Merge branch 'develop' into ci/trivy-scan

Drop the push paths filter so secret and misconfig scans cover all file types
(YAML, JSON, native, scripts), not just JS/TS. Replace the per-run
github.run_id cache key with a weekly per-OS key, so the vulnerability DB is
reused within the week instead of writing a fresh immutable cache entry on
every run.

.github/workflows/detect-duplicate.yml

@@ -0,0 +1,38 @@
+name: 🔁 Detect Duplicate Issues
+
+on:
+  issues:
+    types: [opened]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: detect-duplicate-${{ github.event.issue.number }}
+  cancel-in-progress: true
+
+jobs:
+  detect:
+    name: 🔍 Find similar issues
+    if: github.actor != 'github-actions[bot]'
+    runs-on: ubuntu-24.04
+    permissions:
+      issues: write
+      contents: read
+    steps:
+      - name: 📥 Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: 🍞 Setup Bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version: latest
+
+      - name: 🔍 Detect duplicate issues
+        run: bun scripts/detect-duplicate-issue.mjs
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+          ISSUE_TITLE: ${{ github.event.issue.title }}
+          ISSUE_BODY: ${{ github.event.issue.body }}

.github/workflows/trivy-scan.yml

@@ -0,0 +1,60 @@
+name: 🛡️ Trivy Security Scan
+
+# Filesystem scan (Streamyfin ships no container image): finds vulnerable dependencies,
+# leaked secrets and misconfigurations, and reports them to GitHub code scanning.
+# Runs post-merge + weekly (not on PRs — dependency-review already gates PRs, and SARIF
+# upload needs a write token that fork PRs don't get).
+on:
+  push:
+    branches: [develop, master]
+  schedule:
+    - cron: "50 7 * * 5" # Weekly, Friday 07:50 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: trivy-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  trivy:
+    name: 🔎 Filesystem scan
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      security-events: write # upload SARIF to code scanning
+    steps:
+      - name: 📥 Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      # Rotate the DB cache weekly (matches the scheduled scan): cache hits within the week
+      # instead of a fresh immutable entry per run, still refreshing the DB every week.
+      - name: 🗓️ Compute weekly Trivy cache key
+        id: trivy-cache-key
+        run: echo "value=trivy-db-${{ runner.os }}-$(date -u +%G-%V)" >> "$GITHUB_OUTPUT"
+
+      - name: 💾 Cache Trivy vulnerability DB
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: ~/.cache/trivy
+          key: ${{ steps.trivy-cache-key.outputs.value }}
+          restore-keys: trivy-db-${{ runner.os }}-
+
+      - name: 🔎 Run Trivy filesystem scan
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
+        with:
+          scan-type: fs
+          scan-ref: .
+          scanners: vuln,secret,misconfig
+          ignore-unfixed: true
+          severity: CRITICAL,HIGH
+          format: sarif
+          output: trivy-results.sarif
+
+      - name: 📤 Upload results to code scanning
+        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        with:
+          sarif_file: trivy-results.sarif
+          category: trivy-fs

components/search/TVSearchPage.tsx

@@ -2,7 +2,7 @@ import type { BaseItemDto } from "@jellyfin/sdk/lib/generated-client/models";
 import { useAtom } from "jotai";
 import { useMemo } from "react";
 import { useTranslation } from "react-i18next";
-import { Platform, ScrollView, TextInput, View } from "react-native";
+import { ScrollView, View } from "react-native";
 import { useSafeAreaInsets } from "react-native-safe-area-context";
 import { Text } from "@/components/common/Text";
 import { TVDiscover } from "@/components/jellyseerr/discover/TVDiscover";
@@ -231,48 +231,26 @@ export const TVSearchPage: React.FC<TVSearchPageProps> = ({
           paddingTop: insets.top + TOP_PADDING,
         }}
       >
-        {/* Search bar: native tvOS SwiftUI `.searchable` on Apple TV, standard
+        {/* Native tvOS search field (SwiftUI `.searchable`, our `tv-search`
-            TextInput fallback on Android TV (the native module is Apple-only). */}
+            module). It renders the native search bar + grid keyboard and
-        {Platform.OS === "ios" ? (
+            forwards typed text into the existing query pipeline via setSearch;
-          <View
+            our own results grid renders below. */}
-            style={{
+        {/* No horizontal margin here: the native tvOS search bar centers itself
-              marginBottom: 24,
+            and renders a trailing "Hold to Dictate in <Language>" hint. Extra
-              height: SEARCH_AREA_HEIGHT,
+            margins squeeze the bar's width and clip that trailing hint, so let
-            }}
+            the native view span the full width and own its own insets. */}
-          >
+        <View
-            {/* No horizontal margin here: the native tvOS search bar centers
+          style={{
-                itself and renders a trailing "Hold to Dictate" hint. */}
+            marginBottom: 24,
-            <TvSearchView
+            height: SEARCH_AREA_HEIGHT,
-              style={{ width: "100%", height: "100%" }}
+          }}
-              placeholder={t("search.search")}
+        >
-              onChangeText={(e) => setSearch(e.nativeEvent.text)}
+          <TvSearchView
-            />
+            style={{ width: "100%", height: "100%" }}
-          </View>
+            placeholder={t("search.search")}
-        ) : (
+            onChangeText={(e) => setSearch(e.nativeEvent.text)}
-          <View
+          />
-            style={{
+        </View>
-              marginHorizontal: HORIZONTAL_PADDING,
-              marginBottom: 24,
-            }}
-          >
-            <TextInput
-              style={{
-                height: 56,
-                width: "100%",
-                backgroundColor: "#262626",
-                borderRadius: 12,
-                paddingHorizontal: 20,
-                fontSize: 28,
-                color: "#fff",
-              }}
-              placeholder={t("search.search")}
-              placeholderTextColor='rgba(255,255,255,0.4)'
-              onChangeText={setSearch}
-              defaultValue=''
-              autoFocus={false}
-            />
-          </View>
-        )}
       </View>
 
