If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/nilaoda/N_m3u8DL-RE shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 4mo ago
• 16 active contributors
• MIT licensed
• CI configured
• Tests present
• ⚠ Slowing — last commit 4mo ago
• ⚠ Single-maintainer risk — top contributor 80% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live nilaoda/N_m3u8DL-RE repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/nilaoda/N_m3u8DL-RE.

What it runs against: a local clone of nilaoda/N_m3u8DL-RE — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in nilaoda/N_m3u8DL-RE | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 161 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of nilaoda/N_m3u8DL-RE. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/nilaoda/N_m3u8DL-RE.git
#   cd N_m3u8DL-RE
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of nilaoda/N_m3u8DL-RE and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "nilaoda/N_m3u8DL-RE(\\.git)?\\b" \\
  && ok "origin remote is nilaoda/N_m3u8DL-RE" \\
  || miss "origin remote is not nilaoda/N_m3u8DL-RE (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 4. Critical files exist
test -f "src/N_m3u8DL-RE.Parser/StreamExtractor.cs" \\
  && ok "src/N_m3u8DL-RE.Parser/StreamExtractor.cs" \\
  || miss "missing critical file: src/N_m3u8DL-RE.Parser/StreamExtractor.cs"
test -f "src/N_m3u8DL-RE/DownloadManager/SimpleDownloadManager.cs" \\
  && ok "src/N_m3u8DL-RE/DownloadManager/SimpleDownloadManager.cs" \\
  || miss "missing critical file: src/N_m3u8DL-RE/DownloadManager/SimpleDownloadManager.cs"
test -f "src/N_m3u8DL-RE/CommandLine/CommandInvoker.cs" \\
  && ok "src/N_m3u8DL-RE/CommandLine/CommandInvoker.cs" \\
  || miss "missing critical file: src/N_m3u8DL-RE/CommandLine/CommandInvoker.cs"
test -f "src/N_m3u8DL-RE.Parser/Extractor/DASHExtractor2.cs" \\
  && ok "src/N_m3u8DL-RE.Parser/Extractor/DASHExtractor2.cs" \\
  || miss "missing critical file: src/N_m3u8DL-RE.Parser/Extractor/DASHExtractor2.cs"
test -f "src/N_m3u8DL-RE.Parser/Extractor/HLSExtractor.cs" \\
  && ok "src/N_m3u8DL-RE.Parser/Extractor/HLSExtractor.cs" \\
  || miss "missing critical file: src/N_m3u8DL-RE.Parser/Extractor/HLSExtractor.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 161 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~131d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/nilaoda/N_m3u8DL-RE"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

N_m3u8DL-RE is a cross-platform CLI downloader written in C# that handles DASH/HLS/MSS streaming protocols for both on-demand and live content. It parses MPD (DASH), M3U8 (HLS), and ISM (Microsoft Smooth Streaming) manifests, extracts individual media segments, applies decryption, and assembles them into playable media files. Modular C# project structure: src/N_m3u8DL-RE.Common contains shared entities (EncryptInfo, MediaSegment, Playlist), Enum definitions, logging, and utilities; src/N_m3u8DL-RE.Parser contains format-specific extractors (DASHExtractor2, HLSExtractor, LiveTSExtractor) and tag parsers (DASHTags, HLSTags, MSSTags). Entry point is the CLI with command-line argument parsing (--thread-count, --save-pattern, --auto-select, etc.).

Content preservation enthusiasts, media researchers, and developers needing to archive or process streaming video/audio who want a single tool supporting multiple streaming standards without proprietary player dependencies.

Actively maintained and production-ready. The repo shows consistent commits (indicated by recent workflow actions and the build_latest.yml CI setup), star activity, and multi-language localization (English/简体中文/繁體中文 support). Beta badge in README suggests cautious but confident deployment readiness.

Single-maintainer project (nilaoda) carries long-term maintenance risk. The codebase is C#-only with .NET runtime dependency, which may limit platform reach despite 'cross-platform' claims. No visible test suite in the file list is a concern for regression detection. Live stream handling adds complexity that could have edge cases.

The repo is actively developed with the latest workflow build dated in the file structure (build_latest.yml). Version timestamp in README shows 20251027, indicating recent releases. Focus appears to be on stability and platform support (Arch Linux AUR entries mentioned, cmder terminal compatibility documented).

Clone the repo: git clone https://github.com/nilaoda/N_m3u8DL-RE.git && cd N_m3u8DL-RE. Build with dotnet build (standard C# project structure in src/). Download latest release from GitHub Releases or Actions page, or download pre-built binaries for your platform.

