langgenius/dify

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

72 of your 134 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

https://github.com/langgenius/dify · scanned 2026-06-05 04:47 UTC (11 hours, 28 minutes ago) · 10 languages

1882 findings (126 legacy + 1756 scanner) 11/13 scanners ran 54th percentile · Python · medium (20-100K LoC) Scanner says 77 (lower by 15)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 11 hours, 28 minutes ago · v2 · 1004 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON

100.0% cov · 878 gaps

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	60.0	0.15	9.00
`security_score`	100.0	0.25	25.00
`testing_score`	0.0	0.20	0.00
`documentation_score`	79.0	0.15	11.85
`practices_score`	68.0	0.15	10.20
`code_quality`	65.0	0.10	6.50
Overall		1.00	62.5

security_score may be inflated — optional security scanners were skipped on this fast scan

Severity distribution — click a segment to filter

Active filters: layer: api × excluding tests × Reset all

Severity: Critical 13 High 108 Medium 61 Low 465 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 126 9-layer 878 Crowd 0 Layer: Quality 491 Security 35 Software 82 Frontend 317 Network 1 Hardware 8 Cicd 9 Api 61

Exclude dismissed / FP Exclude test files

Scan summary Repository scanned at 77.1/100 with 100.0% coverage. It contains 67071 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 878 findings — concentrated in quality (376), frontend (317), software (78). Risk profile is high: 13 critical, 22 high, 51 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 61 of 1004 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/not-proxied (packages/dev-proxy/src/cli.spec.ts:207)

`packages/dev-proxy/src/cli.spec.ts:207` calls `GET http://127.0.0.1:${port}/not-proxied` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/not-proxied` If this points at an external API, prefix it…

wiringdangling-fetchfetch

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:5001/api/enterprise/sso/login (packages/dev-proxy/src/server.spec.ts:267)

`packages/dev-proxy/src/server.spec.ts:267` calls `GET http://127.0.0.1:5001/api/enterprise/sso/login` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5001/api/enterprise/sso/login` If this p…

wiringdangling-fetchhelper:request

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:5001/api/messages (packages/dev-proxy/src/server.spec.ts:113)

`packages/dev-proxy/src/server.spec.ts:113` calls `GET http://127.0.0.1:5001/api/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5001/api/messages` If this points at an external API…

wiringdangling-fetchhelper:request

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:5001/api/messages (packages/dev-proxy/src/server.spec.ts:238)

`packages/dev-proxy/src/server.spec.ts:238` calls `GET http://127.0.0.1:5001/api/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5001/api/messages` If this points at an external API…

wiringdangling-fetchhelper:request

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:5001/console/api/apps (packages/dev-proxy/src/server.spec.ts:193)

`packages/dev-proxy/src/server.spec.ts:193` calls `GET http://127.0.0.1:5001/console/api/apps` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5001/console/api/apps` If this points at an exte…

wiringdangling-fetchhelper:request

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:5001/console/api/apps?page=1 (packages/dev-proxy/src/server.spec.ts:63)

`packages/dev-proxy/src/server.spec.ts:63` calls `GET http://127.0.0.1:5001/console/api/apps?page=1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5001/console/api/apps` If this points at a…

wiringdangling-fetchhelper:request

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:5001/files/logo.png?size=small (packages/dev-proxy/src/server.spec.ts:239)

`packages/dev-proxy/src/server.spec.ts:239` calls `GET http://127.0.0.1:5001/files/logo.png?size=small` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5001/files/logo.png` If this points at …

wiringdangling-fetchhelper:request

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:5010/console/api/account/profile (packages/dev-proxy/src/server.spec.ts:145)

`packages/dev-proxy/src/server.spec.ts:145` calls `GET http://127.0.0.1:5010/console/api/account/profile` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5010/console/api/account/profile` If …

wiringdangling-fetchhelper:request

high 9-layer api wiring conf 1.00 Dangling fetch: GET https://ungh.cc/repos/${owner}/${repo}/releases (web/app/components/plugins/install-plugin/hooks.ts:24)

`web/app/components/plugins/install-plugin/hooks.ts:24` calls `GET https://ungh.cc/repos/${owner}/${repo}/releases` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/ungh.cc/repos/<p>/<p>/releases` If this point…

wiringdangling-fetchfetch

high 9-layer api wiring conf 1.00 Dangling fetch: GET https://ungh.cc/repos/langgenius/dify (web/app/components/header/github-star/index.tsx:16)

`web/app/components/header/github-star/index.tsx:16` calls `GET https://ungh.cc/repos/langgenius/dify` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/ungh.cc/repos/langgenius/dify` If this points at an extern…

wiringdangling-fetchfetch

high 9-layer api wiring conf 1.00 Dangling fetch: OPTIONS http://127.0.0.1:5001/api/messages (packages/dev-proxy/src/server.spec.ts:289)

`packages/dev-proxy/src/server.spec.ts:289` calls `OPTIONS http://127.0.0.1:5001/api/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/http:/127.0.0.1:5001/api/messages` If this points at an external…

wiringdangling-fetchhelper:request

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /<uuid:file_id>/file-preview

`api/controllers/files/image_preview.py` declares `ANY /<uuid:file_id>/file-preview` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /<uuid:file_id>/image-preview

`api/controllers/files/image_preview.py` declares `ANY /<uuid:file_id>/image-preview` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consu…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /audio-to-text

`api/controllers/web/audio.py` declares `ANY /audio-to-text` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /billing/mail

`api/controllers/inner_api/mail.py` declares `ANY /billing/mail` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /chat-messages

