If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/olive-editor/olive shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 1y ago

• 6 active contributors
• GPL-3.0 licensed
• CI configured
• ⚠ Stale — last commit 1y ago
• ⚠ Concentrated ownership — top contributor handles 64% of recent commits
• ⚠ GPL-3.0 is copyleft — check downstream compatibility
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live olive-editor/olive repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/olive-editor/olive.

What it runs against: a local clone of olive-editor/olive — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in olive-editor/olive | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 550 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of olive-editor/olive. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/olive-editor/olive.git
#   cd olive
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of olive-editor/olive and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "olive-editor/olive(\\.git)?\\b" \\
  && ok "origin remote is olive-editor/olive" \\
  || miss "origin remote is not olive-editor/olive (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "app/CMakeLists.txt" \\
  && ok "app/CMakeLists.txt" \\
  || miss "missing critical file: app/CMakeLists.txt"
test -f "CMakeLists.txt" \\
  && ok "CMakeLists.txt" \\
  || miss "missing critical file: CMakeLists.txt"
test -f "app/codec/frame.h" \\
  && ok "app/codec/frame.h" \\
  || miss "missing critical file: app/codec/frame.h"
test -f "app/codec/decoder.h" \\
  && ok "app/codec/decoder.h" \\
  || miss "missing critical file: app/codec/decoder.h"
test -f "app/audio/audiomanager.h" \\
  && ok "app/audio/audiomanager.h" \\
  || miss "missing critical file: app/audio/audiomanager.h"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 550 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~520d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/olive-editor/olive"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Olive is a free, open-source non-linear video editor (NLE) for Windows, macOS, and Linux that enables timeline-based video composition, editing, and export. It provides a full video editing suite with multi-track timeline support, codec handling via FFmpeg, GLSL-based GPU rendering, and node-based effect/color workflows—solving the gap between expensive proprietary editors (Adobe Premiere, DaVinci Resolve) and lighter linear editors. Monolithic C++ application with layered subsystems: app/audio/ handles audio pipeline (AudioManager, AudioProcessor, waveform visualization), app/codec/ wraps encoder/decoder/conformance logic around FFmpeg, app/cli/cliexport/ provides headless export, and presumed UI layer (not fully listed) handles the timeline and node editor. GLSL shaders (44K lines) drive GPU rendering.

Indie filmmakers, content creators, and video enthusiasts who need professional-grade NLE capabilities without subscription costs; open-source contributors interested in graphics pipelines, codec integration, and media processing; developers building custom video automation tools via the CLI export system (app/cli/cliexport/).

Explicitly alpha/unstable (v0.2.0-nightly as latest release per README). The codebase shows active development with CI/CD setup (.github/workflows/ci.yml), substantial C++ core (3.7M lines), and organized subsystems (audio/, codec/, ui/). However, the alpha warning and nightly-only releases indicate core stability issues remain—not production-ready for mission-critical work.

High risk for production use: alpha stability status, single-release history (0.1.0 → 0.2.0-nightly gap suggests development friction), and alpha disclaimer in README signal potential breaking changes and unresolved crashes (see ISSUE_TEMPLATE/01-crash_issue.md presence). No visible test suite structure in file listing (no tests/ or spec/ directory), and heavy dependency on FFmpeg for codec support creates external fragility. Unclear maintainer bandwidth from public data.

Active development tracked via GitHub Actions CI (.github/workflows/ci.yml). Issue templates reflect ongoing focus areas: playback, rendering, node system, codec/export, color management, and crash fixes. The nightly build suggests continuous integration; no specific PR/milestone data visible in file listing, but organizational structure (separate audio, codec, cli modules) shows architectural maturity work is ongoing.

git clone https://github.com/olive-editor/olive.git
cd olive
mkdir build && cd build
cmake ..
make -j$(nproc)
./olive

Note: Build dependencies not fully listed; see https://olivevideoeditor.org/compile for platform-specific requirements (likely Qt, FFmpeg, OpenGL, CMake 3.13+).

Daily commands: Post-build: ./olive (or ./build/olive depending on CMake install target). For CLI export (headless): ./olive-cliexport or equivalent (app/cli/cliexport/cliexportmanager.h suggests CLI entry point). Exact invocation depends on CMake install step; see CONTRIBUTING.md or compile guide.

