If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/davemorrissey/subsampling-scale-image-view shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 2y ago

• 8 active contributors
• Apache-2.0 licensed
• Tests present
• ⚠ Stale — last commit 2y ago
• ⚠ Single-maintainer risk — top contributor 86% of recent commits
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live davemorrissey/subsampling-scale-image-view repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/davemorrissey/subsampling-scale-image-view.

What it runs against: a local clone of davemorrissey/subsampling-scale-image-view — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in davemorrissey/subsampling-scale-image-view | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 776 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of davemorrissey/subsampling-scale-image-view. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/davemorrissey/subsampling-scale-image-view.git
#   cd subsampling-scale-image-view
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of davemorrissey/subsampling-scale-image-view and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "davemorrissey/subsampling-scale-image-view(\\.git)?\\b" \\
  && ok "origin remote is davemorrissey/subsampling-scale-image-view" \\
  || miss "origin remote is not davemorrissey/subsampling-scale-image-view (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java" \\
  && ok "library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java" \\
  || miss "missing critical file: library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java"
test -f "library/src/main/java/com/davemorrissey/labs/subscaleview/ImageSource.java" \\
  && ok "library/src/main/java/com/davemorrissey/labs/subscaleview/ImageSource.java" \\
  || miss "missing critical file: library/src/main/java/com/davemorrissey/labs/subscaleview/ImageSource.java"
test -f "library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/ImageRegionDecoder.java" \\
  && ok "library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/ImageRegionDecoder.java" \\
  || miss "missing critical file: library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/ImageRegionDecoder.java"
test -f "library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/SkiaImageRegionDecoder.java" \\
  && ok "library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/SkiaImageRegionDecoder.java" \\
  || miss "missing critical file: library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/SkiaImageRegionDecoder.java"
test -f "library/src/main/java/com/davemorrissey/labs/subscaleview/ImageViewState.java" \\
  && ok "library/src/main/java/com/davemorrissey/labs/subscaleview/ImageViewState.java" \\
  || miss "missing critical file: library/src/main/java/com/davemorrissey/labs/subscaleview/ImageViewState.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 776 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~746d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/davemorrissey/subsampling-scale-image-view"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

SubsamplingScaleImageView is an Android custom View (AAR library) that displays massive images (maps, building plans, high-res photos) without OutOfMemoryError by using intelligent subsampling and tile-based loading. It loads a low-resolution base layer and overlays high-resolution tiles only for the visible zoom region, enabling pinch-to-zoom, panning, rotation, and animation on gigapixel images while keeping memory footprint minimal. Simple single-module Android library: core View logic in com/davemorrissey/labs/subscaleview/ (SubsamplingScaleImageView.java likely in src/main/java/), pluggable decoder implementations in the decoder/ subpackage (SkiaImageDecoder, SkiaPooledImageRegionDecoder, SkiaImageRegionDecoder), and a Gradle-based build with docs/ containing JavaDoc output and issue templates.

Android developers building photo galleries, map viewers, and document viewers who need to display images larger than device memory can hold. Users include gallery app developers, real estate apps showing building plans, and mapping applications.

This is a mature, production-ready library. It has comprehensive JavaDoc in docs/javadoc/, is actively maintained (evidenced by migration guides for versions 3.9.0, 3.8.0, and 3.0.0), and includes a sample app published on Google Play. The stable state and detailed documentation indicate it's battle-tested in real applications.

Standard open source risks apply.

The repo appears to be in maintenance mode rather than active development—visible artifacts include a Kotlin sample app linked in the README (ssiv-kotlin-sample), migration guides documenting breaking changes, and docs for advanced features like animation and extension. No recent commit activity is visible in the provided file list.

git clone https://github.com/davemorrissey/subsampling-scale-image-view.git && cd subsampling-scale-image-view && ./gradlew build

Daily commands: This is a library (AAR), not a runnable app. Use gradlew build to compile. The linked Kotlin sample app (github.com/davemorrissey/ssiv-kotlin-sample) is the runnable demo. In your own Android project, add the AAR as a dependency and instantiate SubsamplingScaleImageView in your layout XML or code.

