If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/elvirbrk/NoteHighlight2016 shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 1y ago

• 4 active contributors
• GPL-2.0 licensed
• Tests present
• ⚠ Stale — last commit 1y ago
• ⚠ Small team — 4 contributors active in recent commits
• ⚠ Single-maintainer risk — top contributor 97% of recent commits
• ⚠ GPL-2.0 is copyleft — check downstream compatibility
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live elvirbrk/NoteHighlight2016 repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/elvirbrk/NoteHighlight2016.

What it runs against: a local clone of elvirbrk/NoteHighlight2016 — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in elvirbrk/NoteHighlight2016 | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 460 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of elvirbrk/NoteHighlight2016. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/elvirbrk/NoteHighlight2016.git
#   cd NoteHighlight2016
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of elvirbrk/NoteHighlight2016 and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "elvirbrk/NoteHighlight2016(\\.git)?\\b" \\
  && ok "origin remote is elvirbrk/NoteHighlight2016" \\
  || miss "origin remote is not elvirbrk/NoteHighlight2016 (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-2.0" \\
  || miss "license drift — was GPL-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "NoteHighlightAddin/AddIn.cs" \\
  && ok "NoteHighlightAddin/AddIn.cs" \\
  || miss "missing critical file: NoteHighlightAddin/AddIn.cs"
test -f "NoteHighlightAddin/MainForm.cs" \\
  && ok "NoteHighlightAddin/MainForm.cs" \\
  || miss "missing critical file: NoteHighlightAddin/MainForm.cs"
test -f "GenerateHighlightContent/GenerateHighLight.cs" \\
  && ok "GenerateHighlightContent/GenerateHighLight.cs" \\
  || miss "missing critical file: GenerateHighlightContent/GenerateHighLight.cs"
test -f "NoteHighlightAddin/highlight/highlight.exe" \\
  && ok "NoteHighlightAddin/highlight/highlight.exe" \\
  || miss "missing critical file: NoteHighlightAddin/highlight/highlight.exe"
test -f "NoteHighlightAddin/HtmlFragment.cs" \\
  && ok "NoteHighlightAddin/HtmlFragment.cs" \\
  || miss "missing critical file: NoteHighlightAddin/HtmlFragment.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 460 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~430d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/elvirbrk/NoteHighlight2016"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

NoteHighlight2016 is a OneNote 2016/O365 add-in that applies syntax highlighting to source code blocks using the Highlight.js library. It allows users to paste or edit code in a popup form, select a language (C#, Java, PHP, SQL, HTML, CSS, JavaScript, XML), and insert beautifully highlighted code directly into OneNote pages with multiple color themes (eclipse, emacs, flashdevelop, jedit, msvs2008, etc.). Three-project .NET solution (NoteHighlight2016.sln): NoteHighlightAddin (main OneNote add-in with MainForm.cs UI and AddIn.cs COM interop), GenerateHighlightContent (batch processor for syntax definitions using Lua-based highlight tool configuration in Lib/ folder with .lang and .theme files), and Helper (shared string/process utilities). AddIn.cs bridges OneNote's object model to the highlighting pipeline.

Developers and technical writers using OneNote 2016 or Office 365 who want to include syntax-highlighted code snippets in their notes without manually formatting or copying from external tools. Both 32-bit and 64-bit Office installations are supported.

Production-ready. The project reached v3.7 with established release binaries (NoteHighlight2016.msi for 64-bit, NoteHighlight2016x86.msi for 32-bit) and active GitHub releases. However, the repo shows modest activity—no visible CI/CD setup in the file list, and the codebase is a mature port of NoteHighlight 2013 rather than an actively innovated project.

Low-to-moderate risk. Single maintainer (elvirbrk) with no visible CI pipeline or automated tests in the file structure. Dependencies are minimal but legacy: reliance on ICSharpCode.TextEditor.dll (a bundled DLL in NoteHighlightAddin/Lib/) and the external Highlight tool (https://gitlab.com/saalen/highlight) create version lock-in. Office add-in APIs are historically fragile across versions.

