If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/Ponderfly/GoogleTranslateIpCheck shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Solo project — review before adopting

• Last commit 5d ago
• MIT licensed
• ⚠ Solo or near-solo (1 contributor active in recent commits)
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live Ponderfly/GoogleTranslateIpCheck repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/Ponderfly/GoogleTranslateIpCheck.

What it runs against: a local clone of Ponderfly/GoogleTranslateIpCheck — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in Ponderfly/GoogleTranslateIpCheck | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 35 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of Ponderfly/GoogleTranslateIpCheck. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/Ponderfly/GoogleTranslateIpCheck.git
#   cd GoogleTranslateIpCheck
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of Ponderfly/GoogleTranslateIpCheck and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "Ponderfly/GoogleTranslateIpCheck(\\.git)?\\b" \\
  && ok "origin remote is Ponderfly/GoogleTranslateIpCheck" \\
  || miss "origin remote is not Ponderfly/GoogleTranslateIpCheck (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs" \\
  && ok "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs" \\
  || miss "missing critical file: src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs"
test -f "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/GoogleTranslateIpCheck.csproj" \\
  && ok "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/GoogleTranslateIpCheck.csproj" \\
  || miss "missing critical file: src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/GoogleTranslateIpCheck.csproj"
test -f "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/config.json" \\
  && ok "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/config.json" \\
  || miss "missing critical file: src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/config.json"
test -f "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/ip.txt" \\
  && ok "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/ip.txt" \\
  || miss "missing critical file: src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/ip.txt"
test -f "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/IPv6.txt" \\
  && ok "src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/IPv6.txt" \\
  || miss "missing critical file: src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/IPv6.txt"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 35 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~5d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/Ponderfly/GoogleTranslateIpCheck"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

GoogleTranslateIpCheck is a C# utility that scans for working Google Translate IP addresses accessible from mainland China, then automatically configures them in the system hosts file. It supports IPv4/IPv6 scanning modes, remote IP fallback, and integrates with WinDivert-based accelerators like TurboSyn for rapid IP enumeration. Simple console application structure: src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/ contains the main Program.cs entry point, with static IP lists (ip.txt, IPv6.txt, fullIp.txt) and configuration (config.json). The .sln/.csproj indicate a standard .NET Framework or .NET Core build targeting Windows/macOS/Linux.

Chinese users and network administrators who need to access Google Translate despite regional blocking, and developers maintaining translation-dependent applications in restricted regions who need reliable working IP detection.

The project shows active maintenance with releases up to v1.10 (TurboSyn variant) and multi-platform binaries (Windows x86/x64, macOS arm64/x64, Linux x64/arm64). No visible test suite or CI pipeline in the repo structure suggests quality assurance is manual rather than automated.

Single-maintainer project (Ponderfly) with no visible issue tracker or contributor guidelines increases bus factor risk. Dependency on WinDivert (Windows-only acceleration) and reliance on IP enumeration against a moving target (Google's infrastructure) means the core scanning logic may become obsolete. No automated tests visible means regressions are not caught systematically.

Latest release is v1.10 with TurboSyn support for Windows (released as dedicated win-x64.TurboSyn.zip). The README indicates active feature parity across platforms but no public commit history or PR data is visible in the provided structure.

Clone the repository, navigate to src/GoogleTranslateIpCheck/, open GoogleTranslateIpCheck.sln in Visual Studio, and build the project. Run with elevated privileges: Windows (admin cmd), macOS/Linux (sudo ./GoogleTranslateIpCheck after chmod +x).

Daily commands: Windows: GoogleTranslateIpCheck.exe (admin), or GoogleTranslateIpCheck.exe -s (scan mode), or GoogleTranslateIpCheck.exe -t (TurboSyn auto-scan). macOS/Linux: sudo ./GoogleTranslateIpCheck or sudo ./GoogleTranslateIpCheck -6 (IPv6 mode). Delete ip.txt to force remote IP fallback.

