{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is ", "shortDescription": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every f"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "Set docs_url=None, redoc_url=None, and openapi_url=None for production apps unless the docs are intentionally public and protected by routing, ingress, or an authenticated docs handler."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /co"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /config."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_transcription_with_hotwords: Test function `test_transcription_with_hotwords` run", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_transcription_with_hotwords: Test function `test_transcription_with_hotwords` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without ver"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._get_dummy_audios` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceD", "shortDescription": {"text": "[MINED108] `self._get_dummy_audios` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceDummyInputsBuilder` reads `self._get_dummy_audios`, but no assignment to it exists in __init__ (and no class-level fallba"}, "fullDescription": {"text": "Initialize `self._get_dummy_audios = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/121"}, "properties": {"repository": "microsoft/VibeVoice", "repoUrl": "https://github.com/microsoft/VibeVoice.git", "branch": "main"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 42453, "scanner": "repobility-ast-engine", "fingerprint": "26a289d146a0b0271b5f3ec963dffda43db8d5129bdf22118b7b53830772585a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26a289d146a0b0271b5f3ec963dffda43db8d5129bdf22118b7b53830772585a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modular_vibevoice_tokenizer.py"}, "region": {"startLine": 435}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 42452, "scanner": "repobility-ast-engine", "fingerprint": "903ebbd75c099ed55352561fdc286ab92a447dbe6eccae1f7a6fa7172a08962f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|903ebbd75c099ed55352561fdc286ab92a447dbe6eccae1f7a6fa7172a08962f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modular_vibevoice_tokenizer.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 42451, "scanner": "repobility-ast-engine", "fingerprint": "3d92ea67bdaaa1ab7f56c1324653ac3840737dd951c7e34fbf8f044173a1f7db", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d92ea67bdaaa1ab7f56c1324653ac3840737dd951c7e34fbf8f044173a1f7db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modular_vibevoice_tokenizer.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 42450, "scanner": "repobility-ast-engine", "fingerprint": "4bcee67139945109c29ad7aa3eb4d78da7f0a0803fccaff1b0b1ee1bb70cd243", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4bcee67139945109c29ad7aa3eb4d78da7f0a0803fccaff1b0b1ee1bb70cd243"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modular_vibevoice_tokenizer.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 42449, "scanner": "repobility-ast-engine", "fingerprint": "6d3aafa6c7a3cce95a9e70d00cbe6e37d5e261f2601c33ce1e53487ae7e15e51", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d3aafa6c7a3cce95a9e70d00cbe6e37d5e261f2601c33ce1e53487ae7e15e51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/configuration_vibevoice.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 42448, "scanner": "repobility-ast-engine", "fingerprint": "89b45f201400ac572726ff6f4344a5e4db83b5049bdab1b7f35249afa629e923", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89b45f201400ac572726ff6f4344a5e4db83b5049bdab1b7f35249afa629e923"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/configuration_vibevoice.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42445, "scanner": "repobility-ast-engine", "fingerprint": "5168d0f794f58d143103b62111413aa3cebc2447f20895c4c7b8005a0a15ba59", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5168d0f794f58d143103b62111413aa3cebc2447f20895c4c7b8005a0a15ba59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 649}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42444, "scanner": "repobility-ast-engine", "fingerprint": "a97fb1a4cf1c97f1aecc4104672561dec3bb969fc0ae7f65403b48610acfba7e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a97fb1a4cf1c97f1aecc4104672561dec3bb969fc0ae7f65403b48610acfba7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 589}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42443, "scanner": "repobility-ast-engine", "fingerprint": "6a159bf09a4c8ae1034e7ab3abc72ae4680d5e64fbf9a987ca78b146e8d60a99", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a159bf09a4c8ae1034e7ab3abc72ae4680d5e64fbf9a987ca78b146e8d60a99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 