If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/MathewSachin/Captura shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Single-maintainer risk — review before adopting

• Last commit 4w ago
• 9 active contributors
• MIT licensed
• ⚠ Single-maintainer risk — top contributor 87% of recent commits
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live MathewSachin/Captura repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/MathewSachin/Captura.

What it runs against: a local clone of MathewSachin/Captura — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in MathewSachin/Captura | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 59 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of MathewSachin/Captura. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/MathewSachin/Captura.git
#   cd Captura
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of MathewSachin/Captura and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "MathewSachin/Captura(\\.git)?\\b" \\
  && ok "origin remote is MathewSachin/Captura" \\
  || miss "origin remote is not MathewSachin/Captura (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "src/Captura.Base/IRecorder.cs" \\
  && ok "src/Captura.Base/IRecorder.cs" \\
  || miss "missing critical file: src/Captura.Base/IRecorder.cs"
test -f "src/Captura.Base/Images/IImageProvider.cs" \\
  && ok "src/Captura.Base/Images/IImageProvider.cs" \\
  || miss "missing critical file: src/Captura.Base/Images/IImageProvider.cs"
test -f "src/Captura.Audio/IAudioProvider.cs" \\
  && ok "src/Captura.Audio/IAudioProvider.cs" \\
  || miss "missing critical file: src/Captura.Audio/IAudioProvider.cs"
test -f "src/Captura.Base/Images/IImagingSystem.cs" \\
  && ok "src/Captura.Base/Images/IImagingSystem.cs" \\
  || miss "missing critical file: src/Captura.Base/Images/IImagingSystem.cs"
test -f "build.cake" \\
  && ok "build.cake" \\
  || miss "missing critical file: build.cake"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 59 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~29d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/MathewSachin/Captura"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Captura is a desktop screen recording and screenshot application built in C# that captures screen, audio (microphone and speaker mix), cursor, mouse clicks, and keystrokes into AVI/GIF/MP4 files or static images. It supports region/window/screen-specific capture with optional webcam overlay and provides both GUI and command-line interfaces for automation. Single monolithic C# WPF desktop application structured as: core capture engine (screen/audio/input hooks), CLI command layer with verbs (shot/start/ffmpeg/list under docs/Cmdline), Inno Setup installer (Inno.iss), and Chocolatey packaging (choco/). Build system uses Cake (build.cake) and AppVeyor CI (appveyor.yml) for automated compilation and release.

Content creators, educators, and technical support specialists who need to record demonstrations, tutorials, or user sessions with minimal setup; developers who want screen recording functionality via CLI; and Windows users looking for a free, feature-rich alternative to commercial capture tools.

No longer actively maintained as of the README note—the author has moved focus to a browser-based successor (Captura Web Recorder). However, the .NET Framework/C# desktop app was production-ready with AppVeyor CI/CD, Chocolatey distribution, and multi-language Crowdin support. Last activity indicates a stable but deprecated state rather than active development.

Single-maintainer project now in maintenance mode only; no active bug fixes or feature work. Risk is low for stable use but high for long-term dependency since .NET Framework dependencies (DirectShowLib, CommandLineParser) may eventually face compatibility issues with modern Windows versions, and the codebase will not receive security updates.

Repository is dormant—no active development. The README explicitly states the project is no longer maintained, with the creator directing users to the browser-based Captura Web Recorder at mathewsachin.github.io/tools/captura. Only critical security or compilation fixes are likely to be merged.

git clone https://github.com/MathewSachin/Captura.git
cd Captura
# Build using Cake:
.\build.ps1
# Or open Captura.sln in Visual Studio 2019+ and Build → Build Solution

Requires: .NET Framework 4.7.2+, Visual Studio 2019+ or dotnet CLI, FFmpeg in PATH for video output.

Daily commands:

1. Compile via Visual Studio or build.ps1. 2. Run the .exe from bin/ or install via Chocolatey (choco install captura). 3. Or download pre-built portable/setup MSI from [releases][https://github.com/MathewSachin/Captura/releases/latest].