• src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs — Main entry point and orchestrator for IP scanning, validation, and host file management—all core functionality flows through here.
• src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/GoogleTranslateIpCheck.csproj — Project configuration defining build targets (Windows, macOS, Linux) and runtime dependencies; required to understand multi-platform support.
• src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/config.json — Configuration file controlling scan parameters, Google Translate endpoints, and timeout settings—essential for customizing behavior.
• src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/ip.txt — Persisted list of verified working IPs for Google Translate; fallback data source when live scanning is disabled.
• src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/IPv6.txt — IPv6 address candidates for Google Translate; enables IPv6-mode scanning with dedicated candidate pool.
• src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/fullIp.txt — Complete candidate IP range for scanning operations; foundation dataset before filtering for working addresses.

• Program.cs (CLI Entry & Orchestrator) (C#, HttpClient, System.IO, System.Diagnostics) — Parses command-line flags, loads config, reads IP candidate files, orchestrates scanning loop, aggregates results, and triggers host file writes or result output.
  • Failure mode: Crash on missing config.json or candidate IP files; exception on host file permission denied (without admin/sudo); timeouts silently skip unresponsive IPs.
• config.json ( — undefined

Add a new IP validation method

1. Add a new endpoint URL to config.json under the endpoints array (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/config.json)
2. Modify Program.cs to include the new endpoint in the HTTP request loop, checking response status codes or latency thresholds (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs)

Support a new IP candidate source

1. Create a new .txt file (e.g., customIp.txt) in the GoogleTranslateIpCheck directory with one IP per line (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/customIp.txt)
2. Add logic to Program.cs to read the new file based on a new CLI flag and use it instead of fullIp.txt or IPv6.txt (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs)

Adjust scanning timeout and concurrency

1. Edit config.json to modify timeout (milliseconds) and threadsCount (parallel scan threads) (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/config.json)
2. Verify Program.cs uses the updated config values in the HttpClient timeout and thread pool settings (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs)

Add support for a new operating system

1. Add a new runtime identifier to GoogleTranslateIpCheck.csproj (e.g., linux-musl-arm64) (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/GoogleTranslateIpCheck.csproj)
2. If platform-specific host file handling is needed, add OS detection logic and new file path in Program.cs (src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/Program.cs)

• C# (.NET Core) — Cross-platform compilation to Windows, macOS, and Linux with native performance; enables self-contained executables without runtime dependencies.
• HttpClient — Efficient async HTTP requests with configurable timeouts; supports parallel concurrent testing of IP candidates.
• JSON config file — User-editable configuration without recompilation; allows tuning of timeout, thread count, and endpoint URLs.
• Multi-platform file I/O — Direct host file manipulation on Windows, macOS, and Linux with OS-specific privilege escalation; enables automatic DNS override.

• Synchronous IP scanning with thread pool instead of fully async await pattern

  • Why: Simplifies concurrency logic and matches the simple requirements of sequential IP testing.
  • Consequence: Trade-off between maximum throughput and code simplicity; adequate for moderate IP pools (~1000–10k IPs).

• Plain text files (ip.txt, fullIp.txt, IPv6.txt) instead of database

  • Why: Eliminates external dependencies and simplifies distribution as a single executable.
  • Consequence: Limited query flexibility and no atomic transactions, but sufficient for read-once, write-once IP list use case.

• Direct host file modification without sandboxing

  • Why: Achieves immediate DNS override effect without proxy or VPN layers.
  • Consequence: Requires elevated privileges and can conflict with other system DNS settings; irreversible until manual host file edit.

• Fallback to remote IP list if ip.txt missing, no local scanning

  • Why: Provides out-of-the-box usability without mandatory scanning on first run.
  • Consequence: Network dependency in fallback mode; local scanning mode (-s) must be invoked explicitly for air-gapped environments.

• Does not handle proxy chains or multi-hop routing; assumes direct IP connectivity.
• Does not validate HTTPS certificate chains; accepts any certificate from tested IP (unsafe for MITM detection).
• Not a real-time monitoring service; one-shot scan-and-cache model, not continuous health checks.
• Does not support IPv6 Windows host file injection; IPv6 support is checked at runtime but limited to Unix-like systems.
• No authentication or multi-user account management; operates as a system-wide utility.
• Does not provide GUI; command-line interface only (all platforms).

