{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-jg22-mg44-37j8", "name": "aiohttp: GHSA-jg22-mg44-37j8", "shortDescription": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "fullDescription": {"text": "AIOHTTP is Vulnerable to Deserialization of Untrusted Data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hg6j-4rv6-33pg", "name": "aiohttp: GHSA-hg6j-4rv6-33pg", "shortDescription": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "fullDescription": {"text": "AIOHTTP is vulnerable to cross-origin redirect with per-request cookies"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC003", "name": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.", "shortDescription": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "fullDescription": {"text": "Never commit secrets. Use .env files with .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "AGT013", "name": "Agent auto-approve or skip-permissions mode is easy to enable", "shortDescription": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "fullDescription": {"text": "Codex/agent auto-approve, YOLO, or skip-permissions modes can be useful in isolated automation, but they remove the human checkpoint before command execution, network access, and file edits."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 13."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter (and 1 more): Same pattern found in 1 additional files. Review if n", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based o", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `astral-sh/setup-uv` pinned to mutable ref `@v3`", "shortDescription": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v3`"}, "fullDescription": {"text": "`uses: astral-sh/setup-uv@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_temperature_zero", "shortDescription": {"text": "Phantom test coverage: test_temperature_zero"}, "fullDescription": {"text": "Test function `test_temperature_zero` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._send` used but never assigned in __init__", "shortDescription": {"text": "`self._send` used but never assigned in __init__"}, "fullDescription": {"text": "Method `unpark_target` of class `DflashClient` reads `self._send`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.SUBMODULE_PAT` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.SUBMODULE_PAT` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SUBMODULE_PAT }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1128"}, "properties": {"repository": "Luce-Org/lucebox-hub", "repoUrl": "https://github.com/Luce-Org/lucebox-hub", "branch": "main"}, "results": [{"ruleId": "GHSA-jg22-mg44-37j8", "level": "warning", "message": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "properties": {"repobilityId": 111590, "scanner": "osv-scanner", "fingerprint": "f360dcc0eba31763fb048fbf952ff9aaacd93fae36b950018274d5457fa1322d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34993"], "package": "aiohttp", "rule_id": "GHSA-jg22-mg44-37j8", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34993|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hg6j-4rv6-33pg", "level": "warning", "message": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "properties": {"repobilityId": 111589, "scanner": "osv-scanner", "fingerprint": "2da1f8cf81a5e62587e98e266536e6b0ec96ebc178f00a59702cebb0a7957e28", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47265"], "package": "aiohttp", "rule_id": "GHSA-hg6j-4rv6-33pg", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-47265|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 111584, "scanner": "repobility-threat-engine", "fingerprint": "efdb883a80d170b59119be3dace50b3d0cac91d47bec17bb3b29df7b21233769", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify        = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|31|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_daemon.h"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 111583, "scanner": "repobility-threat-engine", "fingerprint": "2923bd2f587123ce5e2cd344c171f9034ae2e5f16df982a24c813c273f3e21c9", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify      = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|61|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_backend.h"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 111582, "scanner": "repobility-threat-engine", "fingerprint": "26754360251afbadffdb1020264bf773fc59262871373cb873d0bbc524983721", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify       = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|50|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/common/backend_factory.h"}, "region": {"startLine": 50}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 111574, "scanner": "repobility-threat-engine", "fingerprint": "26ca7e7870d143a247f90b7cd3f555d494168d9b8b417635a7aa384af54a2492", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|26ca7e7870d143a247f90b7cd3f555d494168d9b8b417635a7aa384af54a2492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_ab_simple.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 111573, "scanner": "repobility-threat-engine", "fingerprint": "311c43795622050f9cb4d6857d930e6196a526fb88e4d5d8d9ee88aa13120633", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|311c43795622050f9cb4d6857d930e6196a526fb88e4d5d8d9ee88aa13120633"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 111572, "scanner": "repobility-threat-engine", "fingerprint": "b03834016ef1012eeb08e3979416451ee4fb4506ef7118b741388800952a9767", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: setup/install wizard (placeholder values)]", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: setup/install wizard (placeholder values)]", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|b03834016ef1012eeb08e3979416451ee4fb4506ef7118b741388800952a9767"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/setup.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC003", "level": "warning", "message": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "properties": {"repobilityId": 111558, "scanner": "repobility-threat-engine", "fingerprint": "0462a8478c415e588b6f359a56570b8e81c6eea07786dd392e7d4fdb561b316a", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "evidence": {"match": "SECRET_KEY=\"lucebox-local-secret\"", "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "rule_id": "SEC003", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|5|secret_key lucebox-local-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui_tools.sh"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC003", "level": "warning", "message": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "properties": {"repobilityId": 111557, "scanner": "repobility-threat-engine", "fingerprint": "3cd41546869eec68b1194c4f5bbb7ebf5a4fa92d060f91f04d7de18d26b2e7df", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "evidence": {"match": "SECRET_KEY=\"lucebox-local-secret\"", "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "rule_id": "SEC003", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|2|secret_key lucebox-local-secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui.sh"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 111556, "scanner": "repobility-threat-engine", "fingerprint": "ef40ab4663e1baa4a0f140273800c2ff0e0c1da80c910d99d14b5c2d2f9b2795", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (4.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD=\"<redacted>\"", "reason": "Low entropy value (4.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|5|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui_tools.sh"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 111555, "scanner": "repobility-threat-engine", "fingerprint": "d639742b40745e6edda099dc0fcdb003a31aad70e784c70334f4a9a92aeb7e2e", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (4.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD=\"<redacted>\"", "reason": "Low entropy value (4.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|3|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui.sh"}, "region": {"startLine": 34}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 111534, "scanner": "repobility-agent-runtime", "fingerprint": "393ddca6398366bb518f8e3efdd8bb1f07c6f03b6b5abbbc4f1c58620915edee", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|393ddca6398366bb518f8e3efdd8bb1f07c6f03b6b5abbbc4f1c58620915edee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_hermes.sh"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111502, "scanner": "repobility-ast-engine", "fingerprint": "c566b17b3aa5c6a047286fa849605ca9697e297167f151e41d9c1a61abe65b4b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c566b17b3aa5c6a047286fa849605ca9697e297167f151e41d9c1a61abe65b4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/phase_split_dual_gpu.