Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 81.45s for a 91.5 MB repo slow.
  • Repobility's analysis ran in 13.57s after the clone landed.

coasty-ai/open-computer-use

https://github.com/coasty-ai/open-computer-use · scanned 2026-05-31 01:28 UTC (5 days, 7 hours ago) · 10 languages

1664 findings (283 legacy + 1381 scanner) 10/13 scanners ran 84th percentile · Typescript · large (100-500K LoC) Scanner says 62 (higher by 22)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 7 hours ago · v2 · last Δ -0.1 (diff) · 995 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
75.9
/100
Repobility
90
283 legacy
9-layer
62
100.0% cov · 712 gaps
Critical
11
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 100.0 0.25 25.00
testing_score 100.0 0.20 20.00
documentation_score 92.0 0.15 13.80
practices_score 52.0 0.15 7.80
code_quality 45.0 0.10 4.50
Overall 1.00 83.8
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 11 High 355 Medium 116 Low 213 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 283 9-layer 712 Crowd 0 Layer: Quality 512 Security 75 Software 82 Cicd 17 Frontend 164 Hardware 4 Api 141
Scan summary Repository scanned at 62.1/100 with 100.0% coverage. It contains 6348 nodes across 28 cross-layer flows, written primarily in mixed languages. Engine surfaced 712 findings — concentrated in quality (297), frontend (164), api (141). Risk profile is high: 7 critical, 163 high, 100 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 637 of 995 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Legacy quality quality conf 1.00 ✓ Repobility [MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data — RCE.
Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context.
docker/ai-desktop/obfuscate.py:57 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes.
Add `import stat` at the top of the file.
docker/ai-desktop/ai_agent_server.py:3008 qualitylegacy
critical Legacy quality quality conf 1.00 [SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3).
Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC.
docker/ai-desktop/obfuscate.py:57 qualitylegacy
critical Legacy security deserialization conf 1.00 [SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes — direct RCE on untrusted input. `unsafe_load` is even more dangerous.
Use `YAML.safe_load(input, permitted_classes: [Date])` — explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead.
docker/ai-desktop/obfuscate.py:100 deserializationlegacy
critical 9-layer security secrets conf 1.00 Possible secret in app/components/secrets/import-dialog.tsx
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
app/components/secrets/import-dialog.tsx:518 secrets
critical 9-layer security secrets conf 1.00 Possible secret in lib/import-credentials.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lib/import-credentials.ts:17 secrets
critical 9-layer security secrets conf 1.00 Possible secret in lib/import-credentials.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lib/import-credentials.ts:29 secrets
critical 9-layer security secrets conf 1.00 Possible secret in lib/import-credentials.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lib/import-credentials.ts:41 secrets
critical 9-layer security secrets conf 1.00 Possible secret in lib/import-credentials.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lib/import-credentials.ts:53 secrets
critical 9-layer security secrets conf 1.00 Possible secret in lib/import-credentials.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lib/import-credentials.ts:65 secrets
critical 9-layer security secrets conf 1.00 Possible secret in lib/import-credentials.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lib/import-credentials.ts:77 secrets
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /projects/:projectId/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/projects/[projectId]/route.ts:18 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /chats/:chatId/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/chats/[chatId]/route.ts:91 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /electron/machines/:id/approvals/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/electron/machines/[id]/approvals/route.ts:12 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /projects/:projectId/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/projects/[projectId]/route.ts:10 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /swarm/:swarmId/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/swarm/[swarmId]/route.ts:16 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /electron/machines/:id/approvals/:approvalId/respond/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/electron/machines/[id]/approvals/[approvalId]/respond/route.ts:12 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /swarm/:swarmId/pause/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/swarm/[swarmId]/pause/route.ts:19 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /swarm/:swarmId/resume/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/swarm/[swarmId]/resume/route.ts:19 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /swarm/:swarmId/stop/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/swarm/[swarmId]/stop/route.ts:22 authlegacy
high Legacy security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /projects/:projectId/route.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
app/api/projects/[projectId]/route.ts:14 authlegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
docker/ai-desktop/obfuscate.py:94 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
campaigns/sender.py:67 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).
Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context.
electron/src/main/native-screenshot.ts:124 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._apply_cdp_stealth` used but never assigned in __init__: Method `connect_to_existing` of class `StealthBrowser` reads `self._apply_cdp_stealth`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._apply_cdp_stealth = <default>` in __init__, or add a class-level default.
docker/ai-desktop/stealth_browser.py:363 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._apply_cdp_stealth` used but never assigned in __init__: Method `create_undetected_driver` of class `StealthBrowser` reads `self._apply_cdp_stealth`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._apply_cdp_stealth = <default>` in __init__, or add a class-level default.
docker/ai-desktop/stealth_browser.py:193 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._connect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:215 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._connect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:181 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._connect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:132 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._connect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:158 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._connect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:96 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._connect` used but never assigned in __init__: Method `send_test` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._connect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:274 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._disconnect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:213 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._disconnect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:179 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._disconnect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:134 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._disconnect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:156 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._disconnect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:218 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_test` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._disconnect = <default>` in __init__, or add a class-level default.
campaigns/sender.py:278 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._get_or_create_profile` used but never assigned in __init__: Method `_setup_chrome_options` of class `StealthBrowser` reads `self._get_or_create_profile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._get_or_create_profile = <default>` in __init__, or add a class-level default.
