If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/chrisbanes/Android-PullToRefresh shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 9y ago

• 7 active contributors
• Apache-2.0 licensed
• ⚠ Stale — last commit 9y ago
• ⚠ Single-maintainer risk — top contributor 93% of recent commits
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live chrisbanes/Android-PullToRefresh repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/chrisbanes/Android-PullToRefresh.

What it runs against: a local clone of chrisbanes/Android-PullToRefresh — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in chrisbanes/Android-PullToRefresh | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | Last commit ≤ 3159 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of chrisbanes/Android-PullToRefresh. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/chrisbanes/Android-PullToRefresh.git
#   cd Android-PullToRefresh
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of chrisbanes/Android-PullToRefresh and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "chrisbanes/Android-PullToRefresh(\\.git)?\\b" \\
  && ok "origin remote is chrisbanes/Android-PullToRefresh" \\
  || miss "origin remote is not chrisbanes/Android-PullToRefresh (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 3159 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~3129d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/chrisbanes/Android-PullToRefresh"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Android-PullToRefresh is a reusable widget library that adds pull-to-refresh gesture support to Android scrollable views (ListView, GridView, WebView, ScrollView, ViewPager, etc.). It provides both pull-down-to-refresh and pull-up-to-load-more patterns with animated scrolling, over-scroll physics for Android 2.3+, and customizable indicators—originally forked from Johan Nilsson's library but substantially rewritten. Maven monorepo with three modules: library/ (core PullToRefreshView implementations), extras/PullToRefreshListFragment/ (Fragment wrapper support), and extras/PullToRefreshViewPager/ (ViewPager integration). Core resides in library/src/com/handmark/pulltorefresh/. Resources (animations, drawables) in library/res/ (anim/, drawable-hdpi/).

Android app developers from ~2010-2015 era building apps requiring pull-to-refresh UX patterns. Used by app creators shipping to Google Play Store who need a battle-tested, pre-Android Material Design widget before native SwipeRefreshLayout became standard.

DEPRECATED and no longer maintained—the README explicitly states 'THIS PROJECT IS NO LONGER BEING MAINTAINED'. Built around 2011-2014 era Android (targets pre-Material Design, uses old Maven build setup with apklib packaging). The codebase is stable but frozen; it served production apps at scale years ago but modern Android apps should use AndroidX and native swipe-refresh patterns.

Critical risk: unmaintained since mid-2010s with no recent commits visible in structure. Dependency on legacy android-support-v4.jar (v7 release, extremely old). Architecture assumes old Activity/Fragment lifecycle patterns. Single maintainer (chrisbanes) with no active watchdog. Not recommended for new projects—use AndroidX SwipeRefreshLayout instead.

Nothing—project is deprecated and unmaintained. No active development, pull requests, or issues being addressed per the README statement that master is for stable code and dev branch attempted new features before that.

git clone https://github.com/chrisbanes/Android-PullToRefresh.git && cd Android-PullToRefresh && mvn install (requires Maven 2+, Android SDK with API level appropriate for old builds). However, this is not recommended for new projects.

Daily commands: Not a runnable app—this is a library. To use: add as Maven dependency (groupId: com.github.chrisbanes.pulltorefresh, artifactId: library, version: 2.1.2). Sample app available in Google Play (referenced in README) but source build requires mvn clean install of library/ and samples/ modules.

• library/src/com/handmark/pulltorefresh: Core implementation directory containing all PullToRefreshView, PullToRefreshAdapterView, and gesture handling logic
• library/res/anim/slide_in_from_top.xml: Animation resource that drives the visual feedback when pulling down; changing this alters UX feel significantly
• extras/PullToRefreshListFragment/src/com/handmark/pulltorefresh/extras/listfragment/PullToRefreshListFragment.java: Fragment-based wrapper enabling pull-to-refresh in Fragment-based apps, critical for Fragment integration
• library/pom.xml: Maven build definition; version 2.1.2-SNAPSHOT and dependency declarations are here
• README.md: Contains deprecation notice, feature list, customization wiki links, and changelog references—essential context for contributors

library/src/com/handmark/pulltorefresh/ contains the core view classes; start here for pull-to-refresh logic changes. library/res/anim/ for animation tweaks. extras/ for Fragment/ViewPager integration. Old Maven pom.xml files in each module control builds—no Gradle. Update drawable assets in library/res/drawable-hdpi/.

