holaboss-ai/holaOS

Component	Sub-score	Weight	Contribution
`structure_score`	60.0	0.15	9.00
`security_score`	100.0	0.25	25.00
`testing_score`	58.0	0.20	11.60
`documentation_score`	65.0	0.15	9.75
`practices_score`	70.0	0.15	10.50
`code_quality`	70.0	0.10	7.00
Overall		1.00	72.8

critical Legacy quality quality conf 1.00 ✓ Repobility [MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data — RCE.

Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context.

runtime/api-server/src/composio-tool-registry.ts:48 qualitylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.APPLE_APP_SPECIFIC_PASSWORD` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.APPLE_APP_SPECIFIC_PASSWORD }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:269 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.APPLE_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.APPLE_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:268 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.APPLE_TEAM_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.APPLE_TEAM_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:270 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_CLIENT_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_CLIENT_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:751 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_CLIENT_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_CLIENT_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:663 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_CLIENT_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_CLIENT_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:601 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_CLIENT_SECRET` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_CLIENT_SECRET }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:752 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_CLIENT_SECRET` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_CLIENT_SECRET }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:664 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_CLIENT_SECRET` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_CLIENT_SECRET }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:602 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_TENANT_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_TENANT_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:750 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_TENANT_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_TENANT_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:662 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.AZURE_TENANT_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AZURE_TENANT_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:600 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.HOLABOSS_RELEASES_REPO_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.HOLABOSS_RELEASES_REPO_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:943 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.HOLABOSS_RELEASES_REPO_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.HOLABOSS_RELEASES_REPO_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:222 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.MAC_CERTIFICATE_PASSWORD` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.MAC_CERTIFICATE_PASSWORD }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:267 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.MAC_CERTIFICATE` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.MAC_CERTIFICATE }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:266 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.R2_ACCESS_KEY_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.R2_ACCESS_KEY_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:1079 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.R2_ENDPOINT_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.R2_ENDPOINT_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:1085 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.R2_SECRET_ACCESS_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.R2_SECRET_ACCESS_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:1080 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.SENTRY_AUTH_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SENTRY_AUTH_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:845 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.SENTRY_AUTH_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SENTRY_AUTH_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:364 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.SENTRY_AUTH_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SENTRY_AUTH_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:302 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.SENTRY_DSN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SENTRY_DSN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:753 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.SENTRY_DSN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SENTRY_DSN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:340 dependencylegacy

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.SENTRY_DSN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SENTRY_DSN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).

Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.

.github/workflows/ci.yml:294 dependencylegacy

critical Legacy quality quality conf 1.00 [SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3).

Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`.

runtime/api-server/src/composio-tool-registry.ts:48 qualitylegacy

critical Legacy security deserialization conf 1.00 [SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes — direct RCE on untrusted input. `unsafe_load` is even more dangerous.

Use `YAML.safe_load(input, permitted_classes: [Date])` — explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead.

