{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is ", "shortDescription": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every f"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_top_array_attrs` has cognitive complexity 9 (SonarSource scale). Cogniti", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_top_array_attrs` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursi"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED090", "name": "[MINED090] Python Tempfile Mktemp: tempfile.mktemp() is deprecated due to TOCTOU race.", "shortDescription": {"text": "[MINED090] Python Tempfile Mktemp: tempfile.mktemp() is deprecated due to TOCTOU race."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-377 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 23 more): Same pattern found in 23 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data (and 6 more): Same pattern found in 6 additional files. Review if", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at ", "shortDescription": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compro"}, "fullDescription": {"text": "Replace with: `uses: actions/upload-artifact@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.15.0`: `.pre-commit-co", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.15.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-mypy` at `rev: v1.15.0`. If `{rev}` is a branch or version "}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `nvidia/cuda:12.8.0-cudnn-runtime-ubuntu22.04` not pinned by digest: `FROM nvidia/cuda:12.8.0", "shortDescription": {"text": "[MINED118] Dockerfile FROM `nvidia/cuda:12.8.0-cudnn-runtime-ubuntu22.04` not pinned by digest: `FROM nvidia/cuda:12.8.0-cudnn-runtime-ubuntu22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag,"}, "fullDescription": {"text": "Replace with: `FROM nvidia/cuda:12.8.0-cudnn-runtime-ubuntu22.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._handle` used but never assigned in __init__: Method `add_cylinder` of class `_FakeScene` reads `self._", "shortDescription": {"text": "[MINED108] `self._handle` used but never assigned in __init__: Method `add_cylinder` of class `_FakeScene` reads `self._handle`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first "}, "fullDescription": {"text": "Initialize `self._handle = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_allegro_env_initializes_kp_kd_into_pool: Test function `test_allegro_env_initiali", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_allegro_env_initializes_kp_kd_into_pool: Test function `test_allegro_env_initializes_kp_kd_into_pool` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds l"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`", "shortDescription": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import array` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1043"}, "properties": {"repository": "unilabsim/UniLab", "repoUrl": "https://github.com/unilabsim/UniLab", "branch": "main"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 102769, "scanner": "repobility-ast-engine", "fingerprint": "fb68cfc623fc46605a51381a13e979fe4f833db74612f5f5fbc67c9d2ab990f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb68cfc623fc46605a51381a13e979fe4f833db74612f5f5fbc67c9d2ab990f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/common/ane_actor.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102715, "scanner": "repobility-ast-engine", "fingerprint": "05f6f5a14d29309d2f1156bf0bce2f32d4aa78c14650f55913426dc7bc524dc9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05f6f5a14d29309d2f1156bf0bce2f32d4aa78c14650f55913426dc7bc524dc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_conversions.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102714, "scanner": "repobility-ast-engine", "fingerprint": "9e1c04779f229a16607564001bda7c832f8d77c84cad240890af36145258f636", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e1c04779f229a16607564001bda7c832f8d77c84cad240890af36145258f636"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_physics_step_motrixsim.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102713, "scanner": "repobility-ast-engine", "fingerprint": "d91d09186e2440cbfaa422d97f2b0341acac71809de9e1b039ea26f178bc4af1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d91d09186e2440cbfaa422d97f2b0341acac71809de9e1b039ea26f178bc4af1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mujoco_vs_motrix.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102712, "scanner": "repobility-ast-engine", "fingerprint": "f610a25ed34eb584d6a105f0cda70800971873373686e98d3066e8fc3495f869", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f610a25ed34eb584d6a105f0cda70800971873373686e98d3066e8fc3495f869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mujoco_vs_motrix.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102711, "scanner": "repobility-ast-engine", "fingerprint": "40cdab6d4728d6ffb97a04904a817fb492e6876c590c55bbf1c09c7cb8d13cc8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40cdab6d4728d6ffb97a04904a817fb492e6876c590c55bbf1c09c7cb8d13cc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mujoco_vs_motrix.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102710, "scanner": "repobility-ast-engine", "fingerprint": "4864b97d1373df3a82d8bb2230e42da1bc345a16fef129992f516f1b6d2e8eae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4864b97d1373df3a82d8bb2230e42da1bc345a16fef129992f516f1b6d2e8eae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mujoco_vs_motrix.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102709, "scanner": "repobility-ast-engine", "fingerprint": "d7b7c31b415525012ebc476794cedf8761c0a28c16360e37bec43115307cd0e9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7b7c31b415525012ebc476794cedf8761c0a28c16360e37bec43115307cd0e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_physics_step_mujoco_warp.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102708, "scanner": "repobility-ast-engine", "fingerprint": "52b2f05c7c1368e18c85d2692db7a78d237f36b6893408a8a1b63280305e785e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52b2f05c7c1368e18c85d2692db7a78d237f36b6893408a8a1b63280305e785e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_physics_step_mujoco_warp.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102707, "scanner": "repobility-ast-engine", "fingerprint": "25f3f90f61fc323a5799b79be50ea9d2b3a653418772d93361a16994ee999461", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|25f3f90f61fc323a5799b79be50ea9d2b3a653418772d93361a16994ee999461"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_backends.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102706, "scanner": "repobility-ast-engine", "fingerprint": "3335d90e6e8c8e40fa971811edeb62385c40302c044fe2df414e0220b2dd976f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3335d90e6e8c8e40fa971811edeb62385c40302c044fe2df414e0220b2dd976f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_backends.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102705, "scanner": "repobility-ast-engine", "fingerprint": "cdb45330b047675adbe336e1028eec2eecc3d2e4db2d1fcafa40047c1d3719c9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdb45330b047675adbe336e1028eec2eecc3d2e4db2d1fcafa40047c1d3719c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_backends.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102704, "scanner": "repobility-ast-engine", "fingerprint": "8e293f245c085990d97cd912eb1157c336e5ca60f6741778250545507d9ebc46", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e293f245c085990d97cd912eb1157c336e5ca60f6741778250545507d9ebc46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_backends.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102703, "scanner": "repobility-ast-engine", "fingerprint": "ddbef6d96e66273bba9bf40997a7649c0457c9bad34f3377e6bb51010fd7e5b9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddbef6d96e66273bba9bf40997a7649c0457c9bad34f3377e6bb51010fd7e5b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_env_step.py"}, "region": {"startLine": 1552}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102702, "scanner": "repobility-ast-engine", "fingerprint": "f9ebd94a44445e70b407ff69af0898d3fa806becdb72587d509c8a2889f48933", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9ebd94a44445e70b407ff69af0898d3fa806becdb72587d509c8a2889f48933"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 1170}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102701, "scanner": "repobility-ast-engine", "fingerprint": "caa387b10241c520adc1d784acd9a2b17f9ff31784750a2005f51b330743021a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|caa387b10241c520adc1d784acd9a2b17f9ff31784750a2005f51b330743021a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 899}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102700, "scanner": "repobility-ast-engine", "fingerprint": "648ee674e8fbb80e03bc432c0503d9515cac1181bc854b986b962386eeba964b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|648ee674e8fbb80e03bc432c0503d9515cac1181bc854b986b962386eeba964b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 824}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102699, "scanner": "repobility-ast-engine", "fingerprint": "aa9ef849d7dbc2f1593ba7c7e7c93fafd85c6c626c8fbc7c51dd12810d224e99", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa9ef849d7dbc2f1593ba7c7e7c93fafd85c6c626c8fbc7c51dd12810d224e99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 751}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102698, "scanner": "repobility-ast-engine", "fingerprint": "efd6e189fc7f449abf0bb9fe8014ad4f3551653d5a8887bed4fed329f56a612c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efd6e189fc7f449abf0bb9fe8014ad4f3551653d5a8887bed4fed329f56a612c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102697, "scanner": "repobility-ast-engine", "fingerprint": "a750bdde3d64e095ed6d190b79c4145ac3f0ea466757c6d5b8b40ff2fc9fb5e2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a750bdde3d64e095ed6d190b79c4145ac3f0ea466757c6d5b8b40ff2fc9fb5e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102696, "scanner": "repobility-ast-engine", "fingerprint": "5c02443c0b52d5963ca6f70a6738caba76cd3199d4cdeca57aa1a137a9e8b980", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c02443c0b52d5963ca6f70a6738caba76cd3199d4cdeca57aa1a137a9e8b980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102695, "scanner": "repobility-ast-engine", "fingerprint": "699f4140b8cf2892ed23774ff4af09fcfc1d72b24f6da96b04fae1537cf17b14", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|699f4140b8cf2892ed23774ff4af09fcfc1d72b24f6da96b04fae1537cf17b14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102694, "scanner": "repobility-ast-engine", "fingerprint": "cc49aeb4ff88ce67dca2784a7371698a1955e16de56b40193352c917fb24bd83", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc49aeb4ff88ce67dca2784a7371698a1955e16de56b40193352c917fb24bd83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102693, "scanner": "repobility-ast-engine", "fingerprint": "cb92de734f38fd634c7902ed132a0cefbfb0ea31dd8e6c2ed0e66c48777cf4b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb92de734f38fd634c7902ed132a0cefbfb0ea31dd8e6c2ed0e66c48777cf4b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102692, "scanner": "repobility-ast-engine", "fingerprint": "0995980db9d7ba729c6cab5ccc17e980921cb65b3a87c21ccfb3e1131862bae7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0995980db9d7ba729c6cab5ccc17e980921cb65b3a87c21ccfb3e1131862bae7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mlp_inference.