• app/CMakeLists.txt — Root build configuration for the entire Olive application; defines compilation targets, dependencies, and platform-specific build rules
• CMakeLists.txt — Top-level CMake configuration orchestrating the entire project build; establishes version, feature flags, and external dependencies (FFmpeg, OIIO, OCIO)
• app/codec/frame.h — Core video frame abstraction; defines the data structure for in-memory video frames passed throughout the editor pipeline
• app/codec/decoder.h — Codec abstraction layer defining the interface for all video/audio decoders; base class for FFmpeg and OIIO implementations
• app/audio/audiomanager.h — Central audio playback and I/O management; coordinates audio device handling and processor chain during playback
• app/common/define.h — Global compile-time constants and macros; establishes conventions for version numbers, debug flags, and platform-specific branching
• app/codec/ffmpeg/ffmpegdecoder.h — FFmpeg-based decoder implementation; primary mechanism for reading video and audio files with broad codec support

• undefined — undefined

Add a new video codec decoder

1. Create decoder class inheriting from app/codec/decoder.h base interface (app/codec/mynewcodec/mynewdecoder.h)
2. Implement Decode() and FrameToBytes() methods matching the Decoder contract (app/codec/mynewcodec/mynewdecoder.cpp)
3. Register decoder in decoder factory or lookup mechanism (typically in decoder.cpp or decoder.h) (app/codec/decoder.cpp)
4. Add CMake target to app/codec/CMakeLists.txt linking required libraries (app/codec/CMakeLists.txt)

Add audio processing filter or effect

1. Create audio processor class inheriting from app/audio/audioprocessor.h (app/audio/myaudiofilter.h)
2. Implement Process() to modify audio buffer samples in-place or output new buffer (app/audio/myaudiofilter.cpp)
3. Register filter in AudioManager processor chain (app/audio/audiomanager.cpp) (app/audio/audiomanager.cpp)
4. Add UI parameters if needed in main application (UI layer not shown in file list) (app/audio/audiomanager.h)

Add export format or codec preset

1. Define new ExportFormat in app/codec/exportformat.h or extend enum (app/codec/exportformat.h)
2. Create matching ExportCodec configuration in app/codec/exportcodec.h (app/codec/exportcodec.h)
3. Implement encoder using FFmpegEncoder (app/codec/ffmpeg/ffmpegencoder.cpp) or OIIO backend (app/codec/ffmpeg/ffmpegencoder.cpp)
4. Register format in CLI export manager (app/cli/cliexport/cliexportmanager.cpp) to enable headless export (app/cli/cliexport/cliexportmanager.cpp)

• FFmpeg — Universal video/audio codec support across Windows, macOS, Linux; handles format detection, decoding, and encoding with hardware acceleration
• Qt — Cross-platform UI framework; appears in qtutils.h dependency; provides native look-and-feel on each OS and consistent widget rendering
• OIIO (OpenImageIO) — Professional image sequence and high-bit-depth image format support; enables VFX workflows with OpenEXR and DPX
• OpenColorIO (OCIO) — Industry-standard color space and LUT management; enables accurate color grading and display-referred workflows
• CMake — Cross-platform build system; manages FFmpeg, OIIO, OCIO as external dependencies and handles OS-specific compilation

• Separate Decoder and Encoder abstractions with multiple backend implementations (FFmpeg, OIIO)

  • Why: Allows pluggable codec support and graceful fallback; enables future hardware accelerators or custom codecs
  • Consequence: Code duplication across decoder types; codec selection logic must handle missing backends

• AudioProcessor as separate pipeline from video frame decoding

  • Why: Audio playback has different latency/buffering requirements than video frame delivery; allows real-time mixing and effects
  • Consequence: Audio/video sync requires careful timestamp management and buffer coordination

• Export via CLI tool (cliexportmanager) rather than embedding in main GUI thread

  • Why: Allows headless batch export, background processing, and server-side rendering without UI overhead
  • Consequence: Parameter passing and progress reporting requires IPC or file-based communication

• Real-time collaborative editing (no network sync shown)
• Streaming or playback from remote sources (file-based media only)
• GPU compute shader implementations for effects (CPU processing via plugins)
• Web-based viewer or browser integration

FFmpeg version fragility: encoder/decoder rely on FFmpeg stable ABI; version mismatches cause silent codec failures (no guarantee in codebase that versions are pinned). Qt platform-specific audio: AudioManager likely wraps Qt multimedia—behavior differs on Windows (DirectSound), macOS (CoreAudio), Linux (ALSA/PulseAudio); tests per platform are non-obvious. GPU rendering assumptions: GLSL shaders assume OpenGL 4.x+; no fallback software renderer visible, so older GPUs will crash silently. CLI export sandboxing: cliexportmanager has no version in filename; unclear if exports from different Olive versions can read the same project file (no schema versioning evident). No visible unit test suite: changes to audio/codec layers lack test coverage mechanism.

