{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC119", "name": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbo", "shortDescription": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "fullDescription": {"text": "Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only)."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `get_variant_stats` has cognitive complexity 15 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `get_variant_stats` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /de"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PATCH /machines/:id/settin"}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 32.4% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 32.4% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `nextjs-app` image has no explicit tag", "shortDescription": {"text": "Compose service `nextjs-app` image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKR004", "name": "Docker build secret exposed through ARG", "shortDescription": {"text": "Docker build secret exposed through ARG"}, "fullDescription": {"text": "Replace secret ARG usage with `RUN --mount=type=secret,id=name ...` and pass the value with `docker build --secret`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "MINED065", "name": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public re", "shortDescription": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-942,CWE-346 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED058] React Dangerously Set Html (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 37 more): Same pattern found in 37 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 38 more): Same pattern found in 38 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 114 more): Same pattern found in 114 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 114 more): Same pattern found in 114 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC100", "name": "[SEC100] CORS permissive Access-Control-Allow-Origin: * (and 3 more): Same pattern found in 3 additional files. Review i", "shortDescription": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: * (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Allowlist specific origins. For dynamic per-request validation, validate against a known list and echo the origin back. Never combine wildcard origin with credentials."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 31 more): Same pattern found in 31 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images shou"}, "fullDescription": {"text": "Replace with: `FROM ubuntu:22.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_internal_target_groups_have_healthy_targets: Test function `test_internal_target_", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_internal_target_groups_have_healthy_targets: Test function `test_internal_target_groups_have_healthy_targets` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `time.sleep` is a synchronous (b", "shortDescription": {"text": "[MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the proc"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.connect` used but never assigned in __init__: Method `ensure_connected` of class `InteractiveClient` re", "shortDescription": {"text": "[MINED108] `self.connect` used but never assigned in __init__: Method `ensure_connected` of class `InteractiveClient` reads `self.connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError"}, "fullDescription": {"text": "Initialize `self.connect = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /chats/:chatId/route."}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage runs as root", "shortDescription": {"text": "Docker final stage runs as root"}, "fullDescription": {"text": "Create an application user after package installation and switch to it with USER appuser or USER 10001."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED123", "name": "[MINED123] Trojan Source bidi character (LRO) in source: Line 877 contains a Unicode bidirectional override character (U", "shortDescription": {"text": "[MINED123] Trojan Source bidi character (LRO) in source: Line 877 contains a Unicode bidirectional override character (U+202D LRO). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see diff"}, "fullDescription": {"text": "Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. T", "shortDescription": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import http` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/190"}, "properties": {"repository": "coasty-ai/open-computer-use", "repoUrl": "https://github.com/coasty-ai/open-computer-use", "branch": "production"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51598, "scanner": "repobility-ast-engine", "fingerprint": "1d19a39576179ea9d45724d9190acd67a443d0626272f359d421acd4724d4d65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d19a39576179ea9d45724d9190acd67a443d0626272f359d421acd4724d4d65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51597, "scanner": "repobility-ast-engine", "fingerprint": "cf485eaa643856825ee8afff1f33bf27672f7b1f0f46b93060a7c41bd7bcce30", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf485eaa643856825ee8afff1f33bf27672f7b1f0f46b93060a7c41bd7bcce30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51596, "scanner": "repobility-ast-engine", "fingerprint": "179aa7635fa972bb86cb87fc6cc94c8fc3e89734615043f6526c5fd2d5f5b4d8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|179aa7635fa972bb86cb87fc6cc94c8fc3e89734615043f6526c5fd2d5f5b4d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51595, "scanner": "repobility-ast-engine", "fingerprint": "d3bd65175f8516c15c5581a1b765a52f679cd7d95de2e50c3c0f192c64b03101", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3bd65175f8516c15c5581a1b765a52f679cd7d95de2e50c3c0f192c64b03101"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2902}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51594, "scanner": "repobility-ast-engine", "fingerprint": "f521aab04cad494fe68349d492ffe00a4068863b3366117e78562f4385918a8f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f521aab04cad494fe68349d492ffe00a4068863b3366117e78562f4385918a8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2386}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51593, "scanner": "repobility-ast-engine", "fingerprint": "c39c0aaf3de11f0af1b04e092141988d9562880e0e4f5acdb2b22d629949d32e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c39c0aaf3de11f0af1b04e092141988d9562880e0e4f5acdb2b22d629949d32e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 5160}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51592, "scanner": "repobility-ast-engine", "fingerprint": "bbb52b9ab9052ed33c4912d130ea45516175402bf291bf3294d38dcdea02bab1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bbb52b9ab9052ed33c4912d130ea45516175402bf291bf3294d38dcdea02bab1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2944}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51591, "scanner": "repobility-ast-engine", "fingerprint": "4ffb8fdf8e68d9ffe7518e88abdf5db7ae0d6f1eb5d3346b65c7f72d3ce75061", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ffb8fdf8e68d9ffe7518e88abdf5db7ae0d6f1eb5d3346b65c7f72d3ce75061"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 5388}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51590, "scanner": "repobility-ast-engine", "fingerprint": "43f961d4094e53a3ea1f26146cf89b0793ac529a923b54810e4bf4982e3000a0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43f961d4094e53a3ea1f26146cf89b0793ac529a923b54810e4bf4982e3000a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 4994}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51589, "scanner": "repobility-ast-engine", "fingerprint": "d8e23fdff7f280bb9f9df1ce04e20383dbfd4e34869377065152f13807ecf049", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8e23fdff7f280bb9f9df1ce04e20383dbfd4e34869377065152f13807ecf049"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 3269}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51588, "scanner": "repobility-ast-engine", "fingerprint": "7dfc782474572d3be7fac3d0af31c4b367d7f1df51c0a72da870189d014962c4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7dfc782474572d3be7fac3d0af31c4b367d7f1df51c0a72da870189d014962c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 3153}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51587, "scanner": "repobility-ast-engine", "fingerprint": "31ec2a09c3993ce4085d67d36a9f6db30511729a74a220c9f62510f8ea221605", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31ec2a09c3993ce4085d67d36a9f6db30511729a74a220c9f62510f8ea221605"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 3054}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51586, "scanner": "repobility-ast-engine", "fingerprint": "5b176df9d8a6e5c0459d01550fce26e03a8f15ddee5b395e495d056176486a7e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b176df9d8a6e5c0459d01550fce26e03a8f15ddee5b395e495d056176486a7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2975}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51585, "scanner": "repobility-ast-engine", "fingerprint": "5871af163432a40f8a0f1f6f2fde4829b14636a32ff261309961eec4c895bf8d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5871af163432a40f8a0f1f6f2fde4829b14636a32ff261309961eec4c895bf8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2907}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51584, "scanner": "repobility-ast-engine", "fingerprint": "4d72389beee0a9fd26d0e720a40e2f98fdaa5c164cf068180747e160dae13bf1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d72389beee0a9fd26d0e720a40e2f98fdaa5c164cf068180747e160dae13bf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2819}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51583, "scanner": "repobility-ast-engine", "fingerprint": "5000ce1611cf0604424279ad4c1ade95f47ffe8c7aa2c0c94ce315f989da0fb3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5000ce1611cf0604424279ad4c1ade95f47ffe8c7aa2c0c94ce315f989da0fb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2710}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51582, "scanner": "repobility-ast-engine", "fingerprint": "bc0d7c341ba905188d826def4b8ff299b6407d1a35b450966675eb59dd48a3ec", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc0d7c341ba905188d826def4b8ff299b6407d1a35b450966675eb59dd48a3ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2651}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51581, "scanner": "repobility-ast-engine", "fingerprint": "b69b15a5175606ff9e3f1ad201b261fd894e4fa8977aa4515441cda98631cf63", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b69b15a5175606ff9e3f1ad201b261fd894e4fa8977aa4515441cda98631cf63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2531}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51580, "scanner": "repobility-ast-engine", "fingerprint": "a0958c36b3fb492b3a4ce056a5f905efe3481d124879b42c72486fd390fac5c2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0958c36b3fb492b3a4ce056a5f905efe3481d124879b42c72486fd390fac5c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 5749}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51579, "scanner": "repobility-ast-engine", "fingerprint": "8e0e1c583edc998a5ff03df9b2a9051de91f17c6798662f843052dc9b369d980", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e0e1c583edc998a5ff03df9b2a9051de91f17c6798662f843052dc9b369d980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 4464}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51553, "scanner": "repobility-ast-engine", "fingerprint": "aa606cc2ca431582310fedfbaf7df871a9cdb33a8b396c89ae6cec29ddcb1a45", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa606cc2ca431582310fedfbaf7df871a9cdb33a8b396c89ae6cec29ddcb1a45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/interactive_test.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51552, "scanner": "repobility-ast-engine", "fingerprint": "6388af5a2a9ecd234cdef4b55189dd01f9e2b7625fb60f8a6358f20230226436", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6388af5a2a9ecd234cdef4b55189dd01f9e2b7625fb60f8a6358f20230226436"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/interactive_test.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51551, "scanner": "repobility-ast-engine", "fingerprint": "c03f1112f6618eb074d8553c0dc0c4bdbe4fb1bb6cc7a494ba95a3c3a13c852e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c03f1112f6618eb074d8553c0dc0c4bdbe4fb1bb6cc7a494ba95a3c3a13c852e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/interactive_test.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51539, "scanner": "repobility-ast-engine", "fingerprint": "0a1c22ea2fc6bd8372c7f43ada2139268b5217cc86d432262da84740690d28f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a1c22ea2fc6bd8372c7f43ada2139268b5217cc86d432262da84740690d28f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_no_jwt_leak.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 51538, "scanner": "repobility-ast-engine", "fingerprint": "b96ca22d6fb7d1f15807e0489d74b8b70a86b297e97fb77369ababef2c45dbad", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b96ca22d6fb7d1f15807e0489d74b8b70a86b297e97fb77369ababef2c45dbad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 51520, "scanner": "repobility-journey-contract", "fingerprint": "b03a4d8b25fa4b3d2a0950bb7572aa8f553f5fc1471ad486af75b1d43984ac47", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/chat/resume-human/{param}", "correlation_key": "fp|b03a4d8b25fa4b3d2a0950bb7572aa8f553f5fc1471ad486af75b1d43984ac47", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/awaiting-human-banner.tsx"}, "region": {"startLine": 146}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 51519, "scanner": "repobility-journey-contract", "fingerprint": "f767baabadf4df901e17cc8c64e0371cbd2baaca2f040058e58a30f5bbc95bcb", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/machines/{param}", "correlation_key": "fp|f767baabadf4df901e17cc8c64e0371cbd2baaca2f040058e58a30f5bbc95bcb", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/awaiting-human-banner.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 51518, "scanner": "repobility-journey-contract", "fingerprint": "d0b2f6f8449069113a8526386fe25bb71fe191185979c31431c98593613dc3a4", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/files/{param}", "correlation_key": "fp|d0b2f6f8449069113a8526386fe25bb71fe191185979c31431c98593613dc3a4", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/files/route.ts"}, "region": {"startLine": 141}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 51517, "scanner": "repobility-agent-runtime", "fingerprint": "9bb7e60f8c4af11a9c54105d18608e7fc570115c9f5b5a3ea5711b4fed34ee32", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9bb7e60f8c4af11a9c54105d18608e7fc570115c9f5b5a3ea5711b4fed34ee32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/services/agent-health-check.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 51516, "scanner": "repobility-agent-runtime", "fingerprint": "70e9fca74f6bc281ef2bd3f19087c06e07e862aff620e83de9fa70bb687334de", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|70e9fca74f6bc281ef2bd3f19087c06e07e862aff620e83de9fa70bb687334de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/client-ip.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 51515, "scanner": "repobility-agent-runtime", "fingerprint": "91ee77e1efd481c37925795596e1ee240ca4026e9a19d1acf21a918656ca1112", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|91ee77e1efd481c37925795596e1ee240ca4026e9a19d1acf21a918656ca1112"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Overlay.tsx"}, "region": {"startLine": 797}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 51514, "scanner": "repobility-agent-runtime", "fingerprint": "b79458c717143fc4f5dd5cd71946588c13cbbab9afee912f563f24e3a80360b0", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|b79458c717143fc4f5dd5cd71946588c13cbbab9afee912f563f24e3a80360b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/layout/sidebar/sidebar-footer-section.tsx"}, "region": {"startLine": 830}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 51513, "scanner": "repobility-agent-runtime", "fingerprint": "6d35c0f1a2b0bb05c3a01199aef723eb9431652fa890f97e9308636338ece3d3", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|6d35c0f1a2b0bb05c3a01199aef723eb9431652fa890f97e9308636338ece3d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/landing/top-announcement-banner.tsx"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 51505, "scanner": "repobility-threat-engine", "fingerprint": "ee95c6a466222dd4c8188c92aac15d85562ee23730441154371dd93e1c0c18e1", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(output_file, 0o700)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|111|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 51501, "scanner": "repobility-threat-engine", "fingerprint": "460714cfb43130ad61a572c284f862c67ecb0d32779b419720130b1ccb616d25", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|460714cfb43130ad61a572c284f862c67ecb0d32779b419720130b1ccb616d25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `get_variant_stats` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=2, if=4, nested_bonus=6, ternary=2."