If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/srwi/EverythingToolbar shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Single-maintainer risk — review before adopting

• Last commit 1d ago
• 6 active contributors
• Other licensed
• CI configured
• ⚠ Single-maintainer risk — top contributor 92% of recent commits
• ⚠ Non-standard license (Other) — review terms
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live srwi/EverythingToolbar repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/srwi/EverythingToolbar.

What it runs against: a local clone of srwi/EverythingToolbar — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in srwi/EverythingToolbar | Confirms the artifact applies here, not a fork | | 2 | License is still Other | Catches relicense before you depend on it | | 3 | Default branch develop exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 31 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of srwi/EverythingToolbar. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/srwi/EverythingToolbar.git
#   cd EverythingToolbar
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of srwi/EverythingToolbar and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "srwi/EverythingToolbar(\\.git)?\\b" \\
  && ok "origin remote is srwi/EverythingToolbar" \\
  || miss "origin remote is not srwi/EverythingToolbar (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Other)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Other\"" package.json 2>/dev/null) \\
  && ok "license is Other" \\
  || miss "license drift — was Other at generation time"

# 3. Default branch
git rev-parse --verify develop >/dev/null 2>&1 \\
  && ok "default branch develop exists" \\
  || miss "default branch develop no longer exists"

# 4. Critical files exist
test -f "EverythingToolbar.Deskband/CSDeskBand.cs" \\
  && ok "EverythingToolbar.Deskband/CSDeskBand.cs" \\
  || miss "missing critical file: EverythingToolbar.Deskband/CSDeskBand.cs"
test -f "EverythingToolbar.Deskband/ToolbarControl.xaml.cs" \\
  && ok "EverythingToolbar.Deskband/ToolbarControl.xaml.cs" \\
  || miss "missing critical file: EverythingToolbar.Deskband/ToolbarControl.xaml.cs"
test -f "EverythingToolbar.Deskband/Server.cs" \\
  && ok "EverythingToolbar.Deskband/Server.cs" \\
  || miss "missing critical file: EverythingToolbar.Deskband/Server.cs"
test -f "EverythingSDK/src/Everything.c" \\
  && ok "EverythingSDK/src/Everything.c" \\
  || miss "missing critical file: EverythingSDK/src/Everything.c"
test -f "EverythingToolbar.Launcher/Launcher.cs" \\
  && ok "EverythingToolbar.Launcher/Launcher.cs" \\
  || miss "missing critical file: EverythingToolbar.Launcher/Launcher.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 31 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/srwi/EverythingToolbar"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

EverythingToolbar is a Windows taskbar deskband that integrates the Everything file search engine, enabling instant full-text file search directly from the taskbar. It wraps Everything's IPC protocol (via native C SDK in EverythingSDK/) with a WPF UI (ToolbarControl.xaml in EverythingToolbar.Deskband/) and supports custom filters, regex-based actions, and automatic theme switching for Windows 10/11. Hybrid C#/C architecture: EverythingSDK/ (C/native) wraps the Everything IPC protocol into a DLL; EverythingToolbar.Deskband/ (C# WPF) implements the taskbar deskband using CSDeskBand.cs (COM deskband wrapper), with UI logic in ToolbarControl.xaml.cs; EverythingToolbar.Launcher/ is a standalone helper app for installation. Directory.Build.props centralizes project configuration.

Windows power users and system administrators who use Everything for fast file indexing and want search integrated into the taskbar; developers maintaining Windows desktop tools that need tightly-coupled file search without launching a separate window.

Actively maintained and production-ready. The repo shows regular CI/CD via GitHub Actions (build.yml, release.yml, winget-release.yml), multi-language support (17+ .resx files), and installer automation (Inno Setup). Latest activity visible in workflows and release pipeline suggests ongoing updates; no signs of abandonment.

Low maintainer risk with visible CI infrastructure and release automation. Single repo owner (srwi) is typical for small tools. Risk factors: direct Windows COM interop (deskband registration, IPC with Everything service) makes deployment fragile; tight coupling to Everything's IPC protocol means upstream changes break integration. No visible test suite in file list (no .Tests project) is a gap for regression safety.

Active development on features and localization (crowdin badge, 17+ language resource files). GitHub Actions pipelines (build.yml, csharpier.yml for formatting, winget-release.yml for package distribution) indicate continuous integration and release automation. No specific PR/milestone data in file list, but multi-language updates and installer refinements are ongoing.

