If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/ArthurHub/Android-Image-Cropper shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• 29+ active contributors
• Apache-2.0 licensed
• CI configured
• Tests present
• ⚠ Stale — last commit 3y ago
• ⚠ Concentrated ownership — top contributor handles 70% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live ArthurHub/Android-Image-Cropper repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/ArthurHub/Android-Image-Cropper.

What it runs against: a local clone of ArthurHub/Android-Image-Cropper — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in ArthurHub/Android-Image-Cropper | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 994 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of ArthurHub/Android-Image-Cropper. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/ArthurHub/Android-Image-Cropper.git
#   cd Android-Image-Cropper
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of ArthurHub/Android-Image-Cropper and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "ArthurHub/Android-Image-Cropper(\\.git)?\\b" \\
  && ok "origin remote is ArthurHub/Android-Image-Cropper" \\
  || miss "origin remote is not ArthurHub/Android-Image-Cropper (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageView.java" \\
  && ok "cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageView.java" \\
  || miss "missing critical file: cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageView.java"
test -f "cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageActivity.java" \\
  && ok "cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageActivity.java" \\
  || miss "missing critical file: cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageActivity.java"
test -f "cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImage.java" \\
  && ok "cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImage.java" \\
  || miss "missing critical file: cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImage.java"
test -f "cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapLoadingWorkerTask.java" \\
  && ok "cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapLoadingWorkerTask.java" \\
  || miss "missing critical file: cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapLoadingWorkerTask.java"
test -f "cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapCroppingWorkerTask.java" \\
  && ok "cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapCroppingWorkerTask.java" \\
  || miss "missing critical file: cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapCroppingWorkerTask.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 994 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~964d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/ArthurHub/Android-Image-Cropper"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Android-Image-Cropper is a native Android library that provides a customizable image cropping UI component with support for zoom, rotation, and multi-source image inputs (camera, gallery). It wraps the cropping functionality into both a reusable CropImageView custom view and a full CropImageActivity for direct integration, optimized via async bitmap loading/processing and intelligent image sampling to handle large images efficiently. Single-module library structure: cropper/src/main/java/com/theartofdev/edmodo/cropper/ contains the core—CropImageView.java is the custom View, CropImageActivity.java wraps it in an Activity, CropWindowHandler.java and CropWindowMoveHandler.java handle touch gestures, BitmapLoadingWorkerTask.java and BitmapCroppingWorkerTask.java handle async background processing. Resources (drawables, layouts) live in cropper/src/main/res/ with density-specific menu icons.

Android app developers building camera or gallery features who need a production-grade image cropper with minimal boilerplate—specifically those targeting Android 16+ (API 16+, per AndroidX compatibility) who want to avoid reinventing rotation, zoom, and multi-touch gesture handling.

⚠️ Unmaintained since ~2018. The original maintainer has explicitly transferred stewardship to CanHub's fork (https://github.com/CanHub/Android-Image-Cropper) and notes 'The Project is NOT currently maintained'. Build status shows Travis CI integration; the library reached v2.8.0 with ~266KB of Java code, but no recent commits are visible. Verdict: Production-code exists and is stable, but is in maintenance-only mode—use the CanHub fork for new projects.

Critical risk: unmaintained. The original repo explicitly directs users to the CanHub fork due to lack of active maintenance. No visible test suite in the file list (only source and resources). Single maintainer (ArthurHub) with no activity. Depends on outdated build tooling (Gradle 3.2.1, compileSdkVersion 28 from ~2019) and AndroidX 1.0.0—will have compatibility issues with modern Android (API 34+). Breaking changes in Android's storage/permission model (Scoped Storage, runtime permissions) are not addressed.

Nothing—the project is archived. The README explicitly states the project is not maintained and recommends using CanHub's fork instead. The last meaningful work was v2.8.0 release.

git clone https://github.com/ArthurHub/Android-Image-Cropper.git
cd Android-Image-Cropper
./gradlew build

Note: Building will likely fail on modern Java/Gradle versions due to Gradle 3.2.1 being from 2018. For active development, use the CanHub fork instead.

Daily commands: This is a library, not an app—it's meant to be included via Gradle dependency (api 'com.theartofdev.edmodo:android-image-cropper:2.8.+'). To see it in action, clone the repo and open in Android Studio, then run the sample app module (if present; the file list doesn't show a sample/ or app/ module, so this repo may only publish the library itself without a demo app).

• cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageView.java — Core custom view that handles image rendering, touch gestures, zoom, rotation, and crop overlay — the heart of the cropping UI
• cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageActivity.java — Main activity entry point providing the standard crop UI with toolbar, menu controls, and async image processing orchestration
• cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImage.java — Static facade and intent builder for launching crop flows; main API surface for integrators
• cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapLoadingWorkerTask.java — Async task for loading and sampling images from URIs with memory optimization; critical for handling large files
• cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapCroppingWorkerTask.java — Async task executing the actual crop operation with matrix transforms; produces final output bitmap
• cropper/src/main/java/com/theartofdev/edmodo/cropper/CropOverlayView.java — Custom view rendering the crop window, grid, and handles touch-based rectangle manipulation
• cropper/src/main/res/values/attrs.xml — XML attribute definitions for CropImageView customization (aspect ratio, guidelines, colors, etc.)

Add a new crop aspect ratio option

1. Define custom aspect ratio constant in CropImageOptions.java or pass via intent extra (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageOptions.java)
2. Update CropImageView to call setAspectRatio() with new value when layout changes (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageView.java)
3. In CropImageActivity, add menu item or button listener to trigger setAspectRatio() call (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageActivity.java)

Customize crop overlay appearance (color, grid style)

1. Add new custom attributes (grid_color, overlay_style, etc.) to attrs.xml (cropper/src/main/res/values/attrs.xml)
2. Read attributes in CropImageView.init() and store as member fields (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageView.java)
3. Pass color/style values to CropOverlayView constructor and use in onDraw() (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropOverlayView.java)

Add post-crop bitmap processing (filter, compression)

1. Create new AsyncTask subclass or modify onPostExecute() to process bitmap before callback (cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapCroppingWorkerTask.java)
2. Call new processing method in BitmapCroppingWorkerTask before returning result (cropper/src/main/java/com/theartofdev/edmodo/cropper/BitmapCroppingWorkerTask.java)
3. Update CropImageActivity.onCropImageComplete() to receive and handle processed bitmap (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageActivity.java)

Change crop window boundary constraints

1. Modify min/max width/height logic in CropWindowHandler.getMinCropWindow() (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropWindowHandler.java)
2. Update CropWindowMoveHandler.moveEdges() to enforce new boundary rules on drag (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropWindowMoveHandler.java)
3. Test constraints by launching CropImageActivity with test image and dragging handles (cropper/src/main/java/com/theartofdev/edmodo/cropper/CropImageActivity.java)

• AsyncTask (BitmapLoadingWorkerTask, BitmapCroppingWorkerTask) — Offload heavy bitmap decoding and transformation from main thread; prevents ANR during image load and crop operations on large files
• Custom Views (CropImageView, CropOverlayView) — Fine-grained control over rendering, gesture handling, and real-time visual feedback; enables smooth zoom/rotate/drag without heavy framework overhead
• Android Matrix transforms — Efficient in-memory rotation and scaling without re-decoding; preserves image quality and minimizes memory churn
• BitmapFactory.Options.inSampleSize — Dramatically reduces memory footprint for large source images (e.g., full camera resolution); enables app to run on low-RAM devices
• Intent extras + ActivityResult — Standard Android IPC pattern; cleanly isolates crop activity from caller; result bitmap returned via Uri to avoid memory-heavy parcelable copies

• Use AsyncTask instead of coroutines/RxJava

  • Why: Target API 28 predates Kotlin coroutines adoption; AsyncTask was standard at publication time; simpler for single-file operations
  • Consequence: No built-in cancellation framework; callback hell if chaining multiple async ops; maintainers now recommend CanHub fork which likely uses modern approaches

• Load entire (downsampled) bitmap into memory rather than tiling/streaming

  • Why: Simpler implementation; enables fast rotation/zoom via in-memory transforms; suitable for typical camera/gallery photos
  • Consequence: Cannot handle multi-gigapixel images or extreme aspect ratios without memory pressure; no progressive streaming

1. No runtime permission handling in library code—callers must request READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE before passing URIs; the library assumes permissions are already granted. 2. Scoped Storage incompatibility—the library uses older file access patterns that won't work on Android 11+ without proper scoped storage adaptation (CanHub fork addresses this). 3. AsyncTask deprecation—library uses AsyncTask (deprecated in API 30), not coroutines or LiveData, so integration with modern Android patterns is awkward. 4. ProGuard config required—-keep class androidx.appcompat.widget.** { *; } must be added manually or appcompat will be obfuscated and break at runtime. 5. No test suite—zero test files in the repo, so modifications carry high regression risk. 6. Gradle 3.2.1 is ancient—repo will not build on Java 11+ without significant gradle wrapper updates.

