If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/YoKeyword/Fragmentation shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• 7 active contributors
• Apache-2.0 licensed
• CI configured
• Tests present
• ⚠ Stale — last commit 2y ago
• ⚠ Single-maintainer risk — top contributor 87% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live YoKeyword/Fragmentation repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/YoKeyword/Fragmentation.

What it runs against: a local clone of YoKeyword/Fragmentation — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in YoKeyword/Fragmentation | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch androidx exists | Catches branch renames | | 4 | Last commit ≤ 738 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of YoKeyword/Fragmentation. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/YoKeyword/Fragmentation.git
#   cd Fragmentation
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of YoKeyword/Fragmentation and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "YoKeyword/Fragmentation(\\.git)?\\b" \\
  && ok "origin remote is YoKeyword/Fragmentation" \\
  || miss "origin remote is not YoKeyword/Fragmentation (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify androidx >/dev/null 2>&1 \\
  && ok "default branch androidx exists" \\
  || miss "default branch androidx no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 738 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~708d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/YoKeyword/Fragmentation"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Fragmentation is a deprecated Android library that simplifies development of complex multi-fragment apps using a single Activity + multiple Fragments or multi-Activity + multi-Fragment architectures. It provides fragment lifecycle management, stack debugging, launch modes, back-press handling, lazy initialization, and transition animations—treating fragments more like Activities with lifecycle callbacks. Monorepo structure: root fragmentation/ library (200KB Java code) with demo/ sample app showcasing Single Activity + multi-Fragment patterns. Core extends SupportActivity and SupportFragment base classes with lifecycle hooks. Optional modules: fragmentation-swipeback/ for gesture-based fragment pop, eventbus_activity_scope/ for scoped EventBus communication.

Android developers building complex nested-fragment apps (like Instagram-style UIs) who need simpler fragment stack management, back navigation support, and inter-fragment communication without manually handling FragmentManager transactions.

This project is officially deprecated and no longer maintained (clearly stated in README). It has 9K+ GitHub stars and was actively developed around 2016-2019 with CI/CD via Travis CI, but the codebase shows no recent commits. It remains production-ready for legacy projects but should not be used for new Android development.

High risk for new projects: unmaintained status means no security updates, no Android API level compatibility fixes, and incompatibility with modern AndroidX tooling (though an androidx-compatible branch exists). Single-maintainer (@YoKeyword) with no visible successor. Dependencies on outdated Gradle (3.2.1) and Android APIs (compileSdkVersion 28).

No active development. Repository is in maintenance-only mode with no recent commits, PRs, or issues being processed. Last activity appears to be documentation updates and deprecation notice.

git clone https://github.com/YoKeyword/Fragmentation.git
cd Fragmentation
# For AndroidX version (recommended):
cd demo
# Open in Android Studio or build via:
./gradlew assembleDebug

Daily commands: Use Android Studio to open the project, select the demo module, and run on emulator/device. Alternatively: ./gradlew :demo:installDebug then manually launch the app.

• fragmentation/src/main/java/me/yokeyword/fragmentation/SupportActivity.java: Core Activity base class that manages the FragmentManager, handles back-press delegation, and implements the fragment stack state machine
• fragmentation/src/main/java/me/yokeyword/fragmentation/SupportFragment.java: Core Fragment base class adding lifecycle hooks (onSupportVisible, onBackPressedSupport, onLazyInitView) and launch mode support
• demo/src/main/java/me/yokeyword/sample/demo_flow/base/MySupportActivity.java: Demo app's custom Activity showing how to extend Fragmentation's SupportActivity and configure transaction animations
• demo/src/main/java/me/yokeyword/sample/demo_flow/ui/fragment/home/HomeFragment.java: Concrete example of nested fragment hierarchy and inter-fragment communication in a real feature
• build.gradle: Top-level Gradle config with outdated Gradle 3.2.1 and compileSdkVersion 28—highlights maintenance risk

For new fragments: extend SupportFragment (in demo/src/main/java/me/yokeyword/sample/demo_flow/base/MySupportFragment.java). For custom activities: extend SupportActivity. Test additions: add tests to demo/src/androidTest/java/me/yokeyword/fragmentation/. Fragment samples: reference demo/src/main/java/me/yokeyword/sample/demo_flow/ui/fragment/ for nested fragment examples.

