{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /re"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 36.8% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 36.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC130", "name": "[SEC130] Hallucinated package name \u2014 looks like a real package but isn't: Import of a package name that closely resemble", "shortDescription": {"text": "[SEC130] Hallucinated package name \u2014 looks like a real package but isn't: Import of a package name that closely resembles a popular one but isn't published \u2014 a classic AI hallucination. Two risks: (1) the code crashes on install in fresh en"}, "fullDescription": {"text": "Verify the import resolves to a real, maintained package: check pypi.org / npmjs.com directly. If the package doesn't exist, the AI invented it \u2014 find the real package the AI was thinking of and swap. Pin all deps to known-good versions and require a registry allowlist in CI."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 5 more): Same pattern found in 5 additional files. ", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED058] React Dangerously Set Html (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 4 more): Same pattern found in 4 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 25 more): Same pattern found in 25 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 82 more): Same pattern found in 82 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 82 more): Same pattern found in 82 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 21 more): Same pattern found in 21 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `postgres:16-alpine` unpinned: `container/services image: postgres:16-alpin", "shortDescription": {"text": "[MINED126] Workflow container/services image `postgres:16-alpine` unpinned: `container/services image: postgres:16-alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same sup"}, "fullDescription": {"text": "Replace with `postgres:16-alpine@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-r", "shortDescription": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025"}, "fullDescription": {"text": "Replace with: `uses: actions/setup-node@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build ti", "shortDescription": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production ima"}, "fullDescription": {"text": "Replace with: `FROM python:3.12-slim@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /control/wait has no auth: Handler `worker_control_wait_endpoint` is registered with router/app.", "shortDescription": {"text": "[MINED112] FastAPI POST /control/wait has no auth: Handler `worker_control_wait_endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `time.sleep` inside async function `test_live_bifrost_virtual_key_routes_request_and_records_co", "shortDescription": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_live_bifrost_virtual_key_routes_request_and_records_cost`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, prevent"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_validate_connection_id_rejects_unsafe_ids: Test function `test_validate_connectio", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_validate_connection_id_rejects_unsafe_ids: Test function `test_validate_connection_id_rejects_unsafe_ids` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Ad"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.advance` used but never assigned in __init__: Method `skip_alias` of class `UseTreeParser` reads `self.", "shortDescription": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `skip_alias` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first"}, "fullDescription": {"text": "Initialize `self.advance = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /reviews/{review_run_id}/stop."}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`", "shortDescription": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import email` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1334"}, "properties": {"repository": "proliferate-ai/proliferate", "repoUrl": "https://github.com/proliferate-ai/proliferate", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136398, "scanner": "repobility-ast-engine", "fingerprint": "939205a35e3f378c8052c3f7529ac25eb07e1bb225a118755b20985e6bccdafd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|939205a35e3f378c8052c3f7529ac25eb07e1bb225a118755b20985e6bccdafd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/session.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136397, "scanner": "repobility-ast-engine", "fingerprint": "4552108d7ba7d255989b69464cb99e566010f6c16ac59f4ba33536e2a9d21d78", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4552108d7ba7d255989b69464cb99e566010f6c16ac59f4ba33536e2a9d21d78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/session.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136396, "scanner": "repobility-ast-engine", "fingerprint": "25c864b382f04b13f537123e3008acafb8df34d5b4314dcf2fb0782bd5d2135f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|25c864b382f04b13f537123e3008acafb8df34d5b4314dcf2fb0782bd5d2135f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/git_identity.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136395, "scanner": "repobility-ast-engine", "fingerprint": "f711800f18b956c7c3a1debdd22552d1c2a69cdacdcde2379b6ef6e1948c8570", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f711800f18b956c7c3a1debdd22552d1c2a69cdacdcde2379b6ef6e1948c8570"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/git_identity.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136394, "scanner": "repobility-ast-engine", "fingerprint": "c850ff57c0faddd35cb0ba43ab520351c9f83d699609ab0493cb91c0638c2bf9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c850ff57c0faddd35cb0ba43ab520351c9f83d699609ab0493cb91c0638c2bf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/workspace.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136393, "scanner": "repobility-ast-engine", "fingerprint": "59098c5168a70d8026804d6c1210a9d3c97f5eefbc2fecf7a206e9167233a0db", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59098c5168a70d8026804d6c1210a9d3c97f5eefbc2fecf7a206e9167233a0db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/environment.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136392, "scanner": "repobility-ast-engine", "fingerprint": "9dd142fa69fe8f3d41ca4ea9cb0f39ecb770e9be3fa78ef0224a3a349346e2b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9dd142fa69fe8f3d41ca4ea9cb0f39ecb770e9be3fa78ef0224a3a349346e2b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/environment.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136391, "scanner": "repobility-ast-engine", "fingerprint": "d3ce1de86c2a04134bb39c290dbdd17a49aa6c2839ad58286d642d2645ac57d4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3ce1de86c2a04134bb39c290dbdd17a49aa6c2839ad58286d642d2645ac57d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/automations/worker/cloud_execution/stages/prompt.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136389, "scanner": "repobility-ast-engine", "fingerprint": "e65487b337320e3f0d5128f807fee6ed8c75f57095c85cef1ed770cad16a6142", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e65487b337320e3f0d5128f807fee6ed8c75f57095c85cef1ed770cad16a6142"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/mcp_catalog/domain/rendering.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136387, "scanner": "repobility-ast-engine", "fingerprint": "e2b5709afb344d1d0fe425820a1e55695ad2109da2ba047e666d287cf703ba5b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2b5709afb344d1d0fe425820a1e55695ad2109da2ba047e666d287cf703ba5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/slack/worker/main.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136386, "scanner": "repobility-ast-engine", "fingerprint": "6bd7c1d50d28da74fd36cf9f284e3aae3f235841c7414644c1edd296f2e53659", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bd7c1d50d28da74fd36cf9f284e3aae3f235841c7414644c1edd296f2e53659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/mobility/cleanup_executor.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136385, "scanner": "repobility-ast-engine", "fingerprint": "fa28c6362e48069b27301602fbeec45e612be36778545663520dcc9f314ef92e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa28c6362e48069b27301602fbeec45e612be36778545663520dcc9f314ef92e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/runtime/setup_monitor.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136384, "scanner": "repobility-ast-engine", "fingerprint": "b599f1f50ec2a1ed2fefb4cca19435e67e8a0d5f057feec4bdbcc1035fae8f00", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b599f1f50ec2a1ed2fefb4cca19435e67e8a0d5f057feec4bdbcc1035fae8f00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/agent_auth/grant_freshness.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136383, "scanner": "repobility-ast-engine", "fingerprint": "724b13aa9286b8d0e23e58ca2094e3f1f11a47cb67f308c2a3696993312f1783", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|724b13aa9286b8d0e23e58ca2094e3f1f11a47cb67f308c2a3696993312f1783"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/agent_auth/refresh.py"}, "region": {"startLine": 318}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136382, "scanner": "repobility-ast-engine", "fingerprint": "7dda6d619b9f9b60aa56a99720f94f5d54a809e93ee1b918dd7ce4cd8c903b15", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7dda6d619b9f9b60aa56a99720f94f5d54a809e93ee1b918dd7ce4cd8c903b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/billing/service.py"}, "region": {"startLine": 2342}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136380, "scanner": "repobility-ast-engine", "fingerprint": "d830f69da972153806728388422dce68acb1bfd4dfff222001075611a06599ad", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d830f69da972153806728388422dce68acb1bfd4dfff222001075611a06599ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/auth/desktop/service.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136379, "scanner": "repobility-ast-engine", "fingerprint": "d2c1cb90fa727e05f91354ff05ec1bf8415753df9d6ede8b4b9e0602b7522ae8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2c1cb90fa727e05f91354ff05ec1bf8415753df9d6ede8b4b9e0602b7522ae8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/auth/desktop/service.py"}, "region": {"startLine": 354}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136377, "scanner": "repobility-ast-engine", "fingerprint": "cbd9053d5095e8db4718e47fe7f77f02e33e8cf9f4005f2b10d157ef65d19395", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbd9053d5095e8db4718e47fe7f77f02e33e8cf9f4005f2b10d157ef65d19395"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/integrations/customerio.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136376, "scanner": "repobility-ast-engine", "fingerprint": "9b85b9dd4bf5c19ebf71113065b7d9b153296e2451c3b2cab2b90e566c7bc4cf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b85b9dd4bf5c19ebf71113065b7d9b153296e2451c3b2cab2b90e566c7bc4cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/integrations/customerio.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136375, "scanner": "repobility-ast-engine", "fingerprint": "b1619e53cabae3db2b71c11797d586d16d5ca9c3e166e33c82472e2f1300467c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b1619e53cabae3db2b71c11797d586d16d5ca9c3e166e33c82472e2f1300467c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/integrations/customerio.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136373, "scanner": "repobility-ast-engine", "fingerprint": "c8618d40bfff8111b566a1538493b755a0ae8dd01a035387eb3702dbfd4dfed1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8618d40bfff8111b566a1538493b755a0ae8dd01a035387eb3702dbfd4dfed1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/e2e/cloud/helpers/workspaces.py"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136372, "scanner": "repobility-ast-engine", "fingerprint": "42f6e5f8180a26776c7a4851554309d87fe105c46ed6169572ed6748d00b8743", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42f6e5f8180a26776c7a4851554309d87fe105c46ed6169572ed6748d00b8743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/e2e/cloud/test_lifecycle.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 136340, "scanner": "repobility-ast-engine", "fingerprint": "bf2d3568c6bc6580c55a6bcdc20445235bc3f55977c387854d0e574437a12b33", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf2d3568c6bc6580c55a6bcdc20445235bc3f55977c387854d0e574437a12b33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cloud-ssh-worker-smoke.py"}, "region": {"startLine": 590}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 136314, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 136310, "scanner": "repobility-journey-contract", "fingerprint": "643d6495e89d640f3e77127a9030cd92636fc1ff5b62c71181520f450ba7810d", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|19|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/src/lib/access/cloud/auth-token-store.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 136309, "scanner": "repobility-journey-contract", "fingerprint": "19acc7bab93175339df277a06038413eefb437bdf95fad60b11c76705f7453a0", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|8|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/src/lib/access/cloud/auth-token-store.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /replay/sessions."