If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/alibaba/freeline shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 6y ago

• 14 active contributors
• BSD-3-Clause licensed
• Tests present
• ⚠ Stale — last commit 6y ago
• ⚠ Concentrated ownership — top contributor handles 52% of recent commits
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live alibaba/freeline repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/alibaba/freeline.

What it runs against: a local clone of alibaba/freeline — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in alibaba/freeline | Confirms the artifact applies here, not a fork | | 2 | License is still BSD-3-Clause | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 2219 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of alibaba/freeline. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/alibaba/freeline.git
#   cd freeline
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of alibaba/freeline and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "alibaba/freeline(\\.git)?\\b" \\
  && ok "origin remote is alibaba/freeline" \\
  || miss "origin remote is not alibaba/freeline (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(BSD-3-Clause)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"BSD-3-Clause\"" package.json 2>/dev/null) \\
  && ok "license is BSD-3-Clause" \\
  || miss "license drift — was BSD-3-Clause at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelinePlugin.groovy" \\
  && ok "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelinePlugin.groovy" \\
  || miss "missing critical file: freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelinePlugin.groovy"
test -f "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineGenerator.groovy" \\
  && ok "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineGenerator.groovy" \\
  || miss "missing critical file: freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineGenerator.groovy"
test -f "freeline-runtime/src/main/java/com/antfortune/freeline/FreelineCore.java" \\
  && ok "freeline-runtime/src/main/java/com/antfortune/freeline/FreelineCore.java" \\
  || miss "missing critical file: freeline-runtime/src/main/java/com/antfortune/freeline/FreelineCore.java"
test -f "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/Constants.groovy" \\
  && ok "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/Constants.groovy" \\
  || miss "missing critical file: freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/Constants.groovy"
test -f "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineInjector.groovy" \\
  && ok "freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineInjector.groovy" \\
  || miss "missing critical file: freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineInjector.groovy"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 2219 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~2189d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/alibaba/freeline"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Freeline is a super-fast incremental Android build tool that replaces Instant Run by caching compiled class files and resource indices. It splits builds into concurrent tasks, uses an optimized aapt fork (FreelineAapt) to generate resource packs as small as 1KB, and deploys updates via hot-swap through a socket server running on the device—enabling full rebuilds in seconds instead of minutes. Multi-module Gradle project: freeline-gradle-plugin/ (Groovy plugin entry point in FreelinePlugin.groovy), freeline-databinding-cli/ (Java CLI for DataBinding processing), and freeline-runtime-no-op/ (Android runtime library). Plugin orchestrates tasks like FreelineConfigGenerateTask, FreelineInjector, and FreelineGenerator that drive incremental compilation.

Android developers at enterprises (especially Ant Fortune) who need fast iteration during development and want to avoid the full rebuild-reinstall cycle. Also OTA hotpatching engineers who want to deliver incremental patches under 100KB to users.

Production-ready and actively maintained. Released v0.8.8, developed by Ant Fortune's Android team, and shipped in real product use. However, it is Android-focused and the codebase shows primary activity around 2016-2017 (Gradle 3.0 era), so newer Gradle plugin APIs (AGP 7.0+) may need updates.

Moderate risk: depends on Buck components (dx, DexMerger) which may diverge from modern Android Gradle Plugin versions. Last major updates appear dated relative to current AGP versions (3.0.0 in build.gradle suggests 2017-era code). Socket-server architecture on device adds complexity. Chinese-only wiki documentation limits external contribution.

The repository shows maturity rather than active development—no visible recent PRs or open milestones in provided data. The v0.8.8 release is the current stable version. Focus has shifted to OTA hotpatching delivery (noted as out-of-scope but motivation for incremental output).

git clone https://github.com/alibaba/freeline.git
cd freeline
gradle build

Requires Java, Gradle, and Android SDK. See README.md for plugin application to your Android project (add classpath in buildscript deps).

Daily commands: Build the plugin jar: gradle build. Apply it to an Android project: add classpath "com.antfortune.freeline:gradle:$FREELINE_RELEASE_VERSION" and apply plugin: 'com.antfortune.freeline' to your app/build.gradle. Then run incremental builds via Gradle or the Freeline daemon (socket server runs on device).

• freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelinePlugin.groovy — Main entry point for the Gradle plugin; orchestrates the entire incremental build pipeline and must be understood before extending Freeline.
• freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineGenerator.groovy — Core build configuration and task generation logic; defines how incremental builds are orchestrated.
• freeline-runtime/src/main/java/com/antfortune/freeline/FreelineCore.java — Runtime core that handles hot-swap deployment and dynamic class loading; critical for understanding app-side behavior.
• freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/Constants.groovy — Central configuration and version constants used throughout the build plugin; foundation for all version compatibility.
• freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineInjector.groovy — Bytecode injection mechanism that instruments classes for hot-swap support; core to incremental deployment strategy.
• freeline-runtime/src/main/java/com/antfortune/freeline/FreelineApplication.java — Application lifecycle hook required for initializing the Freeline runtime; essential for app integration.
• freeline-databinding-cli/src/main/java/com/antfortune/freeline/databinding/DataBindingHelper.java — Handles data binding metadata export for incremental builds; required for data-binding-enabled projects.

Add support for a new Android Gradle Plugin version

1. Update version constants and compatibility logic in FreelineCompat.groovy to detect and handle new AGP version (freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineCompat.groovy)
2. Add version parser rules in VersionParser.groovy to compare and validate the new version (freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/versions/VersionParser.groovy)
3. Register new build task variants in FreelineGenerator.groovy if task APIs have changed (freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineGenerator.groovy)
4. Update Constants.groovy with new version ranges and default configurations (freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/Constants.groovy)

Add a new hot-swap schema handler for runtime actions

1. Create a new class implementing ISchemaAction interface in freeline-runtime/src/main/java/com/antfortune/freeline/router/schema/ (freeline-runtime/src/main/java/com/antfortune/freeline/router/ISchemaAction.java)
2. Register the schema handler in Router.java's dispatch method (freeline-runtime/src/main/java/com/antfortune/freeline/router/Router.java)
3. Implement the action logic using FreelineCore methods for class reloading or resource patching (freeline-runtime/src/main/java/com/antfortune/freeline/FreelineCore.java)

Extend build instrumentation for custom class transformation

1. Subclass or enhance FreelineClassVisitor.groovy to add custom bytecode analysis rules (freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineClassVisitor.groovy)
2. Update FreelineInjector.groovy to apply your transformation logic during bytecode injection (freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineInjector.groovy)
3. Register the new transformation task in FreelineGenerator.groovy's task dependency chain (freeline-gradle-plugin/src/main/groovy/com/antfortune/freeline/FreelineGenerator.groovy)

• Gradle Plugin (Groovy/Java) — Tight integration with Android Gradle Plugin for task orchestration and bytecode analysis; standard for build tool extension
• ASM bytecode manipulation — Lightweight, high-performance bytecode transformation for injecting hot-swap hooks without modifying source code
• Android Runtime reflection & DexClassLoader — Enables dynamic class loading at runtime without app restart; core to hot-swap implementation
• BroadcastReceiver + LocalService IPC — Low-latency inter-process communication between build tool and running app without requiring network overhead
• Schema-based action routing — undefined

FreelineAapt (optimized aapt) is closed-source and only mentioned as 'will open source later'—you cannot directly modify resource compilation speed without it. The socket server architecture requires a device-side daemon running; if it crashes, fallback logic exists but may be opaque. Gradle 3.0 hardcoded in build.gradle may conflict with AGP 7.0+ (non-backwards-compatible breaking changes). Multi-dex hot-swap assumes minSdkVersion allows it (set to 14 in examples). Chinese wiki docs are primary reference; English docs limited.

