{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /GE"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /GEMINI_API_KEY."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /DISCORD_TOKEN."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /DISCORD_TOKEN."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 41.0% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 41.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 41.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_iter_source_files` has cognitive complexity 16 (SonarSource scale). Cogn", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_iter_source_files` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recu"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 20 more): Same pattern found in 20 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic.", "shortDescription": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.assertTrue` used but never assigned in __init__", "shortDescription": {"text": "`self.assertTrue` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_skips_symlink_to_external_file` of class `TestPackageSkillSecurity` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/247"}, "properties": {"repository": "pardnchiu/Agenvoy", "repoUrl": "https://github.com/pardnchiu/Agenvoy", "branch": "master"}, "results": [{"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /GEMINI_API_KEY."}, "properties": {"repobilityId": 46031, "scanner": "repobility-access-control", "fingerprint": "6df5876837de7f82862419fffb8495c4ac059865727d38c0833346fbbcbdd403", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/GEMINI_API_KEY", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|58|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/gemini/stt/handler.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /GEMINI_API_KEY."}, "properties": {"repobilityId": 46030, "scanner": "repobility-access-control", "fingerprint": "837e99a2568f7dfc06d8ea3ae09c0bd95e162516a744c41e056e230b4e06149f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/GEMINI_API_KEY", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|40|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/gemini/youtube/fetch.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /agenvoy.codex.token."}, "properties": {"repobilityId": 46029, "scanner": "repobility-access-control", "fingerprint": "78030bb1e129b5d7ed5ba6131e1de3899ecd8bc741e36baf22929fb7a13f7a5d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/agenvoy.codex.token", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|223|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/exec/execute.go"}, "region": {"startLine": 223}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /DISCORD_TOKEN."}, "properties": {"repobilityId": 46028, "scanner": "repobility-access-control", "fingerprint": "3c41b29f20f8cd2162854269c535d83970cd2c40ae891155a8521abef1de470f", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/DISCORD_TOKEN", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|235|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/exec/execute.go"}, "region": {"startLine": 235}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /TELEGRAM_TOKEN."}, "properties": {"repobilityId": 46027, "scanner": "repobility-access-control", "fingerprint": "de15ef510ddd0cf27b4d496a0f6cd5f32f2c3facc330398e2c758e40e8a341be", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/TELEGRAM_TOKEN", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|231|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/exec/execute.go"}, "region": {"startLine": 231}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /GEMINI_API_KEY."}, "properties": {"repobilityId": 46026, "scanner": "repobility-access-control", "fingerprint": "5d0fc15dbe03c181c1b3566b6180199166cce2d9170b47075b17b138cbf681cf", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/GEMINI_API_KEY", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|226|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/exec/execute.go"}, "region": {"startLine": 226}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 41.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 46025, "scanner": "repobility-access-control", "fingerprint": "5d9c461e808e49280090ad7d2ce08049303cb9cf605ea2b79307286aa7a90c52", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 39, "correlation_key": "fp|5d9c461e808e49280090ad7d2ce08049303cb9cf605ea2b79307286aa7a90c52", "auth_visible_percent": 41.0}}}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 46023, "scanner": "repobility-threat-engine", "fingerprint": "a1244dbc03fc29a38788d6ad95a9f55180fb729692b29663300631624f3d0e94", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|24|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tools/calculator/calculate.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_iter_source_files` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, for=2, if=3, nested_bonus=7, ternary=1."}, "properties": {"repobilityId": 45952, "scanner": "repobility-threat-engine", "fingerprint": "929b8e843af6d288f96743b4b05376c70c88c1c0fc817e3202f313cdcf309bdf", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_iter_source_files", "breakdown": {"if": 3, "for": 2, "ternary": 1, "continue": 3, "nested_bonus": 7}, "complexity": 16, "correlation_key": "fp|929b8e843af6d288f96743b4b05376c70c88c1c0fc817e3202f313cdcf309bdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/analyze_js_ts.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_parse_go_mod` has cognitive complexity 24 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=4, except=1, for=1, if=8, nested_bonus=10."}, "properties": {"repobilityId": 45951, "scanner": "repobility-threat-engine", "fingerprint": "6441f465c03528487a73411ea878138ee985722da718de42c17c313a4f67e1b2", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 24 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_parse_go_mod", "breakdown": {"if": 8, "for": 1, "except": 1, "continue": 4, "nested_bonus": 10}, "complexity": 24, "correlation_key": "fp|6441f465c03528487a73411ea878138ee985722da718de42c17c313a4f67e1b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/analyze_go.