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 102691, "scanner": "repobility-ast-engine", "fingerprint": "b1146b85cfd9c4af36171e4eaa78ecbc871acfdc62676fa4f6c147321d721b2b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b1146b85cfd9c4af36171e4eaa78ecbc871acfdc62676fa4f6c147321d721b2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mujoco_rollout_model_sharing.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 102689, "scanner": "repobility-docker", "fingerprint": "33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nvidia/cuda:12.8.0-cudnn-runtime-ubuntu22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 102688, "scanner": "repobility-docker", "fingerprint": "26d61d20e54c3b5f1c4aad12a65b152a211e0cb6d6cefc095825b0c72dceca19", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|26d61d20e54c3b5f1c4aad12a65b152a211e0cb6d6cefc095825b0c72dceca19", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 34}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102686, "scanner": "repobility-agent-runtime", "fingerprint": "3add13661db0b71c9a50f343ca6696d3bbbccea099f83d6d59f310840dcb48ab", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|3add13661db0b71c9a50f343ca6696d3bbbccea099f83d6d59f310840dcb48ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/sphinx/source/zh_CN/1-getting_started/2-installation.md"}, "region": {"startLine": 15}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102685, "scanner": "repobility-agent-runtime", "fingerprint": "7c42bd0720ca8ab3058a3fe056d07f4c7130534dc6807db5274cd189eafbff9d", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7c42bd0720ca8ab3058a3fe056d07f4c7130534dc6807db5274cd189eafbff9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/sphinx/source/zh_CN/1-getting_started/1-quick_demo.md"}, "region": {"startLine": 10}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102684, "scanner": "repobility-agent-runtime", "fingerprint": "3ad2c2af2e7ccaf5593df4ccd4c944b82acaae9fa58e9f9e5d08f34732ad9ee8", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|3ad2c2af2e7ccaf5593df4ccd4c944b82acaae9fa58e9f9e5d08f34732ad9ee8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/sphinx/source/zh_CN/0-index.md"}, "region": {"startLine": 66}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102683, "scanner": "repobility-agent-runtime", "fingerprint": "5d86e78827fa2f2d58009227464592ddb527e9e427b02721fbd232fd5d38b9ce", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5d86e78827fa2f2d58009227464592ddb527e9e427b02721fbd232fd5d38b9ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/sphinx/source/en/1-getting_started/2-installation.md"}, "region": {"startLine": 16}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102682, "scanner": "repobility-agent-runtime", "fingerprint": "efa7234d8dd9c1db9b915dd7d6ce3247b2a3b601ecb7901bb9181edb83f9ede1", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|efa7234d8dd9c1db9b915dd7d6ce3247b2a3b601ecb7901bb9181edb83f9ede1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/sphinx/source/en/1-getting_started/1-quick_demo.md"}, "region": {"startLine": 10}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102681, "scanner": "repobility-agent-runtime", "fingerprint": "5a194a4141091419c617c93205910a3566bf26549ff5f161d3a641d701f014bb", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5a194a4141091419c617c93205910a3566bf26549ff5f161d3a641d701f014bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/sphinx/source/en/0-index.md"}, "region": {"startLine": 67}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102680, "scanner": "repobility-agent-runtime", "fingerprint": "b9e4b6d16ca77ce89d785234cbf1cc6e600ac02cce493a3d15023cb66f6e451d", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b9e4b6d16ca77ce89d785234cbf1cc6e600ac02cce493a3d15023cb66f6e451d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README_zh.md"}, "region": {"startLine": 84}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 102679, "scanner": "repobility-agent-runtime", "fingerprint": "5d4da79d8796f97a73e587f69687d84b04dcedf8e78f489bb1353c0672bbad2a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5d4da79d8796f97a73e587f69687d84b04dcedf8e78f489bb1353c0672bbad2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 102644, "scanner": "repobility-threat-engine", "fingerprint": "39dc16d39ce228bed7843b76bab14fa537b34f39952136be536102cb0ba4d559", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def forward(self) -> torch.Tensor:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39dc16d39ce228bed7843b76bab14fa537b34f39952136be536102cb0ba4d559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/him_ppo/actor_critic.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 102643, "scanner": "repobility-threat-engine", "fingerprint": "2731ddef08e116da91f65c9effcb66176b46208a9d39c70abba95ee1ce10a3c3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _get_state_dict_template(self) -> dict:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2731ddef08e116da91f65c9effcb66176b46208a9d39c70abba95ee1ce10a3c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/common/base_collector.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 102638, "scanner": "repobility-threat-engine", "fingerprint": "c833b5daf73d69664fe0c95c1537ad545896fb1f258c2f1bfa053e789bea55aa", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|161|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/mlx/ppo/runner.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 102628, "scanner": "repobility-threat-engine", "fingerprint": "265b9510a6371edaec7191263c049207769a013706e7d7b0ef7ba5aefd2714e1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        type_hints = get_type_hints(env_cfg_cls)\n    except Exception:\n        return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|265b9510a6371edaec7191263c049207769a013706e7d7b0ef7ba5aefd2714e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/visualize_task_env.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 102627, "scanner": "repobility-threat-engine", "fingerprint": "bd45734ae0bb807b8a5590d23753d3b0d7b5819e5b7912558df3d63a06952051", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        import resource\n\n        usage = resource.getrusage(resource.RUSAGE_SELF).ru_maxrss", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bd45734ae0bb807b8a5590d23753d3b0d7b5819e5b7912558df3d63a06952051"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/mem_profile.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 102626, "scanner": "repobility-threat-engine", "fingerprint": "99793b0947800e93150df74c75a58f939e6c43fa3f082bcc1fdbb20ad945ed11", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        return importlib.import_module(\"mlx.core\")\n    except Exception:\n        return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|99793b0947800e93150df74c75a58f939e6c43fa3f082bcc1fdbb20ad945ed11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/backends.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 102620, "scanner": "repobility-threat-engine", "fingerprint": "4c6aa38731bedd69ed8b7d2fb5dbd5fd23b464e1a5f5dd79094fe5c4e1b66324", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4c6aa38731bedd69ed8b7d2fb5dbd5fd23b464e1a5f5dd79094fe5c4e1b66324"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/mem_profile.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 102619, "scanner": "repobility-threat-engine", "fingerprint": "3456469ed69cb9767dc128f955f908843946c20ddb4103f9a84a8641dfae593d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3456469ed69cb9767dc128f955f908843946c20ddb4103f9a84a8641dfae593d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/device_info.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 102618, "scanner": "repobility-threat-engine", "fingerprint": "9329c8088f0372c4c9901d314a64666029733c9e748b20aa1eb9765840c137bd", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9329c8088f0372c4c9901d314a64666029733c9e748b20aa1eb9765840c137bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_fast_sac_backends.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 102690, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102678, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0cefbd19c09724b7f9e6c8fb67070ca8778613f40b3174ab8d0af0caf7d4e3b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go1/rough.py", "duplicate_line": 43, "correlation_key": "fp|e0cefbd19c09724b7f9e6c8fb67070ca8778613f40b3174ab8d0af0caf7d4e3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/rough.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102677, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7e4dc4613e0d015032069b2ede16467acaf4b0fdfabeb6d77cfee8fc77204cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go1/rough.py", "duplicate_line": 373, "correlation_key": "fp|a7e4dc4613e0d015032069b2ede16467acaf4b0fdfabeb6d77cfee8fc77204cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/joystick.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102676, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b493b7fbdf354bd48ff0028b169b3ea43bc7cb67116f87683d3b6a93f0b5267", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go1/joystick.py", "duplicate_line": 77, "correlation_key": "fp|8b493b7fbdf354bd48ff0028b169b3ea43bc7cb67116f87683d3b6a93f0b5267"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/joystick.