{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `redis:7.2.5` unpinned: `container/services image: redis:7.2.5` without `@s", "shortDescription": {"text": "[MINED126] Workflow container/services image `redis:7.2.5` unpinned: `container/services image: redis:7.2.5` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain disc"}, "fullDescription": {"text": "Replace with `redis:7.2.5@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `@dust-tt/sparkle` pulled from URL/Git: `dependencies.@dust-tt/sparkle` = `file:..` bypasses", "shortDescription": {"text": "[MINED122] package.json dep `@dust-tt/sparkle` pulled from URL/Git: `dependencies.@dust-tt/sparkle` = `file:..` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromis"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "[MINED113] Express POST /connectors/:connector_id/config/:config_key has no auth: Express route POST /connectors/:connec", "shortDescription": {"text": "[MINED113] Express POST /connectors/:connector_id/config/:config_key has no auth: Express route POST /connectors/:connector_id/config/:config_key declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE"}, "fullDescription": {"text": "Add an auth middleware: app.post('/connectors/:connector_id/config/:config_key', requireAuth, handler) \u2014 or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based o", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.ANTHROPIC_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_reques", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.ANTHROPIC_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ANTHROPIC_API_KEY }` lets a PR from any fork exfiltrate th"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED114", "name": "[MINED114] Admin endpoint without auth: POST /connectors/admin: Express route on /admin path (/connectors/admin) with no", "shortDescription": {"text": "[MINED114] Admin endpoint without auth: POST /connectors/admin: Express route on /admin path (/connectors/admin) with no auth middleware."}, "fullDescription": {"text": "Add an auth middleware: app.post('/connectors/admin', requireAuth, handler) \u2014 or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "critical", "confidence": 0.8, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1086"}, "properties": {"repository": "dust-tt/dust", "repoUrl": "https://github.com/dust-tt/dust", "branch": "main"}, "results": [{"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 106589, "scanner": "repobility-agent-runtime", "fingerprint": "65d1e0e0e14bd3281cd49b84a9c23b0d626fb59eb7f52719e09911326d01a590", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|65d1e0e0e14bd3281cd49b84a9c23b0d626fb59eb7f52719e09911326d01a590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "x/henry/dust-hive/README.md"}, "region": {"startLine": 17}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 106588, "scanner": "repobility-agent-runtime", "fingerprint": "accd8fe29393e90b7801978fba0187c20e2ce2f18d80fc02bd4459e4b9e18294", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|accd8fe29393e90b7801978fba0187c20e2ce2f18d80fc02bd4459e4b9e18294"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 26}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 106576, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 106590, "scanner": "repobility-web-presence", "fingerprint": "eea0829120226609c542e6f69a570702f9d0130c3b489d48bd0dc2c0af658ae1", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|eea0829120226609c542e6f69a570702f9d0130c3b489d48bd0dc2c0af658ae1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/commands/forward/http_host.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106587, "scanner": "repobility-ai-code-hygiene", "fingerprint": "121242912d1b9cfd21d14da2577df00a11f32c443285e92319ce741c6150aa1f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/connectors/bigquery/temporal/worker.ts", "duplicate_line": 36, "correlation_key": "fp|121242912d1b9cfd21d14da2577df00a11f32c443285e92319ce741c6150aa1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/connectors/dust_project/temporal/worker.ts"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106586, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7d60cc8dc22cbe1f4354514b9e2fc502fae62fc8e3c195d3971bd623582efe16", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/connectors/discord_bot/index.ts", "duplicate_line": 111, "correlation_key": "fp|7d60cc8dc22cbe1f4354514b9e2fc502fae62fc8e3c195d3971bd623582efe16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/connectors/dust_project/index.ts"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106585, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b28de2b2f4229ae4f04681540de553e1e27beef6c09a9ce77f3056b8f31279c8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/connectors/bigquery/index.ts", "duplicate_line": 98, "correlation_key": "fp|b28de2b2f4229ae4f04681540de553e1e27beef6c09a9ce77f3056b8f31279c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/connectors/discord_bot/index.