{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT013", "name": "Agent auto-approve or skip-permissions mode is easy to enable", "shortDescription": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "fullDescription": {"text": "Codex/agent auto-approve, YOLO, or skip-permissions modes can be useful in isolated automation, but they remove the human checkpoint before command execution, network access, and file edits."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AGT016", "name": "Codex session log reader may expose prompts or tool-call content", "shortDescription": {"text": "Codex session log reader may expose prompts or tool-call content"}, "fullDescription": {"text": "Codex session JSONL files can contain prompts, tool events, paths, and operational metadata, not only token counts. Token dashboards and exporters should avoid retaining or sharing raw session text."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.73, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "AI-assisted edits often create a new sibling file instead of integrating the change into the existing module. That leaves two paths for future maintainers to understand and can hide the code that is actually wired into the app."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "A frontend journey appears to ask for consent to share identity/KYC/biometric data, but backend code does not show a consent audit model with scope, purpose, legal text version, timestamp, IP, or user-agent evidence."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC018", "name": "[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents ", "shortDescription": {"text": "[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but they can leak live secrets through logs, she"}, "fullDescription": {"text": "Remove the command, use a secret manager or CI masked secret, and rotate any credential that may have been printed."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/387"}, "properties": {"repository": "automagik-dev/genie", "repoUrl": "https://github.com/automagik-dev/genie.git", "branch": "main"}, "results": [{"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 12615, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12597, "scanner": "repobility-threat-engine", "fingerprint": "c779a509a31017c66287490150315f6e22e050f7b25856c80a9447a2464f3260", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c779a509a31017c66287490150315f6e22e050f7b25856c80a9447a2464f3260"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/events-stream.ts"}, "region": {"startLine": 204}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12596, "scanner": "repobility-threat-engine", "fingerprint": "5f7c1cc52410e25aad08e2f2b7cc14e51b0ee28800cd3cccc96306644f6016cf", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5f7c1cc52410e25aad08e2f2b7cc14e51b0ee28800cd3cccc96306644f6016cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/status.ts"}, "region": {"startLine": 298}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12595, "scanner": "repobility-threat-engine", "fingerprint": "e4c4550db6d8dac30829aa8d082314673efb60628a827937ecfa5bdcf91d0e56", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e4c4550db6d8dac30829aa8d082314673efb60628a827937ecfa5bdcf91d0e56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/genie.ts"}, "region": {"startLine": 377}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 12594, "scanner": "repobility-agent-runtime", "fingerprint": "9c71749ee455b0c43c4965628d574a23d7b98b89391ed21a1f0cd9a1a5fa1310", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9c71749ee455b0c43c4965628d574a23d7b98b89391ed21a1f0cd9a1a5fa1310"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/provider-adapters.ts"}, "region": {"startLine": 636}}}]}, {"ruleId": "AGT016", "level": "warning", "message": {"text": "Codex session log reader may expose prompts or tool-call content"}, "properties": {"repobilityId": 12593, "scanner": "repobility-agent-runtime", "fingerprint": "1f76a7c2ac48d13b03bef0c4535b65044f7de24cac5d4ef5ce01669e60b0b247", "category": "quality", "severity": "medium", "confidence": 0.73, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File reads Codex session JSONL or usage logs and references prompt/message/tool content without visible redaction controls.", "evidence": {"rule_id": "AGT016", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1f76a7c2ac48d13b03bef0c4535b65044f7de24cac5d4ef5ce01669e60b0b247"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/codex-logs.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 12592, "scanner": "repobility-agent-runtime", "fingerprint": "78f9810aaf7ca0f00971085a4ba12440e66d9707b75432f2a9bf9dd8c50594fe", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|78f9810aaf7ca0f00971085a4ba12440e66d9707b75432f2a9bf9dd8c50594fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/claude-settings.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 12591, "scanner": "repobility-agent-runtime", "fingerprint": "5cbfe164c7599c6e8cb09883669b62ed9f4219d90f77b211575c35f8098b49b7", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5cbfe164c7599c6e8cb09883669b62ed9f4219d90f77b211575c35f8098b49b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/genie/scripts/smart-install.js"}, "region": {"startLine": 79}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12590, "scanner": "repobility-agent-runtime", "fingerprint": "45cb8937e03fd8d73417b456deb3887c795e5a962eea84a9d8f063211d35242b", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|45cb8937e03fd8d73417b456deb3887c795e5a962eea84a9d8f063211d35242b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/Files.tsx"}, "region": {"startLine": 543}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12589, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9d0508b4525dc23f07779ac86a3f83c2b34ce14cbdda21b4c7da248190032e3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/agents/ui/AgentsView.tsx", "duplicate_line": 94, "correlation_key": "fp|c9d0508b4525dc23f07779ac86a3f83c2b34ce14cbdda21b4c7da248190032e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/sessions/ui/SessionsView.tsx"}, "region": {"startLine": 127}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12588, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b378e783945d7d02bdb5c64ecbd08b3ae8cd50215d3f16c283b972d75ddc876f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/scheduler/ui/SchedulerView.tsx", "duplicate_line": 37, "correlation_key": "fp|b378e783945d7d02bdb5c64ecbd08b3ae8cd50215d3f16c283b972d75ddc876f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/sessions/ui/SessionsView.