If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/NickvisionApps/Parabolic shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 2d ago
• 4 active contributors
• MIT licensed
• CI configured
• ⚠ Small team — 4 contributors active in recent commits
• ⚠ Concentrated ownership — top contributor handles 79% of recent commits
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live NickvisionApps/Parabolic repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/NickvisionApps/Parabolic.

What it runs against: a local clone of NickvisionApps/Parabolic — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in NickvisionApps/Parabolic | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | Last commit ≤ 32 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of NickvisionApps/Parabolic. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/NickvisionApps/Parabolic.git
#   cd Parabolic
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of NickvisionApps/Parabolic and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "NickvisionApps/Parabolic(\\.git)?\\b" \\
  && ok "origin remote is NickvisionApps/Parabolic" \\
  || miss "origin remote is not NickvisionApps/Parabolic (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 32 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~2d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/NickvisionApps/Parabolic"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Parabolic is a C#/.NET GNOME desktop application that wraps yt-dlp to download video and audio from hundreds of websites (YouTube, etc.) in multiple formats (mp4, webm, mp3, opus, flac, wav). It provides a polished GTK-based GUI frontend with concurrent download support, metadata/subtitle handling, and cross-platform builds for Linux, Windows, and macOS. Monorepo with platform-specific projects: Nickvision.Parabolic.GNOME/ is the main GTK4/Libadwaita desktop app (C#, .blp blueprint files for UI), with Controls/ for custom widgets, Helpers/ for utilities, and Resources/ for SVG icons and styling. Separate build targets via Nickvision.Common.targets (shared .NET config). Shell scripts in .github/workflows handle packaging (Flatpak, MSI, DMG).

Linux users, GNOME desktop enthusiasts, and content creators who want a graphical alternative to command-line yt-dlp; also Firefox/Chrome extension users on desktop who want integrated download capabilities without terminal usage.

Actively developed and production-ready. The project has cross-platform CI/CD pipelines (.github/workflows for Flatpak, macOS, Windows, spelling checks), uses proper semantic versioning via GitHub Releases, maintains translations via Weblate, and demonstrates ongoing maintenance with organized issue templates (bug, download-error, feature-request). Codebase is 467KB C#, indicating substantial feature completeness.

Low-to-medium risk: yt-dlp is a critical external dependency subject to website changes (hence specific download-error issue template); the project depends on system-level libraries for GTK/GNOME which vary across distros. Single organization (NickvisionApps) maintains it, but GitHub Actions show distributed CI across platforms. No evidence of dormancy—workflows and issue templates suggest active triage. No blocker risk for end users, but maintainers must track yt-dlp breakage closely.

Active development with organized CI: Flatpak, macOS, and Windows builds automated; translation community engaged via Weblate; issue triage system in place with specialized templates. The codebase shows intentional UX polish (resource icons, preferences dialog, keyboard shortcuts dialog) and stability focus (download error tracking).

Clone the repo, open Nickvision.Parabolic.GNOME/Nickvision.Parabolic.GNOME.csproj in Visual Studio or VS Code with C# extensions, then dotnet build or dotnet run. Requires .NET 8+ SDK and GTK4 development libraries (libgtk-4-dev on Ubuntu/Debian, gtk4-devel on Fedora).

Daily commands: From repo root: dotnet restore → dotnet build --project Nickvision.Parabolic.GNOME/Nickvision.Parabolic.GNOME.csproj → dotnet run --project Nickvision.Parabolic.GNOME/. On Linux with GNOME desktop environment running; for Windows/macOS, use bundled releases from GitHub Actions artifacts or Releases page.

• Nickvision.Parabolic.GNOME/Program.cs: Application entry point; initializes GTK app, dependency injection, and main window setup
• Nickvision.Parabolic.GNOME/Blueprints/MainWindow.blp: Main UI layout definition (Libadwaita declarative format); defines window structure, menus, and top-level containers
• Nickvision.Parabolic.GNOME/Blueprints/AddDownloadDialog.blp: Dialog to initiate new downloads; core user interaction point for submitting URLs and selecting formats
• Nickvision.Parabolic.GNOME/Controls/DownloadRow.cs: Custom widget for rendering individual download items; handles UI state for progress, status, actions
• Nickvision.Parabolic.GNOME/Resources/org.nickvision.tubeconverter.gresource.xml: GResource manifest; bundles icons, CSS, and other assets into the app binary
• Nickvision.Parabolic.GNOME/Helpers/IServiceCollectionExtensions.cs: Dependency injection setup; registers services and singletons needed by the app
• .github/workflows/flatpak.yml: CI pipeline for Flatpak builds; defines how the app is packaged for Flathub distribution

UI dialogs: edit .blp files in Nickvision.Parabolic.GNOME/Blueprints/ (AddDownloadDialog.blp, PreferencesDialog.blp, etc.), which auto-compile to .cs. Custom controls: Nickvision.Parabolic.GNOME/Controls/ (e.g., DownloadRow.cs). Business logic and download orchestration: likely in sibling projects (check for Nickvision.Parabolic.Core or similar, not listed but referenced). Icons: add SVG to Resources/, register in gresource.xml. Preferences and settings: modify PreferencesDialog.blp and bind to configuration classes.