No recent commit activity visible in the provided file list. The project appears stable post-v3.7 with occasional issue reports for add-in registration problems (referenced Issue #7 in README). The Lua configuration files in GenerateHighlightContent/Lib/ suggest past language/theme extensibility work but no new language additions are evident.

Clone the repo and open NoteHighlight2016.sln in Visual Studio (requires .NET Framework targeting OneNote 2016 COM APIs). Build both NoteHighlightAddin and GenerateHighlightContent projects. For end-users: download and run the appropriate .msi installer from https://github.com/elvirbrk/NoteHighlight2016/releases.

Daily commands: This is not a web app or CLI tool. To test locally: (1) Build NoteHighlight2016.sln in Visual Studio, (2) Register the add-in DLL with OneNote (via regasm or the installer), (3) Launch OneNote 2016, (4) The add-in ribbon should appear with language menu options. Language files are configured in ribbon.xml (set visible='true' to enable).

• NoteHighlightAddin/AddIn.cs — Main OneNote COM add-in entry point; orchestrates all integration with OneNote 2016/O365 and handles menu commands.
• NoteHighlightAddin/MainForm.cs — Primary UI form for the syntax highlighting add-in; manages code editor, language/theme selection, and user interactions.
• GenerateHighlightContent/GenerateHighLight.cs — Core highlighting logic that invokes the highlight.exe engine and transforms syntax-colored output into OneNote-compatible HTML.
• NoteHighlightAddin/highlight/highlight.exe — External syntax highlighter executable (third-party dependency); performs actual code tokenization and coloring for 150+ languages.
• NoteHighlightAddin/HtmlFragment.cs — Converts highlighted HTML into OneNote HTML Fragment format for clipboard/insertion into notes.
• NoteHighlightAddin/Settings.cs — Persists and loads user preferences (theme, language defaults, add-in behavior) between sessions.
• Helper/ProcessHelper.cs — Wraps execution of highlight.exe and handles process communication; critical for invoke-and-capture workflow.

Add Support for a New Programming Language

1. Create or acquire a .lang syntax definition file for the language (e.g., rust.lang) and place it in NoteHighlightAddin/highlight/langDefs/ (NoteHighlightAddin/highlight/langDefs/)
2. Update NoteHighlightAddin/highlight/filetypes.conf to register file extensions → language mapping (NoteHighlightAddin/highlight/filetypes.conf)
3. Optionally add a 24×24 PNG icon in NoteHighlightAddin/Resources/ and reference in MainForm.Designer.cs (NoteHighlightAddin/Resources/)
4. Rebuild NoteHighlightAddin.csproj; highlight.exe will auto-detect the new .lang file at runtime (NoteHighlightAddin/NoteHighlightAddin.csproj)

Add a New Color Theme

1. Create a .theme file with CSS-like color definitions and place it in NoteHighlightAddin/highlight/ (or GenerateHighlightContent/Lib/) (GenerateHighlightContent/Lib/)
2. In MainForm.Designer.cs, add the theme name to the theme dropdown ComboBox (or load dynamically from directory) (NoteHighlightAddin/MainForm.Designer.cs)
3. Rebuild; highlight.exe will use the theme file when invoked via GenerateHighLight.cs with --style=themename (GenerateHighlightContent/GenerateHighLight.cs)

Modify Highlight.exe Invocation or Output Post-Processing

1. Edit GenerateHighLight.cs ProcessHighlight() method to change command-line arguments passed to highlight.exe (e.g., add --font-size, --line-numbers) (GenerateHighlightContent/GenerateHighLight.cs)
2. If output HTML parsing changes, update HtmlFragment.cs to adapt the transformation logic (e.g., custom CSS class mapping) (NoteHighlightAddin/HtmlFragment.cs)
3. Test in MainForm.cs by entering sample code and clicking 'Highlight' button; preview in the RichTextBox (NoteHighlightAddin/MainForm.cs)

