Update Unshackle to v2.1.0 #3

unshackle-dl · 2025-12-19T14:58:06Z

unshackle-dl commented

2025-12-19 14:58:06 +00:00

No description provided.

unshackle-dl added 90 commits 2025-12-19 14:58:08 +00:00

feat: add REST API server with download management 2afc59624d

Very early dev work, more changes will be active in this branch.

- Implement download queue management and worker system
- Add OpenAPI/Swagger documentation
- Include download progress tracking and status endpoints
- Add API authentication and error handling
- Update core components to support API integration

Merge branch 'main' into feature/add-rest-api 4459ec4db6

Fix remoteCDM, add curl_cffi to instance check 2e2f8f5099

Delete .idea directory 55f116f1e8

Update .gitignore bade3f8c09

Update .gitignore 4f3d0f1f7a

Merge branch 'unshackle-dl:main' into main da00258ae0

Update .gitignore 724703d14b

Update dash.py 03f08159b4

Changes for API/UI 97f7eb0674

Update binaries.py to check subdirs in binaries folders named after the binary e1e2e35ff4

Merge branch 'unshackle-dl:main' into main c9bb0e4224

Merge branch 'unshackle-dl:main' into main 3a8dfb26fe

fix: update lxml constraint and pyplayready import path 0f4a68ca62

- Update lxml dependency to allow version 6.x (required by subby 0.3.23)
- Fix pyplayready exception import path (moved to misc.exceptions in 0.6.3)

fixes #17

Merge branch 'main' into feature/add-rest-api e4bb7e9135

Merge branch 'unshackle-dl:main' into main b48eecacb5

Merge branch 'main' into feature/add-rest-api 062e060fca

feat: Add comprehensive JSON debug logging system 8437ba24d5

Implements a complete structured logging system for troubleshooting and service development.

Features:
- Binary toggle via --debug flag or debug: true in config
- JSON Lines (.jsonl) format for easy parsing and analysis
- Comprehensive logging of all operations:
  * Session info (version, platform, Python version)
  * CLI parameters and service configuration
  * CDM details (Widevine/PlayReady, security levels)
  * Authentication status
  * Title and track metadata
  * DRM operations (PSSH, KIDs, license requests)
  * Vault queries with key retrieval
  * Full error traces with context

- Configurable key logging via debug_keys option
- Smart redaction (passwords, tokens, cookies always redacted)
- Error logging for all critical operations:
  * Authentication failures
  * Title fetching errors
  * Track retrieval errors
  * License request failures (Widevine & PlayReady)
  * Vault operation errors

- Removed old text logging system

Merge branch 'feature/enhanced-debug-logging' into feature/add-rest-api 6c1cb21630

feat(cdm): add highly configurable CustomRemoteCDM for flexible API support 133f91a2e8

Add new CustomRemoteCDM class to support custom CDM API providers with maximum configurability through YAML configuration alone. This addresses GitHub issue #26 by enabling integration with third-party CDM APIs.

feat(proxies): add WindscribeVPN proxy provider support 888647ad64

Add WindscribeVPN as a new proxy provider option, following the same pattern as NordVPN and SurfsharkVPN implementations.

Fixes: #29

docs: add dev branch and update README 7a49a6a4f9

feat(dl): add --latest-episode option to download only the most recent episode ed1314572b

Adds a new CLI option `-le, --latest-episode` that automatically selects and downloads only the single most recent episode from a series, regardless of which season it's in.

Fixes #28

chore(api): fix import ordering in download_manager and handlers 3dd12b0cbe

feat: add service-specific configuration overrides 9921690339

Add support for per-service configuration overrides allowing fine-tuned control of downloader and command options on a service-by-service basis.

Fixes #13

Merge branch 'unshackle-dl:main' into main 8f2ead2107

fix(tags): gracefully handle missing TMDB/Simkl API keys d3ca8e7039

Simkl now requires a client_id from https://simkl.com/settings/developer/

feat: add retry handler to curl_cffi Session 1409f93de5

Merge PR #31 : feat: add retry handler to curl_cffi Session 2a90e60a49

refactor(session): modernize type annotations to PEP 604 syntax 5384b775a4

Update hls.py 087df59fb6

Update binaries.py e04399fbce

Refactor code to search for binaries either in root of binary folder or in a subfolder named after the binary.

Update .gitignore df09998a47

Merge commit 'refs/pull/19/head' of https://github.com/unshackle-dl/unshackle into dev 57fc07ea41

Merge commit 'refs/pull/19/head' of https://github.com/unshackle-dl/unshackle into dev 93debf149a

Merge branch 'dev' of https://github.com/unshackle-dl/unshackle into dev 1c48b282de

fix(config): support config in user config directory across platforms 98d4bb4333

Fixes #23

fix(dl): validate HYBRID mode requirements before download 9b5d233c69

Add validation to check that both HDR10 and DV tracks are available when HYBRID mode is requested. This prevents wasted downloads when the hybrid processing would fail due to missing tracks.

refactor(binaries): remove unused mypy import 07574d8d02

chore: update CHANGELOG.md for version 2.0.0 bdd219d90c

style: apply ruff formatting fixes 3571c5eb3c

feat(dl): add --audio-description flag to download AD tracks ec3e150846

Add support for downloading audio description tracks via the --audio-description/-ad flag. Previously, descriptive audio tracks were always filtered out. Users can now optionally include them.

