Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
176 of your 328 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 23.7s · analysis 13.72s · 34.9 MB · GitHub API rate-limit (preflight)

pewdiepie-archdaemon/odysseus

https://github.com/pewdiepie-archdaemon/odysseus · scanned 2026-06-05 11:19 UTC (5 days, 12 hours ago) · 10 languages

1909 raw signals (307 security + 1602 graph) 11/13 scanners ran 95th percentile · Python · large (100-500K LoC) System graph score 66 (higher by 24)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 12 hours ago · v2 · 944 actionable findings from 2 signal sources. 164 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
78.9
/100
Security checks
92
161 findings
System graph
66
100.0% cov · 783 findings
Critical
5
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 100.0 0.25 25.00
testing_score 100.0 0.20 20.00
documentation_score 100.0 0.15 15.00
practices_score 88.0 0.15 13.20
code_quality 45.0 0.10 4.50
Overall 1.00 90.5
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 5 High 470 Medium 58 Low 194 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 161 System graph 783 Crowd 0 Layer: Software 49 Quality 382 Security 284 Cicd 9 Frontend 11 Network 2 Hardware 3 Api 204
Scan summary Quality grade A (90/100). Dimensions: security 100, maintainability 85. 307 findings (81 security). 263,886 lines analyzed.

Showing 727 of 944 actionable findings. 1108 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks quality Quality conf 1.00 ✓ Repobility [MINED007] Sql String Concat: cursor.execute(f"... {user_input} ...") — SQL injection.
Review and fix per the pattern semantics. See CWE-89 / A03:2021 for context.
scripts/update_database.py:38
high Security checks quality Quality conf 1.00 ✓ Repobility 6 occurrences [MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes.
Add `import html` at the top of the file.
6 files, 6 locations
app.py:736
routes/contacts_routes.py:529
routes/document_helpers.py:223
scripts/pr_blocker_audit.py:211
src/integrations.py:155
src/tool_implementations.py:4243
critical Security checks software dependencies conf 0.90 ✓ Repobility [MINED123] Trojan Source bidi character (LRM) in source: Line 5 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer.
Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source.
static/lib/mammoth.browser.min.js:5
critical Security checks software dependencies conf 0.90 ✓ Repobility [MINED123] Trojan Source bidi character (LRM) in source: Line 69 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer.
Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source.
static/lib/xlsx.full.min.js:69
critical System graph security Secrets conf 1.00 Possible secret in scripts/demo_email/demo_account.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
scripts/demo_email/demo_account.py:28
critical System graph security Secrets conf 1.00 2 occurrences Possible secret in setup.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 60, 64
setup.py:60, 64 (2 hits)
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /api/presets/templates/{template_id}.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/preset_routes.py:64
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /{uid}.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/contacts_routes.py:782
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{memory_id}.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/memory_routes.py:496
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/gallery/{image_id}/ai-tag.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/gallery_routes.py:1700
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/gallery/{image_id}/rename.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/gallery_routes.py:163
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/gallery/{image_id}/rotate.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/gallery_routes.py:189
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /{comp_id}/vote.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/compare_routes.py:149
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /{memory_id}/pin.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/memory_routes.py:482
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /{memory_id}.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/memory_routes.py:507
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /{uid}.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
routes/contacts_routes.py:765
low Security checks quality Quality conf 1.00 ✓ Repobility [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.
Review and fix per the pattern semantics. See CWE-705 / for context.
src/builtin_mcp.py:115
low Security checks quality Quality conf 1.00 ✓ Repobility [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.
Review and fix per the pattern semantics. See CWE-705 / for context.
scripts/_lib/cli.py:115
high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — React skips re-render on mutated reference.
Review and fix per the pattern semantics. See CWE-682 / for context.
3 files, 3 locations
static/js/editor/ai-tool-runner.js:100
static/js/editor/ai-tools-misc.js:135
static/js/editor/clipboard-and-drop.js:44
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_account_config: Test function `test_account_config` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/email_routes.py:3079
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/calendar_routes.py:607
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_integration_route: Test function `test_integration_route` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/auth_routes.py:517
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_model_endpoint: Test function `test_model_endpoint` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/model_routes.py:1612
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_research: Test function `test_research` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/diagnostics_routes.py:61
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_skill: Test function `test_skill` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/skills_routes.py:1264
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_skill_status: Test function `test_skill_status` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/skills_routes.py:1327
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_webhook: Test function `test_webhook` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/webhook_routes.py:143
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED106] Phantom test coverage: test_youtube: Test function `test_youtube` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
Add an explicit assertion that captures the test's intent, or remove the test.
routes/diagnostics_routes.py:40
high Security checks quality Quality conf 1.00 ✓ Repobility 25 occurrences [MINED108] `self._last_used_memories` used but never assigned in __init__: Method `build_context_preface` of class `ChatProcessor` reads `self._last_used_memories`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._last_used_memories = <default>` in __init__, or add a class-level default.
