feat(voice): DAVE E2E receive-side decrypt — unblocks Pas 12
Vendored fork: discord-ext-voice_recv 0.5.3a+echo.dave1 Patches the receive pipeline to handle Discord's mandatory DAVE E2E encryption on voice gateway v=8. Without this, opus_decode raised "corrupted stream" on every received packet in a DAVE-active room and voice-to-voice never connected. DAVE patch (vendor/discord-ext-voice-recv/reader.py): - `_maybe_dave_decrypt(rtp_packet)`: gate mirrors discord.py 2.7.1 `voice_state.can_encrypt`. Uses davey's `can_passthrough(user_id)` to branch — peers in passthrough send transport-only packets that pass through verbatim; peers in DAVE epoch go through `davey.decrypt`. - Hooked in `callback()` between transport decrypt and feed_rtp; drops on decrypt failure without killing the reader thread. - Bumps __version__ to '0.5.3a+echo.dave1' (PEP 440 local segment) so a contract test can fail fast on accidental upstream-sync overwrite. Pipeline fixes uncovered while testing DAVE end-to-end: - src/voice/pipeline.py: silero-vad v6+ requires exactly 512 samples per call at 16kHz; our 100ms window (1600 samples) was silently raising ValueError → VAD always returned False → STT never fired. Slice the window into 512-sample chunks. Bump whisper beam_size 1→5 and add a Romanian `initial_prompt` — transcriptions go from "Eco salt." gibberish to "Echo, salutare, te rog spune-mi cât este ora." - src/voice/tts_stream.py: EchoStreamingAudioSource.read() returns a 20ms silence frame instead of b'' on empty queue. Empty return is treated by Discord as end-of-stream and kills the player, so any TTS pushed later would be silently discarded. - src/adapters/discord_voice.py: actually attach EchoStreamingAudioSource to the voice client after the wakeup beep (chained via `after=`), which was missing entirely — TTS frames had no consumer. Tests: - tests/test_voice_recv_dave.py: 11 unit + callback integration tests covering bypass paths, can_passthrough gate, decrypt error handling. - tests/test_voice_adapter_contract.py: +test_voice_recv_fork_version and +test_voice_connection_state_has_dave_attrs guards against upstream drift on either side. Config: - config.json: voice.allowed_user_ids whitelist for Marius's user id. Status: voice-to-voice loop closes end-to-end (DAVE → VAD → Whisper → Claude → Supertonic → audio out). Latency is ~8-13s per turn, which is out of scope for this commit — see TODOS.md for the real-time UX follow-up plan. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
60
vendor/discord-ext-voice-recv/VENDOR_INFO.md
vendored
60
vendor/discord-ext-voice-recv/VENDOR_INFO.md
vendored
@@ -1,22 +1,76 @@
|
||||
# Vendored: discord-ext-voice-recv
|
||||
|
||||
**Upstream:** https://github.com/imayhaveborkedit/discord-ext-voice-recv
|
||||
**Pinned commit:** `ac04ea7b0941112e83767cf1c1469b408fa06748` (bump version 0.5.3a)
|
||||
**Pinned commit:** `ac04ea7b0941112e83767cf1c1469b408fa06748` (bump version 0.5.3a, master HEAD Jun 2025)
|
||||
**Vendored at:** 2026-05-27
|
||||
**Echo Core fork version:** `0.5.3a+echo.dave1` (PEP 440 local segment)
|
||||
**Reason:** Discord voice protocol is fragile, upstream is hobby fork. Adapter
|
||||
layer in `src/voice/_discord_voice_adapter.py` isolates upstream churn — if this
|
||||
package breaks, swap to py-cord by rewriting only that file.
|
||||
|
||||
## Update procedure
|
||||
## Echo Core patch: `+echo.dave1` (DAVE E2E receive-side decrypt)
|
||||
|
||||
### Why
|
||||
|
||||
Discord enforces DAVE (E2E media encryption) on voice gateway `v=8` whenever the
|
||||
bot advertises `max_dave_protocol_version > 0` in IDENTIFY. discord.py 2.7.1 (the
|
||||
version Echo Core pins) does so unconditionally — Discord then closes the WS
|
||||
with code **4017** if the bot opts out by sending `max_dave_protocol_version=0`.
|
||||
DAVE is **mandatory**.