Clone the repo with git clone https://github.com/srwi/EverythingToolbar.git, then open EverythingToolbar.sln in Visual Studio 2022+. Install dotnet tools via dotnet tool restore (see .config/dotnet-tools.json). Build via dotnet build or Visual Studio. Requires Windows 10+ and Everything search service installed and running.

Daily commands: Build in Visual Studio or via dotnet build (no npm/yarn used). After building, the deskband DLL must be registered on Windows via COM registry (handled by installer or installer script in EverythingToolbar.Launcher/). Test by running the launcher or manually registering the deskband and restarting Explorer.

• EverythingToolbar.Deskband/CSDeskBand.cs — Core deskband implementation that integrates the toolbar into Windows taskbar; defines the primary COM interface for the entire extension.
• EverythingToolbar.Deskband/ToolbarControl.xaml.cs — Main UI controller for the taskbar search interface; handles search logic, Everything SDK queries, and result display.
• EverythingToolbar.Deskband/Server.cs — IPC server that enables communication between the deskband process and launcher/settings processes.
• EverythingSDK/src/Everything.c — Native C wrapper around Everything IPC protocol; essential for all file search queries.
• EverythingToolbar.Launcher/Launcher.cs — Entry point for the launcher utility; handles setup and integration registration.
• EverythingToolbar/Controls/SearchBox.xaml.cs — Search input control with autocomplete and filter support; primary user interaction point.
• EverythingToolbar.sln — Solution file defining project structure and build configuration.

• CSDeskBand (C#, COM, IDeskBand2) — COM object lifecycle, sizing, positioning, theme updates
  • Failure mode: Deskband fails to load in taskbar; crashes explorer if unhandled exceptions
• ToolbarControl (WPF, C#, IPC client) — Query execution, result rendering, filter logic, user interactions
  • Failure mode: Searches hang or timeout; result list becomes unresponsive
• Everything SDK wrapper (C,) — IPC marshaling, query serialization, result parsing

Add a new search filter type

1. Define the filter enum or string constant in the search logic (EverythingToolbar/Controls/SearchBox.xaml.cs)
2. Add filter option to FilterSelector UI control (EverythingToolbar/Controls/FilterSelector.xaml.cs)
3. Implement filter query logic that calls Everything SDK with appropriate search syntax (EverythingToolbar.Deskband/ToolbarControl.xaml.cs)
4. Add localized filter name to Resources.resx (EverythingToolbar.Launcher/Properties/Resources.resx)

Add a new settings option

1. Create a SettingItem control in the settings UI (EverythingToolbar/Controls/SettingsControl.xaml)
2. Bind the setting to code-behind logic (EverythingToolbar/Controls/SettingsControl.xaml.cs)
3. Communicate the setting change via IPC Server if deskband-wide (EverythingToolbar.Deskband/Server.cs)
4. Apply the setting in ToolbarControl or the relevant behavior (EverythingToolbar.Deskband/ToolbarControl.xaml.cs)

Add a new file search result action (e.g., copy path, preview)

1. Define the action handler in SearchResultsView (EverythingToolbar/Controls/SearchResultsView.xaml.cs)
2. Add UI button or context menu item in SearchResultsView XAML (EverythingToolbar/Controls/SearchResultsView.xaml)
3. Implement action logic (e.g., file operations, clipboard, preview pane) (EverythingToolbar/Controls/SearchResultPreviewPane.xaml.cs)
4. Add localized action label to Resources (EverythingToolbar.Launcher/Properties/Resources.resx)

• C# / WPF — Provides native Windows integration via COM, modern UI framework, and rapid development for deskband
• Everything IPC (Named Pipes) — Eliminates dependency on Everything GUI; direct kernel-level index access with minimal latency
• Native C wrapper (Everything.c) — Bridges gap between Everything IPC protocol and .NET; ensures compatibility and performance
• WPF XAML + Data Binding — Declarative UI definition; theme-aware styling and clean separation of concerns
• Windows Registry + COM registration — Standard Windows plugin architecture for taskbar integration; no alternative for deskband

• Separate deskband and launcher processes via IPC

  • Why: Settings and launcher run in user context, deskband in restricted shell context; isolation required
  • Consequence: Adds IPC latency and complexity; enables secure privilege separation

• Native C wrapper instead of direct P/Invoke in C#

  • Why: Everything IPC protocol has complex struct marshaling and memory handling
  • Consequence: Build complexity with C/C++ project; guarantees correct memory semantics and performance

• Query debouncing and local caching in ToolbarControl

  • Why: User types fast; prevent excessive IPC overhead
  • Consequence: Slight perceived latency; massive reduction in query volume (~90% fewer IPC calls)

