If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/optonaut/ActiveLabel.swift shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 3y ago

• 17 active contributors
• MIT licensed
• CI configured
• ⚠ Stale — last commit 3y ago
• ⚠ Concentrated ownership — top contributor handles 51% of recent commits
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live optonaut/ActiveLabel.swift repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/optonaut/ActiveLabel.swift.

What it runs against: a local clone of optonaut/ActiveLabel.swift — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in optonaut/ActiveLabel.swift | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | Last commit ≤ 956 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of optonaut/ActiveLabel.swift. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/optonaut/ActiveLabel.swift.git
#   cd ActiveLabel.swift
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of optonaut/ActiveLabel.swift and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "optonaut/ActiveLabel.swift(\\.git)?\\b" \\
  && ok "origin remote is optonaut/ActiveLabel.swift" \\
  || miss "origin remote is not optonaut/ActiveLabel.swift (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 956 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~926d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/optonaut/ActiveLabel.swift"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

ActiveLabel.swift is a Swift UILabel drop-in replacement that automatically detects and makes interactive hashtags (#), mentions (@), URLs (http://), emails, and custom regex patterns. It provides tap-handling callbacks and custom styling per pattern type, enabling rich social-media-style text interactions without manual string parsing. Monolithic framework: ActiveLabel/ contains the core—ActiveLabel.swift (main UILabel subclass), ActiveType.swift (enum for pattern types), RegexParser.swift (pattern matching), ActiveBuilder.swift (helper), and StringTrimExtension.swift (utilities). ActiveLabelDemo/ provides a working iOS app example. Tests live in ActiveLabelTests/ActiveTypeTests.swift.

iOS app developers building social feeds, chat interfaces, or comment sections who need clickable hashtags and mentions without writing custom text detection logic. Also useful for developers migrating from UILabel who want zero code refactoring.

Production-ready: supports Swift 4.2+ and 5.0+, has CI via Travis CI, includes unit tests in ActiveLabelTests/, and targets iOS 10+. The repo is actively maintained with CocoaPods and Carthage distribution setup. Likely several years old with stable API based on versioning (1.1.0+ in README).

Low risk for a UILabel subclass: minimal external dependencies (none visible in Podspec snippet), focused scope reduces breaking change surface. Single maintainer (optonaut) is a potential long-term risk; check GitHub for recent commit activity and open issues. No Ruby/Objective-C files suggest legacy code; .travis.yml and .swift-version indicate active Swift version tracking.

Unable to determine from file structure alone (no Git history or recent commits visible). Review GitHub Issues and Releases; based on README mentioning Swift 5.0 support, the library was last substantially updated to support modern Swift versions. Check .travis.yml build status and podspec for version pins.

Check README for instructions.

Daily commands: Open ActiveLabel.xcodeproj in Xcode, select ActiveLabelDemo target, and press Cmd+R to run the demo app on simulator or device. The demo shows hashtags, mentions, and URLs being tapped interactively (see ActiveLabelDemo/demo.gif).

• ActiveLabel/ActiveLabel.swift: Core UILabel subclass; contains all public API for text detection, styling, and tap handling
• ActiveLabel/ActiveType.swift: Enum defining hashtag, mention, URL, email, and custom pattern types; the type system for pattern matching
• ActiveLabel/RegexParser.swift: Handles NSRegularExpression parsing to extract hashtags, mentions, URLs, and emails from text
• ActiveLabel/ActiveBuilder.swift: Helper for constructing styled attributed strings with detected active elements
• ActiveLabelDemo/ViewController.swift: Complete usage example showing enabledTypes, customization, and tap handler setup
• ActiveLabel.podspec: Pod specification defining version, dependencies, Swift version constraints, and deployment target (iOS 10+)

Start with ActiveLabel/ActiveLabel.swift (main entry point, all public APIs). For new pattern types, extend ActiveType enum in ActiveLabel/ActiveType.swift. For regex logic, modify ActiveLabel/RegexParser.swift. Add tests to ActiveLabelTests/ActiveTypeTests.swift. Use the customize(block:) pattern shown in README to batch property changes and avoid redundant redraws.

No hidden traps explicitly visible in file list, but note: (1) enabledTypes must be explicitly set; default configuration may differ from expectations. (2) Customize using the customize(block:) method to avoid repeated redraws (mentioned in README but easy to forget). (3) iOS 10+ minimum (ActiveLabel.podspec platform specification); older deployments not supported. (4) StringTrimExtension.swift hints that URL trimming may have edge cases; verify behavior on unusual URLs.

• NSRegularExpression — RegexParser.swift relies on NSRegularExpression for pattern matching; understanding capture groups and range mapping is essential to extending ActiveLabel with new pattern types
• NSAttributedString — Core mechanism for styling detected hashtags/mentions with custom colors and fonts without breaking text layout; ActiveBuilder uses this extensively
• UIGestureRecognizer (UITapGestureRecognizer) — ActiveLabel detects taps on specific active ranges using gesture recognizers; understanding hit-testing on attributed text is key to tap handler implementation
• UITextStorage and NSTextStorage — ActiveLabel likely overrides text storage to apply styling without recreating the entire attributed string on each property change, enabling the batched customize(block:) optimization
• Delegate Pattern (ActiveLabel callbacks) — handleHashtagTap, handleMentionTap, etc. use closure-based delegation; understanding when callbacks fire and their lifecycle prevents race conditions in tap handling
• String Index and Range mapping (NSRange vs Swift Range) — Regex matching returns NSRange; converting to UITextView/UILabel drawable ranges requires careful Index/Range translation to avoid off-by-one errors in multi-byte Unicode
• Carthage and CocoaPods dependency distribution — ActiveLabel.podspec and Carthage compatibility allow integration into existing iOS projects; understanding how podspec version constraints and platform targets work helps with version conflicts

