If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/Klocman/Bulk-Crap-Uninstaller shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 2mo ago
• 15 active contributors
• Apache-2.0 licensed
• CI configured
• ⚠ Concentrated ownership — top contributor handles 75% of recent commits
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live Klocman/Bulk-Crap-Uninstaller repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/Klocman/Bulk-Crap-Uninstaller.

What it runs against: a local clone of Klocman/Bulk-Crap-Uninstaller — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in Klocman/Bulk-Crap-Uninstaller | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 93 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of Klocman/Bulk-Crap-Uninstaller. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/Klocman/Bulk-Crap-Uninstaller.git
#   cd Bulk-Crap-Uninstaller
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of Klocman/Bulk-Crap-Uninstaller and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "Klocman/Bulk-Crap-Uninstaller(\\.git)?\\b" \\
  && ok "origin remote is Klocman/Bulk-Crap-Uninstaller" \\
  || miss "origin remote is not Klocman/Bulk-Crap-Uninstaller (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "source/BulkCrapUninstaller/BulkCrapUninstaller.csproj" \\
  && ok "source/BulkCrapUninstaller/BulkCrapUninstaller.csproj" \\
  || miss "missing critical file: source/BulkCrapUninstaller/BulkCrapUninstaller.csproj"
test -f "source/BCU-console/BCU-console.csproj" \\
  && ok "source/BCU-console/BCU-console.csproj" \\
  || miss "missing critical file: source/BCU-console/BCU-console.csproj"
test -f "source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.cs" \\
  && ok "source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.cs" \\
  || miss "missing critical file: source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.cs"
test -f "source/BCU-launcher/main.cpp" \\
  && ok "source/BCU-launcher/main.cpp" \\
  || miss "missing critical file: source/BCU-launcher/main.cpp"
test -f "source/BulkCrapUninstaller.sln" \\
  && ok "source/BulkCrapUninstaller.sln" \\
  || miss "missing critical file: source/BulkCrapUninstaller.sln"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 93 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~63d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/Klocman/Bulk-Crap-Uninstaller"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Bulk Crap Uninstaller (BCU) is a Windows application removal tool written in C# that batch-uninstalls multiple programs with minimal user interaction. It specializes in detecting and removing application remnants, orphaned files, and supports Windows Store Apps, Steam, Windows Features, and multiple uninstaller formats (NSIS, InnoSetup, Msiexec). Core capability: run uninstallers from premade lists and clean leftover registry/file artifacts across dozens of applications simultaneously. Monolithic structure with three main projects under source/: BulkCrapUninstaller (main GUI app in C#), BCU-console (command-line wrapper), and BCU-launcher (native C++ entry point for elevation/bootstrapping). The installer folder contains Inno Setup scripts (BcuSetup.iss, CodeDependencies.iss, PortablePage.iss) with multi-language support (ChineseSimplified.isl, Hindi.isl, etc.). Controls/ subdirectory houses reusable WinForms components with extensive localization (.resx files for 10+ languages).

IT professionals and system administrators managing multiple machines who need to remove large amounts of bloatware and unwanted software quickly; also general Windows users wanting to clean their system more thoroughly than the built-in Control Panel uninstaller allows.

Production-ready but actively seeking new maintainers. The project has reached stable release status (GitHub releases page shows public availability), includes CI/CD via GitHub Actions (.github/workflows/ci.yaml and winget.yml), and maintains installer variants (Setup, Portable, net). However, the maintainer posted a warning (:warning: Looking for maintainers :warning:) on the main README, indicating potential activity concerns; commit recency and test coverage cannot be fully verified from the provided file list.

Single-maintainer risk is explicit—the repo actively seeks new maintainers per the README warning. The codebase is 4.3 MB of C# with a small C++ launcher (main.cpp), meaning dependency management is critical; the Inno Setup installer (139 KB) adds deployment complexity. No test directory is visible in the top 60 files, suggesting test coverage may be limited or in an untracked location. Breaking changes could occur if maintainers transition.