Fixes #33

docs: update CHANGELOG for audio description feature 4787be8190

docs: improve GitHub issue templates for better bug reports and feature requests bee2abcf5c

docs: improve GitHub issue templates for better bug reports and feature requests d658b1bb26

feat(api): add url field to services endpoint response d0c6a7fa63

feat(api): complete API enhancements for v2.0.0 5c8eb2107a

- Add missing download parameters (latest_episode, exact_lang, audio_description, no_mux)
- Expand OpenAPI schema with comprehensive documentation for all 40+ download parameters
- Add robust parameter validation with clear error messages
- Implement job filtering by status/service and sorting capabilities

fix(drm): add explicit UTF-8 encoding to mp4decrypt subprocess calls 504de2197a

Fixes 'charmap' codec can't decode byte error that occurs on Windows
when mp4decrypt outputs non-ASCII characters. Without explicit encoding,

feat(api): add default parameter handling and improved error responses 351a606258

Add default parameter system to API server that matches CLI behavior, eliminating errors from missing optional parameters.

fix(subtitle): resolve SDH stripping crash with VTT files 6ebdfa8818

Fixes #34

fix(naming): improve HDR detection with comprehensive transfer checks and hybrid DV+HDR10 support 597a8b7912

HDR10/PQ detection now includes:
- PQ (most common)
- SMPTE ST 2084 (CICP value 16)
- BT.2100
- BT.2020-10
- smpte2084 (lowercase variant)

HLG detection now includes:
- HLG
- Hybrid Log-Gamma
- ARIB STD-B67 (CICP value 18)
- arib-std-b67 (lowercase variant)

Hybrid DV+HDR10 detection:
- Now checks full hdr_format field for both "Dolby Vision" AND
  ("HDR10" OR "SMPTE ST 2086")
- Properly generates filenames like "Movie.2160p.DV HDR H.265.mkv"
- MediaInfo reports: "Dolby Vision / SMPTE ST 2086, HDR10 compatible"

Also adds null safety for transfer characteristics to prevent errors when the field is None.

fix(dash): correct segment count calculation for startNumber=0 27d0ca84a3

Fix off-by-one error in SegmentTemplate segment enumeration when startNumber is 0. Previously, the code would request one extra segment beyond what exists, causing 404 errors on the final segment.

The issue was that end_number was calculated as a segment count via math.ceil(), but then used incorrectly with range(start_number, end_number + 1), treating it as both a count and an inclusive endpoint.

Changed to explicitly calculate segment_count first, then derive end_number as: start_number + segment_count - 1

Example:
- Duration: 3540.996s, segment duration: 4s
- Before: segments 0-886 (887 segments) - segment 886 doesn't exist
- After: segments 0-885 (886 segments) - correct

feat(cache): add TMDB and Simkl metadata caching to title cache 001f6a0146

feat(session): add custom fingerprint and preset support 565b0e0ea7

Add support for custom TLS/HTTP fingerprints to session() function, enabling services to impersonate Android/OkHttp clients instead of just browsers.

fix(session): update OkHttp fingerprint presets f1fe940708

docs(changelog): complete v2.0.0 release documentation de48a98e92

fix(session): remove padding extension from OkHttp JA3 fingerprints f979e94235

Remove extension 21 (TLS padding) from okhttp4 and okhttp5 JA3 strings to resolve SSL/TLS handshake failures.

feat: add service-specific configuration overrides f00790f31b

Implement comprehensive per-service config override system that allows any configuration section (dl, n_m3u8dl_re, aria2c, subtitle, etc.) to be customized on a per-service basis.

Fixes #13

feat(fonts): add Linux font support for ASS/SSA subtitles 8b0b3045e3

Implements cross-platform font discovery and intelligent fallback system for ASS/SSA subtitle rendering on Linux/macOS systems.

Windows support has not been tested

feat(subtitle): preserve original formatting when no conversion requested 8a46655d21

Add preserve_formatting config option to prevent automatic subtitle processing that strips formatting tags and styling. When enabled (default: true), WebVTT files skip pycaption read/write cycle to preserve tags like <i>, <b>, positioning, and other formatting.

fix(dl): prevent vault loading when --cdm-only flag is set 0c3a6c47f2

The --cdm-only flag was only preventing vault queries during DRM operations but vaults were still being loaded

fix(cdm): resolve session key handling for partial cached keys cc7263884f

When decrypt-labs returns cached keys that don't cover all required KIDs, the CDM now properly stores them in session["cached_keys"] instead of session["keys"]. This allows parse_license() to correctly combine vault_keys + cached_keys + license_keys, fixing downloads that previously failed when mixing cached and fresh licenses.

fix(cdm): apply session key fix to custom_remote_cdm 11bcca9632

Apply the same partial cached keys fix from decrypt_labs_remote_cdm to custom_remote_cdm. When cached keys don't cover all required KIDs, store them in session["cached_keys"] instead of session["keys"] to allow parse_license() to properly combine vault_keys + cached_keys + license_keys.

fix(n_m3u8dl_re): read lang attribute from DASH manifests correctly 90e4030a88

The track_selection function was using findall() to search for lang child elements, but in DASH manifests lang is an XML attribute on AdaptationSet. This caused language selection to fail for region-specific codes like es-419.

