If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/pqpo/SmartCropper shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Slowing — last commit 9mo ago

• Last commit 9mo ago
• 11 active contributors
• ⚠ Slowing — last commit 9mo ago
• ⚠ Concentrated ownership — top contributor handles 63% of recent commits
• ⚠ No license — legally unclear to depend on
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live pqpo/SmartCropper repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/pqpo/SmartCropper.

What it runs against: a local clone of pqpo/SmartCropper — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in pqpo/SmartCropper | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | Last commit ≤ 297 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of pqpo/SmartCropper. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/pqpo/SmartCropper.git
#   cd SmartCropper
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of pqpo/SmartCropper and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "pqpo/SmartCropper(\\.git)?\\b" \\
  && ok "origin remote is pqpo/SmartCropper" \\
  || miss "origin remote is not pqpo/SmartCropper (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 297 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~267d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/pqpo/SmartCropper"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

SmartCropper is an Android image cropping library that automatically detects document/card borders using OpenCV and machine learning (TensorFlow HED network), then allows manual adjustment with perspective transform correction to produce front-facing rectangular crops. It's specifically designed for ID cards, business cards, and document photos where intelligent border detection + user refinement + perspective correction are critical. Hybrid Android monorepo: app/ contains demo application (MainActivity.java → CropActivity.java using CropImageView), smartcropperlib/ (referenced in build.gradle) holds the reusable library with JNI bindings, and edge_detection/ contains Python ML pipeline (finetuning.py, evaluate.py) for training the HED model separately.

Android developers building document scanning or photo processing apps (banking, ID verification, note-taking) who need to replace manual crop-box placement with automated border detection while preserving user control for edge cases.

Actively maintained with v2.1.3 released and recent optimization mentions in README (author seeking partnerships). The codebase includes proper NDK setup (CMake, multiple ABIs), ProGuard rules, and example app (CropActivity.java), suggesting production use. However, no explicit test coverage visible in file list and last commit recency unclear from provided data.

Standard open source risks apply.

README mentions 'optimized a higher recognition rate model and algorithm' with solicitation for partnerships (pqponet@gmail.com). The feature list shows completed items (point sorting, magnifier effect, XML attributes, algorithm optimization) but no open features beyond 'welcome issues.' No visible active PRs or recent commits in provided metadata.

git clone https://github.com/pqpo/SmartCropper.git
cd SmartCropper
# Android Studio: File → Open → select root directory
# Or via Gradle:
./gradlew build
./gradlew installDebug  # requires connected Android device/emulator

Daily commands: Connect Android device or start emulator, then ./gradlew installDebug to deploy demo app. App starts at MainActivity.java (album/camera picker) → CropActivity.java (interactive crop UI with CropImageView).

• app/src/main/java/me/pqpo/smartcropper/CropActivity.java: Demo activity showing full workflow: image selection → setImageToCrop() → manual adjustment → crop() with result handling
• app/build.gradle: Contains critical aaptOptions (noCompress .tflite), NDK ABI filters, and smartcropperlib dependency declaration
• app/src/main/res/values/attrs.xml: Defines all CropImageView XML attributes (maskAlpha, showGuideLine, magnifier, colors) for UI customization
• app/proguard-rules.pro: ProGuard rules protecting JNI-linked classes (me.pqpo.smartcropperlib) from obfuscation—required for native code calls
• edge_detection/finetuning.py: TensorFlow HED model training pipeline for improving border detection accuracy vs. Canny edge detection

UI/Layout changes: edit app/src/main/res/layout/activity_crop.xml and app/src/main/java/me/pqpo/smartcropper/CropActivity.java. Core cropping logic: modify smartcropperlib/ Java layer (references native via JNI). Algorithm tuning: edge_detection/finetuning.py or C++ OpenCV code (paths not fully listed). Attributes: add to app/src/main/res/values/attrs.xml and CropImageView source.

