If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/CarGuo/GSYVideoPlayer shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 1d ago
• 3 active contributors
• Apache-2.0 licensed
• CI configured
• Tests present
• ⚠ Small team — 3 contributors active in recent commits
• ⚠ Single-maintainer risk — top contributor 89% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live CarGuo/GSYVideoPlayer repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/CarGuo/GSYVideoPlayer.

What it runs against: a local clone of CarGuo/GSYVideoPlayer — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in CarGuo/GSYVideoPlayer | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 31 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of CarGuo/GSYVideoPlayer. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/CarGuo/GSYVideoPlayer.git
#   cd GSYVideoPlayer
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of CarGuo/GSYVideoPlayer and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "CarGuo/GSYVideoPlayer(\\.git)?\\b" \\
  && ok "origin remote is CarGuo/GSYVideoPlayer" \\
  || miss "origin remote is not CarGuo/GSYVideoPlayer (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/GSYVideoManager.java" \\
  && ok "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/GSYVideoManager.java" \\
  || miss "missing critical file: GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/GSYVideoManager.java"
test -f "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/IjkPlayerManager.java" \\
  && ok "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/IjkPlayerManager.java" \\
  || miss "missing critical file: GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/IjkPlayerManager.java"
test -f "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/cache/VideoCache.java" \\
  && ok "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/cache/VideoCache.java" \\
  || miss "missing critical file: GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/cache/VideoCache.java"
test -f "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/view/GSYVideoPlayer.java" \\
  && ok "GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/view/GSYVideoPlayer.java" \\
  || miss "missing critical file: GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/view/GSYVideoPlayer.java"
test -f "app/src/main/java/com/example/gsyvideoplayer/DetailPlayer.java" \\
  && ok "app/src/main/java/com/example/gsyvideoplayer/DetailPlayer.java" \\
  || miss "missing critical file: app/src/main/java/com/example/gsyvideoplayer/DetailPlayer.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 31 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/CarGuo/GSYVideoPlayer"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

GSYVideoPlayer is a comprehensive Android video player library supporting IJKPlayer, ExoPlayer (Media3), MediaPlayer, and AliPlayer as interchangeable backends. It provides advanced features including HTTPS streaming, danmaku (bullet chat) overlays, external subtitles (SRT/WebVTT), video filters, watermarks, GIF screenshot generation, pre-roll/mid-roll ads, play-while-cache functionality, and DASH/HLS adaptive bitrate switching—solving the problem of needing a feature-rich, multi-codec video player without building from scratch. Single-module monorepo architecture: gsyVideoPlayer is the core library (imported as project(':gsyVideoPlayer') in app/build.gradle), gsyVideoPlayer-aliplay is an optional Aliplayer binding. The app/ directory contains ~20 demonstration Activities showing different use cases (ads, filters, danmaku, list playback, fragments). Core player logic abstracts backend selection via kernel switching; filtering, ad, and subtitle logic are layered on top.

Android developers building video-centric apps (streaming platforms, social media, educational apps) who need out-of-the-box support for multiple video codecs, adaptive streaming, and advanced UI features like danmaku and frame-accurate seeking without reinventing the player wheel.

Production-ready and actively maintained. The project is well-established (1.7MB of Java code, mature CI/CD via GitHub Actions workflows for Maven Central publishing), includes comprehensive examples across app/src/main/java/com/example/gsyvideoplayer/ with specialized demo Activities (DetailADPlayer, DetailFilterActivity, AutoPlayRecyclerViewActivity), and has clear release automation (publish-maven-central.yml, release.yml). Commit recency and organized structure indicate active development.

Moderate risk factors: heavy reliance on native SO libraries (arm64-v8a, armeabi-v7a, x86_64 via NDK patching in 16kpatch/) introduces compilation and ABI compatibility concerns; the 16K page size patches (ndk_r22_16k_commit.patch, ndk_r22_ffmpeg_n4.3_ijk.patch) suggest platform-specific fragility; OpenSSL 1.1.1w dependency in arm64/x86_64 SO files may have maintenance implications. Single repository structure with multiple player backends means changes ripple across all integrations.