Add a New Settings Option

1. Add a new property to NoteHighlightAddin/Properties/Settings.settings (Visual Studio designer or XML edit) (NoteHighlightAddin/Properties/Settings.settings)
2. Add corresponding UI control (TextBox, CheckBox, etc.) to SettingsForm.Designer.cs (NoteHighlightAddin/SettingsForm.Designer.cs)
3. In SettingsForm.cs, bind the control to the property in Load() and Save() methods (NoteHighlightAddin/SettingsForm.cs)
4. Access the setting in MainForm.cs or AddIn.cs via Properties.Settings.Default.[PropertyName] (NoteHighlightAddin/Settings.cs)

• C# / .NET Framework — OneNote 2016 COM add-in model requires .NET; industry-standard for Office integrations.
• highlight.exe (External Binary) — Battle-tested, language-agnostic syntax highlighter supporting 150+ languages; avoids reimplementing lexers.
• WinForms (MainForm, SettingsForm) — Lightweight, proven UI toolkit for Office add-ins; simpler than WPF for modal dialogs.
• ICSharpCode.TextEditor Component — Provides code preview/syntax highlighting in the editor dialog before insertion.
• COM Interop (OneNote Object Model) — Only standard API for OneNote 2016 scripting; required for ribbon integration and note insertion.

• External highlight.exe vs. embedded lexer library

  • Why: Avoid maintaining 150+ language grammar definitions; leverage existing open-source tool.
  • Consequence: Adds runtime process spawning (~100–500ms per highlight); requires bundling binary; process stderr capture required.

• WinForms modal dialog (MainForm) vs. inline OneNote ribbon controls

  • Why: Richer editing UX, copy/preview before insertion, cleaner separation of concerns.
  • Consequence: Extra click-through; code must be copy–pasted into dialog (not direct selection in page).

• HTML Fragment format for OneNote insertion

  • Why: OneNote clipboard API only accepts HTML fragments; preserves formatting across paste.
  • Consequence: Must transform highlight.exe HTML output to OneNote-specific HTML schema; color fidelity dependent on theme.

• Persistent theme/language settings in app.config via Settings Designer

  • Why: Simple, Windows-native registry/config-file storage; no external DB required.
  • Consequence: Per-user settings only; no cloud sync; must be backed up manually if config lost.

• Real-time syntax highlighting as user types (feature is batch: paste → highlight → insert)
• Support for OneNote Online or OneNote for Mac (COM add-in model is Windows-only)
• Custom language grammar editor (users must provide or find .lang files externally)
• Integration with Git/version control (standalone utility, not VCS-aware)
• Network/remote code execution (all processing is local; no cloud service calls)

OneNote COM API version targeting: the add-in must match the installed Office version (32-bit vs 64-bit DLL registration). Ribbon.xml changes require OneNote restart to take effect (not live reload). The bundled ICSharpCode.TextEditor.dll is legacy and not version-controlled externally—if updated, DLL must be manually replaced in NoteHighlightAddin/Lib/. Highlight tool (external dependency) must be in PATH or bundled at runtime; no explicit version pinning visible.

• COM Interop (Component Object Model) — OneNote 2016 exposes its document model only through COM interfaces; understanding CCOMStreamWrapper.cs and Office.Interop.OneNote namespace is essential to manipulate OneNote pages programmatically.
• Office Open XML (OneNote Schema) — HtmlFragment.cs must convert syntax-highlighted code into OneNote's proprietary XML dialect for proper rendering; raw HTML will not render correctly in OneNote.
• WinForms Modal Dialog Patterns — MainForm.cs uses blocking modal dialogs (ShowDialog) to collect user input for code/language selection; understanding DialogResult and modal UI state is key to extending the input flow.
• Clipboard Stream Marshalling (IStream) — CCOMStreamWrapper bridges unmanaged COM IStream (clipboard data) with managed .NET, a low-level interop pattern critical to moving highlighted code between the add-in and OneNote.
• Ribbon XML Configuration (Office UI) — The add-in menu structure is declared in ribbon.xml using Microsoft's Ribbon markup language; modifying language/theme visibility or adding menu items requires editing this declarative format.
• Assembly Strong Naming & DLL Registration (regasm) — Both projects use .snk files (HighlightContent.snk, Helper.snk) for strong naming; regasm is required to register the COM-visible DLL with the Windows registry so OneNote can load it.
• External Tool Invocation (Process Wrapper) — GenerateHighLight.cs invokes the external Highlight binary as a subprocess (likely via ProcessHelper.cs); understanding stdout capture and error handling for spawned processes is critical to the highlighting pipeline.