535}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42442, "scanner": "repobility-ast-engine", "fingerprint": "f317e56797959919125d5b5b026de84bc03d313e1b764dbc03d1cb38b8209a62", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f317e56797959919125d5b5b026de84bc03d313e1b764dbc03d1cb38b8209a62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 466}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42441, "scanner": "repobility-ast-engine", "fingerprint": "1848315a14c6a9df73a581afcd2477d96a68296fb3007bdbc3a5ab8e8917987d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1848315a14c6a9df73a581afcd2477d96a68296fb3007bdbc3a5ab8e8917987d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 388}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42440, "scanner": "repobility-ast-engine", "fingerprint": "f2b108027013e4290a993e83b4211543dafc7ac79ee90256792603315b4366d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2b108027013e4290a993e83b4211543dafc7ac79ee90256792603315b4366d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42439, "scanner": "repobility-ast-engine", "fingerprint": "d20fb480a21d09270fbf47bc2c771239f218fa751048c371975b9f0d51e9edba", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d20fb480a21d09270fbf47bc2c771239f218fa751048c371975b9f0d51e9edba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42438, "scanner": "repobility-ast-engine", "fingerprint": "1910dc3f0f9916c5176ad4b2bde06c53aa44af4e75bc780a256a4b24fe57e6d7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1910dc3f0f9916c5176ad4b2bde06c53aa44af4e75bc780a256a4b24fe57e6d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42437, "scanner": "repobility-ast-engine", "fingerprint": "480f9d82ba92bdf7248e74f306ddff0a07cb806268296968347d475204f16ffc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|480f9d82ba92bdf7248e74f306ddff0a07cb806268296968347d475204f16ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42436, "scanner": "repobility-ast-engine", "fingerprint": "d24dbb2a3592f6cdf35cad886137a8e10ebb096415db26cb55ca8510009e461a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d24dbb2a3592f6cdf35cad886137a8e10ebb096415db26cb55ca8510009e461a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/start_server.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42435, "scanner": "repobility-ast-engine", "fingerprint": "d0d626e612b9fcf35157761c9c3fbba3f2c3baafce8e0cd2417e4470775a40a8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0d626e612b9fcf35157761c9c3fbba3f2c3baafce8e0cd2417e4470775a40a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 1095}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42425, "scanner": "repobility-ast-engine", "fingerprint": "adc9c09548159c4c9b7a2b55b6b32601ecf2f20481b9c4b59911ca5b2bacebf4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|adc9c09548159c4c9b7a2b55b6b32601ecf2f20481b9c4b59911ca5b2bacebf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_inference_from_file.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42424, "scanner": "repobility-ast-engine", "fingerprint": "20cae126ac89cd9e7f4f0cede21c875c7adc485a4578ea93b785cfb2174f2f50", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20cae126ac89cd9e7f4f0cede21c875c7adc485a4578ea93b785cfb2174f2f50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_inference_from_file.py"}, "region": {"startLine": 391}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42421, "scanner": "repobility-ast-engine", "fingerprint": "6335442371d31435185c6c253002c69d878b5c621bad5938339303d867f1f977", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6335442371d31435185c6c253002c69d878b5c621bad5938339303d867f1f977"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42407, "scanner": "repobility-ast-engine", "fingerprint": "365da4a34d7d8c468fb9a49278534ede996988c8703e42609218b36abf5ab3de", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|365da4a34d7d8c468fb9a49278534ede996988c8703e42609218b36abf5ab3de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 595}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42406, "scanner": "repobility-ast-engine", "fingerprint": "3706b7722338c30dee86b2680477b6d3cc03e589f597b7252cbfde62c61969c9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3706b7722338c30dee86b2680477b6d3cc03e589f597b7252cbfde62c61969c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 403}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42405, "scanner": "repobility-ast-engine", "fingerprint": "a86ebf74b3c4afa1b4b311b4b35e06fd0c1e2c227c03d8885a21b6d91d310227", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a86ebf74b3c4afa1b4b311b4b35e06fd0c1e2c227c03d8885a21b6d91d310227"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 