{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wfc6-r584-vfw7", "name": "next: GHSA-wfc6-r584-vfw7", "shortDescription": {"text": "next: GHSA-wfc6-r584-vfw7"}, "fullDescription": {"text": "Next.js vulnerable to cache poisoning in React Server Component responses"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mq59-m269-xvcx", "name": "next: GHSA-mq59-m269-xvcx", "shortDescription": {"text": "next: GHSA-mq59-m269-xvcx"}, "fullDescription": {"text": "Next.js: null origin can bypass Server Actions CSRF checks"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h64f-5h5j-jqjh", "name": "next: GHSA-h64f-5h5j-jqjh", "shortDescription": {"text": "next: GHSA-h64f-5h5j-jqjh"}, "fullDescription": {"text": "Next.js has a Denial of Service in the Image Optimization API"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h27x-g6w4-24gq", "name": "next: GHSA-h27x-g6w4-24gq", "shortDescription": {"text": "next: GHSA-h27x-g6w4-24gq"}, "fullDescription": {"text": "Next.js: Unbounded postponed resume buffering can lead to DoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gx5p-jg67-6x7h", "name": "next: GHSA-gx5p-jg67-6x7h", "shortDescription": {"text": "next: GHSA-gx5p-jg67-6x7h"}, "fullDescription": {"text": "Next.js has cross-site scripting in beforeInteractive scripts with untrusted input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ggv3-7p47-pfv8", "name": "next: GHSA-ggv3-7p47-pfv8", "shortDescription": {"text": "next: GHSA-ggv3-7p47-pfv8"}, "fullDescription": {"text": "Next.js: HTTP request smuggling in rewrites"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ffhc-5mcf-pf4q", "name": "next: GHSA-ffhc-5mcf-pf4q", "shortDescription": {"text": "next: GHSA-ffhc-5mcf-pf4q"}, "fullDescription": {"text": "Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3x4c-7xq6-9pq8", "name": "next: GHSA-3x4c-7xq6-9pq8", "shortDescription": {"text": "next: GHSA-3x4c-7xq6-9pq8"}, "fullDescription": {"text": "Next.js: Unbounded next/image disk cache growth can exhaust storage"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mf9w-mj56-hr94", "name": "python-dotenv: GHSA-mf9w-mj56-hr94", "shortDescription": {"text": "python-dotenv: GHSA-mf9w-mj56-hr94"}, "fullDescription": {"text": "python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 24 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 24 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 24."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@types/diff` is 1 major version(s) behind (7.0.2 -> 8.0.0)", "shortDescription": {"text": "npm package `@types/diff` is 1 major version(s) behind (7.0.2 -> 8.0.0)"}, "fullDescription": {"text": "`@types/diff` is pinned/resolved at 7.0.2 but the latest stable release on the npm registry is 8.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-vfv6-92ff-j949", "name": "next: GHSA-vfv6-92ff-j949", "shortDescription": {"text": "next: GHSA-vfv6-92ff-j949"}, "fullDescription": {"text": "Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jcc7-9wpm-mj36", "name": "next: GHSA-jcc7-9wpm-mj36", "shortDescription": {"text": "next: GHSA-jcc7-9wpm-mj36"}, "fullDescription": {"text": "Next.js: null origin can bypass dev HMR websocket CSRF checks"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3g8h-86w9-wvmq", "name": "next: GHSA-3g8h-86w9-wvmq", "shortDescription": {"text": "next: GHSA-3g8h-86w9-wvmq"}, "fullDescription": {"text": "Next.js's Middleware / Proxy redirects can be cache-poisoned"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED064] Python Input Call (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-q4gf-8mx6-v5v3", "name": "next: GHSA-q4gf-8mx6-v5v3", "shortDescription": {"text": "next: GHSA-q4gf-8mx6-v5v3"}, "fullDescription": {"text": "Next.js has a Denial of Service with Server Components"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mg66-mrh9-m8jx", "name": "next: GHSA-mg66-mrh9-m8jx", "shortDescription": {"text": "next: GHSA-mg66-mrh9-m8jx"}, "fullDescription": {"text": "Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c4j6-fc7j-m34r", "name": "next: GHSA-c4j6-fc7j-m34r", "shortDescription": {"text": "next: GHSA-c4j6-fc7j-m34r"}, "fullDescription": {"text": "Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8h8q-6873-q5fj", "name": "next: GHSA-8h8q-6873-q5fj", "shortDescription": {"text": "next: GHSA-8h8q-6873-q5fj"}, "fullDescription": {"text": "Next.js Vulnerable to Denial of Service with Server Components"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-492v-c6pp-mqqv", "name": "next: GHSA-492v-c6pp-mqqv", "shortDescription": {"text": "next: GHSA-492v-c6pp-mqqv"}, "fullDescription": {"text": "Next.js has a Middleware / Proxy bypass through dynamic route parameter injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-36qx-fr4f-26g5", "name": "next: GHSA-36qx-fr4f-26g5", "shortDescription": {"text": "next: GHSA-36qx-fr4f-26g5"}, "fullDescription": {"text": "Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-26hh-7cqf-hhc6", "name": "next: GHSA-26hh-7cqf-hhc6", "shortDescription": {"text": "next: GHSA-26hh-7cqf-hhc6"}, "fullDescription": {"text": "Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-267c-6grr-h53f", "name": "next: GHSA-267c-6grr-h53f", "shortDescription": {"text": "next: GHSA-267c-6grr-h53f"}, "fullDescription": {"text": "Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_agent_scripts_compile", "shortDescription": {"text": "Phantom test coverage: test_agent_scripts_compile"}, "fullDescription": {"text": "Test function `test_agent_scripts_compile` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._load` used but never assigned in __init__", "shortDescription": {"text": "`self._load` used but never assigned in __init__"}, "fullDescription": {"text": "Method `update` of class `TaskManager` reads `self._load`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/856"}, "properties": {"repository": "shareAI-lab/learn-claude-code", "repoUrl": "https://github.com/shareAI-lab/learn-claude-code", "branch": "main"}, "results": [{"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 