GO — Healthy across all four use cases

• Last commit 7w ago
• 9 active contributors
• Apache-2.0 licensed
• CI configured
• Tests present
• ⚠ Single-maintainer risk — top contributor 85% of recent commits
• ⚠ Scorecard: default branch unprotected (0/10)

_{Computed from maintenance signals — commit recency, contributor breadth, bus factor, license, CI, tests, cross-checked against OpenSSF Scorecard}

Android-ZBLibrary is an MVP (Model-View-Presenter) rapid development framework that provides pre-built base classes, UI components, and utility libraries to accelerate Android app development. It bundles OKHttp for networking, Glide for image loading, ZXing for QR code scanning, immersive status bars, and 100+ reusable styles—allowing developers to build list activities with HTTP caching in just a few lines of code. Monolithic library structure: ZBLibrary/ contains the core MVP framework (base classes, networking, utilities, styles in src/main/java and src/main/res/values/), while QRCodeLibrary/ is a bundled optional module for ZXing integration. Companion reference apps (ZBLibraryDemoApp, APIJSONApp) are not in this repo but are published as APKs, showing intended usage patterns.

Chinese Android developers (and international teams) building production apps who want to skip boilerplate and follow strict architectural patterns. Specifically: teams standardizing on MVP, developers building data-heavy list screens with caching, and maintainers who value detailed comments and comprehensive examples over bare-minimum SDKs.

Production-ready and actively maintained. The codebase is large (859KB Java), well-documented with detailed Chinese comments, includes two reference APKs (ZBLibraryDemoApp and APIJSONApp), and has a published JitPack release. GitHub Actions CI is configured (gradle.yml). However, the last visible commit activity and issue triage status are not detailed in the file list, so assume steady rather than bleeding-edge development.

Single-maintainer risk (TommyLemon) is the primary concern; the repo's ecosystem dependence is moderate—relies on stable libs (OKHttp, Glide, ZXing, AndroidX). No test suite visible in the top 60 files, which is a code-quality gap. The min API is 19 (Android 4.4), which is aging; compileSdkVersion 30 and targetSdkVersion 30 are now outdated (modern target is 34+), potentially blocking Play Store submissions soon.

The README and file structure indicate an established, feature-complete framework rather than active development. The .github/workflows/gradle.yml suggests CI runs on push/PR, but without access to recent commits or the Actions tab, ongoing work is unclear. The presence of issue templates (.github/ISSUE_TEMPLATE/) indicates bug/feature tracking is live.

Check README for instructions.

Daily commands: This is a library, not an executable app. To see it in action, build and install one of the reference APKs (ZBLibraryDemoApp or APIJSONApp from the README download links) or create a demo app that imports ZBLibrary and extends BaseHttpListActivity. Android Studio: File → Open → select project folder → Gradle sync → Build → Run on emulator/device.

• ZBLibrary/src/main/java/zuo/biao/library/base/BaseActivity.java — Core MVP Activity base class that all screen-level components inherit from; defines lifecycle, presenter binding, and View contract.
• ZBLibrary/src/main/java/zuo/biao/library/interfaces/Presenter.java — Central Presenter interface contract; all presenters implement this to enforce MVP pattern consistency across the framework.
• ZBLibrary/src/main/java/zuo/biao/library/manager/HttpManager.java — Singleton HTTP request handler using OKHttp; handles all network calls, caching, and response parsing framework-wide.
• ZBLibrary/src/main/java/zuo/biao/library/manager/CacheManager.java — Manages auto-caching layer for HTTP responses and data objects; critical for offline support and performance.
• ZBLibrary/src/main/java/zuo/biao/library/base/BaseAdapter.java — Reusable list/RecyclerView adapter base class; encapsulates item binding logic and common adapter patterns.
• ZBLibrary/build.gradle — Library build configuration; defines SDK targets, dependencies (androidx, OKHttp, Glide), and build behavior for all consumers.
• ZBLibrary/src/main/java/zuo/biao/library/base/BaseApplication.java — Application lifecycle entry point; initializes global managers, crash handlers, and framework configuration.

