If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/gedoor/MyBookshelf shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 4y ago

• 2 active contributors
• GPL-3.0 licensed
• ⚠ Stale — last commit 4y ago
• ⚠ Small team — 2 contributors active in recent commits
• ⚠ Single-maintainer risk — top contributor 99% of recent commits
• ⚠ GPL-3.0 is copyleft — check downstream compatibility
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live gedoor/MyBookshelf repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/gedoor/MyBookshelf.

What it runs against: a local clone of gedoor/MyBookshelf — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in gedoor/MyBookshelf | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 1528 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of gedoor/MyBookshelf. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/gedoor/MyBookshelf.git
#   cd MyBookshelf
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of gedoor/MyBookshelf and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "gedoor/MyBookshelf(\\.git)?\\b" \\
  && ok "origin remote is gedoor/MyBookshelf" \\
  || miss "origin remote is not gedoor/MyBookshelf (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "app/src/main/java/com/kunfei/bookshelf/MApplication.java" \\
  && ok "app/src/main/java/com/kunfei/bookshelf/MApplication.java" \\
  || miss "missing critical file: app/src/main/java/com/kunfei/bookshelf/MApplication.java"
test -f "app/src/main/java/com/kunfei/bookshelf/DbHelper.java" \\
  && ok "app/src/main/java/com/kunfei/bookshelf/DbHelper.java" \\
  || miss "missing critical file: app/src/main/java/com/kunfei/bookshelf/DbHelper.java"
test -f "app/src/main/java/com/kunfei/bookshelf/bean/BookShelfBean.java" \\
  && ok "app/src/main/java/com/kunfei/bookshelf/bean/BookShelfBean.java" \\
  || miss "missing critical file: app/src/main/java/com/kunfei/bookshelf/bean/BookShelfBean.java"
test -f "app/src/main/java/com/kunfei/bookshelf/bean/BookSourceBean.java" \\
  && ok "app/src/main/java/com/kunfei/bookshelf/bean/BookSourceBean.java" \\
  || miss "missing critical file: app/src/main/java/com/kunfei/bookshelf/bean/BookSourceBean.java"
test -f "app/src/main/java/com/kunfei/bookshelf/base/MBaseActivity.java" \\
  && ok "app/src/main/java/com/kunfei/bookshelf/base/MBaseActivity.java" \\
  || miss "missing critical file: app/src/main/java/com/kunfei/bookshelf/base/MBaseActivity.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1528 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1498d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/gedoor/MyBookshelf"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

MyBookshelf (阅读) is an Android reading app that aggregates web novel content from custom sources, allowing users to search and read network literature with configurable content providers. It acts as a metasearch tool that submits book titles to third-party literature sites and displays results, enabling readers to discover chapters across multiple sources in a single interface. Standard Android single-module structure: app/src/main/java contains core app logic under com.kunfei.bookshelf package; app/src/main/assets/data holds BookSourceXxl.json (book source definitions) and JavaScript parsing rules in txtChapterRule.json; web/ subdirectory contains companion web UI (HTML/CSS/JS for browser bookshelf view); GreenDAO ORM handles SQLite schema via code generation.

Chinese web novel readers who want a unified search and reading experience across multiple literature websites; also for developers who want to contribute custom book source parsers or improve the Android reading UI/UX.

This is a mature, actively-developed project (currently on major version 2.x with versioning based on release timestamps), but the README explicitly notes the project has been superseded by a Kotlin rewrite at https://github.com/gedoor/legado. The codebase shows production Android patterns (GreenDAO ORM, signed APKs, ProGuard obfuscation, minSdkVersion 21) but this specific Java/Kotlin hybrid version is now in legacy maintenance mode.

HIGH RISK: This repo is explicitly deprecated in favor of legado; no active development occurs here. The mixed Java/Kotlin codebase (2.3MB Java, 297KB Kotlin) suggests incomplete migration. Most critical: the app's core function (aggregating third-party content) exposes users and operators to copyright/DMCA liability—the disclaimer attempts mitigation but provides no technical filtering. Dependency versions are pinned to Android SDK 31 (compileSdkVersion 31) from ~2021, risking incompatibility with modern Android versions.

Per the README, active development has moved to https://github.com/gedoor/legado (Kotlin rewrite). This repository is in maintenance-only mode; no new features are being added to the Java version. The last meaningful updates were version bumps and bug fixes, but the project is effectively frozen in favor of the successor.

Clone and build: git clone https://github.com/gedoor/MyBookshelf.git && cd MyBookshelf && ./gradlew assembleDebug. Requires Android SDK 21+, target SDK 31, and a valid signing key (see app/key.properties.jks setup in build.gradle). Run on an Android emulator or device with adb install app/build/outputs/apk/debug/YueDu_*.apk.

