v4.3.1: Bug audit — fix 5 bugs found in comprehensive audit

- AutomationReceiver: move rate limit map to companion object (survived
  receiver re-creation per broadcast delivery — rate limiting was no-op)
- GeoIpLookup: use compareAndSet for atomic window reset (race condition
  on concurrent lookups could bypass rate limit)
- SourceHealthWorker: create ALERT_CHANNEL_ID before posting notification
  (channel may not exist if VPN service hasn't started yet)
- DnsVpnService: add @volatile to pauseResumeJob (cross-thread visibility)
- HomeViewModel: use synchronizedList for baselineRates + @volatile baselineQpm

Author: SysAdminDoc

CLAUDE.md

@@ -1,7 +1,7 @@
 # HostShield
 
 ## Overview
-Modern, AMOLED-dark hosts-based ad blocker app for Android. Inspired by AdAway. v4.3.0.
+Modern, AMOLED-dark hosts-based ad blocker app for Android. Inspired by AdAway. v4.3.1.
 
 ## Tech Stack
 - Kotlin, Jetpack Compose, Material 3
@@ -70,6 +70,7 @@ cd app
 - Secrets configured: `KEYSTORE_BASE64`, `KEY_ALIAS`, `KEY_PASSWORD`, `STORE_PASSWORD`
 
 ## Version History
+- v4.3.1: Bug audit — fix AutomationReceiver rate limiting (static companion state), GeoIpLookup atomic CAS window reset, SourceHealthWorker ensures alert channel exists, pauseResumeJob @Volatile, baselineRates synchronized list
 - v4.3.0: Notification pause/resume action (5-min pause from notification), CNAME CLOAK badge in log detail sheet, pretty upstream server labels (DoH:Cloudflare), source health DEAD notifications (push alert), alerts notification channel, pause state bypasses blocking
 - v4.2.0: Fix DNS log data starvation (CNAME chains, resolved IPs, latency, upstream server now written to DB), CNAME-blocked domains now logged, fd error tracking + auto-restart on TUN error, IPv6 DoH support (honours useDoH flag), IPv6 DNS cache lookup, DohBypassUpdater uses shared OkHttpClient, app context threaded through all forward methods
 - v4.1.0: Custom upstream DNS UI in Settings, firewall rule export/import (JSON), automation audit log viewer screen, query rate anomaly detection (3x baseline warning on Home), dropped queries banner, cache hit rate on Home

app/app/build.gradle.kts

@@ -1,4 +1,4 @@
-// HostShield v4.3.0
+// HostShield v4.3.1
 plugins {
     id("com.android.application")
     id("org.jetbrains.kotlin.android")
@@ -15,8 +15,8 @@ android {
         applicationId = "com.hostshield"
         minSdk = 26
         targetSdk = 35
-        versionCode = 43
-        versionName = "4.3.0"
+        versionCode = 44
+        versionName = "4.3.1"
 
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
 

app/app/src/main/java/com/hostshield/service/AutomationReceiver.kt

@@ -43,10 +43,10 @@ class AutomationReceiver : BroadcastReceiver() {
 
         private val TRUSTED_UIDS = setOf(0, 2000) // root, shell
         private const val RATE_LIMIT_MS = 5_000L
-    }
 
-    // Per-action rate limit tracking: "action:uid" -> last execution timestamp
-    private val lastExecTime = java.util.concurrent.ConcurrentHashMap<String, Long>()
+        // Static rate limit state — survives receiver re-creation per broadcast delivery
+        private val lastExecTime = java.util.concurrent.ConcurrentHashMap<String, Long>()
+    }
 
     @Inject lateinit var prefs: AppPreferences
     @Inject lateinit var iptablesManager: IptablesManager

app/app/src/main/java/com/hostshield/service/DnsVpnService.kt

@@ -263,7 +263,7 @@ class DnsVpnService : VpnService() {
 
     // Pause state: when paused, all queries are allowed (no blocking)
     @Volatile private var isPaused = false
-    private var pauseResumeJob: Job? = null
+    @Volatile private var pauseResumeJob: Job? = null
 
     override fun onCreate() {
         super.onCreate()

app/app/src/main/java/com/hostshield/service/SourceHealthWorker.kt

@@ -1,7 +1,9 @@
 package com.hostshield.service
 
+import android.app.NotificationChannel
 import android.app.NotificationManager
 import android.content.Context
+import android.os.Build
 import androidx.core.app.NotificationCompat
 import androidx.hilt.work.HiltWorker
 import androidx.work.*
@@ -116,6 +118,15 @@ class SourceHealthWorker @AssistedInject constructor(
     private fun notifyDeadSources(labels: List<String>) {
         try {
             val nm = applicationContext.getSystemService(NotificationManager::class.java) ?: return
+
+            // Ensure alert channel exists (VPN service may not have created it yet)
+            NotificationChannel(
+                DnsVpnService.ALERT_CHANNEL_ID,
+                "HostShield Alerts",
+                NotificationManager.IMPORTANCE_DEFAULT
+            ).apply { description = "Source health and system alerts" }
+                .let { nm.createNotificationChannel(it) }
+
             val text = if (labels.size == 1) {
                 "${labels[0]} is unreachable after $DEAD_FAILURE_THRESHOLD failures"
             } else {

app/app/src/main/java/com/hostshield/ui/screens/home/HomeViewModel.kt

@@ -157,8 +157,8 @@ class HomeViewModel @Inject constructor(
     }
 
     // Baseline query rate (rolling average over first 10 minutes)
-    private val baselineRates = mutableListOf<Int>()
-    private var baselineQpm = 0
+    private val baselineRates = java.util.Collections.synchronizedList(mutableListOf<Int>())
+    @Volatile private var baselineQpm = 0
 
     /** Track live query rate + anomaly detection from the VPN live stream. */
     private fun trackQueryRate() {

app/app/src/main/java/com/hostshield/util/GeoIpLookup.kt

@@ -51,18 +51,19 @@ class GeoIpLookup @Inject constructor() {
     private val backoffUntil = AtomicLong(0)
     private val consecutiveBackoffs = AtomicInteger(0)
 
-    /** Check if we're within rate limits. */
+    /** Check if we're within rate limits. Thread-safe with CAS. */
     private fun canMakeRequest(): Boolean {
         val now = System.currentTimeMillis()
 
         // Exponential backoff active?
         if (now < backoffUntil.get()) return false
 
-        // Reset window if expired
+        // Atomic window reset — only one thread wins the CAS
         val start = windowStart.get()
         if (now - start > WINDOW_MS) {
-            windowStart.set(now)
-            requestCount.set(0)
+            if (windowStart.compareAndSet(start, now)) {
+                requestCount.set(0)
+            }
         }
 
         return requestCount.get() < MAX_REQUESTS_PER_MINUTE