If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/Doikki/DKVideoPlayer shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 2y ago

• 6 active contributors
• Apache-2.0 licensed
• Tests present
• ⚠ Stale — last commit 2y ago
• ⚠ Single-maintainer risk — top contributor 90% of recent commits
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live Doikki/DKVideoPlayer repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/Doikki/DKVideoPlayer.

What it runs against: a local clone of Doikki/DKVideoPlayer — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in Doikki/DKVideoPlayer | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 734 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of Doikki/DKVideoPlayer. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/Doikki/DKVideoPlayer.git
#   cd DKVideoPlayer
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of Doikki/DKVideoPlayer and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "Doikki/DKVideoPlayer(\\.git)?\\b" \\
  && ok "origin remote is Doikki/DKVideoPlayer" \\
  || miss "origin remote is not Doikki/DKVideoPlayer (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/VideoView.java" \\
  && ok "dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/VideoView.java" \\
  || miss "missing critical file: dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/VideoView.java"
test -f "dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/AbstractPlayer.java" \\
  && ok "dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/AbstractPlayer.java" \\
  || miss "missing critical file: dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/AbstractPlayer.java"
test -f "dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/ControlWrapper.java" \\
  && ok "dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/ControlWrapper.java" \\
  || miss "missing critical file: dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/ControlWrapper.java"
test -f "dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/TextureRenderView.java" \\
  && ok "dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/TextureRenderView.java" \\
  || miss "missing critical file: dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/TextureRenderView.java"
test -f "dkplayer-players/exo/src/main/java/xyz/doikki/videoplayer/exo/ExoMediaPlayer.java" \\
  && ok "dkplayer-players/exo/src/main/java/xyz/doikki/videoplayer/exo/ExoMediaPlayer.java" \\
  || miss "missing critical file: dkplayer-players/exo/src/main/java/xyz/doikki/videoplayer/exo/ExoMediaPlayer.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 734 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~704d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/Doikki/DKVideoPlayer"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

DKVideoPlayer is a unified Android video player library that abstracts over MediaPlayer, ExoPlayer, and IjkPlayer backends, providing a single composable API. It implements TikTok-style features like preloading, list playback, floating window playback, ads, danmaku (bullet comments), watermarks, and video filters—all through a modular controller and render system. Modular monorepo: dkplayer-java/ contains core abstractions (BaseVideoController, AbstractPlayer, VideoView), dkplayer-players/ has pluggable backend implementations (exo/, and implied ijkplayer, media modules). Controller layer (IControlComponent, GestureVideoController) handles UI; Player layer (PlayerFactory, AbstractPlayer) dispatches to configured backend; Render layer (TextureRenderView, IRenderView) handles output. ProgressManager and VideoViewManager coordinate state.

Android app developers building video-heavy features (feeds, streaming, short-form video) who want a battle-tested player supporting multiple backends without rewriting playback logic for each one. Contributors extend controllers or add new player implementations.

Actively maintained production library (~956KB Java codebase, Maven Central distribution). However, last commit age and CI/test coverage are not visible in provided data; check GitHub for recent activity. The Maven Central badge and multi-backend support suggest stability, but the lack of visible test files (only 955KB Java across entire project) suggests test coverage may be incomplete.

Single-maintainer risk (Doikki org) is moderate; no visible open PR or issue count provided. The abstraction over three player backends (MediaPlayer, ExoPlayer, IjkPlayer) creates surface area for version incompatibilities—each backend has separate module (dkplayer-players/) that must track upstream updates. No visible CI pipeline (GitHub Actions workflow) in file list. Kotlin support is minimal (18KB), so Kotlin-first projects may face migration friction.

No recent PR/commit data visible in provided snippet, but structure shows active feature surface: danmaku support, filter system (GLSL shaders present, 2235 bytes), and gesture controller are implemented. Check GitHub Actions and recent commits for current work.

Clone: git clone https://github.com/Doikki/DKVideoPlayer.git && cd DKVideoPlayer. Build: ./gradlew build (uses Gradle 7.1.2 from build.gradle). Run demo: ./gradlew :dkplayer-sample:installDebug (inferred from typical Android structure; actual sample location may vary—verify dkplayer-sample/ exists).

