Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Scan timing: clone 2.74s · analysis 7.06s · 10.1 MB · GitHub API rate-limit (preflight)

Archon

https://github.com/coleam00/Archon.git · scanned 2026-05-29 03:46 UTC (1 week ago) · 10 languages

552 findings (111 legacy + 441 scanner) 35th percentile · Typescript · large (100-500K LoC) Scanner says 49 (higher by 23)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week ago · v1 · 552 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
56.2
/100
Repobility
63
111 legacy
9-layer
49
100.0% cov · 441 gaps
Critical
2
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 57.3 0.25 14.32
testing_score 85.0 0.20 17.00
documentation_score 100.0 0.15 15.00
practices_score 77.0 0.15 11.55
code_quality 52.2 0.10 5.22
Overall 1.00 72.1
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 2 High 261 Medium 37 Low 135 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 111 9-layer 441 Crowd 0 Layer: Security 8 Quality 135 Software 91 Cicd 44 Frontend 68 Hardware 5 Api 201
Corpus Intelligence Cross-corpus context (cohort percentile, top patterns, fix plan) is shown only on repositories you own. Sign up and connect your repo to view it.
Scan summary Repository scanned at 49.2/100 with 100.0% coverage. It contains 2869 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 441 findings — concentrated in api (201), quality (88), frontend (68). Risk profile is high: 1 critical, 191 high, 32 medium. Recommended next step: open the api layer findings first — that's where the highest-impact wins live.

Showing 427 of 552 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Legacy security credential_exposure conf 0.90 [SEC002] Hardcoded API Key: Hardcoded API key found in source code.
Use environment variables. Add the pattern to .gitignore.
packages/paths/src/telemetry.ts:46 credential_exposurelegacy
critical 9-layer security secrets conf 1.00 Possible secret in packages/paths/src/telemetry.ts
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
packages/paths/src/telemetry.ts:46 secrets
low Legacy quality quality conf 1.00 ✓ Repobility [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).
Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context.
packages/core/src/utils/port-allocation.ts:24 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED012] Curl Pipe Bash: curl ... | sh / bash — runs unverified network code.
Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context.
scripts/install.sh:122 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED012] Curl Pipe Bash: curl ... | sh / bash — runs unverified network code.
Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context.
packages/providers/src/claude/binary-resolver.ts:101 qualitylegacy
low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.
For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.
packages/web/src/experiments/console/components/RunGraphPanel.tsx:98 xsslegacy
low Legacy quality quality conf 1.00 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).
Use a literal RegExp or whitelist-validate user input before constructing patterns.
packages/core/src/utils/credential-sanitizer.ts:18 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
packages/web/src/experiments/console/components/ProjectRail.tsx:21 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
packages/web/src/components/chat/MessageBubble.tsx:19 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
.archon/scripts/maintainer-standup-gh-data.ts:17 qualitylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:223 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:41 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/marketplace-auto-review.yml:17 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:98 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:68 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:38 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:17 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/marketplace-lint.yml:13 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/download-artifact` pinned to mutable ref `@v4`
`uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:226 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v4`
`uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:106 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v4`
`uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:76 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/upload-artifact` pinned to mutable ref `@v4`
`uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:211 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `astral-sh/setup-uv` pinned to mutable ref `@v4`
`uses: astral-sh/setup-uv@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:25 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:232 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:44 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/marketplace-auto-review.yml:18 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:101 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:71 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:41 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/e2e-smoke.yml:20 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `oven-sh/setup-bun` pinned to mutable ref `@v2`
`uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/marketplace-lint.yml:14 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `softprops/action-gh-release` pinned to mutable ref `@v2`
`uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:262 dependencylegacy
high Legacy cicd docker conf 0.84 Database service publishes a host port
Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports.
docker-compose.yml:68 dockerlegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `ghcr.io/coleam00/archon:latest` not pinned by digest
`FROM ghcr.io/coleam00/archon:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
deploy/Dockerfile.user.example:7 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `node:22-alpine` not pinned by digest
`FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
auth-service/Dockerfile:1 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `oven/bun:1.3.11-slim` not pinned by digest
`FROM oven/bun:1.3.11-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Dockerfile:54 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `oven/bun:1.3.11-slim` not pinned by digest
`FROM oven/bun:1.3.11-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Dockerfile:9 dependencylegacy
high Legacy quality quality conf 0.80 ✓ Repobility Express POST /internal/git-credential has no auth
Express route POST /internal/git-credential declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.
packages/server/src/index.ts:637 qualitylegacy
high Legacy quality quality conf 0.80 ✓ Repobility Express POST /webhooks/gitea has no auth
Express route POST /webhooks/gitea declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.
packages/server/src/index.ts:663 qualitylegacy
high Legacy quality quality conf 0.80 ✓ Repobility Express POST /webhooks/github has no auth
Express route POST /webhooks/github declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.
packages/server/src/index.ts:591 qualitylegacy
high Legacy quality quality conf 0.80 ✓ Repobility Express POST /webhooks/gitlab has no auth
Express route POST /webhooks/gitlab declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.
