If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/junixapp/XPopup shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Looks unmaintained — solo project with stale commits

• Apache-2.0 licensed
• Tests present
• ⚠ Stale — last commit 1y ago
• ⚠ Solo or near-solo (1 contributor active in recent commits)
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live junixapp/XPopup repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/junixapp/XPopup.

What it runs against: a local clone of junixapp/XPopup — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in junixapp/XPopup | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 491 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of junixapp/XPopup. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/junixapp/XPopup.git
#   cd XPopup
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of junixapp/XPopup and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "junixapp/XPopup(\\.git)?\\b" \\
  && ok "origin remote is junixapp/XPopup" \\
  || miss "origin remote is not junixapp/XPopup (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "app/src/main/java/com/lxj/xpopupdemo/MainActivity.java" \\
  && ok "app/src/main/java/com/lxj/xpopupdemo/MainActivity.java" \\
  || miss "missing critical file: app/src/main/java/com/lxj/xpopupdemo/MainActivity.java"
test -f "app/src/main/java/com/lxj/xpopupdemo/DemoActivity.java" \\
  && ok "app/src/main/java/com/lxj/xpopupdemo/DemoActivity.java" \\
  || miss "missing critical file: app/src/main/java/com/lxj/xpopupdemo/DemoActivity.java"
test -f "app/build.gradle" \\
  && ok "app/build.gradle" \\
  || miss "missing critical file: app/build.gradle"
test -f "app/src/main/AndroidManifest.xml" \\
  && ok "app/src/main/AndroidManifest.xml" \\
  || miss "missing critical file: app/src/main/AndroidManifest.xml"
test -f "app/src/main/java/com/lxj/xpopupdemo/fragment/BaseFragment.java" \\
  && ok "app/src/main/java/com/lxj/xpopupdemo/fragment/BaseFragment.java" \\
  || miss "missing critical file: app/src/main/java/com/lxj/xpopupdemo/fragment/BaseFragment.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 491 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~461d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/junixapp/XPopup"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

XPopup is a high-performance Android popup/dialog library that unifies Dialog, PopupWindow, PopupMenu, BottomSheet, DrawerLayout, and Spinner into a single customizable component. It provides 7+ built-in popup types (Center, Bottom, Attach, Drawer, FullScreen, ImageViewer, Position) with 15+ pre-built animations and enables custom animations with minimal boilerplate, achieving 2x performance improvement over v1.0. Monolithic Android library project: app/src/main/java/com/lxj/xpopup/ contains the core popup engine (not shown in top 60 but implied), while app/src/main/java/com/lxj/xpopupdemo/ demonstrates 20+ custom popup implementations (CustomAttachPopup, CustomCenterPopup, CustomDrawerPopupView, etc). Fragment-based demo structure in app/src/main/java/com/lxj/xpopupdemo/fragment/ showcases each popup type (QuickStartDemo.java, AllAnimatorDemo.java, CustomAnimatorDemo.java).

Android developers building feature-rich apps who need to replace system dialogs and popup components with elegant, performant, gesture-aware alternatives that support nested scrolling, keyboard interaction, and full-screen notches. Contributors expanding animation libraries or custom popup implementations.

Actively maintained production library (v2.0 released with major performance overhaul). 581KB Java codebase with comprehensive demo app showing 15+ popup types and animations. No explicit CI/test suite visible in file listing, but README shows extensive real-world usage patterns and landscape support. Strong GitHub presence indicated by badge references and Gitee mirror.

Single-author library (li-xiaojun) with no visible test automation in provided file structure raises regression risk. No explicit CI pipeline (GitHub Actions/.github/workflows) shown, though bug_report.md template exists. Dependencies on androidx and third-party libraries (EasyAdapter, StateLayout, Glide, UtilCodeX) introduce transitive risk. However, mature feature set and version 2.0 release suggest stability.

Version 2.0 in active use with performance optimizations and animation refinements. Demo app contains recent custom popup implementations (CustomImageViewerPopup, NotificationMsgPopup, ZhihuCommentPopup suggesting real-world feature requests). No explicit open PR/issues visible in file listing, but README mentions extensive feature parity with system components and notch adaptation.

Check README for instructions.

