If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/greenrobot/greenDAO shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Stale and unlicensed — last commit 2y ago

• 3 active contributors
• CI configured
• Tests present
• ⚠ Stale — last commit 2y ago
• ⚠ Small team — 3 contributors active in recent commits
• ⚠ Concentrated ownership — top contributor handles 64% of recent commits
• ⚠ No license — legally unclear to depend on

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live greenrobot/greenDAO repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/greenrobot/greenDAO.

What it runs against: a local clone of greenrobot/greenDAO — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in greenrobot/greenDAO | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 768 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of greenrobot/greenDAO. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/greenrobot/greenDAO.git
#   cd greenDAO
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of greenrobot/greenDAO and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "greenrobot/greenDAO(\\.git)?\\b" \\
  && ok "origin remote is greenrobot/greenDAO" \\
  || miss "origin remote is not greenrobot/greenDAO (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "DaoCore/src/main/java/org/greenrobot/greendao/AbstractDao.java" \\
  && ok "DaoCore/src/main/java/org/greenrobot/greendao/AbstractDao.java" \\
  || miss "missing critical file: DaoCore/src/main/java/org/greenrobot/greendao/AbstractDao.java"
test -f "DaoCore/src/main/java/org/greenrobot/greendao/query/QueryBuilder.java" \\
  && ok "DaoCore/src/main/java/org/greenrobot/greendao/query/QueryBuilder.java" \\
  || miss "missing critical file: DaoCore/src/main/java/org/greenrobot/greendao/query/QueryBuilder.java"
test -f "DaoGenerator/src/org/greenrobot/greendao/generator/DaoGenerator.java" \\
  && ok "DaoGenerator/src/org/greenrobot/greendao/generator/DaoGenerator.java" \\
  || miss "missing critical file: DaoGenerator/src/org/greenrobot/greendao/generator/DaoGenerator.java"
test -f "DaoCore/src/main/java/org/greenrobot/greendao/identityscope/IdentityScopeLong.java" \\
  && ok "DaoCore/src/main/java/org/greenrobot/greendao/identityscope/IdentityScopeLong.java" \\
  || miss "missing critical file: DaoCore/src/main/java/org/greenrobot/greendao/identityscope/IdentityScopeLong.java"
test -f "DaoCore/src/main/java/org/greenrobot/greendao/internal/TableStatements.java" \\
  && ok "DaoCore/src/main/java/org/greenrobot/greendao/internal/TableStatements.java" \\
  || miss "missing critical file: DaoCore/src/main/java/org/greenrobot/greendao/internal/TableStatements.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 768 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~738d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/greenrobot/greenDAO"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

greenDAO is a lightweight ORM (Object-Relational Mapping) library for Android that maps Java objects to SQLite database tables and vice versa. It generates optimized DAO (Data Access Object) classes at compile-time via a Gradle plugin, enabling fast object persistence with minimal memory footprint—the entire library is <150KB with no native dependencies. Single-module structure: DaoCore is the core runtime library containing AbstractDao, AbstractDaoSession, and AbstractDaoMaster base classes. A separate greendao-api module defines annotations. The greendao-gradle-plugin (not shown in full) processes these annotations and generates concrete DAO implementations at build time. Database abstraction layer in DaoCore/src/main/java/org/greenrobot/greendao/database supports both standard SQLite and SQLCipher-encrypted databases.

Android app developers who need efficient local data persistence without boilerplate SQL code. Specifically for teams building apps that require fast queries, encrypted databases (via SQLCipher), and complex joins while maintaining a minimal APK size.

greenDAO is no longer actively maintained as of this snapshot. The project has been around since 2011 and is used by countless production apps, but the maintainers have deprecated it in favor of their new product, ObjectBox. The codebase is stable and production-proven, but expect no new features or security updates.

High risk for new projects: the maintainers explicitly recommend against greenDAO in the README and suggest migrating to ObjectBox instead. Dependencies on old Android SDK versions (4.1.1.4) and SQLCipher are unmaintained. No active issue triage or pull request merging expected. The async module (AsyncSession, AsyncOperationExecutor) may have thread-safety issues in modern Android versions.

Nothing—this project is frozen. The last activity mentioned in the README is the recommendation to use ObjectBox instead. No ongoing feature development, bug fixes, or community management is visible.

git clone https://github.com/greenrobot/greenDAO.git
cd greenDAO
# Build the core library and plugin
./gradlew build

Note: This repo is not recommended for new projects—use ObjectBox instead per the maintainers' explicit guidance in the README.