• Real-time file system monitoring (relies on Everything's indexing)
• Linux or macOS support (Windows deskband architecture specific)
• Standalone search UI (tightly integrated into Windows taskbar)
• Full-text file content search (Everything SDK indexes names/paths only)

Everything service must be running and discoverable via IPC (windows message queues or named pipes) before the deskband can function—silent failures if service is missing. COM deskband registration requires admin privileges and Explorer restart to activate; failed registration leaves no UI feedback. The C SDK (EverythingSDK) targets 64-bit (Everything64.def suggests x64-only support), so 32-bit Everything installations may not work. WPF UI theming is auto-detected from Windows registry; manual theme changes may not propagate until Explorer restart. XAML bindings assume Server.cs properties exist; typos in binding paths fail silently at runtime.

• COM Deskband (Explorer Bar Plugin) — EverythingToolbar runs as a COM-registered deskband, not a standalone app; understanding the deskband interface (IDeskBand, IInputObject) is essential for modifying taskbar integration or debugging registration issues.
• Inter-Process Communication (IPC) via Windows Messages — Server.cs communicates with Everything service using Windows message queues; the EverythingSDK wraps this low-level protocol, so you need IPC familiarity to troubleshoot search failures or extend the integration.
• P/Invoke (Platform Invocation) — C# code in ToolbarControl.xaml.cs and Server.cs calls native functions in EverythingSDK via P/Invoke; unmanaged/managed boundary issues (marshaling, memory leaks) are common pitfalls here.
• WPF Value Converters & Data Binding — UI state (visibility, colors, filters) flows via XAML bindings and custom converters in Converters/; understanding binding errors and converter pipeline is needed to fix UI bugs.
• Windows Registry COM Registration — The deskband DLL must be registered in HKEY_CLASSES_ROOT for Explorer to discover and load it; failed registration is a silent failure, making debugging harder without understanding the registry keys.
• Regular Expressions (Regex) — Custom actions in EverythingToolbar use regex patterns to match files and decide which actions to show; users need regex knowledge, and contributors must validate regex compilation in the action evaluation logic.
• Everything Search Query Language — Server.cs constructs and sends search queries to Everything using its native query syntax (filters, operators, regex); understanding Everything's grammar is needed to translate UI filters into correct queries.

• voidtools/Everything — The core search engine that EverythingToolbar wraps; not open-source but the official Everything project whose IPC protocol is reverse-engineered in EverythingSDK/.
• microsoft/Windows-classic-samples — Contains official Windows deskband COM samples and CSDeskBand patterns; likely source or reference for the taskbar integration plumbing in CSDeskBand.cs.
• valinet/ExplorerPatcher — Mentioned in README as compatible with EverythingToolbar; restores deskband support on Windows 11 and likely used for testing toolbar registration.
• alzwyed/Everything-API — Alternative C# wrapper around Everything's IPC protocol; reference for understanding the message marshaling if you need to extend Server.cs functionality.
• srwi/EverythingToolbar-Themes — Companion repo (if it exists) for user-submitted themes; likely stores custom XAML styles and color schemes for ToolbarControl.xaml.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add automated UI/UX tests for ToolbarControl.xaml interaction flows

The EverythingToolbar.Deskband project contains critical UI components (ToolbarControl.xaml, SearchControlVisibilityConverter.cs) that handle user interactions with the taskbar search. Currently, there are no visible test projects in the repo structure. Adding automated UI tests would catch regressions in search behavior, deskband resizing, and visibility state changes—all features highlighted in the demo GIFs.

• [ ] Create EverythingToolbar.Tests project using MSTest or xUnit
• [ ] Add unit tests for SearchControlVisibilityConverter.cs covering visible/hidden states
• [ ] Add integration tests for ToolbarControl.xaml.cs event handlers (search submission, text changes)
• [ ] Add tests for WindowPlacement.cs to verify deskband position persistence
• [ ] Integrate test execution into .github/workflows/build.yml after existing build step

Add localization coverage report and missing translation detection to CI

The repo supports 25+ languages (visible in EverythingToolbar.Launcher/Properties/Resources.*.resx files). The badge shows localization percentage, but there's no automated CI check to prevent merging with incomplete translations or untranslated new strings. This would reduce maintainer burden for Crowdin synchronization.

• [ ] Create a .NET console tool (or PowerShell script) that compares Resources.resx to all language variants to detect missing keys
• [ ] Add new GitHub Action workflow (.github/workflows/check-translations.yml) that runs on PRs modifying Resources.resx files
• [ ] Fail the workflow if any translations are missing keys or fall below 90% completion threshold
• [ ] Document in CONTRIBUTING.md that new features requiring strings must add base English entries first

Create installer integration tests for COM registration and deskband lifecycle

The project includes C++ COM components (EverythingSDK with Everything.h, Everything_IPC.h) and a Windows deskband registration process. Currently, there are no visible tests validating that the installer correctly registers COM interfaces or that the deskband loads/unloads properly. A broken installer/registration would be caught late by users.