docker/ai-desktop/stealth_browser.py:125 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._get_random_user_agent` used but never assigned in __init__: Method `_setup_chrome_options` of class `StealthBrowser` reads `self._get_random_user_agent`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._get_random_user_agent = <default>` in __init__, or add a class-level default.
docker/ai-desktop/stealth_browser.py:99 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._get_random_viewport` used but never assigned in __init__: Method `_setup_chrome_options` of class `StealthBrowser` reads `self._get_random_viewport`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._get_random_viewport = <default>` in __init__, or add a class-level default.
docker/ai-desktop/stealth_browser.py:63 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._send_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._send_one = <default>` in __init__, or add a class-level default.
campaigns/sender.py:183 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._send_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._send_one = <default>` in __init__, or add a class-level default.
campaigns/sender.py:133 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._send_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._send_one = <default>` in __init__, or add a class-level default.
campaigns/sender.py:142 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._setup_chrome_options` used but never assigned in __init__: Method `create_undetected_driver` of class `StealthBrowser` reads `self._setup_chrome_options`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._setup_chrome_options = <default>` in __init__, or add a class-level default.
docker/ai-desktop/stealth_browser.py:167 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.close_browser` used but never assigned in __init__: Method `close_all` of class `BrowserManager` reads `self.close_browser`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.close_browser = <default>` in __init__, or add a class-level default.
docker/ai-desktop/stealth_browser.py:487 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:1926 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:1901 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:1899 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:1936 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:3199 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:3191 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:912 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:909 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:713 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:717 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:677 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:648 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:622 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:596 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:553 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:541 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:527 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:529 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:512 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:498 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:485 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:472 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `switch_to_window`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:1870 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED110] Blocking call `time.sleep` inside async function `switch_to_window`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
docker/ai-desktop/ai_agent_server.py:1875 qualitylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED118] Dockerfile FROM `node:18-alpine` not pinned by digest: `FROM node:18-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Replace with: `FROM node:18-alpine@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot).
Dockerfile:2 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Replace with: `FROM ubuntu:22.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot).
docker/ai-desktop/Dockerfile:2 dependencylegacy
low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.
For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.
components/motion-primitives/progressive-blur.tsx:39 xsslegacy
low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.
For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.
app/blog/feed.xml/route.ts:31 xsslegacy
low Legacy quality quality conf 1.00 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).
Use a literal RegExp or whitelist-validate user input before constructing patterns.
scripts/check-userdata-size.mjs:9 qualitylegacy
low Legacy quality quality conf 1.00 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).
Use a literal RegExp or whitelist-validate user input before constructing patterns.
scripts/check-agent-size.mjs:7 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
electron/src/renderer/components/MessageItem.tsx:25 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
docker/ai-desktop/obfuscate.py:61 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
app/components/chat/message-parser.tsx:50 qualitylegacy
high Legacy security path_traversal conf 1.00 [SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly.
After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`.
electron/src/main/file-ops.ts:130 path_traversallegacy
high Legacy security auth conf 0.78 Consent is collected in UI without visible backend audit persistence
Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state.
app/api/chats/[chatId]/route.ts:123 authlegacy
high Legacy cicd docker conf 0.95 Docker final stage runs as root
Create an application user after package installation and switch to it with USER appuser or USER 10001.
docker/ai-desktop/Dockerfile:267 dockerlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.
app/auth/login-page.tsx:929 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.
app/auth/login-page.tsx:861 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.
electron/src/renderer/components/AuthScreen.tsx:263 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.
electron/src/renderer/components/AuthScreen.tsx:249 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.
app/auth/reset-password/page.tsx:100 authlegacy
high 9-layer quality integrity conf 1.00 Blocking `requests.get(...)` inside `async def connect_to_browser` — docker/ai-desktop/ai_agent_server.py:3266
Sync I/O inside an async function blocks the event loop. While `requests.get(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_th…
docker/ai-desktop/ai_agent_server.py:3266 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def arrange_windows` — docker/ai-desktop/ai_agent_server.py:1899
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:1899 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def arrange_windows` — docker/ai-desktop/ai_agent_server.py:1901
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:1901 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def arrange_windows` — docker/ai-desktop/ai_agent_server.py:1926
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:1926 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def arrange_windows` — docker/ai-desktop/ai_agent_server.py:1936
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:1936 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def browser_click_element` — docker/ai-desktop/ai_agent_server.py:4866
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:4866 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def browser_open_and_connect` — docker/ai-desktop/ai_agent_server.py:3182
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:3182 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def browser_open_and_connect` — docker/ai-desktop/ai_agent_server.py:3191
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:3191 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def browser_open_and_connect` — docker/ai-desktop/ai_agent_server.py:3199
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:3199 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def browser_open_and_connect` — docker/ai-desktop/ai_agent_server.py:3206