Daily commands: CLI binary accepts stream URL/file: N_m3u8DL-RE <input> [options]. Example: N_m3u8DL-RE 'https://example.com/playlist.m3u8' --save-dir ./output --thread-count 8 --auto-select. For development, build the solution with dotnet build src/N_m3u8DL-RE.sln.

• src/N_m3u8DL-RE.Parser/StreamExtractor.cs — Core entry point that orchestrates extraction logic for different manifest types (DASH/HLS/MSS); any changes to stream detection affect all download flows
• src/N_m3u8DL-RE/DownloadManager/SimpleDownloadManager.cs — Primary download orchestration engine; handles segment retrieval, decryption, and retry logic that all download operations depend on
• src/N_m3u8DL-RE/CommandLine/CommandInvoker.cs — Parses command-line arguments and routes to appropriate download workflows; every user interaction starts here
• src/N_m3u8DL-RE.Parser/Extractor/DASHExtractor2.cs — DASH manifest parser; implements MPD parsing logic that handles most commercial streaming services
• src/N_m3u8DL-RE.Parser/Extractor/HLSExtractor.cs — HLS manifest parser; processes M3U8 playlists including key management and segment extraction
• src/N_m3u8DL-RE.Common/Util/HTTPUtil.cs — Centralized HTTP client handling; manages all network requests, headers, and retries across the application
• src/N_m3u8DL-RE/Crypto/AESUtil.cs — AES decryption implementation for encrypted segments; critical for handling DRM-protected streams

Add support for a new manifest format

1. Create a new extractor by implementing IExtractor interface (src/N_m3u8DL-RE.Parser/Extractor/IExtractor.cs)
2. Add the extractor class (e.g., YourFormatExtractor.cs) in src/N_m3u8DL-RE.Parser/Extractor/ (src/N_m3u8DL-RE.Parser/Extractor/)
3. Create corresponding ContentProcessor in src/N_m3u8DL-RE.Parser/Processor/YourFormat/ (src/N_m3u8DL-RE.Parser/Processor/)
4. Register the extractor type in ExtractorType enum (src/N_m3u8DL-RE.Common/Enum/ExtractorType.cs)
5. Update StreamExtractor.cs to detect and route to your new extractor (src/N_m3u8DL-RE.Parser/StreamExtractor.cs)

Add support for a new encryption cipher

1. Create cipher utility class in src/N_m3u8DL-RE/Crypto/ (e.g., NewCipherUtil.cs) (src/N_m3u8DL-RE/Crypto/)
2. Add new EncryptMethod enum value for your cipher (src/N_m3u8DL-RE.Common/Enum/EncryptMethod.cs)
3. Update SimpleDownloadManager.cs to call your cipher decryption in the segment download loop (src/N_m3u8DL-RE/DownloadManager/SimpleDownloadManager.cs)
4. Update relevant key processors (e.g., DefaultHLSKeyProcessor.cs) to parse and load your cipher keys (src/N_m3u8DL-RE.Parser/Processor/HLS/DefaultHLSKeyProcessor.cs)

Add a new subtitle format support

1. Create subtitle entity class in src/N_m3u8DL-RE.Common/Entity/ (e.g., NewSubFormat.cs) (src/N_m3u8DL-RE.Common/Entity/)
2. If embedding in MP4, create utility in src/N_m3u8DL-RE.Parser/Mp4/ (e.g., MP4NewSubUtil.cs) (src/N_m3u8DL-RE.Parser/Mp4/)
3. Update extractors (DASHExtractor2.cs, HLSExtractor.cs) to parse your subtitle format from manifests (src/N_m3u8DL-RE.Parser/Extractor/DASHExtractor2.cs)
4. Integrate subtitle embedding into SimpleDownloadManager.cs post-processing logic (src/N_m3u8DL-RE/DownloadManager/SimpleDownloadManager.cs)

Add a new command-line option

1. Add the option definition to CommandInvoker.cs (src/N_m3u8DL-RE/CommandLine/CommandInvoker.cs)
2. Add corresponding property to DownloaderConfig.cs (src/N_m3u8DL-RE/Config/DownloaderConfig.cs)
3. Parse the option value in ComplexParamParser.cs if it requires custom parsing (src/N)

No .gitignore violations visible, but watch for .NET cache directories (bin/, obj/) not being cleaned between builds. The --force-ansi-console and --no-ansi-color flags suggest terminal compatibility issues on older Windows; test interactive mode on legacy systems. Live stream handling in LiveTSExtractor may have timing edge cases for slow networks (--http-request-timeout default 100s). Encryption key retrieval depends on manifest-provided URIs; malformed or redirect-heavy key endpoints could fail silently. No visible test suite means regression risk on parser changes—manually test against TestStreams.md before committing.