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12587, "scanner": "repobility-ai-code-hygiene", "fingerprint": "088c8d109b291b57ca84b68ff250aabd5bb461abb2b5263e35d2a09057d8981e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/genie/ui/tabs/GeneralTab.tsx", "duplicate_line": 94, "correlation_key": "fp|088c8d109b291b57ca84b68ff250aabd5bb461abb2b5263e35d2a09057d8981e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/tabs/WorkspaceTab.tsx"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12586, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0b74a8397414646f54e2106134fe32a8f906ab8f4293b50dc8a159da2c959f2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/genie/ui/tabs/AgentsTab.tsx", "duplicate_line": 65, "correlation_key": "fp|f0b74a8397414646f54e2106134fe32a8f906ab8f4293b50dc8a159da2c959f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/tabs/WorkspaceTab.tsx"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12585, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a46dcc727434a68bd797009a6ef6c1505fa4c61649fbc7d6a7ab29239633dc5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/genie/ui/tabs/CouncilPresetsTab.tsx", "duplicate_line": 221, "correlation_key": "fp|6a46dcc727434a68bd797009a6ef6c1505fa4c61649fbc7d6a7ab29239633dc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/tabs/WorkerProfilesTab.tsx"}, "region": {"startLine": 222}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12584, "scanner": "repobility-ai-code-hygiene", "fingerprint": "af741eb1a84aa74484ac7de6931025f753f2c9aa83ac99c3041805b0961ff0d5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/genie/ui/tabs/AgentsTab.tsx", "duplicate_line": 66, "correlation_key": "fp|af741eb1a84aa74484ac7de6931025f753f2c9aa83ac99c3041805b0961ff0d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/tabs/WorkerProfilesTab.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12583, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c1168ca854a869d1fa00f677f6da99a4ee54ad882af750b17834748b7b82bec", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/genie/ui/tabs/CouncilPresetsTab.tsx", "duplicate_line": 75, "correlation_key": "fp|1c1168ca854a869d1fa00f677f6da99a4ee54ad882af750b17834748b7b82bec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/tabs/RulesTab.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12582, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37d2f548513bc1ce435d1b14e1d6ae0e5dcaf537298b36e4e2aa53ca90cad2e9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/genie/ui/tabs/CouncilPresetsTab.tsx", "duplicate_line": 13, "correlation_key": "fp|37d2f548513bc1ce435d1b14e1d6ae0e5dcaf537298b36e4e2aa53ca90cad2e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/tabs/OmniTab.tsx"}, "region": {"startLine": 94}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12581, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a5b0eb1d3f9a6558419fcf7b9778897c5fb1bc046923f0a67969e4f04976aef", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/genie/ui/tabs/AgentsTab.tsx", "duplicate_line": 67, "correlation_key": "fp|1a5b0eb1d3f9a6558419fcf7b9778897c5fb1bc046923f0a67969e4f04976aef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/genie/ui/tabs/GeneralTab.tsx"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12580, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2dee6844ad70616115affdcf9859a365ce8cac8534802de5f516eeee7ebcd9c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/costs/ui/CostIntelligence.tsx", "duplicate_line": 101, "correlation_key": "fp|f2dee6844ad70616115affdcf9859a365ce8cac8534802de5f516eeee7ebcd9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/dashboard/ui/DashboardView.tsx"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12579, "scanner": "repobility-ai-code-hygiene", "fingerprint": "492e2cb63f6fedf007358ead75f94c96e8f7b3c249bb3d0ca91c8c5c5c3edb28", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/views/agents/ui/AgentDetail.tsx", "duplicate_line": 42, "correlation_key": "fp|492e2cb63f6fedf007358ead75f94c96e8f7b3c249bb3d0ca91c8c5c5c3edb28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/agents/ui/AgentsView.tsx"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12578, "scanner": "repobility-ai-code-hygiene", "fingerprint": "42f9e0535b335c9835cf4c99bf8e13f25c157634fa9e11c893a7572a80aff4ab", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/genie-app/src-backend/pg-bridge.ts", "duplicate_line": 79, "correlation_key": "fp|42f9e0535b335c9835cf4c99bf8e13f25c157634fa9e11c893a7572a80aff4ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/genie-app/views/activity/ui/ActivityView.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 12576, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa274efd04d4ed6bdf12cd13dfc01f638101df5f5818dccbb39a0844fc3ee6bc", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "backup", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "src/lib/db.ts", "correlation_key": "fp|aa274efd04d4ed6bdf12cd13dfc01f638101df5f5818dccbb39a0844fc3ee6bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/db-backup.