packages/server/src/index.ts:691 qualitylegacy
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/codebases/codebase-uuid-1 (packages/server/src/routes/api.codebases.test.ts:520)
`packages/server/src/routes/api.codebases.test.ts:520` calls `DELETE /api/codebases/codebase-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/codebase-uuid-1` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/codebases/codebase-uuid-1 (packages/server/src/routes/api.codebases.test.ts:536)
`packages/server/src/routes/api.codebases.test.ts:536` calls `DELETE /api/codebases/codebase-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/codebase-uuid-1` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/codebases/codebase-uuid-1 (packages/server/src/routes/api.codebases.test.ts:554)
`packages/server/src/routes/api.codebases.test.ts:554` calls `DELETE /api/codebases/codebase-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/codebase-uuid-1` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/codebases/codebase-uuid-1 (packages/server/src/routes/api.codebases.test.ts:584)
`packages/server/src/routes/api.codebases.test.ts:584` calls `DELETE /api/codebases/codebase-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/codebase-uuid-1` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/codebases/codebase-uuid-1 (packages/server/src/routes/api.codebases.test.ts:599)
`packages/server/src/routes/api.codebases.test.ts:599` calls `DELETE /api/codebases/codebase-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/codebase-uuid-1` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/codebases/unknown-id (packages/server/src/routes/api.codebases.test.ts:567)
`packages/server/src/routes/api.codebases.test.ts:567` calls `DELETE /api/codebases/unknown-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/unknown-id` If this points at an external API, prefix…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/conversations/web-nonexistent-id (packages/server/src/routes/api.conversations.test.ts:167)
`packages/server/src/routes/api.conversations.test.ts:167` calls `DELETE /api/conversations/web-nonexistent-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-nonexistent-id` If this point…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/conversations/web-test-abc (packages/server/src/routes/api.conversations.test.ts:154)
`packages/server/src/routes/api.conversations.test.ts:154` calls `DELETE /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an exte…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/archon-assist (packages/server/src/routes/api.workflows.test.ts:619)
`packages/server/src/routes/api.workflows.test.ts:619` calls `DELETE /api/workflows/archon-assist` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/archon-assist` If this points at an external API, …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/home-to-delete?source=global (packages/server/src/routes/api.workflows.test.ts:693)
`packages/server/src/routes/api.workflows.test.ts:693` calls `DELETE /api/workflows/home-to-delete?source=global` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/home-to-delete` If this points at a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/nonexistent-no-cwd-test (packages/server/src/routes/api.workflows.test.ts:644)
`packages/server/src/routes/api.workflows.test.ts:644` calls `DELETE /api/workflows/nonexistent-no-cwd-test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/nonexistent-no-cwd-test` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/runs/run-missing (packages/server/src/routes/api.workflow-runs.test.ts:1205)
`packages/server/src/routes/api.workflow-runs.test.ts:1205` calls `DELETE /api/workflows/runs/run-missing` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-missing` If this points at an ext…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/runs/run-uuid-1 (packages/server/src/routes/api.workflow-runs.test.ts:1214)
`packages/server/src/routes/api.workflow-runs.test.ts:1214` calls `DELETE /api/workflows/runs/run-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/runs/run-uuid-2 (packages/server/src/routes/api.workflow-runs.test.ts:1225)
`packages/server/src/routes/api.workflow-runs.test.ts:1225` calls `DELETE /api/workflows/runs/run-uuid-2` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-2` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/runs/run-uuid-4 (packages/server/src/routes/api.workflow-runs.test.ts:1238)
`packages/server/src/routes/api.workflow-runs.test.ts:1238` calls `DELETE /api/workflows/runs/run-uuid-4` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-4` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/some-workflow?cwd=/etc/secrets (packages/server/src/routes/api.workflows.test.ts:768)
`packages/server/src/routes/api.workflows.test.ts:768` calls `DELETE /api/workflows/some-workflow?cwd=/etc/secrets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/some-workflow` If this points at …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/some-workflow?source=bundled (packages/server/src/routes/api.workflows.test.ts:718)
`packages/server/src/routes/api.workflows.test.ts:718` calls `DELETE /api/workflows/some-workflow?source=bundled` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/some-workflow` If this points at an…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/test-nonexistent-workflow-xyz (packages/server/src/routes/api.workflows.test.ts:630)
`packages/server/src/routes/api.workflows.test.ts:630` calls `DELETE /api/workflows/test-nonexistent-workflow-xyz` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/test-nonexistent-workflow-xyz` If …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/workflows/to-delete?cwd=${testDir} (packages/server/src/routes/api.workflows.test.ts:666)
`packages/server/src/routes/api.workflows.test.ts:666` calls `DELETE /api/workflows/to-delete?cwd=${testDir}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/to-delete` If this points at an externa…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/artifacts/${encodeURIComponent(runId)}/${encodedFilename} (packages/web/src/components/workflows/ArtifactViewerModal.tsx:92)
`packages/web/src/components/workflows/ArtifactViewerModal.tsx:92` calls `GET /api/artifacts/${encodeURIComponent(runId)}/${encodedFilename}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/artifacts/<p>/<p>` If this…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/artifacts/${encodeURIComponent(runId)}/${encodedPath} (packages/web/src/experiments/console/skills/runs.ts:129)
`packages/web/src/experiments/console/skills/runs.ts:129` calls `GET /api/artifacts/${encodeURIComponent(runId)}/${encodedPath}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/artifacts/<p>/<p>` If this points at an…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases (packages/server/src/routes/api.codebases.test.ts:227)
`packages/server/src/routes/api.codebases.test.ts:227` calls `GET /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases (packages/server/src/routes/api.codebases.test.ts:242)
`packages/server/src/routes/api.codebases.test.ts:242` calls `GET /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases (packages/server/src/routes/api.codebases.test.ts:268)
`packages/server/src/routes/api.codebases.test.ts:268` calls `GET /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases (packages/server/src/routes/api.codebases.test.ts:281)
`packages/server/src/routes/api.codebases.test.ts:281` calls `GET /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases (packages/server/src/routes/api.codebases.test.ts:296)
`packages/server/src/routes/api.codebases.test.ts:296` calls `GET /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases/any-id (packages/server/src/routes/api.codebases.test.ts:354)
`packages/server/src/routes/api.codebases.test.ts:354` calls `GET /api/codebases/any-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/any-id` If this points at an external API, prefix it with `h…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases/codebase-uuid-1 (packages/server/src/routes/api.codebases.test.ts:317)
`packages/server/src/routes/api.codebases.test.ts:317` calls `GET /api/codebases/codebase-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/codebase-uuid-1` If this points at an external API,…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases/codebase-uuid-2 (packages/server/src/routes/api.codebases.test.ts:340)
`packages/server/src/routes/api.codebases.test.ts:340` calls `GET /api/codebases/codebase-uuid-2` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/codebase-uuid-2` If this points at an external API,…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/codebases/unknown-id (packages/server/src/routes/api.codebases.test.ts:329)
`packages/server/src/routes/api.codebases.test.ts:329` calls `GET /api/codebases/unknown-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases/unknown-id` If this points at an external API, prefix it…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/commands (packages/server/src/routes/api.health.test.ts:430)