}, "properties": {"repobilityId": 51493, "scanner": "repobility-threat-engine", "fingerprint": "c48ed2b795692805240ba1a5789b7ee01ee61ebfcc2354719dd0167dcd2705b5", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_variant_stats", "breakdown": {"if": 4, "for": 2, "ternary": 2, "continue": 1, "nested_bonus": 6}, "complexity": 15, "correlation_key": "fp|c48ed2b795692805240ba1a5789b7ee01ee61ebfcc2354719dd0167dcd2705b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/ab_testing.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 51479, "scanner": "repobility-threat-engine", "fingerprint": "950cee5243057d45c52ef030e0522fd2ed88ec43d073a18123d953fdee590730", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|25|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/MessageItem.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 51478, "scanner": "repobility-threat-engine", "fingerprint": "15299272e08242c115cd2b4351e85311eb6af5b2a0dc5989542738ec91832806", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|60|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 51477, "scanner": "repobility-threat-engine", "fingerprint": "808b79a3231c9ce9cb398682b094114850285d55fd44108c278bbfc27a1f82e2", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|50|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/message-parser.tsx"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 51472, "scanner": "repobility-threat-engine", "fingerprint": "59cf7272f2134fd75c6a07b2ed3ca0851383f84fd3c47f2e4489bb37d151abcf", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.location.href = data.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|59cf7272f2134fd75c6a07b2ed3ca0851383f84fd3c47f2e4489bb37d151abcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/collaborative/dialog-collaborative-auth.tsx"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 51471, "scanner": "repobility-threat-engine", "fingerprint": "fa1bcc02a1a03ebbe9e4d5c107786bc5f4a568ed9e43e6c4ac3b18b1ce32a017", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.location.href = data.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fa1bcc02a1a03ebbe9e4d5c107786bc5f4a568ed9e43e6c4ac3b18b1ce32a017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/dialog-auth.tsx"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 51470, "scanner": "repobility-threat-engine", "fingerprint": "81752df8f87e70e150ffb5eda12ca85930950969b2b2c3981419cad756a647a2", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.location.href = data.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|81752df8f87e70e150ffb5eda12ca85930950969b2b2c3981419cad756a647a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat-input/popover-content-auth.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 51468, "scanner": "repobility-threat-engine", "fingerprint": "3e142d16c881208b3ef0dfc8a23d8d81d3475ba16cc2b753562c2335b414946e", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a\n                href={selectedProviderConfig.getKeyUrl}\n                target=\"_blank\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|287|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/layout/settings/apikeys/byok-section.tsx"}, "region": {"startLine": 287}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 51467, "scanner": "repobility-threat-engine", "fingerprint": "a33651b45f4828abd0d89e23f4ff6f31d5813a0fe8da04f19ecb741dd9d49f30", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(publicLink, \"_blank\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|57|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/layout/dialog-publish.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 51466, "scanner": "repobility-threat-engine", "fingerprint": "21b3b91bc67691c6d6beb0caa0366e384658a3d324b04213b539c32f4d9eb530", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(url, \"_blank\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|24|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat-input/button-view-screen.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 51459, "scanner": "repobility-threat-engine", "fingerprint": "ae520afe37701fcc2e65bf8d32a85a9011be66ad7dc06be2d621884e26d16135", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * ADJECTIV", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ae520afe37701fcc2e65bf8d32a85a9011be66ad7dc06be2d621884e26d16135"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/onboarding/route.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 51442, "scanner": "repobility-threat-engine", "fingerprint": "9abcba5373cd8fcf99b50bd042f81e74ead746c2d361be0b2b2b3c3302b239cf", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9abcba5373cd8fcf99b50bd042f81e74ead746c2d361be0b2b2b3c3302b239cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/status/route.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 51441, "scanner": "repobility-threat-engine", "fingerprint": "5678bf812045936a0c0e472036820cfecb1ddc097cebdf0b433417f7ee7e026e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5678bf812045936a0c0e472036820cfecb1ddc097cebdf0b433417f7ee7e026e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/status/history/route.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 51440, "scanner": "repobility-threat-engine", "fingerprint": "0843bc404547a9491b5b2cdf5eecaef4fe21dbe60f8e8193a80d168cc94ac213", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0843bc404547a9491b5b2cdf5eecaef4fe21dbe60f8e8193a80d168cc94ac213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chat/route.ts"}, "region": {"startLine": 235}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 5720, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5712, "scanner": "repobility-journey-contract", "fingerprint": "56fbd72d9e6ee3f4963fce8bb5ba5835e0d9965377b88ef7f788c3e1217b83ec", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/files", "correlation_key": "fp|56fbd72d9e6ee3f4963fce8bb5ba5835e0d9965377b88ef7f788c3e1217b83ec", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/file-attachment-display.tsx"}, "region": {"startLine": 86}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5711, "scanner": "repobility-journey-contract", "fingerprint": "25ca2aab746dfbabf8b9bcc8078b48036bc59a8e253d2c2ec2eb305c43fd56fc", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/secrets", "correlation_key": "fp|25ca2aab746dfbabf8b9bcc8078b48036bc59a8e253d2c2ec2eb305c43fd56fc", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/chat.tsx"}, "region": {"startLine": 1036}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5710, "scanner": "repobility-journey-contract", "fingerprint": "660f1fa846b192fa6f4805b384ce3bd688da2b417d45b55141d4148edc71d5e5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/machines", "correlation_key": "fp|660f1fa846b192fa6f4805b384ce3bd688da2b417d45b55141d4148edc71d5e5", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/chat.tsx"}, "region": {"startLine": 574}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5709, "scanner": "repobility-journey-contract", "fingerprint": "345776b5e068988e48971ec3856c438095ba448f9db92fe03abafd7776f6d53c", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/chats/{param}", "correlation_key": "fp|345776b5e068988e48971ec3856c438095ba448f9db92fe03abafd7776f6d53c", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/chat-visibility-toggle.tsx"}, "region": {"startLine": 165}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5708, "scanner": "repobility-journey-contract", "fingerprint": "72581da4d5adb0d3b6e92e116c929369cf8e827358eee6d5f8dc058c0d0835d9", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/chats/{param}", "correlation_key": "fp|72581da4d5adb0d3b6e92e116c929369cf8e827358eee6d5f8dc058c0d0835d9", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/chat-visibility-toggle.tsx"}, "region": {"startLine": 77}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5707, "scanner": "repobility-journey-contract", "fingerprint": "ee08832d07eb88e24d600a96fab51fd2e775d1bac2bf640ff309fd4af7c5e374", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/chats/{param}", "correlation_key": "fp|ee08832d07eb88e24d600a96fab51fd2e775d1bac2bf640ff309fd4af7c5e374", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/chat-visibility-toggle.tsx"}, "region": {"startLine": 54}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5706, "scanner": "repobility-journey-contract", "fingerprint": "57eb1d21487068cc6db3d026a171178875290a84264d9bb030a0913bf5093577", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/chat/resume-human/{param}", "correlation_key": "fp|57eb1d21487068cc6db3d026a171178875290a84264d9bb030a0913bf5093577", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/awaiting-human-banner.tsx"}, "region": {"startLine": 76}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5705, "scanner": "repobility-journey-contract", "fingerprint": "89b91fd47c8549328cf3951d43514be20facc31565df8dd32e27c6e092598887", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/machines/{param}", "correlation_key": "fp|89b91fd47c8549328cf3951d43514be20facc31565df8dd32e27c6e092598887", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/awaiting-human-banner.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5704, "scanner": "repobility-journey-contract", "fingerprint": "979b8f62192bed60740412e9119a0f16c38aa6853644bd43a392a41cd90eb556", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/swarms/{param}", "correlation_key": "fp|979b8f62192bed60740412e9119a0f16c38aa6853644bd43a392a41cd90eb556", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/active-swarm-banner.tsx"}, "region": {"startLine": 63}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5703, "scanner": "repobility-journey-contract", "fingerprint": "7f3a2d61a973e9213fab232caf3149cc9ef3ca6f101d7a0b4397820caa962594", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/swarms", "correlation_key": "fp|7f3a2d61a973e9213fab232caf3149cc9ef3ca6f101d7a0b4397820caa962594", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/active-swarm-banner.tsx"}, "region": {"startLine": 49}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5702, "scanner": "repobility-journey-contract", "fingerprint": "e09984db655d1bb5c4cb359d032dcb89834fc4d6d1e4ba31b3542f62c2d9ba76", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/machines", "correlation_key": "fp|e09984db655d1bb5c4cb359d032dcb89834fc4d6d1e4ba31b3542f62c2d9ba76", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/machines/[id]/vnc/route.ts"}, "region": {"startLine": 131}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5701, "scanner": "repobility-journey-contract", "fingerprint": "9e7c9337be9e0d36e48ff74a48970ed2f41f9ef5ba0dc1c3481ef951d64afeac", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/files/{param}", "correlation_key": "fp|9e7c9337be9e0d36e48ff74a48970ed2f41f9ef5ba0dc1c3481ef951d64afeac", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/files/route.ts"}, "region": {"startLine": 127}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5700, "scanner": "repobility-journey-contract", "fingerprint": "240df4e399ff8eff9c5ead8db70bc6fd0f6a0e5b1500b9a71e77d55eb07f1baa", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/files/list", "correlation_key": "fp|240df4e399ff8eff9c5ead8db70bc6fd0f6a0e5b1500b9a71e77d55eb07f1baa", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/files/route.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 5699, "scanner": "repobility-journey-contract", "fingerprint": "e4697ea577fb71b6de7380351fee1dc1bd14036d25614aba2dc39d7e4a5b3b31", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/collaborative-rooms/{param}/messages", "correlation_key": "fp|e4697ea577fb71b6de7380351fee1dc1bd14036d25614aba2dc39d7e4a5b3b31", "backend_endpoint_count": 136}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chats/[chatId]/messages/route.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /developers/route."}, "properties": {"repobilityId": 5698, "scanner": "repobility-access-control", "fingerprint": "a435ed67765e02d2c318c773fdb1f249b74c386d14361056446ef1ad237995bf", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/developers/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/developers/route.ts|76|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/developers/route.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /user-memory/route."}, "properties": {"repobilityId": 5697, "scanner": "repobility-access-control", "fingerprint": "392ad5fd7ce265ee2387e0bdb65d314c41f388d8eb68e235e6f0d5476b2cff74", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/user-memory/route", "method": "PUT", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|79|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/user-memory/route.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /user-memory/route."}, "properties": {"repobilityId": 5696, "scanner": "repobility-access-control", "fingerprint": "dde69219624ca36d7a5723f43a192412d9a0697705f33a9667f5e66483c447b0", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/user-memory/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|20|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/user-memory/route.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /collaborative-rooms/route."}, "properties": {"repobilityId": 5695, "scanner": "repobility-access-control", "fingerprint": "86768b8c4781d8c5fec7beccd39436df383ae742114d9a0282679c8439ce862b", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/collaborative-rooms/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|56|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/collaborative-rooms/route.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /collaborative-rooms/route."}, "properties": {"repobilityId": 5694, "scanner": "repobility-access-control", "fingerprint": "6d3a57c7711ef1d2ee8af3c2503dd6bc1244f4350049bfdc5f0e508a9a0b3446", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/collaborative-rooms/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|5|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/collaborative-rooms/route.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /validate-email/route."}, "properties": {"repobilityId": 5693, "scanner": "repobility-access-control", "fingerprint": "66c1b64dd2ef3cfa869ade97b7d858423fabc02920317769935dd60726acc161", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/validate-email/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|7|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/validate-email/route.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /csrf/route."}, "properties": {"repobilityId": 5692, "scanner": "repobility-access-control", "fingerprint": "0bae2215ab354538aa8b47b6375b2f356c1353c82197d642e9ce333b5da3a994", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/csrf/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/csrf/route.ts|5|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/csrf/route.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /auth/desktop-callback."}, "properties": {"repobilityId": 5691, "scanner": "repobility-access-control", "fingerprint": "aff7976bba3ec0e1f16fbf4b1489ec5942dca574abcfd0d2b9ff78bad6d0306f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/auth/desktop-callback", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|12|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/auth/desktop-callback/route.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /auth/callback."}, "properties": {"repobilityId": 5690, "scanner": "repobility-access-control", "fingerprint": "dadafe60d1fca79668a82ff60e7e55bf259c77e4863f0f8e644c72435d2315fd", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/auth/callback", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/auth/callback/route.ts|7|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/auth/callback/route.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /blog/feed.xml."}, "properties": {"repobilityId": 5689, "scanner": "repobility-access-control", "fingerprint": "18af994af10535abc339b64014cc5362c433c84decb4227430fea9abb1ce2afb", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/blog/feed.xml", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/blog/feed.xml/route.ts|19|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/blog/feed.xml/route.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PATCH /machines/:id/settings/route."