AndroidX vs Android Support: Project has two branches—default uses old android.support libraries; androidx features are on a separate branch and must be explicitly selected. Gradle version lock: Using Gradle 3.2.1 (from 2018) may fail on modern Java 11+ JDKs without workarounds. ProGuard rules: demo/proguard-rules.pro must be applied or reflection-based fragment instantiation will break in release builds. Fragment state loss: Back-press handling can cause IllegalStateException if fragments are popped during fragment transactions—no safeguards built in.

• Fragment Backstack Management — Core to understanding how Fragmentation replaces the built-in FragmentManager backstack with custom logic supporting launch modes and activity-like behavior; essential for debugging navigation bugs
• Activity Launch Modes (adapted for Fragments) — Fragmentation adapts Android's Activity launch modes (STANDARD, SINGLETOP, SINGLETASK) to fragments; critical for preventing duplicate fragment instances and controlling navigation flow
• Fragment Lifecycle Hooks (onSupportVisible, onLazyInitView) — Custom lifecycle callbacks solve the problem that Fragment.onResume() fires even for invisible fragments in a stack; onLazyInitView() defers costly initialization until fragment becomes visible
• Back-Press Event Propagation Chain — Fragmentation implements a custom onBackPressedSupport() chain where each fragment in the stack gets to handle back-press before bubbling up to Activity; critical for proper nested fragment navigation
• Fragment State Loss & commitNow() — Fragmentation avoids IllegalStateException during fragment pop by using synchronous transaction commits instead of async; understanding this prevents subtle state corruption bugs
• Scoped EventBus (Activity Scope) — The optional eventbus_activity_scope module extends EventBus to auto-subscribe/unsubscribe fragments based on activity lifecycle, preventing memory leaks and event delivery after destruction

• AndroidX/Fragment — Official Fragment library that Fragmentation wraps; now deprecated in favor of modern Fragment APIs with FragmentManager state restoration
• square/flow — Alternative navigation library for Android that manages fragment/activity state with a declarative API, solving similar multi-screen management problems
• google/android-architecture-components — Modern recommended approach using Navigation Architecture Component and ViewModel, the successor pattern to Fragmentation for managing fragment state
• greenrobot/EventBus — Event bus library used by Fragmentation's optional eventbus_activity_scope module for scoped inter-fragment communication
• YoKeyword/Fragmentation-Rx — RxJava wrapper for Fragmentation lifecycle events, enabling reactive fragment management (companion project by same author)

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add instrumented tests for Fragment lifecycle and stack management

The repo has only one AndroidTest file (ApplicationTest.java) but the core library manages complex Fragment lifecycle and back-stack operations. The demo apps (demo_flow and demo_wechat) show sophisticated navigation patterns with nested fragments, swipe-back, and multiple fragment activities, but these scenarios lack corresponding instrumented tests. This would catch regressions in core functionality.

• [ ] Create demo/src/androidTest/java/me/yokeyword/fragmentation/FragmentStackTest.java to test push/pop operations
• [ ] Add tests for nested fragment navigation in demo_flow scenarios (HomeFragment → DetailFragment → ModifyDetailFragment)
• [ ] Add tests for swipe-back fragment lifecycle in demo/src/androidTest/java/me/yokeyword/fragmentation/SwipeBackFragmentTest.java
• [ ] Verify back-stack state preservation across orientation changes

Migrate from deprecated appcompat-v7 to androidx and update build config

The build.gradle specifies compileSdkVersion 28 and appCompatVersion "1.1.0-alpha01" (an alpha/deprecated version). The gradle plugin is 3.2.1 (outdated). Since the project targets modern Android, migrating to stable androidx (appcompat:1.6.x+) and AGP 7.x+ would improve stability, remove deprecation warnings, and enable access to modern gradle features and lint checks.

• [ ] Update build.gradle: change classpath 'com.android.tools.build:gradle:3.2.1' to 7.4.2 or latest stable
• [ ] Update appCompatVersion from "1.1.0-alpha01" to "1.6.1" (stable release)
• [ ] Update compileSdkVersion to 34 and targetSdkVersion to match
• [ ] Add androidx.appcompat:appcompat:1.6.1 to demo/build.gradle dependencies
• [ ] Update CHANGELOG.md documenting the AndroidX migration

Add ProGuard/R8 mapping tests for the library (fragmentation-core)

The demo/proguard-rules.pro file exists but there's no evidence of a library-level proguard configuration or tests validating that the fragmentation library's public API remains accessible after obfuscation. This is critical for a library that developers depend on, as incorrect proguard rules can break release builds silently.