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 45941, "scanner": "repobility-threat-engine", "fingerprint": "cd2263db7fb1efe7040c8a621e7fcc7852a74a7d55b66dc94601e72bbd568c89", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\tHandler:      mux,\n\t\tReadTimeout:  10 * time.Second,\n\t\tWriteTimeout: 10 * time.Second", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cd2263db7fb1efe7040c8a621e7fcc7852a74a7d55b66dc94601e72bbd568c89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/openaiCodex/login.go"}, "region": {"startLine": 183}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 45940, "scanner": "repobility-threat-engine", "fingerprint": "94e025a813baa9a14a19a5099d1656ee4347602dc056b00896dc3c65f31c77ef", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\tAddr:    \":\" + filesystem.Port,\n\t\tHandler: route,\n\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|94e025a813baa9a14a19a5099d1656ee4347602dc056b00896dc3c65f31c77ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/cmdDeamon.go"}, "region": {"startLine": 258}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 45938, "scanner": "repobility-agent-runtime", "fingerprint": "9d7c2f3ed3f91a4b48dab70421434b38f42842972b522e7004c8cef0ad4c4f22", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9d7c2f3ed3f91a4b48dab70421434b38f42842972b522e7004c8cef0ad4c4f22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wiki/KuraDB-RAG.zh.md"}, "region": {"startLine": 76}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 45937, "scanner": "repobility-agent-runtime", "fingerprint": "0656a4f163707ae2c1db8bdafbf7287dffa969370e661508742c8364a078e372", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|0656a4f163707ae2c1db8bdafbf7287dffa969370e661508742c8364a078e372"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wiki/KuraDB-RAG.md"}, "region": {"startLine": 76}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 45936, "scanner": "repobility-agent-runtime", "fingerprint": "c1bd53632ae316ef7fb6e9177e3a48a1d9e0d6c8da732bd536eb3f0502599e55", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c1bd53632ae316ef7fb6e9177e3a48a1d9e0d6c8da732bd536eb3f0502599e55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wiki/CLI-Reference.zh.md"}, "region": {"startLine": 96}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 45934, "scanner": "repobility-agent-runtime", "fingerprint": "4ee9f5bc993fe3fbedd7731ffc887e381b9cdf9992605c2692d9588e6afdb887", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|4ee9f5bc993fe3fbedd7731ffc887e381b9cdf9992605c2692d9588e6afdb887"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wiki/CLI-Reference.md"}, "region": {"startLine": 96}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 45933, "scanner": "repobility-agent-runtime", "fingerprint": "0c62d0f211e296440d2b22a2b8e678c8927a93695746d847c25fd3bb6655abc8", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|0c62d0f211e296440d2b22a2b8e678c8927a93695746d847c25fd3bb6655abc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 223}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 45930, "scanner": "repobility-agent-runtime", "fingerprint": "45bf094c6f63cf7ba6daa6e36bb054baa3caddc318a7c5f79be2dec325f79815", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|45bf094c6f63cf7ba6daa6e36bb054baa3caddc318a7c5f79be2dec325f79815"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/README.zh.md"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 45918, "scanner": "repobility-ast-engine", "fingerprint": "1ffb71bfd25e2d7c6760b2f84a6849d683c9a588302d7da380a780c3fde28215", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ffb71bfd25e2d7c6760b2f84a6849d683c9a588302d7da380a780c3fde28215"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/tool-reviewer/scripts/scan_tools.py"}, "region": {"startLine": 517}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 45912, "scanner": "repobility-ast-engine", "fingerprint": "ff37b2b537426cb604ece4b38c4c9552efe8b00cc10757b8d14ae2aee81d132a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff37b2b537426cb604ece4b38c4c9552efe8b00cc10757b8d14ae2aee81d132a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/tool-reviewer/scripts/scan_tools.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 45910, "scanner": "repobility-ast-engine", "fingerprint": "1d6650c299ba4c1387f8eae938175005b1d9c50aef2670b480bd33eded2b5a27", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d6650c299ba4c1387f8eae938175005b1d9c50aef2670b480bd33eded2b5a27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/tool-reviewer/scripts/scan_tools.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 45872, "scanner": "repobility-ast-engine", "fingerprint": "22810fd0b5082e1726525f893c5e46e26347d078814a438fd5934902b54f912b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22810fd0b5082e1726525f893c5e46e26347d078814a438fd5934902b54f912b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/package_skill.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 45829, "scanner": "repobility-ast-engine", "fingerprint": "1dd24ee43effc92b497c248b59fb87977c692ee6373e612312ebb4eccc123e32", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1dd24ee43effc92b497c248b59fb87977c692ee6373e612312ebb4eccc123e32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/init_skill.py"}, "region": {"startLine": 300}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 45828, "scanner": "repobility-ast-engine", "fingerprint": "8dfda58461193ddb1f27e0168ece590ad0cddc07635a0613839ca96f18d067ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8dfda58461193ddb1f27e0168ece590ad0cddc07635a0613839ca96f18d067ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/init_skill.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 45822, "scanner": "repobility-ast-engine", "fingerprint": "5d7f8f7688d700689029d12223e4c4ea58c3ce74ab4c184dbd8eae6bb58b6128", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d7f8f7688d700689029d12223e4c4ea58c3ce74ab4c184dbd8eae6bb58b6128"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/init_skill.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 7778, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 7777, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /GEMINI_API_KEY."}, "properties": {"repobilityId": 7772, "scanner": "repobility-access-control", "fingerprint": "af6ae1893823d7bf11bb429a09a598b0f89bd5d483765ed9ff0635887e922441", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/GEMINI_API_KEY", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|40|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tools/external/youtube/fetch.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 45.