}, "properties": {"repobilityId": 136308, "scanner": "repobility-access-control", "fingerprint": "eb791a13dc91b0de256ad610a21ef4177a6e728c4856b4dbaefc6c06987617d8", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/replay/sessions", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|389|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 389}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /auth/revoked-jtis."}, "properties": {"repobilityId": 136307, "scanner": "repobility-access-control", "fingerprint": "9a97f9acd14484842583a4d9faf22671ee4cc64bcc44320bdf1f38efbe2512b5", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/auth/revoked-jtis", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|74|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 74}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /agents/{kind}."}, "properties": {"repobilityId": 136306, "scanner": "repobility-access-control", "fingerprint": "89cbc3ab6dec207705cfa14ecc2de673ec83c215a7fe37bdd287040664d0f8a6", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/agents/{kind}", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|48|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /auth/web/session."}, "properties": {"repobilityId": 136305, "scanner": "repobility-access-control", "fingerprint": "c89d1c5a855e291adbe0a908bd34f22fbbfca1631c5e88688b342fc41c945416", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/auth/web/session", "method": "ANY", "scanner": "repobility-access-control", "framework": "Django", "correlation_key": "code|auth|token|449|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/auth/identity/api.py"}, "region": {"startLine": 449}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 36.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 136299, "scanner": "repobility-access-control", "fingerprint": "d3f27f9b2bf396e38cc443a1befa3df010aab11e93799fedebf74758f95f8d42", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 19, "correlation_key": "fp|d3f27f9b2bf396e38cc443a1befa3df010aab11e93799fedebf74758f95f8d42", "auth_visible_percent": 36.8}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 136298, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Axum"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 136289, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 136288, "scanner": "repobility-docker", "fingerprint": "86aa20b924d5226dc1e5fe210482934e3d82828b77c13cb3621d080ca2065f73", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|86aa20b924d5226dc1e5fe210482934e3d82828b77c13cb3621d080ca2065f73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC130", "level": "warning", "message": {"text": "[SEC130] Hallucinated package name \u2014 looks like a real package but isn't: Import of a package name that closely resembles a popular one but isn't published \u2014 a classic AI hallucination. Two risks: (1) the code crashes on install in fresh environments, and (2) supply-chain attackers publish typosquat packages targeting exactly these AI-hallucinated names, so installing succeeds and ships malware ('slopsquatting'). CWE-1357 (dependency on an unmaintained / unverified component). CVE-2024-class sup"}, "properties": {"repobilityId": 136236, "scanner": "repobility-threat-engine", "fingerprint": "d763e99e902bef7266a905d2b0e888c17c9354f517a23cfe5de68ca8d1dac0c8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "import reactT", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC130", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d763e99e902bef7266a905d2b0e888c17c9354f517a23cfe5de68ca8d1dac0c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/files/file-icon-assets.tsx"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 136222, "scanner": "repobility-threat-engine", "fingerprint": "d9b5a24fd2e3a6585433dfdce44b0e395713a0a24d8be53f5cc279f7888ba2cf", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|44|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/content/PlanMarkdownBody.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 136221, "scanner": "repobility-threat-engine", "fingerprint": "c4836316852a6a6f560c773c1f13a1e12159a74faa9432c51c809954a94afff4", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|147|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/content/CollapsiblePlanCard.tsx"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 136220, "scanner": "repobility-threat-engine", "fingerprint": "6002907edd1caf641fd644b796d7b2c23ac21c682d00952c9ea5f013b6df76d9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|179|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/content/ui/MarkdownRenderer.tsx"}, "region": {"startLine": 179}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 136214, "scanner": "repobility-threat-engine", "fingerprint": "ac4b9cf22432939a52dbfad871f7b09dd8780e7ead31052a709d199be8056161", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac4b9cf22432939a52dbfad871f7b09dd8780e7ead31052a709d199be8056161"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/shell/topbar/TopBar.tsx"}, "region": {"startLine": 70}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 136213, "scanner": "repobility-threat-engine", "fingerprint": "90e1deb59ad594b29a78620718fc474e704d5d6cb4ea3fe6c36c94d417dde540", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|90e1deb59ad594b29a78620718fc474e704d5d6cb4ea3fe6c36c94d417dde540"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/content/CollapsiblePlanCard.tsx"}, "region": {"startLine": 59}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 136212, "scanner": "repobility-threat-engine", "fingerprint": "aef8f8f0afdce9ecbb80787700971d211efec5d39cf4692ab0f85d3ce13ba2b9", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aef8f8f0afdce9ecbb80787700971d211efec5d39cf4692ab0f85d3ce13ba2b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/app/chrome/MacWindowControlsSafeArea.tsx"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 136206, "scanner": "repobility-threat-engine", "fingerprint": "124f40144d3e6be6a944c8bb0dd86344b034b502b2cfc52cdf464aa8bf4dd2e4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"user@example.com\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|124f40144d3e6be6a944c8bb0dd86344b034b502b2cfc52cdf464aa8bf4dd2e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src-tauri/src/commands/google_workspace_mcp/tests.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 136297, "scanner": "repobility-docker", "fingerprint": "63baf2cc44d1e0fd9f1ef21740eb7ba05f5c1ffc9c58f1a86c8c9e99c59f35ad", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|63baf2cc44d1e0fd9f1ef21740eb7ba05f5c1ffc9c58f1a86c8c9e99c59f35ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 136295, "scanner": "repobility-docker", "fingerprint": "e09daf8542286ecfdfabb66adeca14181690cff6a785ac738095abfd986fa00a", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "api", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|e09daf8542286ecfdfabb66adeca14181690cff6a785ac738095abfd986fa00a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 136294, "scanner": "repobility-docker", "fingerprint": "dc7b4624ab72f12b6a9bba4899966856a057bd568960fab3ec444a7fcecceddc", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "migrate", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|dc7b4624ab72f12b6a9bba4899966856a057bd568960fab3ec444a7fcecceddc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 136292, "scanner": "repobility-docker", "fingerprint": "213e855647209ffe90ed7c86f9f10150263eabf7e329d42154b9fbd63bb9e691", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "migrate", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|213e855647209ffe90ed7c86f9f10150263eabf7e329d42154b9fbd63bb9e691"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 136287, "scanner": "repobility-docker", "fingerprint": "b86d643e1e645607ef9bb9cc4e6c2f94dc6b22928ecabcdfc6f0b01b9f7d4e9f", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b86d643e1e645607ef9bb9cc4e6c2f94dc6b22928ecabcdfc6f0b01b9f7d4e9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136286, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eb9a84abb34bc32ab80624f51f8de571a5d9e0562f79aae150c54b95675ea329", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/agents/portability/mod.rs", "duplicate_line": 418, "correlation_key": "fp|eb9a84abb34bc32ab80624f51f8de571a5d9e0562f79aae150c54b95675ea329"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/runtime_config/session_extension.rs"}, "region": {"startLine": 276}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136285, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81485f0ac3bf7caea999d6f2f9b6039a60a2b11aaf94f2660707f2147ca74721", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/reviews/runtime/events.rs", "duplicate_line": 159, "correlation_key": "fp|81485f0ac3bf7caea999d6f2f9b6039a60a2b11aaf94f2660707f2147ca74721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/reviews/runtime/reconcile.rs"}, "region": {"startLine": 147}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136284, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87f599b81a80db8b2fc2397421056180633d119762efd9f8c1debf99573caaa3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-contract/src/v1/reviews.rs", "duplicate_line": 25, "correlation_key": "fp|87f599b81a80db8b2fc2397421056180633d119762efd9f8c1debf99573caaa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/reviews/model.rs"}, "region": {"startLine": 134}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136283, "scanner": "repobility-ai-code-hygiene", "fingerprint": "44ae271bf9940fc971f0cd12ba2a20b32e04af689473b9381224d9287ce90b0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/cowork/mcp/tools_tests.rs", "duplicate_line": 50, "correlation_key": "fp|44ae271bf9940fc971f0cd12ba2a20b32e04af689473b9381224d9287ce90b0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/reviews/mcp/tools.rs"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136282, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9370a0b02faf8f80d8a297901f5c1d951178f71d43f4a6b9d5b7c546696a38a9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/cowork/mcp/mod.rs", "duplicate_line": 40, "correlation_key": "fp|9370a0b02faf8f80d8a297901f5c1d951178f71d43f4a6b9d5b7c546696a38a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/reviews/mcp/mod.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136281, "scanner": "repobility-ai-code-hygiene", "fingerprint": "719df02db5669b3ac851ff7891bc207f1c6433e0da9ef81598aaff5d8a84df00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/cowork/mcp/auth.rs", "duplicate_line": 19, "correlation_key": "fp|719df02db5669b3ac851ff7891bc207f1c6433e0da9ef81598aaff5d8a84df00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/reviews/mcp/auth.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136280, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33d95d855f8d0bbf14f8f8c3ce5dfb17f6fc2f8966e5477116623b5d9a9341b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/cowork/mcp/mod.rs", "duplicate_line": 45, "correlation_key": "fp|33d95d855f8d0bbf14f8f8c3ce5dfb17f6fc2f8966e5477116623b5d9a9341b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/plugins/mcp/mod.rs"}, "region": {"startLine": 185}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136279, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8593e656a99331a837343d37b6b40193c7ac459780aab4d6ef0533cf047e2ea6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/cowork/mcp/auth.rs", "duplicate_line": 21, "correlation_key": "fp|8593e656a99331a837343d37b6b40193c7ac459780aab4d6ef0533cf047e2ea6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/plugins/mcp/auth.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136278, "scanner": "repobility-ai-code-hygiene", "fingerprint": "67554c7c4497341410666032f1196799fbe4a7804bdd009676a0ca7420c95720", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/artifacts/protection.rs", "duplicate_line": 154, "correlation_key": "fp|67554c7c4497341410666032f1196799fbe4a7804bdd009676a0ca7420c95720"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/cowork/artifacts.rs"}, "region": {"startLine": 94}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136277, "scanner": "repobility-ai-code-hygiene", "fingerprint": "038fe1073761a76d4b476cda0bfed03744c00f00e2ab55036c3c97a51d744fd5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/artifacts/protection.rs", "duplicate_line": 164, "correlation_key": "fp|038fe1073761a76d4b476cda0bfed03744c00f00e2ab55036c3c97a51d744fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/artifacts/runtime.rs"}, "region": {"startLine": 230}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136276, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37cd88cdeaa2c28664cf4cdb9904f947d1549eff72ad72c3f649655f0c82a3f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/agents/seed/health.rs", "duplicate_line": 65, "correlation_key": "fp|37cd88cdeaa2c28664cf4cdb9904f947d1549eff72ad72c3f649655f0c82a3f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/seed/mod.rs"}, "region": {"startLine": 341}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8d54d16cebde1df2a13795edf9bcaab81edc92ca9a8b52e195c48decc5db573", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/agents/readiness/resolver.rs", "duplicate_line": 226, "correlation_key": "fp|c8d54d16cebde1df2a13795edf9bcaab81edc92ca9a8b52e195c48decc5db573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/runtime.rs"}, "region": {"startLine": 411}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a682d4b762b8c573549346c807c16c9f804478014fc0b4064ac7cdcd799cf121", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/agents/model_registry/refresh.rs", "duplicate_line": 199, "correlation_key": "fp|a682d4b762b8c573549346c807c16c9f804478014fc0b4064ac7cdcd799cf121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/readiness/resolver.rs"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136273, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09fc153131441726067f51aac7587b5e4c09e3ea928bf1edf05a17b00ab8f591", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/agents/model_registry/refresh.rs", "duplicate_line": 164, "correlation_key": "fp|09fc153131441726067f51aac7587b5e4c09e3ea928bf1edf05a17b00ab8f591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/readiness/artifacts.rs"}, "region": {"startLine": 155}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136272, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ad1e5181f229050669689565261d66e8151d7e73560e112c9d994281cbf66ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/agents/catalog/schema.rs", "duplicate_line": 107, "correlation_key": "fp|5ad1e5181f229050669689565261d66e8151d7e73560e112c9d994281cbf66ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/model.rs"}, "region": {"startLine": 135}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136271, "scanner": "repobility-ai-code-hygiene", "fingerprint": "795093d7b649acf9c85640863b52d41ecb81a6184f56086c0a8f3fc2d5293df6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-contract/src/v1/agents.rs", "duplicate_line": 129, "correlation_key": "fp|795093d7b649acf9c85640863b52d41ecb81a6184f56086c0a8f3fc2d5293df6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/login_terminal.