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102675, "scanner": "repobility-ai-code-hygiene", "fingerprint": "abeaabb12f1daf7e2bf6da419c9f8639532ee35c552b642bec2b056a83293c04", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go2/handstand.py", "duplicate_line": 17, "correlation_key": "fp|abeaabb12f1daf7e2bf6da419c9f8639532ee35c552b642bec2b056a83293c04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/joystick.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102674, "scanner": "repobility-ai-code-hygiene", "fingerprint": "503283d8fa588f09cbe8a3bfbd1a6afcc850b11315ba807da8b7ea8b8fbf86e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go1/joystick.py", "duplicate_line": 182, "correlation_key": "fp|503283d8fa588f09cbe8a3bfbd1a6afcc850b11315ba807da8b7ea8b8fbf86e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/handstand.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102673, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89d1170e7946e657136a5748eb602f75f161cf14d2107e19b855b466e0ff3eb9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go2/footstand.py", "duplicate_line": 355, "correlation_key": "fp|89d1170e7946e657136a5748eb602f75f161cf14d2107e19b855b466e0ff3eb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/handstand.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102672, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fba238696798d7dce789e9a80d677ac214a38d698b57eca6fc41e5bc2c8c8cff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go1/base.py", "duplicate_line": 3, "correlation_key": "fp|fba238696798d7dce789e9a80d677ac214a38d698b57eca6fc41e5bc2c8c8cff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/base.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102671, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6e84ddcad07decd7bcd36a676f1506dcd1ed5869255fa44a0e57aa26a82f3ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/envs/locomotion/go1/joystick.py", "duplicate_line": 130, "correlation_key": "fp|b6e84ddcad07decd7bcd36a676f1506dcd1ed5869255fa44a0e57aa26a82f3ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go1/rough.py"}, "region": {"startLine": 351}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102670, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e2c39bcae0a88bb06ee07a08abc26c33261714b246888c1cf01eda7bc951cab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/base/backend/base.py", "duplicate_line": 269, "correlation_key": "fp|4e2c39bcae0a88bb06ee07a08abc26c33261714b246888c1cf01eda7bc951cab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/base/np_env.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102669, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f62a5c917c7a429598e7db6dd80cdb9182a1047ae0bec1955b2a0cc2f739261b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/base/base.py", "duplicate_line": 63, "correlation_key": "fp|f62a5c917c7a429598e7db6dd80cdb9182a1047ae0bec1955b2a0cc2f739261b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/base/np_env.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102668, "scanner": "repobility-ai-code-hygiene", "fingerprint": "725b2b7078f05aee0c0d94c16a6d8e21dd5080f80a7d2647cd644e9f6b13ecdb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/base/backend/base.py", "duplicate_line": 269, "correlation_key": "fp|725b2b7078f05aee0c0d94c16a6d8e21dd5080f80a7d2647cd644e9f6b13ecdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/base/base.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102667, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4765c39cf8375ce0abb703afa2070728c64bcb04511559dc3c786bf3f035f88d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/hora/ppo.py", "duplicate_line": 187, "correlation_key": "fp|4765c39cf8375ce0abb703afa2070728c64bcb04511559dc3c786bf3f035f88d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/rsl_rl_ppo.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102666, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f3a33fa43e7331a9a06489301757021a17fe28321db9dfaed0b53d6ff8f8d80f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/appo/runner.py", "duplicate_line": 369, "correlation_key": "fp|f3a33fa43e7331a9a06489301757021a17fe28321db9dfaed0b53d6ff8f8d80f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/offpolicy/runner.py"}, "region": {"startLine": 541}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102665, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d7cdf05cbe42872bf1488d69ff5e25cf0703fff457cc6436c24bc4295a30e41", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/offpolicy/double_buffer_runner.py", "duplicate_line": 57, "correlation_key": "fp|6d7cdf05cbe42872bf1488d69ff5e25cf0703fff457cc6436c24bc4295a30e41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/offpolicy/runner.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102664, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e1ac85d102fb34afcdeeb8f26ae563bbd7afe51a33130db122ac80e922600c3b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/offpolicy/double_buffer_runner.py", "duplicate_line": 147, "correlation_key": "fp|e1ac85d102fb34afcdeeb8f26ae563bbd7afe51a33130db122ac80e922600c3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/offpolicy/multi_gpu_runner.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102663, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27478c767df10a6726d964b20a3f047157262a3f0b3745b8a91c4826c046bfae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/fast_sac/learner.py", "duplicate_line": 101, "correlation_key": "fp|27478c767df10a6726d964b20a3f047157262a3f0b3745b8a91c4826c046bfae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/sac_models.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102662, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8efeaff15e8146bf7e6da45ed7be382cf15f9ffac228420c3e3c6e4ef3bb0e0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/appo/learner.py", "duplicate_line": 142, "correlation_key": "fp|8efeaff15e8146bf7e6da45ed7be382cf15f9ffac228420c3e3c6e4ef3bb0e0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/ppo.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102661, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b0d7d68d7140cfd6b8e0c02a33b01c98d97893b6d23efc854382ae0b1519873", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/appo/worker.py", "duplicate_line": 69, "correlation_key": "fp|5b0d7d68d7140cfd6b8e0c02a33b01c98d97893b6d23efc854382ae0b1519873"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/appo_worker.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102660, "scanner": "repobility-ai-code-hygiene", "fingerprint": "236bb32206e5abaefd11610b1daf3c277dd979c9b9841e875111c129953bdac2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/appo/runner.py", "duplicate_line": 136, "correlation_key": "fp|236bb32206e5abaefd11610b1daf3c277dd979c9b9841e875111c129953bdac2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/appo_runner.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102659, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18540b9d853d51b45296d49b5fe2c731fd8104af05b05386ba29575bb8808457", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/unilab/algos/torch/appo/learner.py", "duplicate_line": 340, "correlation_key": "fp|18540b9d853d51b45296d49b5fe2c731fd8104af05b05386ba29575bb8808457"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/appo_learner.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102658, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eac7f0001c024d7f8da4f006481bda18d215ee6bb30d4fb211296fc6c63e5427", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/train_appo.py", "duplicate_line": 146, "correlation_key": "fp|eac7f0001c024d7f8da4f006481bda18d215ee6bb30d4fb211296fc6c63e5427"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/appo.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102657, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a58d69d5a2241d7fa0f2d3b7782901b9c14512ba4fa08f41b183d4e3d0d91ba5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/train_mlx_ppo.py", "duplicate_line": 361, "correlation_key": "fp|a58d69d5a2241d7fa0f2d3b7782901b9c14512ba4fa08f41b183d4e3d0d91ba5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/mlx/ppo/runner.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102656, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4b84600865633434f12e4bcda6b68a5af88cdc0f3ae0655b088b911b135c4f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/train_him_ppo.py", "duplicate_line": 44, "correlation_key": "fp|a4b84600865633434f12e4bcda6b68a5af88cdc0f3ae0655b088b911b135c4f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/train_rsl_rl.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102655, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1b3a7d06cfb3c27ecea76d72c54c350347c7782126f6ab054bcfeaa4f5471cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/train_appo.py", "duplicate_line": 344, "correlation_key": "fp|f1b3a7d06cfb3c27ecea76d72c54c350347c7782126f6ab054bcfeaa4f5471cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/train_offpolicy.py"}, "region": {"startLine": 561}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102654, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d94dbc46e514e75caf56e3b6ccef920cd8ba171b39b453b0b5b750c69ddc6cd4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/train_him_ppo.py", "duplicate_line": 45, "correlation_key": "fp|d94dbc46e514e75caf56e3b6ccef920cd8ba171b39b453b0b5b750c69ddc6cd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/train_hora_distill.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102653, "scanner": "repobility-ai-code-hygiene", "fingerprint": "92127d85cad372fd472c9a8ec7a5f1c5219931199838db05b56c41c5a27374a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/motion/csv_to_npz.py", "duplicate_line": 255, "correlation_key": "fp|92127d85cad372fd472c9a8ec7a5f1c5219931199838db05b56c41c5a27374a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/motion/replay_npz.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102652, "scanner": "repobility-ai-code-hygiene", "fingerprint": "340a082d193c417aba84bcaaa333fa2cdc88f02a8a2ee317aa9c8161f5d210d3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/motion/bones_seed_csv_to_npz.py", "duplicate_line": 66, "correlation_key": "fp|340a082d193c417aba84bcaaa333fa2cdc88f02a8a2ee317aa9c8161f5d210d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/motion/replay_bones_seed_csv.