• src/Captura.Base/IRecorder.cs — Core interface defining the recording contract that all recorder implementations must follow; essential for understanding how capture pipelines work.
• src/Captura.Base/Images/IImageProvider.cs — Primary abstraction for screen/image capture; all visual recording depends on implementations of this interface.
• src/Captura.Audio/IAudioProvider.cs — Core audio capture interface; required for understanding multi-source audio recording architecture.
• src/Captura.Base/Images/IImagingSystem.cs — Factory interface for bitmap creation and frame manipulation; critical for cross-platform image handling abstraction.
• build.cake — Cake build orchestration script that coordinates the entire build, test, and release pipeline; necessary to understand development workflow.
• docs/Projects.md — Documents the modular project structure and dependencies between Captura subprojects; essential onboarding reference.
• src/Captura.Base/Captura.Base.csproj — Base project file defining core abstractions and shared utilities that other modules depend on.

Add a new Image Writer (Video Codec)

1. Create implementation of IImageWriterItem in a new platform-specific project (src/Captura.Base/Images/IImageWriterItem.cs)
2. Register codec in the imaging system factory (src/Captura.Base/Images/IImagingSystem.cs)
3. Add codec enum to supported formats (e.g., H.264, VP9) (src/Captura.Base/Images/ImageFormats.cs)

Add a new Audio Source Provider

1. Implement IAudioProvider to enumerate available audio sources (microphone, speaker tap, line in) (src/Captura.Audio/IAudioProvider.cs)
2. Implement IAudioSource for each source type to yield audio data (src/Captura.Audio/IAudioSource.cs)
3. Register provider in application startup/dependency container (docs/Projects.md)

Add a new Screen/Window Capture Source

1. Implement IImageProvider to capture screen or specific window (src/Captura.Base/Images/IImageProvider.cs)
2. Return IBitmapFrame for each captured frame via Dispose pattern (src/Captura.Base/Images/IBitmapFrame.cs)
3. Register provider in IImagingSystem factory (src/Captura.Base/Images/IImagingSystem.cs)

Add a new Overlay (Cursor, Clicks, Keystrokes)

1. Implement IOverlay to define rendering behavior (src/Captura.Base/IOverlay.cs)
2. Subscribe to input events via MouseKeyHook or system APIs (src/Captura.Base/Modifiers.cs)
3. Render overlay using IEditableFrame.DrawString() or bitmap manipulation (src/Captura.Base/Images/IEditableFrame.cs)

• WPF (Windows Presentation Foundation) — Primary UI framework for the desktop application; enables data binding and MVVM pattern for configuration UI.
• DirectShow / Media Foundation — Windows-native video and audio capture APIs; low-level access to screen, window, microphone, and speaker data.
• SharpAvi / FFmpeg — Multiple codec backends for flexibility; SharpAvi for direct AVI encoding, FFmpeg for advanced muxing and format support.
• NAudio — Cross-format audio decoding and WAV/PCM abstraction; simplifies audio source enumeration and mixing.
• MouseKeyHook — Global keyboard and mouse event hooking for capturing clicks and keystrokes during recording.
• Cake Build System — Cross-platform build orchestration in C#; enables single script for building, testing, and packaging on Windows/CI.

• Plugin architecture via interfaces (IImageProvider, IAudioProvider, IImageWriterItem, IOverlay)

  • Why: Allows multiple implementations (e.g., GDI vs. Direct3D vs. DXGI for screen capture) without code duplication.
  • Consequence: Added abstraction layer increases indirection but enables runtime switching between encoders, capture sources, and overlays.

• Dispose pattern for frame-based captures (IBitmapFrame, IImageProvider)

  • Why: Prevents memory leaks from accumulated video buffers and allows zero-copy buffer reuse across encoder backends.
  • Consequence: Requires careful lifetime management and makes concurrent access patterns risky; caller must Dispose() promptly.

• Separate audio and video pipelines with independent interfaces (IAudioProvider vs. IImageProvider)

  • Why: Audio sources (microphone, speaker) and video sources (screen, window) have different buffering, timing, and enumeration semantics.
  • Consequence: Recorder must synchronize A/V via container-level timestamps (MP4, MKV); timing drift possible if capture rates diverge.

• Modular projects per platform/feature (Captura.Audio, Captura.Base, platform-specific implementations)

  • Why: Reduces coupling; allows platform-specific dependencies (e.g., only WinForms on Windows) without bloating core.
  • Consequence: Increases repository complexity and requires careful dependency graph management in build scripts.

