If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/Mzying2001/CefFlashBrowser shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Solo project — review before adopting

• Last commit 2w ago
• MIT licensed
• Tests present
• ⚠ Solo or near-solo (1 contributor active in recent commits)
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live Mzying2001/CefFlashBrowser repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/Mzying2001/CefFlashBrowser.

What it runs against: a local clone of Mzying2001/CefFlashBrowser — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in Mzying2001/CefFlashBrowser | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 47 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of Mzying2001/CefFlashBrowser. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/Mzying2001/CefFlashBrowser.git
#   cd CefFlashBrowser
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of Mzying2001/CefFlashBrowser and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "Mzying2001/CefFlashBrowser(\\.git)?\\b" \\
  && ok "origin remote is Mzying2001/CefFlashBrowser" \\
  || miss "origin remote is not Mzying2001/CefFlashBrowser (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "CefFlashBrowser/App.xaml.cs" \\
  && ok "CefFlashBrowser/App.xaml.cs" \\
  || miss "missing critical file: CefFlashBrowser/App.xaml.cs"
test -f "CefFlashBrowser.FlashBrowser/ChromiumFlashBrowser.cs" \\
  && ok "CefFlashBrowser.FlashBrowser/ChromiumFlashBrowser.cs" \\
  || miss "missing critical file: CefFlashBrowser.FlashBrowser/ChromiumFlashBrowser.cs"
test -f "CefFlashBrowser.FlashBrowser/CefFlashSettings.cs" \\
  && ok "CefFlashBrowser.FlashBrowser/CefFlashSettings.cs" \\
  || miss "missing critical file: CefFlashBrowser.FlashBrowser/CefFlashSettings.cs"
test -f "CefFlashBrowser.Sol/sol.cpp" \\
  && ok "CefFlashBrowser.Sol/sol.cpp" \\
  || miss "missing critical file: CefFlashBrowser.Sol/sol.cpp"
test -f "CefFlashBrowser.FlashBrowser/Handlers/RequestHandler.cs" \\
  && ok "CefFlashBrowser.FlashBrowser/Handlers/RequestHandler.cs" \\
  || miss "missing critical file: CefFlashBrowser.FlashBrowser/Handlers/RequestHandler.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 47 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~17d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/Mzying2001/CefFlashBrowser"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

CefFlashBrowser is a Windows desktop browser built on Chromium Embedded Framework (CEF) with integrated Flash Player plugin support, enabling rendering of Flash content in web pages and direct playback of local .SWF files. It also includes a SOL file manager for inspecting, exporting, importing, and editing Flash game save archives—addressing the critical gap left by Flash EOL in 2020. Multi-project C# solution: CefFlashBrowser.FlashBrowser (core browser with WPF UI) contains Handlers/ folder organizing CEF callbacks (LoadHandler, RequestHandler, ContextMenuHandler, etc.); CefFlashBrowser.Sol is a C++/CLI wrapper for AMF/SOL binary parsing; CefFlashBrowser.Log provides logging; CefFlashBrowser.Singleton (C++ interop) handles single-instance enforcement.

Flash game enthusiasts and archivists who need to preserve and play Flash content post-EOL; developers maintaining legacy Flash-based applications; users managing Flash game save files across multiple titles.

Actively maintained with a polished UI (shown in Images/MainWindow.png and Images/SolEditor.png), comprehensive handler patterns for browser features, and test coverage (CefFlashBrowser.Tests/). The .NET Framework 4.6.2 dependency and pre-built release artifacts indicate production readiness. However, as a single-maintainer project with Flash being a deprecated technology, the project is stable but not growing.

Single maintainer (Mzying2001) creates long-term sustainability risk. Dependency on CEF (Chromium) version pins and .NET Framework 4.6.2 may create future compatibility issues as Windows updates. Flash plugin EOL (December 2020) means this is inherently a legacy preservation tool; any security issues in bundled Flash cannot be patched upstream.

No visible recent activity metadata provided in file list. Last observable state: code includes CLAUDE.md and AGENTS.md documentation (suggesting recent refactoring or documentation effort), comprehensive test suite in place (AmfEncodingTests, SolFileReadWriteTests, SettingsTests), and stable release artifacts.

Clone: git clone https://github.com/Mzying2001/CefFlashBrowser.git. Build in Visual Studio 2019+ or via msbuild CefFlashBrowser.sln. Run CefFlashBrowser.exe after build (no install step needed). Requires .NET Framework 4.6.2 and Visual C++ Redistributable.

Daily commands: Open CefFlashBrowser.sln in Visual Studio 2019+ → Build → Run CefFlashBrowser.exe. For command line: msbuild CefFlashBrowser.sln /p:Configuration=Release then execute bin/Release/CefFlashBrowser.exe.