       <ScrollView

modules/tv-recommendations/android/src/main/AndroidManifest.xml

@@ -1,13 +1,10 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android">
-  <uses-permission android:name="com.android.providers.tv.permission.WRITE_EPG_DATA" />
   <application>
-    <receiver android:name=".TvRecommendationsReceiver" android:exported="true">
+    <receiver
+      android:name=".TvRecommendationsReceiver"
+      android:exported="true">
       <intent-filter>
         <action android:name="android.media.tv.action.INITIALIZE_PROGRAMS" />
-        <category android:name="android.intent.category.DEFAULT" />
-      </intent-filter>
-      <intent-filter>
-        <action android:name="android.media.tv.action.PREVIEW_PROGRAM_BROWSABLE_DISABLED" />
       </intent-filter>
     </receiver>
   </application>

modules/tv-recommendations/android/src/main/java/expo/modules/tvrecommendations/TvRecommendationsPublisher.kt

@@ -61,61 +61,31 @@ internal object TvRecommendationsPublisher {
 
   fun clear(context: Context): Boolean {
     val prefs = preferences(context)
+    val channelId = prefs.getLong(KEY_CHANNEL_ID, -1L)
+    val programIds = prefs.getString(KEY_PROGRAM_IDS, null)?.let(::JSONObject)
     val contentResolver = context.contentResolver
 
-    // KEY_PROGRAM_IDS is now { channelId: "{ providerId: programId }" }
+    if (programIds != null) {
-    val allProgramIds = prefs.getString(KEY_PROGRAM_IDS, null)?.let(::JSONObject)
-    if (allProgramIds != null) {
       var deletedPrograms = 0
-      val channelKeys = allProgramIds.keys()
+      val keys = programIds.keys()
-      while (channelKeys.hasNext()) {
+      while (keys.hasNext()) {
-        val channelIdStr = channelKeys.next()
+        val key = keys.next()
-        val programIdsJson = allProgramIds.optString(channelIdStr)
+        val programId = programIds.optLong(key, -1L)
-        if (programIdsJson.isBlank()) continue
+        if (programId > 0L) {
-
+          contentResolver.delete(
-        try {
+            TvContractCompat.buildPreviewProgramUri(programId),
-          val programIds = JSONObject(programIdsJson)
+            null,
-          val keys = programIds.keys()
+            null
-          while (keys.hasNext()) {
+          )
-            val providerId = keys.next()
+          deletedPrograms += 1
-            val programId = programIds.optLong(providerId, -1L)
-            if (programId > 0L) {
-              deletePreviewProgram(contentResolver, programId)
-              deletedPrograms += 1
-            }
-          }
-        } catch (e: Exception) {
-          Log.w(TAG, "clear(): failed to parse programIds for channel $channelIdStr", e)
         }
-
-        // Notify the channel
-        val channelId = channelIdStr.toLongOrNull() ?: -1L
-        if (channelId > 0L) {
-          try {
-            contentResolver.notifyChange(TvContractCompat.buildChannelUri(channelId), null)
-          } catch (e: SecurityException) {
-            Log.w(TAG, "clear(): lost provider permission, cannot notify channel $channelId", e)
-          }
-        }
-
-        // Remove per-channel pref
-        prefs.edit().remove("programIds_$channelIdStr").apply()
       }
       Log.d(TAG, "clear(): deleted $deletedPrograms preview program(s)")
     }
 