2 files, 25 locations
src/task_scheduler.py:444, 453, 508, 528, 571, 616, 647, 648, +12 more (21 hits)
src/chat_processor.py:203, 218, 223, 234 (4 hits)
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI DELETE /api/gallery/albums/{album_id} has no auth: Handler `delete_album` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1633
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI DELETE /api/gallery/{image_id} has no auth: Handler `delete_gallery_image` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:809
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI PATCH /api/gallery/{image_id} has no auth: Handler `patch_gallery_image` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:625
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/ai-tag-batch has no auth: Handler `ai_tag_batch` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:580
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/ai-upscale has no auth: Handler `gallery_ai_upscale` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:247
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/albums has no auth: Handler `create_album` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:532
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/albums/{album_id}/add has no auth: Handler `add_to_album` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1648
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/albums/{album_id}/remove has no auth: Handler `remove_from_album` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1666
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/clear-ai-tags has no auth: Handler `clear_gallery_ai_tags` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:748
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/clear-user-tags has no auth: Handler `clear_gallery_user_tags` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:724
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/dedupe-tags has no auth: Handler `dedupe_gallery_tags` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:774
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/download-zip has no auth: Handler `gallery_download_zip` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:669
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/style-transfer has no auth: Handler `gallery_style_transfer` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:290
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/upload has no auth: Handler `gallery_upload` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:40
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/{image_id}/rename has no auth: Handler `gallery_rename` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:164
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/{image_id}/replace has no auth: Handler `gallery_replace` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:119
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/gallery/{image_id}/rotate has no auth: Handler `gallery_rotate` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:190
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/image/denoise has no auth: Handler `denoise_image` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1341
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/image/enhance-face has no auth: Handler `enhance_face` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1529
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/image/harmonize has no auth: Handler `harmonize_image` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1118
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/image/inpaint has no auth: Handler `inpaint_proxy` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:921
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/image/remove-bg has no auth: Handler `remove_background` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1436
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/image/sharpen has no auth: Handler `sharpen_image` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1317
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /api/image/upscale-local has no auth: Handler `upscale_image_local` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1391
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI PUT /api/gallery/albums/{album_id} has no auth: Handler `update_album` is registered with router/app.put(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
routes/gallery_routes.py:1612
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Replace with: `FROM python:3.12-slim@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot).
Dockerfile:1
high Security checks security Injection conf 0.50 [SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.
Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = ?', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters.
scripts/update_database.py:63
high Security checks security path traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
static/sw.js:122
high Security checks security Crypto conf 1.00 [SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`.
Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`.
src/cookbook_serve_lifecycle.py:102
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 4 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lo…
2 files, 4 locations
.github/workflows/issue-description-check.yml:17, 20 (2 hits)
.github/workflows/pr-description-check.yml:21, 25 (2 hits)
CI/CD securitySupply chainGitHub Actions
high Security checks security prompt injection conf 0.82 LLM memory extraction can be prompt-injected into storing fake facts
Validate extracted facts with a schema, enforce length and count limits, reject code-fence/prompt-looking content, and discard facts that contain instruction-like phrases or raw JSON prompt fragments.
src/research_handler.py:94
high Security checks security prompt injection conf 0.80 User-editable role instructions are inserted into the system prompt
Limit role instruction length, strip control characters, store it as quoted untrusted role description, and append a non-overridable safety/policy footer after the user-editable section.