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136270, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f454367de0a2787584d28d97db74cab4687c6d6860c2f39c3169cabfac3062f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/domains/agents/auth_config_claude_tests.rs", "duplicate_line": 13, "correlation_key": "fp|f454367de0a2787584d28d97db74cab4687c6d6860c2f39c3169cabfac3062f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/auth_config_tests.rs"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136269, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b73dea8920c637edfce7fefcbe346042578aee26c28ee61bebd44bc6286cca6c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/ws/agent_login_terminals.rs", "duplicate_line": 52, "correlation_key": "fp|b73dea8920c637edfce7fefcbe346042578aee26c28ee61bebd44bc6286cca6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/ws/terminals.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136268, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d23ff91cc48f1e038a37bf9d3817eea8a41356ef4be10e2b7336dd98f2da24d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/workspaces_lifecycle.rs", "duplicate_line": 418, "correlation_key": "fp|9d23ff91cc48f1e038a37bf9d3817eea8a41356ef4be10e2b7336dd98f2da24d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/workspaces_purge.rs"}, "region": {"startLine": 187}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136267, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35831fc6b7c47a877a4a8bed1f7ed0c39328df855ffce2f0c5428c07e85cd6a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/repo_roots.rs", "duplicate_line": 279, "correlation_key": "fp|35831fc6b7c47a877a4a8bed1f7ed0c39328df855ffce2f0c5428c07e85cd6a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/workspaces_contract.rs"}, "region": {"startLine": 191}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136266, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c1335dd9f9c75b9fe79feee817382fd45f573f686d8d042288345b7f07c682f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/sessions_contract.rs", "duplicate_line": 14, "correlation_key": "fp|2c1335dd9f9c75b9fe79feee817382fd45f573f686d8d042288345b7f07c682f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/workspaces_contract.rs"}, "region": {"startLine": 176}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136265, "scanner": "repobility-ai-code-hygiene", "fingerprint": "98456f8cc5e71386ad12cf69ec8a423f3d3df8ca923c3bd411d60fb7548741e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/cowork.rs", "duplicate_line": 419, "correlation_key": "fp|98456f8cc5e71386ad12cf69ec8a423f3d3df8ca923c3bd411d60fb7548741e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/workspaces_contract.rs"}, "region": {"startLine": 83}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136264, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0469f35910a250a1c5192969b748bff7f58b93801e66882f6a2babbab8d57cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/cowork.rs", "duplicate_line": 351, "correlation_key": "fp|f0469f35910a250a1c5192969b748bff7f58b93801e66882f6a2babbab8d57cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/subagents.rs"}, "region": {"startLine": 144}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136263, "scanner": "repobility-ai-code-hygiene", "fingerprint": "363f6ea70504972c7ca7be39792e5b164eb358c5571d7a7ffaf97db2c0d14d6f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/mobility_archive_contract.rs", "duplicate_line": 166, "correlation_key": "fp|363f6ea70504972c7ca7be39792e5b164eb358c5571d7a7ffaf97db2c0d14d6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/mobility_contract.rs"}, "region": {"startLine": 168}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136262, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9dd34a7f44c255a21a3813289b43adaca9c22e3049533342072b0c63d19a2be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/access.rs", "duplicate_line": 6, "correlation_key": "fp|c9dd34a7f44c255a21a3813289b43adaca9c22e3049533342072b0c63d19a2be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/mobility.rs"}, "region": {"startLine": 270}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136261, "scanner": "repobility-ai-code-hygiene", "fingerprint": "928da5f87e10e95f7692dc1999b80885bbe05f757427cd4b3791c6568ad843be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/git_task.rs", "duplicate_line": 4, "correlation_key": "fp|928da5f87e10e95f7692dc1999b80885bbe05f757427cd4b3791c6568ad843be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/hosting.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136260, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0414b74b1e0c31acc514be8cd9373ecd9a4df25c9ccfc8f58a30c4a086eb3661", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/api/http/agents.rs", "duplicate_line": 32, "correlation_key": "fp|0414b74b1e0c31acc514be8cd9373ecd9a4df25c9ccfc8f58a30c4a086eb3661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/agents_model_registry.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136259, "scanner": "repobility-ai-code-hygiene", "fingerprint": "219b90cb8f4c3b5be30e446343bff5091bb8d9eda3ee0674a393c18bb32c3909", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-contract/src/v1/git.rs", "duplicate_line": 53, "correlation_key": "fp|219b90cb8f4c3b5be30e446343bff5091bb8d9eda3ee0674a393c18bb32c3909"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/adapters/git/types.rs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136258, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7708aafd5921f707b0425a9019b5ef23fe54336ff647236d2574daadb428df37", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-lib/src/adapters/git/diff_tests.rs", "duplicate_line": 9, "correlation_key": "fp|7708aafd5921f707b0425a9019b5ef23fe54336ff647236d2574daadb428df37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/adapters/git/service_tests.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136257, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0b0c1177f8707ddb86ffb8520aab300d11123e71a4bc7e84f6fd2ecf79171ab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "anyharness/crates/anyharness-contract/src/v1/files.rs", "duplicate_line": 3, "correlation_key": "fp|f0b0c1177f8707ddb86ffb8520aab300d11123e71a4bc7e84f6fd2ecf79171ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/adapters/files/types.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136256, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b27e3fe986a2947fc9c34c80d2a1aa668a4493580c61b088e023648b956e9de0", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b27e3fe986a2947fc9c34c80d2a1aa668a4493580c61b088e023648b956e9de0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/packages/product-domain/src/chats/transcript/transcript-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136255, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10f85a3697468a23b8475448cf3438898d38ea100494359eeb98933ef969e5e3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "draft", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|10f85a3697468a23b8475448cf3438898d38ea100494359eeb98933ef969e5e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/lib/domain/settings/environment-draft.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136254, "scanner": "repobility-ai-code-hygiene", "fingerprint": "851a217e9b18f138915b1f3a568b16c6a9694d7554106829f464dae1c9e48d2e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "draft", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|851a217e9b18f138915b1f3a568b16c6a9694d7554106829f464dae1c9e48d2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/lib/domain/settings/env-file-draft.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136253, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35dbc76a68eac607afa1f0a04f54873c88d4cfd534d916b2f30088380a8ca977", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "draft", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|35dbc76a68eac607afa1f0a04f54873c88d4cfd534d916b2f30088380a8ca977"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/lib/domain/settings/cloud-repo-config-draft.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136252, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4f8d328fc7f845110120d7c3d986eae96ef3846b46c4f886658e015e690ccdb", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "draft", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a4f8d328fc7f845110120d7c3d986eae96ef3846b46c4f886658e015e690ccdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/hooks/cloud/ui/use-cloud-repo-config-draft.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136251, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06529c882bdc529db996c749e3c1d3f8a46c8bb94036e584e18a0cd537729741", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|06529c882bdc529db996c749e3c1d3f8a46c8bb94036e584e18a0cd537729741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/workspaces/workspace-arrival-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136250, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b0a9aa9872176e6302d7150ac0ee417db12111f706fb8af93e2742840b9c150", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|5b0a9aa9872176e6302d7150ac0ee417db12111f706fb8af93e2742840b9c150"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/settings/agent-authentication-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136249, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1965a1e420a654a90bad6a4e70b32234a5f0bed4376efab8d4031432755b3a79", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1965a1e420a654a90bad6a4e70b32234a5f0bed4376efab8d4031432755b3a79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/chat/chat-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136248, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5083185c453f5eea854e903c45d446922eaf9a46a373b7a6f150bb2a1a178863", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|5083185c453f5eea854e903c45d446922eaf9a46a373b7a6f150bb2a1a178863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/capabilities/capability-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136247, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d619456f556b83a7266a9a86382799f9226c906be1cbab3e73fedd0fcb845781", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d619456f556b83a7266a9a86382799f9226c906be1cbab3e73fedd0fcb845781"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/billing/upgrade-gate-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136246, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a088881c731c2d1a2e6ebde6982ed3ea5f7ff550c0838466e3cdb3206b4e731f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a088881c731c2d1a2e6ebde6982ed3ea5f7ff550c0838466e3cdb3206b4e731f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/automations/automation-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136245, "scanner": "repobility-ai-code-hygiene", "fingerprint": "739d15e4e46fb1f7784338afe09de924ec8b6a595318d2a384c619b74571bbf3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|739d15e4e46fb1f7784338afe09de924ec8b6a595318d2a384c619b74571bbf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/auth/auth-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136244, "scanner": "repobility-ai-code-hygiene", "fingerprint": "66b9e3f1d56234369da8ead8412c5e5656fb5b521f4041bf2e170db3b807db0e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|66b9e3f1d56234369da8ead8412c5e5656fb5b521f4041bf2e170db3b807db0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/copy/agents/agents-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 136243, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c85cbb108ae859153824f97b37a14cee5f3998f56c03812879917dc9d494d43b", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|c85cbb108ae859153824f97b37a14cee5f3998f56c03812879917dc9d494d43b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/proliferate-worker/src/lifecycle/self_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 136242, "scanner": "repobility-threat-engine", "fingerprint": "049ec698aec062fde73128db035304be172fce8f62c8fefe639dd003fe63811a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|049ec698aec062fde73128db035304be172fce8f62c8fefe639dd003fe63811a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/mobile/src/providers/MobileAuthProvider.tsx"}, "region": {"startLine": 229}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 136241, "scanner": "repobility-threat-engine", "fingerprint": "c5d3ff83affc411be852ab40b84da78dd5ef15db43f130ea569cf851961356df", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(\"[DEV-AUTH] bootstrap start, __DEV__=\", typeof __DEV__ !