Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

lightseekorg/tokenspeed

https://github.com/lightseekorg/tokenspeed · scanned 2026-05-16 22:31 UTC (17 hours, 49 minutes ago) · 10 languages

746 findings (51 legacy + 695 scanner) 60th percentile · Python · large (100-500K LoC) Scanner says 70 (higher by 3)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 17 hours, 49 minutes ago · v1 · 746 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
68.1
/100
Repobility
67
51 legacy
9-layer
70
88.9% cov · 695 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 15 Medium 18 Low 213 Source: Legacy 51 9-layer 695 Crowd 0 Layer: Cicd 47 Security 11 Quality 626 Software 48 Hardware 3 Frontend 1 Api 10
Scan summary Repository scanned at 69.6/100 with 88.9% coverage. It contains 6761 nodes across 12 cross-layer flows, written primarily in mixed languages. Engine surfaced 695 findings — concentrated in quality (586), software (45), cicd (43). Risk profile is high: 0 critical, 7 high, 13 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 739 of 746 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
python/tokenspeed/runtime/pd/mini_lb.py:60 ssrflegacy
high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
python/tokenspeed/runtime/cache/storage/mooncake_store/mooncake_store.py:288 ssrflegacy
high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
python/tokenspeed/bench.py:285 ssrflegacy
high Legacy cicd docker conf 0.95 Docker final stage runs as root
The final runtime stage explicitly uses root. A compromised app process would have root inside the container.
docker/Dockerfile:4 dockerlegacy
high 9-layer security auth conf 1.00 FastAPI POST `flush_cache` without auth dependency — python/tokenspeed/runtime/pd/mini_lb.py:433
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/tokenspeed/runtime/pd/mini_lb.py:433 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `handle_chat_completion_request` without auth dependency — python/tokenspeed/runtime/pd/mini_lb.py:585
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/tokenspeed/runtime/pd/mini_lb.py:585 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `handle_completion_request` without auth dependency — python/tokenspeed/runtime/pd/mini_lb.py:590
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/tokenspeed/runtime/pd/mini_lb.py:590 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `handle_generate_request` without auth dependency — python/tokenspeed/runtime/pd/mini_lb.py:494
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/tokenspeed/runtime/pd/mini_lb.py:494 authowaspauth.fastapi.unauth_mutation
high 9-layer cicd supply-chain conf 1.00 GitHub Action tracks a moving branch
jlumbroso/free-disk-space@main can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-docker.yml:24 supply-chaingithub-actionspinned-dependencies
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in python/tokenspeed/runtime/model_loader/loader.py:397
Found a known-risky pattern (eval_used). Review and replace if possible.
python/tokenspeed/runtime/model_loader/loader.py:397 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in python/tokenspeed/runtime/models/extensible.py:150
Found a known-risky pattern (eval_used). Review and replace if possible.
python/tokenspeed/runtime/models/extensible.py:150 owaspeval_used
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
python/tokenspeed/runtime/models/deepseek_v4.py:2808 error_handlinglegacy
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
python/tokenspeed/runtime/layers/deepseek_v4_mhc.py:62 error_handlinglegacy
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
python/tokenspeed/_logging.py:109 error_handlinglegacy
medium Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
python/tokenspeed/runtime/utils/common.py:418 deserializationlegacy
medium Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
python/tokenspeed/runtime/distributed/utils.py:132 deserializationlegacy
medium Legacy security deserialization conf 1.00 [SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.
Use torch.load(..., weights_only=True) or use safetensors format.
python/tokenspeed/runtime/model_loader/weight_utils.py:333 deserializationlegacy
medium Legacy security crypto conf 1.00 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness.
python/tokenspeed/bench.py:742 cryptolegacy
medium Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN.
python/tokenspeed/cli/serve_smg.py:13 qualitylegacy
high Legacy cicd docker conf 0.76 Dockerfile copies broad context with incomplete .dockerignore
COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts.
docker/Dockerfile:11 dockerlegacy
medium 9-layer hardware security conf 1.00 Dockerfile runs as root: docker/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
securitycontainer
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/docs.yml:35 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/release-tokenspeed-kernel.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/release-tokenspeed-scheduler.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/docs.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/update-tokenspeed-kernel-mla.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/update-tokenspeed-mla-version.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/update-tokenspeed-kernel-flashinfer.yml supply-chaingithub-actionsleast-privilege
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — python/tokenspeed/bench.py:587
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — python/tokenspeed/runtime/pd/utils.py:198
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — test/ci_system/ci_utils.py:172
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — test/ci_system/pipeline.py:388
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer security coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
coverageauth
low Legacy cicd docker conf 0.72 .dockerignore misses sensitive defaults
.dockerignore exists but does not cover common secret or VCS patterns.