Daily commands: gradle :dkplayer-java:build builds core library. gradle :dkplayer-players:exo:build builds ExoPlayer backend. For a sample app: gradle :dkplayer-sample:assembleDebug (if dkplayer-sample module exists). See README.md for usage examples and sample APK link (pgyer.com/EGTZ).

• dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/VideoView.java — Main VideoView component that orchestrates playback; all integrations must understand its lifecycle and control API
• dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/AbstractPlayer.java — Abstract base for all player implementations (AndroidMediaPlayer, ExoPlayer, IjkPlayer); defines core playback contract
• dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/ControlWrapper.java — Central event dispatcher bridging player state to UI controllers; critical for UI synchronization
• dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/TextureRenderView.java — Primary rendering surface using TextureView; handles video frame output and scaling logic
• dkplayer-players/exo/src/main/java/xyz/doikki/videoplayer/exo/ExoMediaPlayer.java — ExoPlayer adapter implementing AbstractPlayer; demonstrates pattern for integrating alternate backends
• dkplayer-players/ijk/src/main/java/xyz/doikki/videoplayer/ijk/IjkPlayer.java — IjkPlayer adapter; reference implementation for FFmpeg-based playback with custom codec support
• dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/PlayerFactory.java — Factory pattern for selecting player backend at runtime; enables swapping implementations without client code changes

Add a New Player Backend

1. Create a new Android library module (e.g., dkplayer-players/custom) (dkplayer-players/exo/build.gradle)
2. Implement AbstractPlayer subclass with lifecycle methods (play, pause, seekTo, getPlaybackState, etc.) (dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/AbstractPlayer.java)
3. Create PlayerFactory subclass to instantiate your player (dkplayer-players/exo/src/main/java/xyz/doikki/videoplayer/exo/ExoMediaPlayerFactory.java)
4. Register factory in PlayerFactory.createPlayer() switch statement (dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/PlayerFactory.java)
5. Add module to root build.gradle and update VideoViewConfig if needed (build.gradle)

Add Custom UI Controller Component

1. Extend BaseVideoController or implement IControlComponent for standalone components (dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/BaseVideoController.java)
2. Implement lifecycle callbacks: onPlayStateChanged, onPlayerStateChanged, onVideoSizeChanged, etc. (dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/IControlComponent.java)
3. Register component via ControlWrapper.addControlComponent() or extend GestureVideoController for gesture support (dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/ControlWrapper.java)
4. Use MediaPlayerControl methods to query player state and control playback (dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/MediaPlayerControl.java)

Implement Custom Render Surface

1. Implement IRenderView interface (setDisplay, setRotation, release, etc.) (dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/IRenderView.java)
2. Reference TextureRenderView as example for SurfaceTexture lifecycle (dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/TextureRenderView.java)
3. Create RenderViewFactory subclass and register in RenderViewFactory.createRenderView() (dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/RenderViewFactory.java)
4. Use MeasureHelper for aspect ratio/size calculations (dkplayer-java/src/main/java/xyz/doikki/videoplayer/render/MeasureHelper.java)

• TextureView (TextureRenderView.java) — Provides off-thread rendering allowing smooth UI thread

1. Player backend selection is configured at build time (separate gradle modules), not runtime—switching backends requires rebuild. 2) TextureRenderView uses OpenGL context; may leak on certain device configs or when swapping backends mid-playback. 3) ProgressManager (progress saving) appears to use SharedPreferences (not explicit in snippet)—verify thread safety if accessing from multiple Activities. 4) OrientationHelper listens for orientation changes globally; multiple VideoView instances may interfere. 5) No visible okhttp/network layer—verify how HLS/DASH URLs are fetched under the hood in each player backend.