== \"undefined\" && __DEV__, \"plat", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|22|console.log dev-auth bootstrap start __dev__ typeof __dev__ undefined __dev__ plat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/mobile/src/providers/MobileAuthProvider.tsx"}, "region": {"startLine": 229}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 136240, "scanner": "repobility-threat-engine", "fingerprint": "7b598fdaf383cfc36bb47487a6288f6c05331e134be3d9cad8f33bfe7c779478", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7b598fdaf383cfc36bb47487a6288f6c05331e134be3d9cad8f33bfe7c779478"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 136239, "scanner": "repobility-threat-engine", "fingerprint": "b0f3ed70530f1ee8b4bd23352c9abcfc5daa9a0133bbe523b857da8dd577a2d4", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|97|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/hooks/home/ui/use-home-next-composer-state.ts"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 136238, "scanner": "repobility-threat-engine", "fingerprint": "b1cf5faa879a1e2291ca0655566f85861ec7b0771fa65fe607cacfef85fc9cc4", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|27|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/hooks/cloud/ui/use-cloud-repo-config-draft.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 136237, "scanner": "repobility-threat-engine", "fingerprint": "b2b823d0fe5e5ce2de9b020b81fe84d8fd3a1eebf8fe042551db55beeeab1be2", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|40|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/hooks/automations/lifecycle/use-local-automation-claim-poller.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 136235, "scanner": "repobility-threat-engine", "fingerprint": "55eeb0a9a7194b21f6ca02ef7c193b2459911684409e0c708c006743b2248894", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|55eeb0a9a7194b21f6ca02ef7c193b2459911684409e0c708c006743b2248894", "aggregated_count": 16}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 136234, "scanner": "repobility-threat-engine", "fingerprint": "41e67b0db42a69445ca0594406e557aede8c989b48127a98298ae225e16e6f51", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41e67b0db42a69445ca0594406e557aede8c989b48127a98298ae225e16e6f51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/tool-calls/CoworkArtifactTurnCard.tsx"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 136233, "scanner": "repobility-threat-engine", "fingerprint": "36cfa8c458859f5ba2f5d42860766371e620a348ebb1b1af2f2af247fc0cc9b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36cfa8c458859f5ba2f5d42860766371e620a348ebb1b1af2f2af247fc0cc9b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/tool-calls/CoworkArtifactToolActionRow.tsx"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 136232, "scanner": "repobility-threat-engine", "fingerprint": "28be1318bd29472019c1c0803b8662de1f785d8d8ccf6a247fd6624da52e5af2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28be1318bd29472019c1c0803b8662de1f785d8d8ccf6a247fd6624da52e5af2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/input/delegated-work/AgentsPopoverSubagentSection.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 136231, "scanner": "repobility-threat-engine", "fingerprint": "4db3df9a58704d55636bd1053cf88cb80048c172ae779f3f99e1995443ef680a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4db3df9a58704d55636bd1053cf88cb80048c172ae779f3f99e1995443ef680a", "aggregated_count": 5}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 136230, "scanner": "repobility-threat-engine", "fingerprint": "1c70fd2a3c239417aec829111ef8415353b8ee1052a8a1bdeb6c7ef1af2df4c2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c70fd2a3c239417aec829111ef8415353b8ee1052a8a1bdeb6c7ef1af2df4c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/input/TodoTrackerPanel.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 136229, "scanner": "repobility-threat-engine", "fingerprint": "645d73a30d574098261535187a8a6814fa177d52ccf2acc760e5a1e97666b398", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|645d73a30d574098261535187a8a6814fa177d52ccf2acc760e5a1e97666b398"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/content/ui/diff/UnifiedDiffViewer.tsx"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 136228, "scanner": "repobility-threat-engine", "fingerprint": "c47a9ab261039a2680dfda25ead1c358cd0bae976ac37b4cff1112e319335008", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c47a9ab261039a2680dfda25ead1c358cd0bae976ac37b4cff1112e319335008"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/content/ui/diff/DiffLineContent.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 136227, "scanner": "repobility-threat-engine", "fingerprint": "b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b25ca6c2b6e8056e9e2c805b4ff75b5230249c907e2c0475c7bb8fc214cf24b0"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 136223, "scanner": "repobility-threat-engine", "fingerprint": "59f8fe45fc5615482b4e48d4864d7b6d9fcdf063056f99acf47e7fe5acde521f", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|59f8fe45fc5615482b4e48d4864d7b6d9fcdf063056f99acf47e7fe5acde521f"}}}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 136219, "scanner": "repobility-threat-engine", "fingerprint": "1a95a5d1d682a12bb642e28c36c0e874bff6cdc26089c46ae8ef263ee1155792", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1a95a5d1d682a12bb642e28c36c0e874bff6cdc26089c46ae8ef263ee1155792", "aggregated_count": 1}}}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 136218, "scanner": "repobility-threat-engine", "fingerprint": "40ad86a85ba4f2ebb7f910925bd0e0ebc7a2a0bb3d6d3cddb7494653be3a2cac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40ad86a85ba4f2ebb7f910925bd0e0ebc7a2a0bb3d6d3cddb7494653be3a2cac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/files/file-icons.tsx"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 136217, "scanner": "repobility-threat-engine", "fingerprint": "04b4885cc0cc88a5dcb5d4a2d641d9652d87a6c6a7bd6287be550d2a415e0559", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04b4885cc0cc88a5dcb5d4a2d641d9652d87a6c6a7bd6287be550d2a415e0559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/content/ui/MarkdownRenderer.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 136216, "scanner": "repobility-threat-engine", "fingerprint": "f068c1cd0a0e60b7d7582b96d3c8e07a40a2ae74e54ae2659adbd5cc44f0a10e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f068c1cd0a0e60b7d7582b96d3c8e07a40a2ae74e54ae2659adbd5cc44f0a10e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/content/ui/HighlightedCodePanel.tsx"}, "region": {"startLine": 92}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 136215, "scanner": "repobility-threat-engine", "fingerprint": "5c81d47da75c572182ad0e4e4629636dbf842fd65f2c830612248897d6fb397f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5c81d47da75c572182ad0e4e4629636dbf842fd65f2c830612248897d6fb397f"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 136211, "scanner": "repobility-threat-engine", "fingerprint": "0190d4d3317f3451b6ed1e876fd6829280a4bb59402f9117c5f5c5de7b266624", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0190d4d3317f3451b6ed1e876fd6829280a4bb59402f9117c5f5c5de7b266624", "aggregated_count": 12}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 136210, "scanner": "repobility-threat-engine", "fingerprint": "0b1cb772868f52c36603d1b698a1d02abe128c884b33a36dc37dd46d6cbb6377", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b1cb772868f52c36603d1b698a1d02abe128c884b33a36dc37dd46d6cbb6377"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/browser/BrowserNativeSurface.tsx"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 136209, "scanner": "repobility-threat-engine", "fingerprint": "8a9eebb8b8e53af8d06d2363a1fd5fbaedcfe35bd30890f0753ccb8fca8cc974", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a9eebb8b8e53af8d06d2363a1fd5fbaedcfe35bd30890f0753ccb8fca8cc974"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/settings/panes/AgentDefaultComposer.tsx"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 136208, "scanner": "repobility-threat-engine", "fingerprint": "fb1dbccea2aaca3e6b511e3bebfeee5b87f18a5cdc8850cd5217b77145ddd3b4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb1dbccea2aaca3e6b511e3bebfeee5b87f18a5cdc8850cd5217b77145ddd3b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/app/AppErrorBoundary.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 136207, "scanner": "repobility-threat-engine", "fingerprint": "a9e9937d45e5d20a738de0bce51b07a49868cd6350b46f7c729fa9bf67b08988", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9e9937d45e5d20a738de0bce51b07a49868cd6350b46f7c729fa9bf67b08988"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src-tauri/src/commands/window_chrome.rs"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 136205, "scanner": "repobility-threat-engine", "fingerprint": "588cbe6635e9107e3f4226ff395bb9d3b8dbc57f8977957784281db9e5f71589", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|588cbe6635e9107e3f4226ff395bb9d3b8dbc57f8977957784281db9e5f71589"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 136201, "scanner": "repobility-threat-engine", "fingerprint": "53bf8a87e25814ffe2ca4fb2b663efa0ec5d19c7b351535829863994b9f832b3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|53bf8a87e25814ffe2ca4fb2b663efa0ec5d19c7b351535829863994b9f832b3"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 136197, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 136196, "scanner": "repobility-threat-engine", "fingerprint": "6ec8f7ef32b6252b5b249f83dace3fc2bf501c533c0cce23fe33d470fde8fccb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ec8f7ef32b6252b5b249f83dace3fc2bf501c533c0cce23fe33d470fde8fccb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/proliferate-worker/src/cloud_client/exposures.rs"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 136195, "scanner": "repobility-threat-engine", "fingerprint": "361668f585e37c8b2f283a86933bbf3a78e84b85eee3d3af1466951cc12a557f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|361668f585e37c8b2f283a86933bbf3a78e84b85eee3d3af1466951cc12a557f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness/src/commands/serve.rs"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 136194, "scanner": "repobility-threat-engine", "fingerprint": "a6d4d7e271462f750911377d3d705ee0ebe175cec85b784d347bbdb71f3c7250", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6d4d7e271462f750911377d3d705ee0ebe175cec85b784d347bbdb71f3c7250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/managed_npm.rs"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 136193, "scanner": "repobility-threat-engine", "fingerprint": "aca87ac170a0086928a99f3259a65e7dc9f4a245fac4fc4acf126652fd81143b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|aca87ac170a0086928a99f3259a65e7dc9f4a245fac4fc4acf126652fd81143b", "aggregated_count": 3}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 136189, "scanner": "repobility-threat-engine", "fingerprint": "a19c177945e2389b8d1bc43526ddafd294e37dbff6a5516b030dc334cc8edf02", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a19c177945e2389b8d1bc43526ddafd294e37dbff6a5516b030dc334cc8edf02", "aggregated_count": 7}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 136188, "scanner": "repobility-threat-engine", "fingerprint": "66c758e7b8f65e2a2f2010c4fff5b2f4ce1c9ee5ebed327dff720bee7a57f3f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66c758e7b8f65e2a2f2010c4fff5b2f4ce1c9ee5ebed327dff720bee7a57f3f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/adapters/git/service_tests.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 136187, "scanner": "repobility-threat-engine", "fingerprint": "434e536344b0788112c5d8b86a08963dc09efd1610617873d643bf5e94eb4355", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|434e536344b0788112c5d8b86a08963dc09efd1610617873d643bf5e94eb4355"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/adapters/git/diff_tests.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 136186, "scanner": "repobility-threat-engine", "fingerprint": "1d8b4bc1fb7246936caa4ba460f86b94d3b7cca2b96a2e00765b0e9e86690b66", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d8b4bc1fb7246936caa4ba460f86b94d3b7cca2b96a2e00765b0e9e86690b66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/acp/provider_errors.rs"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 82 more): Same pattern found in 82 additional files. Review if needed."