-    // Also handle legacy format (flat { providerId: programId }) for migration
+    if (channelId > 0L) {
-    val legacyProgramIds = prefs.getString("legacy_" + KEY_PROGRAM_IDS, null)?.let(::JSONObject)
+      contentResolver.notifyChange(TvContractCompat.buildChannelUri(channelId), null)
-    if (legacyProgramIds != null) {
+      Log.d(TAG, "clear(): notified channel $channelId")
-      val keys = legacyProgramIds.keys()
-      while (keys.hasNext()) {
-        val key = keys.next()
-        val programId = legacyProgramIds.optLong(key, -1L)
-        if (programId > 0L) {
-          deletePreviewProgram(contentResolver, programId)
-        }
-      }
-      prefs.edit().remove("legacy_" + KEY_PROGRAM_IDS).apply()
     }
 
     prefs.edit()
@@ -126,262 +96,126 @@ internal object TvRecommendationsPublisher {
     return true
   }
 
-  /**
-   * Delete a single preview program from the TvProvider.
-   * Called by clear(), synchronize() (stale programs), and TvRecommendationsReceiver (user removed).
-   */
-  fun deletePreviewProgram(context: Context, programId: Long) {
-    try {
-      context.contentResolver.delete(
-        TvContractCompat.buildPreviewProgramUri(programId),
-        null,
-        null
-      )
-      Log.d(TAG, "deletePreviewProgram(): deleted programId=$programId")
-
-      // Also remove from stored programIds prefs
-      removeProgramFromPrefs(context, programId)
-    } catch (e: SecurityException) {
-      Log.w(TAG, "deletePreviewProgram(): lost provider permission for programId=$programId", e)
-    }
-  }
-
-  private fun deletePreviewProgram(contentResolver: android.content.ContentResolver, programId: Long) {
-    try {
-      contentResolver.delete(
-        TvContractCompat.buildPreviewProgramUri(programId),
-        null,
-        null
-      )
-    } catch (e: SecurityException) {
-      Log.w(TAG, "deletePreviewProgram(): lost provider permission for programId=$programId", e)
-    }
-  }
-
-  private fun removeProgramFromPrefs(context: Context, programId: Long) {
-    val prefs = preferences(context)
-    val programIdsJson = prefs.getString(KEY_PROGRAM_IDS, null) ?: return
-    try {
-      val programIds = JSONObject(programIdsJson)
-      val keys = programIds.keys()
-      while (keys.hasNext()) {
-        val key = keys.next()
-        if (programIds.optLong(key, -1L) == programId) {
-          programIds.remove(key)
-          break
-        }
-      }
-      prefs.edit().putString(KEY_PROGRAM_IDS, programIds.toString()).apply()
-    } catch (e: Exception) {
-      Log.w(TAG, "removeProgramFromPrefs(): failed to update prefs for programId=$programId", e)
-    }
-  }
-
   private fun synchronize(context: Context, payload: JSONObject): Boolean {
     val sections = payload.optJSONArray("sections") ?: JSONArray()
-    if (sections.length() == 0) {
+    val firstSection = if (sections.length() > 0) sections.optJSONObject(0) else null
-      Log.w(TAG, "synchronize(): no sections in payload")
+    val sectionTitle = firstSection?.optString("title")?.takeIf { it.isNotBlank() } ?: DEFAULT_CHANNEL_NAME
-      return false
+    val items = firstSection?.optJSONArray("items") ?: JSONArray()
-    }
-
-    val prefs = preferences(context)
-    val allNextProgramIds = JSONObject()
-    var totalActive = 0
-    var totalDeleted = 0
-
-    for (sectionIndex in 0 until sections.length()) {
-      val section = sections.optJSONObject(sectionIndex) ?: continue
-      val sectionTitle = section.optString("title")?.takeIf { it.isNotBlank() } ?: DEFAULT_CHANNEL_NAME
-      val items = section.optJSONArray("items") ?: JSONArray()
-
-      Log.d(
-        TAG,
-        "synchronize(): section \"$sectionTitle\" ($sectionIndex/${sections.length()}) with ${items.length()} item(s)"
-      )
-
-      val channelId = getOrCreateChannel(context, sectionTitle)
-      if (channelId <= 0L) {
-        Log.w(TAG, "synchronize(): failed to get or create channel for \"$sectionTitle\"")
-        continue
-      }
-
-      // Per Android docs: check channel.isBrowsable() and request if needed.
-      if (!isChannelBrowsable(context, channelId)) {
-        Log.d(TAG, "synchronize(): channel $channelId not browsable, requesting browsable")
-        TvContractCompat.requestChannelBrowsable(context, channelId)
-      }
-
-      val prefKey = "programIds_$channelId"
-      val previousProgramIds = prefs.getString(prefKey, null)
-        ?.let(::JSONObject)
-        ?: JSONObject()
-      val nextProgramIds = JSONObject()
-      val activeProviderIds = mutableSetOf<String>()
-
-      for (index in 0 until items.length()) {
-        val item = items.optJSONObject(index) ?: continue
-        val providerId = item.optString("id")
-        if (providerId.isBlank()) continue
-
-        val programId = upsertPreviewProgram(
-          context = context,
-          channelId = channelId,
-          item = item,
-          previousProgramId = previousProgramIds.optLong(providerId, -1L),
-          weight = index
-        )
-
-        if (programId > 0L) {
-          activeProviderIds += providerId
-          nextProgramIds.put(providerId, programId)
-          Log.d(TAG, "synchronize(): upserted program for item=$providerId programId=$programId")
-        }
-      }
-
-      var deletedPrograms = 0
-      val previousKeys = previousProgramIds.keys()
-      while (previousKeys.hasNext()) {
-        val providerId = previousKeys.next()
-        if (activeProviderIds.contains(providerId)) continue
-
-        val programId = previousProgramIds.optLong(providerId, -1L)
-        if (programId > 0L) {
-          deletePreviewProgram(context, programId)
-          deletedPrograms += 1
-          Log.d(TAG, "synchronize(): deleted stale programId=$programId for item=$providerId")
-        }
-      }
-
-      allNextProgramIds.put(channelId.toString(), nextProgramIds.toString())
-      prefs.edit().putString(prefKey, nextProgramIds.toString()).apply()
-      totalActive += activeProviderIds.size
-      totalDeleted += deletedPrograms
-
-      logProviderState(context, channelId)
-    }
-
-    // Store all channel program IDs for clear() to use
-    prefs.edit().putString(KEY_PROGRAM_IDS, allNextProgramIds.toString()).apply()
 