77243, "scanner": "osv-scanner", "fingerprint": "46994dd8d0fdb8d81eb7001ce0bc53a8df3591db168ee16d492eaa7076974d27", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wfc6-r584-vfw7", "level": "warning", "message": {"text": "next: GHSA-wfc6-r584-vfw7"}, "properties": {"repobilityId": 77242, "scanner": "osv-scanner", "fingerprint": "2b7244ea717c4c868d82fc399a0c6e164afaab50d34e5a8fa7baece2fcf1391a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44576"], "package": "next", "rule_id": "GHSA-wfc6-r584-vfw7", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44576|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mq59-m269-xvcx", "level": "warning", "message": {"text": "next: GHSA-mq59-m269-xvcx"}, "properties": {"repobilityId": 77239, "scanner": "osv-scanner", "fingerprint": "fdc50ae454311f9a2d62b5b13e8e5ab1b3bba204c8d4b5220ea13e71239320d2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27978"], "package": "next", "rule_id": "GHSA-mq59-m269-xvcx", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-27978|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h64f-5h5j-jqjh", "level": "warning", "message": {"text": "next: GHSA-h64f-5h5j-jqjh"}, "properties": {"repobilityId": 77236, "scanner": "osv-scanner", "fingerprint": "bc45d7c308f5382e579a252df4fc9a16613dfa779b6d35d10d843fbdd2bb7729", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44577"], "package": "next", "rule_id": "GHSA-h64f-5h5j-jqjh", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44577|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h27x-g6w4-24gq", "level": "warning", "message": {"text": "next: GHSA-h27x-g6w4-24gq"}, "properties": {"repobilityId": 77235, "scanner": "osv-scanner", "fingerprint": "e137fdb1c0e1eaf4585c02de3170a235abb2fff905a3d9dcf2469275c9443ada", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27979"], "package": "next", "rule_id": "GHSA-h27x-g6w4-24gq", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-27979|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gx5p-jg67-6x7h", "level": "warning", "message": {"text": "next: GHSA-gx5p-jg67-6x7h"}, "properties": {"repobilityId": 77234, "scanner": "osv-scanner", "fingerprint": "0b92ff13f7da7dc3a8297e45ff4687ed8813bbf1e08fdf4448408a29d0d9997b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44580"], "package": "next", "rule_id": "GHSA-gx5p-jg67-6x7h", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44580|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ggv3-7p47-pfv8", "level": "warning", "message": {"text": "next: GHSA-ggv3-7p47-pfv8"}, "properties": {"repobilityId": 77233, "scanner": "osv-scanner", "fingerprint": "9bd67098daaf8ea30d9fb7953f6663fe05a934c0a7b34d90cf0b0153e78cbe5c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29057"], "package": "next", "rule_id": "GHSA-ggv3-7p47-pfv8", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-29057|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ffhc-5mcf-pf4q", "level": "warning", "message": {"text": "next: GHSA-ffhc-5mcf-pf4q"}, "properties": {"repobilityId": 77232, "scanner": "osv-scanner", "fingerprint": "affc5626617a2ada6f7b1820f174153415fda9682774fc4c95d05443d45c27f7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44581"], "package": "next", "rule_id": "GHSA-ffhc-5mcf-pf4q", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44581|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3x4c-7xq6-9pq8", "level": "warning", "message": {"text": "next: GHSA-3x4c-7xq6-9pq8"}, "properties": {"repobilityId": 77228, "scanner": "osv-scanner", "fingerprint": "fd3f3f9b38981d5691c9cd9a3c0105cc6c4124c6929850fc957110c5a2103c49", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27980"], "package": "next", "rule_id": "GHSA-3x4c-7xq6-9pq8", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-27980|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mf9w-mj56-hr94", "level": "warning", "message": {"text": "python-dotenv: GHSA-mf9w-mj56-hr94"}, "properties": {"repobilityId": 77223, "scanner": "osv-scanner", "fingerprint": "030c6ea3936499659ed910925462b9058f7115cecd98afed139ec104f4c2978a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28684"], "package": "python-dotenv", "rule_id": "GHSA-mf9w-mj56-hr94", "scanner": "osv-scanner", "correlation_key": "vuln|python-dotenv|CVE-2026-28684|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 77222, "scanner": "repobility-threat-engine", "fingerprint": "3d1b4370449ce39e432aa28d64455bff9e39844b56f2c5f67f853c6f6a237093", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "location.href = newPath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3d1b4370449ce39e432aa28d64455bff9e39844b56f2c5f67f853c6f6a237093"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/components/layout/header.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 24 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=4, nested_bonus=15, ternary=2, while=1."}, "properties": {"repobilityId": 77213, "scanner": "repobility-threat-engine", "fingerprint": "0a62310d6f4b99f59f07ef600a1d141729b4017a0bde6df4a25c041e34069bb8", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 24 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "agent_loop", "breakdown": {"if": 4, "for": 1, "while": 1, "except": 1, "ternary": 2, "nested_bonus": 15}, "complexity": 24, "correlation_key": "fp|0a62310d6f4b99f59f07ef600a1d141729b4017a0bde6df4a25c041e34069bb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s03_todo_write.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 77193, "scanner": "repobility-threat-engine", "fingerprint": "95a83a0f1ef366d7059d44453573666c1cbb3d04112b2ed95a3e114ec58bb4e4", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(command, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|agents/s03_todo_write.py|104|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s03_todo_write.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 77192, "scanner": "repobility-threat-engine", "fingerprint": "101a489530ba51ec655d07956dc4479c39aa89e82c128e6ce381b6357e25fa08", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(command, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|agents/s02_tool_use.py|53|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s02_tool_use.