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:3206 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def browser_open_and_connect` — docker/ai-desktop/ai_agent_server.py:3210
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:3210 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def browser_open_and_connect` — docker/ai-desktop/ai_agent_server.py:3231
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:3231 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:472
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:472 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:485
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:485 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:498
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:498 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:512
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:512 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:527
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:527 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:529
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:529 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:541
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:541 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:553
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:553 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:596
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:596 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:622
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:622 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:648
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:648 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:677
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:677 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:713
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:713 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:717
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:717 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:909
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:909 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def execute_command` — docker/ai-desktop/ai_agent_server.py:912
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:912 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def switch_to_window` — docker/ai-desktop/ai_agent_server.py:1870
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:1870 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def switch_to_window` — docker/ai-desktop/ai_agent_server.py:1875
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
docker/ai-desktop/ai_agent_server.py:1875 integritysync-io-in-asyncperformance
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/collaborative-rooms/${roomId}/activity (app/components/collaborative/use-collaborative-room.ts:110)
`app/components/collaborative/use-collaborative-room.ts:110` calls `DELETE /api/collaborative-rooms/${roomId}/activity` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/<p>/activity` If this points…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/collaborative-rooms/${roomId}/participants (app/components/collaborative/participants-list.tsx:108)
`app/components/collaborative/participants-list.tsx:108` calls `DELETE /api/collaborative-rooms/${roomId}/participants` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/<p>/participants` If this po…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/machines/${machineIdRef.current}/terminal?sessionId=${sid} (app/components/machines/ssh-terminal.tsx:55)
`app/components/machines/ssh-terminal.tsx:55` calls `DELETE /api/machines/${machineIdRef.current}/terminal?sessionId=${sid}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/terminal` If this points at an…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /api/secrets/${deleteTarget.id} (app/components/secrets/secrets-content.tsx:342)
`app/components/secrets/secrets-content.tsx:342` calls `DELETE /api/secrets/${deleteTarget.id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/secrets/<p>` If this points at an external API, prefix it with `https://…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/blog/posts (components/seo/internal-links.tsx:41)
`components/seo/internal-links.tsx:41` calls `GET /api/blog/posts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/blog/posts` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/blog/seo-pages (app/computer-use/[task]/page.tsx:22)
`app/computer-use/[task]/page.tsx:22` calls `GET /api/blog/seo-pages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/blog/seo-pages` If this points at an external API, prefix it with `https://` so the matcher skips …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/chat/machine-status/${selectedVMId} (app/components/chat-input/chat-input.tsx:450)
`app/components/chat-input/chat-input.tsx:450` calls `GET /api/chat/machine-status/${selectedVMId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat/machine-status/<p>` If this points at an external API, prefix i…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/chats/${chat.id}/messages (app/components/history/history-content.tsx:554)
`app/components/history/history-content.tsx:554` calls `GET /api/chats/${chat.id}/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chats/<p>/messages` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/chats/${chatId} (app/components/chat/chat-visibility-toggle.tsx:165)
`app/components/chat/chat-visibility-toggle.tsx:165` calls `GET /api/chats/${chatId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chats/<p>` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/chats/${chatId} (app/components/chat/chat-visibility-toggle.tsx:54)
`app/components/chat/chat-visibility-toggle.tsx:54` calls `GET /api/chats/${chatId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chats/<p>` If this points at an external API, prefix it with `https://` so the matc…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/chats/${chatId}/messages (lib/chat-store/messages/api.ts:65)
`lib/chat-store/messages/api.ts:65` calls `GET /api/chats/${chatId}/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chats/<p>/messages` If this points at an external API, prefix it with `https://` so the ma…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/collaborative-rooms/${chatId}/messages (lib/chat-store/messages/api.ts:30)
`lib/chat-store/messages/api.ts:30` calls `GET /api/collaborative-rooms/${chatId}/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/<p>/messages` If this points at an external API, prefix …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/collaborative-rooms/${roomId} (app/components/collaborative/use-collaborative-room.ts:59)
`app/components/collaborative/use-collaborative-room.ts:59` calls `GET /api/collaborative-rooms/${roomId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/<p>` If this points at an external API, p…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/collaborative-rooms/${roomId}/activity (app/components/collaborative/participants-list.tsx:55)
`app/components/collaborative/participants-list.tsx:55` calls `GET /api/collaborative-rooms/${roomId}/activity` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/<p>/activity` If this points at an e…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/credits/auto-refill (app/components/layout/settings/billing/billing-section.tsx:1240)
`app/components/layout/settings/billing/billing-section.tsx:1240` calls `GET /api/credits/auto-refill` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/credits/auto-refill` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/credits/balance (lib/hooks/use-credits.ts:32)
`lib/hooks/use-credits.ts:32` calls `GET /api/credits/balance` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/credits/balance` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/credits/balance (lib/hooks/use-credits.ts:55)
`lib/hooks/use-credits.ts:55` calls `GET /api/credits/balance` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/credits/balance` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/credits/history?limit=500 (app/components/layout/settings/billing/billing-section.tsx:1307)