     Log.d(
       TAG,
-      "synchronize(): completed across ${sections.length()} section(s), $totalActive active program(s), deleted $totalDeleted stale program(s)"
+      "synchronize(): using section \"$sectionTitle\" with ${items.length()} item(s)"
+    )
+
+    val channelId = getOrCreateChannel(context, sectionTitle)
+    if (channelId <= 0L) {
+      Log.w(TAG, "synchronize(): failed to get or create preview channel")
+      return false
+    }
+
+    Log.d(TAG, "synchronize(): publishing into channelId=$channelId")
+
+    val previousProgramIds = preferences(context)
+      .getString(KEY_PROGRAM_IDS, null)
+      ?.let(::JSONObject)
+      ?: JSONObject()
+    val nextProgramIds = JSONObject()
+    val activeProviderIds = mutableSetOf<String>()
+
+    for (index in 0 until items.length()) {
+      val item = items.optJSONObject(index) ?: continue
+      val providerId = item.optString("id")
+      if (providerId.isBlank()) continue
+
+      val programId = upsertPreviewProgram(
+        context = context,
+        channelId = channelId,
+        item = item,
+        previousProgramId = previousProgramIds.optLong(providerId, -1L),
+        weight = index
+      )
+
+      if (programId > 0L) {
+        activeProviderIds += providerId
+        nextProgramIds.put(providerId, programId)
+        Log.d(TAG, "synchronize(): upserted program for item=$providerId programId=$programId")
+      }
+    }
+
+    var deletedPrograms = 0
+    val previousKeys = previousProgramIds.keys()
+    while (previousKeys.hasNext()) {
+      val providerId = previousKeys.next()
+      if (activeProviderIds.contains(providerId)) continue
+
+      val programId = previousProgramIds.optLong(providerId, -1L)
+      if (programId > 0L) {
+        context.contentResolver.delete(
+          TvContractCompat.buildPreviewProgramUri(programId),
+          null,
+          null
+        )
+        deletedPrograms += 1
+        Log.d(TAG, "synchronize(): deleted stale programId=$programId for item=$providerId")
+      }
+    }
+
+    preferences(context)
+      .edit()
+      .putLong(KEY_CHANNEL_ID, channelId)
+      .putString(KEY_PROGRAM_IDS, nextProgramIds.toString())
+      .apply()
+
+    logProviderState(context, channelId)
+
+    Log.d(
+      TAG,
+      "synchronize(): completed with ${activeProviderIds.size} active program(s), deleted $deletedPrograms stale program(s)"
     )
 