}, "properties": {"repobilityId": 5688, "scanner": "repobility-access-control", "fingerprint": "1150951d374b34692e55565f05580fb461e9afd18343ee49162a66096a23e213", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/machines/:id/settings/route", "method": "PATCH", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/machines/ id /settings/route.ts|11|auc004", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/machines/[id]/settings/route.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /machines/cleanup/route."}, "properties": {"repobilityId": 5687, "scanner": "repobility-access-control", "fingerprint": "b6acf479db257d3bd2598d270efb2060d1c41c692bfad96cc88c66ea9212af78", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/machines/cleanup/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|39|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/machines/cleanup/route.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /swarms/shared/:id/route."}, "properties": {"repobilityId": 5686, "scanner": "repobility-access-control", "fingerprint": "bb76eba1ab3c105290a18a92b365c5e7cb6ede1aa2cfab24ce2264511e6b463c", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/swarms/shared/:id/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/swarms/shared/ id /route.ts|11|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/swarms/shared/[id]/route.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 32.4% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 5675, "scanner": "repobility-access-control", "fingerprint": "2bee2e632180d05ce25d89a9aa2f9efbe7482e17f38e32987475b9b8ae3aee7f", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 136, "correlation_key": "fp|2bee2e632180d05ce25d89a9aa2f9efbe7482e17f38e32987475b9b8ae3aee7f", "auth_visible_percent": 32.4}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 5674, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `nextjs-app` image has no explicit tag"}, "properties": {"repobilityId": 5672, "scanner": "repobility-docker", "fingerprint": "4c221c0a7bab3c01f78f46fdef4bbcfe96d6fae7b6319234d7f111fa8e4ccfc9", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "llmhub-frontend", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4c221c0a7bab3c01f78f46fdef4bbcfe96d6fae7b6319234d7f111fa8e4ccfc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `backend` image has no explicit tag"}, "properties": {"repobilityId": 5670, "scanner": "repobility-docker", "fingerprint": "45758cb12fbc607068cda4f7efd239ba2e24ba4c810c1bc9754e64150e22ff27", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "llmhub-backend", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|45758cb12fbc607068cda4f7efd239ba2e24ba4c810c1bc9754e64150e22ff27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 5661, "scanner": "repobility-docker", "fingerprint": "958106278f09d359037e0abbbb61a5f8bb6cb5c4b215eb10039dc7dd980f9478", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image reference has no tag or digest.", "evidence": {"image": "base", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|958106278f09d359037e0abbbb61a5f8bb6cb5c4b215eb10039dc7dd980f9478"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 5660, "scanner": "repobility-docker", "fingerprint": "a90f9d741467fae8fd49bae90665e199c0e33292501f6e1b14f43ad3347d0f5e", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a90f9d741467fae8fd49bae90665e199c0e33292501f6e1b14f43ad3347d0f5e", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKR004", "level": "warning", "message": {"text": "Docker build secret exposed through ARG"}, "properties": {"repobilityId": 5659, "scanner": "repobility-docker", "fingerprint": "6976af9bcd5b09a13a5819fdc55040c936a544fcdf0a41b347e46f697aa48f5e", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ARG name looks secret-bearing; BuildKit secret mounts are the safer pattern.", "evidence": {"rule_id": "DKR004", "scanner": "repobility-docker", "variable": "STRIPE_WEBHOOK_SECRET", "references": ["https://docs.docker.com/build/building/secrets/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6976af9bcd5b09a13a5819fdc55040c936a544fcdf0a41b347e46f697aa48f5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR004", "level": "warning", "message": {"text": "Docker build secret exposed through ARG"}, "properties": {"repobilityId": 5658, "scanner": "repobility-docker", "fingerprint": "e565f9b35ded67d7d72da5876cd3d949466fae6e265b3f37b06f4a9cdfa5a0c0", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ARG name looks secret-bearing; BuildKit secret mounts are the safer pattern.", "evidence": {"rule_id": "DKR004", "scanner": "repobility-docker", "variable": "STRIPE_API_KEY", "references": ["https://docs.docker.com/build/building/secrets/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e565f9b35ded67d7d72da5876cd3d949466fae6e265b3f37b06f4a9cdfa5a0c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR004", "level": "warning", "message": {"text": "Docker build secret exposed through ARG"}, "properties": {"repobilityId": 5657, "scanner": "repobility-docker", "fingerprint": "202ec48037cfc1ba212a703206d3a52fd1b6a464e8251d81cd061534bea94e2d", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ARG name looks secret-bearing; BuildKit secret mounts are the safer pattern.", "evidence": {"rule_id": "DKR004", "scanner": "repobility-docker", "variable": "CSRF_SECRET", "references": ["https://docs.docker.com/build/building/secrets/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|202ec48037cfc1ba212a703206d3a52fd1b6a464e8251d81cd061534bea94e2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 5656, "scanner": "repobility-docker", "fingerprint": "c509e8f0c44c9beb367a41abcd344c91197a44b627a67b6e678ba93244bc818b", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image reference has no tag or digest.", "evidence": {"image": "base", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c509e8f0c44c9beb367a41abcd344c91197a44b627a67b6e678ba93244bc818b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 5655, "scanner": "repobility-docker", "fingerprint": "1ebfb17a6c4ef08a3b805ba72cbd54005ebffa49e2c1e62205eeb542ac27fda6", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image reference has no tag or digest.", "evidence": {"image": "base", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1ebfb17a6c4ef08a3b805ba72cbd54005ebffa49e2c1e62205eeb542ac27fda6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 5650, "scanner": "repobility-threat-engine", "fingerprint": "4f992bc93f35303f6dbfeeccea9aeebcc992046616aa3faf2b1310dd42a1f14e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4f992bc93f35303f6dbfeeccea9aeebcc992046616aa3faf2b1310dd42a1f14e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/native-screenshot.ts"}, "region": {"startLine": 263}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 5649, "scanner": "repobility-threat-engine", "fingerprint": "e1fe6ef9d217ad0dded6874e6255d008a923fd0fa2d37ad614b3a098fa42e7f7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1fe6ef9d217ad0dded6874e6255d008a923fd0fa2d37ad614b3a098fa42e7f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/rainbow-border.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 5648, "scanner": "repobility-threat-engine", "fingerprint": "75b4ee87aad680aea22c97797d1af122ee26ac097c06148406831b9de3e69051", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|75b4ee87aad680aea22c97797d1af122ee26ac097c06148406831b9de3e69051"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/auto-updater.ts"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 5647, "scanner": "repobility-threat-engine", "fingerprint": "285f450be8452559c6f09185022d0495d32a9bfaac476d080bd7c797d8226506", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "marshal.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|57|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 5646, "scanner": "repobility-threat-engine", "fingerprint": "c2db5bf21302d9a0becfad532383232e86df7c3435d556a5b8f4078e76824451", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n                    command,\n                    shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|2059|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 2059}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 5637, "scanner": "repobility-threat-engine", "fingerprint": "5c9bd0f535a3885b7e798d3f758c9ab93f5ef37451d8cafc1e704e064361bed9", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5c9bd0f535a3885b7e798d3f758c9ab93f5ef37451d8cafc1e704e064361bed9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 326}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 5636, "scanner": "repobility-threat-engine", "fingerprint": "b6d9c45abbed21f705de685083cce422cb6e297d40ecde735c6202a876d072d0", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b6d9c45abbed21f705de685083cce422cb6e297d40ecde735c6202a876d072d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 401}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 5635, "scanner": "repobility-threat-engine", "fingerprint": "67d2867aa979df77b5ed9f05dbe440521dbccc40437eb1b8fc947cd161362f7a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|67d2867aa979df77b5ed9f05dbe440521dbccc40437eb1b8fc947cd161362f7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 5634, "scanner": "repobility-agent-runtime", "fingerprint": "09e4dd778d1fb485f4f81d63d660e18c49699ea212e7c1195cf250efedde0dca", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|09e4dd778d1fb485f4f81d63d660e18c49699ea212e7c1195cf250efedde0dca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/user-preference-store/provider.tsx"}, "region": {"startLine": 114}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 5633, "scanner": "repobility-agent-runtime", "fingerprint": "4ac9c5930c70c29559bca9d8f92396457a0b2620c452a444b6fc2c886fca009f", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|4ac9c5930c70c29559bca9d8f92396457a0b2620c452a444b6fc2c886fca009f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/posthog/analytics.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5632, "scanner": "repobility-agent-runtime", "fingerprint": "e5f91bc3e381ca665a828ae4fbb003809e5da3584d145fabebd8c7f89567e88a", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|e5f91bc3e381ca665a828ae4fbb003809e5da3584d145fabebd8c7f89567e88a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/docker/docker-service.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5631, "scanner": "repobility-agent-runtime", "fingerprint": "25ee219f32c6856fc739831738d3d480058fd9991bdfacc704ae9ba6d68ee066", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|25ee219f32c6856fc739831738d3d480058fd9991bdfacc704ae9ba6d68ee066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/azure/container-instances.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 5630, "scanner": "repobility-agent-runtime", "fingerprint": "9349cdcc1b7c3bff06e33019bf4f4f0a3f35c28801e4366d960d0525ce73ebbf", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|9349cdcc1b7c3bff06e33019bf4f4f0a3f35c28801e4366d960d0525ce73ebbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Overlay.tsx"}, "region": {"startLine": 770}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5629, "scanner": "repobility-agent-runtime", "fingerprint": "7a35173318db89f01ed2c9e91176d22d7eab0465190fcf3f3b4253fa21bc3ff5", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7a35173318db89f01ed2c9e91176d22d7eab0465190fcf3f3b4253fa21bc3ff5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/index.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5628, "scanner": "repobility-agent-runtime", "fingerprint": "3d2349416646b8608c6c9f7c64fb6b987128800bc33165b61783e833bf88a730", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|3d2349416646b8608c6c9f7c64fb6b987128800bc33165b61783e833bf88a730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.ai-desktop.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5627, "scanner": "repobility-agent-runtime", "fingerprint": "1256a7eb518cab8e56c7be205639b3c9c8ff92af024404b13b3efce06d7d5e3f", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1256a7eb518cab8e56c7be205639b3c9c8ff92af024404b13b3efce06d7d5e3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/startup.sh"}, "region": {"startLine": 33}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5626, "scanner": "repobility-agent-runtime", "fingerprint": "e5b7f333aa3e61433dcaaafbf1ff98487b5ce801ee99740735b5e4da1388e009", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|e5b7f333aa3e61433dcaaafbf1ff98487b5ce801ee99740735b5e4da1388e009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/startup.secure.sh"}, "region": {"startLine": 168}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5625, "scanner": "repobility-agent-runtime", "fingerprint": "5a185c063cecb3b57d73f77087d9bb1926583d0b2c4a0c531c2c12aeca2a1a64", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5a185c063cecb3b57d73f77087d9bb1926583d0b2c4a0c531c2c12aeca2a1a64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/startup.azure.sh"}, "region": {"startLine": 29}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5624, "scanner": "repobility-agent-runtime", "fingerprint": "2473a7ae948b1a6b83cbd24cd0f4863ef17fb4aa0681582c4d3034f67757718a", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|2473a7ae948b1a6b83cbd24cd0f4863ef17fb4aa0681582c4d3034f67757718a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/chrome-wrapper.sh"}, "region": {"startLine": 28}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5623, "scanner": "repobility-agent-runtime", "fingerprint": "d7a533926a86dd19c2d12203939f7315e13d38b176d742b90e451ca0314bc859", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d7a533926a86dd19c2d12203939f7315e13d38b176d742b90e451ca0314bc859"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/chrome-auth-wrapper.sh"}, "region": {"startLine": 36}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 5622, "scanner": "repobility-agent-runtime", "fingerprint": "f3d0370cf4153a287213e2dee99454f5d47efb3d8fd728eb480ffc1c4fb601cd", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f3d0370cf4153a287213e2dee99454f5d47efb3d8fd728eb480ffc1c4fb601cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 5621, "scanner": "repobility-agent-runtime", "fingerprint": "77863f80768eaabf48691862702158716ad4145cec61b28876a568a62634e553", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|77863f80768eaabf48691862702158716ad4145cec61b28876a568a62634e553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/common/oss-banner.tsx"}, "region": {"startLine": 74}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 5620, "scanner": "repobility-agent-runtime", "fingerprint": "51ddcf205afe37179099e79e0529f0d5877a347ba937b8a164be45e3e881bdb3", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|51ddcf205afe37179099e79e0529f0d5877a347ba937b8a164be45e3e881bdb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/layout/sidebar/sidebar-footer-section.tsx"}, "region": {"startLine": 822}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 5619, "scanner": "repobility-agent-runtime", "fingerprint": "37033a532fd5067226d12265af9c0564e49efaca1dc7fc0e4504519a4e109050", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|37033a532fd5067226d12265af9c0564e49efaca1dc7fc0e4504519a4e109050"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/landing/top-announcement-banner.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 5618, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 51512, "scanner": "repobility-threat-engine", "fingerprint": "b907b85995b9d0ab9760c6e0a0c321c9bfb401e3a00bbbc223688b76db228c2c", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"\u2713 within \" + HARD_RAW_LIMIT + \"B raw limit\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b907b85995b9d0ab9760c6e0a0c321c9bfb401e3a00bbbc223688b76db228c2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-userdata-size.mjs"}, "region": {"startLine": 195}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_all_user_emails` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, if=2, nested_bonus=2, or=1, ternary=2, while=1."}, "properties": {"repobilityId": 51495, "scanner": "repobility-threat-engine", "fingerprint": "020456be29dfc0db9b4bb6ace25ff81af9194ed82d8da85420d4b22e3e3245c6", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_all_user_emails", "breakdown": {"if": 2, "or": 1, "break": 2, "while": 1, "ternary": 2, "nested_bonus": 2}, "complexity": 10, "correlation_key": "fp|020456be29dfc0db9b4bb6ace25ff81af9194ed82d8da85420d4b22e3e3245c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/db.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `determine_winner` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, elif=1, else=1, if=2, ternary=3."}, "properties": {"repobilityId": 51494, "scanner": "repobility-threat-engine", "fingerprint": "883936edb6fceca390bb3add096abd926f3e9fd8d51cf67837492a6fb34f358b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "determine_winner", "breakdown": {"if": 2, "and": 1, "elif": 1, "else": 1, "ternary": 3}, "complexity": 8, "correlation_key": "fp|883936edb6fceca390bb3add096abd926f3e9fd8d51cf67837492a6fb34f358b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/ab_testing.