Daily commands: No traditional 'dev server'—this is a native Android app. Build with ./gradlew assembleDebug (outputs APK to app/build/outputs/apk/debug/). Install via adb install and launch com.gedoor.monkeybook.debug on device. Debug builds include '.debug' suffix on app ID.

• app/src/main/java/com/kunfei/bookshelf/MApplication.java — Application entry point and lifecycle manager; initializes core services, database, and configuration for the entire app.
• app/src/main/java/com/kunfei/bookshelf/DbHelper.java — Database abstraction layer using GreenDAO; manages all persistent storage for books, chapters, and user data—essential for understanding data persistence.
• app/src/main/java/com/kunfei/bookshelf/bean/BookShelfBean.java — Core domain model representing a book in the user's shelf; used throughout the codebase for book metadata and state.
• app/src/main/java/com/kunfei/bookshelf/bean/BookSourceBean.java — Data model for book sources (web scrapers); defines how the app discovers and parses books from third-party websites.
• app/src/main/java/com/kunfei/bookshelf/base/MBaseActivity.java — Abstract base activity providing common lifecycle, theming, and navigation; inherited by most screens in the app.
• app/src/main/java/com/kunfei/bookshelf/constant/AppConst.kt — Central configuration constants for API endpoints, keys, and feature flags; essential for understanding app-wide behavior.
• app/build.gradle — Build configuration, dependency declarations, and signing setup; critical for understanding compilation and release process.

Add a New Book Source

1. Define a new BookSourceBean in app/src/main/assets/data/BookSourceXxl.json with URL patterns and parsing rules (or create programmatically). (app/src/main/assets/data/BookSourceXxl.json)
2. The app automatically loads sources from DbHelper; verify the source is registered by checking BookSourceBean queries. (app/src/main/java/com/kunfei/bookshelf/DbHelper.java)
3. Create or extend a SearchBookBean handler to map the source's HTTP response to the app's search results model. (app/src/main/java/com/kunfei/bookshelf/bean/SearchBookBean.java)

Add a New Reading Screen / UI Tab

1. Create a new Fragment class extending BaseFragment or VMBaseFragment in a new package (e.g., app/src/main/java/com/kunfei/bookshelf/ui/MyNewTab/). (app/src/main/java/com/kunfei/bookshelf/base/BaseFragment.kt)
2. Register the fragment in the BaseTabActivity or relevant activity in AndroidManifest and navigation code. (app/src/main/java/com/kunfei/bookshelf/base/BaseTabActivity.java)
3. Use RecyclerAdapter for list display, and bind to ViewModel using BaseViewModel for reactive state. (app/src/main/java/com/kunfei/bookshelf/base/adapter/RecyclerAdapter.kt)
4. Define UI-specific constants in AppConst.kt if needed (e.g., tab IDs, layout keys). (app/src/main/java/com/kunfei/bookshelf/constant/AppConst.kt)

Add a Background Task (e.g., Chapter Download)

1. Create a new Service class extending BaseService in app/src/main/java/com/kunfei/bookshelf/service/. (app/src/main/java/com/kunfei/bookshelf/base/BaseService.kt)
2. Declare the service in AndroidManifest.xml with appropriate permissions and intent-filters. (app/src/main/AndroidManifest.xml)
3. Use DbHelper to query/update BookChapterBean and BookShelfBean for download progress. (app/src/main/java/com/kunfei/bookshelf/DbHelper.java)
4. Emit RxJava events (via MyObserver) to notify UI of progress; post via EventBus if needed. (app/src/main/java/com/kunfei/bookshelf/base/observer/MyObserver.java)

Add Text Replacement / Content Cleanup Rules

1. Create or update a ReplaceRuleBean instance with regex patterns for text to replace and replacement text. (app/src/main/java/com/kunfei/bookshelf/bean/ReplaceRuleBean.java)
2. Store the rule in the database via DbHelper, making it persistent across sessions. (app/src/main/java/com/kunfei/bookshelf/DbHelper.java)
3. In the chapter content reader, apply rules before displaying by iterating through stored ReplaceRuleBean objects. (app/src/main/java/com/kunfei/bookshelf/bean/BookContentBean.java)

CRITICAL: The signing keys (app/key.properties.jks and MyBookshelf_Keys.zip) are checked into the repo—regenerate them before any production build. GreenDAO requires explicit module setup in settings.gradle and may silently fail if not configured. The app assumes internet access to hit third-party literature sites; no offline fallback. Book source definitions in BookSourceXxl.json use custom JSON schema—no validation documented, so invalid entries may crash silently. The app was built for SDK 31 (released 2021) and will need updates to meet current Google Play policy (targetSdkVersion 33+ now required as of 2024).