runtime/api-server/src/composio-tool-registry.ts:48 deserializationlegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express DELETE /api/v1/integrations/bindings/:bindingId has no auth: Express route DELETE /api/v1/integrations/bindings/:bindingId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.delete('/api/v1/integrations/bindings/:bindingId', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5430 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express DELETE /api/v1/integrations/connections/:connectionId has no auth: Express route DELETE /api/v1/integrations/connections/:connectionId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.delete('/api/v1/integrations/connections/:connectionId', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5342 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express DELETE /api/v1/integrations/oauth/configs/:providerId has no auth: Express route DELETE /api/v1/integrations/oauth/configs/:providerId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.delete('/api/v1/integrations/oauth/configs/:providerId', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5557 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express PATCH /api/v1/integrations/connections/:connectionId has no auth: Express route PATCH /api/v1/integrations/connections/:connectionId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.patch('/api/v1/integrations/connections/:connectionId', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5264 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/capabilities/browser/tools/:toolId has no auth: Express route POST /api/v1/capabilities/browser/tools/:toolId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/capabilities/browser/tools/:toolId', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:4892 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/capabilities/runtime-tools/onboarding/alignment-question has no auth: Express route POST /api/v1/capabilities/runtime-tools/onboarding/alignment-question declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/capabilities/runtime-tools/onboarding/alignment-question', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5832 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/capabilities/runtime-tools/onboarding/alignment-report has no auth: Express route POST /api/v1/capabilities/runtime-tools/onboarding/alignment-report declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/capabilities/runtime-tools/onboarding/alignment-report', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5811 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/broker/proxy has no auth: Express route POST /api/v1/integrations/broker/proxy declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/broker/proxy', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5490 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/broker/token has no auth: Express route POST /api/v1/integrations/broker/token declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/broker/token', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5471 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/composio/finalize has no auth: Express route POST /api/v1/integrations/composio/finalize declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/composio/finalize', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5577 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/connections has no auth: Express route POST /api/v1/integrations/connections declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/connections', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5238 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/connections/:connectionId/merge has no auth: Express route POST /api/v1/integrations/connections/:connectionId/merge declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/connections/:connectionId/merge', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5316 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/context-fetch has no auth: Express route POST /api/v1/integrations/context-fetch declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/context-fetch', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5647 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/memory-clear has no auth: Express route POST /api/v1/integrations/memory-clear declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/memory-clear', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5688 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/integrations/oauth/authorize has no auth: Express route POST /api/v1/integrations/oauth/authorize declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/integrations/oauth/authorize', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5563 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/runtime/profile/auth-fallback has no auth: Express route POST /api/v1/runtime/profile/auth-fallback declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/runtime/profile/auth-fallback', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:4858 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/terminal-sessions has no auth: Express route POST /api/v1/terminal-sessions declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/terminal-sessions', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:4958 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/terminal-sessions/:terminalId/close has no auth: Express route POST /api/v1/terminal-sessions/:terminalId/close declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/terminal-sessions/:terminalId/close', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5117 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/terminal-sessions/:terminalId/input has no auth: Express route POST /api/v1/terminal-sessions/:terminalId/input declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/terminal-sessions/:terminalId/input', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5047 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/terminal-sessions/:terminalId/resize has no auth: Express route POST /api/v1/terminal-sessions/:terminalId/resize declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/terminal-sessions/:terminalId/resize', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5070 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express POST /api/v1/terminal-sessions/:terminalId/signal has no auth: Express route POST /api/v1/terminal-sessions/:terminalId/signal declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.post('/api/v1/terminal-sessions/:terminalId/signal', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5094 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express PUT /api/v1/integrations/bindings/:workspaceId/:targetType/:targetId/:integrationKey has no auth: Express route PUT /api/v1/integrations/bindings/:workspaceId/:targetType/:targetId/:integrationKey declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.put('/api/v1/integrations/bindings/:workspaceId/:targetType/:targetId/:integrationKey', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5372 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express PUT /api/v1/integrations/oauth/configs/:providerId has no auth: Express route PUT /api/v1/integrations/oauth/configs/:providerId declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.put('/api/v1/integrations/oauth/configs/:providerId', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:5532 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express PUT /api/v1/runtime/config has no auth: Express route PUT /api/v1/runtime/config declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.put('/api/v1/runtime/config', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:4818 qualitylegacy

high Legacy quality quality conf 0.80 ✓ Repobility [MINED113] Express PUT /api/v1/runtime/profile has no auth: Express route PUT /api/v1/runtime/profile declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.

Add an auth middleware: app.put('/api/v1/runtime/profile', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.

runtime/api-server/src/app.ts:4839 qualitylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/publish-linux-runtime.yml:67 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:574 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:273 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:179 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:139 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:110 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:78 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:55 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/download-artifact@<40-char-sha> # v8` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:936 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/download-artifact@<40-char-sha> # v8` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:930 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/download-artifact@<40-char-sha> # v8` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:924 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/setup-node@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:584 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/setup-node@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:283 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/setup-node@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:147 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/setup-node@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:118 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/setup-node@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:86 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/setup-node@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:63 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/upload-artifact@<40-char-sha> # v7` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:884 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: actions/upload-artifact@<40-char-sha> # v7` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:552 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: oven-sh/setup-bun@<40-char-sha> # v2` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:579 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: oven-sh/setup-bun@<40-char-sha> # v2` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:278 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: oven-sh/setup-bun@<40-char-sha> # v2` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:142 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: oven-sh/setup-bun@<40-char-sha> # v2` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:113 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: oven-sh/setup-bun@<40-char-sha> # v2` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:81 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

Replace with: `uses: oven-sh/setup-bun@<40-char-sha> # v2` and let Dependabot bump it on a scheduled cadence.