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 5719, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 5673, "scanner": "repobility-docker", "fingerprint": "47407930733d4a6d73aec7e2ea1a6714160d38fed5f45cd9304705b8ac2ad3f4", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "nextjs-app", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|47407930733d4a6d73aec7e2ea1a6714160d38fed5f45cd9304705b8ac2ad3f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 5671, "scanner": "repobility-docker", "fingerprint": "49a734132a17ba8b6533a048b485a56c4be0178dae5527cdd48a6ea9abc84b15", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "backend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|49a734132a17ba8b6533a048b485a56c4be0178dae5527cdd48a6ea9abc84b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 5668, "scanner": "repobility-docker", "fingerprint": "f087d5e547e3d5a8c552ebc67a01b011b6a6106b3c6a770b635fd87c2c635c71", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f087d5e547e3d5a8c552ebc67a01b011b6a6106b3c6a770b635fd87c2c635c71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 155}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 5667, "scanner": "repobility-docker", "fingerprint": "5e4ed419cd06b69cec95edb5bf7b91f55819c25da06f77b76f014c2e6df170f7", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5e4ed419cd06b69cec95edb5bf7b91f55819c25da06f77b76f014c2e6df170f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 104}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 5666, "scanner": "repobility-docker", "fingerprint": "d5151e23304196aa2edec84113932d39ef6ab35fe61e4c3b89262ff314afda49", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d5151e23304196aa2edec84113932d39ef6ab35fe61e4c3b89262ff314afda49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 74}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 5665, "scanner": "repobility-docker", "fingerprint": "221dc983bececb53e6f703266a1905940117bffdf5bdc8a5ee917dabefe0e975", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|221dc983bececb53e6f703266a1905940117bffdf5bdc8a5ee917dabefe0e975"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 5664, "scanner": "repobility-docker", "fingerprint": "b486a14e0c2387d3f21d54c4af2219c4ef0f83b8ebfe71897f67911a8f2581b4", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b486a14e0c2387d3f21d54c4af2219c4ef0f83b8ebfe71897f67911a8f2581b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 41}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 5663, "scanner": "repobility-docker", "fingerprint": "5a2b4eeadee2fca25379c065060c2639c64512aedd865792907753c97973d0dc", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5a2b4eeadee2fca25379c065060c2639c64512aedd865792907753c97973d0dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 5662, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 5654, "scanner": "repobility-threat-engine", "fingerprint": "112844f37a09c92f4375247a4a7d09acadd9e40e7528dd093de7b55cb40eba13", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(`", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|715|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/swarm-panel.tsx"}, "region": {"startLine": 715}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 5653, "scanner": "repobility-threat-engine", "fingerprint": "97dc5cbf32866ff63f17c411ae422ddfc4d3709969ad4332390a47f073062b66", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(`", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|988|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/swarms/swarms-content.tsx"}, "region": {"startLine": 988}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 5652, "scanner": "repobility-threat-engine", "fingerprint": "96fc9f7b192399695b998a7e18fba99675718d049b715345b1f6ef8198f8fcd7", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(`", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|1956|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/project/project-navigator.tsx"}, "region": {"startLine": 1956}}}]}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 51502, "scanner": "repobility-threat-engine", "fingerprint": "64229ceb834cb01913b96faa1f7eaac050e2dcb077f8e3c9a1f5f51307b69d61", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64229ceb834cb01913b96faa1f7eaac050e2dcb077f8e3c9a1f5f51307b69d61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 51500, "scanner": "repobility-threat-engine", "fingerprint": "91236684ee3ed3de7e5719be223f045d8b8dc98332ee5204436fa6878eac73c8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91236684ee3ed3de7e5719be223f045d8b8dc98332ee5204436fa6878eac73c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 51499, "scanner": "repobility-threat-engine", "fingerprint": "935888bb11c556d2eff1f3ceea59470330c763b739843a168686ac53935b1593", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|935888bb11c556d2eff1f3ceea59470330c763b739843a168686ac53935b1593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 51496, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_variant_stats", "breakdown": {"if": 4, "for": 2, "ternary": 2, "continue": 1, "nested_bonus": 6}, "aggregated": true, "complexity": 15, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 51492, "scanner": "repobility-threat-engine", "fingerprint": "24f97df3fe9e09a03794379a84a05c23e2aecd825fc2148cb1569ab22403044f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|24f97df3fe9e09a03794379a84a05c23e2aecd825fc2148cb1569ab22403044f", "aggregated_count": 3}}}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 51491, "scanner": "repobility-threat-engine", "fingerprint": "ff8574a78fc8b743c962b995a2ab5df0ff1f27aba11aa4a5cf00d45f71d08825", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ff8574a78fc8b743c962b995a2ab5df0ff1f27aba11aa4a5cf00d45f71d08825"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/guide/tabs/swarm-mode.tsx"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 51490, "scanner": "repobility-threat-engine", "fingerprint": "eddddd05af94491a97bbfa82cc8ec9a290de4a7144b9e23c35535ecb1886db99", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eddddd05af94491a97bbfa82cc8ec9a290de4a7144b9e23c35535ecb1886db99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/seo/json-ld.tsx"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 51489, "scanner": "repobility-threat-engine", "fingerprint": "2eeb042693e3cbca95a911dd3887348231fa3a7a59e8ef531bac743143002b7e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2eeb042693e3cbca95a911dd3887348231fa3a7a59e8ef531bac743143002b7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/machines/machine-card-thumbnail.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 51488, "scanner": "repobility-threat-engine", "fingerprint": "719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 51484, "scanner": "repobility-threat-engine", "fingerprint": "4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 51480, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 51476, "scanner": "repobility-threat-engine", "fingerprint": "0a8b3c5a518a9cdd659fdd0b464d2bf4180e3ef7aeea526b02fc592daf044124", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0a8b3c5a518a9cdd659fdd0b464d2bf4180e3ef7aeea526b02fc592daf044124", "aggregated_count": 1}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 51475, "scanner": "repobility-threat-engine", "fingerprint": "0ebf62be3aba9d0c161fc379652d8d4f64be48faa1760dc241f831b4b7231aff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ebf62be3aba9d0c161fc379652d8d4f64be48faa1760dc241f831b4b7231aff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/language-scroll-bar.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 51474, "scanner": "repobility-threat-engine", "fingerprint": "0d2b489aced37da79d79af84c6ad6cb70e2dc3da13ee1596a6c7ca46e1f58100", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d2b489aced37da79d79af84c6ad6cb70e2dc3da13ee1596a6c7ca46e1f58100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/language-indicator.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 51473, "scanner": "repobility-threat-engine", "fingerprint": "de4df770c1b2022818f4773c25e9fdb295bad7df972514f4d4554cecb52546b8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de4df770c1b2022818f4773c25e9fdb295bad7df972514f4d4554cecb52546b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/language-auto-scroll.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC041", "level": "none", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\" (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 51469, "scanner": "repobility-threat-engine", "fingerprint": "0eef884db84dc77198cfae04feff1d5e87337621ea6e75bc6e5e06b9220adcd5", "category": "security", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0eef884db84dc77198cfae04feff1d5e87337621ea6e75bc6e5e06b9220adcd5"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 51463, "scanner": "repobility-threat-engine", "fingerprint": "6faababe47c10eb2d2e90656cb5b77d5d842a1ecb758e761f309546c06fe3100", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6faababe47c10eb2d2e90656cb5b77d5d842a1ecb758e761f309546c06fe3100", "aggregated_count": 18}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 51462, "scanner": "repobility-threat-engine", "fingerprint": "4950e7f7678092b4a501371543a5d8c52b96a009c7960e91276056eee0c1a7c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4950e7f7678092b4a501371543a5d8c52b96a009c7960e91276056eee0c1a7c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/search-images.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 51461, "scanner": "repobility-threat-engine", "fingerprint": "a84118a9599686ca4ec05d6137b4fd138f80ebcb105874770b08c72a2657d913", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a84118a9599686ca4ec05d6137b4fd138f80ebcb105874770b08c72a2657d913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/run-feedback-bar.tsx"}, "region": {"startLine": 255}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 51460, "scanner": "repobility-threat-engine", "fingerprint": "0dff24227b0c500686ae3e6bb9ae61a4370fb556a5c14f8c666544cba1d6a03e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0dff24227b0c500686ae3e6bb9ae61a4370fb556a5c14f8c666544cba1d6a03e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/blog/[id]/page.tsx"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 51458, "scanner": "repobility-threat-engine", "fingerprint": "f72b716ab48e052a0aa4c73d039ff7c70e671df716dd341172aaed7dc7503a1c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f72b716ab48e052a0aa4c73d039ff7c70e671df716dd341172aaed7dc7503a1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_no_jwt_leak.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 51457, "scanner": "repobility-threat-engine", "fingerprint": "1a85bce2bc08d1ac9204353757afc347888803128fed149a99d210e9cc03f088", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a85bce2bc08d1ac9204353757afc347888803128fed149a99d210e9cc03f088"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/files/route.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 51456, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 51455, "scanner": "repobility-threat-engine", "fingerprint": "2b56a6571c364e595591880862e3c55f7b2cc4a8fefb2baa0d70cbb0cc981da4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b56a6571c364e595591880862e3c55f7b2cc4a8fefb2baa0d70cbb0cc981da4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat-input/button-view-screen.tsx"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 51454, "scanner": "repobility-threat-engine", "fingerprint": "3810e10ecf3143e37d067301c7ee0e80b4a4c59af4fc2fc5e2dcefa46c21e16c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3810e10ecf3143e37d067301c7ee0e80b4a4c59af4fc2fc5e2dcefa46c21e16c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/blog/feed.xml/route.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 51453, "scanner": "repobility-threat-engine", "fingerprint": "74df30b4115f359dfdb57a20434d338f659e3158930df384c6fddc151293c15f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|74df30b4115f359dfdb57a20434d338f659e3158930df384c6fddc151293c15f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/files/route.ts"}, "region": {"startLine": 149}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 51452, "scanner": "repobility-threat-engine", "fingerprint": "36e92444467c1fd78f116332e87dcf0452a4da30a42048c8e55ef1bc8ac83cc5", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|app/api/create-chat/api.ts|21|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/create-chat/api.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "properties": {"repobilityId": 51451, "scanner": "repobility-threat-engine", "fingerprint": "1158b339ba5c4b8902bcad3d04eaa912e36ebddf677de880e539dbd64fa2c126", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 37 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1158b339ba5c4b8902bcad3d04eaa912e36ebddf677de880e539dbd64fa2c126", "aggregated_count": 37}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 51450, "scanner": "repobility-threat-engine", "fingerprint": "1613108fbccde9a203365f9f97493cfea5104c0412e3ba8b8117a1421d6fb5a6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1613108fbccde9a203365f9f97493cfea5104c0412e3ba8b8117a1421d6fb5a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/collaborative-rooms/[roomId]/route.ts"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 51449, "scanner": "repobility-threat-engine", "fingerprint": "7be65a96edc58c2c8ec761e059d83b0c6a52268adbee85f601f68e65bcb10e1f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7be65a96edc58c2c8ec761e059d83b0c6a52268adbee85f601f68e65bcb10e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/collaborative-rooms/[roomId]/participants/route.ts"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 51448, "scanner": "repobility-threat-engine", "fingerprint": "e4b7d6886b91b8634834b34d0b8fea8e67183dfc5268c011bacc17fba2241470", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e4b7d6886b91b8634834b34d0b8fea8e67183dfc5268c011bacc17fba2241470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/collaborative-rooms/[roomId]/messages/route.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 51447, "scanner": "repobility-threat-engine", "fingerprint": "8d382f1a9011e34b41d4813c5064868da88d0861c3460c6e680d07ddd9a72035", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8d382f1a9011e34b41d4813c5064868da88d0861c3460c6e680d07ddd9a72035", "aggregated_count": 12}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 51446, "scanner": "repobility-threat-engine", "fingerprint": "28bb13f61b0c628c4893670632cc837f7acdfcb7402d51e47da565189de8f9cc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28bb13f61b0c628c4893670632cc837f7acdfcb7402d51e47da565189de8f9cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/electron/proxy/[...path]/route.ts"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 51445, "scanner": "repobility-threat-engine", "fingerprint": "42a76e883fca303037f25c4af61d6ba86a0a1ed8849c30f9e986833116ba8c77", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42a76e883fca303037f25c4af61d6ba86a0a1ed8849c30f9e986833116ba8c77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/collaborative-rooms/[roomId]/participants/route.ts"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 51444, "scanner": "repobility-threat-engine", "fingerprint": "0c75de5ebc00e74a11f3345ca64352dee8b8a0ffc82ca1453129194021253012", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c75de5ebc00e74a11f3345ca64352dee8b8a0ffc82ca1453129194021253012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chat/utils.ts"}, "region": {"startLine": 118}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 51443, "scanner": "repobility-threat-engine", "fingerprint": "79beb8c79c8fe2afad3d97b1aaa69b9e44070a54ac39178f92cc366b51132c53", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|79beb8c79c8fe2afad3d97b1aaa69b9e44070a54ac39178f92cc366b51132c53"}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "properties": {"repobilityId": 51439, "scanner": "repobility-threat-engine", "fingerprint": "79bb145cd0a9e60e49fe553ffe8c61229d5eb6df60049afb5c4578f1e4abc17a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|79bb145cd0a9e60e49fe553ffe8c61229d5eb6df60049afb5c4578f1e4abc17a", "aggregated_count": 38}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 51438, "scanner": "repobility-threat-engine", "fingerprint": "745f7f7d1e9f5f61e0dbb9a9aa29e890331e7efb8303ec483b4fa3a0187bc83d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|745f7f7d1e9f5f61e0dbb9a9aa29e890331e7efb8303ec483b4fa3a0187bc83d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/credits/auto-refill/execute/route.ts"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 51437, "scanner": "repobility-threat-engine", "fingerprint": "c9ecf57882782a8685eba6d38c3467197bd0ce2892982f13bf1f16460e9668ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c9ecf57882782a8685eba6d38c3467197bd0ce2892982f13bf1f16460e9668ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chat/utils.ts"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 51436, "scanner": "repobility-threat-engine", "fingerprint": "3c0627e1be1f4b1fb90a9d3c552a446db8637fbb421192f3eb641c9cfd8a41fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c0627e1be1f4b1fb90a9d3c552a446db8637fbb421192f3eb641c9cfd8a41fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chat/api.ts"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 114 more): Same pattern found in 114 additional files. Review if needed."