• Incremental DEX merging — Freeline's core speedup comes from reusing cached class files and merging only changed DEX segments; understanding multi-dex hotswap and DEX format is essential to modify compilation logic
• ASM bytecode analysis and class-file change detection — FreelineClassVisitor uses ASM to visit bytecode and identify which classes changed since last build; this enables fine-grained caching in FreelineGenerator
• Hot code replacement / hot-swap — Freeline deploys incremental updates without reinstalling the APK; requires understanding JVM/Android runtime class loading and MonkeyPatcher's reflection-based patching
• Socket server IPC (Inter-Process Communication) — Freeline runs a socket server on the device in a separate process; understanding bidirectional socket protocols and process isolation is key to debugging deployment failures
• Android Resource Compilation (aapt/aapt2) — FreelineAapt is a fork of aapt optimized for incremental resource packing; understanding APK resource structure (ResTable, string pools) helps extend resource hot-reload
• Gradle task graph and plugin lifecycle — Freeline integrates as a Gradle plugin that registers custom tasks (FreelineConfigGenerateTask, FreelineInjector) into the AGP build pipeline; understanding task dependencies is critical to modifying build flow
• Multi-dex and DEX format — Freeline uses multi-dex for hot-swapping changed classes independently; understanding DEX method references, class boundaries, and the multi-dex specification is required to diagnose incremental dex errors

• google/android-gradle-plugin — Official Android Gradle Plugin; Freeline targets AGP APIs and should be compatibility-tested against releases
• facebook/buck — Freeline reuses Buck's dx and DexMerger components; understanding Buck's approach to incremental compilation informs Freeline's architecture
• google/instant-run-reference — Freeline is an Instant Run alternative and reuses MonkeyPatcher; understanding Instant Run's hot-swap mechanism clarifies Freeline's design
• alibaba/atlas — Alibaba's modular/dynamic deployment framework; complements Freeline's incremental output for OTA delivery
• uber/okbuck — Another Buck-based Android build tool; shares similar philosophy on caching and incremental builds

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for FreelineParser.groovy and FreelineGenerator.groovy

The freeline-gradle-plugin contains critical parsing and code generation logic in FreelineParser.groovy and FreelineGenerator.groovy, but there are no corresponding test files visible in the repository structure. These components are central to the incremental build process and deserve comprehensive unit test coverage to catch regressions early and document expected behavior.

• [ ] Create freeline-gradle-plugin/src/test/groovy directory structure
• [ ] Add FreelineParserTest.groovy with test cases for gradle file parsing, dependency detection, and configuration extraction
• [ ] Add FreelineGeneratorTest.groovy with test cases for class visitor logic, annotation collection, and code generation
• [ ] Verify tests run with gradle test task and integrate into build.gradle

Add integration tests for data binding CLI in freeline-databinding-cli

The freeline-databinding-cli module (CliMain.java, DataBindingHelper.java, ProcessLayouts.java) handles critical data binding information export. There are no visible test files, making it difficult to validate that layout processing and binding info export work correctly across different Android project configurations and data binding implementations.

• [ ] Create freeline-databinding-cli/src/test/java directory structure
• [ ] Add DataBindingHelperTest.java with tests for binding metadata extraction and validation
• [ ] Add ProcessLayoutsTest.java with tests for XML layout parsing and binding information generation
• [ ] Add integration test that runs CliMain against sample Android project layouts and validates output

Add GitHub Actions CI workflow for multi-version Gradle and AGP compatibility testing

The project supports multiple Gradle and Android Gradle Plugin versions (build.gradle shows AGP 3.0.0, but Freeline likely needs to support a range). Without automated CI testing across versions, contributors may introduce regressions. No .github/workflows directory is present in the file structure.

• [ ] Create .github/workflows/build.yml GitHub Action workflow
• [ ] Configure matrix testing across Gradle versions (6.x, 7.x, 8.x) and AGP versions (3.0.0 through current)
• [ ] Include build, unit test execution (freeline-gradle-plugin tests), and freeline-databinding-cli validation steps
• [ ] Add badge to README.md showing CI status and ensure workflow triggers on pull requests and main branch

