straw

History

Kayos 2cfb26bbd3 vc=43: loop round 5/5 — final ship Round-5 audit verdict: SHIP. Zero new CRIT/HIGH after the round-7 honesty check confirmed diminishing returns. Only follow-up was a stale manifest comment pointing at YT_HOSTS (collapsed to util.YtUrl in vc=42); rewritten to point at util/YtUrl.kt's ALLOWED_YT_HOSTS. The 5-round audit loop (rounds 4-8 overall, after vc=38's prior 3 rounds): 18 HIGH + 28 MED + handfuls of LOW landed across vc=39 through vc=43. Most material fixes: * Rust runtime ensure_initialized wired into every extractor entry, mutex-first then try_lock (no UI freeze on slow init) * VideoDetail / Channel / Search VM in-flight cancel + fence pattern; runCatchingCancellable to defeat the runCatching-eats- cancellation hazard at every coroutine boundary * Allowlist gate on every extractor entry point (not just persistence) — util/YtUrl with scheme + trailing-dot defenses * Bulk-import write-storm collapse on every store + return-real- added-count so the import summary doesn't lie at saturation * SponsorBlock skip-loop pause-skip + 50ms-exclusion drop * Recapcha URL strip-continue-param in Rust before propagation * SettingsStore truly atomic+idempotent; PlaylistsStore bulk * Hostile-zip duplicate-entry rejection + playlist LIMITs	2026-05-25 15:44:18 -07:00
..
src/main	vc=43: loop round 5/5 — final ship	2026-05-25 15:44:18 -07:00
build.gradle.kts	vc=26: look + feel pass — sulkta.com palette + Material Icons	2026-05-25 17:46:23 +00:00

Kayos 2cfb26bbd3 vc=43: loop round 5/5 — final ship

Round-5 audit verdict: SHIP. Zero new CRIT/HIGH after the round-7
honesty check confirmed diminishing returns. Only follow-up was a
stale manifest comment pointing at YT_HOSTS (collapsed to util.YtUrl
in vc=42); rewritten to point at util/YtUrl.kt's ALLOWED_YT_HOSTS.

The 5-round audit loop (rounds 4-8 overall, after vc=38's prior
3 rounds): 18 HIGH + 28 MED + handfuls of LOW landed across vc=39
through vc=43. Most material fixes:
  * Rust runtime ensure_initialized wired into every extractor
    entry, mutex-first then try_lock (no UI freeze on slow init)
  * VideoDetail / Channel / Search VM in-flight cancel + fence
    pattern; runCatchingCancellable to defeat the runCatching-eats-
    cancellation hazard at every coroutine boundary
  * Allowlist gate on every extractor entry point (not just
    persistence) — util/YtUrl with scheme + trailing-dot defenses
  * Bulk-import write-storm collapse on every store + return-real-
    added-count so the import summary doesn't lie at saturation
  * SponsorBlock skip-loop pause-skip + 50ms-exclusion drop
  * Recapcha URL strip-continue-param in Rust before propagation
  * SettingsStore truly atomic+idempotent; PlaylistsStore bulk
  * Hostile-zip duplicate-entry rejection + playlist LIMITs

2026-05-25 15:44:18 -07:00

src/main

vc=43: loop round 5/5 — final ship

2026-05-25 15:44:18 -07:00

build.gradle.kts

vc=26: look + feel pass — sulkta.com palette + Material Icons

2026-05-25 17:46:23 +00:00