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 12614, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 12613, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 12612, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 12611, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12577, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2089cb95b28620eebf93813bd64aa894b37f34d653a9358051a471414a9adf9", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v1", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d2089cb95b28620eebf93813bd64aa894b37f34d653a9358051a471414a9adf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/db-migrate-v1.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 12609, "scanner": "repobility-threat-engine", "fingerprint": "7b9ccdd419b3878e3d2ec8efb74d8ee23f94729fa3ed8ff97305e33614909ea3", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7b9ccdd419b3878e3d2ec8efb74d8ee23f94729fa3ed8ff97305e33614909ea3"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12608, "scanner": "repobility-threat-engine", "fingerprint": "75867d367bfd4954e39b8cf51cbabcadc0c6e9dbd29e7f63fd28ac3dadb3860e", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|. token|38|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".genie/wishes/hookify-perf-foundation/loadgen-baseline-pss.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12607, "scanner": "repobility-threat-engine", "fingerprint": "9bcda91ab558bf682ab4967957ecfd2e16dd68b5dff7f352a5a872e4c6783bd7", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|. token|165|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".genie/agents/metrics-updater/tools/generate-charts.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12606, "scanner": "repobility-threat-engine", "fingerprint": "7590cef562de3cd9e3b9106851cfd21a4acbdc614ad575e952bfe6110bdce8a1", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|78|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/dispatch.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 12602, "scanner": "repobility-threat-engine", "fingerprint": "3c1512ec1e531167a3aa928d567398e9cb8cbf7ff40fccf993810ebf40229e88", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3c1512ec1e531167a3aa928d567398e9cb8cbf7ff40fccf993810ebf40229e88"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 12598, "scanner": "repobility-threat-engine", "fingerprint": "42b331c1e4b17f85d81db72d75262314338abed6e5bfedff208d2157846ef882", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|42b331c1e4b17f85d81db72d75262314338abed6e5bfedff208d2157846ef882"}}}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 12610, "scanner": "repobility-journey-contract", "fingerprint": "a96d6cea15502476ea45462c9085a01c110bc51fec1542a8f73e13ad7b13f47b", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|token|321|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 1}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/executor-registry.ts"}, "region": {"startLine": 321}}}]}, {"ruleId": "SEC018", "level": "error", "message": {"text": "[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but they can leak live secrets through logs, shell history, CI output, or documentation."}, "properties": {"repobilityId": 12603, "scanner": "repobility-threat-engine", "fingerprint": "427acb6872b165bd246cf78156562f2fee46b43629a13238da8e0bd4c2e5b172", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "gh auth token", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC018", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|src/term-commands/brain.ts|38|gh auth token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/brain.ts"}, "region": {"startLine": 382}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12601, "scanner": "repobility-threat-engine", "fingerprint": "75a6f070b0eff3a8fcc2f7136c3c0d154ead1247ee042054f893ef1340ed2af2", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.error(color('red', '--token-id is required')", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|5|console.error color red --token-id is required"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/events-admin.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12600, "scanner": "repobility-threat-engine", "fingerprint": "53c25cab6db31f66ef72424c2f32c7ab6414115b4e8daf244bf057a84d0e84ad", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.log(JSON.stringify({ token, payload }, null, 2)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|8|console.log json.stringify token payload null 2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/events-subscribe.ts"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12599, "scanner": "repobility-threat-engine", "fingerprint": "f6ff314540e2525e417ef5c263df19c5692a83cce1536912fba13e24c4dced04", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.error(color('red', `token rejected: ${err.code} \u2014 ${err.message}`)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|5|console.error color red token rejected: err.code err.message"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/events-stream.ts"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 12605, "scanner": "repobility-threat-engine", "fingerprint": "736a8b630500236924e5eb2eb61bb35302f18e3a05763a236f7e2050489319e3", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: setup/install wizard (placeholder values)]", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|26|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/genie-commands/install.ts"}, "region": {"startLine": 265}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 12604, "scanner": "repobility-threat-engine", "fingerprint": "21b436c3b84d7d7f5a9da62d18aa3a99ed29e77b9bd2ff0eb0f24db364445db2", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgres://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|src/term-commands/db.ts|39|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/term-commands/db.ts"}, "region": {"startLine": 400}}}]}]}]}