1. ProGuard configuration mandatory: if smartcropperlib classes are obfuscated, JNI calls fail silently. 2. TensorFlow Lite model compression: aaptOptions noCompress must be set or .tflite asset loads as corrupted. 3. Native layer threading: setImageToCrop() and crop() run in native code with execution time proportional to image size—must use background threads for large images or app freezes. 4. CropImageView ScaleType constraint: only center-type scale types work; fit_end/fit_start/matrix will crash. 5. NDK version pinned: ndkVersion '25.1.8937393' must match local NDK or build fails.

• Perspective Transform (Homography) — Core technique used in crop() to correct angled/skewed document photos into front-facing rectangles—without this, a tilted ID card stays tilted
• Holistically-Nested Edge Detection (HED) — Deep learning network trained in edge_detection/ folder to replace fragile Canny edge detection for document boundary finding in varied lighting/angles
• Java Native Interface (JNI) — Bridge layer allowing Java CropImageView to call C++ OpenCV code; requires ProGuard protection and proper method signature mapping or silent crashes
• Canny Edge Detection — Classical computer vision algorithm (fallback in v<2.1.1) for finding document borders—faster but less accurate than HED on poor image quality
• TensorFlow Lite Model Inference — On-device HED model execution (.tflite asset) avoids network roundtrips but requires careful asset compression handling (aaptOptions noCompress)
• Android NDK & CMake Build — Native compilation of C++ edge detection code across armeabi-v7a, arm64-v8a, x86, x86_64 ABIs—version mismatch or missing ABI causes runtime crashes

• pqpo/SmartCamera — Sister library by same author for real-time camera border detection (mentioned in README as complementary to SmartCropper)
• OpencvAndroidSdk/opencv-android-sdk — Core dependency providing OpenCV JNI bindings and algorithms (edge detection, perspective transform) used throughout
• tensorflow/tensorflow — TensorFlow Lite inference engine and model format (.tflite) used for HED network border detection
• fengjian0106/hed-tutorial-for-document-scanning — Original HED network implementation credited in README—SmartCropper adapts this for real-time Android border detection
• android/samples — Android NDK/JNI best practices and build configuration patterns applicable to SmartCropper's native layer

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for smartcropperlib perspective transform and edge detection algorithms

The smartcropperlib module lacks unit tests for critical image processing functions like perspective transformation and edge detection. This is especially important given that the library uses both OpenCV and TensorFlow-based HED network for edge detection. Adding tests would catch regressions when updating detection models and ensure the transformation math is correct across different image sizes and aspect ratios.

• [ ] Create smartcropperlib/src/test directory structure
• [ ] Add unit tests for perspective transform calculations (verify corner point detection and homography matrix)
• [ ] Add tests for edge detection pipeline with sample image assets
• [ ] Add tests for image preprocessing/normalization for TensorFlow model input
• [ ] Integrate tests into build.gradle with androidTestImplementation dependencies

Add GitHub Actions CI workflow for automated APK builds and testing

The repository has no CI/CD pipeline. With native code (NDK), TensorFlow models, and complex image processing, automated builds catch platform-specific issues and verify the finetuned model files compress correctly. Currently, there's no verification that the noCompress aaptOptions for 'tflite' and 'lite' files are correctly configured.

• [ ] Create .github/workflows/build.yml to run './gradlew build' on push
• [ ] Add gradle cache to speed up builds across multiple NDK architectures (armeabi-v7a, arm64-v8a, x86, x86_64)
• [ ] Verify APK builds include model files (edge_detection/finetuning_model) correctly
• [ ] Add linting checks using gradlew lint
• [ ] Add artifact upload to store generated APK for each commit

Create comprehensive integration test for end-to-end crop detection and transformation pipeline

The app/src has CropActivity.java that integrates the full pipeline (detect borders, allow manual adjustment, apply perspective transform), but there's no automated test validating this flow with sample images (ID cards, business cards, documents). Adding integration tests with realistic sample images from art/ directory would catch issues when refactoring the detection model or transformation logic.

