Skip to content

ExoSnap 0.4.0

Choose a tag to compare

@Exoridus Exoridus released this 18 Jun 23:22
Immutable release. Only release title and notes can be modified.
45f2037

Summary

ExoSnap 0.4.0 is the crash reporting and updates release. It adds local-first crash capture
(out-of-process Crashpad), a privacy-scrubbed and consent-gated crash report surfaced on the next
launch after a crash, two-stage crash delivery (an assisted GitHub issue, or an automated opt-in
upload to Sentry with EU data residency), and an update system with Stable and Preview channels that
verifies a signed manifest (ed25519 via Monocypher + SHA-256) and notifies you when a newer release
is available.

The presence layer from 0.3.0 (capture-excluded overlays, tray icon, notification toasts) and the
reliability foundation from 0.2.0 (MKV + MP4-via-remux, crash recovery, low-disk guard, MP4 split)
ship unchanged as the base.

This is a pre-v1 preview. Settings, preset, and recording-history file formats are not frozen and
may change incompatibly before 1.0.0.


Highlights

Local-first crash capture

  • Out-of-process crash capture via Crashpad (sentry-native). The handler runs outside the app so
    it survives a hard crash of the recorder process.
  • Crash detection is next-launch. ExoSnap writes a clean-exit marker and a per-session sidecar
    (last_session.json). If the previous session did not exit cleanly, the next launch surfaces a
    crash dialog after the recovery overlay. No client-side minidump parsing — stacks are
    symbolicated server-side from PDBs.
  • The crash dialog shows exactly what would be sent (privacy-scrubbed context) and never sends
    anything without an explicit choice.

Consent-gated, two-stage crash delivery

  • Stage 0 — assisted GitHub issue. Always available. Prefills a GitHub issue with the scrubbed
    context so you can review and submit it yourself. No account linkage beyond your own GitHub action.
  • Stage 1 — automated opt-in upload to Sentry. EU data residency (.de ingest), DPA-governed.
    The Sentry DSN is compiled in only under the official-build gate, so self-built binaries never
    upload. Consent is required (require_user_consent); logs are disabled in release.
  • Privacy scrubbing (allowlist). Only OS/build, GPU + driver, app version, encoder backend,
    container + codec, and the stack/minidump are included. User names, file paths, machine names, and
    recording file names are scrubbed. The crash database lives under
    %LOCALAPPDATA%\ExoSnap\crashes.

Update checking (Stable / Preview)

  • Checks public GitHub Releases (no token) for a newer version on the selected channel and
    notifies you in-app with an UpdateAvailable toast.
  • Notify + open releases page. ExoSnap does not download, install, or restart on its own;
    in-place auto-update is deferred. A recording-in-progress guard prevents update prompts from
    interfering with an active session.
  • Signed manifest verification. The manifest is verified with an ed25519 signature
    (vendored Monocypher 4.0.2, RFC-8032 / SHA-512 verify-only) plus a SHA-256 package hash.
    Downgrades below the minimum version are rejected (rollback protection).
  • Update checking is off by default for self-built binaries (the official public key must be
    embedded) and requires no GitHub token in the client.

Release plumbing

  • A CI job validates the heavy crash-capture ON build (EXOSNAP_ENABLE_CRASH_CAPTURE=ON) and
    confirms crashpad_handler.exe is staged.
  • crashpad_handler.exe is packaged into the portable ZIP and MSI; PDB symbols are archived per
    release for server-side symbolication.