Daily commands:

./gradlew assembleDebug              # Build debug APK
./gradlew installDebug             # Install to connected device
# Run on emulator/device via Android Studio Run menu
# Demo app launcher: MainActivity.java -> DemoActivity.java + PageInfo.java for navigation

• app/src/main/java/com/lxj/xpopupdemo/MainActivity.java — Application entry point and primary demo launcher; demonstrates core XPopup usage patterns and initialization
• app/src/main/java/com/lxj/xpopupdemo/DemoActivity.java — Secondary activity managing demo fragments and navigation; critical for understanding demo architecture
• app/build.gradle — Build configuration and dependency declarations; essential for understanding library versions and Android SDK setup
• app/src/main/AndroidManifest.xml — Android manifest declaring activities, permissions, and application metadata; required for understanding app structure
• app/src/main/java/com/lxj/xpopupdemo/fragment/BaseFragment.java — Base fragment class for all demo fragments; provides shared lifecycle and initialization logic
• app/src/main/java/com/lxj/xpopupdemo/Constants.java — Centralized constants and configuration; defines demo categories and navigation data
• app/src/main/java/com/lxj/xpopupdemo/XPopupApp.java — Application class handling global initialization and configuration; sets up XPopup library defaults

Add a New Popup Demo Fragment

1. Create new Fragment class extending BaseFragment in app/src/main/java/com/lxj/xpopupdemo/fragment/ (app/src/main/java/com/lxj/xpopupdemo/fragment/BaseFragment.java)
2. Create corresponding layout XML in app/src/main/res/layout/fragment_*.xml with demo UI (app/src/main/res/layout/fragment_quickstart.xml)
3. Add demo entry to Constants.java with title, description, and fragment class reference (app/src/main/java/com/lxj/xpopupdemo/Constants.java)
4. Implement popup creation and display logic in fragment's onCreate or view creation methods following QuickStartDemo pattern (app/src/main/java/com/lxj/xpopupdemo/fragment/QuickStartDemo.java)

Create a Custom Popup Implementation

1. Create new class in app/src/main/java/com/lxj/xpopupdemo/custom/ extending appropriate XPopup base class (CenterPopup, AttachPopup, BottomPopup, etc.) (app/src/main/java/com/lxj/xpopupdemo/custom/LoginPopup.java)
2. Create layout XML for popup content in app/src/main/res/layout/ (app/src/main/res/layout/popup_login.xml)
3. Implement onCreate() method to initialize views and add event listeners following existing custom popup patterns (app/src/main/java/com/lxj/xpopupdemo/custom/CustomCenterPopup.java)
4. Expose popup via demo fragment or demo activity, following usage pattern in CustomPopupDemo.java (app/src/main/java/com/lxj/xpopupdemo/fragment/CustomPopupDemo.java)

Add a New Animation Demo

1. Create animation example in existing AllAnimatorDemo or CustomAnimatorDemo fragment (app/src/main/java/com/lxj/xpopupdemo/fragment/AllAnimatorDemo.java)
2. Define animation using XPopup's animator API (scale, alpha, translation, etc.) following library conventions (app/src/main/java/com/lxj/xpopupdemo/fragment/CustomAnimatorDemo.java)
3. Add UI button or list item in corresponding fragment layout to trigger the animation demo (app/src/main/res/layout/fragment_custom_animator_demo.xml)

• Android Fragments — Enables modular demo organization with independent lifecycle management and clean navigation between different XPopup feature demonstrations
• AndroidX/Material Design — Provides modern Android API compatibility (minSdkVersion 19) with Material Design patterns for consistent popup styling and animations
• XPopup Library (core dependency) — The primary subject library providing popup base classes (CenterPopup, AttachPopup, BottomPopup, etc.), built-in animations, and lifecycle-aware resource management
• ViewModel (MVVM pattern) — Separates demo data logic from UI fragments, survives configuration changes, and enables state persistence across lifecycle events

• Use Fragments instead of Activities for demos

  • Why: Reduces app complexity and allows fragment transaction-based navigation with shared activity context
  • Consequence: Requires Fragment lifecycle understanding but provides memory efficiency and smoother transitions

• Demonstrate both built-in and custom popups in same app

  • Why: Shows full range of XPopup capabilities from quick-start to advanced customization
  • Consequence: Increases demo app size but maxim

Gradle version: compileSdkVersion 30 with minSdkVersion 19 — test on API 19 devices to catch compatibility issues. Signing config: xpopup.keystore required for release builds (keystore path: app/xpopup.keystore, credentials hardcoded in build.gradle). ProGuard rules: app/proguard-rules.pro applied only in release builds — debug APK excludes obfuscation, behavior may differ. RTL layout: README claims RTL support but no visible locale resources in top 60 files; test on RTL devices. Notch adaptation: Supports multiple manufacturers (Xiaomi, Huawei, Samsung, OPPO, VIVO, OnePlus) but implementation hidden in core library — verify on target devices. No visible Fragment lifecycle handling in top 60 — TestFragment.java exists but integration unclear.