• OneNoteDev/VanillaAddIn — Official Microsoft OneNote add-in sample that NoteHighlight2016 builds upon; provides COM interop patterns and ribbon XML examples for OneNote 2016.
• saalen/highlight — External Lua-based syntax highlighting engine (https://gitlab.com/saalen/highlight) that powers the actual code-to-HTML conversion; NoteHighlight2016 wraps and invokes this tool.
• PrismJS/prism — Alternative lightweight client-side syntax highlighter (JavaScript-based); relevant if someone wanted to rewrite NoteHighlight as a web-based solution or replace Highlight.js dependency.
• highlightjs/highlight.js — Popular JavaScript syntax highlighting library often used in web contexts; the Highlight tool (used here) is a different C++-based engine but serves similar purpose.
• elvirbrk/NoteHighlight2013 — Predecessor version for OneNote 2013; this repo is a direct port updating the add-in model to OneNote 2016/O365 COM APIs and newer Visual Studio project structure.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add GitHub Actions CI/CD workflow for building and testing both 32-bit and 64-bit assemblies

The repo supports both 32-bit and 64-bit OneNote 2016, but there's no automated build verification. Currently, contributors must manually build NoteHighlight2016.sln with different platform configurations. A CI workflow would catch platform-specific build failures, verify both GenerateHighlightContent and NoteHighlightAddin projects compile correctly, and validate the .snk signing keys work properly.

• [ ] Create .github/workflows/dotnet-build.yml with matrix strategy for x86 and x64 platform builds
• [ ] Verify GenerateHighlightContent.csproj and NoteHighlightAddin.csproj compile without errors
• [ ] Test that HighlightContent.snk and Helper.snk signing keys are properly used during build
• [ ] Add build badges to README.md showing build status for both platforms

Create unit tests for GenerateHighLight.cs and HighLightSection.cs core syntax highlighting logic

The GenerateHighlightContent project contains critical syntax highlighting generation logic but has no test coverage. The IGenerateHighLight interface and implementations handle language detection, theme application, and HTML fragment generation—all error-prone operations that need regression tests. Tests would validate correctness when adding new language support or themes.

• [ ] Create GenerateHighlightContent/Tests project with xUnit or NUnit framework
• [ ] Write tests for GenerateHighLight.cs covering language detection for csharp.lang, java.lang, php.lang, etc.
• [ ] Write tests for HighLightSection.cs verifying correct theme file loading (bclear.theme, bright.theme, edit-msvs2008.theme)
• [ ] Add test coverage for HTML fragment generation to prevent encoding/syntax issues

Add comprehensive inline documentation to NoteHighlightAddin/AddIn.cs and MainForm.cs OneNote integration code

The core OneNote COM interop and UI logic in AddIn.cs (OneNote event handlers) and MainForm.cs (user interaction) lacks XML documentation comments. These files interact with OneNote's complex object model and Windows Forms dialogs, making them difficult for new contributors to understand. Adding proper documentation would reduce onboarding friction and help maintainers review COM interop edge cases.

• [ ] Add XML documentation to all public methods in NoteHighlightAddin/AddIn.cs, especially OneNote event handlers
• [ ] Document the purpose and parameters of MainForm.cs methods, particularly syntax highlighting application logic
• [ ] Add comments explaining the HtmlFragment.cs encoding strategy for OneNote XML compatibility
• [ ] Document the highlight/filetypes.conf configuration format and how it integrates with language detection

• Add unit tests for GenerateHighLight.cs syntax processing pipeline—currently no test projects exist in the solution; tests would catch regressions when updating Highlight tool versions or adding new languages.
• Document the ribbon.xml configuration format and add a UI preference pane in MainForm.cs to toggle language/theme visibility without manual XML editing—many users hit Issue #7 'Not showing after install' due to unclear ribbon setup.
• Create a script in Helper/ or at solution root to auto-extract and register Highlight tool binary during build—currently the external dependency is implicit and may fail silently if missing from PATH.