• library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java — Core view class implementing the entire zoom, pan, tiling, and event handling logic—the foundation of the library.
• library/src/main/java/com/davemorrissey/labs/subscaleview/ImageSource.java — Configuration object that defines image sources (file, URI, bitmap, etc.) and how they should be loaded; essential for understanding image loading pipeline.
• library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/ImageRegionDecoder.java — Interface for region-based image decoding that enables efficient subsampling and tile loading; critical for large image support.
• library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/SkiaImageRegionDecoder.java — Default ImageRegionDecoder implementation using Skia; handles the actual tile extraction from large images.
• library/src/main/java/com/davemorrissey/labs/subscaleview/ImageViewState.java — State model encapsulating zoom level, pan position, rotation, and image dimensions; needed to understand gesture-to-view mapping.
• library/src/main/res/values/attrs.xml — XML attribute definitions for view customization; defines all configurable properties exposed to layout files.
• library/build.gradle — Library build configuration specifying Android version compatibility, dependencies, and artifact publishing setup.

Add a Custom Decoder (e.g., WebP support)

1. Implement the ImageDecoder interface or extend SkiaImageDecoder for full-image decoding. (library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/ImageDecoder.java)
2. Implement the ImageRegionDecoder interface for tile/region extraction support. (library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/ImageRegionDecoder.java)
3. Create a custom DecoderFactory that instantiates your decoders; return it from getDecoderFactory(). (library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/DecoderFactory.java)
4. Call setDecoderFactory(yourFactory) on SubsamplingScaleImageView before loading an image. (library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java)

Add Touch Overlay Detection (e.g., detect taps on drawn shapes)

1. Subclass SubsamplingScaleImageView and override onTouchEvent() or implement OnStateChangedListener. (library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java)
2. Override onDraw() to paint your custom overlays using the provided Canvas and view state transforms. (library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java)
3. Convert touch coordinates to image coordinates using getMaxScale() and state calculations; test hit detection. (sample/src/main/java/com/davemorrissey/labs/subscaleview/test/eventhandlingadvanced/AdvancedEventHandlingActivity.java)

Customize Image Loading (e.g., load from network with caching)

1. Create an ImageSource with custom configuration; use setUri() for network URIs or custom schemes. (library/src/main/java/com/davemorrissey/labs/subscaleview/ImageSource.java)
2. Optionally provide a custom DecoderFactory that caches decoded tiles or uses a network layer. (library/src/main/java/com/davemorrissey/labs/subscaleview/decoder/DecoderFactory.java)
3. Call view.setImage(imageSource) and listen for OnImageEventListener callbacks (onReady, onError). (library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java)

Add Custom Gesture (e.g., long-press to reveal full resolution)

1. Implement OnStateChangedListener or GestureDetector to detect your custom gesture. (library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java)
2. Use AnimationBuilder (from setScaleAndCenter() or animateScaleAndCenter()) to animate zoom/pan transitions. (library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java)
3. Store animation state in ImageViewState and override onDraw() to render state-dependent overlays if needed. (library/src/main/java/com/davemorrissey/labs/subscaleview/ImageViewState.java)

• Android View (not Compose) — Library predates Jetpack Compose; optimized for direct Canvas drawing and low-level touch event control needed for smooth gesture handling.
• BitmapRegionDecoder (Skia) — Native Android API for decoding arbitrary rectangular regions of images at scale; avoids decoding entire large image into memory.
• Matrix transformations — Efficient coordinate translation between screen, view, and image space; required for pinch-zoom, pan, rotation, and overlay hit detection.
• Object pooling (SkiaPooledImageRegionDecoder) — Reduces garbage collection pauses during rapid tile loading when user zooms aggressively; critical for smooth 60fps performance.
• Gradle AAR (Android Archive) — Standard Android library distribution format; easily included in other projects as a dependency.

• Monolithic SubsamplingScaleImage
  • Why: undefined
  • Consequence: undefined

No visible test files in the top-60 structure—test location (testSrc/ vs androidTest/?) must be verified. EXIF rotation is mentioned as automatic for file system images but requires android.media.ExifInterface permissions and handling; verify rotation behavior doesn't break on certain device/API combinations. Tiling strategy requires careful configuration to avoid excessive tile requests during fast pan/zoom—see Advanced configuration wiki. No CI/CD config visible, so local testing and manual vetting are critical before release. Breaking changes between major versions (3.x → 3.8 → 3.9) suggest API surface is not stable; always check migration guides before updating.