N_m3u8DL-RE: Improve track selection, add download arguments and option to load manifest from file (#38 ) 9ed5133c4c

* feat: Add 'from_file', 'downloader_args' to Track

* feat: Add loading HLS playlist from file

* refactor: Improve track selection, args for n_m3u8dl_re

fix(subtitles): fix closure bug preventing SDH subtitle stripping 5d20bf9d52

Fixed a Python late binding closure issue in the SDH subtitle duplication logic that prevented strip_hearing_impaired() from being called correctly.

refactor: remove unnecessary underscore prefixes from function names 55db8da125

chore(deps): update requests to >=2.32.5 59d35da6d0

fix: ensure subtitles use requests downloader instead of n_m3u8dl_re if Descriptor.URL 87ff66f8fe

PR #38 refactored n_m3u8dl_re track selection to support DASH/ISM subtitle tracks, but this broke some subtitle downloads. Services that use direct URL downloads (Descriptor.URL) for subtitles, which n_m3u8dl_re does not support.

fix: suppress verbose fontTools logging when scanning system fonts eef06fb986

fix(tags): skip metadata lookup when API keys not configured 240c70a2aa

refactor(tags): remove environment variable fallbacks for API keys 1ebb62ee91

feat(dl): add --no-video flag to skip video track downloads 9488a40f51

Add new -nv/--no-video CLI flag that allows users to download audio, subtitles, attachments, and chapters without downloading video tracks.

Fixes #39

docs(changelog): add --no-video flag and PR #38 credit 7883ff56c6

docs(changelog): set release date for version 2.0.0 c1e7fcab01

docs(readme): remove dev branch warning for main merge 76d73355f7

Merge branch 'dev' 0bc8c637d2

chore(deps): upgrade dependencies to latest versions 751b97017b

fix(deps): pin pyplayready to <0.7 to avoid KID extraction bug 6975f4f9f4

fix(hls): convert range_offset to int to prevent TypeError 492134b8ff

Fixed TypeError in calculate_byte_range where range_offset was a string instead of int. The byte_range.split("-")[0] returns a string, but the calculate_byte_range method expects fallback_offset parameter to be int.

feat(export): enhance track export with URL, descriptor, and hex-formatted keys 7cc4af207e

fix(video): correct CICP enum values to match ITU-T H.273 specification a7a8c882d8

- Add Primaries.Unspecified (value 2) per user request and H.273 spec
- Rename Primaries value 0 from Unspecified to Reserved for spec accuracy
- Rename Transfer value 0 from Unspecified to Reserved for consistency
- Simplify Transfer value 2 from Unspecified_Image to Unspecified
- Update condition check to use enum values instead of numeric tuple
- Enhance docstring with detailed sources and rationale for changes

All CICP values verified against ITU-T H.273, ISO/IEC 23091-2, H.264/H.265 specifications, and FFmpeg AVColorPrimaries/AVColorTransferCharacteristic enums.

feat(cdm): add per-track quality-based CDM selection during runtime DRM switching 3b32462251

Enable quality-based CDM selection during runtime DRM switching by passing track quality to get_cdm() calls. This allows different CDMs to be used for different video quality levels within the same download session.

Example configuration:
  cdm:
    SERVICE:
      "<=1080": wv_l3_local     # Widevine L3 for SD/HD
      ">1080": pr_sl3_remote    # PlayReady SL3 for 4K

fix(utilities): handle space-hyphen-space separators in sanitize_filename 26c81779fa

Pre-process space-hyphen-space patterns (e.g., "Title - Episode") before other character replacements to prevent creating problematic dot-hyphen-dot (.-.) patterns in filenames.

This addresses PR #44 by fixing the root cause rather than post-processing the problematic pattern. The fix ensures that titles like "Show - S01E01" become "Show.S01E01"

fix(utilities): make space-hyphen-space handling conditional on scene_naming e0a666ada6

fix(windscribevpn): add error handling for unsupported regions in get_proxy method 3d384b8e3e

fix: restrict WindscribeVPN to supported regions d0816787ce

fix(dash): add AdaptationSet-level BaseURL resolution 2d4bf140fa

Add support for BaseURL elements at the AdaptationSet level per DASH spec. The URL resolution chain now properly follows: MPD → Period → AdaptationSet → Representation.

fix(dl): preserve attachments when rebuilding track list 6fa3554b70

Attachments (screenshots, fonts) were being dropped when title.tracks was rebuilt from kept_tracks, causing image files to remain in temp directory after muxing. The cleanup code iterated over an empty attachments list since they were orphaned during track filtering.