.dockerignore dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Pip's package cache increases image size and can preserve unnecessary artifacts.
docker/Dockerfile:16 dockerlegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code.
python/tokenspeed/runtime/models/deepseek_v3.py:1 qualitylegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code.
python/tokenspeed/runtime/models/deepseek_v4.py:1 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/models/qwen2.py:355 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/models/minimax_m2.py:660 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/models/minimax_m2.py:565 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/models/minimax_m2.py:530 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/models/llama_eagle3.py:118 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/models/llama_eagle3.py:47 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/moe/backends/w8a8_fp8/triton.py:44 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/moe/backends/unquantized/triton.py:28 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/moe/backends/unquantized/flashinfer_trtllm.py:47 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/moe/backends/nvfp4/flashinfer_cutlass.py:33 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/moe/backends/fp8/triton.py:23 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/dense/w8a8_fp8.py:86 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/linear/wy_fast.py:26 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/linear/wy_fast.py:25 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/linear/solve_tril.py:17 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/linear/cumsum.py:31 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/kv_cache/mla.py:31 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/configs/mla.py:19 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/backends/trtllm_mla.py:182 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/backends/trtllm_mla.py:65 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/backends/trtllm.py:379 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/backends/triton.py:711 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/backends/triton.py:650 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/layers/attention/backends/tokenspeed_mla.py:204 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/engine/scheduler_control_client.py:59 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/engine/request.py:212 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/distributed/comm_backend/trtllm_allreduce.py:114 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/distributed/comm_backend/triton_allreduce.py:53 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/configs/qwen3_config.py:118 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
python/tokenspeed/runtime/configs/qwen3_config.py:46 qualitylegacy
info Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
tokenspeed-kernel/python/tokenspeed_kernel/ops/attention/triton/deepseek_v4.py:1 qualitylegacy
info Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
python/tokenspeed/runtime/models/deepseek_v3.py:1 qualitylegacy
info Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
python/tokenspeed/runtime/layers/attention/kv_cache/deepseek_v4.py:1 qualitylegacy
info Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
python/tokenspeed/runtime/layers/attention/backends/deepseek_v4.py:1 qualitylegacy
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: lightseekorg/tokenspeed-runner:${RUNNER_TAG}
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/Dockerfile:2 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: python/tokenspeed/version.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/benchmark/__main__.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/numerics/__main__.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/activation/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/activation/flashinfer.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/embedding/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/embedding/flashinfer.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/kvcache/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/layernorm/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/layernorm/flashinfer.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/moe/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/quantization/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/quantization/flashinfer.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/routing/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/sampling/cuda.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/ops/sampling/flashinfer.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/plugins/__main__.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/deep_gemm/utils/layout.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tokenspeed-mla/python/tokenspeed_mla/_triton.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:46 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:49 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:119 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:209 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:220 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:223 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:240 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:251 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/download-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-kernel.yml:254 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:29 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:32 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:44 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:54 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:57 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:69 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:80 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:83 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/download-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-tokenspeed-scheduler.yml:108 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/lint.yml:16 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/docs.yml:32 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-pages-artifact@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/docs.yml:49 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/deploy-pages@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/docs.yml:63 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/update-tokenspeed-kernel-mla.yml:24 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/update-tokenspeed-mla-version.yml:24 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-docker.yml:34 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-pypi.yml:17 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release-pypi.yml:22 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/update-tokenspeed-kernel-flashinfer.yml:24 supply-chaingithub-actionspinned-dependencies
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_mixed_prefill_copy` in python/tokenspeed/runtime/layers/attention/backends/deepseek_v4.py:875
