Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
65 of your 109 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

speakeasy-api/gram

https://github.com/speakeasy-api/gram · scanned 2026-06-05 20:20 UTC (4 days, 13 hours ago) · 10 languages

1081 raw signals (103 security + 978 graph) 11/13 scanners ran 47th percentile · Typescript · medium (20-100K LoC)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 13 hours ago · v2 · 515 actionable findings from 2 signal sources. 77 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
71.7
/100
Security checks
76
40 findings
System graph
68
100.0% cov · 475 findings
Critical
1
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 100.0 0.25 25.00
testing_score 25.0 0.20 5.00
documentation_score 70.0 0.15 10.50
practices_score 69.0 0.15 10.35
code_quality 80.0 0.10 8.00
Overall 1.00 67.8
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 1 High 18 Medium 65 Low 256 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 40 System graph 475 Crowd 0 Layer: Security 11 Quality 294 Software 59 Cicd 3 Frontend 126 Network 3 Hardware 6 Api 13
Scan summary Quality grade B- (68/100). Dimensions: security 100, maintainability 60. 103 findings (44 security). 49,193 lines analyzed.

Showing 340 of 515 actionable findings. 592 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Security checks cicd CI/CD security conf 0.35 ✓ Repobility 24 occurrences Workflow references repository secrets in a pull_request workflow
Fork pull_request runs do not receive normal repository secrets on GitHub Actions. Review this as a reliability/intent signal, not as direct fork-secret exfiltration. Raise severity only for pull_request_target or another trusted-context path that runs untrusted PR code with secrets.
lines 216, 269, 318, 322, 330, 334, 343, 373, +16 more
.github/workflows/pr.yaml:216, 269, 318, 322, 330, 334, 343, 373, +16 more (24 hits)
CI/CD securityworkflow secretsGitHub Actions
critical System graph security Secrets conf 1.00 Possible secret in mise.toml
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
mise.toml:116
high Security checks software dependencies conf 0.90 ✓ Repobility 2 occurrences [MINED122] package.json dep `react-datepicker.css` pulled from URL/Git: `dependencies.react-datepicker.css` = `link:react-datepicker/dist/react-datepicker.css` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload.
Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI.
lines 1
examples/openai-apps-sdk/package.json:1 (2 hits)
high Security checks software dependencies conf 0.90 ✓ Repobility 4 occurrences [MINED126] Workflow container/services image `pgvector/pgvector:pg17` unpinned: `container/services image: pgvector/pgvector:pg17` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines.
Replace with `pgvector/pgvector:pg17@sha256:<digest>`. Re-pin via Dependabot Docker scope.
lines 411, 475, 583, 684
.github/workflows/pr.yaml:411, 475, 583, 684 (4 hits)
high Security checks quality Quality conf 1.00 [SEC126] LLM prompt leakage in code comments (Generate me a function that...): The author's prompt to an LLM (or the LLM's preamble) was committed as a code comment. This leaks the threat model, the AI tooling in use, and often the original system-prompt fragments — useful to attackers profiling the codebase. Also a strong signal the code below was not reviewed by a human. CWE-540 (information exposure through source comments).
Remove the comment. If you want to document AI authorship, use a neutral tag like `# generated-by: codegen` rather than the literal prompt. Add a pre-commit hook that rejects comments starting with `Generate me`, `Sure!`, `Here's`.