src/agent_loop.py:1
high System graph quality Integrity conf 1.00 Blocking `httpx.get(...)` inside `async def do_generate_image` — src/ai_interaction.py:1729
Sync I/O inside an async function blocks the event loop. While `httpx.get(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_threa…
src/ai_interaction.py:1729 Sync io in asyncPerformance
high System graph quality Integrity conf 1.00 Blocking `httpx.get(...)` inside `async def do_list_models` — src/ai_interaction.py:1131
Sync I/O inside an async function blocks the event loop. While `httpx.get(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_threa…
src/ai_interaction.py:1131 Sync io in asyncPerformance
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/admin/wipe/${kind} (static/js/admin.js:2154)
`static/js/admin.js:2154` calls `DELETE /api/admin/wipe/${kind}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/admin/wipe/<p>` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/auth/integrations/${id} (static/js/settings.js:3100)
`static/js/settings.js:3100` calls `DELETE /api/auth/integrations/${id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations/<p>` If this points at an external API, prefix it with `https://` so the matc…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/auth/integrations/${id} (static/js/settings.js:3328)
`static/js/settings.js:3328` calls `DELETE /api/auth/integrations/${id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations/<p>` If this points at an external API, prefix it with `https://` so the matc…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/auth/users (static/js/admin.js:191)
`static/js/admin.js:191` calls `DELETE /api/auth/users` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/users` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/contacts/clear (static/js/settings.js:3331)
`static/js/settings.js:3331` calls `DELETE /api/contacts/clear` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/clear` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/email/accounts/${id} (static/js/settings.js:2606)
`static/js/settings.js:2606` calls `DELETE /api/email/accounts/${id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts/<p>` If this points at an external API, prefix it with `https://` so the matcher sk…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/email/accounts/${id} (static/js/settings.js:3336)
`static/js/settings.js:3336` calls `DELETE /api/email/accounts/${id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts/<p>` If this points at an external API, prefix it with `https://` so the matcher sk…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/mcp/servers/${btn.dataset.admMcpDelete} (static/js/admin.js:1487)
`static/js/admin.js:1487` calls `DELETE /api/mcp/servers/${btn.dataset.admMcpDelete}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>` If this points at an external API, prefix it with `https://` so t…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: DELETE /api/mcp/servers/${id} (static/js/settings.js:3337)
`static/js/settings.js:3337` calls `DELETE /api/mcp/servers/${id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/2fa/status (static/js/settings.js:2053)
`static/js/settings.js:2053` calls `GET /api/auth/2fa/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/2fa/status` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/features (static/js/admin.js:2017)
`static/js/admin.js:2017` calls `GET /api/auth/features` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/features` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/features (static/js/censor.js:62)
`static/js/censor.js:62` calls `GET /api/auth/features` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/features` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations (static/js/settings.js:2287)
`static/js/settings.js:2287` calls `GET /api/auth/integrations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations (static/js/settings.js:2350)
`static/js/settings.js:2350` calls `GET /api/auth/integrations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations (static/js/settings.js:2973)
`static/js/settings.js:2973` calls `GET /api/auth/integrations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations (static/js/settings.js:3006)
`static/js/settings.js:3006` calls `GET /api/auth/integrations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations (static/js/settings.js:3201)
`static/js/settings.js:3201` calls `GET /api/auth/integrations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations (static/js/settings.js:3477)
`static/js/settings.js:3477` calls `GET /api/auth/integrations` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations/presets (static/js/settings.js:2946)
`static/js/settings.js:2946` calls `GET /api/auth/integrations/presets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations/presets` If this points at an external API, prefix it with `https://` so the m…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/integrations/presets (static/js/settings.js:3364)
`static/js/settings.js:3364` calls `GET /api/auth/integrations/presets` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations/presets` If this points at an external API, prefix it with `https://` so the m…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/emailLibrary.js:322)
`static/js/emailLibrary.js:322` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/keyboard-shortcuts.js:59)
`static/js/keyboard-shortcuts.js:59` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:1025)
`static/js/settings.js:1025` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:1128)
`static/js/settings.js:1128` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:1149)
`static/js/settings.js:1149` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:1425)
`static/js/settings.js:1425` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:1538)
`static/js/settings.js:1538` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:1566)
`static/js/settings.js:1566` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:1812)
`static/js/settings.js:1812` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:2217)
`static/js/settings.js:2217` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:2298)
`static/js/settings.js:2298` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:2360)
`static/js/settings.js:2360` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:2404)
`static/js/settings.js:2404` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:461)
`static/js/settings.js:461` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:526)
`static/js/settings.js:526` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:613)
`static/js/settings.js:613` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:705)
`static/js/settings.js:705` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:767)
`static/js/settings.js:767` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/settings.js:857)
`static/js/settings.js:857` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/tasks.js:185)
`static/js/tasks.js:185` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/settings (static/js/tts-ai.js:35)
`static/js/tts-ai.js:35` calls `GET /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/status (static/js/admin.js:265)
`static/js/admin.js:265` calls `GET /api/auth/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/status` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/status (static/js/init.js:29)
`static/js/init.js:29` calls `GET /api/auth/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/status` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/status (static/js/settings.js:2000)
`static/js/settings.js:2000` calls `GET /api/auth/status` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/status` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auth/users (static/js/admin.js:35)
`static/js/admin.js:35` calls `GET /api/auth/users` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/users` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/calendar/calendars (static/js/cookbookSchedule.js:296)