     return true
   }
 
-  /**
-   * Query provider to check if a channel is browsable.
-   * Per Android docs: "check channel.isBrowsable() before updating programs."
-   */
-  private fun isChannelBrowsable(context: Context, channelId: Long): Boolean {
-    return try {
-      context.contentResolver.query(
-        TvContractCompat.buildChannelUri(channelId),
-        null,
-        null,
-        null,
-        null
-      )?.use { cursor ->
-        if (cursor.moveToFirst()) {
-          val browsableIndex = cursor.getColumnIndex(TvContractCompat.Channels.COLUMN_BROWSABLE)
-          if (browsableIndex >= 0) cursor.getInt(browsableIndex) == 1 else true
-        } else {
-          false
-        }
-      } ?: false
-    } catch (e: SecurityException) {
-      Log.w(TAG, "isChannelBrowsable(): lost provider permission for channelId=$channelId", e)
-      true // Assume browsable if we can't check, to avoid blocking updates
-    }
-  }
-
-  /**
-   * Query provider to verify a channel actually exists.
-   * Prevents the channel-delete-recreate bug: if update() returns 0 rows
-   * we must first check whether the channel was deleted by the system
-   * or if the update simply failed for another reason.
-   */
-  private fun channelExistsInProvider(context: Context, channelId: Long): Boolean {
-    return try {
-      context.contentResolver.query(
-        TvContractCompat.buildChannelUri(channelId),
-        null,
-        null,
-        null,
-        null
-      )?.use { cursor ->
-        cursor.moveToFirst()
-      } ?: false
-    } catch (e: SecurityException) {
-      Log.w(TAG, "channelExistsInProvider(): lost provider permission for channelId=$channelId", e)
-      false
-    }
-  }
-
   private fun getOrCreateChannel(context: Context, displayName: String): Long {
     val prefs = preferences(context)
     val existingChannelId = prefs.getLong(KEY_CHANNEL_ID, -1L)
     val contentResolver = context.contentResolver
 
     if (existingChannelId > 0L) {
-      // Query provider first to verify channel actually exists (prevents recreate bug)
+      val updated = Channel.Builder()
-      val exists = channelExistsInProvider(context, existingChannelId)
+        .setType(TvContractCompat.Channels.TYPE_PREVIEW)
+        .setDisplayName(displayName)
+        .setAppLinkIntentUri(buildIntentUri(context, "streamyfin://"))
+        .build()
 
-      if (exists) {
+      val updatedRows = contentResolver.update(
-        // Channel exists — update it in place, never recreate
+        TvContractCompat.buildChannelUri(existingChannelId),
-        val updated = Channel.Builder()
+        updated.toContentValues(),
-          .setType(TvContractCompat.Channels.TYPE_PREVIEW)
+        null,
-          .setDisplayName(displayName)
+        null
-          .setAppLinkIntentUri(buildIntentUri(context, "streamyfin://"))
+      )
-          .build()
 
-        try {
+      if (updatedRows > 0) {
-          val updatedRows = contentResolver.update(
+        TvContractCompat.requestChannelBrowsable(context, existingChannelId)
-            TvContractCompat.buildChannelUri(existingChannelId),
+        storeChannelLogo(context, existingChannelId)
-            updated.toContentValues(),
+        Log.d(TAG, "getOrCreateChannel(): updated existing channelId=$existingChannelId and requested browsable")
-            null,
+        return existingChannelId
-            null
-          )
-
-          if (updatedRows > 0) {
-            TvContractCompat.requestChannelBrowsable(context, existingChannelId)
-            storeChannelLogo(context, existingChannelId)
-            Log.d(TAG, "getOrCreateChannel(): updated existing channelId=$existingChannelId and requested browsable")
-            return existingChannelId
-          }
-
-          // Update returned 0 rows but channel exists — log and return existing ID, don't recreate
-          Log.e(TAG, "getOrCreateChannel(): update returned 0 for existing channelId=$existingChannelId but channel exists — not recreating")
-          return existingChannelId
-        } catch (e: SecurityException) {
-          Log.w(TAG, "getOrCreateChannel(): lost provider permission updating channelId=$existingChannelId", e)
-          return existingChannelId
-        }
       }
 
-      // Channel truly doesn't exist in provider — recreate
+      Log.w(TAG, "getOrCreateChannel(): stored channelId=$existingChannelId was stale, recreating")
-      Log.w(TAG, "getOrCreateChannel(): channelId=$existingChannelId not in provider, recreating")
       prefs.edit().remove(KEY_CHANNEL_ID).apply()
     }
 
-    // Create a new channel
     val channel = Channel.Builder()
       .setType(TvContractCompat.Channels.TYPE_PREVIEW)
       .setDisplayName(displayName)
       .setAppLinkIntentUri(buildIntentUri(context, "streamyfin://"))
       .build()
 
-    val channelUri = try {
+    val channelUri = contentResolver.insert(
-      contentResolver.insert(
+      TvContractCompat.Channels.CONTENT_URI,
-        TvContractCompat.Channels.CONTENT_URI,
+      channel.toContentValues()
-        channel.toContentValues()
+    ) ?: return -1L
-      )
-    } catch (e: SecurityException) {
-      Log.e(TAG, "getOrCreateChannel(): lost provider permission, cannot create channel", e)
-      null
-    } ?: return -1L
 
     val channelId = ContentUris.parseId(channelUri)
     TvContractCompat.requestChannelBrowsable(context, channelId)
@@ -415,62 +249,42 @@ internal object TvRecommendationsPublisher {
       builder.setDescription(it)
     }
 