.github/scripts/risk-metrics-comment.py:54
medium Security checks cicd CI/CD security conf 0.90 ✓ Repobility 10 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `anthropics/claude-code-action` pinned to mutable ref `@v1`: `uses: anthropics/claude-code-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to…
2 files, 10 locations
.github/workflows/pr.yaml:442, 453, 510, 518 (8 hits)
.github/workflows/claude.yml:35 (2 hits)
CI/CD securitySupply chainGitHub Actions
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/gram-mode (dev-idp-dashboard/src/hooks/use-gram-mode.ts:22)
`dev-idp-dashboard/src/hooks/use-gram-mode.ts:22` calls `GET /api/gram-mode` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/gram-mode` If this points at an external API, prefix it with `https://` so the matcher skip…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /devidp${prefix}/.well-known/${suffix} (dev-idp-dashboard/src/components/providers/DiscoveryPane.tsx:5)
`dev-idp-dashboard/src/components/providers/DiscoveryPane.tsx:5` calls `GET /devidp${prefix}/.well-known/${suffix}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/devidp/<p>/.well-known/<p>` If this points at an ext…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /devidp/workos/${suffix} (dev-idp-dashboard/src/components/providers/WorkosModePane.tsx:39)
`dev-idp-dashboard/src/components/providers/WorkosModePane.tsx:39` calls `GET /devidp/workos/${suffix}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/devidp/workos/<p>` If this points at an external API, prefix it …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET https://api.github.com/search/users?q=${encodeURIComponent(query)}&per_page=5 (client/dashboard/src/pages/plugins/PublishDialog.tsx:31)
`client/dashboard/src/pages/plugins/PublishDialog.tsx:31` calls `GET https://api.github.com/search/users?q=${encodeURIComponent(query)}&per_page=5` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.co…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET https://picsum.photos/200/300.jpg (ts-framework/create-function/gram-template-mcp/src/mcp.ts:33)
`ts-framework/create-function/gram-template-mcp/src/mcp.ts:33` calls `GET https://picsum.photos/200/300.jpg` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/picsum.photos/<p>/300.jpg` If this points at an exte…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /rpc/${method} (dev-idp-dashboard/src/lib/devidp.ts:83)
`dev-idp-dashboard/src/lib/devidp.ts:83` calls `POST /rpc/${method}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/rpc/<p>` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /rpc/assets.uploadImage (client/dashboard/src/components/useAssetImageUploadHandler.ts:10)
`client/dashboard/src/components/useAssetImageUploadHandler.ts:10` calls `POST /rpc/assets.uploadImage` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/rpc/assets.uploadimage` If this points at an external API, prefi…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST https://${cfg.accountIdentifier}.snowflakecomputing.com/api/v2/statements (examples/snowflake/src/snowflake.ts:56)
`examples/snowflake/src/snowflake.ts:56` calls `POST https://${cfg.accountIdentifier}.snowflakecomputing.com/api/v2/statements` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/<p>.snowflakecomputing.com/api/v2…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST https://approval-service.example.com/check (examples/functions-approve/src/gram.ts:131)
`examples/functions-approve/src/gram.ts:131` calls `POST https://approval-service.example.com/check` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/approval-service.example.com/check` If this points at an ext…
Dangling fetchFetch
high System graph security auth conf 1.00 FastAPI POST `detect` without auth dependency — services/pi-classifier/app.py:134
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
services/pi-classifier/app.py:134 securityAuth fastapi unauth mutation
medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.
high Security checks security auth conf 0.74 [AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes.
medium Security checks quality Practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
Add a .gitignore appropriate for your language/framework.
medium Security checks software Open redirect conf 1.00 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030.
Validate the URL is same-origin or on an explicit allowlist before assignment: const u = new URL(serverUrl, location.href); if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return; location.assign(u); Even better: have the server return a path (/checkout/done) instead of a full …
client/dashboard/src/components/access/ShadowMCPRequestAccessContent.tsx:54
medium Security checks quality Quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).
Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).
client/dashboard/src/components/webgl/ascii-stars.tsx:46
high Security checks security auth conf 0.82 2 occurrences Browser storage is used for session token material
Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens.
lines 43, 49
client/dashboard/src/components/access/ShadowMCPRequestAccessContent.tsx:43, 49 (2 hits)
high Security checks quality Quality conf 0.80 3 occurrences localStorage write failures are swallowed silently
Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.
3 files, 3 locations
client/dashboard/src/components/dev-toolbar.tsx:154
client/dashboard/src/components/observe/InsightsMCP.tsx:477
client/dashboard/src/components/ui/use-view-mode.ts:19
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version.
README.md:104
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version.