`static/js/cookbookSchedule.js:296` calls `GET /api/calendar/calendars` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/calendar/calendars` If this points at an external API, prefix it with `https://` so the matcher …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/calendar/config (static/js/settings.js:3202)
`static/js/settings.js:3202` calls `GET /api/calendar/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/calendar/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/calendar/config (static/js/settings.js:3556)
`static/js/settings.js:3556` calls `GET /api/calendar/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/calendar/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/contacts/config (static/js/settings.js:2775)
`static/js/settings.js:2775` calls `GET /api/contacts/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/contacts/config (static/js/settings.js:3203)
`static/js/settings.js:3203` calls `GET /api/contacts/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/contacts/config (static/js/settings.js:3664)
`static/js/settings.js:3664` calls `GET /api/contacts/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/contacts/export?format=${encodeURIComponent(format)} (static/js/settings.js:3709)
`static/js/settings.js:3709` calls `GET /api/contacts/export?format=${encodeURIComponent(format)}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/export` If this points at an external API, prefix it with `h…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/contacts/list (static/js/settings.js:3204)
`static/js/settings.js:3204` calls `GET /api/contacts/list` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/list` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/contacts/list (static/js/settings.js:3784)
`static/js/settings.js:3784` calls `GET /api/contacts/list` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/list` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/email/accounts (static/js/settings.js:2270)
`static/js/settings.js:2270` calls `GET /api/email/accounts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/email/accounts (static/js/settings.js:2340)
`static/js/settings.js:2340` calls `GET /api/email/accounts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/email/accounts (static/js/settings.js:2564)
`static/js/settings.js:2564` calls `GET /api/email/accounts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/email/accounts (static/js/settings.js:3205)
`static/js/settings.js:3205` calls `GET /api/email/accounts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/email/accounts (static/js/settings.js:3872)
`static/js/settings.js:3872` calls `GET /api/email/accounts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/email/config (static/js/settings.js:2760)
`static/js/settings.js:2760` calls `GET /api/email/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/email/style (static/js/settings.js:2784)
`static/js/settings.js:2784` calls `GET /api/email/style` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/style` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/fonts/custom (static/js/theme.js:1108)
`static/js/theme.js:1108` calls `GET /api/fonts/custom` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/fonts/custom` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hwfit/models?${fallbackParams} (static/js/cookbook-hwfit.js:545)
`static/js/cookbook-hwfit.js:545` calls `GET /api/hwfit/models?${fallbackParams}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hwfit/models` If this points at an external API, prefix it with `https://` so the matc…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hwfit/profiles?${params} (static/js/cookbookServe.js:877)
`static/js/cookbookServe.js:877` calls `GET /api/hwfit/profiles?${params}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hwfit/profiles` If this points at an external API, prefix it with `https://` so the matcher s…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hwfit/system?${qp} (static/js/cookbook.js:1355)
`static/js/cookbook.js:1355` calls `GET /api/hwfit/system?${qp}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hwfit/system` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/mcp/servers (static/js/admin.js:1439)
`static/js/admin.js:1439` calls `GET /api/mcp/servers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/mcp/servers (static/js/settings.js:3206)
`static/js/settings.js:3206` calls `GET /api/mcp/servers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/mcp/servers (static/js/settings.js:4491)
`static/js/settings.js:4491` calls `GET /api/mcp/servers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/mcp/servers (static/js/settings.js:4517)
`static/js/settings.js:4517` calls `GET /api/mcp/servers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/mcp/servers/${sid}/tools (static/js/admin.js:1513)
`static/js/admin.js:1513` calls `GET /api/mcp/servers/${sid}/tools` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>/tools` If this points at an external API, prefix it with `https://` so the matcher s…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/mcp/servers/${srv.id}/tools (static/js/settings.js:4564)
`static/js/settings.js:4564` calls `GET /api/mcp/servers/${srv.id}/tools` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>/tools` If this points at an external API, prefix it with `https://` so the mat…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/model/cached${params} (static/js/cookbookServe.js:2137)
`static/js/cookbookServe.js:2137` calls `GET /api/model/cached${params}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/model/cached/<p>` If this points at an external API, prefix it with `https://` so the matcher s…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/personal (static/js/admin.js:1780)
`static/js/admin.js:1780` calls `GET /api/personal` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/personal` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/prefs/custom-themes (static/js/theme.js:2067)
`static/js/theme.js:2067` calls `GET /api/prefs/custom-themes` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/prefs/custom-themes` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/prefs/theme (static/js/theme.js:480)
`static/js/theme.js:480` calls `GET /api/prefs/theme` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/prefs/theme` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/stt/stats (static/js/voiceRecorder.js:31)
`static/js/voiceRecorder.js:31` calls `GET /api/stt/stats` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/stt/stats` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/tts/stats (static/js/tts-ai.js:44)
`static/js/tts-ai.js:44` calls `GET /api/tts/stats` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/tts/stats` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/upload/${att.id}/vision (static/js/chatRenderer.js:388)
`static/js/chatRenderer.js:388` calls `GET /api/upload/${att.id}/vision` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/upload/<p>/vision` If this points at an external API, prefix it with `https://` so the matcher …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/vault/config (static/js/settings.js:3207)
`static/js/settings.js:3207` calls `GET /api/vault/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/vault/config (static/js/settings.js:4356)
`static/js/settings.js:4356` calls `GET /api/vault/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PATCH /api/mcp/servers/${btn.dataset.admMcpToggle} (static/js/admin.js:1480)
`static/js/admin.js:1480` calls `PATCH /api/mcp/servers/${btn.dataset.admMcpToggle}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>` If this points at an external API, prefix it with `https://` so th…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PATCH /api/mcp/servers/${serverId}/tools (static/js/admin.js:1557)