`app/components/layout/settings/billing/billing-section.tsx:1307` calls `GET /api/credits/history?limit=500` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/credits/history` If this points at an external API, prefix …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/developer-tools (app/components/layout/settings/connections/developer-tools.tsx:26)
`app/components/layout/settings/connections/developer-tools.tsx:26` calls `GET /api/developer-tools` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/developer-tools` If this points at an external API, prefix it with …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/discover?page=${pageNum}&limit=24 (app/discover/page.tsx:245)
`app/discover/page.tsx:245` calls `GET /api/discover?page=${pageNum}&limit=24` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/discover` If this points at an external API, prefix it with `https://` so the matcher ski…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/download?_=${Date.now()} (app/download/page.tsx:193)
`app/download/page.tsx:193` calls `GET /api/download?_=${Date.now()}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/download` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/electron/machines/${machineId}/approvals (app/components/chat/remote-approval.tsx:80)
`app/components/chat/remote-approval.tsx:80` calls `GET /api/electron/machines/${machineId}/approvals` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/electron/machines/<p>/approvals` If this points at an external AP…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machine.id} (app/components/machines/simple-vnc-viewer.tsx:46)
`app/components/machines/simple-vnc-viewer.tsx:46` calls `GET /api/machines/${machine.id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https://` so…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machine.id}/ssh-key (app/components/machines/machine-settings.tsx:117)
`app/components/machines/machine-settings.tsx:117` calls `GET /api/machines/${machine.id}/ssh-key` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/ssh-key` If this points at an external API, prefix it wi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machine.id}/ssh-key (app/components/machines/ssh-connection-panel.tsx:39)
`app/components/machines/ssh-connection-panel.tsx:39` calls `GET /api/machines/${machine.id}/ssh-key` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/ssh-key` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machine.id}/status (app/components/machines/simple-vnc-viewer.tsx:41)
`app/components/machines/simple-vnc-viewer.tsx:41` calls `GET /api/machines/${machine.id}/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/status` If this points at an external API, prefix it with…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machineId} (app/components/chat/awaiting-human-banner.tsx:57)
`app/components/chat/awaiting-human-banner.tsx:57` calls `GET /api/machines/${machineId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https://` so …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machineId} (app/components/machines/machine-card.tsx:205)
`app/components/machines/machine-card.tsx:205` calls `GET /api/machines/${machineId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https://` so the …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machineId} (app/components/machines/machine-detail-content.tsx:256)
`app/components/machines/machine-detail-content.tsx:256` calls `GET /api/machines/${machineId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https:/…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machineId} (app/components/machines/machine-sessions-content.tsx:30)
`app/components/machines/machine-sessions-content.tsx:30` calls `GET /api/machines/${machineId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https:…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${machineId}/status (app/components/machines/machine-card.tsx:213)
`app/components/machines/machine-card.tsx:213` calls `GET /api/machines/${machineId}/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/status` If this points at an external API, prefix it with `htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${selectedVMId} (app/components/project/project-navigator.tsx:678)
`app/components/project/project-navigator.tsx:678` calls `GET /api/machines/${selectedVMId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https://` …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${selectedVMId}/agent-health (app/components/chat-input/chat-input.tsx:285)
`app/components/chat-input/chat-input.tsx:285` calls `GET /api/machines/${selectedVMId}/agent-health` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/agent-health` If this points at an external API, pref…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/machines/${selectedVMId}/agent-health (components/common/vm-selector/vm-selector.tsx:301)
`components/common/vm-selector/vm-selector.tsx:301` calls `GET /api/machines/${selectedVMId}/agent-health` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/agent-health` If this points at an external API,…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/projects (app/components/layout/sidebar/sidebar-project.tsx:22)
`app/components/layout/sidebar/sidebar-project.tsx:22` calls `GET /api/projects` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/projects` If this points at an external API, prefix it with `https://` so the matcher s…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/projects/${projectId} (app/p/[projectId]/project-view.tsx:66)
`app/p/[projectId]/project-view.tsx:66` calls `GET /api/projects/${projectId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/projects/<p>` If this points at an external API, prefix it with `https://` so the matcher…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/referral/stats (app/components/referral/referral-content.tsx:328)
`app/components/referral/referral-content.tsx:328` calls `GET /api/referral/stats` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/referral/stats` If this points at an external API, prefix it with `https://` so the m…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/referral/stats (app/components/referral/referral-popup.tsx:154)
`app/components/referral/referral-popup.tsx:154` calls `GET /api/referral/stats` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/referral/stats` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/secrets (app/components/chat/chat.tsx:1036)
`app/components/chat/chat.tsx:1036` calls `GET /api/secrets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/secrets` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/secrets (app/components/secrets/secrets-content.tsx:286)
`app/components/secrets/secrets-content.tsx:286` calls `GET /api/secrets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/secrets` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/secrets/${secret.id} (app/components/secrets/secret-dialog.tsx:51)
`app/components/secrets/secret-dialog.tsx:51` calls `GET /api/secrets/${secret.id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/secrets/<p>` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/secrets/${secret.id} (app/components/secrets/secrets-content.tsx:319)
`app/components/secrets/secrets-content.tsx:319` calls `GET /api/secrets/${secret.id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/secrets/<p>` If this points at an external API, prefix it with `https://` so the …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/status (app/status/page.tsx:621)
`app/status/page.tsx:621` calls `GET /api/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/status` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/status/history (app/status/page.tsx:637)
`app/status/page.tsx:637` calls `GET /api/status/history` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/status/history` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/subscription/status (app/components/credits/insufficient-credits-modal.tsx:77)
`app/components/credits/insufficient-credits-modal.tsx:77` calls `GET /api/subscription/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/subscription/status` If this points at an external API, prefix it with `…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/subscription/status (app/components/layout/settings/billing/billing-section.tsx:1221)