• CefFlashBrowser/App.xaml.cs — Application entry point and initialization logic for the WPF Flash browser; sets up CEF, handlers, and main window
• CefFlashBrowser.FlashBrowser/ChromiumFlashBrowser.cs — Core Flash browser component integrating CefSharp with Flash plugin support; manages lifecycle and navigation
• CefFlashBrowser.FlashBrowser/CefFlashSettings.cs — CEF configuration and Flash plugin initialization settings; essential for plugin discovery and browser startup
• CefFlashBrowser.Sol/sol.cpp — Native C++ SOL file parser/writer for Flash game archive management; handles binary serialization of game saves
• CefFlashBrowser.FlashBrowser/Handlers/RequestHandler.cs — Intercepts and manages HTTP requests and responses; critical for resource loading and Flash content delivery
• CefFlashBrowser.Log/FileLogger.cs — Centralized logging infrastructure for diagnostics and debugging across the browser and handlers
• CefFlashBrowser.Tests/SolFileReadWriteTests.cs — Test suite validating SOL file parsing/serialization; ensures archive integrity across versions

Add a New HTTP Request Handler

1. Create a new handler class in CefFlashBrowser.FlashBrowser/Handlers/ inheriting from appropriate CEF handler interface (CefFlashBrowser.FlashBrowser/Handlers/RequestHandler.cs)
2. Implement required interface methods (e.g., OnBeforeResourceLoad, OnResourceResponse) (CefFlashBrowser.FlashBrowser/Handlers/RequestHandler.cs)
3. Register handler in CefFlashSettings.cs by adding it to the BrowserSettings initialization (CefFlashBrowser.FlashBrowser/CefFlashSettings.cs)
4. Add logging calls using ILogger for debugging (CefFlashBrowser.Log/FileLogger.cs)

Add Support for a New SOL Archive Type

1. Define new data structures and type markers in CefFlashBrowser.Sol/sol.h (CefFlashBrowser.Sol/sol.h)
2. Implement parsing logic in CefFlashBrowser.Sol/sol.cpp for the new type markers (CefFlashBrowser.Sol/sol.cpp)
3. Add serialization/deserialization in CefFlashBrowser.Sol/utils.cpp for AMF encoding of new types (CefFlashBrowser.Sol/utils.cpp)
4. Expose C++/CLI wrapper in CefFlashBrowser.Sol/utilscli.cpp if new types need .NET access (CefFlashBrowser.Sol/utilscli.cpp)
5. Write tests in CefFlashBrowser.Tests/SolFileReadWriteTests.cs with test fixtures (CefFlashBrowser.Tests/SolFileReadWriteTests.cs)

Add a New UI Language

1. Create new language XAML resource file in CefFlashBrowser/Assets/Language/ (e.g., de-DE.xaml) (CefFlashBrowser/Assets/Language/zh-CN.xaml)
2. Copy structure and all string keys from existing language file (zh-CN.xaml or en-US.xaml) (CefFlashBrowser/Assets/Language/en-US.xaml)
3. Translate all string values to target language (CefFlashBrowser/Assets/Language)
4. Register resource in App.xaml within ResourceDictionary.MergedDictionaries (CefFlashBrowser/App.xaml)

Extend Browser Functionality with New Handler

1. Identify which CEF event to intercept (e.g., OnContextMenu, OnJavaScriptDialog) and create handler class (CefFlashBrowser.FlashBrowser/Handlers/ContextMenuHandler.cs)
2. Implement the handler interface and override necessary methods (CefFlashBrowser.FlashBrowser/Handlers)
3. Instantiate handler in ChromiumFlashBrowser.cs and attach to browser settings (CefFlashBrowser.FlashBrowser/ChromiumFlashBrowser.cs)
4. Add optional WPF-specific wrapper in CefFlashBrowser.WinformCefSharp4WPF/Internals if needed (CefFlashBrowser.WinformCefSharp4WPF/Internals)

• CefSharp (Chromium Embedded Framework) — Provides full Chromium browser engine in .NET with native Flash plugin support via PPAPI; only modern solution for Flash content after Flash EOL
• WPF (Windows Presentation Foundation) — Native Windows desktop framework with XAML for UI; integrates seamlessly with CefSharp and provides rich UI capabilities
• C++/CLI for SOL File Handling — Binary

CEF version pinning: CefFlashBrowser likely depends on a specific CEF release with Flash support; upgrading CEF may require extensive rebuilds. AMF3 binary format is strict: SOL file modifications can corrupt saves if the CefFlashBrowser.Sol AMF encoder has bugs (see test suite). .NET Framework 4.6.2 only: Will not run on .NET 5+; Windows 7 SP1+ required. Flash plugin licensing: The embedded Flash Player may have licensing implications if redistributed commercially (Adobe's EOL terms). No visible CI/CD: Building requires local Visual Studio; no evidence of automated testing on commit.