`packages/server/src/routes/api.health.test.ts:430` calls `GET /api/commands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/commands (packages/server/src/routes/api.health.test.ts:443)
`packages/server/src/routes/api.health.test.ts:443` calls `GET /api/commands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/commands (packages/server/src/routes/api.health.test.ts:454)
`packages/server/src/routes/api.health.test.ts:454` calls `GET /api/commands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/commands (packages/server/src/routes/api.workflows.test.ts:794)
`packages/server/src/routes/api.workflows.test.ts:794` calls `GET /api/commands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `https://` so the …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/commands (packages/server/src/routes/api.workflows.test.ts:804)
`packages/server/src/routes/api.workflows.test.ts:804` calls `GET /api/commands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `https://` so the …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/commands?cwd=/etc/secrets (packages/server/src/routes/api.workflows.test.ts:782)
`packages/server/src/routes/api.workflows.test.ts:782` calls `GET /api/commands?cwd=/etc/secrets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/commands?cwd=/tmp/project (packages/server/src/routes/api.health.test.ts:466)
`packages/server/src/routes/api.health.test.ts:466` calls `GET /api/commands?cwd=/tmp/project` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `htt…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/config (packages/server/src/routes/api.health.test.ts:385)
`packages/server/src/routes/api.health.test.ts:385` calls `GET /api/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/config` If this points at an external API, prefix it with `https://` so the matcher…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/config (packages/server/src/routes/api.health.test.ts:402)
`packages/server/src/routes/api.health.test.ts:402` calls `GET /api/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/config` If this points at an external API, prefix it with `https://` so the matcher…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/config (packages/server/src/routes/api.health.test.ts:415)
`packages/server/src/routes/api.health.test.ts:415` calls `GET /api/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/config` If this points at an external API, prefix it with `https://` so the matcher…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/CyberFitz-LLC%2Fdevops-platform%2324 (packages/server/src/routes/api.conversations.test.ts:436)
`packages/server/src/routes/api.conversations.test.ts:436` calls `GET /api/conversations/CyberFitz-LLC%2Fdevops-platform%2324` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/cyberfitz-llc%2fde…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/owner%2Frepo!42 (packages/server/src/routes/api.conversations.test.ts:461)
`packages/server/src/routes/api.conversations.test.ts:461` calls `GET /api/conversations/owner%2Frepo!42` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/owner%2frepo!42` If this points at an e…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/unknown-conv/messages (packages/server/src/routes/api.messages.test.ts:398)
`packages/server/src/routes/api.messages.test.ts:398` calls `GET /api/conversations/unknown-conv/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/unknown-conv/messages` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/unknown-org%2Funknown-repo%2399 (packages/server/src/routes/api.conversations.test.ts:473)
`packages/server/src/routes/api.conversations.test.ts:473` calls `GET /api/conversations/unknown-org%2Funknown-repo%2399` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/unknown-org%2funknown-r…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-nonexistent-id (packages/server/src/routes/api.conversations.test.ts:125)
`packages/server/src/routes/api.conversations.test.ts:125` calls `GET /api/conversations/web-nonexistent-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-nonexistent-id` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc (packages/server/src/routes/api.conversations.test.ts:113)
`packages/server/src/routes/api.conversations.test.ts:113` calls `GET /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an externa…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc (packages/server/src/routes/api.conversations.test.ts:139)
`packages/server/src/routes/api.conversations.test.ts:139` calls `GET /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an externa…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc/messages (packages/server/src/routes/api.messages.test.ts:349)
`packages/server/src/routes/api.messages.test.ts:349` calls `GET /api/conversations/web-test-abc/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/messages` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc/messages (packages/server/src/routes/api.messages.test.ts:364)
`packages/server/src/routes/api.messages.test.ts:364` calls `GET /api/conversations/web-test-abc/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/messages` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc/messages (packages/server/src/routes/api.messages.test.ts:384)
`packages/server/src/routes/api.messages.test.ts:384` calls `GET /api/conversations/web-test-abc/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/messages` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc/messages (packages/server/src/routes/api.messages.test.ts:433)
`packages/server/src/routes/api.messages.test.ts:433` calls `GET /api/conversations/web-test-abc/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/messages` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc/messages?limit=10 (packages/server/src/routes/api.messages.test.ts:410)
`packages/server/src/routes/api.messages.test.ts:410` calls `GET /api/conversations/web-test-abc/messages?limit=10` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/messages` If thi…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/conversations/web-test-abc/messages?limit=9999 (packages/server/src/routes/api.messages.test.ts:420)
`packages/server/src/routes/api.messages.test.ts:420` calls `GET /api/conversations/web-test-abc/messages?limit=9999` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/messages` If t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs (packages/server/src/routes/api.workflow-runs.test.ts:1000)
`packages/server/src/routes/api.workflow-runs.test.ts:1000` calls `GET /api/dashboard/runs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, prefix it with `…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs (packages/server/src/routes/api.workflow-runs.test.ts:865)
`packages/server/src/routes/api.workflow-runs.test.ts:865` calls `GET /api/dashboard/runs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, prefix it with `h…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?after=2024-01-01T00:00:00Z&before=2024-12-31T23:59:59Z (packages/server/src/routes/api.workflow-runs.test.ts:957)
`packages/server/src/routes/api.workflow-runs.test.ts:957` calls `GET /api/dashboard/runs?after=2024-01-01T00:00:00Z&before=2024-12-31T23:59:59Z` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/run…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?codebaseId=cb-1 (packages/server/src/routes/api.workflow-runs.test.ts:929)
`packages/server/src/routes/api.workflow-runs.test.ts:929` calls `GET /api/dashboard/runs?codebaseId=cb-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, p…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?limit=9999 (packages/server/src/routes/api.workflow-runs.test.ts:974)
`packages/server/src/routes/api.workflow-runs.test.ts:974` calls `GET /api/dashboard/runs?limit=9999` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, prefix…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?offset=50 (packages/server/src/routes/api.workflow-runs.test.ts:988)
`packages/server/src/routes/api.workflow-runs.test.ts:988` calls `GET /api/dashboard/runs?offset=50` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, prefix …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?search=deploy (packages/server/src/routes/api.workflow-runs.test.ts:943)
`packages/server/src/routes/api.workflow-runs.test.ts:943` calls `GET /api/dashboard/runs?search=deploy` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, pre…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?status=bogus (packages/server/src/routes/api.workflow-runs.test.ts:915)
`packages/server/src/routes/api.workflow-runs.test.ts:915` calls `GET /api/dashboard/runs?status=bogus` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, pref…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?status=paused (packages/server/src/routes/api.workflow-runs.test.ts:901)
`packages/server/src/routes/api.workflow-runs.test.ts:901` calls `GET /api/dashboard/runs?status=paused` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, pre…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/dashboard/runs?status=running (packages/server/src/routes/api.workflow-runs.test.ts:887)
