{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage runs as root", "shortDescription": {"text": "Docker final stage runs as root"}, "fullDescription": {"text": "The final runtime stage explicitly uses root. A compromised app process would have root inside the container."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/464"}, "properties": {"repository": "lightseekorg/tokenspeed", "repoUrl": "https://github.com/lightseekorg/tokenspeed", "branch": "main"}, "results": [{"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 23843, "scanner": "repobility-docker", "fingerprint": "3f631cb8cc1001d6c6854f801d45c18cc63fb1d40da4290b6cd3e6bfa89a34d3", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|3f631cb8cc1001d6c6854f801d45c18cc63fb1d40da4290b6cd3e6bfa89a34d3", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 23840, "scanner": "repobility-threat-engine", "fingerprint": "687fd0ce8a50df84e2ed1a96599c8c2e57f0ef005986b35092cfbb47c389a9d0", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|333|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/model_loader/weight_utils.py"}, "region": {"startLine": 333}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 23839, "scanner": "repobility-threat-engine", "fingerprint": "9f53cbd365009cf3fd02942c9cdccb2625d9dd7345a580b1702c855bfa696a03", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|418|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/utils/common.py"}, "region": {"startLine": 418}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 23838, "scanner": "repobility-threat-engine", "fingerprint": "3ae32ac9af3131e4b75db87334fbf84a90ca2b3cf244bac570fcd90bdb10a7c6", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|132|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/distributed/utils.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 23830, "scanner": "repobility-threat-engine", "fingerprint": "aa6b5b7d30ed5026c47edfe5bf95591d163787326ba7e47d26c135576aeb13ad", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "random.randint(", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|python/tokenspeed/bench.py|742|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/bench.py"}, "region": {"startLine": 742}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 23824, "scanner": "repobility-threat-engine", "fingerprint": "96fafdfe2458b38d4b0a231b3bac59df304ad6302feec54523259eec11bab99a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|96fafdfe2458b38d4b0a231b3bac59df304ad6302feec54523259eec11bab99a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/deepseek_v4.py"}, "region": {"startLine": 2808}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 23823, "scanner": "repobility-threat-engine", "fingerprint": "5309f352e56a4c8c0d6bfde7bc4208ae72e9d325f9f2de8cfc9f754470ee981b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5309f352e56a4c8c0d6bfde7bc4208ae72e9d325f9f2de8cfc9f754470ee981b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/deepseek_v4_mhc.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 23822, "scanner": "repobility-threat-engine", "fingerprint": "a36dd29ee8824176efcd12871a70bb13c1b9b9c556351009fd06b16b4347b04e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a36dd29ee8824176efcd12871a70bb13c1b9b9c556351009fd06b16b4347b04e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/_logging.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 23821, "scanner": "repobility-agent-runtime", "fingerprint": "a27a74f59ea25b68c8cf5011ac3b952fab56f9fa65e5dedc37c7248a1aef366b", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|a27a74f59ea25b68c8cf5011ac3b952fab56f9fa65e5dedc37c7248a1aef366b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/cli/serve_smg.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 23846, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 23844, "scanner": "repobility-docker", "fingerprint": "583b37fdc9e590274898300919ae255cbfa49dd1d13bdf4eb77f41fea5bb7fd7", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|583b37fdc9e590274898300919ae255cbfa49dd1d13bdf4eb77f41fea5bb7fd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 23820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bbdbe0efa23f03b8fd613e6870e85b4a1c86e36f3e6b501d9dad0edc65d20240", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "yarn_get_mscale", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "python/tokenspeed/runtime/configs/model_config.py", "correlation_key": "fp|bbdbe0efa23f03b8fd613e6870e85b4a1c86e36f3e6b501d9dad0edc65d20240"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/deepseek_v3.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 23819, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a235994a286ce9dd06bf34e0ead709a3c21882cd6b66ecf0ed80b1a42fdb3c7", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "_attention_use_fp4_indexer_cache", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/registry.py", "correlation_key": "fp|6a235994a286ce9dd06bf34e0ead709a3c21882cd6b66ecf0ed80b1a42fdb3c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/deepseek_v4.