635}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42404, "scanner": "repobility-ast-engine", "fingerprint": "3d016ad79883e0012c0c852cdf4ed01e551d775c7709de7cdd7d2db2ab8b342f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d016ad79883e0012c0c852cdf4ed01e551d775c7709de7cdd7d2db2ab8b342f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42403, "scanner": "repobility-ast-engine", "fingerprint": "e53d7999e151f36d576a5ee5ddd8baeaaf5b89454aa50f0bfdb174de83da17b6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e53d7999e151f36d576a5ee5ddd8baeaaf5b89454aa50f0bfdb174de83da17b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42402, "scanner": "repobility-ast-engine", "fingerprint": "db2839734abe5e4054e0b757e9d7d5d3154fafeb0c5cd72989da1e11b6debb74", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db2839734abe5e4054e0b757e9d7d5d3154fafeb0c5cd72989da1e11b6debb74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 911}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42401, "scanner": "repobility-ast-engine", "fingerprint": "22a7f493a49a28e187df4a9756e2699051d3b6c321a469dffa0ec27090a5f814", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22a7f493a49a28e187df4a9756e2699051d3b6c321a469dffa0ec27090a5f814"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 512}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42400, "scanner": "repobility-ast-engine", "fingerprint": "749a611e1a1d82688e248acaff17409ac19dbd7f7541493789b50e81f209304e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|749a611e1a1d82688e248acaff17409ac19dbd7f7541493789b50e81f209304e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 427}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42399, "scanner": "repobility-ast-engine", "fingerprint": "2b8ec36fa88f96fc9cef738b5db532666036555df726502cfde97a1567d39505", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b8ec36fa88f96fc9cef738b5db532666036555df726502cfde97a1567d39505"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42398, "scanner": "repobility-ast-engine", "fingerprint": "4aa9dde8fd07c61780fb827b72a2f67c58bb84b4b14ff42f220e5f7f3832539f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4aa9dde8fd07c61780fb827b72a2f67c58bb84b4b14ff42f220e5f7f3832539f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 42396, "scanner": "repobility-ast-engine", "fingerprint": "c4e651c1c75aa50cfa9bc69828d57152c282e60739900508e3f28e5d5322993a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4e651c1c75aa50cfa9bc69828d57152c282e60739900508e3f28e5d5322993a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetuning-asr/inference_lora.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 4388, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 338, "file_path": "demo/web/app.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 4386, "scanner": "repobility-threat-engine", "fingerprint": "32a65555a2e33c664bc4150076beea1ef868f0f7686be874e974c7334c1365c0", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|demo/web/app.py|164|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/web/app.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4384, "scanner": "repobility-agent-runtime", "fingerprint": "6854867cc7378b74f41e239fa35e881bc3f69713d452ad77d79ddf13028c0428", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|6854867cc7378b74f41e239fa35e881bc3f69713d452ad77d79ddf13028c0428"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 1843}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4383, "scanner": "repobility-agent-runtime", "fingerprint": "48b8fdf9723807f19bf2c2af71e5fd5a5807778b693eebf56305a5891a5acb80", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|48b8fdf9723807f19bf2c2af71e5fd5a5807778b693eebf56305a5891a5acb80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_gradio_demo.py"}, "region": {"startLine": 402}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 3070, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /config."}, "properties": {"repobilityId": 3068, "scanner": "repobility-access-control", "fingerprint": "e5f42de33033750d15a668e52c01d1ddd475fc9244b9171499fbcc6ef7f712fa", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/config", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|demo/web/app.py|507|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/web/app.py"}, "region": {"startLine": 507}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 3067, "scanner": "repobility-access-control", "fingerprint": "b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 2, "correlation_key": "fp|b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "auth_visible_percent": 0.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 3066, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 3065, "scanner": "repobility-threat-engine", "fingerprint": "1f0b5eb8fc222cf834ed1eda8309f52f2f94540b2f90aac69bdef4c804cac9ad", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(cmd, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|35|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/start_server.