If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/facebookarchive/rebound shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 7y ago

• 10 active contributors
• Other licensed
• CI configured
• Tests present
• ⚠ Stale — last commit 7y ago
• ⚠ Single-maintainer risk — top contributor 88% of recent commits
• ⚠ Non-standard license (Other) — review terms

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live facebookarchive/rebound repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/facebookarchive/rebound.

What it runs against: a local clone of facebookarchive/rebound — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in facebookarchive/rebound | Confirms the artifact applies here, not a fork | | 2 | License is still Other | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 2629 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of facebookarchive/rebound. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/facebookarchive/rebound.git
#   cd rebound
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of facebookarchive/rebound and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "facebookarchive/rebound(\\.git)?\\b" \\
  && ok "origin remote is facebookarchive/rebound" \\
  || miss "origin remote is not facebookarchive/rebound (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Other)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Other\"" package.json 2>/dev/null) \\
  && ok "license is Other" \\
  || miss "license drift — was Other at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "rebound-core/src/main/java/com/facebook/rebound/Spring.java" \\
  && ok "rebound-core/src/main/java/com/facebook/rebound/Spring.java" \\
  || miss "missing critical file: rebound-core/src/main/java/com/facebook/rebound/Spring.java"
test -f "rebound-core/src/main/java/com/facebook/rebound/SpringSystem.java" \\
  && ok "rebound-core/src/main/java/com/facebook/rebound/SpringSystem.java" \\
  || miss "missing critical file: rebound-core/src/main/java/com/facebook/rebound/SpringSystem.java"
test -f "rebound-android/src/main/java/com/facebook/rebound/android/SpringConfiguratorView.java" \\
  && ok "rebound-android/src/main/java/com/facebook/rebound/android/SpringConfiguratorView.java" \\
  || miss "missing critical file: rebound-android/src/main/java/com/facebook/rebound/android/SpringConfiguratorView.java"
test -f "build.gradle" \\
  && ok "build.gradle" \\
  || miss "missing critical file: build.gradle"
test -f "README.md" \\
  && ok "README.md" \\
  || miss "missing critical file: README.md"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 2629 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~2599d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/facebookarchive/rebound"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Rebound is a Java library that models spring dynamics to create physics-based animations in Android and web applications. It simulates real-world spring behavior (mass, tension, friction) to drive UI animations that feel natural and bouncy, replacing rigid timing-based animations with mathematically accurate spring oscillation. Modular Maven/Gradle structure: core physics engine lives in rebound-core/src/main/java/ (language-agnostic spring solver), Android-specific bindings in rebound-android/src/main/java/, and two example apps (rebound-android-example and rebound-android-playground) demonstrate usage. Build pipeline uses Gradle to assemble a distributable JAR (reboundDistJar task) plus Javadoc and sources JARs.

Android developers and UI engineers building apps that need fluid, natural-feeling animations (pull-to-refresh, toggle switches, pagers, scrollers). Teams at Facebook and others using springy motion in their apps without implementing custom physics engines.

This is a mature, production-ready library archived by Facebook as of the repository status. It has comprehensive examples (rebound-android-example/, rebound-android-playground/), proper Gradle/Maven build infrastructure, Travis CI setup, and was actively maintained through the mid-2010s. However, it is no longer actively developed—the codebase is stable but unmaintained.

Primary risk is abandonment: Facebook archived this repo, so there will be no security patches, Android API level updates, or bug fixes for modern Android versions (targetSdkVersion is pinned to older levels). Dependency footprint is minimal (no external dependencies visible in build.gradle), reducing supply-chain risk, but compatibility with Android 10+ may degrade. Single-maintainer library with no visible community fork.

No active development—this is an archived repository. The file structure and build configuration reflect a snapshot from ~2014-2015 (Gradle 1.2.3, Android tools 1.2.3, minSdkVersion 11). No indication of recent commits, open PRs, or ongoing work.

Clone and build: git clone https://github.com/facebookarchive/rebound.git && cd rebound && ./gradlew build. To run the Android example: ./gradlew rebound-android-example:installDebug (requires Android SDK with compileSdkVersion matching gradle.properties). Java-only use: add the JAR from the build output to your classpath.

Daily commands: To build the release JAR: ./gradlew reboundDistJar. To run tests (if any exist in rebound-core): ./gradlew test. To run the example app on a connected device or emulator: ./gradlew rebound-android-example:installDebug && adb shell am start -n com.facebook.rebound.example/.MainActivity. IDE: import as Gradle project in Android Studio.