• Chromium Embedded Framework (CEF) — CEF is the underlying rendering engine that powers this browser; understanding CEF's handler/callback architecture is essential to extending or debugging rendering behavior
• AMF3 (Action Message Format 3) Binary Serialization — Flash SOL save files use AMF3 encoding; the CefFlashBrowser.Sol module reverse-engineers this format, and bugs in AMF3 parsing corrupt user save data
• WPF (Windows Presentation Foundation) / XAML — The UI layer uses WPF declarative markup; modifying dialogs, menus, or layouts requires XAML knowledge
• Single-instance Application Pattern (Named Mutex) — CefFlashBrowser.Singleton enforces one running instance via Windows named mutexes; prevents port conflicts and state corruption from parallel launches
• P/Invoke (Platform Invocation Services) — CefFlashBrowser.Sol uses P/Invoke to call C++ AMF parsing code from C#; understanding marshaling is critical for binary data correctness
• CEF Handler Chain / Observer Pattern — 12 handler classes (LoadHandler, KeyboardHandler, etc.) form a chain intercepting browser events; understanding this extensibility model is key to adding features
• Flash Player Plugin Lifecycle (EOL Context) — Flash officially ended support December 2020; this project exists to preserve Flash playback via bundled plugin—understanding Flash security/licensing EOL terms prevents legal/security missteps

• cztomczak/cefpython — Earlier Python bindings for CEF; demonstrates cross-language CEF integration patterns applicable to C# approach
• ChromiumFX/ChromiumFX — Alternative C# wrapper for CEF with different handler patterns; reference for CEF bridge design decisions
• maxkatz6/AvaloniaCEF — Modern Avalonia-based CEF browser; shows evolution beyond WPF for .NET browser UIs
• adobe/flash-runtime-extensions — Adobe's official Flash Runtime Extensions documentation; essential for understanding Flash plugin API constraints
• open-flash/swf-specification — Community SWF/AMF3 format documentation; critical reference for SOL file parser validation

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for Sol file parsing (AmfEncodingTests expansion)

The repo contains CefFlashBrowser.Tests with SolFileReadWriteTests.cs and test data files (FBCookie.sol, mao.sol, pvz.sol, settings.sol), but lacks comprehensive coverage for the Sol format parser. AmfEncodingTests.cs exists but appears minimal. Flash game saves use proprietary Sol format - adding thorough roundtrip tests (parse→modify→serialize→reparse) would prevent data corruption bugs and validate the Sol codec implementation.

• [ ] Expand CefFlashBrowser.Tests/AmfEncodingTests.cs with edge cases (empty objects, nested arrays, type coercion)
• [ ] Add integration tests in SolFileReadWriteTests.cs for modifying and re-serializing Sol files from TestData/
• [ ] Create test cases for malformed Sol files to ensure graceful error handling
• [ ] Document Sol format structure in CLAUDE.md or create SOLFORMAT.md for contributor reference

Implement GitHub Actions CI workflow for multi-target .NET builds

The repo targets .NET Framework 4.6.2 with multiple project types (C# WPF, C++/CLI, C++ native), but has no visible CI pipeline. This is critical for a Flash browser project where CEF integration and handler callbacks (Handlers/ directory) are complex. A CI workflow would catch breaking changes early, especially in Handler implementations and cross-platform compat.

• [ ] Create .github/workflows/build.yml to build CefFlashBrowser.FlashBrowser and CefFlashBrowser.Tests on Windows
• [ ] Add job to compile CefFlashBrowser.Sol (C++ native project) and CefFlashBrowser.Singleton (C++/CLI wrapper)
• [ ] Run CefFlashBrowser.Tests as part of the pipeline using dotnet test
• [ ] Add artifact uploads for release builds (CefFlashBrowser.exe, dependencies)

Document and test the Handlers abstraction layer (IHandler pattern)

The Handlers/ directory contains 13+ CEF event handlers (AudioHandler, ContextMenuHandler, DialogHandler, etc.) and a WinformCefSharp4WPF/Internals/ folder with corresponding wrapper implementations. There's no documentation explaining the handler lifecycle, event flow, or how to add new handlers. This is a key extension point for contributors wanting to customize browser behavior.