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 7771, "scanner": "repobility-access-control", "fingerprint": "db4ec819f2fbfc5b287c8c54a25f6632ec758d81f8b12f27d3888c41e0648d4f", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 22, "correlation_key": "fp|db4ec819f2fbfc5b287c8c54a25f6632ec758d81f8b12f27d3888c41e0648d4f", "auth_visible_percent": 45.5}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 7770, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Gin"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 7764, "scanner": "repobility-agent-runtime", "fingerprint": "39212bd1117affb35a0dfa26e6d46c11b295d368f74e33a818aff8e3d0d2ab8b", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|39212bd1117affb35a0dfa26e6d46c11b295d368f74e33a818aff8e3d0d2ab8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wiki/Security-and-Sandbox.zh.md"}, "region": {"startLine": 62}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 7763, "scanner": "repobility-agent-runtime", "fingerprint": "10791b99210c9e2649a3d43481cabae1c9aa90a2106dfa24f2b259c26dac7438", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|10791b99210c9e2649a3d43481cabae1c9aa90a2106dfa24f2b259c26dac7438"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wiki/Security-and-Sandbox.md"}, "region": {"startLine": 62}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 7762, "scanner": "repobility-agent-runtime", "fingerprint": "6b702836ad1f83c051cd90fcf132a6464f38385e5ceae3bddf357c8f8f4a0856", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|6b702836ad1f83c051cd90fcf132a6464f38385e5ceae3bddf357c8f8f4a0856"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "static/scripts/install.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 7761, "scanner": "repobility-agent-runtime", "fingerprint": "bb11718a0d00f77760283d68aceacf389a3d58b6b98d8a599e05986e47e5b61a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|bb11718a0d00f77760283d68aceacf389a3d58b6b98d8a599e05986e47e5b61a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/README.zh.md"}, "region": {"startLine": 33}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 7760, "scanner": "repobility-agent-runtime", "fingerprint": "bb7065aa78ecc529b5f9d95ddc3e960616a762f1de04d50e8f86db558113fa7e", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|bb7065aa78ecc529b5f9d95ddc3e960616a762f1de04d50e8f86db558113fa7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7748, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d65d5ffdeabdd1252d1fa066ebec659cf825dd1bf4e8772d3bec06837a9c5ebe", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/app/cmdDeamon.go", "duplicate_line": 77, "correlation_key": "fp|d65d5ffdeabdd1252d1fa066ebec659cf825dd1bf4e8772d3bec06837a9c5ebe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/newTUI.go"}, "region": {"startLine": 21}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 7747, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 45977, "scanner": "repobility-threat-engine", "fingerprint": "07290d20add810b7f09615595b9d2a51c76423c4c538caffab3a1a59a5fa0129", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"\\n\\n<blockquote expandable>\" + footer + \"</blockquote>\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|07290d20add810b7f09615595b9d2a51c76423c4c538caffab3a1a59a5fa0129"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/telegram/push.go"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 45976, "scanner": "repobility-threat-engine", "fingerprint": "ac4e34768aac61fde1f97c3ac226fb7b17379228897c87d969ed5916576a1c80", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"(revised: \" + revised + \")\\n\\n\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac4e34768aac61fde1f97c3ac226fb7b17379228897c87d969ed5916576a1c80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/openaiCodex/image2/handler.go"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 45975, "scanner": "repobility-threat-engine", "fingerprint": "8bdd5b3039a451e5c199ab8f0e3d48197b7e51bb4e0fcce6d437a6d64a2e6c52", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"---\\n\\n## Additional Instructions\\n\\n\" + extra + \"\\n\\n---\\n\\n\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8bdd5b3039a451e5c199ab8f0e3d48197b7e51bb4e0fcce6d437a6d64a2e6c52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/exec/systemPrompt.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `detect_language` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=2, if=3, nested_bonus=3, ternary=1."}, "properties": {"repobilityId": 45950, "scanner": "repobility-threat-engine", "fingerprint": "5c10edc8fba995d00084a3f96b68806cdebf17864fb96abeaf7130ae4cb7aaff", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "detect_language", "breakdown": {"if": 3, "for": 2, "ternary": 1, "continue": 1, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|5c10edc8fba995d00084a3f96b68806cdebf17864fb96abeaf7130ae4cb7aaff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/analyze_code.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 45948, "scanner": "repobility-threat-engine", "fingerprint": "8370ca1f92a11ff627c88f0f938bfe1aa87bbf5752a6ec47d092bfb2cffc4e37", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = filepath.Walk(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8370ca1f92a11ff627c88f0f938bfe1aa87bbf5752a6ec47d092bfb2cffc4e37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/go_ast.go"}, "region": {"startLine": 66}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 45947, "scanner": "repobility-threat-engine", "fingerprint": "7c1c1d38cfab4da08b57ce4ce33105682c3505fc84b05745e3e3b1ed137305b1", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = runtime.Clear(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7c1c1d38cfab4da08b57ce4ce33105682c3505fc84b05745e3e3b1ed137305b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/main.go"}, "region": {"startLine": 78}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 45946, "scanner": "repobility-threat-engine", "fingerprint": "88bdd541aea0696ef12ed9c49269a35269b8d2c92bde131de9aa835dfa406c87", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = discord.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|88bdd541aea0696ef12ed9c49269a35269b8d2c92bde131de9aa835dfa406c87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/cmdDeamon.go"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a91bacdb67eb1b98bba06c963ed90f7fba990a6fa5d2bbd284203feda0769ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/toolAdapter/api/translator.go", "duplicate_line": 55, "correlation_key": "fp|4a91bacdb67eb1b98bba06c963ed90f7fba990a6fa5d2bbd284203feda0769ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/toolAdapter/script/translator.