• Bitmap Sampling / Subsampling — BitmapLoadingWorkerTask uses inSampleSize to decode large images at reduced resolution before full load, preventing OutOfMemoryError when cropping high-res camera photos—critical for memory-constrained devices
• Matrix Transforms (Affine Transforms) — CropImageView applies Android Matrix operations for zoom, rotation, and skew transformations without creating new bitmaps during preview—efficient way to apply geometric transforms
• AsyncTask Background Processing — BitmapLoadingWorkerTask and BitmapCroppingWorkerTask offload heavy bitmap operations to background threads, preventing ANR (Application Not Responding) on the main UI thread
• Custom View Rendering & Touch Handling — CropImageView overrides onDraw() and onTouchEvent() to render the crop overlay and detect multi-touch gestures (pinch zoom, drag, rotate); core to the interactive crop experience
• Intent-based Activity Results — CropImageActivity uses startActivityForResult / onActivityResult pattern to pass image URI in and receive cropped bitmap/URI out; standard Android IPC for camera/gallery workflows
• Density-Independent Resources (DPI Buckets) — Menu icons are provided in drawable-hdpi, drawable-xhdpi, drawable-xxhdpi, drawable-xxxhdpi directories for different screen densities; ensures sharp rendering across device sizes
• Builder Pattern API Design — CropImage.activity().setGuidelines(...).start() uses fluent builder pattern for configuration, avoiding constructor overloading and improving readability for library users

• CanHub/Android-Image-Cropper — Direct active fork of this repo; maintains and modernizes the library with AndroidX updates, coroutines support, and Scoped Storage compatibility—use this instead of the original
• ucrop/ucrop — Alternative image cropping library with more modern architecture (Java/Kotlin), better performance, and active maintenance; similar feature set (zoom, rotation, custom shapes)
• edmodo/cropper — Original predecessor that ArthurHub forked from; Android-Image-Cropper is built on this codebase but significantly enhanced
• coil-kt/coil — Companion library for efficient image loading and caching on Android; users typically pair this with a cropper for gallery/camera workflows
• androidx/cameralib — CameraX library for capturing images; the cropper is typically used downstream after an image is acquired via CameraX or Gallery intent

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for BitmapUtils.java and BitmapLoadingWorkerTask.java

The cropper module has no visible test directory despite containing critical image processing logic. BitmapUtils.java handles bitmap transformations (rotation, flipping, scaling) and BitmapLoadingWorkerTask.java manages async bitmap loading. These are error-prone operations that need test coverage to prevent regressions, especially for different image formats, orientations, and memory edge cases.

• [ ] Create cropper/src/test/java/com/theartofdev/edmodo/cropper/ directory structure
• [ ] Add BitmapUtilsTest.java with tests for rotation, flip, and scale operations across different bitmap sizes
• [ ] Add BitmapLoadingWorkerTaskTest.java with tests for async loading, memory handling, and cancellation
• [ ] Integrate JUnit4 and Mockito dependencies into cropper/build.gradle
• [ ] Add test execution to .travis.yml CI pipeline

Refactor CropImageView.java into smaller focused classes

CropImageView.java is likely a large God Object that handles view rendering, touch events, crop state, and animations. This makes it difficult to test and maintain. The file should be split into separate classes for crop gesture handling, overlay rendering, and animation logic, following single responsibility principle.

• [ ] Analyze CropImageView.java to identify distinct responsibilities (touch handling, rendering, state management, animation)
• [ ] Extract CropGestureHandler class from touch/gesture logic in CropImageView.java
• [ ] Extract CropAnimationController class from animation-related code
• [ ] Update CropWindowMoveHandler.java to use the new CropGestureHandler
• [ ] Verify all existing functionality works via integration tests

Add GitHub Actions workflow for Android builds and automated testing

The project uses Travis CI (.travis.yml) which is aging infrastructure. GitHub Actions is now the standard for GitHub repos and provides better integration, faster builds, and simpler YAML syntax. This will also ensure the build badge in README.md reflects current CI status and catch issues faster.