chore(release): bump version to 2.1.0 dc9823cd28

unshackle-dl added 126 commits 2026-02-28 14:19:25 +00:00

feat: merge upstream dev branch 965482a1e4

- Add Gluetun dynamic VPN-to-HTTP proxy provider
   - Add remote services and authentication system
   - Add country code utilities
   - Add Docker binary detection
   - Update proxy providers

added config.py changes 8aec80246a

Replace ffmpeg string with FFMPEG variable 197fe76f7a

Troubleshooting some string overlap 450cde7c80

feat(debug): add comprehensive debug logging for downloaders and muxing 17a91ee4bb

fix(util): improve test command error detection and add natural sorting ede38648db

fix(vaults): batch bulk key operations to avoid query limits 7e7bc7aecf

fix(titles): detect HDR10 in hybrid DV filenames correctly fcd70e5b0f

Hybrid DV+HDR10 files were named "DV.H.265" instead of "DV.HDR.H.265" because the HDR10 detection only checked hdr_format_full which contains "Dolby Vision / SMPTE ST 2094". The "HDR10" indicator is in hdr_format_commercial, not hdr_format_full.

Now checks both fields for HDR10 compatibility indicators.

Revert "fix(vaults): batch bulk key operations to avoid query limits" 6740dd3dfa

This reverts commit 7e7bc7aecf.

fix(vaults): adaptive batch sizing for bulk key operations 415544775b

feat(drm): add CDM-aware PlayReady fallback detection a7b6e9e680

Add PlayReady PSSH/KID extraction from track and init data with CDM-aware ordering. When PlayReady CDM is selected, tries PlayReady first then falls back to Widevine. When Widevine CDM is selected (default), tries Widevine first then falls back to PlayReady.

chore(release): bump version to 2.2.0 d1d3daf750

fix(drm): correct PSSH system ID comparison in PlayReady 44acfbdc89

Remove erroneous `.bytes` accessor from PSSH.SYSTEM_ID comparisons in from_track() and from_init_data() methods. The pyplayready PSSH.SYSTEM_ID is already the correct type for comparison with parsed PSSH box system_ID values.

fix(dash): handle placeholder KIDs and improve DRM init from segments b01fc3c8d1

- Add CENC namespace support for kid/default_KID attributes
- Detect and replace placeholder/test KIDs in Widevine PSSH:
  - All zeros (key rotation default)
  - Sequential 0x00-0x0f pattern
  - Shaka Packager test pattern
- Change DRM init condition from `not track.drm` to `init_data` to ensure DRM is always re-initialized from init segments

Fixes issue where Widevine PSSH contains placeholder KIDs while the real KID is only in ContentProtection default_KID attributes.

fix(dash): handle N_m3u8DL-RE merge and decryption a01f335cfc

- Add skip_merge flag for N_m3u8DL-RE to prevent duplicate init data
- Pass content_keys to N_m3u8DL-RE for internal decryption handling
- Use shutil.move() instead of manual merge when skip_merge is True
- Skip manual decryption when N_m3u8DL-RE handles it internally

Fixes audio corruption ("Box 'OG 2' size is too large") when using N_m3u8DL-RE with DASH manifests that have SegmentBase init data. The init segment was being written twice: once by N_m3u8DL-RE during its internal merge, and again by dash.py during post-processing.

fix(drm): include shaka-packager binary in error messages d0cefa9d58

fix(subs): strip whitespace from ASS font names 18b0534020

Use removeprefix instead of removesuffix and add strip() to handle ASS subtitle files that have spaces after commas in Style definitions.

Fixes #57

feat(config): add unicode_filenames option to preserve native characters 68ad76cbb0

Add config option to disable ASCII transliteration in filenames, allowing preservation of Korean, Japanese, Chinese, and other native language characters instead of converting them via unidecode.

Closes #49

fix(subs): handle negative TTML values in multi-value attributes aec3333888

The previous regex only matched negative size values when they were the entire quoted attribute (e.g., "-5%"). This failed for multi-value attributes like tts:extent="-5% 7.5%" causing pycaption parse errors.

The new pattern matches negative values anywhere in the text and preserves the unit during replacement.

Closes #47

fix(drm): filter Widevine PSSH by system ID instead of sorting 4e11f69a58

The previous sorting approach crashed with KeyError when unsupported DRM systems were present in the init segment. Now uses direct filtering

fix(subs): handle WebVTT cue identifiers and overlapping multi-line cues e99cfddaec

Some services use WebVTT files with:
- Cue identifiers (Q0, Q1, etc.) before timing lines that pysubs2/pycaption incorrectly parses as subtitle text
- Multi-line subtitles split into separate cues with 1ms offset times and different line: positions (e.g., line:77% for top, line:84% for bottom)

Added detection and sanitization functions:
- has_webvtt_cue_identifiers(): detects cue identifiers before timing
- sanitize_webvtt_cue_identifiers(): removes problematic cue identifiers
- has_overlapping_webvtt_cues(): detects overlapping cues needing merge
- merge_overlapping_webvtt_cues(): merges cues sorted by line position

chore(release): bump version to 2.3.0 abd8fc2eb9

fix(subs): update SubtitleEdit CLI syntax and respect conversion_method 90a7db2e46

- Use lowercase format names (subrip, webvtt, advancedsubstationalpha) to match SubtitleEdit 4.x CLI requirements
- Change /Convert to /convert for consistency with CLI docs
- Convert Path objects to strings explicitly for subprocess calls
- Respect conversion_method config in SDH stripping - skip SubtitleEdit when user has set pysubs2/pycaption/subby as their preferred method
- Add stderr suppression to SubtitleEdit calls

fix(n_m3u8dl_re): include language in DASH audio track selection 477fd7f2eb

When DASH manifests have multiple audio AdaptationSets with the same representation IDs (e.g., both English and Japanese having id="0"), N_m3u8DL-RE would download the same track twice.

