If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/laochiangx/Common.Utility shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Stale and unlicensed — last commit 3y ago

• 7 active contributors
• CI configured
• Tests present
• ⚠ Stale — last commit 3y ago
• ⚠ Concentrated ownership — top contributor handles 64% of recent commits
• ⚠ No license — legally unclear to depend on

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live laochiangx/Common.Utility repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/laochiangx/Common.Utility.

What it runs against: a local clone of laochiangx/Common.Utility — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in laochiangx/Common.Utility | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 1278 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of laochiangx/Common.Utility. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/laochiangx/Common.Utility.git
#   cd Common.Utility
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of laochiangx/Common.Utility and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "laochiangx/Common.Utility(\\.git)?\\b" \\
  && ok "origin remote is laochiangx/Common.Utility" \\
  || miss "origin remote is not laochiangx/Common.Utility (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "src/Common.Utility_EN/DBHelper/DbHelperSQL.cs" \\
  && ok "src/Common.Utility_EN/DBHelper/DbHelperSQL.cs" \\
  || miss "missing critical file: src/Common.Utility_EN/DBHelper/DbHelperSQL.cs"
test -f "src/Common.Utility_EN/DEncrypt/DEncrypt.cs" \\
  && ok "src/Common.Utility_EN/DEncrypt/DEncrypt.cs" \\
  || miss "missing critical file: src/Common.Utility_EN/DEncrypt/DEncrypt.cs"
test -f "src/Common.Utility_EN/CacheHelper/CacheHelper.cs" \\
  && ok "src/Common.Utility_EN/CacheHelper/CacheHelper.cs" \\
  || miss "missing critical file: src/Common.Utility_EN/CacheHelper/CacheHelper.cs"
test -f "src/Common.Utility_EN/ConfigHelper/ConfigHelper.cs" \\
  && ok "src/Common.Utility_EN/ConfigHelper/ConfigHelper.cs" \\
  || miss "missing critical file: src/Common.Utility_EN/ConfigHelper/ConfigHelper.cs"
test -f "src/Common.Utility_EN/DataTableExtensions/DataTableExtensions.cs" \\
  && ok "src/Common.Utility_EN/DataTableExtensions/DataTableExtensions.cs" \\
  || miss "missing critical file: src/Common.Utility_EN/DataTableExtensions/DataTableExtensions.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1278 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1248d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/laochiangx/Common.Utility"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Common.Utility is a comprehensive C# helper library (3.3MB codebase) that bundles 60+ utility classes for enterprise .NET development, covering database access (SqlHelper, DBHelper), encryption (DEncrypt), file operations (CSV, Excel, PDF, barcode generation), cloud integration (Aliyun OSS/Live), caching, and domain operations (Active Directory). It solves the repetitive boilerplate problem in C# projects by providing pre-built, tested helpers for common tasks. Flat utility namespace architecture: src/Common.Utility_EN/ contains 60+ independent helper folders (ADHelper/, AliyunLive/, BarCodeHelper/, CacheHelper/, DBHelper/, ExcelHelper/, etc.), each with 1–3 .cs files. No layering or dependency injection patterns visible. Cross-cutting concerns (logging, caching, encryption) scattered across multiple folders. Configuration loaded via ConfigHelper and INIFile readers rather than centralized DI.

C# developers building enterprise Windows applications (WinForms, ASP.NET) who need immediate solutions for database queries, file I/O, encryption, barcode/QR code generation, and cloud storage without writing custom infrastructure code. Also used by teams standardizing on shared utility patterns across multiple projects.

Moderately mature but showing age: the codebase has accumulated broad utility coverage over time, with CI/CD configured (Travis, AppVeyor badges in README), but the last visible commits appear infrequent based on the .vs folder timestamps (v14, v15, v16 Visual Studio versions present). No NuGet version badge is active, suggesting the package may not be regularly published. Production-ready for legacy/stable projects but not actively evolved.

High fragmentation risk: 60+ separate utility classes across disparate domains (AD, Aliyun, Barcode, NPOI, MongoDB, Redis, FTP, Mail, etc.) with no visible unit tests in the file list and monolithic organization create maintenance burden. Single maintainer (Jimmey-Jiang) with unclear update cadence. Tight coupling to external services (Aliyun, Redis, MongoDB, SQL Server) without abstraction layers means breaking changes in those APIs propagate directly. Missing dependency manifest (no .csproj details shown) obscures version compatibility.