• [ ] Create fragmentation-core/proguard-rules.pro (currently missing from file structure) with rules for SupportActivity, SupportFragment, and related APIs
• [ ] Add consumer proguard rules documentation to README.md's 'Installation' or 'ProGuard' section
• [ ] Create demo/build.gradle test task that validates the public API classes are kept after R8/ProGuard transformation
• [ ] Document which classes (SupportActivity, SupportFragment, etc.) must be kept in the library's README

• Add integration tests for nested fragment backstack scenarios in demo/src/androidTest/ (currently only ApplicationTest.java exists) to verify that complex fragment hierarchies like those in demo_flow/ui/fragment/discover/ maintain correct state across back presses
• Document launch mode behavior with code examples in README—the library adds STANDARD, SINGLETOP, SINGLETASK modes to fragments but examples only appear in demo; a separate LAUNCH_MODES.md would help
• Create a Kotlin extension file (e.g., fragmentation-ktx/src/main/kotlin/Fragmentation.kt) wrapping SupportActivity.loadRootFragment() and SupportFragment.start() with receiver scope functions for idiomatic Kotlin users

• High · Encrypted Keystore File Detected — demo/fragmentation.jks.enc. The file 'demo/fragmentation.jks.enc' suggests an encrypted keystore is present in the repository. If the encryption key is weak or stored insecurely, it could compromise the app signing certificate. The presence of encrypted files in version control may indicate poor secret management practices. Fix: Remove keystore files from version control entirely. Use secure secret management systems (GitHub Secrets, GitLab CI/CD variables, or dedicated secret managers) to store and access keystores during CI/CD pipelines. Add *.jks and *.jks.enc to .gitignore.
• High · Outdated Gradle Build Plugin — build.gradle (classpath 'com.android.tools.build:gradle:3.2.1'). The project uses Gradle Android plugin version 3.2.1, which was released in 2018 and is significantly outdated. This version lacks critical security patches and bug fixes, potentially exposing the application to known vulnerabilities in the build toolchain. Fix: Update to the latest stable version of the Android Gradle plugin (currently 8.x). Review the Android Gradle Plugin release notes for breaking changes and update accordingly.
• High · Outdated AppCompat Dependency — build.gradle (appCompatVersion = "1.1.0-alpha01"). The project uses AppCompat version '1.1.0-alpha01', which is an alpha/pre-release version. Alpha versions are not production-ready and may contain security vulnerabilities, bugs, and API instability. This should never be used in production code. Fix: Update to the latest stable release of AndroidX AppCompat (currently 1.6.x or later). Avoid using alpha, beta, or pre-release versions in production applications.
• Medium · Deprecated Project - No Longer Maintained — README.md. The README explicitly states 'THIS PROJECT IS NO LONGER BEING MAINTAINED'. Using unmaintained libraries means no security patches, bug fixes, or support for new Android versions. This poses a long-term security risk. Fix: Evaluate alternative, actively maintained fragment management solutions. Plan migration away from this library to ensure ongoing security and compatibility with future Android versions.
• Medium · Missing Proguard Rules Review — demo/proguard-rules.pro. The project includes 'demo/proguard-rules.pro' but there is no visibility into its contents. Misconfigured ProGuard rules can fail to obfuscate sensitive code or remove important security checks, leaving the application vulnerable to reverse engineering. Fix: Review ProGuard rules to ensure: (1) Sensitive classes are properly obfuscated, (2) Security-critical methods are not stripped, (3) Callback methods are preserved, (4) API classes used via reflection are protected.
• Medium · Low API Level Support — build.gradle (minSdkVersion = 14). The project supports minSdkVersion 14 (Android 4.0 - released 2011). This extremely old API level should no longer be supported in modern applications. Android 4.0 lacks critical security features, cipher improvements, and SSL/TLS enhancements present in newer versions. Fix: Increase minSdkVersion to at least API 21 (Android 5.0, 2014) or higher. Consider API 26+ (Android 8.0) for better security defaults including StrictMode and improved cryptography APIs.
• Low · Travis CI Configuration Present — .travis.yml. The '.travis.yml' file indicates the project uses Travis CI for continuous integration. Travis CI has been retired and this configuration is now obsolete. Using deprecated CI/CD platforms may result in security updates not being applied. Fix: Migrate to an actively maintained CI/CD platform such as GitHub Actions, GitLab CI, or Jenkins. Ensure the new platform includes automated security scanning and dependency updates.
• Low · Bintray Distribution Channel — README.md (Bintray badge and download link. The README references Bintray for distribution, which was shut down by JFrog in 2021. If the library is still being distributed through Bintray, users may be exposed to dependency resolution failures or stale packages. Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.