.github/workflows/ci.yml:58 dependencylegacy

low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.

For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.

runtime/api-server/src/composio-tool-registry.ts:80 xsslegacy

low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.

For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.

runtime/api-server/src/apply-app-schema.ts:171 xsslegacy

low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.

For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.

apps/desktop/src/components/panes/ChatPane/Composer/ThinkingValueSelect.tsx:35 xsslegacy

low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).

Use execFile / spawn with separate args array; never pass shell strings.

apps/desktop/src/components/panes/ChatPane/skeletons.tsx:303 qualitylegacy

low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).

Use execFile / spawn with separate args array; never pass shell strings.

apps/desktop/src/components/panes/ChatPane/helpers.ts:82 qualitylegacy

low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).

Use execFile / spawn with separate args array; never pass shell strings.

apps/desktop/src/components/marketplace/markdownFenceNormalization.mjs:5 qualitylegacy

high Legacy security path_traversal conf 1.00 [SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly.

After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`.

runtime/api-server/src/session-scratchpad.ts:71 path_traversallegacy

high Legacy security path_traversal conf 1.00 [SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly.

After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`.

runtime/api-server/src/runner-prep.ts:73 path_traversallegacy

high Legacy security path_traversal conf 1.00 [SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly.

After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`.

apps/desktop/scripts/runtime-bundle-state.mjs:170 path_traversallegacy

high Legacy security auth conf 0.78 Consent is collected in UI without visible backend audit persistence

Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state.

runtime/api-server/src/memory-recall-index.ts:39 authlegacy

high Legacy security llm_injection conf 0.82 LLM memory extraction can be prompt-injected into storing fake facts

Validate extracted facts with a schema, enforce length and count limits, reject code-fence/prompt-looking content, and discard facts that contain instruction-like phrases or raw JSON prompt fragments.

runtime/api-server/src/memory-writeback-extractor.ts:57 llm_injectionlegacy

high Legacy security llm_injection conf 0.82 LLM memory extraction can be prompt-injected into storing fake facts

Validate extracted facts with a schema, enforce length and count limits, reject code-fence/prompt-looking content, and discard facts that contain instruction-like phrases or raw JSON prompt fragments.

runtime/api-server/src/evolve-skill-review.ts:446 llm_injectionlegacy

high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value

Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.

apps/desktop/src/components/auth/AuthPanel.tsx:3828 authlegacy

high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value

Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.

apps/desktop/src/components/auth/AuthPanel.tsx:3420 authlegacy

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://localhost:${port}/mcp/health (sdk/app-builder-sdk/test/manifest-and-entry-point.test.ts:109)

`sdk/app-builder-sdk/test/manifest-and-entry-point.test.ts:109` calls `GET http://localhost:${port}/mcp/health` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/localhost:/<p>/mcp/health` If this points at an ex…

wiringdangling-fetchfetch

high 9-layer api wiring conf 1.00 Dangling fetch: GET http://localhost:${port}/mcp/health (sdk/app-builder-sdk/test/workspace-integration.test.ts:106)

`sdk/app-builder-sdk/test/workspace-integration.test.ts:106` calls `GET http://localhost:${port}/mcp/health` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/localhost:/<p>/mcp/health` If this points at an exter…

wiringdangling-fetchfetch

high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.twitter.com/... (runtime/api-server/src/workspace-app-host-lint.ts:3)

`runtime/api-server/src/workspace-app-host-lint.ts:3` calls `GET https://api.twitter.com/...` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.twitter.com/...` If this points at an external API, prefix it w…

wiringdangling-fetchfetch

high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/connect (runtime/api-server/src/composio-test-server.ts:263)

`runtime/api-server/src/composio-test-server.ts:263` calls `POST /api/connect` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/connect` If this points at an external API, prefix it with `https://` so the matcher skip…

wiringdangling-fetchfetch

high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/proxy (runtime/api-server/src/composio-test-server.ts:353)

`runtime/api-server/src/composio-test-server.ts:353` calls `POST /api/proxy` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/proxy` If this points at an external API, prefix it with `https://` so the matcher skips it.

wiringdangling-fetchfetch

high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in website/docs/worker-configuration.d.ts:3004

Found a known-risky pattern (exec_used). Review and replace if possible.

website/docs/worker-configuration.d.ts:3004 owaspexec_used

medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.