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 77191, "scanner": "repobility-threat-engine", "fingerprint": "7c28dc2bf0b7328535864bf19a7132e7490e83f23242cff19b33c53908c42ec2", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(command, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|agents/s01_agent_loop.py|70|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s01_agent_loop.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/diff` is 1 major version(s) behind (7.0.2 -> 8.0.0)"}, "properties": {"repobilityId": 77190, "scanner": "repobility-dependency-currency", "fingerprint": "ea045a4bcc0a258c4b3f8e2f6bf05c9c7160390349cef7ba237fa59de7d43e83", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/diff", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.0.0", "correlation_key": "fp|ea045a4bcc0a258c4b3f8e2f6bf05c9c7160390349cef7ba237fa59de7d43e83", "current_version": "7.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `diff` is 1 major version(s) behind (8.0.3 -> 9.0.0)"}, "properties": {"repobilityId": 77188, "scanner": "repobility-dependency-currency", "fingerprint": "995a71731a20c4eec86064005c82168b39eee3e0392137d5e9f2591d6dc3f504", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "diff", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.0.0", "correlation_key": "fp|995a71731a20c4eec86064005c82168b39eee3e0392137d5e9f2591d6dc3f504", "current_version": "8.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77181, "scanner": "repobility-ast-engine", "fingerprint": "78d500c86562278153f3128125b25e0fa3a273e428f6a63cc6cd94f5fca4492f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78d500c86562278153f3128125b25e0fa3a273e428f6a63cc6cd94f5fca4492f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77180, "scanner": "repobility-ast-engine", "fingerprint": "135785a6213f47329ca39a6a07580c8094ac9e3552decad939026df684922994", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|135785a6213f47329ca39a6a07580c8094ac9e3552decad939026df684922994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77173, "scanner": "repobility-ast-engine", "fingerprint": "9467f3d85c13309db2348cc6c377367830eafee604c2d37402ed9cafd6dd37cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9467f3d85c13309db2348cc6c377367830eafee604c2d37402ed9cafd6dd37cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s06_context_compact.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77172, "scanner": "repobility-ast-engine", "fingerprint": "693beb7e013291de41feeed74a2241af711ba45100d54faa24f0dff296a42b51", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|693beb7e013291de41feeed74a2241af711ba45100d54faa24f0dff296a42b51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s06_context_compact.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77171, "scanner": "repobility-ast-engine", "fingerprint": "6ebdc0bb77ef002bc3ce02ac4f858174b15319d976553842fb4d124facf38d5b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ebdc0bb77ef002bc3ce02ac4f858174b15319d976553842fb4d124facf38d5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s06_context_compact.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77170, "scanner": "repobility-ast-engine", "fingerprint": "b65fd7d5edbd6cca65e1779a0438906cc438e640ae635ad359d8aac92a237ffe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b65fd7d5edbd6cca65e1779a0438906cc438e640ae635ad359d8aac92a237ffe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s06_context_compact.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77169, "scanner": "repobility-ast-engine", "fingerprint": "928abe37d575670060ac4bb7d03ac98cb725c596462658bd6b5338d1ea216096", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|928abe37d575670060ac4bb7d03ac98cb725c596462658bd6b5338d1ea216096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 544}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77168, "scanner": "repobility-ast-engine", "fingerprint": "1051a47dfdee3966968d3cf538662e76ebd411ecd435c3f8fc3630b6bcb780e3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1051a47dfdee3966968d3cf538662e76ebd411ecd435c3f8fc3630b6bcb780e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77167, "scanner": "repobility-ast-engine", "fingerprint": "797a4b78da5ea3bf199d17f7dbfd82363f995f983dff48043903ff0b176eb396", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|797a4b78da5ea3bf199d17f7dbfd82363f995f983dff48043903ff0b176eb396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 434}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77166, "scanner": "repobility-ast-engine", "fingerprint": "7ea6ba9d608876907138076f2e31f5ed9d1da397b4b382d10ab041946a0df293", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ea6ba9d608876907138076f2e31f5ed9d1da397b4b382d10ab041946a0df293"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 422}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77165, "scanner": "repobility-ast-engine", "fingerprint": "b8aa94e3450f2fc5460634a110e5415bc648eec38cc1323fb12790d78ebb0927", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8aa94e3450f2fc5460634a110e5415bc648eec38cc1323fb12790d78ebb0927"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 412}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77150, "scanner": "repobility-ast-engine", "fingerprint": "6a4d2283a774891eaad917a9fe9e6d93ea337f61f409cca7de062ac4695f7c53", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a4d2283a774891eaad917a9fe9e6d93ea337f61f409cca7de062ac4695f7c53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s04_hooks/code.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77149, "scanner": "repobility-ast-engine", "fingerprint": "0e20bac538068a42708a0344e24bb6eb32b171c79b9ac893b1e0d9a1ac028ceb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e20bac538068a42708a0344e24bb6eb32b171c79b9ac893b1e0d9a1ac028ceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s04_hooks/code.