.github/workflows/public-oas-generation.yml:24
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — client/dashboard/src/components/ai-elements/code-block.tsx:72
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — client/dashboard/src/components/code.tsx:24
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — client/dashboard/src/components/ui/code-block.tsx:115
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — client/dashboard/src/pages/setup/components/steps/instrument-agents-step.tsx:79
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — elements/src/components/ui/tool-ui.tsx:289
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/components/ai-elements/prompt-input.tsx:297
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/components/useAssetImageUploadHandler.ts:10
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/contexts/Fetcher.tsx:10
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/contexts/SdkProvider.tsx:48
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/device-agent/DeviceAgent.tsx:37
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/elements/Elements.tsx:1151
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/onboarding/upload-openapi-utils.ts:79
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/playground/Agentify.tsx:65
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/playground/ChatWindow.tsx:226
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/playground/playground-auth-utils.ts:53
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/playground/PlaygroundAuth.tsx:97
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/dashboard/src/pages/playground/PlaygroundMcpApps.tsx:544
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/sdk/src/lib/http.ts:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dev-idp-dashboard/src/components/providers/DiscoveryPane.tsx:5
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dev-idp-dashboard/src/components/providers/WorkosModePane.tsx:39
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dev-idp-dashboard/src/hooks/use-gram-mode.ts:22
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dev-idp-dashboard/src/routes/devidp/$.ts:36
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dev-idp-dashboard/src/routes/rpc.$method.ts:32
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — elements/examples/bun/server.ts:34
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — elements/examples/tanstack-start/src/routes/chat.tsx:42
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — elements/src/components/Chat/stories/ConnectionConfiguration.stories.tsx:41
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — elements/src/components/ui/time-range-picker.tsx:238
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — elements/src/hooks/useAuth.ts:33
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — elements/src/hooks/useGramThreadListAdapter.tsx:148
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — elements/src/types/index.ts:481
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — examples/elements-embedded-chat/src/routes/api/chat.session.ts:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — examples/elements-embedded-chat/src/routes/chat.tsx:65
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — examples/external-apis/src/gram.ts:35
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — examples/functions-basic/src/spacex.ts:39
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — examples/functions-basic/src/weather.ts:67
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — examples/pylon-basic/src/gram.ts:55
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — examples/snowflake/src/snowflake.ts:56
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — ts-framework/create-function/gram-template-mcp/src/mcp.ts:33
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph hardware Security conf 1.00 Dockerfile runs as root: agents/runtime-image/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: client/dashboard/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: local/clickhouse/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph quality Integrity conf 1.00 Frontend route `/:orgSlug/projects/:projectSlug/approval-requests` has no Link/navigate to it — client/dashboard/src/components/access/ApprovalRequestsContent.test.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
Orphan pageWiring
medium System graph quality Integrity conf 1.00 Frontend route `/:planet?` has no Link/navigate to it — examples/openai-apps-sdk/src/solar-system/solar-system.jsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
Orphan pageWiring
medium System graph quality Integrity conf 1.00 5 occurrences Frontend route `/slack/register` has no Link/navigate to it — client/dashboard/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
5 occurrences
repo-level (5 hits)
Orphan pageWiring
medium System graph quality Integrity conf 1.00 Frontend route `place/:placeId` has no Link/navigate to it — examples/openai-apps-sdk/src/pizzaz/index.jsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
Orphan pageWiring
medium System graph cicd CI/CD security conf 1.00 6 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
6 files, 6 locations
.github/workflows/cla.yml
.github/workflows/claude.yml
.github/workflows/elements-docs.yml
.github/workflows/pr.yaml
.github/workflows/public-oas-generation.yml
.github/workflows/release.yaml
CI/CD securitySupply chainGithub actions
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in client/dashboard/src/components/ai-elements/code-block.tsx:72
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
client/dashboard/src/components/ai-elements/code-block.tsx:72 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in client/dashboard/src/components/ui/code-block.tsx:115
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
client/dashboard/src/components/ui/code-block.tsx:115 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in client/dashboard/src/pages/setup/components/steps/instrument-agents-step.tsx:79
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
client/dashboard/src/pages/setup/components/steps/instrument-agents-step.tsx:79 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in elements/src/components/ui/tool-ui.tsx:289
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
elements/src/components/ui/tool-ui.tsx:289 Dangerous innerhtml
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — examples/agentsapi/complex.py:39
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — examples/agentsapi/complex_async.py:43
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — examples/agentsapi/complex_sub_agents.py:58
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — examples/agentsapi/multi_turn_agent_example.py:35
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — examples/agentsapi/multi_turn_response_style.py:31
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — examples/agentsapi/no_storage.py:33
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — examples/agentsapi/simple.py:31
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph network Security conf 1.00 Privileged port 256 in use
Port 256 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
agents/runtime-image/Dockerfile Ports
medium System graph network Security conf 1.00 Privileged port 67 in use
Port 67 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
agents/runtime-image/Dockerfile Ports
medium System graph network Security conf 1.00 Privileged port 963 in use
Port 963 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
server/Dockerfile Ports
low Security checks quality Error handling conf 1.00 [ERR003] Ignored Error (Go): Ignoring error return values.
