jtn0123 · jtn0123 · May 17, 2026 · May 16, 2026 · May 16, 2026 · May 16, 2026
diff --git a/Sources/Managers/MLDaemonManager+Process.swift b/Sources/Managers/MLDaemonManager+Process.swift
@@ -24,7 +24,7 @@
         let proc = Process()
         proc.executableURL = python
         proc.arguments = [script.path]
-        proc.environment = ProcessInfo.processInfo.environment.merging(["PYTHONUNBUFFERED": "1"]) { _, new in new }
+        proc.environment = Self.daemonEnvironment()
 
         let stdin = Pipe()
         let stdout = Pipe()
@@ -59,6 +59,46 @@
         startStdoutReader(pipe: stdout)
     }
 
+    /// Builds a minimal, allowlisted environment for the Python daemon instead
+    /// of inheriting the user's entire process environment (security hardening,
+    /// audit item E3). The daemon gets exactly what it needs to run Parakeet/MLX
+    /// transcription and nothing more.
+    ///
+    /// Always-present keys: `PATH` (subprocess resolution), `HOME` (HuggingFace
+    /// cache root `~/.cache/huggingface`), and `PYTHONUNBUFFERED` (line-buffered
+    /// stdout so JSON-RPC responses flush immediately).
+    ///
+    /// Pass-through-if-set keys: locale (`LANG`/`LC_ALL` — Python text codec),
+    /// `TMPDIR` (macOS per-user temp many ML libs use), `AUDIOWHISPER_APP_SUPPORT_DIR`
+    /// (test/override path resolution shared with `UvBootstrap`), virtualenv vars
+    /// (`VIRTUAL_ENV`, `PYTHONPATH` — keep tooling consistent even though the venv
+    /// python is invoked directly), `uv` vars (`UV_CACHE_DIR`, `UV_PYTHON`), and
+    /// HuggingFace cache overrides (`HF_HOME`, `HF_HUB_CACHE`, `HUGGINGFACE_HUB_CACHE`,
+    /// `XDG_CACHE_HOME`) so the daemon finds models the user already downloaded.
+    static func daemonEnvironment() -> [String: String] {
+        let parent = ProcessInfo.processInfo.environment
+
+        var env: [String: String] = [
+            "PATH": parent["PATH"] ?? "/usr/bin:/bin:/usr/sbin:/sbin",
+            "HOME": parent["HOME"] ?? NSHomeDirectory(),
+            "PYTHONUNBUFFERED": "1"
+        ]
+
+        let passThroughIfSet = [
+            "LANG", "LC_ALL", "LC_CTYPE", "TMPDIR",
+            "AUDIOWHISPER_APP_SUPPORT_DIR",
+            "VIRTUAL_ENV", "PYTHONPATH",
+            "UV_CACHE_DIR", "UV_PYTHON",
+            "HF_HOME", "HF_HUB_CACHE", "HUGGINGFACE_HUB_CACHE", "XDG_CACHE_HOME"
+        ]
+        for key in passThroughIfSet {
+            if let value = parent[key], !value.isEmpty {
+                env[key] = value
+            }
+        }
+        return env
+    }
+
     func startStdoutReader(pipe: Pipe) {
         stdoutReaderTask?.cancel()
         let handle = pipe.fileHandleForReading

diff --git a/Sources/Services/MLXModelManager+Downloads.swift b/Sources/Services/MLXModelManager+Downloads.swift
@@ -289,7 +289,7 @@ extension MLXModelManager {
         // Best-effort integrity verification. TOFU on first hit; failures
         // are logged at the call site that triggers a re-download.
         do {
-            try ModelIntegrity.verify(at: refsMain)
+            try ModelIntegrity.verify(at: refsMain, modelIdentifier: repo)
             return true
         } catch {
             logger.error(

diff --git a/Sources/Services/ModelManager.swift b/Sources/Services/ModelManager.swift
@@ -57,7 +57,7 @@ internal class ModelManager {
         // missing and a redownload can be triggered.
         guard let representative = ModelManager.representativeFileURL(for: model) else { return true }
         do {
-            try ModelIntegrity.verify(at: representative)
+            try ModelIntegrity.verify(at: representative, modelIdentifier: model.rawValue)
             return true
         } catch {
             Logger.modelManager.error("Integrity check failed for cached \(model.rawValue): \(error.localizedDescription)")

diff --git a/Sources/Stores/DataManager.swift b/Sources/Stores/DataManager.swift
@@ -163,10 +163,11 @@ internal final class DataManager: DataManagerProtocol {
             try context.save()
 