Log the error or rethrow it. Use console.error() at minimum.

runtime/api-server/src/session-scratchpad.ts:147 error_handlinglegacy

low Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.

Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.

runtime/api-server/src/composio-tool-registry.ts:48 deserializationlegacy

medium Legacy quality quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).

Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).

sdk/app-builder-sdk/src/runtime/state.ts:103 qualitylegacy

medium Legacy quality quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).

Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).

runtime/harnesses/src/embedded-skills/app-builder-sdk/sdk-package/src/runtime/state.ts:103 qualitylegacy

high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth

Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model.

runtime/api-server/src/runner-worker.ts:219 qualitylegacy

high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth

Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model.

runtime/deploy/bootstrap/shared.sh:57 qualitylegacy

medium Legacy cicd docker conf 0.90 Docker build context has no .dockerignore

Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases.

.dockerignore dockerlegacy

high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER

Add a non-root USER in the final runtime stage after files and permissions are prepared.

runtime/deploy/Dockerfile.toolchain:1 dockerlegacy

high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER

Add a non-root USER in the final runtime stage after files and permissions are prepared.

runtime/deploy/Dockerfile:2 dockerlegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/lib/workspaceSelection.tsx:26 qualitylegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/lib/chat/useChatComposerModelSelection.ts:197 qualitylegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/features/workspace-onboarding/preferences.ts:30 qualitylegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/components/publish/usePublishDraft.ts:97 qualitylegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/components/panes/ChatPane/index.tsx:5320 qualitylegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/components/layout/new-shell/useSettingsState.ts:97 qualitylegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/components/layout/SettingsScreenRoot.tsx:915 qualitylegacy

high Legacy quality quality conf 0.80 localStorage write failures are swallowed silently

Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.

apps/desktop/src/components/layout/AppShell.tsx:1441 qualitylegacy

medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/desktop/src/components/auth/AuthPanel.tsx:1434

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

frontend-qualityfq.dangerous-html

medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/desktop/src/components/marketplace/CodeBlock.tsx:236

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

frontend-qualityfq.dangerous-html

medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/desktop/src/lib/providerBrandIcon.tsx:156

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

frontend-qualityfq.dangerous-html

medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — sdk/ui/src/primitives/chart.tsx:93

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

frontend-qualityfq.dangerous-html

medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — website/docs/app/root.tsx:60

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

frontend-qualityfq.dangerous-html

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/desktop/electron/main.ts:1314

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/desktop/src/features/workspace-onboarding/DeterministicWorkspaceOnboardingSurface.tsx:668

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/desktop/src/lib/bff-fetch-bridge.ts:78

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/desktop/src/lib/integrationDisplay.ts:7

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/desktop/src/lib/useIntegrationBinding.ts:13

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/api-server/src/image-generation.ts:357

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/api-server/src/integration-types.ts:6

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/api-server/src/memory-model-client.ts:502

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/api-server/src/oauth-service.ts:94

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/api-server/src/runtime-agent-tools.test.ts:2880

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/api-server/src/workspace-app-host-lint.ts:3

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/harnesses/src/embedded-skills/app-builder-sdk/sdk-package/src/runtime/sync-runner.ts:4

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — runtime/harnesses/src/embedded-skills/app-builder-sdk/sdk-package/src/types.ts:191

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/app-builder-sdk/src/runtime/sync-runner.ts:4

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/app-builder-sdk/src/types.ts:191

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/app-builder-sdk/test/mcp-server.test.ts:37

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/app-sdk/src/clients/base.ts:264

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/bridge/src/integration-proxy.ts:22

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/bridge/src/workspace-outputs.ts:41

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — website/docs/worker-configuration.d.ts:312