}, "properties": {"repobilityId": 51435, "scanner": "repobility-threat-engine", "fingerprint": "26a02ddc0afc231804058e42d555af203ef8c6507dd32333cdb3c48734b70c87", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 114 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|26a02ddc0afc231804058e42d555af203ef8c6507dd32333cdb3c48734b70c87", "aggregated_count": 114}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 51434, "scanner": "repobility-threat-engine", "fingerprint": "bb8c160abb213d12e7934f36e41d29a8731528ebffda0229d1a576fdc9d36ec7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb8c160abb213d12e7934f36e41d29a8731528ebffda0229d1a576fdc9d36ec7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chat/machine-status/[machineId]/route.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 51433, "scanner": "repobility-threat-engine", "fingerprint": "a429fea73b35dead7c2c167773a828269d689b00dd81b3908581724a2f3224fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a429fea73b35dead7c2c167773a828269d689b00dd81b3908581724a2f3224fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chat/db.ts"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 51432, "scanner": "repobility-threat-engine", "fingerprint": "fc52f0ff7e65f8ad974f7987193f8c02a3a70f2a224c5c29230ca0980d8e38af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc52f0ff7e65f8ad974f7987193f8c02a3a70f2a224c5c29230ca0980d8e38af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chat/api.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC100", "level": "none", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: * (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 51431, "scanner": "repobility-threat-engine", "fingerprint": "b8bafb633326f1a0fab596fa3ede5901ac2e55ddf9007213883df0f0f032e444", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b8bafb633326f1a0fab596fa3ede5901ac2e55ddf9007213883df0f0f032e444"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "properties": {"repobilityId": 51427, "scanner": "repobility-threat-engine", "fingerprint": "03477f3c225ccbb23c6eb223307bb8f56aa610a43b72f18b0967de2c27d05c02", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 31 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 31 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|03477f3c225ccbb23c6eb223307bb8f56aa610a43b72f18b0967de2c27d05c02"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 5651, "scanner": "repobility-threat-engine", "fingerprint": "d784a4ff6190c94212586a34c8570ee94b0f2f0cf0f7c995eb7152615a4fa10c", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d784a4ff6190c94212586a34c8570ee94b0f2f0cf0f7c995eb7152615a4fa10c"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 5645, "scanner": "repobility-threat-engine", "fingerprint": "9cd5446aeeb104e14fc9cf23678d044ba241e244162c2dda9f11dde1ba15ee6f", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error('[WS Bridge] Failed to refresh token on reconnect:', err)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|39|console.error ws bridge failed to refresh token on reconnect: err"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/ws-bridge.ts"}, "region": {"startLine": 395}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 5644, "scanner": "repobility-threat-engine", "fingerprint": "b6b03fb1fd73f74a13eaf7315d1169dcf39047db1f2efd5ed310530fe5e03c06", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "console.log('[Auth] Access token expired, refreshing eagerly...')", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|electron/src/main/auth.ts|72|console.log auth access token expired refreshing eagerly..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/auth.ts"}, "region": {"startLine": 725}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 5643, "scanner": "repobility-threat-engine", "fingerprint": "bb376f116cca05a326a8759abbe851f416ed2a9a81a285e30743a75f4fff0cd4", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "print(f\"Display: {os.environ.get('DISPLAY', 'not set')", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|574|print f display: os.environ.get display not set"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 5741}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 5642, "scanner": "repobility-threat-engine", "fingerprint": "a51da64bfad19e548cbb1f44f1ffde41102dc25e7ae387606afbd665be9f8d09", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a51da64bfad19e548cbb1f44f1ffde41102dc25e7ae387606afbd665be9f8d09"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 5641, "scanner": "repobility-threat-engine", "fingerprint": "cb0e853e53cf21a0c98ee0b6e4ed50f4e96c8fd61efe2191b2f1848937384184", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|305|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/rainbow-border.ts"}, "region": {"startLine": 305}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 5640, "scanner": "repobility-threat-engine", "fingerprint": "f5a93dba8d0394ec3463f25fd026d4f7c78609d7f77588a478dde60217fbea39", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|90|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/approval-manager.ts"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 5639, "scanner": "repobility-threat-engine", "fingerprint": "3758642b26a8d10ab1ddf2884f2280dfc03e43ddf67be77c25cda5d3b8e2d60b", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|153|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 5638, "scanner": "repobility-threat-engine", "fingerprint": "93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3"}}}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 51649, "scanner": "repobility-supply-chain", "fingerprint": "121b3c7aff41a3d9224b2dfa90809a613590b66d124411f2e3a29517d9357d1a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|121b3c7aff41a3d9224b2dfa90809a613590b66d124411f2e3a29517d9357d1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:18-alpine` not pinned by digest: `FROM node:18-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 51648, "scanner": "repobility-supply-chain", "fingerprint": "790f54d0b051883170e8f16bb226d3c69bffeb1941ef29c3984ca24e236a0f40", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|790f54d0b051883170e8f16bb226d3c69bffeb1941ef29c3984ca24e236a0f40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_internal_target_groups_have_healthy_targets: Test function `test_internal_target_groups_have_healthy_targets` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51642, "scanner": "repobility-ast-engine", "fingerprint": "390672fd410899608d1aeee090c5ba7c0b0a1a5f4d75d1f2e8304c290628629d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|390672fd410899608d1aeee090c5ba7c0b0a1a5f4d75d1f2e8304c290628629d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_05_internal_alb.py"}, "region": {"startLine": 487}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unsubscribe_oneclick_post_works: Test function `test_unsubscribe_oneclick_post_works` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51640, "scanner": "repobility-ast-engine", "fingerprint": "4b469f3d90e1b5bf786db4b5c45dcfd2822f68ffeab8f2dde2cdbb93b0da8896", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b469f3d90e1b5bf786db4b5c45dcfd2822f68ffeab8f2dde2cdbb93b0da8896"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_routes_extras.py"}, "region": {"startLine": 576}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_posts_is_public: Test function `test_get_posts_is_public` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51639, "scanner": "repobility-ast-engine", "fingerprint": "de73d11a57c33a3262982a4f749c7ffa94aec7b60da875fa255d0c72cd9870a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de73d11a57c33a3262982a4f749c7ffa94aec7b60da875fa255d0c72cd9870a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_routes_extras.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_frontend_cloudflare_rate_limit_is_documented: Test function `test_frontend_cloudflare_rate_limit_is_documented` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51635, "scanner": "repobility-ast-engine", "fingerprint": "f45157624a91f4cc5d4fa9b3931d19c6b788b7c3993e6acbbc0add36ced3e40e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f45157624a91f4cc5d4fa9b3931d19c6b788b7c3993e6acbbc0add36ced3e40e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_10_security.py"}, "region": {"startLine": 584}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_user_cannot_revoke_another_users_key: Test function `test_user_cannot_revoke_another_users_key` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51633, "scanner": "repobility-ast-engine", "fingerprint": "71aab69ce7812770cf9fc949b7cf624e2ecb71484c511e2b71b81c7d06eb5216", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71aab69ce7812770cf9fc949b7cf624e2ecb71484c511e2b71b81c7d06eb5216"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_public_cua_keys.py"}, "region": {"startLine": 430}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_issuance_endpoint_is_rate_limited: Test function `test_issuance_endpoint_is_rate_limited` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51632, "scanner": "repobility-ast-engine", "fingerprint": "a7b39a2df9b1039f453dfb8a5bb6d59a8e2e7564fedde4ebe7f8d162b0500a5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7b39a2df9b1039f453dfb8a5bb6d59a8e2e7564fedde4ebe7f8d162b0500a5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_public_cua_keys.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_burst_across_different_paths_still_rate_limited: Test function `test_burst_across_different_paths_still_rate_limited` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51628, "scanner": "repobility-ast-engine", "fingerprint": "ac68a5659cf04bb67419991b34aee25790c285cfc8a0dd7a7b45c5cccf2c7cda", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac68a5659cf04bb67419991b34aee25790c285cfc8a0dd7a7b45c5cccf2c7cda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_dos_resilience.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_spoofed_client_ip_does_not_bypass_limit: Test function `test_spoofed_client_ip_does_not_bypass_limit` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51627, "scanner": "repobility-ast-engine", "fingerprint": "6514d7c986f4e97a2df14b9b080ea51886eb2551abd6a4ea3c890ffb54d0af3e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6514d7c986f4e97a2df14b9b080ea51886eb2551abd6a4ea3c890ffb54d0af3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_dos_resilience.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_health_does_not_require_credential: Test function `test_health_does_not_require_credential` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51625, "scanner": "repobility-ast-engine", "fingerprint": "bc6e41052308d227540eb34efdc908c26fd5970e3a68a76da780a0fb01bf9bbc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc6e41052308d227540eb34efdc908c26fd5970e3a68a76da780a0fb01bf9bbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_auth_deep.py"}, "region": {"startLine": 826}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cross_tenant_chat_access_todo: Test function `test_cross_tenant_chat_access_todo` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51624, "scanner": "repobility-ast-engine", "fingerprint": "10f4b7217c6222cb98a757e52cdb1c350f3d9bd4dd5d8cafbf2fcdc25ccecc2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10f4b7217c6222cb98a757e52cdb1c350f3d9bd4dd5d8cafbf2fcdc25ccecc2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_auth_deep.py"}, "region": {"startLine": 640}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_structured_log_parse_rate: Test function `test_structured_log_parse_rate` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51623, "scanner": "repobility-ast-engine", "fingerprint": "629a665551cd31fab7d890308c2ea8f1a28debf8f31835a48f5f5a8e82ad47ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|629a665551cd31fab7d890308c2ea8f1a28debf8f31835a48f5f5a8e82ad47ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_11_observability.py"}, "region": {"startLine": 787}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_path_traversal_on_create_folder_rejected: Test function `test_path_traversal_on_create_folder_rejected` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51621, "scanner": "repobility-ast-engine", "fingerprint": "19e5c5e6f6f2c286e755b48df8c5d7cb7fa8282552534004a5d5d9434076b174", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|19e5c5e6f6f2c286e755b48df8c5d7cb7fa8282552534004a5d5d9434076b174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_injection_deep.py"}, "region": {"startLine": 590}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_18_ws_bad_path_not_matched_by_wildcard: Test function `test_18_ws_bad_path_not_matched_by_wildcard` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51618, "scanner": "repobility-ast-engine", "fingerprint": "4b7aa8f76b52a34c2ff14e165022af886aac3d16aded1331c9a72eb913f77068", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b7aa8f76b52a34c2ff14e165022af886aac3d16aded1331c9a72eb913f77068"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_06_electron_flows.py"}, "region": {"startLine": 879}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_07_ws_close_code_on_server_disconnect: Test function `test_07_ws_close_code_on_server_disconnect` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51617, "scanner": "repobility-ast-engine", "fingerprint": "b99194e86a5e91257c62cf6e3708506937c34c77d0d50c46a211a5bd88a90dce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b99194e86a5e91257c62cf6e3708506937c34c77d0d50c46a211a5bd88a90dce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_06_electron_flows.py"}, "region": {"startLine": 499}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_06_ws_same_machine_id_last_connection_wins: Test function `test_06_ws_same_machine_id_last_connection_wins` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51616, "scanner": "repobility-ast-engine", "fingerprint": "939833c452bec9cf54602e0c892236e9ac408aa67ed0d356f3eddd65b2521347", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|939833c452bec9cf54602e0c892236e9ac408aa67ed0d356f3eddd65b2521347"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_06_electron_flows.py"}, "region": {"startLine": 449}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_04c_ws_auth_wrong_message_type: Test function `test_04c_ws_auth_wrong_message_type` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51615, "scanner": "repobility-ast-engine", "fingerprint": "0e00ff49926cb83507b04d454c223254dd5f1e1dfe9bbd039ea1bab4da451e9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e00ff49926cb83507b04d454c223254dd5f1e1dfe9bbd039ea1bab4da451e9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_06_electron_flows.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_02_ws_connect_via_direct_alb_8001: Test function `test_02_ws_connect_via_direct_alb_8001` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51614, "scanner": "repobility-ast-engine", "fingerprint": "83d46302419143e613d1626804ce410dfd47c756bb94eda2149e8c0913ce5cb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83d46302419143e613d1626804ce410dfd47c756bb94eda2149e8c0913ce5cb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_06_electron_flows.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_user_id: Test function `test_user_id` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51610, "scanner": "repobility-ast-engine", "fingerprint": "bdd9b373f509a67f1a4b3388185f30361c63f98395df853b002785d0828fbd3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdd9b373f509a67f1a4b3388185f30361c63f98395df853b002785d0828fbd3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/conftest.