From 27539c0da9bf9bb94c340c8832b18ce39a2ddfbb Mon Sep 17 00:00:00 2001 From: test-user Date: Wed, 27 May 2026 18:18:28 -0700 Subject: [PATCH] docs: tidy roadmap to open items only (drop shipped v0.6.7-0.6.9) The Roadmap is the project TODO; shipped features (Integrity Clash, streaming-MP4 scan window, meta-box XMP blanking) no longer belong under "not yet implemented". Removed them and kept the still-open remainder as its own item (AVIF/HEIF Exif *item* inside the meta box). Net open TODO: SynthID v2 regression test, local SynthID pixel detector, grow the SynthID corpus, real non-PNG C2PA fixtures, pyright maintenance debt, meta-box Exif item, Canon/Samsung device signers, Resemble PerTh (dead end), video pipeline. Co-Authored-By: Claude Opus 4.7 (1M context) --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index e81852e..5213e10 100644 --- a/README.md +++ b/README.md @@ -324,10 +324,8 @@ Tracked but not yet implemented: - **Grow the SynthID reference corpus** (`data/synthid_corpus/`) with oracle-labeled samples per model and resolution (Gemini app for Google, openai.com/verify for OpenAI). Prerequisite for any pixel-detector attempt and for an automated removal-regression set. - **Real non-PNG C2PA fixtures**. SynthID-source detection for JPEG / WebP / AVIF is currently covered only by synthetic byte blobs; replace with real vendor-emitted files to ground the binary-scan path. - **Maintenance debt**. Clear strict-pyright debt in `remove_ai_metadata` / `cli.py` (untyped piexif / PIL / click / rich) so `maintain.sh` can finish green. (`uv-secure` is already clean since `idna` was bumped to 3.16.) -- **AVIF / HEIF meta-box XMP** — *shipped (v0.6.9)*. An AI-label XMP packet stored as a `meta`-box `mime` item (HEIF/AVIF, out of reach of the top-level box stripper) is now blanked in place: located by its `` delimiters and, if it carries an AI marker, overwritten with spaces of the same length, so box sizes / `iloc` offsets stay valid and the coded image is untouched. Still open: an `Exif` *item* inside the `meta` box (rare — AI labels are XMP) needs full `iinf`/`iloc` surgery (offset rewrite) or `exiftool` (a non-bundled binary dependency). -- **Multi-signal contradiction reporting ("Integrity Clash")** — *shipped (v0.6.7)*. `identify` now surfaces contradictions between independent provenance signals (two different AI vendors named by separate stamps, or camera-capture C2PA credentials next to AI-generation markers) as `integrity_clashes` (shown in red in the table view and in `--json`), rather than collapsing to a single verdict. Inspired by [arXiv:2603.02378](https://arxiv.org/abs/2603.02378). +- **AVIF / HEIF `Exif` item inside the `meta` box**. An AI-label *XMP* packet in a `meta`-box item is now blanked in place (v0.6.9), but EXIF stored as a `meta`-box `Exif` *item* is still not removed — it needs full `iinf`/`iloc` surgery (offset rewrite, corruption risk) or `exiftool` (a non-bundled binary dependency). Low priority: the AI labels we target are XMP, not EXIF, so an EXIF-only meta-box case is rare. - **More C2PA device signers**. Leica, Nikon, Google Pixel, Sony, and Truepic are mapped (each verified against a real signed file). Canon and Samsung Galaxy (AI-edit) are deferred until a real signed sample surfaces — no public direct-download C2PA file exists for them today (upload-to-verify / news-agency-licensed only). -- **C2PA detection window for streaming MP4** — *shipped (v0.6.8)*. Detection no longer relies on a fixed first-MB read: for ISOBMFF containers it walks the top-level boxes (seeking past `mdat` by size) to find a C2PA / AIGC / IPTC manifest placed after the media data, so a streaming / non-faststart MP4 is caught. - **Resemble PerTh audio detection** — evaluated, not feasible with the public API: `get_watermark()` returns a raw bit array with no presence/confidence flag, so watermarked vs. clean audio can't be reliably separated without Resemble's fixed payload or a confidence service. Same wall as the SynthID pixel detector. - **Video pipeline (`noai-video`)**: per-frame inpainting and tracking for Sora 2 dynamic logo, Veo 3.1 badge, Kling, Runway. Separate package, not folded into this repo.