`app/components/layout/settings/billing/billing-section.tsx:1221` calls `GET /api/subscription/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/subscription/status` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/subscription/status (lib/hooks/use-subscription.ts:40)
`lib/hooks/use-subscription.ts:40` calls `GET /api/subscription/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/subscription/status` If this points at an external API, prefix it with `https://` so the matcher…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms (app/components/chat/active-swarm-banner.tsx:49)
`app/components/chat/active-swarm-banner.tsx:49` calls `GET /api/swarms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms (app/components/swarms/swarms-content.tsx:86)
`app/components/swarms/swarms-content.tsx:86` calls `GET /api/swarms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms (tests/lib/sidebar-hooks.test.ts:102)
`tests/lib/sidebar-hooks.test.ts:102` calls `GET /api/swarms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms (tests/lib/sidebar-hooks.test.ts:120)
`tests/lib/sidebar-hooks.test.ts:120` calls `GET /api/swarms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms (tests/lib/sidebar-hooks.test.ts:54)
`tests/lib/sidebar-hooks.test.ts:54` calls `GET /api/swarms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms (tests/lib/sidebar-hooks.test.ts:77)
`tests/lib/sidebar-hooks.test.ts:77` calls `GET /api/swarms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms/${active.swarm_id} (app/components/chat/active-swarm-banner.tsx:63)
`app/components/chat/active-swarm-banner.tsx:63` calls `GET /api/swarms/${active.swarm_id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms/<p>` If this points at an external API, prefix it with `https://` so …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms/${swarm.swarm_id} (app/components/swarms/swarms-content.tsx:474)
`app/components/swarms/swarms-content.tsx:474` calls `GET /api/swarms/${swarm.swarm_id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms/<p>` If this points at an external API, prefix it with `https://` so the…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/swarms/${swarm.swarm_id} (app/components/swarms/swarms-content.tsx:489)
`app/components/swarms/swarms-content.tsx:489` calls `GET /api/swarms/${swarm.swarm_id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms/<p>` If this points at an external API, prefix it with `https://` so the…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/test (tests/lib/sidebar-hooks.test.ts:26)
`tests/lib/sidebar-hooks.test.ts:26` calls `GET /api/test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/user-memory (app/components/layout/settings/general/memory-editor.tsx:123)
`app/components/layout/settings/general/memory-editor.tsx:123` calls `GET /api/user-memory` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user-memory` If this points at an external API, prefix it with `https://` so…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/user-memory (app/components/layout/settings/general/memory-section.tsx:36)
`app/components/layout/settings/general/memory-section.tsx:36` calls `GET /api/user-memory` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user-memory` If this points at an external API, prefix it with `https://` so…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/user-preferences (lib/user-preference-store/provider.tsx:46)
`lib/user-preference-store/provider.tsx:46` calls `GET /api/user-preferences` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user-preferences` If this points at an external API, prefix it with `https://` so the matc…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/user/encryption-prefs (app/components/layout/settings/general/data-section.tsx:174)
`app/components/layout/settings/general/data-section.tsx:174` calls `GET /api/user/encryption-prefs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user/encryption-prefs` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://${updatedMachine.public_ip_address}:8080/ (app/api/machines/route.ts:662)
`app/api/machines/route.ts:662` calls `GET http://${updatedMachine.public_ip_address}:8080/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/<p>:8080` If this points at an external API, prefix it with `https://…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/chats/${chat.id} (app/components/history/history-content.tsx:585)
`app/components/history/history-content.tsx:585` calls `PATCH /api/chats/${chat.id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chats/<p>` If this points at an external API, prefix it with `https://` so the matc…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/chats/${chatId} (app/components/chat/chat-visibility-toggle.tsx:77)
`app/components/chat/chat-visibility-toggle.tsx:77` calls `PATCH /api/chats/${chatId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chats/<p>` If this points at an external API, prefix it with `https://` so the ma…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/machines/${machine.id}/settings (app/components/machines/machine-settings.tsx:30)
`app/components/machines/machine-settings.tsx:30` calls `PATCH /api/machines/${machine.id}/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/settings` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PATCH /api/swarms/${swarm.swarm_id} (app/components/swarms/swarms-content.tsx:449)
`app/components/swarms/swarms-content.tsx:449` calls `PATCH /api/swarms/${swarm.swarm_id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarms/<p>` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/chat (app/components/machines/quick-file-transfer.tsx:159)
`app/components/machines/quick-file-transfer.tsx:159` calls `POST /api/chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/chat (app/components/machines/quick-file-transfer.tsx:68)
`app/components/machines/quick-file-transfer.tsx:68` calls `POST /api/chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/chat (lib/hooks/use-file-transfer.ts:153)
`lib/hooks/use-file-transfer.ts:153` calls `POST /api/chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/chat (lib/hooks/use-file-transfer.ts:247)
`lib/hooks/use-file-transfer.ts:247` calls `POST /api/chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/chat (lib/hooks/use-file-transfer.ts:80)
`lib/hooks/use-file-transfer.ts:80` calls `POST /api/chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/chat/resume-human/${machineId} (app/components/chat/awaiting-human-banner.tsx:146)
`app/components/chat/awaiting-human-banner.tsx:146` calls `POST /api/chat/resume-human/${machineId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat/resume-human/<p>` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/chat/stop-machine/${selectedVMId} (app/components/chat-input/chat-input.tsx:466)
`app/components/chat-input/chat-input.tsx:466` calls `POST /api/chat/stop-machine/${selectedVMId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/chat/stop-machine/<p>` If this points at an external API, prefix it w…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/collaborative-rooms (app/components/collaborative/dialog-create-room.tsx:64)
`app/components/collaborative/dialog-create-room.tsx:64` calls `POST /api/collaborative-rooms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms` If this points at an external API, prefix it with `h…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/collaborative-rooms/${roomId}/activity (app/components/collaborative/use-collaborative-room.ts:93)
`app/components/collaborative/use-collaborative-room.ts:93` calls `POST /api/collaborative-rooms/${roomId}/activity` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/<p>/activity` If this points at…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/collaborative-rooms/join (app/components/collaborative/dialog-join-room.tsx:61)
`app/components/collaborative/dialog-join-room.tsx:61` calls `POST /api/collaborative-rooms/join` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/join` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/collaborative-rooms/join (app/components/collaborative/join-room-dialog-content.tsx:45)