Now includes the language alongside the ID in selection args to properly disambiguate tracks across adaptation sets.

fix(hls): prefer media playlist keys over session keys for accurate KID matching 766447cd71

Session keys from master playlists often contain PSSHs with multiple KIDs covering all tracks, causing licensing to return keys for wrong KIDs.

Changes:
- Unified DRM licensing logic for all downloaders
- Prefer media playlist EXT-X-KEY tags which contain track-specific KIDs
- Add filter_keys_for_cdm() to select keys matching configured CDM type
- Add get_track_kid_from_init() to extract KID from init segment with fallback to drm.kid from PSSH
- Track initial_drm_key to prevent double-licensing on first segment
- Simplify n_m3u8dl_re block to reuse common licensing flow
- Use strict PlayReady keyformat matching via PR_PSSH.SYSTEM_ID URN instead of loose substring match
- Fix PlayReady keyformat comparisons that incorrectly compared strings to PlayReadyCdm class
- Fix byterange header format in get_track_kid_from_init() to use HLS.calculate_byte_range()

Also fixes PlayReady keyformat matching in:
- unshackle/core/tracks/track.py
- unshackle/core/drm/playready.py

Fixes download failures where track_kid was null or mismatched, causing wrong content keys to be obtained during PlayReady/Widevine licensing.

fix(deps): upgrade vulnerable dependencies for security alerts 71bbb27d47

- urllib3: 2.5.0 -> 2.6.3 (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441)
- aiohttp: 3.13.2 -> 3.13.3 (8 CVEs including CVE-2025-69223, CVE-2025-69227)
- fonttools: 4.60.1 -> 4.61.1 (CVE-2025-66034)
- filelock: 3.19.1 -> 3.20.3 (CVE-2025-68146, CVE-2026-22701)
- virtualenv: 20.34.0 -> 20.36.1 (CVE-2026-22702)

Merge branch 'main' into main 28b91fddd3

Fix 9cd67568d2

Fix 2 b384139b41

chore(release): bump version to 2.3.1 eaad0e3cc2

Fix Hybrid f3cc1d080e

Fix n_m3u8dl_re 3c049a1fc0

fix(serve): use correct pywidevine users config format 9463870da7

pywidevine's serve module expects users to be a dict mapping secret keys to user objects with devices and username, not a simple list.
This was causing TypeError when accessing CDM endpoints.

add WVTT (WebVTT in MP4) subtitle converter for subby (#61 ) a60247f485

* chore(deps): update subby to 0.3.27

* fix(subs): add WVTT (WebVTT in MP4) subtitle converter for subby

- Use WVTTConverter if self.codec == Subtitle.Codec.fVTT
- Read or save files as Paths instead of strings to avoid AttributeErrors
- Add CommonIssuesFixer when stripping SDH
- Set Subtitle.Codec.fVTT to use subby if conversion_method == "auto"
- Silence the underlying srt library logging used by subby to avoid info messages being printed to console

Merge pull request #53 from CodeName393/main 73a4bf8764

Merging after code review - fixes binary path handling

Merge pull request #46 from MasterOfKay/main acbb92bb82

Merging dash-naming feature - adds optional dash separator format for filenames

fix(cdm): correct error key casing in Decrypt Labs API response parsing f0bae6d6b4

The API returns error details with capital "Error" key, but the code was checking for lowercase "error", causing error details to be ignored.

Merge branch 'main' into dev af49560345

feat(titles): use track source attribute for service name in filenames b8e2f3da3f

Allow services to set a custom `source` attribute on tracks, which will be used in the filename instead of the service class name.

perf(aria2c): improve download performance with singleton manager 6b90a19632

- Use singleton _Aria2Manager to reuse one aria2c process via RPC
- Add downloads via aria2.addUri instead of stdin input file
- Track per-GID byte-level progress (completedLength/totalLength)
- Add thread-safe operations with threading.Lock
- Enable graceful cancellation by removing individual downloads via RPC

fix(api): validate Bearer prefix before extracting API key 0c7d20c943

The replace("Bearer ", "") approach returned the full Authorization header value when the prefix was not present, incorrectly treating other auth schemes (e.g., "Basic xyz") as API keys.

refactor(remote_auth): remove unused requests.Session 6f5f25fa9b

The session was created with headers but never used. The class saves sessions locally via the cache rather than uploading to a remote server.