Handle the error or use errcheck linter.
cli/internal/auth/listener.go:220
low Security checks quality Error handling conf 1.00 [ERR003] Ignored Error (Go): Ignoring error return values.
Handle the error or use errcheck linter.
cli/internal/app/auth.go:64
low Security checks quality Quality conf 0.60 16 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 14 locations
client/dashboard/src/components/observe/useDateRangeFilter.ts:24, 34 (2 hits)
client/dashboard/src/components/observe/useObserveFilters.ts:102, 104 (2 hits)
cli/internal/app/install_gemini_cli.go:18
client/dashboard/src/components/mcp/MCPTableRow.tsx:114
client/dashboard/src/components/observe/LogsMCP.tsx:97
client/dashboard/src/components/org-sidebar.tsx:19
client/dashboard/src/components/sources/SourceTableRow.tsx:36
client/dashboard/src/components/sources/SourcesEmptyState.tsx:63
duplicationquality
low System graph quality Integrity conf 1.00 23 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `APPROVAL_API_KEY`, `DEV`, `EMBED_ORIGIN`, `GRAM_API_URL`, `HF_LOCAL_FILES_ONLY`, `MAX_BATCH`, `MAX_BODY_BYTES`, `MAX_LENGTH` + 15 more. Add them (with a placeholder/comment) to .env.example so onboarding doesn't break.
config drift
low System graph quality Maintenance conf 1.00 68 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: clickhouse/clickhouse-server:25.8.3
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
local/clickhouse/Dockerfile:1 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nginxinc/nginx-unprivileged:alpine
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
client/dashboard/Dockerfile:1 containersPinned dependencies
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/eslint.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/knip.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/ai-elements/response.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/chart/ChartCard.test.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/gram-logo/variants/vertical.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/http-method-colors.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/monaco-editor.lazy.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/observe/observeFilterConstants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/observe/observeFilterUtils.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/public-mcp-warning-dialog.test.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/ui/hover-card.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/ui/mcp-icon.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/ui/slider.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/ui/toggle-variants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/upload-asset/step/context.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/upload-asset/step/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/upload-asset/stepper/context.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/webgl/components/webgl-video.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/webgl/constants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/webgl/hooks/use-ascii-store.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/webgl/index.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/components/webgl/store.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/audit-log-colors.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/chat-error.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/compute-changed-fields.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/externalMcpUserSessions.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/format.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/local-storage-keys.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/mcpOAuth.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/lib/models.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/main.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/access/changeRoleState.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/assistants/onboarding/docs/cron.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/assistants/onboarding/docs/slack.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/catalog/CategoryTabs.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/catalog/filter-defaults.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/collections/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/demo/components/demo-booking.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/demo/components/DemoBookingFlow.test.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/logs/TraceRow.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/mcp/wire-user-session-issuer/machine-types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/mcp/wire-user-session-issuer/rendering.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/playground/PlaygroundElementsOverrides.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/security/policy-data.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/setup/providers.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/pages/setup/setup-data.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/src/vite-env.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/vite.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: client/dashboard/vitest.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: functions/internal/javascript/tests/empty.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Tests conf 1.00 Low test-to-source ratio
764 tests / 4509 src (ratio 0.17).