`packages/server/src/routes/api.workflow-runs.test.ts:887` calls `GET /api/dashboard/runs?status=running` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dashboard/runs` If this points at an external API, pr…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/providers (packages/server/src/routes/api.providers.test.ts:179)
`packages/server/src/routes/api.providers.test.ts:179` calls `GET /api/providers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/providers` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/providers (packages/server/src/routes/api.providers.test.ts:187)
`packages/server/src/routes/api.providers.test.ts:187` calls `GET /api/providers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/providers` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/providers (packages/server/src/routes/api.providers.test.ts:198)
`packages/server/src/routes/api.providers.test.ts:198` calls `GET /api/providers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/providers` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/providers (packages/server/src/routes/api.providers.test.ts:214)
`packages/server/src/routes/api.providers.test.ts:214` calls `GET /api/providers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/providers` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/runs/has..slash/artifacts (packages/server/src/routes/api.workflow-runs.test.ts:1678)
`packages/server/src/routes/api.workflow-runs.test.ts:1678` calls `GET /api/runs/has..slash/artifacts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/runs/has..slash/artifacts` If this points at an external…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/runs/run-db-err/artifacts (packages/server/src/routes/api.workflow-runs.test.ts:1727)
`packages/server/src/routes/api.workflow-runs.test.ts:1727` calls `GET /api/runs/run-db-err/artifacts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/runs/run-db-err/artifacts` If this points at an external…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/runs/run-escape/artifacts (packages/server/src/routes/api.workflow-runs.test.ts:1743)
`packages/server/src/routes/api.workflow-runs.test.ts:1743` calls `GET /api/runs/run-escape/artifacts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/runs/run-escape/artifacts` If this points at an external…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/runs/run-missing/artifacts (packages/server/src/routes/api.workflow-runs.test.ts:1685)
`packages/server/src/routes/api.workflow-runs.test.ts:1685` calls `GET /api/runs/run-missing/artifacts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/runs/run-missing/artifacts` If this points at an extern…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/runs/run-no-slash/artifacts (packages/server/src/routes/api.workflow-runs.test.ts:1711)
`packages/server/src/routes/api.workflow-runs.test.ts:1711` calls `GET /api/runs/run-no-slash/artifacts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/runs/run-no-slash/artifacts` If this points at an exte…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/runs/run-orphan/artifacts (packages/server/src/routes/api.workflow-runs.test.ts:1696)
`packages/server/src/routes/api.workflow-runs.test.ts:1696` calls `GET /api/runs/run-orphan/artifacts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/runs/run-orphan/artifacts` If this points at an external…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows (packages/server/src/routes/api.workflows.test.ts:107)
`packages/server/src/routes/api.workflows.test.ts:107` calls `GET /api/workflows` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows (packages/server/src/routes/api.workflows.test.ts:132)
`packages/server/src/routes/api.workflows.test.ts:132` calls `GET /api/workflows` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/..secret (packages/server/src/routes/api.workflows.test.ts:217)
`packages/server/src/routes/api.workflows.test.ts:217` calls `GET /api/workflows/..secret` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/..secret` If this points at an external API, prefix it wit…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/archon-assist (packages/server/src/routes/api.workflows.test.ts:243)
`packages/server/src/routes/api.workflows.test.ts:243` calls `GET /api/workflows/archon-assist` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/archon-assist` If this points at an external API, pre…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/archon-assist (packages/server/src/routes/api.workflows.test.ts:406)
`packages/server/src/routes/api.workflows.test.ts:406` calls `GET /api/workflows/archon-assist` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/archon-assist` If this points at an external API, pre…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/archon-assist?cwd=/etc/secrets (packages/server/src/routes/api.workflows.test.ts:425)
`packages/server/src/routes/api.workflows.test.ts:425` calls `GET /api/workflows/archon-assist?cwd=/etc/secrets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/archon-assist` If this points at an …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/broken (packages/server/src/routes/api.workflows.test.ts:337)
`packages/server/src/routes/api.workflows.test.ts:337` calls `GET /api/workflows/broken` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/broken` If this points at an external API, prefix it with `h…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/custom?cwd=${testDir} (packages/server/src/routes/api.workflows.test.ts:265)
`packages/server/src/routes/api.workflows.test.ts:265` calls `GET /api/workflows/custom?cwd=${testDir}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/custom` If this points at an external API, pr…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/home-only (packages/server/src/routes/api.workflows.test.ts:297)
`packages/server/src/routes/api.workflows.test.ts:297` calls `GET /api/workflows/home-only` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/home-only` If this points at an external API, prefix it w…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/nonexistent-workflow (packages/server/src/routes/api.workflows.test.ts:230)
`packages/server/src/routes/api.workflows.test.ts:230` calls `GET /api/workflows/nonexistent-workflow` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/nonexistent-workflow` If this points at an ext…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs (packages/server/src/routes/api.workflow-runs.test.ts:612)
`packages/server/src/routes/api.workflow-runs.test.ts:612` calls `GET /api/workflows/runs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external API, prefix it with `h…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs (packages/server/src/routes/api.workflow-runs.test.ts:624)
`packages/server/src/routes/api.workflow-runs.test.ts:624` calls `GET /api/workflows/runs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external API, prefix it with `h…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs (packages/server/src/routes/api.workflow-runs.test.ts:690)
`packages/server/src/routes/api.workflow-runs.test.ts:690` calls `GET /api/workflows/runs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external API, prefix it with `h…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs (packages/server/src/routes/api.workflow-runs.test.ts:702)
`packages/server/src/routes/api.workflow-runs.test.ts:702` calls `GET /api/workflows/runs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external API, prefix it with `h…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/by-worker/some-platform-id (packages/server/src/routes/api.workflow-runs.test.ts:1016)
`packages/server/src/routes/api.workflow-runs.test.ts:1016` calls `GET /api/workflows/runs/by-worker/some-platform-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/by-worker/some-platform-i…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/by-worker/unknown-id (packages/server/src/routes/api.workflow-runs.test.ts:1025)
`packages/server/src/routes/api.workflow-runs.test.ts:1025` calls `GET /api/workflows/runs/by-worker/unknown-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/by-worker/unknown-id` If this p…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/run-uuid-1 (packages/server/src/routes/api.workflow-runs.test.ts:730)
`packages/server/src/routes/api.workflow-runs.test.ts:730` calls `GET /api/workflows/runs/run-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1` If this points at an external …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/run-uuid-1 (packages/server/src/routes/api.workflow-runs.test.ts:769)
`packages/server/src/routes/api.workflow-runs.test.ts:769` calls `GET /api/workflows/runs/run-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1` If this points at an external …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/run-uuid-1 (packages/server/src/routes/api.workflow-runs.test.ts:802)