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_jwt: Test function `test_jwt` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51609, "scanner": "repobility-ast-engine", "fingerprint": "61428f594a75c1569c63473d7ace58e2862fdfffdee60b47f968b9cc4c88dff6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61428f594a75c1569c63473d7ace58e2862fdfffdee60b47f968b9cc4c88dff6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/conftest.py"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_user_session: Test function `test_user_session` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51608, "scanner": "repobility-ast-engine", "fingerprint": "9fe99c6219e6c506697d1ebd1d52e2153707bdd8d164e320bddaf91f3f277630", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9fe99c6219e6c506697d1ebd1d52e2153707bdd8d164e320bddaf91f3f277630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/conftest.py"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_chat_messages_fake_uuid_returns_404: Test function `test_get_chat_messages_fake_uuid_returns_404` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51604, "scanner": "repobility-ast-engine", "fingerprint": "c8045bda386b6f2c436f8aa3ef88c1562c6a605af4e90fa78ac03871104782d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8045bda386b6f2c436f8aa3ef88c1562c6a605af4e90fa78ac03871104782d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_authz_idor.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_chat_fake_uuid_returns_404: Test function `test_get_chat_fake_uuid_returns_404` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51603, "scanner": "repobility-ast-engine", "fingerprint": "998425645f8863f0fe379d934562cc4fdac1674672694a783555b5a2c939ec16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|998425645f8863f0fe379d934562cc4fdac1674672694a783555b5a2c939ec16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_authz_idor.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_import: Test function `test_import` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51601, "scanner": "repobility-ast-engine", "fingerprint": "c4c22dfa7ed12b6afc5ad99a942f5e22747e93bd66b53a16777af9fc92751d94", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4c22dfa7ed12b6afc5ad99a942f5e22747e93bd66b53a16777af9fc92751d94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/test_imports.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_connection_to_existing: Test function `test_connection_to_existing` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51600, "scanner": "repobility-ast-engine", "fingerprint": "f71b499bb088b0db977ffffd244d0bfa9bd7ccbd70c0ae3908435b23f6483192", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f71b499bb088b0db977ffffd244d0bfa9bd7ccbd70c0ae3908435b23f6483192"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/test_anti_detection.py"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_stealth_browser: Test function `test_stealth_browser` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 51599, "scanner": "repobility-ast-engine", "fingerprint": "2e58baa0df97e73ef1788554b0c9be8f6cc3b1cb5c0af6ba71a8fe4063f76523", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e58baa0df97e73ef1788554b0c9be8f6cc3b1cb5c0af6ba71a8fe4063f76523"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/test_anti_detection.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51578, "scanner": "repobility-ast-engine", "fingerprint": "83475987fe093bc954f4dc925f1c43b8d45f50979a87cbe156b4e55152a8f92b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83475987fe093bc954f4dc925f1c43b8d45f50979a87cbe156b4e55152a8f92b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 3199}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51577, "scanner": "repobility-ast-engine", "fingerprint": "f94cbaa83ba17df7dd9f2e71f8111a3fb42fd2257b3ce744b10e7474cde85bcd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f94cbaa83ba17df7dd9f2e71f8111a3fb42fd2257b3ce744b10e7474cde85bcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 3191}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51576, "scanner": "repobility-ast-engine", "fingerprint": "02acfbd513014523a65daea5fa6e40d30965b4c3d501d6b12b9d09954996e332", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02acfbd513014523a65daea5fa6e40d30965b4c3d501d6b12b9d09954996e332"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 1926}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51575, "scanner": "repobility-ast-engine", "fingerprint": "fc15c0b449f12070a8ae6a23df7a82a5452fa67bd42565efa27f1c0d299d81d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc15c0b449f12070a8ae6a23df7a82a5452fa67bd42565efa27f1c0d299d81d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 1901}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51574, "scanner": "repobility-ast-engine", "fingerprint": "92b338e5a7b16c02ea5ab0229d774ee6b98c80305d9f71c2e3e45579704c21b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|92b338e5a7b16c02ea5ab0229d774ee6b98c80305d9f71c2e3e45579704c21b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 1899}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51573, "scanner": "repobility-ast-engine", "fingerprint": "e55e8a0dbf784f350bdcda299a6e91e7a8fd3587a2da211a574b09091e27dd84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e55e8a0dbf784f350bdcda299a6e91e7a8fd3587a2da211a574b09091e27dd84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 1936}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `switch_to_window`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51572, "scanner": "repobility-ast-engine", "fingerprint": "5d16c9ec54a0c715b539a3ad0015f8a5628c8ad2a36df8ebe439518643cb39cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d16c9ec54a0c715b539a3ad0015f8a5628c8ad2a36df8ebe439518643cb39cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 1870}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `switch_to_window`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51571, "scanner": "repobility-ast-engine", "fingerprint": "032dd621502d08227ab452404cce11937d0da90d44ada09842fa5abf0dee7d20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|032dd621502d08227ab452404cce11937d0da90d44ada09842fa5abf0dee7d20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 1875}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51570, "scanner": "repobility-ast-engine", "fingerprint": "c81bbf03b18fd7dc97b73adb10e69e99b319afaf3e650620857992e197598c58", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c81bbf03b18fd7dc97b73adb10e69e99b319afaf3e650620857992e197598c58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 912}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51569, "scanner": "repobility-ast-engine", "fingerprint": "5d634a8f5e7391aafc773619a13bf8b6a4ea086907dfd449bc7f3487e2cf5c96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d634a8f5e7391aafc773619a13bf8b6a4ea086907dfd449bc7f3487e2cf5c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 909}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51568, "scanner": "repobility-ast-engine", "fingerprint": "7d173ebd22e5a46ac1e83bd34baf2e3ae27fcd1764c88158dd17fd751dc92048", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d173ebd22e5a46ac1e83bd34baf2e3ae27fcd1764c88158dd17fd751dc92048"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 713}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51567, "scanner": "repobility-ast-engine", "fingerprint": "a1107c5336015de535002ef911d89a953af31a3c1a5553669944e4ea3f4b0ae6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1107c5336015de535002ef911d89a953af31a3c1a5553669944e4ea3f4b0ae6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 717}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51566, "scanner": "repobility-ast-engine", "fingerprint": "4d65a5db479a556fcf3c055dbc23fb7e0c0d9a2f4061c6dc18a20dd8afdf3f7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d65a5db479a556fcf3c055dbc23fb7e0c0d9a2f4061c6dc18a20dd8afdf3f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 677}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51565, "scanner": "repobility-ast-engine", "fingerprint": "6c30aaab817e9ca5be0b4f03d0c0eb093bfb6937c763f83d8ffc4ed6b28100f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c30aaab817e9ca5be0b4f03d0c0eb093bfb6937c763f83d8ffc4ed6b28100f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 648}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51564, "scanner": "repobility-ast-engine", "fingerprint": "4da312636a51c1e2f33dc91065966a053bfee14e4ddfdcffc2274c6a4564bfe9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4da312636a51c1e2f33dc91065966a053bfee14e4ddfdcffc2274c6a4564bfe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 622}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51563, "scanner": "repobility-ast-engine", "fingerprint": "f68c5bbd0fcbe0c4b1d1d4389b37f97fb1ef8604578e9de4a20633cd36f11a96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f68c5bbd0fcbe0c4b1d1d4389b37f97fb1ef8604578e9de4a20633cd36f11a96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 596}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51562, "scanner": "repobility-ast-engine", "fingerprint": "1d72d274ac71923c239754129f906690b9c4ae6c545d47b73537149c303ecd83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d72d274ac71923c239754129f906690b9c4ae6c545d47b73537149c303ecd83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 553}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51561, "scanner": "repobility-ast-engine", "fingerprint": "a60cf045257d7e4baf4ce2a156e01f364e5f26b124a1db4176afecaf9ca8be56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a60cf045257d7e4baf4ce2a156e01f364e5f26b124a1db4176afecaf9ca8be56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 541}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51560, "scanner": "repobility-ast-engine", "fingerprint": "de892ea315528a5635cca5849ab24ef28a63c43a9441e503243fa51421b68f40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de892ea315528a5635cca5849ab24ef28a63c43a9441e503243fa51421b68f40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 527}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51559, "scanner": "repobility-ast-engine", "fingerprint": "7c12f70d296e5f80d04543e81f5662fc068f06cb8e0b8599da23beb1bf8ae988", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c12f70d296e5f80d04543e81f5662fc068f06cb8e0b8599da23beb1bf8ae988"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 529}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51558, "scanner": "repobility-ast-engine", "fingerprint": "3c2a8694f2363116ad7ce74a1051c24d24d5e4d85fd990d974722b3406707bca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c2a8694f2363116ad7ce74a1051c24d24d5e4d85fd990d974722b3406707bca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 512}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51557, "scanner": "repobility-ast-engine", "fingerprint": "170e1e952b9747febb847f88789ccb1732644ba0d81166158b8901ec16c51971", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|170e1e952b9747febb847f88789ccb1732644ba0d81166158b8901ec16c51971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 498}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51556, "scanner": "repobility-ast-engine", "fingerprint": "8851789c9ab3756ccc31a2abe1e38f548d3f6de0fca482cc27bf534f0a4b3eae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8851789c9ab3756ccc31a2abe1e38f548d3f6de0fca482cc27bf534f0a4b3eae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 485}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51555, "scanner": "repobility-ast-engine", "fingerprint": "88236e6494e499a32a4df60483bcb2108ac87c1afbe4ac2cb1ca9c605462f6c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88236e6494e499a32a4df60483bcb2108ac87c1afbe4ac2cb1ca9c605462f6c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 472}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `interactive_loop`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 51550, "scanner": "repobility-ast-engine", "fingerprint": "64049a12d4a03404b3d018b0db01099a3e99694124a6fda9dbcf3ce02ad4c480", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64049a12d4a03404b3d018b0db01099a3e99694124a6fda9dbcf3ce02ad4c480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/interactive_test.py"}, "region": {"startLine": 372}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.connect` used but never assigned in __init__: Method `ensure_connected` of class `InteractiveClient` reads `self.connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51549, "scanner": "repobility-ast-engine", "fingerprint": "1e2afe359c99f613d5952b69aa6287465d2319d0b683994785b39943f0fa9445", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e2afe359c99f613d5952b69aa6287465d2319d0b683994785b39943f0fa9445"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/interactive_test.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.connect` used but never assigned in __init__: Method `ensure_connected` of class `InteractiveClient` reads `self.connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51548, "scanner": "repobility-ast-engine", "fingerprint": "f66d66cea7b689db8c45822d638ca6bcaf815b4088eaf51f19ecaeb81d0589ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f66d66cea7b689db8c45822d638ca6bcaf815b4088eaf51f19ecaeb81d0589ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/interactive_test.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.heartbeat_loop` used but never assigned in __init__: Method `connect` of class `InteractiveClient` reads `self.heartbeat_loop`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51547, "scanner": "repobility-ast-engine", "fingerprint": "d7a8cd2434fd5c4020ec5e7485f28c37c269e8e1271fc35d24f64a7909025b11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7a8cd2434fd5c4020ec5e7485f28c37c269e8e1271fc35d24f64a7909025b11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/interactive_test.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.close_browser` used but never assigned in __init__: Method `close_all` of class `BrowserManager` reads `self.close_browser`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51546, "scanner": "repobility-ast-engine", "fingerprint": "bccd06c140e3cb52c213d49eb61c37f386e8992700a6cfb33d017439b31a14d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bccd06c140e3cb52c213d49eb61c37f386e8992700a6cfb33d017439b31a14d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 487}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._apply_cdp_stealth` used but never assigned in __init__: Method `connect_to_existing` of class `StealthBrowser` reads `self._apply_cdp_stealth`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51545, "scanner": "repobility-ast-engine", "fingerprint": "0594b6d392d16722c058c3a3e0b9fb6ce5f928733f1f1822b51af1769e6615ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0594b6d392d16722c058c3a3e0b9fb6ce5f928733f1f1822b51af1769e6615ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._apply_cdp_stealth` used but never assigned in __init__: Method `create_undetected_driver` of class `StealthBrowser` reads `self._apply_cdp_stealth`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51544, "scanner": "repobility-ast-engine", "fingerprint": "f08753d8d572c1000f5929e038777fe52a606911e6104042b74e8a2e1e451705", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f08753d8d572c1000f5929e038777fe52a606911e6104042b74e8a2e1e451705"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._setup_chrome_options` used but never assigned in __init__: Method `create_undetected_driver` of class `StealthBrowser` reads `self._setup_chrome_options`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51543, "scanner": "repobility-ast-engine", "fingerprint": "aa349a32dfecd6f2e2c1ab9993db7829a4a185b2c5e71d543d06af3ee108e527", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa349a32dfecd6f2e2c1ab9993db7829a4a185b2c5e71d543d06af3ee108e527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_or_create_profile` used but never assigned in __init__: Method `_setup_chrome_options` of class `StealthBrowser` reads `self._get_or_create_profile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51542, "scanner": "repobility-ast-engine", "fingerprint": "42a998ad3adf3586dafa8acb0fb9a1d51d67781e9fd93952162b1f8881c47b71", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42a998ad3adf3586dafa8acb0fb9a1d51d67781e9fd93952162b1f8881c47b71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_random_user_agent` used but never assigned in __init__: Method `_setup_chrome_options` of class `StealthBrowser` reads `self._get_random_user_agent`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51541, "scanner": "repobility-ast-engine", "fingerprint": "481c468bba85502ca1e15fd1af38b936b456e055249e7252cedc97901328765d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|481c468bba85502ca1e15fd1af38b936b456e055249e7252cedc97901328765d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_random_viewport` used but never assigned in __init__: Method `_setup_chrome_options` of class `StealthBrowser` reads `self._get_random_viewport`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51540, "scanner": "repobility-ast-engine", "fingerprint": "41daf8303a6b22392635d94044ec9306bba00756451d8f469875002e09c5cfdb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41daf8303a6b22392635d94044ec9306bba00756451d8f469875002e09c5cfdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/stealth_browser.