WAIT — Mixed signals — read the receipts

• Last commit 1d ago
• 4 active contributors
• GPL-3.0 licensed
• CI configured
• ⚠ Small team — 4 contributors active in recent commits
• ⚠ Concentrated ownership — top contributor handles 69% of recent commits
• ⚠ GPL-3.0 is copyleft — check downstream compatibility
• ⚠ No test directory detected

_{Computed from maintenance signals — commit recency, contributor breadth, bus factor, license, CI, tests}

Libation is a cross-platform C# desktop application that downloads audiobooks from Audible, removes DRM protection (using AAXClean), and decrypts them into usable audio files. It solves the problem of audiobook vendor lock-in by allowing users to own and manage their Audible library independently across Windows, macOS, and Linux. Traditional WPF/desktop application architecture: likely organized with a UI layer (WPF Windows/ViewModels), business logic for Audible API interaction and DRM decryption, and audio file processing. The presence of Docker/, .vitepress/ (Vue-based docs), and .github/workflows/ indicates a monolithic desktop app with a separate documentation site (getlibation.com) and containerized deployment options.

Audible customers who want to preserve their library, manage their audiobooks without Audible's app constraints, and port their purchases to other devices or platforms. Also developers maintaining DRM-removal and audiobook processing tools.

Production-ready and actively maintained. The project has comprehensive GitHub Actions CI/CD (build-windows.yml, build-mac.yml, build-linux.yml, deploy.yml), Docker support, extensive documentation on getlibation.com, and structured release workflows (.releaseindex.json, .github/workflows/release.yml). No obvious sign of abandonment—the codebase is substantial (2.3M lines of C#) and supports 9 Audible regions.

Single maintainer risk (rmcrackan) is evident from the repo ownership. The project touches DRM/copyright-sensitive areas, which creates legal ambiguity depending on jurisdiction. Dependencies on AAXClean and audio processing libraries need monitoring. No visible test directory in the top 60 files suggests test coverage may be incomplete, requiring verification of test location.

Active CI/CD with multiple platform builds (Windows, Mac, Linux), containerization efforts (docker.yml, Docker/liberate.sh), documentation generation via VitePress, and creator-exemption workflows (exempt-creators.yml, exempt-creators-backfill.yml). Recent work includes AppStream metainfo validation and desktop file validation for Linux distribution compatibility.

Clone the repo: git clone https://github.com/rmcrackan/Libation.git && cd Libation. Restore .NET dependencies and build: dotnet restore && dotnet build. For development, open in Visual Studio or VS Code (.vscode/launch.json and .vscode/tasks.json provide debug configurations). Consult Documentation/GettingStarted.md and getlibation.com/docs for platform-specific setup.

Daily commands: Visual Studio: open the .sln file and press F5. VS Code: use the debug configuration in .vscode/launch.json. Command line: dotnet run --project <project-name>. Docker: docker build -f Dockerfile . && docker run ... (see Docker/liberate.sh and Documentation/Docker.md). Platform-specific entry points in build workflows (.github/workflows/build-*.yml).

• Source/ApplicationServices/LibraryCommands.cs — Core orchestrator for library operations—handles downloading, decryption, and importing audiobooks; central entry point for most user workflows.
• Source/AaxDecrypter/AaxcDownloadMultiConverter.cs — Implements the DRM removal and decryption logic for AAX files; essential to understand the decryption pipeline and performance-critical conversions.
• Source/AudibleUtilities/Mkb79Auth.cs — Handles Audible authentication and authorization with mkb79 protocol; required for all library access and account management.
• Source/ApplicationServices/MainSearchEngine.cs — Primary search and filter abstraction; powers the core library discovery and filtering UX that users depend on.
• Source/AudibleUtilities/Widevine/Cdm.cs — Widevine DRM abstraction for license handling; critical for supporting modern encrypted audiobook formats and regional variations.
• Source/AppScaffolding/LibationScaffolding.cs — Application initialization and dependency injection setup; must be understood to add new services or modify startup behavior.
• Directory.Build.props — Solution-wide build configuration and common project properties; governs assembly versions, NuGet package references, and compilation flags across all projects.