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102651, "scanner": "repobility-ai-code-hygiene", "fingerprint": "028f72f83925ec47b51e4e69d8947e11e52e402c67d35b52297864fbb34da191", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/motion/bones_seed_csv_to_npz.py", "duplicate_line": 47, "correlation_key": "fp|028f72f83925ec47b51e4e69d8947e11e52e402c67d35b52297864fbb34da191"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/motion/csv_to_npz.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102650, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0134a403ae345915dacb5ec97bcd8df74619496c3864c1932bcd537305affee8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/deploy/append_cooldown.py", "duplicate_line": 62, "correlation_key": "fp|0134a403ae345915dacb5ec97bcd8df74619496c3864c1932bcd537305affee8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/deploy/prepend_warmup.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 102649, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b64667683bff111cafe0df727d7b4cd57b696f0dcfa41e717f31129b99f19d38", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/deploy/export_deploy_config.py", "duplicate_line": 23, "correlation_key": "fp|b64667683bff111cafe0df727d7b4cd57b696f0dcfa41e717f31129b99f19d38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/deploy/export_motion_bin.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 102648, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65fbf9988765c17c94affab2fc7e96edbd972ee6a51657eb7e7882d28bb66626", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|65fbf9988765c17c94affab2fc7e96edbd972ee6a51657eb7e7882d28bb66626"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/ipc/replay_pipelines/transfer/torch_copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 102641, "scanner": "repobility-threat-engine", "fingerprint": "7070d048d220b2b03523aaa311cff0def6311a8e18fba0e6a9244424d289bfef", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tempfile.mktemp(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7070d048d220b2b03523aaa311cff0def6311a8e18fba0e6a9244424d289bfef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/common/ane_actor.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_top_array_attrs` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, except=1, for=1, if=2, nested_bonus=3."}, "properties": {"repobilityId": 102608, "scanner": "repobility-threat-engine", "fingerprint": "f393d6f110a9d0b0172307a11eaace1178c637ece0e2f562607ad1679c0975e0", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_top_array_attrs", "breakdown": {"if": 2, "for": 1, "except": 1, "continue": 2, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|f393d6f110a9d0b0172307a11eaace1178c637ece0e2f562607ad1679c0975e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_mjmodel_memory.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `run_backend` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, if=5, nested_bonus=2."}, "properties": {"repobilityId": 102607, "scanner": "repobility-threat-engine", "fingerprint": "9855c7cc947fbaf7f48c6fab49a4d11fb1d4fbfdc014f3d467df3f565995ea85", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run_backend", "breakdown": {"if": 5, "except": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|9855c7cc947fbaf7f48c6fab49a4d11fb1d4fbfdc014f3d467df3f565995ea85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_fast_sac_backends.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=3, nested_bonus=6."}, "properties": {"repobilityId": 102606, "scanner": "repobility-threat-engine", "fingerprint": "ae4c84b513ef137fe56f9fae1cd9137e7a66fffc1b6b22e8caa4cb2666ab72fb", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"for": 3, "except": 1, "nested_bonus": 6}, "complexity": 10, "correlation_key": "fp|ae4c84b513ef137fe56f9fae1cd9137e7a66fffc1b6b22e8caa4cb2666ab72fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_backends.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 102646, "scanner": "repobility-threat-engine", "fingerprint": "3d76acb8cb8acabb02b9c3a60f1369660f3549a7e063999b985905b107e5a788", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d76acb8cb8acabb02b9c3a60f1369660f3549a7e063999b985905b107e5a788"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go2/base.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 102645, "scanner": "repobility-threat-engine", "fingerprint": "2a0d8e72331488578c5b249008c0014e2d46dc989457dbd9e9c1dc173b5c9cd5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a0d8e72331488578c5b249008c0014e2d46dc989457dbd9e9c1dc173b5c9cd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/locomotion/go1/base.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED090", "level": "none", "message": {"text": "[MINED090] Python Tempfile Mktemp: tempfile.mktemp() is deprecated due to TOCTOU race."}, "properties": {"repobilityId": 102642, "scanner": "repobility-threat-engine", "fingerprint": "617cef7f815c7807fada61eeca34f52c372d014a250fafca645145380c9ce4fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-tempfile-mktemp", "owasp": null, "cwe_ids": ["CWE-377"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348148+00:00", "triaged_in_corpus": 15, "observations_count": 483, "ai_coder_pattern_id": 121}, "scanner": "repobility-threat-engine", "correlation_key": "fp|617cef7f815c7807fada61eeca34f52c372d014a250fafca645145380c9ce4fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/common/ane_actor.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 102637, "scanner": "repobility-threat-engine", "fingerprint": "224fa410e57bd88ba1ad24ac7a8d3ce95d7510e712dae950288a63438d241022", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|224fa410e57bd88ba1ad24ac7a8d3ce95d7510e712dae950288a63438d241022", "aggregated_count": 14}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 102636, "scanner": "repobility-threat-engine", "fingerprint": "36a9f9c3c720b13ca3ceb78671181f89ab5cf9b4725b2dd0746c4187665250c7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36a9f9c3c720b13ca3ceb78671181f89ab5cf9b4725b2dd0746c4187665250c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/appo.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 102635, "scanner": "repobility-threat-engine", "fingerprint": "a7c88880e6eb4162a1fc1a6f49b714f3fb4350f529fd9afff4acf3e679cdebd2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a7c88880e6eb4162a1fc1a6f49b714f3fb4350f529fd9afff4acf3e679cdebd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/appo/runtime.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 102634, "scanner": "repobility-threat-engine", "fingerprint": "aad490b507d0ffab0c5ed69dc5b793e1e46e9c29107e0c1650f8169ade855a6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aad490b507d0ffab0c5ed69dc5b793e1e46e9c29107e0c1650f8169ade855a6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/mlx/common/rollout_storage.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 102633, "scanner": "repobility-threat-engine", "fingerprint": "ae6b4e3651a159e05140b3443229f96f19f275d131f477a22f1afea88bd25d7e", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "evidence": {"match": "torch.load(", "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|187|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/hora/appo.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 102632, "scanner": "repobility-threat-engine", "fingerprint": "99c1aace3132003946ead3acdaf1d1ab4cd657c70dd16039eb374792f059d03a", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "evidence": {"match": "torch.load(", "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|scripts/train_him_ppo.py|110|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/train_him_ppo.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC136", "level": "none", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 102629, "scanner": "repobility-threat-engine", "fingerprint": "8e478e56b730255b619eaaf214c2ac68864bd09b58591d59c20fe11bd4508abd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8e478e56b730255b619eaaf214c2ac68864bd09b58591d59c20fe11bd4508abd"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 102625, "scanner": "repobility-threat-engine", "fingerprint": "f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 102621, "scanner": "repobility-threat-engine", "fingerprint": "09a342afadf11f998ff72aae4f6dc6fdfc3a7a53fdd52d6a06632d6970e31c19", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|09a342afadf11f998ff72aae4f6dc6fdfc3a7a53fdd52d6a06632d6970e31c19"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 102617, "scanner": "repobility-threat-engine", "fingerprint": "1bbbd70fa5d60f2416cb36a49f8da847ba4197195993de23f811a09759133264", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1bbbd70fa5d60f2416cb36a49f8da847ba4197195993de23f811a09759133264", "aggregated_count": 23}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 102616, "scanner": "repobility-threat-engine", "fingerprint": "3d44c9541538752e20e5cb7ba414bcf6995034621c1a663dca4c8eb4eeeece05", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d44c9541538752e20e5cb7ba414bcf6995034621c1a663dca4c8eb4eeeece05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/mem_profile.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 102615, "scanner": "repobility-threat-engine", "fingerprint": "24b8c7b19e6c355918a2bb39d9037beec86309a0be34616c991989de8042e662", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|24b8c7b19e6c355918a2bb39d9037beec86309a0be34616c991989de8042e662"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/device_info.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 102614, "scanner": "repobility-threat-engine", "fingerprint": "9d99e40a415c9c9defbc68b5e741f53f417359294ac81d0f9da46789e053f5ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d99e40a415c9c9defbc68b5e741f53f417359294ac81d0f9da46789e053f5ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_fast_sac_backends.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 102613, "scanner": "repobility-threat-engine", "fingerprint": "e92ca7660e8c577d998ed38d702bd0e28a30f0eb9fe80341db09927c32f0423f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e92ca7660e8c577d998ed38d702bd0e28a30f0eb9fe80341db09927c32f0423f", "aggregated_count": 9}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 71 more): Same pattern found in 71 additional files. Review if needed."