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 3063, "scanner": "repobility-threat-engine", "fingerprint": "aaf6081c8d2c3e5645e1b338810113a29981ee179786c36d8ccf74850fc72a1b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aaf6081c8d2c3e5645e1b338810113a29981ee179786c36d8ccf74850fc72a1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/scripts/gradio_asr_demo_api_video.py"}, "region": {"startLine": 638}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 3062, "scanner": "repobility-threat-engine", "fingerprint": "5339eb79768f8f85467b8c070e774835e4658de3c3596857a69dbc40878b17f5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5339eb79768f8f85467b8c070e774835e4658de3c3596857a69dbc40878b17f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 519}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 3061, "scanner": "repobility-threat-engine", "fingerprint": "84b939142c172f8c380552035ad30736d6557953863fe8c4f2692cf47f632576", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|84b939142c172f8c380552035ad30736d6557953863fe8c4f2692cf47f632576"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/__init__.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 3060, "scanner": "repobility-threat-engine", "fingerprint": "5c9b211ecb390108b974bcdc14b6842538fa9899a44896d282b09dbc99d2f740", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|demo/web/app.py|161|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/web/app.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 3059, "scanner": "repobility-threat-engine", "fingerprint": "762f12a39c1f3f8215635aa2277adfb86400ca7704ae8dbc05d2e1b8a7eb3b9d", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|225|sec011", "duplicate_count": 1, "duplicate_rule_ids": ["SEC011"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["762f12a39c1f3f8215635aa2277adfb86400ca7704ae8dbc05d2e1b8a7eb3b9d", "dcb75f5ef1c1ac18f334440e8c4510236a5552d987d5e58a6934655efd5267cd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 3047, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=2, nested_bonus=2, ternary=3."}, "properties": {"repobilityId": 42391, "scanner": "repobility-threat-engine", "fingerprint": "1d4235bad8d5b530892090937a510d4f76e6a256456bb510cba146e2fcb3934b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "for": 1, "ternary": 3, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|1d4235bad8d5b530892090937a510d4f76e6a256456bb510cba146e2fcb3934b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetuning-asr/inference_lora.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_voice_path` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=4, nested_bonus=3."}, "properties": {"repobilityId": 42390, "scanner": "repobility-threat-engine", "fingerprint": "54bb73f02f297366fedc99710e3e0bf111e296d50577523e2bffe277842390fd", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_voice_path", "breakdown": {"if": 4, "for": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|54bb73f02f297366fedc99710e3e0bf111e296d50577523e2bffe277842390fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 3069, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3054, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5675354522558525197c7d32f416d346d1f12e9af0942cc26cde52f0ab21a26", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "vibevoice/processor/vibevoice_asr_processor.py", "duplicate_line": 89, "correlation_key": "fp|e5675354522558525197c7d32f416d346d1f12e9af0942cc26cde52f0ab21a26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/processor/vibevoice_streaming_processor.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3053, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6262368d403794e7d465ee7f60d21a65e06dc14da86718fcb679b95d9495e24c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "vibevoice/processor/vibevoice_processor.py", "duplicate_line": 17, "correlation_key": "fp|6262368d403794e7d465ee7f60d21a65e06dc14da86718fcb679b95d9495e24c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/processor/vibevoice_streaming_processor.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3052, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d23f62a719bcdcc3d40425d0027af892d743232abf8f563dd254167c6b746c59", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "vibevoice/processor/vibevoice_asr_processor.py", "duplicate_line": 89, "correlation_key": "fp|d23f62a719bcdcc3d40425d0027af892d743232abf8f563dd254167c6b746c59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/processor/vibevoice_processor.