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111501, "scanner": "repobility-ast-engine", "fingerprint": "4391bcbbd202b66884aa9cbe49d2ca64e58cbf457970b40abd313d608bee29b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4391bcbbd202b66884aa9cbe49d2ca64e58cbf457970b40abd313d608bee29b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_llm.py"}, "region": {"startLine": 421}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111500, "scanner": "repobility-ast-engine", "fingerprint": "e20c5277d1f5853de38c56306c332e94f6f62bc455bb0bdb64391e696c22dd58", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e20c5277d1f5853de38c56306c332e94f6f62bc455bb0bdb64391e696c22dd58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_agent_loop.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111499, "scanner": "repobility-ast-engine", "fingerprint": "d5f494909a63b0d45cebcb9fbc88ce073f7b1e37f6ee8a28ed5ece32bf599852", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5f494909a63b0d45cebcb9fbc88ce073f7b1e37f6ee8a28ed5ece32bf599852"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_daemon.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111498, "scanner": "repobility-ast-engine", "fingerprint": "f198d59704e5e1a667cce8fb2c6f6527861edec2b4f7612bdac13a4b35d37716", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f198d59704e5e1a667cce8fb2c6f6527861edec2b4f7612bdac13a4b35d37716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_he_http.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111497, "scanner": "repobility-ast-engine", "fingerprint": "d8135d3ea96d427f43b24e2912076fa55e4962821f6d0aab6be290c5cc57d76f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8135d3ea96d427f43b24e2912076fa55e4962821f6d0aab6be290c5cc57d76f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/test_server_integration.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111496, "scanner": "repobility-ast-engine", "fingerprint": "b13ae0b0ba0d8a67393b7d24d922e1847def144ad54a51f4454b80dcffc06ec8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b13ae0b0ba0d8a67393b7d24d922e1847def144ad54a51f4454b80dcffc06ec8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_humaneval_plus.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111495, "scanner": "repobility-ast-engine", "fingerprint": "1a58a91cf9dae638c7ac512a0a609edaee1cd93586bd11b307076ebec9e1910c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a58a91cf9dae638c7ac512a0a609edaee1cd93586bd11b307076ebec9e1910c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_humaneval_plus.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111494, "scanner": "repobility-ast-engine", "fingerprint": "e59a523f7d0cdf96b40d1668798ec6a77ae8951af26ecb1c1cec932b08e4f28b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e59a523f7d0cdf96b40d1668798ec6a77ae8951af26ecb1c1cec932b08e4f28b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_humaneval_plus.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111493, "scanner": "repobility-ast-engine", "fingerprint": "0870ecdfa1a812993c3d8e5e84aa02cdfa07984a94794b3e6364c1a9154eae06", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0870ecdfa1a812993c3d8e5e84aa02cdfa07984a94794b3e6364c1a9154eae06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_ab_simple.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111492, "scanner": "repobility-ast-engine", "fingerprint": "24c661f4880d5a0c75a2ae2ff4f1dbd336c8a33e7a485ded37eb8b85e6935a09", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24c661f4880d5a0c75a2ae2ff4f1dbd336c8a33e7a485ded37eb8b85e6935a09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_ab_simple.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111491, "scanner": "repobility-ast-engine", "fingerprint": "eea9028274444a56f9b96bbb5c274be525a12f8ab37a60cbb749484a5175aaa4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eea9028274444a56f9b96bbb5c274be525a12f8ab37a60cbb749484a5175aaa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_server.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111490, "scanner": "repobility-ast-engine", "fingerprint": "57b8229da7febd6a34248b5d8c78de8ae2607c149dde2572cc120e16c0aab165", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57b8229da7febd6a34248b5d8c78de8ae2607c149dde2572cc120e16c0aab165"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_server.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111489, "scanner": "repobility-ast-engine", "fingerprint": "df4d9103f391f260eff17c1de8a5d579adce1d9f0922e0d7af7bbb8f00a60785", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df4d9103f391f260eff17c1de8a5d579adce1d9f0922e0d7af7bbb8f00a60785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_server.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111488, "scanner": "repobility-ast-engine", "fingerprint": "379e32ee33d805cf7d75183641611b3da7cd60e86b066d253e0095113e2f63f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|379e32ee33d805cf7d75183641611b3da7cd60e86b066d253e0095113e2f63f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_server.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111487, "scanner": "repobility-ast-engine", "fingerprint": "ac2159823de489d119069e0111f8c8eed412d86e240075c55e940089f05c730d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac2159823de489d119069e0111f8c8eed412d86e240075c55e940089f05c730d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_server.py"}, "region": {"startLine": 434}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111486, "scanner": "repobility-ast-engine", "fingerprint": "f5f6399d866614bd75cd2129f7617720e5232ac052d773ad9636b3f132b36050", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5f6399d866614bd75cd2129f7617720e5232ac052d773ad9636b3f132b36050"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_agent.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111485, "scanner": "repobility-ast-engine", "fingerprint": "9c5623ec8be70c774b404da14a2900aab2c6b6091a397780db7a5696394f323a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c5623ec8be70c774b404da14a2900aab2c6b6091a397780db7a5696394f323a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_agent.py"}, "region": {"startLine": 376}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111484, "scanner": "repobility-ast-engine", "fingerprint": "edef0554f7342ee07eb50d6bed64a7286f13821daa142e08d98665a47a1e5aab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|edef0554f7342ee07eb50d6bed64a7286f13821daa142e08d98665a47a1e5aab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_agent.py"}, "region": {"startLine": 302}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111483, "scanner": "repobility-ast-engine", "fingerprint": "b63c7dffec770884fdc182e1ce35e004d5e4bde98cfe53527ca9685d876bf7e6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b63c7dffec770884fdc182e1ce35e004d5e4bde98cfe53527ca9685d876bf7e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_he.py"}, "region": {"startLine": 431}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111482, "scanner": "repobility-ast-engine", "fingerprint": "6ad31b9e794c4d83b9a85cd4103a925fe8e6567b2c05b8f564731b0b95bc9b59", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ad31b9e794c4d83b9a85cd4103a925fe8e6567b2c05b8f564731b0b95bc9b59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111459, "scanner": "repobility-ast-engine", "fingerprint": "464ed70b6c7f843194c0206a6aff5491d607e8aecab8563d4f62715ab5f7602e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|464ed70b6c7f843194c0206a6aff5491d607e8aecab8563d4f62715ab5f7602e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/final_bench_nvfp4.py"}, "region": {"startLine": 351}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111455, "scanner": "repobility-ast-engine", "fingerprint": "d2603b733227ee3ae26a61aa5935e437d0991901858bd959f0c30340e40b3b44", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2603b733227ee3ae26a61aa5935e437d0991901858bd959f0c30340e40b3b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/client_test_runner.py"}, "region": {"startLine": 1751}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111454, "scanner": "repobility-ast-engine", "fingerprint": "6283f444d9ae1d50b79606add4e8d0dfe6cca699f4c0f04aacd742266f6ceb7f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6283f444d9ae1d50b79606add4e8d0dfe6cca699f4c0f04aacd742266f6ceb7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/client_test_runner.py"}, "region": {"startLine": 1591}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 111453, "scanner": "repobility-ast-engine", "fingerprint": "ad01ab6a99e5312a6a8f989e4c6fc63d8d711e2abaaee559f9ebc021b5628282", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad01ab6a99e5312a6a8f989e4c6fc63d8d711e2abaaee559f9ebc021b5628282"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/client_test_runner.py"}, "region": {"startLine": 954}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 111422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dbad923f3ea8cb52b2915603e5d46133f8cab6f5d7affb8133d90c4c41331fb4", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|dbad923f3ea8cb52b2915603e5d46133f8cab6f5d7affb8133d90c4c41331fb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/cuda_cross_device_copy.