|
||||
|
||||
Audio received from a DAVE-active room is **dual-wrapped**: transport layer
|
||||
(`aead_xchacha20_poly1305_rtpsize`) + DAVE E2E. Upstream voice-recv decrypts
|
||||
only the transport layer, then hands DAVE ciphertext to libopus, which raises
|
||||
`OpusError: corrupted stream` on every packet.
|
||||
|
||||
### Patch shape
|
||||
|
||||
~30 lines, all in `discord/ext/voice_recv/reader.py`:
|
||||
|
||||
1. Module-level optional `davey` import (no-op when missing).
|
||||
2. `AudioReader._maybe_dave_decrypt(rtp_packet) -> Optional[bytes]` — gate logic
|
||||
mirrors discord.py 2.7.1 send-side `can_encrypt` exactly. Returns the
|
||||
DAVE-unwrapped payload, the original payload (DAVE inactive), or `None` to
|
||||
drop the packet (unknown SSRC, decrypt failure).
|
||||
3. 4-line hook in `callback()` between transport-decrypt and `feed_rtp`:
|
||||
overwrites `rtp_packet.decrypted_data` in place, or returns early to drop.
|
||||
|
||||
The post-decrypt `is_silence()` check (formerly at reader.py:172) still works
|
||||
because we overwrite `decrypted_data` in place — silence frames produced by
|
||||
davey reach the existing check unchanged.
|
||||
|
||||
### Dependency
|
||||
|
||||
`davey==0.1.5` — matches discord.py 2.7.1 expectation. Pin in
|
||||
`echo-core/requirements.txt`. The import is optional at module level so tests
|
||||
and non-DAVE environments still run; the gate degrades to a bypass.
|
||||
|
||||
### Re-sync strategy
|
||||
|
||||
When upstream voice-recv adds DAVE support natively:
|
||||
|
||||
1. Drop the three patch hunks in `reader.py` (davey import block,
|
||||
`_maybe_dave_decrypt` method, hook in `callback()`).
|
||||
2. Revert `__version__` to upstream value in `__init__.py`.
|
||||
3. Update `Pinned commit` below.
|
||||
4. Run `pytest tests/test_voice_recv_dave.py tests/test_voice_adapter_contract.py`.
|
||||
|
||||
The contract test `test_voice_recv_fork_version` asserts `__version__ ==
|
||||
'0.5.3a+echo.dave1'` and will fail fast on any accidental wipe during a careless
|
||||
upstream sync — forcing a conscious decision to either re-port or drop the
|
||||
patch.
|
||||
|
||||
## Update procedure (vanilla upstream sync)
|
||||
|
||||
```bash
|
||||
cd vendor/discord-ext-voice-recv
|
||||
git fetch origin master
|
||||
git log HEAD..origin/master --oneline # review what changed
|
||||
git checkout <new-commit>
|
||||
# RE-APPLY the +echo.dave1 patch if upstream still lacks DAVE
|
||||
cd ../..
|
||||
source .venv/bin/activate && pip install -e vendor/discord-ext-voice-recv --force-reinstall
|
||||
pytest tests/test_voice_adapter_contract.py -v # MUST PASS — contract guard
|
||||
pytest tests/test_voice_adapter_contract.py tests/test_voice_recv_dave.py -v # MUST PASS — contract + DAVE guards
|
||||
```
|
||||
|
||||
Update this file's `Pinned commit` after a successful upgrade.
|
||||
|
||||
@@ -17,4 +17,4 @@ __title__ = 'discord.ext.voice_recv'
|
||||
__author__ = 'Imayhaveborkedit'
|
||||
__license__ = 'MIT'
|
||||
__copyright__ = 'Copyright 2021-present Imayhaveborkedit'
|
||||
__version__ = '0.5.3a'
|
||||
__version__ = '0.5.3a+echo.dave1'
|
||||
|
||||
@@ -19,6 +19,15 @@ try:
|
||||
except ImportError as e:
|
||||
raise RuntimeError("pynacl is required") from e
|
||||
|
||||
# Echo Core +echo.dave1 patch: DAVE E2E receive-side decrypt. See VENDOR_INFO.md.
|
||||
try:
|
||||
import davey
|
||||
_MEDIA_TYPE_AUDIO = davey.MediaType.audio
|
||||
_HAS_DAVE = True
|
||||
except ImportError:
|
||||
_MEDIA_TYPE_AUDIO = None
|
||||
_HAS_DAVE = False
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from typing import Optional, Callable, Any, Dict, Literal, Union
|
||||
|
||||
@@ -133,12 +142,63 @@ class AudioReader:
|
||||
def _is_ip_discovery_packet(self, data: bytes) -> bool:
|
||||
return len(data) == 74 and data[1] == 0x02
|
||||
|
||||
def _maybe_dave_decrypt(self, rtp_packet) -> Optional[bytes]:
|
||||
"""DAVE E2E layer applied after transport decrypt.