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77148, "scanner": "repobility-ast-engine", "fingerprint": "c327494f0f3f911f184214a067f4c40e54fe6bb314afb6f83207e10c7745dd5f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c327494f0f3f911f184214a067f4c40e54fe6bb314afb6f83207e10c7745dd5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s04_hooks/code.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77147, "scanner": "repobility-ast-engine", "fingerprint": "3ac89534d777d705fbc93d0cec2917fccf9dba5b148fcbfce8bcc081a171f6a6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ac89534d777d705fbc93d0cec2917fccf9dba5b148fcbfce8bcc081a171f6a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s04_hooks/code.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77146, "scanner": "repobility-ast-engine", "fingerprint": "63c0b5c6279cc3922129db4820b93bdbf5116a7636cb243e4271e5238fc15278", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63c0b5c6279cc3922129db4820b93bdbf5116a7636cb243e4271e5238fc15278"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s19_mcp_plugin/code.py"}, "region": {"startLine": 577}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77145, "scanner": "repobility-ast-engine", "fingerprint": "913d8aef0c252fbf9e9f23d3789b9735e56c086c2d9f728b96de3b57fa54e284", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|913d8aef0c252fbf9e9f23d3789b9735e56c086c2d9f728b96de3b57fa54e284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s19_mcp_plugin/code.py"}, "region": {"startLine": 970}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77144, "scanner": "repobility-ast-engine", "fingerprint": "9de2889402663b55a8579485231d1794a77495205cd1b6fbe17a754226825ee5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9de2889402663b55a8579485231d1794a77495205cd1b6fbe17a754226825ee5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s19_mcp_plugin/code.py"}, "region": {"startLine": 679}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77143, "scanner": "repobility-ast-engine", "fingerprint": "7687679c3f31517f0bfcc1c82905425384f615d3dfd97c6634b5abe7b46457ba", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7687679c3f31517f0bfcc1c82905425384f615d3dfd97c6634b5abe7b46457ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s19_mcp_plugin/code.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77142, "scanner": "repobility-ast-engine", "fingerprint": "318d8b1aba34efa3b75d9542fbf16cf030684257aff08a7db1bac97639f40e40", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|318d8b1aba34efa3b75d9542fbf16cf030684257aff08a7db1bac97639f40e40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s19_mcp_plugin/code.py"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77141, "scanner": "repobility-ast-engine", "fingerprint": "c1196b1d0959a6cad8b3f7ecccdac6df270afba9e5472c7a873e1dfc1afaa07b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1196b1d0959a6cad8b3f7ecccdac6df270afba9e5472c7a873e1dfc1afaa07b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s19_mcp_plugin/code.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77140, "scanner": "repobility-ast-engine", "fingerprint": "2962fa1363b17709356336e242972ddebbd4bd020329883854771f70b564e00c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2962fa1363b17709356336e242972ddebbd4bd020329883854771f70b564e00c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s16_team_protocols/code.py"}, "region": {"startLine": 538}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77139, "scanner": "repobility-ast-engine", "fingerprint": "be01295b1a7e83100f96982eedeceffde7e229b4e5bdcfbf25e6bc4119686b6e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be01295b1a7e83100f96982eedeceffde7e229b4e5bdcfbf25e6bc4119686b6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s16_team_protocols/code.py"}, "region": {"startLine": 813}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77138, "scanner": "repobility-ast-engine", "fingerprint": "d41c0d39b80d647bcc3834f3b0a9add129ab2373c6240041b84adf8bce87fc75", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d41c0d39b80d647bcc3834f3b0a9add129ab2373c6240041b84adf8bce87fc75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s16_team_protocols/code.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 77137, "scanner": "repobility-ast-engine", "fingerprint": "14b1efe926b36fc23e749e1ea61f7f7dc38b0ee27266a7a856fd7115eca9b79d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14b1efe926b36fc23e749e1ea61f7f7dc38b0ee27266a7a856fd7115eca9b79d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s16_team_protocols/code.py"}, "region": {"startLine": 207}}}]}, {"ruleId": "GHSA-vfv6-92ff-j949", "level": "note", "message": {"text": "next: GHSA-vfv6-92ff-j949"}, "properties": {"repobilityId": 77241, "scanner": "osv-scanner", "fingerprint": "9a150385158c9ca3791e63f34b57b454a5b4b097bd3e27cbd83ebd9b0de56cd3", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44582"], "package": "next", "rule_id": "GHSA-vfv6-92ff-j949", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44582|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jcc7-9wpm-mj36", "level": "note", "message": {"text": "next: GHSA-jcc7-9wpm-mj36"}, "properties": {"repobilityId": 77237, "scanner": "osv-scanner", "fingerprint": "06518268cfc27225c5f5ba6dc4176956f15aed96b3d55ee44494df785c703247", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27977"], "package": "next", "rule_id": "GHSA-jcc7-9wpm-mj36", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-27977|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3g8h-86w9-wvmq", "level": "note", "message": {"text": "next: GHSA-3g8h-86w9-wvmq"}, "properties": {"repobilityId": 77227, "scanner": "osv-scanner", "fingerprint": "8f7923edcf5e5e5a1d05f2776351235a01adcf39ed94ee7101b0792168ce2978", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44572"], "package": "next", "rule_id": "GHSA-3g8h-86w9-wvmq", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44572|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=2, nested_bonus=7, ternary=1, while=1."