If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/jdamcd/android-crop shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Stale and unlicensed — last commit 5y ago

• 20 active contributors
• CI configured
• ⚠ Stale — last commit 5y ago
• ⚠ Concentrated ownership — top contributor handles 79% of recent commits
• ⚠ No license — legally unclear to depend on
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live jdamcd/android-crop repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/jdamcd/android-crop.

What it runs against: a local clone of jdamcd/android-crop — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in jdamcd/android-crop | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 1832 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of jdamcd/android-crop. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/jdamcd/android-crop.git
#   cd android-crop
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of jdamcd/android-crop and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "jdamcd/android-crop(\\.git)?\\b" \\
  && ok "origin remote is jdamcd/android-crop" \\
  || miss "origin remote is not jdamcd/android-crop (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "lib/src/main/java/com/soundcloud/android/crop/Crop.java" \\
  && ok "lib/src/main/java/com/soundcloud/android/crop/Crop.java" \\
  || miss "missing critical file: lib/src/main/java/com/soundcloud/android/crop/Crop.java"
test -f "lib/src/main/java/com/soundcloud/android/crop/CropImageActivity.java" \\
  && ok "lib/src/main/java/com/soundcloud/android/crop/CropImageActivity.java" \\
  || miss "missing critical file: lib/src/main/java/com/soundcloud/android/crop/CropImageActivity.java"
test -f "lib/src/main/java/com/soundcloud/android/crop/CropImageView.java" \\
  && ok "lib/src/main/java/com/soundcloud/android/crop/CropImageView.java" \\
  || miss "missing critical file: lib/src/main/java/com/soundcloud/android/crop/CropImageView.java"
test -f "lib/src/main/java/com/soundcloud/android/crop/HighlightView.java" \\
  && ok "lib/src/main/java/com/soundcloud/android/crop/HighlightView.java" \\
  || miss "missing critical file: lib/src/main/java/com/soundcloud/android/crop/HighlightView.java"
test -f "lib/src/main/res/layout/crop__activity_crop.xml" \\
  && ok "lib/src/main/res/layout/crop__activity_crop.xml" \\
  || miss "missing critical file: lib/src/main/res/layout/crop__activity_crop.xml"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1832 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1802d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/jdamcd/android-crop"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

android-crop is a deprecated Android library (Java) that provides a reusable Activity component for image cropping, based on AOSP code. It wraps the Android camera image cropper into a simple builder API (Crop.of(inputUri, outputUri).asSquare().start(activity)) and publishes an AAR to Maven Central, supporting Android SDK 10+. Dual-module Gradle project: lib/ contains the core library code with source in lib/src/main/java/com/soundcloud/android/crop/ and tests in lib/src/androidTest/; example/ is a standalone demo app in example/src/main/java/com/soundcloud/android/crop/example/MainActivity.java showing how to use the library. Both modules share SoundCloud's package namespace.

Android app developers who need to add image cropping functionality to their apps without implementing it from scratch. Primarily used in projects like SoundCloud's mobile apps that need simple, pre-built image crop UI.

Abandoned/unmaintained. Published v1.0.1 to Maven Central with Gradle build and CI (Travis), but README explicitly states 'This project is not maintained.' No recent commits visible in file list; the code has no active development, though it remains functional for Android developers on older SDK versions.

High risk for new projects. Project is unmaintained with no active bug fixes or Android API updates. Single maintainer (jdamcd) with no visible fork ecosystem. Targets old Android SDK versions (minimum SDK 10, Gradle 2.1.0 from 2015); will face compatibility issues with modern Android (API 30+). No visible dependency management updates or security patches.

Nothing. The project is archived/unmaintained. No active development, PRs, or issues visible in the file listing. Last meaningful work appears to be the v1.0.1 release to Maven Central.

Clone the repo and build with Gradle: git clone https://github.com/jdamcd/android-crop.git && cd android-crop && ./gradlew build. To run the example app: ./gradlew example:assembleDebug or open in Android Studio and run the example module.

