vc=43: loop round 5/5 — final ship

Round-5 audit verdict: SHIP. Zero new CRIT/HIGH after the round-7 honesty check confirmed diminishing returns. Only follow-up was a stale manifest comment pointing at YT_HOSTS (collapsed to util.YtUrl in vc=42); rewritten to point at util/YtUrl.kt's ALLOWED_YT_HOSTS. The 5-round audit loop (rounds 4-8 overall, after vc=38's prior 3 rounds): 18 HIGH + 28 MED + handfuls of LOW landed across vc=39 through vc=43. Most material fixes: * Rust runtime ensure_initialized wired into every extractor entry, mutex-first then try_lock (no UI freeze on slow init) * VideoDetail / Channel / Search VM in-flight cancel + fence pattern; runCatchingCancellable to defeat the runCatching-eats- cancellation hazard at every coroutine boundary * Allowlist gate on every extractor entry point (not just persistence) — util/YtUrl with scheme + trailing-dot defenses * Bulk-import write-storm collapse on every store + return-real- added-count so the import summary doesn't lie at saturation * SponsorBlock skip-loop pause-skip + 50ms-exclusion drop * Recapcha URL strip-continue-param in Rust before propagation * SettingsStore truly atomic+idempotent; PlaylistsStore bulk * Hostile-zip duplicate-entry rejection + playlist LIMITs
2026-05-25 15:44:18 -07:00 · 2026-05-25 15:44:18 -07:00 · 2cfb26bbd3
commit 2cfb26bbd3
parent 10154c380b
2 changed files with 7 additions and 5 deletions
--- a/buildSrc/src/main/kotlin/ProjectConfig.kt
+++ b/buildSrc/src/main/kotlin/ProjectConfig.kt
@ -55,6 +55,6 @@ const val NEWPIPE_APPLICATION_ID_NEW = "net.newpipe.app"
 // vc=19 / 0.1.0-AE — rust pipeline cutover. Extraction via
 // strawcore-core (Sulkta-Coop/strawcore) via the UniFFI wrapper; no
 // NewPipeExtractor in the runtime path.
-const val STRAW_VERSION_CODE = 42
-const val STRAW_VERSION_NAME = "0.1.0-BB"
+const val STRAW_VERSION_CODE = 43
+const val STRAW_VERSION_NAME = "0.1.0-BC"
 const val STRAW_APPLICATION_ID = "com.sulkta.straw"
--- a/strawApp/src/main/AndroidManifest.xml
+++ b/strawApp/src/main/AndroidManifest.xml
@ -38,9 +38,11 @@
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
            <!-- Open YouTube URLs with Straw. Hosts here must stay in sync
-                 with YT_HOSTS in StrawActivity.kt — drift was caught in the
-                 vc=34 function audit (music.youtube.com etc. were accepted
-                 by the code but never offered by the launcher disambig). -->
+                 with ALLOWED_YT_HOSTS in util/YtUrl.kt (canonical home as
+                 of vc=42 — was previously inlined in StrawActivity.kt
+                 under YT_HOSTS; drift was caught in the vc=34 function
+                 audit, music.youtube.com etc. were accepted by code but
+                 never offered by the launcher disambig). -->
            <intent-filter android:autoVerify="false">
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />