{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 25.0% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 25.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 25.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = %s', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/417"}, "properties": {"repository": "emcie-co/parlant", "repoUrl": "https://github.com/emcie-co/parlant.git", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 16577, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 16576, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 637, "file_path": "tests/test_utilities.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 123, "file_path": "src/parlant/api/app.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 599, "file_path": "src/parlant/core/services/tools/plugins.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 25.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 16575, "scanner": "repobility-access-control", "fingerprint": "db8cd81b7f56f521a3976929711f964a73414f1a5ca18be9f9b6edd77efc9fe6", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 4, "correlation_key": "fp|db8cd81b7f56f521a3976929711f964a73414f1a5ca18be9f9b6edd77efc9fe6", "auth_visible_percent": 25.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 16574, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 16573, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 16569, "scanner": "repobility-threat-engine", "fingerprint": "323256fb82a3b24cf76476fb2f97c6f0f40dad8c02c06e0020404a4d3f39f334", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|323256fb82a3b24cf76476fb2f97c6f0f40dad8c02c06e0020404a4d3f39f334"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/azure_service.py"}, "region": {"startLine": 592}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 16568, "scanner": "repobility-threat-engine", "fingerprint": "071b81e3c2e405b8846c291ff7125d913651b076940c0e195150720a76972762", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|071b81e3c2e405b8846c291ff7125d913651b076940c0e195150720a76972762"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/vector_db/qdrant.py"}, "region": {"startLine": 350}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 16564, "scanner": "repobility-agent-runtime", "fingerprint": "65a13f5662114b4dc37dffec10383ab535f650a5fdccfff53baa7bb69da25773", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|65a13f5662114b4dc37dffec10383ab535f650a5fdccfff53baa7bb69da25773"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/core/services/tools/plugins.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 16563, "scanner": "repobility-agent-runtime", "fingerprint": "74763cda9bf631be6cf03316e253ea93947b5ef31f203280652abbaf7b21baf7", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|74763cda9bf631be6cf03316e253ea93947b5ef31f203280652abbaf7b21baf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/core/services/tools/mcp_service.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16562, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6027ed68ea06fe4709cef7132667f15bd49bbd805ab1663db0e99096dc9ed638", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/deepseek_service.py", "duplicate_line": 1, "correlation_key": "fp|6027ed68ea06fe4709cef7132667f15bd49bbd805ab1663db0e99096dc9ed638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/glm_service.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16561, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d016f5781eaaefd90912b8912e205cbb9ba49ba0a494f41a24c4b9db3a9a1ef", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/anthropic_service.py", "duplicate_line": 216, "correlation_key": "fp|0d016f5781eaaefd90912b8912e205cbb9ba49ba0a494f41a24c4b9db3a9a1ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/gemini_service.py"}, "region": {"startLine": 379}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16560, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55da6915ec043e9c41f1f2568f9675124181766c645ef5852b4369f16f6705ff", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/anthropic_service.py", "duplicate_line": 131, "correlation_key": "fp|55da6915ec043e9c41f1f2568f9675124181766c645ef5852b4369f16f6705ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/fireworks_service.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16559, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e2230a082287973181e5379f1f546ee831fb5f0e4101e11de3d2641e9033937", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/cerebras_service.py", "duplicate_line": 87, "correlation_key": "fp|7e2230a082287973181e5379f1f546ee831fb5f0e4101e11de3d2641e9033937"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/fireworks_service.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16558, "scanner": "repobility-ai-code-hygiene", "fingerprint": "966fd78a2f3ffeffc68b01725fa4fe82b114b950b0fb935285bfef10f39a641f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/aws_service.py", "duplicate_line": 23, "correlation_key": "fp|966fd78a2f3ffeffc68b01725fa4fe82b114b950b0fb935285bfef10f39a641f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/fireworks_service.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16557, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5616e7ae6e9267f8ffc246a93b156b47275e304b85ee98fecd5265d0f471b66b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/anthropic_service.py", "duplicate_line": 216, "correlation_key": "fp|5616e7ae6e9267f8ffc246a93b156b47275e304b85ee98fecd5265d0f471b66b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/deepseek_service.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16556, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04ba5e00b916f47a08fe521e846aa3be8ab4fafaf296468d68eb1e493a5f5b7a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/azure_service.py", "duplicate_line": 189, "correlation_key": "fp|04ba5e00b916f47a08fe521e846aa3be8ab4fafaf296468d68eb1e493a5f5b7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/deepseek_service.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16555, "scanner": "repobility-ai-code-hygiene", "fingerprint": "57a089dd851f23ee75fe4585d2fd6478ca1a3adc0eff9b629acc2c7e5cb0efe3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/anthropic_service.py", "duplicate_line": 131, "correlation_key": "fp|57a089dd851f23ee75fe4585d2fd6478ca1a3adc0eff9b629acc2c7e5cb0efe3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/cerebras_service.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16554, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5487b02f2657f3554ad598b9fcab5a8b29019cbc3a401ba0fc7a387fe7425af3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/aws_service.py", "duplicate_line": 23, "correlation_key": "fp|5487b02f2657f3554ad598b9fcab5a8b29019cbc3a401ba0fc7a387fe7425af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/cerebras_service.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16553, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd8aa0a797a574b4552e097eb0b7ccbfe71154e50cf8915d8da86b47616c4ab6", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/anthropic_service.py", "duplicate_line": 76, "correlation_key": "fp|cd8aa0a797a574b4552e097eb0b7ccbfe71154e50cf8915d8da86b47616c4ab6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/azure_service.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16552, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c5adcb6e6da629987a23ce8b8fcaeb2ddab8af580ec55a36460fe7545c73904e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/nlp/anthropic_service.py", "duplicate_line": 75, "correlation_key": "fp|c5adcb6e6da629987a23ce8b8fcaeb2ddab8af580ec55a36460fe7545c73904e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/aws_service.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16551, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c4283e0e3a2069d77b89f1d6b03c719fc259d35ec4c7fb16e655895fc9cbfec", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/parlant/adapters/db/json_file.py", "duplicate_line": 197, "correlation_key": "fp|5c4283e0e3a2069d77b89f1d6b03c719fc259d35ec4c7fb16e655895fc9cbfec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/db/transient.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 16572, "scanner": "repobility-docker", "fingerprint": "d4d862bb04b97260ea32b4475cf7dfe548cf7728b20697949ebf185d9f002b74", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d4d862bb04b97260ea32b4475cf7dfe548cf7728b20697949ebf185d9f002b74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 39}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 16570, "scanner": "repobility-docker", "fingerprint": "fefbccf91cf6ec4e87ccd76cf478f9c6ccd98c440a628b7eaa895bead2134166", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fefbccf91cf6ec4e87ccd76cf478f9c6ccd98c440a628b7eaa895bead2134166"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 16566, "scanner": "repobility-threat-engine", "fingerprint": "a4d451f22b5b186fc750b1efe3260abb5f82837d3768996599e63821a880bf9e", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "logger.trace(f\"Token usage - Total: {response.usage.total_tokens}\")", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|44|logger.trace f token usage - total: response.usage.total_tokens"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/nlp/zhipu_service.py"}, "region": {"startLine": 441}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 16565, "scanner": "repobility-threat-engine", "fingerprint": "dbfb01746d4dceff554fc2337cef3abde53d4c059d93fd92a4a017fbebe349c6", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.trace(f\"Authorization error: {exc}\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|src/parlant/api/app.py|21|logger.trace f authorization error: exc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/api/app.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 16571, "scanner": "repobility-docker", "fingerprint": "e49f70b58f1b587be77696d9f4073da9d440da85d692e786e15f4817f278e644", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|e49f70b58f1b587be77696d9f4073da9d440da85d692e786e15f4817f278e644"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 16567, "scanner": "repobility-threat-engine", "fingerprint": "8673869816a72ce7d16130d764dbfbb2d0d81682fd059fca8b364df1f14c484d", "category": "injection", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "SQL string interpolation is near request/data/parameter input; user-controlled taint is plausible.", "evidence": {"match": "sql = f\"SELECT", "reason": "SQL string interpolation is near request/data/parameter input; user-controlled taint is plausible.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "code|injection|token|427|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parlant/adapters/db/snowflake_db.py"}, "region": {"startLine": 427}}}]}]}]}