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=3, else=1, for=1, if=2, nested_bonus=2, or=1, ternary=3."}, "properties": {"repobilityId": 111561, "scanner": "repobility-threat-engine", "fingerprint": "72d32cdf2832ad30e6e789a2c8f960ef13947ed2d63c51cc356d177e64a1c948", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "or": 1, "and": 3, "for": 1, "else": 1, "ternary": 3, "nested_bonus": 2}, "complexity": 13, "correlation_key": "fp|72d32cdf2832ad30e6e789a2c8f960ef13947ed2d63c51cc356d177e64a1c948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/summarize_backend_pair.py"}, "region": {"startLine": 255}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_relay_response` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, for=1, if=3, nested_bonus=4, while=1."}, "properties": {"repobilityId": 111559, "scanner": "repobility-threat-engine", "fingerprint": "0c1c2cb1ae4fbbfe6713c94d4ffae6a76f1af9ee27f95d75489d12fb2d483077", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_relay_response", "breakdown": {"if": 3, "for": 1, "else": 1, "break": 1, "while": 1, "nested_bonus": 4}, "complexity": 11, "correlation_key": "fp|0c1c2cb1ae4fbbfe6713c94d4ffae6a76f1af9ee27f95d75489d12fb2d483077"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/session_inject_proxy.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111452, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70ca2d9ff18203f99224470bd7b95a4a529346a35e071c58e5c83c26ea95e0b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/qwen35/qwen35_daemon.cpp", "duplicate_line": 3, "correlation_key": "fp|70ca2d9ff18203f99224470bd7b95a4a529346a35e071c58e5c83c26ea95e0b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35moe/qwen35moe_daemon.cpp"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111451, "scanner": "repobility-ai-code-hygiene", "fingerprint": "671e2e6e5dc6fa87800d1f406d282e2bf9544890443648eeab3c6477598d0075", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/gemma4/gemma4_dflash_target.h", "duplicate_line": 8, "correlation_key": "fp|671e2e6e5dc6fa87800d1f406d282e2bf9544890443648eeab3c6477598d0075"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_layer_split_dflash_target.h"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111450, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1eeae1c823c4596cb098ee7075a5ae1b7414701a6f87f07ccc024e6847b4cbd4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/gemma4/gemma4_dflash_target.h", "duplicate_line": 8, "correlation_key": "fp|1eeae1c823c4596cb098ee7075a5ae1b7414701a6f87f07ccc024e6847b4cbd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_dflash_target.h"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111449, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a69ff1fbe7e974a9a03f2ee52a8fed45be5838ee8437920c2fbac032951a98c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/common/backend_factory.h", "duplicate_line": 8, "correlation_key": "fp|6a69ff1fbe7e974a9a03f2ee52a8fed45be5838ee8437920c2fbac032951a98c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_daemon.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111448, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd7fb8296a7eca454f4066f9610113db63b8666bb9d531da1a0eab2ca8fd461e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/common/backend_factory.cpp", "duplicate_line": 55, "correlation_key": "fp|dd7fb8296a7eca454f4066f9610113db63b8666bb9d531da1a0eab2ca8fd461e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_daemon.cpp"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111447, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fdf4a290dcae4fc8b4de5e6fb4db8cbaebe4e7b5a96853a6079eea0594017120", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/qwen3/qwen3_backend.h", "duplicate_line": 39, "correlation_key": "fp|fdf4a290dcae4fc8b4de5e6fb4db8cbaebe4e7b5a96853a6079eea0594017120"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_backend.h"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111446, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c1406d4fa3fcbd75be49546dfe8a980a9e32992717b179ac33499eaf2f1ad54", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/laguna/laguna_backend.h", "duplicate_line": 13, "correlation_key": "fp|1c1406d4fa3fcbd75be49546dfe8a980a9e32992717b179ac33499eaf2f1ad54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_backend.h"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111445, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dfd289d4266c72bb6a2cd18e0cdf2bd9c6df8b3a045ff7eea0fb8ce6f4f53c11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/laguna/laguna_layer_split_adapter.cpp", "duplicate_line": 111, "correlation_key": "fp|dfd289d4266c72bb6a2cd18e0cdf2bd9c6df8b3a045ff7eea0fb8ce6f4f53c11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/layer_split_forward.cpp"}, "region": {"startLine": 125}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111444, "scanner": "repobility-ai-code-hygiene", "fingerprint": "42b060a36efadcb4280529e04c1f3a36c1fcf75d5db5cf943e5dd9acce18f97d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/qwen35/layer_split_daemon.cpp", "duplicate_line": 1, "correlation_key": "fp|42b060a36efadcb4280529e04c1f3a36c1fcf75d5db5cf943e5dd9acce18f97d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/layer_split_daemon.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111443, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f636ebc1e207580cf41907347412f372449eae2beab2d98631f0b2157aa9587", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/qwen35/graph_builders.cpp", "duplicate_line": 1, "correlation_key": "fp|6f636ebc1e207580cf41907347412f372449eae2beab2d98631f0b2157aa9587"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/graph_builders.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111442, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aba574bc790784b217529a40d7189c8606c1128b90bdf3a0075b7a45be42b1a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/gemma4/gemma4_loader.cpp", "duplicate_line": 49, "correlation_key": "fp|aba574bc790784b217529a40d7189c8606c1128b90bdf3a0075b7a45be42b1a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/gguf_target_loader.cpp"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111441, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ace9dfecd7a133609e0639277872187f0cd6a7285d29733d02e820f6fe755de", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/draft/draft_gguf_loader.cpp", "duplicate_line": 2, "correlation_key": "fp|5ace9dfecd7a133609e0639277872187f0cd6a7285d29733d02e820f6fe755de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/gguf_target_loader.cpp"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111440, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b79991637e922a574af61b6848bd2b678a9723bdbfd916a4753b3e1dacb4ac94", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/gemma4/gemma4_backend.h", "duplicate_line": 18, "correlation_key": "fp|b79991637e922a574af61b6848bd2b678a9723bdbfd916a4753b3e1dacb4ac94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen3/qwen3_backend.h"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111439, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7630114256d7e51fabfa2ad7432a2922988d48544ca191083a962934924e9d8e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/gemma4/gemma4_backend.cpp", "duplicate_line": 186, "correlation_key": "fp|7630114256d7e51fabfa2ad7432a2922988d48544ca191083a962934924e9d8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen3/qwen3_backend.cpp"}, "region": {"startLine": 315}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111438, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11b184b047014c0d8d11bd5ba5bb93da62c9ba75b3e448bd40f7e33210971040", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/gemma4/gemma4_layer_split_adapter.h", "duplicate_line": 31, "correlation_key": "fp|11b184b047014c0d8d11bd5ba5bb93da62c9ba75b3e448bd40f7e33210971040"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/laguna/laguna_layer_split_adapter.h"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111437, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b0183c46a17849acb9b892701297d026ebda52c485076c3cd6ba24165166307", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/gemma4/gemma4_backend.h", "duplicate_line": 23, "correlation_key": "fp|1b0183c46a17849acb9b892701297d026ebda52c485076c3cd6ba24165166307"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/laguna/laguna_backend.h"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111436, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24093a8b10f8c90a1925dc0aa04a659cbc9fef28ced619d39409426097edd14e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/hip_compat/cuda_bf16.h", "duplicate_line": 11, "correlation_key": "fp|24093a8b10f8c90a1925dc0aa04a659cbc9fef28ced619d39409426097edd14e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/hip_compat/cuda_bf16.