}, "properties": {"repobilityId": 136185, "scanner": "repobility-threat-engine", "fingerprint": "12f5a31ad93a42db9d7aaea63b6c23966fcf33fc3a2c8dfc473fe20095275639", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 82 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|12f5a31ad93a42db9d7aaea63b6c23966fcf33fc3a2c8dfc473fe20095275639", "aggregated_count": 82}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 136184, "scanner": "repobility-threat-engine", "fingerprint": "6c2e5d117f593522d066c7003a31c0a0fc294352c3213f078bc88252523f8c5b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c2e5d117f593522d066c7003a31c0a0fc294352c3213f078bc88252523f8c5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-credential-discovery/src/gemini.rs"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 136183, "scanner": "repobility-threat-engine", "fingerprint": "f4e197c23dffee84e1a52c7265dd26ee201de2e4d4621f47aafb4caea5126a24", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f4e197c23dffee84e1a52c7265dd26ee201de2e4d4621f47aafb4caea5126a24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-credential-discovery/src/codex.rs"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 136182, "scanner": "repobility-threat-engine", "fingerprint": "23b19bd10f239ab4af6fba073299c7a10a4485058ba24e683608afb30b6c8897", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23b19bd10f239ab4af6fba073299c7a10a4485058ba24e683608afb30b6c8897"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-contract/src/v1/terminals.rs"}, "region": {"startLine": 150}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 136181, "scanner": "repobility-threat-engine", "fingerprint": "21f9b19bf145e822b0c5c5789b2278cc43f3990a124eca4b75955feb3ebfffc3", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|21f9b19bf145e822b0c5c5789b2278cc43f3990a124eca4b75955feb3ebfffc3"}}}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `postgres:16-alpine` unpinned: `container/services image: postgres:16-alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 136432, "scanner": "repobility-supply-chain", "fingerprint": "e65986a4c498720127b09981107346cf9f59c273c897436e2f054c4d9b2e7de7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e65986a4c498720127b09981107346cf9f59c273c897436e2f054c4d9b2e7de7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-live-webhook.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `postgres:16-alpine` unpinned: `container/services image: postgres:16-alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 136431, "scanner": "repobility-supply-chain", "fingerprint": "ecaa36d5df0ed13fbec74deea9f655bcfcfd324b4ef0ab2b293d0b129ca479c2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ecaa36d5df0ed13fbec74deea9f655bcfcfd324b4ef0ab2b293d0b129ca479c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/server-ci.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `postgres:16-alpine` unpinned: `container/services image: postgres:16-alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 136430, "scanner": "repobility-supply-chain", "fingerprint": "6e2576fe744f002a181303a42f0164d9fb7c3d8846ad990eac9915fb568b2cab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6e2576fe744f002a181303a42f0164d9fb7c3d8846ad990eac9915fb568b2cab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `postgres:16-alpine` unpinned: `container/services image: postgres:16-alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 136429, "scanner": "repobility-supply-chain", "fingerprint": "59a1123a9938573784d29bb86e14b38c980cf19872157c1005797da103d081f3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|59a1123a9938573784d29bb86e14b38c980cf19872157c1005797da103d081f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136428, "scanner": "repobility-supply-chain", "fingerprint": "d84bd39ddc3012dd3840b5c0473456aeb6215994df3658c9ef8c1d767c1e16d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d84bd39ddc3012dd3840b5c0473456aeb6215994df3658c9ef8c1d767c1e16d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136427, "scanner": "repobility-supply-chain", "fingerprint": "75324c23b2e3997c2ba7e7291bd8a717052382f4a7895a2c65ba584e26fb74be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75324c23b2e3997c2ba7e7291bd8a717052382f4a7895a2c65ba584e26fb74be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `goto-bus-stop/setup-zig` pinned to mutable ref `@v2`: `uses: goto-bus-stop/setup-zig@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136426, "scanner": "repobility-supply-chain", "fingerprint": "2b37f0a6e9f7609001afdbe20c84c7bd0362f4a0b830ded15d2ec247e462d581", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b37f0a6e9f7609001afdbe20c84c7bd0362f4a0b830ded15d2ec247e462d581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136425, "scanner": "repobility-supply-chain", "fingerprint": "b6ed2d55b85301a55902179b62fff6ccf956d7ab22100981b262cf8c5fb04255", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6ed2d55b85301a55902179b62fff6ccf956d7ab22100981b262cf8c5fb04255"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136424, "scanner": "repobility-supply-chain", "fingerprint": "ec220f28bfeba957ef15f93e2b6dfb701bab2798243f9ed34cb8ff0f4b12df87", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec220f28bfeba957ef15f93e2b6dfb701bab2798243f9ed34cb8ff0f4b12df87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v5`: `uses: astral-sh/setup-uv@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136423, "scanner": "repobility-supply-chain", "fingerprint": "1a94129fd0031a4c8a7285c8f903ce937053d840bb1ec31296765ec9c02aedc3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a94129fd0031a4c8a7285c8f903ce937053d840bb1ec31296765ec9c02aedc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136422, "scanner": "repobility-supply-chain", "fingerprint": "8f1da255b4f80eb7eb281d7f9c48610df5b935d5130d441fe3fb4394dbca6788", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8f1da255b4f80eb7eb281d7f9c48610df5b935d5130d441fe3fb4394dbca6788"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136421, "scanner": "repobility-supply-chain", "fingerprint": "221ed5a0ae02917dd7fbc82ab25dcce34b5ee0d543c1e529a5c92fba2024cca9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|221ed5a0ae02917dd7fbc82ab25dcce34b5ee0d543c1e529a5c92fba2024cca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136420, "scanner": "repobility-supply-chain", "fingerprint": "4a0ce64ccc6f8ef1aab8f98d65a8f124bbe6df7e224366405d73fb63f1d58b07", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a0ce64ccc6f8ef1aab8f98d65a8f124bbe6df7e224366405d73fb63f1d58b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloud-tests.yml"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136419, "scanner": "repobility-supply-chain", "fingerprint": "9e9edb48ba601894d4d0d6b4bd83798f7e7c9cc1192d5a335052398700557c91", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9e9edb48ba601894d4d0d6b4bd83798f7e7c9cc1192d5a335052398700557c91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-staging.yml"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136418, "scanner": "repobility-supply-chain", "fingerprint": "43ea04c249fa86471fe946ae8748f8a31ee6c342f11845aa05bda3b8678a463c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43ea04c249fa86471fe946ae8748f8a31ee6c342f11845aa05bda3b8678a463c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-staging.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `aws-actions/amazon-ecr-login` pinned to mutable ref `@v2`: `uses: aws-actions/amazon-ecr-login@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136417, "scanner": "repobility-supply-chain", "fingerprint": "9a2ed56565c3ea6aee274c89de6c9238198ad56f900054eeaf83244446362856", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a2ed56565c3ea6aee274c89de6c9238198ad56f900054eeaf83244446362856"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-server.yml"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v4`: `uses: aws-actions/configure-aws-credentials@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136416, "scanner": "repobility-supply-chain", "fingerprint": "4ba3f4ac797a95d40cec3b3e6042c7a2d7f7d397565be7ef426c666acb940358", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ba3f4ac797a95d40cec3b3e6042c7a2d7f7d397565be7ef426c666acb940358"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-server.yml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136415, "scanner": "repobility-supply-chain", "fingerprint": "ea4f91e12ce58bf94a28e8353459cdf47f154a5b75e7ed7589159b3708df27c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ea4f91e12ce58bf94a28e8353459cdf47f154a5b75e7ed7589159b3708df27c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-server.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `goto-bus-stop/setup-zig` pinned to mutable ref `@v2`: `uses: goto-bus-stop/setup-zig@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136414, "scanner": "repobility-supply-chain", "fingerprint": "e8b4f9197994ae7c3e204ec054c08a5c7a5fccbf9d43f3c2db41d08200dacb41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e8b4f9197994ae7c3e204ec054c08a5c7a5fccbf9d43f3c2db41d08200dacb41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-e2b.yml"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136413, "scanner": "repobility-supply-chain", "fingerprint": "5cb3cfeaa91d77aef5c501552107e50b626deb4f6f57050f0d556f4a5812a5ee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5cb3cfeaa91d77aef5c501552107e50b626deb4f6f57050f0d556f4a5812a5ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-e2b.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136412, "scanner": "repobility-supply-chain", "fingerprint": "afdc4a739ac1bd25a1a530063ec6fdf3cbfdd1279d6d9a400706341933d5c406", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|afdc4a739ac1bd25a1a530063ec6fdf3cbfdd1279d6d9a400706341933d5c406"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-e2b.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136411, "scanner": "repobility-supply-chain", "fingerprint": "281504443a79a3ec71d04f8ba49efa969f59fe8d3a5b42fb1fd0a1cd1f8d7e80", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|281504443a79a3ec71d04f8ba49efa969f59fe8d3a5b42fb1fd0a1cd1f8d7e80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-e2b.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136410, "scanner": "repobility-supply-chain", "fingerprint": "037b7f46a9ad00f1537b236f1c5c3827161f96f223edc069ffd0729fde62596f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|037b7f46a9ad00f1537b236f1c5c3827161f96f223edc069ffd0729fde62596f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-e2b.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136409, "scanner": "repobility-supply-chain", "fingerprint": "1acbe57132d90382fabfc43fd3503230bc4c20c8c394191edc940277dff8ef61", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1acbe57132d90382fabfc43fd3503230bc4c20c8c394191edc940277dff8ef61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-web.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136408, "scanner": "repobility-supply-chain", "fingerprint": "f23c7f1a49e38cba216fe2b83ffa55f5316317eede35ec0ac525edaf56918fcf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f23c7f1a49e38cba216fe2b83ffa55f5316317eede35ec0ac525edaf56918fcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-web.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136407, "scanner": "repobility-supply-chain", "fingerprint": "b7cdaf7d619447175645ff1661762fe0e0bcad78eec386a56f509188e880a112", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b7cdaf7d619447175645ff1661762fe0e0bcad78eec386a56f509188e880a112"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-web.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136406, "scanner": "repobility-supply-chain", "fingerprint": "03a748bfe31ab14ad5767c11b6976957d26c16ca6e0dd99900a4471cf57a2a7e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|03a748bfe31ab14ad5767c11b6976957d26c16ca6e0dd99900a4471cf57a2a7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-mobile.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136405, "scanner": "repobility-supply-chain", "fingerprint": "01b3c0da4bef0590c1678a243634e3fb67a0fccf650609bfc84f9587f0737197", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|01b3c0da4bef0590c1678a243634e3fb67a0fccf650609bfc84f9587f0737197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-mobile.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 136404, "scanner": "repobility-supply-chain", "fingerprint": "5339ab22ad928877b95e317a6369301f908f9e4741e0be9dffd670f9618f7bda", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5339ab22ad928877b95e317a6369301f908f9e4741e0be9dffd670f9618f7bda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_deploy-mobile.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 136403, "scanner": "repobility-supply-chain", "fingerprint": "a7eb6e573beb3556563b97647701ca2699ea000c0ba8b856d71c1d9d06667aa4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a7eb6e573beb3556563b97647701ca2699ea000c0ba8b856d71c1d9d06667aa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /control/wait has no auth: Handler `worker_control_wait_endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 136402, "scanner": "repobility-route-auth", "fingerprint": "4af04746e524dea2536e9cb33d1b682d43b7628dce4ed18a86eac8819ef98d63", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4af04746e524dea2536e9cb33d1b682d43b7628dce4ed18a86eac8819ef98d63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/worker/api.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /webhooks/stripe has no auth: Handler `stripe_webhook_endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 136401, "scanner": "repobility-route-auth", "fingerprint": "7b30b81a86abdd919ce96fc6ee3398cb627db03dbd64c9a5d0b68222d90e72c2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|7b30b81a86abdd919ce96fc6ee3398cb627db03dbd64c9a5d0b68222d90e72c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/billing/api.