• Abstract Factory & Strategy pattern — PlayerFactory and AbstractPlayer implement this to let you swap video backends (ExoPlayer, IjkPlayer, MediaPlayer) without changing VideoView; core to understanding extensibility
• Decorator/Wrapper pattern — ControlWrapper and IControlComponent decorate the underlying player with UI state; essential for adding custom controls without modifying core player code
• TextureView vs SurfaceView rendering — DKVideoPlayer uses TextureRenderView (TextureView) for composition over SurfaceView; matters for overlays, rotation, and hardware acceleration trade-offs
• Gesture detection and scroll interception — GestureVideoController implements brightness/volume/seek gestures; requires understanding Android MotionEvent handling and ViewGroup.onInterceptTouchEvent
• HLS/DASH adaptive streaming — ExoPlayer and IjkPlayer backends support these protocols; knowing the differences (bitrate switching, segment caching) informs which backend to choose for your use case
• OpenGL shader rendering (GLSL) — Video filters and effects use GLSL shaders (2235 bytes visible); required for custom filters, watermarks, and transformations in TextureRenderView
• Audio focus (AudioFocusHelper) — Player must request/release audio focus during pause/resume to coexist with system sounds and other apps; prevents ducking and conflicts

• google/ExoPlayer — Official ExoPlayer library—one of the three pluggable backends DKVideoPlayer abstracts
• bilibili/ijkplayer — FFmpeg-based player; one of the three pluggable backends, especially useful for hardware decoding and exotic formats
• daniulive/SmarterStreaming — Alternative unified Android video player; direct competitor solving similar TikTok-style playback problem
• guolindev/gsy-github-app — Mature Android app using custom video player; reference for production patterns (list recycling, state restoration) relevant to DKVideoPlayer users
• jitsi/jitsi-videobridge — Companion for developers needing live streaming infrastructure alongside DKVideoPlayer playback layer

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for PlayerFactory and rendering pipeline (TextureRenderView, MeasureHelper)

The repo has core factory and rendering classes (PlayerFactory.java, RenderViewFactory.java, TextureRenderView.java, MeasureHelper.java) but no visible test directory structure. These components are critical for player initialization and video rendering. Unit tests would catch regressions when refactoring player selection logic and measure calculations across different aspect ratios and screen sizes.

• [ ] Create dkplayer-java/src/test/java/xyz/doikki/videoplayer/player/ directory with PlayerFactoryTest.java
• [ ] Create dkplayer-java/src/test/java/xyz/doikki/videoplayer/render/ directory with MeasureHelperTest.java and TextureRenderViewTest.java
• [ ] Add test dependencies (JUnit 4, Mockito) to dkplayer-java/build.gradle
• [ ] Write tests covering: player factory selection logic, measure calculations for different scale types, and texture view lifecycle events

Add GitHub Actions CI workflow for automated testing and build verification

The repo uses Gradle (7.1.2) and supports multiple player backends (ExoPlayer, IJKPlayer, MediaPlayer) but lacks automated CI. A workflow would catch build failures across API levels, verify all three player modules compile correctly, and ensure ProGuard rules remain valid. This is especially important given the complexity of managing AndroidManifest.xml merging across dkplayer-java, dkplayer-players/exo, and dkplayer-players/ijk.

• [ ] Create .github/workflows/build.yml with steps to: checkout, setup JDK 11, run './gradlew build' for all modules
• [ ] Add matrix testing for API levels 16+ (minSdkVersion from attrs.xml context)
• [ ] Include './gradlew lint' step to catch Android Lint warnings in controller and player packages
• [ ] Add artifact upload for build reports and ProGuard mapping files to aid debugging

Document controller customization with concrete examples for BaseVideoController and GestureVideoController

The repo provides IControlComponent, IGestureComponent, and IVideoController interfaces, plus concrete implementations (BaseVideoController, GestureVideoController), but the README only links to wiki without inline examples. Contributors struggle to understand how to extend these controllers for features like custom progress bars or gesture handling. Adding documented examples directly to the codebase would reduce friction.

• [ ] Create dkplayer-java/src/main/java/xyz/doikki/videoplayer/controller/example/ directory with ControllerCustomizationExample.java
• [ ] Document how to implement IControlComponent for a custom subtitle renderer (show integration with controller lifecycle)
• [ ] Document how to extend GestureVideoController to add custom gesture handling (e.g., double-tap to skip)
• [ ] Add JavaDoc comments to BaseVideoController.onControllerAttached() and ControlWrapper.addControlComponent() explaining the binding flow
• [ ] Reference these examples in a new CONTROLLER_CUSTOMIZATION.md file in the root, linked from README.md

• Add unit tests for PlayerFactory player instantiation logic: dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/PlayerFactory.java has no visible test file. Create tests/xyz/doikki/videoplayer/player/PlayerFactoryTest.java to verify each backend (MediaPlayer, ExoPlayer, IjkPlayer) instantiates correctly with different configurations.
• Document GLSL shader usage and filter implementation: 2235 bytes of GLSL in the repo (visible in language breakdown) but no .glsl files listed. Either locate existing filters or document how to add new video filters by creating docs/FILTERS.md with shader examples and TextureRenderView integration notes.
• Add Kotlin sample implementation: Only 18KB Kotlin present vs 956KB Java. Add a dkplayer-sample-kotlin/ module showing the same features (list playback, floating window, preload) using Kotlin coroutines and idiomatic API, making the library accessible to Kotlin-first developers.