`app/components/collaborative/join-room-dialog-content.tsx:45` calls `POST /api/collaborative-rooms/join` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collaborative-rooms/join` If this points at an external API, p…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/create-chat (app/components/collaborative/create-room-dialog-content.tsx:43)
`app/components/collaborative/create-room-dialog-content.tsx:43` calls `POST /api/create-chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/create-chat` If this points at an external API, prefix it with `https://`…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/create-chat (app/components/schedules/create-schedule-dialog.tsx:371)
`app/components/schedules/create-schedule-dialog.tsx:371` calls `POST /api/create-chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/create-chat` If this points at an external API, prefix it with `https://` so the…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/create-chat (app/components/schedules/schedules-content.tsx:1441)
`app/components/schedules/schedules-content.tsx:1441` calls `POST /api/create-chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/create-chat` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/credits/auto-refill (app/components/layout/settings/billing/billing-section.tsx:1260)
`app/components/layout/settings/billing/billing-section.tsx:1260` calls `POST /api/credits/auto-refill` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/credits/auto-refill` If this points at an external API, prefix i…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/credits/auto-refill/execute (lib/hooks/use-credits.ts:28)
`lib/hooks/use-credits.ts:28` calls `POST /api/credits/auto-refill/execute` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/credits/auto-refill/execute` If this points at an external API, prefix it with `https://` so…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/credits/checkout (app/components/layout/settings/billing/billing-section.tsx:1495)
`app/components/layout/settings/billing/billing-section.tsx:1495` calls `POST /api/credits/checkout` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/credits/checkout` If this points at an external API, prefix it with…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/electron/machines/${machineId}/approvals/${approvalId}/respond (app/components/chat/remote-approval.tsx:109)
`app/components/chat/remote-approval.tsx:109` calls `POST /api/electron/machines/${machineId}/approvals/${approvalId}/respond` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/electron/machines/<p>/approvals/<p>/respo…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/feedback/run (app/components/chat/run-feedback-bar.tsx:64)
`app/components/chat/run-feedback-bar.tsx:64` calls `POST /api/feedback/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/feedback/run` If this points at an external API, prefix it with `https://` so the matcher s…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/feedback/run (components/common/feedback-form.tsx:114)
`components/common/feedback-form.tsx:114` calls `POST /api/feedback/run` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/feedback/run` If this points at an external API, prefix it with `https://` so the matcher skips…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=create-folder (app/components/project/file-explorer.tsx:514)
`app/components/project/file-explorer.tsx:514` calls `POST /api/files?op=create-folder` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the match…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=download (app/components/chat/file-attachment-display.tsx:86)
`app/components/chat/file-attachment-display.tsx:86` calls `POST /api/files?op=download` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matc…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=download (app/components/machines/file-transfer.tsx:326)
`app/components/machines/file-transfer.tsx:326` calls `POST /api/files?op=download` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matcher s…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=download (app/components/project/file-explorer.tsx:432)
`app/components/project/file-explorer.tsx:432` calls `POST /api/files?op=download` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matcher sk…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=download-stream (app/components/chat/file-attachment-display.tsx:162)
`app/components/chat/file-attachment-display.tsx:162` calls `POST /api/files?op=download-stream` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=list (app/components/machines/file-transfer.tsx:165)
`app/components/machines/file-transfer.tsx:165` calls `POST /api/files?op=list` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matcher skips…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=list (app/components/project/file-explorer.tsx:208)
`app/components/project/file-explorer.tsx:208` calls `POST /api/files?op=list` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matcher skips …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=upload (app/components/machines/file-transfer.tsx:235)
`app/components/machines/file-transfer.tsx:235` calls `POST /api/files?op=upload` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matcher ski…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=upload (app/components/project/file-explorer.tsx:399)
`app/components/project/file-explorer.tsx:399` calls `POST /api/files?op=upload` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matcher skip…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/files?op=upload (lib/vm-file-handling.ts:51)
`lib/vm-file-handling.ts:51` calls `POST /api/files?op=upload` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/files` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/locale (app/components/layout/settings/appearance/language-selection.tsx:47)
`app/components/layout/settings/appearance/language-selection.tsx:47` calls `POST /api/locale` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/locale` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/locale (components/language-switcher.tsx:39)
`components/language-switcher.tsx:39` calls `POST /api/locale` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/locale` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/${machine.id} (app/components/machines/machine-card.tsx:127)
`app/components/machines/machine-card.tsx:127` calls `POST /api/machines/${machine.id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/${machineIdRef.current}/terminal (app/components/machines/ssh-terminal.tsx:101)
`app/components/machines/ssh-terminal.tsx:101` calls `POST /api/machines/${machineIdRef.current}/terminal` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/terminal` If this points at an external API, pre…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/${machineIdRef.current}/terminal/input (app/components/machines/ssh-terminal.tsx:68)
`app/components/machines/ssh-terminal.tsx:68` calls `POST /api/machines/${machineIdRef.current}/terminal/input` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/terminal/input` If this points at an extern…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/${machineIdRef.current}/terminal/resize (app/components/machines/ssh-terminal.tsx:247)
`app/components/machines/ssh-terminal.tsx:247` calls `POST /api/machines/${machineIdRef.current}/terminal/resize` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/terminal/resize` If this points at an ext…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/${machineId} (app/components/machines/machine-detail-content.tsx:292)
`app/components/machines/machine-detail-content.tsx:292` calls `POST /api/machines/${machineId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https:…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/${machineId}/screenshot (lib/vm/screenshot-service.ts:28)
`lib/vm/screenshot-service.ts:28` calls `POST /api/machines/${machineId}/screenshot` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>/screenshot` If this points at an external API, prefix it with `https:/…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/${selectedVMId} (app/components/chat-input/chat-input.tsx:387)
`app/components/chat-input/chat-input.tsx:387` calls `POST /api/machines/${selectedVMId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/<p>` If this points at an external API, prefix it with `https://` so …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/machines/ai/execute (app/components/machines/ai-command-panel.tsx:64)