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3051, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd56361e483ca4e549a731b134a047fc4ec397a68aa57021515aabe8dd7494cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "vibevoice/modular/modeling_vibevoice.py", "duplicate_line": 32, "correlation_key": "fp|cd56361e483ca4e549a731b134a047fc4ec397a68aa57021515aabe8dd7494cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modeling_vibevoice_streaming_inference.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3050, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e14d5dc02abcf78d0af00823d4941f906e3e921487fc300a9d1228df7e642a68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "vibevoice/modular/modeling_vibevoice.py", "duplicate_line": 57, "correlation_key": "fp|e14d5dc02abcf78d0af00823d4941f906e3e921487fc300a9d1228df7e642a68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modeling_vibevoice_streaming.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3049, "scanner": "repobility-ai-code-hygiene", "fingerprint": "489b70fe84a35c09c6f2100929f0398105d7cb861c92dd7324d44be6a5e0d31a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "vibevoice/modular/modeling_vibevoice.py", "duplicate_line": 70, "correlation_key": "fp|489b70fe84a35c09c6f2100929f0398105d7cb861c92dd7324d44be6a5e0d31a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modeling_vibevoice_asr.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3048, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e58653741ba964b3f6d6e42030c775b946ae411d7800aa16c7e310de84c29821", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "vibevoice/modular/configuration_vibevoice.py", "duplicate_line": 150, "correlation_key": "fp|e58653741ba964b3f6d6e42030c775b946ae411d7800aa16c7e310de84c29821"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/configuration_vibevoice_streaming.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 42395, "scanner": "repobility-threat-engine", "fingerprint": "e540fc21a5835c6432a5fd9814e3975ef08baa9ca360aa97f35dfdac95678ab8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e540fc21a5835c6432a5fd9814e3975ef08baa9ca360aa97f35dfdac95678ab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/streamer.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 42392, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 11, "for": 1, "elif": 2, "else": 4, "except": 1, "ternary": 5, "nested_bonus": 8}, "aggregated": true, "complexity": 32, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 42388, "scanner": "repobility-threat-engine", "fingerprint": "26d8597ad9f3e6cb649143239d7e4477fd6d31998241ebf8fcb576b6958908b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|26d8597ad9f3e6cb649143239d7e4477fd6d31998241ebf8fcb576b6958908b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 42387, "scanner": "repobility-threat-engine", "fingerprint": "0f7079532e063892f25734916d6adb5cdd67240d48bc92805e9c9f27b0a84773", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|161|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/modeling_vibevoice_streaming.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 42386, "scanner": "repobility-threat-engine", "fingerprint": "4c5d7fbdc5b8c38972bf5bf853975980bb14b2391f7fe398ba932885b22e3d92", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|68|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetuning-asr/inference_lora.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 42385, "scanner": "repobility-threat-engine", "fingerprint": "228c8647d611b904333e2e2f9d32d8073ff3c887154aff1cd206260b9461f9eb", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|218|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 42384, "scanner": "repobility-threat-engine", "fingerprint": "f053e13bf2decb6717e33e18afee86a8051f99b08492229889130577093679f7", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"Language model attention: {model.model.language_model.config._attn_implementation}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|22|print f language model attention: token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 4387, "scanner": "repobility-threat-engine", "fingerprint": "dcb75f5ef1c1ac18f334440e8c4510236a5552d987d5e58a6934655efd5267cd", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "evidence": {"match": "torch.load(", "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|225|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/processor/vibevoice_tokenizer_processor.