feat(debug): add download output verification logging e3767716f3

Add comprehensive debug logging to diagnose N_m3u8DL-RE download failures where the process exits successfully but produces no output files.

feat: Gluetun VPN integration and remote service enhancements e77f000494

Major features:
- Native Docker-based Gluetun VPN proxy provider with multi-provider support
  (NordVPN, Windscribe, Surfshark, ExpressVPN, and 50+ more)
- Stateless remote service architecture with local session caching
- Client-side authentication for remote services (browser, 2FA, OAuth support)

Key changes:
- core/proxies/windscribevpn.py: Enhanced proxy handling
- core/crypto.py: Cryptographic utilities
- docs/VPN_PROXY_SETUP.md: Comprehensive VPN/proxy documentation

feat(gluetun): improve VPN connection display and Windscribe support 4b30090d87

refactor: remove remote-service code until feature is more complete 91a2d76f88

Temporarily removes client-side remote service discovery and authentication until the implementation is more fleshed out and working.

feat(serve): add PlayReady CDM support alongside Widevine 98d579dc9b

feat(cdm): add remote PlayReady CDM support via pyplayready RemoteCdm 4b1d938b49

fix(subs): route pycaption-unsupported formats to pysubs2 in auto mode cf537891f7

fix(serve): correct PlayReady RemoteCDM server validation ab762fc81f

fix(n_m3u8dl_re): remove duplicate --write-meta-json argument causing download failures b72a5dd84a

fix(proxies): Fixes WindscribeVPN server authentication a96bc9e4a6

fix(manifests): correct DRM type selection for remote PlayReady CDMs 8c8c9368ba

HLS: Filter segment keys by CDM type during aria2c merge phase to prevent incorrect Widevine selection when using PlayReady-only CDMs. The merge phase now uses filter_keys_for_cdm() before get_supported_key(), matching the pattern used in initial licensing.

DASH: Extend PlayReady CDM detection to include remote CDMs with is_playready attribute, not just native PlayReadyCdm instances. This ensures correct DRM extraction order from init_data when using remote PlayReady CDMs.

Merge pull request #64 from Aerglonus/dev 55bc2b16ee

fix(proxies): Fixes WindscribeVPN server authentication

Revert "Merge pull request #64 from Aerglonus/dev" 385fcb2752

This reverts commit 55bc2b16ee, reversing
changes made to 8c8c9368ba.

fix(proxy): remove regional restrictions from WindscribeVPN e2b65cef4a

OpenVPN credentials now work reliably on all regions, not just US, AU, and NZ. Remove the supported_regions check that was blocking other country codes.

Merge remote-tracking branch 'origin/main' into dev d2d86fa6b7

Merge branch 'main' into dev f852a43e7f

fix(proxy): collect servers from all locations in WindscribeVPN c352884c17

Previously get_random_server only collected servers from the first location matching a country code. Now it collects from all matching locations before selecting randomly.

docs: add configuration documentation WIP 5cf488cb34

feat(env): add ML-Worker binary for DRM licensing caf67a6998

fix(downloader): correct progress bar tracking for segmented downloads ef338f0124

Use segmented=True when downloading multiple URLs to prevent inner downloads from overriding the total segment count, which caused the progress bar to always appear green (finished state).

This is still WIP so will continue to monitor.

feat(drm): add MonaLisa DRM support to core infrastructure 3fcad1aa01

- Add MonaLisaCDM class wrapping wasmtime for key extraction
- Add MonaLisa DRM class with decrypt_segment() for per-segment decryption
- Display Content ID and keys in download output (matching Widevine/PlayReady)
- Add wasmtime dependency for WASM module execution

fix(binaries): search subdirectories for binary files d4328f0eb7

Allow binaries to be found in subdirectories of the binaries folder.

feat(video): detect interlaced scan type from MPD manifests d0d8044fb3

fix(dash): handle high startNumber in SegmentTimeline for DVR manifests 6dd1ce6df9

When a DASH manifest has a high startNumber (common in DVR/catch-up content from live streams), the segment range calculation would produce an empty range because end_number was set to len(segment_durations) rather than being offset by startNumber.

fix(binaries): search subdirectories for binary files a07191ac4f

Allow binaries to be found in subdirectories of the binaries folder.

fix(drm): hide Shaka Packager message for MonaLisa decryption ecedcb93eb

Merge branch 'feat/monalisa-drm' into dev 84466e12de

fix(dash): add CENC namespace support for PSSH extraction cc55fd8922

Some MPD manifests use the cenc: namespace prefix for PSSH elements (e.g., <cenc:pssh>) instead of non-namespaced <pssh>. This caused DRM extraction to fail for services.

- Add {urn:mpeg:cenc:2013}pssh fallback for Widevine PSSH extraction
- Add {urn:mpeg:cenc:2013}pssh fallback for PlayReady PSSH extraction

fix(dash): preserve MPD DRM instead of overwriting from init segment 1cde8964c1

The init_data DRM extraction was unconditionally overwriting DRM already extracted from MPD ContentProtection elements. This caused failures when init segments contain malformed PSSH data while the MPD has valid PSSH.