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111435, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39ffea4b60052d87aa4c05caeeaf75c601bb54931f0e07ab1da013037d61510a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/src/draft/draft_gguf_loader.cpp", "duplicate_line": 3, "correlation_key": "fp|39ffea4b60052d87aa4c05caeeaf75c601bb54931f0e07ab1da013037d61510a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/draft/draft_safetensors_loader.cpp"}, "region": {"startLine": 207}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "91c123cc2c298c020f9e71f67a64e25969ff4acb689d2c894f215aa6671ec868", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/scripts/quantize_draft_q8.py", "duplicate_line": 96, "correlation_key": "fp|91c123cc2c298c020f9e71f67a64e25969ff4acb689d2c894f215aa6671ec868"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quantize_gemma_dflash_q8.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49c24a54fe979e4d0f23a1e5f83cbd80faf6264bc71d59e9dc07fb9ad41ed711", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/scripts/convert_dflash_to_gguf.py", "duplicate_line": 48, "correlation_key": "fp|49c24a54fe979e4d0f23a1e5f83cbd80faf6264bc71d59e9dc07fb9ad41ed711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quantize_gemma_dflash_q8.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f08cac8a086b6ed24de8923423c2de2edb7559be4b4f0a241538aaa3283fac7d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/scripts/convert_dflash_to_gguf.py", "duplicate_line": 44, "correlation_key": "fp|f08cac8a086b6ed24de8923423c2de2edb7559be4b4f0a241538aaa3283fac7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quantize_draft_q8.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3172031b87001370a3efbbab1c121e4f5ca25503cdc62087eac3d60acdcd45f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/scripts/bench_llm.py", "duplicate_line": 221, "correlation_key": "fp|3172031b87001370a3efbbab1c121e4f5ca25503cdc62087eac3d60acdcd45f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_server.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2eab88f35888ef05b9760695b227c04481b9860bd41f426c76a74499f84dc60b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/scripts/bench_agent.py", "duplicate_line": 32, "correlation_key": "fp|2eab88f35888ef05b9760695b227c04481b9860bd41f426c76a74499f84dc60b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_llm.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6ba1868dc13ca59ae469d42489f6b3c6f8adc0931c368e894f501cda7cc97872", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "optimizations/megakernel/model.py", "duplicate_line": 16, "correlation_key": "fp|6ba1868dc13ca59ae469d42489f6b3c6f8adc0931c368e894f501cda7cc97872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94a706aa955ebad3abed88d4935e6fa77023d1ad5b35aa049127836c0bcfb821", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "optimizations/megakernel/bench_pp_tg_nvfp4.py", "duplicate_line": 12, "correlation_key": "fp|94a706aa955ebad3abed88d4935e6fa77023d1ad5b35aa049127836c0bcfb821"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/final_bench_nvfp4.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39430b020332b6b3d6bf8f775d5e0116f19b7682e92372b9fca90950539d1109", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "optimizations/megakernel/bench_pp_tg.py", "duplicate_line": 8, "correlation_key": "fp|39430b020332b6b3d6bf8f775d5e0116f19b7682e92372b9fca90950539d1109"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/final_bench.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aea25fd660f6d7144f469af9fb8a16ead9b18ec15758bf2ea852b8ded0e85c0e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "optimizations/megakernel/bench_pp_tg.py", "duplicate_line": 29, "correlation_key": "fp|aea25fd660f6d7144f469af9fb8a16ead9b18ec15758bf2ea852b8ded0e85c0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/diag_prefill_kernels.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "776e09bd9ea1308ed9826c745c0733a43f34374ba79570ca2aab8bdf3f745197", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "optimizations/megakernel/diag_phase2_metrics.py", "duplicate_line": 14, "correlation_key": "fp|776e09bd9ea1308ed9826c745c0733a43f34374ba79570ca2aab8bdf3f745197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/diag_prefill_kernels.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4086b8c2913a249b1b3b70a84250bf94d6d1d86d6dd89606f5840752a4ab11cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "optimizations/megakernel/bench_pp_tg.py", "duplicate_line": 50, "correlation_key": "fp|4086b8c2913a249b1b3b70a84250bf94d6d1d86d6dd89606f5840752a4ab11cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/diag_phase2_metrics.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 111423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0f0cab43b9a36c79233411db5adcf2764551d6cc6e3e00caf88456360e5205c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "optimizations/megakernel/build_corpus.py", "duplicate_line": 82, "correlation_key": "fp|0f0cab43b9a36c79233411db5adcf2764551d6cc6e3e00caf88456360e5205c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/diag_phase2_metrics.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 111421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b522a45311a38101fe5093281f7c31cb227af57065c4640c47b151e2d2fa2043", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b522a45311a38101fe5093281f7c31cb227af57065c4640c47b151e2d2fa2043"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/cuda_cross_device_copy.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 111579, "scanner": "repobility-threat-engine", "fingerprint": "3dd8ee73f552c6c62d3e93b5833aeef5441f0da9676f52fcac1d3e81c8407112", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3dd8ee73f552c6c62d3e93b5833aeef5441f0da9676f52fcac1d3e81c8407112"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_ab_simple.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 111578, "scanner": "repobility-threat-engine", "fingerprint": "5be3434a64d470dae4d566c2a88239e065b476472f087dd6b48ed36190260561", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5be3434a64d470dae4d566c2a88239e065b476472f087dd6b48ed36190260561"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_agent_loop.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 111577, "scanner": "repobility-threat-engine", "fingerprint": "b1491f762918ccb7ca462af9dfdf57207889f0d6388dbc9d742d976fad6ae8c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b1491f762918ccb7ca462af9dfdf57207889f0d6388dbc9d742d976fad6ae8c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/examples/chat.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 111571, "scanner": "repobility-threat-engine", "fingerprint": "a56cd9e718dd335d0dddf98e3616243971a4b90d551ed7e1df112a40bf31b99c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a56cd9e718dd335d0dddf98e3616243971a4b90d551ed7e1df112a40bf31b99c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_ab_simple.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 111570, "scanner": "repobility-threat-engine", "fingerprint": "e0147a1bdc50f48f7c23a3f099592254825e6b21ae7ce9b19a8dcf24313c7e1d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e0147a1bdc50f48f7c23a3f099592254825e6b21ae7ce9b19a8dcf24313c7e1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 111569, "scanner": "repobility-threat-engine", "fingerprint": "090bf8eb49e1cca9c379971d28ac6b656a8edfc9abc8684302962aad15530f2d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|090bf8eb49e1cca9c379971d28ac6b656a8edfc9abc8684302962aad15530f2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/setup.