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `async_copy` in tokenspeed-kernel/python/tokenspeed_kernel/platform.py:381
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `async_copy` in tokenspeed-kernel/test/conftest.py:62
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `atom_async_copy` in tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:1600
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `autovec_copy` in tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/cute_dsl/nvfp4_gemm_swiglu_nvfp4_quant.py:1760
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `batch_get_v1` in python/tokenspeed/runtime/cache/kvstore_storage.py:58
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `batch_get_v1` in python/tokenspeed/runtime/cache/storage/mooncake_store/mooncake_store.py:427
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `corr_tmem_store_tiled_copy` in tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:2616
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `enable_kv_cache_copy` in python/tokenspeed/runtime/layers/attention/kv_cache/mha.py:54
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `enable_kv_cache_copy` in python/tokenspeed/runtime/layers/attention/kv_cache/mla.py:66
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `fast_topk_v2` in python/tokenspeed/runtime/models/deepseek_v4.py:705
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `fast_topk_v2` in test/runtime/kernels/test_trtllm_wrapper.py:12
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `fast_topk_v2` in tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/trtllm/__init__.py:39
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `fused_mamba_state_copy` in python/tokenspeed/runtime/layers/attention/linear/mamba_state_scatter_triton.py:197
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `get_cpu_copy` in python/tokenspeed/runtime/layers/attention/kv_cache/base.py:101
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `get_cpu_copy` in python/tokenspeed/runtime/layers/attention/kv_cache/deepseek_v4.py:901
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `need_copy` in python/tokenspeed/runtime/layers/attention/backends/hybrid_linear_attn.py:538
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `send_old` in tokenspeed-kernel/python/tokenspeed_kernel/ops/communication/triton.py:332
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `submit_backup` in python/tokenspeed/runtime/cache/executor/memory_executor.py:234
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `submit_backup` in python/tokenspeed/runtime/cache/executor/storage_executor.py:226
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_reregister_replaces_old` in tokenspeed-kernel/test/test_registry.py:94
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_status_property_exposes_live_state_not_copy` in test/runtime/test_detokenizer_parity.py:1372
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `to_copy` in tokenspeed-kernel/python/tokenspeed_kernel/ops/moe/deepep.py:250
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `tokenized_copy` in python/tokenspeed/runtime/engine/parallel_sampling.py:57
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `tTMEM_LOADtS_v1` in tokenspeed-mla/python/tokenspeed_mla/fmha.py:1101
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `weight_loader_v2` in python/tokenspeed/runtime/layers/linear.py:386
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality tests conf 1.00 Low test-to-source ratio
99 tests / 444 src (ratio 0.22).
tests
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/runners.py:forward, test/runners.py:forward This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/runners.py:forward_generation_raw, test/runners.py:forward_generation_raw This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/ci_system/process_group_manager.py:start, test/ci_system/process_group_manager.py:run This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/agentic_benchmark/tokenspeed/collect_outputs.py:num_gpus_from_config, test/agentic_benchmark/trtllm/collect_outputs.py:num_gpus_from_config This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/agentic_benchmark/tokenspeed/collect_outputs.py:collect, test/agentic_benchmark/trtllm/collect_outputs.py:collect This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or d…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/agentic_benchmark/tokenspeed/collect_outputs.py:main, test/agentic_benchmark/trtllm/collect_outputs.py:main This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or documen…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_helpers.py:create_mla_static_tile_scheduler_params, tokenspeed-mla/python/tokenspeed_mla/mla_helpers.py:create_mla_static_tile_scheduler This is *the* AI-coder failure mode (4× more duplication in vibe-coded r…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/fmha.py:softmax_step, tokenspeed-mla/python/tokenspeed_mla/fmha.py:softmax This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:make_paged_tiled_tma_atom, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:make_paged_tiled_tma_atom This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see htt…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:split_kv_kernel, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:split_kv_kernel This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-h…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:get_split_kv, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:get_split_kv This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:get_split_kv_simplified, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:get_split_kv_simplified This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https:/…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:get_k_tile_count, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:get_k_tile_count This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:mma, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:mma This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:mma_qk, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:mma_qk This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolida…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:compute, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:compute This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:correction, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:correction This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). C…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:exchange_p_cor_metadata, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:exchange_p_cor_metadata This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https:/…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:softmax, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:softmax This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:get_correction_factor, tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:get_correction_factor This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.…
integrityduplicatedry
low 9-layer software dead-code conf 1.00 Possibly dead Python function: alloc_fn