The codebase has moderate security concerns primarily related to build configuration and potential credential exposure. The most critical issue is the presence of a keystore file (devlin.jks) in version control, which poses immediate risk to the application's signing credentials. Additional concerns include outdated build tools and dependencies that may contain known vulnerabilities, and the use of a deprecated Maven repository. The video player functionality itself appears well-architected with factory patterns and abstraction, but input validation practices are not clearly evident from the static structure analysis. Immediate remediation should focus on removing the keystore file and

• High · Potential Keystore Exposure — devlin.jks (root directory). A file named 'devlin.jks' is present in the root directory. This appears to be a Java keystore file used for signing Android applications. Storing keystore files in version control repositories is a major security risk as it contains sensitive signing credentials that could be used to sign malicious APKs impersonating the legitimate application. Fix: Remove the keystore file from the repository immediately. Add '.jks', '.keystore', and '*.p12' to .gitignore. Store keystore files securely outside the repository, preferably in a secure key management system or CI/CD secrets manager.
• Medium · Outdated Gradle Build Plugin — build.gradle - classpath 'com.android.tools.build:gradle:7.1.2'. The project uses gradle plugin version 7.1.2 which is outdated. Current stable versions are 8.x+. Outdated build tools may contain known security vulnerabilities and lack important security features introduced in newer versions. Fix: Update to the latest stable version of the Android Gradle Plugin (currently 8.x). Review the Android Gradle Plugin release notes for security improvements.
• Medium · Outdated Kotlin Version — build.gradle - ext.kotlin_version = '1.6.21'. The project uses Kotlin version 1.6.21, which is significantly outdated. Current versions are 1.9.x+. Outdated Kotlin versions may contain security vulnerabilities and lack modern security features. Fix: Update Kotlin to the latest stable version (1.9.x or higher). Test thoroughly after the upgrade to ensure compatibility with all dependencies.
• Medium · Use of jcenter Repository (Deprecated) — build.gradle - repositories { ... jcenter() ... }. The build configuration includes 'jcenter()' repository which was sunset by JFrog on March 31, 2022. Relying on a deprecated repository can lead to unavailable dependencies and potential security risks from stale or compromised packages. Fix: Remove jcenter() from the repositories list. Ensure all dependencies are available from mavenCentral() or google(). Update all dependencies to versions available in active repositories.
• Low · Commented-out Repository Configuration — build.gradle - commented '//mavenLocal()'. The mavenLocal() repository is commented out in the buildscript repositories. While currently disabled, if accidentally uncommented, it could allow loading artifacts from the local Maven repository, potentially from untrusted sources if the local repository has been compromised. Fix: Remove the commented mavenLocal() entries. If local development is needed, use explicit profiles or build configuration instead. Document approved artifact sources in the project documentation.
• Low · Missing Input Validation Framework Evidence — dkplayer-java/src/main/java/xyz/doikki/videoplayer/player/ (BaseVideoView.java, VideoView.java, AbstractPlayer.java). The codebase appears to handle media URLs and user input through video players and controllers. Without evidence of comprehensive input validation, there could be risks of malicious URLs or content injection through controller interfaces or media source handling. Fix: Implement strict input validation for all media URLs and user-provided input. Use allowlist-based validation for protocols (http, https only). Implement URL scheme validation to prevent navigation to untrusted content.
• Low · No Visible Security Policy — Repository root. No SECURITY.md file or security policy is evident in the repository structure. This makes it difficult for security researchers to report vulnerabilities responsibly. Fix: Create a SECURITY.md file in the repository root that outlines the security vulnerability reporting process, responsible disclosure guidelines, and contact information for security issues.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.