• Image Subsampling & Tiling — Core strategy of this library—instead of loading the full image into memory, subsampling loads a low-res base layer and tiles fetch high-res regions on-demand as you zoom; understanding this is essential to using and extending the library correctly
• EXIF Orientation Metadata — The library auto-rotates images loaded from filesystem based on EXIF data (camera orientation); critical to know for handling photo gallery use cases where camera images are often rotated 90°/180°
• Region Decoding (Partial Bitmap Loading) — ImageRegionDecoder interface allows loading only a rectangular region of an image file; this is the low-level mechanism enabling tile-based subsampling without full decompression
• Pinch-to-Zoom Gesture Detection — The View implements ScaleGestureDetector and GestureDetector; understanding how multi-touch pinch is distinguished from pan is key to modifying gesture behavior or adding custom overlays
• Memory-Mapped Image Decoders — SkiaPooledImageRegionDecoder pools decoder instances to avoid repeated allocation overhead; understanding decoder lifecycle and pooling is important for performance tuning and custom decoder implementations
• Android View Lifecycle & onDraw() — SubsamplingScaleImageView is a custom View; all rendering happens in onDraw(Canvas) and lifecycle is tied to Activity/Fragment—essential to understand for animation and state management
• Listener/Observer Pattern (Event Callbacks) — The library uses OnImageEventListener, OnAnimationEventListener, and OnStateChangedListener interfaces to decouple View logic from app logic; understanding this pattern is crucial for event-driven app design

• chrisbanes/PhotoView — Alternative pinch-to-zoom ImageView for Android; similar use case but no tiling/subsampling for huge images
• davemorrissey/ssiv-kotlin-sample — Official Kotlin sample app using SubsamplingScaleImageView; runnable reference implementation for integrating the library
• mapbox/mapbox-gl-native — Production tile-based map renderer for Android; uses similar subsampling + region decoding patterns for map visualization at scale
• geekythegenius/PinchImageViewAndroid — Another pinch-zoom library; lacks tiling but shows alternative approaches to gesture handling and animation in Android Views
• android/android-architecture-samples — Google's reference architecture samples; helpful for understanding modern Android patterns and testing strategies the SubsamplingScaleImageView library could adopt

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for ImageSource.java and ImageViewState.java

The repo has comprehensive JavaDoc but no visible test directory structure. ImageSource and ImageViewState are core data classes that handle image configuration and view state management. Adding unit tests would improve reliability for state transitions, image source validation, and edge cases (null sources, invalid dimensions, etc.). This is critical for a library handling large image processing.

• [ ] Create library/src/test/java directory structure matching library/src/main/java
• [ ] Add unit tests for ImageSource.java covering all constructors, getters, and edge cases (file vs asset vs URI sources)
• [ ] Add unit tests for ImageViewState.java covering state initialization, scale calculations, and boundary conditions
• [ ] Configure test dependencies in library/build.gradle (JUnit 4, Mockito)
• [ ] Verify tests run via ./gradlew test

Add instrumented Android tests for SubsamplingScaleImageView gesture detection

The main view class (library/src/main/java/com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java) handles complex touch interactions (pinch-to-zoom, panning, rotation) but there are no visible instrumented tests. Android instrumented tests would validate gesture recognition, animation callbacks (OnAnimationEventListener, OnImageEventListener), and edge cases without manual QA.

• [ ] Create library/src/androidTest/java directory structure
• [ ] Add instrumented test class for pinch-to-zoom gesture simulation using MotionEvent
• [ ] Add instrumented test class for pan and rotation gestures
• [ ] Add test coverage for animation callbacks and state change listeners (DefaultOnAnimationEventListener, DefaultOnStateChangedListener)
• [ ] Configure androidTestImplementation dependencies in library/build.gradle (androidx.test, Espresso)
• [ ] Verify tests run via ./gradlew connectedAndroidTest

Add GitHub Actions CI workflow for automated testing and library build verification

The repo has Gradle Wrapper configured but no CI/CD pipeline visible. A GitHub Actions workflow would automatically build the AAR library, run unit and instrumented tests on pull requests, and verify JavaDoc generation. This prevents regressions and ensures contributors validate against the full test suite before merging.