• [ ] Create HANDLERS.md documenting the handler architecture, with examples for AudioHandler and ContextMenuHandler
• [ ] Add unit tests in CefFlashBrowser.Tests/ for critical handlers: RequestHandler.cs (resource filtering), LoadHandler.cs (navigation events), KeyboardHandler.cs
• [ ] Document the wrapper pattern used in WinformCefSharp4WPF/Internals/ (e.g., how AudioHandlerWrapper adapts IPC messages)
• [ ] Add a template example handler stub that contributors can copy when extending the browser

• Add unit tests for ChromiumWebBrowserEx.cs keyboard handling (WpfKeyboardHandler) currently lacking test coverage in CefFlashBrowser.Tests/
• Document the CEF handler extension pattern with a step-by-step guide in CLAUDE.md or a new Handlers/README.md, as the 12 handler files are powerful but lack architectural overview
• Add integration tests for Settings persistence in CefFlashSettings.cs (config load/save cycle) to prevent regression on future upgrades

• High · Flash Plugin Usage - Deprecated and Vulnerable Technology — CefFlashBrowser.FlashBrowser/ChromiumFlashBrowser.cs, entire project architecture. The application is built around embedding and executing Flash content (SWF files). Flash has been officially deprecated and end-of-life since December 2020. It contains numerous unpatched vulnerabilities that cannot be fixed. Running Flash content poses significant security risks including remote code execution, memory corruption, and sandbox escapes. Fix: Migrate away from Flash content. If Flash content must be viewed, consider using Flash emulators (e.g., Ruffle) or alternative formats. Do not deploy this application in production environments handling untrusted content.
• High · CEF (Chromium Embedded Framework) Version Management Risk — CefFlashBrowser/Assets/CefSharp/libcef_*.tar.gz. The project embeds CEF via compressed tar.gz files (libcef_x64.tar.gz, libcef_x86.tar.gz) stored in the repository. Without explicit version pinning or update mechanism documentation, there is risk of using outdated CEF versions with known vulnerabilities. The bundled assets may contain unpatched security issues. Fix: Document the exact CEF version being used. Implement a version update mechanism. Regularly check for and apply CEF security patches. Consider using NuGet package management instead of bundled binaries.
• High · Native Code Integration (.NET/C++ Interop) — CefFlashBrowser.Singleton/MsgReceiver.cpp, CefFlashBrowser.Sol/sol.cpp, CefFlashBrowser.WinformCefSharp4WPF/Internals/Win32.cs. The project includes C++ components (CefFlashBrowser.Singleton, CefFlashBrowser.Sol) that interface with managed .NET code. The files contain P/Invoke and COM interop code (evident from Win32.cs and MsgReceiver.cpp) which could be vulnerable to improper marshaling, buffer overflows, or privilege escalation if not carefully implemented. Fix: Conduct thorough security review of P/Invoke declarations and unmanaged code. Use SafeHandle for native resource management. Validate all marshaling operations. Apply Code Analysis tools (FxCop, PREfast) to detect unsafe patterns.
• Medium · Arbitrary File Download Handler — CefFlashBrowser.FlashBrowser/Handlers/DownloadHandler.cs. The DownloadHandler.cs suggests the application handles file downloads. Without proper validation of download URLs, destinations, or content-type verification, this could be exploited for arbitrary file writes or code injection attacks. Fix: Implement strict validation of download URLs (whitelist-based if possible). Verify content-type headers. Use safe temp directories for downloads. Implement hash verification for critical files. Never auto-execute downloaded files.
• Medium · Dialog and JavaScript Execution Handlers — CefFlashBrowser.FlashBrowser/Handlers/JsDialogHandler.cs, CefFlashBrowser.FlashBrowser/Handlers/DialogHandler.cs. The JsDialogHandler.cs and DialogHandler.cs suggest the application executes JavaScript and displays dialogs from web content. Without proper sandboxing and context isolation, this could allow XSS attacks or privilege escalation. Fix: Ensure CEF's sandbox is properly enabled. Implement Content Security Policy (CSP) headers. Validate and sanitize all HTML/JavaScript content. Use context isolation features of CEF.
• Medium · Request Handler - Potential SSRF Risk — CefFlashBrowser.FlashBrowser/Handlers/RequestHandler.cs, CefFlashBrowser.FlashBrowser/Handlers/ResourceRequestHandlerFactory.cs. The RequestHandler.cs and ResourceRequestHandlerFactory.cs handle all network requests. Without proper validation, this could be vulnerable to Server-Side Request Forgery (SSRF) attacks, allowing attackers to make requests to internal resources or bypass firewalls. Fix: Implement URL validation and filtering. Maintain a blocklist of internal IP ranges (127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Validate all network requests. Consider restricting protocols to HTTP/HTTPS only.
• Medium · undefined — undefined. undefined Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.