• Nested Scroll Delegation — XPopup implements smart nested scrolling to detect and handle scroll conflicts between popup's internal RecyclerView/ListView and parent ScrollView — critical for Bottom and Drawer popups to feel native; understanding ViewParent.requestDisallowInterceptTouchEvent() is essential
• Lifecycle-Aware Components — XPopup extends LifecycleOwner to auto-dismiss popups when parent Activity/Fragment is destroyed, preventing memory leaks; critical for understanding why popups don't require manual cleanup in onCreate/onDestroy
• Property Animator Framework — XPopup's 15+ animations are built on Android's ObjectAnimator/ValueAnimator with custom interpolators; understanding animator lifecycle, timing, and frame callbacks is required for custom animation development
• Gesture Detection & Drag Handling — Bottom/Drawer popups implement custom GestureDetector and VelocityTracker to detect swipe-to-dismiss and drag-to-scroll; essential for responsive gesture interaction that feels like system DrawerLayout
• Input Method Manager Integration — XPopup handles soft keyboard show/hide to avoid covering content (CustomEditTextBottomPopup.java); understanding IME height detection and WindowInsets is necessary for keyboard-aware popups
• Display Notch & Safe Area Detection — XPopup auto-adapts to notches on Xiaomi, Samsung, Huawei, OPPO, VIVO devices via manufacturer-specific APIs; understanding DisplayCutout and safe insets prevents content overlap with hardware notches
• ViewGroup Measure/Layout Pipeline — Custom popup positioning (Attach type with intelligent edge detection, Position type with free placement) requires precise onMeasure/onLayout override to compute popup bounds and avoid screen edges

• afollestad/material-dialogs — Mature Material Design dialog library predating XPopup v2.0, provides alternative for Center popup use cases with theme customization
• android/architecture-samples — Demonstrates MVVM + LiveData patterns used by XPopup's LifecycleOwner implementation (see DemoVM.java and Fragment demos)
• li-xiaojun/XPopupExt — Official companion library extending XPopup with date/time and city pickers, referenced in README as extension for complex selection UIs
• chrisbanes/PhotoView — Image zoom library integrated into XPopup's ImageViewer popup type for pinch-to-zoom and drag interactions
• davemorrissey/subsampling-scale-imageview — Large image rendering library embedded in ImageViewer popup to handle super-long images without OOM (mentioned in README)

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive unit tests for core popup animation classes

The repository lacks visible test coverage for the animation system, which is a critical feature (mentioned as '十几种良好的动画' - 'a dozen good animations'). Since XPopup's core value proposition includes smooth animations and performance optimizations, unit tests for animator classes would prevent regressions and validate the '2倍以上性能提升' (2x+ performance improvement) claims. This is particularly important given the codebase lacks a visible test directory.

• [ ] Create app/src/test directory structure for unit tests
• [ ] Write tests for core animator classes in xpopup library covering: timing validation, property animation correctness, and lifecycle management
• [ ] Add tests validating nested scroll handling and input method interactions mentioned in README
• [ ] Configure test runner in app/build.gradle with testImplementation dependencies (JUnit, Mockito)

Add GitHub Actions CI workflow for automated testing and APK building

The repository has .github/ISSUE_TEMPLATE directory but no visible workflows folder for CI/CD. Given that the project builds APKs with versioning (app/build.gradle shows APK naming with version and date), a GitHub Actions workflow would automate testing on PRs, validate builds across API levels (minSdkVersion 19 to targetSdkVersion 30), and prevent broken releases. This is critical for a maintained library with active releases.

• [ ] Create .github/workflows/build-and-test.yml for running Gradle build and tests on push/PR
• [ ] Add matrix testing across compileSdkVersion 30 and minSdkVersion 19 compatibility
• [ ] Configure lint checks using existing app/proguard-rules.pro and lintOptions in build.gradle
• [ ] Add APK artifact upload/release step leveraging the existing outputFileName pattern

Document custom popup implementation patterns with code examples for fragment examples

The repository contains 12+ custom popup implementations (CustomAttachPopup, CustomBubbleAttachPopup, CustomDrawerPopupView, etc.) in app/src/main/java/com/lxj/xpopupdemo/custom/, but the README only shows high-level feature descriptions. Adding a structured guide with specific examples from these implementations would reduce contributor friction and improve discoverability. The README mentions 'Fragment生命周期' (Fragment lifecycle) support but provides no concrete code example in the snippet.