Now only falls back to init_data extraction when no DRM was found from the manifest, matching the behavior in version 2.1.0.

feat(audio): codec lists and split muxing 5b9be075de

Merge branch 'quiet-sleeping-crane' into dev 64875e8371

fix(subtitles): preserve sidecar originals cacb695093

Use original subtitle files for sidecar output while keeping muxed conversion behavior.

Fixes #59

docs(changelog): add 2.4.0 release notes b70c350d0b

fix(mux): avoid audio codec suffix on split-audio outputs c83b7a853e

fix(dl): prevent attachment downloads during --skip-dl a6494d9b54

Set DOWNLOAD_LICENCE_ONLY earlier in the download command so services build tracks in license-only mode.

Update Attachment URL handling to avoid eager downloads in license-only mode while keeping metadata, stable IDs, and safe cleanup behavior.

HDR Vivid 289c8a3b23

HDR Vivid 5b50a6cd79

Fix 9e194f4868

Merge pull request #69 from CodeName393/HDR-Vivid-File-Name-Processing 207756c090

Fixed HDR Vivid showing the file name Range as 'None'

fix(progress): force track bar completion on terminal states 6186ff764b

feat(proxy): add specific server selection for WindscribeVPN 5fae23eb99

fix(progress): bind per-track bars and force terminal completion b16610ac63

Fix Missing HLS Curl Session Processing 3fa4a81a39

Merge pull request #70 from CodeName393/Missing-HLS-Curl-Session-Processing 58903c7b14

Fix Missing HLS Curl Session Processing

fix(dl): keep descriptive and standard audio for requested langs 939ca25c5b

When --audio-description is set, keep standard selections and include descriptive tracks for requested languages, including --a-lang with orig and best selection paths.

Fixes #72

Remove hybrid havc temp file 8f0b9eafd7

Add a hybrid track to the track processing list to fix the problem that the hybrid-processed hevc file remains in the temp folder.

chore(api): remove remote services 2308644374

Merge pull request #75 from CodeName393/Remove-hybrid-havc-temp-file 001d15e651

Remove hybrid havc temp file

fix(dl): always clean up hybrid temp hevc outputs 57918cd2a3

Merge branch 'fix/hybrid-temp-cleanup' 3eede98376

fix(hls): finalize n_m3u8dl_re outputs ace89760e7

- Add a small helper to move N_m3u8DL-RE final outputs into the expected temp path (preserve actual suffix) and keep subtitle codec consistent with the produced file.
- Skip generic HLS segment merging when N_m3u8DL-RE is in use to avoid mixing in sidecar files and reduce Windows file-lock issues.
- Harden segmented WebVTT merging to avoid IndexError when caption segment indexes exceed the provided duration list.

fix(downloader): restore requests progress for single-url downloads 03c309303c

chore(release): bump version to 2.4.0 62aa85c666

docs(changelog): complete 2.4.0 notes a66234190c

docs(changelog): update cliff config and regenerate changelog 6f3aafebc5

merge commit filtering, deduplication, granular chore parsing, and regenerate CHANGELOG.md using git-cliff.

Merge branch 'dev' of https://github.com/unshackle-dl/unshackle into dev e50dd3f2bc

# Conflicts:
#	CHANGELOG.md

fix(dl): invert audio codec suffixing when splitting de41395a45

fix(dl): support snake_case keys for RemoteCdm 4bc2e93d09

Use safe get() fallbacks for RemoteCdm config keys and default security_level to 3000 to avoid KeyError when snake_case is used.

fix(aria2c): warn on config mismatch and wait for RPC ready c7d4a68cbf

When ensure_started() is called while aria2c is already running, it now compares the requested proxy/max_workers against the values the process was started with and logs a warning if they differ (since the running process cannot be reconfigured in-place). Startup no longer uses a fixed sleep; instead it probes the JSON-RPC endpoint with a bounded retry loop (aria2.getVersion) and only proceeds once RPC is responsive, terminating the subprocess and raising on timeout.

fix(serve)!: make PlayReady users config consistently a mapping 0b9a3a75f8

Ensure playready_config['users'] and API-only config always use a dict, even under --no-key, to avoid type mismatches.

Also stop implicitly granting PlayReady access by defaulting per-user 'playready_devices' to all devices; missing 'playready_devices' now defaults to an empty list and logs a warning including the user key.

BREAKING CHANGE: users without an explicit 'playready_devices' list no longer get access to all PlayReady devices by default.

fix(dl): preserve proxy_query selector (not resolved URI) 774b9ba96c

fix(gluetun): stop leaking proxy/vpn secrets to process list a04f1ad4db

- Switch docker run to use a temporary --env-file instead of per-var -e flags\n- Ensure temp env file is always removed (best-effort overwrite + unlink)\n- Tighten _is_container_running to exact-name matching via anchored docker filter\n- Close requests.Session used for IP verification to release connections\n- Redact more secret-like env keys in debug logs\n

fix(monalisa): avoid leaking secrets and add worker safety 6c83790834

- Pass ML-Worker key via env/stdin instead of argv to reduce exposure in process listings/logs.