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106584, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62a4f64ddfb77b6176c68a9c81019850c4c926f3a69c67ffad554aad38055af3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/connectors/bigquery/temporal/worker.ts", "duplicate_line": 36, "correlation_key": "fp|62a4f64ddfb77b6176c68a9c81019850c4c926f3a69c67ffad554aad38055af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/connectors/confluence/temporal/worker.ts"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106583, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e83747936ad43ccfbb9fedff26276c6793fc3adeda01aa1e3a903e3798ecef40", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/connectors/bigquery/temporal/client.ts", "duplicate_line": 69, "correlation_key": "fp|e83747936ad43ccfbb9fedff26276c6793fc3adeda01aa1e3a903e3798ecef40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/connectors/confluence/temporal/client.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106582, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a47c0e454f02daf192ec5d8e76181d5d784df3efa27b53487d669e17eb06ee3f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/connectors/confluence/lib/content/pages.ts", "duplicate_line": 225, "correlation_key": "fp|a47c0e454f02daf192ec5d8e76181d5d784df3efa27b53487d669e17eb06ee3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/connectors/confluence/temporal/activities.ts"}, "region": {"startLine": 575}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106581, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3ef893b6c62a1428f07abf46cef5e20b6ec4f80686cf8b1ce6ee89f790d7c45", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/api/webhooks/webhook_slack_bot_interaction.ts", "duplicate_line": 55, "correlation_key": "fp|c3ef893b6c62a1428f07abf46cef5e20b6ec4f80686cf8b1ce6ee89f790d7c45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/webhooks/webhook_slack_interaction.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106580, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0a3224bc3d634dc9569f9c75389ae4e6825d214ba363568c9a736c441f20bd4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/api/webhooks/webhook_slack.ts", "duplicate_line": 41, "correlation_key": "fp|f0a3224bc3d634dc9569f9c75389ae4e6825d214ba363568c9a736c441f20bd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/webhooks/webhook_slack_bot.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106579, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cfcaeddcb32df895490009efbc335e64d6505a4588134fc1a72bc42840872c32", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/api/webhooks/discord/bot.ts", "duplicate_line": 308, "correlation_key": "fp|cfcaeddcb32df895490009efbc335e64d6505a4588134fc1a72bc42840872c32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/webhooks/webhook_discord_app.ts"}, "region": {"startLine": 378}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106578, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4eb21fb0caf9177d974a985dc5e448dc4dd03f487e45b2457e63820f4007ade", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "connectors/src/api/delete_connector.ts", "duplicate_line": 13, "correlation_key": "fp|a4eb21fb0caf9177d974a985dc5e448dc4dd03f487e45b2457e63820f4007ade"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/get_connector_permissions.ts"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106577, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a6528a33c293a265964ce80073e38e1dfdc7e824c71df6a16db12e7867c0520", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cli/dust-sandbox/src/commands/forward/http2/inbound.rs", "duplicate_line": 101, "correlation_key": "fp|7a6528a33c293a265964ce80073e38e1dfdc7e824c71df6a16db12e7867c0520"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/commands/forward/http2/stream.rs"}, "region": {"startLine": 467}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 106574, "scanner": "repobility-threat-engine", "fingerprint": "c0a8f4583cf81aa8990f8a2e0a97d7bcf249ff7b8c798990c4c1cdb211ad7953", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.warn(\"Received unexpected Notion webhook verification token\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|logger.warn received unexpected notion webhook verification token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/webhooks/webhook_notion.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 106573, "scanner": "repobility-threat-engine", "fingerprint": "0b1d44cd670603070af369a28c34b4cb8265f24fe7c6cd1af9c8df226aee80c0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b1d44cd670603070af369a28c34b4cb8265f24fe7c6cd1af9c8df226aee80c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/scripts/create-teams-app.ts"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 106572, "scanner": "repobility-threat-engine", "fingerprint": "bc995edc48d8826d2616819758e640284518669fb1b8a245d87ba0a4a188dbb0", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|38|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/scripts/create-teams-app.