• [ ] Add androidTest directory under app/src/androidTest with InstrumentationTest framework
• [ ] Create test images in app/src/androidTest/assets (crop samples of ID card, document, business card photos)
• [ ] Write test that loads image, runs SmartCropper.buildImageDetect().detect(), validates corner points are reasonable
• [ ] Write test that verifies perspective transform produces valid output bitmap without artifacts
• [ ] Add test for manual anchor point adjustment and validate transformed output quality

• Add unit tests for CropActivity.java and CropImageView interactions (no test/ directory visible in file list—write Espresso tests for crop workflow).
• Document the C++ edge detection API and JNI method signatures (currently only README mentions 'native code' without signatures—extract and document in /doc/JNI_API.md).
• Create Python example for fine-tuning the HED model on custom document datasets (edge_detection/ folder exists but finetuning.py lacks README, hyperparameters, or example invocation).

• High · Outdated compileSdkVersion — app/build.gradle. The project uses compileSdkVersion 28 (Android 9, released 2018). This is significantly outdated and missing critical security patches and modern security features. Current Android versions are 13+, and Google Play requires targeting API 34+ for new apps. Fix: Update compileSdkVersion to at least 34 (Android 14). Review and update targetSdkVersion accordingly to meet Google Play Store requirements.
• High · Outdated NDK Version — app/build.gradle (ndkVersion property). The project specifies NDK version 25.1.8937393, which is outdated. This NDK version may contain unpatched vulnerabilities in C/C++ compilation and native code execution. Fix: Update to the latest stable NDK version (currently 27.x or later). Review native code in smartcropperlib for potential security issues.
• High · Minification Disabled in Release Build — app/build.gradle (release buildType). The release build has minifyEnabled set to false, which means the APK contains unobfuscated Java code. This makes reverse engineering trivial and exposes business logic, credentials, and proprietary algorithms. Fix: Enable minification: set minifyEnabled true and ensure proper ProGuard rules are configured in proguard-rules.pro to protect sensitive code.
• Medium · Insecure Permission Dependency — app/build.gradle (dependencies). The project uses easypermissions 3.0.0. While this is a legitimate library, the project targets minSdkVersion 21, which is very old. Modern Android versions have evolved runtime permission handling; reliance on this older library may introduce permission-related vulnerabilities. Fix: Update minSdkVersion to at least 24-26, and audit permission handling to use modern Android APIs. Consider migrating to native Android permission APIs.
• Medium · Low minSdkVersion (API 21) — app/build.gradle (minSdkVersion). minSdkVersion 21 (Android 5.0, 2014) is extremely outdated. This exposes the app to numerous known vulnerabilities in older Android versions and prevents use of modern security APIs. Fix: Increase minSdkVersion to at least 26-28 (Android 8.0+) to eliminate support for versions with critical security flaws.
• Medium · Multiple ABI Support Without Validation — smartcropperlib/opencv and app/build.gradle (abiFilters). The project supports multiple ABIs (armeabi-v7a, arm64-v8a, x86, x86_64) with pre-built OpenCV libraries. Pre-compiled binary libraries are difficult to audit and may contain vulnerabilities. No checksums or integrity verification are evident. Fix: Verify integrity of all pre-built OpenCV libraries with checksums. Consider building OpenCV from source with security patches applied. Remove unnecessary ABI support (x86/x86_64 are rarely needed for mobile apps).
• Medium · TensorFlow Lite Model Not Compressed - Security Risk — app/build.gradle (aaptOptions) and edge_detection/ directory. The noCompress directive for .tflite and .lite files means TensorFlow models are stored uncompressed in the APK. These models can contain sensitive information about the ML algorithm and be reverse-engineered. The README mentions machine learning model usage without encryption. Fix: Implement model encryption at rest and in transit. Consider obfuscating model files. Evaluate if the model contains proprietary algorithms that require protection.
• Medium · Native Code without Security Hardening Evidence — smartcropperlib/CMakeLists.txt. The project uses CMake and native C/C++ code for image processing (smartcropperlib/CMakeLists.txt). No evidence of ASLR, stack protection, or other security hardening flags are visible in the build configuration. Fix: Add compiler flags for security hardening: -fPIE, -fstack-protector-strong, -D_FORTIFY_SOURCE=2. Enable Address Sanitizer during development. Conduct code review of native code for buffer overflows and memory safety

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.