If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/roughike/BottomBar shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• 12 active contributors
• Apache-2.0 licensed
• CI configured
• Tests present
• ⚠ Stale — last commit 5y ago
• ⚠ Single-maintainer risk — top contributor 82% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live roughike/BottomBar repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/roughike/BottomBar.

What it runs against: a local clone of roughike/BottomBar — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in roughike/BottomBar | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | Last commit ≤ 1725 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of roughike/BottomBar. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/roughike/BottomBar.git
#   cd BottomBar
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of roughike/BottomBar and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "roughike/BottomBar(\\.git)?\\b" \\
  && ok "origin remote is roughike/BottomBar" \\
  || miss "origin remote is not roughike/BottomBar (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1725 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1695d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/roughike/BottomBar"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

BottomBar is a deprecated custom Android View component that implements Material Design's Bottom Navigation pattern (per Google's spec). It provides a customizable bottom navigation bar with tab support, badges, color animations, and icon-only or text+icon layouts—historically an alternative before Google released the official BottomNavigationView. Standard Android library structure: core custom View logic resides in a bottom-bar module (referenced as compile project(':bottom-bar') in app/build.gradle), example/demo activities in app/src/main/java/com/example/bottombar/sample/ (BadgeActivity.java, CustomColorAndFontActivity.java, etc.), drawable assets for icons organized by density (drawable-hdpi, drawable-mdpi), and XML-based tab definitions for configuration.

Android developers (circa 2015-2017) who needed a Material Design-compliant bottom navigation component before official Google support. Now primarily useful as a reference implementation or for legacy app maintenance, though the author explicitly recommends using Google's BottomNavigationView instead.

Abandoned/deprecated. The original author states in the README they lack time to maintain it and wrote it 'in a rush, without tests, while being a serious expert beginner.' The repo has a Travis CI setup and uses Mockito for testing, but no commits visible in the recent metadata. Not production-ready for new projects.

High risk for new adoption: (1) explicitly deprecated by the author, (2) single maintainer with no active development, (3) author admits the codebase has 'unpredictable moving parts' and lacks comprehensive tests, (4) minSdkVersion is API 11 (ancient by modern standards), (5) no activity visible in commit history provided. Should only be used in legacy codebases or for learning.

Nothing—this is a dormant, deprecated project. The README explicitly states the author does not have time to maintain it. The v2 branch represents the last significant feature release (cleaner APIs, XML-driven configuration). No active PRs, issues, or development visible.

git clone https://github.com/roughike/BottomBar.git
cd BottomBar
./gradlew build
./gradlew installDebug  # or use Android Studio

Daily commands: Open in Android Studio and run the app module. Or: ./gradlew installDebug to deploy to a connected device/emulator. Run tests with ./gradlew connectedAndroidTest (see .idea/runConfigurations/All_Tests.xml).

• app/src/main/java/com/example/bottombar/sample/MainActivity.java: Primary demo showing basic BottomBar setup and tab configuration
• app/src/main/java/com/example/bottombar/sample/BadgeActivity.java: Demonstrates badge functionality—a key feature of the library
• app/src/main/java/com/example/bottombar/sample/CustomColorAndFontActivity.java: Shows how to customize appearance (colors, fonts) via API
• app/build.gradle: Declares dependency on the core bottom-bar module and support libraries; defines minSdkVersion and build config
• app/src/main/res/drawable-hdpi/: Contains the 24dp solid-black icon assets required for bottom navigation tabs
• .travis.yml: CI configuration showing how tests are automated (though project is now dormant)

Start in app/src/main/java/com/example/bottombar/sample/ to understand usage patterns (e.g., BadgeActivity.java, CustomColorAndFontActivity.java). Core component logic is in the bottom-bar module (not fully visible here, but referenced in build.gradle). Drawable assets and tab XML configs are in app/src/main/res/. Adding new tabs: define in XML resource, register via BottomBar API.

(1) This is a deprecated library—the author explicitly discourages new usage in the README. (2) minSdkVersion is API 11 (Honeycomb, 2011); modern projects target API 21+. (3) No AndroidX migration visible—uses old support library (appcompat-v7, design). (4) Author states tests 'probably aren't that great either'—fragile test suite. (5) XML-driven tab definitions are the intended config method, but undocumented in the snippet; check README.md for exact format.