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 111565, "scanner": "repobility-threat-engine", "fingerprint": "cceb7de732e7d488d05edb9c9ba6e91cbe860523786e519fabbe9e2bb3493af6", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|111|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/parity_laguna.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 111564, "scanner": "repobility-threat-engine", "fingerprint": "548a55ebd842d26984e53c2d6957aba5d5d62dea74ee800e0a45c16eea420775", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|118|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/final_bench.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 111562, "scanner": "repobility-threat-engine", "fingerprint": "45af6889f41d225896654b4e8bce4a06163b95f6afa9f4f2920d6273da56e139", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_relay_response", "breakdown": {"if": 3, "for": 1, "else": 1, "break": 1, "while": 1, "nested_bonus": 4}, "aggregated": true, "complexity": 11, "correlation_key": "fp|45af6889f41d225896654b4e8bce4a06163b95f6afa9f4f2920d6273da56e139", "aggregated_count": 25}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 111554, "scanner": "repobility-threat-engine", "fingerprint": "6a18ab7a9e98c274da2376be7d4db90ac5c0793ef3977493da2ca34a4a66e837", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6a18ab7a9e98c274da2376be7d4db90ac5c0793ef3977493da2ca34a4a66e837", "aggregated_count": 5}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 111553, "scanner": "repobility-threat-engine", "fingerprint": "d985370df2c8ad75c2636d52a47fad1e922dad64793155239a958cf06d0c687d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d985370df2c8ad75c2636d52a47fad1e922dad64793155239a958cf06d0c687d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui_tools.sh"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 111552, "scanner": "repobility-threat-engine", "fingerprint": "25127b4f54187e58023ccfad716002abe77e48e6745b717e16518432c59f20eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25127b4f54187e58023ccfad716002abe77e48e6745b717e16518432c59f20eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui.sh"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 111551, "scanner": "repobility-threat-engine", "fingerprint": "c61ab0dd218d7d8245ca5c4a13d484d896398cde3f086c562fc44a3717657556", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c61ab0dd218d7d8245ca5c4a13d484d896398cde3f086c562fc44a3717657556"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_claude_llamacpp_matrix.sh"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC103", "level": "none", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 111550, "scanner": "repobility-threat-engine", "fingerprint": "22508ccee32638f9ac364756933bbf6b1f3edd72383ba0881512139ec7cc5c09", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|22508ccee32638f9ac364756933bbf6b1f3edd72383ba0881512139ec7cc5c09"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 111546, "scanner": "repobility-threat-engine", "fingerprint": "019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 111545, "scanner": "repobility-threat-engine", "fingerprint": "492173596fdae4cad57ecccfeb16dac77f11a74ae083d29e0307b7e6aa81a285", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(data.get(\"token\", \"\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|11|print data.get token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui_tools.sh"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 111544, "scanner": "repobility-threat-engine", "fingerprint": "c1445b6a5184f2b9edc46febafe5891924e2232343747bb8fc16c55e7c986311", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(data.get(\"token\", \"\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|8|print data.get token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_openwebui.sh"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 111543, "scanner": "repobility-threat-engine", "fingerprint": "b9c3e1421485458637874b1dbb43fba248aba4f6f9cb26b3e67dadaf7fdcc3b1", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(f\"| {r['name']} | {r['rc']} | {'yes' if r['marker'] else 'no'} | {r['prompt_tokens'] or ''} |", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|8|print f r name r rc yes if r marker else no r prompt_tokens or"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_claude_llamacpp_matrix.sh"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 111542, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 111538, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111537, "scanner": "repobility-threat-engine", "fingerprint": "0c436f4636798ee89312813c1fd0dd99b0d70e172008a7b44b883e53a398b618", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c436f4636798ee89312813c1fd0dd99b0d70e172008a7b44b883e53a398b618"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_claude_code.sh"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111536, "scanner": "repobility-threat-engine", "fingerprint": "9097ff99adc15142e0a311ac963b13266e97e00f70c87804e4134b77dea4b52e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9097ff99adc15142e0a311ac963b13266e97e00f70c87804e4134b77dea4b52e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/common.sh"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111535, "scanner": "repobility-threat-engine", "fingerprint": "9a39ea3c190b257c568aa3eabf703855e682cac8615e1945b89c67d774706c34", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a39ea3c190b257c568aa3eabf703855e682cac8615e1945b89c67d774706c34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/benchmarks/run_lucebox_vs_llamacpp.sh"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 111587, "scanner": "repobility-threat-engine", "fingerprint": "df7910faf6a37caf56cee5a509315125e21570446ed4b3f24f3cf039aa79fee1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|df7910faf6a37caf56cee5a509315125e21570446ed4b3f24f3cf039aa79fee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_daemon.h"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 111586, "scanner": "repobility-threat-engine", "fingerprint": "6d9a4c83c0972f8d052fbef67fdeea6500b17fb56451fdbe321b00b3899c3104", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d9a4c83c0972f8d052fbef67fdeea6500b17fb56451fdbe321b00b3899c3104"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/qwen35/qwen35_backend.h"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 111585, "scanner": "repobility-threat-engine", "fingerprint": "79f5a44449e99f84fa4299f67e3e0c031229c7510606595d6074db08e68d2155", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79f5a44449e99f84fa4299f67e3e0c031229c7510606595d6074db08e68d2155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/src/common/backend_factory.h"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 111581, "scanner": "repobility-threat-engine", "fingerprint": "181570b4400ebeb7af837fb25149c65f0a7a8b66f879fd3e7bc01d225e2123ce", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(args.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|181570b4400ebeb7af837fb25149c65f0a7a8b66f879fd3e7bc01d225e2123ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quantize_draft_q8.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 111580, "scanner": "repobility-threat-engine", "fingerprint": "b57a3c190aa5ca6ba7da952d28bff69c4a4bfb35fe8e3236b6498a59e48eeaa7", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(args.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b57a3c190aa5ca6ba7da952d28bff69c4a4bfb35fe8e3236b6498a59e48eeaa7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/convert_dflash_to_gguf.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 111576, "scanner": "repobility-threat-engine", "fingerprint": "285eda80e2ca37a8b9b89c80d1ef57dbd8ca69a76ba3d8fcd7520f06146e212a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|285eda80e2ca37a8b9b89c80d1ef57dbd8ca69a76ba3d8fcd7520f06146e212a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/run.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 111575, "scanner": "repobility-threat-engine", "fingerprint": "ece0eed8cc63d5e7792f7b2d83b36933d074916bf7c34190689274fe868c5697", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ece0eed8cc63d5e7792f7b2d83b36933d074916bf7c34190689274fe868c5697"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/examples/chat.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 111568, "scanner": "repobility-threat-engine", "fingerprint": "e27b355d320e6719eb1f2eb9bbecb5fc8efadea186d4f264e6c0ca4110956825", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e27b355d320e6719eb1f2eb9bbecb5fc8efadea186d4f264e6c0ca4110956825"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/quality_ab_simple.