If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/yck1509/ConfuserEx shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 7y ago

• 8 active contributors
• Other licensed
• ⚠ Stale — last commit 7y ago
• ⚠ Single-maintainer risk — top contributor 89% of recent commits
• ⚠ Non-standard license (Other) — review terms
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live yck1509/ConfuserEx repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/yck1509/ConfuserEx.

What it runs against: a local clone of yck1509/ConfuserEx — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in yck1509/ConfuserEx | Confirms the artifact applies here, not a fork | | 2 | License is still Other | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | Last commit ≤ 2582 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of yck1509/ConfuserEx. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/yck1509/ConfuserEx.git
#   cd ConfuserEx
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of yck1509/ConfuserEx and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "yck1509/ConfuserEx(\\.git)?\\b" \\
  && ok "origin remote is yck1509/ConfuserEx" \\
  || miss "origin remote is not yck1509/ConfuserEx (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Other)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Other\"" package.json 2>/dev/null) \\
  && ok "license is Other" \\
  || miss "license drift — was Other at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 2582 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~2552d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/yck1509/ConfuserEx"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

ConfuserEx is an open-source .NET application protector that obfuscates and hardens compiled C# assemblies against reverse engineering and tampering. It uses techniques like symbol renaming, control flow obfuscation, method encryption, constant/resource encryption, and anti-debugging/anti-memory-dump protections to prevent decompilation and unauthorized analysis of .NET Framework 2.0–4.5 binaries. Monolithic solution structure: Confuser.CLI (entry point in Program.cs) wraps the core engine in Confuser.Core, which contains the ConfuserEngine and ConfuserContext orchestrators. Core has modular protection passes (in unnamed component directories), helper utilities in Helpers/ (ControlFlowGraph, MutationHelper, InjectHelper), embedded LZMA compression, and an extensible plugin API (ConfuserComponent base class).

.NET Framework developers building desktop or business applications who need to protect intellectual property and prevent reverse engineering of compiled assemblies, but don't want to pay for commercial protectors.

Abandoned/discontinued. The README explicitly states the project is 'discontinued and unmaintained' with no recent commits visible in the file timestamps. The codebase is substantial (~1.3MB C#) and feature-complete, but users are directed to fork alternatives. Not production-ready for new projects.

High risk for new adoption: the original author has ended support, so security vulnerabilities and .NET Framework compatibility issues (particularly .NET Core/.NET 5+ incompatibility) will never be patched. Single-maintainer legacy, and community forks have fragmented maintenance. Only viable for maintaining existing protected builds.

Nothing—project is unmaintained. The README directs users to issue #671 for alternative forks. No active development, PRs, or branches are expected.

git clone https://github.com/yck1509/ConfuserEx.git
cd ConfuserEx
.\Build\Build.cmd

The Build folder contains Build.cmd (batch file for Windows) and an UpdateVersion.csproj for versioning; use Visual Studio or msbuild to build the .sln after running the build script.

Daily commands:

Confuser.CLI <path-to-project-file>.crproj

Reads a ConfuserEx Project file (.crproj, documented in docs/ProjectFormat.md) and outputs protected assemblies. No daemon or interactive mode—purely CLI.

• Confuser.Core/ConfuserEngine.cs: Main orchestrator that chains all protection passes and coordinates the obfuscation pipeline.
• Confuser.Core/ConfuserContext.cs: Central state holder and plugin registry; all components register protections here.
• Confuser.CLI/Program.cs: Entry point; parses .crproj files and invokes the engine.
• Confuser.Core/Helpers/ControlFlowGraph.cs: Critical for control flow obfuscation; analyzes method IL to inject opaque predicates and junk code.
• Confuser.Core/ConfuserComponent.cs: Base class for all protection plugins; extension point for custom protections.
• Confuser.Core/Helpers/InjectHelper.cs: Utilities for runtime IL injection and code embedding (e.g., anti-debug stubs).
• Confuser.Core/LZMA/Compress/LZMA/LzmaEncoder.cs: Handles LZMA compression of output assemblies; critical for size/obfuscation.

Start in Confuser.Core/ConfuserEngine.cs (main protection orchestrator) and ConfuserContext.cs (state/plugin registry). For new protections: subclass ConfuserComponent in Confuser.Core and register in CoreComponent.cs. For IL manipulation: use DnlibUtils.cs and Helpers/InjectHelper.cs. CLI argument parsing is in Confuser.CLI/Options.cs.

The project targets .NET Framework 2.0–4.5 only; will not work with .NET Core or .NET 5+ without significant rework. The .crproj format (XML project files) must be manually created—no tooling exists to generate them from .csproj. The embedded LZMA decompression logic must match the encoder exactly, or unpacking fails silently. Build via Build.cmd (Windows-only batch script); no cross-platform build documented. No unit tests visible in the file list, making contributions risky.