Add a New List Screen (HTTP + Caching)

1. Create a data model by extending BaseModel in a new file (e.g., src/main/java/com/example/model/MyItem.java) with fields and @Serializable annotations (ZBLibrary/src/main/java/zuo/biao/library/base/BaseModel.java)
2. Create an Activity extending BaseHttpRecyclerActivity<MyItem> to inherit HTTP loading, caching, and pagination automatically (ZBLibrary/src/main/java/zuo/biao/library/base/BaseHttpRecyclerActivity.java)
3. Create an adapter by extending BaseAdapter<MyItem> to bind item views and handle clicks (ZBLibrary/src/main/java/zuo/biao/library/base/BaseAdapter.java)
4. Implement onLoad() in the Activity to call HttpManager.get(..., onHttpResponseListener) with your API endpoint (ZBLibrary/src/main/java/zuo/biao/library/manager/HttpManager.java)
5. Override getItemView() in the adapter to inflate and bind your item layout (views auto-cached by CacheManager) (ZBLibrary/src/main/java/zuo/biao/library/base/BaseAdapter.java)

Add a New Screen with Custom Presenter

1. Create a Presenter interface extending ActivityPresenter in a new file (e.g., MyPresenter.java) defining view callback methods (ZBLibrary/src/main/java/zuo/biao/library/interfaces/ActivityPresenter.java)
2. Create a Presenter implementation class that receives the Activity as View, implements business logic, and calls view callbacks (ZBLibrary/src/main/java/zuo/biao/library/interfaces/Presenter.java)
3. Create an Activity extending BaseActivity<YourPresenter>, override initPresenter() to instantiate your presenter (ZBLibrary/src/main/java/zuo/biao/library/base/BaseActivity.java)
4. Implement view callback methods in the Activity to update UI when presenter calls them (ZBLibrary/src/main/java/zuo/biao/library/base/BaseActivity.java)
5. Call presenter methods from UI events (buttons, etc.); presenter makes HttpManager calls and caches results via CacheManager (ZBLibrary/src/main/java/zuo/biao/library/manager/HttpManager.java)

Add QR Code Scanning Feature

1. Start CaptureActivity by intent from your screen; it handles camera, decoding, and result callback automatically (QRCodeLibrary/src/main/java/com/zxing/activity/CaptureActivity.java)
2. Add camera permission (android.permission.CAMERA) to AndroidManifest.xml (QRCodeLibrary/src/main/AndroidManifest.xml)
3. Override onActivityResult() in your Activity to receive the scanned QR code result string (QRCodeLibrary/src/main/java/com/zxing/activity/CaptureActivity.java)
4. Use EncodingHandler to programmatically generate QR codes from strings if needed (QRCodeLibrary/src/main/java/com/zxing/encoding/EncodingHandler.java)

Add a Tabbed Navigation Screen

1. Create an Activity extending BaseTabActivity or BaseBottomTabActivity to get built-in tab switching and fragment lifecycle (ZBLibrary/src/main/java/zuo/biao/library/base/BaseTabActivity.java)
2. Create Fragments extending BaseFragment for each tab, implementing their own Presenters and logic (ZBLibrary/src/main/java/zuo/biao/library/base/BaseFragment.java)
3. Override initViewAndListener() in the Activity to add tabs and set their fragments (ZBLibrary/src/main/java/zuo/biao/library/base/BaseTabActivity.java)
4. Each Fragment inherits lazy loading; HTTP calls are deferred until fragment becomes visible (ZBLibrary/src/main/java/zuo/biao/library/base/BaseFragment.java)

API level mismatch: minSdkVersion 19 conflicts with modern AndroidX (which prefers 21+); test on actual Android 4.4 devices before release. Gradle versions: build tool 30.0.3 is outdated (latest is 35+); may fail with recent AS versions—update carefully. ZXing .jar dependency: QRCodeLibrary/libs/zxing.jar is a fat JAR; if you also use ZXing Maven Central, you'll get duplicate classes. No R8/ProGuard config for library consumers: proguard-rules.pro exists but library users must define their own rules to properly shrink dependencies. Immersive status bar logic: likely assumes specific Activity/Fragment lifecycle—verify with your own Fragment stack.