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32f1e69a04eda15d9f522a4397abb99df6ac4292d9ba0e4b0b60f38bc18f574d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/toolAdapter/mcp/http.go", "duplicate_line": 192, "correlation_key": "fp|32f1e69a04eda15d9f522a4397abb99df6ac4292d9ba0e4b0b60f38bc18f574d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/toolAdapter/mcp/stdio.go"}, "region": {"startLine": 190}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45816, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f959e70af54e3e5b1cafb4531a620365c52a1f92319dc5ae26a4b4e42cc75041", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/runtime/tui/commandTaskEdit.go", "duplicate_line": 19, "correlation_key": "fp|f959e70af54e3e5b1cafb4531a620365c52a1f92319dc5ae26a4b4e42cc75041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/tui/commandTaskRemove.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45814, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1596fb9ba7305c65f7b9fde99631dc6c95a0b6f1624a988b677aa72cebc331ca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/runtime/discord/run.go", "duplicate_line": 141, "correlation_key": "fp|1596fb9ba7305c65f7b9fde99631dc6c95a0b6f1624a988b677aa72cebc331ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/telegram/run.go"}, "region": {"startLine": 179}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45811, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4ad2075edf5124571ae44a55ca4eb36afc8f6044ff74e93c03f4010c936cd988", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/runtime/discord/new.go", "duplicate_line": 63, "correlation_key": "fp|4ad2075edf5124571ae44a55ca4eb36afc8f6044ff74e93c03f4010c936cd988"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/telegram/new.go"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45805, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb022ff287ead41bfc7571066b99d5f9ee7b2097fb1edf8b496e27192d90cff0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/runtime/discord/chunk.go", "duplicate_line": 26, "correlation_key": "fp|fb022ff287ead41bfc7571066b99d5f9ee7b2097fb1edf8b496e27192d90cff0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/telegram/chunk.go"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45804, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b32e24bb7bcdf9cccd8d5b5892fddb82ffc921e774ab67146fefdec01408567", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/app/cmdDeamon.go", "duplicate_line": 273, "correlation_key": "fp|6b32e24bb7bcdf9cccd8d5b5892fddb82ffc921e774ab67146fefdec01408567"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/scheduler.go"}, "region": {"startLine": 209}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45790, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ac1197f232c8e4329715ffa87ddd280e9d820f8f3b6dd90ed50dda17774e80e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/runtime/kuradb/tool/keyword.go", "duplicate_line": 1, "correlation_key": "fp|1ac1197f232c8e4329715ffa87ddd280e9d820f8f3b6dd90ed50dda17774e80e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/kuradb/tool/semantic.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45784, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fbcddab092f7c0b3f257939a8ae966b087d669e1fe3e139c7d6aea035c7b267d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 16, "correlation_key": "fp|fbcddab092f7c0b3f257939a8ae966b087d669e1fe3e139c7d6aea035c7b267d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/openaiCodex/send.go"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45782, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2fba031302f3d81951fb92579349895eafd57d6c771f6c8575caeebb2daca9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/deepseek/send.go", "duplicate_line": 19, "correlation_key": "fp|a2fba031302f3d81951fb92579349895eafd57d6c771f6c8575caeebb2daca9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/nvidia/send.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45778, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bad5820a29a92905a022d0f12fd8f78a7e8f1d8348d73adabf818829042bdf9d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 16, "correlation_key": "fp|bad5820a29a92905a022d0f12fd8f78a7e8f1d8348d73adabf818829042bdf9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/grok/send.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45776, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a120e96758480402331892ac22796b9aeabad176ed58090e757a9d44cb1d1e90", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/deepseek/send.go", "duplicate_line": 2, "correlation_key": "fp|a120e96758480402331892ac22796b9aeabad176ed58090e757a9d44cb1d1e90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/grok/send.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45773, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b3ae2a6ec38f67fd5b2f423d06b7157509b7dbaa8e9c635b78426aa4066059eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/deepseek/new.go", "duplicate_line": 27, "correlation_key": "fp|b3ae2a6ec38f67fd5b2f423d06b7157509b7dbaa8e9c635b78426aa4066059eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/grok/new.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45768, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c9385e6952a38793ee87870d30d8ab5c5ce9f68651cd3659d087b0fc251b8d4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/new.go", "duplicate_line": 2, "correlation_key": "fp|1c9385e6952a38793ee87870d30d8ab5c5ce9f68651cd3659d087b0fc251b8d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/grok/new.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45761, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23fd7c62ebc3b19087048e2f3e937d65ad26db1c82dd9d72eb39692b603f4b1a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/gemini/stt/handler.go", "duplicate_line": 37, "correlation_key": "fp|23fd7c62ebc3b19087048e2f3e937d65ad26db1c82dd9d72eb39692b603f4b1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/gemini/youtube/fetch.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45759, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0f6544724e86addc2b783508e1db945379d62dc9be42c35ee7ba4c8eccd92ce3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/deepseek/new.go", "duplicate_line": 27, "correlation_key": "fp|0f6544724e86addc2b783508e1db945379d62dc9be42c35ee7ba4c8eccd92ce3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/gemini/new.