{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `fetch_contributors` has cognitive complexity 8 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `fetch_contributors` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 32 more): Same pattern found in 32 additional files", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 7 more): Same pattern found in 7 additional files. ", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 28 more): Same pattern found in 28 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 129 more): Same pattern found in 129 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 129 more): Same pattern found in 129 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 41 more): Same pattern found in 41 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 41 more): Same pattern found in 41 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "[MINED113] Express POST /webhook/response has no auth: Express route POST /webhook/response declared without an auth mid", "shortDescription": {"text": "[MINED113] Express POST /webhook/response has no auth: Express route POST /webhook/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 b"}, "fullDescription": {"text": "Add an auth middleware: app.post('/webhook/response', requireAuth, handler) \u2014 or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/543"}, "properties": {"repository": "humanlayer/12-factor-agents", "repoUrl": "https://github.com/humanlayer/12-factor-agents.git", "branch": "main"}, "results": [{"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 33483, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33541, "scanner": "repobility-ai-code-hygiene", "fingerprint": "edfc4a0ff7ca24a399c768bab8348307438a2aa4660e3ae162b52e7f10783830", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/12-1-server-init.ts", "duplicate_line": 5, "correlation_key": "fp|edfc4a0ff7ca24a399c768bab8348307438a2aa4660e3ae162b52e7f10783830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12a-server.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33540, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75d21b81b65d519d1c93522e9198d2dce5e5d4aa03b4e630e035eaf77361addd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/12-server.ts", "duplicate_line": 1, "correlation_key": "fp|75d21b81b65d519d1c93522e9198d2dce5e5d4aa03b4e630e035eaf77361addd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12a-server.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33539, "scanner": "repobility-ai-code-hygiene", "fingerprint": "43fd94efdbd7d7c5988d064c6818caafc0799d5365e79b4fa6fcf7181c3b55f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/12-1-server-init.ts", "duplicate_line": 5, "correlation_key": "fp|43fd94efdbd7d7c5988d064c6818caafc0799d5365e79b4fa6fcf7181c3b55f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12-server.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33538, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a22df798f5c0177407f10002f640f2b64ea74ad3f269a37383448f133db0d22f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/10-server.ts", "duplicate_line": 20, "correlation_key": "fp|a22df798f5c0177407f10002f640f2b64ea74ad3f269a37383448f133db0d22f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12-1-server-init.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33537, "scanner": "repobility-ai-code-hygiene", "fingerprint": "041da658a4cdebd9dcdac4492e85aee6a19a080e3419977ef43c91f02729b538", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/09-server.ts", "duplicate_line": 8, "correlation_key": "fp|041da658a4cdebd9dcdac4492e85aee6a19a080e3419977ef43c91f02729b538"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12-1-server-init.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33536, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a689d37c8d432eebfce33672a0aeea3721f020914721d8bd1be45d1c7b5ff11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/11b-cli.ts", "duplicate_line": 50, "correlation_key": "fp|1a689d37c8d432eebfce33672a0aeea3721f020914721d8bd1be45d1c7b5ff11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/11c-cli.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33535, "scanner": "repobility-ai-code-hygiene", "fingerprint": "967a221924e006dc30f87fd0e60aa85a919c120c154b01e00912d212f1811957", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/11-cli.ts", "duplicate_line": 1, "correlation_key": "fp|967a221924e006dc30f87fd0e60aa85a919c120c154b01e00912d212f1811957"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/11c-cli.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33534, "scanner": "repobility-ai-code-hygiene", "fingerprint": "651926d48d3d5951308d1be61cb6175db1169d13a6243cabbd48fedb5f07c5ca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/11-cli.ts", "duplicate_line": 1, "correlation_key": "fp|651926d48d3d5951308d1be61cb6175db1169d13a6243cabbd48fedb5f07c5ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/11b-cli.