Activity level unclear from provided data: file structure shows multiple Visual Studio versions (.vs/v14, v15, v16) suggesting iterative development, but no recent commit hashes, branch info, or PR list provided. The .travis.yml and AppVeyor badges suggest CI was once active but current status unknown. Repository appears in maintenance mode rather than active feature development.

git clone https://github.com/laochiangx/Common.Utility.git
cd src/Common.Utility_EN
open Common.Utility.sln  # In Visual Studio 2015+ (v14, v15, or v16)
# Restore NuGet packages via Visual Studio Package Manager or:
dotnet restore

Daily commands: Open src/Common.Utility_EN/Common.Utility.sln in Visual Studio 2015+ and build the solution. Individual helpers are static utility classes, not runnable as a service—integrate into your project by referencing the compiled .dll or copying source files. No standalone entry point or service host.

• src/Common.Utility_EN/DBHelper/DbHelperSQL.cs — Core SQL Server database access layer; all database operations depend on this abstraction
• src/Common.Utility_EN/DEncrypt/DEncrypt.cs — Central encryption/decryption orchestrator; must understand before implementing security features
• src/Common.Utility_EN/CacheHelper/CacheHelper.cs — Application-wide caching abstraction; critical for performance and data consistency
• src/Common.Utility_EN/ConfigHelper/ConfigHelper.cs — Configuration management entry point; affects all utility initialization
• src/Common.Utility_EN/DataTableExtensions/DataTableExtensions.cs — Extension methods for DataTable operations; heavily used across data access patterns
• src/Common.Utility_EN/ConvertHelper/ConvertHelper.cs — Type conversion utilities used throughout the codebase for data transformation
• src/Common.Utility_EN/Common.Utility.csproj — Project configuration and dependency management; defines build targets and references

Add a new database provider

1. Create new DbHelper class inheriting from abstract base pattern (src/Common.Utility_EN/DBHelper/DbHelperSQL.cs)
2. Implement ExecuteNonQuery, ExecuteScalar, ExecuteDataTable methods matching existing signatures (src/Common.Utility_EN/DBHelper/CommandInfo.cs)
3. Register connection string in App.config via ConfigHelper (src/Common.Utility_EN/ConfigHelper/ConfigHelper.cs)
4. Add provider-specific logic in PubConstant for connection pooling if needed (src/Common.Utility_EN/DBHelper/PubConstant.cs)

Add a new encryption algorithm

1. Create new encrypt/decrypt class in DEncrypt folder following DESEncrypt.cs pattern (src/Common.Utility_EN/DEncrypt/DESEncrypt.cs)
2. Add dispatcher case in main DEncrypt.cs to route to new implementation (src/Common.Utility_EN/DEncrypt/DEncrypt.cs)
3. Define algorithm constants in VariableName.cs for configuration (src/Common.Utility_EN/DEncrypt/VariableName.cs)
4. Add unit tests and update encryption documentation (src/Common.Utility_EN/DEncrypt/MySecurity.cs)

Add a new file export format

1. Create new exporter class in ExcelHelper or FileOperate folder (src/Common.Utility_EN/ExcelHelper/ExportExcel.cs)
2. Implement DataTable-to-format conversion using DataTableExtensions for transformation (src/Common.Utility_EN/DataTableExtensions/DataTableExtensions.cs)
3. Use FileOperate.cs for file I/O operations (src/Common.Utility_EN/FileOperate/FileOperate.cs)
4. Register factory method in BindDataControl if UI integration needed (src/Common.Utility_EN/BindDataControl/BindDataControl.cs)

Add a new utility helper class

1. Create new folder under src/Common.Utility_EN/YourHelperName (src/Common.Utility_EN/Common.Utility.csproj)
2. Implement static utility class with public static methods following ConvertHelper.cs conventions (src/Common.Utility_EN/ConvertHelper/ConvertHelper.cs)
3. Add namespace consistent with folder structure in the project (src/Common.Utility_EN/ConfigHelper/ConfigHelper.cs)
4. Include XML documentation comments for IntelliSense support (src/Common.Utility_EN/FileOperate/FileOperate.cs)

No app.config or appsettings.json template visible—ConfigHelper.cs assumes specific keys exist (Aliyun credentials, database connection strings, Redis endpoints). External service credentials (Aliyun Access Key/Secret, MongoDB URI, Redis host) must be pre-configured before using AliyunLive, MongoDBHelper, or RedisHelper. SqlHelper likely uses hardcoded connection string logic (check ConfigHelper for pattern). No visible unit tests means integration testing with real services (Aliyun, Redis, MongoDB, SQL Server) required before deployment. NPOI version constraints not specified, risking Excel file format incompatibility. FTPHelper assumes FTP server pre-configured; no validation of reachability at startup.