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 111567, "scanner": "repobility-threat-engine", "fingerprint": "c7e6915ab4cdb2703642563eaf17bd210ec4acc30b06c2247c0fa3ce206863bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7e6915ab4cdb2703642563eaf17bd210ec4acc30b06c2247c0fa3ce206863bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 111566, "scanner": "repobility-threat-engine", "fingerprint": "277ad59b66efd510cde41f7e0d342c0f5eec2e93ca691d6c6d2158be8a795c90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|277ad59b66efd510cde41f7e0d342c0f5eec2e93ca691d6c6d2158be8a795c90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/setup.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 111563, "scanner": "repobility-threat-engine", "fingerprint": "5df15f1a1f0a2b6602b4c42384f29bd1cce416a23f08b92be85935dcbd60d704", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "current.update(values)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5df15f1a1f0a2b6602b4c42384f29bd1cce416a23f08b92be85935dcbd60d704"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/summarize_backend_pair.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `extract_generated_text` has cognitive complexity 131 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, continue=2, elif=4, except=1, for=6, if=17, nested_bonus=93, ternary=7."}, "properties": {"repobilityId": 111560, "scanner": "repobility-threat-engine", "fingerprint": "ec7b497a856ea21c857ca48d1147e8c61751d2185c4e21ed5fe448a138f27f03", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 131 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "extract_generated_text", "breakdown": {"if": 17, "for": 6, "elif": 4, "break": 1, "except": 1, "ternary": 7, "continue": 2, "nested_bonus": 93}, "complexity": 131, "correlation_key": "fp|ec7b497a856ea21c857ca48d1147e8c61751d2185c4e21ed5fe448a138f27f03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/summarize_backend_pair.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 111549, "scanner": "repobility-threat-engine", "fingerprint": "090b8cce7e7128714e837986597bc230a371a375e53bd2f731d4824ad6d6a814", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"sm_(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|32|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/setup.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 111548, "scanner": "repobility-threat-engine", "fingerprint": "3758f52a316e2fca1aa016994c4965af26e306b6701e0a6826078c06204116ff", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"^rc=(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|231|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/summarize_backend_pair.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 111547, "scanner": "repobility-threat-engine", "fingerprint": "4af8258c93e78d2ccc1425717c03215a7206b0fb865878dd15881875d3407485", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"^rc=(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|77|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_claude_llamacpp_matrix.sh"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 111541, "scanner": "repobility-threat-engine", "fingerprint": "fc76e46ba606d9d3122af9cec9c3e572d987679b76da3693b17e2698d1efd8d8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fc76e46ba606d9d3122af9cec9c3e572d987679b76da3693b17e2698d1efd8d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_daemon.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 111540, "scanner": "repobility-threat-engine", "fingerprint": "d9da2caed2299258b2a6e9630460530510cc84bb90b595f47b38cf5a19f161fe", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d9da2caed2299258b2a6e9630460530510cc84bb90b595f47b38cf5a19f161fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/bench_agent_loop.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 111539, "scanner": "repobility-threat-engine", "fingerprint": "3726a4d3ada1b94e80fe264a0ea4c00301e64ed94c791c5f70e71d8e56953315", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3726a4d3ada1b94e80fe264a0ea4c00301e64ed94c791c5f70e71d8e56953315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "harness/clients/run_claude_code.sh"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 111532, "scanner": "repobility-supply-chain", "fingerprint": "9c888d3e78531a75423748d849ed3265b298bbfb937b43655973a25a719fa555", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9c888d3e78531a75423748d849ed3265b298bbfb937b43655973a25a719fa555"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Jimver/cuda-toolkit` pinned to mutable ref `@v0.2.35`"}, "properties": {"repobilityId": 111531, "scanner": "repobility-supply-chain", "fingerprint": "96059d1c468bf339b6d79986ae42b9557a5b069e74b8f023e8fbba8689a14f7c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96059d1c468bf339b6d79986ae42b9557a5b069e74b8f023e8fbba8689a14f7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 111530, "scanner": "repobility-supply-chain", "fingerprint": "8e9c2e9891a278449d3016279859d1bdc9e20e759ecedea9b8c95cb2741c698d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e9c2e9891a278449d3016279859d1bdc9e20e759ecedea9b8c95cb2741c698d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 111529, "scanner": "repobility-supply-chain", "fingerprint": "644101c0b6e706f8fc833b5dec40faa06db7f4471f7b3ccdd32e80452149089b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|644101c0b6e706f8fc833b5dec40faa06db7f4471f7b3ccdd32e80452149089b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 111528, "scanner": "repobility-supply-chain", "fingerprint": "e4a64764635909eeb29322481c5d90014e9fc5f86625c96327826fbab73bc5ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e4a64764635909eeb29322481c5d90014e9fc5f86625c96327826fbab73bc5ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_temperature_zero"}, "properties": {"repobilityId": 111527, "scanner": "repobility-ast-engine", "fingerprint": "88a73aef0431abd767b827e2ff8b95956c9f8e1737bc8abb3301aa5d96cd468d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88a73aef0431abd767b827e2ff8b95956c9f8e1737bc8abb3301aa5d96cd468d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 650}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_tool_request_anthropic"}, "properties": {"repobilityId": 111526, "scanner": "repobility-ast-engine", "fingerprint": "9a992ce7c951cd430c42676bb549e76c08875a36c2cb7a0b070959586286a8f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a992ce7c951cd430c42676bb549e76c08875a36c2cb7a0b070959586286a8f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 619}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_tool_request_format"}, "properties": {"repobilityId": 111525, "scanner": "repobility-ast-engine", "fingerprint": "1f432f2562daa72e9882ca0c5d807d21a9c8939ec65004d559610c2fa8e824b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f432f2562daa72e9882ca0c5d807d21a9c8939ec65004d559610c2fa8e824b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 569}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_streaming_responses"}, "properties": {"repobilityId": 111524, "scanner": "repobility-ast-engine", "fingerprint": "9ff3d7080d6f65f8c46ceec9fe8bd95a20a7d155358a6380ec5ceb8a5e63683e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ff3d7080d6f65f8c46ceec9fe8bd95a20a7d155358a6380ec5ceb8a5e63683e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 535}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_streaming_anthropic"}, "properties": {"repobilityId": 111523, "scanner": "repobility-ast-engine", "fingerprint": "2c048a320bdd27abc8eae752cf743be5a734ce629506bf54ecd79efa1bd6285f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c048a320bdd27abc8eae752cf743be5a734ce629506bf54ecd79efa1bd6285f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 500}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_nonstreaming_responses_string_input"}, "properties": {"repobilityId": 111522, "scanner": "repobility-ast-engine", "fingerprint": "70f378138f07bc00bb8ec9396976a119db30689c2d92cd00b4dff38d9723afbe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70f378138f07bc00bb8ec9396976a119db30689c2d92cd00b4dff38d9723afbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 477}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_nonstreaming_responses_full"}, "properties": {"repobilityId": 111521, "scanner": "repobility-ast-engine", "fingerprint": "8b6b4bc741bb4f37d6ca112ad1dcc32eb7f23daa10b71cb42719a40ec50b58ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b6b4bc741bb4f37d6ca112ad1dcc32eb7f23daa10b71cb42719a40ec50b58ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 437}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_nonstreaming_anthropic_full"}, "properties": {"repobilityId": 