This is DEPRECATED—do not ship new apps with it. Legacy Maven apklib packaging is not compatible with modern Gradle-based Android Studio. Android-support-v4.jar r7 is ancient (pre-AndroidX); cannot coexist cleanly with modern dependencies. Build requires older Android SDK tooling (no Gradle). Fragment API in extras/ assumes old support library fragments, breaking on AndroidX migration. Animations hardcoded in XML; runtime customization limited. No unit tests visible—must test manually on real devices.

• Over-scroll physics / velocity-based inertial scrolling — Android 2.3+ over-scroll is central to PullToRefresh UX—understanding momentum, deceleration curves, and edge detection explains why refresh triggers at specific thresholds.
• View hierarchy wrapping / decorator pattern — PullToRefreshAdapterView wraps ListView/GridView without subclassing them directly—this pattern is key to supporting multiple view types with shared refresh logic.
• Touch event interception and GestureDetector — Pull-to-refresh must intercept and reinterpret raw MotionEvent streams to detect pull gestures—core logic relies on Android's GestureDetector and onInterceptTouchEvent.
• Android Fragment lifecycle and support library compatibility — PullToRefreshListFragment integrates with Fragment lifecycle (onCreate, onCreateView)—understanding old vs. new Fragment APIs explains why extras/ module exists.
• View animation and interpolators — slide_in_from_top.xml and indicator animations use Android interpolators to create smooth, natural refresh feedback—changing these changes feel and perceived performance.
• Maven apklib packaging (deprecated) — Build system uses apklib, a Maven format for Android libraries that predates Gradle—understanding why pom.xml exists and how it differs from modern Gradle helps with legacy maintenance.
• End-of-list detection in scrollable views — Integrated OnPullEventListener fires when user scrolls to bottom—critical for 'pull-up-to-load-more' pattern, requires tracking scroll position and view size.

• square/retrofit — Commonly paired with PullToRefresh to fetch fresh data from APIs when user triggers refresh gesture
• facebook/fresco — Often used alongside PullToRefresh in image-heavy ListView apps to load images efficiently when list is refreshed
• johannilsson/android-pulltorefresh — The original inspiration/predecessor library that Android-PullToRefresh was forked from and substantially improved upon
• androidx/androidx — Modern replacement providing SwipeRefreshLayout and Fragment APIs in AndroidX, the successor ecosystem to this deprecated library
• android-action-bar/actionbarsherlock — Contemporary library (circa 2011-2014) solving ActionBar backport needs, often integrated in same apps using PullToRefresh

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Migrate from deprecated Android Support Library (android-support-v4.jar) to AndroidX

The repo uses the old android-support-v4.jar (v7) in extras/PullToRefreshListFragment/libs and extras/PullToRefreshViewPager/libs. These are deprecated and incompatible with modern Android development. Migrating to AndroidX androidx.fragment and androidx.viewpager would make this library usable in contemporary projects and prevent dependency conflicts.

• [ ] Replace android-support-v4.jar r7 dependency with androidx.fragment:fragment and androidx.viewpager:viewpager in extras/PullToRefreshListFragment/pom.xml
• [ ] Update extras/PullToRefreshViewPager/pom.xml with AndroidX viewpager dependency
• [ ] Update import statements in extras/PullToRefreshListFragment/src/com/handmark/pulltorefresh/extras/listfragment/.java from android.support. to androidx.fragment.*
• [ ] Update import statements in extras/PullToRefreshViewPager/src/com/handmark/pulltorefresh/extras/viewpager/PullToRefreshViewPager.java to use androidx.viewpager.*
• [ ] Test with Android Gradle Plugin 7.0+ to ensure compatibility

Add unit tests for PullToRefreshViewPager (extras/PullToRefreshViewPager)

The extras/PullToRefreshViewPager module has no visible test coverage. Given the complexity of ViewPager integration with pull-to-refresh mechanics (gesture handling, scroll state), adding unit tests would prevent regressions and document expected behavior for the swipe+pull interaction.