}, "properties": {"repobilityId": 102609, "scanner": "repobility-threat-engine", "fingerprint": "d4abd7564a3ddde4b5dfa674031e44cf9072edfe2ffbac90d950dab613da9d9c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 71 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"for": 3, "except": 1, "nested_bonus": 6}, "aggregated": true, "complexity": 10, "correlation_key": "fp|d4abd7564a3ddde4b5dfa674031e44cf9072edfe2ffbac90d950dab613da9d9c", "aggregated_count": 71}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 102605, "scanner": "repobility-threat-engine", "fingerprint": "c80ff157c0dd4f06d29a253eef2e040bc846fc539581945c90fe13c6ec14dd22", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c80ff157c0dd4f06d29a253eef2e040bc846fc539581945c90fe13c6ec14dd22"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 102604, "scanner": "repobility-threat-engine", "fingerprint": "924d14e3045dc1f162e5c2423cc212935344d55b76ef9b0f7bdf66542a6763bd", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|177|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_ipc_weight_sync.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 102603, "scanner": "repobility-threat-engine", "fingerprint": "6a91afd7abb7ce2b4ce23720cf9afca4f905feb3d61e3ea9dac23794eb701378", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|174|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_backends.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 102602, "scanner": "repobility-threat-engine", "fingerprint": "7945835c62583560a335e5c1da3d6f8f488fba92ec4321974b22d3471fd3b27a", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|77|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_ane_peak.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102787, "scanner": "repobility-supply-chain", "fingerprint": "b388a565bdefc8dc4f6ecdfd6e0bf09fa7aa80b5129a334dfe6e00faaec42524", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b388a565bdefc8dc4f6ecdfd6e0bf09fa7aa80b5129a334dfe6e00faaec42524"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`: `uses: astral-sh/setup-uv@v8.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102786, "scanner": "repobility-supply-chain", "fingerprint": "30ac7c7f53dbc34782374d131aa47ef8aecf9425fba767cc3f074edd6860cbb8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|30ac7c7f53dbc34782374d131aa47ef8aecf9425fba767cc3f074edd6860cbb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102785, "scanner": "repobility-supply-chain", "fingerprint": "0d9e00c81ede566785ad53215522bf9ae86b9d46959824175238f9b4db7288dc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0d9e00c81ede566785ad53215522bf9ae86b9d46959824175238f9b4db7288dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`: `uses: astral-sh/setup-uv@v8.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102784, "scanner": "repobility-supply-chain", "fingerprint": "fb519874999c631d8341190a649eea6954b8a92c74dee3dc8759fc9a7d874fc7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb519874999c631d8341190a649eea6954b8a92c74dee3dc8759fc9a7d874fc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6.0.2`: `uses: actions/checkout@v6.0.2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102783, "scanner": "repobility-supply-chain", "fingerprint": "03f66999dd1f32314eaadce3d84f3a961948abbf3181bbc207d15e064e3c98ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|03f66999dd1f32314eaadce3d84f3a961948abbf3181bbc207d15e064e3c98ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`: `uses: astral-sh/setup-uv@v8.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102782, "scanner": "repobility-supply-chain", "fingerprint": "99cffe8a5d05b7e2e1ede538f48c034c9fe29c5f3bc5ca4b16b0155dda9eb84b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|99cffe8a5d05b7e2e1ede538f48c034c9fe29c5f3bc5ca4b16b0155dda9eb84b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6.0.2`: `uses: actions/checkout@v6.0.2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102781, "scanner": "repobility-supply-chain", "fingerprint": "2a70a114860f6474ecd45e863e75f2fa4710f2aea01ea82a68815973cc3aca6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a70a114860f6474ecd45e863e75f2fa4710f2aea01ea82a68815973cc3aca6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`: `uses: astral-sh/setup-uv@v8.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102780, "scanner": "repobility-supply-chain", "fingerprint": "6a96dbb890667450b8c223ee99a8f78ecd0b26c7ac9103f914a3f6464ddc689c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6a96dbb890667450b8c223ee99a8f78ecd0b26c7ac9103f914a3f6464ddc689c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6.0.2`: `uses: actions/checkout@v6.0.2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102779, "scanner": "repobility-supply-chain", "fingerprint": "0359e3311e8880382ce9256fe3b980f343346413b65a75668106474f9fa1dd54", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0359e3311e8880382ce9256fe3b980f343346413b65a75668106474f9fa1dd54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`: `uses: astral-sh/setup-uv@v8.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102778, "scanner": "repobility-supply-chain", "fingerprint": "d1b1b7ffb652f6fc9337b201879ffbef243e9192923df5b80595113d71f21156", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1b1b7ffb652f6fc9337b201879ffbef243e9192923df5b80595113d71f21156"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6.0.2`: `uses: actions/checkout@v6.0.2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102777, "scanner": "repobility-supply-chain", "fingerprint": "a512e11bda1d9ea4cfbea29270e04c8658f70fcdb88627cab3ff05358bd7d917", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a512e11bda1d9ea4cfbea29270e04c8658f70fcdb88627cab3ff05358bd7d917"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`: `uses: astral-sh/setup-uv@v8.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102776, "scanner": "repobility-supply-chain", "fingerprint": "bca5aaf6d0e53df204b6cf9a92eed1fdd91943bc049ea49eeb30ea9dc7395c4c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bca5aaf6d0e53df204b6cf9a92eed1fdd91943bc049ea49eeb30ea9dc7395c4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6.0.2`: `uses: actions/checkout@v6.0.2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 102775, "scanner": "repobility-supply-chain", "fingerprint": "ccd6584b4b667531d95b59f68621fdec0a3fa3d2eb64d06a35767604727d639e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccd6584b4b667531d95b59f68621fdec0a3fa3d2eb64d06a35767604727d639e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.15.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-mypy` at `rev: v1.15.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 102774, "scanner": "repobility-supply-chain", "fingerprint": "67201db338ef2cdc6cd183d941bbc3882c86178f25c9b0cc933bd9f70fb5d5b5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67201db338ef2cdc6cd183d941bbc3882c86178f25c9b0cc933bd9f70fb5d5b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/RobertCraigie/pyright-python` pinned to mutable rev `v1.1.408`: `.pre-commit-config.yaml` references `https://github.com/RobertCraigie/pyright-python` at `rev: v1.1.408`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 102773, "scanner": "repobility-supply-chain", "fingerprint": "9473ff0903ad75db23ac1a12f7be076e45c553518b2497705ae7a1b6eafb2d02", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9473ff0903ad75db23ac1a12f7be076e45c553518b2497705ae7a1b6eafb2d02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.14.14`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.14.14`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 102772, "scanner": "repobility-supply-chain", "fingerprint": "d30dd53028b63c59ff83c8f5bc632e7582330b2cfb89270cfc81d0958dcb34aa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d30dd53028b63c59ff83c8f5bc632e7582330b2cfb89270cfc81d0958dcb34aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `nvidia/cuda:12.8.0-cudnn-runtime-ubuntu22.04` not pinned by digest: `FROM nvidia/cuda:12.8.0-cudnn-runtime-ubuntu22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 102771, "scanner": "repobility-supply-chain", "fingerprint": "4212f3375cc4ff52390541b7bfa935a549d5fc0e1e0b1584c4e9f47b4f5833f5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4212f3375cc4ff52390541b7bfa935a549d5fc0e1e0b1584c4e9f47b4f5833f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._handle` used but never assigned in __init__: Method `add_cylinder` of class `_FakeScene` reads `self._handle`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102766, "scanner": "repobility-ast-engine", "fingerprint": "2b73024f2c3e21a624854a586916d9edc7a406fb63088f825f3e0f98a5630f6f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b73024f2c3e21a624854a586916d9edc7a406fb63088f825f3e0f98a5630f6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utils/test_viser_scene.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._handle` used but never assigned in __init__: Method `add_mesh_trimesh` of class `_FakeScene` reads `self._handle`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102765, "scanner": "repobility-ast-engine", "fingerprint": "c3314210caf874a6b983746f8b3f40e4f6f80741357936506a014b120b701e79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3314210caf874a6b983746f8b3f40e4f6f80741357936506a014b120b701e79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utils/test_viser_scene.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._handle` used but never assigned in __init__: Method `add_icosphere` of class `_FakeScene` reads `self._handle`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102764, "scanner": "repobility-ast-engine", "fingerprint": "8e86f8828ece6dde252ae2318159868dbee1fc879ad07f972df3448253ad1d1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e86f8828ece6dde252ae2318159868dbee1fc879ad07f972df3448253ad1d1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utils/test_viser_scene.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._handle` used but never assigned in __init__: Method `add_grid` of class `_FakeScene` reads `self._handle`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102763, "scanner": "repobility-ast-engine", "fingerprint": "605fb4bb2157aef7e17e5499b815617a9608c9cbf1e771e5cc4d14c7a8790fbb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|605fb4bb2157aef7e17e5499b815617a9608c9cbf1e771e5cc4d14c7a8790fbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/utils/test_viser_scene.