|
||||
|
||||
Returns the (possibly DAVE-unwrapped) opus payload, or None to drop the
|
||||
packet. No-op when DAVE is inactive — non-DAVE rooms and environments
|
||||
without `davey` installed pass through unchanged.
|
||||
|
||||
NOTE: `is_silence()` is NOT checked here. In a DAVE-active room the
|
||||
transport-decrypted payload is ciphertext, so `is_silence()` (which
|
||||
compares to plaintext OPUS_SILENCE ``b'\\xf8\\xff\\xfe'``) never matches.
|
||||
Silence frames are handled either by davey.decrypt returning plaintext
|
||||
silence (then caught at the existing post-decrypt silence check on
|
||||
``decrypted_data``), or dropped via the decrypt-raises path. The
|
||||
existing post-decrypt silence check continues to work because we
|
||||
overwrite ``decrypted_data`` in place.
|
||||
"""
|
||||
if not _HAS_DAVE:
|
||||
return rtp_packet.decrypted_data
|
||||
conn = self.voice_client._connection
|
||||
if getattr(conn, 'dave_protocol_version', 0) == 0:
|
||||
return rtp_packet.decrypted_data
|
||||
dave = getattr(conn, 'dave_session', None)
|
||||
if dave is None or not dave.ready:
|
||||
return rtp_packet.decrypted_data
|
||||
user_id = self.voice_client._ssrc_to_id.get(rtp_packet.ssrc)
|
||||
if user_id is None:
|
||||
# ACCEPTED REGRESSION: davey requires per-user key. When SPEAKING
|
||||
# event races behind the first audio packet, we drop 1-5 packets
|
||||
# (~40-200ms) per new speaker per session.
|
||||
return None
|
||||
# can_passthrough(user_id) mirrors Discord's protocol: when this user's
|
||||
# decryptor is in passthrough mode, packets are not DAVE-wrapped and
|
||||
# must be returned as-is. Otherwise davey.decrypt unwraps DAVE E2E.
|
||||
try:
|
||||
if dave.can_passthrough(user_id):
|
||||
return rtp_packet.decrypted_data
|
||||
except Exception as e:
|
||||
log.debug("can_passthrough check failed for ssrc=%s user=%s: %s: %s",
|
||||
rtp_packet.ssrc, user_id, type(e).__name__, e)
|
||||
try:
|
||||
return dave.decrypt(user_id, _MEDIA_TYPE_AUDIO, rtp_packet.decrypted_data)
|
||||
except Exception as e:
|
||||
log.debug("DAVE decrypt failed for ssrc=%s user=%s: %s: %s",
|
||||
rtp_packet.ssrc, user_id, type(e).__name__, e)
|
||||
return None
|
||||
|
||||
def callback(self, packet_data: bytes) -> None:
|
||||
packet = rtp_packet = rtcp_packet = None
|
||||
try:
|
||||
if not rtp.is_rtcp(packet_data):
|
||||
packet = rtp_packet = rtp.decode_rtp(packet_data)
|
||||
packet.decrypted_data = self.decryptor.decrypt_rtp(packet)
|
||||
# Echo Core +echo.dave1: DAVE E2E layer (no-op when inactive).
|
||||
dave_payload = self._maybe_dave_decrypt(rtp_packet)
|
||||
if dave_payload is None:
|
||||
return # drop packet, do not feed_rtp; reader thread stays alive
|
||||
rtp_packet.decrypted_data = dave_payload
|
||||
else:
|
||||
packet = rtcp_packet = rtp.decode_rtcp(self.decryptor.decrypt_rtcp(packet_data))
|
||||
|
||||
|
||||
Reference in New Issue
Block a user