`static/js/admin.js:1557` calls `PATCH /api/mcp/servers/${serverId}/tools` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>/tools` If this points at an external API, prefix it with `https://` so the ma…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PATCH /api/mcp/servers/${srv.id} (static/js/settings.js:4555)
`static/js/settings.js:4555` calls `PATCH /api/mcp/servers/${srv.id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>` If this points at an external API, prefix it with `https://` so the matcher skips…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PATCH /api/mcp/servers/${srv.id}/tools (static/js/settings.js:4572)
`static/js/settings.js:4572` calls `PATCH /api/mcp/servers/${srv.id}/tools` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>/tools` If this points at an external API, prefix it with `https://` so the m…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/2fa/confirm (static/js/settings.js:2118)
`static/js/settings.js:2118` calls `POST /api/auth/2fa/confirm` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/2fa/confirm` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/2fa/disable (static/js/settings.js:2072)
`static/js/settings.js:2072` calls `POST /api/auth/2fa/disable` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/2fa/disable` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/2fa/setup (static/js/settings.js:2092)
`static/js/settings.js:2092` calls `POST /api/auth/2fa/setup` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/2fa/setup` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/change-password (static/js/settings.js:2028)
`static/js/settings.js:2028` calls `POST /api/auth/change-password` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/change-password` If this points at an external API, prefix it with `https://` so the matcher sk…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/features (static/js/admin.js:2027)
`static/js/admin.js:2027` calls `POST /api/auth/features` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/features` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/integrations/${_editId}/test (static/js/settings.js:3529)
`static/js/settings.js:3529` calls `POST /api/auth/integrations/${_editId}/test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations/<p>/test` If this points at an external API, prefix it with `https://…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/integrations/${editingId}/test (static/js/settings.js:3086)
`static/js/settings.js:3086` calls `POST /api/auth/integrations/${editingId}/test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/integrations/<p>/test` If this points at an external API, prefix it with `https:…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/logout (static/js/settings.js:2151)
`static/js/settings.js:2151` calls `POST /api/auth/logout` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/logout` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:1039)
`static/js/settings.js:1039` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:1194)
`static/js/settings.js:1194` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:1331)
`static/js/settings.js:1331` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:1488)
`static/js/settings.js:1488` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:1546)
`static/js/settings.js:1546` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:1588)
`static/js/settings.js:1588` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:1970)
`static/js/settings.js:1970` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:2227)
`static/js/settings.js:2227` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:2429)
`static/js/settings.js:2429` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:294)
`static/js/settings.js:294` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:476)
`static/js/settings.js:476` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:546)
`static/js/settings.js:546` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:644)
`static/js/settings.js:644` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:722)
`static/js/settings.js:722` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:795)
`static/js/settings.js:795` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/settings.js:877)
`static/js/settings.js:877` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/settings (static/js/tasks.js:198)
`static/js/tasks.js:198` calls `POST /api/auth/settings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/settings` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/signup-toggle (static/js/admin.js:271)
`static/js/admin.js:271` calls `POST /api/auth/signup-toggle` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/signup-toggle` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/auth/users (static/js/admin.js:289)
`static/js/admin.js:289` calls `POST /api/auth/users` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/users` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/calendar/calendars?name=Cookbook&color=%233b82f6 (static/js/cookbookSchedule.js:300)
`static/js/cookbookSchedule.js:300` calls `POST /api/calendar/calendars?name=Cookbook&color=%233b82f6` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/calendar/calendars` If this points at an external API, prefix it …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/calendar/config (static/js/settings.js:3329)
`static/js/settings.js:3329` calls `POST /api/calendar/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/calendar/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/calendar/config (static/js/settings.js:3600)
`static/js/settings.js:3600` calls `POST /api/calendar/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/calendar/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/calendar/test (static/js/settings.js:3571)
`static/js/settings.js:3571` calls `POST /api/calendar/test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/calendar/test` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/contacts/add (static/js/settings.js:3698)
`static/js/settings.js:3698` calls `POST /api/contacts/add` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/add` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/contacts/import (static/js/settings.js:3750)
`static/js/settings.js:3750` calls `POST /api/contacts/import` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/import` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/copilot/device/poll (static/js/admin.js:969)
`static/js/admin.js:969` calls `POST /api/copilot/device/poll` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/copilot/device/poll` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/copilot/device/start (static/js/admin.js:929)
`static/js/admin.js:929` calls `POST /api/copilot/device/start` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/copilot/device/start` If this points at an external API, prefix it with `https://` so the matcher skips …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/email/accounts/${id}/set-default (static/js/settings.js:2596)
`static/js/settings.js:2596` calls `POST /api/email/accounts/${id}/set-default` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts/<p>/set-default` If this points at an external API, prefix it with `https…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/email/accounts/test (static/js/settings.js:4233)
`static/js/settings.js:4233` calls `POST /api/email/accounts/test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/accounts/test` If this points at an external API, prefix it with `https://` so the matcher skip…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/email/extract-style (static/js/settings.js:2872)
`static/js/settings.js:2872` calls `POST /api/email/extract-style` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/extract-style` If this points at an external API, prefix it with `https://` so the matcher skip…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/mcp/oauth/exchange/${id} (static/js/settings.js:4473)
`static/js/settings.js:4473` calls `POST /api/mcp/oauth/exchange/${id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/oauth/exchange/<p>` If this points at an external API, prefix it with `https://` so the matc…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/mcp/servers (static/js/admin.js:1756)