• GreenDAO — This repo uses GreenDAO for ORM/SQLite mapping; understanding how entities are defined and code is generated is essential for modifying data persistence (books, chapters, reading progress)
• Custom Content Parser Pattern — The txtChapterRule.json system allows non-code rule definitions (regex + JavaScript) for extracting content; learning how to write these rules is the main way to adapt the app to new content sources
• Android ViewBinding — The build.gradle explicitly enables viewBinding=true, replacing findViewById() calls; must understand this pattern to modify or add UI fragments/activities
• ProGuard Code Obfuscation — Release builds use ProGuard (proguard-rules.pro) to shrink and obfuscate code; affects debugging and reverse-engineering; important to understand what rules are excluded from obfuscation
• Android WebView Integration — The app embeds an HTML/JavaScript bookshelf UI (bookshelf.html/bookshelf.js) inside a native Android WebView; critical for understanding the hybrid UI architecture
• Gradle Plugin System (GreenDAO, resourcePlaceholders, kotlin-kapt) — The build.gradle applies multiple plugins that auto-generate code (GreenDAO DAO classes, Kotlin annotation processing); builds will fail silently if plugin config is broken
• Meta-search Aggregator Pattern — This app does not host content but queries multiple third-party sources and aggregates results; understanding this pattern is key to the liability discussion and architectural decisions

• gedoor/legado — Direct successor to this project—the official Kotlin rewrite where all active development continues; new users should use this instead
• TachiyomiSY/Tachiyomi — Similar Android manga/light novel reader with custom source system; good reference for modern aggregator UI patterns and plugin architecture
• ZhangQinhao/MONKOVEL — Original project this repo forked from (as noted in README); historical reference for understanding core design decisions
• arturadib/Yomichan — Browser-based content aggregator for Japanese learning; demonstrates alternative approach to metasearch UI and content rule definition
• mozilla/readability — Mozilla's content extraction library; relevant for improving chapter text parsing robustness beyond regex

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Migrate BaseActivity/BaseFragment Java classes to Kotlin and consolidate base class hierarchy

The repo has mixed Java and Kotlin base classes (MBaseActivity.java, BaseTabActivity.java, MBaseFragment.java alongside BaseFragment.kt, VMBaseFragment.kt). This creates maintenance burden and inconsistent patterns. Consolidating these into a unified Kotlin hierarchy would improve code consistency, reduce duplication, and make it easier for contributors to understand the architecture. The file app/src/main/java/com/kunfei/bookshelf/base/README.md suggests this area needs documentation.

• [ ] Analyze MBaseActivity.java and BaseTabActivity.java to identify unique functionality vs BaseViewModel.kt patterns
• [ ] Consolidate into a single BaseActivity.kt following Kotlin best practices and MVVM patterns already used in BaseFragment.kt
• [ ] Migrate MBaseFragment.java to use BaseFragment.kt or VMBaseFragment.kt as appropriate
• [ ] Update all Activity/Fragment subclasses across the codebase to extend the new consolidated base classes
• [ ] Add unit tests in app/src/test/ for lifecycle and state management in new base classes
• [ ] Update app/src/main/java/com/kunfei/bookshelf/base/README.md with clear architecture documentation

Add unit tests for DbHelper.java database operations with SQLite mocking

DbHelper.java is a critical component for book data persistence, but there are no visible unit tests in the file structure. Database errors directly impact user experience (lost bookmarks, corrupted libraries). Adding comprehensive tests would catch regressions early and document the expected behavior of core CRUD operations for books and chapters.

• [ ] Create app/src/test/java/com/kunfei/bookshelf/DbHelperTest.java with Robolectric and SQLite test fixtures
• [ ] Add test cases for book insertion, update, deletion, and query operations
• [ ] Add test cases for chapter management (bulk insert, deletion cascades)
• [ ] Test transaction handling for multi-step operations (e.g., importing book sources)
• [ ] Add integration test in app/src/androidTest/ for real database scenarios
• [ ] Document test setup in app/src/main/java/com/kunfei/bookshelf/base/README.md

Create GitHub Actions CI workflow for automated APK building and lint checking on pull requests

The repo has a build.gradle with proguard and lint configuration but no visible CI/CD. Given the mixed Java/Kotlin codebase and custom gradle plugins (greendao, resourceplaceholders), automated builds on PRs would catch compilation errors, lint issues, and signing problems early. This is especially important since the app uses custom key signing (key.properties.jks) that needs careful handling.