Requires administrative/sudo privileges—non-elevated runs will silently fail when writing to hosts file (/etc/hosts on macOS/Linux, %SystemRoot%\System32\drivers\etc\hosts on Windows). IP scanning depends on unblocked outbound connectivity to Google; proxies must be disabled. TurboSyn mode (-t) requires WinDivert driver installation and only works on Windows; behavior differs significantly from standard scanning. config.json parsing failures are not documented—malformed JSON will crash without clear error messages.

• Hosts file manipulation — Core mechanism by which this tool redirects Google Translate domain names to working IPs at the OS level—understanding atomic writes and format strictness prevents system breakage.
• IP enumeration and probing — The scanning algorithm (referenced from gscan_quic) requires understanding TCP/QUIC handshake timeouts and batch parallel probing to identify live IPs efficiently.
• WinDivert packet filtering — Windows-only accelerator (-t mode) intercepts packets at kernel level; understanding driver lifecycle and platform-specific build requirements prevents TurboSyn integration failures.
• IPv6 support and dual-stack networking — The -6 flag enables IPv6-first scanning; requires understanding IPv6 address representation, scope IDs, and OS-level dual-stack socket configuration differences.
• Process elevation and privilege escalation — Hosts file writes require admin (Windows) or sudo (macOS/Linux); incorrect elevation handling silently fails without clear error messages.
• DNS resolution and address family negotiation — The tool must resolve Google Translate domains to validate IPs; understanding getaddrinfo() behavior across IPv4/IPv6 and regional DNS poisoning is critical for debugging scanning failures.

• v2ray/v2ray-core — Alternative approach to circumventing regional blocking using proxy tunneling rather than IP enumeration.
• Loyalsoldier/clash-rules — Companion project providing rule-based routing for regional content; users of GoogleTranslateIpCheck often combine with Clash proxies for broader access.
• griffithcheng/cloudflare-ip — Similar IP scanning and hosts management utility targeting Cloudflare IPs; demonstrates same architecture patterns for regional IP discovery.
• spartacus-soft/TurboSyn — The underlying packet-acceleration engine referenced in the README; Windows users integrate this for 10x faster IP scanning via WinDivert.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive unit tests for Program.cs IP validation logic

The core IP checking functionality in Program.cs lacks test coverage. Given this tool scans and validates Google Translate IPs, adding unit tests would ensure IP validation logic is reliable across updates and prevent regressions when modifying check algorithms. This is critical for a tool that writes to host files.

• [ ] Create src/GoogleTranslateIpCheck/GoogleTranslateIpCheck.Tests/ directory with new xUnit test project
• [ ] Add tests for IP validation methods that check Google Translate endpoint connectivity
• [ ] Add tests for IPv4 vs IPv6 mode switching logic
• [ ] Add tests for config.json parsing and parameter handling (-s, -y, -6, -t flags)
• [ ] Add tests for host file write operations (mock file system to avoid actual modifications)

Create GitHub Actions CI workflow for cross-platform builds and release automation

The repo has multiple platform releases (win-x64, win-x86, osx-arm64, osx-x64, linux) but no visible CI/CD automation. A workflow would ensure builds are consistent across platforms, catch breaking changes early, and automate release artifact generation matching the download links in README.md.

• [ ] Create .github/workflows/build.yml with matrix strategy for Windows, macOS (Intel/ARM), and Linux
• [ ] Configure job to run 'dotnet build' for GoogleTranslateIpCheck.csproj
• [ ] Add publish step generating platform-specific executables (win-x64, win-x86, osx-x64, osx-arm64)
• [ ] Add automated GitHub Release creation with artifacts matching current download structure
• [ ] Test that release artifacts match the naming convention in README.md download section

Document IPv6.txt and fullIp.txt usage with API specification in README

The repo contains IPv6.txt and fullIp.txt files but their purpose, format, and how they relate to the scanning process is not documented. New contributors cannot understand the data flow. Documenting these would clarify the IP source data structure and help contributors understand and improve the scanning algorithm.