• MVP (Model-View-Presenter) Architecture — ZBLibrary is built entirely around MVP; understanding separation of logic (Presenter) from UI (View) and data (Model) is essential to using the framework's base classes effectively.
• HTTP Response Caching & Cache-Control Headers — BaseHttpListActivity's core strength is automatic caching; HttpManager likely interprets Cache-Control and Etag headers per RFC 7234 to minimize server round-trips.
• Android Resource Styling (attr, style, theme) — The framework's 100+ predefined styles in styles.xml rely on Android's resource resolution system (attr → style → theme); mastering this enables one-line UI consistency.
• Immersive / Edge-to-Edge UI — ZBLibrary abstracts status bar and navigation bar handling; understanding WindowInsets and translucent system UI is critical for custom Activityies.
• Thread Pools & Handlers (Background Tasks) — HttpManager likely uses thread pools for concurrent requests; ZXing's DecodeThread (visible in QRCodeLibrary) runs scanning off the main thread—understanding AsyncTask/Executor patterns is required for extending these.
• Image Loading Pipeline (Glide RequestManager) — ZBLibrary bundles Glide; knowing lifecycle binding, disk vs. memory cache layers, and transformation chains enables efficient list scrolling without OOM.
• ProGuard Obfuscation & Minification — The presence of proguard-rules.pro and minification options in build.gradle indicates library consumers must configure ProGuard/R8; incorrect rules break reflection-based HTTP serialization.

• square/okhttp — The underlying HTTP client library bundled by ZBLibrary; understanding OKHttp internals aids customization of HttpManager.
• bumptech/glide — The image-loading library used by ZBLibrary; necessary for customizing image caching and transformation behavior.
• zxing/zxing — The ZXing QR code engine; QRCodeLibrary is a thin wrapper, so upstream issues and updates directly affect scanning capability.
• TommyLemon/APIJSON — Companion project by the same author; APIJSONApp demo app showcases ZBLibrary + APIJSON backend integration patterns.
• ribot/android-boilerplate — Alternative MVP framework for Android with similar goals (base classes, utility abstractions) but more modular; useful for comparing architectural choices.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for BaseActivity and BaseFragment lifecycle management

The core MVP framework classes (BaseActivity.java, BaseFragment.java, BaseHttpListActivity.java, etc.) lack corresponding unit tests. Given that this is a framework repo emphasizing 'strict codes' and serving as a development standard, adding comprehensive unit tests for lifecycle hooks, view initialization, and data binding would validate the framework's reliability and serve as reference implementation for contributors.

• [ ] Create ZBLibrary/src/test/java/zuo/biao/library/base/ directory structure
• [ ] Add BaseActivityTest.java testing onCreate, onStart, onResume, onPause lifecycle methods
• [ ] Add BaseFragmentTest.java testing fragment attachment, view initialization, and detachment
• [ ] Add tests for BaseAdapter.java item binding and recycling behavior
• [ ] Configure JUnit 4 and Robolectric dependencies in ZBLibrary/build.gradle for Android component testing

Add QRCode decoding integration tests with test images

QRCodeLibrary/src/main/java/com/zxing/decoding/ contains DecodeHandler.java and DecodeThread.java but no test coverage. The library should include integration tests validating QR code detection, format detection (via DecodeFormatManager.java), and the complete decode pipeline. This is critical for a framework emphasizing comprehensive examples.