• Add unit tests for FreelineClassVisitor.groovy to verify bytecode change detection logic (currently untested by visible test structure): Critical incremental logic has no visible test coverage; regression risk is high
• Create example Android project in examples/ that demonstrates Freeline setup with modern AGP (7.0+) and document compatibility matrix: README only references Gradle 3.0; modern Android devs cannot easily adopt without examples
• Document the DataBinding CLI (freeline-databinding-cli/) with end-to-end example and export format spec in English (currently no exported docs): DataBinding feature is exposed but undocumented; external contributors cannot extend it

• High · Insecure Repository URL (HTTP instead of HTTPS) — build.gradle, line: maven { url 'http://dl.bintray.com/jetbrains/intellij-plugin-service' }. The build.gradle file contains an HTTP URL for the Bintray IntelliJ plugin service repository: 'http://dl.bintray.com/jetbrains/intellij-plugin-service'. Using HTTP instead of HTTPS exposes the build process to man-in-the-middle (MITM) attacks, allowing potential interception and manipulation of downloaded dependencies. Fix: Replace the HTTP URL with HTTPS: 'https://dl.bintray.com/jetbrains/intellij-plugin-service'. Ensure all repository URLs use HTTPS to prevent MITM attacks during dependency resolution.
• High · Outdated Gradle and Android Gradle Plugin Versions — build.gradle, classpath 'com.android.tools.build:gradle:3.0.0'. The build.gradle specifies 'com.android.tools.build:gradle:3.0.0', which is significantly outdated and contains multiple known security vulnerabilities. This version was released in October 2017 and has numerous CVEs and security patches available in newer versions. Fix: Update to the latest stable version of the Android Gradle Plugin (currently 8.x or higher). Run 'gradle wrapper --gradle-version <latest>' to update and use Gradle 8.0 or newer which includes important security fixes.
• High · Multiple Outdated Dependencies with Known Vulnerabilities — build.gradle, classpath declarations for gradle-retrolambda, gradle-bintray-plugin, and android-maven-gradle-plugin. Several dependencies are significantly outdated and likely contain known security vulnerabilities: gradle-retrolambda (3.6.1 from 2016), gradle-bintray-plugin (1.4 from 2015), and android-maven-gradle-plugin (2.0). These old versions may have unpatched security issues. Fix: Update all dependencies to their latest stable versions. Remove deprecated tools like gradle-retrolambda if no longer needed. Use 'gradle dependencyUpdates' to identify outdated dependencies and plan updates systematically.
• Medium · Outdated Android Support Library Version — build.gradle, ext { supportLibVersion = '27.0.0' }. The project uses Android Support Library version 27.0.0 (released in 2017). This version is deprecated and no longer receives security updates. Google has deprecated the Support Library in favor of AndroidX. Fix: Migrate to AndroidX artifacts. Update support libraries to their AndroidX equivalents (e.g., 'androidx.appcompat:appcompat:1.x.x'). This ensures access to latest security patches and bug fixes.
• Medium · Outdated Compile and Target SDK Versions — build.gradle, targetSdkVersion = 25, compileSdkVersion = 27. The project targets SDK version 25 and compiles with SDK 27, both released in 2016-2017. Modern Android requires targeting much newer SDK versions. Older SDK targets may miss important security features and OS-level protections. Fix: Update targetSdkVersion to 33 or higher (current requirement by Google Play Store is 33+). Update compileSdkVersion to match the latest available Android API level to leverage new security features and protections.
• Medium · Missing Dependency Version Pinning — build.gradle, classpath and dependencies using $FREELINE_RELEASE_VERSION. Dependencies in build.gradle use variable interpolation ($freelineReleaseVersion) without explicit version constraints. If FREELINE_RELEASE_VERSION is not properly controlled or versioning scheme changes, it could lead to unexpected builds with different dependency versions. Fix: Implement strict dependency versioning with explicit version ranges. Use dependency locking (gradle.lockfile) to ensure reproducible builds. Document how FREELINE_RELEASE_VERSION is set and managed.
• Low · Missing Security Configuration Documentation — Repository root. No apparent security.md, SECURITY.md, or security policy documentation visible in the repository structure for reporting vulnerabilities responsibly. Fix: Add a SECURITY.md file with responsible disclosure guidelines and security contact information. This enables security researchers to report vulnerabilities privately.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.