`app/components/machines/ai-command-panel.tsx:64` calls `POST /api/machines/ai/execute` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/machines/ai/execute` If this points at an external API, prefix it with `https://…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/onboarding (app/onboarding/onboarding-flow.tsx:155)
`app/onboarding/onboarding-flow.tsx:155` calls `POST /api/onboarding` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/onboarding` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/onboarding (app/onboarding/onboarding-flow.tsx:986)
`app/onboarding/onboarding-flow.tsx:986` calls `POST /api/onboarding` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/onboarding` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/referral/claim (app/components/referral/referral-processor.tsx:26)
`app/components/referral/referral-processor.tsx:26` calls `POST /api/referral/claim` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/referral/claim` If this points at an external API, prefix it with `https://` so the…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/secrets/import (app/components/secrets/import-dialog.tsx:197)
`app/components/secrets/import-dialog.tsx:197` calls `POST /api/secrets/import` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/secrets/import` If this points at an external API, prefix it with `https://` so the matc…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/subscription/checkout (app/components/layout/settings/billing/billing-section.tsx:1468)
`app/components/layout/settings/billing/billing-section.tsx:1468` calls `POST /api/subscription/checkout` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/subscription/checkout` If this points at an external API, pref…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/subscription/portal (app/components/layout/settings/billing/billing-section.tsx:1513)
`app/components/layout/settings/billing/billing-section.tsx:1513` calls `POST /api/subscription/portal` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/subscription/portal` If this points at an external API, prefix i…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/swarm (app/components/chat/swarm-panel.tsx:279)
`app/components/chat/swarm-panel.tsx:279` calls `POST /api/swarm` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarm` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/swarm/${swarm.swarm_id}/pause (app/components/swarms/swarms-content.tsx:426)
`app/components/swarms/swarms-content.tsx:426` calls `POST /api/swarm/${swarm.swarm_id}/pause` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarm/<p>/pause` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/swarm/${swarm.swarm_id}/resume (app/components/swarms/swarms-content.tsx:435)
`app/components/swarms/swarms-content.tsx:435` calls `POST /api/swarm/${swarm.swarm_id}/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarm/<p>/resume` If this points at an external API, prefix it with `htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/swarm/${swarm.swarm_id}/stop (app/components/swarms/swarms-content.tsx:411)
`app/components/swarms/swarms-content.tsx:411` calls `POST /api/swarm/${swarm.swarm_id}/stop` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarm/<p>/stop` If this points at an external API, prefix it with `https:/…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/swarm/${swarmId}/pause (app/components/chat/swarm-panel.tsx:384)
`app/components/chat/swarm-panel.tsx:384` calls `POST /api/swarm/${swarmId}/pause` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarm/<p>/pause` If this points at an external API, prefix it with `https://` so the …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/swarm/${swarmId}/resume (app/components/chat/swarm-panel.tsx:394)
`app/components/chat/swarm-panel.tsx:394` calls `POST /api/swarm/${swarmId}/resume` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarm/<p>/resume` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/swarm/${swarmId}/stop (app/components/chat/swarm-panel.tsx:371)
`app/components/chat/swarm-panel.tsx:371` calls `POST /api/swarm/${swarmId}/stop` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/swarm/<p>/stop` If this points at an external API, prefix it with `https://` so the ma…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/validate-email (lib/email-validation.ts:53)
`lib/email-validation.ts:53` calls `POST /api/validate-email` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/validate-email` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/machines (app/api-docs/page.tsx:526)
`app/api-docs/page.tsx:526` calls `POST https://coasty.ai/v1/machines` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/machines` If this points at an external API, prefix it with `https://` so the…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/machines (app/guide/tabs/api.tsx:352)
`app/guide/tabs/api.tsx:352` calls `POST https://coasty.ai/v1/machines` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/machines` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/predict (app/api-docs/page.tsx:328)
`app/api-docs/page.tsx:328` calls `POST https://coasty.ai/v1/predict` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/predict` If this points at an external API, prefix it with `https://` so the m…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/predict (app/components/developers/developers-content.tsx:776)
`app/components/developers/developers-content.tsx:776` calls `POST https://coasty.ai/v1/predict` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/predict` If this points at an external API, prefix …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/predict (app/guide/tabs/api.tsx:101)
`app/guide/tabs/api.tsx:101` calls `POST https://coasty.ai/v1/predict` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/predict` If this points at an external API, prefix it with `https://` so the …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/schedules (app/api-docs/page.tsx:407)
`app/api-docs/page.tsx:407` calls `POST https://coasty.ai/v1/schedules` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/schedules` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/schedules (app/guide/tabs/api.tsx:652)
`app/guide/tabs/api.tsx:652` calls `POST https://coasty.ai/v1/schedules` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/schedules` If this points at an external API, prefix it with `https://` so …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://coasty.ai/v1/sessions (app/guide/tabs/api.tsx:116)
`app/guide/tabs/api.tsx:116` calls `POST https://coasty.ai/v1/sessions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/coasty.ai/v1/sessions` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/user-memory (app/components/layout/settings/general/memory-editor.tsx:171)
`app/components/layout/settings/general/memory-editor.tsx:171` calls `PUT /api/user-memory` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user-memory` If this points at an external API, prefix it with `https://` so…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/user-memory (app/components/layout/settings/general/memory-editor.tsx:220)
`app/components/layout/settings/general/memory-editor.tsx:220` calls `PUT /api/user-memory` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user-memory` If this points at an external API, prefix it with `https://` so…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/user-preferences (lib/user-preference-store/provider.tsx:76)
`lib/user-preference-store/provider.tsx:76` calls `PUT /api/user-preferences` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user-preferences` If this points at an external API, prefix it with `https://` so the matc…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PUT /api/user/encryption-prefs (app/components/layout/settings/general/data-section.tsx:207)
`app/components/layout/settings/general/data-section.tsx:207` calls `PUT /api/user/encryption-prefs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/user/encryption-prefs` If this points at an external API, prefix it…
wiringdangling-fetchfetch
medium Legacy security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.