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e881e824c92b9ea9689436936820b41e9bed64410a19800c3da4338a3076b5be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/models/llama.py", "duplicate_line": 190, "correlation_key": "fp|e881e824c92b9ea9689436936820b41e9bed64410a19800c3da4338a3076b5be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/qwen2.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23817, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e9e12aff38d059cbb040464e4ca7b3624d13546de79d623a0fd688aa1060f00d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/models/base/causal_lm.py", "duplicate_line": 56, "correlation_key": "fp|e9e12aff38d059cbb040464e4ca7b3624d13546de79d623a0fd688aa1060f00d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/minimax_m2.py"}, "region": {"startLine": 660}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23816, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb76c2a07f744214aa390c8f2dbb748c4be36b2b03d8187720abf35e080219c4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/models/llama_eagle3.py", "duplicate_line": 132, "correlation_key": "fp|cb76c2a07f744214aa390c8f2dbb748c4be36b2b03d8187720abf35e080219c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/minimax_m2.py"}, "region": {"startLine": 565}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23815, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80dc0ae200e3436a676b33304f28b559602f72ddd7c81da8424f96b198061f11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/models/llama.py", "duplicate_line": 149, "correlation_key": "fp|80dc0ae200e3436a676b33304f28b559602f72ddd7c81da8424f96b198061f11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/minimax_m2.py"}, "region": {"startLine": 530}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23814, "scanner": "repobility-ai-code-hygiene", "fingerprint": "830b900de0854a4b7eeeb2364a07927dcae0965e64218408639301539db51d27", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/models/gpt_oss.py", "duplicate_line": 177, "correlation_key": "fp|830b900de0854a4b7eeeb2364a07927dcae0965e64218408639301539db51d27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/llama_eagle3.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23813, "scanner": "repobility-ai-code-hygiene", "fingerprint": "213eedb3a6162ed078720067ee0169a71b75f8934bbbeff41b34ef5e73f6a648", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/models/llama.py", "duplicate_line": 89, "correlation_key": "fp|213eedb3a6162ed078720067ee0169a71b75f8934bbbeff41b34ef5e73f6a648"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/llama_eagle3.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23812, "scanner": "repobility-ai-code-hygiene", "fingerprint": "90e1eb6e08ed8097bcaf0a763d09028747ab6adf1582c9508ac035bc0bbe906f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/moe/backends/fp8/triton.py", "duplicate_line": 45, "correlation_key": "fp|90e1eb6e08ed8097bcaf0a763d09028747ab6adf1582c9508ac035bc0bbe906f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/moe/backends/w8a8_fp8/triton.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23811, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e1dac21da71c6ab3ff8269b8aed875d01574ec23db1531a17aff9a4644ba913", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/moe/backends/fp8/triton.py", "duplicate_line": 45, "correlation_key": "fp|8e1dac21da71c6ab3ff8269b8aed875d01574ec23db1531a17aff9a4644ba913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/moe/backends/unquantized/triton.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23810, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c1073a3511b46f42fcfbd54ba8dcb622d4fee0b486d1e1e69430e74ecb1cbba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/moe/backends/unquantized/flashinfer_cutlass.py", "duplicate_line": 33, "correlation_key": "fp|4c1073a3511b46f42fcfbd54ba8dcb622d4fee0b486d1e1e69430e74ecb1cbba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/moe/backends/unquantized/flashinfer_trtllm.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23809, "scanner": "repobility-ai-code-hygiene", "fingerprint": "505cf231d157d3fa3ce6a1300e182d3401193495e183a25596cc0926258e85ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/moe/backends/nvfp4/flashinfer_cutedsl.py", "duplicate_line": 70, "correlation_key": "fp|505cf231d157d3fa3ce6a1300e182d3401193495e183a25596cc0926258e85ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/moe/backends/nvfp4/flashinfer_cutlass.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23808, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29ffe75e5c359a1c7d69cb2d58d99363e85a5ceb24ce0240a5fe39ae6a60d0ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/moe/backends/fp8/flashinfer_cutlass.py", "duplicate_line": 35, "correlation_key": "fp|29ffe75e5c359a1c7d69cb2d58d99363e85a5ceb24ce0240a5fe39ae6a60d0ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/moe/backends/fp8/triton.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23807, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e6469173afbd517efd61f9da4771e542e0dcd7e8a24c3b640895781ce91e8e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/dense/fp8.py", "duplicate_line": 216, "correlation_key": "fp|5e6469173afbd517efd61f9da4771e542e0dcd7e8a24c3b640895781ce91e8e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/dense/w8a8_fp8.