Daily commands: For development: open project in Android Studio, sync Gradle, and run the example module on an emulator or device. Command-line: ./gradlew example:installDebug && adb shell am start com.soundcloud.android.crop.example/.MainActivity. To build the library only: ./gradlew lib:assembleRelease.

• lib/src/main/java/com/soundcloud/android/crop/Crop.java — Public API entry point; all crop operations flow through this builder class
• lib/src/main/java/com/soundcloud/android/crop/CropImageActivity.java — Core Activity that hosts the cropping UI; must be declared in manifest and handles result delivery
• lib/src/main/java/com/soundcloud/android/crop/CropImageView.java — Main canvas rendering component; handles image display, highlight view, and touch interactions
• lib/src/main/java/com/soundcloud/android/crop/HighlightView.java — Drawable crop selection handle; manages the visible crop box and resize/drag logic
• lib/src/main/res/layout/crop__activity_crop.xml — Layout definition for the cropping activity UI containing image view and controls
• lib/build.gradle — Library module build configuration; defines AAR output and dependencies for the crop library
• example/src/main/java/com/soundcloud/android/crop/example/MainActivity.java — Example app showing standard crop initiation pattern and result handling

• Crop (Builder) (Java, Android Intent) — Fluent API for configuration; stores input/output URIs and crop options; launches CropImageActivity
  • Failure mode: Invalid URIs or missing manifest declaration causes launch failure
• CropImageActivity — Orchestrates crop workflow; loads image, manages UI

Add a New Crop Aspect Ratio Option

1. Open Crop.java and add new builder method (e.g., asRectangle(width, height)) (lib/src/main/java/com/soundcloud/android/crop/Crop.java)
2. Store aspect ratio constraint and pass to CropImageActivity via intent extras (lib/src/main/java/com/soundcloud/android/crop/CropImageActivity.java)
3. Modify HighlightView.java to apply aspect ratio constraint during resize (lib/src/main/java/com/soundcloud/android/crop/HighlightView.java)
4. Test in example app by calling new builder method (example/src/main/java/com/soundcloud/android/crop/example/MainActivity.java)

Support Image Rotation Before Crop

1. Add rotate button to crop activity layout (lib/src/main/res/layout/crop__activity_crop.xml)
2. Add rotation click handler in CropImageActivity that calls RotateBitmap (lib/src/main/java/com/soundcloud/android/crop/CropImageActivity.java)
3. Invoke RotateBitmap.rotate() to transform the loaded image 90° (lib/src/main/java/com/soundcloud/android/crop/RotateBitmap.java)
4. Redraw CropImageView with rotated bitmap (lib/src/main/java/com/soundcloud/android/crop/CropImageView.java)

Add Localization for New Language

1. Create new values-xx directory (e.g., values-ru for Russian) (lib/src/main/res/values-ar/strings.xml)
2. Copy and translate strings from base strings.xml file (lib/src/main/res/values/strings.xml)
3. Android system automatically selects translated strings at runtime via resource qualifier

• Android Activity + Custom View — Provides full control over image rendering and touch interaction; leverages Android lifecycle for memory management
• Canvas rendering in HighlightView — Efficient 2D drawing of crop selection box without external dependencies; based on AOSP reference code
• Intent extras for configuration — Standard Android pattern for passing data between activities; allows process-safe serialization
• AAR artifact packaging — Standard library distribution format for Android; encapsulates resources, manifest, and compiled code

• No external image library dependency

  • Why: Minimize bloat for minimal cropping use case; use native Android APIs
  • Consequence: More boilerplate for image loading and scaling; less abstraction for custom implementations

• Single-threaded rendering in main Activity

  • Why: Simplicity and direct control; crop operation is typically quick
  • Consequence: Risk of ANR if image is very large or device is slow; no background processing for heavy images

• Fixed layout with toolbar buttons

  • Why: Consistent UX and rapid development
  • Consequence: Limited customization of UI appearance; must fork if radically different layout needed

• Deprecated library (no longer maintained)

  • Why: Original authors shifted focus; library is stable and self-contained
  • Consequence: No future updates; users must fork or switch libraries for new Android API levels or features

• Support for real-time live preview filters (blur, sepia, etc.)
• Built-in integration with camera capture or gallery selection
• Undo/redo functionality during crop session
• Batch cropping or multiple image handling
• Cloud storage sync or remote save
• Advanced color correction or image adjustment

Minimum SDK 10 constraint may cause issues with modern Android tooling (Gradle 2.1.0 is from 2015; modern Gradle requires Java 11+). AndroidManifest.xml declaration is required in consumer apps — users often forget this. No visible integration tests for actual image cropping (only builder tests), so actual crop functionality may have regressed. Theme customization is undocumented beyond the example; attribute names are not listed in a resources or attrs file.