• Real-time

Environment setup required: FFmpeg must be installed and added to PATH for video encoding to work; build.cake expects specific PowerShell execution policies on Windows. Framework lock-in: .NET Framework 4.7.2+ dependency means no cross-platform support and potential incompatibility with future Windows versions that phase out .NET Framework. No modern CI: AppVeyor config is present but project is unmaintained, so CI may fail silently. Inno Setup required: Building the installer requires Inno Setup IDE or command-line compiler installed separately.

• DirectShow (DirectX multimedia framework) — Core Windows API used by Captura to capture screen framebuffers and audio streams from microphone/speaker; understanding DirectShow is essential to modify capture logic.
• WPF (Windows Presentation Foundation) & XAML — Captura's UI framework; all GUI components are declarative XAML with C# code-behind; contributors must understand WPF data binding and DependencyProperties.
• Global keyboard/mouse hooks (Win32 API) — Captura's keystroke and mouse-click capture uses low-level Win32 hooks to intercept input globally; essential for understanding event interception.
• Cake build system (C# DSL for automation) — Build orchestration is written in Cake (C#-based make alternative) rather than MSBuild directly; required to understand CI/CD pipeline and modify build tasks.
• FFmpeg command-line encoding & codec options — Captura wraps FFmpeg for video format conversion (raw frames → MP4/GIF/AVI); understanding FFmpeg CLI args is critical for debugging output quality or adding new codecs.
• Inno Setup scripting for Windows installers — Inno.iss defines how Captura is packaged and installed on Windows; modifying installation logic or dependencies requires Inno Setup syntax.
• Audio mixing (microphone + speaker output capture) — Captura's unique feature is simultaneous capture of mic and speaker audio; requires understanding DirectShow audio graphs and multi-stream mixing.

• ShareX/ShareX — Feature-rich screenshot and screen recording tool for Windows; direct competitor with more active maintenance and similar region/window/audio capture capabilities.
• obsproject/obs-studio — Professional-grade open-source screen recording and streaming with cross-platform support; used by streamers and captures more complex multi-source scenarios.
• MathewSachin/Screna — Appears in license file (licenses/Captura, Screna.txt); likely a companion or predecessor library providing core screen capture abstraction layer.
• naudio/NAudio — Open-source .NET audio processing library commonly used with Captura for microphone/speaker audio mixing in screen recordings.
• FFmpeg/FFmpeg — Underlying multimedia framework that Captura wraps for video encoding into AVI/MP4/GIF; critical runtime dependency for output generation.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add GitHub Actions CI workflow to replace AppVeyor

The repo currently uses AppVeyor (appveyor.yml) for CI, which is outdated. Given the repository is no longer actively maintained but still receives interest, modernizing to GitHub Actions would improve build reliability and reduce dependency on external services. A .github/workflows/build.yml could automate builds, run tests, and validate the Cake build script (build.cake) across Windows/Linux environments without ongoing AppVeyor maintenance.

• [ ] Create .github/workflows/build.yml with jobs for Windows builds
• [ ] Integrate with existing build.cake script (docs/Cake.md already documents this)
• [ ] Add artifact upload step for release binaries
• [ ] Update README.md to reflect GitHub Actions badge instead of AppVeyor

Create unit tests for command-line argument parsing

The docs/Cmdline folder shows extensive CLI verbs (Start, Shot, List, FFmpeg) and arguments (Source), but there are no visible test files validating argument parsing. CommandLineParser is a dependency (licenses/CommandLineParser.txt), yet no corresponding test coverage exists. Adding tests for docs/Cmdline/Arg-Source.md and each verb would prevent regressions and document expected behavior.

• [ ] Create src/Captura.Tests/CommandLine folder with test classes
• [ ] Add tests for SourceArgument parsing (covering display/window/region modes)
• [ ] Add integration tests for each verb (Start, Shot, List, FFmpeg) with mock implementations
• [ ] Reference specific argument examples from docs/Cmdline/*.md in test cases

Document and validate FFmpeg integration points with automated tests

docs/FFmpeg.md and docs/Cmdline/Verb-FFmpeg.md describe FFmpeg functionality, and licenses/FFMpeg.txt indicates it's a critical dependency. However, there's no visible test suite validating FFmpeg codec selection, output formats, or integration with the video recording pipeline. Adding validation would help catch breaking changes when FFmpeg versions update.