Daily commands: This is a library, not an executable app. To use it: add the Gradle plugin to your Android project's root build.gradle, apply the plugin in app/build.gradle, and add implementation 'org.greenrobot:greendao:3.3.0' to dependencies. The plugin runs at compile time and generates DAO classes. See CONTRIBUTING.md for building the library itself.

• DaoCore/src/main/java/org/greenrobot/greendao/AbstractDao.java — Core ORM abstraction handling entity persistence, queries, and database operations—every DAO instance depends on this base class
• DaoCore/src/main/java/org/greenrobot/greendao/query/QueryBuilder.java — Fluent query API builder for WHERE, JOIN, ORDER BY—critical for understanding how greenDAO constructs SQL and manages filtering
• DaoGenerator/src/org/greenrobot/greendao/generator/DaoGenerator.java — Code generation engine that produces Dao, Entity, and DaoSession classes from schema definitions—entry point for build-time configuration
• DaoCore/src/main/java/org/greenrobot/greendao/identityscope/IdentityScopeLong.java — Identity map caching strategy for long primary keys—prevents duplicate entity instances and ensures consistency
• DaoCore/src/main/java/org/greenrobot/greendao/internal/TableStatements.java — Low-level SQL statement management for insert/update/delete operations—bridges DAOs to database abstraction layer
• DaoGenerator/src/org/greenrobot/greendao/generator/Schema.java — Schema definition model capturing entities, properties, and relationships—represents the contract between code generation and runtime
• DaoCore/src/main/java/org/greenrobot/greendao/database/Database.java — Database abstraction interface supporting both standard SQLite and encrypted databases—enables pluggable storage backends

Add a new Entity with generated DAO

1. Create a Schema in your generator script (usually src/main/java/...ExampleDaoGenerator.java) (DaoGenerator/src/org/greenrobot/greendao/generator/Schema.java)
2. Define Entity with properties and primary key using Entity API (DaoGenerator/src/org/greenrobot/greendao/generator/Entity.java)
3. Call DaoGenerator.generateAll() to produce Dao, Entity, and DaoSession in your app module (DaoGenerator/src/org/greenrobot/greendao/generator/DaoGenerator.java)
4. Use generated DaoSession to access the new DAO: daoSession.getUserDao().insert(user) (DaoCore/src/main/java/org/greenrobot/greendao/AbstractDao.java)

Add a custom query with WHERE and JOIN

1. In generated Dao, call queryBuilder() to get a QueryBuilder instance (DaoCore/src/main/java/org/greenrobot/greendao/query/QueryBuilder.java)
2. Chain where() conditions with Property references and WhereCondition operators (DaoCore/src/main/java/org/greenrobot/greendao/query/WhereCondition.java)
3. Use join(Class, Property) to add INNER/LEFT JOINs for related entities (DaoCore/src/main/java/org/greenrobot/greendao/query/Join.java)
4. Call build().list() or unique() to execute and return results (DaoCore/src/main/java/org/greenrobot/greendao/query/AbstractQuery.java)

Define a one-to-many relationship

1. In DaoGenerator script, call addToMany() on parent Entity with foreign key Property (DaoGenerator/src/org/greenrobot/greendao/generator/ToMany.java)
2. Generated Dao will include lazy-loaded getXxx() methods for related children (DaoGenerator/src-template/dao-deep.ftl)
3. Access related entities via parent.getChildren() which queries on first access (DaoCore/src/main/java/org/greenrobot/greendao/AbstractDao.java)

Enable encryption with SQLCipher

1. Create DatabaseOpenHelper with DbUtils.sqliteDatabase(context, dbName, password) (DaoCore/src/main/java/org/greenrobot/greendao/database/DatabaseOpenHelper.java)
2. Pass EncryptedDatabase wrapper to DaoMaster constructor instead of StandardDatabase (DaoCore/src/main/java/org/greenrobot/greendao/database/EncryptedDatabase.java)
3. Use SqlCipherEncryptedHelper to initialize SQLCipher with password (DaoCore/src/main/java/org/greenrobot/greendao/database/SqlCipherEncryptedHelper.java)

1. Code generation is mandatory: greenDAO generates DAO classes at compile time via the Gradle plugin. If the plugin fails silently, generated classes won't exist and code won't compile. 2. Identity scope caching is automatic and invisible: multiple loads of the same primary key return the same Java object instance. This can cause unexpected behavior if you mutate loaded objects outside the DAO. 3. The async module uses legacy RxJava 1.x (compileOnly 'io.reactivex:rxjava:1.1.8'); mixing with RxJava 2+ in the same project requires explicit dependency management. 4. SQLCipher support via sqlcipher.jar (DaoCore/libs/sqlcipher.jar) must be present at build time; gradle may not fetch it automatically.