}, "properties": {"repobilityId": 77212, "scanner": "repobility-threat-engine", "fingerprint": "67952a09a4f061dd4e8318eeb402273df40daf4e6c63ce0edea8ac5575d47880", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "agent_loop", "breakdown": {"if": 2, "for": 1, "while": 1, "ternary": 1, "nested_bonus": 7}, "complexity": 12, "correlation_key": "fp|67952a09a4f061dd4e8318eeb402273df40daf4e6c63ce0edea8ac5575d47880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s02_tool_use.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=2, nested_bonus=4, while=1."}, "properties": {"repobilityId": 77211, "scanner": "repobility-threat-engine", "fingerprint": "b583d861e37c0bc58d436584f898f7aaf6c20856562680e0935a4897dce11619", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "agent_loop", "breakdown": {"if": 2, "for": 1, "while": 1, "nested_bonus": 4}, "complexity": 8, "correlation_key": "fp|b583d861e37c0bc58d436584f898f7aaf6c20856562680e0935a4897dce11619"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s01_agent_loop.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 77189, "scanner": "repobility-dependency-currency", "fingerprint": "df9f6ea4b7e838aff35f9444b41a4b61fc131eb79854d4afe7839765aa22c0a8", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|df9f6ea4b7e838aff35f9444b41a4b61fc131eb79854d4afe7839765aa22c0a8", "current_version": "4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 77221, "scanner": "repobility-threat-engine", "fingerprint": "5fe2cf04427df05fc0aef7cf138aa979c1fc3f2cedae48cbd068d6e07c3f09f1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5fe2cf04427df05fc0aef7cf138aa979c1fc3f2cedae48cbd068d6e07c3f09f1", "aggregated_count": 2}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 77220, "scanner": "repobility-threat-engine", "fingerprint": "f7be570bcd0a01b06da8aafd275b0cce25665719508ea681dddb965b422af730", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f7be570bcd0a01b06da8aafd275b0cce25665719508ea681dddb965b422af730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/components/diff/code-diff.tsx"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 77219, "scanner": "repobility-threat-engine", "fingerprint": "5aa8d00179bb46e925df01241c85f6b5df43224f37a46f6264733ad69859ccb5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5aa8d00179bb46e925df01241c85f6b5df43224f37a46f6264733ad69859ccb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/components/code/source-viewer.tsx"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 77218, "scanner": "repobility-threat-engine", "fingerprint": "18dfb03c314afd9c08dc0094d986b966717bde7506ee4a1b2ff889c98e932a14", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|18dfb03c314afd9c08dc0094d986b966717bde7506ee4a1b2ff889c98e932a14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/components/architecture/message-flow.tsx"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 77217, "scanner": "repobility-threat-engine", "fingerprint": "af763336344ce5716eba6b622ce4854d5cc3596ce9392edb4af103e1d69892d2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|af763336344ce5716eba6b622ce4854d5cc3596ce9392edb4af103e1d69892d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/components/docs/doc-renderer.tsx"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 77216, "scanner": "repobility-threat-engine", "fingerprint": "c153eb6662c034f2d8950cade7a8b0f870bb275d1546ae9e8d17c49c01f51697", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c153eb6662c034f2d8950cade7a8b0f870bb275d1546ae9e8d17c49c01f51697"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/app/[locale]/layout.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 77215, "scanner": "repobility-threat-engine", "fingerprint": "497a55114c1623d00aa8ac9e6610feb4323d2c10a080aca70e59a951650c3121", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|497a55114c1623d00aa8ac9e6610feb4323d2c10a080aca70e59a951650c3121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s01_agent_loop/code.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 77214, "scanner": "repobility-threat-engine", "fingerprint": "4612b01ffcc78b6370f43ee2ac2e930ea8de620331b53fdc616f698a9ff00b3f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "agent_loop", "breakdown": {"if": 2, "for": 1, "while": 1, "nested_bonus": 4}, "aggregated": true, "complexity": 8, "correlation_key": "fp|4612b01ffcc78b6370f43ee2ac2e930ea8de620331b53fdc616f698a9ff00b3f", "aggregated_count": 19}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 77210, "scanner": "repobility-threat-engine", "fingerprint": "5c78be2e7eccb5813c37b06a605171f3684770ec4fbc4c9834a921e4be721458", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5c78be2e7eccb5813c37b06a605171f3684770ec4fbc4c9834a921e4be721458", "aggregated_count": 13}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 77209, "scanner": "repobility-threat-engine", "fingerprint": "8acb2edb5eeb3ba9d3f2dcdacca623f4fdb6eb8ad8917ec555e9ed2dc9450bcb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8acb2edb5eeb3ba9d3f2dcdacca623f4fdb6eb8ad8917ec555e9ed2dc9450bcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s03_todo_write.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 77208, "scanner": "repobility-threat-engine", "fingerprint": "b5b208fc3d596c0ec3c2dc27700a593fc099487e2c1e39db5caed630f1ed2c7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5b208fc3d596c0ec3c2dc27700a593fc099487e2c1e39db5caed630f1ed2c7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s02_tool_use.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 77207, "scanner": "repobility-threat-engine", "fingerprint": "93d2bd1ac8b813de73dc5a24e1a9654e1063b9e1d6823ab3cb48066b6efb8fb6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93d2bd1ac8b813de73dc5a24e1a9654e1063b9e1d6823ab3cb48066b6efb8fb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s01_agent_loop.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 77206, "scanner": "repobility-threat-engine", "fingerprint": "a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "aggregated_count": 4}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 77205, "scanner": "repobility-threat-engine", "fingerprint": "c49f926862242d224eeddd8309a7e2f1709a90d6dc03d2851d14b8f2e79eed3c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c49f926862242d224eeddd8309a7e2f1709a90d6dc03d2851d14b8f2e79eed3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s02_tool_use/code.