If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/ongakuer/CircleIndicator shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 3y ago

• 9 active contributors
• Apache-2.0 licensed
• ⚠ Stale — last commit 3y ago
• ⚠ Concentrated ownership — top contributor handles 68% of recent commits
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live ongakuer/CircleIndicator repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/ongakuer/CircleIndicator.

What it runs against: a local clone of ongakuer/CircleIndicator — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in ongakuer/CircleIndicator | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | Last commit ≤ 1131 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of ongakuer/CircleIndicator. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/ongakuer/CircleIndicator.git
#   cd CircleIndicator
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of ongakuer/CircleIndicator and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "ongakuer/CircleIndicator(\\.git)?\\b" \\
  && ok "origin remote is ongakuer/CircleIndicator" \\
  || miss "origin remote is not ongakuer/CircleIndicator (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1131 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1101d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/ongakuer/CircleIndicator"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

CircleIndicator is a lightweight Android library that renders dot-style page indicators like the Nexus 5 launcher, supporting ViewPager, RecyclerView, and ViewPager2 with customizable animations and styles. It provides three indicator classes (CircleIndicator, CircleIndicator2, CircleIndicator3) that automatically sync with their respective container widgets and support manual control via methods like createIndicators() and animatePageSelected(). Two-module structure: circleindicator/ is the core library containing BaseCircleIndicator.java (abstract base), three concrete implementations (CircleIndicator.java, CircleIndicator2.java, CircleIndicator3.java), and XML attribute definitions in attrs.xml; LoopingViewPager/ is an optional companion module providing LoopViewPager.java wrapper for infinite paging. Resources include drawable templates (white_radius.xml) and animator definitions (scale_with_alpha.xml) in res/.

Android developers building paged UI experiences (carousels, image galleries, onboarding flows) who need a polished, out-of-the-box indicator component without rolling custom animations or state management.

Mature and stable: published to Maven Central with version 2.1.6 for AndroidX and 1.3.2 for legacy support libraries, targeting SDK 14+ with Java 1.8. The library has been actively maintained with support for modern Android components (ViewPager2, AndroidX) but shows moderate activity (API is settled, no major breaking changes recently visible).

Low risk: minimal dependencies (only androidx.viewpager:viewpager and androidx.fragment), no third-party animation libraries, and broad API coverage (three indicator variants cover all major paging containers). Single maintainer (ongakuer) is a potential long-term maintenance risk, but the library is small and self-contained with no external service dependencies.

No active development signals are visible in the provided file list; repository appears in maintenance mode with stable API. The CHANGELOG.md exists but content not shown; last tagged version appears to be 2.1.6 supporting AndroidX. No open PRs or ongoing feature work visible.

Clone and build via Gradle: git clone https://github.com/ongakuer/CircleIndicator.git && cd CircleIndicator && ./gradlew assembleDebug. Import the circleindicator module into your project as implementation 'me.relex:circleindicator:2.1.6' (AndroidX) or add it as a source module dependency.

Daily commands: No runnable app in the main library. Execute tests via ./gradlew test or debug with ./gradlew assembleDebug. To see it in action, reference the sample APK in apk/sample.apk or examine integration examples in the README (ViewPager, RecyclerView, ViewPager2 binding patterns).

• circleindicator/src/main/java/me/relex/circleindicator/BaseCircleIndicator.java: Abstract base class containing shared indicator rendering, animation logic, and adapter/observer management; all three indicator variants inherit from this
• circleindicator/src/main/java/me/relex/circleindicator/CircleIndicator.java: Concrete implementation for ViewPager; provides setViewPager() binding and onPageSelected callback handling
• circleindicator/src/main/java/me/relex/circleindicator/CircleIndicator2.java: Concrete implementation for RecyclerView with PagerSnapHelper; handles scroll state and snap detection instead of page selection events
• circleindicator/src/main/java/me/relex/circleindicator/CircleIndicator3.java: Concrete implementation for ViewPager2 (AndroidX modern API); uses ViewPager2 callback registration and page change listeners
• circleindicator/src/main/res/values/attrs.xml: XML attribute definitions for theming (ci_width, ci_height, ci_margin, ci_drawable, ci_animator, etc.); defines the public configuration surface
• circleindicator/src/main/res/animator/scale_with_alpha.xml: Default animator resource that defines the scale + alpha animation applied to selected indicator dots
• circleindicator/src/main/res/drawable/white_radius.xml: Default drawable (shape definition) used to render indicator dots; serves as template for custom drawables

For animation changes: edit circleindicator/src/main/res/animator/scale_with_alpha.xml. For core indicator logic: modify circleindicator/src/main/java/me/relex/circleindicator/BaseCircleIndicator.java (shared base) or specific implementations (CircleIndicator.java for ViewPager, CircleIndicator2.java for RecyclerView, CircleIndicator3.java for ViewPager2). For attributes: update circleindicator/src/main/res/values/attrs.xml and corresponding getter/setter methods in indicator classes.