• TTTAttributedLabel/TTTAttributedLabel — Older Objective-C UILabel subclass with similar pattern detection and tap handling; predecessor pattern for the ActiveLabel approach
• KMPlaceholderTextView/KMPlaceholderTextView — Swift UITextView with placeholder support; similar UIKit subclassing pattern for text enhancement
• twitter-text/twitter-text — Twitter's official mention and hashtag extraction library; reference implementation for social pattern regex and edge cases
• realm/realm-swift — Companion database framework often used by iOS apps that display user-generated content with hashtags and mentions
• Alamofire/Alamofire — Common networking dependency in apps using ActiveLabel to fetch content from detected URLs or user profiles behind taps

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive unit tests for RegexParser.swift

The repo has minimal test coverage. ActiveLabelTests/ActiveTypeTests.swift exists but there's no dedicated test file for RegexParser.swift, which is a core component for URL, email, hashtag, and mention detection. This would improve reliability for edge cases like malformed URLs, special characters in hashtags, and nested mentions.

• [ ] Create ActiveLabelTests/RegexParserTests.swift
• [ ] Add test cases for each ActiveType (hashtags, mentions, URLs, emails, custom patterns)
• [ ] Test edge cases: URLs with query parameters, emails with subdomains, hashtags with numbers, mentions with underscores
• [ ] Test regex performance with large text blocks
• [ ] Ensure tests pass in CI (Travis CI integration already exists)

Add GitHub Actions workflow for Swift package validation and iOS compatibility testing

The repo has .travis.yml but modern Swift/iOS projects benefit from GitHub Actions for faster feedback and better integration. The Package.swift file exists, indicating SPM support, but there's no automated validation that the package builds correctly across Swift versions or iOS deployment targets.

• [ ] Create .github/workflows/swift.yml with matrix testing for Swift 5.0-5.9 versions
• [ ] Add iOS 10+ deployment target validation in the workflow
• [ ] Test both CocoaPods (via ActiveLabel.podspec) and SPM (via Package.swift) builds
• [ ] Add linting step (SwiftLint) to enforce code style consistency
• [ ] Optionally deprecate or update .travis.yml after validation

Add integration tests in ActiveLabelDemo demonstrating real-world use cases

ActiveLabelDemo/ViewController.swift exists but there's no documented test suite showing how to use ActiveLabel in actual scenarios (text with mixed types, performance with large datasets, interaction handling). This would serve as both tests and documentation for users.

• [ ] Create ActiveLabelTests/IntegrationTests.swift with XCTestCase subclass
• [ ] Test mixed content scenarios: text with hashtags + mentions + URLs together
• [ ] Test delegate callbacks (didSelectActiveType, shouldInteract) with sample data
• [ ] Test tap recognition accuracy for overlapping active elements
• [ ] Document test patterns in README.md under 'Testing' section with code examples

• Add regex pattern tests to ActiveLabelTests/ActiveTypeTests.swift for the custom regex feature (ActiveType.custom(pattern:)) to ensure user-provided patterns are validated and don't crash on invalid input.
• Extend StringTrimExtension.swift with unit tests and document URL trimming behavior (max length, ellipsis handling) since the README mentions 'Ability to trim urls' but no public API signature is shown.
• Create a complete integration test in ActiveLabelDemo that covers all four default types (hashtag, mention, URL, email) with edge cases like consecutive tags (#tag1#tag2) and malformed emails, then document findings in TESTING.md.

ActiveLabel.swift is a relatively simple UI component library with a good security baseline. No critical vulnerabilities were identified. Primary concerns are related to input validation and regex pattern safety rather than dependency or infrastructure issues. The library lacks built-in URL validation, which shifts security responsibility to consuming applications. Recommended improvements include documenting security best practices for consumers, validating URL schemes, and reviewing regex patterns for ReDoS vulnerabilities.

• Medium · Potential XSS via URL Handling — ActiveLabel/RegexParser.swift, ActiveLabel/ActiveLabel.swift. The library processes and detects URLs without explicit validation or sanitization before they are used in callbacks. If the application using ActiveLabel processes detected URLs without proper validation, it could lead to XSS attacks through maliciously crafted URLs in text. Fix: Ensure that detected URLs are validated before use. Document that consuming applications should validate URLs before processing them. Consider implementing URL scheme validation (e.g., only allow http/https).
• Low · Regex Denial of Service (ReDoS) Risk — ActiveLabel/RegexParser.swift. The library uses regex patterns to detect hashtags, mentions, URLs, and emails. Complex regex patterns without proper bounds checking could be vulnerable to ReDoS attacks if specially crafted input is provided. Fix: Review all regex patterns for potential ReDoS vulnerabilities. Test with pathologically long input strings. Consider using non-backtracking regex engines or implement input length limits.
• Low · Missing Input Validation — ActiveLabel/ActiveLabel.swift. The library accepts arbitrary text input without validating length or content constraints. Very large strings could potentially cause performance issues or memory exhaustion. Fix: Implement reasonable input length limits. Add documentation about maximum supported text length. Consider adding optional configuration for input constraints.
• Low · No HTTPS Enforcement for URLs — ActiveLabel/RegexParser.swift. The URL detection pattern appears to accept both HTTP and HTTPS URLs without preference or enforcement of secure protocols. Fix: Document that applications should prioritize HTTPS URLs. Consider adding configuration options to restrict detected URLs to secure protocols only.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.