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._disconnect` used but never assigned in __init__: Method `send_test` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51537, "scanner": "repobility-ast-engine", "fingerprint": "03b05cca5a8fc26698146aa58f66ded145e991056269cc14688d12f901d98aec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03b05cca5a8fc26698146aa58f66ded145e991056269cc14688d12f901d98aec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 278}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._connect` used but never assigned in __init__: Method `send_test` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51536, "scanner": "repobility-ast-engine", "fingerprint": "8ec61aaac94452f36e519ad51419e2fe048ba0b55d3f45ab7e189f3dd360facf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ec61aaac94452f36e519ad51419e2fe048ba0b55d3f45ab7e189f3dd360facf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._send_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51535, "scanner": "repobility-ast-engine", "fingerprint": "30985ee277688aaba9330554a0db59621583d12ce5e4e21be5c15e3ad706b090", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30985ee277688aaba9330554a0db59621583d12ce5e4e21be5c15e3ad706b090"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51534, "scanner": "repobility-ast-engine", "fingerprint": "6e249610c73c4cd2f217e697516b821908ca641c7d8ec779e7b7593dc42d2cef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e249610c73c4cd2f217e697516b821908ca641c7d8ec779e7b7593dc42d2cef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51533, "scanner": "repobility-ast-engine", "fingerprint": "054a472db18e28f4580d499dca1a7805f8dcd9abb6664b69ee17130cf0f9c6f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|054a472db18e28f4580d499dca1a7805f8dcd9abb6664b69ee17130cf0f9c6f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51532, "scanner": "repobility-ast-engine", "fingerprint": "200d2b9acf9070c9a6d7f68749b38dcb05b495afd946cad5b5cd4bc9dc43b295", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|200d2b9acf9070c9a6d7f68749b38dcb05b495afd946cad5b5cd4bc9dc43b295"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51531, "scanner": "repobility-ast-engine", "fingerprint": "93707355ea710549399731cfd871d3eb86bdd546ea0a77e32c7bc1161d4f8852", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93707355ea710549399731cfd871d3eb86bdd546ea0a77e32c7bc1161d4f8852"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51530, "scanner": "repobility-ast-engine", "fingerprint": "e22714c06ab7ad44b93814f0e78bef5b1b5893ada1159a32cbfc0c63f1535410", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e22714c06ab7ad44b93814f0e78bef5b1b5893ada1159a32cbfc0c63f1535410"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._send_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51529, "scanner": "repobility-ast-engine", "fingerprint": "6524e9778f6296939384eee6706147c1604e6b06fe24e999c8def7962969835c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6524e9778f6296939384eee6706147c1604e6b06fe24e999c8def7962969835c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51528, "scanner": "repobility-ast-engine", "fingerprint": "6072d3cadcc21035a8766391257a7b11cd3b9f14a76f5c709fcf491911adf885", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6072d3cadcc21035a8766391257a7b11cd3b9f14a76f5c709fcf491911adf885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51527, "scanner": "repobility-ast-engine", "fingerprint": "ebf6edaed4ff5d9290c06aad6d1e84ef8e95666997c3039db9f9b09f026bdc92", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebf6edaed4ff5d9290c06aad6d1e84ef8e95666997c3039db9f9b09f026bdc92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51526, "scanner": "repobility-ast-engine", "fingerprint": "7a0d0d8570da1e203c0a5abb30725080893502e7f6382c2a49323226525c337a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a0d0d8570da1e203c0a5abb30725080893502e7f6382c2a49323226525c337a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._send_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51525, "scanner": "repobility-ast-engine", "fingerprint": "6e48dedae6d3fb48e76865f6e74b6e6d70aea4eb362f6184e7e0070fdd268978", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e48dedae6d3fb48e76865f6e74b6e6d70aea4eb362f6184e7e0070fdd268978"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._disconnect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51524, "scanner": "repobility-ast-engine", "fingerprint": "25f0f5278fc805d7d2b7b10340151d82166c5108ddde38eb35d4c504be613e34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|25f0f5278fc805d7d2b7b10340151d82166c5108ddde38eb35d4c504be613e34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of class `CampaignSender` reads `self._connect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 51523, "scanner": "repobility-ast-engine", "fingerprint": "d147fa5ca951c680f2f92f0074605e6d9e2f398650fffee9b50d70bf21a3651f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d147fa5ca951c680f2f92f0074605e6d9e2f398650fffee9b50d70bf21a3651f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 51522, "scanner": "repobility-journey-contract", "fingerprint": "361c854431bb76dcd9e7af2edfbfac6597c4a4a321b787c8bdf457e478e092ea", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|app/auth/login-page.tsx|929|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/auth/login-page.tsx"}, "region": {"startLine": 929}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 51521, "scanner": "repobility-journey-contract", "fingerprint": "b2cd36e87d7fc4ba0696fff10316ff960fc11a355c8b0579b6f59f80bcadd220", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|app/auth/login-page.tsx|861|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/auth/login-page.tsx"}, "region": {"startLine": 861}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 51511, "scanner": "repobility-threat-engine", "fingerprint": "c6a959360ac36d8c4d99a61d0c6b0a1ba4dd1830bf60364355f1648e8b7a62a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c6a959360ac36d8c4d99a61d0c6b0a1ba4dd1830bf60364355f1648e8b7a62a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-userdata-size.mjs"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 51510, "scanner": "repobility-threat-engine", "fingerprint": "0740b3ba49b5a5e4815904d865fa0662c719ab55dbebcd7d2560689992078e96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0740b3ba49b5a5e4815904d865fa0662c719ab55dbebcd7d2560689992078e96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-agent-size.mjs"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 51509, "scanner": "repobility-threat-engine", "fingerprint": "18517b92144e6461c68bfa7f428beed8733be556f36bea4d88a09ae0463829f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|18517b92144e6461c68bfa7f428beed8733be556f36bea4d88a09ae0463829f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/native-screenshot.ts"}, "region": {"startLine": 124}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 51507, "scanner": "repobility-threat-engine", "fingerprint": "a4d80e2106f2996af9acc4c506ed07786ffdf28122e917a238d0866660893d9a", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(params", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|130|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/file-ops.ts"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 51498, "scanner": "repobility-threat-engine", "fingerprint": "50717968e0467457910fe3d7423f83022ab26e66bf09e3c4a1acd2d42aae46d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50717968e0467457910fe3d7423f83022ab26e66bf09e3c4a1acd2d42aae46d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 51497, "scanner": "repobility-threat-engine", "fingerprint": "d1905266458ab7fcbc2f4463327f6b4837bffdaf7bcc5c32afb9fb6d010a9ee3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1905266458ab7fcbc2f4463327f6b4837bffdaf7bcc5c32afb9fb6d010a9ee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "campaigns/sender.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 51487, "scanner": "repobility-threat-engine", "fingerprint": "09d9106981a4fea1504f0564edcc0f3726a1ffcf6c1344e719493d2685584b57", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ctx.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|09d9106981a4fea1504f0564edcc0f3726a1ffcf6c1344e719493d2685584b57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/animated-favicon.tsx"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 51486, "scanner": "repobility-threat-engine", "fingerprint": "058b2a800a9b78b17928445594562f50c40cd77c965a389fa306baf14a4a361e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url.searchParams.delete(\"payment_success\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|058b2a800a9b78b17928445594562f50c40cd77c965a389fa306baf14a4a361e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/payment-handler.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 51485, "scanner": "repobility-threat-engine", "fingerprint": "3fd84b22b58a33817887048b877e09e791620dacd50d1ea479f1ab09f485241b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url.searchParams.delete(\"ref\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3fd84b22b58a33817887048b877e09e791620dacd50d1ea479f1ab09f485241b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/landing/landing-page.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 51483, "scanner": "repobility-threat-engine", "fingerprint": "4cac60c789a15fdf67432b1f7efee6bb4eea062ff45232b6e8799ed5398e0317", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4cac60c789a15fdf67432b1f7efee6bb4eea062ff45232b6e8799ed5398e0317"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/MessageItem.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 51482, "scanner": "repobility-threat-engine", "fingerprint": "52da83bf170b0791801e67c1f31371ca88197b2918b1df679d9fe1a94257184e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(code_obj", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|52da83bf170b0791801e67c1f31371ca88197b2918b1df679d9fe1a94257184e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 51481, "scanner": "repobility-threat-engine", "fingerprint": "10455c6369f42b915d6f4bed791d0abc4fb5e1ecd221f2face588a370a792ac4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|10455c6369f42b915d6f4bed791d0abc4fb5e1ecd221f2face588a370a792ac4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/components/chat/message-parser.tsx"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 51465, "scanner": "repobility-threat-engine", "fingerprint": "1058223eb16f4ea3c253a60b5d290206fef176cfca990b744c70b6d5aec90a5f", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n          (pos, posIndex) =>\n            `rgba(255, 255, 255, ${posIndex === 1 || posIndex ===", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1058223eb16f4ea3c253a60b5d290206fef176cfca990b744c70b6d5aec90a5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/motion-primitives/progressive-blur.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 51464, "scanner": "repobility-threat-engine", "fingerprint": "db48f3919b925fbb23b329939be0db3a9e3c6187fb53672cb4075eb205483660", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n      (post) => `    <item>\n      <title>${escapeXml(post.title)}</title>\n      <link>https://c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|db48f3919b925fbb23b329939be0db3a9e3c6187fb53672cb4075eb205483660"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/blog/feed.xml/route.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 51430, "scanner": "repobility-threat-engine", "fingerprint": "330f311949adf9d1d014c9c488574e86a7de8f825590eec8325e4a4f875b5aeb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\": \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|330f311949adf9d1d014c9c488574e86a7de8f825590eec8325e4a4f875b5aeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/mcp-server-card/route.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 51429, "scanner": "repobility-threat-engine", "fingerprint": "18ae7376e6e401ccd32ad687bbec7157d77f773c01a760f684175f5ee82a1b3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\": \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|18ae7376e6e401ccd32ad687bbec7157d77f773c01a760f684175f5ee82a1b3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/discovery/route.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 51428, "scanner": "repobility-threat-engine", "fingerprint": "a29303e442f2546385dbdc473787476a4e8aaf0705bf88df6722f1b4c6c9a80a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\": \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a29303e442f2546385dbdc473787476a4e8aaf0705bf88df6722f1b4c6c9a80a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/ai-plugin/route.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 51426, "scanner": "repobility-threat-engine", "fingerprint": "9bbea6e76ea8f1a41f319a1fadd71443eb96d34f767b0cddcf99d69c0af5180e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9bbea6e76ea8f1a41f319a1fadd71443eb96d34f767b0cddcf99d69c0af5180e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/discover/route.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 51425, "scanner": "repobility-threat-engine", "fingerprint": "11edfbf75c944e86c1ecd6c2a4b0cbc6bb1496eeba2044aaeccacf19d81af7d0", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|11edfbf75c944e86c1ecd6c2a4b0cbc6bb1496eeba2044aaeccacf19d81af7d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/account/account-opener.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 51424, "scanner": "repobility-threat-engine", "fingerprint": "c9cfa843be8dc696c136985a899a968a163c04db49c98667cc2dfa4fef03c968", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c9cfa843be8dc696c136985a899a968a163c04db49c98667cc2dfa4fef03c968"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/account/account-content.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 5718, "scanner": "repobility-journey-contract", "fingerprint": "660fd8645528beb8a029e8b7438986534c81a9c1e39daa940358f56c6a5594d5", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|263|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/AuthScreen.tsx"}, "region": {"startLine": 263}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 5717, "scanner": "repobility-journey-contract", "fingerprint": "4ab1125a56c11cc3c666f3a7acc1da8e70580b7d172ccf08e864d50071981b45", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|249|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/AuthScreen.tsx"}, "region": {"startLine": 249}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 5716, "scanner": "repobility-journey-contract", "fingerprint": "9e30f79d1b4923e9a77c587117e6c4a46878faf690c7322c9e852ea3a4d3ec29", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|100|jrn009", "duplicate_count": 1, "duplicate_rule_ids": ["JRN009"], "duplicate_scanners": ["repobility-journey-contract"], "duplicate_fingerprints": ["9e30f79d1b4923e9a77c587117e6c4a46878faf690c7322c9e852ea3a4d3ec29", "cdc9585221055048140476e3c7f963b769fd6575c6c6f0fd468ef0d3642ab813"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/auth/reset-password/page.tsx"}, "region": {"startLine": 100}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 5715, "scanner": "repobility-journey-contract", "fingerprint": "b3caa1a559085c330b81fb981ec1f7ed2057a4917a38107c2e31b8e16e2c043c", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|app/auth/login-page.tsx|948|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/auth/login-page.tsx"}, "region": {"startLine": 948}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 5714, "scanner": "repobility-journey-contract", "fingerprint": "eaad733b8ee81a467eac407c71dc6b32276a68537cf4e531cb3d040348117b87", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|app/auth/login-page.tsx|880|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/auth/login-page.tsx"}, "region": {"startLine": 880}}}]}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 5713, "scanner": "repobility-journey-contract", "fingerprint": "e7a8bbf26c12d9a29d40e1adf646f3642e243a2a0383cce23e95687f7ce6a8e2", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|app/api/chats/ chatid /route.ts|123|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 4}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chats/[chatId]/route.ts"}, "region": {"startLine": 123}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /chats/:chatId/route."