If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/CodeHubApp/CodeHub shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Stale and unlicensed — last commit 4y ago

• 5 active contributors
• ⚠ Stale — last commit 4y ago
• ⚠ Single-maintainer risk — top contributor 95% of recent commits
• ⚠ No license — legally unclear to depend on
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live CodeHubApp/CodeHub repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/CodeHubApp/CodeHub.

What it runs against: a local clone of CodeHubApp/CodeHub — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in CodeHubApp/CodeHub | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 1447 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of CodeHubApp/CodeHub. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/CodeHubApp/CodeHub.git
#   cd CodeHub
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of CodeHubApp/CodeHub and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "CodeHubApp/CodeHub(\\.git)?\\b" \\
  && ok "origin remote is CodeHubApp/CodeHub" \\
  || miss "origin remote is not CodeHubApp/CodeHub (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "CodeHub.Core/App.cs" \\
  && ok "CodeHub.Core/App.cs" \\
  || miss "missing critical file: CodeHub.Core/App.cs"
test -f "CodeHub.Core/Services/ApplicationService.cs" \\
  && ok "CodeHub.Core/Services/ApplicationService.cs" \\
  || miss "missing critical file: CodeHub.Core/Services/ApplicationService.cs"
test -f "CodeHub.Core/ViewModels/BaseViewModel.cs" \\
  && ok "CodeHub.Core/ViewModels/BaseViewModel.cs" \\
  || miss "missing critical file: CodeHub.Core/ViewModels/BaseViewModel.cs"
test -f "CodeHub.Core/Utils/OctokitClientFactory.cs" \\
  && ok "CodeHub.Core/Utils/OctokitClientFactory.cs" \\
  || miss "missing critical file: CodeHub.Core/Utils/OctokitClientFactory.cs"
test -f "CodeHub.Core/Services/MessageService.cs" \\
  && ok "CodeHub.Core/Services/MessageService.cs" \\
  || miss "missing critical file: CodeHub.Core/Services/MessageService.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1447 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1417d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/CodeHubApp/CodeHub"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

CodeHub is a native iOS application built with Xamarin (C#) that provides a full-featured GitHub client for browsing repositories, managing issues, pull requests, and gists directly on iPhone, iPad, and iPod Touch. It solves the problem of accessing and maintaining GitHub projects on mobile devices with a sleek interface that supports file diff commenting, pull request tracking, and organization management. Modular architecture with CodeHub.Core as the shared logic layer containing: Services/ for abstractions (IAccountsService, IMessageService, IPushNotificationsService, etc.), Data/ for models and repositories (Account.cs, TrendingRepository.cs), Filters/ for business logic (IssuesFilterModel, MyIssuesFilterModel), Messages/ for inter-component communication (pub/sub pattern), and Extensions/ for utilities. Platform-specific UI lives in sibling projects (iOS UI controllers reference Core via dependency injection).

iOS developers and GitHub users who need to monitor their repositories, review pull requests, and manage issues while on mobile devices. Contributors to this project are Xamarin developers familiar with C# and iOS development patterns.

The project appears mature and actively maintained—it has a complete feature set (repositories, issues, PRs, gists, organizations), comprehensive Core/Services architecture, and active GitHub discussions (Gitter badge present). However, the specific commit recency and test coverage cannot be determined from the provided file list alone, so verification of active development status would require checking the git log and test directory structure.

Primary risks include single-maintainer dependency (repo owned by thedillonb based on README), lack of visible test files in the top 60 structure (suggests potential test coverage gaps), and Xamarin platform lock-in (Microsoft maintains the framework but iOS-only limits audience). GitHub API client dependency quality and API version compatibility should be verified.

Active feature development visible in Services (MessageService, ViewModelTxService indicate reactive/transaction patterns), push notifications integration (IPushNotificationsService), and Imgur integration for image uploads (ImgurService, ImgurResponse model). The presence of multiple filter models and message types suggests ongoing refinement of issue/PR filtering and notification handling.

git clone https://github.com/CodeHubApp/CodeHub.git
cd CodeHub
# Open CodeHub.sln in Visual Studio with Xamarin workload installed
# Restore NuGet packages (automatic in Visual Studio)
# Build and deploy to iOS simulator or device

Daily commands: Open CodeHub.Core/CodeHub.Core.csproj in Visual Studio 2019+ with Xamarin.iOS workload. Build the solution, then deploy the iOS project to simulator via iOS build configuration. Requires Xcode command line tools and Apple developer account for physical device deployment.