• Connection Pooling & ADO.NET — SqlHelper and DBHelper manage database connections; understanding pooling prevents connection exhaustion and deadlocks in high-concurrency scenarios
• Symmetric & Asymmetric Encryption (DEncrypt) — The DEncrypt helper implements cryptographic operations; misuse (weak keys, ECB mode, hardcoded secrets) is a common security vulnerability in enterprise apps
• SQL Injection & Parameterized Queries — SqlInterceptor and IsSafeSqlStrings utilities detect/prevent SQL injection; critical for validating that utilities use parameterized queries, not string concatenation
• Object-Relational Mapping (ORM) Patterns — DataTableExtensions and ObjectConversion implement manual ORM logic (DataTable ↔ entity conversion); understanding the limitations helps avoid N+1 queries and lazy-loading pitfalls
• Cache Invalidation Strategies — CacheHelper implements caching abstraction; knowledge of TTL, write-through vs. write-behind, and cache stampede is essential for configuring correct cache policies in ConfigHelper
• Barcode & QR Code Generation (ZXing/QRCode algorithms) — BarCodeHelper and QRcode utilities generate machine-readable codes; understanding checksum algorithms and format specifications (Code128, EAN, QR) prevents invalid code generation
• Active Directory LDAP Protocol — ADHelper queries Windows AD via LDAP; misconfiguration (wrong organizational units, attribute names, bind credentials) causes authentication failures in enterprise identity scenarios

• AutoMapper/AutoMapper — Object-to-object mapping library that complements Common.Utility's ObjectConversion and DataTableExtensions utilities for cleaner DTO/entity transformations
• NLog/NLog — Structured logging framework that would replace or enhance Common.Utility's Log helper with better async, multi-target, and diagnostic support
• StackExchange/StackExchange.Redis — The canonical Redis client used by Common.Utility's RedisHelper; understanding this library is essential for cache operations in this codebase
• npoi/npoi — The Excel/Word library (NPOI) that Common.Utility's ExcelHelper wraps; deep integration means direct reference to NPOI docs when troubleshooting spreadsheet operations
• aliyun/aliyun-oss-csharp-sdk — Official Aliyun OSS SDK that AliyunLive/Storage.cs depends on; API breaking changes in this SDK directly break Common.Utility's cloud storage helpers

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Remove Visual Studio cache files and add .vs/ to .gitignore

The repo currently commits multiple .vs/ directories across src/Common.Utility_EN/.vs/Common.Utility/v14, v15, v16 with .suo, .dtbcache, and sqlite3 files. These are IDE-specific cache files that bloat the repo and cause merge conflicts. Adding a proper .gitignore entry and removing committed cache files will reduce repo size and improve contributor experience.

• [ ] Update .gitignore to include .vs/, *.suo, *.dtbcache patterns
• [ ] Create a git filter or document manual removal of .vs/ folders from tracked history
• [ ] Remove all .vs/ directories from src/Common.Utility_EN/ and root .vs/ folder
• [ ] Verify .csproj.user files are also gitignored (IDE user-specific settings)

Add unit tests for DBHelper module with test data setup

The DBHelper folder contains 8+ database abstraction classes (DbHelperSQL.cs, DbHelperMySQL.cs, DbHelperOra.cs, DbHelperSQLP.cs, DbHelperSQLite.cs, OracleHelper.cs) but there are no visible test files in the repo. These are critical data access components that need test coverage to prevent regressions across different database providers.

• [ ] Create a new test project: src/Common.Utility_EN/Common.Utility.Tests/
• [ ] Add unit test class for DbHelperSQL.cs covering ExecuteQuery, ExecuteScalar, and ExecuteNonQuery methods
• [ ] Add integration test class for DbHelperSQLite.cs (lighter dependency) with in-memory database setup
• [ ] Document test setup instructions in README.md (connection string examples, test database requirements)

Refactor Cookie&Session folder to use consistent naming convention

The folder name 'Cookie&Session' uses an ampersand, which is non-standard for C# namespaces and causes potential build/compatibility issues. It contains three related files (CookieHelper.cs, SessionHelper.cs, SessionHelper2.cs) where SessionHelper2.cs suggests code duplication that should be consolidated. Renaming and consolidating will improve code maintainability.