• Opaque Predicates — Core obfuscation technique used in ConfuserEx's control flow protection (IOpaquePredicate.cs); adds fake conditional branches with compile-time-known outcomes that decompilers struggle to simplify.
• IL (Intermediate Language) Mutation — ConfuserEx manipulates .NET IL bytecode directly via dnlib to encrypt methods, inline code, and obfuscate control flow; understanding IL is required to extend the tool.
• Control Flow Graph (CFG) Analysis — ConfuserEx.Core/Helpers/ControlFlowGraph.cs builds CFGs to identify basic blocks and inject obfuscation; CFG analysis is fundamental to most static protections.
• Symbol Renaming (Obfuscation) — ConfuserEx's entry-level protection; renames classes, methods, fields to meaningless names, breaking decompiler readability and hindering manual analysis.
• LZMA Compression — ConfuserEx embeds LZMA (Lempel–Ziv–Markov chain) compression in output assemblies to reduce size and add a decompression barrier; requires custom runtime unpacking.
• Anti-Debugging & Anti-Tampering — ConfuserEx injects runtime checks (via InjectHelper.cs) to detect debuggers, profilers, and memory dumps; critical for protecting against dynamic analysis.
• Plugin Architecture / Dependency Injection — ConfuserComponent base class and ConfuserContext provide extensibility for custom protections; understanding this is essential for adding new protection passes.

• yck1509/Confuser — The original (v1) Confuser protector that ConfuserEx succeeded; useful for historical reference and understanding evolution of obfuscation strategies.
• Kryptos-FR/Platformus — A maintained fork/derivative of ConfuserEx with bug fixes and .NET Framework updates for modern use.
• de4dot/de4dot — Inverse project: .NET deobfuscator that reverses ConfuserEx protections; essential to understand what ConfuserEx is protecting against.
• dnlib/dnlib — The core IL manipulation library ConfuserEx depends on; understanding dnlib is essential for extending ConfuserEx with custom protections.
• 0xd4d/dnSpy — Modern .NET debugger/decompiler (alternative to ILDasm); credited contributor 0xd4d's project—shows what ConfuserEx tries to prevent users from doing.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for PatternParser and pattern matching system

The Confuser.Core/Project/Patterns directory contains critical pattern matching logic (AndOperator.cs, DeclTypeFunction.cs, FullNameFunction.cs, etc.) and PatternParser.cs that parses ConfuserEx project files. There are no visible test files for this system, which handles rule matching for obfuscation targets. A robust test suite would catch regressions in pattern parsing and ensure users' .crproj rule definitions work as expected.

• [ ] Create Confuser.Tests/Project/PatternParserTests.cs with tests for PatternTokenizer.cs and PatternParser.cs
• [ ] Add tests in Confuser.Tests/Project/Patterns/ for each pattern operator (AndOperator, DeclTypeFunction, FullNameFunction)
• [ ] Test edge cases like invalid pattern syntax from InvalidPatternException.cs scenarios
• [ ] Add integration test verifying end-to-end pattern matching against sample .crproj files

Add unit tests for ControlFlowGraph and helper utilities

The Confuser.Core/Helpers directory (ControlFlowGraph.cs, InjectHelper.cs, MutationHelper.cs, KeySequence.cs) contains complex IL manipulation logic that is core to obfuscation. These utilities have no visible test coverage. Testing these would ensure control flow obfuscation and code mutation work correctly and prevent regressions when refactoring.

• [ ] Create Confuser.Tests/Helpers/ControlFlowGraphTests.cs to validate graph construction and traversal
• [ ] Add Confuser.Tests/Helpers/MutationHelperTests.cs testing IL mutation operations
• [ ] Add Confuser.Tests/Helpers/InjectHelperTests.cs for method/code injection scenarios
• [ ] Create test cases using dnlib to verify generated IL is valid

Add GitHub Actions CI workflow for multi-framework builds and basic smoke tests

The repo supports .NET Framework 2.0/3.0/3.5/4.0/4.5 as stated in the README, but there is no visible CI configuration. The Build/Build.cmd script exists but there's no automated verification that builds succeed or that basic obfuscation works. Adding a GitHub Actions workflow would catch breaking changes early and validate the project still builds.

• [ ] Create .github/workflows/build.yml to run Build/Build.cmd on Windows
• [ ] Add workflow step to verify Confuser.CLI.exe builds successfully
• [ ] Add smoke test step that runs Confuser.CLI on a sample .NET application (can be a minimal test assembly)
• [ ] Configure workflow to run on push to main branch and pull requests

• Add comprehensive unit tests for Confuser.Core/Helpers/ControlFlowGraph.cs—no test coverage is visible, and this is the most complex IL analysis code.
• Document the .crproj format in detail with examples; docs/ProjectFormat.md is referenced but not in the file list, and users have to reverse-engineer syntax.
• Write a .csproj-to-.crproj converter tool in Confuser.CLI to reduce friction for developers migrating existing Visual Studio projects (currently they must hand-author XML).

Failed to generate security analysis.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.