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33533, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9009daf5b461a10e11c27adc44cf4e8a0ce817f06d9d2d7159623dc646497f81", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/09-server.ts", "duplicate_line": 3, "correlation_key": "fp|9009daf5b461a10e11c27adc44cf4e8a0ce817f06d9d2d7159623dc646497f81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-server.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33532, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9785332358f43c13fd362f269743128aba00ccca17db7be52bd0006ffdf19fa0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/05-agent.ts", "duplicate_line": 42, "correlation_key": "fp|9785332358f43c13fd362f269743128aba00ccca17db7be52bd0006ffdf19fa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-agent.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33531, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c3aae46e1e8627dc6403ac738c8a8ca36b00dd7e2dea57eab8fc26da1b98d93", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03b-agent.ts", "duplicate_line": 13, "correlation_key": "fp|8c3aae46e1e8627dc6403ac738c8a8ca36b00dd7e2dea57eab8fc26da1b98d93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-agent.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33530, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da0a833f87030824e72fd74efbfce10e6f46a03368f4a2cf74b855dc268f2e51", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/07b-agent.ts", "duplicate_line": 1, "correlation_key": "fp|da0a833f87030824e72fd74efbfce10e6f46a03368f4a2cf74b855dc268f2e51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51ff5ec3ab43ccdcc3ec81c8b0874e89b984ffc76bb1e3d35bb97efe49e10df8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/05-agent.ts", "duplicate_line": 42, "correlation_key": "fp|51ff5ec3ab43ccdcc3ec81c8b0874e89b984ffc76bb1e3d35bb97efe49e10df8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/07b-agent.ts"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7590dff00ad9a6bd4680450a096dd8827f4ccd7d0cd5fe150e85c3d48a5033c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03b-agent.ts", "duplicate_line": 13, "correlation_key": "fp|e7590dff00ad9a6bd4680450a096dd8827f4ccd7d0cd5fe150e85c3d48a5033c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/07b-agent.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "645720aa9eeb33ad5a7483771514611da042bb63f2b50d77ec84a942e9967254", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/walkthrough/05-agent.ts", "duplicate_line": 42, "correlation_key": "fp|645720aa9eeb33ad5a7483771514611da042bb63f2b50d77ec84a942e9967254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/07-agent.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b41d22975c46ab1c8114e9239c7df133c5e26c88da255f16954dd874d27e755", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03b-agent.ts", "duplicate_line": 13, "correlation_key": "fp|8b41d22975c46ab1c8114e9239c7df133c5e26c88da255f16954dd874d27e755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/07-agent.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0859f2103524b1c5000a00cd81b5cdb44944a14b029e52fc1fef871037ad4035", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 3, "correlation_key": "fp|0859f2103524b1c5000a00cd81b5cdb44944a14b029e52fc1fef871037ad4035"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/05-agent.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "719a8d8eb750ff7f5356d640dc86112ab71bf0d14895e12da43be738b2ee965e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03b-agent.ts", "duplicate_line": 1, "correlation_key": "fp|719a8d8eb750ff7f5356d640dc86112ab71bf0d14895e12da43be738b2ee965e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/05-agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7b70519862e2700a27363bd93e4807515154c1b8762e2240f2d4ca9bc19c54c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 3, "correlation_key": "fp|7b70519862e2700a27363bd93e4807515154c1b8762e2240f2d4ca9bc19c54c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/03b-agent.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1dfd00ec0c6f8ab0c43461d44603ca8b1c9fa264c2ab9c885af5c32d70ce2022", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03b-agent.ts", "duplicate_line": 1, "correlation_key": "fp|1dfd00ec0c6f8ab0c43461d44603ca8b1c9fa264c2ab9c885af5c32d70ce2022"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/03b-agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0aa36eeee333e7361c6f29262e44fa044f86ce7776e9f1be812b23c8419e9938", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03-agent.ts", "duplicate_line": 5, "correlation_key": "fp|0aa36eeee333e7361c6f29262e44fa044f86ce7776e9f1be812b23c8419e9938"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/03-agent.