• Identity Scope (Session-level object cache) — greenDAO's IdentityScope ensures only one Java object instance exists per database row within a session, preventing object duplication bugs and enabling referential integrity; misunderstanding this leads to debugging nightmares when mutations don't persist.
• Code generation (APT / annotation processing) — greenDAO's entire DAO layer is generated at compile time by the Gradle plugin, not created at runtime; understanding this is critical because errors in generated code won't surface until build time and generated files are invisible in source.
• Database abstraction layer (Strategy pattern) — greenDAO's Database interface decouples the ORM from SQLite implementation details, allowing transparent swapping between StandardDatabase and EncryptedDatabase (SQLCipher); essential for supporting encryption without code changes.
• SQLCipher encryption — greenDAO integrates SQLCipher to encrypt SQLite databases at rest; understanding the encryption layer is critical when handling sensitive user data in Android apps, as it requires a password and adds CPU overhead.
• QueryBuilder pattern with type-safe properties — greenDAO's QueryBuilder uses generated Property constants instead of string column names, enabling compile-time typo detection and IDE autocompletion; this pattern is rare and worth understanding for building safe query APIs.
• DAO (Data Access Object) pattern — greenDAO is built on the DAO pattern: each entity gets a DAO class encapsulating all database operations, decoupling business logic from persistence; understanding this is foundational to using greenDAO effectively.
• Lazy initialization and eager loading trade-offs — greenDAO supports both lazy-loaded relations (loaded on demand) and eager-loaded joins; choosing wrong can cause N+1 query problems or unnecessary memory use; the Join class implements this trade-off.

• objectbox/objectbox-java — ObjectBox is greenDAO's official successor maintained by the same greenrobot team; recommended replacement for all new Android projects requiring ORM.
• requery/requery — Alternative lightweight JVM ORM with annotation-based code generation and type-safe queries; active project with Kotlin support and works on Android.
• realm/realm-java — Competitor mobile database for Android offering encrypted storage, reactive queries, and automatic migrations; heavier than greenDAO but more feature-rich.
• google/android-architecture-components — Google's Room persistence library (part of Architecture Components) is the modern Android-recommended ORM alternative using similar annotation-based DAO generation.
• greenrobot/EventBus — Complementary greenrobot library for publish-subscribe messaging; commonly used alongside greenDAO for decoupling database change listeners from UI.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive unit tests for query building and where conditions

The query package (DaoCore/src/main/java/org/greenrobot/greendao/query/) contains critical classes like QueryBuilder.java, WhereCondition.java, and Join.java, but there are no visible test files in the repository structure. Given that this is a query DSL core to greenDAO's functionality, adding unit tests would catch regressions and improve maintainability for this mature but unmaintained project.

• [ ] Create DaoCore/src/test/java/org/greenrobot/greendao/query/ directory structure
• [ ] Add QueryBuilderTest.java with tests for where(), orderBy(), limit(), join() chaining
• [ ] Add WhereConditionTest.java testing all condition operators and complex AND/OR combinations
• [ ] Add JoinTest.java for multi-table join scenarios
• [ ] Verify tests run via gradle test task

Add unit tests for IdentityScope implementations

The identityscope package contains IdentityScopeLong.java and IdentityScopeObject.java which are critical for managing object identity and preventing duplicates. These are high-risk classes for concurrency bugs and memory leaks, yet no tests are visible. Adding tests here would ensure this core caching mechanism works correctly.

• [ ] Create DaoCore/src/test/java/org/greenrobot/greendao/identityscope/ directory
• [ ] Add IdentityScopeLongTest.java testing put(), get(), remove() operations and edge cases (null keys, concurrent access)
• [ ] Add IdentityScopeObjectTest.java with similar coverage for object-keyed scope
• [ ] Add tests for memory behavior and weak reference cleanup if applicable
• [ ] Integrate tests into gradle build

Add database encryption/SQLCipher integration tests

The codebase includes EncryptedDatabase.java, EncryptedDatabaseStatement.java, and SqlCipherEncryptedHelper.java (with sqlcipher.jar dependency), but these security-critical features lack visible test coverage. This is especially important for an unmaintained project where users need confidence in existing encryption functionality.