Add a new search filter or search engine strategy

1. Define the filter interface by extending or creating a new strategy in Source/ApplicationServices/ISearchEngine.cs (Source/ApplicationServices/ISearchEngine.cs)
2. Implement the strategy in MainSearchEngine.cs or create a new search engine class following the same pattern (Source/ApplicationServices/MainSearchEngine.cs)
3. Register the new search engine in LibationScaffolding.cs dependency injection configuration (Source/AppScaffolding/LibationScaffolding.cs)
4. Update SearchEngineCommands.cs to wire the new filter/search logic into command handlers (Source/ApplicationServices/SearchEngineCommands.cs)

Add support for a new audio file format or export option

1. Add the format conversion logic to AaxDecrypter.csproj and create a new converter class extending AudiobookDownloadBase.cs (Source/AaxDecrypter/AudiobookDownloadBase.cs)
2. Register the new converter in AaxcDownloadMultiConverter.cs or AaxcDownloadSingleConverter.cs depending on batch vs. single operations (Source/AaxDecrypter/AaxcDownloadMultiConverter.cs)
3. Add export mapping in LibraryExporter.cs to expose the new format option to users (Source/ApplicationServices/LibraryExporter.cs)
4. Update documentation in Documentation/AudioFileFormats.md to explain the new format and any prerequisites (Documentation/AudioFileFormats.md)

Add support for a new Audible region

1. Add the region constants and endpoint configuration to Source/AudibleUtilities/ApiExtended.cs (Source/AudibleUtilities/ApiExtended.cs)
2. Update validation rules in AudibleApiValidators.cs to accept the new region's account format if needed (Source/AudibleUtilities/AudibleApiValidators.cs)
3. Ensure Widevine license requests are region-aware in Source/AudibleUtilities/Widevine/LicenseProtocol.cs (Source/AudibleUtilities/Widevine/LicenseProtocol.cs)
4. Test authentication with Mkb79Auth.cs for the new region and add region-specific test cases (Source/AudibleUtilities/Mkb79Auth.cs)

Add a new library command or bulk operation

1. Create a new command method in LibraryCommands.cs or add to BulkSetDownloadStatus.cs if batch-related (Source/ApplicationServices/LibraryCommands.cs)
2. Define the command parameters and return type, ensuring idempotency and error handling (Source/ApplicationServices/BulkSetDownloadStatus.cs)
3. Wire the command into the UI by registering it in SearchEngineCommands.cs if it involves querying (Source/ApplicationServices/SearchEngineCommands.cs)
4. Ensure the command uses DbContexts.cs for data access and follows transaction patterns for consistency (Source/ApplicationServices/DbContexts.cs)

• C# / .NET (Windows, macOS, Linux) — undefined

1. Test location not visible in top 60 files—verify test project organization early (likely Tests/ or *Tests/ folders not shown). 2. DRM removal legality varies by jurisdiction (DMCA, EU, etc.); code contributions touching decryption may face legal review delays. 3. Audible API endpoints and authentication may change; no visible API version pinning in file list—check source for brittle API calls. 4. Multi-platform CI/CD (Windows/Mac/Linux) requires testing on actual systems or VMs; local Windows development may not catch Linux/Mac issues. 5. VitePress docs and codebase are separate deployments; docs changes don't auto-sync to packaged app.

• DRM (Digital Rights Management) & AAC Decryption — Core functionality: Libation removes Audible's DRM encryption (AAX format) to unlock audiobooks. Understanding the cryptographic handshake and key derivation is essential for debugging decryption failures or adding region support.
• Cross-platform UI with WPF (Windows Presentation Foundation) — Primary UI framework; WPF is Windows-native, so macOS/Linux support likely uses GTK# or other cross-platform bindings. Understanding this architecture is critical when modifying UI or debugging platform-specific rendering bugs.
• GitHub Actions CI/CD Workflows & Matrix Builds — The repo uses matrix strategies (build-windows.yml, build-mac.yml, build-linux.yml) to test and package for three platforms. Any change affecting build system needs to pass all workflows; understanding matrix syntax is essential.
• Audio Container Formats (AAX, M4B, MP3, FLAC, OGG) — Libation's core value is format conversion and library organization. Each format has different metadata handling, bitrate constraints, and codec support. See Documentation/AudioFileFormats.md for the current matrix.
• OAuth 2.0 / Audible API Authentication — Libation must authenticate with Audible's REST API to fetch library metadata and unlock audiobooks per user account. Understanding region-specific endpoints and token refresh is critical for API client maintenance.
• Static Documentation Generation with VitePress (Vue 3 + Markdown) — Docs live in .vitepress/ and are deployed separately from the application. Contributing to getlibation.com requires understanding VitePress config, Vue component integration, and the deployment pipeline (.github/workflows/).
• Docker Multi-stage Builds & Container Orchestration — Dockerfile and Docker/liberate.sh enable containerized Linux deployment. Understanding build stages and runtime dependencies (ffmpeg, audio codecs) is important for Linux packaging and troubleshooting container-specific issues.

