Kid Mode: content filter on the live voice path (#157) + plumb DOTTY_ADMIN_TOKEN end-to-end

[BrettKinny]

What

Two commits, both pre-release items from the 2026-06-11 architecture review:

1. feat(auth) — plumb DOTTY_ADMIN_TOKEN end-to-end

The #149–#152 X-Admin-Token chain shipped code-complete but operationally dead: five services read DOTTY_ADMIN_TOKEN, but no config surface provided it (not .env.example, not any compose file, not make setup, not the docs — and dotty-pi's compose had no env mechanism at all). Every deploy silently stayed permissive, i.e. the admin routes remained unauthenticated.

• make setup now generates a 32-byte hex token into .env (idempotent — an existing DOTTY_ADMIN_TOKEN line, even deliberately empty, is respected)
• compose template + all-in-one pass ${DOTTY_ADMIN_TOKEN:-} to xiaozhi-server; dotty-pi gains an optional env_file; bridge/behaviour compose comments name the token among their deploy-dir .env secrets
• documented in .env.example, new SETUP.md §10, and a CHANGELOG entry that also retroactively records the feat(xiaozhi-auth): gate /xiaozhi/admin/* behind X-Admin-Token (permissive) #149–feat(bridge-auth): send X-Admin-Token on all /xiaozhi/admin/* calls #152 chain

2. feat(kid-mode) — implement #157 per its spec

• Pure matcher (content_filter_match, tier regexes, replacement) lifted from bridge/text.py into the shared custom-providers/textUtils.py; the bridge keeps its metrics/ring/logging wrapper on top, behaviour unchanged — no regex duplication (test-enforced)
• New sentence-buffered filter_tts_stream(): nothing reaches TTS before its sentence is checked (word-level patterns can't straddle a sentence boundary; chunk-straddling terms are caught); a hit replaces the rest of the turn with the cheerful redirect, minus its leading emoji mid-turn to keep the one-emoji firmware contract; kid_mode off is a transparent passthrough
• Both live providers (PiVoiceLLM, OpenAICompat) wrap their TTS-bound streams; OpenAICompat's emoji enforcement runs first so the leading-glyph contract survives
• docs/faq.md updated: the filter is described honestly as a weak, bypassable backstop — prompt steering stays the primary defence

Acceptance (#157)

• Pure matcher in textUtils.py; bridge/text.py imports it; no regex duplication
• pi_voice blocks on kid_mode + tier hit; clean text passes untouched
• openai_compat same
• kid_mode off → zero behaviour change
• Unit tests for both providers (hit / clean / kid-off), mirroring tests/test_dashboard_say_filter.py
• Red-team verify on-device — bench-pending, must happen before release sign-off (per Kid Mode: blocked-words content-output filter (planned) #138)

Test plan

• ruff check . clean
• pytest tests/ custom-providers/pi_voice/tests/ (119) + pytest dotty-behaviour/tests/ --cov-append (213) — all pass, combined coverage 69.4% (gate 56%)
• 16 new cases in tests/test_voice_content_filter.py (core matcher, stream wrapper, bridge parity, both providers)
• Token generation block sandbox-tested for idempotency

Refs #157 (leaves the on-device red-team box open — close the issue after bench verification, not on merge). Also advances #138.

AI assistance: drafted by Claude Fable 5 (analysis, implementation, tests, and this PR body); human review pending per AI_TRANSPARENCY.md.

🤖 Generated with Claude Code