`static/js/admin.js:1756` calls `POST /api/mcp/servers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/mcp/servers (static/js/settings.js:4630)
`static/js/settings.js:4630` calls `POST /api/mcp/servers` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/mcp/servers/${btn.dataset.admMcpReconnect}/reconnect (static/js/admin.js:1469)
`static/js/admin.js:1469` calls `POST /api/mcp/servers/${btn.dataset.admMcpReconnect}/reconnect` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>/reconnect` If this points at an external API, prefix it…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/mcp/servers/${srv.id}/reconnect (static/js/settings.js:4545)
`static/js/settings.js:4545` calls `POST /api/mcp/servers/${srv.id}/reconnect` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/mcp/servers/<p>/reconnect` If this points at an external API, prefix it with `https://` s…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/notes/fire-reminder (static/js/notes.js:957)
`static/js/notes.js:957` calls `POST /api/notes/fire-reminder` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/notes/fire-reminder` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/notes/fire-reminder (static/js/settings.js:2490)
`static/js/settings.js:2490` calls `POST /api/notes/fire-reminder` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/notes/fire-reminder` If this points at an external API, prefix it with `https://` so the matcher skip…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/personal/add_directory (static/js/admin.js:1860)
`static/js/admin.js:1860` calls `POST /api/personal/add_directory` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/personal/add_directory` If this points at an external API, prefix it with `https://` so the matcher s…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/personal/reload (static/js/admin.js:1871)
`static/js/admin.js:1871` calls `POST /api/personal/reload` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/personal/reload` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/personal/upload (static/js/admin.js:1839)
`static/js/admin.js:1839` calls `POST /api/personal/upload` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/personal/upload` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/stt/transcribe (static/js/voiceRecorder.js:115)
`static/js/voiceRecorder.js:115` calls `POST /api/stt/transcribe` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/stt/transcribe` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/tts/clear-cache (static/js/settings.js:886)
`static/js/settings.js:886` calls `POST /api/tts/clear-cache` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/tts/clear-cache` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/tts/synthesize (static/js/settings.js:944)
`static/js/settings.js:944` calls `POST /api/tts/synthesize` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/tts/synthesize` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/tts/synthesize (static/js/tts-ai.js:132)
`static/js/tts-ai.js:132` calls `POST /api/tts/synthesize` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/tts/synthesize` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/vault/config (static/js/settings.js:4379)
`static/js/settings.js:4379` calls `POST /api/vault/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/vault/lock (static/js/settings.js:4432)
`static/js/settings.js:4432` calls `POST /api/vault/lock` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/lock` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/vault/login (static/js/settings.js:4396)
`static/js/settings.js:4396` calls `POST /api/vault/login` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/login` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/vault/logout (static/js/settings.js:3339)
`static/js/settings.js:3339` calls `POST /api/vault/logout` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/logout` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/vault/logout (static/js/settings.js:4442)
`static/js/settings.js:4442` calls `POST /api/vault/logout` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/logout` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST /api/vault/unlock (static/js/settings.js:4415)
`static/js/settings.js:4415` calls `POST /api/vault/unlock` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/vault/unlock` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/auth/users/${encodeURIComponent(oldUsername)}/rename (static/js/admin.js:162)
`static/js/admin.js:162` calls `PUT /api/auth/users/${encodeURIComponent(oldUsername)}/rename` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/users/<p>/rename` If this points at an external API, prefix it with …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/auth/users/${encodeURIComponent(username)}/privileges (static/js/admin.js:136)
`static/js/admin.js:136` calls `PUT /api/auth/users/${encodeURIComponent(username)}/privileges` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/users/<p>/privileges` If this points at an external API, prefix it …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/auth/users/${encodeURIComponent(username)}/privileges (static/js/admin.js:239)
`static/js/admin.js:239` calls `PUT /api/auth/users/${encodeURIComponent(username)}/privileges` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auth/users/<p>/privileges` If this points at an external API, prefix it …
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/contacts/config (static/js/settings.js:2831)
`static/js/settings.js:2831` calls `PUT /api/contacts/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/contacts/config (static/js/settings.js:3334)
`static/js/settings.js:3334` calls `PUT /api/contacts/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/contacts/config (static/js/settings.js:3672)
`static/js/settings.js:3672` calls `PUT /api/contacts/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/contacts/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/email/config (static/js/settings.js:2807)
`static/js/settings.js:2807` calls `PUT /api/email/config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/config` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/email/style (static/js/settings.js:2898)
`static/js/settings.js:2898` calls `PUT /api/email/style` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/email/style` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/prefs/custom-themes (static/js/theme.js:121)
`static/js/theme.js:121` calls `PUT /api/prefs/custom-themes` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/prefs/custom-themes` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/prefs/theme (static/js/theme.js:469)
`static/js/theme.js:469` calls `PUT /api/prefs/theme` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/prefs/theme` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/tasks/${encodeURIComponent(data.id)} (static/js/cookbookSchedule.js:353)
`static/js/cookbookSchedule.js:353` calls `PUT /api/tasks/${encodeURIComponent(data.id)}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/tasks/<p>` If this points at an external API, prefix it with `https://` so the…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: PUT /api/upload/${att.id}/vision (static/js/chatRenderer.js:324)
`static/js/chatRenderer.js:324` calls `PUT /api/upload/${att.id}/vision` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/upload/<p>/vision` If this points at an external API, prefix it with `https://` so the matcher …
Dangling fetchFetch
high System graph security auth conf 1.00 FastAPI DELETE `admin_delete_user` without auth dependency — routes/auth_routes.py:378
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/auth_routes.py:378 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `clear_endpoint` without auth dependency — routes/embedding_routes.py:323