No hidden traps are evident from the file structure. Config is straightforward (AndroidX dependencies, Java 1.8 target, no custom Gradle plugins or build-time code generation). One minor note: CircleIndicator and CircleIndicator3 use different callback mechanisms (ViewPager.OnPageChangeListener vs ViewPager2.OnPageChangeCallback), so switching between them requires rewriting the binding code—this is expected but worth noting during migration.

• ViewPager page change listener pattern — CircleIndicator.java registers OnPageChangeListener callbacks to sync dot selection with ViewPager scroll state; understanding listener vs. callback patterns is critical for adapter integration
• RecyclerView scroll state and SnapHelper — CircleIndicator2 uses PagerSnapHelper to detect page boundaries and scroll state; this is fundamentally different from ViewPager's event-driven model and requires custom scroll position calculation
• Android property animations (ObjectAnimator/ValueAnimator) — scale_with_alpha.xml defines XML-based animator that drives the dot scaling/fading on page selection; understanding animator resources vs. programmatic animation is essential for customizing visual feedback
• Data observer pattern (DataSetObserver/AdapterDataObserver) — BaseCircleIndicator optionally registers observers to detect adapter changes and recreate indicators dynamically; this decouples indicator count from manual setup calls
• Android drawable shape definitions (ShapeDrawable via XML) — white_radius.xml uses shape drawable syntax to define circular dots; understanding drawable resources is needed to customize indicator appearance without Java code
• ViewPager2 callback system (vs. ViewPager listeners) — CircleIndicator3 uses OnPageChangeCallback instead of OnPageChangeListener (ViewPager2 API shift); this architectural difference requires separate implementation for AndroidX targets
• Android custom attributes (attrs.xml) and custom View styling — attrs.xml defines ci_width, ci_drawable, ci_animator and other custom attributes; knowing how to declare and read custom attributes in BaseCircleIndicator is essential for extending or theming the library

• nickbutcher/plaid — Material Design showcase app with sophisticated page indicators and ViewPager usage patterns; reference implementation of indicator UX best practices
• google/accompanist — Modern Compose library with Pager and indicator composables; successor pattern for new Android projects migrating from Views
• yarolegovich/DiscreteScrollView — Alternative library for pageable horizontal lists; complements CircleIndicator as a full carousel solution with different scroll behavior
• android/architecture-samples — Canonical Android architecture patterns and testing examples; reference for structuring indicator library tests and sample app
• ongakuer/LoopingViewPager — Sibling repository by same author; provides infinite looping wrapper (LoopViewPager.java is bundled as LoopingViewPager module) for use with CircleIndicator

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for BaseCircleIndicator.java and CircleIndicator variants

The repo has no visible test directory (no src/test or src/androidTest folders). Given that CircleIndicator has three main variants (CircleIndicator, CircleIndicator2, CircleIndicator3) with different backing views (ViewPager, RecyclerView, ViewPager2), unit tests would catch regressions in indicator positioning, animation behavior, and lifecycle management. This is critical for a UI library.

• [ ] Create circleindicator/src/test/java/me/relex/circleindicator/ for unit tests
• [ ] Create circleindicator/src/androidTest/java/me/relex/circleindicator/ for instrumentation tests
• [ ] Add tests for BaseCircleIndicator.java covering indicator count changes, selection updates, and animation triggers
• [ ] Add tests for CircleIndicator2.java verifying RecyclerView adapter integration and scroll position synchronization
• [ ] Add tests for CircleIndicator3.java verifying ViewPager2 integration
• [ ] Update circleindicator/build.gradle to include androidx.test:runner and androidx.test.espresso:espresso-core dependencies

Add GitHub Actions workflow for automated testing and APK build verification

No CI/CD pipeline exists (.github/workflows/ directory is missing). The repo has a sample APK but no automated verification that it builds correctly on pull requests. A CI workflow would catch build failures from gradle changes, API level incompatibilities, or dependency conflicts across Android SDK versions.