111520, "scanner": "repobility-ast-engine", "fingerprint": "b50a446a21fff3b5119bf56c54cd6a7e40b89dd8ffc8bad0e822061f232ce84e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b50a446a21fff3b5119bf56c54cd6a7e40b89dd8ffc8bad0e822061f232ce84e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 413}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_reasoning_streaming_openai"}, "properties": {"repobilityId": 111519, "scanner": "repobility-ast-engine", "fingerprint": "1a5f726b0f71cc42cac33ac13cab04d6670bd878f3dec5831c103002d53a2c3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a5f726b0f71cc42cac33ac13cab04d6670bd878f3dec5831c103002d53a2c3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 360}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_reasoning_nonstreaming_anthropic"}, "properties": {"repobilityId": 111518, "scanner": "repobility-ast-engine", "fingerprint": "ec7c78c9d726a68590ffc159146af1bad4ae1e9b8194cebc24ce72832b93266b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec7c78c9d726a68590ffc159146af1bad4ae1e9b8194cebc24ce72832b93266b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_reasoning_nonstreaming_openai"}, "properties": {"repobilityId": 111517, "scanner": "repobility-ast-engine", "fingerprint": "3fbcd778123f895a07dc04a1590f67f878219afa802391f96d6e6f5ebef15b04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3fbcd778123f895a07dc04a1590f67f878219afa802391f96d6e6f5ebef15b04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 302}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_multi_turn_responses"}, "properties": {"repobilityId": 111516, "scanner": "repobility-ast-engine", "fingerprint": "bbf4eadb4759d0974bd2effb385bfbd1b58e6c994abbbccaa0c1ae0e49666362", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bbf4eadb4759d0974bd2effb385bfbd1b58e6c994abbbccaa0c1ae0e49666362"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_multi_turn_anthropic"}, "properties": {"repobilityId": 111515, "scanner": "repobility-ast-engine", "fingerprint": "e791b0ad0153d76b0d4a2812ef5b4e50fc2da7c1e4724b0eaab2fbbaac6be245", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e791b0ad0153d76b0d4a2812ef5b4e50fc2da7c1e4724b0eaab2fbbaac6be245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_multi_turn_openai"}, "properties": {"repobilityId": 111514, "scanner": "repobility-ast-engine", "fingerprint": "d34fd1335834f4891f8fad5a27588cd5a617f277cf61f58eeba518d2d449b28d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d34fd1335834f4891f8fad5a27588cd5a617f277cf61f58eeba518d2d449b28d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_prefix_cache_shared_system"}, "properties": {"repobilityId": 111513, "scanner": "repobility-ast-engine", "fingerprint": "4a721ec33c229057184dd1ff4a7fc3dba28dd5f131a71ffae24fbd2ef0b8b642", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a721ec33c229057184dd1ff4a7fc3dba28dd5f131a71ffae24fbd2ef0b8b642"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_prefix_cache_timing"}, "properties": {"repobilityId": 111512, "scanner": "repobility-ast-engine", "fingerprint": "d85a4183afdd222c5e09cc191192126cbcd130d3f4561728314c76273b4d02b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d85a4183afdd222c5e09cc191192126cbcd130d3f4561728314c76273b4d02b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_server_comprehensive.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_decode_vs_hf"}, "properties": {"repobilityId": 111511, "scanner": "repobility-ast-engine", "fingerprint": "ef00d2554d87cee4adb79af2f3ab48c4fbd856d2ae1859b3ccc374d1b015a32b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef00d2554d87cee4adb79af2f3ab48c4fbd856d2ae1859b3ccc374d1b015a32b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_out_of_range"}, "properties": {"repobilityId": 111510, "scanner": "repobility-ast-engine", "fingerprint": "4052a55dff871d0da7fecce3eb6094e63a63412260607e2a7457f17d0298beae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4052a55dff871d0da7fecce3eb6094e63a63412260607e2a7457f17d0298beae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_special_tokens"}, "properties": {"repobilityId": 111509, "scanner": "repobility-ast-engine", "fingerprint": "9661d644b565272cfb9eda5a7683ac77d3926a0c2ec35a272ee0ff294ba02d74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9661d644b565272cfb9eda5a7683ac77d3926a0c2ec35a272ee0ff294ba02d74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_token_text_gpt2_decode"}, "properties": {"repobilityId": 111508, "scanner": "repobility-ast-engine", "fingerprint": "c466119a96ac0b0fa00d02d77b29087824244b86cbcbcc1f923d155ff7435a80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c466119a96ac0b0fa00d02d77b29087824244b86cbcbcc1f923d155ff7435a80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_roundtrip"}, "properties": {"repobilityId": 111507, "scanner": "repobility-ast-engine", "fingerprint": "b98ff86f067d01f7f90c0c8b5dc4543372b9b0870c460af2eebd6555d4cb2549", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b98ff86f067d01f7f90c0c8b5dc4543372b9b0870c460af2eebd6555d4cb2549"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_decode_basic"}, "properties": {"repobilityId": 111506, "scanner": "repobility-ast-engine", "fingerprint": "6b1dfc3e3be7c609bc32088efb546153f2fde44ed8fe7615d784823bbbc95254", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b1dfc3e3be7c609bc32088efb546153f2fde44ed8fe7615d784823bbbc95254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_encode_vs_hf"}, "properties": {"repobilityId": 111505, "scanner": "repobility-ast-engine", "fingerprint": "98457ecf80e96c651d20d3abd73ca67f0fdb20e7c89f1cac68a0cf9cf4594532", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98457ecf80e96c651d20d3abd73ca67f0fdb20e7c89f1cac68a0cf9cf4594532"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_encode_basic"}, "properties": {"repobilityId": 111504, "scanner": "repobility-ast-engine", "fingerprint": "9c8ed4d7c1b4680f3850d42912580d5281c1aaa2bb771759f89b78de814e427d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c8ed4d7c1b4680f3850d42912580d5281c1aaa2bb771759f89b78de814e427d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_info"}, "properties": {"repobilityId": 111503, "scanner": "repobility-ast-engine", "fingerprint": "53e2d472bf1592385eb70d320fa8a7a6f85f2f0f1d156a149c23d61e9ae4b0d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53e2d472bf1592385eb70d320fa8a7a6f85f2f0f1d156a149c23d61e9ae4b0d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/tests/test_tokenizer.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 111481, "scanner": "repobility-ast-engine", "fingerprint": "3206d3aa0a26274096c2f7f64f9decb8e9a6517de89c169e1b17f0812341ed1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3206d3aa0a26274096c2f7f64f9decb8e9a6517de89c169e1b17f0812341ed1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 111480, "scanner": "repobility-ast-engine", "fingerprint": "fa2c41de415273abddf35cc23dfd9d8eb0fbc1d47a016a618dc656ede7f177aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa2c41de415273abddf35cc23dfd9d8eb0fbc1d47a016a618dc656ede7f177aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 111479, "scanner": "repobility-ast-engine", "fingerprint": "f9157e1f55804c82503de2f591140dc590fd505493c214d85b0fa251c4048a02", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9157e1f55804c82503de2f591140dc590fd505493c214d85b0fa251c4048a02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 111478, "scanner": "repobility-ast-engine", "fingerprint": "bd78a7f1dc959516ca6d56ad17a3362077e62965c199f71806c3879de120dba2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd78a7f1dc959516ca6d56ad17a3362077e62965c199f71806c3879de120dba2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 111477, "scanner": "repobility-ast-engine", "fingerprint": "c76e236b0f4a1161d13440b7647b5d1546619ac15f53a83ed376bf61a438b6d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c76e236b0f4a1161d13440b7647b5d1546619ac15f53a83ed376bf61a438b6d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.r_pipe` used but never assigned in __init__"}, "properties": {"repobilityId": 111476, "scanner": "repobility-ast-engine", "fingerprint": "36ec9401e1f2e31270c69abe823ea1ddd4f5c3105d1b75ef19d393ee8d729246", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36ec9401e1f2e31270c69abe823ea1ddd4f5c3105d1b75ef19d393ee8d729246"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._read_vram_used_mib` used but never assigned in __init__"}, "properties": {"repobilityId": 111475, "scanner": "repobility-ast-engine", "fingerprint": "f332baa3ddb67fc24a6ec3b1c580382236e5fee88d144703640edb678f9c4cf0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f332baa3ddb67fc24a6ec3b1c580382236e5fee88d144703640edb678f9c4cf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/pflash/pflash/dflash_client.