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23806, "scanner": "repobility-ai-code-hygiene", "fingerprint": "819a1a5d6c172037276e7f496152c8571211058bf85c4b5af9ce18fc48544a8c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/linear/chunk_scaled_dot_kkt.py", "duplicate_line": 28, "correlation_key": "fp|819a1a5d6c172037276e7f496152c8571211058bf85c4b5af9ce18fc48544a8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/linear/wy_fast.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23805, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a09bc90235ea5aa47de0e571c9fa42ebe3a0517c0510b8010ea7cd68acfb42c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/linear/solve_tril.py", "duplicate_line": 16, "correlation_key": "fp|a09bc90235ea5aa47de0e571c9fa42ebe3a0517c0510b8010ea7cd68acfb42c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/linear/wy_fast.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23804, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ed4e6929681859bc145b4a9c8abcc140dc846587e454933f32ad7c60f4bdd65", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/linear/chunk_scaled_dot_kkt.py", "duplicate_line": 28, "correlation_key": "fp|3ed4e6929681859bc145b4a9c8abcc140dc846587e454933f32ad7c60f4bdd65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/linear/solve_tril.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23803, "scanner": "repobility-ai-code-hygiene", "fingerprint": "398946320d9617ad866f334c9ad50b6d2fbb516b61117800d4b8869e048fc35f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/linear/chunk_scaled_dot_kkt.py", "duplicate_line": 28, "correlation_key": "fp|398946320d9617ad866f334c9ad50b6d2fbb516b61117800d4b8869e048fc35f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/linear/cumsum.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23802, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b95ef6906fce73737674200f037dc8efa798966b98695959bbefeb7885235341", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/kv_cache/mha.py", "duplicate_line": 20, "correlation_key": "fp|b95ef6906fce73737674200f037dc8efa798966b98695959bbefeb7885235341"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/kv_cache/mla.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23801, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3191a519369e32a6c658010a243572944621832e990156359f6024877fd213e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/configs/mha.py", "duplicate_line": 13, "correlation_key": "fp|3191a519369e32a6c658010a243572944621832e990156359f6024877fd213e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/configs/mla.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23800, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94272c453b80957ed010cf38f18c030f451b35ccf0a4a5ac65d9e1c80c587295", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/backends/flashmla.py", "duplicate_line": 201, "correlation_key": "fp|94272c453b80957ed010cf38f18c030f451b35ccf0a4a5ac65d9e1c80c587295"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/backends/trtllm_mla.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23799, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e6990fe7e69e8e32f9b93115425f9fb2285a3f0bddbab60622e2fcf86bb3470", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/backends/tokenspeed_mla.py", "duplicate_line": 70, "correlation_key": "fp|1e6990fe7e69e8e32f9b93115425f9fb2285a3f0bddbab60622e2fcf86bb3470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/backends/trtllm_mla.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23798, "scanner": "repobility-ai-code-hygiene", "fingerprint": "901422ec9d75ecc894acb699b56fa877e475607c5094420e6e0989973947326d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/backends/mha.py", "duplicate_line": 115, "correlation_key": "fp|901422ec9d75ecc894acb699b56fa877e475607c5094420e6e0989973947326d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/backends/trtllm.py"}, "region": {"startLine": 379}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23797, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27e27f79495759153b9bcdeb92c771485eb66d78fce86d41eb923480bf44e62e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/backends/mha.py", "duplicate_line": 209, "correlation_key": "fp|27e27f79495759153b9bcdeb92c771485eb66d78fce86d41eb923480bf44e62e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/backends/triton.py"}, "region": {"startLine": 711}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23796, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dfe057219f5466668364a078e5eff163a64d257d2f4427589057f03eaa2fc2f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/backends/flashmla.py", "duplicate_line": 356, "correlation_key": "fp|dfe057219f5466668364a078e5eff163a64d257d2f4427589057f03eaa2fc2f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/backends/triton.py"}, "region": {"startLine": 650}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23795, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3a77bc396f4b89cd2908188d18c909e125446da64f33644297fbb26b34b916c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/layers/attention/backends/flashmla.py", "duplicate_line": 201, "correlation_key": "fp|e3a77bc396f4b89cd2908188d18c909e125446da64f33644297fbb26b34b916c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/backends/tokenspeed_mla.