• rmcrackan/AaxDecrypter — Direct predecessor/companion: standalone AAX decryption tool that Libation builds upon; understanding its AAXClean integration is critical.
• KrispyKremeAudible/AAXClean — Core dependency for DRM removal and decryption; if AAXClean API changes, Libation breaks. Monitor this repo for version compatibility.
• seanculver/audible-cli — Alternative CLI-based Audible downloader in Python; similar problem domain, useful for comparing feature parity and API call patterns.
• inAudible-NG/inAudible-ng — Another open-source Audible DRM removal tool; reference for cross-platform Linux/Mac quirks and alternative decryption approaches.
• sandromck/audible-scraper — Companion utility for Audible library scraping; useful if Libation's API client needs refactoring or region-specific auth handling.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for AaxDecrypter core classes

The Source/AaxDecrypter directory contains critical decryption logic (AaxcDownloadSingleConverter.cs, AaxcDownloadMultiConverter.cs, AudiobookDownloadBase.cs) but there's no visible test project in the file structure. Adding comprehensive unit tests for these classes would improve reliability, prevent regressions during refactoring, and make contributions safer for new maintainers.

• [ ] Create Source/AaxDecrypter.Tests/AaxDecrypter.Tests.csproj following .NET testing conventions
• [ ] Add unit tests for AaxcDownloadSingleConverter.cs covering success and error paths
• [ ] Add unit tests for AaxcDownloadMultiConverter.cs covering batch operations
• [ ] Add unit tests for AudiobookDownloadBase.cs covering network scenarios
• [ ] Integrate new test project into .github/workflows/build.yml to run on all PRs
• [ ] Document test coverage expectations in CONTRIBUTING.md

Add CI workflow validation for supported Audible regions

README mentions support for 9 Audible regions (US, UK, Canada, Germany, France, Australia, Japan, India, Spain), but there's no automated validation that these region endpoints are functional. Create a periodic CI workflow to validate connectivity and responses from each region's services, catching breaking changes early.

• [ ] Create .github/workflows/validate-regions.yml as a scheduled workflow (e.g., weekly)
• [ ] Add a new validation script in Scripts/ that tests connectivity to each of the 9 Audible region endpoints
• [ ] Include response validation (status codes, expected data structure)
• [ ] Generate a report artifact showing region availability status
• [ ] Add failure notifications or issue auto-creation on region failures
• [ ] Document region validation process in Documentation/GettingStarted.md

Document AudioFileFormats.md with conversion testing guide and codec coverage matrix

Documentation/AudioFileFormats.md exists but based on the file structure, there's no companion testing or validation guide for supported codecs. Create a comprehensive codec coverage matrix and add integration tests verifying that decrypted files match expected audio formats for each region/format combination.

• [ ] Expand Documentation/AudioFileFormats.md with a table showing which audio formats are supported per Audible region
• [ ] Add section documenting AAXClean's codec support vs. ffmpeg approach tradeoffs
• [ ] Create Source/AaxDecrypter.Tests/AudioFormatValidationTests.cs with integration tests for common format conversions
• [ ] Add test sample files or generation logic for each supported format in .github/test-fixtures/
• [ ] Document how contributors can test new audio format support in CONTRIBUTING.md
• [ ] Add validation to build.yml to ensure audio format tests pass before release

• Add comprehensive unit tests for audiobook metadata parsing (NamingTemplates.md and audio format handling) in a new Tests/ directory, since no test files appear in the top 60. This improves reliability without touching sensitive DRM code.
• Expand Documentation/AudioFileFormats.md with codec details and supported bitrates for each format (MP3, M4B, etc.); currently sparse. Include troubleshooting for format conversion failures based on user issues.
• Create a CONTRIBUTING.md guide in the repo root with concrete examples: how to add a new Audible region (see 9 regions mentioned), how to extend the naming template system, and how to test cross-platform builds locally. Link from main README.
• Improve error messages in DRM decryption failures by adding context (file path, region, error code) and linking to FAQ in Documentation/FrequentlyAskedQuestions.md. Start with a grep for generic exception handling.
• Add pre-commit hooks (see .editorconfig) via husky or similar to enforce code style and catch lint errors before CI. Document in development setup guides.