• High · External Executable Dependency - highlight.exe — NoteHighlightAddin/highlight/highlight.exe. The codebase includes and executes highlight.exe, an external executable binary stored in the repository. This poses significant security risks: (1) Supply chain vulnerability - the binary could be compromised, (2) No version pinning or integrity verification visible, (3) Executing external binaries without proper validation and sandboxing. The file is located at NoteHighlightAddin/highlight/highlight.exe. Fix: Replace with a managed library or validate binary integrity via cryptographic signatures (SHA-256 hashing). If external execution is necessary, implement sandboxing, restrict file system access, and establish secure update mechanisms. Consider using NuGet packages instead of bundled executables.
• High · Potential Code Injection via Language Definition Files — GenerateHighlightContent/GenerateHighLight.cs, NoteHighlightAddin/highlight/langDefs/. The application processes language definition files (.lang) and theme files (.theme) from both bundled locations (GenerateHighlightContent/Lib and NoteHighlightAddin/highlight/langDefs). If these files are parsed without proper sanitization and used to generate code or HTML content, they could be exploited for injection attacks. The GenerateHighLight.cs file appears to parse these files. Fix: Implement strict parsing with whitelisting of allowed syntax elements. Use a formal grammar parser rather than string manipulation. Validate all theme and language definition files before processing. Implement code review process for bundled definition files.
• Medium · Missing Input Validation in Helper Classes — Helper/StringExtension.cs, Helper/ProcessHelper.cs. Helper/StringExtension.cs and Helper/ProcessHelper.cs are utility classes that may be used throughout the codebase for string processing and process execution. Without visible validation logic, these could be vectors for injection attacks if user input is passed through them without sanitization. Fix: Implement comprehensive input validation and sanitization in all helper methods. Use parameterized approaches for any process execution. Add logging and error handling for suspicious inputs.
• Medium · Potential Path Traversal in File Processing — GenerateHighlightContent/GenerateHighLight.cs, NoteHighlightAddin/MainForm.cs. The application processes language definition files and themes from multiple directories. If file paths are constructed from user input or external data without proper validation, path traversal attacks could access unintended files on the system. Fix: Use Path.GetFullPath() and validate against a whitelist of allowed directories. Never concatenate user input directly with file paths. Implement strict path canonicalization.
• Medium · OneNote COM Interop Security Concerns — NoteHighlightAddin/AddIn.cs, NoteHighlightAddin/CCOMStreamWrapper.cs. The codebase interacts with OneNote through COM interop (NoteHighlightAddin/AddIn.cs). COM interop can be a security boundary issue. Additionally, CCOMStreamWrapper.cs wraps COM streams which could have memory safety issues if not properly managed. Fix: Implement proper error handling and resource cleanup (using statements). Validate all data received from COM objects. Consider running with minimal required privileges. Implement comprehensive exception handling for COM calls.
• Medium · Strong Name Key Stored in Repository — GenerateHighlightContent/HighlightContent.snk, Helper/Helper.snk. Strong name signing keys (.snk files) are present in the repository (GenerateHighlightContent/HighlightContent.snk, Helper/Helper.snk). While these are typically not secrets like API keys, best practice is to store them securely outside the repository. Fix: Move .snk files to a secure key management system. Store references in the codebase instead of actual keys. Use Azure Key Vault or similar solutions for sensitive cryptographic materials. Add .snk to .gitignore.
• Low · Incomplete License Attribution — NoteHighlightAddin/highlight/COPYING, License.md. The highlight directory includes a COPYING file, indicating use of external libraries (highlight.exe). The repository root contains License.md, but it's unclear if all third-party licenses are properly documented and attributed. Fix: Maintain a comprehensive LICENSES.txt or THIRD_PARTY_LICENSES.md file documenting all dependencies,

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.