• [ ] Create .github/workflows/android-build.yml with gradle build step for circleindicator module
• [ ] Add gradle build step for sample module to verify sample app builds
• [ ] Configure workflow to run on push to main/master and on all pull requests
• [ ] Test against Android SDK 29 and 30+ (referenced in build.gradle) using mavenCentral() dependencies
• [ ] Add optional lint checks using ./gradlew lint task to catch Android lint warnings

Document and add example implementations for CircleIndicator3 with ViewPager2

CircleIndicator3 is listed in the README but has no usage documentation or sample implementation visible. The LoopingViewPager and sample code don't demonstrate ViewPager2 integration. Adding a concrete example in sample/src/main would help new contributors understand the ViewPager2 API differences and reduce support questions.

• [ ] Create sample/src/main/java/me/relex/circleindicator/ViewPager2Activity.java with CircleIndicator3 integrated with ViewPager2
• [ ] Add corresponding sample layout file sample/src/main/res/layout/activity_viewpager2.xml
• [ ] Update sample/src/main/AndroidManifest.xml to register ViewPager2Activity
• [ ] Add section to README.md documenting CircleIndicator3 usage with code example and ViewPager2 dependencies
• [ ] Add comments explaining differences from CircleIndicator (ViewPager) implementation for maintainability

• Add unit tests for BaseCircleIndicator state transitions (no test files visible in circleindicator/src); verify indicator count, selection index, and animation triggering under lifecycle changes
• Document and test RecyclerView edge case: CircleIndicator2 behavior when adapter is empty or has fewer items than visible—add null checks and empty state handling if missing
• Create example XML layouts in circleindicator/src/main/res/layout/ (or sample app) demonstrating all three indicator variants (ViewPager, RecyclerView, ViewPager2) side-by-side with working code snippets

This Android UI library has moderate security concerns primarily related to outdated dependencies and build configurations. The main risks are: (1) Significantly outdated SDK versions (API 29) lacking modern security patches, (2) Outdated AndroidX dependencies with unpatched vulnerabilities, (3) Code minification disabled in release builds enabling reverse engineering, and (4) Extremely low minimum SDK support (API 14) exposing users to legacy vulnerabilities. The codebase itself appears to be a lightweight UI indicator library without obvious injection vulnerabilities or hardcoded secrets. Remediation should focus on updating all dependencies, increasing minimum and target SDK versions, enabling code minification, and validating against current Android security best practices.

• High · Outdated Gradle and Android SDK Versions — circleindicator/build.gradle. The project uses compileSdkVersion 29 and targetSdkVersion 29, which are significantly outdated (released in 2019). This means the library may not include critical security patches and may not comply with modern Google Play Store requirements. Current stable versions are 33+. Fix: Update compileSdkVersion and targetSdkVersion to at least 33 or higher. Review and update deprecated APIs accordingly.
• High · Outdated AndroidX Dependencies — circleindicator/build.gradle. The project uses androidx.viewpager:viewpager:1.0.0 (released 2019) and androidx.fragment:fragment:1.2.5 (released 2020). These versions lack security patches and bug fixes from newer releases. Fix: Update dependencies: androidx.viewpager:viewpager to 1.0.0 or androidx.viewpager2:viewpager2 (recommended), and androidx.fragment:fragment to 1.6.0+. Review release notes for breaking changes.
• Medium · Minify Disabled in Release Builds — circleindicator/build.gradle. The build configuration has minifyEnabled set to false in release builds. This exposes the application code to reverse engineering and makes it easier for attackers to understand and exploit the application logic. Fix: Set minifyEnabled to true in release builds and configure appropriate ProGuard/R8 rules in proguard-rules.pro to obfuscate code while preserving necessary functionality.
• Medium · Low Minimum SDK Version — circleindicator/build.gradle. minSdkVersion is set to 14 (Android 4.0, released 2011). This is extremely old and associated with numerous security vulnerabilities. Supporting such old versions exposes the application to known exploits and security issues. Fix: Increase minSdkVersion to at least 21 (Android 5.0) or higher to reduce exposure to legacy vulnerabilities. Check market requirements for your target audience.
• Low · Missing Security Configuration — circleindicator/src/main/res/. No explicit security configuration files (network_security_config.xml) are visible in the repository. While this library may not make network requests, good practice would be to define security policies. Fix: Consider creating a network_security_config.xml file to explicitly define certificate pinning and network security policies, especially if the library or sample app makes any network calls.
• Low · Gradle Wrapper JAR Present — gradle/wrapper/gradle-wrapper.jar. The gradle/wrapper/gradle-wrapper.jar file is committed to version control. While this can be intentional for reproducible builds, it poses a supply chain risk if the JAR is compromised. Fix: Consider using gradle/wrapper/gradle-wrapper.properties with 'distributionUrl' to download the wrapper at build time instead of committing the JAR. If keeping the JAR, ensure it's from an official source and regularly audited.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.