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23794, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3bec4c160e3ead25eac48b2d51faa20175a5730b465daa59530b1bf09747a73b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/engine/async_llm.py", "duplicate_line": 587, "correlation_key": "fp|3bec4c160e3ead25eac48b2d51faa20175a5730b465daa59530b1bf09747a73b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/engine/scheduler_control_client.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23793, "scanner": "repobility-ai-code-hygiene", "fingerprint": "331b961ddcabafeeb904949675667f418b8d321c2271402d349ba457ddb154d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/engine/generation_output_processor.py", "duplicate_line": 156, "correlation_key": "fp|331b961ddcabafeeb904949675667f418b8d321c2271402d349ba457ddb154d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/engine/request.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23792, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a39659113a9b8ca6582f9dbff7d3c2e7be703439950274e5f7e19533b5b8be2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/distributed/comm_backend/custom_allreduce.py", "duplicate_line": 61, "correlation_key": "fp|a39659113a9b8ca6582f9dbff7d3c2e7be703439950274e5f7e19533b5b8be2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/distributed/comm_backend/trtllm_allreduce.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23791, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d5f605435ceaf6ac3b5e9dc5fc9fdc458d852fe3e86619db8df72510f21b37f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/distributed/comm_backend/custom_allreduce.py", "duplicate_line": 60, "correlation_key": "fp|8d5f605435ceaf6ac3b5e9dc5fc9fdc458d852fe3e86619db8df72510f21b37f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/distributed/comm_backend/triton_allreduce.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23790, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ea7f9d79c8ae0735075c2f36eb37a404a07517ca35881c8f9e430ffc07c17958", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/configs/qwen2_config.py", "duplicate_line": 14, "correlation_key": "fp|ea7f9d79c8ae0735075c2f36eb37a404a07517ca35881c8f9e430ffc07c17958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/configs/qwen3_config.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23789, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d83d19910aaaae8d03c192a819ab9222bb5730c240dc572c6631a91f3bd69a38", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/tokenspeed/runtime/configs/qwen3_5_text_base_config.py", "duplicate_line": 42, "correlation_key": "fp|d83d19910aaaae8d03c192a819ab9222bb5730c240dc572c6631a91f3bd69a38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/configs/qwen3_config.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23788, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db9fcd3f152602bffed01c8bd92e46422234b3d383c6503acbf346ed22a96d40", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v4", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|db9fcd3f152602bffed01c8bd92e46422234b3d383c6503acbf346ed22a96d40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tokenspeed-kernel/python/tokenspeed_kernel/ops/attention/triton/deepseek_v4.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23787, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad8daa669300d646fce7d03624a818fb756e37fde22953dea8bc0f11f5c79d18", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v3", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ad8daa669300d646fce7d03624a818fb756e37fde22953dea8bc0f11f5c79d18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/models/deepseek_v3.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23786, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4712d854ab5eb641ecdf73978bd8107b29f0bd5ede9d3501db16f9f93f47b8a4", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v4", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4712d854ab5eb641ecdf73978bd8107b29f0bd5ede9d3501db16f9f93f47b8a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/kv_cache/deepseek_v4.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 23785, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8de1b4e8fad804210111136bacb873081d74f25dcc77c524d304e9a6c3e54465", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v4", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8de1b4e8fad804210111136bacb873081d74f25dcc77c524d304e9a6c3e54465"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/layers/attention/backends/deepseek_v4.