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 4385, "scanner": "repobility-threat-engine", "fingerprint": "614c58944512ccaa45709f6746271b48a520dc63be59bea11ef357f7c03aabb6", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "evidence": {"match": "torch.load(", "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|228|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 3064, "scanner": "repobility-threat-engine", "fingerprint": "93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 3058, "scanner": "repobility-threat-engine", "fingerprint": "019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 3057, "scanner": "repobility-threat-engine", "fingerprint": "ba1df2396456be322f7c2e9df703cf9a799ab63ae905e87c79ed683eee7ad46c", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "logger.info(f\"Loading tokenizer from {language_model_pretrained_name}\")", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|13|logger.info f loading tokenizer from token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/processor/vibevoice_asr_processor.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 3056, "scanner": "repobility-threat-engine", "fingerprint": "d58fecc0c304008ac2072cf9e78eaf8bf55218fe8b8bcf9171caf71aae6aaecf", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(f\"[VibeVoice] Converted acoustic_tokenizer to {target_dtype} (was {acoustic_dtype})", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|vllm_plugin/model.py|28|print f vibevoice converted acoustic_tokenizer to target_dtype was acoustic_dtype"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 287}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 3055, "scanner": "repobility-threat-engine", "fingerprint": "a88ec57a8609fb55795883b84c4991f040f5ffbdc876c876effccc66d9e225b8", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(f\"Patched {tokenizer_path}\")", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|28|print f patched tokenizer_path"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/tools/generate_tokenizer_files.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_transcription_with_hotwords: Test function `test_transcription_with_hotwords` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 42447, "scanner": "repobility-ast-engine", "fingerprint": "c4d3ae49bbc8a1f3965f8aeec3b6f31adb2a8341c5fa6405aa0e504ad22db7e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4d3ae49bbc8a1f3965f8aeec3b6f31adb2a8341c5fa6405aa0e504ad22db7e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/tests/test_api.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_transcription_with_recovery: Test function `test_transcription_with_recovery` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 42446, "scanner": "repobility-ast-engine", "fingerprint": "d3ee75b2e2e7b850e269f438e2ffb65080b7618a4d6af262b5dd7aeddfad136b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3ee75b2e2e7b850e269f438e2ffb65080b7618a4d6af262b5dd7aeddfad136b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/tests/test_api_auto_recover.py"}, "region": {"startLine": 463}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_dummy_audios` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceDummyInputsBuilder` reads `self._get_dummy_audios`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42434, "scanner": "repobility-ast-engine", "fingerprint": "1f31d585ef0ffb53eb7ad3a31bdda164980d946a152f2e8455491d0c7b28ec8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f31d585ef0ffb53eb7ad3a31bdda164980d946a152f2e8455491d0c7b28ec8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 659}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_max_audio_samples` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceDummyInputsBuilder` reads `self._get_max_audio_samples`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42433, "scanner": "repobility-ast-engine", "fingerprint": "723e6c41d2493f16fd99dda1628b27f23deb2735a0e0c0b259f6c3566187810a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|723e6c41d2493f16fd99dda1628b27f23deb2735a0e0c0b259f6c3566187810a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 654}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.info` used but never assigned in __init__: Method `get_dummy_text` of class `VibeVoiceDummyInputsBuilder` reads `self.info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42432, "scanner": "repobility-ast-engine", "fingerprint": "07b48c8518918c7f02a20a8fef87db4780cc76f88f55c7f15017523249d4ae4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07b48c8518918c7f02a20a8fef87db4780cc76f88f55c7f15017523249d4ae4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 637}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.info` used but never assigned in __init__: Method `_get_max_audio_samples` of class `VibeVoiceDummyInputsBuilder` reads `self.info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42431, "scanner": "repobility-ast-engine", "fingerprint": "83bebab9bb3cd99a71daa9f9f32e96ff6d02798b41ba887aa4a6b153329ad982", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83bebab9bb3cd99a71daa9f9f32e96ff6d02798b41ba887aa4a6b153329ad982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 614}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_hf_config` used but never assigned in __init__: Method `get_mm_max_tokens_per_item` of