authlegacy
high Legacy security auth conf 0.74 [AUC002] Low visible authorization coverage in route inventory: Only 32.4% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes.
authlegacy
high Legacy security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /swarms/shared/:id/route.
Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml.
app/api/swarms/shared/[id]/route.ts:11 authlegacy
high Legacy security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PATCH /machines/:id/settings/route.
Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml.
app/api/machines/[id]/settings/route.ts:11 authlegacy
high Legacy security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /machines/cleanup/route.
Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml.
app/api/machines/cleanup/route.ts:39 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /auth/callback.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/auth/callback/route.ts:7 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /auth/desktop-callback.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/auth/desktop-callback/route.ts:12 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /blog/feed.xml.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/blog/feed.xml/route.ts:19 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /collaborative-rooms/route.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/api/collaborative-rooms/route.ts:5 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /csrf/route.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/api/csrf/route.ts:5 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /developers/route.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/api/developers/route.ts:76 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /user-memory/route.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/api/user-memory/route.ts:20 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /collaborative-rooms/route.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/api/collaborative-rooms/route.ts:56 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /validate-email/route.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/api/validate-email/route.ts:7 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /user-memory/route.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
app/api/user-memory/route.ts:79 authlegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
docker/ai-desktop/obfuscate.py:94 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
campaigns/sender.py:67 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
app/api/status/route.ts:44 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
app/api/status/history/route.ts:79 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
app/api/chat/route.ts:235 error_handlinglegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:298 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:280 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:205 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2902 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2386 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:5160 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2944 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:5388 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:4994 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:3269 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:3153 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:3054 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2975 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2907 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2819 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2710 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2651 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:2531 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:5749 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
docker/ai-desktop/ai_agent_server.py:4464 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
scripts/check_no_jwt_leak.py:130 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
campaigns/sender.py:55 qualitylegacy
low Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
docker/ai-desktop/obfuscate.py:57 deserializationlegacy
low Legacy security security conf 1.00 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility.
Add rel="noopener noreferrer" to every <a target="_blank">: <a href="..." target="_blank" rel="noopener noreferrer">link</a> For dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden — costs nothing.
app/components/layout/settings/apikeys/byok-section.tsx:287 securitylegacy
low Legacy security security conf 1.00 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility.
Add rel="noopener noreferrer" to every <a target="_blank">: <a href="..." target="_blank" rel="noopener noreferrer">link</a> For dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden — costs nothing.
app/components/layout/dialog-publish.tsx:57 securitylegacy
low Legacy security security conf 1.00 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility.
Add rel="noopener noreferrer" to every <a target="_blank">: <a href="..." target="_blank" rel="noopener noreferrer">link</a> For dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden — costs nothing.
app/components/chat-input/button-view-screen.tsx:24 securitylegacy
medium Legacy software open_redirect conf 1.00 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030.
Validate the URL is same-origin or on an explicit allowlist before assignment: const u = new URL(serverUrl, location.href); if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return; location.assign(u); Even better: have the server return a path (/checkout/done) instead of a full …
app/components/collaborative/dialog-collaborative-auth.tsx:53 open_redirectlegacy
medium Legacy software open_redirect conf 1.00 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030.
Validate the URL is same-origin or on an explicit allowlist before assignment: const u = new URL(serverUrl, location.href); if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return; location.assign(u); Even better: have the server return a path (/checkout/done) instead of a full …
app/components/chat/dialog-auth.tsx:54 open_redirectlegacy
medium Legacy software open_redirect conf 1.00 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030.
Validate the URL is same-origin or on an explicit allowlist before assignment: const u = new URL(serverUrl, location.href); if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return; location.assign(u); Even better: have the server return a path (/checkout/done) instead of a full …
app/components/chat-input/popover-content-auth.tsx:45 open_redirectlegacy
medium Legacy quality quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).
Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).
app/api/onboarding/route.ts:18 qualitylegacy
medium Legacy security security conf 1.00 [SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets.
Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only).
docker/ai-desktop/obfuscate.py:111 securitylegacy

Showing first 300 of 637. Refine filters or use the legacy findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/0e944bde-4911-4fc7-bd85-665b19a7e379/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/0e944bde-4911-4fc7-bd85-665b19a7e379/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.