             Logger.dataManager.info("Saved transcription record with ID: \(record.id)")
-
-            // Perform cleanup after save to maintain retention policy
-            await cleanupExpiredRecordsQuietly()
-
+
+            // Retention cleanup runs off the save critical path — the caller
+            // (and the UI) shouldn't wait on a full predicate fetch + delete.
+            Task { await cleanupExpiredRecordsQuietly() }
-            Task { await cleanupExpiredRecordsQuietly() }
+            Task.detached { await self.cleanupExpiredRecordsQuietly() }
-            Task { await cleanupExpiredRecordsQuietly() }
+            Task.detached { await self.cleanupExpiredRecordsQuietly() }
+
         } catch {
             Logger.dataManager.error("Failed to save transcription record: \(error.localizedDescription)")
             throw DataManagerError.saveFailed(error)

diff --git a/Sources/Utilities/AppDefault.swift b/Sources/Utilities/AppDefault.swift
@@ -14,7 +14,7 @@ import Combine
 ///
 /// See ADR 0004 for the migration plan from `@AppStorage`.
 @propertyWrapper
-struct AppDefault<Value>: DynamicProperty {
+struct AppDefault<Value: Equatable>: DynamicProperty {
     private let keyPath: ReferenceWritableKeyPath<AppDefaults.Type, Value>
     @State private var value: Value
     @StateObject private var observer: AppDefaultObserver
@@ -45,15 +45,10 @@ struct AppDefault<Value>: DynamicProperty {
         // Re-read once per body invocation in case the underlying store changed
         // out from under us (e.g. user toggled a setting in another window).
         let current = AppDefaults.self[keyPath: keyPath]
-        if !valuesEqual(current, value) {
+        if current != value {
             DispatchQueue.main.async { self.value = current }
         }
     }
-
-    private func valuesEqual(_ lhsValue: Value, _ rhsValue: Value) -> Bool {
-        guard let lhs = lhsValue as? AnyHashable, let rhs = rhsValue as? AnyHashable else { return false }
-        return lhs == rhs
-    }
 }
 