class `VibeVoiceProcessingInfo` reads `self.get_hf_config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42430, "scanner": "repobility-ast-engine", "fingerprint": "20ce71ae25d349444bc60f64696eda5e01b777f8f1739d5f504e3b7cd9b682f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20ce71ae25d349444bc60f64696eda5e01b777f8f1739d5f504e3b7cd9b682f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 576}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_tokenizer` used but never assigned in __init__: Method `get_audio_token_info` of class `VibeVoiceProcessingInfo` reads `self.get_tokenizer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42429, "scanner": "repobility-ast-engine", "fingerprint": "1359a32d71aeb79a7ada006ddde551820cabccdc6d8febb61fce451b20f5d89b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1359a32d71aeb79a7ada006ddde551820cabccdc6d8febb61fce451b20f5d89b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 539}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.ctx` used but never assigned in __init__: Method `get_feature_extractor` of class `VibeVoiceProcessingInfo` reads `self.ctx`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42428, "scanner": "repobility-ast-engine", "fingerprint": "6934add21db2f9c2a6f557d396bafbae7e6dc9df5dfb5df4c61d7ba6f54b7642", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6934add21db2f9c2a6f557d396bafbae7e6dc9df5dfb5df4c61d7ba6f54b7642"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 498}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.ctx` used but never assigned in __init__: Method `get_hf_config` of class `VibeVoiceProcessingInfo` reads `self.ctx`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42427, "scanner": "repobility-ast-engine", "fingerprint": "e6a54b0bff185e8facbb34dfc275cbbdaedab50b827ac12390d6ebfa96a2133a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6a54b0bff185e8facbb34dfc275cbbdaedab50b827ac12390d6ebfa96a2133a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 481}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._ensure_audio_encoder_dtype` used but never assigned in __init__: Method `forward` of class `VibeVoiceAudioEncoder` reads `self._ensure_audio_encoder_dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42426, "scanner": "repobility-ast-engine", "fingerprint": "be58bea2d239ac893c0f02b6b72cfbe245408b83f1f655301af64835c2423cb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be58bea2d239ac893c0f02b6b72cfbe245408b83f1f655301af64835c2423cb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/model.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.transcribe_batch` used but never assigned in __init__: Method `transcribe_with_batching` of class `VibeVoiceASRBatchInference` reads `self.transcribe_batch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42423, "scanner": "repobility-ast-engine", "fingerprint": "6e76096d4f8ed7fe0c8b1243f12f375d0f4556232ef2e2b78448af886093b5af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e76096d4f8ed7fe0c8b1243f12f375d0f4556232ef2e2b78448af886093b5af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_inference_from_file.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._prepare_generation_config` used but never assigned in __init__: Method `transcribe_batch` of class `VibeVoiceASRBatchInference` reads `self._prepare_generation_config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42422, "scanner": "repobility-ast-engine", "fingerprint": "e299ddec423cc6a2709303eb435d43e89ca8aeeee1914d534c424e70a599d48e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e299ddec423cc6a2709303eb435d43e89ca8aeeee1914d534c424e70a599d48e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/vibevoice_asr_inference_from_file.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42420, "scanner": "repobility-ast-engine", "fingerprint": "d0eeef66decb77a6e1de0896861275fbca496f221e1f57be01bf63f302a4d6d9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0eeef66decb77a6e1de0896861275fbca496f221e1f57be01bf63f302a4d6d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42419, "scanner": "repobility-ast-engine", "fingerprint": "1b0e0b0ad99a3dcf1c5b4b8e718f348a4bb74fb8ea142e2f5c2286342da02920", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b0e0b0ad99a3dcf1c5b4b8e718f348a4bb74fb8ea142e2f5c2286342da02920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42418, "scanner": "repobility-ast-engine", "fingerprint": "97d244d6cf642ce4ccb68070d945408b5b93a8854e9b82a4b27d35d7308491d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97d244d6cf642ce4ccb68070d945408b5b93a8854e9b82a4b27d35d7308491d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42417, "scanner": "repobility-ast-engine", "fingerprint": "76a4742fadcf6e937858d7fa820189822ec50f86de7ade1c37ecfbdb583aceed