`packages/server/src/routes/api.workflow-runs.test.ts:802` calls `GET /api/workflows/runs/run-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1` If this points at an external …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/run-uuid-1 (packages/server/src/routes/api.workflow-runs.test.ts:825)
`packages/server/src/routes/api.workflow-runs.test.ts:825` calls `GET /api/workflows/runs/run-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1` If this points at an external …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/run-uuid-1 (packages/server/src/routes/api.workflow-runs.test.ts:840)
`packages/server/src/routes/api.workflow-runs.test.ts:840` calls `GET /api/workflows/runs/run-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1` If this points at an external …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs/unknown-run-id (packages/server/src/routes/api.workflow-runs.test.ts:749)
`packages/server/src/routes/api.workflow-runs.test.ts:749` calls `GET /api/workflows/runs/unknown-run-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/unknown-run-id` If this points at an e…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs?codebaseId=cb-uuid-1 (packages/server/src/routes/api.workflow-runs.test.ts:670)
`packages/server/src/routes/api.workflow-runs.test.ts:670` calls `GET /api/workflows/runs?codebaseId=cb-uuid-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs?conversationId=conv-123 (packages/server/src/routes/api.workflow-runs.test.ts:660)
`packages/server/src/routes/api.workflow-runs.test.ts:660` calls `GET /api/workflows/runs?conversationId=conv-123` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an externa…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs?limit=9999 (packages/server/src/routes/api.workflow-runs.test.ts:680)
`packages/server/src/routes/api.workflow-runs.test.ts:680` calls `GET /api/workflows/runs?limit=9999` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external API, prefix…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs?status=invalid_status (packages/server/src/routes/api.workflow-runs.test.ts:648)
`packages/server/src/routes/api.workflow-runs.test.ts:648` calls `GET /api/workflows/runs?status=invalid_status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/runs?status=running (packages/server/src/routes/api.workflow-runs.test.ts:636)
`packages/server/src/routes/api.workflow-runs.test.ts:636` calls `GET /api/workflows/runs?status=running` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs` If this points at an external API, pr…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows/shared?cwd=${testDir} (packages/server/src/routes/api.workflows.test.ts:380)
`packages/server/src/routes/api.workflows.test.ts:380` calls `GET /api/workflows/shared?cwd=${testDir}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/shared` If this points at an external API, pr…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows?cwd=/etc (packages/server/src/routes/api.workflows.test.ts:731)
`packages/server/src/routes/api.workflows.test.ts:731` calls `GET /api/workflows?cwd=/etc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows` If this points at an external API, prefix it with `https:…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workflows?cwd=/tmp/project (packages/server/src/routes/api.workflows.test.ts:742)
`packages/server/src/routes/api.workflows.test.ts:742` calls `GET /api/workflows?cwd=/tmp/project` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows` If this points at an external API, prefix it with…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.telegram.org/bot${token}/getMe (packages/cli/src/commands/doctor.ts:241)
`packages/cli/src/commands/doctor.ts:241` calls `GET https://api.telegram.org/bot${token}/getMe` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.telegram.org/bot/<p>/getme` If this points at an external AP…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/unknown-id (packages/server/src/routes/api.messages.test.ts:502)
`packages/server/src/routes/api.messages.test.ts:502` calls `PATCH /api/conversations/unknown-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/unknown-id` If this points at an external API, …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-nonexistent-id (packages/server/src/routes/api.conversations.test.ts:201)
`packages/server/src/routes/api.conversations.test.ts:201` calls `PATCH /api/conversations/web-nonexistent-id` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-nonexistent-id` If this points…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.conversations.test.ts:184)
`packages/server/src/routes/api.conversations.test.ts:184` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.conversations.test.ts:215)
`packages/server/src/routes/api.conversations.test.ts:215` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.conversations.test.ts:230)
`packages/server/src/routes/api.conversations.test.ts:230` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.conversations.test.ts:249)
`packages/server/src/routes/api.conversations.test.ts:249` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.messages.test.ts:456)
`packages/server/src/routes/api.messages.test.ts:456` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.messages.test.ts:474)
`packages/server/src/routes/api.messages.test.ts:474` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.messages.test.ts:489)
`packages/server/src/routes/api.messages.test.ts:489` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/conversations/web-test-abc (packages/server/src/routes/api.messages.test.ts:512)
`packages/server/src/routes/api.messages.test.ts:512` calls `PATCH /api/conversations/web-test-abc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:381)
`packages/server/src/routes/api.codebases.test.ts:381` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:401)
`packages/server/src/routes/api.codebases.test.ts:401` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:421)
`packages/server/src/routes/api.codebases.test.ts:421` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:432)
`packages/server/src/routes/api.codebases.test.ts:432` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:446)
`packages/server/src/routes/api.codebases.test.ts:446` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:459)
`packages/server/src/routes/api.codebases.test.ts:459` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:475)
`packages/server/src/routes/api.codebases.test.ts:475` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/codebases (packages/server/src/routes/api.codebases.test.ts:489)
`packages/server/src/routes/api.codebases.test.ts:489` calls `POST /api/codebases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/codebases` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:269)
`packages/server/src/routes/api.conversations.test.ts:269` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:284)
`packages/server/src/routes/api.conversations.test.ts:284` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:298)
`packages/server/src/routes/api.conversations.test.ts:298` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:325)
`packages/server/src/routes/api.conversations.test.ts:325` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:347)
`packages/server/src/routes/api.conversations.test.ts:347` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:361)
`packages/server/src/routes/api.conversations.test.ts:361` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:375)
`packages/server/src/routes/api.conversations.test.ts:375` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations (packages/server/src/routes/api.conversations.test.ts:391)
`packages/server/src/routes/api.conversations.test.ts:391` calls `POST /api/conversations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations` If this points at an external API, prefix it with `ht…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations/unknown-conv/message (packages/server/src/routes/api.messages.test.ts:273)
`packages/server/src/routes/api.messages.test.ts:273` calls `POST /api/conversations/unknown-conv/message` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/unknown-conv/message` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations/web-test-abc/message (packages/server/src/routes/api.messages.test.ts:234)
`packages/server/src/routes/api.messages.test.ts:234` calls `POST /api/conversations/web-test-abc/message` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/message` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations/web-test-abc/message (packages/server/src/routes/api.messages.test.ts:259)
`packages/server/src/routes/api.messages.test.ts:259` calls `POST /api/conversations/web-test-abc/message` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/message` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations/web-test-abc/message (packages/server/src/routes/api.messages.test.ts:288)
`packages/server/src/routes/api.messages.test.ts:288` calls `POST /api/conversations/web-test-abc/message` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/message` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations/web-test-abc/message (packages/server/src/routes/api.messages.test.ts:301)