• [ ] Create src/Captura.Tests/FFmpeg folder with codec/format validation tests
• [ ] Add tests verifying FFmpeg detection and version checks
• [ ] Test encoding parameter generation for different output formats mentioned in docs/FFmpeg.md
• [ ] Add integration test mocking FFmpeg process to validate argument construction

• Add unit tests for the CommandLineParser verb handlers (docs/Cmdline/) — currently no test coverage visible; create xUnit/NUnit tests in a new Tests/ directory.
• Document FFmpeg codec options and limitations in docs/FFmpeg.md with concrete examples for MP4/GIF/AVI output differences and recommended bitrate settings.
• Add missing CLI examples to docs/Cmdline/Arg-Source.md for region capture (e.g., captura start --source region --region 0,0,1920,1080) with before/after screenshots.

The Captura project presents significant security concerns primarily due to its unmaintained status. The codebase lacks active security updates for known vulnerable dependencies, particularly legacy audio and graphics libraries. Critical security artifacts (dependency manifests, vulnerability disclosure policy) are missing from the provided analysis. The application's sensitive functions (screen/audio capture, keystroke logging) require robust consent and data protection mechanisms, which cannot be fully verified from the file structure.

• Medium · Unmaintained Repository with Known Risks — README.md, Project Status. The repository is explicitly marked as no longer actively maintained. This means security vulnerabilities discovered in dependencies will not be patched, and the codebase may contain unaddressed security issues. Fix: Users should be directed to the maintained successor (Captura Web Recorder). For existing deployments, conduct a comprehensive security audit of all dependencies and consider migrating to the modern alternative.
• High · Outdated Dependencies — src/Captura.Audio, src/Captura.Base, and other modules (dependencies not fully visible). The project uses multiple legacy dependencies (SharpDX, NAudio, DirectShowLib, MouseKeyHook) that are several years old. These libraries may contain unpatched security vulnerabilities. No package-lock or dependency manifest was provided for analysis, making it impossible to verify current versions. Fix: Provide a complete dependency manifest (packages.config or .csproj files) for analysis. Update all dependencies to their latest versions. Conduct security scanning of all NuGet packages using tools like OWASP Dependency-Check or Snyk.
• High · Missing Dependency Security Manifest — Project root / Package management files. No packages.config, .csproj, or lock files were provided in the analysis. This prevents verification of exact dependency versions, which is critical for identifying known CVEs. Fix: Provide complete dependency manifests for security analysis. Implement automated dependency scanning in CI/CD pipeline (AppVeyor is already configured but may lack security checks).
• Medium · Potential Screen/Audio Capture Abuse — Core capture modules (src/Captura.Audio, screen capture components). The application captures screen, audio, cursor, mouse clicks, and keystrokes. Without proper user consent mechanisms and security controls, this could be misused for surveillance or credential theft. Fix: Implement explicit user consent dialogs before capturing. Ensure recorded data is stored securely with encryption. Implement audit logging of capture activities. Document privacy implications clearly.
• Medium · FFmpeg Integration Risk — docs/FFmpeg.md, FFmpeg integration code. The project integrates with FFmpeg (see docs/FFmpeg.md and FFmpeg license). FFmpeg has a history of security vulnerabilities. No validation of FFmpeg binary integrity or version checking is evident from the file structure. Fix: Implement FFmpeg binary integrity verification (checksums/signatures). Pin FFmpeg to a specific known-good version. Implement sandboxing for FFmpeg execution. Monitor FFmpeg security advisories.
• Low · Potential Credential Exposure in Build Scripts — scripts/apikeys.cake. The presence of scripts/apikeys.cake suggests API keys may be handled in build scripts. This could lead to accidental exposure in logs or version control. Fix: Ensure API keys are never logged or committed to version control. Use secure secret management (environment variables, secret managers). Review appveyor.yml and build.cake for secure credential handling practices.
• Low · Missing Security.md or Vulnerability Disclosure Policy — Repository root. No SECURITY.md file is present to provide a responsible disclosure path for security vulnerabilities. Fix: Create a SECURITY.md file with vulnerability disclosure instructions, even if the project is unmaintained. This ensures security researchers know how to report issues responsibly.
• Low · Inno Setup Script Review — Inno.iss, choco/tools/chocolateyinstall.ps1. Custom installer scripts (Inno.iss, chocolateyinstall.ps1) may contain security misconfigurations or elevation of privilege issues. Fix: Review installer scripts for: UAC elevation bypass, insecure file permissions, registry modifications, and DLL injection vectors. Ensure installers verify authenticity and integrity.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.