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.step` used but never assigned in __init__"}, "properties": {"repobilityId": 111474, "scanner": "repobility-ast-engine", "fingerprint": "b42e3cc85aabd869d46b74cddb905126502a6d7c4c0114a23bcc829ef9704e9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b42e3cc85aabd869d46b74cddb905126502a6d7c4c0114a23bcc829ef9704e9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 839}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.step` used but never assigned in __init__"}, "properties": {"repobilityId": 111473, "scanner": "repobility-ast-engine", "fingerprint": "9aaba60cfeb0d77968e09ef2226df61554adfff5f2ee5c93ba4eced35c0a0b99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9aaba60cfeb0d77968e09ef2226df61554adfff5f2ee5c93ba4eced35c0a0b99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 834}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.reset` used but never assigned in __init__"}, "properties": {"repobilityId": 111472, "scanner": "repobility-ast-engine", "fingerprint": "93744388a459eebbbba5bc362f72724c7e51b212fbbcd1793a36c8d830967336", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93744388a459eebbbba5bc362f72724c7e51b212fbbcd1793a36c8d830967336"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 831}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._reset_runtime_state` used but never assigned in __init__"}, "properties": {"repobilityId": 111471, "scanner": "repobility-ast-engine", "fingerprint": "ae41f01aadca1b9676966fafaba8746942d493b0305df2da3a44ee1f051a23b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae41f01aadca1b9676966fafaba8746942d493b0305df2da3a44ee1f051a23b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 828}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._run_prefill_bf16_nvfp4_lm` used but never assigned in __init__"}, "properties": {"repobilityId": 111470, "scanner": "repobility-ast-engine", "fingerprint": "44dfe9cadc8a53d22e16bdcda4d122c4a0af61d4c5d10c93cff9f1b3a2dba8f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|44dfe9cadc8a53d22e16bdcda4d122c4a0af61d4c5d10c93cff9f1b3a2dba8f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 821}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_prefill_buffers` used but never assigned in __init__"}, "properties": {"repobilityId": 111469, "scanner": "repobility-ast-engine", "fingerprint": "5fa28e0cbc66f80d08cc2169e7484a2806ca380017c9affc108ea3421b6353ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fa28e0cbc66f80d08cc2169e7484a2806ca380017c9affc108ea3421b6353ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 820}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.reset` used but never assigned in __init__"}, "properties": {"repobilityId": 111468, "scanner": "repobility-ast-engine", "fingerprint": "609b8670b4a82eca1cdb1d703d5cfa01f7d36a55dcdb49e6216b148038f1e2b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|609b8670b4a82eca1cdb1d703d5cfa01f7d36a55dcdb49e6216b148038f1e2b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 819}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._prefill_graph_state` used but never assigned in __init__"}, "properties": {"repobilityId": 111467, "scanner": "repobility-ast-engine", "fingerprint": "f2110103c9075f9276a2b0d35497f99166f23f237966946bf3fa33a71c617ccf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2110103c9075f9276a2b0d35497f99166f23f237966946bf3fa33a71c617ccf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 815}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.reset` used but never assigned in __init__"}, "properties": {"repobilityId": 111466, "scanner": "repobility-ast-engine", "fingerprint": "22d8638eda0f2f6985bdf39d08015218dcf2d0cc7222a449d6d0920ae0e1a7c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22d8638eda0f2f6985bdf39d08015218dcf2d0cc7222a449d6d0920ae0e1a7c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 777}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._build_prefill_graph` used but never assigned in __init__"}, "properties": {"repobilityId": 111465, "scanner": "repobility-ast-engine", "fingerprint": "ff31de577090266e34b24c604ce8f567ee6b76790d43e28d3a8bd824a487cfcc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff31de577090266e34b24c604ce8f567ee6b76790d43e28d3a8bd824a487cfcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 701}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._run_prefill_bf16_nvfp4_lm` used but never assigned in __init__"}, "properties": {"repobilityId": 111464, "scanner": "repobility-ast-engine", "fingerprint": "bfefaf5cfb18bf664f253d39f997341926480fb6760f310114e33bb7ae93af7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bfefaf5cfb18bf664f253d39f997341926480fb6760f310114e33bb7ae93af7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 692}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._reset_runtime_state` used but never assigned in __init__"}, "properties": {"repobilityId": 111463, "scanner": "repobility-ast-engine", "fingerprint": "87543ae7fac2c557fdb1f716d6bb2cce410a9caa68a262b393606ba1fbd0def4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87543ae7fac2c557fdb1f716d6bb2cce410a9caa68a262b393606ba1fbd0def4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 691}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._run_prefill_bf16_nvfp4_lm` used but never assigned in __init__"}, "properties": {"repobilityId": 111462, "scanner": "repobility-ast-engine", "fingerprint": "fc359bc44439513ae59886c514af2f11dffb6a6eb38a8cbfd51cb831ce4a3434", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc359bc44439513ae59886c514af2f11dffb6a6eb38a8cbfd51cb831ce4a3434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 686}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._reset_runtime_state` used but never assigned in __init__"}, "properties": {"repobilityId": 111461, "scanner": "repobility-ast-engine", "fingerprint": "287bd0027bc00ad33dc44f4cf40e682d4ea4f9d7f6a747b7d0f8d6246ac6acb6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|287bd0027bc00ad33dc44f4cf40e682d4ea4f9d7f6a747b7d0f8d6246ac6acb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 684}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_prefill_buffers` used but never assigned in __init__"}, "properties": {"repobilityId": 111460, "scanner": "repobility-ast-engine", "fingerprint": "ead917043e20bd0167262c192f786090620789f82421faaff4837f7b26df4b69", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ead917043e20bd0167262c192f786090620789f82421faaff4837f7b26df4b69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model_nvfp4.py"}, "region": {"startLine": 677}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.step` used but never assigned in __init__"}, "properties": {"repobilityId": 111458, "scanner": "repobility-ast-engine", "fingerprint": "1fe68b0900c5370b305dda20afa09dbe3b8b7b8b2790b394b05ae28e8cfed5ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fe68b0900c5370b305dda20afa09dbe3b8b7b8b2790b394b05ae28e8cfed5ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.step` used but never assigned in __init__"}, "properties": {"repobilityId": 111457, "scanner": "repobility-ast-engine", "fingerprint": "5745c0e573593c668c1c323e4e9498d7b5f8f6e597dc8d755ae61b8289ff0dd8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5745c0e573593c668c1c323e4e9498d7b5f8f6e597dc8d755ae61b8289ff0dd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.reset` used but never assigned in __init__"}, "properties": {"repobilityId": 111456, "scanner": "repobility-ast-engine", "fingerprint": "1bcdb797107e87c54d2695bb9dce4de22b54f2e1d206ee5b3d712e678ca84d0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1bcdb797107e87c54d2695bb9dce4de22b54f2e1d206ee5b3d712e678ca84d0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "optimizations/megakernel/model.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111588, "scanner": "gitleaks", "fingerprint": "ffe4a43bce9ee89f2fa38d3f1c803678df654f840a9b3f316e0b0b6792ad8e28", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "NEEDLE_ANSWER_KEY = \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|needle_answer_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/scripts/laguna_pflash_niah.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SUBMODULE_PAT` on a `pull_request` trigger"}, "properties": {"repobilityId": 111533, "scanner": "repobility-supply-chain", "fingerprint": "a98fe01808d8d79f50239d9efd20b78b29b1d566bda0d5bba96805239079e482", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a98fe01808d8d79f50239d9efd20b78b29b1d566bda0d5bba96805239079e482"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 29}}}]}]}]}