`packages/server/src/routes/api.messages.test.ts:301` calls `POST /api/conversations/web-test-abc/message` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/message` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations/web-test-abc/message (packages/server/src/routes/api.messages.test.ts:315)
`packages/server/src/routes/api.messages.test.ts:315` calls `POST /api/conversations/web-test-abc/message` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/message` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/conversations/web-test-abc/message (packages/server/src/routes/api.messages.test.ts:325)
`packages/server/src/routes/api.messages.test.ts:325` calls `POST /api/conversations/web-test-abc/message` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/conversations/web-test-abc/message` If this points a…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/../secret/run (packages/server/src/routes/api.workflow-runs.test.ts:451)
`packages/server/src/routes/api.workflow-runs.test.ts:451` calls `POST /api/workflows/../secret/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/../secret/run` If this points at an external API…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/.hidden/run (packages/server/src/routes/api.workflow-runs.test.ts:465)
`packages/server/src/routes/api.workflow-runs.test.ts:465` calls `POST /api/workflows/.hidden/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/.hidden/run` If this points at an external API, pr…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/deploy/run (packages/server/src/routes/api.workflow-runs.test.ts:331)
`packages/server/src/routes/api.workflow-runs.test.ts:331` calls `POST /api/workflows/deploy/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/deploy/run` If this points at an external API, pref…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/deploy/run (packages/server/src/routes/api.workflow-runs.test.ts:385)
`packages/server/src/routes/api.workflow-runs.test.ts:385` calls `POST /api/workflows/deploy/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/deploy/run` If this points at an external API, pref…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/deploy/run (packages/server/src/routes/api.workflow-runs.test.ts:410)
`packages/server/src/routes/api.workflow-runs.test.ts:410` calls `POST /api/workflows/deploy/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/deploy/run` If this points at an external API, pref…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/deploy/run (packages/server/src/routes/api.workflow-runs.test.ts:425)
`packages/server/src/routes/api.workflow-runs.test.ts:425` calls `POST /api/workflows/deploy/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/deploy/run` If this points at an external API, pref…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/deploy/run (packages/server/src/routes/api.workflow-runs.test.ts:438)
`packages/server/src/routes/api.workflow-runs.test.ts:438` calls `POST /api/workflows/deploy/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/deploy/run` If this points at an external API, pref…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/deploy/run (packages/server/src/routes/api.workflow-runs.test.ts:478)
`packages/server/src/routes/api.workflow-runs.test.ts:478` calls `POST /api/workflows/deploy/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/deploy/run` If this points at an external API, pref…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/missing/approve (packages/server/src/routes/api.workflow-runs.test.ts:1273)
`packages/server/src/routes/api.workflow-runs.test.ts:1273` calls `POST /api/workflows/runs/missing/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/missing/approve` If this points at …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/missing/reject (packages/server/src/routes/api.workflow-runs.test.ts:1353)
`packages/server/src/routes/api.workflow-runs.test.ts:1353` calls `POST /api/workflows/runs/missing/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/missing/reject` If this points at an…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-auto-resume-approve/approve (packages/server/src/routes/api.workflow-runs.test.ts:1478)
`packages/server/src/routes/api.workflow-runs.test.ts:1478` calls `POST /api/workflows/runs/run-auto-resume-approve/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-auto-resume-app…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-auto-resume-reject/reject (packages/server/src/routes/api.workflow-runs.test.ts:1592)
`packages/server/src/routes/api.workflow-runs.test.ts:1592` calls `POST /api/workflows/runs/run-auto-resume-reject/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-auto-resume-rejec…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-capture/approve (packages/server/src/routes/api.workflow-runs.test.ts:1306)
`packages/server/src/routes/api.workflow-runs.test.ts:1306` calls `POST /api/workflows/runs/run-capture/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-capture/approve` If this po…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-max-attempts/reject (packages/server/src/routes/api.workflow-runs.test.ts:1434)
`packages/server/src/routes/api.workflow-runs.test.ts:1434` calls `POST /api/workflows/runs/run-max-attempts/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-max-attempts/reject` If…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-missing/abandon (packages/server/src/routes/api.workflow-runs.test.ts:1161)
`packages/server/src/routes/api.workflow-runs.test.ts:1161` calls `POST /api/workflows/runs/run-missing/abandon` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-missing/abandon` If this po…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-missing/resume (packages/server/src/routes/api.workflow-runs.test.ts:1044)
`packages/server/src/routes/api.workflow-runs.test.ts:1044` calls `POST /api/workflows/runs/run-missing/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-missing/resume` If this poin…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-on-reject/reject (packages/server/src/routes/api.workflow-runs.test.ts:1402)
`packages/server/src/routes/api.workflow-runs.test.ts:1402` calls `POST /api/workflows/runs/run-on-reject/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-on-reject/reject` If this …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-paused-1/approve (packages/server/src/routes/api.workflow-runs.test.ts:1323)
`packages/server/src/routes/api.workflow-runs.test.ts:1323` calls `POST /api/workflows/runs/run-paused-1/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-paused-1/approve` If this …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-paused-1/approve (packages/server/src/routes/api.workflow-runs.test.ts:1506)
`packages/server/src/routes/api.workflow-runs.test.ts:1506` calls `POST /api/workflows/runs/run-paused-1/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-paused-1/approve` If this …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-paused-1/approve (packages/server/src/routes/api.workflow-runs.test.ts:1527)
`packages/server/src/routes/api.workflow-runs.test.ts:1527` calls `POST /api/workflows/runs/run-paused-1/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-paused-1/approve` If this …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-paused-1/approve (packages/server/src/routes/api.workflow-runs.test.ts:1555)
`packages/server/src/routes/api.workflow-runs.test.ts:1555` calls `POST /api/workflows/runs/run-paused-1/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-paused-1/approve` If this …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-paused-1/reject (packages/server/src/routes/api.workflow-runs.test.ts:1375)
`packages/server/src/routes/api.workflow-runs.test.ts:1375` calls `POST /api/workflows/runs/run-paused-1/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-paused-1/reject` If this po…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-paused-1/reject (packages/server/src/routes/api.workflow-runs.test.ts:1653)
`packages/server/src/routes/api.workflow-runs.test.ts:1653` calls `POST /api/workflows/runs/run-paused-1/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-paused-1/reject` If this po…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-reject-non-web/reject (packages/server/src/routes/api.workflow-runs.test.ts:1634)
`packages/server/src/routes/api.workflow-runs.test.ts:1634` calls `POST /api/workflows/runs/run-reject-non-web/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-reject-non-web/reject…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/abandon (packages/server/src/routes/api.workflow-runs.test.ts:1181)
`packages/server/src/routes/api.workflow-runs.test.ts:1181` calls `POST /api/workflows/runs/run-uuid-1/abandon` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/abandon` If this poin…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/approve (packages/server/src/routes/api.workflow-runs.test.ts:1284)