• Material Design Bottom Navigation — This entire library is built to implement Google's Material Design spec for bottom navigation; understanding the spec's behavior (tab shifting, badges, animations) is essential to using or modifying this code
• Custom Android View (View subclass) — BottomBar extends View directly; you need to understand the Android View lifecycle (onMeasure, onDraw, onLayout) to modify layout or rendering behavior
• XML-Driven Configuration — Tabs are defined via XML resource files rather than programmatic setup; this is a key design pattern in the v2 redesign and you must understand how Android parses custom XML attributes
• Badge UI Pattern — Badges (small notification indicators) are a core feature; understanding how to layer and animate small UI elements on top of icons is useful for notification UI in general
• Instrumented Testing (AndroidTest) — The repo uses Mockito + AndroidTestCompile for View testing; you need to understand how to test Android UI components that require an Activity context
• Density-Specific Resources (drawable-hdpi, drawable-mdpi) — Icons must be provided at multiple densities; this is fundamental to Android's multi-device support and asset organization
• Support Library Backports — The codebase relies on appcompat-v7 and design support libraries to backport Material Design features to pre-Material-Design Android versions (API 11+); you must understand this era's approach before AndroidX

• google/material-components-android — Official Google Material Design components library; includes the BottomNavigationView that replaced this custom implementation
• aurelhubert/ahbottomnavigation — Contemporary third-party bottom navigation library with similar Material Design goals; still maintained as of the BottomBar deprecation era
• ittianyu/BottomNavigationViewEx — Alternative bottom navigation component that extends Google's official BottomNavigationView with additional customization options

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for BottomBar core component (bottom-bar module)

The README explicitly states the library was 'written in a rush, without tests'. The androidTestCompile dependencies are present but no test files are visible in the structure. Adding comprehensive unit tests for the main BottomBar component would improve reliability and prevent regressions, especially important for a deprecated library that should be stable.

• [ ] Create bottom-bar/src/test/java directory structure mirroring the main source
• [ ] Add unit tests for BottomBar initialization, tab selection, and badge functionality (referenced in BadgeActivity.java)
• [ ] Add unit tests for color and font customization (referenced in CustomColorAndFontActivity.java)
• [ ] Ensure tests cover the five-tab, three-tab, and icons-only variants shown in sample activities
• [ ] Update .travis.yml to run these unit tests in CI pipeline

Migrate from deprecated Support Library to AndroidX

The project uses outdated com.android.support dependencies (appcompat-v7, design) which are no longer maintained. The sample app's build.gradle shows compileSdkVersion and targetSdkVersion from rootProject.ext but likely target old API levels. Migrating to AndroidX would make the library compatible with modern Android projects and remove deprecation warnings.

• [ ] Update build.gradle files to use androidx.appcompat:appcompat and androidx.design:design
• [ ] Update all import statements in bottom-bar/src/main/java from android.support.* to androidx.*
• [ ] Update all sample activity files (MainActivity.java, BadgeActivity.java, etc.) with new imports
• [ ] Update rootProject.ext versions in root build.gradle to target minSdkVersion 21+ (required for AndroidX)
• [ ] Test all sample activities to ensure they compile and run correctly

Add instrumented tests for sample activities with UI interactions

The androidTestCompile dependencies are configured (Espresso runner, rules) but no instrumented test files exist. Given the visual nature of BottomBar, adding instrumented tests for the sample activities would verify that tab selection, badge updates, and color changes work correctly across different configurations.