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `heroku_api_key_v2` in client/dashboard/src/pages/security/policy-data.ts:656
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `isOneDayOld` in client/dashboard/src/pages/deployments/deployment/Deployment.tsx:317
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: receive
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
services/pi-classifier/app.py:91
low System graph frontend Frontend quality conf 1.00 React Flow <Controls> without dark theming — client/dashboard/src/components/observe/InsightsEmployeeDetail.tsx:711
`<Controls>` ships with white buttons. Override `.react-flow__controls` and `.react-flow__controls-button` in your stylesheet or pass a styled wrapper. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.controls.no-bg
Fq controls no bg
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — client/dashboard/src/contexts/Telemetry.tsx:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — client/dashboard/src/lib/CustomChatTransport.ts:31
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — client/dashboard/src/pages/elements/Elements.tsx:1049
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — client/dashboard/src/pages/playground/ManageToolsDialog.tsx:251
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — client/dashboard/src/pages/playground/Playground.tsx:477
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — client/dashboard/src/pages/sdk/examples.ts:64
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — client/sdk/examples/accessCreateRole.example.ts:31
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — elements/examples/bun/server.ts:39
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — elements/examples/express/server.ts:36
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — elements/examples/hono/server.ts:35
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — elements/src/components/Chat/stories/MessageFeedback.stories.tsx:160
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — elements/src/components/ui/time-range-picker.stories.tsx:59
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — elements/src/contexts/ElementsProvider.tsx:389
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — evaluation/src/run-tests.ts:48
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — evaluation/src/test-runner.ts:36
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/clickhouse/scripts/seed.ts:283
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/clickhouse/src/gram.test.ts:31
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/openai-apps-sdk/pizzaz_server_node/scripts/build-inlined.ts:76
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/pgvector/scripts/seed.ts:41
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/pinecone/scripts/seed.ts:34
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/planetscale/scripts/seed.ts:275
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/read-pdfs-from-google-drive/src/oauth.ts:83
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/read-pdfs-from-google-drive/src/server.ts:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/turbopuffer/scripts/delete-movies-namespace.ts:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — examples/turbopuffer/scripts/seed.ts:61
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — ts-framework/create-function/src/main.ts:24
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph api Wiring conf 1.00 Unused endpoint: GET
`client/dashboard/src/components/observe/InsightsTools.tsx` declares `GET ` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /mcp
`examples/openai-apps-sdk/pizzaz_server_node/src/server.ts` declares `GET /mcp` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /detect
`services/pi-classifier/app.py` declares `POST /detect` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mcp
`examples/openai-apps-sdk/pizzaz_server_node/src/server.ts` declares `POST /mcp` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes i…
Unused endpoint
low System graph quality Complexity conf 1.00 Very large file: client/dashboard/src/components/observe/InsightsEmployeeDetail.tsx (1675 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: client/dashboard/src/components/observe/InsightsMCP.tsx (1747 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: client/dashboard/src/pages/assistants/onboarding/tools/useOnboardingTools.tsx (1985 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: client/dashboard/src/pages/elements/Elements.tsx (1829 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: client/dashboard/src/pages/mcp/MCPDetails.tsx (2408 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: client/dashboard/src/pages/onboarding/Wizard.tsx (1801 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: client/dashboard/src/pages/security/PolicyCenter.tsx (1482 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: dev-idp/internal/modes/mockworkos/workos.go (1481 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/cmd/gram/start.go (1258 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/design/telemetry/design.go (1567 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/access/client/encode_decode.go (5813 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/access/client/types.go (15556 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/access/server/encode_decode.go (5413 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/access/server/server.go (1414 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/access/server/types.go (9291 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/admin/client/encode_decode.go (2219 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/admin/client/types.go (5778 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/admin/server/encode_decode.go (1941 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/admin/server/types.go (3353 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/ai_integrations/client/types.go (1970 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assets/client/encode_decode.go (3115 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assets/client/types.go (7293 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assets/server/encode_decode.go (2788 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assets/server/types.go (4291 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assistant_memories/client/types.go (1989 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assistants/client/encode_decode.go (1727 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assistants/client/types.go (4824 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assistants/server/encode_decode.go (1588 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/assistants/server/types.go (2897 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/auditlogs/client/types.go (1329 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/auth/client/types.go (3618 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/auth/server/types.go (2076 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/chat/client/encode_decode.go (1507 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/chat/client/types.go (3846 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/chat/server/types.go (2284 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/cli/gram/cli.go (13001 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/collections/client/encode_decode.go (1802 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/collections/client/types.go (4560 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/collections/server/encode_decode.go (1697 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/collections/server/types.go (2779 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/deployments/client/encode_decode.go (2300 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/deployments/client/types.go (5740 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/deployments/server/encode_decode.go (2117 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/deployments/server/types.go (3606 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/domains/client/types.go (3181 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/domains/server/types.go (1859 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/environments/client/encode_decode.go (2670 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/environments/client/types.go (7310 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/environments/server/encode_decode.go (2517 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/environments/server/types.go (4420 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/features/client/types.go (1247 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/hooks/client/encode_decode.go (1787 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/hooks/client/types.go (3353 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/hooks/server/types.go (2343 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/hooks_server_names/client/types.go (1839 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/instances/client/types.go (1697 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/integrations/client/types.go (1323 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/keys/client/types.go (2611 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/keys/server/types.go (1523 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_endpoints/client/encode_decode.go (1482 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_endpoints/client/types.go (3916 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_endpoints/server/types.go (2345 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_metadata/client/types.go (2239 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_metadata/server/types.go (1378 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_registries/client/types.go (2685 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_registries/server/types.go (1592 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_servers/client/encode_decode.go (1522 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_servers/client/types.go (4111 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/mcp_servers/server/types.go (2467 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/organization_remote_session_issuers/client/encode_decode.go (1272 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/organization_remote_session_issuers/client/types.go (3696 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/organization_remote_session_issuers/server/types.go (2306 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/organizations/client/encode_decode.go (3375 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/organizations/client/types.go (8899 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/organizations/server/encode_decode.go (2920 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/organizations/server/types.go (5282 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/otel_forwarding/client/types.go (1948 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/packages/client/types.go (3296 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/packages/server/types.go (2052 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/plugins/client/encode_decode.go (3887 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/plugins/client/types.go (10289 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/plugins/server/encode_decode.go (3581 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/plugins/server/types.go (6125 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/projects/client/encode_decode.go (1945 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/projects/client/types.go (5023 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/projects/server/encode_decode.go (1834 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/projects/server/types.go (2991 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_mcp/client/encode_decode.go (1826 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_mcp/client/types.go (4747 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_mcp/server/encode_decode.go (1757 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_mcp/server/types.go (2850 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_clients/client/encode_decode.go (1509 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_clients/client/types.go (4242 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_clients/server/encode_decode.go (1469 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_clients/server/types.go (2637 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_issuers/client/encode_decode.go (1526 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_issuers/client/types.go (4240 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_issuers/server/encode_decode.go (1478 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_session_issuers/server/types.go (2669 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/remote_sessions/client/types.go (1288 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/risk/client/encode_decode.go (6341 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/risk/client/types.go (16972 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/risk/server/encode_decode.go (6231 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/risk/server/server.go (1527 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/risk/server/types.go (10273 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/slack/client/types.go (3918 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/slack/server/types.go (2380 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/telemetry/client/encode_decode.go (4180 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/telemetry/client/types.go (10913 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/telemetry/server/encode_decode.go (4024 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/telemetry/server/types.go (6813 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/templates/client/encode_decode.go (1826 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/templates/client/types.go (4607 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/templates/server/encode_decode.go (1768 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/templates/server/types.go (2839 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/tools/client/types.go (1436 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/toolsets/client/encode_decode.go (4627 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/toolsets/client/types.go (14352 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/toolsets/server/encode_decode.go (4511 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/toolsets/server/types.go (8465 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/triggers/client/encode_decode.go (1971 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/gen/http/triggers/client/types.go (5575 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.

Showing first 300 of 340. Refine filters or use the findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/0e0e6adc-c30f-4993-8ef2-8ec1e775f5b0/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/0e0e6adc-c30f-4993-8ef2-8ec1e775f5b0/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.