• Activity Result API — android-crop is entirely based on launching CropImageActivity and receiving results via onActivityResult(); understanding Activity result contracts is essential to using this library
• Builder Pattern — The Crop class uses fluent builder pattern (Crop.of().asSquare().start()); this is the primary API surface users interact with and should be familiar with for contributing
• Android AAR (Android ARchive) packaging — The library is distributed as an AAR (not a JAR) to Maven Central; understanding AAR structure (includes resources, manifests, proguard rules) is needed to modify library packaging or publishing
• Android Theme and Style customization — Users customize the crop UI via Android theme attributes; the example/src/main/res/values/theme.xml pattern is how library configuration works in this codebase
• Image transformation pipeline (Intent URIs and FileProvider) — The library accepts input/output URIs (likely ContentResolver or FileProvider URIs) for image handling; understanding Android's URI schemes and file access is critical for debugging crop failures
• AOSP camera module code (camera cropper origin) — Core cropping logic is ported from AOSP; understanding the original AOSP implementation helps when diagnosing bugs or extending functionality

• UCrop/uCrop — Modern, actively-maintained alternative for Android image cropping with Material UI and extensive customization; direct successor in the ecosystem
• ArthurHub/Android-Image-Cropper — Another popular Android image cropping library with similar builder pattern and additional features like rotation; actively maintained as of recent years
• lvillani/android-cropimage — Original predecessor that android-crop forked from (mentioned in README); provides context on AOSP cropping code lineage
• SoundCloud/android-pinned-navigation-view — Fellow SoundCloud Android library following similar AAR packaging and Gradle setup patterns; shows SoundCloud's library publishing approach

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add instrumented tests for CropImageView touch/gesture handling

The lib/src/main/java/com/soundcloud/android/crop/CropImageView.java and HighlightView.java handle complex touch gestures and transformations, but only CropBuilderTest.java exists in androidTest. These core cropping interactions lack coverage and are error-prone to refactor. Adding comprehensive gesture tests would prevent regressions.

• [ ] Create lib/src/androidTest/java/com/soundcloud/android/crop/CropImageViewTest.java with tests for pan, zoom, and rotation gestures
• [ ] Create lib/src/androidTest/java/com/soundcloud/android/crop/HighlightViewTest.java for crop rect manipulation (resize, move)
• [ ] Add tests for edge cases like boundary constraints and aspect ratio enforcement during gestures
• [ ] Verify tests run on CI (update .travis.yml if needed)

Add instrumented tests for CropUtil utility methods

CropUtil.java likely contains image processing and dimension calculation logic used by CropImageView and CropImageActivity, but no tests exist for it. These utilities are commonly changed and need regression protection, especially around bitmap scaling and coordinate transformations.

• [ ] Create lib/src/androidTest/java/com/soundcloud/android/crop/CropUtilTest.java
• [ ] Add tests for dimension calculations (aspect ratio preservation, scale computation)
• [ ] Add tests for coordinate transformations and bitmap operations if present in CropUtil
• [ ] Include edge cases like zero dimensions, extreme aspect ratios, and null inputs

Migrate Travis CI to GitHub Actions and add automated release workflow

The .travis.yml exists but the repo is deprecated and needs modernization. GitHub Actions would remove external CI dependency, and an automated release workflow would help maintainers publish new versions to Maven Central (evidenced by .publishing/sonatype.gradle). This lowers friction for maintenance and community contributions.