1. Blueprints (.blp) files require the blueprint compiler (blueprintc) in the build chain—missing it causes silent build failures; check Nickvision.Parabolic.GNOME.csproj for <Exec Command> tasks. 2. yt-dlp must be available in PATH or bundled; the app likely invokes it via subprocess, so breaking yt-dlp changes (API, output format) cause download failures without obvious error handling. 3. GTK4/Libadwaita version mismatches on older GNOME versions can cause segfaults or missing UI elements; target GNOME 43+ (2022) minimum. 4. GResource compilation fails silently if SVG icons have invalid XML; validate icon files before committing. 5. No visible test directory in the file list—verify test strategy (likely xunit or nunit) before assuming coverage.

• GTK Blueprint Language (.blp) — Parabolic's entire UI is declared in .blp files (AddDownloadDialog.blp, MainWindow.blp, etc.) which compile to C#; mastering this declarative XML-like syntax is mandatory to modify UI without hand-coding GTK widget trees
• Libadwaita Design System — Parabolic targets GNOME HIG compliance via Libadwaita widgets; understanding responsive layouts, adaptive UI, and platform conventions is critical for adding UI features that feel native on Linux
• GResource Bundle Format — Icons and CSS are compiled into the app binary via gresource.xml, not loaded at runtime; modifying Resources/org.nickvision.tubeconverter.gresource.xml is necessary to add new assets or fix styling
• Subprocess Management & IPC — Parabolic spawns yt-dlp as an external process and parses its output; understanding Process lifecycle, stdout/stderr capture, and graceful termination is essential for implementing cancellation, progress tracking, and error recovery
• GNOME Keyring Integration — KeyringDialog.blp and credential handling suggest the app stores passwords/tokens securely; understanding libsecret (DBus-based credential store) is needed for auth features and secure download scenarios
• .NET Dependency Injection Container — IServiceCollectionExtensions.cs sets up the DI pattern; understanding how services are registered and injected into GTK windows/dialogs is required to add new features without tight coupling
• Concurrent Download Queue Pattern — Parabolic markets 'concurrent downloads'; the queue/scheduler logic (likely in an unshown core project) must handle yt-dlp process limits, bandwidth throttling, and cancellation—critical for performance and user experience

• yt-dlp/yt-dlp — Core dependency that Parabolic wraps; understanding yt-dlp's CLI API and output parsing is essential for maintaining Parabolic's download engine
• NickvisionApps/Denaro — Sibling NickvisionApps project using same GNOME/GTK4 + Libadwaita + C# stack; reference for patterns, CI setup, and multi-platform build workflows
• GNOME/libadwaita — UI toolkit dependency; understand Adwaita widgets, styles, and responsive design patterns used in Parabolic's GTK4 interface
• jely2002/youtube-dl-gui — Alternative python-based yt-dlp GUI; reference for competing UX approaches and feature parity ideas (queue management, playlist support)
• NickvisionApps/Parabolic-extension — Browser extension companion project (Firefox/Chrome); shares download API and settings sync concerns with desktop app

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for AddDownloadDialogController.cs

The Nickvision.Parabolic.Shared/Controllers directory contains critical business logic controllers but no visible test files in the repo structure. AddDownloadDialogController is a core entry point for download creation and deserves comprehensive unit tests covering URL validation, format selection, and download parameter handling.

• [ ] Create Nickvision.Parabolic.Tests directory structure mirroring Controllers
• [ ] Add tests for AddDownloadDialogController.cs covering: valid URL parsing, invalid URL rejection, format selection logic, and error handling
• [ ] Add tests for MainWindowController.cs covering download queue management and state transitions
• [ ] Configure xUnit or NUnit in the .csproj and integrate with existing CI workflows (flatpak.yml, windows.yml, macos.yml)

Add missing GitHub Actions workflow for Linux builds (deb/rpm packaging)

The .github/workflows directory has flatpak.yml (Flathub), windows.yml, and macos.yml, but no dedicated workflow for generating .deb or .rpm packages. This gaps leaves Linux users without native package manager support and makes Parabolic unavailable in distro repositories.