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4862e43635dcb2fa907be9363df79e4c285ce02fc89dd00155765bef752ed70", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 1, "correlation_key": "fp|c4862e43635dcb2fa907be9363df79e4c285ce02fc89dd00155765bef752ed70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/03-agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "513b5beb5465faee77c7fe04227518eada0b937878264f82e9560080e51c9550", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-cli.ts", "duplicate_line": 1, "correlation_key": "fp|513b5beb5465faee77c7fe04227518eada0b937878264f82e9560080e51c9550"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/01-cli.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18bd23c3d0099a185bfdbb4f4e34b24c54b785a48192beea11c51190ad739a09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 1, "correlation_key": "fp|18bd23c3d0099a185bfdbb4f4e34b24c54b785a48192beea11c51190ad739a09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/01-agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e9c15b3f4e9d51925193ceafaff22435142ad597c5d05b57184c04a157b7626d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 3, "correlation_key": "fp|e9c15b3f4e9d51925193ceafaff22435142ad597c5d05b57184c04a157b7626d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03b-agent.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33516, "scanner": "repobility-ai-code-hygiene", "fingerprint": "268780726d9204c9bb751df3f47c53ab5d281062e3522153c9f17a46e1e26d60", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 1, "correlation_key": "fp|268780726d9204c9bb751df3f47c53ab5d281062e3522153c9f17a46e1e26d60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/03-tool-loop/walkthrough/03-agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33515, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e91d344f378b2e454faf93e2c447c2671a8c7c40d31917369365728f6366d80", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-cli.ts", "duplicate_line": 1, "correlation_key": "fp|3e91d344f378b2e454faf93e2c447c2671a8c7c40d31917369365728f6366d80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/03-tool-loop/src/cli.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33514, "scanner": "repobility-ai-code-hygiene", "fingerprint": "12e353c42600e5aefb10df9f47f1341b4acf04aee176bfba5afb3cf55428ae3a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 1, "correlation_key": "fp|12e353c42600e5aefb10df9f47f1341b4acf04aee176bfba5afb3cf55428ae3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/03-tool-loop/src/agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33513, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07416adbb1574a20c1d7dfa6cbc878f0186fc576c3857f9efaf077cfe205b81c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-cli.ts", "duplicate_line": 1, "correlation_key": "fp|07416adbb1574a20c1d7dfa6cbc878f0186fc576c3857f9efaf077cfe205b81c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/02-calculator-tools/src/cli.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33512, "scanner": "repobility-ai-code-hygiene", "fingerprint": "01d59b06fe70225cbf1b4764736a36657ff96eb51692aff6199d25b15a9e9ffc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts", "duplicate_line": 1, "correlation_key": "fp|01d59b06fe70225cbf1b4764736a36657ff96eb51692aff6199d25b15a9e9ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/02-calculator-tools/src/agent.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `fetch_contributors` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, if=3, nested_bonus=2, while=1."}, "properties": {"repobilityId": 33486, "scanner": "repobility-threat-engine", "fingerprint": "f50cd3bb2c49ccc30706bb81e59ea72d0d7872dd56a1a6444492b6fca30fcf32", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "fetch_contributors", "breakdown": {"if": 3, "break": 2, "while": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|f50cd3bb2c49ccc30706bb81e59ea72d0d7872dd56a1a6444492b6fca30fcf32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/contributors_markdown/contributors_markdown.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 33511, "scanner": "repobility-threat-engine", "fingerprint": "a01de210cbaadff6ad7cfe71a5ef12dd0b199aed108c888c8dc842a5ba0090f4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a01de210cbaadff6ad7cfe71a5ef12dd0b199aed108c888c8dc842a5ba0090f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-07-16/walkthroughgen_py.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 33510, "scanner": "repobility-threat-engine", "fingerprint": "74fdf6a45e7272b2492a8e58647bf5fefa16a1e2962923f0be45fd8b4f3bc052", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "print(\"Warning: OPENAI_API_KEY not set. Please set it in your environment.\")", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|6|print warning: openai_api_key not set. please set it in your environment."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-07-16/walkthroughgen_py.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 33509, "scanner": "repobility-threat-engine", "fingerprint": "db3e58b3df4c543ce889873287c4b1bc1910b7431e82545138e90369aa8b137c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|db3e58b3df4c543ce889873287c4b1bc1910b7431e82545138e90369aa8b137c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-07-16/walkthrough/05-main.