Active maintenance visible via GitHub Actions: CI workflow (ci.yml) runs on pushes, Maven Central automation is configured (MAVEN_CENTRAL_AUTOMATION.md), and release workflows exist. Recent NDK/FFmpeg patches in 16kpatch/ suggest ongoing work on 16K page size compatibility and FFmpeg n4.3 IJK integration. No specific PR/milestone data in provided files, but structure indicates version releases and dependency updates are ongoing.

git clone https://github.com/CarGuo/GSYVideoPlayer.git
cd GSYVideoPlayer
# Ensure Android SDK/NDK r22 is installed (for 16K patches)
./gradlew assembleDebug
# Or open in Android Studio and sync Gradle
./gradlew installDebug

If cloning is slow, use mirror: git clone https://gitcode.com/ZuoYueLiang/GSYVideoPlayer.git

Daily commands:

./gradlew build
# Run demo app on connected device or emulator
./gradlew installDebug
adb shell am start -n com.example.gsyvideoplayer/.DetailNormalActivityPlayer

Alternatively, open project in Android Studio (File > Open) and click Run button targeting an emulator or connected Android device (API 21+).

• GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/GSYVideoManager.java — Core video lifecycle manager coordinating playback across all player implementations; essential for understanding state management and player switching
• GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/IjkPlayerManager.java — IJKPlayer implementation manager; primary video decoding backend for this library with format/codec support
• GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/cache/VideoCache.java — Play-while-cache abstraction layer; implements AndroidVideoCache integration for streaming optimization
• GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/view/GSYVideoPlayer.java — Primary UI component exposing video player to consumers; contains control surface, texture rendering, and public API
• app/src/main/java/com/example/gsyvideoplayer/DetailPlayer.java — Reference implementation demonstrating core playback, controls, fullscreen, and lifecycle patterns for contributors
• GSYVideoPlayer/lib/build.gradle — Library dependency configuration including IJKPlayer, Media3/ExoPlayer, and NDK 16k page size patch requirements
• 16kpatch/ndk_r22_16k_commit.patch — Critical NDK R22 patch for 16k page size support; required for Android 15+ compatibility in native video decoding

Add a Custom Video Player Backend

1. Create new player manager implementing IMediaPlayer interface from GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/IMediaPlayer.java (GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/CustomPlayerManager.java)
2. Implement required methods: start(), pause(), seekTo(), release(), getBufferedPercentage(), getDuration(), getCurrentPosition() (GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/CustomPlayerManager.java)
3. Register player in PlayerFactory.createPlayer() switch statement to enable backend selection (GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/player/PlayerFactory.java)
4. Add dependency to lib/build.gradle and test with DetailPlayer.java reference implementation (GSYVideoPlayer/lib/build.gradle)

Integrate a New Subtitle Format

1. Extend GSYExoSubTitlePlayerManager or create parallel subtitle handler for custom subtitle file formats (app/src/main/java/com/example/gsyvideoplayer/exosubtitle/GSYExoSubTitlePlayerManager.java)
2. Implement subtitle parsing (SRT, ASS, VTT, etc.) in custom model class extending GSYExoSubTitleModel (app/src/main/java/com/example/gsyvideoplayer/exosubtitle/GSYExoSubTitleModel.java)
3. Load external subtitle file path via loadSubTitle(url) method and register callbacks (app/src/main/java/com/example/gsyvideoplayer/exosubtitle/GSYExoSubTitleDetailPlayer.java)
4. Test with SubtitleDetailPlayer.java; verify subtitle sync with video timeline via seekTo() callback (app/src/main/java/com/example/gsyvideoplayer/SubtitleDetailPlayer.java)