• CodeHub.Core/App.cs — Main application entry point and initialization; establishes dependency injection and core service setup
• CodeHub.Core/Services/ApplicationService.cs — Central service managing authentication, GitHub client initialization, and account persistence across the app
• CodeHub.Core/ViewModels/BaseViewModel.cs — Abstract base class for all ViewModels; defines lifecycle, commands, and reactive patterns used throughout the codebase
• CodeHub.Core/Utils/OctokitClientFactory.cs — Factory for creating authenticated Octokit GitHub API clients; critical for all GitHub API interactions
• CodeHub.Core/Services/MessageService.cs — Mediator for cross-ViewModel communication via message passing; coordinates state changes across the app
• CodeHub.Core/Utils/GitHubExtensions.cs — Extension methods for Octokit types and GitHub API response mapping; widely used throughout ViewModels

Add a new GitHub API endpoint integration

1. Create a new ViewModel extending CollectionViewModel<T> or BaseViewModel in CodeHub.Core/ViewModels/YourFeature/ (CodeHub.Core/ViewModels/BaseViewModel.cs)
2. Use OctokitClientFactory.CreateClient() to fetch data, leveraging Octokit's GitHub API methods (CodeHub.Core/Utils/OctokitClientFactory.cs)
3. Add extension methods in CodeHub.Core/Utils/GitHubExtensions.cs to map Octokit response objects to your ViewModel's types (CodeHub.Core/Utils/GitHubExtensions.cs)
4. Publish domain events (IssueAddMessage, etc.) via MessageService to notify other ViewModels of state changes (CodeHub.Core/Services/MessageService.cs)

Add a new filterable list view (Issues, PRs, etc.)

1. Create a filter model extending BaseIssuesFilterModel or FilterModel in CodeHub.Core/Filters/ (CodeHub.Core/Filters/BaseIssuesFilterModel.cs)
2. Create a ViewModel extending FilterableCollectionViewModel<T> that applies filters when querying the API (CodeHub.Core/ViewModels/FilterableCollectionViewModel.cs)
3. Define filter properties and expose them as observable commands that trigger API refresh (CodeHub.Core/ViewModels/Issues/BaseIssuesViewModel.cs)

Add inter-ViewModel communication via messaging

1. Create a new message class in CodeHub.Core/Messages/ implementing the messaging contract (CodeHub.Core/Messages/IssueEditMessage.cs)
2. Inject MessageService and subscribe to message in target ViewModel's constructor or initialization (CodeHub.Core/Services/MessageService.cs)
3. Publish the message from action ViewModel using MessageService.SendMessage(new YourMessage(...)) (CodeHub.Core/Services/MessageService.cs)
4. Handle the message in subscription handler to refresh data or update UI state (CodeHub.Core/ViewModels/BaseViewModel.cs)

Add a new account/authentication provider or OAuth flow

1. Extend LoginService to handle new authentication protocol (CodeHub.Core/Services/LoginService.cs)
2. Store credentials in Account model and persist via AccountsService (CodeHub.Core/Data/Account.cs)
3. Update OctokitClientFactory to construct authenticated clients with new credential types (CodeHub.Core/Utils/OctokitClientFactory.cs)
4. Create an AddAccountViewModel or OAuthLoginViewModel in CodeHub.Core/ViewModels/Accounts/ (CodeHub.Core/ViewModels/Accounts/OAuthLoginViewModel.cs)

• Xamarin.iOS (C# with native iOS bindings) — Enables code reuse across iOS, Android, and Windows while maintaining native performance and UI paradigms for iOS
• Octokit.NET (GitHub API SDK) — Provides strongly-typed, async-first GitHub API client; abstracts REST endpoint versioning and pagination
• ReactiveUI / IObservable<T> (Reactive Extensions) — Simplifies complex async workflows, property binding, and multi-event coordination in MVVM without callback hell
• MVVM + Message-based ViewModel communication — Decouples ViewModels; enables loose coupling between features (issues, PRs, notifications) and cross-cutting concerns (logout)
• Xamarin Navigation/Routing — Handles iOS-specific navigation patterns (NavigationController, modal, tab bar) with ViewModel-driven screen transitions

• OAuth credentials stored locally on device
  • Why: undefined
  • Consequence: undefined