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45749, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f82228aaaa9127d9b2e8e6146d61077d8cfd60a9fd387b2fb3094b4b945d6708", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 16, "correlation_key": "fp|f82228aaaa9127d9b2e8e6146d61077d8cfd60a9fd387b2fb3094b4b945d6708"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/deepseek/send.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45748, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4eff11f5f39e6ba6e8b94dad8dcaeb2e4194a8fec07dcb20eccea332996d93a1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/new.go", "duplicate_line": 2, "correlation_key": "fp|4eff11f5f39e6ba6e8b94dad8dcaeb2e4194a8fec07dcb20eccea332996d93a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/deepseek/new.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45743, "scanner": "repobility-ai-code-hygiene", "fingerprint": "189444312e3924925cd287fd3bcbebd5298f311b2913aca1cc5169d7a7fee680", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/app/cmdDeamon.go", "duplicate_line": 150, "correlation_key": "fp|189444312e3924925cd287fd3bcbebd5298f311b2913aca1cc5169d7a7fee680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/newTUI.go"}, "region": {"startLine": 29}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 7776, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 7775, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 7774, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 7773, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 7767, "scanner": "repobility-threat-engine", "fingerprint": "b05586a738a23a44a697f3a8907db2d103849d7041a74728c8883f8f6d6b1ff4", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = w.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b05586a738a23a44a697f3a8907db2d103849d7041a74728c8883f8f6d6b1ff4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/scheduler.go"}, "region": {"startLine": 217}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 7766, "scanner": "repobility-threat-engine", "fingerprint": "42f1a61c51b0fbfed7e9d12e49eafac4d37a07d799073fbf7c8a7734b2581ffe", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = toolRegister.Dispatch(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|42f1a61c51b0fbfed7e9d12e49eafac4d37a07d799073fbf7c8a7734b2581ffe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tools/executor.go"}, "region": {"startLine": 152}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 7765, "scanner": "repobility-threat-engine", "fingerprint": "30944b6074fa3b84072f6015d3055b64122595bfa2f628dccdd1ac14888bab7a", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = syscall.Flock(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|30944b6074fa3b84072f6015d3055b64122595bfa2f628dccdd1ac14888bab7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/session/session.go"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7759, "scanner": "repobility-ai-code-hygiene", "fingerprint": "abdb5363aba97497e5b86504e061850d86ffe916d969d6d219edce2fb11f4fbe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 16, "correlation_key": "fp|abdb5363aba97497e5b86504e061850d86ffe916d969d6d219edce2fb11f4fbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/openai/send.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7758, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94ecc4b1e173f062269a247899290307fd7e0f5d57c02c66ac34309ad0f40647", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/copilot/send.go", "duplicate_line": 2, "correlation_key": "fp|94ecc4b1e173f062269a247899290307fd7e0f5d57c02c66ac34309ad0f40647"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/openai/send.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7757, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bf67e5b2bea40fdb9fcd13dae64fd95c7e356a77032f4820bdcb0d6dda5316d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/deepseek/new.go", "duplicate_line": 27, "correlation_key": "fp|0bf67e5b2bea40fdb9fcd13dae64fd95c7e356a77032f4820bdcb0d6dda5316d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/openai/new.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7756, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2415beed3a898ba4cd971cc9173167e4b181e79706b5e833b39a2abe2900d6ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/new.go", "duplicate_line": 2, "correlation_key": "fp|2415beed3a898ba4cd971cc9173167e4b181e79706b5e833b39a2abe2900d6ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/openai/new.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7755, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0161e2114b1953993da158ce22dafe929ce506d2638ce09f01543d94f5d5714d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 16, "correlation_key": "fp|0161e2114b1953993da158ce22dafe929ce506d2638ce09f01543d94f5d5714d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/nvidia/send.go"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7754, "scanner": "repobility-ai-code-hygiene", "fingerprint": "949e0d6f54c0359197ae845e2ac07c430d8f3d616bcdbb8a245f1f10b6218597", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/deepseek/new.go", "duplicate_line": 27, "correlation_key": "fp|949e0d6f54c0359197ae845e2ac07c430d8f3d616bcdbb8a245f1f10b6218597"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/nvidia/new.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7753, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bfad95e0a288d7a171f1c778f5972ae7ab024802562a2d7ce49eed58fa321a61", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/new.go", "duplicate_line": 2, "correlation_key": "fp|bfad95e0a288d7a171f1c778f5972ae7ab024802562a2d7ce49eed58fa321a61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/nvidia/new.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7752, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c92a218126607555a690198f9dd5974cbbc2b2401427fc1b81e06a4aa2da245", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 2, "correlation_key": "fp|4c92a218126607555a690198f9dd5974cbbc2b2401427fc1b81e06a4aa2da245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/gemini/send.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7751, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad9abc8470ddb2281aaf0682358d0b7f58b68454bd905da205473aa94a273e00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/new.go", "duplicate_line": 2, "correlation_key": "fp|ad9abc8470ddb2281aaf0682358d0b7f58b68454bd905da205473aa94a273e00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/gemini/new.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7750, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a970d3d330bda27b96447451145d230e7444958065adec23290a950a47c02029", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 16, "correlation_key": "fp|a970d3d330bda27b96447451145d230e7444958065adec23290a950a47c02029"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/copilot/send.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7749, "scanner": "repobility-ai-code-hygiene", "fingerprint": "812e81c1ba3d436f6d6e6ca57a0dfe23f3d35d0a8744c074ec73dc581a0206a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/agents/provider/claude/send.go", "duplicate_line": 16, "correlation_key": "fp|812e81c1ba3d436f6d6e6ca57a0dfe23f3d35d0a8744c074ec73dc581a0206a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/compat/send.go"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 46024, "scanner": "repobility-threat-engine", "fingerprint": "49c3b36cf135472ea1529e481690e3ccbca282e8ae1386bfe97930b9cb3b9339", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|49c3b36cf135472ea1529e481690e3ccbca282e8ae1386bfe97930b9cb3b9339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tools/downloadFile.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 45986, "scanner": "repobility-threat-engine", "fingerprint": "4b6d8eee8856ae8cfc81502c27b15ed14dd19ef02fea0b0ed9c59fe7c378cead", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4b6d8eee8856ae8cfc81502c27b15ed14dd19ef02fea0b0ed9c59fe7c378cead", "aggregated_count": 7}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 45982, "scanner": "repobility-threat-engine", "fingerprint": "4a4f0807e4b2a602904c2c23d95abb6f9e09448ebf29c9e0a18b9da6a89476f2", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4a4f0807e4b2a602904c2c23d95abb6f9e09448ebf29c9e0a18b9da6a89476f2"}}}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 45978, "scanner": "repobility-threat-engine", "fingerprint": "802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c"}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 45974, "scanner": "repobility-threat-engine", "fingerprint": "00948ef39c749d1afe626fb33ebc1804bfc19d3c1fae3cd48beb7b1d30e69c93", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|00948ef39c749d1afe626fb33ebc1804bfc19d3c1fae3cd48beb7b1d30e69c93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/readme-generate/scripts/setup_config.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 45960, "scanner": "repobility-threat-engine", "fingerprint": "9831c7925ac1162dba28a3da379598fdbc3b313adc6ab2e1b33b72f3248a7130", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9831c7925ac1162dba28a3da379598fdbc3b313adc6ab2e1b33b72f3248a7130"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/analyze_js_ts.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 45959, "scanner": "repobility-threat-engine", "fingerprint": "23dc682d9244fcd2dc29e907258376de15f9064688f6d7a8583c7aea6c18ef65", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23dc682d9244fcd2dc29e907258376de15f9064688f6d7a8583c7aea6c18ef65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/analyze_go.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 45955, "scanner": "repobility-threat-engine", "fingerprint": "ae057f38a82b4ab40df0f4aaddc1a0bad56cc3e35c9a31fbdc7db8da14fe6f6c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "detect_language", "breakdown": {"if": 3, "for": 2, "ternary": 1, "continue": 1, "nested_bonus": 3}, "aggregated": true, "complexity": 10, "correlation_key": "fp|ae057f38a82b4ab40df0f4aaddc1a0bad56cc3e35c9a31fbdc7db8da14fe6f6c", "aggregated_count": 7}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 45949, "scanner": "repobility-threat-engine", "fingerprint": "1f27b66652726bd60b9a56c74cbd3177b219964a4804f067bd8675ad96ef814f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1f27b66652726bd60b9a56c74cbd3177b219964a4804f067bd8675ad96ef814f"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "properties": {"repobilityId": 45945, "scanner": "repobility-threat-engine", "fingerprint": "b240b27a045afcf4e5a7d7413595a149197281d3d8e26436b682925310a88fb0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b240b27a045afcf4e5a7d7413595a149197281d3d8e26436b682925310a88fb0", "aggregated_count": 20}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 45944, "scanner": "repobility-threat-engine", "fingerprint": "884887ecd86238971435f92ee043e4d41546de252193b83931a1b9408c7f732b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|884887ecd86238971435f92ee043e4d41546de252193b83931a1b9408c7f732b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/newTUI.go"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 45943, "scanner": "repobility-threat-engine", "fingerprint": "4b7c7e5700fe8ccbd943a58b025eb3394a36b772585e4938dc5659b75d025167", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4b7c7e5700fe8ccbd943a58b025eb3394a36b772585e4938dc5659b75d025167"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/main.go"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 45942, "scanner": "repobility-threat-engine", "fingerprint": "3cd6d18b5d37f54e2f4a5ff214dcae45cffe4f3b0c7971c094eef766858ffa6b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3cd6d18b5d37f54e2f4a5ff214dcae45cffe4f3b0c7971c094eef766858ffa6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/cmdDeamon.go"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 7769, "scanner": "repobility-threat-engine", "fingerprint": "20f298730ed20965386915c3b1fa60d04c255dcf9417ae5b43adca9cd8e67dcf", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "Print(\"Discord Bot Token: \"<redacted>", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|cmd/app/adddiscord.go|5|print discord bot token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/app/addDiscord.go"}, "region": {"startLine": 57}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 7768, "scanner": "repobility-threat-engine", "fingerprint": "296bdc85bc97d457035986a9b3b7d2be5d919b23084449cf69240410280ba8ef", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|296bdc85bc97d457035986a9b3b7d2be5d919b23084449cf69240410280ba8ef"}}}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 