Add Video Effect/Filter with Custom OpenGL Renderer

1. Create custom renderer class extending GSYVideoGLViewCustomRender interface (app/src/main/java/com/example/gsyvideoplayer/effect/CustomVideoEffect.java)
2. Implement onSurfaceCreated() with fragment/vertex shader compilation, onDrawFrame() for texture transformation (app/src/main/java/com/example/gsyvideoplayer/effect/GSYVideoGLViewCustomRender.java)
3. Register renderer via GSYVideoPlayer.setRenderCallback(customRenderer) before play() (GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/view/GSYVideoPlayer.java)
4. Reference DetailFilterActivity.java and effect/ package for pixelation/grayscale examples (app/src/main/java/com/example/gsyvideoplayer/DetailFilterActivity.java)

Enable Auto-Play in RecyclerView List

1. In adapter/holder, add OnScrollListener to detect item visibility using RecyclerView.ViewHolder.itemView bounds (app/src/main/java/com/example/gsyvideoplayer/holder/RecyclerItemPlayNormalHolder.java)
2. Call GSYVideoManager.playVideo() when visibility threshold met (e.g., >50% visible) and pause() on scroll out (GSYVideoPlayer/lib/src/main/java/com/example/gsyvideoplayer/GSYVideoManager.java)
3. Bind lifecycle callbacks to Activity/Fragment using GSY

16K page size patch requirement: NDK builds must apply patches from 16kpatch/ to work on modern Android devices; omitting this causes linker errors on arm64-v8a. OpenSSL version pinning: arm64/x86_64 SO files require openssl 1.1.1w; upgrading breaks binary compatibility. Danmaku dependency: viewDependencies.danmakuFlameMaster is optional but some demo Activities assume it; removing it requires code changes. Proguard config: app/proguard-rules.pro must preserve native method names for JNI callbacks. HTTPS certificate pinning: HTTPS support via IJKPlayer may require custom certificate handling in some corporate networks; see implementation details in core library.

• IJKPlayer (FFmpeg-based native decoder) — IJKPlayer is one of GSYVideoPlayer's four kernel backends; understanding its codec support (h.263/4/5, RTSP, RTMP, HLS) and native JNI bridge is critical for troubleshooting playback failures
• OpenGL filter chains — GSYVideoPlayer's 20+ filters (mosaic, Gaussian blur, black & white, color correction) are applied via OpenGL ES; understanding frame-by-frame shader composition is needed to add custom filters
• DASH/HLS Adaptive Bitrate Switching — Media3/ExoPlayer mode supports DASH MPD and HLS master playlists for automatic quality selection based on network conditions; critical for streaming apps on variable connectivity
• SRT and WebVTT subtitle format parsing — GSYVideoPlayer unifies subtitle rendering across all four backends (IJK, ExoPlayer, MediaPlayer, AliPlayer) with a single parser; understanding timestamp normalization and cue merging prevents sync issues
• JNI (Java Native Interface) callback patterns — IJKPlayer communicates playback state (frame decoded, video dimensions, errors) via JNI callbacks to Java; misunderstanding callback threading causes ANRs and memory leaks
• 16K page size alignment for NDK SO libraries — Modern Android devices and Play Store now require 16K-aligned native binaries; the patches in 16kpatch/ are non-negotiable, not optional—omitting them breaks on Pixel 8+ and future devices
• AbstractFactory pattern for media player backends — GSYVideoPlayer uses factory pattern to swap IJK ↔ ExoPlayer ↔ MediaPlayer ↔ AliPlayer at runtime; understanding this polymorphism is essential for adding a fifth backend or fixing backend-specific bugs

