{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "AI-assisted edits often create a new sibling file instead of integrating the change into the existing module. That leaves two paths for future maintainers to understand and can hide the code that is actually wired into the app."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/251"}, "properties": {"repository": "mihaelamj/cupertino", "repoUrl": "https://github.com/mihaelamj/cupertino", "branch": "main"}, "results": [{"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7941, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8fbe758f670a60d8d230df103d6597f9603bdcdfbda96a322ea395eb3882301", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/Search/PackageIndex.swift", "duplicate_line": 50, "correlation_key": "fp|f8fbe758f670a60d8d230df103d6597f9603bdcdfbda96a322ea395eb3882301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/Search/Search.Index.swift"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7940, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca88098249da24710ad7f7422df77aac6471e03e4693351a2ca3de494b73ef72", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/ReleaseTool/Release.Command.DocsUpdate.swift", "duplicate_line": 97, "correlation_key": "fp|ca88098249da24710ad7f7422df77aac6471e03e4693351a2ca3de494b73ef72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/ReleaseTool/Release.Command.Tag.swift"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7939, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a77c9896007f062c055ef5d697b6d16a46682a22c62405e9d573618e848e94e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/ReleaseTool/Release.Command.Bump.swift", "duplicate_line": 68, "correlation_key": "fp|5a77c9896007f062c055ef5d697b6d16a46682a22c62405e9d573618e848e94e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/ReleaseTool/Release.Command.Tag.swift"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7938, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f66554f966bc7fa19cf5556e14abc2c7adf73b06d1de8c86f128f321da535e99", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/ReleaseTool/Release.Command.DocsUpdate.swift", "duplicate_line": 97, "correlation_key": "fp|f66554f966bc7fa19cf5556e14abc2c7adf73b06d1de8c86f128f321da535e99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/ReleaseTool/Release.Command.Full.swift"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7937, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0375e8220c0dc5e99e53c344d595af8b0d6ca5d2ed23a0c6469e89de592b280a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/ReleaseTool/Release.Command.Bump.swift", "duplicate_line": 68, "correlation_key": "fp|0375e8220c0dc5e99e53c344d595af8b0d6ca5d2ed23a0c6469e89de592b280a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/ReleaseTool/Release.Command.Full.swift"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7936, "scanner": "repobility-ai-code-hygiene", "fingerprint": "792bb00c7e13db53a344be9e033c9c2a06c10084a838118feb72924c342913e4", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/ReleaseTool/Release.Command.Bump.swift", "duplicate_line": 68, "correlation_key": "fp|792bb00c7e13db53a344be9e033c9c2a06c10084a838118feb72924c342913e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/ReleaseTool/Release.Command.DocsUpdate.swift"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7935, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0587210f447f35edd08db057cc310c7179036894a47a6fc9bf0de6db68a685f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/MCP/Core/Protocol/MCP.Core.Protocols.Prompt.swift", "duplicate_line": 51, "correlation_key": "fp|e0587210f447f35edd08db057cc310c7179036894a47a6fc9bf0de6db68a685f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/MCP/Core/Protocol/MCP.Core.Protocols.Tool.swift"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7934, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6680942e87a3b5c53bfe24b3168c97ca0e9bc6bc87b71b808bb74073df4a5075", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/MCP/Core/Protocol/MCP.Core.Protocols.Prompt.swift", "duplicate_line": 51, "correlation_key": "fp|6680942e87a3b5c53bfe24b3168c97ca0e9bc6bc87b71b808bb74073df4a5075"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/MCP/Core/Protocol/MCP.Core.Protocols.Resource.swift"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7933, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2364670850291e2abf25c0f7d198ad5a51a4d88ce467b8ee66462aa74a77296", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/Crawler/Crawler.AppleDocs.swift", "duplicate_line": 380, "correlation_key": "fp|c2364670850291e2abf25c0f7d198ad5a51a4d88ce467b8ee66462aa74a77296"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/Crawler/Crawler.WebKit.Engine.swift"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7932, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa1a7cac2096e4f5d0808dd6db2594d232bf99f1ec91617a0fcff7f41f792f44", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/Crawler/Crawler.AppleArchive.swift", "duplicate_line": 268, "correlation_key": "fp|aa1a7cac2096e4f5d0808dd6db2594d232bf99f1ec91617a0fcff7f41f792f44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/Crawler/Crawler.HIG.swift"}, "region": {"startLine": 260}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7931, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e9caaef6be53c587b4baa23819698be5f748feb8a968b257201220ad41f7cfe", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/CLI/Commands/CLI.Command.ListSamples.swift", "duplicate_line": 27, "correlation_key": "fp|5e9caaef6be53c587b4baa23819698be5f748feb8a968b257201220ad41f7cfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/CLI/Commands/CLI.Command.ReadSampleFile.swift"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7930, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db23c070f9ae683f420822629b39378247e5c0e3a2923190f97e3ee09c5489f6", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Packages/Sources/CLI/Commands/CLI.Command.ListSamples.swift", "duplicate_line": 27, "correlation_key": "fp|db23c070f9ae683f420822629b39378247e5c0e3a2923190f97e3ee09c5489f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/CLI/Commands/CLI.Command.ReadSample.swift"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 7929, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f260d6e822c9ad9cbe33f51c98e151654b41fbc88a13bedac2442d4f578f8d4", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8f260d6e822c9ad9cbe33f51c98e151654b41fbc88a13bedac2442d4f578f8d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/MCP/SharedTools/MCP.SharedTools.Copy.swift"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 7928, "scanner": "repobility-ai-code-hygiene", "fingerprint": "52e5c4e7784e42c49383c5a55f44d4d78b7919c76c126bfab1c4959a48081e22", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "Packages/Sources/MCP/SharedTools/MCP.SharedTools.swift", "correlation_key": "fp|52e5c4e7784e42c49383c5a55f44d4d78b7919c76c126bfab1c4959a48081e22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/MCP/SharedTools/MCP.SharedTools.Copy.swift"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 7942, "scanner": "repobility-threat-engine", "fingerprint": "7f74d9a7799bedec87852472f74287cf9150e114e49bce39edf65c19df7961ba", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "Logger.info(Shared.Constants.Message.gitHubTokenTip)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|56|logger.info token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Packages/Sources/CLI/Commands/CLI.Command.Fetch.swift"}, "region": {"startLine": 565}}}]}]}]}