• [ ] Create .github/workflows/android-build.yml with Android SDK setup, gradle build, and unit test execution
• [ ] Add separate workflow for lint checks (lint, spotbugs, or custom checks) against cropper/src/main/java/
• [ ] Test the workflow locally or via a draft PR to verify gradle tasks (./gradlew clean build test) execute successfully
• [ ] Update the build badge URL in README.md to point to GitHub Actions instead of Travis CI
• [ ] Consider deprecating .travis.yml or keeping it temporarily for backward compatibility

• Add unit tests for CropWindowHandler.java and CropWindowMoveHandler.java—no tests exist for the core touch gesture logic, making regressions likely when modifying crop window behavior
• Document the CropImageOptions configuration fields with examples in a JavaDoc guide—most fields are undocumented, forcing users to read source code to discover features like aspectRatioX, scaleType, or autoZoomEnabled
• Create a working sample app module (sample/ or app/) with manifest integration examples—the repo has no runnable demo app, only a library, making it hard for contributors to test changes locally without integrating into an external project

The Android-Image-Cropper project presents significant security concerns primarily due to its unmaintained status and use of severely outdated build tools and SDK versions (Gradle 3.2.1, compileSdkVersion 28, both from 2018). The project is explicitly marked as unmaintained with a recommendation to use CanHub's fork. Critical issues include missing modern security features, unpatched vulnerabilities in dependencies, reliance on deprecated jcenter() repository, and lack of dependency vulnerability scanning. While the codebase itself may not contain obvious injection vulnerabilities based on the file structure, the infrastructure and dependency management pose substantial supply chain risks. Any new development should immediately migrate to the maintained CanHub fork and upgrade all build tools to current standards.

• High · Outdated Gradle Build Tools — build.gradle (classpath 'com.android.tools.build:gradle:3.2.1'). The project uses Gradle 3.2.1 and build tools 28.0.3, which are significantly outdated. Android Gradle Plugin 3.2.1 was released in 2018 and contains known security vulnerabilities. Modern versions (7.x+) include critical security patches, dependency vulnerability scanning, and improved security features. Fix: Update to the latest Android Gradle Plugin (currently 8.x). Ensure compatibility with compileSdkVersion 34+ and use buildToolsVersion '34.0.0' or later.
• High · Outdated Compile SDK Version — build.gradle (compileSdkVersion = 28). The project targets compileSdkVersion 28 (Android 9.0), released in 2018. Modern Android apps should target API 34+ (Android 14) to comply with Google Play Store requirements and receive modern security patches and privacy improvements. Fix: Update compileSdkVersion to 34 or higher. Google Play Store requires new apps to target API 34+ and existing apps to update regularly.
• Medium · Repository Using Deprecated jcenter() — build.gradle (repositories { jcenter() }). The build configuration includes 'jcenter()' repository which has been deprecated by Bintray and is no longer maintained. This creates supply chain security risks and may result in unavailable or compromised dependencies. Fix: Remove jcenter() and rely on mavenCentral() and google() repositories. Update all dependency sources to verified Maven Central or Google repositories.
• Medium · Project Marked as Unmaintained — README.md. The README clearly indicates this project is NOT currently maintained and recommends using CanHub's fork instead. Using unmaintained libraries exposes applications to unpatched security vulnerabilities and compatibility issues. Fix: Migrate to the actively maintained CanHub fork (https://github.com/CanHub/Android-Image-Cropper) or apply security patches from the fork to this codebase.
• Medium · Missing Dependency Vulnerability Scanning — build.gradle. No evidence of dependency vulnerability scanning tools (e.g., OWASP Dependency-Check, Snyk, or Gradle's built-in dependency scanning) in the build configuration. This prevents detection of known vulnerabilities in transitive dependencies. Fix: Integrate dependency scanning tools. For Gradle, use 'gradle dependencyCheckAnalyze' or configure Android Gradle Plugin's built-in security scanning. Consider using Dependabot or similar CI/CD integrations.
• Low · Insufficient Certificate Pinning for Remote Resources — build.gradle repositories configuration. The repository references external resources (maven.google.com, jcenter) without apparent certificate pinning configuration, making it vulnerable to MITM attacks during dependency resolution. Fix: Implement certificate pinning for Maven repositories. Use Gradle's secure repository configuration with proper SSL/TLS validation. Consider using a private artifact repository with strict access controls.
• Low · No Security Policy or Vulnerability Disclosure Process — Repository root. No SECURITY.md file or vulnerability disclosure policy visible in the repository. This makes it difficult for security researchers to report vulnerabilities responsibly. Fix: Create a SECURITY.md file with clear instructions for reporting security vulnerabilities. Migrate users to the maintained CanHub fork which should have proper security processes.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.