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 33508, "scanner": "repobility-threat-engine", "fingerprint": "00f293220159d8115f93b05cf8025e4fc7fa99771c6a6311b9a854f2540fd465", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|00f293220159d8115f93b05cf8025e4fc7fa99771c6a6311b9a854f2540fd465"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 33504, "scanner": "repobility-threat-engine", "fingerprint": "fce2ff5e05890616a7cd16edf195d7a6794337038a39c9f7c6ac3684ca845b1d", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|fce2ff5e05890616a7cd16edf195d7a6794337038a39c9f7c6ac3684ca845b1d"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 33503, "scanner": "repobility-threat-engine", "fingerprint": "426908ac972750af38e84a76e80965774a979bb02fc635cee937711f2368a75d", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|11|sec118", "duplicate_count": 1, "duplicate_rule_ids": ["SEC118"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["426908ac972750af38e84a76e80965774a979bb02fc635cee937711f2368a75d", "763f6216e84df099bc0c36cbe93436395c70a7060df6240842b185920d716cd0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/09-state.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 33502, "scanner": "repobility-threat-engine", "fingerprint": "6156d0f01471766790e5514ff16d4f626d27bb4e5f0a2bdcf5a3a67d1c707156", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|24|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-12-factor-agent/template/src/state.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "properties": {"repobilityId": 33501, "scanner": "repobility-threat-engine", "fingerprint": "1e4f61a7cc798e772fe465a9b2fc3f5eeb9e4e9ca1f8bbff71b19875a5a6edc8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1e4f61a7cc798e772fe465a9b2fc3f5eeb9e4e9ca1f8bbff71b19875a5a6edc8"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 129 more): Same pattern found in 129 additional files. Review if needed."}, "properties": {"repobilityId": 33497, "scanner": "repobility-threat-engine", "fingerprint": "75a8787b979878e29a68531cfcce6cab1bdabfc057950e346d5db8cf4c8d767a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 129 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|75a8787b979878e29a68531cfcce6cab1bdabfc057950e346d5db8cf4c8d767a", "aggregated_count": 129}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 33496, "scanner": "repobility-threat-engine", "fingerprint": "032e7849902c78e9afbd830645de2ecaa12b00f073ccd9bc884dca98724bea2f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|032e7849902c78e9afbd830645de2ecaa12b00f073ccd9bc884dca98724bea2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/walkthroughgen/examples/typescript/walkthrough/01-index.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 33495, "scanner": "repobility-threat-engine", "fingerprint": "2b66228ee4c48b19ae88734cf730612a31e282b34cccfbbefccda8b0e6cb1a6c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b66228ee4c48b19ae88734cf730612a31e282b34cccfbbefccda8b0e6cb1a6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-12-factor-agent/template/src/server.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 33494, "scanner": "repobility-threat-engine", "fingerprint": "fd082b16a914ab2f1919c821a2c804116d2a7358f8bcb5835828d0dffbae0987", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd082b16a914ab2f1919c821a2c804116d2a7358f8bcb5835828d0dffbae0987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-12-factor-agent/template/src/agent.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 41 more): Same pattern found in 41 additional files. Review if needed."}, "properties": {"repobilityId": 33493, "scanner": "repobility-threat-engine", "fingerprint": "db4c957e99c055b690bde13ac2c89dce1013be8768f503e34a6239076473eaa2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 41 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|db4c957e99c055b690bde13ac2c89dce1013be8768f503e34a6239076473eaa2", "aggregated_count": 41}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 33492, "scanner": "repobility-threat-engine", "fingerprint": "c8d197b6bac66db72681bfd167b5fab645fe40645cf7844bbe77b77807630a5e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c8d197b6bac66db72681bfd167b5fab645fe40645cf7844bbe77b77807630a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/02-calculator-tools/src/agent.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 33491, "scanner": "repobility-threat-engine", "fingerprint": "1772b3ba6635450fa82d211c8f4d85b59ee52677189d8175315d40f7082511f3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1772b3ba6635450fa82d211c8f4d85b59ee52677189d8175315d40f7082511f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 33490, "scanner": "repobility-threat-engine", "fingerprint": "0ba492eaf80e9eeb8ad4bf5f5ade43005843f01ce984c2f3f8104076b8e0f4a9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ba492eaf80e9eeb8ad4bf5f5ade43005843f01ce984c2f3f8104076b8e0f4a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-12-factor-agent/template/src/agent.