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 106571, "scanner": "repobility-threat-engine", "fingerprint": "d29ce952b437415e760176a310a3d76af7c6b298a16cda751de7ff8d1e0738ea", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d29ce952b437415e760176a310a3d76af7c6b298a16cda751de7ff8d1e0738ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/commands/forward/original_dst.rs"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 106570, "scanner": "repobility-threat-engine", "fingerprint": "28c798d9746e0c75fff7faf63c676a0301e5ff5caad9b9e4be020631c7a63d35", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28c798d9746e0c75fff7faf63c676a0301e5ff5caad9b9e4be020631c7a63d35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/main.rs"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 106569, "scanner": "repobility-threat-engine", "fingerprint": "32eeaa61b0ba4bff8c1c254f47d27b4b38428061524dc164734644cadafaef63", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|32eeaa61b0ba4bff8c1c254f47d27b4b38428061524dc164734644cadafaef63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/commands/healthcheck.rs"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 106568, "scanner": "repobility-threat-engine", "fingerprint": "9a4b443957869ab059a5c602d15620fe1446df299a55fdc20a50fb3ae8039036", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a4b443957869ab059a5c602d15620fe1446df299a55fdc20a50fb3ae8039036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/api/types.rs"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 106567, "scanner": "repobility-threat-engine", "fingerprint": "65d05c0c3fbbc9472440aa8c26617f788904e9855d1dea683fb2a5ff3f6a242a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65d05c0c3fbbc9472440aa8c26617f788904e9855d1dea683fb2a5ff3f6a242a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/main.rs"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 106566, "scanner": "repobility-threat-engine", "fingerprint": "d2f3e58b0f4eda1bf582f878eb3cc0a77f4e8060c8747fac5e8e48128b7b12c6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d2f3e58b0f4eda1bf582f878eb3cc0a77f4e8060c8747fac5e8e48128b7b12c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/commands/forward/handshake.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 106565, "scanner": "repobility-threat-engine", "fingerprint": "b32ec236411567d70f7d7da902499a1278d62730d9b0cbf678caa6c41cd2066e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b32ec236411567d70f7d7da902499a1278d62730d9b0cbf678caa6c41cd2066e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/api/types.rs"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 106564, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 106560, "scanner": "repobility-threat-engine", "fingerprint": "53d0d55f0ce05bf89db2db74d074a0af0d2e2f55e7abb4083cb8de8c90e785f6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|53d0d55f0ce05bf89db2db74d074a0af0d2e2f55e7abb4083cb8de8c90e785f6", "aggregated_count": 7}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 106559, "scanner": "repobility-threat-engine", "fingerprint": "597adc6dcb954fd1d5a149fb78b26a00fd22152a93df398eefaad5a0857f5537", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|597adc6dcb954fd1d5a149fb78b26a00fd22152a93df398eefaad5a0857f5537"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/scripts/temporal-build/build-temporal-bundles.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 106558, "scanner": "repobility-threat-engine", "fingerprint": "8789d047e33eee816c19f398115595a817139c6fd49b5ef151495f673e8155c8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8789d047e33eee816c19f398115595a817139c6fd49b5ef151495f673e8155c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/utils/logger.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 106557, "scanner": "repobility-threat-engine", "fingerprint": "8030dbf1148b2d35d8afbbe9ff346272960de5ddf82ddd10eb833771a75d1881", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8030dbf1148b2d35d8afbbe9ff346272960de5ddf82ddd10eb833771a75d1881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/utils/errors.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 106556, "scanner": "repobility-threat-engine", "fingerprint": "fdf1ff02d037c6c60429d1cdc1b1c3305b5ac071b8e3986623567edf010c0c79", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fdf1ff02d037c6c60429d1cdc1b1c3305b5ac071b8e3986623567edf010c0c79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/utils/tokenStorage.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 106555, "scanner": "repobility-threat-engine", "fingerprint": "2337739b96090933cf07d539c4946e5264f65d08942f51b342a87fa12784dfd9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2337739b96090933cf07d539c4946e5264f65d08942f51b342a87fa12784dfd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/utils/command.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 106554, "scanner": "repobility-threat-engine", "fingerprint": "51fec88737e8d9bc75a22219b9311368c9a6035d518b5be9f2071d62461c614e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51fec88737e8d9bc75a22219b9311368c9a6035d518b5be9f2071d62461c614e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/ui/components/WorkspaceSelector.tsx"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 106553, "scanner": "repobility-threat-engine", "fingerprint": "51c40b811a96c81751f3f425b834ecc8d3154483505117b97a65e3033ab65aa7", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51c40b811a96c81751f3f425b834ecc8d3154483505117b97a65e3033ab65aa7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/ui/components/UpdateInfo.tsx"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 106549, "scanner": "repobility-threat-engine", "fingerprint": "81d3467711f1baf8bd5771417fc04c9256c7394ed008df9239ea77a0bf452784", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|81d3467711f1baf8bd5771417fc04c9256c7394ed008df9239ea77a0bf452784"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/ui/components/InputBox.tsx"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 106548, "scanner": "repobility-threat-engine", "fingerprint": "8caab2717c3ad48d371341ea2fbd651437e6ab805c373a4a122c41d11684d8c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8caab2717c3ad48d371341ea2fbd651437e6ab805c373a4a122c41d11684d8c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/ui/components/Conversation.tsx"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 106546, "scanner": "repobility-threat-engine", "fingerprint": "c17c3c334a0c891d86f3db6af749774e09bf68bbf397b5eac82d842bd1fc7f0c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c17c3c334a0c891d86f3db6af749774e09bf68bbf397b5eac82d842bd1fc7f0c", "aggregated_count": 9}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106545, "scanner": "repobility-threat-engine", "fingerprint": "c63e0a1eaf87064dd35b3e1383b7f8f0ab09fc9b39e7bbacbc6a6a50390b0ec9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c63e0a1eaf87064dd35b3e1383b7f8f0ab09fc9b39e7bbacbc6a6a50390b0ec9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/utils/toolsCache.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106544, "scanner": "repobility-threat-engine", "fingerprint": "c868b233adde3d27290d64aa40e285321ff8b26c29f772e38b3db9c59f55cda4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c868b233adde3d27290d64aa40e285321ff8b26c29f772e38b3db9c59f55cda4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/ui/commands/NonInteractiveChat.tsx"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106543, "scanner": "repobility-threat-engine", "fingerprint": "d2b02240f9911a8f8a002273247118ecee3423e63ddb6cf4be6f8bcffa8ae7c6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d2b02240f9911a8f8a002273247118ecee3423e63ddb6cf4be6f8bcffa8ae7c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/mcp/servers/fsServer.ts"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `redis:7.2.5` unpinned: `container/services image: redis:7.2.5` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 106617, "scanner": "repobility-supply-chain", "fingerprint": "90fddf505d4a5a0c3cd5278ed3036fa1ff88fbd8e592c806cf4065f8ba8ab3aa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90fddf505d4a5a0c3cd5278ed3036fa1ff88fbd8e592c806cf4065f8ba8ab3aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-test-front-api.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `redis:7.2.5` unpinned: `container/services image: redis:7.2.5` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 106616, "scanner": "repobility-supply-chain", "fingerprint": "2f079f78bf8e68f354bed4a749bb02df61dcf0f1f92174e35ace5d205b253e7a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2f079f78bf8e68f354bed4a749bb02df61dcf0f1f92174e35ace5d205b253e7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-test-front.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@dust-tt/sparkle` pulled from URL/Git: `dependencies.@dust-tt/sparkle` = `file:..` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 106614, "scanner": "repobility-supply-chain", "fingerprint": "323f0ebd52b770cbfeb39bdb02754c493ecbf9b53d097020a3016c39c0605228", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|323f0ebd52b770cbfeb39bdb02754c493ecbf9b53d097020a3016c39c0605228"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sparkle/playground/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@dust-tt/client` pulled from URL/Git: `dependencies.