45991, "scanner": "repobility-threat-engine", "fingerprint": "3531a35e5b961b5c9c6f45c423c60e363ebe6193bc37fda8e2f633873dfc1410", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3531a35e5b961b5c9c6f45c423c60e363ebe6193bc37fda8e2f633873dfc1410"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/tui/handlerExec.go"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 45990, "scanner": "repobility-threat-engine", "fingerprint": "df3f044b708a040f78c7666e02229cba90ebb5aef4cb8ef33e076b920451e718", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|df3f044b708a040f78c7666e02229cba90ebb5aef4cb8ef33e076b920451e718"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/tui/commandKuradb.go"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 45989, "scanner": "repobility-threat-engine", "fingerprint": "617dd5d3161fe2130a1be3070512776afe0500b2f9b9ec35056c3b59ff315770", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(cmdCtx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|617dd5d3161fe2130a1be3070512776afe0500b2f9b9ec35056c3b59ff315770"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/monitor/monitor.go"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 45988, "scanner": "repobility-threat-engine", "fingerprint": "90832b302caf73ecdac0a96b8cabea3b605ca2b4f0538a6175155fd216f0a4b3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|90832b302caf73ecdac0a96b8cabea3b605ca2b4f0538a6175155fd216f0a4b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/runtime/kuradb/run.go"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 45987, "scanner": "repobility-threat-engine", "fingerprint": "b1c6ed7952c4d90d9e70ee6654616eeb21c45a33832610c00911b4bb9815f307", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b1c6ed7952c4d90d9e70ee6654616eeb21c45a33832610c00911b4bb9815f307"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/filesystem/git.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 45985, "scanner": "repobility-threat-engine", "fingerprint": "2b342b0566f7d591a0efa0765298e951733fe0d27a2a80eefeee0fc9f3a2629b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b342b0566f7d591a0efa0765298e951733fe0d27a2a80eefeee0fc9f3a2629b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/copilot/login.go"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 45984, "scanner": "repobility-threat-engine", "fingerprint": "0b8242c08e1f7fe547269968e1107eb1089e3b2e46759cc9bd4303650f38c5e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b8242c08e1f7fe547269968e1107eb1089e3b2e46759cc9bd4303650f38c5e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/compat/send.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 45983, "scanner": "repobility-threat-engine", "fingerprint": "ec28b037cca1ff787c03fc15a97cc07da18f10583637d64e461da5b1c185efe6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec28b037cca1ff787c03fc15a97cc07da18f10583637d64e461da5b1c185efe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/claude/send.go"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 45981, "scanner": "repobility-threat-engine", "fingerprint": "7750600cd70b08f3a7638eee9d868ad14a76c7eb00f923cfc2500dbef2d029a7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (w", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7750600cd70b08f3a7638eee9d868ad14a76c7eb00f923cfc2500dbef2d029a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/gemini/youtube/register.go"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 45980, "scanner": "repobility-threat-engine", "fingerprint": "6c89056dba45e7d98ac0e749b652a13e75eed1b60fe74d3223ac66bf445c5829", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6c89056dba45e7d98ac0e749b652a13e75eed1b60fe74d3223ac66bf445c5829"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/compat/new.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 45979, "scanner": "repobility-threat-engine", "fingerprint": "3d44fe153b3a1c9cfead9f86431cd3e7ad6f58d56d13a36960e80a7fe96fcf06", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3d44fe153b3a1c9cfead9f86431cd3e7ad6f58d56d13a36960e80a7fe96fcf06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agents/provider/claude/send.go"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 45964, "scanner": "repobility-threat-engine", "fingerprint": "6ee8886de8515824c071a0486c925bf661ea078935d1c6a6743baf39fe666863", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ee8886de8515824c071a0486c925bf661ea078935d1c6a6743baf39fe666863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/common.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 45958, "scanner": "repobility-threat-engine", "fingerprint": "2a003673585dcef6394d95abd88e8f236bdfc40f682550089490f57437139122", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a003673585dcef6394d95abd88e8f236bdfc40f682550089490f57437139122"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/analyze_js_ts.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 45956, "scanner": "repobility-threat-engine", "fingerprint": "2abe9f5288fdba03c7ee0ea4895d64766fa6f2c0121b9dd4ded65cd1e15e4f11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2abe9f5288fdba03c7ee0ea4895d64766fa6f2c0121b9dd4ded65cd1e15e4f11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/code-reviewer/scripts/analyze_go.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 45908, "scanner": "repobility-ast-engine", "fingerprint": "7cb5aed0444f72d9cfc0ffda468f0a2265f9d7469921d4bb6cb7254923e351ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7cb5aed0444f72d9cfc0ffda468f0a2265f9d7469921d4bb6cb7254923e351ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsNotNone` used but never assigned in __init__"}, "properties": {"repobilityId": 45886, "scanner": "repobility-ast-engine", "fingerprint": "85479875a2949bce22338aed2f814110dceaa25b6628fc3934048a7e504edecf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85479875a2949bce22338aed2f814110dceaa25b6628fc3934048a7e504edecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45885, "scanner": "repobility-ast-engine", "fingerprint": "4daa696d1fa819218504bd5fb4a4c69f6e499a7a91f9c31131261f963b433f15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4daa696d1fa819218504bd5fb4a4c69f6e499a7a91f9c31131261f963b433f15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45884, "scanner": "repobility-ast-engine", "fingerprint": "f897de1db66822eeee4fdf94b55172357698489e11c6e0cc2b5fbdcf6b76a2a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f897de1db66822eeee4fdf94b55172357698489e11c6e0cc2b5fbdcf6b76a2a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_skill` used but never assigned in __init__"}, "properties": {"repobilityId": 