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.start_prepare` used but never assigned in __init__: Method `wait_until_ready` of class `_FakeDoubleBufferPipeline` reads `self.start_prepare`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102762, "scanner": "repobility-ast-engine", "fingerprint": "49a00427227b768739a885e56fcfe4894e0cef392dba0669b0f3bc19ece43f75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49a00427227b768739a885e56fcfe4894e0cef392dba0669b0f3bc19ece43f75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_offpolicy_runner_unit.py"}, "region": {"startLine": 602}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.slot_shapes` used but never assigned in __init__: Method `read_numpy_views` of class `_FakeRolloutRingBuffer` reads `self.slot_shapes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102761, "scanner": "repobility-ast-engine", "fingerprint": "4aad82be892785b1132794c320a1320e8778ce0c9a3eb7ac5f2fdbe71222a300", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4aad82be892785b1132794c320a1320e8778ce0c9a3eb7ac5f2fdbe71222a300"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_runner_unit.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.log_std` used but never assigned in __init__: Method `forward` of class `_NormalizingActor` reads `self.log_std`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102760, "scanner": "repobility-ast-engine", "fingerprint": "40f16cb52ef077efbb8e43c8931d487f518ee76e4acc63ddf40118eac9661e49", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40f16cb52ef077efbb8e43c8931d487f518ee76e4acc63ddf40118eac9661e49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_learner_metrics.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.offset` used but never assigned in __init__: Method `forward` of class `_NormalizingActor` reads `self.offset`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102759, "scanner": "repobility-ast-engine", "fingerprint": "11d4b2268560fe5d2a50645782bb36cb4c35ecdb3100ee46310854afe03f5d9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11d4b2268560fe5d2a50645782bb36cb4c35ecdb3100ee46310854afe03f5d9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_learner_metrics.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.linear` used but never assigned in __init__: Method `forward` of class `_NormalizingActor` reads `self.linear`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102758, "scanner": "repobility-ast-engine", "fingerprint": "c7a7066db3b2b7f2360c3b8e122581277f0e9cb8c189f5d4a47c597fb19bf6ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7a7066db3b2b7f2360c3b8e122581277f0e9cb8c189f5d4a47c597fb19bf6ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_learner_metrics.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_entropy` used but never assigned in __init__: Method `forward` of class `_NormalizingActor` reads `self.output_entropy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102757, "scanner": "repobility-ast-engine", "fingerprint": "7f74772e14351e232ed012c0caee81364dc4c91249cfb4a6b7fc4a19526e0d30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f74772e14351e232ed012c0caee81364dc4c91249cfb4a6b7fc4a19526e0d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_learner_metrics.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_std` used but never assigned in __init__: Method `forward` of class `_NormalizingActor` reads `self.output_std`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102756, "scanner": "repobility-ast-engine", "fingerprint": "4bf2167ccd25997f92c4f55553892831393da4900ac54bff437a09549e687680", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4bf2167ccd25997f92c4f55553892831393da4900ac54bff437a09549e687680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_learner_metrics.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_mean` used but never assigned in __init__: Method `forward` of class `_NormalizingActor` reads `self.output_mean`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102755, "scanner": "repobility-ast-engine", "fingerprint": "0c4cfe79aea50f5c68a080542dee0f14812305a856758d3d193e0a57ac1ab6ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c4cfe79aea50f5c68a080542dee0f14812305a856758d3d193e0a57ac1ab6ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_learner_metrics.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.offset` used but never assigned in __init__: Method `update_normalization` of class `_NormalizingActor` reads `self.offset`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102754, "scanner": "repobility-ast-engine", "fingerprint": "e6fa7490bc7a5fcb5605d8f192f8b9f607b25dd4126f9f8a297ae99b0a9466e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6fa7490bc7a5fcb5605d8f192f8b9f607b25dd4126f9f8a297ae99b0a9466e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_appo_learner_metrics.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._obs_to_tensordict` used but never assigned in __init__: Method `get_observations` of class `_RslRlVecEnvWrapper` reads `self._obs_to_tensordict`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102753, "scanner": "repobility-ast-engine", "fingerprint": "3513d4c8bb129a95696bed1649028dc243df5ee5df231f32ef11e6ef6876a63d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3513d4c8bb129a95696bed1649028dc243df5ee5df231f32ef11e6ef6876a63d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_rsl_rl_runner.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._obs_to_tensordict` used but never assigned in __init__: Method `reset` of class `_RslRlVecEnvWrapper` reads `self._obs_to_tensordict`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102752, "scanner": "repobility-ast-engine", "fingerprint": "f8985796ecb4daa1f8a99b0a0a3372c73564bccc42dd79daad5baf7857a9367e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8985796ecb4daa1f8a99b0a0a3372c73564bccc42dd79daad5baf7857a9367e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_rsl_rl_runner.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._obs_to_tensordict` used but never assigned in __init__: Method `step` of class `_RslRlVecEnvWrapper` reads `self._obs_to_tensordict`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102751, "scanner": "repobility-ast-engine", "fingerprint": "7f610f28d616a1abe02d3292acfc1fa90f35e11be7634acbf55f7304c96edf3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f610f28d616a1abe02d3292acfc1fa90f35e11be7634acbf55f7304c96edf3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_rsl_rl_runner.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._make_batch` used but never assigned in __init__: Method `test_training_loop_updates` of class `TestFastTD3Learner` reads `self._make_batch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102750, "scanner": "repobility-ast-engine", "fingerprint": "ab87c973067504268ebf23224e8dc53d4e7306b48b55201e77d8ca1168283d5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab87c973067504268ebf23224e8dc53d4e7306b48b55201e77d8ca1168283d5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_fast_td3_learner.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._make_batch` used but never assigned in __init__: Method `test_update_actor_returns_metrics` of class `TestFastTD3Learner` reads `self._make_batch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102749, "scanner": "repobility-ast-engine", "fingerprint": "725d8b2a0e01fe0ea928bb20666cfc9dac5dd9ccc7fdbe99e63b8a96bccf8375", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|725d8b2a0e01fe0ea928bb20666cfc9dac5dd9ccc7fdbe99e63b8a96bccf8375"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_fast_td3_learner.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._make_batch` used but never assigned in __init__: Method `test_update_critic_returns_metrics` of class `TestFastTD3Learner` reads `self._make_batch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102748, "scanner": "repobility-ast-engine", "fingerprint": "f58943c2b3834d51ca4c3be88f33914634da911dc9aa237843ac805b372f95dc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f58943c2b3834d51ca4c3be88f33914634da911dc9aa237843ac805b372f95dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/algos/test_fast_td3_learner.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_body_ang_vel_w` used but never assigned in __init__: Method `get_body_vel_w` of class `FakeBackend` reads `self.get_body_ang_vel_w`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102747, "scanner": "repobility-ast-engine", "fingerprint": "e7a4cb1071d86079bfefca02f509fa900e86128936a90ac19b6745b747e5e797", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7a4cb1071d86079bfefca02f509fa900e86128936a90ac19b6745b747e5e797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1433}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_body_lin_vel_w` used but never assigned in __init__: Method `get_body_vel_w` of class `FakeBackend` reads `self.get_body_lin_vel_w`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102746, "scanner": "repobility-ast-engine", "fingerprint": "ccbfb5d352260af3bcc9fdde2e665559b60a4df9953949186701b9aad4b6c34a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ccbfb5d352260af3bcc9fdde2e665559b60a4df9953949186701b9aad4b6c34a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1433}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_body_quat_w` used but never assigned in __init__: Method `get_body_pose_w_rows` of class `FakeBackend` reads `self.get_body_quat_w`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102745, "scanner": "repobility-ast-engine", "fingerprint": "bf682a43ee87e470ebaf7c9b9c91b5a587a9bbe5db2c16cfbc16c02f4b9a3bc2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf682a43ee87e470ebaf7c9b9c91b5a587a9bbe5db2c16cfbc16c02f4b9a3bc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1426}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_body_pos_w` used but never assigned in __init__: Method `get_body_pose_w_rows` of class `FakeBackend` reads `self.get_body_pos_w`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102744, "scanner": "repobility-ast-engine", "fingerprint": "7381590c3e7d78a8d16eea7c036089d1b787b7af231fb12edeba75ead523d296", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7381590c3e7d78a8d16eea7c036089d1b787b7af231fb12edeba75ead523d296"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1426}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_body_quat_w` used but never assigned in __init__: Method `get_body_pose_w` of class `FakeBackend` reads `self.get_body_quat_w`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102743, "scanner": "repobility-ast-engine", "fingerprint": "ba49af8edbaeae4acc99eb6cb8d002ebac6e389a2c99c8ae0d9a223b60ba8885", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba49af8edbaeae4acc99eb6cb8d002ebac6e389a2c99c8ae0d9a223b60ba8885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1420}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_body_pos_w` used but never assigned in __init__: Method `get_body_pose_w` of class `FakeBackend` reads `self.get_body_pos_w`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 102742, "scanner": "repobility-ast-engine", "fingerprint": "a0dfe1c80aed578dfc31300adbb3a0e990b9990e69dace171da486401a2748cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0dfe1c80aed578dfc31300adbb3a0e990b9990e69dace171da486401a2748cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1420}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_allegro_env_initializes_kp_kd_into_pool: Test function `test_allegro_env_initializes_kp_kd_into_pool` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102741, "scanner": "repobility-ast-engine", "fingerprint": "2f104485c7075134b1213239bb4d6a761996da30e97cdcd7603f243523cabbcd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f104485c7075134b1213239bb4d6a761996da30e97cdcd7603f243523cabbcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1801}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_go2_env_initializes_kp_kd_into_pool: Test function `test_go2_env_initializes_kp_kd_into_pool` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102740, "scanner": "repobility-ast-engine", "fingerprint": "724514bffc7f9291b036ccf4264c5f2e71c8af3672088210a29f49d00b841b88", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|724514bffc7f9291b036ccf4264c5f2e71c8af3672088210a29f49d00b841b88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1765}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_go1_env_initializes_kp_kd_into_pool: Test function `test_go1_env_initializes_kp_kd_into_pool` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102739, "scanner": "repobility-ast-engine", "fingerprint": "443697de623b269d1f7b172e4b0bf7dada2e1f19481afc98a4dee64a154fae5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|443697de623b269d1f7b172e4b0bf7dada2e1f19481afc98a4dee64a154fae5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1742}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_motion_tracking_clip_end_does_not_override_true_termination: Test function `test_g1_motion_tracking_clip_end_does_not_override_true_termination` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102738, "scanner": "repobility-ast-engine", "fingerprint": "4668d3a751ab8770368094e8f4fd5794bd4afe3723904e710c77fcb70a5decf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4668d3a751ab8770368094e8f4fd5794bd4afe3723904e710c77fcb70a5decf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1618}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_motion_tracking_apply_action_accepts_per_joint_action_scale: Test function `test_g1_motion_tracking_apply_action_accepts_per_joint_action_scale` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102737, "scanner": "repobility-ast-engine", "fingerprint": "b71c6ff006dbb768da2182cdbcbe64f47f5cb0c96c8ff7545ed8456cc23efd83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b71c6ff006dbb768da2182cdbcbe64f47f5cb0c96c8ff7545ed8456cc23efd83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1370}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_motion_tracking_can_terminate_on_undesired_contacts: Test function `test_g1_motion_tracking_can_terminate_on_undesired_contacts` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102736, "scanner": "repobility-ast-engine", "fingerprint": "c03f8691eb8ed474299096fd78c10cc610cd039f015db9fc99f3675f3c9a38ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c03f8691eb8ed474299096fd78c10cc610cd039f015db9fc99f3675f3c9a38ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 1100}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_box_tracking_critic_object_state_respects_subset_env_order: Test function `test_g1_box_tracking_critic_object_state_respects_subset_env_order` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102735, "scanner": "repobility-ast-engine", "fingerprint": "7b9c8fdca23ebb800c71635de2f8a4e7ce35043de1216aeb909c2ece087d179c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b9c8fdca23ebb800c71635de2f8a4e7ce35043de1216aeb909c2ece087d179c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 998}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_motion_tracking_reward_fast_path_matches_reference: Test function `test_g1_motion_tracking_reward_fast_path_matches_reference` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102734, "scanner": "repobility-ast-engine", "fingerprint": "f176d9cd794c920509d6bdc2e65c7cc59cec280123d75d25c01aa8c09faa6542", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f176d9cd794c920509d6bdc2e65c7cc59cec280123d75d25c01aa8c09faa6542"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 681}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_motion_tracking_relative_transform_fast_path_matches_reference: Test function `test_g1_motion_tracking_relative_transform_fast_path_matches_reference` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102733, "scanner": "repobility-ast-engine", "fingerprint": "b94419cffbca767050df6d71aa44d9b18933c10ed0c31921f0ab76d936c4d68b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b94419cffbca767050df6d71aa44d9b18933c10ed0c31921f0ab76d936c4d68b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 624}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_motion_tracking_anchor_frame_writers_match_reference: Test function `test_g1_motion_tracking_anchor_frame_writers_match_reference` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102732, "scanner": "repobility-ast-engine", "fingerprint": "3ba731b53c72f0c01e23a0ca14da652798e75d85d445b5e43729c2728c00cac7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ba731b53c72f0c01e23a0ca14da652798e75d85d445b5e43729c2728c00cac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 574}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_g1_walk_flat_observation_construction_is_hardcoded_for_legacy_and_walk_modes: Test function `test_g1_walk_flat_observation_construction_is_hardcoded_for_legacy_and_walk_modes` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102731, "scanner": "repobility-ast-engine", "fingerprint": "c6f7314c17ed3257dcf540b409f8f64a5ce74e21b7517fd0f69f6fab72a45a31", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6f7314c17ed3257dcf540b409f8f64a5ce74e21b7517fd0f69f6fab72a45a31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/envs/test_env_configs.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resolution_validation_rejects_misaligned_size: Test function `test_resolution_validation_rejects_misaligned_size` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102730, "scanner": "repobility-ast-engine", "fingerprint": "f5264fb1b1a83d7c540f737a647e33c9598aa3fa861181dae54b0ee6c0f23ebd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5264fb1b1a83d7c540f737a647e33c9598aa3fa861181dae54b0ee6c0f23ebd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/terrains/test_terrain_generator.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resolution_validation_rejects_misaligned_step_width: Test function `test_resolution_validation_rejects_misaligned_step_width` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102729, "scanner": "repobility-ast-engine", "fingerprint": "0fb2b44ec14545980a786433139ccb1b62d2539ba3a149b9be3c022d11ec496d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fb2b44ec14545980a786433139ccb1b62d2539ba3a149b9be3c022d11ec496d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/terrains/test_terrain_generator.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_apply_training_seed_rejects_negative_seed: Test function `test_apply_training_seed_rejects_negative_seed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102728, "scanner": "repobility-ast-engine", "fingerprint": "bcc2efecb5ddc495eea6fb0dc3ac8a8fdabe21da1cd42896399a6453278919e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bcc2efecb5ddc495eea6fb0dc3ac8a8fdabe21da1cd42896399a6453278919e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/training/test_seed_contract.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_render_play_mode_requires_env_snapshot_contract_for_video_export: Test function `test_render_play_mode_requires_env_snapshot_contract_for_video_export` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102727, "scanner": "repobility-ast-engine", "fingerprint": "39ca48b0dc5b2f9c4cc791b8f58f63efa81fbba5d1cdb343c179ee443d0bf8fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|39ca48b0dc5b2f9c4cc791b8f58f63efa81fbba5d1cdb343c179ee443d0bf8fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/training/test_training_helpers.py"}, "region": {"startLine": 723}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_motrix_record_run_playback_does_not_swallow_render_closed: Test function `test_motrix_record_run_playback_does_not_swallow_render_closed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102726, "scanner": "repobility-ast-engine", "fingerprint": "6f8a1d58bca9e8d072e15f5e9f6aafbf55d39b01e85611a4da05392437219eb8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f8a1d58bca9e8d072e15f5e9f6aafbf55d39b01e85611a4da05392437219eb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/training/test_training_helpers.py"}, "region": {"startLine": 418}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_demo_teaser_build_command_rejected: Test function `test_demo_teaser_build_command_rejected` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102725, "scanner": "repobility-ast-engine", "fingerprint": "f6613431421e71d46c5b525c3ed9802098df39522142fc340856435bb0ac7497", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6613431421e71d46c5b525c3ed9802098df39522142fc340856435bb0ac7497"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 