{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "QUAL003", "name": "Magic number used as default arg", "shortDescription": {"text": "Magic number used as default arg"}, "fullDescription": {"text": "Using hardcoded default values for complex configuration objects makes the code brittle and difficult to manage. Consider using a dedicated factory or builder pattern.\n\nAuto-promoted from proposal 444 on 2026-05-12. Synth confidence: 0.85. FP estimate: 0.00."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/394"}, "properties": {"repository": "getsentry/XcodeBuildMCP", "repoUrl": "https://github.com/getsentry/XcodeBuildMCP.git", "branch": "main"}, "results": [{"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21967, "scanner": "repobility", "fingerprint": "8e8c5ae91f64bbfb30b71dddcce21910", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 30", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/simulator/__tests__/record_sim_video.test.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12885, "scanner": "repobility-threat-engine", "fingerprint": "0df5c7247f24f51fdc07e3927a1c4671e385ec73eca81cfbec963b68a786eb3e", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: setup/install wizard (placeholder values)]", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0df5c7247f24f51fdc07e3927a1c4671e385ec73eca81cfbec963b68a786eb3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/commands/setup.ts"}, "region": {"startLine": 767}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12884, "scanner": "repobility-threat-engine", "fingerprint": "a6964cc835e8a9a24f6e3d3fb32cecf80a2abbc0697fab5c235a0b6bb36b8eb7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a6964cc835e8a9a24f6e3d3fb32cecf80a2abbc0697fab5c235a0b6bb36b8eb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/device-steps.ts"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08121aec42e47fdbb1e6504f13150ff0ac8881dc5dd7415e0316f2ca9d02ff36", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/session-management/session_clear_defaults.ts", "duplicate_line": 36, "correlation_key": "fp|08121aec42e47fdbb1e6504f13150ff0ac8881dc5dd7415e0316f2ca9d02ff36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/session-management/session_show_defaults.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a1d1e7a2bfff9aca88b9ba153f2714bdca87d29cc496856a79aa071d31ce3975", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/session-management/session_clear_defaults.ts", "duplicate_line": 60, "correlation_key": "fp|a1d1e7a2bfff9aca88b9ba153f2714bdca87d29cc496856a79aa071d31ce3975"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/session-management/session_set_defaults.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3955b85f2919cf2cac12b6ad59aca7c506612e94b3568b651de2de446ffe6582", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/project-scaffolding/scaffold_ios_project.ts", "duplicate_line": 12, "correlation_key": "fp|3955b85f2919cf2cac12b6ad59aca7c506612e94b3568b651de2de446ffe6582"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/project-scaffolding/scaffold_macos_project.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "898e6c6ec29298b5bd4a8f9f1478f5e9a4a124cf24baeee39da57677e4835bfd", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/project-discovery/list_schemes.ts", "duplicate_line": 7, "correlation_key": "fp|898e6c6ec29298b5bd4a8f9f1478f5e9a4a124cf24baeee39da57677e4835bfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/project-discovery/show_build_settings.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "646e12b6d180e791a328257adbd1e1ac4f672178d930e2781ef4732656134723", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/device/get_device_app_path.ts", "duplicate_line": 15, "correlation_key": "fp|646e12b6d180e791a328257adbd1e1ac4f672178d930e2781ef4732656134723"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/macos/get_mac_app_path.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e90f2773ff45d7bbe26cb01e8053dda48791621ffba90df28dd61d9ba60c249", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/device/build_run_device.ts", "duplicate_line": 110, "correlation_key": "fp|3e90f2773ff45d7bbe26cb01e8053dda48791621ffba90df28dd61d9ba60c249"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/macos/build_run_macos.ts"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc38512e336595db703c8782e688e1b937a6851340e18796d5ddb1d85f6244d5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/macos/build_macos.ts", "duplicate_line": 28, "correlation_key": "fp|dc38512e336595db703c8782e688e1b937a6851340e18796d5ddb1d85f6244d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/macos/build_run_macos.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a04691ce7b10c4927f1f32268ee00ce420ef713d7a984808e25ea3ac5fb42291", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/mcp/tools/debugging/debug_stack.ts", "duplicate_line": 7, "correlation_key": "fp|a04691ce7b10c4927f1f32268ee00ce420ef713d7a984808e25ea3ac5fb42291"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/debugging/debug_variables.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12874, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd3b8d2188f8464221678c275ab9868cc96d87b5db16134f573734c3983e53e5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integrations/xcode-tools-bridge/manager.ts", "duplicate_line": 115, "correlation_key": "fp|cd3b8d2188f8464221678c275ab9868cc96d87b5db16134f573734c3983e53e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integrations/xcode-tools-bridge/standalone.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12873, "scanner": "repobility-ai-code-hygiene", "fingerprint": "50a3fd194babc4dfbb996bff3ab976a02ee61fe71a3ad09ea4595eb478821634", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/probe-xcode-mcpbridge.ts", "duplicate_line": 21, "correlation_key": "fp|50a3fd194babc4dfbb996bff3ab976a02ee61fe71a3ad09ea4595eb478821634"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integrations/xcode-tools-bridge/client.ts"}, "region": {"startLine": 161}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "beb8b2d97894151186292d99039f3b9e970832f6d87bd6199f203a0fb5d28083", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli.ts", "duplicate_line": 57, "correlation_key": "fp|beb8b2d97894151186292d99039f3b9e970832f6d87bd6199f203a0fb5d28083"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/yargs-app.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f7fbb71ba8ef53d9d98149ca6f312c22a69b74679fa113db7dec9d8cac514fe", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "example_projects/Weather/Weather/Models/WeatherModels.swift", "duplicate_line": 3, "correlation_key": "fp|3f7fbb71ba8ef53d9d98149ca6f312c22a69b74679fa113db7dec9d8cac514fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "example_projects/Weather/Weather/Services/WeatherClientDTOs.swift"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 12883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fc364cba0fbfe21cbe30a2f59a2ab1bb86167d0d4db20fdc6e3c256b7e248508", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "schema", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "src/core/manifest/import-tool-module.ts", "correlation_key": "fp|fc364cba0fbfe21cbe30a2f59a2ab1bb86167d0d4db20fdc6e3c256b7e248508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/swift-package/swift_package_clean.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b9076a12860dfbe002930678f004b6b41f4f0e78eef1a7a8ede1371c8eaee45a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "clean", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b9076a12860dfbe002930678f004b6b41f4f0e78eef1a7a8ede1371c8eaee45a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/tools/swift-package/swift_package_clean.ts"}, "region": {"startLine": 1}}}]}]}]}