• [ ] Create QRCodeLibrary/src/test/java/com/zxing/decoding/ test directory
• [ ] Add test QR code images (PNG/JPEG) to QRCodeLibrary/src/test/resources/qrcodes/
• [ ] Create DecodeHandlerTest.java validating frame decoding from sample images
• [ ] Create DecodeFormatManagerTest.java testing format configuration and detection logic
• [ ] Add androidTestInstrumentationTest in QRCodeLibrary/build.gradle for CaptureActivity.java camera integration tests

Implement GitHub Actions CI workflow for instrumented tests on multiple API levels

The .github/workflows/gradle.yml exists but the repository lacks verification that BaseActivity, BaseFragment, and QRCodeLibrary components work across the declared API range (minSdkVersion 19 to targetSdkVersion 30). A multi-API-level instrumented test matrix would catch regressions and validate the 'strict codes' claim.

• [ ] Expand .github/workflows/gradle.yml to add Android emulator matrix testing for API 19, 21, 24, 28, 30
• [ ] Add 'androidTestImplementation androidx.test.espresso:espresso-core:3.3.0' (newer version) to both module build.gradle files
• [ ] Configure emulator startup with reusable-workflows or explicit setup-android steps for consistent CI
• [ ] Add code coverage reporting (Jacoco) integration to ZBLibrary/build.gradle for coverage badges in PRs
• [ ] Create .github/workflows/qr-code-tests.yml specifically for QRCodeLibrary instrumented tests

• Add unit tests for BaseHttpListActivity caching logic and HTTP request handling (currently no src/test/ visible); create JUnit + Mockito tests for cache hit/miss scenarios.
• Update build.gradle to target SDK 34+ and test with Gradle 8.x; document breaking changes in CHANGELOG.
• Create JavaDoc comments for all public classes in zuo.biao.library.base and zuo.biao.library.ui packages (particularly HttpManager and BaseView) to replace/supplement existing Chinese comments for international contributors.

The codebase has significant security concerns primarily related to outdated dependencies that contain known vulnerabilities. The most critical issues are the outdated androidx.appcompat library (5+ years old) and other testing dependencies from 2018. Additionally, minification is disabled in release builds, making the code vulnerable to reverse engineering. The project uses a broad JAR dependency approach which could introduce malicious libraries. Immediate action is needed to update all dependencies to current versions, enable code minification, and audit the included libraries. The framework itself appears to be well-structured with MVP architecture, but security posture is weak