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/embedding_routes.py:323 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `codex_calendar_delete` without auth dependency — routes/codex_routes.py:356
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:356 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `codex_documents_delete` without auth dependency — routes/codex_routes.py:363
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:363 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `codex_memory_delete` without auth dependency — routes/codex_routes.py:349
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:349 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_album` without auth dependency — routes/gallery_routes.py:1653
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:1653 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_all_sessions` without auth dependency — routes/session_routes.py:597
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/session_routes.py:597 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_calendar` without auth dependency — routes/calendar_routes.py:993
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/calendar_routes.py:993 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_comparison` without auth dependency — routes/compare_routes.py:258
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/compare_routes.py:258 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_document` without auth dependency — routes/document_routes.py:631
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/document_routes.py:631 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_draft` without auth dependency — routes/editor_draft_routes.py:169
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/editor_draft_routes.py:169 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_event` without auth dependency — routes/calendar_routes.py:921
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/calendar_routes.py:921 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_gallery_image` without auth dependency — routes/gallery_routes.py:829
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:829 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_integration_route` without auth dependency — routes/auth_routes.py:505
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/auth_routes.py:505 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_memory` without auth dependency — routes/memory_routes.py:529
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/memory_routes.py:529 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_model_endpoint` without auth dependency — routes/model_routes.py:2039
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/model_routes.py:2039 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_model` without auth dependency — routes/embedding_routes.py:216
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/embedding_routes.py:216 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_note` without auth dependency — routes/note_routes.py:594
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/note_routes.py:594 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_server` without auth dependency — routes/mcp_routes.py:350
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/mcp_routes.py:350 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_session` without auth dependency — routes/session_routes.py:563
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/session_routes.py:563 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_signature` without auth dependency — routes/signature_routes.py:130
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/signature_routes.py:130 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_skill` without auth dependency — routes/skills_routes.py:1518
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/skills_routes.py:1518 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_task` without auth dependency — routes/task_routes.py:722
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/task_routes.py:722 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_token` without auth dependency — routes/api_token_routes.py:178
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/api_token_routes.py:178 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_webhook` without auth dependency — routes/webhook_routes.py:171
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/webhook_routes.py:171 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `research_delete` without auth dependency — routes/research_routes.py:310
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/research_routes.py:310 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `reset_builtin_override` without auth dependency — routes/skills_routes.py:1193
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/skills_routes.py:1193 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `wipe` without auth dependency — routes/admin_wipe_routes.py:71
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/admin_wipe_routes.py:71 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `patch_document` without auth dependency — routes/document_routes.py:594
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/document_routes.py:594 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `patch_gallery_image` without auth dependency — routes/gallery_routes.py:645
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:645 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `rename_session` without auth dependency — routes/session_routes.py:438
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/session_routes.py:438 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `toggle_model_endpoint` without auth dependency — routes/model_routes.py:1882
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/model_routes.py:1882 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `toggle_server` without auth dependency — routes/mcp_routes.py:317
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/mcp_routes.py:317 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `toggle_webhook` without auth dependency — routes/webhook_routes.py:157
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/webhook_routes.py:157 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_assistant_settings` without auth dependency — routes/assistant_routes.py:155
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/assistant_routes.py:155 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_disabled_tools` without auth dependency — routes/mcp_routes.py:395
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/mcp_routes.py:395 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_hidden_models` without auth dependency — routes/model_routes.py:1743
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/model_routes.py:1743 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_token` without auth dependency — routes/api_token_routes.py:151
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/api_token_routes.py:151 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `add_message` without auth dependency — routes/history_routes.py:138
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/history_routes.py:138 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `add_server` without auth dependency — routes/mcp_routes.py:152
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/mcp_routes.py:152 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `add_skill` without auth dependency — routes/skills_routes.py:1206
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/skills_routes.py:1206 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `add_to_album` without auth dependency — routes/gallery_routes.py:1668
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:1668 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `admin_create_user` without auth dependency — routes/auth_routes.py:257
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/auth_routes.py:257 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `ai_fill_annotations` without auth dependency — routes/document_routes.py:1118