 /// Listens for UserDefaults change notifications and triggers a SwiftUI

diff --git a/Sources/Utilities/DiskMutationSerializer.swift b/Sources/Utilities/DiskMutationSerializer.swift
@@ -36,16 +36,62 @@ internal actor DiskMutationSerializer<Key: Hashable & Sendable> {
 ///
 /// After a successful download, callers record a hash of a representative
 /// file (typically a manifest or small config). Before loading a cached
-/// model, callers verify against that recorded hash. The check is
-/// trust-on-first-use: if no sidecar exists yet, `verify` records one and
-/// returns successfully — this keeps existing caches from a pre-integrity
-/// build working without forcing a redownload.
+/// model, callers verify against that recorded hash.
+///
+/// Two verification modes (audit item E1):
+///
+///   1. **Known-good hash** — for models the app itself ships/recommends
+///      (`knownHashes` table below). The representative file's hash is
+///      compared against a hash baked into this build, exactly like
+///      `UvBootstrap.verifyBundledUvIfNeeded` does for the bundled `uv`
+///      binary. A mismatch is a HARD FAIL — this is what prevents a
+///      poisoned *first* download from being trusted.
+///
+///   2. **Trust-on-first-use** — for user-added models we have no shipped
+///      hash for. If no sidecar exists yet, `verify` records one and
+///      returns successfully; later launches verify against it. This keeps
+///      pre-integrity caches and arbitrary user models working without a
+///      forced redownload.
 ///
 /// This is defense in depth, not cryptographic assurance over every byte:
 /// TLS already protects downloads in transit. The check guards against
 /// cache corruption, partial/interrupted writes that left a truncated
 /// file, and tampering by another local process.
 internal enum ModelIntegrity {
+    /// Known-good SHA-256 hashes of the *representative integrity file* for
+    /// models the app ships or recommends. Keyed by the caller's model
+    /// identifier: `WhisperModel.rawValue` for WhisperKit models, or the
+    /// HuggingFace `repo` string for MLX/Parakeet models.
+    ///
+    /// When an identifier is present here, `verify` uses known-good-hash mode
+    /// (hard fail on mismatch) instead of trust-on-first-use, so a poisoned
+    /// first download cannot be silently accepted.
+    ///
+    /// IMPORTANT: This table is intentionally EMPTY. The real hashes are not
+    /// known at the time this mechanism was built and fabricating values
+    /// would be worse than an empty table (it would reject every legitimate
+    /// download). Populating it later is a one-liner per model, e.g.:
+    ///
+    ///     "openai_whisper-base": "a1b2c3…",                       // WhisperKit
+    ///     "mlx-community/parakeet-tdt-0.6b-v2": "d4e5f6…",        // MLX/Parakeet
+    ///
+    /// The hash must be the SHA-256 of the representative file that the
+    /// matching caller passes to `record`/`verify` (`config.json` for
+    /// WhisperKit via `ModelManager.representativeFileURL`, `refs/main` for
+    /// MLX via `MLXModelManager.integrityFileURL`). Compute it from a release
+    /// build's cached download and paste it in here.
+    ///
+    /// >>> ACTION REQUIRED <<< Populate this table with real release hashes
+    /// before shipping; until then app-shipped models silently fall through
+    /// to trust-on-first-use (the documented gap for audit item E1).
+    static let knownHashes: [String: String] = [:]
+
+    /// Returns the known-good hash for `modelIdentifier`, or nil if the model
+    /// is not one the app ships (user-added model → trust-on-first-use).
+    static func knownHash(for modelIdentifier: String?) -> String? {
+        guard let modelIdentifier else { return nil }
+        return knownHashes[modelIdentifier]
+    }
     /// Compute SHA-256 of file at `url`. Streams the file in 64KB chunks so
     /// gigabyte-sized model files don't blow up memory.
     static func sha256(of url: URL) throws -> String {
@@ -69,12 +115,36 @@ internal enum ModelIntegrity {
         try hash.write(to: sidecarURL(for: modelURL), atomically: true, encoding: .utf8)
     }
 
-    /// Verify the sidecar hash matches; if missing, record it
-    /// (trust-on-first-use). Throws `ModelIntegrityError.mismatch` only
-    /// when a stored hash exists and the actual hash differs.
-    static func verify(at modelURL: URL) throws {
-        let sidecar = sidecarURL(for: modelURL)
+    /// Verify the integrity of a cached model's representative file.
+    ///
+    /// If `modelIdentifier` is in `knownHashes` (an app-shipped model), the
+    /// file's hash is compared against that known-good value and any mismatch
+    /// is a HARD FAIL — even on the very first download — defeating a poisoned
+    /// first download. Otherwise falls back to trust-on-first-use against a
+    /// sidecar hash.
+    ///
+    /// Throws `ModelIntegrityError.pinnedMismatch` when an app-shipped model
+    /// fails its known-good hash, or `.mismatch` when a TOFU sidecar differs.
+    static func verify(at modelURL: URL, modelIdentifier: String? = nil) throws {
         let actual = try sha256(of: modelURL)
+
+        if let pinned = knownHash(for: modelIdentifier) {
+            // App-shipped model: verify against the hash baked into this build.
+            // Hard fail on mismatch — no trust-on-first-use escape hatch.
+            guard pinned.lowercased() == actual.lowercased() else {
+                throw ModelIntegrityError.pinnedMismatch(
+                    model: modelIdentifier ?? "<unknown>",
+                    expected: pinned,
+                    actual: actual
+                )
+            }
+            // Keep the sidecar in sync so quick TOFU checks elsewhere agree.
+            try? actual.write(to: sidecarURL(for: modelURL), atomically: true, encoding: .utf8)
+            return
+        }
+
+        // User-added model: trust-on-first-use against a sidecar hash.
+        let sidecar = sidecarURL(for: modelURL)
         if let stored = try? String(contentsOf: sidecar, encoding: .utf8)
             .trimmingCharacters(in: .whitespacesAndNewlines), !stored.isEmpty {
             guard stored.lowercased() == actual.lowercased() else {
@@ -86,12 +156,12 @@ internal enum ModelIntegrity {
         }
     }
 
