security: explicit verify=True + remove manual Markup() in settings render (M1, M3)

[sebastiondev]

Summary

Closes M1 and M3 from the security review (issue #51). Pure defense-in-depth — no exploit chain is unblocked, but two foot-guns are eliminated.

M1 — explicit verify=True

Every httpx.Client / AsyncClient constructor now passes verify=True explicitly:

• dictate/cleanup.py (×3)
• dictate/health.py
• dictate/vad.py
• dictate/webui/routes.py

httpx already defaults to verify=True, so behaviour is unchanged. The value is making the verification policy visible at every call site so a future verify=False slip becomes obvious in review rather than silent.

M3 — remove manual Markup() in YAML highlighter

webui/routes.py:_highlight_yaml previously built HTML by f-string concat through markupsafe.escape(), wrapping the result in Markup() and carrying a # nosec B704. Correct, but fragile to future edits.

This change:

1. Renames the helper to _tokenize_yaml and returns list[list[tuple[str, str]]] — pure data, no HTML.
2. Updates settings.html to render those tokens via Jinja with autoescape on ({{ text }}).
3. Removes the markupsafe import entirely. No Markup() construction left in the file.

Net effect: same rendered output (yaml-key + yaml-punctuation spans), zero raw-HTML construction in Python, no nosec to maintain.

Tests

• tests/test_cleanup_circuit.py — updated FakeAsyncClient.__init__ to accept the new verify kwarg.
• Existing test_settings_returns_html_and_resolved_path covers the new template path.
• Manual smoke test of GET /settings: returns 200, contains both <span class="yaml-key"> and <span class="yaml-punctuation"> spans, no leftover Jinja markers.
• pytest: 322 passed.
• ruff check + ruff format --check: clean (some pre-existing format drift in routes.py was tidied incidentally by ruff format).

What's left from issue #51

• H2 — pin/bundle silero-vad model (touches release pipeline, larger scope).
• M2 — Pydantic schema for config/*.yaml (touches every config callsite, larger refactor).

[sebastionai]

Pre-merge checks · ✅ 2 · ⚠ 0 · ❌ 0 · ⏭ 1

Check	Status	Reason
PR title	✅	The title clearly describes the two specific security changes being made.
Description	✅	The body thoroughly explains what was changed and why for both M1 and M3.
Linked issue	⏭	No linked issues were provided.

[sebastionai]

Walkthrough

Adds explicit verify=True to all httpx client call sites as defence in depth and removes manual Markup() HTML construction from the settings YAML highlighter in favour of pure data tokens rendered by Jinja with autoescape. Includes a minor test fix and incidental formatting tidies from ruff.

Changes

File	Summary
TLS verification dictate/cleanup.py, dictate/health.py, dictate/vad.py	Adds explicit verify=True to every httpx.Client and AsyncClient constructor call.
Template security dictate/webui/routes.py, dictate/webui/templates/settings.html	Replaces manual Markup() HTML construction with a pure-data tokeniser and Jinja template rendering, removing the markupsafe dependency from routes.
Code formatting dictate/webui/routes.py	Applies ruff formatting fixes to line wrapping and ternary expressions.
Tests tests/test_cleanup_circuit.py	Updates FakeAsyncClient to accept the new verify kwarg.

🎯 Effort: 2 (Simple) · ⏱ ~12 minutes

_{Generated by Sebastion AI · docs}

[sebastionai]

🔒 Sebastion AI security review

1 finding on this PR. 🔸 1 medium

_{Sources: 1 LLM}

Inline comments are posted on changed lines below.

Other findings (in scanned files but outside this diff)

• MEDIUM template-injection-xss · CWE-79 — dictate/webui/templates/settings.html:16 — The variable load_error is rendered with Jinja2's default {{ }} which auto-escapes in most configurations, but if auto-escaping is disabled or the value contains trusted HTML markup, an attacker-controlled config error message could inject arbitrary HTML/JS. Verify Jinja2 Environment has autoescape=True.
    Fix: Ensure the Jinja2 Environment is created with autoescape=True or use {{ load_error|e }} explicitly.

---

_{Audited by Sebastion AI · docs · install on more repos}

Prompt for all review comments with AI agents

In dictate/webui/templates/settings.html:

• Line 16: In dictate/webui/templates/settings.html at line 16, the variable load_error is rendered with Jinja2's default {{ }} which auto-escapes in most configurations, but if auto-escaping is disabled or the value contains trusted HTML markup, an attacker-controlled config error message could inject arbitrary HTML/JS. Verify Jinja2 Environment has autoescape=True. Fix: Ensure the Jinja2 Environment is created with autoescape=True or use {{ load_error|e }} explicitly. Context: rule template-injection-xss and CWE CWE-79.

[lewiswigmore]

Approved. Closes M1 + M3. verify=True made explicit at every httpx callsite is a cheap regression guard. Removing the manual Markup() in favour of token-list + Jinja autoescape eliminates the nosec and a refactor foot-gun. Output unchanged (yaml-key + yaml-punctuation spans still render). 322 tests pass.