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /web/session/logout has no auth: Handler `web_session_logout` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 136400, "scanner": "repobility-route-auth", "fingerprint": "f19e042afec2544a23e2b2b929afa55cb732e24a46e4f56f6f1dc06e8bcd5b5f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f19e042afec2544a23e2b2b929afa55cb732e24a46e4f56f6f1dc06e8bcd5b5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/auth/identity/api.py"}, "region": {"startLine": 399}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_live_bifrost_virtual_key_routes_request_and_records_cost`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 136371, "scanner": "repobility-ast-engine", "fingerprint": "69e0a99dd4aa19df8ee128ae51b3dc0192ed27565e6d6b22affdf5be6a428b8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69e0a99dd4aa19df8ee128ae51b3dc0192ed27565e6d6b22affdf5be6a428b8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/e2e/agent_gateway/test_bifrost_live.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_connection_id_rejects_unsafe_ids: Test function `test_validate_connection_id_rejects_unsafe_ids` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136366, "scanner": "repobility-ast-engine", "fingerprint": "67b23c4274c68554fc5a08a5a48e65c22cb72154f20253df5536c38a01dd5570", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67b23c4274c68554fc5a08a5a48e65c22cb72154f20253df5536c38a01dd5570"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_mcp_connection_domain.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_prepare_runtime_mobility_destination_uses_runtime_problem_detail: Test function `test_prepare_runtime_mobility_destination_uses_runtime_problem_detail` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136365, "scanner": "repobility-ast-engine", "fingerprint": "54faf693a0d69412a60cc3eef4dbfe7ff2aae379025097e3e8bdc6a83ee20418", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54faf693a0d69412a60cc3eef4dbfe7ff2aae379025097e3e8bdc6a83ee20418"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_anyharness_workspaces.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resolve_runtime_workspace_raises_when_workspace_id_is_missing: Test function `test_resolve_runtime_workspace_raises_when_workspace_id_is_missing` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136364, "scanner": "repobility-ast-engine", "fingerprint": "7b11edbf0cf361f6b64edf754c2745012c1b1ce579eb08d797b6e9a43e55cc2f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b11edbf0cf361f6b64edf754c2745012c1b1ce579eb08d797b6e9a43e55cc2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_anyharness_workspaces.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resolve_runtime_workspace_raises_when_response_json_is_invalid: Test function `test_resolve_runtime_workspace_raises_when_response_json_is_invalid` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136363, "scanner": "repobility-ast-engine", "fingerprint": "61bebe73c23e983f0b633e6b3fad620ba956a4fbd18003dab3105eb1d00ec513", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61bebe73c23e983f0b633e6b3fad620ba956a4fbd18003dab3105eb1d00ec513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_anyharness_workspaces.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_purge_cloud_workspace_is_idempotent_when_record_is_missing: Test function `test_purge_cloud_workspace_is_idempotent_when_record_is_missing` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136362, "scanner": "repobility-ast-engine", "fingerprint": "d091ed8c2b719c76334c648bceddbdaed6c7fbfa597c07ec17cbcb5c830c8e16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d091ed8c2b719c76334c648bceddbdaed6c7fbfa597c07ec17cbcb5c830c8e16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_workspace_service.py"}, "region": {"startLine": 738}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_owner_direction_rejects_unknown_direction: Test function `test_owner_direction_rejects_unknown_direction` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136361, "scanner": "repobility-ast-engine", "fingerprint": "d7559d942a6ec95319d008d1af01f1852346e379e50b5bc97aa946bfb39fa9d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7559d942a6ec95319d008d1af01f1852346e379e50b5bc97aa946bfb39fa9d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_mobility_domain.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_ensure_workspace_runtime_ready_raises_when_restart_is_disallowed: Test function `test_ensure_workspace_runtime_ready_raises_when_restart_is_disallowed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136360, "scanner": "repobility-ast-engine", "fingerprint": "e61f8b839d6106241a70a598b98f0d66a08d8899fffad77f74c3d82ace1b03ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e61f8b839d6106241a70a598b98f0d66a08d8899fffad77f74c3d82ace1b03ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_runtime_ensure_running.py"}, "region": {"startLine": 822}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_refresh_worker_enrollment_reset_failure_stops_before_write: Test function `test_refresh_worker_enrollment_reset_failure_stops_before_write` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136359, "scanner": "repobility-ast-engine", "fingerprint": "be34a48f1e0c80060c3d069918520a60d8aebb27b6b3a722be692482c78df6ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be34a48f1e0c80060c3d069918520a60d8aebb27b6b3a722be692482c78df6ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_runtime_ensure_running.py"}, "region": {"startLine": 505}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_verify_e2b_webhook_signature_accepts_legacy_url_safe_signature: Test function `test_verify_e2b_webhook_signature_accepts_legacy_url_safe_signature` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136358, "scanner": "repobility-ast-engine", "fingerprint": "8a67c33740b3878b18b55015b4f53878800348c0b1d369b667402f8a7a0c5595", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a67c33740b3878b18b55015b4f53878800348c0b1d369b667402f8a7a0c5595"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_e2b_webhooks_integration.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_verify_e2b_webhook_signature_accepts_signed_payload: Test function `test_verify_e2b_webhook_signature_accepts_signed_payload` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136357, "scanner": "repobility-ast-engine", "fingerprint": "ef163c5a5e2b97b7aca89549e733e43f94596daf66b24e121c8621bf77d873af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef163c5a5e2b97b7aca89549e733e43f94596daf66b24e121c8621bf77d873af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_e2b_webhooks_integration.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_mode_raises: Test function `test_invalid_mode_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136356, "scanner": "repobility-ast-engine", "fingerprint": "0a09165e0862c1a955888ecd7c7d7d1379124d072d8b89b8661bb95dca77f581", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a09165e0862c1a955888ecd7c7d7d1379124d072d8b89b8661bb95dca77f581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_telemetry_mode.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_worktree_retention_wraps_http_errors: Test function `test_worktree_retention_wraps_http_errors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136355, "scanner": "repobility-ast-engine", "fingerprint": "78ec9ad4dc7835290f7831068ec242f1925a637b666ef239d1c56e5ea5f344bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78ec9ad4dc7835290f7831068ec242f1925a637b666ef239d1c56e5ea5f344bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_anyharness_worktrees.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_schedule_signup_slack_notification_does_not_raise_when_create_task_fails: Test function `test_schedule_signup_slack_notification_does_not_raise_when_create_task_fails` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136354, "scanner": "repobility-ast-engine", "fingerprint": "987f22cc3be04832aa5b4be914b4efbb16cf60264ae65cba19565b3e24e276ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|987f22cc3be04832aa5b4be914b4efbb16cf60264ae65cba19565b3e24e276ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_slack_notifications.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_github_user_profile_wraps_http_errors: Test function `test_get_github_user_profile_wraps_http_errors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136353, "scanner": "repobility-ast-engine", "fingerprint": "b377db755afbc186654d8c88c6019c66e65077a53916595e781d2b80ae551911", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b377db755afbc186654d8c88c6019c66e65077a53916595e781d2b80ae551911"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_github_integration.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_github_user_profile_rejects_invalid_responses: Test function `test_get_github_user_profile_rejects_invalid_responses` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136352, "scanner": "repobility-ast-engine", "fingerprint": "50f92388edbb54213bbe176661429be418df35fcae7adc4e943c57ebdf6212f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50f92388edbb54213bbe176661429be418df35fcae7adc4e943c57ebdf6212f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_github_integration.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_list_github_repositories_rejects_invalid_cursor: Test function `test_list_github_repositories_rejects_invalid_cursor` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136351, "scanner": "repobility-ast-engine", "fingerprint": "fae30c37c7276d94169ec2e3c323bad05e6bc45315e4f72ba7f849b3207be71c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fae30c37c7276d94169ec2e3c323bad05e6bc45315e4f72ba7f849b3207be71c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_github_integration.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_send_customerio_welcome_email_asserts_when_unconfigured: Test function `test_send_customerio_welcome_email_asserts_when_unconfigured` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136350, "scanner": "repobility-ast-engine", "fingerprint": "1c1be6dbd724d6e7300c671975ca60b6143864a99becf2b2376f11a10f50707b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c1be6dbd724d6e7300c671975ca60b6143864a99becf2b2376f11a10f50707b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_customerio.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_customerio_helpers_are_noop_without_credentials: Test function `test_customerio_helpers_are_noop_without_credentials` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136349, "scanner": "repobility-ast-engine", "fingerprint": "5cb3354d719f14d75542212b4b5ae4eea1197e8a81d616451fdaa930f41bef64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cb3354d719f14d75542212b4b5ae4eea1197e8a81d616451fdaa930f41bef64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_customerio.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_verify_runtime_auth_enforced_raises_when_probe_request_errors: Test function `test_verify_runtime_auth_enforced_raises_when_probe_request_errors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136348, "scanner": "repobility-ast-engine", "fingerprint": "4b1e714d84891b8e5d29f9f6f372aab56fb7f448c00c3390e6979e3de78e8f0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b1e714d84891b8e5d29f9f6f372aab56fb7f448c00c3390e6979e3de78e8f0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_runtime_anyharness_api.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_verify_runtime_auth_enforced_raises_when_runtime_accepts_unauthenticated_requests: Test function `test_verify_runtime_auth_enforced_raises_when_runtime_accepts_unauthenticated_requests` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136347, "scanner": "repobility-ast-engine", "fingerprint": "2526a3d6a95d456ac4ba972959bd30c94221b4fd31e4de56d0ea7f30b983e51f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2526a3d6a95d456ac4ba972959bd30c94221b4fd31e4de56d0ea7f30b983e51f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_runtime_anyharness_api.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_verify_runtime_auth_enforced_raises_when_bearer_token_is_rejected: Test function `test_verify_runtime_auth_enforced_raises_when_bearer_token_is_rejected` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136346, "scanner": "repobility-ast-engine", "fingerprint": "896e9fb7e07a2b834de01a74831a48dfa4ac7e1bf61bcff8d4abb830750cd1dc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|896e9fb7e07a2b834de01a74831a48dfa4ac7e1bf61bcff8d4abb830750cd1dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_runtime_anyharness_api.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_verify_runtime_auth_enforced_accepts_authenticated_and_rejects_unauthenticated: Test function `test_verify_runtime_auth_enforced_accepts_authenticated_and_rejects_unauthenticated` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136345, "scanner": "repobility-ast-engine", "fingerprint": "2e8ba7d4f4c93075eb92c1c129d287e457b1c3494e91017b31414d15f6602741", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e8ba7d4f4c93075eb92c1c129d287e457b1c3494e91017b31414d15f6602741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_runtime_anyharness_api.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rejects_unknown_timezone: Test function `test_rejects_unknown_timezone` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136344, "scanner": "repobility-ast-engine", "fingerprint": "fb95a683f4ae94cef326854750b8bbc47159a1427159aadd4494041336cbfcb6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb95a683f4ae94cef326854750b8bbc47159a1427159aadd4494041336cbfcb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_automation_schedule.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rejects_unsupported_rrule_features: Test function `test_rejects_unsupported_rrule_features` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136343, "scanner": "repobility-ast-engine", "fingerprint": "9e516dc26244f0fd91eb31fb89d328a92d2396ac5a15ea001ad3da716884cc78", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e516dc26244f0fd91eb31fb89d328a92d2396ac5a15ea001ad3da716884cc78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_automation_schedule.