OAuth flow: Secrets.cs is referenced but not shown—ensure GitHub OAuth credentials are configured before login attempts. Xamarin platform quirks: iOS 13+ app tracking transparency (ATT) must be handled in native iOS code if analytics or third-party SDKs are used. Imgur integration: ImgurService.cs exists but Imgur API credentials (client ID, secret) must be configured separately. Reactive Extensions versioning: Rx.NET nuget versions can conflict across Xamarin packages; check CodeHub.Core.csproj for pinned versions. GitHub API rate limits: No visible caching layer in the Core; API calls may hit 60 req/hour limit for unauthenticated requests—verify AccountsService enforces auth tokens on all requests.

• Xamarin Native Bindings (Xamarin.iOS) — CodeHub uses Xamarin.iOS (not Xamarin.Forms) for direct Objective-C bindings to native iOS APIs; understanding UIViewController, UITableView, and native iOS lifecycle is required for UI layer work

• octokit/octokit.net — Official .NET GitHub API client library that CodeHub likely depends on via GitHubClientExtensions.cs; essential reference for understanding API mapping
• ReactiveUI/ReactiveUI — MVVM framework for Xamarin that CodeHub uses (evidenced by ObservableExtensions and message-driven architecture); defines reactive patterns used throughout Core
• CodeHub/CodeHub-iOS — Related Swift-based iOS GitHub client; potential inspiration for UI/UX patterns and comparison of C# Xamarin vs native Swift approaches
• MvvmCross/MvvmCross — Cross-platform MVVM framework for Xamarin; CodeHub's service/message architecture aligns with MvvmCross patterns for testability and DI
• Xamarin/Xamarin.Forms — Xamarin framework documentation and samples; CodeHub uses Xamarin.iOS (native bindings, not Forms), so understanding the platform differences is critical

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for CodeHub.Core service layer (IAccountsService, IApplicationService, IMessageService)

The CodeHub.Core/Services directory contains critical business logic (AccountsService.cs, ApplicationService.cs, LoginService.cs, ImgurService.cs) but there is no visible test project in the file structure. These services handle authentication, account management, and API interactions - core functionality that should have regression test coverage to prevent bugs during refactoring.

• [ ] Create CodeHub.Core.Tests project alongside CodeHub.Core
• [ ] Add unit tests for AccountsService.cs covering account creation, login, and logout flows
• [ ] Add unit tests for LoginService.cs covering OAuth token exchange and credential validation
• [ ] Add unit tests for ImgurService.cs covering image upload/response handling
• [ ] Mock external dependencies (Octokit, HTTP clients) using a test framework like xUnit or NUnit

Add extension method tests for CodeHub.Core/Extensions directory

The Extensions folder contains utility helpers (GitHubClientExtensions.cs, ObservableExtensions.cs, ReactiveListExtensions.cs, TaskExtensions.cs, StringExtensions.cs) that are likely used throughout the codebase. These extension methods lack visible test coverage, making it risky to refactor or maintain them. Edge cases in string parsing and reactive operations are particularly prone to bugs.

• [ ] Create test class for GitHubClientExtensions.cs with mocked Octokit clients
• [ ] Add tests for ObservableExtensions.cs covering subscription and disposal scenarios
• [ ] Add tests for ReactiveListExtensions.cs covering collection mutations
• [ ] Add tests for StringExtensions.cs covering null, empty, and special character inputs
• [ ] Add tests for TaskExtensions.cs covering async/await edge cases

Add unit tests for Filter models (BaseIssuesFilterModel, IssuesFilterModel, MyIssuesFilterModel, NotificationsFilterModel)

The CodeHub.Core/Filters directory contains filter models that transform user input into GitHub API queries. These models are critical for search/browse functionality but show no test coverage. Without tests, filter logic regressions could silently break search results, and adding new filter types becomes risky.