• [ ] Create .github/workflows/android-ci.yml with matrix testing across multiple API levels (minSdk 19+)
• [ ] Configure workflow to run ./gradlew build to compile library/build.gradle
• [ ] Add step to run ./gradlew test for unit tests
• [ ] Add step to run ./gradlew connectedAndroidTest using emulator (API 29, 31, 33)
• [ ] Add javadoc generation verification step (./gradlew javadoc)
• [ ] Configure workflow triggers for pull requests and pushes to main branch

• Add unit tests for ImageSource.java and ImageViewState.java (visible in JavaDoc but missing from top-60 file list)—these foundational model classes would benefit from @Test coverage for edge cases like null resources, invalid coordinates, and state transitions
• Document the decoder factory pattern in a Wiki page with code examples; README mentions CompatDecoderFactory and custom decoders but the actual Factory interface usage is not shown—a beginner-friendly example (e.g., adding WebP support via a custom decoder) would reduce friction
• Add Android 12+ compatibility notes; the library handles EXIF rotation and file system access but no docs mention scoped storage (MANAGE_EXTERNAL_STORAGE) or runtime permissions—create a guide for modern Android versions

The codebase has moderate security concerns primarily related to build infrastructure and dependency management. The most critical issue is the use of an outdated Gradle build plugin (4.1.1 from 2020) which lacks modern security features and contains known vulnerabilities. The inclusion of the deprecated jcenter() repository further increases risk exposure. The project lacks explicit dependency version pinning and dependency verification mechanisms. For a library that handles image data and file I/O operations, these build-time security issues should be addressed promptly. The core source code structure appears reasonable with no obvious injection vulnerabilities in the visible file structure, but comprehensive code review would be needed for complete assessment.

• High · Outdated Gradle Build Plugin — build.gradle - classpath 'com.android.tools.build:gradle:4.1.1'. The project uses Gradle plugin version 4.1.1 (from 2020), which is significantly outdated. This version contains multiple known security vulnerabilities and lacks modern security features, dependency verification mechanisms, and build security improvements available in current versions. Fix: Update to the latest stable version of the Android Gradle Plugin (currently 8.x+). Run 'gradle wrapper --gradle-version <latest-version>' to update the wrapper and build.gradle dependencies.
• High · Deprecated Repository - jcenter() — build.gradle - repositories section includes jcenter(). The build configuration includes jcenter() repository which has been officially deprecated and shut down by JFrog in 2021. This repository is no longer maintained and can pose security risks as it no longer receives security updates or maintenance. Fix: Remove jcenter() from the repositories block. Rely on mavenCentral() and google() repositories which are actively maintained and secure.
• Medium · Missing Dependency Version Pinning — build.gradle - library/build.gradle and sample/build.gradle (not fully visible). The build.gradle file does not show explicit version constraints for dependencies. Using unpinned dependencies can lead to unexpected version upgrades that may introduce vulnerabilities or breaking changes without explicit review. Fix: Explicitly pin all dependency versions in build.gradle files. Use constraint layouts for transitive dependencies. Consider using a dependencyManagement section or a versions.gradle file for centralized version management.
• Medium · No Dependency Verification — build.gradle configuration. The Gradle configuration lacks dependency verification settings. This allows potential man-in-the-middle attacks or compromised dependencies to be used without detection. Fix: Implement Gradle's dependency verification feature by running 'gradle --write-verification-metadata sha256' and committing the generated verification metadata file to enforce checksum verification of all dependencies.
• Low · ProGuard Configuration Present — library/proguard-rules.txt. While ProGuard rules exist (library/proguard-rules.txt), there is no visibility into their content. Misconfigured ProGuard rules could expose sensitive code or break security-critical functionality. Fix: Review the ProGuard configuration to ensure: 1) Security-sensitive classes are not kept with verbose naming, 2) Exception handlers are properly configured, 3) Cryptographic implementations are protected, 4) Keep rules follow the principle of least privilege.
• Low · Missing Security Policy Documentation — Repository root. No SECURITY.md or security policy file is present in the repository root. This makes it difficult for security researchers to report vulnerabilities responsibly. Fix: Create a SECURITY.md file that includes: 1) Instructions for reporting vulnerabilities, 2) Responsible disclosure timeline, 3) Security contact information, 4) Any security guarantees or SLAs.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.