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 77204, "scanner": "repobility-threat-engine", "fingerprint": "9365c68675847333cc5f79ab77abdfe79945f3e361be637ee814f2a83ac282ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9365c68675847333cc5f79ab77abdfe79945f3e361be637ee814f2a83ac282ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s01_agent_loop/code.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 77203, "scanner": "repobility-threat-engine", "fingerprint": "40efb112f8cd27329b2a1275f33d2c2068ed23fbfad406018e4a489a9abe5730", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40efb112f8cd27329b2a1275f33d2c2068ed23fbfad406018e4a489a9abe5730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s01_agent_loop.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED034", "level": "none", "message": {"text": "[MINED034] Python Subprocess Shell True (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 77202, "scanner": "repobility-threat-engine", "fingerprint": "b9289c963b24366c8731eeb0348418c9c95aacb79bcd3d6a002548b625a95bed", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b9289c963b24366c8731eeb0348418c9c95aacb79bcd3d6a002548b625a95bed", "aggregated_count": 14}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 77198, "scanner": "repobility-threat-engine", "fingerprint": "c0243c95a960df79d347d546f02c8d708977edbd4a97478c529e24c680ef3789", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c0243c95a960df79d347d546f02c8d708977edbd4a97478c529e24c680ef3789", "aggregated_count": 4}}}, {"ruleId": "SEC005", "level": "none", "message": {"text": "[SEC005] Command Injection Risk (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 77194, "scanner": "repobility-threat-engine", "fingerprint": "031a8dbb4961ac3e3dd017062cab7a57145e01e16498e98de9d577f04e531fd3", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|031a8dbb4961ac3e3dd017062cab7a57145e01e16498e98de9d577f04e531fd3"}}}, {"ruleId": "GHSA-q4gf-8mx6-v5v3", "level": "error", "message": {"text": "next: GHSA-q4gf-8mx6-v5v3"}, "properties": {"repobilityId": 77240, "scanner": "osv-scanner", "fingerprint": "c2a957f94a48412ed26b0e187f38ab023bf67deb328f8258e427979594806ed1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "next", "rule_id": "GHSA-q4gf-8mx6-v5v3", "scanner": "osv-scanner", "correlation_key": "vuln|next|GHSA-Q4GF-8MX6-V5V3|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mg66-mrh9-m8jx", "level": "error", "message": {"text": "next: GHSA-mg66-mrh9-m8jx"}, "properties": {"repobilityId": 77238, "scanner": "osv-scanner", "fingerprint": "7b0a80666f8887715175a1708cb36bb7ca9206fbdf92d009c96a2198cbd6408e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44579"], "package": "next", "rule_id": "GHSA-mg66-mrh9-m8jx", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44579|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c4j6-fc7j-m34r", "level": "error", "message": {"text": "next: GHSA-c4j6-fc7j-m34r"}, "properties": {"repobilityId": 77231, "scanner": "osv-scanner", "fingerprint": "b5bbc3a7c2dcd8d8f763eb5e7d887eafcfa57e101946a50105c8a47e4070d1ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44578"], "package": "next", "rule_id": "GHSA-c4j6-fc7j-m34r", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44578|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8h8q-6873-q5fj", "level": "error", "message": {"text": "next: GHSA-8h8q-6873-q5fj"}, "properties": {"repobilityId": 77230, "scanner": "osv-scanner", "fingerprint": "2a100898286768ab40aa7db15a61594db536caab5fc857f458fab2f3ff9cdd69", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "next", "rule_id": "GHSA-8h8q-6873-q5fj", "scanner": "osv-scanner", "correlation_key": "vuln|next|GHSA-8H8Q-6873-Q5FJ|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-492v-c6pp-mqqv", "level": "error", "message": {"text": "next: GHSA-492v-c6pp-mqqv"}, "properties": {"repobilityId": 77229, "scanner": "osv-scanner", "fingerprint": "4d1ac9f7df757df83cad66a72c8fd80861469f2d9cfdbb95343df728ed29efe3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44574"], "package": "next", "rule_id": "GHSA-492v-c6pp-mqqv", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44574|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-36qx-fr4f-26g5", "level": "error", "message": {"text": "next: GHSA-36qx-fr4f-26g5"}, "properties": {"repobilityId": 77226, "scanner": "osv-scanner", "fingerprint": "4e45e36fc48852405e93df1dd303e181a8b1cccebe3131035ada3fb61bab268d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44573"], "package": "next", "rule_id": "GHSA-36qx-fr4f-26g5", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44573|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-26hh-7cqf-hhc6", "level": "error", "message": {"text": "next: GHSA-26hh-7cqf-hhc6"}, "properties": {"repobilityId": 77225, "scanner": "osv-scanner", "fingerprint": "1857e47822a632b8cbfb81bccf6447a86368c1dcfb6d1fd354c65040255ccc25", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45109"], "package": "next", "rule_id": "GHSA-26hh-7cqf-hhc6", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-45109|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-267c-6grr-h53f", "level": "error", "message": {"text": "next: GHSA-267c-6grr-h53f"}, "properties": {"repobilityId": 77224, "scanner": "osv-scanner", "fingerprint": "c1fd0a38e445741bae387eca0c4a1782c6b4cd26ef841404ba520b32e81d615f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44575"], "package": "next", "rule_id": "GHSA-267c-6grr-h53f", "scanner": "osv-scanner", "correlation_key": "vuln|next|CVE-2026-44575|web/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 77201, "scanner": "repobility-threat-engine", "fingerprint": "af75b3f4cc7e5770313a58c76b7b56d3b9b98b7c30f82abb9ab4a93b4bcb3471", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|af75b3f4cc7e5770313a58c76b7b56d3b9b98b7c30f82abb9ab4a93b4bcb3471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s03_todo_write.