}, "properties": {"repobilityId": 5685, "scanner": "repobility-access-control", "fingerprint": "0b1062c3ace6e0bd47459bffb54827cc0205917851c6243e79c4557f3cddc52e", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/chats/:chatId/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/chats/ chatid /route.ts|91|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/chats/[chatId]/route.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /projects/:projectId/route."}, "properties": {"repobilityId": 5684, "scanner": "repobility-access-control", "fingerprint": "a6fa4bdeaad44b91f8c76599ea8de5ecf4307916720f5a0b1c4cfe879a340fc6", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/projects/:projectId/route", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/projects/ projectid /route.ts|18|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/projects/[projectId]/route.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /projects/:projectId/route."}, "properties": {"repobilityId": 5683, "scanner": "repobility-access-control", "fingerprint": "5b088111d4cedb5c7d7a20286c8d1c652a3aa262d87ce9ac7af733eb79415055", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/projects/:projectId/route", "method": "PUT", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/projects/ projectid /route.ts|14|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/projects/[projectId]/route.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /projects/:projectId/route."}, "properties": {"repobilityId": 5682, "scanner": "repobility-access-control", "fingerprint": "d0989ac4af737acd2b0be85b01d07ad8b559050989adc827b7df78fadcea8d77", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/projects/:projectId/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/projects/ projectid /route.ts|10|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/projects/[projectId]/route.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /swarm/:swarmId/resume/route."}, "properties": {"repobilityId": 5681, "scanner": "repobility-access-control", "fingerprint": "c5a03767d07e6edd034855faa1e9b1093db796c5f92a7d34c001614f1367e220", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/swarm/:swarmId/resume/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/swarm/ swarmid /resume/route.ts|19|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/swarm/[swarmId]/resume/route.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /swarm/:swarmId/pause/route."}, "properties": {"repobilityId": 5680, "scanner": "repobility-access-control", "fingerprint": "fb7a554364e71a061882a1ce112a554b09915bb1da571d50c24566b84156fb0b", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/swarm/:swarmId/pause/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/swarm/ swarmid /pause/route.ts|19|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/swarm/[swarmId]/pause/route.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /swarm/:swarmId/stop/route."}, "properties": {"repobilityId": 5679, "scanner": "repobility-access-control", "fingerprint": "aca11ed982bf35dafc899df910721fcdf3fa76372ef886bb8ff62897c286b937", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/swarm/:swarmId/stop/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/swarm/ swarmid /stop/route.ts|22|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/swarm/[swarmId]/stop/route.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /swarm/:swarmId/route."}, "properties": {"repobilityId": 5678, "scanner": "repobility-access-control", "fingerprint": "da8b4f048fd0ae43352a2bceddc983d4370686864af1b3f1f957b8dff30233b9", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/swarm/:swarmId/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/swarm/ swarmid /route.ts|16|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/swarm/[swarmId]/route.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /electron/machines/:id/approvals/:approvalId/respond/route."}, "properties": {"repobilityId": 5677, "scanner": "repobility-access-control", "fingerprint": "61e8019a2fd15d4961bf810e8216100c9c35d1149345728fb14a611c1947130a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/electron/machines/:id/approvals/:approvalId/respond/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/electron/machines/ id /approvals/ approvalid /respond/route.ts|12|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/electron/machines/[id]/approvals/[approvalId]/respond/route.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /electron/machines/:id/approvals/route."}, "properties": {"repobilityId": 5676, "scanner": "repobility-access-control", "fingerprint": "4127a757b647abb9358db491c5f3864896d7f0a15317ffbb653341ef47bc3f50", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/electron/machines/:id/approvals/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|app/api/electron/machines/ id /approvals/route.ts|12|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/api/electron/machines/[id]/approvals/route.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 5669, "scanner": "repobility-docker", "fingerprint": "033d1a6141c15d9603a4e3ef74945ad8a8000e16573e38f4821c0f0986897200", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|033d1a6141c15d9603a4e3ef74945ad8a8000e16573e38f4821c0f0986897200"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/Dockerfile"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (LRO) in source: Line 877 contains a Unicode bidirectional override character (U+202D LRO). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 51650, "scanner": "repobility-supply-chain", "fingerprint": "66198a29a84bee37953f19bc7a411caf868721a62b78db9690be890930131c65", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|token", "duplicate_count": 4, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["5a0279e8989529b8aab8030c4c628c2da3a5d0190d906ec9e4b79a6886b61b5a", "66198a29a84bee37953f19bc7a411caf868721a62b78db9690be890930131c65", "81e3970cb98de7c4730291ac0891ad07871e91e2e78eeeb33640ca951573808b", "8bb89fc1b266ed9d7b95221f5a5dd90b4c7f34553f880e53da5cf63fd524e48a", "8c63362d390e31aadb61b6124e21c2ab9a343205e26d454ace9448e6de1c739f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_injection_deep.py"}, "region": {"startLine": 877}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51647, "scanner": "repobility-ast-engine", "fingerprint": "a19be0c1c427e5a5b77f943701206d108df017f4974096de18178b9033e326dd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a19be0c1c427e5a5b77f943701206d108df017f4974096de18178b9033e326dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_03_backend_direct.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51646, "scanner": "repobility-ast-engine", "fingerprint": "d8a44d51fbe90aa36db29c0b3526e0a69a3e2852852026a44fba5f7568edf34f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8a44d51fbe90aa36db29c0b3526e0a69a3e2852852026a44fba5f7568edf34f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_secret_leakage.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51645, "scanner": "repobility-ast-engine", "fingerprint": "4efc1ad5aab8507832f4c1719250ee708383366dabe160ab99a5582091ff61fe", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4efc1ad5aab8507832f4c1719250ee708383366dabe160ab99a5582091ff61fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_auth_endpoints.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51644, "scanner": "repobility-ast-engine", "fingerprint": "c1b8ad6a2a4babfd2556f5359329ba327071067cbf0b52d984d027aff5b04d13", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1b8ad6a2a4babfd2556f5359329ba327071067cbf0b52d984d027aff5b04d13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_07_public_api.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51643, "scanner": "repobility-ast-engine", "fingerprint": "ed2eb4c1e51643733cd6c8eb9ecc332cd70cc733786df8cf4fe67b5157b27da0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed2eb4c1e51643733cd6c8eb9ecc332cd70cc733786df8cf4fe67b5157b27da0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_05_internal_alb.py"}, "region": {"startLine": 778}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51641, "scanner": "repobility-ast-engine", "fingerprint": "332afe1e7f00172c8637d06b701dfa7d3b6c1fed20bba71803b85670d6f18bbf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|332afe1e7f00172c8637d06b701dfa7d3b6c1fed20bba71803b85670d6f18bbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_routes_extras.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51638, "scanner": "repobility-ast-engine", "fingerprint": "448ab1055f69b00f6b46e1c749fd3305ab1a87b7797369b4e9e3bf0c336a6fae", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|448ab1055f69b00f6b46e1c749fd3305ab1a87b7797369b4e9e3bf0c336a6fae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_uploads.py"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51637, "scanner": "repobility-ast-engine", "fingerprint": "5c338c97daf1e3a486cba0f3872c028d7badce507b406df9def60e12c4502c72", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c338c97daf1e3a486cba0f3872c028d7badce507b406df9def60e12c4502c72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_10_security.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51636, "scanner": "repobility-ast-engine", "fingerprint": "0a1346f6afb0c82c6752af128f34edce2286638fd0a41888e80559149253ad82", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a1346f6afb0c82c6752af128f34edce2286638fd0a41888e80559149253ad82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_10_security.py"}, "region": {"startLine": 723}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51634, "scanner": "repobility-ast-engine", "fingerprint": "9fc05b9a46ed8741626145adadfbb0b9d9631ed727abae85ccd55f128dd3dfe2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9fc05b9a46ed8741626145adadfbb0b9d9631ed727abae85ccd55f128dd3dfe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_public_cua_keys.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51631, "scanner": "repobility-ast-engine", "fingerprint": "41c5d2621129b0fb48714dfe58ede5ea2df491a747e14d84b5c1b58dc2c26cba", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41c5d2621129b0fb48714dfe58ede5ea2df491a747e14d84b5c1b58dc2c26cba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_session_lifecycle.py"}, "region": {"startLine": 340}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51630, "scanner": "repobility-ast-engine", "fingerprint": "38afb7322c61217a656ce9eaa0be4b2e56d058cca06d83ddc0f0b8f80700ae94", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|38afb7322c61217a656ce9eaa0be4b2e56d058cca06d83ddc0f0b8f80700ae94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_screenshots.py"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51629, "scanner": "repobility-ast-engine", "fingerprint": "a6cce507c399ccabeb02ec49e29ddd7a9231a91fbffd79fa430b1096404c6311", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6cce507c399ccabeb02ec49e29ddd7a9231a91fbffd79fa430b1096404c6311"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_dos_resilience.py"}, "region": {"startLine": 623}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51626, "scanner": "repobility-ast-engine", "fingerprint": "172c123b43d9aec7afb5480ab7296ff7dd01741a2cde3650d99641e551ddd921", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|172c123b43d9aec7afb5480ab7296ff7dd01741a2cde3650d99641e551ddd921"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_auth_deep.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51622, "scanner": "repobility-ast-engine", "fingerprint": "fe7f9fef535480d7c5aad479704cc4f664b7ed44f6a625c2e46591603c41e728", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe7f9fef535480d7c5aad479704cc4f664b7ed44f6a625c2e46591603c41e728"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_injection_deep.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51620, "scanner": "repobility-ast-engine", "fingerprint": "d1affca105e07a803601e07c54d14e7b4384ee41afed54248733cb96abc97b50", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1affca105e07a803601e07c54d14e7b4384ee41afed54248733cb96abc97b50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_byok_keys.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51619, "scanner": "repobility-ast-engine", "fingerprint": "843966f3a193b57489bc29a673f09ae686578fbdd354ec1aebc60ce68e471ae8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|843966f3a193b57489bc29a673f09ae686578fbdd354ec1aebc60ce68e471ae8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_06_electron_flows.py"}, "region": {"startLine": 653}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51613, "scanner": "repobility-ast-engine", "fingerprint": "8f6c2004cefe1a968ddf2a0507f1d78db93ef0512bf0a9361092c1fdd8279219", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f6c2004cefe1a968ddf2a0507f1d78db93ef0512bf0a9361092c1fdd8279219"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_billing.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51612, "scanner": "repobility-ast-engine", "fingerprint": "5dcc6b670b374b71b7ce4e218a58a45562025dbb4a2a8265a7c83d9195be54b1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5dcc6b670b374b71b7ce4e218a58a45562025dbb4a2a8265a7c83d9195be54b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_ssrf_deep.py"}, "region": {"startLine": 552}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51611, "scanner": "repobility-ast-engine", "fingerprint": "a46a5a07829ffb151b8a0408154add5ff64781eb1bbb0c2f1448da782e53b81d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a46a5a07829ffb151b8a0408154add5ff64781eb1bbb0c2f1448da782e53b81d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_scheduler.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51607, "scanner": "repobility-ast-engine", "fingerprint": "7e8f89fd9f81214abc154b3e9beb1d98899ae53e0e87e31a70b579d6fdb6ab5d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e8f89fd9f81214abc154b3e9beb1d98899ae53e0e87e31a70b579d6fdb6ab5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_machine_isolation.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51606, "scanner": "repobility-ast-engine", "fingerprint": "108e25847554d2f7a8d74fcfe6cedaff0ad5bd511d7fd206d60375edd57659dc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|108e25847554d2f7a8d74fcfe6cedaff0ad5bd511d7fd206d60375edd57659dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_09_full_chat_flow.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51605, "scanner": "repobility-ast-engine", "fingerprint": "eac91ba0bb8f385bffa05d230f0162e5b60ea29c4a55c2fbec65105f77adb949", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eac91ba0bb8f385bffa05d230f0162e5b60ea29c4a55c2fbec65105f77adb949"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_authz_idor.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51602, "scanner": "repobility-ast-engine", "fingerprint": "b7c9e30d7689f926547dbefecda565882c1a56b83b61fc9b4918414ad866d085", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7c9e30d7689f926547dbefecda565882c1a56b83b61fc9b4918414ad866d085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/post_deploy/test_security_swarm.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 51554, "scanner": "repobility-ast-engine", "fingerprint": "0ba857a0dbe0c3d1f882f9c4f175d0bb3feea22be74d7e5ec3f56eaabf5a1ad1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ba857a0dbe0c3d1f882f9c4f175d0bb3feea22be74d7e5ec3f56eaabf5a1ad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/ai_agent_server.py"}, "region": {"startLine": 3008}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 51508, "scanner": "repobility-threat-engine", "fingerprint": "0df1f4e014f53e9110185c499ce1ee15f1c48db8ed470fb9be9b3ae967a2ceca", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(pkg", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0df1f4e014f53e9110185c499ce1ee15f1c48db8ed470fb9be9b3ae967a2ceca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/libnut-loader.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 51506, "scanner": "repobility-threat-engine", "fingerprint": "8dc405ab6994650809a4a36822ebac2881d00736981b6509ca0e2a1b2cc628d2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8dc405ab6994650809a4a36822ebac2881d00736981b6509ca0e2a1b2cc628d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 51504, "scanner": "repobility-threat-engine", "fingerprint": "e471b79cb0973c660f54828fb5bd6b92028d4efd516267acad04774906bd47f5", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "marshal.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|100|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 51503, "scanner": "repobility-threat-engine", "fingerprint": "c55f799b61ddee350fababca0bb194f7f472d7132f85ff2285363b099fc3a6d6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "marshal.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c55f799b61ddee350fababca0bb194f7f472d7132f85ff2285363b099fc3a6d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ai-desktop/obfuscate.py"}, "region": {"startLine": 57}}}]}]}]}