45883, "scanner": "repobility-ast-engine", "fingerprint": "5c90baca836cf0aae498b14add2e0e1ea689f792e871a654a63dbb6e8b040dc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c90baca836cf0aae498b14add2e0e1ea689f792e871a654a63dbb6e8b040dc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 45882, "scanner": "repobility-ast-engine", "fingerprint": "e5f504459fb42647878f8290aacb47ab45fb5134ca5013c65cb47b96642a7a0e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5f504459fb42647878f8290aacb47ab45fb5134ca5013c65cb47b96642a7a0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 45881, "scanner": "repobility-ast-engine", "fingerprint": "1bc814b022f1b8f581573a653d74b2bf4907fff5562b20130235ebd761dc4f1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1bc814b022f1b8f581573a653d74b2bf4907fff5562b20130235ebd761dc4f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 45880, "scanner": "repobility-ast-engine", "fingerprint": "c562b98085e04b38bc236f51ef39b73e15866abc90cb50460963b37298eba86a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c562b98085e04b38bc236f51ef39b73e15866abc90cb50460963b37298eba86a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsNotNone` used but never assigned in __init__"}, "properties": {"repobilityId": 45879, "scanner": "repobility-ast-engine", "fingerprint": "a4579adf557355d02caef6166e7bf2b244b29d960298717886dce772cbfb0aeb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4579adf557355d02caef6166e7bf2b244b29d960298717886dce772cbfb0aeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45878, "scanner": "repobility-ast-engine", "fingerprint": "b9f87f464b1e60fb3b5e55996e31a4baeee8b0bc1e18546cb5c22d1d6e6dd8f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9f87f464b1e60fb3b5e55996e31a4baeee8b0bc1e18546cb5c22d1d6e6dd8f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_skill` used but never assigned in __init__"}, "properties": {"repobilityId": 45877, "scanner": "repobility-ast-engine", "fingerprint": "a203b64bad5d09d48a43fd085c89575953dec599e37bd4824f0e3844f2519f6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a203b64bad5d09d48a43fd085c89575953dec599e37bd4824f0e3844f2519f6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45876, "scanner": "repobility-ast-engine", "fingerprint": "f53bad8b7667a4ef507465073949df3555140554ce3b3880b82cb8ba58fdbad8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f53bad8b7667a4ef507465073949df3555140554ce3b3880b82cb8ba58fdbad8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45875, "scanner": "repobility-ast-engine", "fingerprint": "fd0659b3b93c6111f0522e0df553de9ccd1ec882c9de577aeba078a9055e9c01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd0659b3b93c6111f0522e0df553de9ccd1ec882c9de577aeba078a9055e9c01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45874, "scanner": "repobility-ast-engine", "fingerprint": "126d20063c1cf2350b6ee6bbb30f975d2aa084f2065fc65c7bf23038f1f2bdbe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|126d20063c1cf2350b6ee6bbb30f975d2aa084f2065fc65c7bf23038f1f2bdbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45873, "scanner": "repobility-ast-engine", "fingerprint": "4cd7a43381551b7299105de786f60e0deef01a117262da3f8d4ca956159049e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4cd7a43381551b7299105de786f60e0deef01a117262da3f8d4ca956159049e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_package_skill.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 45868, "scanner": "repobility-ast-engine", "fingerprint": "3e0bfe49567b974eee8e878c20fc69e32024cc388698b3f6230d8754842ca539", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e0bfe49567b974eee8e878c20fc69e32024cc388698b3f6230d8754842ca539"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45867, "scanner": "repobility-ast-engine", "fingerprint": "7c28e0a11c2a1dbcab917db0952b7aa1d30ce0c107c3e7b54a26b5fbde9932f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c28e0a11c2a1dbcab917db0952b7aa1d30ce0c107c3e7b54a26b5fbde9932f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 45865, "scanner": "repobility-ast-engine", "fingerprint": "20eac80f29eb9dcec362600299174cc85cedfc2ed3d4cedbba5a26e602b07fee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20eac80f29eb9dcec362600299174cc85cedfc2ed3d4cedbba5a26e602b07fee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 45864, "scanner": "repobility-ast-engine", "fingerprint": "17f47e9381d7f79a71393e33f99444fbb3d94ac2a04567e28e45506e4a218245", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|17f47e9381d7f79a71393e33f99444fbb3d94ac2a04567e28e45506e4a218245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45863, "scanner": "repobility-ast-engine", "fingerprint": "2d81dfa872e3a7ff74d614f3c9d849e664324e9a9eaafc2a49c21e21a81e05f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d81dfa872e3a7ff74d614f3c9d849e664324e9a9eaafc2a49c21e21a81e05f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 45862, "scanner": "repobility-ast-engine", "fingerprint": "2663884e78bd8f6e3a26f0454f3b6d09c68f432e4acd6ea0e48e6c6241ecce61", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2663884e78bd8f6e3a26f0454f3b6d09c68f432e4acd6ea0e48e6c6241ecce61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45861, "scanner": "repobility-ast-engine", "fingerprint": "4d72c2350fd517d9f2b19f897b0b40b8dd1c3a14e4f09e00c9a86ce3db5ca27e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d72c2350fd517d9f2b19f897b0b40b8dd1c3a14e4f09e00c9a86ce3db5ca27e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45860, "scanner": "repobility-ast-engine", "fingerprint": "e76570b31980dd813c321fb2edadb330be6db521976c0a48fe12645a263db12d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e76570b31980dd813c321fb2edadb330be6db521976c0a48fe12645a263db12d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45843, "scanner": "repobility-ast-engine", "fingerprint": "e96342bb82cb2d6c81ca210ab8f9771fe737536c23d607a566bd5d6a548b3ba9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e96342bb82cb2d6c81ca210ab8f9771fe737536c23d607a566bd5d6a548b3ba9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.temp_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 45832, "scanner": "repobility-ast-engine", "fingerprint": "58e8c615a4cc88ed5eedf62fc6f850c5cbd125c1559757bd20e62ca067616634", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58e8c615a4cc88ed5eedf62fc6f850c5cbd125c1559757bd20e62ca067616634"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/skills/skill-creator/scripts/test_quick_validate.py"}, "region": {"startLine": 15}}}]}]}]}