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 77200, "scanner": "repobility-threat-engine", "fingerprint": "490ebf2910c7e8708dce5135182acbe0ec188e7817a4ba89a07f30f8096e7640", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|490ebf2910c7e8708dce5135182acbe0ec188e7817a4ba89a07f30f8096e7640"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s02_tool_use.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 77199, "scanner": "repobility-threat-engine", "fingerprint": "81e08350bce126c6d152887ece074763976f56c142a041f56056844cf3564ea6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|81e08350bce126c6d152887ece074763976f56c142a041f56056844cf3564ea6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s01_agent_loop.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 77197, "scanner": "repobility-threat-engine", "fingerprint": "735cb5589ae5aef807906333a96a9dcf4e3c2be847ffe3758e64c78d73476124", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|735cb5589ae5aef807906333a96a9dcf4e3c2be847ffe3758e64c78d73476124"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s02_tool_use/code.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 77196, "scanner": "repobility-threat-engine", "fingerprint": "c3f0553e454a45b114dfc0b341b51bbe1e69314d77740e3d06a3fbeab23daa32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3f0553e454a45b114dfc0b341b51bbe1e69314d77740e3d06a3fbeab23daa32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "s01_agent_loop/code.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 77195, "scanner": "repobility-threat-engine", "fingerprint": "663e0d010582ffc8132de059ad57a2fc1112fd1d2d687d774051f2200d57a15b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|663e0d010582ffc8132de059ad57a2fc1112fd1d2d687d774051f2200d57a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s01_agent_loop.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_agent_scripts_compile"}, "properties": {"repobilityId": 77187, "scanner": "repobility-ast-engine", "fingerprint": "d93bc42d1516b60b6238f59e2c18bc11fe062dd389b9c2f7cebdb7a70db4cda5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d93bc42d1516b60b6238f59e2c18bc11fe062dd389b9c2f7cebdb7a70db4cda5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_agents_smoke.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._load` used but never assigned in __init__"}, "properties": {"repobilityId": 77186, "scanner": "repobility-ast-engine", "fingerprint": "1965b207771ea970c9f89f1c4aa47e30251dc8844765b1098d1d2ddc82b65e6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1965b207771ea970c9f89f1c4aa47e30251dc8844765b1098d1d2ddc82b65e6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s_full.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._load` used but never assigned in __init__"}, "properties": {"repobilityId": 77185, "scanner": "repobility-ast-engine", "fingerprint": "aad67867ca9c4c1bc3291e61d4bcd568a559774123554ffecc5e56792c0b47e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aad67867ca9c4c1bc3291e61d4bcd568a559774123554ffecc5e56792c0b47e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s_full.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._next_id` used but never assigned in __init__"}, "properties": {"repobilityId": 77184, "scanner": "repobility-ast-engine", "fingerprint": "a2da242046fb716e617fa5e5333368b020446f6c956aa554c433a6c20dcb21c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2da242046fb716e617fa5e5333368b020446f6c956aa554c433a6c20dcb21c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s_full.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save` used but never assigned in __init__"}, "properties": {"repobilityId": 77183, "scanner": "repobility-ast-engine", "fingerprint": "45a462ca29515de14677f92dcc3b229d1234a88772ee2c37919a85dec3bc06df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45a462ca29515de14677f92dcc3b229d1234a88772ee2c37919a85dec3bc06df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s_full.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.render` used but never assigned in __init__"}, "properties": {"repobilityId": 77182, "scanner": "repobility-ast-engine", "fingerprint": "da2a5448cf261242e8b9352509737daf2f56c666fe04d61231abea9583585f17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da2a5448cf261242e8b9352509737daf2f56c666fe04d61231abea9583585f17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s_full.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save` used but never assigned in __init__"}, "properties": {"repobilityId": 77179, "scanner": "repobility-ast-engine", "fingerprint": "05ebe1b67018da8c657ef590eeb5d5d3f50c13df48a13fd41e9a4a36793f0b99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05ebe1b67018da8c657ef590eeb5d5d3f50c13df48a13fd41e9a4a36793f0b99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._clear_dependency` used but never assigned in __init__"}, "properties": {"repobilityId": 77178, "scanner": "repobility-ast-engine", "fingerprint": "7454f29cfd4638d647a38eadf74c360144100f97783b25b53767eab27c7c9435", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7454f29cfd4638d647a38eadf74c360144100f97783b25b53767eab27c7c9435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save` used but never assigned in __init__"}, "properties": {"repobilityId": 77177, "scanner": "repobility-ast-engine", "fingerprint": "e1eb9d0fa50bcde39a19783ebf84ea6400396a6848c419e9dd4941e232990069", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1eb9d0fa50bcde39a19783ebf84ea6400396a6848c419e9dd4941e232990069"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._load` used but never assigned in __init__"}, "properties": {"repobilityId": 77176, "scanner": "repobility-ast-engine", "fingerprint": "226e4564ba5bfac59522f32d9e0173cfa9a87ee56163368255c6b2a143ebbc46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|226e4564ba5bfac59522f32d9e0173cfa9a87ee56163368255c6b2a143ebbc46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._load` used but never assigned in __init__"}, "properties": {"repobilityId": 77175, "scanner": "repobility-ast-engine", "fingerprint": "c68ff298d641dd26ab8ccfa627b19e1a242c165013bcf7e494fdf568b1026cee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c68ff298d641dd26ab8ccfa627b19e1a242c165013bcf7e494fdf568b1026cee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save` used but never assigned in __init__"}, "properties": {"repobilityId": 77174, "scanner": "repobility-ast-engine", "fingerprint": "7d92515dfd08dcf8dd77961dd768ec9d3b5183d9d737ff4d75979f18aaa7cdd1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d92515dfd08dcf8dd77961dd768ec9d3b5183d9d737ff4d75979f18aaa7cdd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s07_task_system.