-    // Per Android docs: use unique URIs for all images to avoid stale cache
     imageUrl.takeIf { it.isNotBlank() }?.let {
-      val uniqueImageUrl = appendCacheBuster(it)
+      val imageUri = Uri.parse(it)
-      val imageUri = Uri.parse(uniqueImageUrl)
       builder.setPosterArtUri(imageUri)
       builder.setThumbnailUri(imageUri)
     }
 
+
     val contentValues = builder.build().toContentValues()
     val contentResolver = context.contentResolver
 
     if (previousProgramId > 0L) {
-      try {
+      val updatedRows = contentResolver.update(
-        val updatedRows = contentResolver.update(
+        TvContractCompat.buildPreviewProgramUri(previousProgramId),
-          TvContractCompat.buildPreviewProgramUri(previousProgramId),
+        contentValues,
-          contentValues,
+        null,
-          null,
+        null
-          null
+      )
-        )
 
-        if (updatedRows > 0) {
+      if (updatedRows > 0) {
-          Log.d(TAG, "upsertPreviewProgram(): updated existing programId=$previousProgramId")
+        Log.d(TAG, "upsertPreviewProgram(): updated existing programId=$previousProgramId")
-          return previousProgramId
+        return previousProgramId
-        }
-
-        Log.w(TAG, "upsertPreviewProgram(): existing programId=$previousProgramId was stale, inserting new row")
-      } catch (e: SecurityException) {
-        Log.w(TAG, "upsertPreviewProgram(): lost provider permission for programId=$previousProgramId", e)
       }
+
+      Log.w(TAG, "upsertPreviewProgram(): existing programId=$previousProgramId was stale, inserting new row")
     }
 
-    val insertedUri = try {
+    val insertedUri = contentResolver.insert(
-      contentResolver.insert(
+      TvContractCompat.PreviewPrograms.CONTENT_URI,
-        TvContractCompat.PreviewPrograms.CONTENT_URI,
+      contentValues
-        contentValues
+    ) ?: return -1L
-      )
-    } catch (e: SecurityException) {
-      Log.w(TAG, "upsertPreviewProgram(): lost provider permission, cannot insert program", e)
-      null
-    } ?: return -1L
 
     val programId = ContentUris.parseId(insertedUri)
     Log.d(TAG, "upsertPreviewProgram(): inserted new programId=$programId")
     return programId
   }
 
-  /**
-   * Append a cache-busting parameter to ensure unique URIs when images change.
-   * Per Android docs: "Use unique Uris for all images... the old image will
-   * continue to appear if you don't change the Uri."
-   */
-  private fun appendCacheBuster(imageUrl: String): String {
-    val separator = if (imageUrl.contains("?")) "&" else "?"
-    return "$imageUrl${separator}_t=${System.currentTimeMillis()}"
-  }
-
   private fun buildIntentUri(context: Context, deepLink: String): Uri {
     val intent = Intent(Intent.ACTION_VIEW).apply {
       data = Uri.parse(deepLink)
@@ -492,17 +306,13 @@ internal object TvRecommendationsPublisher {
 
   private fun storeChannelLogo(context: Context, channelId: Long) {
     val bitmap = applicationIconBitmap(context) ?: return
-    try {
+    val outputStream = context.contentResolver.openOutputStream(
-      val outputStream = context.contentResolver.openOutputStream(
+      TvContractCompat.buildChannelLogoUri(channelId)
-        TvContractCompat.buildChannelLogoUri(channelId)
+    ) ?: return
-      ) ?: return
 
-      outputStream.use { stream ->
+    outputStream.use { stream ->
-        bitmap.compress(Bitmap.CompressFormat.PNG, 100, stream)
+      bitmap.compress(Bitmap.CompressFormat.PNG, 100, stream)
-        stream.flush()
+      stream.flush()
-      }
-    } catch (e: SecurityException) {
-      Log.w(TAG, "storeChannelLogo(): lost provider permission for channelId=$channelId", e)
     }
   }
 
@@ -531,14 +341,9 @@ internal object TvRecommendationsPublisher {
     return bitmap
   }
 
-  fun getChannelId(context: Context): Long {
-    return preferences(context).getLong(KEY_CHANNEL_ID, -1L)
-  }
-
   private fun preferences(context: Context): SharedPreferences {
     return context.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE)
   }
-
   private fun logProviderState(context: Context, channelId: Long) {
     val contentResolver = context.contentResolver
 