• [ ] Add 'Configuration Files' section to README.md explaining ip.txt, IPv6.txt, and fullIp.txt formats
• [ ] Document the expected structure (one IP per line, CIDR notation, etc.) with example entries
• [ ] Explain when -6 flag switches from ip.txt to IPv6.txt and how fullIp.txt is used
• [ ] Add troubleshooting section describing why 'delete ip.txt to use remote IP' works
• [ ] Document the config.json schema with all available options and their defaults

• Add unit tests for hosts file parsing and modification logic in Program.cs to prevent accidental corruption of system configuration and improve confidence in cross-platform behavior.
• Create detailed inline documentation in Program.cs explaining the IP enumeration algorithm (referenced from gscan_quic) and parameter tuning recommendations for different network conditions.
• Add error handling and logging for config.json parsing failures, with graceful fallback to hardcoded defaults; currently undocumented how malformed JSON is handled.

This application presents significant security risks due to its requirement for elevated system privileges and the ability to automatically modify critical system files (Host file) with minimal validation. The primary concerns are: (1) Insufficient input validation on IP addresses from local files and potential remote sources, (2) Automatic Host file modification without robust safeguards, (3) Running with full administrative/root privileges which amplifies the impact of any compromise, and (4)

• High · Host File Modification via -y Parameter — Program.cs (command-line argument handling). The application accepts a -y parameter that automatically writes to the system's Host file without explicit user confirmation. This could allow arbitrary DNS hijacking if the application is compromised or if an attacker can control the IP list being written. Fix: Require explicit user confirmation before modifying system files. Implement a confirmation prompt or require a more complex flag combination to prevent accidental/malicious modifications.
• High · Elevated Privileges Required — README.md and cross-platform execution model. The application requires administrator/root privileges to run on Windows, macOS, and Linux. This increases the attack surface - if the application is compromised, the attacker gains full system access. Fix: Evaluate if full admin privileges are necessary. Implement principle of least privilege. Consider using capability-based security (Linux CAP) or alternative approaches that don't require full root access.
• High · Potential Code Injection via IP Lists — src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/ (ip.txt, IPv6.txt, fullIp.txt, config.json). The application reads IP addresses from files (ip.txt, IPv6.txt, fullIp.txt) and config.json without visible validation. If these files are modified by an attacker, malicious content could be injected into Host file modifications or network operations. Fix: Implement strict validation and sanitization of all input from configuration files and IP lists. Use allowlist-based validation (valid IP format only). Sign/hash these files to detect tampering.
• Medium · No Visible Configuration Security — src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/config.json. The config.json file is present but its content is not visible in the analysis. Configuration files often contain sensitive information that could be exposed. Fix: Ensure config.json does not contain hardcoded credentials, API keys, or sensitive data. Use environment variables for sensitive configuration. Implement file permission restrictions (chmod 600 on Unix-like systems).
• Medium · Unvalidated Remote IP Source — Program.cs (remote IP fetching logic). README mentions the ability to 'call remote IP' as a fallback when local IPs are unavailable. No visible validation or certificate pinning for remote sources is apparent. Fix: Implement HTTPS with certificate pinning for any remote sources. Validate the source URL against a whitelist. Implement timeout limits and error handling for remote calls.
• Medium · IPv6 Mode Not Explicitly Validated — src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/IPv6.txt and related parsing. The -6 flag enables IPv6 mode, but there's no visible validation that IPv6 addresses in IPv6.txt follow proper format before being used. Fix: Implement IPv6 address format validation using regex or .NET's IPAddress.TryParse() method before processing any addresses.
• Low · No Visible Update Mechanism Security — Application deployment model. The application references releases on GitHub but no auto-update mechanism is visible. If an auto-updater exists, it should be secured. Fix: If auto-updates are implemented, ensure they use HTTPS, verify signatures, and implement rollback capabilities. Never auto-execute downloaded content without verification.
• Low · No Visible Logging/Audit Trail — src/GoogleTranslateIpCheck/GoogleTranslateIpCheck/. No log files are evident in the file structure. Host file modifications and network operations should be logged for audit purposes. Fix: Implement comprehensive logging of all Host file modifications, including timestamps, changed entries, and the process that made the change. Store logs securely and restrict access.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.