`packages/server/src/routes/api.workflow-runs.test.ts:1284` calls `POST /api/workflows/runs/run-uuid-1/approve` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/approve` If this poin…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/cancel (packages/server/src/routes/api.workflow-runs.test.ts:502)
`packages/server/src/routes/api.workflow-runs.test.ts:502` calls `POST /api/workflows/runs/run-uuid-1/cancel` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/cancel` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/cancel (packages/server/src/routes/api.workflow-runs.test.ts:560)
`packages/server/src/routes/api.workflow-runs.test.ts:560` calls `POST /api/workflows/runs/run-uuid-1/cancel` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/cancel` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/cancel (packages/server/src/routes/api.workflow-runs.test.ts:576)
`packages/server/src/routes/api.workflow-runs.test.ts:576` calls `POST /api/workflows/runs/run-uuid-1/cancel` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/cancel` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/cancel (packages/server/src/routes/api.workflow-runs.test.ts:589)
`packages/server/src/routes/api.workflow-runs.test.ts:589` calls `POST /api/workflows/runs/run-uuid-1/cancel` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/cancel` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/reject (packages/server/src/routes/api.workflow-runs.test.ts:1364)
`packages/server/src/routes/api.workflow-runs.test.ts:1364` calls `POST /api/workflows/runs/run-uuid-1/reject` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/reject` If this points…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-1/resume (packages/server/src/routes/api.workflow-runs.test.ts:1053)
`packages/server/src/routes/api.workflow-runs.test.ts:1053` calls `POST /api/workflows/runs/run-uuid-1/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-1/resume` If this points…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-2/abandon (packages/server/src/routes/api.workflow-runs.test.ts:1170)
`packages/server/src/routes/api.workflow-runs.test.ts:1170` calls `POST /api/workflows/runs/run-uuid-2/abandon` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-2/abandon` If this poin…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-2/cancel (packages/server/src/routes/api.workflow-runs.test.ts:544)
`packages/server/src/routes/api.workflow-runs.test.ts:544` calls `POST /api/workflows/runs/run-uuid-2/cancel` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-2/cancel` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-3/cancel (packages/server/src/routes/api.workflow-runs.test.ts:518)
`packages/server/src/routes/api.workflow-runs.test.ts:518` calls `POST /api/workflows/runs/run-uuid-3/cancel` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-3/cancel` If this points …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-4/resume (packages/server/src/routes/api.workflow-runs.test.ts:1069)
`packages/server/src/routes/api.workflow-runs.test.ts:1069` calls `POST /api/workflows/runs/run-uuid-4/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-4/resume` If this points…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-4/resume (packages/server/src/routes/api.workflow-runs.test.ts:1085)
`packages/server/src/routes/api.workflow-runs.test.ts:1085` calls `POST /api/workflows/runs/run-uuid-4/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-4/resume` If this points…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-4/resume (packages/server/src/routes/api.workflow-runs.test.ts:1105)
`packages/server/src/routes/api.workflow-runs.test.ts:1105` calls `POST /api/workflows/runs/run-uuid-4/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-4/resume` If this points…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/run-uuid-4/resume (packages/server/src/routes/api.workflow-runs.test.ts:1127)
`packages/server/src/routes/api.workflow-runs.test.ts:1127` calls `POST /api/workflows/runs/run-uuid-4/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/run-uuid-4/resume` If this points…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/runs/unknown-run/cancel (packages/server/src/routes/api.workflow-runs.test.ts:531)
`packages/server/src/routes/api.workflow-runs.test.ts:531` calls `POST /api/workflows/runs/unknown-run/cancel` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/runs/unknown-run/cancel` If this point…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/test-suite/run (packages/server/src/routes/api.workflow-runs.test.ts:356)
`packages/server/src/routes/api.workflow-runs.test.ts:356` calls `POST /api/workflows/test-suite/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/test-suite/run` If this points at an external A…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/validate (packages/server/src/routes/api.workflows.test.ts:154)
`packages/server/src/routes/api.workflows.test.ts:154` calls `POST /api/workflows/validate` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/validate` If this points at an external API, prefix it wi…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/validate (packages/server/src/routes/api.workflows.test.ts:173)
`packages/server/src/routes/api.workflows.test.ts:173` calls `POST /api/workflows/validate` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/validate` If this points at an external API, prefix it wi…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/validate (packages/server/src/routes/api.workflows.test.ts:189)
`packages/server/src/routes/api.workflows.test.ts:189` calls `POST /api/workflows/validate` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/validate` If this points at an external API, prefix it wi…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/workflows/validate (packages/server/src/routes/api.workflows.test.ts:203)
`packages/server/src/routes/api.workflows.test.ts:203` calls `POST /api/workflows/validate` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/validate` If this points at an external API, prefix it wi…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://slack.com/api/auth.test (packages/cli/src/commands/doctor.ts:214)
`packages/cli/src/commands/doctor.ts:214` calls `POST https://slack.com/api/auth.test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/slack.com/api/auth.test` If this points at an external API, prefix it with…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/..secret (packages/server/src/routes/api.workflows.test.ts:437)
`packages/server/src/routes/api.workflows.test.ts:437` calls `PUT /api/workflows/..secret` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/..secret` If this points at an external API, prefix it wit…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/global-workflow?source=global (packages/server/src/routes/api.workflows.test.ts:561)
`packages/server/src/routes/api.workflows.test.ts:561` calls `PUT /api/workflows/global-workflow?source=global` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/global-workflow` If this points at an…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/my-workflow (packages/server/src/routes/api.workflows.test.ts:451)
`packages/server/src/routes/api.workflows.test.ts:451` calls `PUT /api/workflows/my-workflow` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/my-workflow` If this points at an external API, prefix …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/my-workflow (packages/server/src/routes/api.workflows.test.ts:475)
`packages/server/src/routes/api.workflows.test.ts:475` calls `PUT /api/workflows/my-workflow` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/my-workflow` If this points at an external API, prefix …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/my-workflow (packages/server/src/routes/api.workflows.test.ts:508)
`packages/server/src/routes/api.workflows.test.ts:508` calls `PUT /api/workflows/my-workflow` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/my-workflow` If this points at an external API, prefix …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/my-workflow?cwd=${testDir} (packages/server/src/routes/api.workflows.test.ts:527)
`packages/server/src/routes/api.workflows.test.ts:527` calls `PUT /api/workflows/my-workflow?cwd=${testDir}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/my-workflow` If this points at an extern…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/my-workflow?cwd=/etc/secrets (packages/server/src/routes/api.workflows.test.ts:752)
`packages/server/src/routes/api.workflows.test.ts:752` calls `PUT /api/workflows/my-workflow?cwd=/etc/secrets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/my-workflow` If this points at an exte…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/workflows/some-workflow?source=bundled (packages/server/src/routes/api.workflows.test.ts:598)
`packages/server/src/routes/api.workflows.test.ts:598` calls `PUT /api/workflows/some-workflow?source=bundled` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workflows/some-workflow` If this points at an ex…
wiringdangling-fetchhelper:request
low Legacy security security conf 1.00 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility.