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/ops/moe/triton.py:825 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: convert_sf_from_mma_layout
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/utils.py:343 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: convert_sf_to_mma_layout
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/utils.py:267 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: create_module
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/_triton.py:61 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: cutlass_to_torch_dtype
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/utils.py:64 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: decorator
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/registry.py:328 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: error_fn
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/registry.py:387 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: finalize_options
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/setup.py:753 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: generate_tensors
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/fmha.py:3513 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: generate_tensors
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:4371 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: generate_tensors
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:4189 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: grid
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/ops/gemm/triton.py:439 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: initialize_options
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/setup.py:750 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: parse_mma_tiler
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py:4506 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: parse_mma_tiler
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py:4329 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: parse_nested_comma_separated_ints
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/fmha.py:3625 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: silu_and_mul_masked_post_quant_fwd
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/ops/moe/deepep.py:116 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: softmax_loop
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-mla/python/tokenspeed_mla/fmha.py:2349 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: tolerance
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/numerics/quantize.py:46 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: tolerance
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/numerics/moe.py:44 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: tolerance
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/numerics/gemm.py:61 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: trtllm_create_ipc_workspace_for_allgather_fusion
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/cuda/trtllm.py:402 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: trtllm_create_ipc_workspace_for_reduce_scatter_fusion
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/cuda/trtllm.py:550 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: trtllm_destroy_ipc_workspace_for_allgather_fusion
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/cuda/trtllm.py:448 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: trtllm_destroy_ipc_workspace_for_minimax
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/cuda/trtllm.py:874 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: trtllm_destroy_ipc_workspace_for_reduce_scatter_fusion
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/cuda/trtllm.py:595 dead-code
low 9-layer quality integrity conf 1.00 Stub function `_ignore_health_check_output` (body is just `pass`/`return`) — python/tokenspeed/runtime/engine/async_llm.py:109
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `_ignore_resource_tracker_register` (body is just `pass`/`return`) — python/tokenspeed/runtime/distributed/device_communicators/utils.py:42
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `_ignore_threading_atexit` (body is just `pass`/`return`) — python/tokenspeed/runtime/entrypoints/engine.py:50
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `_on_rank_initialized` (body is just `pass`/`return`) — python/tokenspeed/runtime/distributed/mapping.py:82
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `_register_kv_args` (body is just `pass`/`return`) — python/tokenspeed/runtime/pd/common/conn.py:464
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `append_to_later_free` (body is just `pass`/`return`) — test/runtime/benchmark/bench_decode_cache.py:60
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `clear` (body is just `pass`/`return`) — python/tokenspeed/runtime/cache/kvstore_storage.py:157
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `exec_module` (body is just `pass`/`return`) — tokenspeed-kernel/python/tokenspeed_kernel/_triton.py:64
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `free_with_diff` (body is just `pass`/`return`) — test/runtime/benchmark/bench_eviction_ts.py:32
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `get_hot_token_id` (body is just `pass`/`return`) — python/tokenspeed/runtime/models/qwen3_5_nextn.py:115
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `get_lora_request` (body is just `pass`/`return`) — python/tokenspeed/bench.py:775
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `initialize_options` (body is just `pass`/`return`) — tokenspeed-kernel/python/setup.py:750
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `make_tensor_descriptor` (body is just `pass`/`return`) — python/tokenspeed/runtime/layers/attention/linear/op.py:69
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `on_select_experts` (body is just `pass`/`return`) — python/tokenspeed/runtime/moe/distribution_recorder.py:81
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `pause` (body is just `pass`/`return`) — python/tokenspeed/runtime/utils/torch_memory_saver_adapter.py:75
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `process_weights_after_loading` (body is just `pass`/`return`) — python/tokenspeed/runtime/layers/dense/unquant.py:55
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `process_weights_after_loading` (body is just `pass`/`return`) — python/tokenspeed/runtime/layers/linear.py:724
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `process_weights_after_loading` (body is just `pass`/`return`) — python/tokenspeed/runtime/layers/moe/backends/base.py:69
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `publish` (body is just `pass`/`return`) — python/tokenspeed/runtime/pd/kv_events.py:161
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `record_kv_transfer_timeout` (body is just `pass`/`return`) — python/tokenspeed/runtime/metrics/collector.py:505
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `send_pyobj` (body is just `pass`/`return`) — python/tokenspeed/runtime/engine/event_loop.py:104
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer api wiring conf 1.00 Unused endpoint: ANY /start_profile