• Non-Linear Editing (NLE) — Core paradigm of Olive; NLE means timeline-based multi-track editing where clips can be rearranged non-destructively (vs. linear tape editing). Essential for understanding why the codebase has timeline, track, and sequence abstractions.
• Codec Conformance / Proxy Workflows — ConformManager (app/codec/conformmanager.h) creates optimized proxies for edit-time performance while preserving original quality for export. Common in professional NLEs; critical for why Olive transcodes media on import.
• GPU-Accelerated Rendering via GLSL — Olive uses OpenGL + GLSL shaders (44K lines) for real-time timeline playback and effects. Understanding the graphics pipeline is necessary for color correction, compositing, and performance debugging.
• Audio Sample Rate Conversion & Resampling — AudioProcessor and AudioManager must handle mixed sample rates (44.1kHz vs. 48kHz vs. 96kHz) from different source clips; resampling is non-trivial and affects sync and quality. Essential for why audio is a separate subsystem.
• FFmpeg libavcodec / libavformat API — Decoder and Encoder classes wrap FFmpeg's C API for codec abstraction. Understanding frame types (I/P/B), color spaces (YUV420p, RGB), and container formats (MP4, ProRes, DNxHD) is prerequisite for media pipeline work.
• Node-Based Effect Graphs — Multiple issue templates reference 'node_issue'; Olive implements compositing/color via node systems (like Blender Compositor or Nuke). Understanding DAG evaluation and dependency resolution matters for effect system contributions.
• Qt Framework (GUI, Threading, Signals/Slots) — UI layer built on Qt (inferred from mature NLE patterns and README mentioning Windows/macOS/Linux). Qt's signal/slot threading model and event loop are critical for real-time playback sync and responsive UI.

• shotcut/shotcut — Mature open-source NLE also using Qt/FFmpeg; good reference for production-ready patterns Olive is still achieving (more stable timeline, proven export workflows)
• mltframework/mlt — Multimedia framework underlying Shotcut and other editors; Olive could potentially adopt MLT instead of direct FFmpeg bindings for better codec abstraction
• DaVinciResolveCommunity/DaVinci_Resolve_Community — Proprietary but free community edition; primary competitor feature-set and target user base (what Olive aspires to displace)
• kdenlive/kdenlive — KDE-based NLE using MLT backend; shares similar architecture goals (node effects, GPU rendering) and smaller codebase—useful for learning patterns
• FFmpeg/FFmpeg — Core dependency; understanding FFmpeg's codec API (libavcodec, libavformat) is prerequisite for any codec/export contribution to Olive

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for audio processing pipeline (app/audio/)

The audio subsystem (audiomanager.cpp/h, audioprocessor.cpp/h, audiovisualwaveform.cpp/h) lacks test coverage. Given Olive's alpha status and audio being critical to video editing, unit tests for audio frame processing, waveform generation, and audio manager state transitions would catch regressions early and improve stability.

• [ ] Create app/audio/test/ directory with CMakeLists.txt for test configuration
• [ ] Write unit tests for AudioProcessor audio format conversion and mixing logic
• [ ] Write unit tests for AudioVisualWaveform cache behavior and rendering
• [ ] Write unit tests for AudioManager device initialization and stream management
• [ ] Integrate tests into main CMakeLists.txt and ci.yml workflow

Add codec/format validation tests (app/codec/)

The codec subsystem handles FFmpeg and OIIO decoder/encoder implementations with format detection and conformance. Currently there are no visible tests for ExportCodec, ExportFormat, or the conformance manager. Adding tests for supported format detection, codec validation, and frame conformance would prevent export failures and codec compatibility regressions.

• [ ] Create app/codec/test/ directory with test infrastructure
• [ ] Write tests for ExportFormat codec support detection logic
• [ ] Write tests for ConformManager pixel format conversion validation
• [ ] Write integration tests for FFmpeg vs OIIO decoder fallback behavior
• [ ] Add test cases for edge cases in PlanarFileDevice frame buffering

Expand CLI export testing and add progress validation (app/cli/)

The CLI export system (CLIExportManager, CLIProgressDialog, CLITaskDialog) enables headless rendering but lacks test coverage for export completion, error handling, and progress reporting accuracy. This is critical for CI/CD pipelines and automated rendering. Tests would validate that CLI exports complete correctly and report progress reliably.