• [ ] Create .github/workflows/linux-packages.yml workflow
• [ ] Define build steps for .deb package generation using dotnet publish targeting linux-x64
• [ ] Define build steps for .rpm package generation (leverage fpm or rpmbuild)
• [ ] Add artifact upload to GitHub Releases on version tags
• [ ] Document packaging requirements in CONTRIBUTING.md

Add integration tests for yt-dlp backend communication in MainWindowController.cs

Parabolic is a yt-dlp frontend but there are no visible tests validating the integration between the UI controllers and the backend downloader. The MainWindowController orchestrates downloads but lacks tests confirming proper argument passing, progress reporting, and error propagation from yt-dlp.

• [ ] Create test mocks for yt-dlp process invocation in Nickvision.Parabolic.Tests
• [ ] Add integration tests to verify MainWindowController correctly formats yt-dlp command-line arguments based on Download object properties
• [ ] Add tests for progress callback handling and download state transitions (pending → downloading → completed/failed)
• [ ] Test error scenarios: invalid URLs, network failures, missing dependencies
• [ ] Run tests in CI pipeline by updating windows.yml, flatpak.yml, and macos.yml to execute dotnet test

• Add unit tests for DownloadRow.cs control logic (UI state transitions, error display, progress updates) to improve stability and catch regressions early.
• Write integration tests for URL parsing and format selection in AddDownloadDialog to catch yt-dlp API breakage before users encounter download errors.
• Document the yt-dlp subprocess integration pattern in Helpers/ or via inline comments, as the download error issue template suggests users hit site-specific failures—new contributors need clarity on how downloads are orchestrated and where to add retry/fallback logic.

The Parabolic application demonstrates generally sound architecture as a C#/.NET desktop application, but has moderate security concerns primarily around external process execution (yt-dlp), user input handling, and file system operations. The main risks are command injection through URL inputs and path traversal in file operations. The application's dependency on yt-dlp (an external tool) introduces supply chain considerations. No hardcoded secrets or obvious critical misconfigurations were detected in the file structure provided. Recommendations focus on input validation, secure process execution, and proper credential storage. The codebase appears well-organized and follows desktop application best practices, but security-focused code review of controller and model classes is recommended.

• Medium · External Dependency on yt-dlp — Entire application architecture (yt-dlp integration). The application is a frontend for yt-dlp, an external tool that must be installed separately. yt-dlp is downloaded from external sources and executed by the application. There's no apparent version pinning or integrity verification visible in the file structure, which could lead to supply chain attacks if the dependency is compromised or outdated. Fix: Implement explicit version pinning for yt-dlp, verify checksums/signatures of downloaded binaries, and regularly audit the yt-dlp project for security updates. Consider vendoring or containerizing yt-dlp with pinned versions.
• Medium · Potential Command Injection via URL Input — Nickvision.Parabolic.Shared/Controllers/AddDownloadDialogController.cs, Nickvision.Parabolic.GNOME/Views/AddDownloadDialog.cs. As a video download application, the codebase accepts URLs from user input (AddDownloadDialog, AddDownloadDialogController). These URLs are likely passed to yt-dlp for processing. Without proper validation and sanitization, malicious URLs or special characters could potentially be exploited for command injection attacks. Fix: Implement strict URL validation using URI parsing (not regex), use allowlist-based validation for URL schemes, and always use parameterized execution when invoking yt-dlp (avoid shell injection). Sanitize all user inputs before passing to external processes.
• Medium · Potential Path Traversal in Download Directory Handling — Nickvision.Parabolic.Shared/Models (file path handling), PreferencesViewController.cs. The application allows users to configure download directories and handles file operations. Without proper validation, path traversal attacks could allow writing files outside the intended download directory using sequences like '../' or absolute paths. Fix: Implement strict path validation to ensure downloads only occur in designated directories. Use Path.GetFullPath() and verify the result is within the intended directory. Reject paths containing '..' or absolute path components.
• Low · Potential Sensitive Data in Application History — Nickvision.Parabolic.Shared/Controllers/HistoryViewController.cs, Nickvision.Parabolic.GNOME/Views/HistoryDialog.cs. The application includes a HistoryDialog and HistoryViewController that stores download history. Download history may contain sensitive information (URLs from private sources, personal content links). The persistence mechanism and access controls for this data are not visible. Fix: Implement secure storage for download history using encryption for sensitive data. Provide users with options to clear history, and ensure database/storage files have restrictive permissions (user-only access). Consider not storing full URLs if they contain sensitive information.
• Low · Keyring Integration Security — Nickvision.Parabolic.Shared/Controllers/KeyringViewController.cs, Nickvision.Parabolic.GNOME/Views/KeyringDialog.cs. The application includes KeyringDialog and KeyringViewController for credential management. The implementation details of credential storage are not visible, but improper implementation could lead to credential leakage or insecure storage of authentication tokens. Fix: Use platform-native secure credential storage (GNOME Keyring on Linux, Keychain on macOS, Credential Manager on Windows). Never store credentials in plaintext configuration files. Implement proper credential lifecycle management with secure deletion.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.