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_engine: Test function `test_engine` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 136342, "scanner": "repobility-ast-engine", "fingerprint": "0002b4d53ba7b3e8ae0fb8e97a1cd3e67ebd4be9be232cb74ed6ee79b39c02da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0002b4d53ba7b3e8ae0fb8e97a1cd3e67ebd4be9be232cb74ed6ee79b39c02da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/conftest.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `skip_alias` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136339, "scanner": "repobility-ast-engine", "fingerprint": "a828759b79e159a3e5222c17d410a7ea5ed40c3da6bc8f7785c8a1246543038c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a828759b79e159a3e5222c17d410a7ea5ed40c3da6bc8f7785c8a1246543038c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.current` used but never assigned in __init__: Method `skip_alias` of class `UseTreeParser` reads `self.current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136338, "scanner": "repobility-ast-engine", "fingerprint": "e9beacbe99ea9523a77d17528ebab85000518d3925d33f67b0aaaf6b192a7f2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9beacbe99ea9523a77d17528ebab85000518d3925d33f67b0aaaf6b192a7f2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.consume` used but never assigned in __init__: Method `skip_alias` of class `UseTreeParser` reads `self.consume`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136337, "scanner": "repobility-ast-engine", "fingerprint": "1bd36e953504fdd6d02ac95b3ff7f6543e38aead6f421b01b690992444fd58ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1bd36e953504fdd6d02ac95b3ff7f6543e38aead6f421b01b690992444fd58ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.parse_tree` used but never assigned in __init__: Method `parse_group` of class `UseTreeParser` reads `self.parse_tree`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136336, "scanner": "repobility-ast-engine", "fingerprint": "9b9db70cbade4570323e4040a752469b71685e68a5dc8b2d419dbe8ba83ae2b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b9db70cbade4570323e4040a752469b71685e68a5dc8b2d419dbe8ba83ae2b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `parse_group` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136335, "scanner": "repobility-ast-engine", "fingerprint": "e5c2e90c721af382e96ea56cd9d63747450e5fd943ce9fcecc62220a55c865a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5c2e90c721af382e96ea56cd9d63747450e5fd943ce9fcecc62220a55c865a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 336}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `parse_group` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136334, "scanner": "repobility-ast-engine", "fingerprint": "0b20155265b34cd6097b25ef09839dede4f53da691618914aeaae05ffbe592e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b20155265b34cd6097b25ef09839dede4f53da691618914aeaae05ffbe592e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 333}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.current` used but never assigned in __init__: Method `parse_group` of class `UseTreeParser` reads `self.current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136333, "scanner": "repobility-ast-engine", "fingerprint": "e60b28b7f71323d99d751605bf40dc70938737c98631936b1bc384a70bf2a87f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e60b28b7f71323d99d751605bf40dc70938737c98631936b1bc384a70bf2a87f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.current` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136332, "scanner": "repobility-ast-engine", "fingerprint": "321ead8f3d9b7fd680d69fa86f4ccdfbe5eff512cc09224f773f46eccb6d108c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|321ead8f3d9b7fd680d69fa86f4ccdfbe5eff512cc09224f773f46eccb6d108c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 312}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.current` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136331, "scanner": "repobility-ast-engine", "fingerprint": "d42a99ad7eea6a0e9fd9cb93b2b751a59f1876377a8c67e6f78a18afe26b0206", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d42a99ad7eea6a0e9fd9cb93b2b751a59f1876377a8c67e6f78a18afe26b0206"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 317}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.parse_group` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.parse_group`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136330, "scanner": "repobility-ast-engine", "fingerprint": "18865e98193a5194f354eb09af7c9f303249aa1b8c1bd636cba093bfb0b2a7a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18865e98193a5194f354eb09af7c9f303249aa1b8c1bd636cba093bfb0b2a7a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136329, "scanner": "repobility-ast-engine", "fingerprint": "ca92f340b2ee9bba4b004fa4b83bd5ba2b2d552aa9f5a3cf654440778303428a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca92f340b2ee9bba4b004fa4b83bd5ba2b2d552aa9f5a3cf654440778303428a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.skip_alias` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.skip_alias`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136328, "scanner": "repobility-ast-engine", "fingerprint": "88e81ef5d34e154932260acd5874cb69ef815a3c2dc0391c04ba07970adfc301", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88e81ef5d34e154932260acd5874cb69ef815a3c2dc0391c04ba07970adfc301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 318}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.skip_alias` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.skip_alias`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136327, "scanner": "repobility-ast-engine", "fingerprint": "d5f8b5626f51f77f8eebabf7278767716da8e9bbe1d7a81cf549387779d913a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5f8b5626f51f77f8eebabf7278767716da8e9bbe1d7a81cf549387779d913a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136326, "scanner": "repobility-ast-engine", "fingerprint": "b740b31fc83dc7b78a5da15a6cafdd6e71536450c8368cd319ecdc9af3fb3767", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b740b31fc83dc7b78a5da15a6cafdd6e71536450c8368cd319ecdc9af3fb3767"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136325, "scanner": "repobility-ast-engine", "fingerprint": "2a841a9e8bcd85c4565ad6a48652ba029ad323b67aed99049fe365318268dd55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a841a9e8bcd85c4565ad6a48652ba029ad323b67aed99049fe365318268dd55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.parse_group` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.parse_group`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136324, "scanner": "repobility-ast-engine", "fingerprint": "fa4f8bc865a126ff01a6f694d2ef1b60cc4da0d338ad5d76f8a3d1b02d4737db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa4f8bc865a126ff01a6f694d2ef1b60cc4da0d338ad5d76f8a3d1b02d4737db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136323, "scanner": "repobility-ast-engine", "fingerprint": "af51106ff8a4871eb7d3eaaba65d51a368d0170c4bc8cbbe14a298c0d6f4da50", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af51106ff8a4871eb7d3eaaba65d51a368d0170c4bc8cbbe14a298c0d6f4da50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.consume` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.consume`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136322, "scanner": "repobility-ast-engine", "fingerprint": "fa1a04f6dcd7ecf8423a221f918e14ed1ae67153bcb4692ee7726135df46d49f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa1a04f6dcd7ecf8423a221f918e14ed1ae67153bcb4692ee7726135df46d49f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.advance` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.advance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136321, "scanner": "repobility-ast-engine", "fingerprint": "4a895858ebb3fb26d0e0d4c9a67d92509606be779388c14af184f1d598cd47d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a895858ebb3fb26d0e0d4c9a67d92509606be779388c14af184f1d598cd47d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 302}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.current` used but never assigned in __init__: Method `parse_tree` of class `UseTreeParser` reads `self.current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136320, "scanner": "repobility-ast-engine", "fingerprint": "1e9b4da5b5873e07a5f475bf43075a291df42778017681b8ee7d6161ac8d775a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e9b4da5b5873e07a5f475bf43075a291df42778017681b8ee7d6161ac8d775a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.parse_tree` used but never assigned in __init__: Method `parse` of class `UseTreeParser` reads `self.parse_tree`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136319, "scanner": "repobility-ast-engine", "fingerprint": "164e9a7e7df9dc6f55f7d2cc0875744510b5f6e357e69a12156c6bbd9f6b6e77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|164e9a7e7df9dc6f55f7d2cc0875744510b5f6e357e69a12156c6bbd9f6b6e77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.current` used but never assigned in __init__: Method `consume` of class `UseTreeParser` reads `self.current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136318, "scanner": "repobility-ast-engine", "fingerprint": "4ef4a71d01b9d5305432c87201663b06b9657c927564afe32b86c2769c6f300d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ef4a71d01b9d5305432c87201663b06b9657c927564afe32b86c2769c6f300d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.current` used but never assigned in __init__: Method `advance` of class `UseTreeParser` reads `self.current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136317, "scanner": "repobility-ast-engine", "fingerprint": "63271718c42dcd7d08e876dc68f94b3f83341a7fdc3976e09044e9ea3989eaed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63271718c42dcd7d08e876dc68f94b3f83341a7fdc3976e09044e9ea3989eaed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.relative_path` used but never assigned in __init__: Method `format` of class `Violation` reads `self.relative_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136316, "scanner": "repobility-ast-engine", "fingerprint": "047af51b3b11479eea1ad4da615eaa6fc451283b0bf1d23ff83c498acafec227", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|047af51b3b11479eea1ad4da615eaa6fc451283b0bf1d23ff83c498acafec227"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_anyharness_boundaries.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.relative_path` used but never assigned in __init__: Method `format` of class `Violation` reads `self.relative_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 136315, "scanner": "repobility-ast-engine", "fingerprint": "4ca2ea240092e63b81d4e60638c01615efdbd62f43d2910a75f01aa108b1f09e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ca2ea240092e63b81d4e60638c01615efdbd62f43d2910a75f01aa108b1f09e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_frontend_boundaries.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 136313, "scanner": "repobility-journey-contract", "fingerprint": "230de4ee5e41d92329df991acca4f5b10033d18d621c389f6edf43547443faf1", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|68|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/packages/product-ui/src/auth/PasswordCredentialForm.tsx"}, "region": {"startLine": 68}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 136312, "scanner": "repobility-journey-contract", "fingerprint": "49b7653698e84556ef5179d994545bd57870c80cc0757a92ff4bb037e1008fe2", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|298|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/settings/panes/agent-authentication/CloudAgentAuthCredentialForm.tsx"}, "region": {"startLine": 298}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 136311, "scanner": "repobility-journey-contract", "fingerprint": "07cb619ddfd8ed0a03635b9c2e594e5ece71474d82bc06fb99b1996dc32d54d2", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|273|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/settings/panes/agent-authentication/CloudAgentAuthCredentialForm.tsx"}, "region": {"startLine": 273}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /reviews/{review_run_id}/stop."}, "properties": {"repobilityId": 136304, "scanner": "repobility-access-control", "fingerprint": "8b6af4761b85b2e8a14866704f36483aa7775cf638bc45a98bf6b7a6bd737aa4", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/reviews/{review_run_id}/stop", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|418|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 418}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /terminals/{terminal_id}."}, "properties": {"repobilityId": 136303, "scanner": "repobility-access-control", "fingerprint": "9179df8637f33b18e1e2077c77f1c41cdb68b702f3d474ef39f449e7f0ef2311", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/terminals/{terminal_id}", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|353|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 353}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /workspaces/{workspace_id}/git/push."}, "properties": {"repobilityId": 136302, "scanner": "repobility-access-control", "fingerprint": "5a57f0ea1e013f5ee95ad3814392005c30ade96cc38e17ad5e67f80c007cb5e8", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/workspaces/{workspace_id}/git/push", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|334|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 334}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /workspaces/{workspace_id}/git/commit."