• [ ] Create app/src/androidTest/java/com/example/bottombar/sample directory
• [ ] Add BadgeActivityTest.java to verify badge display and increment functionality
• [ ] Add FiveColorChangingTabsActivityTest.java to verify tab color transitions
• [ ] Add MainActivityTest.java to verify basic tab selection and fragment switching
• [ ] Ensure tests use androidx.test.espresso for UI assertions
• [ ] Update .travis.yml to run instrumented tests (may require updating travis config for Android emulator)

• Migrate support library dependencies to AndroidX (appcompat-v7 → androidx.appcompat:appcompat, design → com.google.android.material:material). This would modernize the codebase but is non-trivial due to API changes.
• Add comprehensive unit tests for the core BottomBar view class (currently admitted to lack thorough tests). Start with testing badge display, tab selection, and color animations.
• Document the required XML schema for defining tabs in the README—the snippet cuts off mid-sentence at 'Define your tabs in an XML resource fi[le].' Provide a complete example with all supported attributes.

The BottomBar library has significant security concerns. As a deprecated and unmaintained project, it lacks current security patches and updates. The codebase uses outdated Android Support libraries and test dependencies with known vulnerabilities. Additionally, ProGuard obfuscation is disabled in release builds, increasing reverse engineering risk. Users should immediately migrate to the official BottomNavigationView or actively maintained alternatives. The current state makes this unsuitable for production use in new applications.

• High · Deprecated Library with Unmaintained Code — README.md, entire repository. The BottomBar library is explicitly marked as deprecated in the README. The maintainer states the library was written 'in a rush, without tests' and hasn't been maintained in years. This means no security patches, bug fixes, or updates to dependencies will be provided. Fix: Migrate to the official BottomNavigationView from Google's Material Design library (com.google.android.material:material) which receives regular security updates and maintenance.
• High · Outdated Android Support Libraries — app/build.gradle, dependency configuration. The project uses deprecated Android Support Library (com.android.support:) instead of AndroidX. Support libraries are no longer maintained as of November 2018. The exact versions used are not visible but are pulled from rootProject.ext variables, which likely contain outdated versions. Fix: Migrate from Android Support Library to AndroidX (androidx.) and update all dependencies to their latest versions. Replace 'com.android.support:appcompat-v7' with 'androidx.appcompat:appcompat' and 'com.android.support:design' with 'com.google.android.material:material'.
• High · Outdated Test Dependencies with Known Vulnerabilities — app/build.gradle, androidTestCompile dependencies. The project uses very old testing libraries: mockito-core:1.10.19 (released 2015), dexmaker:1.2 (released 2013), and test runner/rules 0.5 (released 2015). These versions contain known vulnerabilities and lack security patches. Fix: Update to latest versions: mockito-core to 5.x+, use androidx.test:runner and androidx.test:rules, remove dexmaker if not strictly necessary or update to latest version (1.2 is EOL).
• Medium · ProGuard Obfuscation Disabled in Release Build — app/build.gradle, release buildType. The release build configuration has 'minifyEnabled false', which means the app is not obfuscated in production. This makes reverse engineering easier and could expose sensitive logic, variable names, and class structures. Fix: Set 'minifyEnabled true' in release builds and configure appropriate ProGuard/R8 rules to obfuscate code while maintaining functionality. Test thoroughly to ensure the app functions correctly after obfuscation.
• Medium · Missing Gradle Wrapper Verification — gradle/wrapper/ (not shown in file structure). No gradle-wrapper.properties or gradle-wrapper.jar verification mechanism is evident in the file structure, which could allow man-in-the-middle attacks during Gradle downloads. Fix: Ensure gradle-wrapper.properties specifies a SHA-256 checksum for gradle distribution verification. Use 'gradle wrapper --gradle-version VERSION' to update and verify wrapper integrity.
• Low · No Security Policy or Vulnerability Reporting Guidelines — Repository root. The repository does not appear to have a SECURITY.md file or vulnerability disclosure policy, making it difficult for security researchers to responsibly report issues. Fix: Add a SECURITY.md file with instructions for reporting security vulnerabilities, even though the library is deprecated. Include a note directing users to report issues to the maintainer or use official alternatives.
• Low · Missing Dependency Checksum Verification — app/build.gradle. No explicit dependency verification or checksum mechanisms visible in the build configuration, which could be vulnerable to supply chain attacks. Fix: Implement Gradle dependency verification by running 'gradle dependencies --verify-dependencies' and adding a verify-metadata.xml file. Consider using dependency lock files or Gradle's built-in dependency verification feature.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.