If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/Studio3T/robomongo shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 4y ago

• 4 active contributors
• GPL-3.0 licensed
• CI configured
• Tests present
• ⚠ Stale — last commit 4y ago
• ⚠ Small team — 4 contributors active in recent commits
• ⚠ Single-maintainer risk — top contributor 93% of recent commits
• ⚠ GPL-3.0 is copyleft — check downstream compatibility

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live Studio3T/robomongo repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/Studio3T/robomongo.

What it runs against: a local clone of Studio3T/robomongo — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in Studio3T/robomongo | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 1355 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of Studio3T/robomongo. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/Studio3T/robomongo.git
#   cd robomongo
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of Studio3T/robomongo and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "Studio3T/robomongo(\\.git)?\\b" \\
  && ok "origin remote is Studio3T/robomongo" \\
  || miss "origin remote is not Studio3T/robomongo (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "CMakeLists.txt" \\
  && ok "CMakeLists.txt" \\
  || miss "missing critical file: CMakeLists.txt"
test -f "cmake/RobomongoCommon.cmake" \\
  && ok "cmake/RobomongoCommon.cmake" \\
  || miss "missing critical file: cmake/RobomongoCommon.cmake"
test -f "README.md" \\
  && ok "README.md" \\
  || miss "missing critical file: README.md"
test -f "bin/configure" \\
  && ok "bin/configure" \\
  || miss "missing critical file: bin/configure"
test -f "cmake/FindMongoDB.cmake" \\
  && ok "cmake/FindMongoDB.cmake" \\
  || miss "missing critical file: cmake/FindMongoDB.cmake"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1355 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1325d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/Studio3T/robomongo"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Robo 3T is a native cross-platform MongoDB management tool that embeds the actual MongoDB shell (mongo 4.2 in v1.4) in a tabbed GUI interface, allowing developers to execute shell commands directly alongside visual database inspection. It combines shell-centric access with GUI conveniences like connection management, database/collection browsing, and SSH tunneling (including ECDSA/Ed25519 key support) across Windows, macOS, and Linux. Monolithic C++/Qt desktop application: src/ contains the core GUI logic (likely with Qt widgets), bin/ holds build/package scripts for Linux/macOS/Windows, cmake/ configures compilation with MongoDB and OpenSSL vendoring/discovery (see cmake/mongodb/ pre-built objects), and the embedded mongo shell is compiled into the binary via MongoDB C++ driver integration.

MongoDB developers and DBAs who want to interact with MongoDB databases via the native mongo shell without leaving a GUI, particularly those who prefer shell scripting for queries but need visual database structure exploration and connection management. Contributors are C++/Qt developers maintaining cross-platform desktop applications.

This project is archived and no longer actively developed as of the README notice. The last release was v1.4.4, which embedded MongoDB 4.2 shell. Studio 3T explicitly recommends users migrate to Studio 3T Free instead. The codebase is well-structured with CI/CD pipelines (.travis.yml), CMake build system, and code analysis tooling (clang-tidy, cppcheck, scan-build), indicating it was production-ready before discontinuation, but it receives no new features or security updates.

High risk for new adoption: This project is officially abandoned with no active maintenance, so security vulnerabilities in embedded MongoDB 4.2 shell or dependencies will never be patched. The C++ codebase (1.2M lines) and Qt dependency make it heavy to fork and maintain independently. External dependencies on MongoDB and OpenSSL (see cmake/FindMongoDB.cmake, cmake/FindOpenSSL.cmake) are pinned to potentially outdated versions. Last meaningful commit activity appears to be 2020-2021 based on v1.4.4 release timing.

Nothing. Development has stopped. The README explicitly states 'End of Robo 3T Development' and the last release (v1.4.4) is available from download links provided. The repository is maintained read-only as a historical archive per the README: 'This repository, the website and blog will be left online and available to maintain a record.'

Clone the repository and build via CMake (requires MongoDB 4.2 sources, OpenSSL, Qt, and C++ compiler):

git clone https://github.com/Studio3T/robomongo.git
cd robomongo
./bin/configure  # or bin/configure.bat on Windows
./bin/build      # or bin/build.bat
./bin/run        # or bin/run.bat to launch the GUI

For detailed platform-specific steps, see bin/README.md.

Daily commands: After building (see howDoIStart), launch via:

./bin/run        # Linux/macOS
bin\run.bat      # Windows

Or execute the installed binary directly. CMake generates platform-specific build artifacts (Makefile on Linux, Visual Studio projects on Windows, Xcode on macOS).