The project maintains nightly builds via GitHub Actions (ci.yaml workflow) and publishes to winget (winget.yml workflow), indicating active CI/CD. However, the README's prominent maintainer-wanted message suggests development velocity may be declining or transitioning. Documentation is stable (BCU_manual.html/odt in doc/), and the codebase appears feature-complete rather than in active feature development.

Clone and open in Visual Studio: git clone https://github.com/Klocman/Bulk-Crap-Uninstaller.git && cd Bulk-Crap-Uninstaller/source && start BulkCrapUninstaller.sln. The .sln file targets .NET (likely .NET Framework based on C# csproj structure). Build via Visual Studio or msbuild BulkCrapUninstaller.sln. No package manager setup (npm/NuGet restore should be automatic in VS).

Daily commands: Open source/BulkCrapUninstaller.sln in Visual Studio 2019+ and hit F5 (Debug) or build in Release mode. For console variant: dotnet run --project source/BCU-console/BCU-console.csproj. For installer testing: run installer/BcuSetup.iss through Inno Setup compiler (iscc.exe). Portable version is built via installer/PortablePage.iss.

• source/BulkCrapUninstaller/BulkCrapUninstaller.csproj — Main application project file defining all assemblies, dependencies, and build configuration for the UI application.
• source/BCU-console/BCU-console.csproj — Console interface project file; entry point for command-line uninstallation operations.
• source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.cs — Core custom control for clipboard management used throughout the UI; heavily relied upon by multiple dialogs.
• source/BCU-launcher/main.cpp — Native C++ launcher entry point; bootstraps the managed application with minimal overhead.
• source/BulkCrapUninstaller.sln — Solution file orchestrating all three sub-projects (UI, Console, Launcher) and their build order.
• installer/BcuSetup.iss — Inno Setup installer script defining installation flow, registry entries, and uninstallation cleanup.

Add a new custom UI control

1. Create new control class in source/BulkCrapUninstaller/Controls/{ControlName}.cs inheriting from UserControl (source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.cs)
2. Add designer stub by creating {ControlName}.Designer.cs in the same directory (source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.Designer.cs)
3. Create base English resource file {ControlName}.resx with default strings (source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.resx)
4. For each supported language, duplicate .resx file with culture code (e.g., .de.resx for German) (source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.de.resx)
5. Integrate control into main form or required dialogs by drag-and-drop in form designer (source/BulkCrapUninstaller/BulkCrapUninstaller.csproj)

Add support for a new uninstaller system

1. Implement detection logic in a new class following existing uninstaller detection patterns (source/BulkCrapUninstaller/BulkCrapUninstaller.csproj)
2. Register the new uninstaller type in the main application's uninstaller discovery enumeration (source/BulkCrapUninstaller/BulkCrapUninstaller.csproj)
3. Add uninstaller command invocation logic matching patterns for NSIS, InnoSetup, or Msiexec (source/BulkCrapUninstaller/BulkCrapUninstaller.csproj)
4. Update console program to expose new uninstaller type via command-line arguments (source/BCU-console/Program.cs)

Add a new language localization

1. Create new .isl language file in installer/lang/{LanguageName}.isl following Inno Setup syntax (installer/lang/ChineseSimplified.isl)
2. For each .resx file in Controls, create a culture-specific copy (e.g., {ControlName}.{LanguageCode}.resx) (source/BulkCrapUninstaller/Controls/AdvancedClipboardCopy.de.resx)
3. Register the new language in BcuSetup.iss by adding [Languages] section entry (installer/BcuSetup.iss)
4. Test UI rendering and installer flow with the new language selected (source/BulkCrapUninstaller/BulkCrapUninstaller.csproj)

Add a batch uninstallation operation (console/automated)