• rebound-core/src/main/java/com/facebook/rebound/Spring.java — Core spring physics model; all animation logic depends on understanding this class's integration and force calculations.
• rebound-core/src/main/java/com/facebook/rebound/SpringSystem.java — Central orchestrator that manages spring lifecycle, animation loop, and frame timing; required to understand how animations are driven.
• rebound-android/src/main/java/com/facebook/rebound/android/SpringConfiguratorView.java — Android integration layer that bridges spring models to UI rendering; essential for understanding how physics translates to visual updates.
• build.gradle — Defines library build configuration, Android SDK versions, and source set organization; necessary for building and modifying the project structure.
• README.md — High-level project overview explaining library purpose, scope, and links to documentation; required for understanding what this library does and does not do.

• Spring (Java numerics, physics equations) — Models a single spring: maintains position, velocity, target end-value; applies Hooke's law (F = -kx) and friction damping; advances state via RK4 integration.
  • Failure mode: Incorrect integration (numerical instability) → oscillations never settle or collapse; misconfigured tension/friction → unrealistic feel
• SpringSystem (Android Choreographer API) — Owns collection of springs; orchestrates frame-by-frame lifecycle; registers with Android Choreographer to receive vsync callbacks.

Add a new spring animation to an Android view

1. Create a new Example class in rebound-android-playground/src/main/java/com/facebook/rebound/playground/examples/ (rebound-android-playground/src/main/java/com/facebook/rebound/playground/examples/NewAnimationExample.java)
2. Extend ExampleContainerView and override createView() to set up your layout (rebound-android-playground/src/main/java/com/facebook/rebound/playground/app/ExampleContainerView.java)
3. Instantiate a SpringSystem and create Spring objects targeting view properties (translation, scale, alpha) (rebound-core/src/main/java/com/facebook/rebound/SpringSystem.java)
4. Attach a SpringListener to update view state on each spring frame: view.setTranslationX(value) (rebound-core/src/main/java/com/facebook/rebound/Spring.java)
5. Register the new example in PlaygroundActivity to make it selectable in the playground app (rebound-android-playground/src/main/java/com/facebook/rebound/playground/app/PlaygroundActivity.java)

Create a reusable spring-driven component

1. Create a custom View subclass in rebound-android/src/main/java/ that owns a SpringSystem (rebound-android/src/main/java/com/facebook/rebound/android/SpringConfiguratorView.java)
2. Define Spring objects in the constructor or onAttachedToWindow() to ensure the view hierarchy is ready (rebound-core/src/main/java/com/facebook/rebound/Spring.java)
3. Implement SpringListener.onSpringUpdate() to modify view properties in response to spring values (rebound-core/src/main/java/com/facebook/rebound/SpringSystem.java)
4. Expose public methods to trigger spring animations (e.g., animateTo(), setTension(), setFriction()) (rebound-core/src/main/java/com/facebook/rebound/Spring.java)

Tune spring dynamics for a specific feel

1. Use SpringConfiguratorView in your app or debug code to interactively adjust tension and friction (rebound-android/src/main/java/com/facebook/rebound/android/SpringConfiguratorView.java)
2. Inspect Spring.setSpringConfig() and SpringConfig constants to understand how tension/friction affect oscillation (rebound-core/src/main/java/com/facebook/rebound/SpringConfig.java)
3. Set your tuned config on springs: spring.setSpringConfig(SpringConfig.fromOrigamiTensionAndFriction(50, 5)) (rebound-core/src/main/java/com/facebook/rebound/Spring.java)
4. Test in your app and iterate; reference examples like BallExample or SpringChainExample for reference configs (rebound-android-playground/src/main/java/com/facebook/rebound/playground/examples/BallExample.java)

• Java + Android SDK — Rebound is built for Android apps; Java provides platform portability and leverages native Android lifecycle/View system.
• Gradle + Buck — Gradle is standard for Android libraries; Buck is Facebook's internal build tool used at the time for fast incremental builds.
• Spring-based physics model — Springs are intuitive, computationally efficient, and produce natural-feeling animations compared to keyframe or fixed-duration animations.

• Single-library physics engine vs. general-purpose physics

  • Why: Rebound focuses only on spring dynamics, not rigid bodies, collisions, or constraints.
  • Consequence: Simpler API, smaller footprint, easier to integrate; cannot simulate complex multi-body interactions or realistic gravity-based physics.

• Frame-based integration (advance per render frame) vs. time-based decoupling

  • Why: Tightly coupled to Android render loop for immediate visual feedback.
  • Consequence: Smooth 60fps animations on capable devices; can stutter on low-end devices or under heavy CPU load; not suitable for server-side use.