588}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_demo_main_unknown_name_raises_with_available_list: Test function `test_demo_main_unknown_name_raises_with_available_list` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102724, "scanner": "repobility-ast-engine", "fingerprint": "4dc2ad8e588820d513c0b157c4ceb4032e61d6f520570845b8ee420df7635343", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4dc2ad8e588820d513c0b157c4ceb4032e61d6f520570845b8ee420df7635343"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 516}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_demo_main_rejects_passthrough_overrides: Test function `test_demo_main_rejects_passthrough_overrides` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102723, "scanner": "repobility-ast-engine", "fingerprint": "c245a89d42323d1afd2dde7ee76334e79df9d4fd2509dac62e3dcca93cf75b58", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c245a89d42323d1afd2dde7ee76334e79df9d4fd2509dac62e3dcca93cf75b58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 511}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_demo_unknown_name_lists_available_demos: Test function `test_demo_unknown_name_lists_available_demos` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102722, "scanner": "repobility-ast-engine", "fingerprint": "11532c319aa95f85d16374cb40c6792be76e8691a26ad69c2c83a8567f17a997", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11532c319aa95f85d16374cb40c6792be76e8691a26ad69c2c83a8567f17a997"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 506}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_demo_play_interactive_requires_script: Test function `test_demo_play_interactive_requires_script` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102721, "scanner": "repobility-ast-engine", "fingerprint": "4e8f85a83d1da9099033dcc33afe3a5a0d05528bf7045d96b9bfddc96df6d292", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e8f85a83d1da9099033dcc33afe3a5a0d05528bf7045d96b9bfddc96df6d292"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 492}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_demo_play_interactive_requires_owner_yaml: Test function `test_demo_play_interactive_requires_owner_yaml` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102720, "scanner": "repobility-ast-engine", "fingerprint": "18f0bf571f9b83ec660af9d364092c2e3d8aabc2a46f67d882cb284dcbfae95d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18f0bf571f9b83ec660af9d364092c2e3d8aabc2a46f67d882cb284dcbfae95d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 480}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_macos_motrix_eval_requires_mxpython: Test function `test_macos_motrix_eval_requires_mxpython` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102719, "scanner": "repobility-ast-engine", "fingerprint": "bdf2921c3bbee661b338e594716702d24c3c3821884dde532037c84b3376dc30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdf2921c3bbee661b338e594716702d24c3c3821884dde532037c84b3376dc30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_load_teaser_model_calls_resolve_scene_dir: Test function `test_load_teaser_model_calls_resolve_scene_dir` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102718, "scanner": "repobility-ast-engine", "fingerprint": "1a5c0619294d8168ab30bc48e49e0571d4d50e561570032abccaddbe595af621", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a5c0619294d8168ab30bc48e49e0571d4d50e561570032abccaddbe595af621"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_render_teaser.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_sharpa_grasp_env_rejects_gravity_randomization: Test function `test_sharpa_grasp_env_rejects_gravity_randomization` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 102717, "scanner": "repobility-ast-engine", "fingerprint": "38529128ff796b456a434a0741e011949d844dfd7b47034c55bb927edf012899", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|38529128ff796b456a434a0741e011949d844dfd7b47034c55bb927edf012899"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_sharpa.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 102687, "scanner": "repobility-docker", "fingerprint": "ab4d4f3ca8986cd9702039a405e22ac5d2b714d7ab3a1f290bff0629c6c6be54", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ab4d4f3ca8986cd9702039a405e22ac5d2b714d7ab3a1f290bff0629c6c6be54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 102647, "scanner": "repobility-threat-engine", "fingerprint": "87ac71767223d765452bb707ed0ef10ae53d7356784a70f3b18d78f85d769bb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|87ac71767223d765452bb707ed0ef10ae53d7356784a70f3b18d78f85d769bb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/tools/render_teaser.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 102631, "scanner": "repobility-threat-engine", "fingerprint": "ae9813d236e9c5ddd2265ff4c0aa12030b68864f622d90558e1c1094d2fc9107", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"_PPO_MLX_TASKS\\s*=\\s*(\\{[^\\n]+\\})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|177|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/utils/support_matrix.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 102630, "scanner": "repobility-threat-engine", "fingerprint": "7d9628808a7b3740986a51b941f8ca093d416b08e0dfb2a8509fdba711ef1b79", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"Chip:\\s*(.+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|42|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/device_info.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 102624, "scanner": "repobility-threat-engine", "fingerprint": "dbda6afff23853c6a6d953e8bb6ed5ee279738d90603abc8f28f7462cd703964", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.emp_norm.update(avg)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dbda6afff23853c6a6d953e8bb6ed5ee279738d90603abc8f28f7462cd703964"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/mlx/common/normalization.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 102623, "scanner": "repobility-threat-engine", "fingerprint": "b6f139260af2476fde089b89970d023c2ad95e3d12d92e8c6906edcd8119b1c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "child.delete(geom)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b6f139260af2476fde089b89970d023c2ad95e3d12d92e8c6906edcd8119b1c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/visualize_task_env.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 102622, "scanner": "repobility-threat-engine", "fingerprint": "5f6352ddde8d085fb27c75793818980e58c6ccd1480f9ae9457939b89a0bbb23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "gs_mod.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5f6352ddde8d085fb27c75793818980e58c6ccd1480f9ae9457939b89a0bbb23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_physics_step_genesis.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 102612, "scanner": "repobility-threat-engine", "fingerprint": "7b67647cb3d840e1f16fc9d9108cb40838b992843b52c74284767317b6aa1197", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b67647cb3d840e1f16fc9d9108cb40838b992843b52c74284767317b6aa1197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/mem_profile.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 102611, "scanner": "repobility-threat-engine", "fingerprint": "d780f6ee081699cf1b19fa491ba063eaf57fd2c307c5035075a8d3178f245e47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d780f6ee081699cf1b19fa491ba063eaf57fd2c307c5035075a8d3178f245e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/core/device_info.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 102610, "scanner": "repobility-threat-engine", "fingerprint": "41d0090dd8c588e60e663c20ef790bfdde0bca5e50c6278aa218ed854071ebf2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41d0090dd8c588e60e663c20ef790bfdde0bca5e50c6278aa218ed854071ebf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_fast_sac_backends.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 102770, "scanner": "repobility-ast-engine", "fingerprint": "0d4649aaf55171ba2de78689beb1023f5e67845e4d531de44622ae9da27a7233", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d4649aaf55171ba2de78689beb1023f5e67845e4d531de44622ae9da27a7233"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/envs/motion_tracking/g1/motion_loader.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 102768, "scanner": "repobility-ast-engine", "fingerprint": "0c21cc273f08cdae0c8781a88e57c172004bd69bf845f69d40ae7fce1c4e2112", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c21cc273f08cdae0c8781a88e57c172004bd69bf845f69d40ae7fce1c4e2112"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/torch/appo/runner.py"}, "region": {"startLine": 439}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 102767, "scanner": "repobility-ast-engine", "fingerprint": "5497bb3ca398c8b1415dfcd48275c3f49b3a5634d0d81eef2ee019486a63e09b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5497bb3ca398c8b1415dfcd48275c3f49b3a5634d0d81eef2ee019486a63e09b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/scripts/doc_checks.py"}, "region": {"startLine": 447}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 102716, "scanner": "repobility-ast-engine", "fingerprint": "3ea620b0b534f3239153c6007748de44f363ab94020b82a4ebdb2e759090cf44", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ea620b0b534f3239153c6007748de44f363ab94020b82a4ebdb2e759090cf44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/benchmark_replay_buffer_placement.py"}, "region": {"startLine": 744}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 102640, "scanner": "repobility-threat-engine", "fingerprint": "171b2285dff2b72b1468f510269e6b8a6969a168c4530c4ac458b72addc5d676", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|171b2285dff2b72b1468f510269e6b8a6969a168c4530c4ac458b72addc5d676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/mlx/ppo/runner.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 102639, "scanner": "repobility-threat-engine", "fingerprint": "7983c271009b8a8dbba8f4c57ec90c3b8a282f665ae6b6d855a5118f5f84cceb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7983c271009b8a8dbba8f4c57ec90c3b8a282f665ae6b6d855a5118f5f84cceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/unilab/algos/mlx/ppo/runner.py"}, "region": {"startLine": 161}}}]}]}]}