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 33489, "scanner": "repobility-threat-engine", "fingerprint": "1546edbd1ec206d3e853833bc9ae84deffffaaaf9c166b9e72e02b6701c5c4de", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "fetch_contributors", "breakdown": {"if": 3, "break": 2, "while": 1, "nested_bonus": 2}, "aggregated": true, "complexity": 8, "correlation_key": "fp|1546edbd1ec206d3e853833bc9ae84deffffaaaf9c166b9e72e02b6701c5c4de", "aggregated_count": 4}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 33485, "scanner": "repobility-threat-engine", "fingerprint": "11e925d58bc6d07a0f38e4190afcc9339a39faa526b7b510f4b5d7a2137b3ff5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|11e925d58bc6d07a0f38e4190afcc9339a39faa526b7b510f4b5d7a2137b3ff5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/contributors_markdown/contributors_markdown.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 33484, "scanner": "repobility-threat-engine", "fingerprint": "92044e0d87446b36caa46f6aa3a13f5ff083fd3a323b45ff1a887a112a503cde", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|92044e0d87446b36caa46f6aa3a13f5ff083fd3a323b45ff1a887a112a503cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/contributors_markdown/contributors_markdown.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhook/response has no auth: Express route POST /webhook/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33566, "scanner": "repobility-route-auth", "fingerprint": "08f69d08fb96a0157bed55b30b8baf2474a5b5afdddce9cb0f3641fb58b0700b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|08f69d08fb96a0157bed55b30b8baf2474a5b5afdddce9cb0f3641fb58b0700b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/12b-server.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33565, "scanner": "repobility-route-auth", "fingerprint": "36e9353444c8e3536a80a356a013bb23f7f2d2f4cbfc7186e48746f0a16d501c", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|36e9353444c8e3536a80a356a013bb23f7f2d2f4cbfc7186e48746f0a16d501c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/12b-server.ts"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33564, "scanner": "repobility-route-auth", "fingerprint": "27cf1b092165c138f616a1f44c464f8521f521a3da6b048050d567cea8bf483f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|27cf1b092165c138f616a1f44c464f8521f521a3da6b048050d567cea8bf483f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/12b-server.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33563, "scanner": "repobility-route-auth", "fingerprint": "7c98d8743d90b630794c103de30649d62868b213a1c2227f85555683a2262b4b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|7c98d8743d90b630794c103de30649d62868b213a1c2227f85555683a2262b4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/12a-server.ts"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33562, "scanner": "repobility-route-auth", "fingerprint": "209677700c50ef7d547154acd0c323dd0ed8c014a05c517bbcf8b8faacd68bfd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|209677700c50ef7d547154acd0c323dd0ed8c014a05c517bbcf8b8faacd68bfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/12a-server.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33561, "scanner": "repobility-route-auth", "fingerprint": "89f623384613a9eba1e0aacf27cafae2bfe099e8cbcaaa99932e597e516e6dad", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|89f623384613a9eba1e0aacf27cafae2bfe099e8cbcaaa99932e597e516e6dad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/10-server.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33560, "scanner": "repobility-route-auth", "fingerprint": "f762681255e10be68445cfdcb422ad20c5d711b07dd9a085e72df2265ceced06", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|f762681255e10be68445cfdcb422ad20c5d711b07dd9a085e72df2265ceced06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/10-server.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33559, "scanner": "repobility-route-auth", "fingerprint": "7d02fd31cb22e242caf5a2d430bac5bfc9f6ef2a7676c6aa0068e0edfadc3547", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|7d02fd31cb22e242caf5a2d430bac5bfc9f6ef2a7676c6aa0068e0edfadc3547"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/12-1-server-init.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33558, "scanner": "repobility-route-auth", "fingerprint": "a598d5e4496104f5331aef39d0a2e930016ab3f9f5f27f20a757be3368d039dc", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|a598d5e4496104f5331aef39d0a2e930016ab3f9f5f27f20a757be3368d039dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05/walkthrough/12-1-server-init.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33557, "scanner": "repobility-route-auth", "fingerprint": "3fcf98f5f71c1fbb285b5c41f9f58c1306932ebc57aeeb554314ebbb1f4127ba", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|3fcf98f5f71c1fbb285b5c41f9f58c1306932ebc57aeeb554314ebbb1f4127ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12-server.