-    /// Returns true if a sidecar exists and matches; false on any mismatch,
+    /// Returns true if integrity verification passes; false on any mismatch,
     /// missing-file error, or unreadable file. Never throws — useful for
     /// background verification where we don't want to surface noise.
-    static func quietVerify(at modelURL: URL) -> Bool {
+    static func quietVerify(at modelURL: URL, modelIdentifier: String? = nil) -> Bool {
         do {
-            try verify(at: modelURL)
+            try verify(at: modelURL, modelIdentifier: modelIdentifier)
             return true
         } catch {
             return false
@@ -105,11 +175,14 @@ internal enum ModelIntegrity {
 
 internal enum ModelIntegrityError: LocalizedError {
     case mismatch(expected: String, actual: String)
+    case pinnedMismatch(model: String, expected: String, actual: String)
 
     var errorDescription: String? {
         switch self {
         case let .mismatch(expected, actual):
             return "Model integrity check failed (expected \(expected.prefix(8))…, got \(actual.prefix(8))…). The cached model may be corrupted; re-download it from Settings."
+        case let .pinnedMismatch(model, expected, actual):
+            return "Integrity check failed for app-provided model \"\(model)\" (expected \(expected.prefix(8))…, got \(actual.prefix(8))…). The download does not match the version shipped with AudioWhisper and was rejected. Re-download it from Settings or reinstall AudioWhisper from a trusted source."
         }
     }
 }
diff --git a/Sources/Views/Components/Waveform/ClassicWaveformView.swift b/Sources/Views/Components/Waveform/ClassicWaveformView.swift
@@ -1,4 +1,5 @@
 import SwiftUI
+import Combine
 
 /// Classic level-based waveform visualization with animated bars.
 /// Features gravity-based physics: bars rise quickly, fall with acceleration, and bounce.
@@ -20,6 +21,10 @@ struct ClassicWaveformView: View {
     @State private var velocities: [CGFloat] = []
     @State private var idlePhase: CGFloat = 0
 
+    // Stoppable per-frame timer: only runs while the view is on-screen so
+    // idle/off-screen tiles don't burn main-thread cycles.
+    @State private var frameTimer = FrameTimer(interval: 0.033)
+
     var body: some View {
         GeometryReader { geometry in
             let totalSpacing = barSpacing * CGFloat(barCount - 1)
@@ -38,8 +43,10 @@ struct ClassicWaveformView: View {
         .onAppear {
             barHeights = Array(repeating: minHeight, count: barCount)
             velocities = Array(repeating: 0, count: barCount)
+            frameTimer.start()
         }
-        .onReceive(Timer.publish(every: 0.033, on: .main, in: .common).autoconnect()) { _ in
+        .onDisappear { frameTimer.stop() }
+        .onReceive(frameTimer.publisher) { _ in
             updatePhysics()
         }
     }

diff --git a/Sources/Views/Components/Waveform/ConstellationWaveformView.swift b/Sources/Views/Components/Waveform/ConstellationWaveformView.swift
@@ -7,7 +7,7 @@ struct ConstellationWaveformView: View {
     let isActive: Bool
 
