Files
echo-core/vendor/discord-ext-voice-recv/VENDOR_INFO.md
Marius Mutu e4f3177fc1 feat(voice): DAVE E2E receive-side decrypt — unblocks Pas 12
Vendored fork: discord-ext-voice_recv 0.5.3a+echo.dave1

Patches the receive pipeline to handle Discord's mandatory DAVE E2E
encryption on voice gateway v=8. Without this, opus_decode raised
"corrupted stream" on every received packet in a DAVE-active room and
voice-to-voice never connected.

DAVE patch (vendor/discord-ext-voice-recv/reader.py):
- `_maybe_dave_decrypt(rtp_packet)`: gate mirrors discord.py 2.7.1
  `voice_state.can_encrypt`. Uses davey's `can_passthrough(user_id)` to
  branch — peers in passthrough send transport-only packets that pass
  through verbatim; peers in DAVE epoch go through `davey.decrypt`.
- Hooked in `callback()` between transport decrypt and feed_rtp;
  drops on decrypt failure without killing the reader thread.
- Bumps __version__ to '0.5.3a+echo.dave1' (PEP 440 local segment) so a
  contract test can fail fast on accidental upstream-sync overwrite.

Pipeline fixes uncovered while testing DAVE end-to-end:
- src/voice/pipeline.py: silero-vad v6+ requires exactly 512 samples per
  call at 16kHz; our 100ms window (1600 samples) was silently raising
  ValueError → VAD always returned False → STT never fired. Slice the
  window into 512-sample chunks. Bump whisper beam_size 1→5 and add a
  Romanian `initial_prompt` — transcriptions go from "Eco salt." gibberish
  to "Echo, salutare, te rog spune-mi cât este ora."
- src/voice/tts_stream.py: EchoStreamingAudioSource.read() returns a 20ms
  silence frame instead of b'' on empty queue. Empty return is treated
  by Discord as end-of-stream and kills the player, so any TTS pushed
  later would be silently discarded.
- src/adapters/discord_voice.py: actually attach EchoStreamingAudioSource
  to the voice client after the wakeup beep (chained via `after=`),
  which was missing entirely — TTS frames had no consumer.

Tests:
- tests/test_voice_recv_dave.py: 11 unit + callback integration tests
  covering bypass paths, can_passthrough gate, decrypt error handling.
- tests/test_voice_adapter_contract.py: +test_voice_recv_fork_version
  and +test_voice_connection_state_has_dave_attrs guards against
  upstream drift on either side.

Config:
- config.json: voice.allowed_user_ids whitelist for Marius's user id.

Status: voice-to-voice loop closes end-to-end (DAVE → VAD → Whisper →
Claude → Supertonic → audio out). Latency is ~8-13s per turn, which is
out of scope for this commit — see TODOS.md for the real-time UX
follow-up plan.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 19:48:36 +00:00

3.3 KiB

Vendored: discord-ext-voice-recv

Upstream: https://github.com/imayhaveborkedit/discord-ext-voice-recv Pinned commit: ac04ea7b0941112e83767cf1c1469b408fa06748 (bump version 0.5.3a, master HEAD Jun 2025) Vendored at: 2026-05-27 Echo Core fork version: 0.5.3a+echo.dave1 (PEP 440 local segment) Reason: Discord voice protocol is fragile, upstream is hobby fork. Adapter layer in src/voice/_discord_voice_adapter.py isolates upstream churn — if this package breaks, swap to py-cord by rewriting only that file.

Echo Core patch: +echo.dave1 (DAVE E2E receive-side decrypt)

Why

Discord enforces DAVE (E2E media encryption) on voice gateway v=8 whenever the bot advertises max_dave_protocol_version > 0 in IDENTIFY. discord.py 2.7.1 (the version Echo Core pins) does so unconditionally — Discord then closes the WS with code 4017 if the bot opts out by sending max_dave_protocol_version=0. DAVE is mandatory.

Audio received from a DAVE-active room is dual-wrapped: transport layer (aead_xchacha20_poly1305_rtpsize) + DAVE E2E. Upstream voice-recv decrypts only the transport layer, then hands DAVE ciphertext to libopus, which raises OpusError: corrupted stream on every packet.

Patch shape

~30 lines, all in discord/ext/voice_recv/reader.py:

  1. Module-level optional davey import (no-op when missing).
  2. AudioReader._maybe_dave_decrypt(rtp_packet) -> Optional[bytes] — gate logic mirrors discord.py 2.7.1 send-side can_encrypt exactly. Returns the DAVE-unwrapped payload, the original payload (DAVE inactive), or None to drop the packet (unknown SSRC, decrypt failure).
  3. 4-line hook in callback() between transport-decrypt and feed_rtp: overwrites rtp_packet.decrypted_data in place, or returns early to drop.

The post-decrypt is_silence() check (formerly at reader.py:172) still works because we overwrite decrypted_data in place — silence frames produced by davey reach the existing check unchanged.

Dependency

davey==0.1.5 — matches discord.py 2.7.1 expectation. Pin in echo-core/requirements.txt. The import is optional at module level so tests and non-DAVE environments still run; the gate degrades to a bypass.

Re-sync strategy

When upstream voice-recv adds DAVE support natively:

  1. Drop the three patch hunks in reader.py (davey import block, _maybe_dave_decrypt method, hook in callback()).
  2. Revert __version__ to upstream value in __init__.py.
  3. Update Pinned commit below.
  4. Run pytest tests/test_voice_recv_dave.py tests/test_voice_adapter_contract.py.

The contract test test_voice_recv_fork_version asserts __version__ == '0.5.3a+echo.dave1' and will fail fast on any accidental wipe during a careless upstream sync — forcing a conscious decision to either re-port or drop the patch.

Update procedure (vanilla upstream sync)

cd vendor/discord-ext-voice-recv
git fetch origin master
git log HEAD..origin/master --oneline  # review what changed
git checkout <new-commit>
# RE-APPLY the +echo.dave1 patch if upstream still lacks DAVE
cd ../..
source .venv/bin/activate && pip install -e vendor/discord-ext-voice-recv --force-reinstall
pytest tests/test_voice_adapter_contract.py tests/test_voice_recv_dave.py -v  # MUST PASS — contract + DAVE guards

Update this file's Pinned commit after a successful upgrade.