Add rel="noopener noreferrer" to every <a target="_blank">: <a href="..." target="_blank" rel="noopener noreferrer">link</a> For dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden — costs nothing.
packages/web/src/components/layout/Header.tsx:32 securitylegacy
high Legacy quality quality conf 0.74 Codex auth.json is read or copied without visible secret-file hardening
Tools that read or switch Codex CLI auth files handle OAuth/session material. Plain file copies, account switchers, and token readers should enforce narrow permissions and avoid printing or exporting token values.
packages/providers/src/community/pi/provider.ts:230 qualitylegacy
high Legacy quality quality conf 0.74 Codex auth.json is read or copied without visible secret-file hardening
Tools that read or switch Codex CLI auth files handle OAuth/session material. Plain file copies, account switchers, and token readers should enforce narrow permissions and avoid printing or exporting token values.
packages/server/src/scripts/setup-auth.ts:4 qualitylegacy
medium Legacy quality quality conf 0.73 Codex session log reader may expose prompts or tool-call content
Codex session JSONL files can contain prompts, tool events, paths, and operational metadata, not only token counts. Token dashboards and exporters should avoid retaining or sharing raw session text.
packages/providers/src/community/pi/provider.ts:325 qualitylegacy
medium Legacy quality quality conf 0.73 Codex session log reader may expose prompts or tool-call content
Codex session JSONL files can contain prompts, tool events, paths, and operational metadata, not only token counts. Token dashboards and exporters should avoid retaining or sharing raw session text.
packages/providers/src/community/pi/session-resolver.ts:13 qualitylegacy
medium Legacy cicd docker conf 0.94 Compose service `app` image uses the latest tag
The latest tag is mutable and can change without a code review, producing different images from the same source.
deploy/docker-compose.yml:13 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Docker images run as root unless the image or Dockerfile switches to a non-root user.
Dockerfile:54 dockerlegacy
medium Legacy cicd docker conf 0.94 Dockerfile base image uses the latest tag
The latest tag is mutable and can change without a code review, producing different images from the same source.
deploy/Dockerfile.user.example:8 dockerlegacy
medium Legacy cicd docker conf 0.76 Dockerfile copies broad context with incomplete .dockerignore
COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts.
Dockerfile:44 dockerlegacy
high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently
localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.
packages/web/src/experiments/console/components/DraftRunCard.tsx:48 qualitylegacy
high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently
localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.
packages/web/src/contexts/ProjectContext.tsx:41 qualitylegacy
high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently
localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.
packages/web/src/components/workflows/WorkflowBuilder.tsx:84 qualitylegacy
high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently
localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.
packages/web/src/components/layout/Sidebar.tsx:96 qualitylegacy
high Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
packages/docs-web/src/content/docs/guides/script-nodes.md:258 dependencylegacy
high Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
packages/docs-web/src/content/docs/index.mdx:33 dependencylegacy
high Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
packages/docs-web/src/content/docs/getting-started/ai-assistants.md:27 dependencylegacy
high Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
deploy/cloud-init.yml:62 dependencylegacy
high Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
README.md:113 dependencylegacy
high Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
.github/workflows/e2e-smoke.yml:47 dependencylegacy
high Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
.claude/skills/archon/references/troubleshooting.md:71 dependencylegacy
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/adapters/src/community/chat/discord/adapter.ts:71
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/adapters/src/community/forge/gitlab/adapter.ts:162
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/web/src/lib/api.ts:63
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer hardware security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
securitycontainer
medium 9-layer quality integrity conf 1.00 Frontend route `/chat/*` has no Link/navigate to it — packages/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `/console/*` has no Link/navigate to it — packages/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `/workflows/runs/:runId` has no Link/navigate to it — packages/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `/workflows/runs` has no Link/navigate to it — packages/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `_preview` has no Link/navigate to it — packages/web/src/experiments/console/ConsoleApp.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `p/:projectId/r/:runId` has no Link/navigate to it — packages/web/src/experiments/console/ConsoleApp.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `p/:projectId` has no Link/navigate to it — packages/web/src/experiments/console/ConsoleApp.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/e2e-smoke.yml:20 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
astral-sh/setup-uv@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/e2e-smoke.yml:25 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/e2e-smoke.yml:41 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/e2e-smoke.yml:71 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/e2e-smoke.yml:101 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:44 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:232 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
softprops/action-gh-release@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:262 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/setup-qemu-action@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish.yml:26 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/setup-buildx-action@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish.yml:29 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/login-action@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish.yml:32 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/metadata-action@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish.yml:40 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/build-push-action@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish.yml:55 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/marketplace-auto-review.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/release.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/deploy-docs.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/publish.yml supply-chaingithub-actionsleast-privilege
medium 9-layer security owasp conf 1.00 Insecure pattern 'cors_wildcard' in packages/server/src/routes/api.ts:914
Found a known-risky pattern (cors_wildcard). Review and replace if possible.
packages/server/src/routes/api.ts:914 owaspcors_wildcard
low Legacy cicd docker conf 0.72 .dockerignore misses sensitive defaults
.dockerignore exists but does not cover common secret or VCS patterns.
.dockerignore dockerlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
docker-compose.yml:118 dockerlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
docker-compose.yml:38 dockerlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
deploy/docker-compose.yml:13 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities.
docker-compose.yml:118 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities.
docker-compose.yml:38 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities.
deploy/docker-compose.yml:13 dockerlegacy
low Legacy cicd docker conf 0.58 Database password is wired through an environment variable placeholder
Environment placeholders are not committed secrets, but database official images often support *_FILE variables so Compose secrets can provide narrower filesystem-based access.
docker-compose.yml:68 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Installing recommended packages often pulls in unnecessary runtime surface area.
Dockerfile:80 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Installing recommended packages often pulls in unnecessary runtime surface area.
Dockerfile:67 dockerlegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/workflows/src/executor.ts:34 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/providers/src/community/pi/event-bridge.ts:8 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/providers/src/community/opencode/session.ts:81 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/providers/src/codex/provider.ts:188 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/adapters/src/forge/github/adapter.ts:151 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/paths/src/archon-paths.ts:104 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/web/src/routes/ChatPage.tsx:85 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/web/src/routes/ChatPage.tsx:43 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/web/src/lib/api.ts:68 qualitylegacy

Showing first 300 of 427. Refine filters or use the legacy findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/03f8e180-87b4-4749-b483-9718dabd5226/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/03f8e180-87b4-4749-b483-9718dabd5226/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.