@@ -567,8 +372,8 @@ internal object TvRecommendationsPublisher {
           Log.w(TAG, "logProviderState(): channelId=$channelId exists=false")
         }
       } ?: Log.w(TAG, "logProviderState(): channel query returned null for channelId=$channelId")
-    } catch (error: SecurityException) {
+    } catch (error: Exception) {
-      Log.w(TAG, "logProviderState(): lost provider permission for channelId=$channelId", error)
+      Log.w(TAG, "logProviderState(): failed to query channelId=$channelId", error)
     }
   }
 }

modules/tv-search/src/TvSearchView.tsx

@@ -1,19 +1,12 @@
 import { requireNativeView } from "expo";
 import * as React from "react";
 import type { View } from "react-native";
-import { Platform } from "react-native";
 
 import type { TvSearchViewProps } from "./TvSearchView.types";
 
-// The native TvSearchModule is Apple-only (tvOS SwiftUI `.searchable`).
-// On Android the component is never rendered, but we must avoid calling
-// `requireNativeView` at module-scope because it would crash on import.
 const NativeView: React.ComponentType<
   TvSearchViewProps & React.RefAttributes<View>
-> =
+> = requireNativeView("TvSearchModule");
-  Platform.OS === "ios"
-    ? requireNativeView("TvSearchModule")
-    : ((() => null) as any);
 