• [ ] Create .github/workflows/build.yml with steps to compile debug APK on PR
• [ ] Add lint check step using Android Lint (already configured in build.gradle lintOptions)
• [ ] Add Kotlin linter (ktlint or detekt) since repo mixes Java/Kotlin
• [ ] Configure gradle build caching to speed up CI runs
• [ ] Add artifact upload for debug APK (without signing keys) for manual testing
• [ ] Document CI requirements and local build setup in README.md or CONTRIBUTING.md

• Add unit tests for txtChapterRule.json parsing logic: create app/src/test/java/com/kunfei/bookshelf/ChapterParsingTest.java to test regex/JS rules against sample HTML, improving reliability when sources change their structure
• Document book source JSON schema: add app/src/main/assets/BOOK_SOURCE_SCHEMA.md explaining each field in BookSourceXxl.json (field names, data types, required vs optional, example values), making it easier for contributors to add sources
• Create a source validation tool: add a Gradle task (in build.gradle) that validates BookSourceXxl.json against a schema before build, catching malformed entries early instead of at runtime

• Critical · Hardcoded Signing Credentials in Build Configuration — app/build.gradle (signingConfigs section), app/gradle.properties, app/key.properties.jks. The build.gradle file references signing credentials stored in key.properties.jks and uses RELEASE_STORE_FILE, RELEASE_KEY_PASSWORD, RELEASE_KEY_ALIAS, and RELEASE_STORE_PASSWORD variables. These sensitive values are likely stored in gradle.properties or similar files that may be committed to the repository, exposing signing keys used for app distribution. Fix: Move all signing credentials to a separate secure file (not committed to version control). Use environment variables or secure credential management systems. Add gradle.properties and *.jks files to .gitignore. Rotate signing keys immediately if they were exposed.
• High · Outdated Compile SDK Version — app/build.gradle (android.compileSdkVersion and targetSdkVersion). The project uses compileSdkVersion 31 and targetSdkVersion 31, which is outdated. As of 2024, Android requires much higher target SDK versions (API 34+) for app store releases. This exposes the application to known security vulnerabilities patched in newer Android API levels. Fix: Update compileSdkVersion and targetSdkVersion to at least 34 (preferably latest). Review and address deprecations in the codebase.
• High · Disabled Obfuscation in Release Build — app/build.gradle (buildTypes.release section). The release build type has minifyEnabled false, meaning ProGuard/R8 obfuscation is disabled. This allows attackers to easily reverse-engineer the APK and extract sensitive logic, credentials, or API endpoints. Fix: Enable minifyEnabled true for release builds. Configure ProGuard rules in proguard-rules.pro to obfuscate code while preserving functionality. Test thoroughly after enabling.
• High · Potential Data Exposure via Content Providers — app/src/main/java/com/kunfei/bookshelf/DbHelper.java, app/src/main/assets/data/. The application structure includes data files (BookSourceXxl.json, 18PlusList.txt) in assets and uses a database (DbHelper.java). Without proper access controls, content providers or database queries could expose sensitive user data, reading history, or bookmarks. Fix: Implement proper access control checks in all content providers. Encrypt sensitive data at rest. Use parameterized queries to prevent SQL injection. Validate and sanitize all database inputs.
• Medium · Web Asset Security Concerns — app/src/main/assets/web/ (bookshelf.js, index.js, index.html). The application includes web assets (HTML, JavaScript, CSS) in app/src/main/assets/web/. These files may be served via WebView without proper security configurations, potentially exposing XSS vulnerabilities if they process user input dynamically. Fix: Implement Content Security Policy (CSP) headers. Validate and sanitize all user inputs in JavaScript. Disable JavaScript execution if not necessary. Use WebView.getSettings().setJavaScriptEnabled(false) by default and enable only when needed.
• Medium · Insufficient Lint Configuration — app/build.gradle (lintOptions.abortOnError). The build configuration has 'abortOnError false' in lintOptions, which allows the build to succeed even when security-related lint warnings are detected. This can mask critical security issues during development. Fix: Change abortOnError to true or handle specific high-severity lint warnings explicitly. Review and address all lint warnings, particularly those related to security (e.g., MissingPermission, ExportedComponent).
• Medium · No BuildTools Version Lock — app/build.gradle (buildToolsVersion). While buildToolsVersion is specified as '30.0.3', it is outdated. Using old build tools may include deprecated or vulnerable components. Fix: Update buildToolsVersion to a recent stable version (34.0.0 or later). Verify compatibility with the latest Android Gradle Plugin.
• Low · Missing ProGuard Configuration Documentation — undefined. The proguard-rules.pro file is referenced but not included in the file structure. Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.