• High · Outdated AppCompat Dependency — ZBLibrary/build.gradle - dependencies section. The project uses androidx.appcompat:appcompat:1.0.2, which was released in November 2018 and contains multiple known security vulnerabilities. This version is significantly outdated and lacks critical security patches. Fix: Update to the latest stable version of androidx.appcompat (currently 1.6.x or later). This should be done immediately as the current version is over 5 years old.
• High · Outdated Testing Dependencies — ZBLibrary/build.gradle - testImplementation and androidTestImplementation sections. The project uses junit:junit:4.12 (released 2014), androidx.test:runner:1.1.1 (2018), and androidx.test.espresso:espresso-core:3.1.1 (2018). These outdated testing libraries may contain security vulnerabilities and lack modern security features. Fix: Update to latest versions: junit:junit:4.13.x+, androidx.test:runner:1.5.x+, and androidx.test.espresso:espresso-core:3.5.x+
• Medium · Minification Disabled in Release Build — ZBLibrary/build.gradle - buildTypes.release section. The release buildType has minifyEnabled set to false, which means the compiled APK will not be obfuscated. This makes reverse engineering easier and exposes method names, class names, and logic flow to potential attackers. Fix: Set minifyEnabled to true and ensure proper ProGuard rules are configured in proguard-rules.pro to protect sensitive code.
• Medium · Broad File Dependency Declaration — ZBLibrary/build.gradle - dependencies section. The build.gradle uses 'fileTree(dir: 'libs', include: ['*.jar'])' which automatically includes all JAR files from the libs directory. This could inadvertently include malicious or outdated libraries if not carefully managed. Fix: Replace with explicit dependency declarations for each library. Only include necessary JARs and keep them updated. For QRCodeLibrary, specifically audit zxing.jar.
• Medium · Outdated Build Tools Version — ZBLibrary/build.gradle - android.buildToolsVersion. The project uses buildToolsVersion 30.0.3, which is outdated. Current Android SDK provides version 34.x+. Outdated build tools may lack security improvements and bug fixes. Fix: Update buildToolsVersion to the latest available version (34.0.0 or later) and update compileSdkVersion to 34 or higher.
• Low · No ProGuard Configuration Visible for QRCodeLibrary — QRCodeLibrary/proguard-rules.pro. While QRCodeLibrary has a proguard-rules.pro file, without reviewing its contents, it's unclear if the ZXing QR code library is properly protected. ZXing.jar should have obfuscation rules to prevent reverse engineering. Fix: Verify that proguard-rules.pro contains appropriate rules to obfuscate the ZXing library and keep it updated.
• Low · Camera and Audio Permissions in QRCode Module — QRCodeLibrary/src/main/AndroidManifest.xml and camera-related classes. The QRCodeLibrary uses camera functionality (CameraManager, PreviewCallback, AutoFocusCallback) and audio (beep.ogg). While necessary for QR scanning, ensure permissions are properly requested and handled at runtime for API level 23+. Fix: Implement runtime permission requests for CAMERA permission and verify that audio permissions are handled correctly on modern Android versions.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/TommyLemon/Android-ZBLibrary shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live TommyLemon/Android-ZBLibrary repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/TommyLemon/Android-ZBLibrary.

What it runs against: a local clone of TommyLemon/Android-ZBLibrary — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in TommyLemon/Android-ZBLibrary | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 76 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of TommyLemon/Android-ZBLibrary. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/TommyLemon/Android-ZBLibrary.git
#   cd Android-ZBLibrary
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of TommyLemon/Android-ZBLibrary and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "TommyLemon/Android-ZBLibrary(\\.git)?\\b" \\
  && ok "origin remote is TommyLemon/Android-ZBLibrary" \\
  || miss "origin remote is not TommyLemon/Android-ZBLibrary (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "ZBLibrary/src/main/java/zuo/biao/library/base/BaseActivity.java" \\
  && ok "ZBLibrary/src/main/java/zuo/biao/library/base/BaseActivity.java" \\
  || miss "missing critical file: ZBLibrary/src/main/java/zuo/biao/library/base/BaseActivity.java"
test -f "ZBLibrary/src/main/java/zuo/biao/library/interfaces/Presenter.java" \\
  && ok "ZBLibrary/src/main/java/zuo/biao/library/interfaces/Presenter.java" \\
  || miss "missing critical file: ZBLibrary/src/main/java/zuo/biao/library/interfaces/Presenter.java"
test -f "ZBLibrary/src/main/java/zuo/biao/library/manager/HttpManager.java" \\
  && ok "ZBLibrary/src/main/java/zuo/biao/library/manager/HttpManager.java" \\
  || miss "missing critical file: ZBLibrary/src/main/java/zuo/biao/library/manager/HttpManager.java"
test -f "ZBLibrary/src/main/java/zuo/biao/library/manager/CacheManager.java" \\
  && ok "ZBLibrary/src/main/java/zuo/biao/library/manager/CacheManager.java" \\
  || miss "missing critical file: ZBLibrary/src/main/java/zuo/biao/library/manager/CacheManager.java"
test -f "ZBLibrary/src/main/java/zuo/biao/library/base/BaseAdapter.java" \\
  && ok "ZBLibrary/src/main/java/zuo/biao/library/base/BaseAdapter.java" \\
  || miss "missing critical file: ZBLibrary/src/main/java/zuo/biao/library/base/BaseAdapter.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 76 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~46d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/TommyLemon/Android-ZBLibrary"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.