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — website/docs/workers/app.ts:93

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

integrityfragile-runtimerobustness

medium 9-layer hardware security conf 1.00 Dockerfile runs as root: runtime/deploy/Dockerfile

No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.

securitycontainer

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/ci.yml:58 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/ci.yml:81 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/ci.yml:113 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/ci.yml:142 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/ci.yml:278 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/ci.yml:579 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/publish-linux-runtime.yml:113 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/publish-sdk.yml:85 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/publish-sdk.yml:117 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/publish-sdk.yml:213 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/publish-macos-intel-desktop.yml:123 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

.github/workflows/ci.yml supply-chaingithub-actionsleast-privilege

medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

.github/workflows/publish-linux-runtime.yml supply-chaingithub-actionsleast-privilege

medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

.github/workflows/publish-sdk.yml supply-chaingithub-actionsleast-privilege

medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

.github/workflows/publish-macos-intel-desktop.yml supply-chaingithub-actionsleast-privilege

medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/desktop/src/components/auth/AuthPanel.tsx:1434

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/desktop/src/components/auth/AuthPanel.tsx:1434 owaspdangerous_innerhtml

medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/desktop/src/components/marketplace/CodeBlock.tsx:236

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/desktop/src/components/marketplace/CodeBlock.tsx:236 owaspdangerous_innerhtml

medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/desktop/src/lib/providerBrandIcon.tsx:156

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/desktop/src/lib/providerBrandIcon.tsx:156 owaspdangerous_innerhtml

medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in sdk/ui/src/primitives/chart.tsx:93

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

sdk/ui/src/primitives/chart.tsx:93 owaspdangerous_innerhtml

medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in website/docs/app/root.tsx:60

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

website/docs/app/root.tsx:60 owaspdangerous_innerhtml

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/harnesses/src/desktop-browser-tools.ts:188 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/harness-host/src/harness-ai-monitoring.ts:49 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/harness-host/src/contracts.ts:93 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/harness-host/src/contracts.ts:6 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/workspace-mcp-host.ts:45 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/workspace-app-ui-lint.ts:39 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/teammate-skill-files.ts:106 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/runtime-sentry.ts:6 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/resolved-app-bootstrap-shared.ts:40 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/recall-embedding-model.ts:37 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/recall-embedding-backfill-worker.ts:159 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/queue-worker.ts:140 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/memory.ts:64 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/memory-writeback-extractor.ts:63 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/main-session-event-worker.ts:466 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/integration-types.ts:25 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/cron-worker.ts:605 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/useWorkspaceBrowser.ts:14 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/SpaceBrowserExplorerPane.tsx:143 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/MarketplacePane.tsx:20 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/HtmlPreviewFrame.tsx:112 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/ChatPane/IssueThreadControls.tsx:42 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/ChatPane/IssueThreadControls.tsx:36 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/BrowserProfileImportButton.tsx:473 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/panes/AppSurfacePane.tsx:453 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/onboarding/IntegrationsList.tsx:67 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/layout/new-shell/WorkspaceDashboardPane.tsx:21 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/layout/new-shell/SearchDialog.tsx:230 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

apps/desktop/src/components/layout/new-shell/NewAppShell.tsx:220 qualitylegacy

high Legacy quality quality conf 0.86 Duplicated implementation block across source files

Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.

runtime/api-server/src/image-generation-model.ts:79 qualitylegacy

low 9-layer quality integrity conf 1.00 105 env vars used in code but missing from .env.example

Drift between code and config docs. The first few: `APP_SETUP_TIMEOUT_MS`, `BASE_URL`, `COMPOSIO_API_KEY`, `COMPOSIO_BASE_URL`, `COMPOSIO_GCAL_ACCOUNT_ID`, `COMPOSIO_SLACK_ACCOUNT_ID`, `COMPOSIO_TELEGRAM_ACCOUNT_ID`, `COMPOSIO_USER_ID` + 97 more. Add them (with a placeholder/comment) to .env.exampl…

integrityconfig-drift

low 9-layer quality maintenance conf 1.00 173 TODO/FIXME markers

High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.

maintenance

low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found

Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.

coveragedeployment

low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: apps/desktop/electron/browser-pane/types.ts