`python/tokenspeed/runtime/pd/mini_lb.py` declares `ANY /start_profile` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: ANY /stop_profile
`python/tokenspeed/runtime/pd/mini_lb.py` declares `ANY /stop_profile` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /get_model_info
`python/tokenspeed/runtime/pd/mini_lb.py` declares `GET /get_model_info` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /get_server_info
`python/tokenspeed/runtime/pd/mini_lb.py` declares `GET /get_server_info` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /v1/models
`python/tokenspeed/runtime/pd/mini_lb.py` declares `GET /v1/models` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /flush_cache
`python/tokenspeed/runtime/pd/mini_lb.py` declares `POST /flush_cache` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /generate
`python/tokenspeed/runtime/pd/mini_lb.py` declares `POST /generate` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /register
`python/tokenspeed/runtime/pd/mini_lb.py` declares `POST /register` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /v1/chat/completions
`python/tokenspeed/runtime/pd/mini_lb.py` declares `POST /v1/chat/completions` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /v1/completions
`python/tokenspeed/runtime/pd/mini_lb.py` declares `POST /v1/completions` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/bench.py (2060 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/engine/event_loop.py (1202 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/layers/attention/backends/deepseek_v4.py (1626 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/layers/attention/backends/flash_attention.py (2160 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/layers/attention/deepseek_v4_ops.py (3448 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/layers/linear.py (1262 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/layers/rotary_embedding.py (1448 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/models/deepseek_v3.py (2064 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/models/deepseek_v4.py (5860 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/models/qwen3_5.py (1484 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: python/tokenspeed/runtime/utils/server_args.py (1848 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: test/runtime/test_deepseek_v4_attention_ops.py (1420 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: test/runtime/test_deepseek_v4_config.py (2975 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: test/runtime/test_detokenizer_parity.py (1393 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tokenspeed-kernel/python/tokenspeed_kernel/thirdparty/cute_dsl/nvfp4_gemm_swiglu_nvfp4_quant.py (2680 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tokenspeed-kernel/test/thirdparty/test_cuda.py (1429 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tokenspeed-mla/python/tokenspeed_mla/fmha.py (3882 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp16.py (4536 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tokenspeed-mla/python/tokenspeed_mla/mla_decode_fp8.py (4719 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
info 9-layer quality integrity conf 1.00 Commented-code block (10 lines) in test/runtime/test_detokenizer_parity.py:428
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (18 lines) in test/runtime/models/test_generation_models.py:143
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in test/runtime/models/test_mm25_perf.py:144
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/_logging.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/bench.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/cli/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/cli/__main__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/cli/_argsplit.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/cli/_logo.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/cli/_logprefix.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/cli/_proc.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/cli/serve_smg.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/env.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/allocator.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/base_prefix_cache.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/evict_policy.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/executor/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/executor/host_executor.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/executor/memory_executor.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/executor/storage_executor.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/kv_cache_host.py:9
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/kvstore_controller.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/kvstore_storage.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/prefix_cache.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/req_to_token_pool.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/storage/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/storage/backend_factory.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/storage/mooncake_store/mooncake_store.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/cache/utils.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/deepseek_v4_cache_spec.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/deepseek_v4_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/device_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/kimi_k2_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/load_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/minimax_m2_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/model_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/paged_cache_spec.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/qwen2_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/qwen3_5_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/qwen3_5_text_base_config.py:9
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/qwen3_config.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/configs/utils.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/__init__.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/auto.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/base.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/custom_allreduce.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/nccl.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/registry.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/triton_allreduce.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/triton_rsag.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_backend/trtllm_allreduce.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_manager.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in python/tokenspeed/runtime/distributed/comm_ops.py:3
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code

Showing first 300 of 739. Refine filters or use the legacy findings page for deep search.

{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/36c59998-1773-42d3-8cb0-456402726f35/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/36c59998-1773-42d3-8cb0-456402726f35/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.