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_status` used but never assigned in __init__"}, "properties": {"repobilityId": 77164, "scanner": "repobility-ast-engine", "fingerprint": "cff47652171cd51ab4756c979d510d48321669fc69dcac3979c9441bae8a1663", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cff47652171cd51ab4756c979d510d48321669fc69dcac3979c9441bae8a1663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exec` used but never assigned in __init__"}, "properties": {"repobilityId": 77163, "scanner": "repobility-ast-engine", "fingerprint": "f3f8bd019b3b893d0401d08941f9a8f4bf75dc25c3c908d1b19be39acf133921", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3f8bd019b3b893d0401d08941f9a8f4bf75dc25c3c908d1b19be39acf133921"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_status` used but never assigned in __init__"}, "properties": {"repobilityId": 77162, "scanner": "repobility-ast-engine", "fingerprint": "f9e505234a07608d44582b7336d77a6a4072253e2fe11f9f2830ade95ae1be56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9e505234a07608d44582b7336d77a6a4072253e2fe11f9f2830ade95ae1be56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_status` used but never assigned in __init__"}, "properties": {"repobilityId": 77161, "scanner": "repobility-ast-engine", "fingerprint": "ed53e567364bdef33865f3633156417d17e1710a67d5648f67d2fed48c739601", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed53e567364bdef33865f3633156417d17e1710a67d5648f67d2fed48c739601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_status` used but never assigned in __init__"}, "properties": {"repobilityId": 77160, "scanner": "repobility-ast-engine", "fingerprint": "9baaa11dc26c58c2d4d381a06cf815e5066f66944311b922b7deb643cea359db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9baaa11dc26c58c2d4d381a06cf815e5066f66944311b922b7deb643cea359db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_status` used but never assigned in __init__"}, "properties": {"repobilityId": 77159, "scanner": "repobility-ast-engine", "fingerprint": "a46b46ab67e526818dd0f7dbfe651fae9e84a0d457f4e7cbe508fc8e57f698bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a46b46ab67e526818dd0f7dbfe651fae9e84a0d457f4e7cbe508fc8e57f698bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._set_status` used but never assigned in __init__"}, "properties": {"repobilityId": 77158, "scanner": "repobility-ast-engine", "fingerprint": "4343741257b4051da75e59c63a0872de3674dfbd1063ab4648a2d037c1d61ebe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4343741257b4051da75e59c63a0872de3674dfbd1063ab4648a2d037c1d61ebe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._teammate_tools` used but never assigned in __init__"}, "properties": {"repobilityId": 77157, "scanner": "repobility-ast-engine", "fingerprint": "c9630f5bc044b8e82294b2d5bfb8f8217ec2f444c433eedaa1c12390453865ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9630f5bc044b8e82294b2d5bfb8f8217ec2f444c433eedaa1c12390453865ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._loop` used but never assigned in __init__"}, "properties": {"repobilityId": 77156, "scanner": "repobility-ast-engine", "fingerprint": "3e1ebfffd750c0686e91df921286f577a47a1c4b3407b92ed9ca8f5f667e8702", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e1ebfffd750c0686e91df921286f577a47a1c4b3407b92ed9ca8f5f667e8702"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save_config` used but never assigned in __init__"}, "properties": {"repobilityId": 77155, "scanner": "repobility-ast-engine", "fingerprint": "f7875216b4fce6515f0022e821114ee0c5181bf07eefd3a2abe577133fa94c0f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7875216b4fce6515f0022e821114ee0c5181bf07eefd3a2abe577133fa94c0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._find_member` used but never assigned in __init__"}, "properties": {"repobilityId": 77154, "scanner": "repobility-ast-engine", "fingerprint": "cce9afef69e35133efb8fe5ba2269dce915c0cbfd9d512383ac027d7c014a734", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cce9afef69e35133efb8fe5ba2269dce915c0cbfd9d512383ac027d7c014a734"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save_config` used but never assigned in __init__"}, "properties": {"repobilityId": 77153, "scanner": "repobility-ast-engine", "fingerprint": "26552d1cca159b8f03b38c9ca2e09a89e3328dbe9301ea2f1c8ef54c79dd3a3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26552d1cca159b8f03b38c9ca2e09a89e3328dbe9301ea2f1c8ef54c79dd3a3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._find_member` used but never assigned in __init__"}, "properties": {"repobilityId": 77152, "scanner": "repobility-ast-engine", "fingerprint": "219d83d99a929902a70c84daf55c8f8312d1be6ec836a957d579da3706c78471", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|219d83d99a929902a70c84daf55c8f8312d1be6ec836a957d579da3706c78471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send` used but never assigned in __init__"}, "properties": {"repobilityId": 77151, "scanner": "repobility-ast-engine", "fingerprint": "fe96d02306189c685d30aff22000a290b38bfdce7ac55e9ec1a65acb34b80ad5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe96d02306189c685d30aff22000a290b38bfdce7ac55e9ec1a65acb34b80ad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/s11_autonomous_agents.py"}, "region": {"startLine": 118}}}]}]}]}