• [ ] Create app/cli/test/ directory with test fixtures for sample projects
• [ ] Write tests for CLIExportManager successful export workflows with various codecs
• [ ] Write tests for CLIExportManager error handling (missing codecs, invalid paths, corrupted projects)
• [ ] Write tests for CLIProgressDialog progress calculation accuracy and cancellation
• [ ] Add integration tests in ci.yml to validate CLI export with real sample media

• Add unit tests for app/audio/audioprocessor.cpp: Currently no tests/ directory visible; audio buffer processing, sample rate conversion, and channel mapping lack regression tests. Start by creating tests/audio/test_audioprocessor.cpp with GTest fixtures for common scenarios (mono-to-stereo, 44.1kHz→48kHz resampling).
• Document codec conformance flow: app/codec/conformmanager.h exists but has no wiki page explaining when/why proxies are created, cache location, or how to debug transcode failures. Write app/codec/CONFORMANCE.md with flowcharts and example project setups.
• Add FFmpeg version detection and warning: encoder.cpp and decoder.cpp don't log FFmpeg version or check for known-broken versions; add runtime checks in the constructor and warn users in the UI if version mismatches are detected (e.g., 5.0 vs 6.0 ABI breaks).

The Olive video editor codebase shows moderate security maturity with several areas requiring attention. Primary concerns include FFmpeg integration security, file path handling, command-line argument validation, and memory safety in media processing routines. The alpha status of the software indicates ongoing development with potential security gaps. No critical hardcoded credentials or obvious injection vulnerabilities were detected in the file structure, but the complexity of media file processing and external tool integration requires robust security controls. Recommendation: implement input validation across all user-supplied data, conduct security-focused code reviews, perform fuzzing of media parsers, and establish a formal vulnerability disclosure process before production deployment.

• Medium · Use of FFmpeg Without Input Validation — app/codec/ffmpeg/. The codebase includes FFmpeg decoder and encoder modules (ffmpegdecoder.cpp/h, ffmpegencoder.cpp/h) that process external media files. Without proper input validation, FFmpeg could be vulnerable to malformed file exploits, buffer overflows, or other codec-related vulnerabilities. Fix: Implement strict input validation for all media files before processing with FFmpeg. Validate file headers, dimensions, and codec parameters. Consider running FFmpeg in a sandboxed environment. Keep FFmpeg library updated to the latest patched version.
• Medium · Potential Path Traversal in File Operations — app/common/filefunctions.cpp, app/common/filefunctions.h. The filefunctions.cpp/h modules handle file operations throughout the application. Without proper path sanitization, user-supplied file paths could potentially allow directory traversal attacks (e.g., '../../sensitive_file'). Fix: Implement canonicalization of all file paths. Use secure path handling APIs that prevent directory traversal. Validate that resolved paths remain within expected directories. Whitelist allowed file extensions and locations.
• Medium · Command Line Argument Parsing Without Validation — app/common/commandlineparser.cpp, app/common/commandlineparser.h, app/cli/cliexport/. The commandlineparser.cpp/h module processes command-line arguments. Insufficient validation could allow injection of malicious arguments, particularly concerning for the CLI export functionality (cliexport, cliexportmanager). Fix: Implement strict whitelist-based validation for all command-line arguments. Use safe parsing libraries that prevent argument injection. Avoid passing user-supplied arguments directly to system calls or external processes.
• Medium · Potential Memory Safety Issues in Media Processing — app/codec/frame.cpp, app/audio/audioprocessor.cpp, app/audio/audiovisualwaveform.cpp. C++ codebase handles frame data and audio processing (frame.cpp, audioprocessor.cpp, audiovisualwaveform.cpp) with manual memory management. Without proper bounds checking, buffer overflows or use-after-free vulnerabilities could occur when processing malformed media files. Fix: Implement comprehensive bounds checking for all buffer operations. Use modern C++ containers (std::vector, std::array) with automatic bounds checking. Conduct memory safety audits using static analysis tools. Consider using AddressSanitizer during development.
• Low · Missing Security Headers and Documentation — Repository root. No evidence of security policy documentation (SECURITY.md), vulnerability disclosure policy, or security guidelines for contributors visible in the repository structure. Fix: Create a SECURITY.md file outlining vulnerability reporting procedures. Establish a responsible disclosure policy. Document security best practices for contributors. Consider implementing a bug bounty program.
• Low · Alpha Software with Known Instability — README.md. The README explicitly states 'Olive is alpha software and is considered highly unstable.' This indicates incomplete security hardening and potential for unidentified vulnerabilities in a codebase under active development. Fix: Continue security hardening efforts before production release. Implement comprehensive security testing including fuzzing for media file parsing. Conduct professional security audits. Establish a stable release process with security gates.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.