Fixes and internal changes

  • ed25519 verification switched to vendored Monocypher 4.0.2 (crypto_ed25519_check,
    RFC-8032 / SHA-512) — replaces a hand-written ref10 variant; pinned with per-file SHA-256 in
    THIRD_PARTY_NOTICES, dual CC0-1.0 / BSD-2 (GPL-compatible). 34 update tests including RFC vectors.
  • ON + official build fixes (release blockers): FetchContent-relative third-party license paths
    (${<dep>_SOURCE_DIR}) so FETCHCONTENT_BASE_DIR works for the Crashpad MAX_PATH workaround; a
    valid public-key length check (CMake has no {n} regex quantifier — switched to a string(LENGTH)
    check).
  • Build/include-order fix in crash_scrubber.cpp / package_verifier.cpp (C4005 PASCAL/bcrypt
    under Ninja + MSVC /WX); Monocypher excluded from cppcheck.
  • libs/update tests explicitly registered (the project uses bare enable_testing()), and the
    update service version is sourced from exosnap::build::kVersion.
  • PRIVACY.md updated: Stage 1 present and opt-in; the stale "planned — not present" block removed.
  • Version: canonical version bumped to 0.4.0 in project(exosnap VERSION 0.4.0) (root
    CMakeLists.txt); all derived metadata (VERSIONINFO, About surface, artifact names) update
    automatically.
  • KNOWN_LIMITATIONS.md updated: crash reporting and updates section added; the deferred-features
    list moved from the 0.3.0 boundary to the 0.4.0 boundary.

Known limitations

See KNOWN_LIMITATIONS.md (shipped with the package) for the full current boundary.

  • Crash detection is next-launch only — an immediate in-session crash reporter (Crash A2) is
    deferred past 0.4.0.
  • Stage 1 upload is official-builds only — self-built binaries never upload (Stage 0 is always
    available).
  • Automated symbol upload not yet wiredsentry-cli PDB upload is pending an auth token;
    symbols are archived per release in the meantime.
  • Update is notify + manual download — no in-place download, no auto-install, no silent restart.
  • No code signing (portable ZIP and MSI both unsigned); Windows SmartScreen may warn on first
    launch. Update integrity is provided by the ed25519-signed manifest, not Authenticode.
  • NVIDIA NVENC only — no AMD/Intel/software encoding fallback.
  • No HDR10 / 10-bit pipeline (8-bit 4:2:0 only). HEVC, PCM, and FLAC are not implemented.
  • No built-in editor, trimming, or Quick Trim. No Replay Buffer.
  • Display identity uses the GDI device name and may be reassigned on a monitor topology change;
    re-select a saved Region/Display target after a reboot or reconnect. Hot-swap during recording is
    not supported.

Supported formats (0.4.0)

Container Video Audio Notes
MKV (default) AV1, H.264 (NVENC) Opus, AAC-LC Crash-tolerant recording format; split supported
WebM AV1 (NVENC) Opus Split supported
MP4 AV1, H.264 (NVENC) AAC-LC Remuxed from MKV on stop; split supported

HEVC, PCM, and FLAC are not implemented. Exact codec availability depends on your GPU generation,
driver, and the selected container/codec combination; invalid combinations are not offered.


Pre-v1 notice

ExoSnap 0.4.0 is a pre-v1 preview. Configuration, preset, and recording-history file schemas are
not frozen and may change in incompatible ways before 1.0.0. Keep your own backups of presets you
care about.


Install

Portable ZIP and MSI are attached to this release. The portable build needs no installer — extract
the ExoSnap-0.4.0-windows-x64-portable folder and run exosnap.exe. The Microsoft Visual C++
2022 x64 Redistributable
is required (usually already present); the WinGet package installs it
automatically, other distributions do not bundle it. Neither artifact is code-signed; Windows
SmartScreen may warn on first launch.

Verify a download with Get-FileHash <file> -Algorithm SHA256 against the published .sha256
sidecar.


Reporting issues

Please open an issue at https://github.com/Exoridus/exosnap/issues. Including your Windows version,
GPU model, NVIDIA driver version, and the startup log (%TEMP%\exosnap-recorder-app-startup.log)
helps a lot. If ExoSnap crashed, the next-launch crash dialog can prefill an issue for you (Stage 0).


ExoSnap is licensed under GPL-3.0-or-later. Third-party component licenses are listed in
THIRD_PARTY_NOTICES.md, with full texts under licenses/. The bundled FFmpeg libraries are
LGPL-2.1 dynamically linked builds from
Exoridus/exosnap-ffmpeg-build; see
licenses/ffmpeg.txt for the full text.