v1.6.0

Reliability fixes driven by a real-world YouTube run inside a Linux sandbox: bot detection on cloud IPs, the 256 KB manifest Read limit, and transcript gaps on locally-downloaded files.

Added

• Android-first YouTube downloads. For public YouTube URLs, download.py now leads with the android player client, which bypasses YouTube's n-challenge without a JavaScript runtime and avoids the 403s the default web client hits from server/cloud IPs. If it can't produce a usable video, it retries once with the web client. When cookies are supplied, the authenticated web session is honored instead (the android client ignores cookies).
• --captions-only retrofit mode. process.py --captions-only --source <url> --out-dir <dir> fetches auto-subtitles and writes transcript.txt without re-downloading or re-extracting the video, then patches any existing manifest(_lite).json transcript fields (including per-chunk slices). This recovers a transcript for an output directory whose video was processed from a separately downloaded local file.

Changed

• Slimmer manifest_lite.json. The lite manifest no longer carries per-frame arrays. On long videos those could push it past the 256 KB Read-tool limit. select_frames.py now transparently loads the full manifest.json to read frame paths, so the existing invocation keeps working.
• Download cache lease is always released. The pipeline runs cache cleanup in a finally, so a failed download can't leave an .in_use lease protecting a cache entry until its TTL.
• Auth-aware cache reuse. A cached anonymous download is no longer served to a later cookie-authenticated request for the same URL.

Docs

SKILL.md and the README document the android-first fallback, the --cookies-from-browser same-OS caveat (run yt-dlp host-side in a sandbox), the preference for pip/pipx yt-dlp over a frozen binary, the --captions-only recovery step, and the real chunk schema field names.

Full Changelog: v1.5.0...v1.6.0