• CMakeLists.txt — Root build configuration defining the entire project structure, dependencies, and compilation targets for cross-platform builds.
• cmake/RobomongoCommon.cmake — Shared CMake utilities and patterns used across all platform-specific builds; understanding this is essential for build system modifications.
• README.md — Documents that Robo 3T is no longer in active development and directs users to Studio 3T Free; critical for onboarding and context.
• bin/configure — Primary build setup script for Linux/macOS that handles dependency resolution and environment configuration before compilation.
• cmake/FindMongoDB.cmake — Locates and configures MongoDB library dependencies; core to the application's ability to connect and communicate with MongoDB instances.
• install/macosx/Info.plist.in — Template for macOS application metadata defining bundle configuration, versioning, and system integration properties.
• docs/BuildingRobomongo.md — Comprehensive build documentation covering architecture, dependencies, and compilation workflow for all supported platforms.

Add a new platform-specific build target

1. Define new platform conditionals in CMakeLists.txt for conditional compilation and linking (CMakeLists.txt)
2. Create platform-specific CMake rules in cmake/RobomongoCommon.cmake for compiler flags and dependencies (cmake/RobomongoCommon.cmake)
3. Add platform detection and configuration in cmake/RobomongoTargetArch.cmake (cmake/RobomongoTargetArch.cmake)
4. Create build script bin/configure.{ext} following existing patterns for Linux/macOS/Windows (bin/configure)

Update application versioning and metadata

1. Modify version string in CMakeLists.txt or version configuration (CMakeLists.txt)
2. Update macOS bundle metadata in Info.plist.in template with new version (install/macosx/Info.plist.in)
3. Update Windows resource version in winres.rc.in template (install/windows/winres.rc.in)
4. Update CHANGELOG with version notes and release information (CHANGELOG)

Integrate a new third-party C++ dependency

1. Create cmake/FindPackageName.cmake following the pattern of FindMongoDB.cmake and FindOpenSSL.cmake (cmake/FindMongoDB.cmake)
2. Add find_package() and target_link_libraries() calls in CMakeLists.txt (CMakeLists.txt)
3. Define platform-specific library paths and compiler flags in cmake/RobomongoCommon.cmake (cmake/RobomongoCommon.cmake)
4. Document the new dependency in docs/BuildingRobomongo.md with installation and configuration steps (docs/BuildingRobomongo.md)

• CMake 3.x+ — Provides cross-platform build abstraction allowing single configuration for Windows/macOS/Linux without platform-specific makefiles.
• C++ 14/17 with Qt 5.x — Qt enables native GUI toolkits on all platforms; C++ provides direct MongoDB driver integration and performance-critical operations.
• MongoDB C Driver (bundled object files) — Pre-compiled driver objects in cmake/mongodb/* eliminate MongoDB source compilation complexity while maintaining version control.
• OpenSSL/LibreSSL — Provides TLS/SSL for secure connections to MongoDB instances; platform-specific detection via FindOpenSSL.cmake.
• CPack + platform-specific installers (NSIS/DMG/DEB) — Automates packaging into native formats (Windows .exe/.msi, macOS .dmg, Linux .deb) from single CMake configuration.

• Pre-compiled MongoDB object files stored in git (cmake/mongodb/*.objects) instead of runtime linking

  • Why: Avoids dependency on MongoDB build system and toolchain; simplifies deployment across heterogeneous CI/CD environments.
  • Consequence: Repository size increases; MongoDB version upgrades require manual object file regeneration and testing; harder to support multiple MongoDB versions.

• Qt as sole GUI framework rather than native APIs per platform

  • Why: Single codebase maintains consistency across Windows/macOS/Linux; Qt community libraries (database, networking) integrate seamlessly.
  • Consequence: Dependency on Qt toolchain; less native look-and-feel compared to platform-specific UI libraries; larger application bundle size.

• Build scripts (bin/configure, bin/build) as bash/batch rather than CMake-only workflow

  • Why: Encapsulates platform-specific environment setup (compiler detection, dependency paths) in human-readable form; easier debugging than pure CMake.
  • Consequence: Additional maintenance burden; scripts can diverge from CMake configuration; requires shell/batch scripting knowledge.

• Platform-agnostic GUI rendering (uses native Qt per-platform renderers, not web/Electron)
• Real-time MongoDB replication monitoring or cluster orchestration
• Cloud-based deployment or SaaS functionality
• Support for MongoDB versions < 2.6 (pre-v3.0 wire protocol)
• Build system for Windows ARM64 or other exotic architectures (targets x86_64 primarily)

Build system complexity: MongoDB driver and OpenSSL must be found or pre-built; cmake/mongodb/ contains pre-compiled objects that may not match your architecture or SSL version—verify cmake/FindOpenSSL.cmake and cmake/FindMongoDB.cmake match your environment. Qt dependency not explicitly listed: Qt is not in the file listing but is required (inferred from 'tabbed interface' and cross-platform GUI); you must install Qt SDK (likely 5.x based on v1.4 timeframe). No source for embedded mongo shell: The mongodb/ subdirectory contains only build artifacts; if you need mongo shell source to debug, you must obtain MongoDB 4.2 sources separately. Archived project: No CI/CD will run on pull requests; .travis.yml is stale. CMake cache persistence: running ./bin/configure multiple times may leave conflicting CMake caches in build/ directories—see bin/clean to reset.