• [ ] Create test class for BaseIssuesFilterModel.cs covering filter state management and serialization
• [ ] Add tests for IssuesFilterModel.cs covering label, milestone, and assignee filter combinations
• [ ] Add tests for MyIssuesFilterModel.cs covering personal issue filtering logic
• [ ] Add tests for NotificationsFilterModel.cs covering notification filtering and sorting
• [ ] Include tests for edge cases: empty filters, conflicting filters, special characters in filter values

• Add unit tests for CodeHub.Core/Extensions/StringExtensions.cs—no test file visible in structure; create a new CodeHub.Core.Tests/Extensions/StringExtensionsTests.cs to validate any string formatting or parsing helpers used throughout the app: easy
• Implement missing INetworkActivityService in CodeHub.Core/Services/—interface exists but no concrete implementation visible; add a class that tracks active network requests and exposes a reactive property to show/hide loading indicators during API calls: medium
• Add markdown preview documentation to CodeHub.Core/Services/IMarkdownService.cs—interface exists but behavior is undocumented; add XML doc comments explaining how it converts GitHub-flavored markdown to displayable text/HTML and add a simple test case for code block rendering: easy

• High · Potential Hardcoded Secrets in Secrets.cs — CodeHub.Core/Secrets.cs. The file 'CodeHub.Core/Secrets.cs' suggests hardcoded secrets or API credentials may be stored in the codebase. This is a common anti-pattern where sensitive information like API keys, tokens, or passwords are committed to version control. Fix: Move all secrets to environment variables, secure configuration management systems, or use a secrets management service. Never commit secrets to version control. Add Secrets.cs to .gitignore if it contains sensitive data.
• High · OAuth Token Handling in LoginService — CodeHub.Core/Services/LoginService.cs, CodeHub.Core/ViewModels/Accounts/OAuthLoginViewModel.cs. The presence of 'LoginService.cs' and 'OAuthLoginViewModel.cs' suggests OAuth token handling. Without reviewing the implementation details, there's a risk of insecure token storage, transmission over non-HTTPS, or insufficient token validation. Fix: Ensure OAuth tokens are stored securely using platform-specific secure storage (e.g., iOS Keychain). Validate token expiration, use HTTPS for all token transmission, and implement token refresh mechanisms securely.
• Medium · Network Client Implementation Security — CodeHub.Core/Utils/OctokitNetworkClient.cs. The custom network client 'OctokitNetworkClient.cs' may have security implications if not properly implementing certificate pinning, request validation, or secure header handling for API communications with GitHub. Fix: Implement certificate pinning for GitHub API communications, validate all SSL/TLS certificates, use security headers (e.g., Content-Security-Policy equivalent), and sanitize all user inputs before transmission.
• Medium · External Data Deserialization Risk — CodeHub.Core/Data/ImgurResponse.cs, CodeHub.Core/Services/ImgurService.cs. Files like 'ImgurResponse.cs' and network-dependent ViewModels suggest deserialization of external API responses. Without proper validation, this could lead to injection attacks or unexpected object instantiation. Fix: Validate and sanitize all deserialized API responses. Use strongly-typed deserialization with whitelisting. Implement size limits on responses to prevent denial-of-service attacks.
• Medium · Potential Command Injection in Extensions — CodeHub.Core/Extensions/CommandExtensions.cs. The presence of 'CommandExtensions.cs' suggests command handling. If not properly validated, user inputs passed to commands could lead to command injection or unintended code execution. Fix: Validate all command inputs against a whitelist. Use parameterized commands rather than string concatenation. Avoid executing user-supplied commands directly.
• Medium · String Manipulation Without Input Validation — CodeHub.Core/Extensions/StringExtensions.cs, CodeHub.Core/Utils/GitHubExtensions.cs. Extensions like 'StringExtensions.cs' and 'GitHubExtensions.cs' may process user inputs or API data. Without proper validation, these could be vectors for injection attacks. Fix: Implement input validation and sanitization in string manipulation methods. Use parameterized queries for API calls. Escape special characters appropriately for their context.
• Medium · Missing Dependency Information — Package dependencies (project file not provided). The dependency file content is empty or not provided. This prevents assessment of third-party library vulnerabilities, which is critical for security analysis of a Xamarin application. Fix: Provide complete dependency/package file (e.g., packages.config or .csproj). Regularly audit dependencies for known vulnerabilities using tools like NuGet Package Vulnerability Scanner or OWASP Dependency-Check.
• Low · Potential Information Disclosure in Error Handling — CodeHub.Core/Extensions/ExceptionExtensions.cs. The presence of 'ExceptionExtensions.cs' suggests exception handling logic. Improper exception handling could expose sensitive information to users or logs. Fix: Implement secure error handling that logs detailed exceptions server-side but shows user-friendly messages to clients. Never expose stack traces or sensitive system information to end users.
• Low · Weak Reference Management — undefined. undefined Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.