• [ ] Create EverythingToolbar.IntegrationTests project targeting Windows-only test scenarios
• [ ] Add tests verifying COM registration for CSDeskBand.cs (check registry keys or CoCreateInstance success)
• [ ] Add tests validating IPC communication with Everything.exe via Everything_IPC.h
• [ ] Add deskband lifecycle tests (load, search execution, unload) using Windows automation APIs
• [ ] Document setup requirements in CONTRIBUTING.md (Everything.exe must be running, admin rights needed)

• Add unit tests for Server.cs IPC communication: Currently no .Tests project visible in the file list. Create EverythingToolbar.Tests/ with NUnit/xUnit tests for Server.cs methods (QueryAsync, GetResultItem, etc.) to catch IPC protocol regressions without manual Everything service setup.
• Extract SearchControlVisibilityConverter logic into separate documentation with examples: The Converters/ folder has minimal inline comments. Write a Converters/README.md explaining each converter's purpose, input/output types, and usage patterns for future contributors adding new XAML bindings.
• Add keyboard shortcut configuration to settings: README mentions quick toggles (match case, regex, etc.) but file list shows no Settings UI model. Create a new SettingsPage.xaml or extend Server.cs with hotkey registration (WndProc hook) and add UI for users to customize shortcuts.

EverythingToolbar is a Windows taskbar integration tool with moderate security posture. The main security concerns relate to native code execution through the Everything SDK, inter-process communication with the Everything service, and potential path traversal risks in file search handling. The codebase lacks explicit secrets or obvious injection vulnerabilities in the C# portions. Key recommendations include rigorous validation of IPC messages, proper sanitization of file paths, ensuring the Everything SDK is from trusted sources with signature verification, and implementing least-privilege COM registration. No critical vulnerabilities were identified, but medium-severity risks around native code and IPC should be addressed.

• Medium · Native C/C++ Code Execution Risk — EverythingSDK/src/Everything.c, EverythingSDK/include/Everything_IPC.h. The project includes EverythingSDK with native C code (Everything.c) that interfaces with the Windows Everything search engine. Native code execution without proper isolation could lead to privilege escalation or system compromise if vulnerabilities exist in the SDK or its integration. Fix: Ensure the Everything SDK is from an official trusted source, keep it updated, use code signing verification, and implement proper error handling around IPC calls. Consider running the deskband in a lower privilege context if possible.
• Medium · Inter-Process Communication (IPC) Security — EverythingSDK/include/Everything_IPC.h, EverythingToolbar.Deskband/Server.cs. The codebase uses IPC mechanisms (Everything_IPC.h) to communicate with the Everything service. IPC channels can be vulnerable to privilege escalation, message injection, or unauthorized access if not properly validated. Fix: Implement strict validation of all IPC messages, use authenticated IPC channels, verify the Everything service identity before communication, and implement timeouts to prevent denial-of-service attacks.
• Low · Missing HTTPS Configuration for External Resources — .github/workflows/build.yml, .github/workflows/release.yml, .github/workflows/winget-release.yml. GitHub workflow files and release processes may download or reference external resources. If not using HTTPS and signature verification, man-in-the-middle attacks could compromise the build or distribution chain. Fix: Ensure all external package sources use HTTPS, implement signature verification for downloads, use pinned versions or hashes for dependencies, and review workflow permissions to follow least-privilege principles.
• Low · Potential Path Traversal in File Search Results — EverythingToolbar.Deskband/ToolbarControl.xaml.cs. The Everything integration returns file paths from user searches. If file paths are not properly sanitized when displayed or passed to external handlers, path traversal or injection attacks could occur. Fix: Validate and sanitize all file paths returned from Everything before display, use safe path APIs (Path.GetFullPath with validation), avoid constructing paths through string concatenation, and validate before passing to external applications.
• Low · COM Registration Security for Deskband — EverythingToolbar.Deskband/CSDeskBand.cs. The deskband implements COM interfaces (CSDeskBand.cs) which require Windows registry modifications. Improper COM registration could allow privilege escalation or code injection. Fix: Use elevated privileges only for COM registration, validate COM registration entries, avoid storing sensitive data in registry, implement proper access controls on COM registry keys, and document the required UAC elevation.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.