1. Define new command-line argument in BCU-console Program.cs argument parser (source/BCU-console/Program.cs)
2. Implement batch operation logic in a separate service class following existing patterns (source/BCU-console/BCU-console.csproj)
3. Integrate with the main application's uninstaller invocation pipeline (source/BulkCrapUninstaller/BulkCrapUninstaller.csproj)
4. Update documentation in doc/BCU_manual.html with new command and usage examples (doc/BCU_manual.html)

• C# & .NET Framework / .NET Core — Cross-platform compatibility, rich WinForms UI framework, strong type safety for managing system state, and native Windows integration via P/Invoke.
• C++ launcher (main.cpp) — Minimal overhead bootstrap to load CLR without unnecessary process startup delay; allows single executable entry point.
• WinForms — Native Windows UI toolkit with mature designer tooling; sufficient for desktop application without web complexity.
• Inno Setup (installer) — Lightweight, widely trusted installer format with native Windows integration, registry support, and multi-language capabilities.
• Windows Registry & WMI querying — Standard Windows mechanisms for discovering installed applications; required for compatibility with diverse installer systems.

• WinForms instead of WPF or UWP

  • Why: WinForms is simpler, lighter, and sufficient for this tool's feature set; avoids heavyweight framework dependencies.
  • Consequence: Limited modern UI animations and styling; however, reduces memory footprint and startup latency.

• Synchronous Registry/WMI queries instead of async background threads

  • Why: Simpler code, deterministic ordering of uninstallations; reduces concurrency complexity.
  • Consequence: UI can freeze during large application discovery; mitigated by dedicated scan threads.

• Native C++ launcher wrapper instead of managed entry point

  • Why: Reduces CLR startup overhead and provides a slim executable for distribution and execution.
  • Consequence: Adds complexity to build process; requires Visual Studio C++ toolchain.

• Multi-language support via separate .resx/.isl files rather than centralized database

  • Why: Aligns with .NET resource conventions and Inno Setup expectations; simplifies translation contribution.
  • Consequence: Scaling to many languages requires maintaining many file variants; community translation easier to manage.

• Does not support Linux or macOS (Windows-only application)
• Does not provide real-time system monitoring or background cleanup daemons
• Does not implement cloud-based application catalogs or online uninstaller repositories
• Does not offer GUI themes or extensive customization of

UAC elevation is handled by the C++ launcher (BCU-launcher/main.cpp); running the C# app directly without the launcher may lose admin privileges needed for system-wide uninstallation. Installer scripts are Inno Setup (not NSIS), requiring iscc.exe compiler—do not confuse with NSIS scripts. Localization is split: UI strings in .resx files (one per language, per control), installer strings in .isl files (installer/lang/). The publish.bat script suggests automated publishing flow—check what it does before running locally. No .env or configuration file visible; check source code for hardcoded paths or registry keys the app depends on.

• Windows Registry Cleanup & Artifact Detection — Core BCU function: identifying and removing leftover registry entries, shortcuts, and temp files after uninstallation; understanding registry hives (HKLM, HKCU) and uninstall detection logic is fundamental to the codebase.
• User Access Control (UAC) Elevation — BCU requires admin privileges to uninstall system applications; the C++ launcher (main.cpp) handles UAC manifest requests and privilege escalation, which is essential for understanding the entry point.
• Installer Format Detection & Silent Uninstall — BCU detects and runs uninstallers for NSIS, InnoSetup, Msiexec, and others; understanding how uninstall strings in registry are parsed and executed silently (via command-line flags like /SILENT, /S, /quiet) is key to batch automation.
• WinForms Localization & Resource Files (.resx) — BCU supports 10+ languages via .resx files (one per control, per language); learning how WinForms designer integrates with resource files and how to add new language support is crucial for UI contributions.
• Inno Setup Installer Scripting — BCU distribution relies on Inno Setup (.iss files) with conditional components (CodeDependencies.iss), portable variants (PortablePage.iss), and multi-language strings (.isl files); understanding Inno directives is needed to modify or extend installer flows.
• Windows Store Apps & AppX Package Detection — BCU has special support for uninstalling Windows Store Apps (mentioned in README); detecting, enumerating, and removing AppX packages requires understanding Windows.Management.Deployment API or similar platform-specific mechanisms.
• Orphaned Application Detection — BCU detects applications with broken uninstallers or missing registry entries; this involves scanning the filesystem, registry hives, and application manifests to identify stale entries—a form of graph-based dependency and orphan analysis.

