ExoSnap 0.4.0
Summary
ExoSnap 0.4.0 is the crash reporting and updates release. It adds local-first crash capture
(out-of-process Crashpad), a privacy-scrubbed and consent-gated crash report surfaced on the next
launch after a crash, two-stage crash delivery (an assisted GitHub issue, or an automated opt-in
upload to Sentry with EU data residency), and an update system with Stable and Preview channels that
verifies a signed manifest (ed25519 via Monocypher + SHA-256) and notifies you when a newer release
is available.
The presence layer from 0.3.0 (capture-excluded overlays, tray icon, notification toasts) and the
reliability foundation from 0.2.0 (MKV + MP4-via-remux, crash recovery, low-disk guard, MP4 split)
ship unchanged as the base.
This is a pre-v1 preview. Settings, preset, and recording-history file formats are not frozen and
may change incompatibly before 1.0.0.
Highlights
Local-first crash capture
- Out-of-process crash capture via Crashpad (sentry-native). The handler runs outside the app so
it survives a hard crash of the recorder process. - Crash detection is next-launch. ExoSnap writes a clean-exit marker and a per-session sidecar
(last_session.json). If the previous session did not exit cleanly, the next launch surfaces a
crash dialog after the recovery overlay. No client-side minidump parsing — stacks are
symbolicated server-side from PDBs. - The crash dialog shows exactly what would be sent (privacy-scrubbed context) and never sends
anything without an explicit choice.
Consent-gated, two-stage crash delivery
- Stage 0 — assisted GitHub issue. Always available. Prefills a GitHub issue with the scrubbed
context so you can review and submit it yourself. No account linkage beyond your own GitHub action. - Stage 1 — automated opt-in upload to Sentry. EU data residency (
.deingest), DPA-governed.
The Sentry DSN is compiled in only under the official-build gate, so self-built binaries never
upload. Consent is required (require_user_consent); logs are disabled in release. - Privacy scrubbing (allowlist). Only OS/build, GPU + driver, app version, encoder backend,
container + codec, and the stack/minidump are included. User names, file paths, machine names, and
recording file names are scrubbed. The crash database lives under
%LOCALAPPDATA%\ExoSnap\crashes.
Update checking (Stable / Preview)
- Checks public GitHub Releases (no token) for a newer version on the selected channel and
notifies you in-app with anUpdateAvailabletoast. - Notify + open releases page. ExoSnap does not download, install, or restart on its own;
in-place auto-update is deferred. A recording-in-progress guard prevents update prompts from
interfering with an active session. - Signed manifest verification. The manifest is verified with an ed25519 signature
(vendored Monocypher 4.0.2, RFC-8032 / SHA-512 verify-only) plus a SHA-256 package hash.
Downgrades below the minimum version are rejected (rollback protection). - Update checking is off by default for self-built binaries (the official public key must be
embedded) and requires no GitHub token in the client.
Release plumbing
- A CI job validates the heavy crash-capture ON build (
EXOSNAP_ENABLE_CRASH_CAPTURE=ON) and
confirmscrashpad_handler.exeis staged. crashpad_handler.exeis packaged into the portable ZIP and MSI; PDB symbols are archived per
release for server-side symbolication.
Fixes and internal changes
- ed25519 verification switched to vendored Monocypher 4.0.2 (
crypto_ed25519_check,
RFC-8032 / SHA-512) — replaces a hand-written ref10 variant; pinned with per-file SHA-256 in
THIRD_PARTY_NOTICES, dual CC0-1.0 / BSD-2 (GPL-compatible). 34 update tests including RFC vectors. - ON + official build fixes (release blockers): FetchContent-relative third-party license paths
(${<dep>_SOURCE_DIR}) soFETCHCONTENT_BASE_DIRworks for the Crashpad MAX_PATH workaround; a
valid public-key length check (CMake has no{n}regex quantifier — switched to astring(LENGTH)
check). - Build/include-order fix in
crash_scrubber.cpp/package_verifier.cpp(C4005 PASCAL/bcrypt
under Ninja + MSVC/WX); Monocypher excluded from cppcheck. libs/updatetests explicitly registered (the project uses bareenable_testing()), and the
update service version is sourced fromexosnap::build::kVersion.- PRIVACY.md updated: Stage 1 present and opt-in; the stale "planned — not present" block removed.