• google/ExoPlayer — Official Google ExoPlayer library; GSYVideoPlayer uses ExoPlayer/Media3 as one of its four interchangeable backends
• CarGuo/ijkplayer — CarGuo's maintained fork of bilibili/ijkplayer; the FFmpeg-based decoder core that GSYVideoPlayer wraps and patches for 16K page size
• danikula/AndroidVideoCache — Video caching library used by GSYVideoPlayer's IJK mode for play-while-cache functionality
• Bilibili/DanmakuFlameMaster — Danmaku (bullet chat) rendering engine integrated into GSYVideoPlayer as viewDependencies.danmakuFlameMaster
• openharmony-tpc/GSYVideoPlayer — HarmonyOS port of this same video player library; shows ecosystem adaptation beyond Android

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for GSYVideoPlayer core playback lifecycle (pause, resume, seek, release)

The repo has 20+ example activities but no visible unit test files for the core player library (gsyVideoPlayer module). Testing playback state transitions, error handling, and resource cleanup would catch regressions early and improve code quality. This is critical for a multi-backend player (IJKPlayer, ExoPlayer, MediaPlayer) that must handle complex lifecycle scenarios.

• [ ] Create gsyVideoPlayer/src/test/java/com/shuyu/gsy/player/PlayerLifecycleTest.java with JUnit4 tests for pause/resume cycles
• [ ] Add tests for seek operations with boundary conditions (before start, after end, invalid positions)
• [ ] Add tests for proper resource release and listener cleanup in onDestroy paths
• [ ] Ensure tests cover all three backend implementations (IJKPlayer, ExoPlayer, MediaPlayer) where applicable

Add GitHub Actions CI workflow to test all NDK ABIs and 16K page size patches

The repo has 16kpatch/ directory with NDK patches for ARM, ARM64, and x86 architectures, but no CI validates that these patches apply cleanly or that the library builds with NDK. Currently .github/workflows/ only has publish and release workflows. Adding a build matrix that tests ndk_r22_16k_commit.patch application and validates all abiFilters ('arm64-v8a', 'armeabi-v7a', 'x86_64') would catch NDK-related breakage early.

• [ ] Create .github/workflows/android-ndk-build.yml with matrix testing for each ABI in ndk_r22_16k_commit.patch
• [ ] Verify 16kpatch/ patches apply to IJKPlayer submodule without conflicts
• [ ] Add validation step that confirms compiled .so files exist for all abiFilters
• [ ] Test with at least NDK r22 (referenced in patch filenames) to match documented setup

Add integration tests for danmaku/bullet-chat rendering with DanmakuFlameMaster

The repo lists danmaku support as a key feature and has DanmakuVideoActivity.java and DanmakuAdapter.java, but no tests verify danmaku rendering, performance with high message volume, or memory cleanup. This matters because danmaku adds significant overlay complexity. Tests should validate that danmaku doesn't cause frame drops or memory leaks during video playback.

• [ ] Create app/src/androidTest/java/com/example/gsyvideoplayer/DanmakuRenderingTest.java to test DanmakuVideoActivity
• [ ] Add test cases for rendering 100+ concurrent danmaku messages without frame stuttering
• [ ] Add memory leak detection using Espresso + LeakCanary to ensure danmaku views are garbage collected after activity destruction
• [ ] Test danmaku compatibility with the filter/watermark features mentioned in the description

• Add unit tests for subtitle parsing (SRT/WebVTT) in the core subtitle module. Currently no test files visible for gsyVideoPlayer/src/main/java/.../subtitle/; create tests verifying SRT timestamp parsing and WebVTT cue merging across backends.: Subtitles are critical for accessibility but lack test coverage; this ensures regressions are caught early.
• Document the kernel switching architecture with code examples. Create docs/KERNEL_SELECTION.md explaining how to swap IJKPlayer ↔ ExoPlayer at runtime, with snippets from the abstract factory implementation.: The multi-backend switching is GSYVideoPlayer's killer feature but not obviously documented; this helps new integrators choose the right player.
• Add a FilterFactory utility for common filter combinations. Currently filter classes are scattered; create gsyVideoPlayer/src/main/java/.../filter/FilterFactory.java with presets like 'BlackAndWhiteChain', 'BeautyChain' to simplify app code.: Reduces boilerplate for apps using multiple filters; improves developer experience.