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|76a4742fadcf6e937858d7fa820189822ec50f86de7ade1c37ecfbdb583aceed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42416, "scanner": "repobility-ast-engine", "fingerprint": "6966e472d3e8ff75cdce7503f40a0c4495c3c898b2afcde72c35b085dcbe96ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6966e472d3e8ff75cdce7503f40a0c4495c3c898b2afcde72c35b085dcbe96ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42415, "scanner": "repobility-ast-engine", "fingerprint": "fcf57fe4f6c2b5f044ba1dbed4a18383691c66866c24afd6d9c43c753d4f1921", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fcf57fe4f6c2b5f044ba1dbed4a18383691c66866c24afd6d9c43c753d4f1921"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42414, "scanner": "repobility-ast-engine", "fingerprint": "dffa856816e8359e6e98087e928feb0112b09e54d509a088b027151385f7f3ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dffa856816e8359e6e98087e928feb0112b09e54d509a088b027151385f7f3ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42413, "scanner": "repobility-ast-engine", "fingerprint": "1d83308857422c85a1222476ae0ac8b211416865a0606983a3bd08a0d202d3e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d83308857422c85a1222476ae0ac8b211416865a0606983a3bd08a0d202d3e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42412, "scanner": "repobility-ast-engine", "fingerprint": "5fe2c0f4af7e2cb3846dfb7ff5a2f3697691b83d2a01ff7934f1b6166a9450e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fe2c0f4af7e2cb3846dfb7ff5a2f3697691b83d2a01ff7934f1b6166a9450e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42411, "scanner": "repobility-ast-engine", "fingerprint": "660d02555a069cf1813c8b1159de65d310ca21330d4f1705a60e7e84719823ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|660d02555a069cf1813c8b1159de65d310ca21330d4f1705a60e7e84719823ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42410, "scanner": "repobility-ast-engine", "fingerprint": "cd5aa30c5fa4de53042b78f7c85ce30ae4143ea7ebdccdddcc6ff3ba8d2f00f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd5aa30c5fa4de53042b78f7c85ce30ae4143ea7ebdccdddcc6ff3ba8d2f00f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42409, "scanner": "repobility-ast-engine", "fingerprint": "850fe47e5a33b48f1c046cc1f1543cea5e5be9feb3f2608f33dad6c1c6f4aff4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|850fe47e5a33b48f1c046cc1f1543cea5e5be9feb3f2608f33dad6c1c6f4aff4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42408, "scanner": "repobility-ast-engine", "fingerprint": "7240d306a9408089144992a1b47172afe1f944b3c6582b2745450c8c921e44ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7240d306a9408089144992a1b47172afe1f944b3c6582b2745450c8c921e44ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._format_transcription` used but never assigned in __init__: Method `__getitem__` of class `VibeVoiceASRDataset` reads `self._format_transcription`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 42397, "scanner": "repobility-ast-engine", "fingerprint": "3e63fa8856de7e330a0539d80c2e50d8c5ff6bcf2b29bd00fcac12a77c3b46cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e63fa8856de7e330a0539d80c2e50d8c5ff6bcf2b29bd00fcac12a77c3b46cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "finetuning-asr/lora_finetune.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 42394, "scanner": "repobility-threat-engine", "fingerprint": "93ef388fee0914ca52bac0029d667ba001053ddd06975e2458b0b45d0777a13d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93ef388fee0914ca52bac0029d667ba001053ddd06975e2458b0b45d0777a13d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vllm_plugin/__init__.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 42393, "scanner": "repobility-threat-engine", "fingerprint": "dd825a89da33fd7100d3d00c80fd73d9812ba23437d73243cff4294c3817015e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dd825a89da33fd7100d3d00c80fd73d9812ba23437d73243cff4294c3817015e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "vibevoice/modular/streamer.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 32 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, else=4, except=1, for=1, if=11, nested_bonus=8, ternary=5."}, "properties": {"repobilityId": 42389, "scanner": "repobility-threat-engine", "fingerprint": "3d8f687c536a6da116baca6e11069d0fb742e4aa4401c0a02b13a125687dd4b1", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 32 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 11, "for": 1, "elif": 2, "else": 4, "except": 1, "ternary": 5, "nested_bonus": 8}, "complexity": 32, "correlation_key": "fp|3d8f687c536a6da116baca6e11069d0fb742e4aa4401c0a02b13a125687dd4b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demo/realtime_model_inference_from_file.py"}, "region": {"startLine": 129}}}]}]}]}