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 23842, "scanner": "repobility-docker", "fingerprint": "0a56cb60dd26670453a4694f240a9cc0fa0928f26daa4dffa41fd9d25378c933", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "lightseekorg/tokenspeed-runner:${RUNNER_TAG}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|0a56cb60dd26670453a4694f240a9cc0fa0928f26daa4dffa41fd9d25378c933"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 23841, "scanner": "repobility-threat-engine", "fingerprint": "c918921aed26f8078772ced220c654d97c0e25ca3b904c4c97ffae87498f5295", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "evidence": {"match": "torch.load(", "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|417|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/moe/expert_location.py"}, "region": {"startLine": 417}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 23837, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 23833, "scanner": "repobility-threat-engine", "fingerprint": "f78b05f3525efdc18a5d1983ba1263e47eaa8a772967c623a7aa23730bd5139a", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f78b05f3525efdc18a5d1983ba1263e47eaa8a772967c623a7aa23730bd5139a"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 23832, "scanner": "repobility-threat-engine", "fingerprint": "5454137013d3dd1b3d67e677673092510c8263c7c268cfd5728aad1c462a0a28", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|68|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/pd/utils.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 23831, "scanner": "repobility-threat-engine", "fingerprint": "8e1ed640ef48ed40d51169469d4a9064e1da44bafec1f0d5c5da77c25d147b58", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|596|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/pd/mini_lb.py"}, "region": {"startLine": 596}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 23829, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 23828, "scanner": "repobility-threat-engine", "fingerprint": "3c1a07bc64a7ab1278796178db2894aa0e192b5811b1e25d9f0fe94f06dfb6fc", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "logger.warning(\"HF tokenizer prewarm failed for %s: %s\", model_id, exc)", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|21|logger.warning hf tokenizer prewarm failed for s: s model_id exc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/cli/serve_smg.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 23827, "scanner": "repobility-threat-engine", "fingerprint": "354f0e9324b3525e879cdc9afa465248e37bed877f948b99b9fd31e83e1dfcbe", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(f\"TokenSpeed v{__version__}\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|print f tokenspeed v __version__"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/cli/__main__.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 23826, "scanner": "repobility-threat-engine", "fingerprint": "983bde0dc8da444464e4dc038f9177398fb02845e08143e804875a22e37ca0b1", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(f\"#Input tokens: {sum(x.prompt_len for x in samples)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|python/tokenspeed/bench.py|104|print f #input tokens: sum x.prompt_len for x in samples"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/bench.py"}, "region": {"startLine": 1047}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 23825, "scanner": "repobility-threat-engine", "fingerprint": "f73c07a3ac3dd195f50ed5e0e96e18ea3d5ae81e395cd5702ccc6657d0e46c1f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f73c07a3ac3dd195f50ed5e0e96e18ea3d5ae81e395cd5702ccc6657d0e46c1f"}}}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 23845, "scanner": "repobility-docker", "fingerprint": "d8f7cfcea99f8be1d0a044165ba0447a0dae2bb2f68f8ee903e728618531f4aa", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d8f7cfcea99f8be1d0a044165ba0447a0dae2bb2f68f8ee903e728618531f4aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23836, "scanner": "repobility-threat-engine", "fingerprint": "e341957ab7ce0112ec12f817a31657d0683a5e8d6a164a40d935aba13484b397", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e341957ab7ce0112ec12f817a31657d0683a5e8d6a164a40d935aba13484b397"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/pd/mini_lb.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23835, "scanner": "repobility-threat-engine", "fingerprint": "f0d4c2da071d51ac1d454166d58afa5aec426c8b41971a3b60b4337febf8dc0e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(segments_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f0d4c2da071d51ac1d454166d58afa5aec426c8b41971a3b60b4337febf8dc0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/runtime/cache/storage/mooncake_store/mooncake_store.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23834, "scanner": "repobility-threat-engine", "fingerprint": "28dfef21f5dbd3445d7ca6a10be8100f035d7e2f493fdb82db0c974908a016ef", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n    a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|28dfef21f5dbd3445d7ca6a10be8100f035d7e2f493fdb82db0c974908a016ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tokenspeed/bench.py"}, "region": {"startLine": 285}}}]}]}]}