• [ ] Rename folder from 'Cookie&Session' to 'SessionManagement' in src/Common.Utility_EN/
• [ ] Review SessionHelper.cs and SessionHelper2.cs to identify differences and consolidate into single SessionHelper.cs
• [ ] Update all namespace declarations from 'Cookie&Session' to 'SessionManagement'
• [ ] Update .csproj file to reference the renamed folder path
• [ ] Add a code comment documenting the consolidation decision in SessionHelper.cs

• Add unit tests for SqlHelper and DBHelper: create a xUnit/NUnit test project under tests/ with mock SQL providers and transaction rollback scenarios to prevent regression in query-building and connection-pooling logic
• Document ConfigHelper initialization requirements: create a CONFIGURATION.md file in the root with concrete examples of required app.config keys (database connection strings, Aliyun credentials, Redis endpoints, FTP settings) and validation helpers to detect missing keys at startup
• Extract Aliyun and Redis dependencies into optional packages: move AliyunLive/ and RedisHelper/ into separate NuGet packages with conditional compilation, so projects not using cloud services don't bloat their dependency tree

• Critical · SQL Injection Risk in Database Helper Classes — src/Common.Utility_EN/DBHelper/ (DbHelperSQL.cs, DbHelperMySQL.cs, DbHelperOra.cs, DbHelperSQLite.cs, SQLHelper.cs). Multiple database helper classes (DbHelperSQL.cs, DbHelperMySQL.cs, DbHelperOra.cs, DbHelperSQLite.cs) are present in the codebase. These typically construct SQL queries and execute them. Without visible parameterized query implementation or input validation patterns, there is a high risk of SQL injection attacks if user input is directly concatenated into SQL queries. Fix: Implement parameterized queries (prepared statements) for all database operations. Use ORM frameworks like Entity Framework or Dapper. Validate and sanitize all user inputs before database operations. Implement input whitelisting for expected data types.
• High · Weak Encryption Implementation — src/Common.Utility_EN/DEncrypt/ (DESEncrypt.cs, EncryptionMD5.cs, DESEncrypt.cs in DBHelper/). Multiple cryptography classes are present (DESEncrypt.cs, EncryptionMD5.cs, RSACryption.cs) including DES encryption which is cryptographically weak. DES has a 56-bit key size and is vulnerable to brute force attacks. MD5 is deprecated for security purposes due to collision vulnerabilities. Fix: Replace DES with AES-256 for symmetric encryption. Replace MD5 with SHA-256 or stronger hash functions (SHA-3, bcrypt). Use modern cryptographic libraries and follow OWASP guidelines. Never use MD5 for password hashing; use bcrypt, scrypt, or Argon2.
• High · Potential Hardcoded Credentials — src/Common.Utility_EN/ConfigHelper/ConfigHelper.cs, src/Common.Utility_EN/ADHelper/, src/Common.Utility_EN/AliyunLive/. Configuration files and helper classes (ConfigHelper.cs, ADHelper, AliyunLive credentials) may contain hardcoded connection strings, API keys, or passwords. The presence of ADHelper, AliyunLive OSS, and Database helpers suggests potential credential storage without proper encryption or external configuration management. Fix: Move all credentials to environment variables or secure configuration management systems. Use .NET Secrets Manager for development. Implement Azure Key Vault or similar service for production. Never commit credentials to version control. Scan codebase for hardcoded passwords using tools like git-secrets or TruffleHog.
• High · Cross-Site Scripting (XSS) Risk — src/Common.Utility_EN/BindDataControl/BindDataControl.cs, src/Common.Utility_EN/BarCodeToHTML/BarCodeToHTML.cs. Helper classes for data binding and HTML generation (BindDataControl.cs, BarCodeToHTML.cs) suggest direct HTML manipulation. Without proper output encoding, user-controlled data could be rendered as HTML/JavaScript, enabling XSS attacks. Fix: Always HTML-encode user input before rendering. Use AntiXSS library or built-in .NET encoding (HtmlEncoder, JavaScriptEncoder). Implement Content Security Policy (CSP) headers. Use parameterized binding and templating engines that auto-escape by default.
• High · Insecure Cookie and Session Handling — src/Common.Utility_EN/Cookie&Session/ (CookieHelper.cs, SessionHelper.cs, SessionHelper2.cs). Cookie and Session helper classes are present (CookieHelper.cs, SessionHelper.cs, SessionHelper2.cs) which may store sensitive data without proper security flags or encryption, increasing risk of session hijacking and data theft. Fix: Set HttpOnly flag on all cookies to prevent JavaScript access. Set Secure flag for HTTPS-only transmission. Implement SameSite attribute to prevent CSRF. Use encrypted session storage. Implement proper session timeout and regeneration. Use secure token generation for session IDs.
• Medium · Missing Input Validation Framework — src/Common.Utility_EN/ConvertHelper/, src/Common.Utility_EN/CSVHelper/, src/Common.Utility_. Multiple helper classes for data conversion and manipulation (ConvertHelper.cs, CSVHelper.cs, ConvertJson.cs) without visible comprehensive input validation could allow malformed data to cause exceptions or unexpected behavior. Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.