Proxy bypass via impit (critical).impit's per-request proxyUrl option
is silently dropped — it is only honored on the Impit constructor.
Previously every InnerTube and embed-page request was hitting YouTube directly
from the actor container's data-center IP, which is what tanked the 7-day
success rate to ~11.8%. Proxy is now passed at construction.
Session ID collisions under concurrency.newSession() used
Date.now() + 4 base36 chars (~1.6M values) — well into birthday-collision
range with the worker pool. Switched to crypto.randomBytes(8) (64 bits).
Player → caption IP split. Embed-FastPath and WEB-WatchPage previously
fetched the player JSON on session A and then the caption file on session B,
letting YouTube cross-check the IP mismatch. These paths now inherit the same
sessioned proxy as their player fetch.
Retry storms on dead IPs. The old two-level retry (tryMethod outside,
withRetry inside) burned up to 3 attempts on the same flagged session before
rotating. Collapsed to a single retry layer in tryMethod, which rotates
session on every retry — bot-block OR retryable network error.
Bot-block detection blind spots.isBotBlocked now matches HTTP 403/429/503,
empty caption bodies, consent walls, and "could not extract player response" —
the realistic Apify-residential blackhole signals, not just LOGIN_REQUIRED
text matches.
Added
Proxy egress self-test on startup. Hits api.ipify.org through one
session and logs the exit IP, so the next time the proxy gets unplumbed it
shows up in the first log line instead of a multi-week Insight regression.
Cross-worker circuit breaker. When 5 consecutive videos fail across the
worker pool, all workers pause for 30s — prevents the thundering-herd burn
through proxy sessions when YouTube changes detection mid-run.
Optional apifyProxyCountry config. Pin Apify residential exit IPs to a
specific country (e.g. "US"). YouTube flags residential IPs from low-trust
regions ~5–10× more aggressively, so US/EU pinning typically pushes success
rate higher. Default is unspecified to avoid silently changing behavior for
existing users.
test-proxy-rotation.mjs diagnostic script. Probes the Apify proxy
directly: 5 fresh sessions should return 5 distinct exit IPs; the same
session ID called twice should return the same IP. Run via
npm run test:proxy inside apify run for credential injection.
Changed
Per-request timeout bumped from 20 s to 35 s — residential-proxy realistic.
Inter-method delay bumped from 500 ms to 1500–2500 ms (jittered) and retry
cooldown from 500–1000 ms to 2000–4000 ms (jittered). Shorter cooldowns kept
pulling another IP from the same /24 that YouTube just flagged.
Debug logs now include [session=<id>] on every attempt and failure for
correlation against Apify's session-usage dashboard.