- Add a hard timeout to the ML-Worker subprocess call and convert timeouts into DecryptionFailed errors.

- Make ticket bytes decoding defensive: try UTF-8, fall back to ASCII (base64), otherwise raise a descriptive ValueError.

fix(dl): avoid selecting all variants when multiple audio codecs requested d404f213b1

When --a-lang is specific (not best/all) and multiple codecs are requested via -a/--acodec, select only the best-bitrate track per codec per language (plus descriptive if --audio-description).

Blame: regression introduced by 939ca25 (fix(dl): keep descriptive and standard audio for requested langs).

fix(hls): keep range offset numeric and align MonaLisa licensing 96411e5d7d

- Parse init section byterange offset as int to avoid string arithmetic bugs

- Wrap MonaLisa licensing in the same progress + error handling flow as Widevine/PlayReady

fix(titles): remove trailing space from HDR dynamic range label 44ea9a90a7

fix(config): normalize playready_remote remote_cdm keys 29f0e4eee8

fix(titles): avoid None/double spaces in HDR tokens 425b3764f4

Ensure dynamic-range tokens use safe fallback when not in DYNAMIC_RANGE_MAP and append exactly one space-separated token without trailing/double spaces.

fix(naming): keep technical tokens with scene_naming off d576174f62

Title filenames now include resolution/service/WEB-DL/codecs/HDR tokens in both modes; scene_naming only changes the spacer ('.' vs ' ').

Also avoid overwriting muxed outputs by disambiguating on collision (append codec suffix when needed, then a numeric suffix).

docs(config): clarify sdh_method uses subtitle-filter ee8f7cb650

fix(api): log PSSH extraction failures 71adee4ec6

fix(proxies): harden surfshark and windscribe selection 984a8b9efa

fix(service): redact proxy credentials in logs b9fb928292

Proxy URIs may contain embedded userinfo (username/password). Add a small sanitizer helper and use it for proxy mapping and proxy selection logs to avoid leaking credentials.

feat(cdm): normalize CDM detection for local and remote implementations 6b8a8ba8a8

Add unshackle.core.cdm.detect helpers to classify CDMs consistently across local and remote backends.

- Add is_playready_cdm/is_widevine_cdm for DRM selection across pyplayready, pywidevine, and wrappers

- Add is_remote_cdm/is_local_cdm/cdm_location so services can branch on CDM execution location

- Switch core DASH/HLS parsing, track DRM selection, and dl CDM switching away from brittle isinstance/DecryptLabs-only checks

- Make unshackle.core.cdm import-light via lazy __getattr__ so optional CDM deps are only imported when needed

fix(monalisa): harden wasm calls and license handling 5f49663ea8

- Validate _monalisa_context_alloc return and cleanup on init failure
- Derive deterministic KID when DCID missing to avoid collisions
- Ensure stackRestore always runs via try/finally in _ccall
- Log base64 decode failures without leaking license contents
- Add bounds/alignment checks for i32 memory writes

fix(hls): remove no-op encryption_data reassignment 5650c2b591

revert(monalisa): pass key via argv again 5fa0b33664

Reverts the env/stdin key passing change introduced in 6c83790, since ML-Worker builds in use expect the key as argv[1].

fix(serve): default PlayReady access to none c5b063391c

Remove unreachable fallback to all devices; if a user has no explicit playready_devices configured, the PlayReady subapp receives an empty list (secure-by-default).

fix(tracks): close temp session and improve path type error 29a697a8e7

feat(HLS): improve audio codec handling with error handling for codec extraction 3ee554401a

fix(main): update copyright year dynamically in version display 132d3549f9

feat(tracks): prioritize Atmos audio tracks over higher bitrate non-Atmos 23cc351f77

chore(release): bump version to 3.0.0 bf9087a1ce

BREAKING CHANGE: PlayReady users without explicit playready_devices no longer get access to all devices by default.

Key changes:
- feat(drm): add MonaLisa DRM support to core infrastructure
- feat(cdm): add remote PlayReady CDM support via pyplayready RemoteCdm
- feat(serve): add PlayReady CDM support alongside Widevine
- feat(gluetun): Gluetun VPN integration and Windscribe support
- feat(audio): codec lists and split muxing
- feat(tracks): prioritize Atmos audio tracks over higher bitrate non-Atmos
- feat(video): detect interlaced scan type from MPD manifests
- feat(cdm): normalize CDM detection for local and remote implementations
- fix(serve)!: make PlayReady users config consistently a mapping
- 50+ additional bug fixes across HLS/DASH, proxies, subtitles, and more

fix(n_m3u8dl_re): pass all content keys for DualKey DRM decryption cee7d9a75f

This pull request has changes conflicting with the target branch.

CHANGELOG.md
pyproject.toml
unshackle/commands/dl.py
unshackle/commands/serve.py
unshackle/core/__init__.py
unshackle/core/__main__.py
unshackle/core/api/download_manager.py
unshackle/core/api/handlers.py
unshackle/core/api/routes.py
unshackle/core/binaries.py

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin update-unshackle:update-unshackle

git checkout update-unshackle

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: unshackle-dl/unshackle#3