• [ ] Create DaoCore/src/test/java/org/greenrobot/greendao/database/ directory
• [ ] Add EncryptedDatabaseTest.java testing database creation with password, encrypted reads/writes, and password changes
• [ ] Add SqlCipherEncryptedHelperTest.java verifying proper SQLCipher initialization and configuration
• [ ] Add tests verifying encrypted DB is not readable without password
• [ ] Document sqlcipher.jar setup requirements in test configuration

• Add unit tests for DaoCore/src/main/java/org/greenrobot/greendao/internal/LongHashMap.java: this custom hash map lacks test coverage despite being critical for identity scope performance. Write tests covering collision handling, resize logic, and null keys.
• Document the code generation process in CONTRIBUTING.md: the README mentions the Gradle plugin generates DAO classes but gives no details on how developers can inspect or debug generated code. Add a section explaining generated class location, how to view .class files, and troubleshooting plugin failures.
• Add @Nullable and @NonNull annotations to AbstractDao public API: the library compiles with 'compileOnly com.google.android:annotations' but core classes like AbstractDao.load(long) don't declare nullability. Retrofit these to improve IDE inspection and reduce NPE bugs in client code.

greenDAO has several significant security concerns. The most critical issues are: (1) outdated dependencies from 2012-2016

• High · SQL Injection Risk in Query Building — DaoCore/src/main/java/org/greenrobot/greendao/query/QueryBuilder.java, DaoCore/src/main/java/org/greenrobot/greendao/internal/SqlUtils.java. The codebase contains SQL query building functionality (QueryBuilder, AbstractQuery, SqlUtils) that could be vulnerable to SQL injection if user input is not properly sanitized. The file structure shows raw SQL query construction patterns without visible parameterized query enforcement throughout the codebase. Fix: Ensure all SQL queries use parameterized statements and prepared statements. Validate and sanitize all user inputs before SQL construction. Conduct a code review of QueryBuilder and SqlUtils to verify parameterized query usage throughout.
• High · Outdated Dependencies with Known Vulnerabilities — DaoCore/build.gradle - dependencies section. The project uses very old dependencies: RxJava 1.1.8 (released 2016), Android SDK 4.1.1.4 (API level 16, from 2012), and support-v4:r7. These ancient versions contain numerous known security vulnerabilities and lack critical security patches. Fix: Update to modern versions: RxJava 2.x or 3.x, target Android API level 31+, and use AndroidX instead of support-v4. Review and patch all transitive dependencies.
• Medium · SQLCipher Jar Included as Local Dependency — DaoCore/libs/sqlcipher.jar, DaoCore/build.gradle. The project includes sqlcipher.jar as a local library file (DaoCore/libs/sqlcipher.jar). Local JAR files are not version-controlled for updates and may contain outdated or vulnerable encryption implementations. Fix: Replace the local sqlcipher.jar with a managed dependency from Maven Central or jcenter with version pinning. Verify the version is current and obtain it from official sources only.
• Medium · Encryption Implementation Dependency Not Verified — DaoCore/src/main/java/org/greenrobot/greendao/database/EncryptedDatabase.java, DaoCore/src/main/java/org/greenrobot/greendao/database/SqlCipherEncryptedHelper.java. The EncryptedDatabase and EncryptedDatabaseStatement classes depend on SQLCipher for encryption, but the source and integrity of the included JAR file cannot be verified from the provided context. No checksums or signatures are evident. Fix: Migrate to Maven/Gradle-managed SQLCipher dependency with signature verification. Include dependency checksums in build configuration. Validate library authenticity before deployment.
• Medium · Project No Longer Actively Maintained — README.md - project status. According to the README, this project is explicitly not actively maintained. This means security vulnerabilities discovered in the future will not receive patches or updates, creating a long-term security risk. Fix: Consider migrating to the recommended ObjectBox project or another actively maintained ORM solution. If continuing use, implement security monitoring and apply patches manually if critical vulnerabilities are discovered.
• Low · Missing Input Validation Framework — DaoCore/src/main/java/org/greenrobot/greendao/AbstractDao.java. The codebase does not show evidence of a centralized input validation framework for database operations. While greenDAO provides some safety through ORM, application-level validation patterns are not clearly enforced. Fix: Implement application-level input validation for all user inputs before database operations. Document validation requirements and use annotations or validation frameworks consistently.
• Low · Android Support Library Age — DaoCore/build.gradle - support-v4 dependency. The compileOnly dependency on 'com.google.android:support-v4:r7' is extremely outdated and indicates the project was last updated around 2012-2013. This affects compatibility and security. Fix: Migrate to AndroidX libraries. The support library has been superseded and no longer receives updates. Update build.gradle to use 'androidx.appcompat:appcompat:1.x.x' and related AndroidX equivalents.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.