• Cross-platform desktop application via Qt — Robo 3T uses Qt's signal/slot mechanism and widget library to maintain a single codebase for Windows/macOS/Linux; understanding Qt's MDI (Multiple Document Interface) patterns is key to navigating the tabbed shell UI.
• MongoDB embedded shell integration — Rather than shelling out to the mongo CLI, Robo 3T embeds the MongoDB C++ driver and runs shell commands in-process; this avoids process overhead but couples the app to a specific MongoDB version (4.2).
• SSH tunneling and key-based authentication — Robo 3T supports ECDSA and Ed25519 SSH keys (v1.4 feature) to reach MongoDB over secure channels; understanding SSH agent integration and key format handling is critical for remote database access.
• CMake multi-platform build orchestration — Robo 3T's build system (CMakeLists.txt + cmake/ subdirectories) handles discovery of MongoDB, Qt, and OpenSSL across three major OS families; understanding CMake's find_package and target linking is essential to modifying or debugging builds.
• Connection pooling and object lifecycle — Robo 3T manages concurrent MongoDB connections (likely via the C++ driver's connection pool); understanding how tabs and shell sessions share or isolate database connections affects performance and correctness.
• BSON serialization and query representation — MongoDB's native query language uses BSON (Binary JSON); Robo 3T must parse and display BSON documents in the GUI, so understanding BSON structure is necessary for debugging query output or adding new UI renderers.
• OpenSSL certificate and encryption handling — Robo 3T uses OpenSSL (via cmake/FindOpenSSL.cmake) for TLS/SSL connections to MongoDB and SSH tunnels; version mismatches or certificate validation logic bugs are common pitfalls in C++ desktop apps.

• mongodb/mongo — The MongoDB server and shell source; Robo 3T embeds the mongo shell v4.2, so understanding the shell's architecture helps debug embedded behavior.
• mongodb/mongo-cxx-driver — Official C++ driver used by Robo 3T to communicate with MongoDB and embed the shell; essential for understanding connection pooling and query execution.
• mongodb-js/compass — MongoDB Compass is the modern official MongoDB GUI alternative (JavaScript/Electron-based); users migrating from Robo 3T should evaluate Compass as the successor.
• Studio3T/studio3t-free — Studio 3T's official recommendation for Robo 3T users; this is the maintained, commercial successor tool that replaces Robo 3T with a modern codebase.
• mongoDB-js/mongoDB-shell — Modern reimplementation of the MongoDB shell in JavaScript (mongosh); understanding its design may inform attempts to modernize Robo 3T's embedded shell.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add GitHub Actions CI workflow to replace Travis CI

.travis.yml exists but GitHub Actions is now the standard for GitHub repos. The project has multiple build scripts (bin/build.bat, bin/build, bin/run-tests.bat, etc.) across Windows/Linux/macOS that could be automated. This provides faster feedback to contributors and reduces reliance on external CI service.

• [ ] Create .github/workflows/build-linux.yml to run bin/build and bin/run-tests on Ubuntu
• [ ] Create .github/workflows/build-windows.yml to run bin/build.bat and bin/run-tests.bat on Windows
• [ ] Create .github/workflows/build-macos.yml to run bin/build and bin/run-tests on macOS
• [ ] Configure workflows to trigger on PR and push to main branches
• [ ] Reference existing cmake configuration in cmake/RobomongoCMakeDefaults.cmake for build flags

Document CMake build system and dependencies in docs/BuildingRobomongo.md

The repo has extensive cmake/ directory with FindMongoDB.cmake, FindOpenSSL.cmake, and mongodb object files, but docs/BuildingRobomongo.md and docs/BuildRobo3TOnWindows.md lack concrete dependency installation steps and CMake configuration details. New contributors struggle with dependency resolution (MongoDB, OpenSSL, Qt, Threading).

• [ ] Update docs/BuildingRobomongo.md with section listing all required dependencies (MongoDB, OpenSSL, Qt versions) with version numbers
• [ ] Add instructions for cmake/FindMongoDB.cmake configuration and how to point to local MongoDB builds
• [ ] Document the mongodb object files in cmake/mongodb/ and when to use linux-debug vs linux-release vs windows variants
• [ ] Add troubleshooting section for common CMake configuration errors

Add unit test structure and tests for core utility functions

The bin/ directory has test scripts (bin/build-and-run-tests, bin/run-tests.bat) indicating test infrastructure exists, but no test files or test directory structure is visible in the file listing. New contributors need clear guidance on test location and patterns to add tests for utility/helper functions.