• Critical · Hardcoded Keystore Credentials — app/build.gradle - signingConfigs.release block. The app/build.gradle file contains hardcoded keystore credentials (storePassword: '123456', keyPassword: '123456') in plain text. These are used for signing both debug and release builds. This exposes the signing key to anyone with access to the repository and allows unauthorized APK signing. Fix: Remove hardcoded credentials and use Android Studio's key management or environment variables. Store sensitive credentials in .env files or CI/CD secrets. Use gradle.properties with local overrides that are gitignored. Consider using Android Keystore for production builds.
• Critical · Weak Keystore Password — app/build.gradle - signingConfigs.release. The keystore password '123456' is a trivial numeric sequence that can be cracked in seconds. This undermines the entire security of the signing key. Fix: Use a strong, randomly generated password (minimum 16 characters with mixed case, numbers, and symbols). Store it securely in CI/CD secrets management or HSM.
• High · Exposed Keystore File in Repository — app/build.gradle - storeFile reference. The release.jks file is referenced in version control (../release.jks). If the file exists in the repository history, the private signing key is permanently exposed and can be extracted. Fix: Remove release.jks from git history using git-filter-branch or BFG. Add *.jks to .gitignore. Store keystore files outside the repository and load them from secure CI/CD pipelines only. Rotate the signing key if it was ever committed.
• High · Minification Disabled in Debug Build — app/build.gradle - debug buildType. Debug builds have minifyEnabled = false, which means code is not obfuscated. While acceptable for debug, ensure release builds have proper ProGuard/R8 configuration to prevent reverse engineering of sensitive logic. Fix: Keep minifyEnabled = false for debug builds (acceptable). Verify release builds have minifyEnabled = true with comprehensive ProGuard rules. Ensure app/proguard-rules.pro adequately protects sensitive classes.
• High · Insecure HTTPS Certificate Handling Potential — Core player implementations - ExoPlayer, IJKPlayer integrations. The project supports HTTPS but the codebase structure suggests video playback from various sources (ExoPlayer, IJKPlayer, MediaPlayer, AliPlayer). Without seeing network code, there's risk of insufficient certificate pinning or SSL/TLS validation for media streams. Fix: Implement certificate pinning for all HTTPS connections. Use OkHttp with CertificatePinner for critical endpoints. Validate all SSL/TLS certificates properly. Avoid disabling certificate validation in production.
• High · Multipart Dependencies Without Verification — app/build.gradle - dependencies block. The build.gradle uses multiple custom dependencies (gsyVideoPlayer, gsyVideoPlayer-aliplay, danmakuFlameMaster, etc.) from various sources. Without visible dependency verification or lock files, there's risk of dependency confusion or supply chain attacks. Fix: Implement dependency verification in gradle.properties. Use gradle.lockfile for reproducible builds. Enable gradle dependency verification. Audit all custom dependencies for known vulnerabilities using OWASP Dependency-Check or Snyk.
• Medium · Missing Security Headers and Permissions — app/src/main/AndroidManifest.xml. The AndroidManifest.xml file is not shown in detail, but video players typically require dangerous permissions (INTERNET, READ_EXTERNAL_STORAGE). Ensure minimum necessary permissions are requested and justify each. Fix: Request only necessary permissions. Implement runtime permissions for dangerous permissions on API 23+. Use scoped storage instead of broad storage access. Document permission justification.
• Medium · External Subtitles and Danmaku File Handling — Subtitle handling and DanmakuAdapter components. The app supports external subtitles and danmaku (bullet chat) which may involve loading and parsing external files or network data. Unvalidated file handling could lead to XXE attacks or DOS through malformed files. Fix: Validate and sanitize all external subtitle and

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.