100']
+
+  # Import sorting
+  - repo: https://github.com/pycqa/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+        args: ['--profile', 'black', '--line-length=100']
+
+  # Flake8 linting
+  - repo: https://github.com/pycqa/flake8
+    rev: 7.1.1
+    hooks:
+      - id: flake8
+        args: [
+          '--max-line-length=100',
+          '--extend-ignore=E203,W503',  # Black compatibility
+          '--exclude=venv,__pycache__,.git'
+        ]
+
+  # Security checks with Bandit
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.8.0
+    hooks:
+      - id: bandit
+        args: ['-c', '.bandit', '-r', 'rwc/']
+        exclude: ^tests/
+
+  # Type checking with mypy
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.14.0
+    hooks:
+      - id: mypy
+        additional_dependencies: [types-all]
+        args: ['--ignore-missing-imports', '--no-strict-optional']
+
+  # YAML validation
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+        args: ['--maxkb=5000']
+      - id: check-merge-conflict
+      - id: check-toml
+      - id: check-json
+      - id: detect-private-key
+
+  # Security - check for secrets
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']
+        exclude: package-lock.json
@@ -0,0 +1,36 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+- `rwc/core`: model loading, voice conversion pipeline, reusable DSP helpers.
+- `rwc/cli` and `rwc/tui*.py`: command-line and TUI entry points; the `rwc` console script resolves here.
+- `rwc/api` and `rwc/webui.py`: Flask API and Gradio UI surfaces for remote and browser-driven control.
+- `rwc/utils`: shared utilities (audio I/O, configuration, logging).
+- `models/` stores downloaded checkpoints and indexes; keep large assets out of git.
+- `scripts/` and top-level `start_*.sh` wrappers automate environment startup—update them when CLI options change.
+
+## Build, Test, and Development Commands
+- `python3 -m venv venv && source venv/bin/activate`: create or reuse the standard virtual environment.
+- `pip install -e .[dev]`: editable install with pytest, black, flake8, and mypy tooling.
+- `rwc serve-webui --port 7865`: launch the Gradio interface for manual regression checks.
+- `python -m pytest`: execute the test suite; add `-k pattern` for targeted runs.
+- `bash download_models.sh`: sync baseline checkpoints before validating conversion paths.
+
+## Coding Style & Naming Conventions
+- Use 4-space indentation, type hints for new Python code, and keep functions focused (<150 lines).
+- Format with `black rwc rwc/tests` (line length 88) and lint via `flake8 rwc`.
+- Adopt snake_case for modules and functions, UpperCamelCase for classes, and kebab-case for shell scripts.
+- Align CLI verbs with existing patterns (`convert`, `serve-*`) to keep UX consistent.
+
+## Testing Guidelines
+- Place tests in `rwc/tests`; name modules `test_*.py` and functions `test_*`.
+- Mock GPU-intensive paths when feasible; prefer fixture-driven unit tests over long-running conversions.
+- Document assumptions inside tests and measure coverage for new logic paths before merging.
+
+## Commit & Pull Request Guidelines
+- Write imperative, capitalized commit subjects (e.g., `Add real-time TUI polling`); add body details for context and rollbacks.
+- Reference related issues (`Fixes #123`) and call out key scripts or configs touched.
+- Pull requests should summarize behavior changes, enumerate test commands run, and attach screenshots for UI updates.
+
+## Security & Configuration Notes
+- Never commit credentials, personal voice data, or large checkpoints (ensure `.gitignore` stays current).
+- Update `config.ini` defaults cautiously and mirror changes in `README.md` and `SECURITY.md` when deployment steps shift.