• [ ] Create tests/ directory structure mirroring src/ layout if not present
• [ ] Add sample unit test file demonstrating the test framework used (CMake ctest, GoogleTest, Catch2, etc.)
• [ ] Document in docs/BuildingRobomongo.md how to run tests locally: 'bin/build-and-run-tests' and expected output
• [ ] Add example test for a utility function to demonstrate test patterns and naming conventions

• Add GitHub Actions workflow to replace stale .travis.yml: create .github/workflows/build.yml that tests CMake configuration on macOS/Linux/Windows to verify the legacy build system still works with modern OS versions. Currently .travis.yml is not maintained and provides no assurance the project builds on recent Ubuntu/macOS.
• Document MongoDB 4.2 shell API differences from 3.x in a new CONTRIBUTING.md or docs/SHELL_COMPATIBILITY.md, as users forking this repo may want to upgrade to MongoDB 5.0+ but lack a porting guide. Check CHANGELOG for breaking changes (e.g., removed commands, syntax shifts) between 4.2 and newer versions.
• Add missing documentation for ssh tunneling configuration in docs/ or README: SSH support for ECDSA/Ed25519 (v1.4 feature) is mentioned in CHANGELOG but not explained in setup/usage docs. Provide a step-by-step guide with example connection strings and key generation commands.

The Robo 3T project presents significant security risks due to its end-of-life status with no active maintenance. The last release (1.4.4) is outdated, and all dependencies are likely vulnerable. While the static file structure analysis doesn't reveal obvious code-level vulnerabilities, the lack of active security maintenance is the primary concern. Users should migrate to actively maintained alternatives like Studio 3T Free or MongoDB Compass. If continued use is necessary, implement strict network isolation, disable internet access, and conduct thorough dependency vulnerability scanning.

• High · End of Life Software - No Active Security Maintenance — README.md, Project Status. Robo 3T development has been officially discontinued as stated in the README. The last release is version 1.4.4. The codebase is no longer actively maintained, meaning security vulnerabilities discovered will not be patched. This poses significant risk for production use. Fix: Migrate to actively maintained alternatives such as Studio 3T Free, MongoDB Compass, or other actively developed MongoDB GUI clients. If continued use is necessary, implement strict network isolation and access controls.
• Medium · Outdated Dependencies Likely Present — CMakeLists.txt, cmake/FindMongoDB.cmake, cmake/FindOpenSSL.cmake. Given that the project is no longer maintained (last release 1.4.4), all third-party dependencies (MongoDB drivers, Qt libraries, OpenSSL, etc.) are likely outdated. Outdated dependencies may contain known security vulnerabilities. No dependency file was provided for detailed analysis, but the CMake configuration suggests multiple external dependencies. Fix: Conduct a comprehensive Software Composition Analysis (SCA) to identify all dependencies and their versions. Compare against known vulnerability databases (CVE, NVD). Consider upgrading to maintained alternatives instead of patching an unmaintained project.
• Medium · Potential Insecure TLS/SSL Configuration — cmake/FindOpenSSL.cmake. The project includes custom FindOpenSSL.cmake configuration. Without access to the source code, there's a risk of improper SSL/TLS configuration for MongoDB connections, potentially allowing man-in-the-middle attacks or insufficient certificate validation. Fix: Review SSL/TLS implementation to ensure: certificate validation is enforced, TLS 1.2+ is required minimum, proper certificate chain validation, and secure cipher suites are configured.
• Medium · MongoDB Connection Security Unknown — Source code (not provided for review). The project manages MongoDB connections but without source code analysis, it's unclear if credentials are properly handled, if connections support authentication, or if sensitive data (connection strings, credentials) are properly protected in memory. Fix: Implement and verify: secure credential storage (no plaintext in config files), use connection string encryption, implement automatic credential expiration, use MongoDB authentication with strong credentials, and audit all database access logs.
• Low · Build Script Proliferation Without Verification — bin/ directory - multiple build scripts. Multiple build scripts exist (build, build.bat, configure, configure.bat, etc.) across Windows and Unix platforms. Without code review, the risk of injection vulnerabilities in these scripts or inconsistent security practices across platforms exists. Fix: Audit all build scripts for command injection vulnerabilities, ensure consistent security practices across platforms, use parameterized commands where applicable, and minimize script complexity.
• Low · Missing Security Documentation — Repository root. No security policy, security.md, or vulnerability disclosure guidelines are visible in the file structure. Given the project is unmaintained, users cannot report security issues through proper channels. Fix: Add a SECURITY.md file documenting that the project is unmaintained and directing users to report issues to Studio 3T. Recommend migration to maintained alternatives.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.