`api/controllers/web/completion.py` declares `ANY /chat-messages` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /chat-messages/<string:task_id>/stop

`api/controllers/web/completion.py` declares `ANY /chat-messages/<string:task_id>/stop` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /completion-messages

`api/controllers/web/completion.py` declares `ANY /completion-messages` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /completion-messages/<string:task_id>/stop

`api/controllers/web/completion.py` declares `ANY /completion-messages/<string:task_id>/stop` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting w…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /conversations

`api/controllers/web/conversation.py` declares `ANY /conversations` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /conversations/<uuid:c_id>

`api/controllers/web/conversation.py` declares `ANY /conversations/<uuid:c_id>` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /conversations/<uuid:c_id>/name

`api/controllers/web/conversation.py` declares `ANY /conversations/<uuid:c_id>/name` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /conversations/<uuid:c_id>/pin

`api/controllers/web/conversation.py` declares `ANY /conversations/<uuid:c_id>/pin` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consume…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /conversations/<uuid:c_id>/unpin

`api/controllers/web/conversation.py` declares `ANY /conversations/<uuid:c_id>/unpin` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consu…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /db-pool-stat

`api/extensions/ext_app_metrics.py` declares `ANY /db-pool-stat` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /email-code-login

`api/controllers/web/login.py` declares `ANY /email-code-login` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /email-code-login/validity

`api/controllers/web/login.py` declares `ANY /email-code-login/validity` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /enterprise/mail

`api/controllers/inner_api/mail.py` declares `ANY /enterprise/mail` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /files/upload

`api/controllers/web/files.py` declares `ANY /files/upload` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /forgot-password

`api/controllers/web/forgot_password.py` declares `ANY /forgot-password` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /forgot-password/resets

`api/controllers/web/forgot_password.py` declares `ANY /forgot-password/resets` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /forgot-password/validity

`api/controllers/web/forgot_password.py` declares `ANY /forgot-password/validity` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes …

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /form/human_input/<string:form_token>

`api/controllers/web/human_input_form.py` declares `ANY /form/human_input/<string:form_token>` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /form/human_input/<string:form_token>/upload-token

`api/controllers/web/human_input_form.py` declares `ANY /form/human_input/<string:form_token>/upload-token` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /human-input-forms/files

`api/controllers/web/human_input_file_upload.py` declares `ANY /human-input-forms/files` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /login

`api/controllers/web/login.py` declares `ANY /login` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /login/status

`api/controllers/web/login.py` declares `ANY /login/status` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /logout

`api/controllers/web/login.py` declares `ANY /logout` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /messages

`api/controllers/web/message.py` declares `ANY /messages` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /messages/<uuid:message_id>/feedbacks

`api/controllers/web/message.py` declares `ANY /messages/<uuid:message_id>/feedbacks` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consu…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /messages/<uuid:message_id>/more-like-this

`api/controllers/web/message.py` declares `ANY /messages/<uuid:message_id>/more-like-this` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who …

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /messages/<uuid:message_id>/suggested-questions

`api/controllers/web/message.py` declares `ANY /messages/<uuid:message_id>/suggested-questions` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /meta

`api/controllers/web/app.py` declares `ANY /meta` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /parameters

`api/controllers/web/app.py` declares `ANY /parameters` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /passport

`api/controllers/web/passport.py` declares `ANY /passport` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /remote-files/<path:url>

`api/controllers/web/remote_files.py` declares `ANY /remote-files/<path:url>` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /remote-files/upload

`api/controllers/web/remote_files.py` declares `ANY /remote-files/upload` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /saved-messages

`api/controllers/web/saved_message.py` declares `ANY /saved-messages` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /saved-messages/<uuid:message_id>

`api/controllers/web/saved_message.py` declares `ANY /saved-messages/<uuid:message_id>` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /server/<string:server_code>/mcp

`api/controllers/mcp/mcp.py` declares `ANY /server/<string:server_code>/mcp` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /site

`api/controllers/web/site.py` declares `ANY /site` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /system-features

`api/controllers/web/feature.py` declares `ANY /system-features` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /text-to-audio

`api/controllers/web/audio.py` declares `ANY /text-to-audio` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /threads

`api/extensions/ext_app_metrics.py` declares `ANY /threads` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /tools/<uuid:file_id>.<string:extension>

`api/controllers/files/tool_files.py` declares `ANY /tools/<uuid:file_id>.<string:extension>` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting w…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /upload/for-plugin

`api/controllers/files/upload.py` declares `ANY /upload/for-plugin` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /webapp/access-mode

`api/controllers/web/app.py` declares `ANY /webapp/access-mode` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /webapp/permission

`api/controllers/web/app.py` declares `ANY /webapp/permission` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /workflows/run

`api/controllers/web/workflow.py` declares `ANY /workflows/run` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /workflows/tasks/<string:task_id>/stop

`api/controllers/web/workflow.py` declares `ANY /workflows/tasks/<string:task_id>/stop` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…

wiringunused-endpoint

low 9-layer api wiring conf 1.00 Unused endpoint: ANY /workspaces/<uuid:workspace_id>/webapp-logo

`api/controllers/files/image_preview.py` declares `ANY /workspaces/<uuid:workspace_id>/webapp-logo` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documen…

wiringunused-endpoint

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.

For AI agents + API integrations

Email me when this repo regresses

Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.

API access

This page is publicly accessible at: https://repobility.com/scan/10335fbd-0c15-4319-9700-6dfe3d09557a/

To check status programmatically (no auth required):

curl -s https://repobility.com/api/v1/public/scan/10335fbd-0c15-4319-9700-6dfe3d09557a/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.