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33556, "scanner": "repobility-route-auth", "fingerprint": "21c0d3a6309efd2856be720c837b4de57e6193c6a598f806699e4dc9f88ea7c2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|21c0d3a6309efd2856be720c837b4de57e6193c6a598f806699e4dc9f88ea7c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12-server.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33555, "scanner": "repobility-route-auth", "fingerprint": "7c77a166be3432619713e9f41fd526a63ec4487f6ac66849efa22ffc3bec7fc0", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|7c77a166be3432619713e9f41fd526a63ec4487f6ac66849efa22ffc3bec7fc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12aa-server.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33554, "scanner": "repobility-route-auth", "fingerprint": "c2f4b386fc39cc013befce56c0d859349430156cd9f9a68f5187438492170ccd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|c2f4b386fc39cc013befce56c0d859349430156cd9f9a68f5187438492170ccd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12aa-server.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33553, "scanner": "repobility-route-auth", "fingerprint": "b82e715e17b5fd52a52c2cc93bae3817bb9890a948d0c389b005114282424b47", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|b82e715e17b5fd52a52c2cc93bae3817bb9890a948d0c389b005114282424b47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/09-server.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33552, "scanner": "repobility-route-auth", "fingerprint": "5c82fc1e9cad573846fe24b7114a5d8ca8a2bd16626a094d32b6d0c3ad9a7b48", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|5c82fc1e9cad573846fe24b7114a5d8ca8a2bd16626a094d32b6d0c3ad9a7b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/09-server.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33551, "scanner": "repobility-route-auth", "fingerprint": "0bab77b6085c558308ec46763d974828fe9361f9ee425eaa695eee6484b32709", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|0bab77b6085c558308ec46763d974828fe9361f9ee425eaa695eee6484b32709"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/08-server.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhook/response has no auth: Express route POST /webhook/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33550, "scanner": "repobility-route-auth", "fingerprint": "29690a46cdc3ae545af969803b7adb7cfff3fd2bae486f8431e41a8cd56148f3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|29690a46cdc3ae545af969803b7adb7cfff3fd2bae486f8431e41a8cd56148f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12b-server.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33549, "scanner": "repobility-route-auth", "fingerprint": "a8215cc529299233d4601dd3f15bc1a368f699fbf1820f814de8d4b0b7db866f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|a8215cc529299233d4601dd3f15bc1a368f699fbf1820f814de8d4b0b7db866f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12b-server.ts"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33548, "scanner": "repobility-route-auth", "fingerprint": "c3256166daab45e50dcb93b54b1a8a5a5cfae7dbe62680a364a3e09a3067a714", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|c3256166daab45e50dcb93b54b1a8a5a5cfae7dbe62680a364a3e09a3067a714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12b-server.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33547, "scanner": "repobility-route-auth", "fingerprint": "2e41d260b653ee1bdae314abbdd1acbf387ea325e0aad5a5262e31f7f82519f3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|2e41d260b653ee1bdae314abbdd1acbf387ea325e0aad5a5262e31f7f82519f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12a-server.ts"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33546, "scanner": "repobility-route-auth", "fingerprint": "36ffc52dd80012574c54601dd0a4bd22332a7c2e0110cdbdccf619c5d06d27d6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|36ffc52dd80012574c54601dd0a4bd22332a7c2e0110cdbdccf619c5d06d27d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12a-server.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33545, "scanner": "repobility-route-auth", "fingerprint": "865a09fbb78ab00b1e20c7a692b24ffe148c32258fcfb2cb9a221647816fff2d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|865a09fbb78ab00b1e20c7a692b24ffe148c32258fcfb2cb9a221647816fff2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-server.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33544, "scanner": "repobility-route-auth", "fingerprint": "4a8033e0c8b5a69db1c7b113547fa19396bd5340e2a8fcaa4de184763ec2898e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|4a8033e0c8b5a69db1c7b113547fa19396bd5340e2a8fcaa4de184763ec2898e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-server.