 /**
  * Forwards its ref to the underlying native view so it can be used as a

scripts/detect-duplicate-issue.mjs

@@ -0,0 +1,236 @@
+#!/usr/bin/env bun
+/**
+ * Flags likely-duplicate issues when a new issue is opened, using lexical similarity
+ * (Jaccard over word sets of the title and body) — no API key, no embeddings.
+ *
+ * On a match it posts ONE comment listing the closest open issues and adds the
+ * "possible duplicate" label. If nothing is similar enough, it does nothing.
+ *
+ * Env:
+ *   GITHUB_REPOSITORY   owner/repo
+ *   ISSUE_NUMBER        the new issue number
+ *   ISSUE_TITLE         the new issue title
+ *   ISSUE_BODY          the new issue body
+ *   GH_TOKEN/GITHUB_TOKEN  for gh (provided in CI)
+ *   DUP_THRESHOLD       similarity threshold 0..1 (default 0.3)
+ *   DUP_MAX             max matches to report (default 5)
+ *   DUP_FIXTURE         optional path to a JSON array of {number,title,body} (local testing)
+ *   DRY_RUN             if set, print results instead of commenting/labelling
+ */
+
+import { execFileSync } from "node:child_process";
+import { readFileSync } from "node:fs";
+
+// Parse a numeric env var, falling back to `def` only when unset/empty/NaN so an explicit 0 is honoured.
+const numEnv = (name, def) => {
+  const raw = process.env[name];
+  if (raw === undefined || raw === "") return def;
+  const n = Number(raw);
+  return Number.isNaN(n) ? def : n;
+};
+
+const REPO = process.env.GITHUB_REPOSITORY || "streamyfin/streamyfin";
+const NUMBER = numEnv("ISSUE_NUMBER", Number.NaN);
+const TITLE = process.env.ISSUE_TITLE || "";
+const BODY = process.env.ISSUE_BODY || "";
+const THRESHOLD = numEnv("DUP_THRESHOLD", 0.3);
+const MAX = numEnv("DUP_MAX", 5);
+const DRY = !!process.env.DRY_RUN;
+const LABEL = "possible duplicate";
+const MARKER = "<!-- duplicate-detector -->";
+
+// Generic stop words only — keep domain/feature/platform words (android, downloads,
+// subtitles…) since those are exactly what makes two reports the same or different.
+const STOP = new Set(
+  (
+    "a an the and or but if then of to in on at by for with from as is are was were be been being do does did " +
+    "it its this that these those i you we they me my your our their he she him her " +
+    "when while where what which who how why so just then than too very can could would should will " +
+    "not no nor only own same s t don dont im ive please thanks hi hello also still get got use used using " +
+    "app application streamyfin issue bug"
+  ).split(/\s+/),
+);
+
+const stem = (w) => w.replace(/(ing|ed|es|s)$/, "");
+
+const tokens = (s) =>
+  (s || "")
+    .toLowerCase()
+    .replace(/```[\s\S]*?```/g, " ") // drop code blocks
+    .replace(/<!--[\s\S]*?-->/g, " ") // drop html comments
+    .replace(/https?:\/\/\S+/g, " ") // drop urls
+    .replace(/[^a-z0-9\s]/g, " ")
+    .split(/\s+/)
+    .filter((w) => w.length > 2 && !STOP.has(w))
+    .map(stem)
+    .filter((w) => w.length > 2);
+
+const jaccard = (a, b) => {
+  const A = new Set(a);
+  const B = new Set(b);
+  if (!A.size || !B.size) return 0;
+  let inter = 0;
+  for (const x of A) if (B.has(x)) inter++;
+  return inter / (A.size + B.size - inter);
+};
+
+const newTitle = tokens(TITLE);
+const newBody = tokens(BODY);
+const score = (o) =>
+  0.6 * jaccard(newTitle, tokens(o.title)) +
+  0.4 * jaccard(newBody, tokens(o.body));
+
+// fetch open issues (excluding PRs and the new issue itself)
+let issues;
+if (process.env.DUP_FIXTURE) {
+  issues = JSON.parse(readFileSync(process.env.DUP_FIXTURE, "utf8"));
+} else {
+  const raw = execFileSync(
+    "gh",
+    [
+      "api",
+      `repos/${REPO}/issues`,
+      "--paginate",
+      "-X",
+      "GET",
+      "-f",
+      "state=open",
+      "-f",
+      "per_page=100",
+      "--jq",
+      ".[] | select(.pull_request | not) | {number, title, body}",
+    ],
+    { encoding: "utf8", maxBuffer: 1e8 },
+  );
+  issues = raw
+    .split("\n")
+    .filter(Boolean)
+    .map((l) => JSON.parse(l));
+}
+
+const matches = issues
+  .filter((o) => o.number !== NUMBER)
+  .map((o) => ({ ...o, s: score(o) }))
+  .filter((o) => o.s >= THRESHOLD)
+  .sort((a, b) => b.s - a.s)
+  .slice(0, MAX);
+
+if (!matches.length) {
+  console.log("No likely duplicates found.");
+  process.exit(0);
+}
+
+// Neutralise other issues' titles before echoing them back: break @mentions and
+// strip markdown/HTML control chars so a maliciously-named issue can't ping people
+// or inject formatting into our comment. GitHub linkifies "#123" on its own.
+const safeTitle = (t) =>
+  (t || "")
+    .replace(/@/g, "@​")
+    .replace(/[`<>|*_~[\]]/g, " ")
+    .replace(/\s+/g, " ")
+    .trim()
+    .slice(0, 140);
+const list = matches
+  .map(
+    (m) =>
+      `- #${m.number} — ${safeTitle(m.title)} (≈ ${Math.round(m.s * 100)}% similar)`,
+  )
+  .join("\n");
+const comment = [
+  MARKER,
+  "🔍 **This looks like it might be a duplicate.** Possibly related open issues:",
+  "",
+  list,
+  "",
+  "If yours is different, ignore this — a maintainer will confirm. Otherwise, please 👍 the existing issue and add any extra details there.",
+].join("\n");
+
+console.log(`Found ${matches.length} possible duplicate(s):\n${list}`);
+
+if (DRY) {
+  console.log("\nDRY_RUN: not commenting/labelling.");
+  process.exit(0);
+}
+
+// Live mode needs a real issue number; refuse rather than POST to /issues/NaN/...
+if (!Number.isInteger(NUMBER) || NUMBER <= 0) {
+  console.error(
+    `Invalid ISSUE_NUMBER ${JSON.stringify(process.env.ISSUE_NUMBER)} — refusing to comment.`,
+  );
+  process.exit(1);
+}
+
+// Idempotency: skip if we've already flagged this issue (guards re-runs / future triggers).
+const priorComments = execFileSync(
+  "gh",
+  [
+    "api",
+    `repos/${REPO}/issues/${NUMBER}/comments`,
+    "--paginate",
+    "--jq",
+    ".[].body",
+  ],
+  { encoding: "utf8", maxBuffer: 1e8 },
+);
+if (priorComments.includes(MARKER)) {
+  console.log("Already flagged (marker present); skipping.");
+  process.exit(0);
+}
+
+execFileSync(
+  "gh",
+  [
+    "api",
+    "-X",
+    "POST",
+    `repos/${REPO}/issues/${NUMBER}/comments`,
+    "-f",
+    `body=${comment}`,
+  ],
+  { stdio: "ignore" },
+);
+try {
+  execFileSync(
+    "gh",
+    [
+      "api",
+      "-X",
+      "POST",
+      `repos/${REPO}/issues/${NUMBER}/labels`,
+      "-f",
+      `labels[]=${LABEL}`,
+    ],
+    { stdio: "ignore" },
+  );
+} catch {
+  // label may not exist yet — create then add
+  execFileSync(
+    "gh",
+    [
+      "api",
+      "-X",
+      "POST",
+      `repos/${REPO}/labels`,
+      "-f",
+      `name=${LABEL}`,
+      "-f",
+      "color=fbca04",
+      "-f",
+      "description=Automatically flagged as a possible duplicate",
+    ],
+    { stdio: "ignore" },
+  );
+  execFileSync(
+    "gh",
+    [
+      "api",
+      "-X",
+      "POST",
+      `repos/${REPO}/issues/${NUMBER}/labels`,
+      "-f",
+      `labels[]=${LABEL}`,
+    ],
+    { stdio: "ignore" },
+  );
+}
+console.log("Commented and labelled.");