• thorsten/uninstall-studio — Alternative Windows batch uninstaller providing similar multi-app removal and leftover cleanup; direct competitor in same problem space.
• Xalcon/SteamCMD — Handles batch removal/management of Steam applications; BCU has special Steam support so understanding SteamCMD's approach would inform integration.
• microsoft/winget-cli — Official Windows package manager that BCU publishes to (winget.yml in workflows); understanding winget manifest format is needed for publishing updates.
• Torchwood71/RevoUninstaller-community-edition — Legacy alternative to BCU with similar registry cleanup and leftover detection; shows design patterns for scanning application remnants.
• jrsoftware/issrc — Inno Setup source repository; BCU uses Inno Setup heavily for installers (BcuSetup.iss, CodeDependencies.iss), so understanding Inno script capabilities matters.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add localization/translation coverage tests for .resx files

The repo has extensive multi-language support (17+ languages based on .resx files in Controls/) but no apparent test coverage. Missing translations, mismatched resource keys, or outdated strings across language files could break the UI. A specific test suite would validate that all .resx files have identical key sets and warn about untranslated strings.

• [ ] Create source/BulkCrapUninstaller.Tests/LocalizationTests.cs
• [ ] Parse all .resx files in Controls/ directory using System.Resources.ResXResourceReader
• [ ] Verify all language variants have matching keys (e.g., AdvancedClipboardCopy.cs.resx vs AdvancedClipboardCopy.de.resx)
• [ ] Add test to CI workflow (.github/workflows/ci.yaml) to run on PRs

Add signed binary verification step to CI/release workflow

The repo publishes releases and has a publish.bat script, but .github/workflows/winget.yml suggests distribution through winget (Windows package manager). There's no visible code-signing validation or artifact integrity checks. Adding signed binary verification would ensure release authenticity and prevent tampering.

• [ ] Update .github/workflows/winget.yml to verify Authenticode signatures on compiled .exe files
• [ ] Add a new workflow step that uses signtool.exe (Windows SDK) or equivalent to validate signatures before publishing
• [ ] Document signing key/certificate requirements in CONTRIBUTING.md
• [ ] Add signature validation to installer/BcuSetup.iss (Inno Setup) if not already present

Create integration tests for uninstaller detection and orphaned app cleanup logic

The core feature is detecting and removing applications, but there's no visible test suite for the application enumeration or cleanup detection logic. The source/BulkCrapUninstaller/ directory has extensive business logic but no Tests/ folder. A targeted integration test suite would prevent regressions in the critical uninstaller matching algorithms.

• [ ] Create source/BulkCrapUninstaller.Tests/ folder with integration test project
• [ ] Add tests in source/BulkCrapUninstaller.Tests/AppDetectionTests.cs to mock registry entries and verify app detection logic
• [ ] Add tests for orphaned application detection (apps installed but no uninstaller found)
• [ ] Ensure tests run in CI via .github/workflows/ci.yaml using NUnit or xUnit

• Add unit tests for BCU-console/Program.cs command-line parsing: the file exists but no corresponding .Tests.csproj or test directory is visible in top 60 files, making this a good area to add test coverage for CLI scenarios.
• Expand documentation in doc/BCU_manual.html for the console variant: the BCU-console project exists and is downloadable but the manual appears GUI-focused (file size 139KB for manual vs 4.3MB codebase suggests incomplete CLI docs).
• Create a localization checklist script to validate all .resx and .isl language files are in sync: with 10+ language variants visible (ChineseSimplified.isl, Hindi.isl, Vietnamese.isl, plus .resx files), tooling to detect missing keys would prevent translation drift across releases.