• Imperative listener-based updates vs. reactive/declarative binding

  • Why: Matches Android View paradigm of direct property mutation (setTranslationX, etc.).
  • Consequence: Familiar to Android developers; requires manual wiring of listener callbacks; less elegant than data-binding frameworks.

• Not a general-purpose physics library (no rigid bodies, collisions, constraints, gravity simulation beyond springs)
• Not a declarative/reactive animation framework (direct imperative listener updates required)
• Not thread-safe for concurrent spring modification (designed for single-threaded Android main thread)
• Not designed for web/server use (tightly coupled to Android View rendering and lifecycle)
• Not a keyframe or timeline-based animator (springs only, no seekable timeline or grouped animations)

Archived repo with outdated dependency versions: Gradle 1.2.3 is ancient (modern is 8.x), Android build tools and SDK targets are pinned to ~2014 levels. No obvious environment vars required, but you must have Android SDK installed and ANDROID_HOME set. Project uses both Gradle and Buck; Buck configuration is parallel and may confuse newcomers expecting single build system. minSdkVersion 11 (Android 3.0, 2011) vs. modern targetSdkVersion requirements will cause runtime issues on Android 12+.

• Spring Dynamics & Harmonic Oscillation — The entire library models springs via differential equations (Hooke's law + damping); understanding oscillation frequency, overshoot, and settling time is essential to tuning animations
• Tension & Friction Parameters — Rebound abstracts spring physics into two user-facing knobs: tension controls oscillation frequency (stiffness), friction controls damping (oscillation decay); knowing how to adjust these is core to the API
• Frame-by-Frame Animation Loop — SpringSystem steps through time at fixed intervals, solving spring equations each frame and firing listener callbacks; understanding the timestep granularity affects animation smoothness and performance
• Observer Pattern (Listener Callbacks) — Springs expose SpringListener interface for animation callbacks; decouples physics solver from UI rendering, allowing multiple views to animate independently
• Numerical Integration (Euler/RK4) — SpringSystem solves ODEs numerically each frame; the choice of integration method (likely Euler or similar) affects stability and accuracy of spring behavior
• Property Animation & Value Interpolation — Springs don't directly animate UI properties; they produce continuous value streams that listener code applies to View attributes (translation, scale, alpha)—understanding the mapping is crucial for integrating springs into real layouts

• facebook/rebound-js — Official JavaScript port of Rebound—same spring dynamics, different language target for web developers
• airbnb/lottie-android — Alternative animation library for Android using Bezier curves and keyframes; different philosophy (data-driven vs. physics-driven)
• chrisjenx/Calligraphy — Companion library for Android text animations; often used alongside Rebound for polishing UI motion
• JakeWharton/NineOldAndroids — Pre-Android 4.0 animation backport library; Rebound's era contemporary for compatibility, now largely superseded by native APIs

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for rebound-core spring physics engine

The repo has two Android example applications (rebound-android-example and rebound-android-playground) but no visible test directory for the core spring dynamics library in rebound-core/src/main/java. This is critical for a physics library where correctness directly impacts user experience. Unit tests should validate spring calculations, damping, tension, and edge cases.

• [ ] Create rebound-core/src/test/java directory structure
• [ ] Add unit tests for SpringSystem state management and spring lifecycle
• [ ] Add tests for physics calculations: tension, damping, displacement convergence
• [ ] Add tests for edge cases: zero tension, extreme damping values, rapid listener callbacks
• [ ] Integrate test execution into build.gradle with testImplementation dependencies

Migrate from deprecated Gradle Android plugin to modern Android Gradle Plugin (AGP)

The build.gradle shows classpath 'com.android.tools.build:gradle:1.2.3' which is severely outdated (from ~2015). This version has security vulnerabilities, incompatibility with modern Java/Gradle versions, and lacks support for current Android tooling. Updating to modern AGP (7.x+) is essential for maintainability.

• [ ] Update buildscript dependency to com.android.tools.build:gradle:7.4.0 or latest stable
• [ ] Migrate deprecated android.libraryVariants to android.libraryVariants.all syntax if needed
• [ ] Update gradle wrapper to version 7.6+ in gradle/wrapper/gradle-wrapper.properties
• [ ] Update gradle.properties to remove legacy properties incompatible with AGP 7+
• [ ] Test builds for rebound-android-example and rebound-android-playground modules

Add GitHub Actions CI/CD to replace Travis CI for multi-platform testing

The .travis.yml exists but Travis CI has limited free tier support now. The repo lacks visible testing across Android API levels and Java versions. GitHub Actions would enable testing on multiple Android SDK versions, Java 11+, and both Linux/macOS runners at no cost.

