Codebase review fixes: stability, performance, quality improvements

Stability: Add outer try/except/finally with _running=False cleanup to all 6
processing loop methods (live, color_strip, effect, audio, composite, mapped).
Add exponential backoff on consecutive capture errors in live_stream. Move
audio stream.stop() outside lock scope.

Performance: Replace per-pixel Python loop with np.array().tobytes() in
ddp_client. Vectorize pixelate filter with cv2.resize down+up. Vectorize
gradient rendering with np.searchsorted.

Frontend: Add lockBody/unlockBody re-entrancy counter. Add {once:true} to
fetchWithAuth abort listener. Null ws.onclose before ws.close() in LED preview.

Backend: Remove auth token prefix from log messages. Add atomic_write_json
helper (tempfile + os.replace) and update all 10 stores. Add name uniqueness
checks to all update methods. Fix DELETE status codes to 204 in audio_sources
and value_sources. Fix get_source() silent bug in color_strip_sources.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

server/src/wled_controller/api/auth.py

@@ -59,7 +59,7 @@ def verify_api_key(
             break
 
     if not authenticated_as:
-        logger.warning(f"Invalid API key attempt: {token[:8]}...")
+        logger.warning("Invalid API key attempt")
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Invalid API key",

server/src/wled_controller/api/routes/_test_helpers.py

@@ -129,7 +129,7 @@ async def stream_capture_test(
             done_event.set()
 
     # Start capture in background thread
-    loop = asyncio.get_event_loop()
+    loop = asyncio.get_running_loop()
     capture_future = loop.run_in_executor(None, _capture_loop)
 
     start_time = time.perf_counter()
@@ -142,6 +142,8 @@ async def stream_capture_test(
 
             # Check for init error
             if init_error:
+                stop_event.set()
+                await capture_future
                 await websocket.send_json({"type": "error", "detail": init_error})
                 return
 

server/src/wled_controller/api/routes/audio_sources.py

@@ -125,7 +125,7 @@ async def update_audio_source(
         raise HTTPException(status_code=400, detail=str(e))
 
 
-@router.delete("/api/v1/audio-sources/{source_id}", tags=["Audio Sources"])
+@router.delete("/api/v1/audio-sources/{source_id}", status_code=204, tags=["Audio Sources"])
 async def delete_audio_source(
     source_id: str,
     _auth: AuthRequired,
@@ -143,7 +143,6 @@ async def delete_audio_source(
                 )
 
         store.delete_source(source_id)
-        return {"status": "deleted", "id": source_id}
     except ValueError as e:
         raise HTTPException(status_code=400, detail=str(e))
 

server/src/wled_controller/api/routes/color_strip_sources.py

@@ -103,7 +103,7 @@ def _resolve_display_index(picture_source_id: str, picture_source_store: Picture
     if not picture_source_id or depth > 5:
         return 0
     try:
-        ps = picture_source_store.get_source(picture_source_id)
+        ps = picture_source_store.get_stream(picture_source_id)
     except Exception:
         return 0
     if isinstance(ps, ScreenCapturePictureSource):

server/src/wled_controller/api/routes/value_sources.py

@@ -152,7 +152,7 @@ async def update_value_source(
         raise HTTPException(status_code=400, detail=str(e))
 
 
-@router.delete("/api/v1/value-sources/{source_id}", tags=["Value Sources"])
+@router.delete("/api/v1/value-sources/{source_id}", status_code=204, tags=["Value Sources"])
 async def delete_value_source(
     source_id: str,
     _auth: AuthRequired,
@@ -171,7 +171,6 @@ async def delete_value_source(
                     )
 
         store.delete_source(source_id)
-        return {"status": "deleted", "id": source_id}
     except ValueError as e:
         raise HTTPException(status_code=400, detail=str(e))