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33543, "scanner": "repobility-route-auth", "fingerprint": "e1bed459826993773c63eb1f7d6ec0d52549a2c1c05f16d28ba26252708ec54f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|e1bed459826993773c63eb1f7d6ec0d52549a2c1c05f16d28ba26252708ec54f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12-1-server-init.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 33542, "scanner": "repobility-route-auth", "fingerprint": "684427d6a783c9aacfbc8350df4c52e53ca1b253eeac7ca884dcf38e66c7baf1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|684427d6a783c9aacfbc8350df4c52e53ca1b253eeac7ca884dcf38e66c7baf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/12-1-server-init.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 33507, "scanner": "repobility-threat-engine", "fingerprint": "e98c36802b323b06d85d86a7832312dc4071dd1a18c76f850f0290c103dfa281", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "app.post('/thread', async (req, res) => {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e98c36802b323b06d85d86a7832312dc4071dd1a18c76f850f0290c103dfa281"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-server.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 33506, "scanner": "repobility-threat-engine", "fingerprint": "207096de92a0de99c53f645ae142c8fd597e454239ba92a650c778693eb8e6a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "app.post('/thread', async (req, res) => {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|207096de92a0de99c53f645ae142c8fd597e454239ba92a650c778693eb8e6a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/09-server.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 33505, "scanner": "repobility-threat-engine", "fingerprint": "69ddfef6035d4c8c636757c13acd305d5a82b983809f9056346416e64bc0c895", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "app.post('/thread', async (req, res) => {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|69ddfef6035d4c8c636757c13acd305d5a82b983809f9056346416e64bc0c895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/08-server.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33500, "scanner": "repobility-threat-engine", "fingerprint": "f87ce4b1eef1298220b6b7c1dabbc82746c4bce912ef57cfd869388600e44ea4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "store.update(threadId, newThread);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f87ce4b1eef1298220b6b7c1dabbc82746c4bce912ef57cfd869388600e44ea4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/10-server.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33499, "scanner": "repobility-threat-engine", "fingerprint": "1b2b4a898ab165e0e6eb808b4fd9f693cbf68c0cda25f21f892b2f401d8dc7c2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "store.update(threadId, newThread);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b2b4a898ab165e0e6eb808b4fd9f693cbf68c0cda25f21f892b2f401d8dc7c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-05-17/walkthrough/09-server.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33498, "scanner": "repobility-threat-engine", "fingerprint": "df2a9d4e95e11dc32007d258b9ad4c56c45de97dcc4eeca03f2010da7eecd399", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "store.update(threadId, newThread);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|df2a9d4e95e11dc32007d258b9ad4c56c45de97dcc4eeca03f2010da7eecd399"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/create-12-factor-agent/template/src/server.ts"}, "region": {"startLine": 116}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `inspect_notebook` has cognitive complexity 66 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=1, for=4, if=9, nested_bonus=49, ternary=1."}, "properties": {"repobilityId": 33488, "scanner": "repobility-threat-engine", "fingerprint": "7f9b260c6edd097c7cbce78f14025f300ad3961cf986dad229d285e211db5b20", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 66 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "inspect_notebook", "breakdown": {"if": 9, "for": 4, "elif": 1, "else": 1, "ternary": 1, "continue": 1, "nested_bonus": 49}, "complexity": 66, "correlation_key": "fp|7f9b260c6edd097c7cbce78f14025f300ad3961cf986dad229d285e211db5b20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-07-16/hack/inspect_notebook.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `check_logs` has cognitive complexity 41 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=2, if=8, nested_bonus=31."}, "properties": {"repobilityId": 33487, "scanner": "repobility-threat-engine", "fingerprint": "f866005f715b16bca997a0d7030acc0c8bb9a5dc8dac1d880049d459d71d857d", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 41 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "check_logs", "breakdown": {"if": 8, "for": 2, "nested_bonus": 31}, "complexity": 41, "correlation_key": "fp|f866005f715b16bca997a0d7030acc0c8bb9a5dc8dac1d880049d459d71d857d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workshops/2025-07-16/hack/analyze_log_capture.py"}, "region": {"startLine": 9}}}]}]}]}