@dust-tt/client` = `file:../sdks/js` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 106613, "scanner": "repobility-supply-chain", "fingerprint": "5a5bbce5f1c18490a2ba077ce6e50f263dcef4eced50eeb6b028bf8cb44df487", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a5bbce5f1c18490a2ba077ce6e50f263dcef4eced50eeb6b028bf8cb44df487"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@dust-tt/client` pulled from URL/Git: `dependencies.@dust-tt/client` = `file:../sdks/js` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 106612, "scanner": "repobility-supply-chain", "fingerprint": "987604083f295bc29d6cdb213030158fded30d35f702cc0c7f12eca6d77e6193", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|987604083f295bc29d6cdb213030158fded30d35f702cc0c7f12eca6d77e6193"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "front/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /connectors/:connector_id/config/:config_key has no auth: Express route POST /connectors/:connector_id/config/:config_key declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106610, "scanner": "repobility-route-auth", "fingerprint": "b22102d9cf5005c3335b5896686d41ed9d6221852f0657071f9929897f0cb339", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|b22102d9cf5005c3335b5896686d41ed9d6221852f0657071f9929897f0cb339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express PATCH /connectors/:connector_id/configuration has no auth: Express route PATCH /connectors/:connector_id/configuration declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106609, "scanner": "repobility-route-auth", "fingerprint": "0a3642fdb2cc8318f431a14304e8da259d2db1352a4f8d3c5c44abca617a4424", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|0a3642fdb2cc8318f431a14304e8da259d2db1352a4f8d3c5c44abca617a4424"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks_router_entries/:webhook_secret/:provider/:providerWorkspaceId has no auth: Express route POST /webhooks_router_entries/:webhook_secret/:provider/:providerWorkspaceId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106608, "scanner": "repobility-route-auth", "fingerprint": "1af399b09c3b9fb25c881e0d7d905bc7c8667f165339159fb16ea85869426386", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|1af399b09c3b9fb25c881e0d7d905bc7c8667f165339159fb16ea85869426386"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhook_secret/microsoft_teams_bot has no auth: Express route POST /webhooks/:webhook_secret/microsoft_teams_bot declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106607, "scanner": "repobility-route-auth", "fingerprint": "6d17b6f6100a292b9a58f2f073c78899579688924363626629b6b5e78f9ed20b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|6d17b6f6100a292b9a58f2f073c78899579688924363626629b6b5e78f9ed20b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhooks_secret/discord/app has no auth: Express route POST /webhooks/:webhooks_secret/discord/app declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106606, "scanner": "repobility-route-auth", "fingerprint": "5984d5e018b4a786205c8d44e3e7e3eab0633d8a0ea04125f254a0cc676b7d17", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|5984d5e018b4a786205c8d44e3e7e3eab0633d8a0ea04125f254a0cc676b7d17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhooks_secret/firecrawl has no auth: Express route POST /webhooks/:webhooks_secret/firecrawl declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106605, "scanner": "repobility-route-auth", "fingerprint": "d646154a688cb45ee864a5363ab3608b8406a3720f14de2efc05da2407ea21db", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d646154a688cb45ee864a5363ab3608b8406a3720f14de2efc05da2407ea21db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhooks_secret/notion has no auth: Express route POST /webhooks/:webhooks_secret/notion declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106604, "scanner": "repobility-route-auth", "fingerprint": "569c4d46ef4863814ca55143df733ae5e671b8addb2cfd99d112ea2bf29f3499", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|569c4d46ef4863814ca55143df733ae5e671b8addb2cfd99d112ea2bf29f3499"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhooks_secret/github has no auth: Express route POST /webhooks/:webhooks_secret/github declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106603, "scanner": "repobility-route-auth", "fingerprint": "38b96cd6570b97286a5e37d708c062e31d5e4b42198538587a60777456aa9896", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|38b96cd6570b97286a5e37d708c062e31d5e4b42198538587a60777456aa9896"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhook_secret/slack_bot_interaction has no auth: Express route POST /webhooks/:webhook_secret/slack_bot_interaction declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106602, "scanner": "repobility-route-auth", "fingerprint": "f3f65d9dd4fbc9b036195e64b3525a6752954d6ebc565b6db341484b373bdfba", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|f3f65d9dd4fbc9b036195e64b3525a6752954d6ebc565b6db341484b373bdfba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhook_secret/slack_bot has no auth: Express route POST /webhooks/:webhook_secret/slack_bot declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106601, "scanner": "repobility-route-auth", "fingerprint": "217e785fd4bafeae4a632cf86d6f29d721c830833555cb0412678193a24ced90", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|217e785fd4bafeae4a632cf86d6f29d721c830833555cb0412678193a24ced90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhook_secret/slack_interaction has no auth: Express route POST /webhooks/:webhook_secret/slack_interaction declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106600, "scanner": "repobility-route-auth", "fingerprint": "667d655627210dc47aa0eb0f060079e34c204cd6f88e8b29a2ca03a6b4c3bb7a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|667d655627210dc47aa0eb0f060079e34c204cd6f88e8b29a2ca03a6b4c3bb7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhooks/:webhook_secret/slack has no auth: Express route POST /webhooks/:webhook_secret/slack declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106599, "scanner": "repobility-route-auth", "fingerprint": "75a3ea40c3d3ffb1f087bf3c84ba43d18e7056345dfbe5b5872f06e4e493fc1d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|75a3ea40c3d3ffb1f087bf3c84ba43d18e7056345dfbe5b5872f06e4e493fc1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express PATCH /slack/channels/linked_with_agent has no auth: Express route PATCH /slack/channels/linked_with_agent declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106598, "scanner": "repobility-route-auth", "fingerprint": "020047d682aa04442c779d86dd3977ce7d7ac0f2cffa6e049cbdc33a747f9886", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|020047d682aa04442c779d86dd3977ce7d7ac0f2cffa6e049cbdc33a747f9886"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /connectors/:connector_id/permissions has no auth: Express route POST /connectors/:connector_id/permissions declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106597, "scanner": "repobility-route-auth", "fingerprint": "faf290492df0140d3ce648040446ed9b846c2842b08600054b25a8c74320fe14", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|faf290492df0140d3ce648040446ed9b846c2842b08600054b25a8c74320fe14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /connectors/sync/:connector_id has no auth: Express route POST /connectors/sync/:connector_id declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106596, "scanner": "repobility-route-auth", "fingerprint": "9e3b3b0a033156d0e3b78c4a6b4e8c8a4bf486363248ead3315114bfce073dbc", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|9e3b3b0a033156d0e3b78c4a6b4e8c8a4bf486363248ead3315114bfce073dbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express DELETE /connectors/delete/:connector_id has no auth: Express route DELETE /connectors/delete/:connector_id declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106595, "scanner": "repobility-route-auth", "fingerprint": "79e0742cb48ab51f946197ca110d0cc38e5e6a273bec6c1a2a27bad8b9d69e2e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|79e0742cb48ab51f946197ca110d0cc38e5e6a273bec6c1a2a27bad8b9d69e2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /connectors/unpause/:connector_id has no auth: Express route POST /connectors/unpause/:connector_id declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106594, "scanner": "repobility-route-auth", "fingerprint": "342abec7f4780457533fea103a56976a29370bdb8afb93b1306431a99adf4c0c", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|342abec7f4780457533fea103a56976a29370bdb8afb93b1306431a99adf4c0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /connectors/pause/:connector_id has no auth: Express route POST /connectors/pause/:connector_id declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106593, "scanner": "repobility-route-auth", "fingerprint": "bed6851c19e417f587d434838bed26c893f8722ab9f86982e69899cfb9db88ec", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|bed6851c19e417f587d434838bed26c893f8722ab9f86982e69899cfb9db88ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /connectors/update/:connector_id/ has no auth: Express route POST /connectors/update/:connector_id/ declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106592, "scanner": "repobility-route-auth", "fingerprint": "b18208fa67de0cb953a54adff829e389fd05c5d1d310330fa07d448af37a61f5", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|b18208fa67de0cb953a54adff829e389fd05c5d1d310330fa07d448af37a61f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /connectors/create/:connector_provider has no auth: Express route POST /connectors/create/:connector_provider declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 106591, "scanner": "repobility-route-auth", "fingerprint": "5cd048573217220944a9e06323051101f18c0dbd2a6624342d2e335778b81c8d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|5cd048573217220944a9e06323051101f18c0dbd2a6624342d2e335778b81c8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 106575, "scanner": "repobility-threat-engine", "fingerprint": "6de0d6b28940aa28c21acb3b387734e8fcc1eb5b47dda23efc6379c4390de0dc", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bodyParser.raw({", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6de0d6b28940aa28c21acb3b387734e8fcc1eb5b47dda23efc6379c4390de0dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 106563, "scanner": "repobility-threat-engine", "fingerprint": "115f0fb904628a1841b1b7d630825d76d2f5d9dcebc69f192f4b8d155ef3efa3", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|115f0fb904628a1841b1b7d630825d76d2f5d9dcebc69f192f4b8d155ef3efa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/webhooks/teams/content_fragments.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 106562, "scanner": "repobility-threat-engine", "fingerprint": "bedb70c01cf02f2d738bd81dca7bfd97e67dc9004183b5d6ce1fa83c15cdedfe", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bedb70c01cf02f2d738bd81dca7bfd97e67dc9004183b5d6ce1fa83c15cdedfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/notion_url_status.ts"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 106561, "scanner": "repobility-threat-engine", "fingerprint": "b7c549c37869a0f2cedfc8f6e88346d1d6a6630afd9d6552f2a38f7b2d5144c5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b7c549c37869a0f2cedfc8f6e88346d1d6a6630afd9d6552f2a38f7b2d5144c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-sandbox/src/api/client.rs"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 106552, "scanner": "repobility-threat-engine", "fingerprint": "af8fc4cb8a663c7b77ca87aa88721a511b4b3be6d9411369bc1ee38a53d77eec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "app.delete(\"/connectors/delete/:connector_id\", deleteConnectorAPIHandler);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|af8fc4cb8a663c7b77ca87aa88721a511b4b3be6d9411369bc1ee38a53d77eec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 107}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 106551, "scanner": "repobility-threat-engine", "fingerprint": "2fee50c90aa37edaa98b8e0983a154283026c37702fefa953fa38b6800f86470", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "SlackChannelModel.update(\n          {\n            agentConfigurationId,\n            autoResp", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2fee50c90aa37edaa98b8e0983a154283026c37702fefa953fa38b6800f86470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api/slack_channels_linked_with_agent.ts"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 106550, "scanner": "repobility-threat-engine", "fingerprint": "d90340000a10bb9126923c63f212967f1bec655f59d04bd18308f316dd3e2621", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "newSelected.delete(currentItemId);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d90340000a10bb9126923c63f212967f1bec655f59d04bd18308f316dd3e2621"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/ui/components/Select.tsx"}, "region": {"startLine": 129}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 106547, "scanner": "repobility-threat-engine", "fingerprint": "e539212b76dd02306ec0ad81970bf754acb1e03901a7e58af79ea93b2e22198d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(\n        old_string", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e539212b76dd02306ec0ad81970bf754acb1e03901a7e58af79ea93b2e22198d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/dust-cli/src/mcp/tools/editFile.ts"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ANTHROPIC_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ANTHROPIC_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 106615, "scanner": "repobility-supply-chain", "fingerprint": "32f44966fda2a5fdab7b8bde16d89fb17db51076b83a4def8847703299c4826d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32f44966fda2a5fdab7b8bde16d89fb17db51076b83a4def8847703299c4826d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude-code-review.yml"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: POST /connectors/admin: Express route on /admin path (/connectors/admin) with no auth middleware."}, "properties": {"repobilityId": 106611, "scanner": "repobility-route-auth", "fingerprint": "5e1a2270a03ecadfc6cf650e2cbbea0ce35f3ce07d9a870bb92a9cb3a2e578a5", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|5e1a2270a03ecadfc6cf650e2cbbea0ce35f3ce07d9a870bb92a9cb3a2e578a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connectors/src/api_server.ts"}, "region": {"startLine": 205}}}]}]}]}