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/document_routes.py:1118 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `ai_tag_batch` without auth dependency — routes/gallery_routes.py:600
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:600 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `ai_tag_image` without auth dependency — routes/gallery_routes.py:1721
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:1721 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `ai_tidy_documents` without auth dependency — routes/document_routes.py:847
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/document_routes.py:847 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `api_add_memory` without auth dependency — routes/memory_routes.py:84
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/memory_routes.py:84 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `api_audit_memories` without auth dependency — routes/memory_routes.py:252
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/memory_routes.py:252 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `api_upload` without auth dependency — routes/upload_routes.py:54
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/upload_routes.py:54 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `archive_document` without auth dependency — routes/document_routes.py:393
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/document_routes.py:393 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `archive_session` without auth dependency — routes/session_routes.py:620
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/session_routes.py:620 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `audit_all_skills` without auth dependency — routes/skills_routes.py:1344
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/skills_routes.py:1344 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `audit_cancel` without auth dependency — routes/skills_routes.py:1433
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/skills_routes.py:1433 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `auto_sort_sessions` without auth dependency — routes/session_routes.py:980
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/session_routes.py:980 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `bulk_delete_sessions` without auth dependency — routes/session_routes.py:537
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/session_routes.py:537 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `change_password` without auth dependency — routes/auth_routes.py:176
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/auth_routes.py:176 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `chat_endpoint` without auth dependency — routes/chat_routes.py:269
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/chat_routes.py:269 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `chat_stop` without auth dependency — routes/chat_routes.py:1137
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/chat_routes.py:1137 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `chat_stream` without auth dependency — routes/chat_routes.py:367
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/chat_routes.py:367 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `cleanup_endpoint` without auth dependency — routes/cleanup_routes.py:38
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/cleanup_routes.py:38 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `clear_gallery_ai_tags` without auth dependency — routes/gallery_routes.py:768
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:768 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `clear_gallery_user_tags` without auth dependency — routes/gallery_routes.py:744
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:744 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `clear_task_cache` without auth dependency — routes/task_routes.py:543
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/task_routes.py:543 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `clear_tts_cache` without auth dependency — routes/tts_routes.py:77
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/tts_routes.py:77 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_calendar_create` without auth dependency — routes/codex_routes.py:303
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:303 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_cookbook_adopt` without auth dependency — routes/codex_routes.py:697
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:697 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_cookbook_serve_preset` without auth dependency — routes/codex_routes.py:647
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:647 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_cookbook_serve` without auth dependency — routes/codex_routes.py:506
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:506 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_cookbook_stop` without auth dependency — routes/codex_routes.py:545
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:545 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_documents_create` without auth dependency — routes/codex_routes.py:370
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:370 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_email_draft` without auth dependency — routes/codex_routes.py:239
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:239 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_email_send` without auth dependency — routes/codex_routes.py:252
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:252 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `codex_memory_add` without auth dependency — routes/codex_routes.py:274
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/codex_routes.py:274 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `compact_session` without auth dependency — routes/history_routes.py:521
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/history_routes.py:521 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `compact_session` without auth dependency — routes/session_routes.py:901
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/session_routes.py:901 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_album` without auth dependency — routes/gallery_routes.py:552
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/gallery_routes.py:552 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_calendar` without auth dependency — routes/calendar_routes.py:950
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/calendar_routes.py:950 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_document` without auth dependency — routes/document_routes.py:61
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/document_routes.py:61 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_draft` without auth dependency — routes/editor_draft_routes.py:111
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/editor_draft_routes.py:111 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_event` without auth dependency — routes/calendar_routes.py:799
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/calendar_routes.py:799 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_integration` without auth dependency — routes/auth_routes.py:483
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/auth_routes.py:483 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_model_endpoint` without auth dependency — routes/model_routes.py:1419
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
routes/model_routes.py:1419 securityAuth fastapi unauth mutation

Showing first 300 of 727. Refine filters or use the findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/3e786ddc-fe92-4f11-a9f1-0a8e6f225890/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/3e786ddc-fe92-4f11-a9f1-0a8e6f225890/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.