- Version: canonical version bumped to 0.4.0 in
project(exosnap VERSION 0.4.0)(root
CMakeLists.txt); all derived metadata (VERSIONINFO, About surface, artifact names) update
automatically. KNOWN_LIMITATIONS.mdupdated: crash reporting and updates section added; the deferred-features
list moved from the 0.3.0 boundary to the 0.4.0 boundary.
Known limitations
See KNOWN_LIMITATIONS.md (shipped with the package) for the full current boundary.
- Crash detection is next-launch only — an immediate in-session crash reporter (Crash A2) is
deferred past 0.4.0. - Stage 1 upload is official-builds only — self-built binaries never upload (Stage 0 is always
available). - Automated symbol upload not yet wired —
sentry-cliPDB upload is pending an auth token;
symbols are archived per release in the meantime. - Update is notify + manual download — no in-place download, no auto-install, no silent restart.
- No code signing (portable ZIP and MSI both unsigned); Windows SmartScreen may warn on first
launch. Update integrity is provided by the ed25519-signed manifest, not Authenticode. - NVIDIA NVENC only — no AMD/Intel/software encoding fallback.
- No HDR10 / 10-bit pipeline (8-bit 4:2:0 only). HEVC, PCM, and FLAC are not implemented.
- No built-in editor, trimming, or Quick Trim. No Replay Buffer.
- Display identity uses the GDI device name and may be reassigned on a monitor topology change;
re-select a saved Region/Display target after a reboot or reconnect. Hot-swap during recording is
not supported.
Supported formats (0.4.0)
| Container | Video | Audio | Notes |
|---|---|---|---|
| MKV (default) | AV1, H.264 (NVENC) | Opus, AAC-LC | Crash-tolerant recording format; split supported |
| WebM | AV1 (NVENC) | Opus | Split supported |
| MP4 | AV1, H.264 (NVENC) | AAC-LC | Remuxed from MKV on stop; split supported |
HEVC, PCM, and FLAC are not implemented. Exact codec availability depends on your GPU generation,
driver, and the selected container/codec combination; invalid combinations are not offered.
Pre-v1 notice
ExoSnap 0.4.0 is a pre-v1 preview. Configuration, preset, and recording-history file schemas are
not frozen and may change in incompatible ways before 1.0.0. Keep your own backups of presets you
care about.
Install
Portable ZIP and MSI are attached to this release. The portable build needs no installer — extract
the ExoSnap-0.4.0-windows-x64-portable folder and run exosnap.exe. The Microsoft Visual C++
2022 x64 Redistributable is required (usually already present); the WinGet package installs it
automatically, other distributions do not bundle it. Neither artifact is code-signed; Windows
SmartScreen may warn on first launch.
Verify a download with Get-FileHash <file> -Algorithm SHA256 against the published .sha256
sidecar.
Reporting issues
Please open an issue at https://github.com/Exoridus/exosnap/issues. Including your Windows version,
GPU model, NVIDIA driver version, and the startup log (%TEMP%\exosnap-recorder-app-startup.log)
helps a lot. If ExoSnap crashed, the next-launch crash dialog can prefill an issue for you (Stage 0).
ExoSnap is licensed under GPL-3.0-or-later. Third-party component licenses are listed in
THIRD_PARTY_NOTICES.md, with full texts under licenses/. The bundled FFmpeg libraries are
LGPL-2.1 dynamically linked builds from
Exoridus/exosnap-ffmpeg-build; see
licenses/ffmpeg.txt for the full text.