• [ ] Create .github/workflows/android-build.yml to run Gradle build, lint, and tests on PR
• [ ] Create .github/workflows/publish-release.yml to automatically publish to Maven Central when a tag is pushed (using secrets for sonatype credentials)
• [ ] Update .travis.yml with deprecation notice directing to GitHub Actions
• [ ] Document the release process in CHANGELOG.md or README.md

• Add comprehensive docs for theme customization: list all available theme attributes (colors, dimensions, styles) in README.md or create a separate THEME.md with examples for each attribute used in example/src/main/res/values/theme.xml
• Write unit tests for the core Crop builder chain (currently only CropBuilderTest.java exists; add tests for error cases, uri validation, and output path handling) in lib/src/androidTest/
• Migrate from Gradle 2.1.0 and add Java 11 compatibility: update build.gradle to use modern Android Gradle Plugin and document minimum SDK/API level requirements clearly in README since project targets SDK 10 but modern tooling may not support it

This Android crop library has significant security concerns due to its deprecated and unmaintained status, coupled with outdated build tools from 2015. The project lacks modern security hardening and is no longer receiving updates or security patches. Critical issues include the use of Gradle 2.1.0 (7+ years old), potential intent injection vulnerabilities in the CropImageActivity component, and missing security configurations. The library is not recommended for production use in new projects. If already in use, immediate migration to maintained alternatives is strongly advised, or comprehensive security hardening and validation must be implemented as workarounds.

• High · Outdated Gradle Build Tools — build.gradle. The project uses Gradle build tools version 2.1.0, which was released in 2015 and contains multiple known security vulnerabilities. This version is no longer supported and lacks security patches for Android build infrastructure. Fix: Update to the latest stable Gradle build tools (currently 8.0+). Replace 'com.android.tools.build:gradle:2.1.0' with a current version such as 'com.android.tools.build:gradle:8.0.0' or later.
• High · Deprecated and Unmaintained Project — README.md. The README explicitly states 'Deprecated! This project is not maintained.' Using unmaintained libraries exposes the application to unpatched security vulnerabilities, lack of compatibility with newer Android versions, and no support for emerging security threats. Fix: Consider migrating to actively maintained image cropping libraries. Review alternatives listed in Android Arsenal. If continued use is necessary, conduct thorough security audits and implement additional validation layers.
• Medium · Potential Intent-Based Vulnerabilities in CropImageActivity — lib/src/main/java/com/soundcloud/android/crop/CropImageActivity.java, lib/src/main/AndroidManifest.xml. The library exposes CropImageActivity as a public component that accepts Intent extras (inputUri, outputUri). Without proper validation of these URIs, the activity could be vulnerable to intent injection attacks or access to unintended file paths. Fix: Implement strict validation of input URIs. Verify that URIs point to expected locations and implement proper file access controls. Consider using FileProvider for safer file access instead of direct URI handling.
• Medium · Missing SDK Version Constraints — lib/build.gradle, example/build.gradle. The build configuration lacks explicit minSdkVersion and targetSdkVersion declarations in the visible build.gradle file. This can lead to compatibility issues and missed security features available in newer Android versions. Fix: Set appropriate minSdkVersion and targetSdkVersion. Update targetSdkVersion to a recent version (34+) to ensure compliance with Google Play requirements and access to latest security APIs.
• Low · Missing Security Metadata in Manifest — lib/src/main/AndroidManifest.xml. The AndroidManifest.xml does not specify security-related attributes such as android:usesCleartextTraffic or android:debuggable settings, which could lead to unintended behavior. Fix: Explicitly set android:debuggable='false' for production builds. Configure android:usesCleartextTraffic='false' to prevent cleartext traffic. Review and explicitly declare all required permissions.
• Low · Gradle Wrapper Jar Included — gradle/wrapper/gradle-wrapper.jar. The gradle-wrapper.jar file is committed to version control. While this enables offline builds, it can pose a supply chain risk if the JAR is tampered with or outdated. Fix: Consider excluding gradle-wrapper.jar from version control and using gradle/wrapper/gradle-wrapper.properties to download it dynamically. If keeping it, ensure it's from a trusted source and regularly updated.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.