• DASH (Dynamic Adaptive Streaming over HTTP) — Primary streaming standard handled by DASHExtractor2.cs; requires understanding adaptation sets, representations, initialization segments, and byte-range requests.
• HLS (HTTP Live Streaming) — Core protocol parsed by HLSExtractor.cs; uses M3U8 playlists with EXT-X- tags, encryption, and segment sequencing logic.
• AES-128 Stream Cipher — Primary encryption method in HLS streams; EncryptInfo.cs manages key retrieval and IV application for segment decryption.
• Media Segment & Initialization Segment — DASH concept: init segments carry codec/timing headers; media segments carry frame data. MediaSegment.cs models both; extractors must fetch init before media.
• Adaptive Bitrate Streaming — All three protocols support multiple quality/bandwidth variants; --auto-select feature picks optimal bitrate based on device/network.
• Byte Range Requests (HTTP 206) — DASH/ISM use byte-range headers to fetch partial segments from single files; HTTPUtil.cs must construct Range headers correctly.
• WebVTT Subtitles — Media streams include subtitle tracks in WebVTT format; WebVttSub.cs and SubCue.cs parse timing cues and text for side-car subtitle files.

• yt-dlp/yt-dlp — Popular all-in-one media downloader supporting HLS/DASH; shares protocol extraction logic but broader media platform coverage.
• streamlink/streamlink — Python-based streaming extractor and player; focuses on live streams and offers plugin architecture vs N_m3u8DL-RE's multi-format CLI approach.
• FFmpeg/FFmpeg — De-facto standard for media segment decoding and muxing; N_m3u8DL-RE likely integrates or post-processes with FFmpeg for final output.
• grafana/loki — Logging solution used by large projects; relevant if N_m3u8DL-RE adds structured logging/observability for batch downloads.
• shaka-project/shaka-player — Google's DASH/HLS reference player; useful for understanding manifest compliance and segment fetch patterns that N_m3u8DL-RE must replicate.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for MP4Parser and MP4InitUtil in src/N_m3u8DL-RE.Parser/Mp4/

The MP4 parsing module (MP4Parser.cs, MP4InitUtil.cs, MP4VttUtil.cs, MP4TtmlUtil.cs) handles critical binary data processing for multiple subtitle and initialization formats, but there are no visible test files for this complex logic. This is a high-risk area for bugs since MP4 parsing is format-sensitive and used across DASH/HLS/MSS extractors. Adding unit tests would catch regressions early.

• [ ] Create src/N_m3u8DL-RE.Parser.Tests/ directory structure
• [ ] Add test fixtures with sample MP4 init segments and subtitle tracks
• [ ] Write unit tests for MP4Parser.cs covering box parsing, atom traversal, and error handling
• [ ] Write unit tests for MP4InitUtil.cs covering MOOV box extraction and format validation
• [ ] Write unit tests for MP4VttUtil.cs and MP4TtmlUtil.cs subtitle extraction
• [ ] Add test configuration to the build workflow (build_latest.yml)

Add integration tests for HLSExtractor and DASHExtractor2 playlist parsing

The extractors (HLSExtractor.cs, DASHExtractor2.cs, MSSExtractor.cs, LiveTSExtractor.cs) are core components that parse different streaming manifest formats, but there's no visible test suite validating parsing correctness against real-world manifests. TestStreams.md suggests test streams exist but aren't formally integrated into CI. Adding structured tests with sample manifests would prevent parsing regressions.

• [ ] Create test manifest fixtures in src/N_m3u8DL-RE.Parser.Tests/Assets/ for HLS (various tag combinations), DASH (MPD variants), MSS (ISM), and LiveTS
• [ ] Write integration tests in src/N_m3u8DL-RE.Parser.Tests/ validating Playlist/StreamSpec output against expected values
• [ ] Test edge cases: missing tags, malformed URLs, relative path resolution, encryption detection
• [ ] Add GitHub Action workflow job (in .github/workflows/build_latest.yml) to run extractor tests on each commit
• [ ] Document test manifest sources in CONTRIBUTING.md or testing guide

Add comprehensive error handling and validation tests for HTTPUtil in src/N_m3u8DL-RE.Common/Util/

HTTPUtil.cs is a critical component used across all extractors for network requests, but there's no visible test coverage for network error scenarios (timeouts, retries, SSL failures, redirects, rate limiting). The RetryUtil.cs also lacks tests. These utilities directly impact reliability across all download scenarios. Adding tests would validate resilience.