     @State private var time: CGFloat = 0
-    @State private var isViewActive = false
+    @State private var frameTimer = FrameTimer(interval: 0.033)
 
     private let count = 18
     private let coral = Color(red: 0.85, green: 0.45, blue: 0.30)
@@ -65,10 +65,9 @@ struct ConstellationWaveformView: View {
                 )
             }
         }
-        .onAppear { isViewActive = true }
-        .onDisappear { isViewActive = false }
-        .onReceive(Timer.publish(every: 0.033, on: .main, in: .common).autoconnect()) { _ in
-            guard isViewActive else { return }
+        .onAppear { frameTimer.start() }
+        .onDisappear { frameTimer.stop() }
+        .onReceive(frameTimer.publisher) { _ in
             time += 0.033
         }
     }

diff --git a/Sources/Views/Components/Waveform/DialWaveformView.swift b/Sources/Views/Components/Waveform/DialWaveformView.swift
@@ -9,7 +9,7 @@ struct DialWaveformView: View {
     let isActive: Bool
 
     @State private var time: CGFloat = 0
-    @State private var isViewActive = false
+    @State private var frameTimer = FrameTimer(interval: 0.033)
 
     private let dotCount = 36
     private let coral     = Color(red: 0.85, green: 0.45, blue: 0.30)
@@ -80,10 +80,9 @@ struct DialWaveformView: View {
             }
             .position(center)
         }
-        .onAppear { isViewActive = true }
-        .onDisappear { isViewActive = false }
-        .onReceive(Timer.publish(every: 0.033, on: .main, in: .common).autoconnect()) { _ in
-            guard isViewActive else { return }
+        .onAppear { frameTimer.start() }
+        .onDisappear { frameTimer.stop() }
+        .onReceive(frameTimer.publisher) { _ in
             time += 0.033
         }
     }

diff --git a/Sources/Views/Components/Waveform/FrameTimer.swift b/Sources/Views/Components/Waveform/FrameTimer.swift
@@ -0,0 +1,39 @@
+import SwiftUI
+import Combine
+
+/// A stoppable per-frame timer for waveform animations.
+///
+/// `Timer.publish(...).autoconnect()` runs forever the moment a view is
+/// created — even for waveform tiles that are off-screen or in an idle state.
+/// With the Visuals grid showing 8 styles at once that is hundreds of
+/// main-thread state mutations per second while nothing is visible.
+///
+/// `FrameTimer` instead exposes a passthrough `publisher` that only emits
+/// while `start()` has been called and `stop()` has not. Views drive it from
+/// `onAppear`/`onDisappear`, so the timer is fully cancelled — not merely
+/// ignored — whenever the view leaves the screen.
+final class FrameTimer {
+    /// Per-frame tick stream. Emits only between `start()` and `stop()`.
+    let publisher = PassthroughSubject<Date, Never>()
+
+    private let interval: TimeInterval
+    private var cancellable: AnyCancellable?
+
+    init(interval: TimeInterval) {
+        self.interval = interval
+    }
+
+    /// Begin emitting ticks. No-op if already running.
+    func start() {
+        guard cancellable == nil else { return }
+        cancellable = Timer.publish(every: interval, on: .main, in: .common)
+            .autoconnect()
+            .sink { [publisher] date in publisher.send(date) }
+    }
+
+    /// Stop emitting ticks and cancel the underlying timer.
+    func stop() {
+        cancellable?.cancel()
+        cancellable = nil
+    }
+}
diff --git a/Sources/Views/Components/Waveform/HaloWaveformView.swift b/Sources/Views/Components/Waveform/HaloWaveformView.swift
@@ -8,7 +8,7 @@ struct HaloWaveformView: View {
     let isActive: Bool
 
     @State private var time: CGFloat = 0
-    @State private var isViewActive = false
+    @State private var frameTimer = FrameTimer(interval: 0.033)
 
     private let barCount = 28
     private let coral = Color(red: 0.85, green: 0.45, blue: 0.30)
@@ -108,10 +108,9 @@ struct HaloWaveformView: View {
             }
             .position(center)
         }
-        .onAppear { isViewActive = true }
-        .onDisappear { isViewActive = false }
-        .onReceive(Timer.publish(every: 0.033, on: .main, in: .common).autoconnect()) { _ in
-            guard isViewActive else { return }
+        .onAppear { frameTimer.start() }
+        .onDisappear { frameTimer.stop() }
+        .onReceive(frameTimer.publisher) { _ in
             time += 0.033
         }
     }