• High · Unrestricted File System Access in Docker Container — Dockerfile, line with 'mkdir -m777'. The Docker container creates directories with 777 permissions (mkdir -m777), allowing any user/process to read, write, and execute files in /config-internal and /data directories. This could allow unauthorized access or modification of sensitive audiobook files and configuration. Fix: Use restrictive permissions (e.g., 755 or 700) and apply proper ownership (chown USER_UID:USER_GID). Ensure only the application user can access sensitive directories.
• High · Insecure Docker User Privileges — Dockerfile. The Dockerfile defines USER_UID and USER_GID arguments but does not explicitly create a non-root user or set it as the runtime user. The container may run as root by default, granting unnecessary privileges to the application and any potential vulnerabilities. Fix: Explicitly create a non-root user with defined UID/GID and use USER instruction to switch to it before running the application. Example: RUN useradd -u ${USER_UID} -g ${USER_GID} libation && USER libation
• High · Missing Security Headers and HTTPS in Web Components — .vitepress/theme/. The .vitepress/theme files (Layout.vue, custom.css, download-detection.js) suggest web-based UI components. No evidence of HTTPS enforcement, security headers (CSP, HSTS), or XSS protections in the provided snippets. Fix: Implement security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options), enforce HTTPS, and validate/sanitize all user inputs to prevent XSS attacks.
• High · Potential DRM-Related Legal and Security Risks — Core application purpose (Source/AaxDecrypter). The application explicitly downloads and decrypts Audible audiobooks, removing DRM protection. This may violate the Digital Millennium Copyright Act (DMCA) in the US and similar laws in other jurisdictions. Additionally, improper handling of decrypted content could expose sensitive user data. Fix: Consult legal counsel regarding jurisdiction-specific compliance. Implement robust access controls, audit logging, and ensure user data is handled securely. Include explicit legal disclaimers.
• Medium · Unsafe Migration Helper in AppScaffolding — Source/AppScaffolding/UNSAFE_MigrationHelper.cs. File 'UNSAFE_MigrationHelper.cs' suggests unsafe database migration patterns. This could lead to SQL injection, data loss, or privilege escalation if migrations are not properly validated and sanitized. Fix: Review and refactor migration logic to use parameterized queries and ORM-level protections (Entity Framework). Remove or properly secure any dynamic SQL execution.
• Medium · NetworkFileStream Without Authentication/Encryption — Source/AaxDecrypter/NetworkFileStream.cs, NetworkFileStreamPersister.cs. The NetworkFileStream and NetworkFileStreamPersister classes suggest direct network file operations. Without proper TLS/encryption and authentication, this could expose audiobook downloads to MITM attacks or unauthorized access. Fix: Enforce HTTPS/TLS for all network communications. Implement certificate pinning where appropriate. Add proper authentication tokens and validate server certificates.
• Medium · Missing Input Validation in Search/Filter Engine — Source/ApplicationServices/MainSearchEngine.cs, TempSearchEngine.cs. The presence of MainSearchEngine.cs and TempSearchEngine.cs suggests custom search logic. Without proper input validation, this could be vulnerable to injection attacks (e.g., filter injection, NoSQL/SQL injection). Fix: Implement strict input validation, use parameterized queries, and apply whitelist-based filtering for search parameters. Avoid dynamic query construction.
• Medium · Potential Hardcoded Configuration in appsettings.json — Docker/appsettings.json. The Docker/appsettings.json file is version-controlled and may contain sensitive configuration. If credentials or API keys are embedded, they could be exposed in the repository. Fix: Externalize sensitive configuration using environment variables or secrets management (e.g., Docker Secrets, AWS Secrets Manager). Never commit credentials to version

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/rmcrackan/Libation shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live rmcrackan/Libation repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/rmcrackan/Libation.

What it runs against: a local clone of rmcrackan/Libation — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in rmcrackan/Libation | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 31 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of rmcrackan/Libation. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/rmcrackan/Libation.git
#   cd Libation
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of rmcrackan/Libation and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "rmcrackan/Libation(\\.git)?\\b" \\
  && ok "origin remote is rmcrackan/Libation" \\
  || miss "origin remote is not rmcrackan/Libation (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "Source/ApplicationServices/LibraryCommands.cs" \\
  && ok "Source/ApplicationServices/LibraryCommands.cs" \\
  || miss "missing critical file: Source/ApplicationServices/LibraryCommands.cs"
test -f "Source/AaxDecrypter/AaxcDownloadMultiConverter.cs" \\
  && ok "Source/AaxDecrypter/AaxcDownloadMultiConverter.cs" \\
  || miss "missing critical file: Source/AaxDecrypter/AaxcDownloadMultiConverter.cs"
test -f "Source/AudibleUtilities/Mkb79Auth.cs" \\
  && ok "Source/AudibleUtilities/Mkb79Auth.cs" \\
  || miss "missing critical file: Source/AudibleUtilities/Mkb79Auth.cs"
test -f "Source/ApplicationServices/MainSearchEngine.cs" \\
  && ok "Source/ApplicationServices/MainSearchEngine.cs" \\
  || miss "missing critical file: Source/ApplicationServices/MainSearchEngine.cs"
test -f "Source/AudibleUtilities/Widevine/Cdm.cs" \\
  && ok "Source/AudibleUtilities/Widevine/Cdm.cs" \\
  || miss "missing critical file: Source/AudibleUtilities/Widevine/Cdm.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 31 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/rmcrackan/Libation"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.