• [ ] Create src/test/java/com/handmark/pulltorefresh/extras/viewpager/ directory
• [ ] Write PullToRefreshViewPagerTest.java covering: ViewPager scroll state detection, gesture interception with pull-to-refresh, and page boundary conditions
• [ ] Add test dependencies to extras/PullToRefreshViewPager/pom.xml (junit, mockito, robolectric)
• [ ] Run tests with Maven: mvn -pl extras/PullToRefreshViewPager test

Create GitHub Actions CI workflow to validate builds and prevent Android API level incompatibilities

The project uses Maven with android-maven-plugin but has no CI configured (.github/workflows/ missing). This allows broken builds to be committed. A workflow would validate POM configurations, catch deprecated API usage, and ensure the library compiles against current Android SDK versions before merging.

• [ ] Create .github/workflows/android-build.yml with Maven build steps
• [ ] Configure matrix testing for API levels 21+ (modern minimum) to validate library/AndroidManifest.xml and extras/*/AndroidManifest.xml
• [ ] Add lint step to check for deprecated Support Library references in pom.xml files
• [ ] Add step to validate that project.properties files reference compatible SDK versions across library/, extras/PullToRefreshListFragment/, and extras/PullToRefreshViewPager/

• Add unit tests for PullToRefreshListFragment.java using JUnit + Robolectric—currently zero test coverage visible in file structure, critical gap for a library used by production apps.
• Document the over-scroll threshold calculation (appears to be hardcoded in core logic) by adding inline comments and a wiki page explaining how it differs on Android 2.3+ vs earlier versions.
• Create a migration guide (new README-MIGRATION.md) showing how to replace Android-PullToRefresh with AndroidX SwipeRefreshLayout for maintainers of legacy apps, reducing support burden.

This deprecated Android library poses significant security risks due to its unmaintained status and reliance on outdated dependencies. The project uses extremely old support libraries (android-support-v4 r7 from ~2012) that contain known vulnerabilities and receive no updates. The explicit deprecation notice indicates this library should not be used in new projects or production environments. The combination of deprecated status, outdated dependencies, and lack of maintenance creates a critical vulnerability surface. For any Android project currently using this library, immediate migration to actively maintained alternatives (such as AndroidX or modern pull-to-refresh libraries) is strongly recommended.

• High · Deprecated Project Status — README.md, project root. The project is explicitly marked as deprecated in the README ('PLEASE NOTE, THIS PROJECT IS NO LONGER BEING MAINTAINED'). No security updates, bug fixes, or vulnerability patches will be provided. Using deprecated libraries exposes the application to known security vulnerabilities. Fix: Migrate to an actively maintained alternative. Consider using modern Android SwipeRefreshLayout from AndroidX or other maintained pull-to-refresh libraries. Do not use this library in production code.
• High · Outdated Android Support Library — extras/PullToRefreshListFragment/pom.xml, extras/PullToRefreshViewPager/pom.xml. The project depends on 'android-support-v4' version r7, which is extremely outdated (from ~2012). This library contains known security vulnerabilities and lacks modern security features. No longer receives updates from Google. Fix: Update to AndroidX ('androidx.appcompat:appcompat') instead of the deprecated support library. If not possible immediately, consider migrating to a maintained alternative library.
• Medium · Unspecified Google Android Dependency Version — extras/PullToRefreshListFragment/pom.xml. The pom.xml references 'com.google.android:android' without specifying a version, relying on parent POM resolution. This can lead to unpredictable builds and potential inclusion of outdated/vulnerable versions. Fix: Explicitly specify a minimum and maximum version range for the Android dependency in the POM. Pin to a known secure version or consider using AndroidX libraries with explicit versioning.
• Medium · Snapshot Version in Production Dependencies — extras/PullToRefreshListFragment/pom.xml (parent version). The project uses version '2.1.2-SNAPSHOT' in the parent POM, indicating snapshot/development versions. Snapshot versions are unstable and can change without warning, introducing unexpected behavior or vulnerabilities. Fix: Use stable release versions (e.g., 2.1.2) instead of snapshot versions. Only use snapshots in development environments, not for production dependencies.
• Low · Missing License Information in Project Root — Project root. While LICENSE files exist in subdirectories, there is no clear indication of the overall project license in the main README or prominent location. This can create legal/compliance issues for users. Fix: Add a clear LICENSE statement at the top of README.md and ensure all dependencies' licenses are documented and compatible with the project license.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.