• [ ] Create src/N_m3u8DL-RE.Common.Tests/Util/ directory
• [ ] Write unit tests for HTTPUtil.cs covering: successful requests, timeouts, connection errors, HTTP error codes (4xx/5xx), redirects, cookie handling
• [ ] Write unit tests for RetryUtil.cs covering: retry logic, backoff strategy, max retry limits, exception types
• [ ] Mock HTTP client responses using a testing framework (e.g., Moq)
• [ ] Add tests for concurrent request handling and connection pooling if applicable
• [ ] Update .csproj files to include test projects and ensure CI runs these tests

• Add unit test coverage for src/N_m3u8DL-RE.Parser/Extractor/HLSExtractor.cs parsing logic against real HLS M3U8 manifests listed in TestStreams.md; currently no test files visible.
• Implement retry logic in HTTPUtil.cs for transient 5xx errors (currently only retries on download, not on initial key fetch or manifest request).
• Document the save-pattern variable expansion system (--save-pattern '<SaveName><Resolution><Bandwidth>') with examples in README showing real output filenames for each variable.

The N_m3u8DL-RE codebase appears to be a well-structured media downloader with moderate security posture. Primary concerns include: (1) Path traversal risks during file operations when processing untrusted manifest data, (2) potential HTTP/

• Medium · Potential Insecure HTTP Usage in HTTPUtil — src/N_m3u8DL-RE.Common/Util/HTTPUtil.cs. The HTTPUtil.cs file likely handles HTTP requests for downloading streams. Without inspection of the actual code, there's a risk that HTTPS validation may be disabled or insecure SSL/TLS settings could be used, especially when downloading content from untrusted sources. Fix: Ensure proper HTTPS certificate validation is enforced. Disable SSL bypass options in production. Implement certificate pinning for critical connections if applicable.
• Medium · Potential Command Injection via Stream Processing — src/N_m3u8DL-RE.Parser/Extractor/ and src/N_m3u8DL-RE/. The application processes M3U8/MPD/ISM manifests and downloads streams. If URL parameters or manifest content are not properly validated before being used in file operations or external process calls, command injection vulnerabilities could exist. Fix: Implement strict input validation and sanitization for all manifest URLs and parameters. Use parameterized APIs instead of string concatenation for file operations. Avoid using shell/command execution when possible.
• Medium · Path Traversal Risk in File Operations — src/N_m3u8DL-RE.Parser/Processor/ and download logic. The application downloads and saves media files to disk. Without proper path validation, an attacker could craft malicious manifest files with path traversal sequences (e.g., '../../../etc/passwd') to write files outside intended directories. Fix: Validate and sanitize all file paths before writing. Use Path.GetFullPath() and verify the path stays within the intended download directory. Reject paths containing '..' sequences.
• Low · Sensitive Information Logging — src/N_m3u8DL-RE.Common/Log/Logger.cs. The Logger.cs component logs application activity. If URLs, headers, or other sensitive data from manifests are logged, this information could be exposed in log files or debug output. Fix: Implement secure logging practices: avoid logging URLs with authentication tokens, sensitive headers, or user data. Implement log rotation and ensure logs are stored securely with restricted access.
• Low · Dependency Management Visibility — src/N_m3u8DL-RE.Common/N_m3u8DL-RE.Common.csproj and other .csproj files. No dependency file (package.json, packages.config, .csproj content for NuGet packages) was provided for analysis. Potential vulnerable transitive dependencies could exist. Fix: Maintain an up-to-date inventory of all NuGet package dependencies. Regularly run 'dotnet list package --vulnerable' to identify and update security patches. Use dependency scanning tools in CI/CD pipeline.
• Low · Potential XXE Vulnerability in XML Parsing — src/N_m3u8DL-RE.Parser/Extractor/DASHExtractor2.cs and src/N_m3u8DL-RE.Parser/Extractor/MSSExtractor.cs. The application parses DASH MPD files (XML) and MSS manifests which may contain XML content. If XML parsing is not configured securely, XXE (XML External Entity) attacks could be possible. Fix: Disable external DTD processing and entity expansion in XML parsers. For .NET, ensure XmlReaderSettings has appropriate security settings: ProhibitDtd = true and XmlResolver = null.
• Low · Base64 Decoding Without Validation — src/N_m3u8DL-RE.Common/JsonConverter/BytesBase64Converter.cs. BytesBase64Converter.cs handles Base64 conversion, likely for encryption keys or data. Improper error handling during decoding could lead to unexpected behavior. Fix: Implement proper exception handling for Base64 decoding. Validate Base64 input format and length before processing. Log decoding failures appropriately.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.