The Bulk Crap Uninstaller project shows moderate security concerns typical of a system utility application. Primary risks include: (1) Lack of visible dependency vulnerability scanning, (2) Inherent risks from file system and registry operations requiring careful input validation, (3) Potential privilege escalation vectors in the C++ launcher component, (4) Missing security hard

• High · Missing Dependency Analysis — source/BulkCrapUninstaller/*.csproj, source/BCU-console/*.csproj. No package dependency file (packages.config, *.csproj dependencies section, or NuGet references) was provided for analysis. The C# projects in the source directory likely have NuGet dependencies that should be scanned for known vulnerabilities. Without this information, transitive dependency vulnerabilities cannot be assessed. Fix: Perform regular dependency vulnerability scanning using tools like OWASP Dependency-Check, Snyk, or GitHub's Dependabot. Ensure all NuGet packages are kept up-to-date and audit for CVEs in third-party libraries.
• Medium · Unvalidated File Operations in Uninstaller — source/BulkCrapUninstaller/, source/BCU-console/. As an application uninstaller that performs file system operations and registry manipulation, there is inherent risk of privilege escalation and unsafe file deletion. The application name suggests it performs bulk operations which could be exploited if input validation is insufficient. Fix: Implement strict input validation for all file paths and registry operations. Use allowlists for approved uninstallation targets. Implement proper permission checks before file deletion. Log all operations for audit purposes.
• Medium · Potential Privilege Escalation Vector — source/BCU-launcher/main.cpp, source/BCU-launcher/BCU-launcher.vcxproj. The BCU-launcher C++ component (BCU-launcher.vcxproj) may be used for privilege escalation. C++ applications often require careful memory management and security practices. The launcher pattern combined with elevation requirements could be a vector for privilege escalation if not properly secured. Fix: Ensure the launcher validates all arguments and only passes safe parameters to the managed application. Implement proper UAC (User Account Control) handling. Verify no buffer overflows or unsafe memory operations exist in the C++ code. Use code signing to prevent tampering.
• Medium · Missing Security Configuration in CI/CD — .github/workflows/ci.yaml, .github/workflows/winget.yml. The GitHub Actions workflows (.github/workflows/ci.yaml and winget.yml) may not include security checks like code signing verification, artifact verification, or secret scanning. This could allow compromised builds to be distributed. Fix: Add code signing to build artifacts. Implement GitHub secret scanning. Add SAST (Static Application Security Testing) tools to the CI pipeline. Verify Inno Setup installer integrity. Use signed releases on GitHub.
• Medium · Inno Setup Installer Configuration Review Needed — installer/BcuSetup.iss, installer/CodeDependencies.iss, installer/PortablePage.iss. The Inno Setup installer (BcuSetup.iss) is responsible for system-level installation. Misconfiguration could lead to privilege escalation, unsafe file permissions, or registry modifications that compromise system security. Fix: Review installer permissions (PrivilegesRequired setting). Ensure file extraction paths don't allow path traversal. Verify registry modifications are scoped correctly. Use code signing for the installer executable. Implement integrity checks.
• Low · Project Maintenance Status — README.md. The README explicitly states 'Looking for maintainers', indicating the project may lack active security oversight. This could result in unpatched vulnerabilities and outdated dependencies. Fix: Establish a dedicated security maintainer or team. Implement regular security audits. Set up automated dependency scanning. Create a responsible disclosure policy and security.md file.
• Low · Console Application Security — source/BCU-console/Program.cs. The BCU-console application may accept command-line arguments without proper validation, potentially enabling injection attacks or unsafe operations if used in automated scripts. Fix: Implement strict argument validation and parsing. Document safe command-line usage. Consider using argument parsing libraries. Escape or sanitize any user-provided paths or registry keys.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.