• [ ] Create .github/workflows/android-build.yml for Gradle build validation
• [ ] Add matrix testing for minSdkVersion variants (API 11, 16, 21, 29, 33+)
• [ ] Add artifact upload for test results and APK outputs
• [ ] Include lint checks via android.lint tasks in build.gradle
• [ ] Update README.md with new GitHub Actions badge (replacing Travis CI badge)

• Update gradle.properties and build.gradle to target modern Android SDK levels (API 34+) and Gradle 8.x—requires testing on recent Android versions to ensure Spring solver still works correctly: Repo is archived with 2014-era SDK versions; modern targets are critical for Play Store compatibility
• Add unit tests for rebound-core/src/main/java/com/facebook/rebound/Spring.java and SpringSystem.java—verify spring solving accuracy (overshoot, settling time) against known physics expectations: Core physics engine has no visible test coverage; test suite would prevent regressions and document expected behavior
• Create a minimal Java example (rebound-java-example/ or console app) showing spring usage without Android dependencies—currently only Android examples exist: Library markets itself as 'Java library' but all examples require Android; pure-Java demo would clarify core/platform separation and help server-side or desktop devs

The Rebound codebase has moderate security concerns primarily related to outdated build tools, deprecated Android API levels, and exposed debug credentials in version control. The most critical issue is the outdated Gradle build tool (1.2.3 from 2015) which lacks modern security patches. Additionally, debug keystores should not be in version control. The minSdkVersion of 11 is extremely outdated. Since this is an archived Facebook project, security concerns are partially mitigated by its archived status, but users should be warned against using this library in new projects. The library itself appears to be a pure physics simulation library with minimal external dependencies, reducing injection and external vulnerability risks.

• High · Outdated Gradle Build Tools — build.gradle (buildscript dependencies). The build.gradle file specifies 'com.android.tools.build:gradle:1.2.3', which is significantly outdated (released in 2015). This version contains multiple known security vulnerabilities and lacks security patches for Android build system vulnerabilities. Modern Android build tools include critical security fixes for dependency handling, code compilation, and manifest processing. Fix: Update to the latest stable version of Android Gradle Plugin (currently 8.x). Review and update all build tool dependencies to their latest versions. Implement a dependency management strategy with regular updates.
• High · Debug Keystore Exposed in Repository — rebound-android-example/debug.keystore, rebound-android-playground/debug.keystore, and corresponding .properties files. Debug keystores are committed to version control in multiple locations: 'rebound-android-example/debug.keystore' and 'rebound-android-playground/debug.keystore'. While these are debug-only keystores, their presence in source control alongside keystore.properties files indicates a pattern that could be replicated with production keystores, creating a significant security risk. Fix: Remove debug keystores from version control and add *.keystore to .gitignore. Store keystores securely outside the repository. Implement a secure key management system for production keystores. Consider using environment variables or secure secret management services.
• Medium · Outdated Android SDK Target Version — build.gradle (android.defaultConfig). The build configuration specifies minSdkVersion 11, which was released in 2011. This is significantly below current Android security standards. Older API levels lack modern security features including improved permission models, encrypted storage, and other security enhancements. Fix: Increase minSdkVersion to at least API 21 (ideally 24+). Review and implement modern Android security features including the permission model introduced in Android 6.0 (API 23). Ensure all deprecated APIs are replaced with secure alternatives.
• Medium · Javadoc Configuration with Insecure Links — build.gradle (androidJavadocs task, options.links). The Javadoc generation task includes hardcoded HTTP links ('http://docs.oracle.com/javase/7/docs/api/' and 'http://d.android.com/reference') which use unencrypted connections. This could expose documentation access to man-in-the-middle attacks during build time. Fix: Replace HTTP links with HTTPS equivalents. Use 'https://docs.oracle.com/javase/8/docs/api/' (or appropriate Java version) and 'https://developer.android.com/reference'. Consider pinning documentation versions to reduce external dependencies.
• Low · Missing Security Configuration Files — Repository root. The repository lacks standard security configuration files such as SECURITY.md, which would communicate vulnerability reporting procedures. There is no evidence of security policy documentation for this archived Facebook project. Fix: Create a SECURITY.md file documenting how security vulnerabilities should be reported. Although this is an archived project, clearly document that it is no longer actively maintained and recommend users migrate to maintained alternatives.
• Low · No Dependency Verification — build.gradle. The build configuration does not implement dependency verification mechanisms like dependency checksum validation or signature verification. This could allow dependency substitution attacks or supply chain compromises. Fix: Implement Gradle dependency verification using gradle/verification-metadata.xml. Enable checksum verification for all dependencies. Use lock files to ensure reproducible builds with pinned dependency versions.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.