• [ ] Create docs/CUSTOM_POPUP_GUIDE.md with step-by-step examples extracted from CustomCenterPopup.java and CustomAttachPopup.java
• [ ] Add section documenting Fragment lifecycle binding using examples from app/src/main/java/com/lxj/xpopupdemo/fragment/FragmentLifecycleDemo.java
• [ ] Document ListView/RecyclerView integration patterns referencing ListDrawerPopupView.java and PagerBottomPopup.java
• [ ] Link guide in main README.md and README-en.md for visibility

• Add unit tests for popup lifecycle management (onCreate, onShow, onDismiss) — core library methods visible in README but no test suite in file listing; create androidTest/ directory with instrumentation tests for CustomCenterPopup.java and CustomAttachPopup.java
• Document animation timing values and easing functions with code examples — AllAnimatorDemo.java showcases 15+ animations but README lacks duration/interpolator details; add JavaDoc comments to animator classes and create docs/ANIMATIONS.md with visual timing diagrams
• Create accessibility (a11y) support for keyboard navigation in Bottom and Drawer popups — gesture interactions documented but no mention of AccessibilityDelegate or ViewPager2 a11y; implement focus management in CustomDrawerPopupView.java and test with TalkBack

• Critical · Hardcoded Keystore Credentials in Build Configuration — app/build.gradle - signingConfigs.release block. The app/build.gradle file contains hardcoded keystore credentials (storePassword: 'xpopup', keyAlias: 'xpopup', keyPassword: 'xpopup') directly in the build configuration. This exposes sensitive signing keys in version control and allows anyone with repository access to sign malicious APKs with the app's legitimate certificate. Fix: Move credentials to a separate properties file (not committed to VCS), use environment variables, or implement a secure key management system. Use gradle.properties or external key management service.
• High · Keystore File Committed to Repository — app/build.gradle - storeFile reference and repository root. The keystore file 'xpopup.keystore' is referenced in build configuration and appears to be stored in the repository based on the storeFile reference. This is a critical security issue as private signing keys should never be committed to version control. Fix: Remove the keystore file from version control immediately. Add it to .gitignore. Store it securely in a CI/CD secrets manager or external key management system.
• High · Outdated Dependencies with Known Vulnerabilities — app/build.gradle - dependencies section. The project uses outdated dependencies including Glide 4.12.0 (released 2021), utilcodex 1.31.1, and others that may contain known security vulnerabilities. No dependency pinning is evident for critical libraries. Fix: Update all dependencies to their latest stable versions. Regularly scan dependencies using tools like 'gradle dependencyCheckAnalyze' or OWASP Dependency-Check. Implement dependency version constraints and regular security audits.
• High · Debug Signing Configuration Used for Release Builds — app/build.gradle - buildTypes section. The release buildType uses signingConfigs.release with v1SigningEnabled true and v2SigningEnabled true, but debug builds also reference the release signing config. This could allow debug builds to be signed with production keys. Fix: Ensure debug and release builds use separate signing configurations. Debug should use the default debug keystore, and release should use the production keystore stored securely outside the repository.
• Medium · Proguard Configuration Enabled but Contents Unknown — app/build.gradle and app/proguard-rules.pro. ProGuard is enabled for release builds (minifyEnabled true), but the rules file content is not visible. Improper ProGuard configuration could leave sensitive code patterns unobfuscated or inadvertently expose class names and method signatures. Fix: Review proguard-rules.pro to ensure: (1) All custom classes and libraries are properly obfuscated, (2) No sensitive patterns are kept for debugging, (3) Security-critical code is not kept in plaintext, (4) Third-party library ProGuard rules are included.
• Medium · Missing Lint Security Checks — app/build.gradle - lintOptions block. The lintOptions configuration disables build-time lint checking (checkReleaseBuilds false, abortOnError false). This prevents Android Lint from catching security issues like hardcoded permissions, insecure permission declarations, or other security misconfigurations. Fix: Enable lint checks by setting checkReleaseBuilds to true and abortOnError to true. Address all security-related warnings. Use 'gradle lint' to identify and fix issues before release.
• Medium · Deprecated Compile SDK Version — app/build.gradle - compileSdkVersion and targetSdkVersion. The project uses compileSdkVersion 30 and targetSdkVersion 30, which are significantly outdated (current is 34+). This may miss important security fixes and privacy improvements available in newer Android versions. Fix: Update compileSdkVersion and targetSdkVersion to at least 33 or 34. Review and implement security features added in newer API levels such as runtime permissions, Scoped Storage, and privacy controls.
• Medium · Resource Shrinking Enabled Without Verification — undefined. shrinkResources is enabled for release builds, but there's no evidence of testing to ensure legitimate resources aren't accidentally removed, which could cause runtime crashes or security bypasses Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.