}, "properties": {"repobilityId": 136301, "scanner": "repobility-access-control", "fingerprint": "5b0ade93f3840a7485a6245477f1bd21966abf7d9ea99ce63f42513f60ad8029", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/workspaces/{workspace_id}/git/commit", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|333|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 333}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /repo-roots/{repo_root_id}."}, "properties": {"repobilityId": 136300, "scanner": "repobility-access-control", "fingerprint": "e654649e4078e6476881dcc7bd6ffb14d28a9c92b2b2c9486f42321396fe653c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/repo-roots/{repo_root_id}", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|135|auc003", "identity_targets": ["unknown", "owner", "admin", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/router.rs"}, "region": {"startLine": 135}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 136291, "scanner": "repobility-docker", "fingerprint": "c690915b8d1eb17ff88d5f4e4ea307a87e538145ba560a7e2bd2d1ade652e71e", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5432:5432", "target": "5432", "host_ip": "", "published": "5432"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "db", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|c690915b8d1eb17ff88d5f4e4ea307a87e538145ba560a7e2bd2d1ade652e71e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 136226, "scanner": "repobility-threat-engine", "fingerprint": "664145d95ae7fe96eb63f610f79dc54182fda0c903f78f20cacca467ae8c5fe0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(line", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|664145d95ae7fe96eb63f610f79dc54182fda0c903f78f20cacca467ae8c5fe0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/content/PlanMarkdownBody.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 136225, "scanner": "repobility-threat-engine", "fingerprint": "840c7611cf2ad70ac898dbc1ed5c9170caba531e77cefce1ce6e749f7300584e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(firstLine", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|840c7611cf2ad70ac898dbc1ed5c9170caba531e77cefce1ce6e749f7300584e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/workspace/chat/content/CollapsiblePlanCard.tsx"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 136224, "scanner": "repobility-threat-engine", "fingerprint": "9c6eb3d8baaaa4e5e3d4f27106f3824ccd79eb6395c368e95a8f1c94a5f1656c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(codeClassName", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9c6eb3d8baaaa4e5e3d4f27106f3824ccd79eb6395c368e95a8f1c94a5f1656c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/content/ui/MarkdownRenderer.tsx"}, "region": {"startLine": 179}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 136204, "scanner": "repobility-threat-engine", "fingerprint": "22253121d5b9ee94d0fef284f06286170459c56b63ccaaa5b1541d0a7d92aa75", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((frame) => `  ${formatPercent(frame.ms, elapsedMs)}% { ${frame.css}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|22253121d5b9ee94d0fef284f06286170459c56b63ccaaa5b1541d0a7d92aa75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/playground/loading/PlaygroundThinkingTimingControls.tsx"}, "region": {"startLine": 206}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 136203, "scanner": "repobility-threat-engine", "fingerprint": "2506eac5bd87cbd609b8945993a44b1847261c8cad5dac6dd35f700b5a744d36", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((part) => `${part.slice(0, 1).toUpperCase()}${part.slice(1)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2506eac5bd87cbd609b8945993a44b1847261c8cad5dac6dd35f700b5a744d36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/components/automations/screen/AutomationsScreen.tsx"}, "region": {"startLine": 341}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 136202, "scanner": "repobility-threat-engine", "fingerprint": "6b16f6cc30d7f3070b6a81b6836ff48b680e0da4403f7d333bf264357dcc5eb9", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(([key, value]) => `${key}=${encodeURIComponent(value)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6b16f6cc30d7f3070b6a81b6836ff48b680e0da4403f7d333bf264357dcc5eb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/sdk/src/client/git.ts"}, "region": {"startLine": 164}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 136200, "scanner": "repobility-threat-engine", "fingerprint": "d7194e65c4cfdbdc556cbd34a471e4d88259ff9c7d4a15c463cd25bafcfd68f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(bytes);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d7194e65c4cfdbdc556cbd34a471e4d88259ff9c7d4a15c463cd25bafcfd68f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/reviews/runtime/artifacts.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 136199, "scanner": "repobility-threat-engine", "fingerprint": "db29d8c2107e2a51e419fd1fbbd359a2f424c6406bac5f44a45e81e87e049c31", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update([0]);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|db29d8c2107e2a51e419fd1fbbd359a2f424c6406bac5f44a45e81e87e049c31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/plans/document.rs"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 136198, "scanner": "repobility-threat-engine", "fingerprint": "dc0d2e8af2c06307b60825f99fb253bc5c8ebfb4a487c4469a83678cb7154c0f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(b\"symlink:\");", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dc0d2e8af2c06307b60825f99fb253bc5c8ebfb4a487c4469a83678cb7154c0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/agents/seed/archive.rs"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 136192, "scanner": "repobility-threat-engine", "fingerprint": "9a2493b9d1aef14eae2ea649fba41e76ec347ae89fc37d6b1e79ab1ee5508356", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a2493b9d1aef14eae2ea649fba41e76ec347ae89fc37d6b1e79ab1ee5508356"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/workspaces/env.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 136191, "scanner": "repobility-threat-engine", "fingerprint": "8c0e8d75c3ccbdcdf263fc95c3f6aed3a78ac63442193e1f91bf2e5bb7c14eee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c0e8d75c3ccbdcdf263fc95c3f6aed3a78ac63442193e1f91bf2e5bb7c14eee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/sessions/store/persisted_payloads.rs"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 136190, "scanner": "repobility-threat-engine", "fingerprint": "ac48c50892f7d9f90193663602e25f1162fb023a25a88e44413813b4177d260f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac48c50892f7d9f90193663602e25f1162fb023a25a88e44413813b4177d260f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/adapters/git/service_tests.rs"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136180, "scanner": "repobility-threat-engine", "fingerprint": "57bad9728fdb0777edf621d922794ccdc2fc635ddfc92af5bd3a81931bc37310", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|57bad9728fdb0777edf621d922794ccdc2fc635ddfc92af5bd3a81931bc37310"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/domains/sessions/runtime/interactions.rs"}, "region": {"startLine": 176}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136179, "scanner": "repobility-threat-engine", "fingerprint": "27536f4ed75d8e853d8d5344c3df62ffa3e8cc236b7cca07a0ff2c9d5b3270df", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n    S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|27536f4ed75d8e853d8d5344c3df62ffa3e8cc236b7cca07a0ff2c9d5b3270df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-lib/src/api/http/sessions_interactions.rs"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136178, "scanner": "repobility-threat-engine", "fingerprint": "b190ccfe3d48b66c3515381469419d612fb53321a95deee4a338191755393049", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(M", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b190ccfe3d48b66c3515381469419d612fb53321a95deee4a338191755393049"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anyharness/crates/anyharness-contract/src/v1/interactions.rs"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136399, "scanner": "repobility-ast-engine", "fingerprint": "c27a6e4474e539fd137c0e258aadcdaa074a67a8dac9e680325287f09b7fff67", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c27a6e4474e539fd137c0e258aadcdaa074a67a8dac9e680325287f09b7fff67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/db/store/organization_records.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136390, "scanner": "repobility-ast-engine", "fingerprint": "6b846d5c222b179a7e4725fad828e9d3a48fb4312c513a80eeab2671c70e9111", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b846d5c222b179a7e4725fad828e9d3a48fb4312c513a80eeab2671c70e9111"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/organizations/domain/profile.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136388, "scanner": "repobility-ast-engine", "fingerprint": "9a8d7cdf229a4e44e80bb3db21d6350a83c6d13ed827c17b758aa67bf0e7f5a6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a8d7cdf229a4e44e80bb3db21d6350a83c6d13ed827c17b758aa67bf0e7f5a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/cloud/runtime_config/domain/resolver.py"}, "region": {"startLine": 447}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136381, "scanner": "repobility-ast-engine", "fingerprint": "2242587a0b9c033e3a6d118da009f4e279c69014ca4331c7ab5da3448abecbba", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2242587a0b9c033e3a6d118da009f4e279c69014ca4331c7ab5da3448abecbba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/server/billing/service.py"}, "region": {"startLine": 1270}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136378, "scanner": "repobility-ast-engine", "fingerprint": "82d013ad044b1b389fa4f9cf4233f2305d9e2560f0328aca18174143c747d3c2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82d013ad044b1b389fa4f9cf4233f2305d9e2560f0328aca18174143c747d3c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/integrations/pubsub/redis.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136374, "scanner": "repobility-ast-engine", "fingerprint": "46b87ba0b4cd3df7fa5f767184528d0d1b823d8c16f83a29e9738c0af884084e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46b87ba0b4cd3df7fa5f767184528d0d1b823d8c16f83a29e9738c0af884084e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proliferate/auth/passwords.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136370, "scanner": "repobility-ast-engine", "fingerprint": "8145c4c059a706bb0ba9d4f13eb3dfbf4945d2e44ee0ef5e524ceb64a3332492", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8145c4c059a706bb0ba9d4f13eb3dfbf4945d2e44ee0ef5e524ceb64a3332492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/e2e/agent_gateway/test_bifrost_live.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136369, "scanner": "repobility-ast-engine", "fingerprint": "0fa3efe6b226fb8deb7936491d981433c47120d389d12266e73351d1bdc40600", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fa3efe6b226fb8deb7936491d981433c47120d389d12266e73351d1bdc40600"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/integration/test_desktop_auth_customerio.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136368, "scanner": "repobility-ast-engine", "fingerprint": "9537e9a81085c25405ee1ab790e51cf591ba3203cc4050e1ebb14a2c20aa9fee", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9537e9a81085c25405ee1ab790e51cf591ba3203cc4050e1ebb14a2c20aa9fee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/integration/test_auth_flow.py"}, "region": {"startLine": 703}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136367, "scanner": "repobility-ast-engine", "fingerprint": "3a927bb89a390a077b401f4dfb0f8b6d53edda3b3c947c44663acf0065741a7f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a927bb89a390a077b401f4dfb0f8b6d53edda3b3c947c44663acf0065741a7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/unit/test_cloud_workspace_models.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 136341, "scanner": "repobility-ast-engine", "fingerprint": "82820c2b32aeb87d56162bacb3bea69f58b05223c5393bd93dabadc413732f59", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82820c2b32aeb87d56162bacb3bea69f58b05223c5393bd93dabadc413732f59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/mint_pro_promo_codes.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 136296, "scanner": "repobility-docker", "fingerprint": "1cbb78954ab4efb26dd019b294f3ffb89fd647583f45a2efb005fb7c11aa61a2", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "api", "variable": "JWT_SECRET", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|1cbb78954ab4efb26dd019b294f3ffb89fd647583f45a2efb005fb7c11aa61a2", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 136293, "scanner": "repobility-docker", "fingerprint": "50414365d77dc1bb3120c4705210fb11a3ad0deb56ff40b85a3a97720bcd34ce", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "migrate", "variable": "JWT_SECRET", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|50414365d77dc1bb3120c4705210fb11a3ad0deb56ff40b85a3a97720bcd34ce", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 136290, "scanner": "repobility-docker", "fingerprint": "d642fac298ce986062b8a63ae6ab4ec5ba9770a12c97f5a6e02e9fa4e3150a85", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "db", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|d642fac298ce986062b8a63ae6ab4ec5ba9770a12c97f5a6e02e9fa4e3150a85", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/docker-compose.yml"}, "region": {"startLine": 1}}}]}]}]}